traefik-helm-chart
traefik-helm-chart copied to clipboard
traefik
Cross-namespace Route binding is mismatching of traefik 2.4.9 from traefik-helm-chart
Welcome!
- [X] Yes, I've searched similar issues on GitHub and didn't find any.
- [X] Yes, I've searched similar issues on the Traefik community forum and didn't find any.
What version of the Traefik's Helm Chart are you using?
10.1.1
What version of Traefik are you using?
2.4.9
What did you do?
helm install application from traefik gateway api Under the different namespace
What did you see instead?
must choose the same namespace between traefik and httproute,Otherwise, no route will be matched
What is your environment & configuration?
the traefik helm chart github is: "https://github.com/traefik/traefik-helm-chart" the traefik version is : 2.4.9 the gateway-api version is : v0.3.0 and traefik is under namespace: kube-system the gatewayclass yaml is :
➜ templates git:(master) cat gatewayclass.yaml
{{- if .Values.experimental.kubernetesGateway.enabled }}
---
kind: GatewayClass
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
name: traefik
spec:
controller: traefik.io/gateway-controller
{{- end }}
and the gateway yaml is below:
➜ templates git:(master) cat gateway.yaml
{{- if .Values.experimental.kubernetesGateway.enabled }}
---
apiVersion: networking.x-k8s.io/v1alpha1
kind: Gateway
metadata:
name: traefik-gateway
namespace: {{ default .Release.Namespace .Values.experimental.kubernetesGateway.namespace }}
spec:
gatewayClassName: traefik
listeners:
- port: {{ .Values.ports.web.port }}
protocol: HTTP
routes:
kind: HTTPRoute
namespaces:
from: All
#selector:
# matchLabels:
# app: {{ .Values.experimental.kubernetesGateway.appLabelSelector }}
{{- range $index, $cert:= .Values.experimental.kubernetesGateway.certificates }}
- port: {{ $.Values.ports.websecure.port }}
protocol: HTTPS
tls:
certificateRef:
name: {{ $cert.name }}
group: {{ $cert.group }}
kind: {{ $cert.kind }}
routes:
kind: HTTPRoute
namespaces:
from: All
#selector:
# matchLabels:
# app: {{ $.Values.experimental.kubernetesGateway.appLabelSelector }}
{{- end }}
{{- end }}
➜ traefik_new git:(master) helm install traefik-test --namespace kube-system -f values_diymaster.yaml --debug .
the application app httproute is under the namespace: martin and the name is app, corresponding httproute yaml is below:
➜ templates git:(master) cat httproute.yaml
{{- if .Values.httproute.enabled -}}
{{- $fullName := include "app.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
apiVersion: networking.x-k8s.io/v1alpha1
kind: HTTPRoute
metadata:
name: {{ template "app.fullname" . }}-httproute
namespace: {{ default .Release.Namespace .Values.httproute.namespace }}
#labels:
# app: {{ .Values.httproute.appLabelSelector }}
spec:
gateways:
allow: All
#allow: FromList
#gatewayRefs:
#- name: {{ .Values.httproute.gateway_name }}
# namespace: {{ .Values.httproute.gateway_namespace }}
hostnames:
- {{ .Values.httproute.hostnames }}
rules:
- matches:
- path:
#type: Exact
type: Prefix
value: /
forwardTo:
- serviceName: {{ $fullName }}
port: {{ $svcPort }}
weight: 1
{{- end }}
the values.yaml is below:
...
httproute:
enabled: true
hostnames: martin-test.century.com
namespace: martin
gateway_name: traefik-gateway
gateway_namespace: kube-system
#namespace: kube-system
appLabelSelector: traefik
...
➜ martin git:(master) helm install martin-test --namespace martin -f values_test.yaml --debug .
the Component status is ok:
➜ traefik_new git:(master) kubectl get gatewayclasses.networking.x-k8s.io --all-namespaces
NAME CONTROLLER AGE
traefik traefik.io/gateway-controller 35m
➜ traefik_new git:(master) kubectl get gateways.networking.x-k8s.io --all-namespaces
NAMESPACE NAME CLASS AGE
kube-system traefik-gateway traefik 36m
➜ traefik_new git:(master) kubectl get httproutes.networking.x-k8s.io --all-namespaces -o wide
NAMESPACE NAME HOSTNAMES AGE
martin martin-test-httproute [martin-test.century.com] 41m
➜ traefik_new git:(master)
from the dashboard i can see the KubernetesGateway Providers is On, but the martin-httproute created by me is just invisible
the traefik error logs is :
and when i access the url, it return the 404 Error,so i can realize the route will not be matched.
But when i changed the httproute namespace to kube-system that is the same of traefik,i found it ok.
➜ martin git:(master) helm install martin-test --namespace martin -f values_test.yaml --debug .
➜ martin git:(master) kubectl get httproutes.networking.x-k8s.io --all-namespaces -o wide
NAMESPACE NAME HOSTNAMES AGE
kube-system martin-test-httproute [martin-test.century.com] 107s
so Whether the gatewayapi does not support cross-namespace? could you help me to solve the problem, thanks very much.
Additional Information
No response
according to the office doc of gateway-api I need to add "namespaces: from: All"
The below Gateway will select all HTTPRoute resources with the expose: prod-web-gw across all Namespaces in the cluster.
kind: Gateway
...
spec:
listeners:
- routes:
kind: HTTPRoute
selector:
matchLabels:
expose: prod-web-gw
namespaces:
from: All
But I tried it and it didn't work, so anyone can help me? thanks
Seconding that indeed. The cross namespace Gateway and HTTPRule seems that it doesn't work/implemented. I was following the cross namespace guide from the official website.
My workaround - until this becomes generally available - is to deploy the gateway as well in the target namespace. Then since the hostname is not yet supported (apparently) on the gateway resource, setting the hostnames prop on the HTTPRoute.
Hello @hannius,
Thanks for your report. I don't see what we can do on this helm chart to help you, so I close it. Feel free to re-open it if you have a clear view on what this chart can do to help on this issue.
