Traefik is a popular open-source reverse proxy and load balancer, designed for microservices and containerized applications. Traefik can automatically discover the services running in a Kubernetes cluster and route traffic to these services using various load balancing algorithms.
Traefik operates for other services within your Kubernetes cluster. With Traefik, you can host multiple applications on a Kubernetes cluster, and their traffic flows through Traefik. Traefik can then function as a single load balancer for all these applications and also provide Let's Encrypt SSL certificates.
In this tutorial, we'll show you how to install and use Traefik on your Kubernetes cluster.
For this tutorial, you will need:
- The Helm package manager. Install Helm via our Helm installation tutorial if you haven't done so already.
- A TransIP API private key. Enable the API and generate a Key Pair as described in this tutorial. Also make sure to whitelist your IP address.
Installing Traefik
Step 1
Add the official Traefik repository and update your Helm repositories to be able to use it:
helm repo add traefik https://helm.traefik.io/traefik helm repo update
Step 2
Traefik can generate Let's Encrypt certificates for applications communicating through Traefik. In this tutorial, we assume that you also want to use this for your use case. For this, you use an ACME DNS challenge provider. We support this option via our API. Please note that the provider you choose must support this functionality and that the domains you use are registered with that provider in the account you use for this guide.
Create a directory where you will store your TransIP API key, for example:
mkdir transip
Then create a file in the directory you just created containing a private key of your account for the TransIP API, for example:
cat << EOF > transip/transip.key
-----BEGIN PRIVATEKEY-----
MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDKoaYJtbVnJw58
PYGH8WIJ7ZjWd2lke0IbMV+dNGs=
-----ENDPRIVATEKEY-----
EOF
In this example, only a small fragment of a private key is included. Your private key will be much longer.
Step 3
Create a namespace for Traefik within your cluster:
kubectl create ns traefik
Step 4
Generate a secret based on your API Private Key that Traefik can use to communicate with the TransIP API. Optionally replace the following information:
- -n traefik: Use the name of the namespace you created in step 3.
- transip/transip.key: Change to the directory and filename you created in step 2.
kubectl create -n traefik secret generic transip-key --from-file transip/transip.key
Step 5
For the installation of Traefik, we will use the official Helm Chart in the next step. In addition, we will make a few adjustments. Create a .yaml file for this, for example:
nano traefik.yaml
Give the file the contents below, in which you adjust two values:
- youraccount: Change youraccount to the name of your TransIP account.
- /transip/transip.key: Change (if necessary) to the directory and filename you created in step 2.
additionalArguments:
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=transip"
- "--certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=120"
- "--certificatesresolvers.myresolver.acme.storage=/data/acme.json"
env:
- name: TRANSIP_ACCOUNT_NAME
value: youraccount
- name: TRANSIP_PRIVATE_KEY_PATH
value: /transip/transip.key
volumes:
- name: transip-key
mountPath: "/transip"
type: secret
rbac:
enabled: true
ports:
websecure:
tls:
enabled: true
dashboard:
enable: true
ingressRoute: false
podAnnotations:
prometheus.io/port: "8082"
prometheus.io/scrape: "true"
providers:
kubernetesIngress:
publishedService:
enabled: true
priorityClassName: "system-cluster-critical"
image:
name: "rancher/library-traefik"
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
Step 6
Install the Traefik Helm Chart with the command below.
helm install -f traefik.yaml traefik traefik/traefik -n traefik
- helm install: Installs the Helm Chart.
- -f traefik.yaml: The file from step 5 that we use to customize the installation.
- traefik: The name of the Helm 'release', can be checked with the command 'helm list'.
- traefik/traefik: The name of the repository and Helm Chart to be installed, respectively.
- -n traefik: The namespace in which the Helm release is installed, see step 3.
The Traefik dashboard
Traefik comes with a web interface that provides insight into the status of your Kubernetes cluster and the traffic processed by your cluster. It displays information about the routers and services used to process traffic and the load balancing algorithms used. The dashboard also provides the ability to view logs and metrics generated by Traefik. The dashboard is a useful tool for monitoring and troubleshooting Traefik.
To use the Traefik dashboard, use the following command:
kubectl port-forward pod/traefik-6598fc985c-tg748 9000:9000 -n traefik
Replace traefik at the end with the namespace where Traefik is located and traefik-6598f985-tg748 with the name of the Traefik pod. You can check both with the following commands, respectively:
kubectl get ns kubectl get pods -n traefik
You can now view the Traefik dashboard in a browser on the computer where you executed the first command at the address: http://127.0.0.1:9000/dashboard/