MR.
Hello, I am learning kubernetes and traefik. I would like to deploy traefik in kubernetes.
I have currently this situation.
kubectl get pods,services
NAME READY STATUS RESTARTS AGE
pod/app-frontend-5d5584888d-9mzhv 1/1 Running 0 114m
pod/app-backend-67b59df8b5-59lh2 1/1 Running 0 114m
pod/cm-acme-http-solver-qh8ms 1/1 Running 0 63m
pod/company-service-855864d49-mrkrp 1/1 Running 0 114m
pod/edge-service-5cd9945fbc-tzthl 1/1 Running 0 114m
pod/location-service-68db8f867b-wzf4j 1/1 Running 0 114m
pod/tomcat-deployment-69677f796c-57xh7 1/1 Running 0 39m
pod/traefik-5d86ff94c5-c6m9f 1/1 Running 0 22h
pod/traefik-deployment-c8bdf66f5-kgng2 1/1 Running 0 4h46m
pod/user-service-5f5c46df5f-j2lqg 1/1 Running 1 (113m ago) 114m
NAME TYPE EXTERNAL-IP PORT(S) AGE
service/app-frontend LoadBalancer app-ext-ip 3000:32459/TCP 114m
service/app-backend ClusterIP <none> 5432/TCP 114m
service/cm-acme-http-solver-fcgpr NodePort <none> 8089:30577/TCP 63m
service/company-service ClusterIP <none> 9003/TCP 114m
service/edge-service ClusterIP <none> 9000/TCP 114m
service/kubernetes ClusterIP <none> 443/TCP 23h
service/location-service ClusterIP <none> 9002/TCP 114m
service/traefik LoadBalancer traefik-ext-ip 80:32591/TCP,443:30716/TCP 22h
service/traefik-dashboard-service LoadBalancer traefik-dashboard-ext-ip 8080:31431/TCP 4h44m
service/traefik-web-service LoadBalancer traefik-web-ext-ip 80:31211/TCP 4h44m
service/user-service ClusterIP <none> 9001/TCP 114m
so far I followed this guide: Secure Web Apps: Traefik Proxy, cert-manager & Let’s Encrypt and I’m reading the traefik documentation. What I’m trying to understand and achieve Is how to get traefik act as a proxy and ssl into app-frontend. Can you point me to some further documentation? Do I need to make another load balancer service that uses ssl and goes to app-frontend ?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Heya, @netrunnercyberpunkcoral
In order to use Traefik as a reverse proxy with SSL termination for your app-frontend
service, you don’t need to create another LoadBalancer service. Instead, you configure Traefik to route traffic to your app-frontend
using IngressRoute resources.
Traefik listens for incoming traffic on ports 80 and 443 (HTTP and HTTPS) and routes it to your Kubernetes services based on rules defined in Ingress
or IngressRoute
resources.
Create a Certificate for SSL
Use cert-manager
to provision an SSL certificate for app-frontend
.
Apply a Certificate Issuer
Define an Issuer (or ClusterIssuer) for Let’s Encrypt in YAML:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: your-email@example.com
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: traefik
Apply it:
kubectl apply -f cluster-issuer.yaml
Create a Certificate
Create a certificate for app-frontend
:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: app-frontend-cert
namespace: default
spec:
secretName: app-frontend-cert-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
commonName: app-frontend.example.com
dnsNames:
- app-frontend.example.com
Apply it:
kubectl apply -f certificate.yaml
Define an IngressRoute for Traefik
Create an IngressRoute to route traffic to your app-frontend
service and use the generated SSL certificate.
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: app-frontend-route
namespace: default
spec:
entryPoints:
- websecure
routes:
- match: Host(`app-frontend.example.com`)
kind: Rule
services:
- name: app-frontend
port: 3000
tls:
secretName: app-frontend-cert-tls
Apply it:
kubectl apply -f ingressroute.yaml
You can also check this article:
Regards
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Full documentation for every DigitalOcean product.
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.
New accounts only. By submitting your email you agree to our Privacy Policy
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.