How to enable Traefik Dashborad in K3s

Rancher發表於2022-11-24
About the Author
Wang Hailong, Technical Manager of SUSE Rancher China Community, responsible for the maintenance and operation of Rancher China Technical Community. He has 8 years of experience in the field of cloud computing, and has experienced the technological transformation from OpenStack to Kubernetes. Whether the underlying operating system Linux, or virtualized KVM or Docker container technology, he has rich operation and maintenance and practical experience.

Preface

Traefik is an open source edge router that makes publishing your services easy and fun. It is responsible for receiving your system requests and handling them with the appropriate components.

Traefik's dashboard is handy and provides a detailed overview of the current state of the cluster, including cluster entry and service mesh routing configuration details:

K3s is a CNCF conformance-certified lightweight distribution of Kubernetes designed for IoT and edge computing. In K3s, Traefik is built-in as the default reverse proxy and Ingress Controller for the cluster. K3s 1.21 starts with Traefik v2 installed by default, while previous versions installed Traefik v1 by default. This article will introduce how to enable Traefik Dashborad according to different Traefik versions.

Traefik v1 Dashborad enabled

By default, K3s 1.20 and earlier have Traefik v1 installed by default, and Traefik Dashboard is not enabled by default. To enable Dashborad with Traefik v1 in K3s, we can use HelmChartConfig to customize Traefik v1 deployed by Helm and enable Dashboard:

Notice:

  • It is not recommended to manually edit /var/lib/rancher/K3s/server/manifests/traefik.yaml to modify the Traefik configuration file, because the modified content will be overwritten after K3s restarts.
  • It is recommended to customize the /var/lib/rancher/K3s/server/manifests configuration by creating an additional HelmChartConfig manifest in 0623d3e4c2ec70, see: http://docs.rancher.cn/docs/K3s/helm/_index/
cat >> /var/lib/rancher/K3s/server/manifests/traefik-config.yaml << EOF
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: traefik
  namespace: kube-system
spec:
  valuesContent: |-
    dashboard:
      enabled: true
      domain: "traefik.localhost"
EOF

At this point, Traefik will be redeployed, and in about 10 seconds, you can access Traefik Dashboard through the domain name configured by spec.valuesContent.domain :

Traefik v2 enable Dashborad

By default, K3s 1.21 and above install Traefik v2 by default. For security reasons, Traefik Dashboard is not exposed by default. There are two common ways to expose Dashborad:

Method 1: via port forwarding

kubectl -n kube-system port-forward $(kubectl -n kube-system get pods --selector "app.kubernetes.io/name=traefik" --output=name) 9000:900

After port forwarding is enabled, Dashboard can be accessed through http://127.0.0.1:9000/dashboard/ :

Method 2: Custom IngressRoute CRD

Another way is by defining and applying the IngressRoute CRD (kubectl apply -f dashboard.yaml):

# dashboard.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: dashboard
spec:
  entryPoints:
    - web
  routes:
    - match: Host(`traefik.example`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
      kind: Rule
       services:
        - name: api@internal
          kind: TraefikService

After successful deployment, Dashboard can be accessed via http://traefik.example/dashboard/ :

相關文章