traefik v2 ipwhitelisting middleware error

Question

I am having problems configuring ip whitelisting with traefik 2 on Google Kubernetes Engine

This is the middleware yaml

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: ipwhitelist
  namespace: traefik
spec:
  ipWhiteList:
    sourceRange:
      - 199.83.128.0/21

And this is my ingress controller

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    ingress.kubernetes.io/service-upstream: "true"
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.middlewares: traefik-ipwhitelist@kubernetescrd
  name: front-cms
spec:
  rules:
    - host: xxx.aaa.es
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: front-cms
                port:
                  number: 80

When I try to load the webpage I get a 404 (without the traefik.ingress.kubernetes.io/router.middlewares: traefik-ipwhitelist@kubernetescrdline it works just fine).

On traefik service logs I get the following error

time="2022-11-07T09:53:12Z" level=error msg="middleware \"traefik-ipwhitelist@kubernetescrd\" does not exist" entryPointName=websecure routerName=es-prod-front-cms-xxx-cms-aaa-es@kubernetes

• Traefik resource and service are on kube-system namespace.
• Middleware is on traefik namespace
• web ingress controller is on es-prod namespace

Could anybody help me?

Answer 1

Faced a similar issue, also it was just me or it need to be recreated but updating the existing ingress was giving me 404, after recreating worked for me. In my case, the middleware was in the same namespace where I created the ingress.

So I need to reference like namespace-middlewarename.

When you define a middleware in Traefik using annotations in Kubernetes, Traefik automatically append the name in the format namespace-middlewarename. This CR object represents the middleware configuration in Kubernetes.

It is also worth checking the dashboard for middleware existence, but the not found is something from misconfiguration

k port-forward pods/traefik-59f79fc9b-4pchp 9000:9000

Here is complete working example, might help someone else

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: ipwhitelist
spec:
  ipWhiteList:
    sourceRange: {{ toYaml .Values.sourceRange | nindent 6 }}

ingress

apiVersion: v1
items:
- apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    annotations:
      meta.helm.sh/release-name: kafka-ui
      meta.helm.sh/release-namespace: kafka-ui
      traefik.ingress.kubernetes.io/router.middlewares: kafka-ui-ipwhitelist@kubernetescrd
    generation: 1
    labels:
      app.kubernetes.io/instance: kafka-ui
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/name: kafka-ui
      app.kubernetes.io/version: v0.5.0
      helm.sh/chart: kafka-ui-0.5.1
    name: kafka-ui
    namespace: kafka-ui
  spec:
    ingressClassName: traefik
    rules:
    - host: kafka-ui.example.com
      http:
        paths:
        - backend:
            service:
              name: kafka-ui
              port:
                number: 80
          path: /
          pathType: Prefix
    tls:
    - hosts:
      - kafka-ui.example.com
      secretName: kafka-ui.example.com
  status:
    loadBalancer: {}
kind: List
metadata:
  resourceVersion: ""