-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem enabling proxy protocol on traefik using HelmChartConfig #6331
Comments
Are you sure you're using values for the correct Traefik chart release? The version of K3s you're using includes v10.19.3 of the chart: https://github.com/traefik/traefik-helm-chart/blob/v10.19.3/traefik/values.yaml - this version does not support any of the proxyProtocol stuff that you're trying to use. The most recent release of K3s includes a newer version of the chart: https://github.com/traefik/traefik-helm-chart/blob/v12.0.0/traefik/values.yaml I'm not sure that will help you much though, as the proxyProtocol stuff was added literally a week ago today, and we haven't had a chance to pull it in to a K3s release yet: traefik/traefik-helm-chart#673 |
Hi @brandond, I've also tried also to use this example: apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
image:
name: traefik
tag: v2.6.1
proxyProtocol:
enabled: true
trustedIPs:
- 10.0.0.0/8
forwardedHeaders:
enabled: true
trustedIPs:
- 10.0.0.0/8
ssl:
enabled: true
permanentRedirect: false
enabled: true
trustedIPs:
- 10.0.0.0/8
ssl:
enabled: true
permanentRedirect: false from the docs, but I have the same problem. |
As I mentioned, the version of the chart we're bundling doesn't support configuring proxy protocol support, so it doesn't really matter what example you tried. You can find the chart version in the k3s repo: https://github.com/k3s-io/k3s/blob/v1.25.3+k3s1/manifests/traefik.yaml We currently only list the traefik binary version in the release notes. We may improve that in future releases. |
Ok thank you @brandond. |
Yes, that's fair. I'm honestly not sure where those crept in - I think someone must have copy-pasted in some bad example values during our recent documentation restructuring. I'll reopen this to track fixing the docs. |
Thanks for pointing the docs and versions mismatch. I ended up disabling Traefik in K3s entirely and installing it via a Helm chart so that I can rely on using the latest version and matching docs. I use Terraform automation on top of K3s installation, so one more Helm chart is not a big deal. This is not a critique of K3s though. There are valid reasons to not include the latest dependency versions into a distribution. |
This was cleaned up in k3s-io/docs#38. At this point in v1.26.1+k3s1, we do have a traefik chart that supports proxy protocol, but we want to keep the docs simple with an example that supports all our K3s releases. |
Environmental Info:
K3s version: v1.23.8+k3s2
Node(s) CPU architecture, OS, and Version:
Linux inst-tslxf-k3s-servers 5.15.0-1016-oracle #20-Ubuntu SMP Mon Aug 8 07:08:08 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
Cluster Configuration:
One server and three worker
Describe the bug:
When installing k3s with traefik and trying to configure traefik with HelmChartConfig to use proxy protocol the configuration seems to be ignored (or partially ignored).
This is the HelmChartConfig configutation:
but when I describe the traefik pod i cannot see this entries on Args:
and I cannot reach traefik from my public LB (with proxy protocol enabled)
But if i try to install traefik2 manually with the same values.yaml file (same k3s version and same OS/arch), this is the result:
and I can reach traefik from my public LB without any problem.
Steps To Reproduce:
Tested with terraform this terraform module.
The text was updated successfully, but these errors were encountered: