34 lines
1.5 KiB
Markdown
34 lines
1.5 KiB
Markdown
# Traefik — noble
|
|
|
|
**Prerequisites:** **Cilium**, **MetalLB** (pool + L2), nodes **Ready**.
|
|
|
|
1. Create the namespace (Pod Security **baseline** — Traefik needs more than **restricted**):
|
|
|
|
```bash
|
|
kubectl apply -f clusters/noble/bootstrap/traefik/namespace.yaml
|
|
```
|
|
|
|
2. Install the chart (**do not** use `--create-namespace` if the namespace already exists):
|
|
|
|
```bash
|
|
helm repo add traefik https://traefik.github.io/charts
|
|
helm repo update
|
|
helm upgrade --install traefik traefik/traefik \
|
|
--namespace traefik \
|
|
--version 39.0.6 \
|
|
-f clusters/noble/bootstrap/traefik/values.yaml \
|
|
--wait
|
|
```
|
|
|
|
3. Confirm the Service has a pool address. On the **LAN**, **`*.apps.noble.lab.pcenicni.dev`** can resolve to this IP (split horizon / local DNS). **Public** names go through **Pangolin + Newt** (CNAME + API), not ExternalDNS — see **`clusters/noble/bootstrap/newt/README.md`**.
|
|
|
|
```bash
|
|
kubectl get svc -n traefik traefik
|
|
```
|
|
|
|
Values pin **`192.168.50.211`** via **`metallb.io/loadBalancerIPs`**. **`192.168.50.210`** stays free for Argo CD.
|
|
|
|
4. Create **Ingress** resources with **`ingressClassName: traefik`** (or rely on the default class). **TLS:** add **`cert-manager.io/cluster-issuer: letsencrypt-staging`** (or **`letsencrypt-prod`**) and **`tls`** hosts — see **`clusters/noble/bootstrap/cert-manager/README.md`**.
|
|
|
|
5. **Public DNS:** use **Newt** + Pangolin (**CNAME** at your DNS host + **Integration API** for resources/targets) — **`clusters/noble/bootstrap/newt/README.md`**.
|