Traefik Ingress

31 Jan 2022 08:46 ingress k3s traefik

I’m in the middle of installing ArgoCD (blog post will appear later). Rather than use up another LoadBalancer IP address for it (and mess around with TLS), let’s talk about using an Ingress. It’s entirely possible that I can convert the previously-installed docker registry and Gitea to use one as well.

There’s a really good diagram of how Traefik works here.

When I installed MetalLB, I had to disable Klipper. I assumed that by doing so, I’d completely broken Traefik. It turns out: no.

$ kubectl --namespace kube-system get service traefik
NAME      TYPE           CLUSTER-IP    EXTERNAL-IP     PORT(S)                      AGE
traefik   LoadBalancer   10.43.50.40   192.168.28.10   80:32034/TCP,443:31470/TCP   41d

As you can see, Traefik relies on a LoadBalancer service, and once I’d replaced Klipper with MetalLB, it just got an IP address from MetalLB instead.

If I browse to http://192.168.28.10/, it returns a plain text 404 page not found page, which implies that it’s correctly talking to Traefik.

Ingress Test

I’m just going to follow the instructions from the page linked above. I won’t bother repeating them here.

$ curl http://192.168.28.10/whoami
Hostname: whoami-8557b59f65-6p6pk
IP: 127.0.0.1
IP: ::1
IP: 10.42.3.140
...

Yeah; that works.

Host-based routing?

Can we persuade whoami.k3s.differentpla.net to work as well?

Configure DNS

We’ll need to edit our custom DNS:

kubectl --namespace k3s-dns edit configmap k3s-dns

...
data:
...
  NodeHosts: |
    192.168.28.10 whoami.k3s.differentpla.net
...

You can specify multiple hosts for the same IP address by putting them on separate lines.

Note: It can take up to 15 seconds for CoreDNS to reload the file.

Edit the Ingress

This manifest defines a global /whoami path route and a whoami.k3s.differentpla.net host route:

apiVersion: networking.k8s.io/v1
kind: Ingress

metadata:
  name: whoami
  namespace: whoami
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: web

spec:
  rules:
  - http:
      paths:
      - path: /whoami
        pathType: Prefix
        backend:
          service:
            name: whoami
            port:
              number: 80
  - host: whoami.k3s.differentpla.net
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: whoami
            port:
              number: 80