traefik

Overview

Namespace: traefik
Purpose: Traefik Ingress Controller and Reverse Proxy
Age: 310 days
Status: Active

Workloads

Deployments

Name	Replicas	Status	Age	Purpose
traefik	1/1	Ready	310d	Ingress controller and reverse proxy

Services

Name	Type	Cluster IP	External IP	Ports	Purpose
traefik	LoadBalancer	10.29.42.149	34.124.193.217	80, 443	External ingress

External Access

The Traefik ingress is exposed via LoadBalancer:

HTTP: http://34.124.193.217:80
HTTPS: https://34.124.193.217:443

Features

Traefik provides:

Ingress Controller: Manages Kubernetes Ingress resources
Automatic Service Discovery: Auto-detects services
Load Balancing: Distributes traffic across pods
SSL/TLS: Automatic HTTPS with Let's Encrypt (if configured)
Middleware: Request transformation, auth, rate limiting
Metrics: Prometheus metrics endpoint
Dashboard: Web UI for monitoring (if enabled)

Management

View resources:

kubectl get all -n traefik

Check pod status:

kubectl get pods -n traefik -o wide

View logs:

kubectl logs -f deployment/traefik -n traefik

Restart:

kubectl rollout restart deployment/traefik -n traefik

Access Traefik dashboard (if enabled):

# Port forward to access dashboard
kubectl port-forward -n traefik deployment/traefik 9000:9000
# Open http://localhost:9000/dashboard/

Configuration

View ConfigMaps:

kubectl get configmaps -n traefik
kubectl describe configmap -n traefik

View deployment configuration:

kubectl get deployment traefik -n traefik -o yaml

Check Traefik IngressRoutes:

kubectl get ingressroutes -n traefik
kubectl get ingressroutes --all-namespaces

View traditional Ingress resources:

kubectl get ingress --all-namespaces

Monitoring

Resource usage:

kubectl top pods -n traefik

Events:

kubectl get events -n traefik --sort-by='.lastTimestamp'

Metrics (if Prometheus is configured):

# Port forward to metrics endpoint
kubectl port-forward -n traefik deployment/traefik 8080:8080
# Access http://localhost:8080/metrics

Ingress Management

List all ingress resources:

kubectl get ingress --all-namespaces
kubectl get ingressroutes --all-namespaces  # Traefik CRD

Example: Create an Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: example-service
            port:
              number: 80

High Availability

x Single Point of Failure: Currently running 1 replica.

For production high availability:

# Scale to 2+ replicas
kubectl scale deployment traefik -n traefik --replicas=3

Benefits of multiple replicas:

No downtime during updates
Better traffic distribution
Resilience to pod failures

SSL/TLS Configuration

Check if Let's Encrypt is configured:

kubectl get certificates --all-namespaces
kubectl get certificaterequests --all-namespaces

Recommendations

High Availability:
- x Currently 1 replica - consider 2-3 for production
- Add anti-affinity rules to spread across nodes
Monitoring:
- Enable Prometheus metrics
- Set up alerts for high error rates
- Monitor response times
Security:
- Ensure TLS/SSL is properly configured
- Implement rate limiting middleware
- Use authentication middleware where needed
- Keep Traefik version updated
Resource Limits:
- Define resource requests and limits
- Monitor memory and CPU usage under load
Dashboard:
- Enable dashboard for better visibility
- Secure dashboard access (not publicly exposed)

Troubleshooting

Ingress not working:

# Check Traefik logs
kubectl logs -f deployment/traefik -n traefik

# Check ingress resources
kubectl describe ingress <ingress-name> -n <namespace>

# Verify service endpoints
kubectl get endpoints <service-name> -n <namespace>

SSL certificate issues:

# Check certificate status
kubectl describe certificate <cert-name> -n <namespace>

# Check cert-manager logs (if using cert-manager)
kubectl logs -n cert-manager deployment/cert-manager

High latency:

# Check pod resources
kubectl top pods -n traefik

# Check for errors in logs
kubectl logs deployment/traefik -n traefik | grep -i error

# Verify backend service health
kubectl get pods --all-namespaces

Overview​

Workloads​

Deployments​

Services​

External Access​

Features​

Management​

View resources:​

Check pod status:​

View logs:​

Restart:​

Access Traefik dashboard (if enabled):​

Configuration​

View ConfigMaps:​

View deployment configuration:​

Check Traefik IngressRoutes:​

View traditional Ingress resources:​

Monitoring​

Resource usage:​

Events:​

Metrics (if Prometheus is configured):​

Ingress Management​

List all ingress resources:​

Example: Create an Ingress​

High Availability​

SSL/TLS Configuration​

Recommendations​

Troubleshooting​

Ingress not working:​

SSL certificate issues:​

High latency:​

Documentation​