The YAML file below is a template you can use to deploy Traefik Ingress Controller on a Kubernetes cluster running on ARM.
Note you will have to define your own hostnames (the template uses host1.internal.local, host2.internal.local and host3.internal.local), your admin email (the template uses letsencrypt@internal.local), and the host you want Traefik to be placed on (the template uses lb.internal.local).
--- apiVersion: v1 kind: ServiceAccount metadata: name: traefik namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: traefik-role rules: - apiGroups: [""] resources: ["services", "endpoints", "secrets"] verbs: - get - watch - list - proxy - use - redirect - apiGroups: - "extensions" resources: - "ingresses" verbs: - get - watch - list - proxy - use - redirect --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: traefik-role roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: traefik-role subjects: - kind: ServiceAccount name: traefik namespace: kube-system --- kind: ConfigMap apiVersion: v1 metadata: name: traefik-https-cfg namespace: kube-system data: traefik.toml: | # traefik.toml defaultEntryPoints = ["http","https"] [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] [acme] email = "letsencrypt@internal.local" storage = "/etc/traefik/acme.json" entryPoint = "https" onDemand = true onHostRule = true caServer = "https://acme-v01.api.letsencrypt.org/directory" [[acme.domains]] main = "host1.internal.local" sans = ["host2.internal.local", "host3.internal.local"] --- apiVersion: v1 kind: Deployment apiVersion: extensions/v1beta1 metadata: name: traefik-ingress-controller-https namespace: kube-system labels: k8s-app: traefik-ingress-controller-https spec: replicas: 1 selector: matchLabels: k8s-app: traefik-ingress-controller-https template: metadata: labels: k8s-app: traefik-ingress-controller-https spec: serviceAccount: traefik terminationGracePeriodSeconds: 15 hostNetwork: true nodeSelector: kubernetes.io/hostname: lb.internal.local volumes: - name: traefik-cache hostPath: path: /tmp/traefik - name: traefik-config configMap: name: traefik-https-cfg containers: - image: traefik name: traefik-ingress-controller resources: limits: cpu: 1500m memory: 30Mi requests: cpu: 100m memory: 20Mi ports: - name: http containerPort: 80 hostPort: 80 - name: https containerPort: 443 hostPort: 443 - name: admin containerPort: 8888 volumeMounts: - mountPath: /etc/traefik name: traefik-cache - mountPath: /config-files name: traefik-config args: - --web - --web.address=:8888 - --kubernetes - --logLevel=INFO - --configFile=/config-files/traefik.toml
Posted January 2nd, 2018