traefik-helm-chart
traefik-helm-chart copied to clipboard
Published
20 hours ago •
traefik
traefik
Helm installation failed
Welcome!
- [x] Yes, I've searched similar issues on GitHub and didn't find any.
- [ ] Yes, I've searched similar issues on the Traefik community forum and didn't find any.
What version of the Traefik's Helm Chart are you using?
36.1.0
What version of Traefik are you using?
v3.4.1
What did you expect to happen ?
Install traefik in k8s successfully.
What did you notice instead ?
Error: UPGRADE FAILED: template: traefik/templates/gateway.yaml:31:15: executing "traefik/templates/gateway.yaml" at <eq $portConfig.port $config.port>: error calling eq: incompatible types for comparison
What are your values ?
ingressRoute:
dashboard:
enabled: false
ports:
web:
port: 80
websecure:
port: 443
exposedPort: 443
dashboard:
port: 8000
gateway:
enabled: true
listeners:
web:
port: 80
protocol: HTTP
websecure:
port: 443
protocol: HTTPS
certificateRefs:
- kind: Secret
name: remering-cn-tls
providers:
kubernetesGateway:
enabled: true
tlsStore:
default:
defaultCertificate:
secretName: remering-cn-tls
hub:
providers:
consulCatalogEnterprise:
enabled: true
endpoint:
address: "consul-server.consul.svc.cluster.local:8500"
scheme: "https"
insecureSkipVerify: true
Additional Information
I was not unable to fully reproduce this issue. When templating with the values of this issue:
helm repo update
helm template traefik -f test-1460.yaml traefik/traefik
There is no template error.
Nonetheless, one can see that Gateway has unexpected newlines:
---
# Source: traefik/templates/gateway.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: traefik-gateway
namespace: flux-system
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-flux-system
helm.sh/chart: traefik-36.1.0
app.kubernetes.io/managed-by: Helm
spec:
gatewayClassName: traefik
listeners:
- name: web
port: 80
protocol: HTTP
- name: websecure
port: 443
protocol: HTTPS
tls:
certificateRefs:
- kind: Secret
name: remering-cn-tls
Also faced the issue. It does not work for me even with the simplest config
---
# traefik-values.yaml
providers:
kubernetesIngress:
enabled: false
kubernetesGateway:
enabled: true
experimentalChannel: true
experimental:
kubernetesGateway:
enabled: true
ports:
some_port:
port: 30000
protocol: TCP
expose:
default: true
$ helm template --debug traefik traefik/traefik -f ../traefik/traefik-values.yaml
install.go:225: 2025-06-23 12:20:34.887374685 +0200 CEST m=+0.089076292 [debug] Original chart version: ""
install.go:242: 2025-06-23 12:20:35.042738721 +0200 CEST m=+0.244440329 [debug] CHART PATH: /home/stan/.cache/helm/repository/traefik-36.1.0.tgz
Error: template: traefik/templates/gateway.yaml:31:15: executing "traefik/templates/gateway.yaml" at <eq $portConfig.port $config.port>: error calling eq: incompatible types for comparison
helm.go:92: 2025-06-23 12:20:35.10545506 +0200 CEST m=+0.307156693 [debug] template: traefik/templates/gateway.yaml:31:15: executing "traefik/templates/gateway.yaml" at <eq $portConfig.port $config.port>: error calling eq: incompatible types for comparison
The most recent version where it works for me is 29.0.1
A workaround which works for me is update a bit templates/gateway.yaml
diff -Nuar traefik_orig/traefik/templates/gateway.yaml traefik_upd/traefik/templates/gateway.yaml
--- traefik_orig/traefik/templates/gateway.yaml 2025-06-23 12:14:44.857882346 +0200
+++ traefik_upd/traefik/templates/gateway.yaml 2025-06-23 12:15:34.655586948 +0200
@@ -28,7 +28,7 @@
{{- end -}}
{{ $found := false }}
{{- range $portName, $portConfig := $.Values.ports -}}
- {{- if eq $portConfig.port $config.port -}}
+ {{- if eq (toString $portConfig.port) (toString $config.port) -}}
{{ $found = true }}
{{- end -}}
{{- end -}}
---
# Source: traefik/templates/rbac/serviceaccount.yaml
kind: ServiceAccount
apiVersion: v1
metadata:
name: traefik
namespace: default
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-default
helm.sh/chart: traefik-36.1.0
app.kubernetes.io/managed-by: Helm
annotations:
automountServiceAccountToken: false
---
# Source: traefik/templates/rbac/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-default
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-default
helm.sh/chart: traefik-36.1.0
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ""
resources:
- configmaps
- nodes
- services
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- traefik.io
resources:
- ingressroutes
- ingressroutetcps
- ingressrouteudps
- middlewares
- middlewaretcps
- serverstransports
- serverstransporttcps
- tlsoptions
- tlsstores
- traefikservices
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
- secrets
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- backendtlspolicies
- gatewayclasses
- gateways
- grpcroutes
- httproutes
- referencegrants
- tcproutes
- tlsroutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- backendtlspolicies/status
- gatewayclasses/status
- gateways/status
- grpcroutes/status
- httproutes/status
- tcproutes/status
- tlsroutes/status
verbs:
- update
---
# Source: traefik/templates/rbac/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-default
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-default
helm.sh/chart: traefik-36.1.0
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-default
subjects:
- kind: ServiceAccount
name: traefik
namespace: default
---
# Source: traefik/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: traefik
namespace: default
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-default
helm.sh/chart: traefik-36.1.0
app.kubernetes.io/managed-by: Helm
annotations:
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-default
ports:
- port: 30000
name: some_port
targetPort: some_port
protocol: TCP
- port: 80
name: web
targetPort: web
protocol: TCP
- port: 443
name: websecure
targetPort: websecure
protocol: TCP
---
# Source: traefik/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik
namespace: default
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-default
helm.sh/chart: traefik-36.1.0
app.kubernetes.io/managed-by: Helm
annotations:
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-default
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
minReadySeconds: 0
template:
metadata:
annotations:
prometheus.io/scrape: "true"
prometheus.io/path: "/metrics"
prometheus.io/port: "9100"
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-default
helm.sh/chart: traefik-36.1.0
app.kubernetes.io/managed-by: Helm
spec:
serviceAccountName: traefik
automountServiceAccountToken: true
terminationGracePeriodSeconds: 60
hostNetwork: false
containers:
- image: docker.io/traefik:v3.4.1
imagePullPolicy: IfNotPresent
name: traefik
resources:
readinessProbe:
httpGet:
path: /ping
port: 8080
scheme: HTTP
failureThreshold: 1
initialDelaySeconds: 2
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
livenessProbe:
httpGet:
path: /ping
port: 8080
scheme: HTTP
failureThreshold: 3
initialDelaySeconds: 2
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
lifecycle:
ports:
- name: metrics
containerPort: 9100
protocol: TCP
- name: some_port
containerPort: 30000
protocol: TCP
- name: traefik
containerPort: 8080
protocol: TCP
- name: web
containerPort: 8000
protocol: TCP
- name: websecure
containerPort: 8443
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- name: data
mountPath: /data
- name: tmp
mountPath: /tmp
args:
- "--global.checkNewVersion"
- "--entryPoints.metrics.address=:9100/tcp"
- "--entryPoints.some_port.address=:30000/tcp"
- "--entryPoints.traefik.address=:8080/tcp"
- "--entryPoints.web.address=:8000/tcp"
- "--entryPoints.websecure.address=:8443/tcp"
- "--api.dashboard=true"
- "--ping=true"
- "--metrics.prometheus=true"
- "--metrics.prometheus.entrypoint=metrics"
- "--providers.kubernetescrd"
- "--providers.kubernetescrd.allowEmptyServices=true"
- "--experimental.kubernetesgateway"
- "--providers.kubernetesgateway"
- "--providers.kubernetesgateway.statusaddress.service.name=traefik"
- "--providers.kubernetesgateway.statusaddress.service.namespace=default"
- "--providers.kubernetesgateway.experimentalchannel=true"
- "--entryPoints.websecure.http.tls=true"
- "--log.level=INFO"
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumes:
- name: data
emptyDir: {}
- name: tmp
emptyDir: {}
securityContext:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
---
# Source: traefik/templates/ingressclass.yaml
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-default
helm.sh/chart: traefik-36.1.0
app.kubernetes.io/managed-by: Helm
name: traefik
spec:
controller: traefik.io/ingress-controller
---
# Source: traefik/templates/gateway.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: traefik-gateway
namespace: default
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-default
helm.sh/chart: traefik-36.1.0
app.kubernetes.io/managed-by: Helm
spec:
gatewayClassName: traefik
listeners:
- name: web
port: 8000
protocol: HTTP
---
# Source: traefik/templates/gatewayclass.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
name: traefik
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik-default
helm.sh/chart: traefik-36.1.0
app.kubernetes.io/managed-by: Helm
spec:
controllerName: traefik.io/gateway-controller
@nsv777 On which version of the chart ?
With latest version and the values you shared, the chart template seems to provide expected output 🤔.
$ helm search repo --regexp "(traefik)\v"
NAME CHART VERSION APP VERSION DESCRIPTION
traefik/traefik 36.1.0 v3.4.1 A Traefik based Kubernetes ingress controller
helm template traefik -f issue-1460.yaml traefik/traefik
[...]
---
# Source: traefik/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: test-traefik
namespace: default
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: test-default
helm.sh/chart: traefik-36.1.0
app.kubernetes.io/managed-by: Helm
annotations:
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: test-default
ports:
- port: 30000
name: some_port
targetPort: some_port
protocol: TCP
- port: 80
name: web
targetPort: web
protocol: TCP
- port: 443
name: websecure
targetPort: websecure
protocol: TCP
[...]
---
# Source: traefik/templates/gateway.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: traefik-gateway
namespace: default
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: test-default
helm.sh/chart: traefik-36.1.0
app.kubernetes.io/managed-by: Helm
spec:
gatewayClassName: traefik
listeners:
- name: web
port: 8000
protocol: HTTP
[...]
@mloiseleur it's 36.1.0
$ helm search repo --regexp "(traefik)\v"
NAME CHART VERSION APP VERSION DESCRIPTION
traefik/traefik 36.1.0 v3.4.1 A Traefik based Kubernetes ingress controller
$ helm --debug template traefik -f traefik-values.yaml traefik/traefik --version=36.1.0
install.go:225: 2025-06-23 16:47:58.657798231 +0200 CEST m=+0.078820954 [debug] Original chart version: "36.1.0"
install.go:242: 2025-06-23 16:47:58.899011309 +0200 CEST m=+0.320034226 [debug] CHART PATH: /home/stan/.cache/helm/repository/traefik-36.1.0.tgz
Error: template: traefik/templates/gateway.yaml:31:15: executing "traefik/templates/gateway.yaml" at <eq $portConfig.port $config.port>: error calling eq: incompatible types for comparison
helm.go:92: 2025-06-23 16:47:59.019394043 +0200 CEST m=+0.440416784 [debug] template: traefik/templates/gateway.yaml:31:15: executing "traefik/templates/gateway.yaml" at <eq $portConfig.port $config.port>: error calling eq: incompatible types for comparison
Just updated Helm from 3.18.0 to 3.18.3 and the issue has gone! @mloiseleur thanks for your help!