Ingress with Traefik

How traffic routing works in your infrastructure

Siovos uses Traefik as the ingress controller to route external traffic to your services inside Kubernetes.

What is an Ingress Controller?#

An ingress controller acts as the entry point for HTTP/HTTPS traffic into your cluster. It:

  • Routes requests to the correct service based on hostname
  • Terminates SSL/TLS (handles HTTPS certificates)
  • Can apply middleware (rate limiting, authentication, etc.)

How Routing Works#

When you create an Ingress resource in Kubernetes, Traefik automatically picks it up and configures the route:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-app
  namespace: my-namespace
  annotations:
    cert-manager.io/cluster-issuer: step-ca-issuer
spec:
  ingressClassName: traefik
  tls:
    - hosts:
        - my-app.internal
      secretName: my-app-tls
  rules:
    - host: my-app.internal
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: my-app
                port:
                  number: 80

Key points:

  • ingressClassName: traefik tells Kubernetes to use Traefik
  • The cert-manager.io/cluster-issuer annotation requests an automatic certificate
  • The tls block enables HTTPS with the generated certificate

Automatic HTTPS Certificates#

Traefik works with cert-manager to provide automatic HTTPS for all your services. See Certificate Management for details.

Using Traefik IngressRoute (Optional)#

For advanced routing, Traefik provides its own CRD called IngressRoute:

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: my-app
  namespace: my-namespace
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`my-app.internal`)
      kind: Rule
      services:
        - name: my-app
          port: 80
  tls:
    secretName: my-app-tls

IngressRoute provides more features like:

  • Weighted load balancing
  • Header-based routing
  • Middleware chains

Middleware#

Traefik middleware can transform requests. Common use cases:

Basic Authentication:

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: basic-auth
spec:
  basicAuth:
    secret: auth-secret

Rate Limiting:

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: rate-limit
spec:
  rateLimit:
    average: 100
    burst: 50

Redirect HTTP to HTTPS:

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: redirect-https
spec:
  redirectScheme:
    scheme: https
    permanent: true

Apply middleware to an IngressRoute:

spec:
  routes:
    - match: Host(`my-app.internal`)
      middlewares:
        - name: basic-auth
        - name: rate-limit

Troubleshooting#

Route not working#

  1. Verify your Ingress/IngressRoute has no errors: kubectl describe ingress my-app
  2. Ensure the backend service exists and has endpoints

Certificate issues#

See Troubleshooting for SSL/TLS problems.

404 errors#

  • Check the host matches exactly (including domain suffix)
  • Verify the path matches your application's routes
  • Ensure the service port is correct

Next Steps#

Was this page helpful?