Adding entrypoints to a helm-deployed Traefik on K3s

Traefik Traefik v2
1

Hi,

I have a k3s with traefik installed from the helm charts, seems to work fine, but now I need to add two additional tcp entrypoints, how do I do that on a "helmified" traefik?

cheers
MH

2

Hello @lemmy04

Thanks for using Traefik! :smiley:

While deploying K3S together with Traefik installed the configuration has to be managed through HelmChartConfig CRD.

Here is the basic example of that custom resource. Please follow the official Traefik Helm chart repository to learn more about other available values that might be configured.

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: traefik
  namespace: kube-system
spec:
  valuesContent: |-
    image:
      name: traefik
      tag: v2.7.1
    ports:
      tcp1: 
        port: 20000
        expose: true
        exposedPort: 20000
      tcp2: 
        port: 20001
        expose: true  
        exposedPort: 20001

Basically speaking, once that resource will be created, Helm Controller automatically notices the new config and transform the created Helm configuration into CLI arguments passed into Traefik.

Here is the result of the command kubectl describe deployment traefik

 traefik:
    Image:       traefik:v2.7.1
    Ports:       20000/TCP, 20001/TCP, 9000/TCP, 8000/TCP, 8443/TCP
    Host Ports:  0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP
    Args:
      --global.checknewversion
      --global.sendanonymoususage
      --entryPoints.tcp1.address=:20000/tcp
      --entryPoints.tcp2.address=:20001/tcp
      --entryPoints.traefik.address=:9000/tcp
      --entryPoints.web.address=:8000/tcp
      --entryPoints.websecure.address=:8443/tcp
      --api.dashboard=true
      --ping=true
      --providers.kubernetescrd
      --providers.kubernetesingress
      --providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik
      --entrypoints.websecure.http.tls=true

Hope that helps,
Thanks!

3

So I just create a yaml file with content similar to the first example, and apply it?
What if I deploye traefik into its own namespace, do I apply that new yaml file into that namespace, or still into kube-system?
Or do I have to remove and redeploy traefik after applying that helmchartconfig?

4

The solution I presented works for the default K3S deployment when Traefik is deployed in the kube-system namespace.

How did you deploy Traefik in its own namespace? I mean, what method did you use to deploy it?

5

i created the namespace:
kubectl create ns traefik-v2
then I installed traefik:
helm install -n traefik-v2 traefik traefik/traefik

so ... what exactly do I do with that HelmChartConfig? I have zero experience with helm...

All I need right now is to add 3270/tcp to my ports, so I can run tk4 in kubernetes.

6

based on that, you don't use Traefik installed together with K3S, so you don't have to use HelmChartConfig.

I would recommend following the following workshops: Getting started with Traefik on K8S

Here, in detail, we explain how to deploy Traefik by using the official Helm Chart.

Please ensure that you deploy K3S without Traefik.

For my testing purposes, I use K3D on my local workstation and use the following command to spin up a test K3S cluster in docker.

 k3d cluster create testing-traefik --k3s-arg "--disable=traefik@server:0"  -p 80:80@loadbalancer -p 443:443@loadbalancer  --agents 1

then you can create a dedicated namespace and deploy Traefik by using the Helm command you shared.

Hope that helps.

7

sorry... but that tutorial did not help.
By now I have a working traefik, which even knows the entry point I have added.
here's my values.yaml:

ports:
  x3270:
    port: 3270
    exposed: true
    exposedPort: 3270
additionalArguments:
  - "--entryPoints.x3270.address=:3270/tcp"

But when I look at the deployment I see TWO "--entryPoints"-lines, one might be a leftover from a previous experiment, how do I clean this up?

Anyway, I deploy my hercules emulator the same way that used to work before, see From 0 to Kubernetes – Step 7, And now for something completely different… – Tux Online and tk4.yaml · GitHub and all I get is a "connection refused" from my 3270 telnet client...

Any further hint would be really useful.

8

Hello @jakubhajek the current example on k3s docs for the traefik-config.yaml

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: traefik
  namespace: kube-system
spec:
  valuesContent: |-
    image:
      name: traefik
      tag: v2.8.5
    forwardedHeaders:
      enabled: true
      trustedIPs:
        - 10.0.0.0/8
    ssl:
      enabled: true
      permanentRedirect: false

when this is auto deployed via adding to the /server/manifets folder , there is k3s gives an ErrImagePull.

commenting out the image tag solves that as a work around. But I'de like to solve this issue correctly.
K3S, current trafeik. yaml uses

chart: https://%{KUBERNETES_API}%/static/charts/traefik-crd-25.0.2+up25.0.0.tgz

I thought the issue was an incorrect image tag, and should be v2.10.5.... but this also causes the error.

Ultimately I'de like to correctly format that traefik-config.yaml to enable http3, unfotunatly guides only give outdated bits and pieces.

my current traefik-config.yaml

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: traefik
  namespace: kube-system
spec:
  valuesContent: |-
    image:
      name: traefik
      #tag: v2.10.5 
    forwardedHeaders:
      enabled: true
      trustedIPs:
        - 10.0.0.0/8
    api:
      dashboard: true
    ports:
      traefik:
        expose: true    
      websecure:
        http3:
          enabled: true
          advertisedPort: 443           	 	    
    ssl:
      enabled: true
      permanentRedirect: false