This is a follow up story of “Docker for Mac with Kubernetes — Enable K8s Dashboard” which covers the basics to get a more permanent solution to access the dashboard (or any other web service).
Therefore we will use the cloud native load balancer Traefik as our Ingress controller.
Helm is a package manager which makes it easy to deploy software to a K8s cluster. It can be installed via Homebrew.
$ brew install kubernetes-helm
$ helm repo update
Packages are called Charts. A Chart contains all the Kubernetes manifests needed for a deployment. Manifests can be enhanced with template logic to get a configurable package suitable for different purposes (e.g. staging).
The Helm client needs a component running on the cluster which manages all the packages installed/submitted from the client. This component called is Tiller.
Create a file called “rbac-config.yaml” which is used to create a Service Account for Tiller.
- kind: ServiceAccount
$ kubectl create -f rbac-config.yaml
serviceaccount "tiller" created
clusterrolebinding "tiller" created$ helm init --service-account tiller
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
As we now have Helm installed we can easily install Traefik. Helm Charts usually come with a default configuration. But we need to create a custom configuration to specify our domain. I choose “traefik.k8s”.
Create a file called “traefik-values.yaml”.
Install the Traefik Chart and check if the pod is up and running.
$ helm install stable/traefik --name traefik --values traefik-values.yaml$ kubectl --namespace default get pods
NAME READY STATUS RESTARTS AGE
traefik-6bcf94dc95-9w2fk 1/1 Running 0 1m
Traefik routes traffic based on domain names. Therefore we need to configure the DNS server (/etc/hosts ;-) and add our previously defined domain from the config.
127.0.0.1 localhost traefik.k8s
As we’ve enabled the dashboard it is now accessible in a browser (traefik.k8s).
Deploying the K8s dashboard
I’ve created a basic Helm Chart containing all configs from the previous story needed for the dashboard.
$ git clone https://github.com/thmshmm/chart-k8s-dashboard.git k8s-dshbrd/
$ helm install k8s-dshbrd --name kubernetes-dashboard
Traefik is an ingress controller taking care of Ingress resources. The Chart created such an Ingress resource for us.
Note: Somewhere hardcoded in the Chart (don’t do this :-( I specified “web.traefik.k8s” as hostname within the domain.
127.0.0.1 localhost traefik.k8s web.traefik.k8s
Now there is a second frontend and backend in Traefik
and the K8s dashboard is accessible under web.traefik.k8s.
Generic Ingress usage
We’ve seen some possibilities to publish an internal service to the outside world. In addition, we can apply this to any other service which should be externally accessible.
Edit the “traefik-values.yaml” file and add any namespace Traefik should be aware of.
Upgrade the release of Traefik.
$ helm upgrade traefik stable/traefik --values traefik-values.yaml
Create an Ingress resource for the new service.
- host: some-backend.traefik.k8s
And don’t forget the DNS entries.