Setup Traefik Ingress Controller on Kubernetes

What is Traefik?

"Traefik is a modern, full-featured router with powerful capabilities out of the box ... [which] installs as one or more pods of controllers, ingress proxies, and mesh proxies in your Kubernetes cluster."

Source: https://traefik.io/solutions/kubernetes-ingress/

Add Helm Repo

Add the helm repository for Traefik.

Bash
    
 
❯ helm repo add traefik https://helm.traefik.io/traefik"traefik" has been added to your repositories
Copy

Update Helm Repos

Update your Helm repositories locally to fetch the updates from the newly-added traefik chart repository.

Bash
    
​x
 
❯ helm repo update​Hang tight while we grab the latest from your chart repositories......Successfully got an update from the "traefik" chart repository
Copy

(Optional) Enable HTTPS/TLS

Insecure

If you opt not to provide a valid SSL certificate, such as for testing purposes, you may disable TLS/SSL validation by setting insecureSkipVerify to true .

values.yaml
    
 
additionalArguments:  - --entrypoints.websecure.address=:443  - --serversTransport.insecureSkipVerify=true
Copy

Secure

values.yaml
    
 
additionalArguments:  - --entrypoints.websecure.address=:443  - --serversTransport.insecureSkipVerify=false
Copy

Helm Install

Install the Traefik chart, ensuring you are scoped to the desired namespace, and optionally passing the -f flag with the name of the file specified above for passing any additional arguments.

Bash
    
 
❯ helm install traefik traefik/traefik -f values.yaml​NAME: traefikLAST DEPLOYED: Thu Apr  1 12:38:31 2021NAMESPACE: defaultSTATUS: deployedREVISION: 1TEST SUITE: None
Copy

Validate Kubernetes Resources

Validate that the resources were deployed correctly, e.g. a service was created, there is at least one running pod, etc.

Bash
    
 
❯ kubectl get svc -l app.kubernetes.io/name=traefikNAME      TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)                      AGEtraefik   LoadBalancer   10.21.12.102   10.0.0.4      80:30416/TCP,443:30724/TCP   2m5s​❯ kubectl get po -l app.kubernetes.io/name=traefikNAME                       READY   STATUS    RESTARTS   AGEtraefik-5f896b6cc7-q56xl   1/1     Running   0          2m7s
Copy

Expose Traefik Dashboard

By default, the Helm chart deploys an IngressRoute for the Traefik dashboard.

YAML
    
 
apiVersion: traefik.containo.us/v1alpha1kind: IngressRoutemetadata:  annotations:    helm.sh/hook: post-install,post-upgrade  labels:    app.kubernetes.io/instance: traefik    app.kubernetes.io/managed-by: Helm    app.kubernetes.io/name: traefik    helm.sh/chart: traefik-9.18.1    ...  name: traefik-dashboard  namespace: traefikspec:  entryPoints:  - traefik  routes:  - kind: Rule    match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)    services:    - kind: TraefikService      name: api@internal
Copy

Port Forwarding

If you're having trouble reaching the dashboard on the exposed Ingress route, you can alternatively port-forward the connection via kubectl .

YAML
    
 
❯ kubectl port-forward $(kubectl get pods --selector "app.kubernetes.io/name=traefik" --output=name) 9000:9000​Forwarding from 127.0.0.1:9000 -> 9000Forwarding from [::1]:9000 -> 9000
Copy

Last updated on

Was this page helpful?