How To use Traefik as an Ingress Controller

Traefik is a popular open-source reverse proxy and load balancer that can be used as an ingress controller for Kubernetes clusters. In this guide, we will go through the steps to install and configure Traefik using HELM, and then use it as an ingress controller to route HTTPS traffic to our Kubernetes applications.

Prerequisites

Before we begin, ensure you have the following:

A Kubernetes cluster.
HELM installed on your local machine.
Basic knowledge of Kubernetes and YAML syntax.

Step 1: Installing Traefik with HELM

Traefik can be installed in a Kubernetes cluster using HELM. Here are the steps to install Traefik with HELM:

Add the Traefik helm chart repository:

helm repo add traefik https://helm.traefik.io/traefik

Update the helm chart repository:
```
helm repo update:
```
Install the Traefik chart:
```
helm install traefik traefik/traefik
```
Verify the installation:
```
kubectl get pods
```
You should see the Traefik pod running.

Step 2: Configuring Traefik as an Ingress Controller

Once Traefik is installed, we need to configure it as an ingress controller to route HTTPS traffic to our Kubernetes applications.

Create a Kubernetes secret for your TLS certificate:
```
kubectl create secret tls my-tls-secret --key=path/to/tls.key --cert=path/to/tls.crt
```
Replace my-tls-secret with the name of your TLS secret, and path/to/tls.key and path/to/tls.crt with the paths to your TLS private key and certificate files.

Create a Kubernetes deployment and service for your application:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-app
        image: my-app:latest
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: my-app
spec:
  selector:
    app: my-app
  ports:
  - name: http
    port: 80
    targetPort: 80

Save this as my-app.yaml and replace my-app with the name of your application.

Create a Kubernetes ingress resource for your application:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-app
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    traefik.ingress.kubernetes.io/router.tls.certresolver: default
spec:
  tls:
  - hosts:
    - mydomain.com
    secretName: my-tls-secret
  rules:
  - host: mydomain.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-app
            port:
              name: http

Save this as `my-app.yaml” and replacemydomain.comwith your domain name, andmy-tls-secret` with the name of your TLS secret.

Apply the deployment, service, and ingress resources:
```
kubectl apply -f my-app.yaml
```
This will create a deployment, service, and ingress resource for your application.
Verify the ingress resource:
```
kubectl get ingress
```
Update your DNS records: Update your DNS records to point to the IP address of your Kubernetes cluster. Once your DNS records have propagated, you should be able to access your application over HTTPS at https://mydomain.com.

Congratulations! You have successfully configured Traefik as an ingress controller to route HTTPS traffic to your Kubernetes applications.

Advantages of Traefik over Nginx, Haproxy, and Istio Ingress controllers

Traefik has several advantages over other popular Kubernetes ingress controllers such as Nginx, Haproxy, and Istio. Here are some of the advantages:

Automatic configuration and discovery: Traefik can automatically discover and configure routes for Kubernetes services, which makes it easy to use and reduces the amount of manual configuration required.
Dynamic routing and load balancing: Traefik can dynamically route traffic to Kubernetes services based on a wide range of criteria such as host, path, and headers. It can also perform load balancing across multiple instances of a service.
Built-in support for Let’s Encrypt: Traefik has built-in support for Let’s Encrypt, which makes it easy to obtain and renew TLS certificates for your Kubernetes applications.
Modern architecture and design: Traefik is built using modern technologies such as Golang and is designed to be lightweight, modular, and easy to extend.
Integration with Kubernetes: Traefik integrates well with Kubernetes and can be used as a Kubernetes ingress controller. It can also be used as a service mesh proxy for Kubernetes clusters.
Real-time metrics and monitoring: Traefik provides real-time metrics and monitoring through an interactive dashboard, which makes it easy to monitor the performance of your Kubernetes applications.

Conclusion

In this guide, we went through the steps to install and configure Traefik using HELM, and then use it as an ingress controller to route HTTPS traffic to our Kubernetes applications. Traefik is a powerful tool that makes it easy to manage and route traffic to your Kubernetes applications and is a popular choice for Kubernetes ingress controllers. It offers several advantages over other popular Kubernetes ingress controllers such as Nginx, Haproxy, and Istio, including automatic configuration and discovery, dynamic routing and load balancing, built-in support for Let’s Encrypt, modern architecture and design, integration with Kubernetes, and real-time metrics and monitoring.

External resources for further reading

Traefik documentation: https://doc.traefik.io/traefik/
Kubernetes Ingress documentation: https://kubernetes.io/docs/concepts/services-networking/ingress/
NGINX Ingress Controller documentation: https://kubernetes.github.io/ingress-nginx/
HAProxy Kubernetes Ingress Controller documentation: https://www.haproxy.com/documentation/kubernetes/latest/usage/overview/
Istio Ingress documentation: https://istio.io/latest/docs/tasks/traffic-management/ingress/

How To use Traefik as an Ingress Controller