Traefik Ingress for DNS Wildcard-Based Service Exposured on Kubernetes

Kubernetes, an open-source platform for managing containerized workloads and services, offers amazing flexibility in deploying and scaling applications. A key aspect of this flexibility lies in Kubernetes’ network routing, especially when it comes to Ingress controllers like Traefik. In this blog post, we delve into the details of Traefik Ingress and discuss how it can be effectively leveraged to expose a service through DNS wildcard to services running on Kubernetes.

Understanding Traefik Ingress

Traefik is an open-source reverse proxy and load balancer, designed to simplify the routing and exposing of services. In Kubernetes, the Traefik Ingress controller plays an essential role. It acts as a router that controls all inbound traffic in the cluster, routing each request to the appropriate service based on the defined routing rules.

One of the main benefits of using Traefik is its dynamic configuration capabilities. It can automatically discover services, adapt to changes in real-time, and support many backends, making it a robust choice for Kubernetes environments.

The Power of DNS Wildcards with Traefik

A DNS wildcard is a record in the Domain Name System that will match requests for non-existent subdomains. When used in conjunction with Traefik, DNS wildcards can significantly enhance the flexibility of service routing within a Kubernetes cluster.

Consider a scenario where you have multiple microservices each running under a unique subdomain. Instead of defining each service separately, you can leverage a DNS wildcard record. In this case, any request to a subdomain (*.example.com) would be directed to the corresponding service on your Kubernetes cluster.

Components Involved in Wildcard-Based Service Exposure

1. Traefik Ingress Controller: The Ingress controller is a Kubernetes component that manages inbound traffic based on defined Ingress rules. With Traefik, you can set up dynamic Ingress routing that supports DNS wildcard records.
2. Ingress Resource: This is a Kubernetes resource where you define the routing rules for inbound traffic. For wildcard DNS routing, you would create an Ingress resource that includes a host rule for the wildcard DNS record (e.g., *.example.com).
3. DNS Wildcard Record: A DNS wildcard record (e.g., *.example.com) needs to be configured in your DNS provider. This will direct all subdomain traffic to the IP address of your Traefik Ingress controller.
4. Kubernetes Service: This is the application or set of pods in your Kubernetes cluster that you want to expose externally. The Service needs to be configured properly to respond to requests from the Traefik Ingress controller.

How It Works Together

When a user sends a request to a subdomain (e.g., service1.example.com), the DNS provider will resolve this to the IP of the Traefik Ingress controller due to the wildcard DNS record. Traefik will then inspect the host header of the HTTP request and match it against the routing rules defined in the Ingress resources.

If a match is found (e.g., a rule for *.example.com), the request will be forwarded to the corresponding Kubernetes Service. If the service is set up correctly, it will handle the request and send a response back to the user through Traefik.

Example

Below is an example of a Kubernetes Deployment for an Nginx pod along with a Traefik IngressRoute that exposes the Nginx service. Note that this configuration assumes that Traefik is installed and properly configured in your Kubernetes cluster.

First, let’s create a simple Nginx Deployment and Service:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.19.0
        ports:
        - containerPort: 80

---

apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  selector:
    app: nginx
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80

You can apply this configuration with kubectl apply -f nginx.yaml.

Next, let’s create an IngressRoute for Traefik. The IngressRoute is a custom resource definition (CRD) provided by Traefik.

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: nginx-ingressroute
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`nginx.yourdomain.com`)
    kind: Rule
    services:
    - name: nginx-service
      port: 80

Replace ‘nginx.yourdomain.com’ with your desired domain name or subdomain name. After replacing, apply this configuration with kubectl apply -f ingressroute.yaml.

Now, any requests to ‘nginx.yourdomain.com’ should be routed to your Nginx pod.

Please note that Traefik must be correctly configured to use the IngressRoute CRD. Also, ensure your domain DNS settings are correctly pointing to the IP address of your Traefik service, and make sure that the Traefik service is exposed and accessible from outside your Kubernetes cluster.

Conclusion

Using Traefik with DNS wildcards provides a powerful, scalable solution for managing the exposure of services on a Kubernetes cluster. While it requires some initial setup, the flexibility and control offered by this approach are unmatched, making it an excellent choice for dynamic and microservices-based architectures.