Above is a figure to describe relationship about metallb/traefik and kubernetes.

Please reference previous article (Install Kubernetes on ARM64 Ubuntu 18.04)about how to setup environment.

Install Helm

First, install Helm, helm is a kubernetes packages manager. it can help to install traefik, for some package, like traefik, it’s not easy to install manually, I tried, but fail. Use helm to install is a good idea.

Following instruction can download and install helm, or you can visit helm webpage for latest version

Following is command to download and install helm.

wget https://get.helm.sh/helm-v2.15.1-linux-arm64.tar.gz
tar xvf helm-v2.15.1-linux-arm64.tar.gz
sudo mv linux-arm64/helm /usr/bin

Default helm(tiller seems doesn’t support ARM64 archeticture, so, it needs to use third party binary code for tiller. In here we used tiller-multiarch.

helm init --tiller-image=jessestuart/tiller 

Helm install error message

When you run helm install command, if see error message like below, please try to follow this step to solve it. (ref: TILLER AND ROLE-BASED ACCESS CONTROL and forbidden: User “system:serviceaccount:kube-system:default” cannot get namespaces in the namespace “default)

Create a rbac-config.yaml like following text
(ref. User “system:serviceaccount:kube-system:default” cannot get namespaces in the namespace “default” )

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: default

Run following command to create and upgrade helm initial

kubectl create -f rbac-config.yaml
helm init --service-account tiller --history-max 200 --tiller-image=jessestuart/tiller --upgrade

or run those commands directly.

kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
helm init --upgrade --service-account tiller 

Install metallb

Automatically Install

It can use helm to install automatically, first create a metallb-config.yaml, contain like below.

configInline:
   address-pools:
   - name: default 
     protocol: layer2
     addresses:
         - 192.168.110.80-192.168.110.100 

Save it, and run follow command to apply it.

helm install --name=metallb --namespace=metallb-system -f  metallb-config.yaml stable/metallb 

Manually Install

It also can install metallb manually, run following command to install it.
It will install v0.8.1, it can visit metallb website to check latest version.

kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.8.1/manifests/metallb.yaml 

Add a new file name metallb.yaml and put follow text

apiVersion: v1
kind: ConfigMap
metadata:
   namespace: metallb-system
   name: config
data:
   config: |
     address-pools:
     - name: my-ip-space
       protocol: layer2
       addresses:
       - 192.168.110.70/28

Apply it

kubectl apply -f  metallb.yaml 

Install Traefik

Traefik is an open-source Edge Router that makes publishing your services a fun and easy experience.

Following is command to initial helm and used helm to initial traefik.

helm install stable/traefik --name traefik --set dashboard.enabled=true,serviceType=NodePort,dashboard.domain=dashboard-traefik.techarea.org,rbac.enabled=true  --namespace kube-system

Traefik Dashboard

When used helm to install traefik, it also install traefik dashboard on dashboard-traefik.techarea.org.

Used following command to get traefik web service ip

kubectl describe svc traefik --namespace kube-system

It can see a http hosted on 10.44.0.2 , add 10.44.0.2 daskboard-traefik.techarea.org to browser PC’s hosts file, it can use browser to access traefik dashboard .

Create a nginx web site

In here, we create three nginx website, and assigned a external ip address, it will also assign a domain name, traefik will have load balance traffic to all three pods.

First create a new file called nginx.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 4
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1
        ports:
        - name: http
          containerPort: 80

---
apiVersion: v1
kind: Service
metadata:
  name: nginx
spec:
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  type: LoadBalancer
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/rule-type: "PathPrefixStrip"
  name: nginx
spec:
  rules:
  - host: nginx.techarea.org
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx
          servicePort: 80

replicas means how many pods you went to create, in here, we used 3, it will create 3 pods on clients.
host means url, in here is nginx.techarea.org.

used kubectl to apply it.

kubectl apply -f nginx.yaml 

Get current service status

We can see external ip is 192.168.110.80, add 192.168.110.80 nginx.techarea.org to your browser PC’s host file, and used browser to access nginx.techarea.org, it can see welcome nginx.

Test Load Balance

Now we finished install traefik and metallb successfully, next step is to verified does that really work ?

it can use another host to run ab (apache benchmark to do this test) and used htop observe CPU loading.

Following is example to test nginx, if don’t see all CPU has loading, try to increase pods instance, like 4 .

ab -n 1000000 -c 400 -k http://nginx.techarea.org/

Below is example result for nginx load balance. 

See, that’s easy job, right ?

The post ARM64 Kubernetes Nginx Traefik Ingress Load Balance appeared first on richliu's blog.