Installing Traefik Ingress
Let's start adding the helm charts
helm repo add traefik https://helm.traefik.io/traefik
helm repo update
Create a file named values.yaml with the content:
---
deployment:
kind: DaemonSet
ports:
web:
port: 80
websecure:
port: 443
service:
enabled: false
nodeSelector:
ingress: true
hostNetwork: true
ingressRoute:
dashboard:
enabled: false # We will use a custom inrgessRoute with basic auth instead of the default one
# The following lines are needed if you have an error like: error while building entryPoint web: error preparing server: error opening listener: listen tcp :80: bind: permission denied
# It just means that Traefik is unable to listen to connections on the host because of a lack of permissions.
# Hence the need for aditionnal permissions.
securityContext:
capabilities:
drop: [ALL]
add: [NET_BIND_SERVICE]
readOnlyRootFilesystem: true
runAsGroup: 0
runAsNonRoot: false
runAsUser: 0
Note that we are using hostNetwork and change the ports to 80 and 443, that way we can point your DNS directly to the node
Create a file name dashboard-ingress.yaml with the content:
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-dashboard
namespace: traefik-system
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`traefik.internal.yourdomain.com`) # Hostname to match
kind: Rule
services: # Service to redirect requests to
- name: api@internal # Special service created by Traefik pod
kind: TraefikService
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: auth
namespace: traefik-system
spec:
basicAuth:
namespace: traefik-system
secret: traefik-auth
Change your domain and point a DNS to ip of one os the nodes running traefik
Install htpassword and generate a user for the dashboard
sudo apt install apache2-utils
htpasswd -c users admin
Enter a secure password
Create a kustomization file with the contents:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: traefik-system
secretGenerator:
- name: traefik-auth
files:
- users
generatorOptions:
disableNameSuffixHash: true
resources:
- dashboard-ingress.yaml
Select the nodes you want the ingress installed by label them with command
kubectl label nodes node ingress=true
Now lest install:
helm install --namespace=traefik-system --create-namespace traefik traefik/traefik -f values.yaml
Check the installation:
kubectl -n traefik-system get daemonset
curl http://ip-node
Apply the dashboard ingress
kubectl apply -k .
Now you can test you ingress
Next post we will put a load balancer with cloudflare service in front of the ingress nodes.
If your cloud provider offers a managed kubernetes or is a cloud supported tech like openstack you should probably use the service type LoadBalacer.
In this case you can remove the config:
service:
enabled: false
and also the ports overrides since you will use your loadbalancer ip to access the content.
If you plan to use acme letsencrypt with traefik you should read this post https://www.padok.fr/en/blog/traefik-kubernetes-certmanager