Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

helm traefik does not watch all namespaces when rbac namespaced #1011

Closed
2 tasks done
oleg-andreyev opened this issue Feb 27, 2024 · 3 comments
Closed
2 tasks done

helm traefik does not watch all namespaces when rbac namespaced #1011

oleg-andreyev opened this issue Feb 27, 2024 · 3 comments
Labels
good first issue Good for newcomers kind/bug/possible a possible bug that needs analysis before it is confirmed or fixed.

Comments

@oleg-andreyev
Copy link

Welcome!

  • Yes, I've searched similar issues on GitHub and didn't find any.
  • Yes, I've searched similar issues on the Traefik community forum and didn't find any.

What version of the Traefik's Helm Chart are you using?

3.14.2

What version of Traefik are you using?

2.11.0

What did you do?

Following documentation and default Chart values, it is stated that traefik will watch all namespaces, but it's not

traefik-helm-chart/traefik/values.yaml

Lines 237 to 239 in ba5918d

# -- Array of namespaces to watch. If left empty, Traefik watches all namespaces.
namespaces: []
# - "default"

If providers.kubernetesCRD.namespaces is not defined, helm will use default traefik namespace.
if providers.kubernetesCRD.namespaces is defined as. empty array, same result as above.

What did you see instead?

image

Expected
image

What is your environment & configuration?

# https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml

namespaceOverride: traefik

rbac:
  namespaced: true

deployment:
  replicas: null
  kind: Deployment
  name: traefik
  revisionHistoryLimit: 1

resources:
  requests:
    cpu: "100m"
    memory: "50Mi"
  limits:
    cpu: "300m"
    memory: "150Mi"

#autoscaling:
#  enabled: true
#  maxReplicas: 2
#  metrics:
#    - type: Resource
#      resource:
#        name: cpu
#        target:
#          type: Utilization
#          averageUtilization: 80

service:
  spec:
    loadBalancerIP: "<public-ip>"
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-resource-group: <group>

logs:
  general:
    level: DEBUG
  access:
    enabled: true

providers:
  kubernetesCRD:
    allowCrossNamespace: true
    namespaces: ['default', 'traefik', 'mktrade']

ports:
  web:
    redirectTo:
      port: websecure
  websecure:
    forwardedHeaders:
      trustedIPs:
        - 10.0.0.0/24
        - 172.16.0.0/20
        - 192.168.0.0/16

Additional Information

No response
@oleg-andreyev
Copy link
Author

Looks like this configuration is conflicting with rbac.namespaced, probably it would be great to notify/warn user about it.

@mloiseleur mloiseleur added kind/bug/possible a possible bug that needs analysis before it is confirmed or fixed. and removed status/0-needs-triage labels Feb 27, 2024
@mloiseleur
Copy link
Contributor

Thanks for your interest in Traefik.

Above rbac.namespaced, it says:

Providers will only watch target namespace

If you have an idea on how it can be improved, feel free to open a PR.

@mloiseleur mloiseleur added the good first issue Good for newcomers label Feb 27, 2024
@mloiseleur mloiseleur changed the title helm traefik does not watch all namespaces by default as it's stated in documentation helm traefik does not watch all namespaces when rbac namespaced Apr 4, 2024
@runningman84 runningman84 mentioned this issue May 4, 2024
Closed
2 tasks
@mloiseleur
Copy link
Contributor

Since there is no news on this issue since 3 months, I close it.
Feel free to re-open it if needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers kind/bug/possible a possible bug that needs analysis before it is confirmed or fixed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@oleg-andreyev @mloiseleur