Steps to setup Traefik 2.o on kubennetes

Hi Team, I have traefik 1.x setup on my kubernetes cluster and now I want to migrate it to v2.x, please help me guide how to setup traefik v2.x on kubernetes cluster

Hi rajat. Your specific use case is probably important here, but there are general answers I can point you to.

There's some documentation that you might benefit from:

https://docs.traefik.io/migration/v1-to-v2/

https://twitter.com/traefik/status/1270351942850674689

Or more specific questions may yield more results. Try some things out, see if you run into issues. :slight_smile:

I echo the "specific questions may yield more results" sentiment. I'm running several kubernetes cluster with traefik v2 ingress controller successfully.

I'm not using Let's Encrypt, but those links where helpful to me nonetheless:

1 Like

Actually, I got the yaml's to deploy traefik 2.2.0, but traefik is not routing anything from outside to internal cluster service, below is the app deployment, service and ingress yaml

kind: Deployment
apiVersion: apps/v1
metadata:
  namespace: default
  name: whoami
  labels:
    apps: whoami
spec:
  replicas: 1
  selector:
    matchLabels:
      app: whoami
  template:
    metadata:
      labels:
        app: whoami
    spec:
      containers:
      - name: whoami-container
        image: containous/whoami
        ports:
          - name: web
            containerPort: 80


---

kind: Service
apiVersion: v1
metadata:
  name: whoami
spec:
  ports:
  - protocol: TCP
    port: 80
    name: web
  selector:
    app: whoami


---

kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
  name: whoami
  namespace: default
spec:
  entrypoints:
    - web
  routes:
  - match: Host(webportal.xyz.com)
    kind: Rule
    services:
    - name: whoami
      port: 80

below is the traefic deployment yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: traefik
    release: traefik
  name: traefik
  namespace: kube-system

spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
      release: traefik
  template:
    metadata:
      labels:
        app: traefik
        release: traefik
    spec:
      hostNetwork: true
      containers:
      - args:

        - --api
        - --api.insecure
       # - --api.insecure=false
        - --api.dashboard=true
        - --accesslog
        - --global.checknewversion=true
        - --entryPoints.traefik.address=:8100
        - --entryPoints.web.address=:80
        - --entryPoints.websecure.address=:443

         #permanent redirecting of all requests on http (80) to https (443)
        - --entrypoints.web.http.redirections.entryPoint.to=websecure
        - --entrypoints.websecure.http.tls.certResolver=default

        # Let's Encrypt Configurtion:
        # Please note that this is the staging Let's Encrypt server configuration.
        # Once you get things working, you should remove that following line.
       # - --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/dire
       # - --certificatesresolvers.default.acme.email=xx.xx@xx.xx
       # - --certificatesresolvers.default.acme.storage=acme.json
       # - --certificatesresolvers.default.acme.tlschallenge

        - --ping=true
        - --providers.kubernetescrd=true
        - --providers.kubernetesingress=true
       
        - --log.level=INFO
        image: traefik:2.2.0
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /ping
            port: 8100
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 2
        name: traefik
        ports:
        - containerPort: 8100
          name: admin
          protocol: TCP
        - containerPort: 80
          name: web
          protocol: TCP
        - containerPort: 443
          name: websecure
          protocol: TCP
        readinessProbe:
          failureThreshold: 1
          httpGet:
            path: /ping
            port: 8100
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 2
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: traefik
      serviceAccountName: traefik
      terminationGracePeriodSeconds: 60

I haven't setup Let's encrypt yet, so commented that out, actually I am using Cloudflare with auto ssl functionality, so in that case, can you please help me how can I setup that to get application run on https.

I have also used hostNetwork=true in this deployment, is this required?, because during setup of traefik 1.7.4, I have to enable hostNetwork=true, traefik 1.7.4 otherwise traefik controller didn't route traffic to services inside kubernetes cluster.

Please help guys!
Thank you

I personally used hostPorts, not hostNetwork, but I do not see why hostNetwork should not work.

When you say:

traefik is not routing anything from outside to internal cluster service

what exactly do you mean?