Configure Traefik Ingress Controller on Kubernetes [5 Steps]

In this article , We are going to cover How to configure Traefik Ingress Controller for Kubernetes Cluster with Demo Application.

What is ingress in Kubernetes ?

Ingress it is a Kubernetes objects which allows access to your Kubernetes services from outside/external.

Using Ingress we can expose pod’s port like 80 ,443 from outside network of Kubernetes over internet.

Different types of Ingress Controller

Below are some most used Ingress controllers on Kubernetes Cluster

  1. Nginx Ingress Controller
  2. AWS ALB
  3. Traefik
  4. Azure Application Gateway
  5. HA Proxy
  6. Contour
  7. Istio

What is Traefik ?

Traefik is an open source and most popular Edge Router/ingress controller which is used to expose service  from outside.

Traefik ingress controller also provides SSL Termination , adding secrets, https2, reverse proxy, to expose a Rest API and load balancing.

Traefik is used with our existing infrastructure like Kubernetes, Docker Swarm, Amazon ECS, Rancher, Eureka, Azure Service Fabric, etc.,

Prerequisite:

  • Kubernetes Cluster with at least 1 master and 2 worker nodes.

Follow below articles to Setup Kubernetes Cluster

9 Steps to Setup Kubernetes on AWS using KOPS

How To Setup Kubernetes Cluster Using Kubeadm on Ubuntu 18.04/16.04 LTS

Step #1: Create Service Account, Cluster Role and Cluster Role Binding for Traefik

Lets create Service Account for Traefik ingress controller for your Kubernetes Cluster in kube-system namespace.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-ingress-controller
  namespace: kube-system

Create a Cluster Role for Traefik Ingress controller with Kubernetes resources, verbs, api groups permission to Traefik

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch

Create Cluster Role Binding for Traefik Ingress with Cluster Role reference and service account.

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
  name: traefik-ingress-controller
  namespace: kube-system

Now create yaml file called traefik-rbac.yaml and paste the yaml’s and apply in your Kubernetes Cluster

kubectl create -f traefik-rbac.yaml

Step #2: Deploy Traefik to Kubernetes Cluster

Now create Deployment for Traefik Ingress Controller version 1.7 Image with 80 port for application and 8080 port for Traefik Dashboard.

kind: Deployment
apiVersion: apps/v1
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
  labels:
    k8s-app: traefik-ingress-lb
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: traefik-ingress-lb
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      containers:
      - image: traefik:1.7
        name: traefik-ingress-lb
        ports:
        - name: app-services
          containerPort: 80
        - name: dashboard
          containerPort: 8080
        args:
        - --api
        - --kubernetes
        - --logLevel=INFO

create a yaml named traefik-deploy.yaml, paste the above lines and apply to Kubernetes.

kubectl create -f traefik-deploy.yaml

Step #3: Create LoadBalancer to Access Traefik Ingress

Create a Kubernetes Service to access Traefik Ingress using LoadBalancer, you can add NodePort also to expose the Traefik Service.

kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-service
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - protocol: TCP
      port: 80
      name: app-services
    - protocol: TCP
      port: 8080
      name: dashboard
  type: LoadBalancer

create a yaml named traefik-service.yaml , paste the above lines and appy it.

kubectl create -f traefik-service.yaml

once all above steps done, check the Traefik pod , if it is running.

kubectl get pods -n kube-system

Output:

NAME                                                                   READY   STATUS    RESTARTS   AGE

calico-kube-controllers-54bb897cfb-z6j65                               1/1     Running   0          38m
calico-node-5xhnl                                                      1/1     Running   0          36m
calico-node-grvx5                                                      1/1     Running   0          36m
calico-node-mjqcm                                                      1/1     Running   0          38m
dns-controller-5896599c4c-ghbt4                                        1/1     Running   0          38m
etcd-manager-events-ip-172-20-52-202.ap-south-1.compute.internal       1/1     Running   0          36m
etcd-manager-main-ip-172-20-52-202.ap-south-1.compute.internal         1/1     Running   0          36m
kops-controller-hs2zf                                                  1/1     Running   0          37m
kube-apiserver-ip-172-20-52-202.ap-south-1.compute.internal            2/2     Running   1          36m
kube-controller-manager-ip-172-20-52-202.ap-south-1.compute.internal   1/1     Running   0          37m
kube-dns-64f86fb8dd-kbsl6                                              3/3     Running   0          35m
kube-dns-64f86fb8dd-psj4n                                              3/3     Running   0          38m
kube-dns-autoscaler-cd7778b7b-kp2kl                                    1/1     Running   0          38m
kube-proxy-ip-172-20-37-73.ap-south-1.compute.internal                 1/1     Running   0          36m
kube-proxy-ip-172-20-52-202.ap-south-1.compute.internal                1/1     Running   0          37m
kube-proxy-ip-172-20-66-20.ap-south-1.compute.internal                 1/1     Running   0          34m
kube-scheduler-ip-172-20-52-202.ap-south-1.compute.internal            1/1     Running   0          36m
traefik-ingress-controller-5599d74798-4nw9w  

Check the Traefik Deployment Service , if it is running

kubectl get deployment -n kube-system

Output:

NAME                      READY   UP-TO-DATE   AVAILABLE   AGE

calico-kube-controllers   1/1     1            1           57m
dns-controller            1/1     1            1           57m
kube-dns                  2/2     2            2           57m
kube-dns-autoscaler       1/1     1            1           57m
traefik-ingress-controller           1/1     1            1           51m

Check the Traefik Ingress Kubernetes Service

kubectl get svc -n kube-system

Output:

NAME                      TYPE           CLUSTER-IP       EXTERNAL-IP                                                                PORT(S)                       AGE
kube-dns                  ClusterIP      100.64.0.10      <none>                                                                     53/UDP,53/TCP                 57m
traefik-ingress-service   LoadBalancer   100.64.144.139   ab690ac82863747738f3d98420cd5a6b-2116167598.ap-south-1.elb.amazonaws.com   80:31424/TCP,8080:30361/TCP   50m

As per the above output , we can see Traefik Service exposed on AWS Loadbalancer on Port 80 ( applications ) and 8080 for Traefik Dashboard

Step #4: Access Traefik Dashboard

To access Traefik Dashboard you can either access using Loadbalancer URL as shown above or you can point Loadbalancer URL by adding CNAME record in Domain Provider.

Here We have added CNAME record in GoDaddy with Domain traefik.fosstechnix.com

Configure Traefik Ingress Controller on Kubernetes [5 Steps] 1

after adding CNAME and access Traefik Dashboard with Domain name followed by port 8080.

http://traefik.fosstechnix.info:8080
Configure Traefik Ingress Controller on Kubernetes [5 Steps] 2

Step #5: Creating Demo Applications with Name Based Routing in Traefik

Lets create Node js demo application with Docker Image to Deploy on Traefik Ingress Controller

Create a Kubernetes Deployment with Node js docker container

sudo nano njdeployment.yaml

paste the below lines

kind: Deployment
apiVersion: apps/v1
metadata:
  name: nodejs-demo
  namespace: kube-system
  labels:
    app: nodejs-demo
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nodejs-demo
  template:
    metadata:
      labels:
        app: nodejs-demo
    spec:
      containers:
      - name: nodejs
        image: "devopshint/nodejsdocker"
kubectl create -f njdeployment.yaml

Create the Kubernetes Service for Node js deployment

sudo nano njservice.yaml

paste the below lines

apiVersion: v1
kind: Service
metadata:
  name: nodejs-demo
  namespace: kube-system
spec:
  selector:
    app: nodejs-demo
  ports:
  - name: http
    targetPort: 80
    port: 80
kubectl create -f njservice.yaml

Create the Kubernetes Traefik Ingress for Node js deployment, only for first time and next for any application/service you have to add in Ingress

sudo nano demo-ingress.yaml

paste the below lines

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: demo-ingress
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.frontend.passHostHeader: "false"
    traefik.frontend.priority: "1"
spec:
  rules:
  - host: app2.fosstechnix.info
    http:
      paths:
      - path: /
        backend:
          serviceName: nodejs-demo
          servicePort: 80
kubectl create -f ingress.yml

Now lets check Node js pod is created

kubectl get pods -n kube-system

Output:

kubectl get pods -n kube-system
NAME                                                                   READY   STATUS    RESTARTS   AGE
calico-kube-controllers-54bb897cfb-z6j65                               1/1     Running   0          3h58m
calico-node-5xhnl                                                      1/1     Running   0          3h56m
calico-node-grvx5                                                      1/1     Running   0          3h56m
calico-node-mjqcm                                                      1/1     Running   0          3h58m
dns-controller-5896599c4c-ghbt4                                        1/1     Running   0          3h58m
etcd-manager-events-ip-172-20-52-202.ap-south-1.compute.internal       1/1     Running   0          3h57m
etcd-manager-main-ip-172-20-52-202.ap-south-1.compute.internal         1/1     Running   0          3h56m
kops-controller-hs2zf                                                  1/1     Running   0          3h57m
kube-apiserver-ip-172-20-52-202.ap-south-1.compute.internal            2/2     Running   1          3h57m
kube-controller-manager-ip-172-20-52-202.ap-south-1.compute.internal   1/1     Running   0          3h57m
kube-dns-64f86fb8dd-kbsl6                                              3/3     Running   0          3h55m
kube-dns-64f86fb8dd-psj4n                                              3/3     Running   0          3h58m
kube-dns-autoscaler-cd7778b7b-kp2kl                                    1/1     Running   0          3h58m
kube-proxy-ip-172-20-37-73.ap-south-1.compute.internal                 1/1     Running   0          3h56m
kube-proxy-ip-172-20-52-202.ap-south-1.compute.internal                1/1     Running   0          3h57m
kube-proxy-ip-172-20-66-20.ap-south-1.compute.internal                 1/1     Running   0          3h54m
kube-scheduler-ip-172-20-52-202.ap-south-1.compute.internal            1/1     Running   0          3h56m
nginx-demo-76c8bff45f-s7cbx                                            1/1     Running   0          83m
nodejs-demo-77bff94d75-9x5qd                                           1/1     Running   0          16m
traefik-ingress-controller-5599d74798-4nw9w

Lets check Node JS Kubernetes Service

kubectl get svc -n kube-system

Output:

NAME                      TYPE           CLUSTER-IP       EXTERNAL-IP                                                                PORT(S)                       AGE
kube-dns                  ClusterIP      100.64.0.10      <none>                                                                     53/UDP,53/TCP                 3h58m
nginx-demo                ClusterIP      100.65.237.143   <none>                                                                     80/TCP                        70m
nodejs-demo               ClusterIP      100.67.241.90    <none>                                                                     80/TCP                        14m
traefik-ingress-service   LoadBalancer   100.64.144.139   ab690ac82863747738f3d98420cd5a6b-2116167598.ap-south-1.elb.amazonaws.com   80:31424/TCP,8080:30361/TCP   3h51m

Check the ingress with application domain name

kubectl get ingress -n kube-system

Output:

NAME            CLASS    HOSTS                                         ADDRESS   PORTS   AGE
demo-ingress   <none>   app1.fosstechnix.info,app2.fosstechnix.info             80      70m

you check your applications/micro services on by accessing Traefik Dashboard as shown below

Configure Traefik Ingress Controller on Kubernetes [5 Steps] 3

if you want to add new applications/microservice , create a deployment and service and add your microservices in Traefik Ingress controller/Loadbalancer as shown below.

kubectl -n kube-system edit ingress demo-ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.frontend.passHostHeader: "false"
    traefik.frontend.priority: "1"
  creationTimestamp: "2020-08-26T09:01:24Z"
  generation: 3
  managedFields:
  - apiVersion: extensions/v1beta1
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .: {}
          f:kubernetes.io/ingress.class: {}
          f:traefik.frontend.passHostHeader: {}
          f:traefik.frontend.priority: {}
      f:spec:
        f:rules: {}
    manager: kubectl
    operation: Update
    time: "2020-08-26T10:05:44Z"
  name: nginx-ingress
  namespace: kube-system
  resourceVersion: "41148"
  selfLink: /apis/extensions/v1beta1/namespaces/kube-system/ingresses/nginx-ingress
  uid: 336e482a-5a74-41c0-9544-b35515782977
spec:
  rules:
  - host: app1.fosstechnix.info
    http:
      paths:
      - backend:
          serviceName: nginx-demo
          servicePort: 80
        path: /
        pathType: ImplementationSpecific
  - host: app2.fosstechnix.info
    http:
      paths:
      - backend:
          serviceName: nodejs-demo
          servicePort: 80
        path: /
        pathType: ImplementationSpecific
status:
  loadBalancer: {}

Conclusion

In this article , We have covered How to configure Traefik Ingress Controller , Create Service Account, Cluster Role and Cluster Role Binding for Traefik, Deploy Traefik to Kubernetes Cluster, Create LoadBalancer to Access Traefik Ingress, Access Traefik Dashboard, Creating Demo Applications

Traefik FAQ :

traefik vs nginx ?

Traefik and nginx both are open source tools.
Nginx Ingress Controller is free and open source high performance proxy web server.
Traefik is an open source and act as a Load Balancer which is used to expose service  from outside.
companies like Spotify, Uber, Airbnb,etc,. are using Nginx.
companies like Docplanner, Viadeo, and Condé Nast using Traefik
The reasons to choose Traefik over Nginx as below
1. Traefik built-in Let’s Encrypt SSL and supports automatic renewal
2. Traefik automatically enables HTTP/2, REST API

Related Articles

How to Create New Namespace in Kubernetes [2 Steps]

Deploy to Kubernetes using Helm and GitLab [Part 2]

4 Steps to Install Kubernetes Dashboard

Alok Kanakeri

I am Alok Kanakeri working as Senior Site Reliability Engineer(Cloud and DevOps) Likes to share knowledge.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share via
Copy link