How to Deploy Traefik to Google Kubernetes Engine

Introduction:

Traefik is an open-source cloud-native edge router that is designed to manage the traffic flow between microservices and reverse proxy. It is widely used in cloud-based applications and gaining popularity as a reliable and scalable solution for managing Kubernetes traffic. Google Kubernetes Engine (GKE) is a managed Kubernetes environment that provides a fully managed, secure, and scalable platform for running Kubernetes workloads. In this guide, we will explore how to deploy Traefik to a Kubernetes cluster in GKE.

Prerequisites:

• A Google Cloud Platform account with a Google Kubernetes Engine cluster already created
• A Google Cloud Platform (GCP) account with appropriate permissions.
• kubectl CLI installed.
• A basic understanding of Kubernetes concepts and YAML syntax.

How to deploy Traefik to GKE

To deploy Traefic to Google Kubernetes Engine, follow the steps outlined below:

Step 1: Create a Kubernetes Namespace

The first step is to create a namespace for Traefik. Namespaces are used to isolate resources within a Kubernetes cluster. To do this we will create a namespace named traefik, by running the following command:

$ kubectl create namespace traefik

Once the cluster is created, use the Kubernetes command-line tool (kubectl) to interact with the cluster.

Step 2: Create a Traefik Service Account

Traefik needs a service account to access the Kubernetes API and to retrieve information about the services and endpoints it needs to route traffic to. To create a service account, create a new file named service-account.yaml with the following content:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-ingress-controller
  namespace: traefik

To create the service account, run the following command:

$ kubectl apply -f service-account.yaml

Step 3: Create a Cluster Role and Cluster Role Binding

Traefik also needs a cluster role and cluster role binding to be able to access the Kubernetes API. The following YAML defines a cluster role and cluster role binding. Create a new file named cluster-role-binding.yaml and paste the below YAML into it:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: traefik-ingress-controller
rules:
- apiGroups: ["", "extensions", "networking.k8s.io"]
  resources: ["configmaps", "endpoints", "events", "ingresses", "ingressclasses", "services"]
  verbs: ["create", "get", "list", "update", "watch", "patch"]
- apiGroups: ["", "extensions", "networking.k8s.io"]
  resources: ["nodes", "pods", "secrets", "services", "namespaces"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["", "extensions", "networking.k8s.io"]
  resources: ["nodes/status", "pods/status", "ingresses/status"]
  verbs: ["get"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: traefik-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
  name: traefik-ingress-controller
  namespace: traefik

To create the cluster role and cluster role binding, run the following command:

$ kubectl apply -f cluster-role-binding.yaml

Step 4: Create a ConfigMap

Traefik needs a configuration file to know how to route traffic to the appropriate services and endpoints. In this step, we will create a ConfigMap that contains Traefik configuration settings. The ConfigMap allows us to store configuration settings separately from the deployment manifest.

To create a ConfigMap, create a file called traefik-config.yaml with the following content:

apiVersion: v1
kind: ConfigMap
metadata:
  name: traefik-config
  namespace: traefik
data:
  traefik.yaml: |
    api:
      dashboard: true
      insecure: true

    providers:
      kubernetesIngress: {}

This configuration file contains the basic configuration settings for Traefik. It enables the dashboard and sets up Kubernetes as the provider for the ingress.

Once you have created the file, apply it to your Kubernetes cluster by running the following command:

$ kubectl apply -f traefik-config.yaml

Step 5: Create a Traefik Deployment

In this step, we will create a Traefik deployment that uses the configuration settings from the ConfigMap created in the previous step.

To create a Traefik deployment, create a file called traefik-deployment.yaml with the following content:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: traefik-deployment
  namespace: traefik
spec:
  selector:
    matchLabels:
      app: traefik
  replicas: 1
  template:
    metadata:
      labels:
        app: traefik
    spec:
      containers:
      - name: traefik
        image: traefik:v2.9
        args:
        - --api.insecure
        - --providers.kubernetesingress
        - --providers.kubernetescrd
        - --configfile=/config/traefik.yaml
        volumeMounts:
        - name: config
          mountPath: /config
      volumes:
      - name: config
        configMap:
          name: traefik-config

This deployment manifest specifies a single replica of the Traefik container, which mounts the ConfigMap created in the previous step as a volume. It also sets the configfile flag to point to the traefik.yaml file in the ConfigMap.

Once you have created the file, apply it to your Kubernetes cluster by running the following command:

$ kubectl apply -f traefik-deployment.yaml

Step 6: Create a Traefik Service

In this step, we will create a Traefik service that exposes the Traefik deployment.

To create a Traefik service, create a file called traefik-service.yaml with the following content:

apiVersion: v1
kind: Service
metadata:
  name: traefik-service
  namespace: traefik
spec:
  selector:
    app: traefik
  ports:
  - name: http
    port: 80
    targetPort: 80
  - name: https
    port: 443
    targetPort: 443
  type: LoadBalancer

This service manifest exposes the Traefik deployment on port 80 and 443 and creates a LoadBalancer to route traffic to the deployment.

Once you have created the file, apply it to your Kubernetes cluster by running the following command:

$ kubectl apply -f traefik-service.yaml

Step 7: Verify the Traefik Deployment

After deploying Traefik, you should verify that it is running correctly on your GKE cluster. Here are the steps to follow to verify your Traefik deployment:

1. Use the following command to list the pods running in the traefik namespace:

   $ kubectl get pods -n traefik

   This command should return a list of pods, which should include the traefik-ingress-controller- pod.

2. Use the following command to get the details of the traefik-ingress-controller pod:

   $ kubectl describe pod -n traefik traefik-ingress-controller-<random-string>
   

   This command should return the details of the traefik-ingress-controller pod. Make sure that the pod has a Running status and that there are no errors or warnings in the output.

3. Use the following command to list the services running in the traefik namespace:

   $ kubectl get services -n traefik
   

4. Use the following command to get the details of the traefik-ingress-service service:

   $ kubectl describe service -n traefik traefik-ingress-service
   

   This command should return the details of the traefik-ingress-service service. Make sure that the service has a ClusterIP and that there are no errors or warnings in the output.

Conclusion

In a nutshell, Traefik is an excellent solution for managing Kubernetes traffic, and deploying it to a Kubernetes cluster in GKE is relatively straightforward. By following the steps outlined in this how-to guide, and using the provided YAML files, you should be able to deploy Traefik to your GKE cluster with ease.

Additional resources