In this article , We are going to cover How to configure Traefik Ingress Controller for Kubernetes Cluster with Demo Application.
Table of Contents
What is ingress in Kubernetes ?
Ingress it is a Kubernetes objects which allows access to your Kubernetes services from outside/external.
Using Ingress we can expose pod’s port like 80 ,443 from outside network of Kubernetes over internet.
Different types of Ingress Controller
Below are some most used Ingress controllers on Kubernetes Cluster
- Nginx Ingress Controller
- AWS ALB
- Traefik
- Azure Application Gateway
- HA Proxy
- Contour
- Istio
What is Traefik ?
Traefik is an open source and most popular Edge Router/ingress controller which is used to expose service from outside.
Traefik ingress controller also provides SSL Termination , adding secrets, https2, reverse proxy, to expose a Rest API and load balancing.
Traefik is used with our existing infrastructure like Kubernetes, Docker Swarm, Amazon ECS, Rancher, Eureka, Azure Service Fabric, etc.,
Prerequisite:
- Kubernetes Cluster with at least 1 master and 2 worker nodes.
Follow below articles to Setup Kubernetes Cluster
9 Steps to Setup Kubernetes on AWS using KOPS
How To Setup Kubernetes Cluster Using Kubeadm on Ubuntu 18.04/16.04 LTS
Step #1: Create Service Account, Cluster Role and Cluster Role Binding for Traefik
Lets create Service Account for Traefik ingress controller for your Kubernetes Cluster in kube-system namespace.
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
Create a Cluster Role for Traefik Ingress controller with Kubernetes resources, verbs, api groups permission to Traefik
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
Create Cluster Role Binding for Traefik Ingress with Cluster Role reference and service account.
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
Now create yaml file called traefik-rbac.yaml and paste the yaml’s and apply in your Kubernetes Cluster
kubectl create -f traefik-rbac.yaml
Step #2: Deploy Traefik to Kubernetes Cluster
Now create Deployment for Traefik Ingress Controller version 1.7 Image with 80 port for application and 8080 port for Traefik Dashboard.
kind: Deployment
apiVersion: apps/v1
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
replicas: 1
selector:
matchLabels:
k8s-app: traefik-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
containers:
- image: traefik:1.7
name: traefik-ingress-lb
ports:
- name: app-services
containerPort: 80
- name: dashboard
containerPort: 8080
args:
- --api
- --kubernetes
- --logLevel=INFO
create a yaml named traefik-deploy.yaml, paste the above lines and apply to Kubernetes.
kubectl create -f traefik-deploy.yaml
Step #3: Create LoadBalancer to Access Traefik Ingress
Create a Kubernetes Service to access Traefik Ingress using LoadBalancer, you can add NodePort also to expose the Traefik Service.
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: app-services
- protocol: TCP
port: 8080
name: dashboard
type: LoadBalancer
create a yaml named traefik-service.yaml , paste the above lines and appy it.
kubectl create -f traefik-service.yaml
once all above steps done, check the Traefik pod , if it is running.
kubectl get pods -n kube-system
Output:
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-54bb897cfb-z6j65 1/1 Running 0 38m
calico-node-5xhnl 1/1 Running 0 36m
calico-node-grvx5 1/1 Running 0 36m
calico-node-mjqcm 1/1 Running 0 38m
dns-controller-5896599c4c-ghbt4 1/1 Running 0 38m
etcd-manager-events-ip-172-20-52-202.ap-south-1.compute.internal 1/1 Running 0 36m
etcd-manager-main-ip-172-20-52-202.ap-south-1.compute.internal 1/1 Running 0 36m
kops-controller-hs2zf 1/1 Running 0 37m
kube-apiserver-ip-172-20-52-202.ap-south-1.compute.internal 2/2 Running 1 36m
kube-controller-manager-ip-172-20-52-202.ap-south-1.compute.internal 1/1 Running 0 37m
kube-dns-64f86fb8dd-kbsl6 3/3 Running 0 35m
kube-dns-64f86fb8dd-psj4n 3/3 Running 0 38m
kube-dns-autoscaler-cd7778b7b-kp2kl 1/1 Running 0 38m
kube-proxy-ip-172-20-37-73.ap-south-1.compute.internal 1/1 Running 0 36m
kube-proxy-ip-172-20-52-202.ap-south-1.compute.internal 1/1 Running 0 37m
kube-proxy-ip-172-20-66-20.ap-south-1.compute.internal 1/1 Running 0 34m
kube-scheduler-ip-172-20-52-202.ap-south-1.compute.internal 1/1 Running 0 36m
traefik-ingress-controller-5599d74798-4nw9w
Check the Traefik Deployment Service , if it is running
kubectl get deployment -n kube-system
Output:
NAME READY UP-TO-DATE AVAILABLE AGE
calico-kube-controllers 1/1 1 1 57m
dns-controller 1/1 1 1 57m
kube-dns 2/2 2 2 57m
kube-dns-autoscaler 1/1 1 1 57m
traefik-ingress-controller 1/1 1 1 51m
Check the Traefik Ingress Kubernetes Service
kubectl get svc -n kube-system
Output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 100.64.0.10 <none> 53/UDP,53/TCP 57m
traefik-ingress-service LoadBalancer 100.64.144.139 ab690ac82863747738f3d98420cd5a6b-2116167598.ap-south-1.elb.amazonaws.com 80:31424/TCP,8080:30361/TCP 50m
As per the above output , we can see Traefik Service exposed on AWS Loadbalancer on Port 80 ( applications ) and 8080 for Traefik Dashboard
Step #4: Access Traefik Dashboard
To access Traefik Dashboard you can either access using Loadbalancer URL as shown above or you can point Loadbalancer URL by adding CNAME record in Domain Provider.
Here We have added CNAME record in GoDaddy with Domain traefik.fosstechnix.com
after adding CNAME and access Traefik Dashboard with Domain name followed by port 8080.
http://traefik.fosstechnix.info:8080
Step #5: Creating Demo Applications with Name Based Routing in Traefik
Lets create Node js demo application with Docker Image to Deploy on Traefik Ingress Controller
Create a Kubernetes Deployment with Node js docker container
sudo nano njdeployment.yaml
paste the below lines
kind: Deployment
apiVersion: apps/v1
metadata:
name: nodejs-demo
namespace: kube-system
labels:
app: nodejs-demo
spec:
replicas: 1
selector:
matchLabels:
app: nodejs-demo
template:
metadata:
labels:
app: nodejs-demo
spec:
containers:
- name: nodejs
image: "devopshint/nodejsdocker"
kubectl create -f njdeployment.yaml
Create the Kubernetes Service for Node js deployment
sudo nano njservice.yaml
paste the below lines
apiVersion: v1
kind: Service
metadata:
name: nodejs-demo
namespace: kube-system
spec:
selector:
app: nodejs-demo
ports:
- name: http
targetPort: 80
port: 80
kubectl create -f njservice.yaml
Create the Kubernetes Traefik Ingress for Node js deployment, only for first time and next for any application/service you have to add in Ingress
sudo nano demo-ingress.yaml
paste the below lines
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: demo-ingress
namespace: kube-system
annotations:
kubernetes.io/ingress.class: traefik
traefik.frontend.passHostHeader: "false"
traefik.frontend.priority: "1"
spec:
rules:
- host: app2.fosstechnix.info
http:
paths:
- path: /
backend:
serviceName: nodejs-demo
servicePort: 80
kubectl create -f ingress.yml
Now lets check Node js pod is created
kubectl get pods -n kube-system
Output:
kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-54bb897cfb-z6j65 1/1 Running 0 3h58m
calico-node-5xhnl 1/1 Running 0 3h56m
calico-node-grvx5 1/1 Running 0 3h56m
calico-node-mjqcm 1/1 Running 0 3h58m
dns-controller-5896599c4c-ghbt4 1/1 Running 0 3h58m
etcd-manager-events-ip-172-20-52-202.ap-south-1.compute.internal 1/1 Running 0 3h57m
etcd-manager-main-ip-172-20-52-202.ap-south-1.compute.internal 1/1 Running 0 3h56m
kops-controller-hs2zf 1/1 Running 0 3h57m
kube-apiserver-ip-172-20-52-202.ap-south-1.compute.internal 2/2 Running 1 3h57m
kube-controller-manager-ip-172-20-52-202.ap-south-1.compute.internal 1/1 Running 0 3h57m
kube-dns-64f86fb8dd-kbsl6 3/3 Running 0 3h55m
kube-dns-64f86fb8dd-psj4n 3/3 Running 0 3h58m
kube-dns-autoscaler-cd7778b7b-kp2kl 1/1 Running 0 3h58m
kube-proxy-ip-172-20-37-73.ap-south-1.compute.internal 1/1 Running 0 3h56m
kube-proxy-ip-172-20-52-202.ap-south-1.compute.internal 1/1 Running 0 3h57m
kube-proxy-ip-172-20-66-20.ap-south-1.compute.internal 1/1 Running 0 3h54m
kube-scheduler-ip-172-20-52-202.ap-south-1.compute.internal 1/1 Running 0 3h56m
nginx-demo-76c8bff45f-s7cbx 1/1 Running 0 83m
nodejs-demo-77bff94d75-9x5qd 1/1 Running 0 16m
traefik-ingress-controller-5599d74798-4nw9w
Lets check Node JS Kubernetes Service
kubectl get svc -n kube-system
Output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 100.64.0.10 <none> 53/UDP,53/TCP 3h58m
nginx-demo ClusterIP 100.65.237.143 <none> 80/TCP 70m
nodejs-demo ClusterIP 100.67.241.90 <none> 80/TCP 14m
traefik-ingress-service LoadBalancer 100.64.144.139 ab690ac82863747738f3d98420cd5a6b-2116167598.ap-south-1.elb.amazonaws.com 80:31424/TCP,8080:30361/TCP 3h51m
Check the ingress with application domain name
kubectl get ingress -n kube-system
Output:
NAME CLASS HOSTS ADDRESS PORTS AGE
demo-ingress <none> app1.fosstechnix.info,app2.fosstechnix.info 80 70m
you check your applications/micro services on by accessing Traefik Dashboard as shown below
if you want to add new applications/microservice , create a deployment and service and add your microservices in Traefik Ingress controller/Loadbalancer as shown below.
kubectl -n kube-system edit ingress demo-ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: traefik
traefik.frontend.passHostHeader: "false"
traefik.frontend.priority: "1"
creationTimestamp: "2020-08-26T09:01:24Z"
generation: 3
managedFields:
- apiVersion: extensions/v1beta1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubernetes.io/ingress.class: {}
f:traefik.frontend.passHostHeader: {}
f:traefik.frontend.priority: {}
f:spec:
f:rules: {}
manager: kubectl
operation: Update
time: "2020-08-26T10:05:44Z"
name: nginx-ingress
namespace: kube-system
resourceVersion: "41148"
selfLink: /apis/extensions/v1beta1/namespaces/kube-system/ingresses/nginx-ingress
uid: 336e482a-5a74-41c0-9544-b35515782977
spec:
rules:
- host: app1.fosstechnix.info
http:
paths:
- backend:
serviceName: nginx-demo
servicePort: 80
path: /
pathType: ImplementationSpecific
- host: app2.fosstechnix.info
http:
paths:
- backend:
serviceName: nodejs-demo
servicePort: 80
path: /
pathType: ImplementationSpecific
status:
loadBalancer: {}
Conclusion
In this article , We have covered How to configure Traefik Ingress Controller , Create Service Account, Cluster Role and Cluster Role Binding for Traefik, Deploy Traefik to Kubernetes Cluster, Create LoadBalancer to Access Traefik Ingress, Access Traefik Dashboard, Creating Demo Applications
Traefik FAQ :
traefik vs nginx ?
Traefik and nginx both are open source tools.
Nginx Ingress Controller is free and open source high performance proxy web server.
Traefik is an open source and act as a Load Balancer which is used to expose service from outside.
companies like Spotify, Uber, Airbnb,etc,. are using Nginx.
companies like Docplanner, Viadeo, and Condé Nast using Traefik
The reasons to choose Traefik over Nginx as below
1. Traefik built-in Let’s Encrypt SSL and supports automatic renewal
2. Traefik automatically enables HTTP/2, REST API
Related Articles
You’re absolutely brilliant! Thank you so much, there were a few missing pieces in other docs and demos but this article was the most complete resource for firing this up I’ve seen. Much appreciated – thank you!
Thanks for your comment.
I followed the tutorial but I don’t actually get any providers in the traefik dashboard. It just says, “No Providers Found.” Any idea what this is happening?
Thank you, it was very helpful. However since i used it with Hashicorp Waypoint, i’m not sure it’s good that your app is in kube-system namespace, it didn’t work for me i had to change it to default because Waypoint deploys in the default namespace.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: demo-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: traefik
traefik.frontend.passHostHeader: “false”
traefik.frontend.priority: “1”
spec:
rules:
– host: app2.fosstechnix.info
http:
paths:
– path: /
backend:
serviceName: nodejs-demo
servicePort: 80
Thanks for sharing and comment.
Good article.
Thanks for your feedback.
Hello,
Excellent article, would wait for the updated article for Traefik v2.3.
Best Regards,
Very useful thanks for sharing.