You can configure k0s with the Traefik ingress controller, a MetalLB service loadbalancer, and deploy the Traefik Dashboard using a service sample. To do this you leverage Helm's extensible bootstrapping functionality to add the correct extensions to the k0s.yaml
file during cluster configuration.
Configure k0s to install Traefik and MetalLB during cluster bootstrapping by adding their Helm charts as extensions in the k0s configuration file (k0s.yaml
).
Note:
A good practice is to have a small range of IP addresses that are addressable on your network, preferably outside the assignment pool your DHCP server allocates (though any valid IP range should work locally on your machine). Providing an addressable range allows you to access your load balancer and Ingress services from anywhere on your local network.
extensions:
helm:
repositories:
- name: traefik
url: https://helm.traefik.io/traefik
- name: bitnami
url: https://charts.bitnami.com/bitnami
charts:
- name: traefik
chartname: traefik/traefik
version: "10.3.2"
namespace: default
- name: metallb
chartname: bitnami/metallb
version: "2.5.4"
namespace: default
values: |2
configInline:
address-pools:
- name: generic-cluster-pool
protocol: layer2
addresses:
- 192.168.0.5-192.168.0.10
After you start your cluster, run kubectl get all
to confirm the deployment of Traefik and MetalLB. The command should return a response with the metallb
and traefik
resources, along with a service load balancer that has an assigned EXTERNAL-IP
.
kubectl get all
Output:
NAME READY STATUS RESTARTS AGE
pod/metallb-1607085578-controller-864c9757f6-bpx6r 1/1 Running 0 81s
pod/metallb-1607085578-speaker-245c2 1/1 Running 0 60s
pod/traefik-1607085579-77bbc57699-b2f2t 1/1 Running 0 81s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 96s
service/traefik-1607085579 LoadBalancer 10.105.119.102 192.168.0.5 80:32153/TCP,443:30791/TCP 84s
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/metallb-1607085578-speaker 1 1 1 1 1 kubernetes.io/os=linux 87s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/metallb-1607085578-controller 1/1 1 1 87s
deployment.apps/traefik-1607085579 1/1 1 1 84s
NAME DESIRED CURRENT READY AGE
replicaset.apps/metallb-1607085578-controller-864c9757f6 1 1 1 81s
replicaset.apps/traefik-1607085579-77bbc57699 1 1 1 81s
Take note of the EXTERNAL-IP
given to the service/traefik-n
load balancer. In this example, 192.168.0.5
has been assigned and can be used to access services via the Ingress proxy:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/traefik-1607085579 LoadBalancer 10.105.119.102 192.168.0.5 80:32153/TCP,443:30791/TCP 84s
Receiving a 404 response here is normal, as you've not configured any Ingress resources to respond yet:
$ curl http://192.168.0.5
404 page not found
With an available and addressable load balancer present on your cluster, now you can quickly deploy the Traefik dashboard and access it from anywhere on your LAN (assuming that MetalLB is configured with an addressable range).
-
Create the Traefik Dashboard IngressRoute in a YAML file:
apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: dashboard spec: entryPoints: - web routes: - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`) kind: Rule services: - name: api@internal kind: TraefikService
-
Deploy the resource:
root@k0s-host ➜ kubectl apply -f traefik-dashboard.yaml
Output:
ingressroute.traefik.containo.us/dashboard created
At this point you should be able to access the dashboard using the
EXTERNAL-IP
that you noted above by visitinghttp://192.168.0.5/dashboard/
in your browser: -
Create a simple
whoami
Deployment, Service, and Ingress manifest:apiVersion: apps/v1 kind: Deployment metadata: name: whoami-deployment spec: replicas: 1 selector: matchLabels: app: whoami template: metadata: labels: app: whoami spec: containers: - name: whoami-container image: containous/whoami --- apiVersion: v1 kind: Service metadata: name: whoami-service spec: ports: - name: http targetPort: 80 port: 80 selector: app: whoami --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: whoami-ingress spec: rules: - http: paths: - path: /whoami pathType: Exact backend: service: name: whoami-service port: number: 80
-
Apply the manifests:
root@k0s-host ➜ kubectl apply -f whoami.yaml
Output:
deployment.apps/whoami-deployment created service/whoami-service created ingress.networking.k8s.io/whoami-ingress created
-
Test the ingress and service:
curl http://192.168.0.5/whoami
Output:
Hostname: whoami-deployment-85bfbd48f-7l77c IP: 127.0.0.1 IP: ::1 IP: 10.244.214.198 IP: fe80::b049:f8ff:fe77:3e64 RemoteAddr: 10.244.214.196:34858 GET /whoami HTTP/1.1 Host: 192.168.0.5 User-Agent: curl/7.68.0 Accept: */* Accept-Encoding: gzip X-Forwarded-For: 192.168.0.82 X-Forwarded-Host: 192.168.0.5 X-Forwarded-Port: 80 X-Forwarded-Proto: http X-Forwarded-Server: traefik-1607085579-77bbc57699-b2f2t X-Real-Ip: 192.168.0.82
With the Traefik Ingress Controller it is possible to use 3rd party tools, such as ngrok, to go further and expose your load balancer to the world. In doing this you enable dynamic certificate provisioning through Let's Encrypt, using either cert-manager or Traefik's own built-in ACME provider.