Unused Traefik Middleware

Traefik Middlewares are used to customize the API Gateway behavior. Middlewares are referenced from IngressRoute. This validator detects when a Middleware is not attached to IngressRoutes. That can be an indication of a typo in the Middleware name, namespace or IngressRoutes reference.

Affected Resources: Middleware

Examples

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: redirect                       # IngressRoute references "redirect-https" instead
spec:
  redirectScheme:
    permanent: true
    scheme: https

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: whoami
spec:
  entryPoints:
  - web
  routes:
  - kind: Rule
    match: Host(`demo.kubevious.io`)
    middlewares:
    - name: redirect-https             # Middleware not found in same namespace
    services:
    - kind: Service
      name: whoami-svc
      port: 80

Resolution

Examine IngressRoutes within the namespace and determine if the Middleware is supposed used in any of them.

Examine global references in IngressRoutes and see if any of them should refer to this Middleware using the "<namespace>-<middleware>@kubernetescrd" pattern.

If the Middleware is indeed unused, it may need to be just removed.

Learn More

https://doc.traefik.io/traefik/routing/providers/kubernetes-crd/#kind-ingressroute

https://doc.traefik.io/traefik/v2.0/middlewares/overview/

Missing Traefik TLSOptions reference in IngressRoute

Unused Traefik Service

Need other validation rules?

Please let us know if there are other built-in validation rules you would like to see in Kubevious to detect misconfigurations and violations to best practices. Optionally, you can provide your details so we can reach out to you with follow-up questions.

Share this article on: