Deploy Traefik Ingress with Helm.

Deploy Traefik Ingress with Helm.

Hello, I would like share with you a working example of Helm Values used to overwrite the defaults in order to configure Traefik Ingress to retain the Client Original Ip in the headers X-Forwarded-For and X-Real-Ip.

Lets provision a Testing GKE Cluster with Gcloud CLI.

 gcloud container clusters create test-gke-cluster \
   --region europe-central2 \
   --node-locations europe-central2-a \
   --num-nodes=1 \
   --machine-type=e2-medium \
   --disk-size=50 \
   --disk-type=pd-standard \
   --image-type=cos_containerd \
   --release-channel=stable \
   --node-version="1.22.12-gke.2300" \
   --enable-autoscaling \
   --min-nodes 1 \
   --max-nodes 3 \
   --enable-autorepair \
   --network="" \
   --enable-ip-alias

Lets Deploy Traefik Ingress to our new GKE Cluster

  • Get the Credentials for you cluster by executing the command bellowin order to be able to connect to it.
gcloud container clusters get-credentials "test-gke-cluster"  --zone=europe-central2-a

Manual Deployment with Helm (Traefik Ingress)


 helm install traefik/traefik --values ./custom-values.yaml  --name-template traefik-ingress --wait

---
additionalArguments:
  - "--providers.kubernetescrd.allowCrossNamespace=true" # proxy backend services in across namespaces
  # Logging
  - --log.level=info
  - --log.format=json
certResolvers: 
  letsencrypt:
    tlsChallenge: true
    email: someone@ngcloudops.net
    storage: /data/acme.json
service:
  enabled: true
  type: LoadBalancer
  spec:
    externalTrafficPolicy: Local # Retain Client IP in the Headers 
  annotations:
    helm.sh/resource-policy: keep
    meta.helm.sh/release-name: traefik
    meta.helm.sh/release-namespace: default
deployment: 
  initContainers: # Ensure the `/data/acme.json` Permisssion is 600
    - name: fix-data-dir-permissions
      image: alpine:3.16.2
      command:
        - chown
        - -R  
        - 65532:65532
        - /data
      volumeMounts:
        - name: data
          mountPath: /data
persistence: # Used to Store TLS Certs
  enabled: enable
  name: data
  accessMode: ReadWriteOnce
  size: 1024Mi # min size for some Providers like DO
  path: /data
podSecurityContext:
  fsGroup: null
Result

Image description

Please note that in any non Development Environment

the preferred way to do deploy any Workload to Kubernetes is using Continues Delivery Tools like Flux and ArgoCD, both of them follow the GitOps Principles.

Ref: traefik.io/blog/deploy-traefik-proxy-using-..

I hope you like the tutorial, if you do give a thumps up! and follow me in Twitter, also you can subscribe to my Newsletter in order to avoid missing any of the upcoming tutorials.

Media Attribution

I would like to thank Clark Tibbs for designing the awesome photo I am using in my posts.

Did you find this article valuable?

Support TVelmachos-DailyDevOps by becoming a sponsor. Any amount is appreciated!