Kubernetes Traefik Installation (helm)
by Anish
Posted on Friday January 18, 2019
Introduction
In this article we will learn how to to setup traefik in kubernetes cluster using helm
Helm: Helm is a tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes resources.
- Let's Begin deploying traefik using helm in traefik , if you are new to helm then download and initialize helm as follows
root@kube-master:# helm init
root@kube-master:# kubectl create serviceaccount --namespace kube-system tiller
root@kube-master:# kubectl create clusterrolebinding tiller-cluster-rule \
--clusterrole=cluster-admin --serviceaccount=kube-system:tiller
root@kube-master:# kubectl patch deploy --namespace kube-system tiller-deploy \
-p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
- Make sure the title-deploy pod is up and running
root@kube-master:/home/ansible# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-78fcdf6894-jvmlb 1/1 Running 0 1h
coredns-78fcdf6894-xstbn 1/1 Running 0 1h
etcd-kube-master 1/1 Running 0 1h
kube-apiserver-kube-master 1/1 Running 0 1h
kube-controller-manager-kube-master 1/1 Running 0 1h
kube-flannel-ds-5gzn9 1/1 Running 0 1h
kube-flannel-ds-tlc8j 1/1 Running 0 1h
kube-proxy-kl4fg 1/1 Running 0 1h
kube-proxy-krt6n 1/1 Running 0 1h
kube-scheduler-kube-master 1/1 Running 0 1h
tiller-deploy-85744d9bfb-wh98g 1/1 Running 0 1h
- Once titler pod is up and running, traefik Installation starts here, this is done through helm the kubernetes package manager,
About traefik
Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.
- In the below command line, we enabled the dashboard (
dashboard.enabled=true) and made it available on http://dashboard.traefik (dashboard.domain=dashboard.traefik). Since the installation is performed in barematel set theserviceType=NodePort, you ignore this field if you have load-balancer enabled, we tell the helm to setup the cluster role binding by settingrbac.enabled=true - The traefik ingress is installed in the kube-system namespace
helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=NodePort,dashboard.domain=dashboard.traefik,rbac.enabled=true --namespace kube-system
NAME: traefik
LAST DEPLOYED: Fri Jan 18 10:20:11 2019
NAMESPACE: kube-system
STATUS: DEPLOYED
RESOURCES:
==> v1/ServiceAccount
NAME SECRETS AGE
traefik 1 3s
==> v1/ClusterRole
NAME AGE
traefik 3s
==> v1/ClusterRoleBinding
NAME AGE
traefik 3s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
traefik-dashboard ClusterIP 10.111.208.113 <none> 80/TCP 3s
traefik NodePort 10.106.144.153 <none> 80:31622/TCP,443:31703/TCP 2s
==> v1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
traefik 1 1 1 0 2s
==> v1beta1/Ingress
NAME HOSTS ADDRESS PORTS AGE
traefik-dashboard dashboard.traefik 80 2s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
traefik-8dc967bf9-89cb2 0/1 ContainerCreating 0 2s
==> v1/ConfigMap
NAME DATA AGE
traefik 1 3s
NOTES:
1. Traefik has been started. You can find out the port numbers being used by traefik by running:
$ kubectl describe svc traefik --namespace kube-system
2. Configure DNS records corresponding to Kubernetes ingress resources to point to the NODE_IP/NODE_HOST
- View the cluster role
root@kube-master:# kubectl describe clusterrole traefik
Name: traefik
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
endpoints [] [] [get list watch]
pods [] [] [get list watch]
secrets [] [] [get list watch]
services [] [] [get list watch]
ingresses.extensions [] [] [get list watch]
ingresses.extensions/status [] [] [update]
- Check the traefik pods are running in the kube-system namespace
root@kube-master:/home/ansible# kubectl get pods -n kube-system | grep traefik
traefik-8dc967bf9-89cb2 1/1 Running 0 17m
- Traefik has been started. You can find out the port numbers being used by traefik by running:
root@kube-master:# kubectl describe svc traefik --namespace kube-system
Name: traefik
Namespace: kube-system
Labels: app=traefik
chart=traefik-1.58.0
heritage=Tiller
release=traefik
Annotations: <none>
Selector: app=traefik,release=traefik
Type: NodePort
IP: 10.106.144.153
Port: http 80/TCP
TargetPort: http/TCP
NodePort: http 31622/TCP
Endpoints: 10.244.1.81:80
Port: https 443/TCP
TargetPort: httpn/TCP
NodePort: https 31703/TCP
Endpoints: 10.244.1.81:8880
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
- View the helm chart deployment
root@kube-master:# helm ls
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
traefik 1 Fri Jan 18 10:20:11 2019 DEPLOYED traefik-1.58.0 1.7.6 kube-system
- Open the web browser and browse Node port http://dashboard.traefik:31622/ to access Traefik page
- Note: The installed traefik is over http and there is no form of Authentication, in order to provide the basic authentication
- To configure BASIC AUTH Use
htpasswdto create a file containing the username and the MD5-encoded password:
root@kube-master:# htpasswd -c traefik traefik
New password: <<traefik>>
Re-type new password:<<traefik>>
- Deploy traefik with
dashboard.auth.basicEnabled
root@kube-master:# helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=NodePort,dashboard.domain=dashboard.traefik,rbac.enabled=true,dashboard.auth.basic.traefik='$apr1$vUmd7ddA$CoklUZpHBbRzvnZUz6eFY.' --namespace kube-system
- Open the web browser and browse Node port http://dashboard.traefik:<NODE_PORT>/ to access Traefik page
- Give username and password as traefik:traefik
- Enable SSL, this can be done through by setting the
ssl.enabled=true - Deploy traefik with BASIC AUTH and SSL Enabled
root@kube-master:# helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=NodePort,dashboard.domain=dashboard.traefik,rbac.enabled=true,dashboard.auth.basic.traefik='$apr1$vUmd7ddA$CoklUZpHBbRzvnZUz6eFY.',ssl.enabled=true,ssl.enforced=true --namespace kube-system
- Open the web browser and browse secure Node port https://dashboard.traefik:<NODE_PORT>/ to access Traefik page securely
- To learn more about helm traefik chart go here
Thanks Happy Helming, do poke me for any problems
Video Demo
Thanku for reading !!! Give a Share for Support
Your Support Matters!
Instead of directly asking for donations, I'm thrilled to offer you all nine of my books for just $9 on leanpub By grabbing this bundle you not only help cover my coffee, beer, and Amazon bills but also play a crucial role in advancing and refining this project. Your contribution is indispensable, and I'm genuinely grateful for your involvement in this journey!
Any private key value that you enter or we generate is not stored on this site, this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen, for extra security run this software on your network, no cloud dependency
Kubernetes Related Topics
Linux Related Topics
Ansible Related Topics
Openstack Articles
Applied Cryptography Topics
Web Crypto API Topics
python Cryptography Topics
PHP Cryptography Topics
Topics
For Coffee/ Beer/ Amazon Bill and further development of the project Support by Purchasing, The Modern Cryptography CookBook for Just $9 Coupon Price
Kubernetes for DevOps
Hello Dockerfile