Deploy Traefik Ingress to Kubernetes with Flux.

Deploy Traefik Ingress to Kubernetes with Flux.

Hello, I would like to share with you, the way you can deploy Traefik Ingress deployment with Flux.

I would like to mention that I have posted another post illustrating the manual deployment with the use of Helm Cli to deploy the Helm Chart.

Lets Dive In...

What is Flux ?

Flux is a collection of tools for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy.

Flux Core Concepts

You can find the necessary information from here.

How you can Install Flux ?

You have to install two part the first part is the Flux CLI which it is needed to install flux to your Kubernetes Cluster. You can find the necessary information from here

How you can structure your Repository ?

You can find the necessary information from here

Lets Bootstap our Demo repository.

flux bootstrap github \
  --owner=<github-user> \
  --repository=test-app-deployment \
  --team=Developers \
  --path=clusters/test-cluster \
  --components-extra=image-reflector-controller,image-automation-controller \
  --token-auth

This is a very simple way to structure your Flux git repository used as a Source aka Source of Truth (it is always being monitored by flux).

Image description

Inside the clusters/test-cluster we are going to add the application we want to deploy to our Kubernetes Cluster.

Lets Deploy the Flux Manifests with a simple Git Push

Bellow you can find the manifests you will need to commit in order Flux to be able to deploy Traefik Helm Chart with the Helm Controller.

---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
  name: traefik
  namespace: flux-system
spec:
  interval: 1m0s
  url: https://helm.traefik.io/traefik

---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: traefik
  namespace: flux-system
spec:
  chart:
    spec:
      chart: traefik
      sourceRef:
        kind: HelmRepository
        name: traefik
      version: 10.24.3
  interval: 1m0s
  releaseName: traefik
  targetNamespace: default
  valuesFrom:
    - kind: Secret
      name: traefik-secret
---
apiVersion: v1
kind: Secret
metadata:
  creationTimestamp: null
  name: traefik-secret
  namespace: flux-system
stringData:
  values.yaml: |
    additionalArguments:
      - "--providers.kubernetescrd.allowCrossNamespace=true"
      - "--certificatesresolvers.<le-name>.acme.tlschallenge"
      - "--certificatesresolvers.<le-name>.acme.email=<someone@some-domain.com>"
      - "--certificatesresolvers.<le-name>.acme.storage=/data/acme.json"
      # Logging
      - --log.level=info
      - --log.format=json
    service:
      enabled: true
      type: LoadBalancer
      annotations:
        helm.sh/resource-policy: keep
        meta.helm.sh/release-name: traefik
        meta.helm.sh/release-namespace: default
    ports:
      vault:
        port: 8200
        expose: true
        exposedPort: 8200
        protocol: TCP
    persistence:
      enabled: enable
      name: data
      accessMode: ReadWriteOnce
      size: 1024Mi
      path: /data
    podSecurityContext:
      fsGroup: null
    deployment: 
      initContainers:
        - name: fix-data-dir-permissions
          image: alpine:3.16.2
          command:
            - chown
            - -R  
            - 65532:65532
            - /data
          volumeMounts:
            - name: data
              mountPath: /data

**Please Confirm that flux has completed the reconciliation process by executing the following commands.**

Also you can execute to retrieve all the resources managed by Flux
flux get all -A

If you want to force flux to reconcile faster a helm relase deployment you can execute the following commands
flux reconcile source git flux-system
flux get hr traefik

After reconciliation process has been completed we can proceed to the next stage of the deployment which is the deployment of the Traefik CRDs and also any other necessary definitions like custom middlewares and of course the Ingressroutes (which is actually a Custom Resource)

---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
  name: traefik-crds
  namespace: flux-system
spec:
  interval: 30m
  url: https://github.com/traefik/traefik-helm-chart.git
  ref:
    tag: v10.3.0
  ignore: |
    # exclude all
    /*
    # path to crds
    !/traefik/crds/
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
  name: traefik-api-crds
  namespace: flux-system
spec:
  interval: 15m
  prune: false
  sourceRef:
    kind: GitRepository
    name: traefik-crds
    namespace: flux-system
  healthChecks:
    - apiVersion: apiextensions.k8s.io/v1
      kind: CustomResourceDefinition
      name: ingressroutes.traefik.containo.us
    - apiVersion: apiextensions.k8s.io/v1
      kind: CustomResourceDefinition
      name: ingressroutetcps.traefik.containo.us
    - apiVersion: apiextensions.k8s.io/v1
      kind: CustomResourceDefinition
      name: ingressrouteudps.traefik.containo.us
    - apiVersion: apiextensions.k8s.io/v1
      kind: CustomResourceDefinition
      name: middlewares.traefik.containo.us
    - apiVersion: apiextensions.k8s.io/v1
      kind: CustomResourceDefinition
      name: middlewaretcps.traefik.containo.us
    - apiVersion: apiextensions.k8s.io/v1
      kind: CustomResourceDefinition
      name: serverstransports.traefik.containo.us
    - apiVersion: apiextensions.k8s.io/v1
      kind: CustomResourceDefinition
      name: tlsoptions.traefik.containo.us
    - apiVersion: apiextensions.k8s.io/v1
      kind: CustomResourceDefinition
      name: tlsstores.traefik.containo.us
    - apiVersion: apiextensions.k8s.io/v1
      kind: CustomResourceDefinition
      name: traefikservices.traefik.containo.us
---
# Redirect to https
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: redirectscheme
spec:
  redirectScheme:
    scheme: https
    permanent: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: frontend-ingress-route-redirect
  namespace: default
spec:
  entryPoints:
    - web
  routes:
    - match: Host(`some-domain`)
      kind: Rule
      services:
        - name: frontend
          port: <ports>
      middlewares:
        - name: redirectscheme #enable redirect to https
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: frontend-ingress-route-secure
  namespace: default
spec:
  entryPoints:
    - vault
  routes:
    - match: Host(``)
      kind: Rule
      services:
        - name: frontend
          port: <port>
  tls:
    certResolver: <le-name> #  can be random name

I hope you like the tutorial, if you do give a thumps up! and follow me in Twitter, also you can subscribe to my Newsletter in order to avoid missing any of the upcoming tutorials.

Media Attribution

I would like to thank Clark Tibbs for designing the awesome photo I am using in my posts.

Thank you, Cheers!!!

Did you find this article valuable?

Support TVelmachos-DailyDevOps by becoming a sponsor. Any amount is appreciated!