Hello, I would like to share with you, the way you can deploy Traefik Ingress deployment with Flux.
I would like to mention that I have posted another post illustrating the manual deployment with the use of Helm Cli to deploy the Helm Chart.
Lets Dive In...
What is Flux ?
Flux is a collection of tools for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy.
Flux Core Concepts
You can find the necessary information from here.
How you can Install Flux ?
You have to install two part the first part is the Flux CLI which it is needed to install flux to your Kubernetes Cluster. You can find the necessary information from here
How you can structure your Repository ?
You can find the necessary information from here
Lets Bootstap our Demo repository.
flux bootstrap github \
--owner=<github-user> \
--repository=test-app-deployment \
--team=Developers \
--path=clusters/test-cluster \
--components-extra=image-reflector-controller,image-automation-controller \
--token-auth
This is a very simple way to structure your Flux git repository used as a Source aka Source of Truth (it is always being monitored by flux).
Inside the clusters/test-cluster we are going to add the application we want to deploy to our Kubernetes Cluster.
Lets Deploy the Flux Manifests with a simple Git Push
Bellow you can find the manifests you will need to commit in order Flux to be able to deploy Traefik Helm Chart with the Helm Controller.
---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: traefik
namespace: flux-system
spec:
interval: 1m0s
url: https://helm.traefik.io/traefik
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: traefik
namespace: flux-system
spec:
chart:
spec:
chart: traefik
sourceRef:
kind: HelmRepository
name: traefik
version: 10.24.3
interval: 1m0s
releaseName: traefik
targetNamespace: default
valuesFrom:
- kind: Secret
name: traefik-secret
---
apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
name: traefik-secret
namespace: flux-system
stringData:
values.yaml: |
additionalArguments:
- "--providers.kubernetescrd.allowCrossNamespace=true"
- "--certificatesresolvers.<le-name>.acme.tlschallenge"
- "--certificatesresolvers.<le-name>.acme.email=<someone@some-domain.com>"
- "--certificatesresolvers.<le-name>.acme.storage=/data/acme.json"
# Logging
- --log.level=info
- --log.format=json
service:
enabled: true
type: LoadBalancer
annotations:
helm.sh/resource-policy: keep
meta.helm.sh/release-name: traefik
meta.helm.sh/release-namespace: default
ports:
vault:
port: 8200
expose: true
exposedPort: 8200
protocol: TCP
persistence:
enabled: enable
name: data
accessMode: ReadWriteOnce
size: 1024Mi
path: /data
podSecurityContext:
fsGroup: null
deployment:
initContainers:
- name: fix-data-dir-permissions
image: alpine:3.16.2
command:
- chown
- -R
- 65532:65532
- /data
volumeMounts:
- name: data
mountPath: /data
**Please Confirm that flux has completed the reconciliation process by executing the following commands.**
Also you can execute to retrieve all the resources managed by Flux
flux get all -A
If you want to force flux to reconcile faster a helm relase deployment you can execute the following commands
flux reconcile source git flux-system
flux get hr traefik
After reconciliation process has been completed we can proceed to the next stage of the deployment which is the deployment of the Traefik CRDs and also any other necessary definitions like custom middlewares and of course the Ingressroutes (which is actually a Custom Resource)
---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
name: traefik-crds
namespace: flux-system
spec:
interval: 30m
url: https://github.com/traefik/traefik-helm-chart.git
ref:
tag: v10.3.0
ignore: |
# exclude all
/*
# path to crds
!/traefik/crds/
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
name: traefik-api-crds
namespace: flux-system
spec:
interval: 15m
prune: false
sourceRef:
kind: GitRepository
name: traefik-crds
namespace: flux-system
healthChecks:
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: ingressroutes.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: ingressroutetcps.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: ingressrouteudps.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: middlewares.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: middlewaretcps.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: serverstransports.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: tlsoptions.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: tlsstores.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: traefikservices.traefik.containo.us
---
# Redirect to https
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: redirectscheme
spec:
redirectScheme:
scheme: https
permanent: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: frontend-ingress-route-redirect
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`some-domain`)
kind: Rule
services:
- name: frontend
port: <ports>
middlewares:
- name: redirectscheme #enable redirect to https
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: frontend-ingress-route-secure
namespace: default
spec:
entryPoints:
- vault
routes:
- match: Host(``)
kind: Rule
services:
- name: frontend
port: <port>
tls:
certResolver: <le-name> # can be random name
I hope you like the tutorial, if you do give a thumps up! and follow me in Twitter, also you can subscribe to my Newsletter in order to avoid missing any of the upcoming tutorials.
Media Attribution
I would like to thank Clark Tibbs for designing the awesome photo I am using in my posts.
Thank you, Cheers!!!