How to Deploy Traefik to Google Kubernetes Engine
Introduction:
Traefik is an open-source cloud-native edge router that is designed to manage the traffic flow between microservices and reverse proxy. It is widely used in cloud-based applications and gaining popularity as a reliable and scalable solution for managing Kubernetes traffic. Google Kubernetes Engine (GKE) is a managed Kubernetes environment that provides a fully managed, secure, and scalable platform for running Kubernetes workloads. In this guide, we will explore how to deploy Traefik to a Kubernetes cluster in GKE.
Prerequisites:
- A Google Cloud Platform account with a Google Kubernetes Engine cluster already created
- A Google Cloud Platform (GCP) account with appropriate permissions.
- kubectl CLI installed.
- A basic understanding of Kubernetes concepts and YAML syntax.
How to deploy Traefik to GKE
To deploy Traefic to Google Kubernetes Engine, follow the steps outlined below:
Step 1: Create a Kubernetes Namespace
The first step is to create a namespace for Traefik. Namespaces are used to isolate resources within a Kubernetes cluster. To do this we will create a namespace named traefik, by running the following command:
$ kubectl create namespace traefikOnce the cluster is created, use the Kubernetes command-line tool (kubectl) to interact with the cluster.
Step 2: Create a Traefik Service Account
Traefik needs a service account to access the Kubernetes API and to retrieve information about the services and endpoints it needs to route traffic to. To create a service account, create a new file named service-account.yaml with the following content:
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: traefik
To create the service account, run the following command:
$ kubectl apply -f service-account.yaml
Step 3: Create a Cluster Role and Cluster Role Binding
Traefik also needs a cluster role and cluster role binding to be able to access the Kubernetes API. The following YAML defines a cluster role and cluster role binding. Create a new file named cluster-role-binding.yaml and paste the below YAML into it:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: traefik-ingress-controller
rules:
- apiGroups: ["", "extensions", "networking.k8s.io"]
resources: ["configmaps", "endpoints", "events", "ingresses", "ingressclasses", "services"]
verbs: ["create", "get", "list", "update", "watch", "patch"]
- apiGroups: ["", "extensions", "networking.k8s.io"]
resources: ["nodes", "pods", "secrets", "services", "namespaces"]
verbs: ["get", "list", "watch"]
- apiGroups: ["", "extensions", "networking.k8s.io"]
resources: ["nodes/status", "pods/status", "ingresses/status"]
verbs: ["get"]
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: traefik
To create the cluster role and cluster role binding, run the following command:
$ kubectl apply -f cluster-role-binding.yaml
Step 4: Create a ConfigMap
Traefik needs a configuration file to know how to route traffic to the appropriate services and endpoints. In this step, we will create a ConfigMap that contains Traefik configuration settings. The ConfigMap allows us to store configuration settings separately from the deployment manifest.
To create a ConfigMap, create a file called traefik-config.yaml with the following content:
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik-config
namespace: traefik
data:
traefik.yaml: |
api:
dashboard: true
insecure: true
providers:
kubernetesIngress: {}
This configuration file contains the basic configuration settings for Traefik. It enables the dashboard and sets up Kubernetes as the provider for the ingress.
Once you have created the file, apply it to your Kubernetes cluster by running the following command:
$ kubectl apply -f traefik-config.yaml
Step 5: Create a Traefik Deployment
In this step, we will create a Traefik deployment that uses the configuration settings from the ConfigMap created in the previous step.
To create a Traefik deployment, create a file called traefik-deployment.yaml with the following content:
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik-deployment
namespace: traefik
spec:
selector:
matchLabels:
app: traefik
replicas: 1
template:
metadata:
labels:
app: traefik
spec:
containers:
- name: traefik
image: traefik:v2.9
args:
- --api.insecure
- --providers.kubernetesingress
- --providers.kubernetescrd
- --configfile=/config/traefik.yaml
volumeMounts:
- name: config
mountPath: /config
volumes:
- name: config
configMap:
name: traefik-config
This deployment manifest specifies a single replica of the Traefik container, which mounts the ConfigMap created in the previous step as a volume. It also sets the configfile flag to point to the traefik.yaml file in the ConfigMap.
Once you have created the file, apply it to your Kubernetes cluster by running the following command:
$ kubectl apply -f traefik-deployment.yaml
Step 6: Create a Traefik Service
In this step, we will create a Traefik service that exposes the Traefik deployment.
To create a Traefik service, create a file called traefik-service.yaml with the following content:
apiVersion: v1
kind: Service
metadata:
name: traefik-service
namespace: traefik
spec:
selector:
app: traefik
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 443
targetPort: 443
type: LoadBalancer
This service manifest exposes the Traefik deployment on port 80 and 443 and creates a LoadBalancer to route traffic to the deployment.
Once you have created the file, apply it to your Kubernetes cluster by running the following command:
$ kubectl apply -f traefik-service.yaml
Step 7: Verify the Traefik Deployment
After deploying Traefik, you should verify that it is running correctly on your GKE cluster. Here are the steps to follow to verify your Traefik deployment:
- Use the following command to list the pods running in the
traefiknamespace:$ kubectl get pods -n traefikThis command should return a list of pods, which should include the traefik-ingress-controller- pod.
- Use the following command to get the details of the
traefik-ingress-controllerpod:$ kubectl describe pod -n traefik traefik-ingress-controller-<random-string>This command should return the details of the
traefik-ingress-controllerpod. Make sure that the pod has aRunningstatus and that there are no errors or warnings in the output. - Use the following command to list the services running in the
traefiknamespace:$ kubectl get services -n traefik - Use the following command to get the details of the
traefik-ingress-serviceservice:$ kubectl describe service -n traefik traefik-ingress-serviceThis command should return the details of the traefik-ingress-service service. Make sure that the service has a ClusterIP and that there are no errors or warnings in the output.
Conclusion
In a nutshell, Traefik is an excellent solution for managing Kubernetes traffic, and deploying it to a Kubernetes cluster in GKE is relatively straightforward. By following the steps outlined in this how-to guide, and using the provided YAML files, you should be able to deploy Traefik to your GKE cluster with ease.
Additional resources
Here are some additional resources you can use to learn more about Traefik:
- Traefik official website – https://traefik.io/
- Traefik documentation – https://doc.traefik.io/
- Traefik Github repository – https://github.com/traefik/traefik
- Kubernetes ingress documentation – https://kubernetes.io/docs/concepts/services-networking/ingress/
- Kubernetes official website – https://kubernetes.io/
- Kubernetes API reference – https://kubernetes.io/docs/reference/
- Traefik provider documentation – https://doc.traefik.io/traefik/providers/kubernetes-ingress/
By going through these resources, you will gain a deeper understanding of Traefik and its features, as well as learn how to configure and use Traefik with Kubernetes.