Rancher RKE + Traefik

I have a Rancher RKE-deployed on-premise Kubernetes cluster I’d like to test Traefik with (clarification, Rancher built the cluster, it’s not a cluster hosting Rancher)… In research I’m getting conflicting information on if I have to disable Rancher’s default Nginx ingress on the entire cluster before I can install Traefik.

What’s the consensus?

I think the problem is normally you’d use a layer 4 LB from your provider to traefik acting as your Layer 7.

Maybe something like MetalLB could help? I’ve seen this mentioned in the past related to traefik and rancher (in prior Googling sessions :wink: )

Also potentially service type NodePort could be used… Surprisingly with Rancher 1.x it was actually easier to create an LB in rancher it’s self and hook it up to traefik.

I haven’t really dug in with rancher 2.x but plan to. So very curious to see how you do this

Yeah, I’ve got a Metallb implementation to get the Layer 4 connection to the system, but using just Metallb doesn’t give us the LetsEncrypt integration and single-point-of-ingress we want for our apps (via a *.something.domain.com subdomain, for instance).

My understanding is that if we don’t remove the Nginx Ingress Controller, the Nginx ingress and Traefik ingress will contend for the traffic.

Another similar product uses an “ingress class” setting in the installation of the service, so that we can set an annotation like “kubernetes.io/ingress.class: traefik” on any ingresses that are intended to be used by Traefik not Nginx, so we don’t have to mess with the default configuration too much.

Does Traefik have a similar setting on install?

Traefik supports kubernetes.io/ingress.class see https://docs.traefik.io/v1.7/configuration/backends/kubernetes for more information.

Traefik v2 supports L4 (TCP) :wink:

1 Like

Why not have two instances of Traefik. One acting as the Load Balancer Level 4. The second instance acting as the Kubernetes Ingress level 7 and only accepting traffic from Traefik in level 4. I am not familiar with metallb but what does it provide in the way of load balancing that Traefik does not? Just because Traefik can do layer 7 does not mean we need to leverage that at each layer. it seems to me that we could use its level 4 in outer layer and level 7 features at the Ingress level? Replace the NGINX Ingress with Traefik for level 7. Advantage is we only work with one load balancer Traefik. No product mixing. But I would like to know what metallb would add to this picture?