Kubernetes Traefik Installation (helm)

by Anish

Posted on Friday January 18, 2019

Referefce

Introduction

In this article we will learn how to to setup traefik in kubernetes cluster using helm

Helm: Helm is a tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes resources.

  • Let's Begin deploying traefik using helm in traefik , if you are new to helm then download and initialize helm as follows
root@kube-master:#  helm init
root@kube-master:# kubectl create serviceaccount --namespace kube-system tiller
root@kube-master:# kubectl create clusterrolebinding tiller-cluster-rule \
   --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
root@kube-master:#  kubectl patch deploy --namespace kube-system tiller-deploy \
   -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
  • Make sure the title-deploy pod is up and running
root@kube-master:/home/ansible# kubectl get pods -n kube-system 
NAME                                  READY     STATUS    RESTARTS   AGE
coredns-78fcdf6894-jvmlb              1/1       Running   0          1h
coredns-78fcdf6894-xstbn              1/1       Running   0          1h
etcd-kube-master                      1/1       Running   0          1h
kube-apiserver-kube-master            1/1       Running   0          1h
kube-controller-manager-kube-master   1/1       Running   0          1h
kube-flannel-ds-5gzn9                 1/1       Running   0          1h
kube-flannel-ds-tlc8j                 1/1       Running   0          1h
kube-proxy-kl4fg                      1/1       Running   0          1h
kube-proxy-krt6n                      1/1       Running   0          1h
kube-scheduler-kube-master            1/1       Running   0          1h
tiller-deploy-85744d9bfb-wh98g        1/1       Running   0          1h
  • Once titler pod is up and running, traefik Installation starts here, this is done through helm the kubernetes package manager,

About traefik

Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.

  • In the below command line, we enabled the dashboard (dashboard.enabled=true) and made it available on http://dashboard.traefik (dashboard.domain=dashboard.traefik). Since the installation is performed in barematel set the serviceType=NodePort, you ignore this field if you have load-balancer enabled, we tell the helm to setup the cluster role binding by setting rbac.enabled=true
  • The traefik ingress is installed in the kube-system namespace
helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=NodePort,dashboard.domain=dashboard.traefik,rbac.enabled=true  --namespace kube-system

NAME:   traefik
LAST DEPLOYED: Fri Jan 18 10:20:11 2019
NAMESPACE: kube-system
STATUS: DEPLOYED

RESOURCES:
==> v1/ServiceAccount
NAME     SECRETS  AGE
traefik  1        3s

==> v1/ClusterRole
NAME     AGE
traefik  3s

==> v1/ClusterRoleBinding
NAME     AGE
traefik  3s

==> v1/Service
NAME               TYPE       CLUSTER-IP      EXTERNAL-IP  PORT(S)                     AGE
traefik-dashboard  ClusterIP  10.111.208.113  <none>       80/TCP                      3s
traefik            NodePort   10.106.144.153  <none>       80:31622/TCP,443:31703/TCP  2s

==> v1/Deployment
NAME     DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
traefik  1        1        1           0          2s

==> v1beta1/Ingress
NAME               HOSTS              ADDRESS  PORTS  AGE
traefik-dashboard  dashboard.traefik  80       2s

==> v1/Pod(related)
NAME                     READY  STATUS             RESTARTS  AGE
traefik-8dc967bf9-89cb2  0/1    ContainerCreating  0         2s

==> v1/ConfigMap
NAME     DATA  AGE
traefik  1     3s

NOTES:

1. Traefik has been started. You can find out the port numbers being used by traefik by running:

          $ kubectl describe svc traefik --namespace kube-system

2. Configure DNS records corresponding to Kubernetes ingress resources to point to the NODE_IP/NODE_HOST
  • View the cluster role
root@kube-master:# kubectl describe clusterrole traefik
Name:         traefik
Labels:       <none>
Annotations:  <none>
PolicyRule:
  Resources                    Non-Resource URLs  Resource Names  Verbs
  ---------                    -----------------  --------------  -----
  endpoints                    []                 []              [get list watch]
  pods                         []                 []              [get list watch]
  secrets                      []                 []              [get list watch]
  services                     []                 []              [get list watch]
  ingresses.extensions         []                 []              [get list watch]
  ingresses.extensions/status  []                 []              [update]
  • Check the traefik pods are running in the kube-system namespace
root@kube-master:/home/ansible# kubectl get pods  -n kube-system | grep traefik
traefik-8dc967bf9-89cb2               1/1       Running   0          17m
  • Traefik has been started. You can find out the port numbers being used by traefik by running:
root@kube-master:# kubectl describe svc traefik --namespace kube-system
Name:                     traefik
Namespace:                kube-system
Labels:                   app=traefik
                          chart=traefik-1.58.0
                          heritage=Tiller
                          release=traefik
Annotations:              <none>
Selector:                 app=traefik,release=traefik
Type:                     NodePort
IP:                       10.106.144.153
Port:                     http  80/TCP
TargetPort:               http/TCP
NodePort:                 http  31622/TCP
Endpoints:                10.244.1.81:80
Port:                     https  443/TCP
TargetPort:               httpn/TCP
NodePort:                 https  31703/TCP
Endpoints:                10.244.1.81:8880
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>
  • View the helm chart deployment
root@kube-master:# helm ls 
NAME    REVISION  UPDATED                   STATUS    CHART           APP VERSION NAMESPACE  
traefik 1         Fri Jan 18 10:20:11 2019  DEPLOYED  traefik-1.58.0  1.7.6       kube-system

  • Note: The installed traefik is over http and there is no form of Authentication, in order to provide the basic authentication
  • To configure BASIC AUTH Use htpasswd to create a file containing the username and the MD5-encoded password:
root@kube-master:# htpasswd -c traefik traefik
New password: <<traefik>>
Re-type new password:<<traefik>>
  • Deploy traefik with dashboard.auth.basic Enabled
root@kube-master:# helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=NodePort,dashboard.domain=dashboard.traefik,rbac.enabled=true,dashboard.auth.basic.traefik='$apr1$vUmd7ddA$CoklUZpHBbRzvnZUz6eFY.' --namespace kube-system
  • Open the web browser and browse Node port http://dashboard.traefik:<NODE_PORT>/ to access Traefik page
  • Give username and password as traefik:traefik
  • Enable SSL, this can be done through by setting the ssl.enabled=true
  • Deploy traefik with BASIC AUTH and SSL Enabled
root@kube-master:# helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=NodePort,dashboard.domain=dashboard.traefik,rbac.enabled=true,dashboard.auth.basic.traefik='$apr1$vUmd7ddA$CoklUZpHBbRzvnZUz6eFY.',ssl.enabled=true,ssl.enforced=true --namespace kube-system
  • Open the web browser and browse secure Node port https://dashboard.traefik:<NODE_PORT>/ to access Traefik page securely
  • To learn more about helm traefik chart go here

Thanks Happy Helming, do poke me for any problems


Video Demo


Thanku for reading !!! Give a Share for Support


Your Support Matters!

Instead of directly asking for donations, I'm thrilled to offer you all nine of my books for just $9 on leanpub By grabbing this bundle you not only help cover my coffee, beer, and Amazon bills but also play a crucial role in advancing and refining this project. Your contribution is indispensable, and I'm genuinely grateful for your involvement in this journey!

Any private key value that you enter or we generate is not stored on this site, this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen, for extra security run this software on your network, no cloud dependency




python Cryptography Topics
Topics
For Coffee/ Beer/ Amazon Bill and further development of the project Support by Purchasing, The Modern Cryptography CookBook for Just $9 Coupon Price

Kubernetes for DevOps

Hello Dockerfile

Cryptography for Python Developers

Cryptography for JavaScript Developers

Go lang ryptography for Developers

Here