by Anish
Posted on Friday January 18, 2019
In this article we will learn how to to setup traefik in kubernetes cluster using helm
Helm: Helm is a tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes resources.
root@kube-master:# helm init
root@kube-master:# kubectl create serviceaccount --namespace kube-system tiller
root@kube-master:# kubectl create clusterrolebinding tiller-cluster-rule \
--clusterrole=cluster-admin --serviceaccount=kube-system:tiller
root@kube-master:# kubectl patch deploy --namespace kube-system tiller-deploy \
-p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
root@kube-master:/home/ansible# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-78fcdf6894-jvmlb 1/1 Running 0 1h
coredns-78fcdf6894-xstbn 1/1 Running 0 1h
etcd-kube-master 1/1 Running 0 1h
kube-apiserver-kube-master 1/1 Running 0 1h
kube-controller-manager-kube-master 1/1 Running 0 1h
kube-flannel-ds-5gzn9 1/1 Running 0 1h
kube-flannel-ds-tlc8j 1/1 Running 0 1h
kube-proxy-kl4fg 1/1 Running 0 1h
kube-proxy-krt6n 1/1 Running 0 1h
kube-scheduler-kube-master 1/1 Running 0 1h
tiller-deploy-85744d9bfb-wh98g 1/1 Running 0 1h
Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.
dashboard.enabled=true
) and made it available on http://dashboard.traefik (dashboard.domain=dashboard.traefik
). Since the installation is performed in barematel set the serviceType=NodePort
, you ignore this field if you have load-balancer enabled, we tell the helm to setup the cluster role binding by setting rbac.enabled=true
helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=NodePort,dashboard.domain=dashboard.traefik,rbac.enabled=true --namespace kube-system
NAME: traefik
LAST DEPLOYED: Fri Jan 18 10:20:11 2019
NAMESPACE: kube-system
STATUS: DEPLOYED
RESOURCES:
==> v1/ServiceAccount
NAME SECRETS AGE
traefik 1 3s
==> v1/ClusterRole
NAME AGE
traefik 3s
==> v1/ClusterRoleBinding
NAME AGE
traefik 3s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
traefik-dashboard ClusterIP 10.111.208.113 <none> 80/TCP 3s
traefik NodePort 10.106.144.153 <none> 80:31622/TCP,443:31703/TCP 2s
==> v1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
traefik 1 1 1 0 2s
==> v1beta1/Ingress
NAME HOSTS ADDRESS PORTS AGE
traefik-dashboard dashboard.traefik 80 2s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
traefik-8dc967bf9-89cb2 0/1 ContainerCreating 0 2s
==> v1/ConfigMap
NAME DATA AGE
traefik 1 3s
NOTES:
1. Traefik has been started. You can find out the port numbers being used by traefik by running:
$ kubectl describe svc traefik --namespace kube-system
2. Configure DNS records corresponding to Kubernetes ingress resources to point to the NODE_IP/NODE_HOST
root@kube-master:# kubectl describe clusterrole traefik
Name: traefik
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
endpoints [] [] [get list watch]
pods [] [] [get list watch]
secrets [] [] [get list watch]
services [] [] [get list watch]
ingresses.extensions [] [] [get list watch]
ingresses.extensions/status [] [] [update]
root@kube-master:/home/ansible# kubectl get pods -n kube-system | grep traefik
traefik-8dc967bf9-89cb2 1/1 Running 0 17m
root@kube-master:# kubectl describe svc traefik --namespace kube-system
Name: traefik
Namespace: kube-system
Labels: app=traefik
chart=traefik-1.58.0
heritage=Tiller
release=traefik
Annotations: <none>
Selector: app=traefik,release=traefik
Type: NodePort
IP: 10.106.144.153
Port: http 80/TCP
TargetPort: http/TCP
NodePort: http 31622/TCP
Endpoints: 10.244.1.81:80
Port: https 443/TCP
TargetPort: httpn/TCP
NodePort: https 31703/TCP
Endpoints: 10.244.1.81:8880
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
root@kube-master:# helm ls
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
traefik 1 Fri Jan 18 10:20:11 2019 DEPLOYED traefik-1.58.0 1.7.6 kube-system
htpasswd
to create a file containing the username and the MD5-encoded password:root@kube-master:# htpasswd -c traefik traefik
New password: <<traefik>>
Re-type new password:<<traefik>>
dashboard.auth.basic
Enabledroot@kube-master:# helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=NodePort,dashboard.domain=dashboard.traefik,rbac.enabled=true,dashboard.auth.basic.traefik='$apr1$vUmd7ddA$CoklUZpHBbRzvnZUz6eFY.' --namespace kube-system
ssl.enabled=true
root@kube-master:# helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=NodePort,dashboard.domain=dashboard.traefik,rbac.enabled=true,dashboard.auth.basic.traefik='$apr1$vUmd7ddA$CoklUZpHBbRzvnZUz6eFY.',ssl.enabled=true,ssl.enforced=true --namespace kube-system
Thanks Happy Helming, do poke me for any problems
Thanku for reading !!! Give a Share for Support
Instead of directly asking for donations, I'm thrilled to offer you all nine of my books for just $9 on leanpub By grabbing this bundle you not only help cover my coffee, beer, and Amazon bills but also play a crucial role in advancing and refining this project. Your contribution is indispensable, and I'm genuinely grateful for your involvement in this journey!
Any private key value that you enter or we generate is not stored on this site, this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen, for extra security run this software on your network, no cloud dependency