Installing Traefik Enterprise Edition on Kubernetes

This page guides you through the installation of TraefikEE (Traefik Enterprise Edition) as a Kubernetes Ingress Controller.

We recommend using traefikeectl to install TraefikEE on Kubernetes.

However, for experts who need to fine-tune every step of the installation, we provide the following advanced installation guides for Kubernetes:

Kubernetes Knowledge

Assistance with configuring or setting up a Kubernetes cluster are not included in this guide. If you need more information about Kubernetes, start with the following resources:

Requirements

  • The traefikeectl tool

  • A Kubernetes cluster:

    • Supported versions: 1.10 to 1.14
    • RBAC enabled (recommended),
    • Access to the Kubernetes API with kubectl, with the ability to create and manage namespaces and their resources.
    • A default StorageClass configured. TraefikEE uses StatefulSets, and their storage requires a default StorageClass to be configured. Instructions on doing so can be found here.
  • Bootstrap and control node pods can reach https://v3.license.containous.cloud.

One-Line Installation

To install TraefikEE in Kubernetes, use the same traefikeectl install command line as described in the Quick Start, with the option --kubernetes:

traefikeectl install \
  --licensekey="XXXXXXXXX" \
  --dashboard \
  --kubernetes

Install a cluster with more than one Control Node

In order to install a TraefikEE cluster with more than one control node, specify the option --controlnodes=<NUMBER_OF_CONTROL_NODES> in the command described above. By default, the traefikeectl install command line deploys a cluster with 1 Control Node and 2 Data Nodes. To make this kind of install, run this command:

traefikeectl install \
  --licensekey="XXXXXXXXX" \
  --dashboard \
  --kubernetes \
  --controlnodes=3

The previous command installs TraefikEE on your Kubernetes infrastructure, with the following elements:

Default Dashboard Password

By default, traefikeectl will generate a new username and password to secure the dashboard. For security reasons, this password is not stored anywhere, and is not recoverable if lost. If you lose this username or password, you will have to recreate the secret that contains them. Instructions on how to do this can be found here.

Customizing the One-Line Installation

The traefikeectl tool uses Helm under the hood to assist with installing TraefikEE.

Helm with traefikeectl
  • Supported versions: 2.9 to 2.14
  • If a supported version is found, traefikeectl will use your helm binary
  • If no helm installation is found, traefikeectl will download helm in a temporary folder
  • If an unsupported version of helm is found, traefikeectl will not be able to work properly. You will have to upgrade/downgrade your helm installation to be able to use it

To provide the following configuration:

  • 10 Data Nodes (with 5 allowedUnavailable)
  • Each node having limits at 500 Mb of memory and 1 vCPU

You would configure a values file:

replicas:
  dataNode:
    total: 10
    allowedUnavailable: 4
resources:
  requests:
    memory: 500Mi
    cpu: 100m
  limits:
    memory: 500Mi
    cpu: 100m

All available options are listed on the configuration reference page.

Provide the custom values file to traefikeectl by using the --kubernetes.helmvaluespath argument:

traefikeectl install \
  --licensekey="XXXXXXXXX" \
  --dashboard \
  --kubernetes \
  --kubernetes.helmvaluespath=custom-values.yaml
Install a cluster with more than one Control Node

In order to install a TraefikEE cluster with more than one control node, add the option --controlnodes=<NUMBER_OF_CONTROL_NODES> to the command described above. By default, the traefikeectl install command line deploys a cluster with 1 Control Node and 2 Data Nodes. To make this kind of install, run this command:

traefikeectl install \
  --licensekey="XXXXXXXXX" \
  --dashboard \
  --kubernetes \
  --kubernetes.helmvaluespath=custom-values.yaml \
  --controlnodes=3
Installation behind a proxy

In order to be able to install TraefikEE behind a proxy, you must provide the proxy.http, proxy.https and proxy.no_proxy values in your custom-values.yaml file.

As the control plane will make requests to the kubernetes API server, the proxy.no_proxy field must contain its IP address. It can be found using kubectl get service kubernetes.

# ...
proxy:
  http: http://127.0.0.1:3129
  https: http://127.0.0.1:3129
  no_proxy: 100.64.0.1

Validate Installation

Validate that the TraefikEE cluster is installed correctly by printing the node list, and ensuring that it maps the expected topology:

traefikeectl list-nodes
Name                                            Availability  Role          Leader
----                                            ------------  ----          ------
traefikee-control-node-1                        ACTIVE        CONTROL NODE  YES
data-node-traefikee-data-node-68d856488c-5vx5n  ACTIVE        DATA NODE
data-node-traefikee-data-node-68d856488c-stgns  ACTIVE        DATA NODE
Name                                            Availability  Role          Leader
----                                            ------------  ----          ------
traefikee-control-node-1                        ACTIVE        CONTROL NODE  YES
data-node-traefikee-data-node-68d856488c-5vx5n  ACTIVE        DATA NODE
data-node-traefikee-data-node-68d856488c-stgns  ACTIVE        DATA NODE
traefikee-control-node-2                        ACTIVE        CONTROL NODE
traefikee-control-node-0                        ACTIVE        CONTROL NODE

Your TraefikEE for Kubernetes cluster is ready.

Retrieve the Public Hostname

TraefikEE is now installed as an Ingress controller in your Kubernetes cluster.

The default configuration uses a Kubernetes Service of type "LoadBalancer", which provides an "external URL" to access from outside Kubernetes.

Retrieve this "external URL" with the following command:

# Value of the field "External IP"
kubectl get services --namespace=traefikee traefikee-data-svc
If the retrieved status is Pending

When creating a LoadBalancer service, Kubernetes interacts with your cloud provider (AWS, GKE ...) and tells it to deploy a new loadbalancer to route traffic to your cluster.

This operation takes some time and the "Pending" status indicates that this operation is not yet finished. Retry after a few minutes to get the external URL.

Access the Dashboard

You can now access the TraefikEE Dashboard by using your web browser:

  • On Kubernetes: at the URL http://<public-hostname>, where <public-hostname> is the public hostname of the LoadBalancer Service for TraefikEE. Use the credentials you got from the output of the command traefikeectl install.

Backup your Installation

Don't forget to setup regular backups using the traefikeectl backup command. More information can be found in the backup and restore documentation.

Uninstall

The cluster can be easily uninstalled by running traefikeectl uninstall:

traefikeectl uninstall

If you would like to purge the release entirely, and free up the namespace for future use, you can use:

traefikeectl uninstall --kubernetes.deletenamespace

Important

By default, traefikeectl will use your kubeconfig file in the $KUBECONFIG environment variable or in ~/.kube/config. You can override those values using the --kubernetes.configpath argument in the command line.

More information about the uninstall options can be found on the traefikeectl Reference Page.

What's Next?

Now that you have an up running cluster, you can configure your routing.