[BUG] Applying the plugin results in connection refused
timbastin opened this issue Β· comments
Describe the bug π
I am installing the plugin using this in my traefik values.yaml:
# Traefik experimental features
experimental:
# This value is no longer used, set the image.tag to a semver higher than 3.0, e.g. "v3.0.0-beta3"
# v3:
# -- Enable traefik version 3
# enabled: false
plugins:
# -- Enable traefik experimental plugins
crowdsec-bouncer-traefik-plugin:
moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
version: "v1.1.16"
Besides that, i have the following middleware:
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: bouncer
namespace: default
spec:
plugin:
crowdsec-bouncer-traefik-plugin:
CrowdsecLapiKey: xxxx
Enabled: false # I even disabled this
LogLevel: DEBUG
CrowdsecMode: stream
CrowdsecLapiHost: crowdsec-service.crowdsec.svc.cluster.local:8080
CrowdsecLapiScheme: http
HTTPTimeoutSeconds: 5
I am trying to apply the plugin as a default middleware. Therefore i added those inside my values.yaml for traefik
additionalArguments:
- "--entrypoints.web.http.middlewares=default-bouncer@kubernetescrd"
- "--entrypoints.websecure.http.middlewares=default-bouncer@kubernetescrd"
Expected behavior π
I was expecting not to see anything. Basically the plugin is disabled, therefore everything should function.
Context π
I tried log level debug, but there are no logs from the plugin.
Version (please complete the following information):
I am using kubernetes.
- OS: Kubernetes
- Traefik version: 2.10.6
- Plugin version: 1.1.6
To Reproduce
The behaviour does not seem to be deterministically. This configuration did work on another kubernetes setup.
Hi,
Thanks for opening this issue, I'll take a look and maybe ask you some more info if needed.
Hello,
I spent some time now to try to reproduce this.
I followed my documentation which is not up to date : https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/tree/main/examples/kubernetes
Traefik Helm Chart has updated between version 24 and 26.
In the v26, there is an error when you use
experimental:
plugins:
enabled: true
However there is an error then in the plugin in the dashboard and the logs with version 25,26:
time="2024-02-18T20:17:10Z" level=error msg="invalid middleware \"traefik-bouncer@kubernetescrd\" configuration: invalid middleware type or middleware does not exist" entryPointName=web routerName=traefik-whoami@kubernetes
I tried version 24 of the helm chart with the old syntax mentionned in my doc and its working well.
In the meantime that I find what is the new "correct syntax", you can use the following:
helm upgrade --version v24.0.0 --inst
all --namespace=traefik --values=./traefik/values.yml traefik traefik/traefik
This "traefik/traefik-helm-chart@e7ce1b4" could be interesting
Hey @timbastin
So I managed to get it working with helm chart version 26.1.0.
I used this values.yml
:
image:
tag: v2.11
logs:
general:
level: DEBUG
access:
enabled: true
fields:
headers:
defaultmode: keep
# experimental:
# plugins:
# enabled: true
experimental:
plugins:
bouncer:
moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
version: "v1.1.16"
# additionalArguments:
# - "--experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
# - "--experimental.plugins.bouncer.version=v1.2.0"
helm update
helm upgrade --version v26.1.0 --install --namespace=traefik --values=./traefik/values.yml traefik traefik/traefik
I could watch logs with:
kubectl get pod --namespace traefik
kubectl logs $(kubectl get pods --namespace=traefik --selector "app.kubernetes.io/name=traefik" --output=name) --namespace traefik -f
My plugin is configured like this plugin.yml
:
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: bouncer
namespace: traefik
spec:
plugin:
bouncer:
CrowdsecLapiKey: 40796d93c2958f9e58345514e67740e5
Enabled: "true"
logLevel: DEBUG
crowdsecMode: live
crowdsecLapiHost: crowdsec-service.crowdsec.svc.cluster.local:8080
crowdsecLapiScheme: http
You should see in the logs the following:
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/02/19 17:59:12 No IP provided for ForwardedHeadersTrustedIPs
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/02/19 17:59:12 No IP provided for ClientTrustedIPs
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/02/19 17:59:12 getTLSConfigCrowdsec:CrowdsecLapiScheme https:no
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/02/19 17:59:12 cache:New initialized isRedis:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/02/19 17:59:12 New initialized mode:live
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/02/19 17:59:48 ServeHTTP ip:127.0.0.1 isTrusted:false
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/02/19 17:59:48 cache:GetDecision ip:127.0.0.1
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/02/19 17:59:48 ServeHTTP:getDecision ip:127.0.0.1 isBanned:false cache:miss
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/02/19 17:59:48 cache:SetDecision ip:127.0.0.1 isBanned:false duration:60s
DEBUG: CrowdsecBouncerTraefikPlugin: 2024/02/19 17:59:48 ServeHTTP:handleNoStreamCache ip:127.0.0.1 isBanned:false
I will update the example for kubernetes so you can test on your side
Please let me know if you get it working