我的书签
添加书签
移除书签Installing the Traefik Ingress Controller on k0s
In this tutorial, you’ll learn how to configure k0s with the Traefik ingress controller, a MetalLB service loadbalancer, and deploy the Traefik Dashboard along with a service example. Utilizing the extensible bootstrapping functionality with Helm, it’s as simple as adding the right extensions to the k0s.yaml file when configuring your cluster.
Configuring k0s.yaml
Modify your k0s.yaml file to include the Traefik and MetalLB helm charts as extensions, and these will install during the cluster’s bootstrap.
Note: You may want to have a small range of IP addresses that are addressable on your network, preferably outside the assignment pool allocated by your DHCP server. Providing an addressable range should allow you to access your LoadBalancer and Ingress services from anywhere on your local network. However, any valid IP range should work locally on your machine.
extensions:helm:repositories:- name: traefikurl: https://helm.traefik.io/traefik- name: bitnamiurl: https://charts.bitnami.com/bitnamicharts:- name: traefikchartname: traefik/traefikversion: "9.11.0"namespace: default- name: metallbchartname: bitnami/metallbversion: "1.0.1"namespace: defaultvalues: |2configInline:address-pools:- name: generic-cluster-poolprotocol: layer2addresses:- 192.168.0.5-192.168.0.10
Providing a range of IPs for MetalLB that are addressable on your LAN is suggested if you want to access LoadBalancer and Ingress services from anywhere on your local network.
Retrieving the Load Balancer IP
Once you’ve started your cluster, you should confirm the deployment of Traefik and MetalLB. Executing a kubectl get all should include a response with the metallb and traefik resources, along with a service loadbalancer that has an EXTERNAL-IP assigned to it. See the example below:
root@k0s-host ➜ kubectl get allNAME READY STATUS RESTARTS AGEpod/metallb-1607085578-controller-864c9757f6-bpx6r 1/1 Running 0 81spod/metallb-1607085578-speaker-245c2 1/1 Running 0 60spod/traefik-1607085579-77bbc57699-b2f2t 1/1 Running 0 81sNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEservice/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 96sservice/traefik-1607085579 LoadBalancer 10.105.119.102 192.168.0.5 80:32153/TCP,443:30791/TCP 84sNAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGEdaemonset.apps/metallb-1607085578-speaker 1 1 1 1 1 kubernetes.io/os=linux 87sNAME READY UP-TO-DATE AVAILABLE AGEdeployment.apps/metallb-1607085578-controller 1/1 1 1 87sdeployment.apps/traefik-1607085579 1/1 1 1 84sNAME DESIRED CURRENT READY AGEreplicaset.apps/metallb-1607085578-controller-864c9757f6 1 1 1 81sreplicaset.apps/traefik-1607085579-77bbc57699 1 1 1 81s
Take note of the EXTERNAL-IP given to the service/traefik-n LoadBalancer. In this example, 192.168.0.5 has been assigned and can be used to access services via the Ingress proxy:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEservice/traefik-1607085579 LoadBalancer 10.105.119.102 192.168.0.5 80:32153/TCP,443:30791/TCP 84s# Recieving a 404 response here is normal, as you've not configured any Ingress resources to respond yetroot@k0s-host ➜ curl http://192.168.0.5404 page not found
Deploy and access the Traefik Dashboard
Now that you have an available and addressable load balancer on your cluster, you can quickly deploy the Traefik dashboard and access it from anywhere on your local network (provided that you configured MetalLB with an addressable range).
Create the Traefik Dashboard IngressRoute in a YAML file:
apiVersion: traefik.containo.us/v1alpha1kind: IngressRoutemetadata:name: dashboardspec:entryPoints:- webroutes:- match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)kind: Ruleservices:- name: api@internalkind: TraefikService
Next, deploy the resource:
root@k0s-host ➜ kubectl apply -f traefik-dashboard.yamlingressroute.traefik.containo.us/dashboard created
Once deployed, you should be able to access the dashboard using the EXTERNAL-IP that you noted above by visiting http://192.168.0.5 in your browser:
Now, create a simple whoami Deployment, Service, and Ingress manifest:
apiVersion: apps/v1kind: Deploymentmetadata:name: whoami-deploymentspec:replicas: 1selector:matchLabels:app: whoamitemplate:metadata:labels:app: whoamispec:containers:- name: whoami-containerimage: containous/whoami---apiVersion: v1kind: Servicemetadata:name: whoami-servicespec:ports:- name: httptargetPort: 80port: 80selector:app: whoami---apiVersion: networking.k8s.io/v1kind: Ingressmetadata:name: whoami-ingressspec:rules:- http:paths:- path: /whoamipathType: Exactbackend:service:name: whoami-serviceport:number: 80
Once you’ve created this, apply and test it:
# apply the manifestsroot@k0s-host ➜ kubectl apply -f whoami.yamldeployment.apps/whoami-deployment createdservice/whoami-service createdingress.networking.k8s.io/whoami-ingress created# test the ingress and serviceroot@k0s-host ➜ curl http://192.168.0.5/whoamiHostname: whoami-deployment-85bfbd48f-7l77cIP: 127.0.0.1IP: ::1IP: 10.244.214.198IP: fe80::b049:f8ff:fe77:3e64RemoteAddr: 10.244.214.196:34858GET /whoami HTTP/1.1Host: 192.168.0.5User-Agent: curl/7.68.0Accept: */*Accept-Encoding: gzipX-Forwarded-For: 192.168.0.82X-Forwarded-Host: 192.168.0.5X-Forwarded-Port: 80X-Forwarded-Proto: httpX-Forwarded-Server: traefik-1607085579-77bbc57699-b2f2tX-Real-Ip: 192.168.0.82
Summary
From here, it’s possible to use 3rd party tools, such as ngrok, to go further and expose your LoadBalancer to the world. Doing so then enables dynamic certificate provisioning through Let’s Encrypt utilizing either cert-manager or Traefik’s own built-in ACME provider. This guide should have given you a general idea of getting started with Ingress on k0s and exposing your applications and services quickly.
