K3s: Updating Traefik Ingress Configuration

Created on 19 Jan 2020  路  9Comments  路  Source: k3s-io/k3s

I have K3s (release v1.17.0+k3s.1) installed on my Raspberry Pi cluster, running on Raspbian Buster.

I used the standard configuration for installation, and Traefik is being used as the ingress controller.

I would like to disable TLS verification in Traefik by setting the "insecureSkipVerify" setting to "true".
Note. I am running Kubernetes Dashboard with a self-signed certificate. This is on my home network and I'm not too concerned about verifying the validity of the certificate.

K3s appears to install Traefik using a Helm Chart, and I can see the Traefik chart manifest is installed in:
/var/lib/rancher/k3s/server/manifests/traefik.yaml

I have updated the traefik.yaml in this folder to include the additional setting:

apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
  name: traefik
  namespace: kube-system
spec:
  chart: https://%{KUBERNETES_API}%/static/charts/traefik-1.81.0.tgz
  set:
    rbac.enabled: "true"
    ssl.enabled: "true"
    metrics.prometheus.enabled: "true"
    kubernetes.ingressEndpoint.useDefaultPublishedService: "true"
    # New TLS skip verify certificate setting
    ssl.insecureSkipVerify: "true"

How can I apply the updated Traefik settings from my chart manifest file?

picture mkenne11

Most helpful comment

This is too inhumane

picture zhangguanzhang on 26 Aug 2020
👍5

All 9 comments

Make sure your change is still in traefik.yaml and re-run the installer adding --no-deploy=traefik like this:

curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--no-deploy=traefik" sh -
a01fe picture a01fe on 19 Jan 2020
👍2

Thanks very much for your assistance @a01fe :) Btw. I installed k3s using the k3sup tool.

I believe the equivalent command for k3sup is:

k3sup install <standard-install-args> --k3s-extra-args '--no-deploy traefik'

Also, I saw the following recent k3s post where the author changed the traefik manifest file to "traefik-custom.yaml" and also applied the '--no-deploy traefik' argument to achieve the same result:
https://github.com/rancher/k3s/issues/1254

I'll try both suggestions and let you know the results.

mkenne11 picture mkenne11 on 20 Jan 2020

Just confirming that both these methods worked to changed the traefik.yaml settings for my k3s install.

mkenne11 picture mkenne11 on 21 Jan 2020
1

Is there no good way of upgrading the traefik.yaml? Re-installing the entire k3s application just to apply a new Traefik configuration is at best a workaround.
What is the proper way to update the Traefik configuration?

theAkito picture theAkito on 27 Jul 2020

You need to run the installer once with --disable traefik to disable the built-in deployment. After that, all you have to do is change the manifest and k3s will reapply it.

a01fe picture a01fe on 27 Jul 2020

This is too inhumane

zhangguanzhang picture zhangguanzhang on 26 Aug 2020
👍5

k3s 1.19 (and current master builds) include a new HelmChartConfig CRD that can be used to customize the values of a HelmChart without modifying the resource itself. The core use case for this is things like the packaged Traefik deployment. See: https://rancher.com/docs/k3s/latest/en/helm/#customizing-packaged-components-with-helmchartconfig

brandond picture brandond on 26 Aug 2020
🚀2

The default port 443 need to be used by other service and cannot not be changed, to assign another port for k3s, I had to reinstall the k3s server,that is unpractical.Any plan to resolve this?

hwk42 picture hwk42 on 9 Sep 2020

If you don't want to reinstall, you could edit the service and add --disable traefik to the k3s server command line.

a01fe picture a01fe on 10 Sep 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Moep90 picture Moep90  路  3Comments
gilkotton picture gilkotton  路  3Comments
giminni picture giminni  路  3Comments
kcns008 picture kcns008  路  3Comments
jgreat picture jgreat  路  3Comments