Kubernetes Traefik Installation (helm)

by Anish

Posted on Friday January 18, 2019

Referefce

Introduction

In this article we will learn how to to setup traefik in kubernetes cluster using helm

Helm: Helm is a tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes resources.

  • Let's Begin deploying traefik using helm in traefik , if you are new to helm then download and initialize helm as follows
[email protected]:#  helm init
[email protected]:# kubectl create serviceaccount --namespace kube-system tiller
[email protected]:# kubectl create clusterrolebinding tiller-cluster-rule \
   --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
[email protected]:#  kubectl patch deploy --namespace kube-system tiller-deploy \
   -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
  • Make sure the title-deploy pod is up and running
[email protected]:/home/ansible# kubectl get pods -n kube-system 
NAME                                  READY     STATUS    RESTARTS   AGE
coredns-78fcdf6894-jvmlb              1/1       Running   0          1h
coredns-78fcdf6894-xstbn              1/1       Running   0          1h
etcd-kube-master                      1/1       Running   0          1h
kube-apiserver-kube-master            1/1       Running   0          1h
kube-controller-manager-kube-master   1/1       Running   0          1h
kube-flannel-ds-5gzn9                 1/1       Running   0          1h
kube-flannel-ds-tlc8j                 1/1       Running   0          1h
kube-proxy-kl4fg                      1/1       Running   0          1h
kube-proxy-krt6n                      1/1       Running   0          1h
kube-scheduler-kube-master            1/1       Running   0          1h
tiller-deploy-85744d9bfb-wh98g        1/1       Running   0          1h
  • Once titler pod is up and running, traefik Installation starts here, this is done through helm the kubernetes package manager,

About traefik

Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.

  • In the below command line, we enabled the dashboard (dashboard.enabled=true) and made it available on http://dashboard.traefik (dashboard.domain=dashboard.traefik). Since the installation is performed in barematel set the serviceType=NodePort, you ignore this field if you have load-balancer enabled, we tell the helm to setup the cluster role binding by setting rbac.enabled=true
  • The traefik ingress is installed in the kube-system namespace
helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=NodePort,dashboard.domain=dashboard.traefik,rbac.enabled=true  --namespace kube-system

NAME:   traefik
LAST DEPLOYED: Fri Jan 18 10:20:11 2019
NAMESPACE: kube-system
STATUS: DEPLOYED

RESOURCES:
==> v1/ServiceAccount
NAME     SECRETS  AGE
traefik  1        3s

==> v1/ClusterRole
NAME     AGE
traefik  3s

==> v1/ClusterRoleBinding
NAME     AGE
traefik  3s

==> v1/Service
NAME               TYPE       CLUSTER-IP      EXTERNAL-IP  PORT(S)                     AGE
traefik-dashboard  ClusterIP  10.111.208.113  <none>       80/TCP                      3s
traefik            NodePort   10.106.144.153  <none>       80:31622/TCP,443:31703/TCP  2s

==> v1/Deployment
NAME     DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
traefik  1        1        1           0          2s

==> v1beta1/Ingress
NAME               HOSTS              ADDRESS  PORTS  AGE
traefik-dashboard  dashboard.traefik  80       2s

==> v1/Pod(related)
NAME                     READY  STATUS             RESTARTS  AGE
traefik-8dc967bf9-89cb2  0/1    ContainerCreating  0         2s

==> v1/ConfigMap
NAME     DATA  AGE
traefik  1     3s

NOTES:

1. Traefik has been started. You can find out the port numbers being used by traefik by running:

          $ kubectl describe svc traefik --namespace kube-system

2. Configure DNS records corresponding to Kubernetes ingress resources to point to the NODE_IP/NODE_HOST
  • View the cluster role
[email protected]:# kubectl describe clusterrole traefik
Name:         traefik
Labels:       <none>
Annotations:  <none>
PolicyRule:
  Resources                    Non-Resource URLs  Resource Names  Verbs
  ---------                    -----------------  --------------  -----
  endpoints                    []                 []              [get list watch]
  pods                         []                 []              [get list watch]
  secrets                      []                 []              [get list watch]
  services                     []                 []              [get list watch]
  ingresses.extensions         []                 []              [get list watch]
  ingresses.extensions/status  []                 []              [update]
  • Check the traefik pods are running in the kube-system namespace
[email protected]:/home/ansible# kubectl get pods  -n kube-system | grep traefik
traefik-8dc967bf9-89cb2               1/1       Running   0          17m
  • Traefik has been started. You can find out the port numbers being used by traefik by running:
[email protected]:# kubectl describe svc traefik --namespace kube-system
Name:                     traefik
Namespace:                kube-system
Labels:                   app=traefik
                          chart=traefik-1.58.0
                          heritage=Tiller
                          release=traefik
Annotations:              <none>
Selector:                 app=traefik,release=traefik
Type:                     NodePort
IP:                       10.106.144.153
Port:                     http  80/TCP
TargetPort:               http/TCP
NodePort:                 http  31622/TCP
Endpoints:                10.244.1.81:80
Port:                     https  443/TCP
TargetPort:               httpn/TCP
NodePort:                 https  31703/TCP
Endpoints:                10.244.1.81:8880
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>
  • View the helm chart deployment
[email protected]:# helm ls 
NAME    REVISION  UPDATED                   STATUS    CHART           APP VERSION NAMESPACE  
traefik 1         Fri Jan 18 10:20:11 2019  DEPLOYED  traefik-1.58.0  1.7.6       kube-system

  • Note: The installed traefik is over http and there is no form of Authentication, in order to provide the basic authentication
  • To configure BASIC AUTH Use htpasswd to create a file containing the username and the MD5-encoded password:
[email protected]:# htpasswd -c traefik traefik
New password: <<traefik>>
Re-type new password:<<traefik>>
  • Deploy traefik with dashboard.auth.basic Enabled
[email protected]:# helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=NodePort,dashboard.domain=dashboard.traefik,rbac.enabled=true,dashboard.auth.basic.traefik='$apr1$vUmd7ddA$CoklUZpHBbRzvnZUz6eFY.' --namespace kube-system
  • Open the web browser and browse Node port http://dashboard.traefik:<NODE_PORT>/ to access Traefik page
  • Give username and password as traefik:traefik
  • Enable SSL, this can be done through by setting the ssl.enabled=true
  • Deploy traefik with BASIC AUTH and SSL Enabled
[email protected]:# helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=NodePort,dashboard.domain=dashboard.traefik,rbac.enabled=true,dashboard.auth.basic.traefik='$apr1$vUmd7ddA$CoklUZpHBbRzvnZUz6eFY.',ssl.enabled=true,ssl.enforced=true --namespace kube-system
  • Open the web browser and browse secure Node port https://dashboard.traefik:<NODE_PORT>/ to access Traefik page securely
  • To learn more about helm traefik chart go here

Thanks Happy Helming, do poke me for any problems

Video Demo

Thanku for reading !!! Give a Share for Support

Asking for donation sound bad to me, so i'm raising fund from by offering all my Nine book for just $9

Kubernetes Related Topics
  • kubernetes (pod/deployment/svc) YAML/JSON Generator
  • Docker compose to kubernetes Generator
  • kubernetes to Docker Compose Generator
  • Docker compose Generator
  • Docker run to compose Generator
  • Docker compose to docker run Generator
  • kubernetes install on using ansible
  • kube install on in centos7/ubuntu7
  • kubernetes Dashbaord Setup
  • Pod,Cluster,Deploy,ReplicaSet Light Dive
  • kubernetes secure nginx deployment
  • kubernetes Port, Targetport and NodePort
  • kubernetes Namespace
  • kubenetes Auth,Authorization,Admission
  • kubernetes Role-Based Access Control
  • Kubernetes Privilege Escalation Vulnerability
  • Upgrading kubernetes cluster
  • Prometheus Dashboard Access
  • Kubernetes mysql installation
  • Kubernetes Jenkins installation
  • Podman Jenkins installation
  • Kubernetes mariadb installation
  • Kubernetes wordpress installation
  • Kubernetes drupal installation
  • Kubernetes traefik installation
  • Kubernetes Ingress traefik
  • kubernetes service external ip pending ?
  • Service Mesh With Istio
  • Access SVC in Another Namespaces
  • kubernetes Java client example
  • kubernetes letsencrypt deploy wild card certificate
  • Right Way to Install Docker
  • Docker Private repo with SSL and AUTH
  • Creating Docker Base Image
  • Container Runtime (RUNC,RKT,CRI-O,Conatinerd)
  • Podman Install on Ubuntu/Debian
    • Linux Related Topics
    Ansible Related Topics
    Openstack Articles
    Applied Cryptography Topics
    Web Crypto API Topics
    python Cryptography Topics
    PHP Cryptography Topics
    Topics
    For Coffee/ Beer/ Amazon Bill and further development of the project Support by Purchasing, The Modern Cryptography CookBook for Just $9 Coupon Price

    Kubernetes for DevOps

    Hello Dockerfile

    Cryptography for Python Developers

    Cryptography for JavaScript Developers

    Go lang ryptography for Developers

    Here