Charmed MicroK8s HowTo setup Traefik ingress

charm Kubernetes
, , , ,
1

Kubernetes Ingress allows for external access to services in a k8s cluster, typically HTTP. Ingress may also provide load balancing, SSL termination and name-based virtual hosting.

This HowTo explains how to use the Traefik charm to expose the Hello, Kubecon demo charm through an IP provided by the MetalLB controller charm.

Requirements

  • you have a Kubernetes cluster (eg MicroK8s) up and running
  • the Kubernetes cluster is added as a cloud to Juju, for this guide we will assume this is microk8s-cloud

Add model

First we create a model to host our traefik demo deployment:

juju add-model tf-demo microk8s-cloud

Deploy MetalLB

MetalLB provides public IP addresses to services running in the Kubernetes cluster. In this case we can configure MetalLB to control just one address, specified in the --configargument for the controller charm (please choose an address that is appropriate for your network, in this example we will use 42.42.42.42).

juju deploy metallb --trust --config iprange=42.42.42.42-42.42.42.42 --channel 1.28/stable

Deploy Traefik

The Traefik charm is deployed with the --trust flag so that the service has access to :

juju deploy traefik-k8s --trust

To test Traefik is working as expected we will deploy a demo workload encapsulated in a charm called hello-kubecon:

juju deploy hello-kubecon

To expose the hello-kubecon charm we connect it to Traefik:

juju integrate traefik-k8s hello-kubecon

Test the demo

After a few minutes, the juju statuscommand should report that everything is active:

Model    Controller      Cloud/Region    Version  SLA          Timestamp
tf-demo  mk8s-localhost  mk8s/localhost  3.1.5    unsupported  15:19:43+03:00

App                 Version                         Status  Scale  Charm               Channel  Rev  Address         Exposed  Message
hello-kubecon                                       active      1  hello-kubecon       stable    19  10.152.183.175  no       
metallb-controller  res:metallb-controller-imag...  active      1  metallb-controller  stable    46  10.152.183.198  no       
metallb-speaker     res:metallb-speaker-image@6...  active      1  metallb-speaker     stable    41  10.152.183.195  no       
traefik-k8s         2.9.6                           active      1  traefik-k8s         stable   110  42.42.42.42     no       

Unit                   Workload  Agent  Address       Ports     Message
hello-kubecon/0*       active    idle   10.1.180.207            
metallb-controller/0*  active    idle   10.1.180.208  7472/TCP  
metallb-speaker/0*     active    idle   192.168.1.8   7472/TCP  
traefik-k8s/0*         active    idle   10.1.180.205

By default Traefik uses its externally-visible url and creates a route for the requester that will be structured like:

http://<external_hostname>:<port>/<requester_model_name>-<requester_application_name>-<requester-unit-index>

In our case we can reach the demo site by running: curl http://42.42.42.42/tf-demo-hello-kubecon

For more details on configuring Traefik, please see the Traefik operator documentation.