Add option to still limit namespaces with `--providers.kubernetes{crd,ingress}.namespaces` besides `rbac.namespaced` setting

[SPodjasek]

trafficstars

Welcome!

• [X] Yes, I've searched similar issues on GitHub and didn't find any.
• [X] Yes, I've searched similar issues on the Traefik community forum and didn't find any.

What version of the Traefik's Helm Chart are you using?

10.23.0

What version of Traefik are you using?

2.7.1

What did you do?

My usual Traefik deployments use namespaced RBAC and kubernetesCRD providers, which work flawlessly.

But recently, I had to deploy Trafik with the kubernetesIngress provider to handle some third-party Ingresses and run into an issue partially described here traefik/traefik#7729. To solve this problem, I had to set rbac.namespaced to false, and traefik started detecting ingressclasses (required to work with third-party ingress) and other resources (TLS, Middleware) from other namespaces - which is understandable but not desired by me (I've set .Values.providers.kubernetesIngress.namespaces to appropriate namespace name).

Looking at chart templates I've found this line: https://github.com/traefik/traefik-helm-chart/blob/ce3dbf2eb2011388f16e3579b52e5f8f9f832225/traefik/templates/_podtemplate.tpl#L197 which causes my problem.

So my suggestion here is to add some flag to enable limiting Kubernetes providers to specified namespaces, despite RBAC being set to cluster level.

Note: modifying deployment by hand to add --providers.kubernetesingress.namespaces= worked as expected.

What did you see instead?

Missing arguments --providers.kubernetes{crd,ingress}.namespaces in deployment

What is your environment & configuration?

Kubernetes v1.24.2

Additional Information

No response

[mloiseleur]

Hello @SPodjasek , Thanks for your interest in Traefik ! Starting with 10.26.1, we fixed this issue on ingressclasses. They work as expected on both setup, with or without rbac.namespaced enabled Does that fix your issue ?