Charts: Traefik Dashboard on GKE is throwing an error for being ClusterIP

Created on 19 Mar 2019 · 16Comments · Source: helm/charts

Is this a request for help?: Yes

Is this a BUG REPORT or FEATURE REQUEST? (choose one): Bug

Version of Helm and Kubernetes:
Helm:

client version v2.13.0
server version v2.13.0

Kubernetes:

client version: v1.10.11
server version: v1.11.7-gke.4

Which chart:
Traefik

What happened:
Throwing the following error when deployed on GKE and exposing the dashboard service of type ClusterIP:

error while evaluating the ingress spec: service "kube-system/traefik-dashboard" is type "ClusterIP", expected "NodePort" or "LoadBalancer"

I did lookup the PR mentioned on the same issue and modified the value.yaml but the error still persists. https://github.com/helm/charts/pull/10788

I am able to open the dashboard all fine, but the error events are being thrown on GKE

What you expected to happen:
Should be able to have the dashboard exposed as service type ClusterIP

How to reproduce it (as minimally and precisely as possible):
Deploy the chart on GKE and expose the traefik dashboard

Anything else we need to know:
Following is the response for the command: kubectl describe ingress traefik-dashboard -n kube-system

Name:             traefik-dashboard
Namespace:        kube-system
Address:          
Default backend:  default-http-backend:80 (10.60.0.8:8080)
Rules:
  Host                 Path  Backends
  ----                 ----  --------
  traefik.nirneta.com  
                          traefik-dashboard:dashboard-http (10.60.2.12:8080)
Annotations:
Events:
  Type     Reason     Age                From                     Message
  ----     ------     ----               ----                     -------
  Normal   ADD        56m                loadbalancer-controller  kube-system/traefik-dashboard
  Warning  Translate  1m (x26 over 56m)  loadbalancer-controller  error while evaluating the ingress spec: service "kube-system/traefik-dashboard" is type "ClusterIP", expected "NodePort" or "LoadBalancer"

Current value.yaml file I have for the chart:

image: traefik
imageTag: 1.7.9
serviceType: LoadBalancer
whiteListSourceRange: []
externalTrafficPolicy: Cluster
replicas: 1
podDisruptionBudget: {}
resources: {}
debug:
  enabled: false
deploymentStrategy: {}
securityContext: {}
env: {}
nodeSelector: {}
affinity: {}
tolerations: []
proxyProtocol:
  enabled: false
  trustedIPs: []
forwardedHeaders:
  enabled: false
  trustedIPs: []
configFiles: {}
secretFiles:
  clouddns-instance-credentials.json: '{"type": "service_account", "project_id": "XXXXXXX", "private_key_id": "XXXXXXX", "private_key": "XXXXXX", "client_email": "XXXXX", "client_id": "XXXXXXX", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/XXXXX.iam.gserviceaccount.com"}'
ssl:
  enabled: true
  enforced: true
  permanentRedirect: true
  upstream: false
  insecureSkipVerify: false
  generateTLS: false
kvprovider:
  storeAcme: true
  importAcme: false
  consul:
    endpoint: consul.default.svc.cluster.local:8500
    watch: true
    prefix: traefik
acme:
  enabled: true
  email: [email protected]
  onHostRule: true
  staging: false
  logging: false
  domains:
    enabled: true
    domainsList:
      - main: "*.nirneta.com"
      - sans:
        - "nirneta.com"
  challengeType: dns-01
  delayBeforeCheck: 0
  resolvers: []
  dnsProvider:
    name: gcloud
    gcloud:
      GCE_PROJECT: "dega-231412"
      GCE_SERVICE_ACCOUNT_FILE: "/secrets/clouddns-instance-credentials.json"
  persistence:
    enabled: false
    annotations: {}
    accessMode: ReadWriteOnce
    size: 1Gi
dashboard:
  enabled: true
  domain: traefik.nirneta.com
  serviceType: ClusterIP
  service: {}
  ingress:
    annotations:
      kubernetes.io/ingress.class: traefik
  auth:
    basic:
      traefik: XXXXXX
  statistics: {}
service:
  nodePorts:
    http: ""
    https: ""
gzip:
  enabled: true
traefikLogFormat: json
accessLogs:
  enabled: false
  format: common  # choices are: common, json
  fields:
    defaultMode: keep
    names: {}
    headers:
      defaultMode: keep
      names: {}
rbac:
  enabled: true
metrics:
  prometheus:
    enabled: false
    restrictAccess: false
  datadog:
    enabled: false
  statsd:
    enabled: false
deployment:
  hostPort:
    httpEnabled: false
    httpsEnabled: false
    dashboardEnabled: true
sendAnonymousUsage: false
tracing:
  enabled: false
  serviceName: traefik

lifecyclstale

Source

deshetti

👍2

Most helpful comment

I had the same issue. First i try to install with

helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=LoadBalancer,dashboard.domain=traefik.example.com,rbac.enabled=true  --namespace kube-system

No errors was spawn on GKE and everything was working fine.

Then i put all args inside values.yaml purge the latest traefik and try helm install --values values.yaml --name traefik stable/traefik

image: traefik

serviceType: LoadBalancer

debug:
  enabled: false

dashboard:
  enabled: true
  domain: traefik.example.com
  ingress:
    annotations:
      kubernetes.io/ingress.class: traefik

kubernetes:
  namespaces:
    - kube-system

gzip:
  enabled: false

rbac:
  enabled: true

The same error when deployed on GKE and exposing the dashboard service of type ClusterIP:
```bash
error while evaluating the ingress spec: service "kube-system/traefik-dashboard" is type "ClusterIP", expected "NodePort" or "LoadBalancer"
````

Then i edit the dashboard service to NodePort and still not able to access the dashboard (404)

I think that the best option is to deploy Traefik using a Deployment or DaemonSet
https://docs.traefik.io/user-guide/kubernetes/#deploy-traefik-using-a-deployment-or-daemonset

arthurbdiniz on 4 May 2019

👍3

All 16 comments

I had it too, setting --set dashboard.serviceType=NodePort fixes this error... but I'm still not able to access the dashboard (404)

markmssd on 2 Apr 2019

Seems like the helm charts are broken.. the default configmap generated was all incorrrect.. with the pod throwing error saying "traefik "level":"fatal","msg":"Unknown entrypoint \"https\" for ACME configuration", ...
and then the issue with the service having type ClusterIP but expecting a nodeport..
am about to give up on this traefik...

consult-kk on 13 Apr 2019

👍1

I had the same issue. First i try to install with

helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=LoadBalancer,dashboard.domain=traefik.example.com,rbac.enabled=true  --namespace kube-system

No errors was spawn on GKE and everything was working fine.

Then i put all args inside values.yaml purge the latest traefik and try helm install --values values.yaml --name traefik stable/traefik

image: traefik

serviceType: LoadBalancer

debug:
  enabled: false

dashboard:
  enabled: true
  domain: traefik.example.com
  ingress:
    annotations:
      kubernetes.io/ingress.class: traefik

kubernetes:
  namespaces:
    - kube-system

gzip:
  enabled: false

rbac:
  enabled: true

Then i edit the dashboard service to NodePort and still not able to access the dashboard (404)

I think that the best option is to deploy Traefik using a Deployment or DaemonSet
https://docs.traefik.io/user-guide/kubernetes/#deploy-traefik-using-a-deployment-or-daemonset

arthurbdiniz on 4 May 2019

👍3

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

stale[bot] on 3 Jun 2019

👎7

/remove-lifecycle stale

27Bslash6 on 4 Jun 2019

I'm encountering the same issue. Like @arthurbdiniz, changing the servicetype to NodePort does not give a functional dashboard.

Did anyone get this to work and willing to share the values.yaml that you used?

tverhoeven on 6 Jun 2019

stale[bot] on 6 Jul 2019

👎1

/remove-lifecycle stale

markmssd on 6 Jul 2019

stale[bot] on 5 Aug 2019

👎1

/remove-lifecycle stale

Magikon on 17 Aug 2019

stale[bot] on 16 Sep 2019

👎1

This issue is being automatically closed due to inactivity.

stale[bot] on 30 Sep 2019

👎1

I still experience this issue, is it a timeline for fixes/workarounds? Isn't anybody else trying to install Traefik through this helm chart?

dfernandezm on 8 Nov 2019

I suspect the reason why people are getting stuck here is because the helm chart by default doesn't create a LoadBalancer serviceType for the dashboard... Also the dashboard listens on port 8080 which is separate from traefik itself which listens on 80 and 443 so either the helm chart needs to be modified to include port 8080 in the main service, or you can create another LoadBalancer by setting dashboard.serviceType=LoadBalancer. If you are like me and prefer private dashboards then add the second --set below to keep in on your VPC exclusively:

--set dashboard.serviceType=LoadBalancer
--set dashboard.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-internal"=0.0.0.0/0

acjohnson on 26 Nov 2019

Same issue here

Revocsid on 3 Dec 2019

same issue here, adding

rbac:
    enabled: true

in the values file seems to resolve the problem (or create the correct ClusterRole and ClusterRoleBinding manually)

kaminek on 15 Feb 2020

🎉1 👍1

Was this page helpful?

0 / 5 - 0 ratings

Related issues

[stable/spinnaker] unable to install stable/spinnaker

musabmasood · 3Comments

prometheus-operator additionalServiceMonitors attempts to create a ServiceMonitor with an empty name

gajus · 3Comments

Add atlassian bitbucket chart

onyxet · 3Comments

Halyard Pod not created while installing Spinnaker on Kubernetes(legacy) with default values using Helm chart

harshmehta93 · 3Comments

BUG: rabbitmq-ha chart fails to deploy on K8S 1.9.4 due to ConfigMaps now being mounted RO

tdcox · 3Comments