|Platform name||teectl setup|
|DockerEE - Swarm||✔|
|DockerEE - Kubernetes||✔|
Here is an overview of the required ports used by the Traefik Enterprise nodes. Those ports must be available on the host. Keep in mind that the entrypoints defined in the static configuration also bind ports on the ingress proxy nodes.
|4242 *||control||internal||Controller||internal cluster management|
|8484||distributed||internal||Ingress Proxy||management of distributed features, like connection/rate limiting|
|55055 *||teectl||internal/public||Controller||teectl api access|
* default values, these ports can be changed in the configuration
The internal ports must be available between nodes, no external exposure is required. Those marked with internal/public can be assigned according to the users preference and security requirements.
In addition to those TCP ports, all nodes must have outgoing access to port 53 under TCP and UDP protocols, used for DNS resolution.
To finish, the controllers must have access to
v4.license.containous.cloud on port 443/TCP.
Installation Behind a Proxy¶
In order to install Traefik Enterprise behind a proxy, the manifest files must be edited before being applied to the orchestrator, adding the following environment variables:
HTTP_PROXY and HTTPS_PROXY should point to the proxy server and NO_PROXY should be set to a comma separated list of ip addresses or domains that will not pass through the proxy.
NO_PROXY on Kubernetes
As the controller will make requests to the Kubernetes API server, the
NO_PROXY variable must contain its IP address, which can be obtained with
kubectl get service kubernetes.
Config excerpt example:
[...] apiVersion: apps/v1 kind: StatefulSet [...] containers: - name: "default-controller" [...] env: - name: HTTP_PROXY value: myproxy:9999 - name: HTTPS_PROXY value: myproxy:9898 - name: NO_PROXY value: "10.23.0.123"
[...] services: [...] controller-0: [...] environment: - HTTP_PROXY="myproxy:9999" - HTTPS_PROXY="myproxy:9999" - NO_PROXY="10.23.0.123"