Installing Traefik 2 on K3s

As I’ve written about before, it’s very easy to setup a highly available Kubernetes cluster using K3s. By default, K3s comes with Traefik pre-packaged as an cluster ingress. However, at the time of writing, the default version of Traefik installed with K3s is 1.8.x while the latest available is Traefik 2. Traefik 2 has many new features compared to Traefik 1 and is definitely worth the upgrade.

Disabling the default Traefik installation

To install Traefik 2, we must disable the default Traefik installation when setting up K3s. This can be done with the --disable=traefik flag.

The following command would install K3s with Traefik disabled.

curl -sfL https://get.k3s.io | sh -s - --disable=traefik

Installing Traefik 2

We’re going to be installing Traefik 2 using the Helm package manager. The next section will cover how to install Helm; you can skip it if you already have Helm installed.

Installing Helm

You can install Helm using the following instructions.

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh

I found that I was not able to use the installed helm command without first setting the KUBECONFIG environment variable.

export KUBECONFIG=/etc/rancher/k3s/k3s.yaml

Installing Traefik using Helm

We can follow the instructions listed here for painless installation with default params.

helm repo add traefik https://helm.traefik.io/traefik
helm repo update
helm install traefik traefik/traefik

Verifying Installation

You can check whether Traefik pods are running using:

$ kubectl get pods --selector "app.kubernetes.io/name=traefik"
NAME                       READY   STATUS    RESTARTS   AGE
traefik-77fdb5c487-5kqz9   1/1     Running   1          5m

You should also be able to see a Traefik LoadBalancer service:

$ kubectl get svc --selector "app.kubernetes.io/name=traefik"
NAME      TYPE           CLUSTER-IP    EXTERNAL-IP    PORT(S)                      AGE
traefik   LoadBalancer   10.43.19.49   192.168.64.4   80:31907/TCP,443:32511/TCP   5m

Exposing the Traefik dashboard

Traefik comes with a decent dashboard that can be used to view configurations. By default, the dashboard is enabled in the helm chart. It can be exposed using the Ingress itself. Create a file called dashboard.yaml with the following contents:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: dashboard
spec:
  entryPoints:
    - web
  routes:
    - match: Host(`traefik.localhost`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
      kind: Rule
      services:
        - name: api@internal
          kind: TraefikService

Create the new ingress route using kubectl.

kubectl apply -f dashboard.yaml

You should now be able to access your dashboard at http://traefik.localhost/dashboard/. Note the trailing slash is required.

It will look something like this: Traefik Dashboard

It’s very strongly recommended you don’t leave this dashboard exposed without authentication.