lost/rskio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d231294b153760cf18a51823d288fd11be4685d5
rskio/mkdocs/docs/projects/k3s_traefik_setup.md
rskntroot 2f05bc88ac update k3s version info
2025-06-17 23:15:28 +00:00

3.0 KiB
Raw Blame History

K3S Traefik Setup

Brief

Enabling traefik access to dashboard and metrics for traefik ingress controller in k3s kubernetes cluster

  • by rskntroot on 2024-07-01

Assumptions

$ k3s --version
k3s version v1.32.5+k3s1 (8e8f2a47)
go version go1.23.8

$ kubectl version
Client Version: v1.32.5+k3s1
Kustomize Version: v5.5.0
Server Version: v1.32.5+k3s1

Traefik Dashboards

K3S comes packaged with Traefik Dashboard enabled by default, but not exposed.

Preparation

DNS

=== "DNS"

Set DNS record `traefik.your.domain.com` in a non-public DNS

=== "Hosts File"

Alternatively, you can just edit your workstations `hosts` file.

``` title="/etc/hosts"

10.0.0.1    traefik.your.domain.com

```

!!! warning "This example does not include authentication. Exposing these dashboards is a security risk. Recommend enabling mTLS."

Middlewares

On host with kubectl access.

create middlewares.yaml

=== Basic

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: redirect-https
  namespace: default
spec:
  redirectScheme:
    scheme: https
    permanent: true
    port: "443"
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: redirect-dashboard
  namespace: default
spec:
  redirectRegex:
    regex: "^https?://([^/]+)/?$"
    replacement: "https://${1}/dashboard/"
    permanent: true
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: ratelimit
  namespace: default
spec:
  rateLimit:
    average: 100
    burst: 50
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: compress
  namespace: default
spec:
  compress: {}

kubectl apply -f middlewares.yml

Setup IngressRoute

export DOMAIN=your-domain.com

create ingress.yml and update "edge.rskio.com" with your domain name

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-dashboard
spec:
  entryPoints:
    - web
    - websecure
  routes:
    - match: Host(`edge.rskio.com`) # Update with your domain name
      kind: Rule
      services:
        - name: api@internal
          kind: TraefikService
      middlewares:
        - name: redirect-https
        - name: redirect-dashboard
        - name: ratelimit
        - name: compress

kubectl apply -f ingress.yml

Access Dashboards

You should now be able to access the Traefik Ingress Controller Dashboard and metrics remotely.

From web browser go to the domain you specified in the ingress.

=== "Traefik Dashboard"

```
https://edge.your.domain.com
```

will follow `redirect-https` and get you to

```
https://edge.your.domain.com/dashboard/#/
```

Disable Dashboards

=== "Bash"

``` bash
kubectl delete -f ingress.yml
```

=== "Example"

``` bash
$ kubectl delete -f traefik/ingress.yml
ingressroute.traefik.io "traefik-ingress" deleted
```

References

Reference in New Issue View Git Blame Copy Permalink