Skip to content

Installing the Traefik Ingress Controller on k0s#

In this tutorial, you'll learn how to configure k0s with the Traefik ingress controller, a MetalLB service loadbalancer, and deploy the Traefik Dashboard along with a service example. Utilizing the extensible bootstrapping functionality with Helm, it's as simple as adding the right extensions to the k0s.yaml file when configuring your cluster.

Configuring k0s.yaml#

Modify your k0s.yaml file to include the Traefik and MetalLB helm charts as extensions, and these will install during the cluster's bootstrap.

Note: You may want to have a small range of IP addresses that are addressable on your network, preferably outside the assignment pool allocated by your DHCP server. Providing an addressable range should allow you to access your LoadBalancer and Ingress services from anywhere on your local network. However, any valid IP range should work locally on your machine.

extensions:
  helm:
    repositories:
    - name: traefik
      url: https://helm.traefik.io/traefik
    - name: bitnami
      url: https://charts.bitnami.com/bitnami
    charts:
    - name: traefik
      chartname: traefik/traefik
      version: "9.11.0"
      namespace: default
    - name: metallb
      chartname: bitnami/metallb
      version: "1.0.1"
      namespace: default
      values: |2
        configInline:
          address-pools:
          - name: generic-cluster-pool
            protocol: layer2
            addresses:
            - 192.168.0.5-192.168.0.10

Providing a range of IPs for MetalLB that are addressable on your LAN is suggested if you want to access LoadBalancer and Ingress services from anywhere on your local network.

Retrieving the Load Balancer IP#

Once you've started your cluster, you should confirm the deployment of Traefik and MetalLB. Executing a kubectl get all should include a response with the metallb and traefik resources, along with a service loadbalancer that has an EXTERNAL-IP assigned to it. See the example below:

root@k0s-host  kubectl get all
NAME                                                 READY   STATUS    RESTARTS   AGE
pod/metallb-1607085578-controller-864c9757f6-bpx6r   1/1     Running   0          81s
pod/metallb-1607085578-speaker-245c2                 1/1     Running   0          60s
pod/traefik-1607085579-77bbc57699-b2f2t              1/1     Running   0          81s

NAME                         TYPE           CLUSTER-IP       EXTERNAL-IP      PORT(S)                      AGE
service/kubernetes           ClusterIP      10.96.0.1        <none>           443/TCP                      96s
service/traefik-1607085579   LoadBalancer   10.105.119.102   192.168.0.5      80:32153/TCP,443:30791/TCP   84s

NAME                                        DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
daemonset.apps/metallb-1607085578-speaker   1         1         1       1            1           kubernetes.io/os=linux   87s

NAME                                            READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/metallb-1607085578-controller   1/1     1            1           87s
deployment.apps/traefik-1607085579              1/1     1            1           84s

NAME                                                       DESIRED   CURRENT   READY   AGE
replicaset.apps/metallb-1607085578-controller-864c9757f6   1         1         1       81s
replicaset.apps/traefik-1607085579-77bbc57699              1         1         1       81s

Take note of the EXTERNAL-IP given to the service/traefik-n LoadBalancer. In this example, 192.168.0.5 has been assigned and can be used to access services via the Ingress proxy:

NAME                         TYPE           CLUSTER-IP       EXTERNAL-IP      PORT(S)                      AGE
service/traefik-1607085579   LoadBalancer   10.105.119.102   192.168.0.5      80:32153/TCP,443:30791/TCP   84s
# Receiving a 404 response here is normal, as you've not configured any Ingress resources to respond yet
root@k0s-host  curl http://192.168.0.5
404 page not found

Deploy and access the Traefik Dashboard#

Now that you have an available and addressable load balancer on your cluster, you can quickly deploy the Traefik dashboard and access it from anywhere on your local network (provided that you configured MetalLB with an addressable range).

Create the Traefik Dashboard IngressRoute in a YAML file:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: dashboard
spec:
  entryPoints:
    - web
  routes:
    - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
      kind: Rule
      services:
        - name: api@internal
          kind: TraefikService

Next, deploy the resource:

root@k0s-host  kubectl apply -f traefik-dashboard.yaml
ingressroute.traefik.containo.us/dashboard created

Once deployed, you should be able to access the dashboard using the EXTERNAL-IP that you noted above by visiting http://192.168.0.5 in your browser:

Traefik Dashboard

Now, create a simple whoami Deployment, Service, and Ingress manifest:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: whoami-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: whoami
  template:
    metadata:
      labels:
        app: whoami
    spec:
      containers:
      - name: whoami-container
        image: containous/whoami
---
apiVersion: v1
kind: Service
metadata:
  name: whoami-service
spec:
  ports:
  - name: http
    targetPort: 80
    port: 80
  selector:
    app: whoami
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: whoami-ingress
spec:
  rules:
  - http:
      paths:
      - path: /whoami
        pathType: Exact
        backend:
          service:
            name: whoami-service
            port:
              number: 80

Once you've created this, apply and test it:

# apply the manifests
root@k0s-host  kubectl apply -f whoami.yaml
deployment.apps/whoami-deployment created
service/whoami-service created
ingress.networking.k8s.io/whoami-ingress created
# test the ingress and service
root@k0s-host  curl http://192.168.0.5/whoami
Hostname: whoami-deployment-85bfbd48f-7l77c
IP: 127.0.0.1
IP: ::1
IP: 10.244.214.198
IP: fe80::b049:f8ff:fe77:3e64
RemoteAddr: 10.244.214.196:34858
GET /whoami HTTP/1.1
Host: 192.168.0.5
User-Agent: curl/7.68.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 192.168.0.82
X-Forwarded-Host: 192.168.0.5
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: traefik-1607085579-77bbc57699-b2f2t
X-Real-Ip: 192.168.0.82

Summary#

From here, it's possible to use 3rd party tools, such as ngrok, to go further and expose your LoadBalancer to the world. Doing so then enables dynamic certificate provisioning through Let's Encrypt utilizing either cert-manager or Traefik's own built-in ACME provider. This guide should have given you a general idea of getting started with Ingress on k0s and exposing your applications and services quickly.