Customizing the Manifest File¶
Once the manifest file is generated, it can be reviewed and customized if necessary.
The following aspects should be taken into account:
- Resource Requests and Limits. Controllers and proxies both come with enforced resource limits. The defaults are voluntarily kept large to fit most use cases. They can be adjusted to better fit the targeted installation.
- Network Configuration and Exposed Ports. By default, the proxy deployment is configured to expose ports
80
and443
. However, if other ports are required, they should be changed to match the proxy deployment and the associated service. - Readiness Probes. The proxy deployment comes with readiness probes disabled by default, as it is related to the entry points configured on the cluster. The probes should be configured accordingly and enabled to avoid sending traffic to non-configured proxies.
- Environment variables. To use Datadog or ACME DNS Challenge, for instance, environment variables should be configured on proxies or controllers.
Common Scenarios Requiring Customization¶
External Load Balancer¶
By default, the manifest files generated by teectl setup gen
include a service definition with a LoadBalancer type for the proxies.
This service type relies on the cloud provider's ability to create an external load balancer, while automatically creating a ClusterIP and NodePort that will be targeted by it.
While this is fine for most use cases, it's also common to not want to dynamically create load balancers but instead use an external load balancer to route to Kubernetes services via ClusterIP or NodePort.
To achieve this, the service type must be changed in the manifest file before applying it to the cluster:
apiVersion: v1
kind: Service
#[...]
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: https
#[...]
apiVersion: v1
kind: Service
#[...]
spec:
type: ClusterIp
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: https
#[...]
With this configuration, the load balancer can target either the address of individual nodes running the proxy service or the cluster IP address.
Port management when using NodePort
When setting the NodePort field to a fixed port, the management of port conflicts is the cluster operator's responsibility.
Custom Cluster Domain¶
If your Kubernetes cluster does not use the default cluster.local
domain name, you need to update the initContainers
section for the proxies and the controllers.
Below is an example of customization with my-custom.domain
as cluster domain value:
#[...]
initContainers:
- name: wait-dns
image: busybox:1.31.1
command: ['sh', '-c', 'until nslookup -type=a default-ctrl-svc.traefikee.svc.my-custom.domain; do echo waiting for published dns records; sleep 1; done;']
resources:
requests:
memory: "10Mi"
cpu: "100m"
limits:
memory: "100Mi"
cpu: "1000m"
#[...]
Using KubeDNS with service mesh enabled¶
If Traefik Enterprise is installed with service mesh enabled and the Kubernetes cluster is using KubeDNS, the CoreDNS
section in the manifest needs to be updated.
Below is an example with the custom domain example.org
:
```yaml
#[...]
Corefile: |
.:53 {
errors
health
kubernetes example.org in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
#[...]
```