Service Foundry
Blog Infra SSO Observability Backend Big Data
Young Gyu Kim <credemol@gmail.com>

Traefik & Kubernetes - The Kubernetes Ingress Controller

traefik introduction

Overview

This guide walks you through installing Traefik on Kubernetes using Helm and configuring Ingresses for Jaeger, Prometheus, and Airflow. The goal is to help you understand how Traefik dynamically routes traffic to your services in a Kubernetes environment.

Whhat is Traefik?

Traefik is an open-source Edge Router that makes publishing your services a fun and easy experience. It receives requests on behalf of your system and finds out which components are responsible for handling them.

— Traefik
https://traefik.io/

Key Concepts in Traefik

Traefik revolves around four key building blocks:

  1. EntryPoints: Define the network ports (e.g., HTTP/HTTPS) through which Traefik receives incoming traffic.

  2. Routers: Match incoming requests and direct them to the appropriate service based on defined rules.

  3. Middlewares: Transform requests or responses before they are processed by the service (e.g., adding headers, authentication, rate-limiting).

  4. Services: Represent the actual backend services that respond to requests.

For more information, see Traefik Concepts.

Limitations

In this guide, we use the Community Edition of Traefik. Here’s a brief overview of the editions:k:

  • Application Gateway (Free): Ideal for small to medium workloads.

  • API Gateway (Paid): Suited for medium to large-scale applications.

  • API Management (Paid): Designed for large-scale environments with advanced management needs.

Refer to the Traefik Pricing page for details.

Install Traefik on Kubernetes using Helm

Official guide: Traefik Installation Guide

Add Helm Repository

$ helm repo add traefik https://helm.traefik.io/traefik
$ helm repo update traefik

Get Default Configuration

$ helm show values traefik/traefik > values.yaml

Pull the Traefik Chart

Make target directory for the Traefik chart:

$ mkdir -p $HOME/Dev/helm/charts/traefik

Pull the Traefik chart:

$ helm pull traefik/traefik  --destination $HOME/Dev/helm/charts/traefik

Create Namespace for Traefik

$ kubectl create namespace traefik

Enable the Treafik Dashboard

Create a custom values file(custom-values.yaml) with the content below:

custom-values.yaml
ingressRoute:
  dashboard:
    enabled: true

Install Traefik

$ helm upgrade --install traefik traefik/traefik -f custom-values.yaml -n traefik

Verify Installation

$ kubectl -n traefik get services

Example output:

NAME      TYPE           CLUSTER-IP      EXTERNAL-IP                                                               PORT(S)                      AGE
traefik   LoadBalancer   10.100.81.125   a8ae1e63c10c449a08e10a095efd839f-2062399949.ca-west-1.elb.amazonaws.com   80:31041/TCP,443:30228/TCP   41m

For External IP, we can see the DNS name a8ae1e63c10c449a08e10a095efd839f-2062399949.ca-west-1.elb.amazonaws.com. This DNS name will be automatically assigned to Ingresses with the annotation kubernetes.io/ingress.class: traefik.

Creating Ingresses

Jaeger & Prometheus Ingress (o11y-ingress.yaml)

o11y-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: o11y-ingress
  namespace: o11y
  annotations:
    (1)
    kubernetes.io/ingress.class: traefik
spec:
  rules:
    (2)
    - host: jaeger-ui.nsa2.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: otel-collector
                port:
                  name: jaeger
    (3)
    - host: prometheus.nsa2.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: prometheus
                port:
                  name: web
1 Ingress class for Traefik. When the value is set to traefik or empty, Traefik will handle the Ingress.
2 Hostname for Jaeger UI. To access Jaeger UI, we need to add the hostname to the /etc/hosts file.
3 Hostname for Prometheus. To access Prometheus, we need to add the hostname to the /etc/hosts file.

To apply the Ingress, run the command below:

$ kubectl apply -f o11y-ingress.yaml

To verify the Ingress, run the command below:

$ kubectl -n o11y get ingress

# Example output
NAME           CLASS     HOSTS                                    ADDRESS                                                                   PORTS   AGE
o11y-ingress   traefik   jaeger-ui.nsa2.com,prometheus.nsa2.com   a8ae1e63c10c449a08e10a095efd839f-2062399949.ca-west-1.elb.amazonaws.com   80      37m

Airflow Ingress (airflow-ingress.yaml)

airflow-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: o11y-ingress
  namespace: airflow
  (1)
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
    (2)
    - host: airflow.nsa2.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: airflow-webserver
                port:
                  name: airflow-ui
1 Ingress class for Traefik. When the value is set to traefik or empty, Traefik will handle the Ingress.
2 Hostname for Airflow UI. To access Airflow UI, we need to add the hostname to the /etc/hosts file.

To apply the Ingress, run the command below:

$ kubectl apply -f airflow-ingress.yaml

Accessing the Services

kubectl -n traefik get service

# Example output
NAME      TYPE           CLUSTER-IP      EXTERNAL-IP                                                               PORT(S)                      AGE
traefik   LoadBalancer   10.100.81.125   a8ae1e63c10c449a08e10a095efd839f-2062399949.ca-west-1.elb.amazonaws.com   80:31041/TCP,443:30228/TCP   21m

For External IP, we can see the DNS name a8ae1e63c10c449a08e10a095efd839f-2062399949.ca-west-1.elb.amazonaws.com

To access hostnames we used in the Ingress, we need to add the DNS name to the /etc/hosts file.

40.176.3.88       jaeger-ui.nsa2.com
40.176.3.88       prometheus.nsa2.com
40.176.3.88       airflow.nsa2.com

You can get the External IP address of the Traefik service by running the command below:

$ ping a8ae1e63c10c449a08e10a095efd839f-2062399949.ca-west-1.elb.amazonaws.com
NOTE

Optionally, use CNAME records in Route 53 or another DNS provider for production access.

http://jaeger-ui.nsa2.com

jaeger ui
Figure 1. Jaeger UI Screenshot

http://prometheus.nsa2.com

prometheus ui
Figure 2. Prometheus Screenshot

http://airflow.nsa2.com

airflow ui
Figure 3. Airflow Screenshot

Accessing the Traefik Dashboard

Traefik’s dashboard is not exposed by default. Use port-forwarding to access it locally:

$ kubectl -n traefik port-forward deployment/traefik 8080:8080

To access the Traefik dashboard, open a browser and go to http://localhost:8080/dashboard/. Don’t forget the trailing / at the end.

traefik dashboard
Figure 4. Traefik Dashboard Screenshot

The dashboard provides real-time insights into routers, services, and middlewares.

NOTE

The open-source edition does not include built-in authentication or authorization for the dashboard.

Conclusion

In this guide, you:

  • Installed Traefik using Helm on Kubernetes

  • Created Ingresses for Jaeger, Prometheus, and Airflow

  • Exposed and accessed each service using DNS hostnames

  • Explored the Traefik dashboard via port forwarding

Traefik simplifies managing ingress traffic and is a powerful tool in cloud-native environments.