Installing the Traefik Ingress Controller on k0s#
In this tutorial, you'll learn how to configure k0s with the
Traefik ingress controller,
a MetalLB service loadbalancer,
and deploy the Traefik Dashboard along with a service example.
Utilizing the extensible bootstrapping functionality with Helm,
it's as simple as adding the right extensions to the
when configuring your cluster.
k0s.yaml file to include the Traefik and MetalLB helm charts as extensions,
and these will install during the cluster's bootstrap.
Note: You may want to have a small range of IP addresses that are addressable on your network, preferably outside the assignment pool allocated by your DHCP server. Providing an addressable range should allow you to access your LoadBalancer and Ingress services from anywhere on your local network. However, any valid IP range should work locally on your machine.
extensions: helm: repositories: - name: traefik url: https://helm.traefik.io/traefik - name: bitnami url: https://charts.bitnami.com/bitnami charts: - name: traefik chartname: traefik/traefik version: "9.11.0" namespace: default - name: metallb chartname: bitnami/metallb version: "1.0.1" namespace: default values: |2 configInline: address-pools: - name: generic-cluster-pool protocol: layer2 addresses: - 192.168.0.5-192.168.0.10
Providing a range of IPs for MetalLB that are addressable on your LAN is suggested if you want to access LoadBalancer and Ingress services from anywhere on your local network.
Retrieving the Load Balancer IP#
Once you've started your cluster, you should confirm the deployment of Traefik and MetalLB.
kubectl get all should include a response with the
along with a service loadbalancer that has an
EXTERNAL-IP assigned to it.
See the example below:
root@k0s-host ➜ kubectl get all NAME READY STATUS RESTARTS AGE pod/metallb-1607085578-controller-864c9757f6-bpx6r 1/1 Running 0 81s pod/metallb-1607085578-speaker-245c2 1/1 Running 0 60s pod/traefik-1607085579-77bbc57699-b2f2t 1/1 Running 0 81s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 96s service/traefik-1607085579 LoadBalancer 10.105.119.102 192.168.0.5 80:32153/TCP,443:30791/TCP 84s NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE daemonset.apps/metallb-1607085578-speaker 1 1 1 1 1 kubernetes.io/os=linux 87s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/metallb-1607085578-controller 1/1 1 1 87s deployment.apps/traefik-1607085579 1/1 1 1 84s NAME DESIRED CURRENT READY AGE replicaset.apps/metallb-1607085578-controller-864c9757f6 1 1 1 81s replicaset.apps/traefik-1607085579-77bbc57699 1 1 1 81s
Take note of the
EXTERNAL-IP given to the
In this example,
192.168.0.5 has been assigned and can be used to access services via the Ingress proxy:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/traefik-1607085579 LoadBalancer 10.105.119.102 192.168.0.5 80:32153/TCP,443:30791/TCP 84s # Receiving a 404 response here is normal, as you've not configured any Ingress resources to respond yet root@k0s-host ➜ curl http://192.168.0.5 404 page not found
Deploy and access the Traefik Dashboard#
Now that you have an available and addressable load balancer on your cluster, you can quickly deploy the Traefik dashboard and access it from anywhere on your local network (provided that you configured MetalLB with an addressable range).
Create the Traefik Dashboard IngressRoute in a YAML file:
apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: dashboard spec: entryPoints: - web routes: - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`) kind: Rule services: - name: api@internal kind: TraefikService
Next, deploy the resource:
root@k0s-host ➜ kubectl apply -f traefik-dashboard.yaml ingressroute.traefik.containo.us/dashboard created
Once deployed, you should be able to access the dashboard using the
that you noted above by visiting
http://192.168.0.5 in your browser:
Now, create a simple
whoami Deployment, Service,
and Ingress manifest:
apiVersion: apps/v1 kind: Deployment metadata: name: whoami-deployment spec: replicas: 1 selector: matchLabels: app: whoami template: metadata: labels: app: whoami spec: containers: - name: whoami-container image: containous/whoami --- apiVersion: v1 kind: Service metadata: name: whoami-service spec: ports: - name: http targetPort: 80 port: 80 selector: app: whoami --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: whoami-ingress spec: rules: - http: paths: - path: /whoami pathType: Exact backend: service: name: whoami-service port: number: 80
Once you've created this, apply and test it:
# apply the manifests root@k0s-host ➜ kubectl apply -f whoami.yaml deployment.apps/whoami-deployment created service/whoami-service created ingress.networking.k8s.io/whoami-ingress created # test the ingress and service root@k0s-host ➜ curl http://192.168.0.5/whoami Hostname: whoami-deployment-85bfbd48f-7l77c IP: 127.0.0.1 IP: ::1 IP: 10.244.214.198 IP: fe80::b049:f8ff:fe77:3e64 RemoteAddr: 10.244.214.196:34858 GET /whoami HTTP/1.1 Host: 192.168.0.5 User-Agent: curl/7.68.0 Accept: */* Accept-Encoding: gzip X-Forwarded-For: 192.168.0.82 X-Forwarded-Host: 192.168.0.5 X-Forwarded-Port: 80 X-Forwarded-Proto: http X-Forwarded-Server: traefik-1607085579-77bbc57699-b2f2t X-Real-Ip: 192.168.0.82
From here, it's possible to use 3rd party tools, such as ngrok, to go further and expose your LoadBalancer to the world. Doing so then enables dynamic certificate provisioning through Let's Encrypt utilizing either cert-manager or Traefik's own built-in ACME provider. This guide should have given you a general idea of getting started with Ingress on k0s and exposing your applications and services quickly.