Deploy Traefik to Kubernetes

  • Traefik will be deployed as a DaemonSet in this case.

Using a DaemonSet

  • DaemonSets automatically scale to new nodes, when the nodes join the cluster, whereas Deployment pods are only scheduled on new nodes if required.
  • DaemonSets ensure that only one replica of pods run on any single node. Deployments require affinity settings if you want to ensure that two pods don’t end up on the same node.
  • DaemonSets can be run with the NET_BIND_SERVICE capability, which will allow it to bind to port 80/443/etc on each host. This will allow bypassing the kube-proxy, and reduce traffic hops. Note that this is against the Kubernetes Best Practices Guidelines, and raises the potential for scheduling/scaling issues. Despite potential issues, this remains the choice for most ingress controllers.

Setup WebUI with HTTP Basic Auth

kubectl apply -f traefik-rbac.yaml
kubectl apply -f traefik-ingresscontroller.yaml
kubectl apply -f traefik-webui-ingress.yaml

kubectl --namespace=kube-system get pods
kubectl --namespace=kube-system get svc
kubectl --namespace=kube-system delete svc traefik-web-ui

## HTTP Basic Auth
## username: traefikadmin
## password: traefik
## traefikadmin:$apr1$JjjeJWrP$RWdglRGm3MuHHlL15d/pN/

## htpasswd -c ./auth traefikadmin
## kubectl create secret generic traefikadmin --from-file auth --namespace=kube-system
## kubectl apply -f traefik-webui-ingress2.yaml

## Where 3.83.102.254 is the external IP 
## ec2-3-83-102-254.compute-1.amazonaws.com
echo "3.83.102.254 traefik-ui.gestalts.net" | sudo tee -a /etc/hosts

Setup SSL termination in Traefik

## Add SSL to the Traefik Ingress
## openssl req -x509 -nodes -days 999 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=traefik-ui.gestalts.net"
## kubectl -n kube-system create secret tls traefik-ui-tls-cert --key=tls.key --cert=tls.crt

Canary Deployments using Traefik

deployment #1

kubectl apply -f hello-deployment-20190710-1501.yaml

deployment #2

kubectl apply -f hello-deployment-20190710-1515.yaml

canary 1% to deployment #2

kubectl apply  -f traefik-ingress-canary.yaml

canary 1% to deployment #1

kubectl apply  -f traefik-ingress-canary2.yaml

traffic 100% to deployment #2

kubectl apply  -f traefik-ingress-canary3.yaml

delete deployment #1

kubectl delete -f hello-deployment-20190710-1501.yaml
categories: AWS | EKS | traefik | traefik-v1 | Kubernetes |