IngressClass doesn't work in Traefik >26.1.0

[forc3meat]

Welcome!

• Yes, I've searched similar issues on GitHub and didn't find any.
• Yes, I've searched similar issues on the Traefik community forum and didn't find any.

What did you do?

Hola, friends.

So to the problem.
If you deploy 2 traefik (external and internal, for example).
And want to split IngressRoutes for them, you will be not able to make it work in Traefik >v26.1.0

Steps to reproduce:

1. Deploy external Traefik v26.1.0 to AWS with simple values.ext.yaml
2. Deploy internal Traefik v34.4.0 to AWS with another values.int.yaml
3. Deliver some IngressRoute with ingress.class for internal balancer

Extected result:
You can serve both internal and external traffic simply

Actual result:
Internal Traefik can't find/see required resources, balancing doesn't work

What did you see instead?

There is no new IngressRoutes in the Traefik dashboard

What version of Traefik are you using?

External
helm upgrade --install --namespace=traefik --create-namespace traefik traefik/traefik --values=values.ext.yaml --version v26.1.0
Internal
helm upgrade --install --namespace=traefik --create-namespace traefik-internal traefik/traefik --values=values.int.yaml --version v34.4.0

What is your environment & configuration?

External

---
service:
  spec:
    externalTrafficPolicy: Local
  annotations:
    "service.beta.kubernetes.io/aws-load-balancer-target-group-attributes": "preserve_client_ip.enabled=true,proxy_protocol_v2.enabled=true"
    "service.beta.kubernetes.io/aws-load-balancer-proxy-protocol": "*"
    "service.beta.kubernetes.io/aws-load-balancer-type": "nlb"
    "prometheus/scrape": "true"
    "prometheus/port": "9100"
    "prometheus/path": /metrics

additionalArguments:
  - --serverstransport.maxidleconnsperhost=-1

deployment:
  kind: DaemonSet

providers:
  kubernetesCRD:
    allowCrossNamespace: true
    allowExternalNameServices: true

Internal

service:
  spec:
    externalTrafficPolicy: Local
  annotations:
    "service.beta.kubernetes.io/aws-load-balancer-target-group-attributes": "preserve_client_ip.enabled=true,proxy_protocol_v2.enabled=true"
    "service.beta.kubernetes.io/aws-load-balancer-proxy-protocol": "*"
    "service.beta.kubernetes.io/aws-load-balancer-type": "nlb"
    "service.beta.kubernetes.io/aws-load-balancer-internal": "true"
    "prometheus/scrape": "true"
    "prometheus/port": "9100"
    "prometheus/path": /metrics

additionalArguments:
  - --serverstransport.maxidleconnsperhost=-1
  - --providers.kubernetesingress.ingressclass=traefik-internal

deployment:
  kind: DaemonSet
  labels: traefik-internal

providers:
  kubernetesCRD:
    allowCrossNamespace: true
    allowExternalNameServices: true
    ingressClass: "traefik-internal"

ingressClass:
  enabled: true
  isDefaultClass: false
  name: "traefik-internal"

IngressRoute with ingress.class

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  annotations:
    helm.sh/hook: pre-install,pre-upgrade
    helm.sh/hook-delete-policy: before-hook-creation
    helm.sh/hook-weight: "-1"
    kubernetes.io/ingress.class: traefik-internal
  generation: 1
  labels:
    helmChart: admin-panel
  name: admin-panel-internal
  namespace: ops-275
spec:
  entryPoints:
  - web
  routes:
  - kind: Rule
    match: Host(`admin-panel.ops-275.domain.private`
    services:
    - kind: Service
      name: admin-panel
      port: 80

If applicable, please paste the log output in DEBUG level

No response

[mloiseleur]

Hello @forc3meat ,

I tried to reproduce your issue, without success.

Steps:

# Launch k3d cluster with endpoint for both traefiks
k3d cluster create traefik-hub --port 80:80@loadbalancer --port 443:443@loadbalancer --port 8000:8000@loadbalancer --port 8080:8080@loadbalancer --port 4443:4443@loadbalancer --port 9000:9000@loadbalancer  --k3s-arg "--disable=traefik@server:0"

# Deploy external traefik, without ingressClass
helm install traefik-external -n traefik --wait   --version v34.4.1   --set ingressClass.enabled=false   --set ingressRoute.dashboard.enabled=true   --set ingressRoute.dashboard.matchRule='Host(`dashboard.docker.localhost`)'   --set ingressRoute.dashboard.entryPoints={web}   --set ports.web.nodePort=30000   --set ports.websecure.nodePort=30001    traefik/traefik

# Deploy internal traefik, with ingressClass
helm install traefik-internal -n traefik-internal --create-namespace --wait   --version v34.4.1 -f traefik-internal.yaml traefik/traefik

Using those values for internal traefik:

ingressClass:
  enabled: true
  name: traefik-internal

providers:
  kubernetesCRD:
    ingressClass: traefik-internal

ingressRoute:
  dashboard:
    enabled: true
    isDefaultClass: false
    matchRule: Host(`dashboard-internal.docker.localhost`)
    entryPoints: [ "web" ]

ports:
  web:
    nodePort: 30002
    exposedPort: 8080
  websecure:
    nodePort: 30003
    exposedPort: 4443
  traefik:
    exposedPort: 9000

After, I was able to access both traefik dashboard:

• http://dashboard.docker.localhost/dashboard/
• http://dashboard-internal.docker.localhost:8080/dashboard/

Each of them displayed only the expected routers.

The internal dashboard IngressRoute has the expected annotation

kubectl get ingressroute -n traefik-internal  -o yaml traefik-internal-dashboard 

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  annotations:
    kubernetes.io/ingress.class: traefik-internal
  [ ... ]
  name: traefik-internal-dashboard
  namespace: traefik-internal

[mloiseleur]

@forc3meat So would you please provide us reproducible steps for a local env for this issue ?