Traefik K8s设置问题

Question

Background:

I'm trying to stand up a BareMetal K8s Cluster and want to take advantage of Traefik's multitude of features for my cluster Ingress. I've got MetalLB in front providing the LoadBalancer IP Addresses and that isn't an issue for me at this time.

Info:

K8s Cluster Version: 1.12

Helm and Tiller version: v2.11.0

Problem:

If I install Traefik using the helm chart and the link It installs, but when I go to check to docker logs for the containter that is created I get errors along the lines of

 E1012 15:23:50.784829 1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Endpoints: Unauthorized E1012 15:23:52.279720 1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Service: Unauthorized E1012 15:23:52.784902 1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1beta1.Ingress: Unauthorized 

If I instead go a different route and try to manually install traefik using the official documentation, I can at least get it somewhat working, but I then get errors along the lines of

 time="2018-10-12T12:22:57Z" level=error msg="Service not found for monitoring/prometheus-server" time="2018-10-12T12:22:59Z" level=warning msg="Endpoints not found for monitoring/prometheus-server" 

So I am at a 100% loss as to what I need to do to get this up and running in my dev (eventual prod cluster). Can anyone provide some assistance and/or guidance to get me working in the right direction?

Thank you in advance

Answer 1

For the first installation (using Helm) looks like you are missing the RBAC configs :

kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-rbac.yaml

For the second installation, looks like the Traefik might be configured to scrape metrics from the monitoring namespace and a prometheus-server service endpoint that is not there in your cluster. It would be great if you could share how you deployed it.

Answer 2

Thanks for answering Rico.

So as a followup test. I went back in and blew everything away and reinstalled with the following commands

helm install --values values.yaml stable/traefik

NAME:   khaki-goose
LAST DEPLOYED: Fri Oct 12 14:05:23 2018
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Deployment
NAME                     AGE
khaki-goose-traefik  0s

==> v1beta1/Ingress
khaki-goose-traefik-dashboard  0s

==> v1/Pod(related)

NAME                                     READY  STATUS   RESTARTS  AGE
khaki-goose-traefik-dccfdf765-cmfl9  0/1    Pending  0         0s

==> v1/ConfigMap

NAME                     AGE
khaki-goose-traefik  0s

==> v1/Service
khaki-goose-traefik-dashboard  0s
khaki-goose-traefik            0s

Followed up by the suggested commands at the end of the creation output

kubectl get svc khaki-goose-traefik --namespace default -w

NAME                  TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
khaki-goose-traefik   LoadBalancer   10.109.30.181   172.16.15.1   80:31644/TCP,443:31004/TCP   12s

So I know that I am at least able to get an "External IP Address" thanks to MetalLB and as part of the initial setup it should have created the relevant ingress rules for me, but I am not sure it did that correctly as when I describe it I get the following.

Name:             khaki-goose-traefik-dashboard
Namespace:        default
Address: 
Default backend:  default-http-backend:80 (<none>)
Rules:
Host                 Path  Backends
----                 ----  --------
traefik-ui.minikube
                      khaki-goose-traefik-dashboard:80 (<none>)
Annotations:
Events:  <none>

The important bit as I can see is that it isn't actually getting the information about the backend as it should be (at least the way I understand it).

I then ran the command that you suggested with the default values as specified on the official documentation.

kubectl apply -f traefik-rbac.yaml

It was then showing me the following info when I ran:

kubectl describe pods 

Name:               khaki-goose-traefik-dccfdf765-k9pxh
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               jbv-dev-k8wrkr-02.removed.domain.name/172.16.1.47
Start Time:         Fri, 12 Oct 2018 14:54:30 -0400
Labels:             app=traefik
                    chart=traefik-1.43.0
                    heritage=Tiller
                    pod-template-hash=dccfdf765
                    release=khaki-goose
Annotations:        checksum/config=fba7308c36f00b969971dec5caa6ca1e456737d4564d6c623d261aee9ffb82cc
Status:             Running
IP:                 172.25.4.44
Controlled By:      ReplicaSet/khaki-goose-traefik-dccfdf765
Containers:
  khaki-goose-traefik:
    Container ID:  docker://f88d222ccf72c244bdb100b956a8b629bcb8b89c9954de1f83552bddd6c44a43
    Image:         traefik:1.6.6
    Image ID:      docker-pullable://traefik@sha256:9569c56e8b7353c9c4e5d4f00177b0b7c523db6926a42a148e04a6fa4b6f9f8d
    Ports:         80/TCP, 8880/TCP, 443/TCP, 8080/TCP
    Host Ports:    0/TCP, 0/TCP, 0/TCP, 0/TCP
    Args:
      --configfile=/config/traefik.toml
    State:          Running
      Started:      Fri, 12 Oct 2018 14:54:41 -0400
    Ready:          True
    Restart Count:  0
    Limits:
      cpu:     100m
      memory:  30Mi
    Requests:
      cpu:        100m
      memory:     20Mi
    Liveness:     tcp-socket :80 delay=10s timeout=2s period=10s #success=1 #failure=3
    Readiness:    tcp-socket :80 delay=10s timeout=2s period=10s #success=1 #failure=1
    Environment:  <none>
    Mounts:
      /config from config (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-n8865 (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  config:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      khaki-goose-traefik
    Optional:  false
  default-token-n8865:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-n8865
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type    Reason     Age   From                                            Message
  ----    ------     ----  ----                                            -------
  Normal  Scheduled  1m    default-scheduler                               Successfully assigned default/khaki-goose-traefik-dccfdf765-k9pxh to jbv-dev-k8wrkr-02.removed.domain.name
  Normal  Pulled     1m    kubelet, jbv-dev-k8wrkr-02.removed.domain.name  Container image "traefik:1.6.6" already present on machine
  Normal  Created    1m    kubelet, jbv-dev-k8wrkr-02.removed.domain.name  Created container
  Normal  Started    1m    kubelet, jbv-dev-k8wrkr-02.removed.domain.name  Started container

I also just went back and ran the command kubectl logs khaki-goose-traefik-dccfdf765-k9pxh

E1012 20:19:14.410278       1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1beta1.Ingress: Unauthorized
E1012 20:19:14.411657       1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Endpoints: Unauthorized
E1012 20:19:15.388608       1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Service: Unauthorized
E1012 20:19:15.391057       1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1beta1.Ingress: Unauthorized
E1012 20:19:15.397616       1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Endpoints: Unauthorized
E1012 20:19:15.411714       1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Service: Unauthorized
E1012 20:19:15.413496       1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1beta1.Ingress: Unauthorized
E1012 20:19:15.414809       1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Endpoints: Unauthorized

After I apply all of this, I then try to open a web browswer to the External IP address either via port 80 or 443 I then get the dreaded page not found error. I know this is a lot of information here to reference the helm setup way, but I want to provide as much information as possible for this.

I will have to look back and parse out the relevant commands I did for the second setup from my command history and try to reply back here when I get it all correctly pulled out.