Traefik
Traefik Ingress Proxy
Configuration
Ingress and Load Balancer
- Listen on external IP
10.10.10.80. - Enable Kubernetes Ingress.
- Enable TLS Ingress.
Helm Values
service:
spec:
loadBalancerIP: 10.10.10.80
providers:
kubernetesIngress:
publishedService:
enabled: true
ports:
websecure:
tls:
enabled: true
Deployment
- Deploy 2 instances of CoreDNS.
- Create a service account.
- Enable pod security policy.
Helm Values
deployment:
replicas: 2
rbac:
enabled: true
podSecurityPolicy:
enabled: true
Others
- Set anti affinity rules.
- Deploy Traefik on control plane nodes.
- Set tolerations to control plane taints.
- Use priority class
system-cluster-critical.
Helm Values
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- traefik
topologyKey: kubernetes.io/hostname
nodeSelector:
node-role.kubernetes.io/control-plane: "true"
tolerations:
- key: CriticalAddonsOnly
operator: Exists
effect: NoExecute
priorityClassName: "system-cluster-critical"
Installation
Create a file named traefik.values.yaml with the following content.
deployment:
replicas: 2
rbac:
enabled: true
podSecurityPolicy:
enabled: true
ports:
websecure:
tls:
enabled: true
service:
spec:
loadBalancerIP: 10.10.10.80
providers:
kubernetesIngress:
publishedService:
enabled: true
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- traefik
topologyKey: kubernetes.io/hostname
nodeSelector:
node-role.kubernetes.io/control-plane: "true"
tolerations:
- key: CriticalAddonsOnly
operator: Exists
effect: NoExecute
priorityClassName: "system-cluster-critical"
Install Traefik with this command.
helm install --namespace kube-system --values ./traefik.values.yaml traefik traefik/traefik