Traefik 2.0 integration #1141
Comments
|
It seems that Traefik 2.0 drops Ingress support and so drops compatibility with most of the community Helm charts. So i don't think it's a good idea if it's really the case, even if Ingress has some limitations. |
|
From the documentation Traefik & Kubernetes seems that the Ingress support is not dropped but fully supported, more of this there is another custom Ingress the with enhanced capabilities for complex routes and middlewares! |
|
Thanks for reading the full doc! It was not clear as also talk on migrating to their new CRD. As k3s is using a chart to deploy Traefik, i guess we need to wait for the new version of the chart which is still not ready for production: traefik/traefik#5440 |
|
I'm using this and it works pretty well once you disable the original traefik: |
|
Looking forward as well the update to Traefik 2.0 |
|
@denysvitali that repo appears to be gone; do you have a substitute that you're still using? |
|
@brandond Nope, that repo should still work, look at https://github.com/nanosapp/chart-releases/tree/gh-pages/stable/traefik and you'll see the chart source. I've created that repo and the company I work for owns it 👍 |
|
I'll give it another try. I'm just getting started with Helm and don't quite grok the repo format; I'll admit to not actually loading the chart but just hit the repo URL from the CR with my browser and got a 404. |
|
That's just because Chart repos do not need an index.html. If you visit the repo URL with |
|
The Helm chart is now production ready https://github.com/containous/traefik-helm-chart/blob/master/traefik/Chart.yaml |
|
Been trying to get the Helm chart to work, but had not a lot of luck, followed the documentation on Traefik's website and got it working with k3s. The ansible role is here https://github.com/r1cebank/geck/tree/traefik-v2/roles/traefik |
|
@r1cebank apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: traefik
namespace: kube-system
spec:
chart: traefik
repo: https://containous.github.io/traefik-helm-chart
set:
image.tag: "2.2"Then place this file in |
|
I am not sure no-deploy is the right one, it is listed as deprecated in the documentation here
|
|
@torpinouche You're absolutely right! Thanks, I've adapted my comment. |
|
Hi, |
|
o/ greetings from Containous. If you need any assistance with the transition to v2 of Traefik please don't hesitate to reach out to myself or anyone on the team. cc @SantoDE |
|
@notsureifkevin fwict values content is pretty different in the contanious chart, specifically values that go into the toml in the traefik v1 chart aren't there (basically you need to bring your own toml). Am I understanding that right? |
|
@kbrowder I believe your observation is correct, we are working to abstract some of these use cases into more helm-friendly |
|
would love to see this coming sooner since traefik 2.0 is released since over a year now |
|
Bump on this one. We've run into an issue with the current installation of k3s (bundled traefik helm chart 1.81.0), only allows single external IP. The newer versions of Traefik charts support externalIPs as an array. |
|
If you wanna tackle that @samirsss, I guess feel free. We are happy to help :) |
|
We use Traefik 2.3 on a k3s multi node cluster in production for a few weeks now and it's working without any issues so far. Fist I installed the k3s cluster with the curl -sfL https://get.k3s.io | bash -s - \
--write-kubeconfig-mode "0644" \
--disable=traefikThen I apply a file called apiVersion: v1
kind: Namespace
metadata:
name: traefik
---
apiVersion: v1
kind: Secret
metadata:
name: ovh-credentials
namespace: traefik
type: Opaque
data:
OVH_APPLICATION_KEY: PoBhNa... # the base64 encoded application key
OVH_APPLICATION_SECRET: ReFGac... # the base64 encoded application secret
OVH_CONSUMER_KEY: YlaEW... # the base64 encoded consumer key
OVH_ENDPOINT: b3ZoLWV1
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: traefik
namespace: kube-system
spec:
repo: https://containous.github.io/traefik-helm-chart
chart: traefik
bootstrap: true
targetNamespace: traefik
valuesContent: |-
additionalArguments:
- "--certificatesresolvers.letsencrypt.acme.email=your.email@mail.com"
- "--certificatesresolvers.letsencrypt.acme.storage=/data/acme.json"
# Let's Encrypt staging API:
- "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
# Let's Encrypt production API:
# - "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesResolvers.letsencrypt.acme.dnschallenge=true"
- "--certificatesResolvers.letsencrypt.acme.dnschallenge.provider=ovh"
# If you want to use jaeger tracing for traefik uncomment these lines and adjust them to your jaeger installation
# - "--tracing=true"
# - "--tracing.serviceName=traefik"
# - "--tracing.jaeger=true"
# - "--tracing.jaeger.propagation=jaeger"
# - "--tracing.jaeger.traceContextHeaderName=uber-trace-id"
# - "--tracing.jaeger.samplingServerURL=http://jaeger-agent.jaeger.svc.cluster.local:5778/sampling"
# - "--tracing.jaeger.localAgentHostPort=jaeger-agent.jaeger.svc.cluster.local:6831"
# - "--tracing.jaeger.collector.endpoint=http://jaeger-collector.jaeger.svc.cluster.local:14268/api/traces?format=jaeger.thrift"
# If you want to use prometheus monitoring for traefik uncomment these lines
# - "--metrics=true"
# - "--metrics.prometheus=true"
# - "--metrics.prometheus.addServicesLabels=true"
- "--accesslog=true"
- "--log.level=INFO"
persistence:
enabled: true
path: /data
podAnnotations:
prometheus.io/port: '8082'
prometheus.io/scrape: 'true'
# We will apply our own ingress rule for the dashboard in the next step
ingressRoute:
dashboard:
enabled: false
envFrom:
- secretRef:
name: ovh-credentialsIf you don't want to use Traefiks dashboard just ignore the next step. apiVersion: v1
kind: Secret
metadata:
name: admin-dashboard-auth
namespace: traefik
data:
# This is the base64 and openssl encoded version of "user" as user and "password" as password
users: dXNlcjokYXByMSRxWVFuaS9FZSRqRHNNN3pnb1RoL01QeHJZTjlxVlEvCg==
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: admin-auth
namespace: traefik
spec:
basicAuth:
secret: admin-dashboard-auth
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-dashboard
namespace: traefik
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`traefik.example.com`)
services:
- name: api@internal
kind: TraefikService
middlewares:
- name: admin-auth
tls:
certResolver: letsencrypt
domains:
- main: "*.example.com"Now Traefik 2.3 is installed in a k3s cluster with a dashboard reachable on traefik.example.com. If it doesn't work as expected please let me know because this is a highly simplified version of the one we're using and maybe I deleted something essential. |
dweomer
added
the
priority/important-soon
not working for me... |
This comment has been minimized.
This comment has been minimized.
|
@Thalooka Traefik 2 was merged in 669d0c0 this week. |
ghost
mentioned this issue
Validated in v1.21.0-rc1+k3s1
|
Hi rancher-max, is there any documentation / way on how to upgrade to traefik 2.0? I have Rancher running and a frew other ingresses. I dont care to recreate these (it would be nice to have rancher running however). |
|
Hi @boindil, our docs should be getting merged for this soon, but you can take a look at rancher/docs#3021 which should have the steps linked there. |
|
Hi @rancher-max, thanks for the pointer, however, if I understood correctly, the docs mention mainly how to migrate the manifests from Ingress to IngressRoute. |
|
If I understand correctly, you're looking for how to upgrade traefik itself from v1 to v2, and then will handle all of the breaking changes? K3s doesn't provide a built-in method of doing that for you since there are so many breaking changes with this, so we would recommend you use the Traefik Migration Tool and follow Traefik's migration docs. K3s uses helm to install traefik, so you can potentially use helm to upgrade it, although the Traefik docs mention that the helm chart for traefik v2 is not yet stable, so proceed with caution. |
|
According to https://rancher.com/docs/k3s/latest/en/networking/#traefik-ingress-controller k3s installer will install traefik v2 when v1 is not installed and your cluster version is >= 1.21. This is how (more or less) I upgraded traefik
|
|
Thanks! I followed the steps proposed by @camaeel, for removing the old Traefik, I simply deleted the helmchart: After relauching the install script, Traefik v2 with the CRD was properly installed. Thanks! |
|
On a single node cluster where you haven't customized the Traefik configuration at all you can just:
The same will obviously work on multi-node clusters, you just have to do each step on all the servers before moving on to the next. |
|
and others
Is your feature request related to a problem? Please describe.
The feature tls-passthrough is missing.
Es. Installing argocd on the cluster is difficult due the missing of this feature.
Describe the solution you'd like
Substitute the actual version < 2.0 with the actual (that reach the GA with version 2.0)
Describe alternatives you've considered
Describe a reproducible way for remove the actual version in favor of the most updated version.
Additional context
The version of Traefik 2.0 seems most kubernetes friendly so, this seems to me a very natural step to do!
The text was updated successfully, but these errors were encountered: