Tag: routing

Installation of Traefik 2.0

Installation of traefik is done through helm, and we have a traefik helm chart for Altinn Tjenester 3.0. If there is a fresh installation of traefik 2.0 with helm 3.0, make sure that there is a folder called crds in that helm chart folder. After that it is just to install with helm, and wait for the traefik service to have a public IP before updating the Azure DNS zone with a A record. »

Nginx SSL/TLS certificate

Generate SSL/TLS certificates from .PFX file In altinn studio we are using nginx as a proxy for internal routing. After issues with creating SSL/TLS certificates for nginx we we have written a guide for future developers to follow when creating SSL/TLS certificate secrets in kubernetes and mounting them to the nginx pods. Download .pfx file At the moment of writing this guide, we store our *.altinn.studio certificate in azure keyvault and you will need access to download it from that vault. »

Nginx loadbalancing in studio

Nginx routing The router config is stored as a configmap in our kubernetes cluster, and mounted to the pod as a .conf file. When the config needs to be changed, the changes should be done in the loadbalancer-configmap for the correct environment (dev/prod). Apply the changes, and restart the pod: Option 1: kill the pod and let the deployment spinn up a new pod. Option 2: open a shell into the pod kubectl exec -it [POD_NAME] -- sh and run the command nginx -s reload »

Nginx routing

Nginx routing The router config is stored as a configmap in our kubernetes cluster, and mounted to the pod as a .conf file. When the config needs to be changed, the changes should be done in the loadbalancer-configmap for the correct environment (dev/prod). Apply the changes, and restart the pod: Option 1: kill the pod and let the deployment spinn up a new pod. Option 2: open a shell into the pod kubectl exec -it [POD_NAME] -- sh and run the command nginx -s reload »

TLS in Traefik 2.0

TLS sertificates stored as secrets on the cluster apiVersion: v1 kind: Secret metadata: name: altinn-tls-secret data: tls.crt: [[BASE 64 ENCODED CERTIFICATE]] tls.key: [[BASE 64 ENCODED PRIVATE KEY]] TLS Options To set up TLS options we need to use the custom resource TLSOption. A basic set up of this is: apiVersion: traefik.containo.us/v1alpha1 kind: TLSOption metadata: name: altinn-tls-options namespace: default spec: minVersion: VersionTLS12 Adding TLS to an Ingress Route Add a tls attribute to the spec if the ingress route, with secretName (secret that contains the TLS certificate and private key) and optionally a options-attribute with the name of the TLSOption we made and the namespace (if nothing is specified when creating the secret it would be in the default namespace). »

Traefik custom resources

IMPORTANT These resources have to be installed before creating any of the resources they describe. They are most likely installed with helm when installing traefik 2.0. To support new features in routing and middlewares with IngressRoutes and dynamic tls options, traefik supplies it’s own kubernetes custom resources defined in the traefik docs. These are: apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: ingressroutes.traefik.containo.us spec: group: traefik.containo.us version: v1alpha1 names: kind: IngressRoute plural: ingressroutes singular: ingressroute scope: Namespaced --- apiVersion: apiextensions. »

Traefik ingress routes

Before traefik 2.0 the only supported way of routing in kubernetes was through the Kubernetes Ingress prodvider, which limited the functionality traefik could offer. As a result of introducing the custom resource IngressRoutes in traefik 2.0 we don’t need to write many annotations on the ingress. And it is easier to configure access to a kubernetes cluster. Resource configuration apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: altinn-runtime spec: entryPoints: - web - websecure routes: - match: Host(`dev. »

Traefik routing

In Altinn Tjenester 3.0 we are migrating from nginx to traefik for routing. Installation of Traefik 2.0 How to install traefik TLS in Traefik 2.0 How to set up TLS Traefik custom resources Definitions for traefik 2.0 custom resources in kubernetes Traefik ingress routes How to set up an ingress route and route trafic based on rules and middlewares »