Traefik on single node Kubernetes

Install helm

curl https://get.helm.sh/helm-v3.2.1-linux-amd64.tar.gz | tar zxvf -
sudo cp linux-amd64/helm /usr/local/bin/helm

Install chart repos

helm repo add stable https://kubernetes-charts.storage.googleapis.com/
helm repo add traefik https://containous.github.io/traefik-helm-chart
helm repo update

Value overrides

Create a values.yaml override file.

Change the URL for certificatesresolvers.leresolver.acme.caserver to https://acme-v02.api.letsencrypt.org/directory for production certs.

Replace YOUR_EMAIL with your email address.

Replace YOUR_IP with the IP address of your single node kubernetes host.

Change ports.traefik.expose if you don't want to expose the Traefik dashboard.

Change STORAGE_CLASS to your prefered storage class to hold the persistant acme certs.

globalArguments:
  - "--global.sendanonymoususage=false"
additionalArguments:
  - "--certificatesresolvers.leresolver.acme.email=YOUR_EMAIL"
  - "--certificatesresolvers.leresolver.acme.storage=/data/acme.json"
  - "--certificatesresolvers.leresolver.acme.tlschallenge=true"
  - "--certificatesresolvers.leresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
ports:
  traefik:
    port: 9000
    expose: true
    exposedPort: 9000
  web:
    port: 8000
    expose: true
    exposedPort: 80
  websecure:
    port: 8443
    expose: true
    exposedPort: 443
service:
  enabled: true
  type: ClusterIP
  annotations: {}
  spec: {}
  loadBalancerSourceRanges: []
  externalIPs: [YOUR_IP]
persistence:
  enabled: true
  accessMode: ReadWriteOnce
  size: 128Mi
  storageClass: "STORAGE_CLASS"
  path: /data
  annotations: {}
securityContext:
  runAsGroup: 65534
  runAsUser: 65534
podSecurityContext:
  fsGroup: 65534

Deploy traefik

kubectl create ns traefik
helm install --namespace=traefik traefik traefik/traefik -f values.yaml

Create a middleware to redirect http to https

Create middlewares.yaml file

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: https-only
  namespace: traefik
spec:
  redirectScheme:
    scheme: https
    port: "443"
    permanent: true

kubectl create -f middlewares.yaml