How to deploy Traefik Ingress Controller on Kubernetes using Helm

In this tutorial, you will learn how to deploy a Traefik ingress controller on your Kubernetes cluster. You will learn more about Traefik, its benefits and how to set it up and configure it on Kubernetes using Helm.

We will be using a Platform9 Managed Kubernetes cluster for this tutorial. However, you can use this tutorial to deploy Traefik on any Kubernetes cluster of your choice.

What is Traefik

Traefik Kubernetes Ingress is a modern, full-featured ingress controller for Kubernetes with powerful capabilities out of the box. Traefik installs as one or more pods that represent the Traefik controller, ingress proxies, and mesh proxies in your Kubernetes cluster.

Source: https://traefik.io/solutions/kubernetes-ingress/

Prerequisites

A Kubernetes cluster.
A Kubectl installation with your Kubernetes cluster from the step above configured as the primary cluster.
The helm 3 package manager client installed on your local machine. Follow Helm CLI to install the helm client on your machine

Step 1 - Install via CLI or PMK App Catalog

CLI

Once your Kubernetes cluster is up and running, you need to add the helm repository for Traefik to the cluster.

 add helm repository 
    
xxxxxxxxxx
 
helm repo add traefik https://helm.traefik.io/traefik
Copy

 output 
    
xxxxxxxxxx
 
"traefik" has been added to your repositories
Copy

Once you have added the helm repository, perform a generic repository update for your helm repositories to fetch the latest upstream updates for the newly-added traefik chart repository.

 helm repo update 
    
xxxxxxxxxx
 
helm repo update
Copy

 output 
    
xxxxxxxxxx
 
Hang tight while we grab the latest from your chart repositories......Successfully got an update from the "traefik" chart repository
Copy

Install the Traefik chart, ensuring you are scoped to the desired namespace.

 helm install 
    
xxxxxxxxxx
 
helm install traefik traefik/traefik
Copy

 output 
    
xxxxxxxxxx
 
NAME: traefikLAST DEPLOYED: Thu Apr  1 12:38:31 2021NAMESPACE: defaultSTATUS: deployedREVISION: 1TEST SUITE: None
Copy

Once Traefik is installed, validate that the resources were deployed correctly, e.g. the Traefik service was created, the Traefik pod is running, etc.

 kubectl get svc 
    
xxxxxxxxxx
 
kubectl get svc -l app.kubernetes.io/name=traefik
Copy

 output 
    
xxxxxxxxxx
 
NAME      TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)                      AGEtraefik   LoadBalancer   10.21.12.102   10.0.0.4      80:30416/TCP,443:30724/TCP   2m5s
Copy

 kubectl get pods 
    
xxxxxxxxxx
 
kubectl get po -l app.kubernetes.io/name=traefik
Copy

 output 
    
xxxxxxxxxx
 
NAME                       READY   STATUS    RESTARTS   AGEtraefik-5f896b6cc7-q56xl   1/1     Running   0          2m7s
Copy

PMK App Catalog

The PMK App Catalog can simplify installations and allow you to modify the application using the UI instead of working from the command line. We will walk through an installation using the App Catalog below.


	https://platform9.com/docs/kubernetes/certified-apps-overview

Start out by navigating to the Apps section. Select + Add New Repository.

Then we will name the repository, in our example we name it Traefik. The URL is going to be the Helm Repository that hosts the charts we need. For Traefik we will use https://helm.traefik.io/traefik. Save and move on to the next step.

Now the available applications will show up under the App Catalog section. We are going to deploy Traefik. Select Deploy on the Traefik tile. This will take us to the configuration of our application.

In the Deploy Application page we can name our deployment, select the cluster, namespace, version, and modify the values associated with the deployment. We will name the deployment traefik and select the cluster we want to use, then select the default namespace. The version will be set to the latest version as of this post: 10.9.1.

If you want to access the Dashboard for Traefik using an IP address and port 9000 then we will need to modify the values file. The Dashboard will deploy with "traefik" as the default entrypoint, which means we need to update the expose option from false to true. Once modified we will select Deploy.

 traefik values 
    
xxxxxxxxxx
 
"traefik": {   "expose": true,   "exposedPort": 9000,   "port": 9000,   "protocol": "TCP"
Copy


	If you want to modify the Dashboard IngressRoute to use Web, which is exposed by default and will allow use of port 80, then don't modify the deployment. We will update the IngressRoute after the Deployment has finished and add a Host so that traffic is routed based on "demo.pf9.io".

Step 2 - Expose Traefik Dashboard

By default, the helm chart and PMK App Catalog deploy an IngressRoute for the Traefik dashboard.

 default yaml 
    
xxxxxxxxxx
 
apiVersion: traefik.containo.us/v1alpha1kind: IngressRoutemetadata:  annotations:    helm.sh/hook: post-install,post-upgrade  labels:    app.kubernetes.io/instance: traefik    app.kubernetes.io/managed-by: Helm    app.kubernetes.io/name: traefik    helm.sh/chart: traefik-9.18.1    ...  name: traefik-dashboard  namespace: traefikspec:  entryPoints:  - traefik  routes:  - kind: Rule    match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)    services:    - kind: TraefikService      name: api@internal
Copy

By default the entryPoint for traefik is not exposed, which means we'll either need to expose the endpoint - like we did above - or change the endpoint to web and add a Host to the match field. This assumes we want to access the Dashboard via port 80 using a domain instead of an IP address.

 kubectl edit ingressroute 
    
xxxxxxxxxx
 
kubectl edit ingressroute traefik-dashboard
Copy

 updated yaml 
    
xxxxxxxxxx
 
apiVersion: traefik.containo.us/v1alpha1kind: IngressRoutemetadata:  annotations:    helm.sh/hook: post-install,post-upgrade  creationTimestamp: "2022-01-27T20:21:28Z"  generation: 1  labels:    app.kubernetes.io/instance: traefik    app.kubernetes.io/managed-by: Helm    app.kubernetes.io/name: traefik    helm.sh/chart: traefik-10.9.1  name: traefik-dashboard  namespace: default  resourceVersion: "7217"  uid: 7458ad97-2929-4cc1-94f1-14034d1dd968spec:  entryPoints:  - web  routes:  - kind: Rule    match: Host(`demo.pf9.io`) && PathPrefix(`/dashboard`) || PathPrefix(`/api`)    services:    - kind: TraefikService      name: api@internal
Copy

In our example demo.pf9.io is pointing at the LoadBalancer associated with the ingress controller. Since this is all local we are updating /etc/hosts - however you could also update local DNS to achieve the same results. If our LoadBalancer was a Public IP then we could update DNS for our domain using an A record or CNAME depending on your provider. Realistically you would want to set this up with certificates and TLS, however that is beyond the scope of this getting started guide.

 kubectl get svc 
    
xxxxxxxxxx
 
$ kubectl get svcNAME         TYPE           CLUSTER-IP    EXTERNAL-IP     PORT(S)                      AGEtraefik      LoadBalancer   10.21.75.43   192.168.86.10   80:32111/TCP,443:30796/TCP   5m20s
Copy

 demo.pf9.io 
    
xxxxxxxxxx
 
$ ping demo.pf9.ioPING demo.pf9.io (192.168.86.10): 56 data bytes64 bytes from 192.168.86.10: icmp_seq=0 ttl=64 time=12.816 ms64 bytes from 192.168.86.10: icmp_seq=1 ttl=64 time=12.781 ms
Copy


	Traefik – Dashboard Traefik – Routing & Load Balancing – EntryPoints - TLS

If you are having trouble reaching the dashboard on the exposed Ingress route, you can alternatively port-forward the connection via kubectl .

 Bash 
    
xxxxxxxxxx
 
kubectl port-forward $(kubectl get pods --selector "app.kubernetes.io/name=traefik" --output=name) 9000:9000
Copy

 Output 
    
xxxxxxxxxx
 
Forwarding from 127.0.0.1:9000 -> 9000Forwarding from [::1]:9000 -> 9000
Copy

Conclusion

You have now successfully installed Traefik ingress controller for your Kubernetes cluster.

Interested in more Content?

Last updated on Nov 15, 2022

Was this page helpful?