K3S is a great tool if you want to use Kubernetes in IoT or Edge Computing environments or also in a development environment.

Basically, the service is installed with Traefik to manage your Ingress routes. However, the installed version is currently version 1.7.2 instead of the stable 2.x version.

How to install Traefik in version 2 with this light distribution ? Let’s look at this together 😀

This guide currently works with Traefik 2.2 but you should be able to use it without problems with future versions. If not, I will update it ! 😉

But before all that, what is K3S and Traefik and why you should use them ?

What is k3s ?

Because K3S is much lighter than K8S. Lightweight Kubernetes : Easy to install, half the memory, all in a binary of less than 100 MB.

External dependencies have been minimized (just a modern kernel and cgroup mounts needed) and everything you need is in a single binary !

It is also possible to manage a Kubernetes cluster very easily with K3S.

And to manage the publication of our applications? Traefik is on the network, what K3S is on Kubernetes !

Makes Networking Boring

Like K3S, it’s easy to use, dynamic, automatic and has the features you will need ! Like what ?

  • Integrates with every major cluster technology,
  • Automatic service discovery ,
  • Tracing/Metrics,
  • HTTPS with Let’s encrypt or custom certificates,
  • HTTP/TCP and UDP support,
  • Customize your routes with Middlewares,
  • Canary deployments,
  • Mirroring requests.

Now let’s go to the technique ! 😁

Install K3S

curl -sfL https://get.k3s.io | sh -s - --disable=traefik

We are not going to deploy Traefik since we want to install our own version 2.2 !

If you don’t have any environment available to perform these tests, you can use multipass , which I recommend, or k3d by example.

Once the installation is over , you can validate it with the following command :

sudo kubectl get nodes

Now we can integrate Traefik 2.2 into our environment !

Deploy Traefik 2.2

First, we need to declare our Ingress resource. This resource has specific elements like Middleware, TCP and UDP routes, TLS options, etc.

We will create the definitions for these resources using Custom Resource Definition( aka CRD ).

All these definitions can be found in the Traefik documentation : https://docs.traefik.io/user-guides/crd-acme/

I will only take them back, in a file CustomResourceDefinition.yaml, to apply them :

CustomResourceDefinition.yaml

Finally I can apply my file :

sudo kubectl apply -f ./CustomeResourceDefinition.yaml

Output :

customresourcedefinition.apiextensions.k8s.io/ingressroutes.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/middlewares.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/ingressroutetcps.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/ingressrouteudps.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/tlsoptions.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/tlsstores.traefik.containo.us created
customresourcedefinition.apiextensions.k8s.io/traefikservices.traefik.containo.us created
clusterrole.rbac.authorization.k8s.io/traefik-ingress-controller created
clusterrolebinding.rbac.authorization.k8s.io/traefik-ingress-controller created

We will be able to proceed to the declaration of our deployment. Here is my file deployment.yaml :

Traefik deployment.yaml

You can use this file “out of the box” but remember to change your email address on :

--certificateresolvers.myresolver.acme.email=

Again, we can apply this configuration with :

sudo kubectl apply -f ./deployment.yaml

Output :

service/traefik created
serviceaccount/traefik-ingress-controller created
deployment.apps/traefik created

It’s possible to check your installation with a web browser by going to the following address : http://<Traefik_IP>:8080/dashboard/

Traefik 2.2 Dashboard

Now deploy an application to validate the proper functioning of our Ingress route !

Deploy whoami example

whoami deployment

For this example, I will use the domain mydomain.com. You must modify the following element in order to match it to your domain :

- match: Host(`mydomain.com`)

Again :

sudo kubectl apply -f ./whoami.yaml

You can validate this route in your dashboard or directly via the command :

$ curl -I http://mydomain.com
Hostname: whoami-app-84d8fbcf48-l87fj
IP: 127.0.0.1
IP: ::1
IP: 10.42.0.10
IP: fe80::2881:b7ff:fe6b:318c
RemoteAddr: 10.42.0.9:44436
GET / HTTP/1.1
Host: mydomain.com
User-Agent: curl/7.64.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 10.42.0.1
X-Forwarded-Host: mydomain.com
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: traefik-7df7bc4665-cqbbs
X-Real-Ip: 10.42.0.1

And now ? We can add https to our app !

HTTPS Everywhere

whoami with HTTPS

After apply, you can check if all works fine with that command :

$ curl https://mydomain.com
Hostname: whoami-app-84d8fbcf48-l87fj
IP: 127.0.0.1
IP: ::1
IP: 10.42.0.10
IP: fe80::2881:b7ff:fe6b:318c
RemoteAddr: 10.42.0.9:44436
GET / HTTP/1.1
Host: mydomain.com
User-Agent: curl/7.64.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 10.42.0.1
X-Forwarded-Host: mydomain.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: traefik-7df7bc4665-cqbbs
X-Real-Ip: 10.42.0.1

In addition to adding HTTPS to our application, we can redirect the HTTP flow to HTTPS automatically.

To do this, I will use a new feature in Traefik 2.2. The possibility of performing a redirect directly on HTTP entrypoint !

Let’s modify -a bit- the configuration of our Traefik instance :

Redirect HTTP to HTTPS

We only added two lines !

  • --entrypoints.web.http.redirections.entryPoint.to=:443
  • --entrypoints.web.http.redirections.entryPoint.scheme=https

With those lines, you say, all incoming from entrypoints.web redirect to entryPoint.to=:443 .

And this requests are now on https with : entryPoint.scheme=https

Last check today :

$ curl -I http://mydomain.com
HTTP/1.1 308 Permanent Redirect
Location: https://mydomain.com/
Date: Tue, 26 May 2020 21:05:20 GMT
Content-Length: 18
Content-Type: text/plain; charset=utf-8

As you can see, it’s very easy to integrate Traefik 2.2 on K3S !

You have several solutions to achieve this, such as using Helm or may be great tool from Alex Ellis : Arkade.

Today, we were able to see how to integrate all of this manually to better understand how it works.

Now, you just have to choose the best solution for your needs !

In any case, using K3S and Traefik will allow you to easily deploy your applications wherever you want ! 😍

In a future article, we will see how to easily deploy a Nexctloud instance with Docker and Traefik !

SysAdmin/DevOps & Traefik Ambassador — https://www.grottedubarbu.fr