Skip to content

Requirements

Supported Platforms

Platform name teectl setup
On-Premise
Kubernetes
AKS
Docker Swarm
DockerEE - Swarm
DockerEE - Kubernetes
Konvoy
OpenShift
Rancher 2

Networking

Here is an overview of the required ports used by the Traefik Enterprise nodes. Those ports must be available on the host. Keep in mind that the entrypoints defined in the static configuration also bind ports on the ingress proxy nodes.

Port Name Mode Node Type Comments
4242 * control internal Controller internal cluster management
8484 distributed internal Ingress Proxy management of distributed features, like connection/rate limiting
55055 * teectl internal/public Controller teectl api access

* default values, these ports can be changed in the configuration

The internal ports must be available between nodes, no external exposure is required. Those marked with internal/public can be assigned according to the users preference and security requirements.

In addition to those TCP ports, all nodes must have outgoing access to port 53 under TCP and UDP protocols, used for DNS resolution.

To finish, the controllers must have access to v4.license.containous.cloud on port 443/TCP.

Installation Behind a Proxy

In order to install Traefik Enterprise behind a proxy, the manifest files must be edited before being applied to the orchestrator, adding the following environment variables:

  • HTTP_PROXY
  • HTTPS_PROXY
  • NO_PROXY

HTTP_PROXY and HTTPS_PROXY should point to the proxy server and NO_PROXY should be set to a comma separated list of ip addresses or domains that will not pass through the proxy.

NO_PROXY on Kubernetes

As the controller will make requests to the Kubernetes API server, the NO_PROXY variable must contain its IP address, which can be obtained with kubectl get service kubernetes.

Config excerpt example:

[...]
apiVersion: apps/v1
kind: StatefulSet
[...]
    containers:
        - name: "default-controller"
            [...]
            env:
              - name: HTTP_PROXY
                value: myproxy:9999
              - name: HTTPS_PROXY
                value: myproxy:9898
              - name: NO_PROXY
                value: "10.23.0.123"
[...]
services:
[...]
    controller-0:
        [...]
        environment:
          - HTTP_PROXY="myproxy:9999"
          - HTTPS_PROXY="myproxy:9999"
          - NO_PROXY="10.23.0.123"