baschno/kubern-everything
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d25c9227c77cd0b69aae7eefb60545ccd9346065
kubern-everything/Traefik/README.md
baschno 82c19ff12c updating steps for traefik
2025-05-23 19:10:27 +02:00

92 lines
2.3 KiB
Markdown
Raw Blame History

## Traefik via Helm
helm repo add traefik https://helm.traefik.io/traefik
helm install traefik traefik/traefik --namespace traefik --create-namespace --values traefik-values.yaml
## Cert-Manager
Cert Manager will be used as it will store certs in a secret, therefore accessible for every pod.
In contrast to this, Traefik stores certs on disk, so a volume would be needed in RWX mode (too much effort).
### Issuer - CA
An issuer is a CA. This can be done with 2 different kinds.
#### Issuer
can be used in the namespace they are created in.
#### Cluster Issuer
can be used throughout the whole cluster, not limited to a specific namespace.
i.e. general issuer for all namespaces in cluster.
## Test Deployment
k create ns test
kubectl create deploy nginx --image=nginx -n test
k create svc -n test clusterip nginx --tcp=80
k scale --replicas=3 deployment/nginx -n test
## Install Traefik & Cert-Manager
helm install traefik traefik/traefik --namespace traefik --create-namespace --values traefik-values.yaml
traefik-dashboard.k8s.schnrbs.work
helm repo add jetstack https://charts.jetstack.io --force-update
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --values cert-manager-values.yaml
k apply cert-manager-issuer-secret.yaml
k get secret -n cert-manager
k apply -f cert-manager-cluster-issuer.yaml
## Switch Test Deployment to https
k apply -f test/nginx-certificate.yaml
k apply -f test/nginx-ingress.yaml
## Troubleshooting steps
k get po -n test -o wide
k create svc -n test clusterip nginx
k create svc -n test clusterip nginx --tcp=80
k get svc -n test
dig k.internal.schnrbs.work
dig k8s.internal.schnrbs.work
dig n.k8s.internal.schnrbs.work
k apply -f traefik_lempa/nginx-ingress.yaml
k delete ingress nginx-ingress
k apply -f traefik_lempa/nginx-ingress.yaml
k get svc -n test
k get ingress
k get ingress -n test
k get svc ingressRoute
k get svc ingressRoutes
k get svc ingressroutes.traefik.io
k get ingressroutes.traefik.io --all-namespaces
helm upgrade traefik traefik/traefik --namespace traefik --create-namespace --values traefik_lempa/traefik-values.yaml
cert-manager-values.yaml
echo -n 'P96My4uiHudZtiC2ymjSGQ0174CoRBnI9ztmA0Wh' | base64
k get po
alias k=kubectl
k get po
k apply -f traefik_lempa/cert-manager-issuer-secret.yaml
k get secret
k get secrets
k get clusterissuers.cert-manager.io
Reference in New Issue View Git Blame Copy Permalink