- Make sure that Traefik service is installed as a NodeGroup (it can be done with Helm);
- Create global static ip address in GCP (i.e.
my-static-ip); - Deploy default ingress with
kubectlcommand:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: catch-all-ingress
# Namespace where the Traefik is running
namespace: traefik
annotations:
# Name should be the same as in step #2
kubernetes.io/ingress.global-static-ip-name: "my-static-ip"
kubernetes.io/ingress.class: "gce"
spec:
defaultBackend:
service:
name: traefik
port:
name: web
- Deploy test application with
kubectlcommand:
apiVersion: apps/v1
kind: Deployment
metadata:
name: web
namespace: default
spec:
selector:
matchLabels:
run: web
template:
metadata:
labels:
run: web
spec:
containers:
- image: gcr.io/google-samples/hello-app:2.0
imagePullPolicy: IfNotPresent
name: web
ports:
- containerPort: 8080
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: web
namespace: default
spec:
ports:
- port: 80
protocol: TCP
targetPort: 8080
selector:
run: web
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
rules:
- host: your.domain.com
http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: web
port:
number: 80
---
# This default Traefik ingress is created for health checks. Without it load balancer cannot talk to Traefik
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-default-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
defaultBackend:
service:
name: web
port:
number: 80- Create
ADNS record withyour.domain.comdomain and point to ip address that is created in step #2; - Navigate to
http://your.domain.com/and a simple web application will be displayed.
Now, Cloud Armor can be assigned to the default load balancer.