'Traefik on Kubernetes (GCE/GKE) behind GCE Load Balancer

I've implemented Traefik on Kubernetes following the User Guide. That gives me an ingress-controller and I was able to create an ingress and the traefik-ingress-service listening on 80 and 8080.

I've also setup a "gce" ingress:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: traefik-ingress
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: "gce"
spec:
  tls:
    - secretName: fasedge-tls
  backend:
    serviceName: traefik-ingress-service
    servicePort: 80

What this did was create a GCE Load Balancer which terminates my TLS and should forward all requests to the traefik-ingress-service which is of type NodePort.

GCE Load Balancers require a healthcheck. The default is to the path "/". I thought traefik had a "/ping" so I changed the healthcheck to that. But no matter what I do, I can't get the healthcheck to pass and therefor, my GCE Load Balancer is unhealthy and won't forward any requests to traefik.

Some references say to change the Traefik lb service from NodePort to LoadBalancer but that should be doing the exact same thing as my above Ingress except my Ingress handles the SSL termination.

Anyone else do it this way?

kubernetestraefikgoogle-compute-enginegoogle-kubernetes-engine


Solution 1:[1]

The way to get health check to work on the gce load balancer is to add an argument to the traefik container. The --ping and --ping.entrypoint=http lets me setup a gce health check to the /ping path.

apiVersion: apps/v1beta2
kind: Deployment
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
  labels:
    app: traefik-ingress-controller
spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik-ingress-controller
  template:
    metadata:
      labels:
        app: traefik-ingress-controller
        name: traefik-ingress-controller
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      containers:
        - name: traefik-ingress-controller
          image: "traefik:v1.5.2"
          args:
          - --api
          - --kubernetes
          - --ping
          - --ping.entrypoint=http

Solution 2:[2]

With:

  • traefik: 2.6.3
  • traefik-helm-chart: 10.19.4

I had to add to override the following in my helm installation:

ports:
  traefik:
    healthchecksPort: 8000

service:
  type: NodePort

additionalArguments:
- "--ping.entrypoint=web"

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Nicola Ben
Solution 2 mango

Related Questions