Installing the Traefik Ingress Controller on k0s

In this tutorial, you’ll learn how to configure k0s with the Traefik ingress controller, a MetalLB service loadbalancer, and deploy the Traefik Dashboard along with a service example. Utilizing the extensible bootstrapping functionality with Helm, it’s as simple as adding the right extensions to the k0s.yaml file when configuring your cluster.

Configuring k0s.yaml

Modify your k0s.yaml file to include the Traefik and MetalLB helm charts as extensions, and these will install during the cluster’s bootstrap.

Note: You may want to have a small range of IP addresses that are addressable on your network, preferably outside the assignment pool allocated by your DHCP server. Providing an addressable range should allow you to access your LoadBalancer and Ingress services from anywhere on your local network. However, any valid IP range should work locally on your machine.

  1. extensions:
  2. helm:
  3. repositories:
  4. - name: traefik
  5. url: https://helm.traefik.io/traefik
  6. - name: bitnami
  7. url: https://charts.bitnami.com/bitnami
  8. charts:
  9. - name: traefik
  10. chartname: traefik/traefik
  11. version: "9.11.0"
  12. namespace: default
  13. - name: metallb
  14. chartname: bitnami/metallb
  15. version: "1.0.1"
  16. namespace: default
  17. values: |2
  18. configInline:
  19. address-pools:
  20. - name: generic-cluster-pool
  21. protocol: layer2
  22. addresses:
  23. - 192.168.0.5-192.168.0.10

Providing a range of IPs for MetalLB that are addressable on your LAN is suggested if you want to access LoadBalancer and Ingress services from anywhere on your local network.

Retrieving the Load Balancer IP

Once you’ve started your cluster, you should confirm the deployment of Traefik and MetalLB. Executing a kubectl get all should include a response with the metallb and traefik resources, along with a service loadbalancer that has an EXTERNAL-IP assigned to it. See the example below:

  1. root@k0s-host kubectl get all
  2. NAME READY STATUS RESTARTS AGE
  3. pod/metallb-1607085578-controller-864c9757f6-bpx6r 1/1 Running 0 81s
  4. pod/metallb-1607085578-speaker-245c2 1/1 Running 0 60s
  5. pod/traefik-1607085579-77bbc57699-b2f2t 1/1 Running 0 81s
  6. NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
  7. service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 96s
  8. service/traefik-1607085579 LoadBalancer 10.105.119.102 192.168.0.5 80:32153/TCP,443:30791/TCP 84s
  9. NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
  10. daemonset.apps/metallb-1607085578-speaker 1 1 1 1 1 kubernetes.io/os=linux 87s
  11. NAME READY UP-TO-DATE AVAILABLE AGE
  12. deployment.apps/metallb-1607085578-controller 1/1 1 1 87s
  13. deployment.apps/traefik-1607085579 1/1 1 1 84s
  14. NAME DESIRED CURRENT READY AGE
  15. replicaset.apps/metallb-1607085578-controller-864c9757f6 1 1 1 81s
  16. replicaset.apps/traefik-1607085579-77bbc57699 1 1 1 81s

Take note of the EXTERNAL-IP given to the service/traefik-n LoadBalancer. In this example, 192.168.0.5 has been assigned and can be used to access services via the Ingress proxy:

  1. NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
  2. service/traefik-1607085579 LoadBalancer 10.105.119.102 192.168.0.5 80:32153/TCP,443:30791/TCP 84s
  3. # Receiving a 404 response here is normal, as you've not configured any Ingress resources to respond yet
  4. root@k0s-host curl http://192.168.0.5
  5. 404 page not found

Deploy and access the Traefik Dashboard

Now that you have an available and addressable load balancer on your cluster, you can quickly deploy the Traefik dashboard and access it from anywhere on your local network (provided that you configured MetalLB with an addressable range).

Create the Traefik Dashboard IngressRoute in a YAML file:

  1. apiVersion: traefik.containo.us/v1alpha1
  2. kind: IngressRoute
  3. metadata:
  4. name: dashboard
  5. spec:
  6. entryPoints:
  7. - web
  8. routes:
  9. - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
  10. kind: Rule
  11. services:
  12. - name: api@internal
  13. kind: TraefikService

Next, deploy the resource:

  1. root@k0s-host kubectl apply -f traefik-dashboard.yaml
  2. ingressroute.traefik.containo.us/dashboard created

Once deployed, you should be able to access the dashboard using the EXTERNAL-IP that you noted above by visiting http://192.168.0.5 in your browser:

Traefik Dashboard

Now, create a simple whoami Deployment, Service, and Ingress manifest:

  1. apiVersion: apps/v1
  2. kind: Deployment
  3. metadata:
  4. name: whoami-deployment
  5. spec:
  6. replicas: 1
  7. selector:
  8. matchLabels:
  9. app: whoami
  10. template:
  11. metadata:
  12. labels:
  13. app: whoami
  14. spec:
  15. containers:
  16. - name: whoami-container
  17. image: containous/whoami
  18. ---
  19. apiVersion: v1
  20. kind: Service
  21. metadata:
  22. name: whoami-service
  23. spec:
  24. ports:
  25. - name: http
  26. targetPort: 80
  27. port: 80
  28. selector:
  29. app: whoami
  30. ---
  31. apiVersion: networking.k8s.io/v1
  32. kind: Ingress
  33. metadata:
  34. name: whoami-ingress
  35. spec:
  36. rules:
  37. - http:
  38. paths:
  39. - path: /whoami
  40. pathType: Exact
  41. backend:
  42. service:
  43. name: whoami-service
  44. port:
  45. number: 80

Once you’ve created this, apply and test it:

  1. # apply the manifests
  2. root@k0s-host kubectl apply -f whoami.yaml
  3. deployment.apps/whoami-deployment created
  4. service/whoami-service created
  5. ingress.networking.k8s.io/whoami-ingress created
  6. # test the ingress and service
  7. root@k0s-host curl http://192.168.0.5/whoami
  8. Hostname: whoami-deployment-85bfbd48f-7l77c
  9. IP: 127.0.0.1
  10. IP: ::1
  11. IP: 10.244.214.198
  12. IP: fe80::b049:f8ff:fe77:3e64
  13. RemoteAddr: 10.244.214.196:34858
  14. GET /whoami HTTP/1.1
  15. Host: 192.168.0.5
  16. User-Agent: curl/7.68.0
  17. Accept: */*
  18. Accept-Encoding: gzip
  19. X-Forwarded-For: 192.168.0.82
  20. X-Forwarded-Host: 192.168.0.5
  21. X-Forwarded-Port: 80
  22. X-Forwarded-Proto: http
  23. X-Forwarded-Server: traefik-1607085579-77bbc57699-b2f2t
  24. X-Real-Ip: 192.168.0.82

Summary

From here, it’s possible to use 3rd party tools, such as ngrok, to go further and expose your LoadBalancer to the world. Doing so then enables dynamic certificate provisioning through Let’s Encrypt utilizing either cert-manager or Traefik’s own built-in ACME provider. This guide should have given you a general idea of getting started with Ingress on k0s and exposing your applications and services quickly.