Background:
I'm trying to stand up a BareMetal K8s Cluster and want to take advantage of Traefik's multitude of features for my cluster Ingress. I've got MetalLB in front providing the LoadBalancer IP Addresses and that isn't an issue for me at this time.
Info:
K8s Cluster Version: 1.12
Helm and Tiller version: v2.11.0
Problem:
If I install Traefik using the helm chart and the link It installs, but when I go to check to docker logs for the containter that is created I get errors along the lines of
E1012 15:23:50.784829 1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Endpoints: Unauthorized
E1012 15:23:52.279720 1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Service: Unauthorized
E1012 15:23:52.784902 1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1beta1.Ingress: Unauthorized
If I instead go a different route and try to manually install traefik using the official documentation, I can at least get it somewhat working, but I then get errors along the lines of
time="2018-10-12T12:22:57Z" level=error msg="Service not found for monitoring/prometheus-server"
time="2018-10-12T12:22:59Z" level=warning msg="Endpoints not found for monitoring/prometheus-server"
So I am at a 100% loss as to what I need to do to get this up and running in my dev (eventual prod cluster). Can anyone provide some assistance and/or guidance to get me working in the right direction?
Thank you in advance
Thanks for answering Rico.
So as a followup test. I went back in and blew everything away and reinstalled with the following commands
helm install --values values.yaml stable/traefik
NAME: khaki-goose
LAST DEPLOYED: Fri Oct 12 14:05:23 2018
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Deployment
NAME AGE
khaki-goose-traefik 0s
==> v1beta1/Ingress
khaki-goose-traefik-dashboard 0s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
khaki-goose-traefik-dccfdf765-cmfl9 0/1 Pending 0 0s
==> v1/ConfigMap
NAME AGE
khaki-goose-traefik 0s
==> v1/Service
khaki-goose-traefik-dashboard 0s
khaki-goose-traefik 0s
Followed up by the suggested commands at the end of the creation output
kubectl get svc khaki-goose-traefik --namespace default -w
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
khaki-goose-traefik LoadBalancer 10.109.30.181 172.16.15.1 80:31644/TCP,443:31004/TCP 12s
So I know that I am at least able to get an "External IP Address" thanks to MetalLB and as part of the initial setup it should have created the relevant ingress rules for me, but I am not sure it did that correctly as when I describe it I get the following.
Name: khaki-goose-traefik-dashboard
Namespace: default
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
traefik-ui.minikube
khaki-goose-traefik-dashboard:80 (<none>)
Annotations:
Events: <none>
The important bit as I can see is that it isn't actually getting the information about the backend as it should be (at least the way I understand it).
I then ran the command that you suggested with the default values as specified on the official documentation.
kubectl apply -f traefik-rbac.yaml
It was then showing me the following info when I ran:
kubectl describe pods
Name: khaki-goose-traefik-dccfdf765-k9pxh
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: jbv-dev-k8wrkr-02.removed.domain.name/172.16.1.47
Start Time: Fri, 12 Oct 2018 14:54:30 -0400
Labels: app=traefik
chart=traefik-1.43.0
heritage=Tiller
pod-template-hash=dccfdf765
release=khaki-goose
Annotations: checksum/config=fba7308c36f00b969971dec5caa6ca1e456737d4564d6c623d261aee9ffb82cc
Status: Running
IP: 172.25.4.44
Controlled By: ReplicaSet/khaki-goose-traefik-dccfdf765
Containers:
khaki-goose-traefik:
Container ID: docker://f88d222ccf72c244bdb100b956a8b629bcb8b89c9954de1f83552bddd6c44a43
Image: traefik:1.6.6
Image ID: docker-pullable://traefik@sha256:9569c56e8b7353c9c4e5d4f00177b0b7c523db6926a42a148e04a6fa4b6f9f8d
Ports: 80/TCP, 8880/TCP, 443/TCP, 8080/TCP
Host Ports: 0/TCP, 0/TCP, 0/TCP, 0/TCP
Args:
--configfile=/config/traefik.toml
State: Running
Started: Fri, 12 Oct 2018 14:54:41 -0400
Ready: True
Restart Count: 0
Limits:
cpu: 100m
memory: 30Mi
Requests:
cpu: 100m
memory: 20Mi
Liveness: tcp-socket :80 delay=10s timeout=2s period=10s #success=1 #failure=3
Readiness: tcp-socket :80 delay=10s timeout=2s period=10s #success=1 #failure=1
Environment: <none>
Mounts:
/config from config (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-n8865 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: khaki-goose-traefik
Optional: false
default-token-n8865:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-n8865
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 1m default-scheduler Successfully assigned default/khaki-goose-traefik-dccfdf765-k9pxh to jbv-dev-k8wrkr-02.removed.domain.name
Normal Pulled 1m kubelet, jbv-dev-k8wrkr-02.removed.domain.name Container image "traefik:1.6.6" already present on machine
Normal Created 1m kubelet, jbv-dev-k8wrkr-02.removed.domain.name Created container
Normal Started 1m kubelet, jbv-dev-k8wrkr-02.removed.domain.name Started container
I also just went back and ran the command kubectl logs khaki-goose-traefik-dccfdf765-k9pxh
E1012 20:19:14.410278 1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1beta1.Ingress: Unauthorized
E1012 20:19:14.411657 1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Endpoints: Unauthorized
E1012 20:19:15.388608 1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Service: Unauthorized
E1012 20:19:15.391057 1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1beta1.Ingress: Unauthorized
E1012 20:19:15.397616 1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Endpoints: Unauthorized
E1012 20:19:15.411714 1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Service: Unauthorized
E1012 20:19:15.413496 1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1beta1.Ingress: Unauthorized
E1012 20:19:15.414809 1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Endpoints: Unauthorized
After I apply all of this, I then try to open a web browswer to the External IP address either via port 80 or 443 I then get the dreaded page not found error. I know this is a lot of information here to reference the helm setup way, but I want to provide as much information as possible for this.
I will have to look back and parse out the relevant commands I did for the second setup from my command history and try to reply back here when I get it all correctly pulled out.
For the first installation (using Helm) looks like you are missing the RBAC configs:
kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-rbac.yaml
For the second installation, looks like the Traefik might be configured to scrape metrics from the monitoring namespace and a prometheus-server
service endpoint that is not there in your cluster. It would be great if you could share how you deployed it.