Hi all,
I am playing with K3S to try and practice a bit of Kubernetes. Have set up a Fedora VM with K3S, and as per recent docs I am trying to set up the Gateway API, which is supposed to replace Ingress.
K3S comes with Traefik installed via Helm, and as per their docs “you should customize Traefik by creating an additional HelmChartConfig manifest in /var/lib/rancher/k3s/server/manifests”. Following Traefik’s docs, I created such a file to enable the Gateway API, disable Ingress, and then enable Traefik’s dashboard and create an HTTPRoute to it:
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
# Redirection at the entrypoint level (static config). HTTP to HTTPS
ports:
web:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
# Enable Traefik's dashboard over HTTPS
api:
dashboard: true
insecure: false
# Disable IngressRoute for the dashboard as we'll use Gateway API HTTPRoute
ingressRoute:
dashboard:
enabled: false
# Enable Gateway API and disable Ingress
providers:
kubernetesGateway:
enabled: true
kubernetesIngress:
enabled: false
kubernetesCRD:
enabled: true
# Configure Gateway API
gateway:
enabled: true
name: traefik-gateway
listeners:
web:
port: 8000
protocol: HTTP
namespacePolicy:
from: All
websecure:
port: 8443
protocol: HTTPS
namespacePolicy:
from: All
mode: Terminate
certificateRefs:
- kind: Secret
name: local-selfsigned-tls
group: ""
# Define custom middleware objects and the new HTTPRoute
extraObjects:
# 1. Middleware for Basic Authentication
- apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: dashboard-auth
namespace: kube-system
spec:
basicAuth:
secret: dashboard-auth
# 2. Middleware to redirect root to /dashboard/
- apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: dashboard-redirect
namespace: kube-system
spec:
redirectRegex:
regex: "^https://traefik.k3s.local/?$"
replacement: "https://traefik.k3s.local/dashboard/"
# 3. HTTPRoute to expose the dashboard via Gateway API
- apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: traefik-dashboard
namespace: kube-system
spec:
# References the Gateway that will handle this traffic
parentRefs:
- name: traefik-gateway
namespace: kube-system
sectionName: websecure # Bind to the HTTPS listener
# The domain name used to access the dashboard
hostnames:
- "traefik.k3s.local"
rules:
- filters:
# Use ExtensionRef to reference Traefik Middlewares
# This replaces the older annotation-based approach
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: dashboard-auth
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: dashboard-redirect
backendRefs:
- name: api@internal
group: traefik.io
kind: TraefikService
port: 8080
This is working perfectly fine, and I can access Traefik’s dashboard by browsing to https://traefik.k3s.local.
Now, I want to be able to create not only HTTPRoutes but also TCPRoutes and UDPRoutes, as I am trying to set up Syncthing as a deployment in the environment.
Traefik mentions to add the “experimentalChannel” to support TCPRoutes and UDPRoutes, as per the documentation at: Helm Chart Values | Traefik Hub Documentation. Looking at the version of Traefik installed (37.1.1), these are the values that can be used to customize the Chart: k3s-charts/charts/traefik/37.1.1+up37.1.0/values.yaml at main · k3s-io/k3s-charts · GitHub. There there is a reference to that “experimentalChannel” setting as well. So, I just added that to the previous HelmChartConfig file:
# Enable Gateway API and disable Ingress
providers:
kubernetesGateway:
enabled: true
experimentalChannel: true
kubernetesIngress:
enabled: false
kubernetesCRD:
enabled: true
Helm reloads Traefik just fine, but when I try to create a TCPRoute or UDPRoute, I keep getting this error:
Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: [resource mapping not found for name: "syncthing-tcp" namespace: "syncthing" from "": no matches for kind "TCPRoute" in version "gateway.networking.k8s.io/v1alpha2"
ensure CRDs are installed first, resource mapping not found for name: "syncthing-udp" namespace: "syncthing" from "": no matches for kind "UDPRoute" in version "gateway.networking.k8s.io/v1alpha2"
ensure CRDs are installed first, resource mapping not found for name: "syncthing-discovery" namespace: "syncthing" from "": no matches for kind "UDPRoute" in version "gateway.networking.k8s.io/v1alpha2"
ensure CRDs are installed first]
helm.go:92: 2026-01-22 18:07:48.516328647 +0100 CET m=+0.768768674 [debug] [resource mapping not found for name: "syncthing-tcp" namespace: "syncthing" from "": no matches for kind "TCPRoute" in version "gateway.networking.k8s.io/v1alpha2"
ensure CRDs are installed first, resource mapping not found for name: "syncthing-udp" namespace: "syncthing" from "": no matches for kind "UDPRoute" in version "gateway.networking.k8s.io/v1alpha2"
ensure CRDs are installed first, resource mapping not found for name: "syncthing-discovery" namespace: "syncthing" from "": no matches for kind "UDPRoute" in version "gateway.networking.k8s.io/v1alpha2"
ensure CRDs are installed first]
unable to build kubernetes objects from release manifest
I have tried many things, but nothing seems to work. I dont want to mess up with how K3S installs Traefik, but not sure what to try. Any ideas?!
Cheers