Problem:
If you change the k3os traefik configuration in /var/lib/rancher/k3s/server/manifests/traefik.yaml
directly, all changes will be lost after a reboot.
Solution:
sudo vi /var/lib/rancher/k3os/config.yaml
- Add to the top level k3os part the following:
k3s_args:
- server
- "--no-deploy=traefik"
- Add the changed traefik configuration to the
write_files
section. This could be look like this:
write_files:
- content: |-
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: traefik
namespace: kube-system
spec:
chart: https://%{KUBERNETES_API}%/static/charts/traefik-1.81.0.tgz
set:
rbac.enabled: "true"
ssl.enabled: "true"
ssl.enforced: "true"
acme.enabled: "true"
acme.challengeType: "tls-alpn-01"
acme.email: "admin@yourdomain.com"
acme.staging: "false"
metrics.prometheus.enabled: "true"
kubernetes.ingressEndpoint.useDefaultPublishedService: "true"
image: "rancher/library-traefik"
owner: root
path: /var/lib/rancher/k3s/server/manifests/traefik.yaml
permissions: '0755'
A complete config could look like this:
k3os:
k3s_args:
- server
- "--no-deploy=traefik"
sshAuthorizedKeys:
- github:yourGithubUserName
write_files:
- content: |-
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: traefik
namespace: kube-system
spec:
chart: https://%{KUBERNETES_API}%/static/charts/traefik-1.81.0.tgz
set:
rbac.enabled: "true"
ssl.enabled: "true"
ssl.enforced: "true"
acme.enabled: "true"
acme.challengeType: "tls-alpn-01"
acme.email: "admin@yourdomain.com"
acme.staging: "false"
metrics.prometheus.enabled: "true"
kubernetes.ingressEndpoint.useDefaultPublishedService: "true"
image: "rancher/library-traefik"
owner: root
path: /var/lib/rancher/k3s/server/manifests/traefik.yaml
permissions: '0755'
sudo k3os cfg --boot
Thats it.