Hello, I would like share with you a working example of Helm Values used to overwrite the defaults in order to configure Traefik Ingress to retain the Client Original Ip in the headers X-Forwarded-For and X-Real-Ip.
Prerequisite Step the Gcloud CLI must be installed and configured. Ref: cloud.google.com/sdk/docs/install-sdk
Connect the CLI to your account. Ref: cloud.google.com/sdk/docs/authorizing
Install Helm CLI to you Personal Computer. Ref: helm.sh/docs/intro/install
Lets provision a Testing GKE Cluster with Gcloud CLI.
gcloud container clusters create test-gke-cluster \
--region europe-central2 \
--node-locations europe-central2-a \
--num-nodes=1 \
--machine-type=e2-medium \
--disk-size=50 \
--disk-type=pd-standard \
--image-type=cos_containerd \
--release-channel=stable \
--node-version="1.22.12-gke.2300" \
--enable-autoscaling \
--min-nodes 1 \
--max-nodes 3 \
--enable-autorepair \
--network="" \
--enable-ip-alias
Lets Deploy Traefik Ingress to our new GKE Cluster
- Get the Credentials for you cluster by executing the command bellowin order to be able to connect to it.
gcloud container clusters get-credentials "test-gke-cluster" --zone=europe-central2-a
Manual Deployment with Helm (Traefik Ingress)
helm install traefik/traefik --values ./custom-values.yaml --name-template traefik-ingress --wait
---
additionalArguments:
- "--providers.kubernetescrd.allowCrossNamespace=true" # proxy backend services in across namespaces
# Logging
- --log.level=info
- --log.format=json
certResolvers:
letsencrypt:
tlsChallenge: true
email: someone@ngcloudops.net
storage: /data/acme.json
service:
enabled: true
type: LoadBalancer
spec:
externalTrafficPolicy: Local # Retain Client IP in the Headers
annotations:
helm.sh/resource-policy: keep
meta.helm.sh/release-name: traefik
meta.helm.sh/release-namespace: default
deployment:
initContainers: # Ensure the `/data/acme.json` Permisssion is 600
- name: fix-data-dir-permissions
image: alpine:3.16.2
command:
- chown
- -R
- 65532:65532
- /data
volumeMounts:
- name: data
mountPath: /data
persistence: # Used to Store TLS Certs
enabled: enable
name: data
accessMode: ReadWriteOnce
size: 1024Mi # min size for some Providers like DO
path: /data
podSecurityContext:
fsGroup: null
Result
Please note that in any non Development Environment
the preferred way to do deploy any Workload to Kubernetes is using Continues Delivery Tools like Flux and ArgoCD, both of them follow the GitOps Principles.
Ref: traefik.io/blog/deploy-traefik-proxy-using-..
I hope you like the tutorial, if you do give a thumps up! and follow me in Twitter, also you can subscribe to my Newsletter in order to avoid missing any of the upcoming tutorials.
Media Attribution
I would like to thank Clark Tibbs for designing the awesome photo I am using in my posts.