K3S & Traefik 2
K3S is a great tool if you want to use Kubernetes in IoT or Edge Computing environments or also in a development environment.
How to install Traefik in version 2 with this light distribution ? Let’s look at this together 😀
This guide currently works with Traefik 2.2 but you should be able to use it without problems with future versions. If not, I will update it ! 😉
But before all that, what is K3S and Traefik and why you should use them ?
What is k3s ?
K3S is a kubernetes certified distribution built for IoT & Edge computing but also for development environments. Why ?
Because K3S is much lighter than K8S. Lightweight Kubernetes : Easy to install, half the memory, all in a binary of less than 100 MB.
External dependencies have been minimized (just a modern kernel and cgroup mounts needed) and everything you need is in a single binary !
It is also possible to manage a Kubernetes cluster very easily with K3S.
And to manage the publication of our applications? Traefik is on the network, what K3S is on Kubernetes !
Makes Networking Boring
Traefik is the leading open source reverse proxy and load balancer for HTTP and TCP-based applications. Why ?
Like K3S, it’s easy to use, dynamic, automatic and has the features you will need ! Like what ?
- Integrates with every major cluster technology,
- Automatic service discovery ,
- HTTPS with Let’s encrypt or custom certificates,
- HTTP/TCP and UDP support,
- Customize your routes with Middlewares,
- Canary deployments,
- Mirroring requests.
Now let’s go to the technique ! 😁
First, it’s necessary to install K3S in your environment. This is simply done with the following command :
curl -sfL https://get.k3s.io | sh -s - --disable=traefik
We are not going to deploy Traefik since we want to install our own version 2.2 !
If you don’t have any environment available to perform these tests, you can use
multipass , which I recommend, or
k3d by example.
Once the installation is over , you can validate it with the following command :
sudo kubectl get nodes
Now we can integrate Traefik 2.2 into our environment !
Deploy Traefik 2.2
We will perform this installation without a deployment utility. You can find a helm repo here if you want use an automated install.
First, we need to declare our Ingress resource. This resource has specific elements like Middleware, TCP and UDP routes, TLS options, etc.
We will create the definitions for these resources using Custom Resource Definition( aka CRD ).
All these definitions can be found in the Traefik documentation : https://docs.traefik.io/user-guides/crd-acme/
I will only take them back, in a file
CustomResourceDefinition.yaml, to apply them :
Finally I can apply my file :
sudo kubectl apply -f ./CustomeResourceDefinition.yaml
We will be able to proceed to the declaration of our deployment. Here is my file
You can use this file “out of the box” but remember to change your email address on :
Again, we can apply this configuration with :
sudo kubectl apply -f ./deployment.yaml
It’s possible to check your installation with a web browser by going to the following address :
Now deploy an application to validate the proper functioning of our Ingress route !
Deploy whoami example
I’m just going to use a
whoami image from Containous. First let’s create our
whoami.yaml file :
For this example, I will use the domain
mydomain.com. You must modify the following element in order to match it to your domain :
- match: Host(`mydomain.com`)
sudo kubectl apply -f ./whoami.yaml
You can validate this route in your dashboard or directly via the command :
$ curl -I http://mydomain.com
GET / HTTP/1.1
And now ? We can add https to our app !
So let’s modify our whoami.yaml file to add our entrypoint for HTTPS :
After apply, you can check if all works fine with that command :
$ curl https://mydomain.com
GET / HTTP/1.1
In addition to adding HTTPS to our application, we can redirect the HTTP flow to HTTPS automatically.
To do this, I will use a new feature in Traefik 2.2. The possibility of performing a redirect directly on HTTP entrypoint !
Let’s modify -a bit- the configuration of our Traefik instance :
We only added two lines !
With those lines, you say, all incoming from
entrypoints.web redirect to
And this requests are now on
https with :
Last check today :
$ curl -I http://mydomain.com
HTTP/1.1 308 Permanent Redirect
Date: Tue, 26 May 2020 21:05:20 GMT
Content-Type: text/plain; charset=utf-8
As you can see, it’s very easy to integrate Traefik 2.2 on K3S !
Today, we were able to see how to integrate all of this manually to better understand how it works.
Now, you just have to choose the best solution for your needs !
In any case, using K3S and Traefik will allow you to easily deploy your applications wherever you want ! 😍
In a future article, we will see how to easily deploy a Nexctloud instance with Docker and Traefik !