Traefik v2 is a popular and modern reverse proxy and load balancer that is designed for microservices architecture. Traefik can be used as an ingress controller in Kubernetes to route traffic to different services in a cluster. In this blog, we will discuss how to use Traefik v2 as a reverse proxy for Kubernetes. We will cover the following topics:
- Installing Traefik v2 on Kubernetes
- Creating a Traefik deployment and service
- Configuring Traefik to work with Kubernetes
- Deploying an application and routing traffic using Traefik
Prerequisites
- A Kubernetes cluster with kubectl installed
- Basic understanding of Kubernetes objects such as pods, deployments, and services
- Familiarity with Traefik v2 and its configuration options
Installing Traefik v2 on Kubernetes
Before we can use Traefik as a reverse proxy for Kubernetes, we need to install it in our cluster. There are several ways to install Traefik on Kubernetes, but the easiest way is to use the official Helm chart. If you don’t have Helm installed, you can follow the instructions in the Helm documentation to install it.
To install the Traefik Helm chart, run the following command:
$ helm repo add traefik https://helm.traefik.io/traefik
$ helm install traefik traefik/traefik
This will install the Traefik chart in the default namespace. You can check the status of the Traefik deployment using the following command:
$ kubectl get deployments traefik
This should show a deployment with one replica.
Creating a Traefik deployment and service
Now that we have Traefik installed in our cluster, we need to create a deployment and service for Traefik. The deployment will create a pod running Traefik, and the service will expose that pod to the cluster.
Create a file named traefik-deployment.yaml with the following content:
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik
spec:
selector:
matchLabels:
app: traefik
replicas: 1
template:
metadata:
labels:
app: traefik
spec:
containers:
- name: traefik
image: traefik:v2.5
ports:
- name: http
containerPort: 80
- name: admin
containerPort: 8080
This deployment defines a single pod running the Traefik image and exposes two ports: port 80 for HTTP traffic and port 8080 for the Traefik dashboard. We will use the dashboard later to monitor Traefik’s activity.
Create a file named traefik-service.yaml with the following content:
apiVersion: v1
kind: Service
metadata:
name: traefik
spec:
selector:
app: traefik
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: admin
port: 8080
protocol: TCP
targetPort: admin
type: NodePort
This service exposes the Traefik pod to the cluster on ports 80 and 8080 using the NodePort type. This means that any node in the cluster can access Traefik on these ports.
To create the Traefik deployment and service, run the following commands:
$ kubectl apply -f traefik-deployment.yaml
$ kubectl apply -f traefik-service.yaml
You can verify that the deployment and service were created successfully by running the following commands:
$ kubectl get deployments traefik
$ kubectl get svc traefik
This should show the Traefik deployment with one replica and the Traefik service with two ports exposed.
Configuring Traefik to work with Kubernetes
Now that we have Traefik deployed and exposed in our cluster, we need to configure it to work with Kubernetes. Traefik uses Kubernetes Ingress resources to route traffic to different services in the cluster. An Ingress resource defines rules for how traffic should be routed based on the incoming request’s host and path.
Create a file named traefik-ingressroute.yaml
with the following content:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-web-ui
spec:
entryPoints:
- web
routes:
- match: Host(`traefik.example.com`) && PathPrefix(`/`)
kind: Rule
services:
- name: traefik
port: 8080
This IngressRoute resource defines a rule for how traffic should be routed to the Traefik dashboard. The rule matches requests with the host traefik.example.com and the path prefix /. When a request matches this rule, Traefik will route the traffic to the traefik service on port 8080.
To create the IngressRoute, run the following command:
$ kubectl apply -f traefik-ingressroute.yaml
You can verify that the IngressRoute was created successfully by running the following command:
$ kubectl get ingressroute traefik-web-ui
This should show the Traefik IngressRoute with the name traefik-web-ui.
Deploying an application and routing traffic using Traefik
Now that we have Traefik configured to work with Kubernetes, we can deploy an application and route traffic to it using Traefik. For this example, we will deploy a simple Nginx web server and route traffic to it using Traefik.
Create a file named nginx-deployment.yaml with the following content:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
selector:
matchLabels:
app: nginx
replicas: 3
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- name: http
containerPort: 80
This deployment defines three pods running the Nginx image and exposes port 80 for HTTP traffic.
Create a file named nginx-service.yaml with the following content:
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
selector:
app: nginx
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
This service exposes the Nginx pods to the cluster on port 80.
To deploy the Nginx application and service, run the following commands:
$ kubectl apply -f nginx-deployment.yaml
$ kubectl apply -f nginx-service.yaml
You can verify that the deployment and service were created successfully by running the following commands:
$ kubectl get deployments nginx
$ kubectl get svc nginx
This should show the Nginx deployment with three replicas and the Nginx service with port 80 exposed.
To route traffic to the Nginx service using Traefik, create a file named nginx-ingressroute.yaml with the following content:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nginx
spec:
entryPoints:
- web
routes:
- match: Host(`nginx.example.com`) && PathPrefix(`/`)
kind: Rule
services:
- name: nginx
port: http
This IngressRoute resource defines a rule for how traffic should be routed to the Nginx service. The rule matches requests with the host nginx.example.com and the path prefix /. When a request matches this rule, Traefik will route the traffic to the nginx service on port 80.
To create the IngressRoute, run the following command:
$ kubectl apply -f nginx-ingressroute.yaml
You can verify that the IngressRoute was created successfully by running the following command:
$ kubectl get ingressroute nginx
This should show the Nginx IngressRoute with the name nginx.
Testing the setup
To test the setup, you can add an entry to your /etc/hosts file to map the hostnames traefik.example.com and nginx.example.com to the IP address of your Kubernetes cluster. To find the IP address of your cluster, you can run the following command:
$ kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'
Add the following lines to your /etc/hosts file:
<IP address> traefik.example.com nginx.example.com
You should now be able to access the Traefik dashboard at http://traefik.example.com and the Nginx server at http://nginx.example.com. When you access these URLs, you should see the Traefik dashboard and the default Nginx welcome page, respectively.
Conclusion
In this tutorial, we have seen how to use Traefik v2 as a reverse proxy for Kubernetes. We have deployed Traefik in our cluster, configured it to work with Kubernetes, and used it to route traffic to a simple Nginx web server. By following these steps, you can use Traefik to manage and route traffic to different services in your Kubernetes cluster.
Leave a Reply