traefik

Installation of Traefik 2.0

Installation of traefik is done through helm, and we have a traefik helm chart for Altinn Tjenester 3.0. If there is a fresh installation of traefik 2.0 with helm 3.0, make sure that there is a folder called crds in that helm chart folder. After that it is just to install with helm, and wait for the traefik service to have a public IP before updating the Azure DNS zone with a A record. »

TLS in Traefik 2.0

TLS sertificates stored as secrets on the cluster apiVersion: v1 kind: Secret metadata: name: altinn-tls-secret data: tls.crt: [[BASE 64 ENCODED CERTIFICATE]] tls.key: [[BASE 64 ENCODED PRIVATE KEY]] TLS Options To set up TLS options we need to use the custom resource TLSOption. A basic set up of this is: apiVersion: traefik.containo.us/v1alpha1 kind: TLSOption metadata: name: altinn-tls-options namespace: default spec: minVersion: VersionTLS12 Adding TLS to an Ingress Route Add a tls attribute to the spec if the ingress route, with secretName (secret that contains the TLS certificate and private key) and optionally a options-attribute with the name of the TLSOption we made and the namespace (if nothing is specified when creating the secret it would be in the default namespace). »

Traefik custom resources

IMPORTANT These resources have to be installed before creating any of the resources they describe. They are most likely installed with helm when installing traefik 2.0. To support new features in routing and middlewares with IngressRoutes and dynamic tls options, traefik supplies it’s own kubernetes custom resources defined in the traefik docs. These are: apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: ingressroutes.traefik.containo.us spec: group: traefik.containo.us version: v1alpha1 names: kind: IngressRoute plural: ingressroutes singular: ingressroute scope: Namespaced --- apiVersion: apiextensions. »

Traefik ingress routes

Before traefik 2.0 the only supported way of routing in kubernetes was through the Kubernetes Ingress prodvider, which limited the functionality traefik could offer. As a result of introducing the custom resource IngressRoutes in traefik 2.0 we don’t need to write many annotations on the ingress. And it is easier to configure access to a kubernetes cluster. Resource configuration apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: altinn-runtime spec: entryPoints: - web - websecure routes: - match: Host(`dev. »

Traefik routing

In Altinn Tjenester 3.0 we are migrating from nginx to traefik for routing. Installation of Traefik 2.0 How to install traefik TLS in Traefik 2.0 How to set up TLS Traefik custom resources Definitions for traefik 2.0 custom resources in kubernetes Traefik ingress routes How to set up an ingress route and route trafic based on rules and middlewares »