githubixx.traefik_kubernetes

Panoramica Versioni Approfondimenti

Traefik Kubernetes

This Ansible role installs Traefik, an edge router for Kubernetes, to act as an ingress controller. It uses the official Helm chart for installation. You can install, update, or delete the Traefik deployment using this role.

The default settings are designed for a bare-metal or on-premise Kubernetes cluster where Traefik serves as the public entry point for services. While you can adjust the configuration, the defaults include:

  • Deploying Traefik instances as a DaemonSet
  • Using hostPort in Traefik pods
  • Listening on port 80 for incoming HTTP requests
  • Listening on port 443 for incoming HTTPS requests
  • Enabling the Traefik dashboard (not publicly exposed)
  • Using cert-manager for TLS certificates (you can use my Ansible role cert-manager-kubernetes for installation)

For more information about the Helm chart settings, see below.

Versions

I label each release and follow semantic versioning. I recommend using the latest tag for stability. The master branch is mainly for development. A tag like 5.0.0+23.0.1 indicates it’s release 5.0.0 using Helm chart version 23.0.1. If the role changes prior to the +, it will increase; likewise for the Traefik chart version after +.

Requirements

You need to have Helm 3 installed on the host where ansible-playbook is run, or on a host you delegated it to (using the traefik_delegate_to variable). You can:

  • Use your package manager if helm is available (e.g., sudo pacman -S helm for Archlinux)
  • Use an Ansible Helm role (like helm) which gets installed with ansible-galaxy role install -vr requirements.yml
  • Download the binary directly from Helm releases and place it in /usr/local/bin/.

You also need a correctly configured KUBECONFIG file located at ${HOME}/.kube/config. If kubectl works with your cluster, you are good to go.

Additionally, install the kubernetes.core Ansible collection with: ansible-galaxy install -r collections.yml.

And, of course, you need a Kubernetes Cluster.

Changelog

See CHANGELOG.md.

Role Variables

Here's a simple overview of the role's variables:

# Helm chart version
traefik_chart_version: "23.2.0"

# Helm release name
traefik_release_name: "traefik"

# Helm repository name
traefik_repo_name: "traefik"

# Helm chart name
traefik_chart_name: "{{ traefik_repo_name }}/{{ traefik_release_name }}"

# Helm chart URL
traefik_chart_url: "https://helm.traefik.io/traefik"

# Kubernetes namespace for Traefik resources
traefik_namespace: "traefik"

# Directory for Helm chart values file
traefik_chart_values_directory: "{{ '~/traefik/helm' | expanduser }}"

# Install CustomResourceDefinitions (CRDs)
traefik_install_crds: false

# Delegate executing tasks to another host
traefik_delegate_to: 127.0.0.1

# Show executed Helm commands in logs
traefik_helm_show_commands: false

# Directory for rendered Kubernetes resources YAML
traefik_template_output_directory: "{{ '~/traefik/template' | expanduser }}"

Usage

First, check templates/traefik_values_default.yml.j2 as it contains the default values for the Traefik Helm chart. You can modify these values by creating your own values.yml.j2 or values.yaml.j2 file in the traefik_chart_values_directory (default is $HOME/traefik/helm).

After setting up your values file, you're ready to install the role. Most tasks communicate locally with the Kubernetes API or execute Helm commands.

The default action is to render a Kubernetes resources YAML file. For example, if your playbook is named k8s.yml, use:

ansible-playbook --tags=role-traefik-kubernetes k8s.yml

To render the template to a different directory, set the traefik_template_output_directory variable:

ansible-playbook --tags=role-traefik-kubernetes --extra-vars traefik_template_output_directory="/tmp/traefik" k8s.yml

To see the executed Helm commands in the logs, specify --extra-vars traefik_helm_show_commands=true.

After verifying your template, you can install Traefik:

ansible-playbook --tags=role-traefik-kubernetes --extra-vars action=install k8s.yml

Check the deployment status with kubectl commands like kubectl -n <traefik_namespace> get pods -o wide.

To update Traefik, change the traefik_chart_version variable and run:

ansible-playbook --tags=role-traefik-kubernetes --extra-vars action=upgrade k8s.yml

To remove Traefik, execute:

ansible-playbook --tags=role-traefik-kubernetes --extra-vars action=delete k8s.yml

Example Playbook

Example 1 (without role tag):

- hosts: traefik
  roles:
    - githubixx.traefik_kubernetes

Example 2 (with role tag):

- hosts: traefik
  roles:
    - role: githubixx.traefik-kubernetes
      tags: role-traefik-kubernetes

In these examples, traefik is usually localhost or any host suitable for running as an Ansible executor. Ensure that this host has Helm installed and a valid kubeconfig file.

Testing

This role has a test setup using Molecule. You can refer to my blog post for a setup guide. To test or create a template of resources, run:

molecule converge

To install Traefik:

molecule converge -- --extra-vars action=install

To upgrade or change parameters:

molecule converge -- --extra-vars action=upgrade

To delete Traefik:

molecule converge -- --extra-vars action=delete

To run tests:

molecule verify

To clean up:

molecule destroy

License

GNU GENERAL PUBLIC LICENSE Version 3

Author Information

http://www.tauceti.blog

Informazioni sul progetto

Ansible role to install Traefik ingress controller in a Kubernetes cluster

role kubernetes k8s http https ingress network networking
Installa
ansible-galaxy install githubixx.traefik_kubernetes
GitHub repository
11 stelle
3 fork
0 problemi aperti
Licenza
gpl-3.0
Download
1.5k
Proprietario
Robert Wimmer
Senior System Engineer - Python, Go, Cloud, Kubernetes, Commodore, Retro, 80's ;-)