How to install Traefik Ingress Controller in Kubernetes:-

Traefik kubernetes
Reading Time: 4 minutes

Ingress Controller

What is an Ingress Controller and what are its benefits? While exposing your application as a service to make it available for the external access. The Service resource defined as part of K8s networking plays an important role. Services that get associated with underlying Pods through selectors and allows them to be accessed depends upon service type configured. And are ClusterIP, NodePort and LoadBalancer. But each one having there on limitations. Which brings us to a better alternative of K8s networking: Ingress Resource

In K8s we can define a native Ingress-resource abstraction which exposes HTTP/HTTPS endpoints and routes traffic based upon rules defined by the user. Ingress Controller provides SSL termination, load balancing and name-based virtual hosting. It simplifies the interaction of internal services and can re-route by only changing Routing Rules. Allows external https traffic, terminating encryption and allow the http traffic between services within cluster. LoadBalances traffic between services hosted outside the Kubernetes cluster.

SETUP:

Create a traefik namespace : kubectl create namespace traefik
Add the Helm repository hosting the Traefik charts metadata : helm repo add traefik https://helm.traefik.io/traefik
Update local Helm Chart repository chache : helm repo update
Search for latest traefik/traefik official Helm chart version : helm search repo traefik # traefik/traefik 10.19.4
Install the latest Traefik Helm chart : helm upgrade --install traefik --namespace traefik --set dashboard.enabled=true --set rbac.enabled=true --set="additionalArguments={--api.dashboard=true,--log.level=INFO,--providers.kubernetesingress.ingressclass=traefik-internal,--serversTransport.insecureSkipVerify=true}" traefik/traefik --version 10.19.4
Verify installation

Now that we have traefik pod up and running. Let’s access the Traefik Dashboard. Dashboard is disabled by default for security reasons but we will access it over https with proper TLS/Cert.
We will create a certificate using cert-manager to allow accessing the Traefik dashboard via the hosted name <traefik.frontend.minikube.local.com> within our home network. We will be using self signed certificate here. If you are new to it and want a reference here is the link that will help you get going.

https://blog.knoldus.com/Install-Certificate-Manager-Controller-in-K8s/

Create a self signed certificate under traefik namespace and verify that a TLS secret had been created for the certificate.

INGRESS

Now lets create an IngressRoute and Middleware for accessing the dashboard. Do change your domain name accordingly. As you can see below we have a yaml file, which is of kind IngressRoute. I have tried to explain the functionality of the building blocks I have used in the file.

entryPoints: defines the list of entry points names.
routes: defines the rule corresponding to an underlying router service.
match: list of any combination of TraefikService or reference to a Kubernetes service.
middlewares: List of reference to Middleware(Tweaks the HTTP requests before they are sent to your service).
tls: defines TLS certificate configuration.
secretName: Defines the secret name used to store the certificate(the basic authentication that we created).

Authentication

Lets create a user / password basic authentication as shown below.
kubectl create secret generic traefik-dashboard-auth-secret --from-file=$HOME/temp/traefik-ui-creds/htpasswd --namespace traefik

Apply the above configurations using kubectl apply command and check for the resources. And also check for the error logs if there are any. Using the command kubectl logs.

Now that we have every thing in place. One last thing is to add your hosted name in your machine/laptop. Navigate to the /etc/hosts section of your cli and add your IP address along with your domain name there.

Now, Open browser at the following domain name. And what you will see is you are able to access the dashboard on your hosted name. Which will look something like this.

In this way we use an ingress controller in our kubernetes cluster. Similarly, we can deploy any application that we want and then access it over internet.

SUMMARY
In this blog we have gone through what is an IngressController and how we can deploy an ingress controller on our Kubernetes cluster.

Reference:

Link on K8s certificate manager: https://blog.knoldus.com/Install-Certificate-Manager-Controller-in-K8s/

Link on how to terminate tls certificate: https://blog.knoldus.com/how-to-terminate-tls-certificate-at-traefik-load-balancer/

knoldus

Written by 

I am a person who is positive about every aspect of life. I am determined, hardworking and I enjoy facing challenges.

Leave a Reply