Requirements
Supported Platforms¶
Platform name | teectl setup |
---|---|
On-Premise | ✖ |
Kubernetes | ✔ |
AKS | ✔ |
Docker Swarm | ✔ |
DockerEE - Swarm | ✔ |
DockerEE - Kubernetes | ✔ |
Konvoy | ✔ |
OpenShift | ✔ |
Rancher 2 | ✔ |
Networking¶
Here is an overview of the required ports used by the Traefik Enterprise nodes. Those ports must be available on the host. Keep in mind that the entrypoints defined in the static configuration also bind ports on the ingress proxy nodes.
Port | Name | Mode | Node Type | Comments |
---|---|---|---|---|
4242 * | control | internal | Controller | internal cluster management |
8484 | distributed | internal | Ingress Proxy | management of distributed features, like connection/rate limiting |
55055 * | teectl | internal/public | Controller | teectl api access |
* default values, these ports can be changed in the configuration
The internal ports must be available between nodes, no external exposure is required. Those marked with internal/public can be assigned according to the users preference and security requirements.
In addition to those TCP ports, all nodes must have outgoing access to port 53 under TCP and UDP protocols, used for DNS resolution.
To finish, the controllers must have access to v4.license.containous.cloud
on port 443/TCP.
Installation Behind a Proxy¶
In order to install Traefik Enterprise behind a proxy, the manifest files must be edited before being applied to the orchestrator, adding the following environment variables:
HTTP_PROXY
HTTPS_PROXY
NO_PROXY
HTTP_PROXY and HTTPS_PROXY should point to the proxy server and NO_PROXY should be set to a comma separated list of ip addresses or domains that will not pass through the proxy.
NO_PROXY
on Kubernetes
As the controller will make requests to the Kubernetes API server, the NO_PROXY
variable must contain its IP address, which can be obtained with kubectl get service kubernetes
.
Config excerpt example:
[...]
apiVersion: apps/v1
kind: StatefulSet
[...]
containers:
- name: "default-controller"
[...]
env:
- name: HTTP_PROXY
value: myproxy:9999
- name: HTTPS_PROXY
value: myproxy:9898
- name: NO_PROXY
value: "10.23.0.123"
[...]
services:
[...]
controller-0:
[...]
environment:
- HTTP_PROXY="myproxy:9999"
- HTTPS_PROXY="myproxy:9999"
- NO_PROXY="10.23.0.123"