Basic Guide: How to configure Traefik in K3s?

The cloud consists of a temporary group of servers and a way to assign containers to servers. A container is a way to package an application into a standardized unit so that it can run smoothly on any server in the cloud. A common problem is the need to direct traffic from external clients to containers within the cloud, while ensuring that external clients are not bound to the cloud. A common solution to this problem is to create an Ingress Controller.

Ingress of Kubernetes

Kubernetes Ingress has two requirements:

• Ingress controller

• Ingress

This is an example of an end-to-end setup for Kubernetes to configure Ingress so that external clients of the cluster can access pods running within the cluster using the Ingress Controller. Once traffic is directed to a POD, it is directed to the correct container within that POD. In this article we deploy K3s to raspberry PI to build a cluster. You can check out our previous tutorial on how to build a K3s cluster on a Raspberry PI: Super Tutorial! Build a multi-node K8S cluster on raspberry PI!

The figure above depicts the work of the following components:

The client wants to send traffic to the Pod. By creating a ClusterIP service, a Pod is deployed to a K3s cluster and exposed within the cluster. The client cannot access the service, howeverIngress ControllerYou can access the service. Ingress Controller Executes the routing rules defined by the Ingress. Ingress controller byNodePortThe service is exposed to the client.Kubernetes does not deploy Ingress Controller, but K3s deploys one by default. The figure above shows the K3s deploymentTraefikAs an implementation of Ingress Controller. Therefore, Traefik will be responsible for fulfilling Ingress’s request. The Ingress request is submitted by K3s, which instantiates routing rules for incoming traffic based on different HTTP attributes.

Ingress, described in the figure above, creates a routing rule on Traefik so that incoming traffic is redirected to the nginx-SVC service on port 80 on how the path matches the content after the slash.

Create the K3s Ingress resource

The following guide will build the corresponding Ingress configuration based on the examples in the previous section.

Run the Traefik dashboard

K3s creates a Traefik deployment for Ingress Controller, but the dashboard is disabled by default. Running Traefik with dashboard enabled enables the concept of applying routing rules created by Ingress.

Traefik’s ConfigMap must be edited to enable the dashboard.

kubectl -n kube-system edit cm traefik
Copy the code

This command allows you to edit ConfigMap in the terminal:

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  traefik.toml: |
    # traefik.toml
    logLevel = "info"
    defaultEntryPoints = ["http","https"]
    [entryPoints]
      [entryPoints.http]
      address = ":80"
      compress = true
      [entryPoints.https]
      address = ":443"
      compress = true
        [entryPoints.https.tls]
          [[entryPoints.https.tls.certificates]]
          CertFile = "/ssl/tls.crt"
          KeyFile = "/ssl/tls.key"
      [entryPoints.prometheus]
      address = ":9100"
    [ping]
    entryPoint = "http"
    [kubernetes]
      [kubernetes.ingressEndpoint]
      publishedService = "kube-system/traefik"
    [traefikLog]
      format = "json"
    [api]
      dashboard = true
    [metrics]
      [metrics.prometheus]
        entryPoint = "prometheus"
kind: ConfigMap
metadata:
  annotations:
    meta.helm.sh/release-name: traefik
    meta.helm.sh/release-namespace: kube-system
  creationTimestamp: "2020-10-02T13:59:32Z"
  labels:
    app: traefik
    app.kubernetes.io/managed-by: Helm
    chart: traefik-1.81.0
    heritage: Helm
    release: traefik
  name: traefik
  namespace: kube-system
  resourceVersion: "3405531"
Copy the code

Lines 31 and 32 must be added to enable the dashboard. After you add these lines, type ESC + : + wq to save the file.

Restart the Traefik deployment

kubectl -n kube-system scale deploy traefik --replicas 0
kubectl -n kube-system scale deploy traefik --replicas 1
Copy the code

Port forwarding Traefik dashboard

kubectl -n kube-system port-forward deployment/traefik 8080
Copy the code

In your browser, go to http://localhost:8080 and open the dashboard.

Configure Traefik routing rules

Our example could easily be done without creating a YAML file; However, YAML files allow you to save your work and easily launch and dismantle entire configuration Settings. The following example uses yamL files instead of command-line commands to build Kubernetes resources for Ingress.

Create a deployment

You must have a backup Pod that ultimately routes traffic to. Run nginx. Save the following file as deployment.yaml.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      # manage pods with the label app: nginx
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        ports:
        - containerPort: 80
Copy the code

kubectl create -f deployment.yaml
Copy the code

Create a service

Ingress Configures routing rules on Ingress Controller, Traefik. Traefik examines incoming HTTP traffic and directs it to the service that triggered the rule, and eventually from the service to the Pod. Now we will create the Service and save the following file as servci.yaml:

apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
spec:
  ports:
    - name: http
      port: 80
  selector:
    # apply service to any pod with label app: nginx
    app: nginx
Copy the code

kubectl create -f service.yaml
Copy the code

Create the Ingress

Ingress configures Traefik using routing rules. This example uses path-based routing rules. Evaluate path-based routing rules by examining the context of the incoming URL. Here, the path prefix is /. The path/captures all incoming traffic, so contexts like /context1, /context2/anything will trigger the routing rule on Traefik because all of these contexts are prefixed with /. Save the following file as ingress.yaml:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-ingress
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          serviceName: nginx-svc
          servicePort: 80
Copy the code

kubectl create -f ingress.yaml
Copy the code

Routing rules can be viewed on Traefik’s dashboard:

Expose Ingress Controller to external traffic using NodePort

Nginx app Ingress rules have been defined, but Traefik has not been exposed to external traffic. Creating a service of type Nodeport exposes Traefik to the client. Save the following file nodeport.yaml

apiVersion: v1
kind: Service
metadata:
  name: traefik
  namespace: kube-system
spec:
  type: NodePort
  ports:
    - name: traefik
      port: 80
      nodePort: 30182
      targetPort: 80
  selector:
    app: traefik
Copy the code

kubectl create -f nodeport.yaml
Copy the code

As an external client

External clients of the cluster can now make requests to the Ingress Controller. The Ingress Controller redirects traffic to the Nginx-SVC service, which in turn directs traffic to pod Nignx. To act as an external client, we need the IP address of one of the servers in the Cluster.

kubectl get nodes -o wide
Copy the code

Paste any internal-IP and NodePort 30182 for our Traefik service into your browser. The default page for NGINX will display. Note that external clients must be on the same network as the Cluster to work.

conclusion

Ingress is an extremely important concept in cloud native environments. Kubernetes provides Ingress, but leaves the implementation of Ingress Controller to the developers. By default, K3s provides Traefik as the ingress Controller. Without the Ingress Controller, creating an ingress is useless. The Ingress Controller is itself a POD and must be exposed to external traffic. In this example, we use NodePort for exposure. After evaluating the routing rule (which is configured by submitting the Ingress), the hit Ingress Controller traffic is redirected to the configured service. The appendix

The files in this guide can be combined into one file. It is easy to create and destroy entire Ingress Settings by maintaining a file. Save the following file as nginx-ingres-full.yaml. create

kubectl create -f nginx-ingress-full.yaml
Copy the code

The destruction

kubectl delete -f nginx-ingress-full.yaml
Copy the code

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      # manage pods with the label app: nginx
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
spec:
  ports:
    - name: http
      port: 80
  selector:
    # apply service to any pod with label app: nginx
    app: nginx
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-ingress
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          serviceName: nginx-svc
          servicePort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: traefik
  namespace: kube-system
spec:
  type: NodePort
  ports:
    - name: traefik
      port: 80
      nodePort: 30182
      targetPort: 80
  selector:
    app: traefik

Copy the code

Original link:

Levelup.gitconnected.com/a-guide-to-…