Traefik on a Google Kubernetes Engine Cluster managed by Terraform

Google Kubernetes Engine is a great and easy way to explore Kubernetes without having to worry about creating a cluster on your own.

While playing around with it, I immediately started asking myself how I could automate the process of creating a GKE cluster and how I could easily deploy the powerful Traefik as my Ingress Controller.

Initial idea

At first, as already mentioned, I wanted to automate as much as possible. Therefore I decided to use the following tools:

Due to missing functionality in the terraform kubernetes provider to modify RBAC on the cluster, I deviated from my original idea to deploy traefik solely via terraform and decided to also use kubectl.

Requirements

Of course, at first we need a GCP Project to use for our little case. In that project, we need to have billing at the compute API enabled.

Also, we obviously need to have the tools from above installed. All files used in this post are available inside this example project on github. The code also includes some inline comments to explain what its doing ;-)

Lets do it!

Alright, as we have everything settled, we can finally get down to business. First, we need to init our gcloud command-line.

Image for post
Image for post

In my case, I already had a configuration so I would choose the first option. If you don’t have any configuration at all, this screen will not appear.

Image for post
Image for post

If you see this screen, we’re at an important step. Please take not of the email adress you choose here (this is from your gcp account). You will need it later. After that, just go through the init chain. Its self explanatory.

Once you’ve gone through the init, we now need to connect the sdk with your account.

Image for post
Image for post

Now, we need to connect the local terraform with the project we want to use. Therefore just run

export GOOGLE_PROJECT=$(gcloud config get-value project)

Now, our gcloud sdk and terraform are ready to go. You remember the email adress you needed to note down? Now it’s the time to use it.

As already mentioned, GKE has some strong RBAC polices so we need to modify it during the process of deploying. By default, your kubectl user does not have permission to modify RBAC on its own, which requires the next step.

In the file permissions.yml, we need to edit line 12 and put in the email address you noted down.

subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: <yourgcpaccountemail.com>

Once this is done, we’re able to init terraform :-)

Image for post
Image for post

Next step, is then to apply with terraform to get the cluster created.

terraform apply
Image for post
Image for post

Be patient, that will take a little while ;-) But eventually, you’ll see this

Image for post
Image for post

Once you see this, you will see a full fledged cluster in your google cloud console.

Image for post
Image for post

In order to be able to deploy some services, we now need to wire up our local kubectl with the cluster spawned on GKE. This is done by simply running

Image for post
Image for post

Nowe, we’re finally able to deploy traefik. Using the provided code, its just a simple

Image for post
Image for post

The configuration for the spawned traefik can be found here.

Last but not least, just apply both demo services

Image for post
Image for post

And we’re done!

Checking Results

Now it’s time to check what we did. At first, head over to your GKE Dashboard and check the spawned services

Image for post
Image for post

What we can see, is that the traefik-ingress-controller has an external ip and 2 ports oppened. Our 2 demo services are deployed under whoami.traefikgke and nginx.traefikgke. Next, let’s check the traefik dashboard. This is reachable, as you have guessed, under the public IP and the 8080 Port.

Image for post
Image for post

To check both services, best is to set local hosts with the names whoami.traefikgke and nginx.traefikgke to the public ip from above.

Image for post
Image for post
Image for post
Image for post

Wrapping Up

As you can see, with the code from the example project things are straight forward. It’s a little tricky to setup RBAC (ClusterRoleBindings, ServiceAccounts etc) but with the example code it should be relatively self explanatory.

Special thanks to Daniel Tomcej to helping me when I got lost :-)

If you have questions or feedback, feel free to reach out to me via Twitter @mZapfDE, I would highly appreciate it.

Google Cloud - Community

Google Cloud community articles and blogs

Manuel „SantoDE" Zapf

Written by

Software Engineer, Happy part of @traefikproxy maintainers team, cloud enthusiast, devops addict, go love

Google Cloud - Community

A collection of technical articles and blogs published or curated by Google Cloud Developer Advocates. The views expressed are those of the authors and don't necessarily reflect those of Google.

Manuel „SantoDE" Zapf

Written by

Software Engineer, Happy part of @traefikproxy maintainers team, cloud enthusiast, devops addict, go love

Google Cloud - Community

A collection of technical articles and blogs published or curated by Google Cloud Developer Advocates. The views expressed are those of the authors and don't necessarily reflect those of Google.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store