DEV Community

Cover image for Deploy Traefik Ingress with Helm.
Thodoris Velmachos
Thodoris Velmachos

Posted on • Edited on

Deploy Traefik Ingress with Helm.

Hello, I would like share with you a working example of Helm Values used to overwrite the defaults in order to configure Traefik Ingress to retain the Client Original Ip in the headers X-Forwarded-For and X-Real-Ip.

Lets provision a Testing GKE Cluster with Gcloud CLI.

 gcloud container clusters create test-gke-cluster \
   --region europe-central2 \
   --node-locations europe-central2-a \
   --num-nodes=1 \
   --machine-type=e2-medium \
   --disk-size=50 \
   --disk-type=pd-standard \
   --image-type=cos_containerd \
   --release-channel=stable \
   --node-version="1.22.12-gke.2300" \
   --enable-autoscaling \
   --min-nodes 1 \
   --max-nodes 3 \
   --enable-autorepair \
   --network="" \
   --enable-ip-alias

Enter fullscreen mode Exit fullscreen mode

Lets Deploy Traefik Ingress to our new GKE Cluster

  • Get the Credentials for you cluster by executing the command bellowin order to be able to connect to it.
gcloud container clusters get-credentials "test-gke-cluster"  --zone=europe-central2-a

Enter fullscreen mode Exit fullscreen mode

Manual Deployment with Helm (Traefik Ingress)


 helm install traefik/traefik --values ./custom-values.yaml  --name-template traefik-ingress --wait

---
additionalArguments:
  - "--providers.kubernetescrd.allowCrossNamespace=true" # proxy backend services in across namespaces
  # Logging
  - --log.level=info
  - --log.format=json
certResolvers: 
  letsencrypt:
    tlsChallenge: true
    email: someone@ngcloudops.net
    storage: /data/acme.json
service:
  enabled: true
  type: LoadBalancer
  spec:
    externalTrafficPolicy: Local # Retain Client IP in the Headers 
  annotations:
    helm.sh/resource-policy: keep
    meta.helm.sh/release-name: traefik
    meta.helm.sh/release-namespace: default
deployment: 
  initContainers: # Ensure the `/data/acme.json` Permisssion is 600
    - name: fix-data-dir-permissions
      image: alpine:3.16.2
      command:
        - chown
        - -R  
        - 65532:65532
        - /data
      volumeMounts:
        - name: data
          mountPath: /data
persistence: # Used to Store TLS Certs
  enabled: enable
  name: data
  accessMode: ReadWriteOnce
  size: 1024Mi # min size for some Providers like DO
  path: /data
podSecurityContext:
  fsGroup: null

Enter fullscreen mode Exit fullscreen mode
Result

Image description

Please note that in any non Development Environment

the preferred way to do deploy any Workload to Kubernetes is using Continues Delivery Tools like Flux and ArgoCD, both of them follow the GitOps Principles.

Ref: https://traefik.io/blog/deploy-traefik-proxy-using-flux-and-gitops/

I hope you like the tutorial, if you do give a thumps up! and follow me in Twitter, also you can subscribe to my Newsletter in order to avoid missing any of the upcoming tutorials.

Media Attribution

I would like to thank Clark Tibbs for designing the awesome photo I am using in my posts.

Thank you, Cheers!!!

Top comments (0)