Traefik Dashboard: Ingress and IngressRoute, can they co-exist?

10/28/2020

Recently I am moving a project to Kubernetes and have used Traefik as the ingress controller. For Traefik I have used the Traefik Kubernetes Ingress provider for routing. When I tried to add the Traefik dashboard, I found that seems it can only be added using IngressRoute (ie. using Kubernetes CRD as provider).

I have a few questions:

  • Is it possible to use Traefik Kubernetes Ingress provider to bring up the dashboard?
  • Can I use both kubernetesingress and kubernetescrd as provider? Can both Ingress and IngressRoute co-exist?
-- Ken Tsoi
kubernetes
kubernetes-ingress
traefik
traefik-ingress

1 Answer

11/6/2020

So I have solved the Traefik Dashboard problem using Traefik Kubernetes Ingress only, the answer to the first question is 'Yes':

The following is my configuration:

traefik-deployment.yaml

kind: Deployment
apiVersion: apps/v1
metadata:
  name: traefik
  namespace: ingress-traefik
  labels:
    app: traefik

spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-ingress-controller
      containers:
        - name: traefik
          image: traefik:v2.2
          ports:
            - name: web
              containerPort: 80
            - name: websecure
              containerPort: 443
            - name: admin
              containerPort: 8080
          args:
            - --api
            - --api.insecure=true
            - --api.dashboard=true
            - --providers.kubernetesingress
            - --providers.kubernetescrd
            - --entrypoints.web.Address=:80
            - --entrypoints.websecure.Address=:443

traefik-dashboard-ingress.yaml

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: traefik-dashboard-ingress
  namespace: ingress-traefik
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: web, websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    traefik.ingress.kubernetes.io/router.middlewares: ingress-traefik-traefikbasicauth@kubernetescrd
    cert-manager.io/cluster-issuer: letsencrypt-prod

spec:
  tls:
    - secretName: cert-stage-wildcard

  rules:
    - host: traefik.your-domain.io
      http:
        paths:
          - path: /
            backend:
              serviceName: traefik-service
              servicePort: 8080

The key to bringing up this is to set api.insecure=true, with this I can port-forward and test the Traefik Dashboard on my localhost, and then route the service through the traefik kubernetes ingress.

Another question (Can I use both kubernetesingress and kubernetescrd as provider) is also confirmed to be 'Yes', as I am now using them together, with kubernetesingress for routing and kubernetescrd on the basicAuth MiddleWare.

But I guess the two routing schemes ingress and ingressRoute may not be able to co-exist as they are both for routing and only one of them will be used by the system when both of them exist. Please correct me if I am wrong.

-- Ken Tsoi
Source: StackOverflow