Kubernetes Traefik Installation (helm)
by Anish
Posted on Friday January 18, 2019
Introduction
In this article we will learn how to to setup traefik in kubernetes cluster using helm
Helm: Helm is a tool for managing Kubernetes charts. Charts are packages of pre-configured Kubernetes resources.
- Let's Begin deploying traefik using helm in traefik , if you are new to helm then download and initialize helm as follows
[email protected]:# helm init
[email protected]:# kubectl create serviceaccount --namespace kube-system tiller
[email protected]:# kubectl create clusterrolebinding tiller-cluster-rule \
--clusterrole=cluster-admin --serviceaccount=kube-system:tiller
[email protected]:# kubectl patch deploy --namespace kube-system tiller-deploy \
-p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
- Make sure the title-deploy pod is up and running
[email protected]:/home/ansible# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-78fcdf6894-jvmlb 1/1 Running 0 1h
coredns-78fcdf6894-xstbn 1/1 Running 0 1h
etcd-kube-master 1/1 Running 0 1h
kube-apiserver-kube-master 1/1 Running 0 1h
kube-controller-manager-kube-master 1/1 Running 0 1h
kube-flannel-ds-5gzn9 1/1 Running 0 1h
kube-flannel-ds-tlc8j 1/1 Running 0 1h
kube-proxy-kl4fg 1/1 Running 0 1h
kube-proxy-krt6n 1/1 Running 0 1h
kube-scheduler-kube-master 1/1 Running 0 1h
tiller-deploy-85744d9bfb-wh98g 1/1 Running 0 1h
- Once titler pod is up and running, traefik Installation starts here, this is done through helm the kubernetes package manager,
About traefik
Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.
- In the below command line, we enabled the dashboard (
dashboard.enabled=true) and made it available on http://dashboard.traefik (dashboard.domain=dashboard.traefik). Since the installation is performed in barematel set theserviceType=NodePort, you ignore this field if you have load-balancer enabled, we tell the helm to setup the cluster role binding by settingrbac.enabled=true - The traefik ingress is installed in the kube-system namespace
helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=NodePort,dashboard.domain=dashboard.traefik,rbac.enabled=true --namespace kube-system
NAME: traefik
LAST DEPLOYED: Fri Jan 18 10:20:11 2019
NAMESPACE: kube-system
STATUS: DEPLOYED
RESOURCES:
==> v1/ServiceAccount
NAME SECRETS AGE
traefik 1 3s
==> v1/ClusterRole
NAME AGE
traefik 3s
==> v1/ClusterRoleBinding
NAME AGE
traefik 3s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
traefik-dashboard ClusterIP 10.111.208.113 <none> 80/TCP 3s
traefik NodePort 10.106.144.153 <none> 80:31622/TCP,443:31703/TCP 2s
==> v1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
traefik 1 1 1 0 2s
==> v1beta1/Ingress
NAME HOSTS ADDRESS PORTS AGE
traefik-dashboard dashboard.traefik 80 2s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
traefik-8dc967bf9-89cb2 0/1 ContainerCreating 0 2s
==> v1/ConfigMap
NAME DATA AGE
traefik 1 3s
NOTES:
1. Traefik has been started. You can find out the port numbers being used by traefik by running:
$ kubectl describe svc traefik --namespace kube-system
2. Configure DNS records corresponding to Kubernetes ingress resources to point to the NODE_IP/NODE_HOST
- View the cluster role
[email protected]:# kubectl describe clusterrole traefik
Name: traefik
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
endpoints [] [] [get list watch]
pods [] [] [get list watch]
secrets [] [] [get list watch]
services [] [] [get list watch]
ingresses.extensions [] [] [get list watch]
ingresses.extensions/status [] [] [update]
- Check the traefik pods are running in the kube-system namespace
[email protected]:/home/ansible# kubectl get pods -n kube-system | grep traefik
traefik-8dc967bf9-89cb2 1/1 Running 0 17m
- Traefik has been started. You can find out the port numbers being used by traefik by running:
[email protected]:# kubectl describe svc traefik --namespace kube-system
Name: traefik
Namespace: kube-system
Labels: app=traefik
chart=traefik-1.58.0
heritage=Tiller
release=traefik
Annotations: <none>
Selector: app=traefik,release=traefik
Type: NodePort
IP: 10.106.144.153
Port: http 80/TCP
TargetPort: http/TCP
NodePort: http 31622/TCP
Endpoints: 10.244.1.81:80
Port: https 443/TCP
TargetPort: httpn/TCP
NodePort: https 31703/TCP
Endpoints: 10.244.1.81:8880
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
- View the helm chart deployment
[email protected]:# helm ls
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
traefik 1 Fri Jan 18 10:20:11 2019 DEPLOYED traefik-1.58.0 1.7.6 kube-system
- Open the web browser and browse Node port http://dashboard.traefik:31622/ to access Traefik page
- Note: The installed traefik is over http and there is no form of Authentication, in order to provide the basic authentication
- To configure BASIC AUTH Use
htpasswdto create a file containing the username and the MD5-encoded password:
[email protected]:# htpasswd -c traefik traefik
New password: <<traefik>>
Re-type new password:<<traefik>>
- Deploy traefik with
dashboard.auth.basicEnabled
[email protected]:# helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=NodePort,dashboard.domain=dashboard.traefik,rbac.enabled=true,dashboard.auth.basic.traefik='$apr1$vUmd7ddA$CoklUZpHBbRzvnZUz6eFY.' --namespace kube-system
- Open the web browser and browse Node port http://dashboard.traefik:<NODE_PORT>/ to access Traefik page
- Give username and password as traefik:traefik
- Enable SSL, this can be done through by setting the
ssl.enabled=true - Deploy traefik with BASIC AUTH and SSL Enabled
[email protected]:# helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=NodePort,dashboard.domain=dashboard.traefik,rbac.enabled=true,dashboard.auth.basic.traefik='$apr1$vUmd7ddA$CoklUZpHBbRzvnZUz6eFY.',ssl.enabled=true,ssl.enforced=true --namespace kube-system
- Open the web browser and browse secure Node port https://dashboard.traefik:<NODE_PORT>/ to access Traefik page securely
- To learn more about helm traefik chart go here
Thanks Happy Helming, do poke me for any problems
Video Demo
Thanku for reading !!! Give a Share for Support
Asking for donation sound bad to me, so i'm raising fund from The Modern Cryptography CookBook for Just $9. Leanpub books Discount coupon first 100 reader. No hurry read the sample chapters here then decide.
Alternatively to support you can buy My all four Cryptography book Just $10.99
- The Modern Cryptography Book.
- Go lang Cryptography for developers
- Python Cryptography
- Cryptography for JavaScript Developer
Kubernetes Related Topics
Linux Related Topics
Ansible Related Topics
Openstack Articles
Applied Cryptography Topics
Web Crypto API Topics
python Cryptography Topics
PHP Cryptography Topics
Topics
For Coffee/ Beer/ Amazon Bill and further development of the project Support by Purchasing, The Modern Cryptography CookBook for Just $9 Coupon Price
Kubernetes for DevOps