Install Traefik with Network Load Balancer

# Install Traefik with Network Load Balancer When your Kubenrnetes clusters is in AWS and you deploy the default traefik using its helm chart it brings up a `classic load balancer` as its choice of load balancer. The `classic load balancer` is legacy load balancer provided by AWS. We can switch the default behavior of Traffic to expose a `Network Load Balancer` instead of the `Classic Load Balancer` by modifiying the helm-chart used for the installation. If you are using a different approach your steps might slighty vary. ## Prerequisites 1. A running DKP 2.1+ cluster running in AWS. 2. Helm 3 installed on your workstation. 3. Admin access to the DKP cluster. ### Step 1: Create namespace for the Ingress controller. Ingress controllers are cluster level objects so when you create it in a specific namespace all the other namespaces should be able to leverage it. Keeping it in a seperate namespace would just improve your security posture. You can also use an existing suitable namespace ```bash= kubectl create namespace <your-namespace> ``` Once the namespace is created let's switch your context to our namespace. If you are using an exiting namespace you can skip the previous step and just run this command. ```bash=2 kubectl config set-context --current --namespace=<your-namespace> ``` For all those cool kids using [kubectx](https://github.com/ahmetb/kubectx) then you can instead use this command ```bash=2 kubens <your-namespace> ``` This prepares us for depoying traefik. ### Step 2 : Configure helm repo Add Traefik's helm chart repository to your local environment ```bash=1 helm repo add traefik https://helm.traefik.io/traefik ``` Update the repo to ensure you have the lastest artifacts ```bash=2 helm repo update ``` You can install the traefik using helm install command now. However we would do not want to use the default helm chart. Let's create a values files in which we can define overides for defaults. Use the below There is a custom annotation that's added to the service spec line-9 in the default values file which swaps the clb --> nlb. `service.beta.kubernetes.io/aws-load-balancer-type: nlb` Note: this is partial values file not the entirity. If can downloaded the complete values file from offical if you like from [here](https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml) ```bash cat << 'EOF' > custom-values.yaml # This is just the service section of the default values.yaml file service: enabled: true type: LoadBalancer # Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config) annotations: service.beta.kubernetes.io/aws-load-balancer-type: nlb # Additional annotations for TCP service only annotationsTCP: {} # Additional annotations for UDP service only annotationsUDP: {} # Additional service labels (e.g. for filtering Service by custom labels) spec: {} externalTrafficPolicy: local # loadBalancerIP: "1.2.3.4" # clusterIP: "2.3.4.5" loadBalancerSourceRanges: [] # - 192.168.0.1/32 # - 172.16.0.0/16 externalIPs: [] # - 1.2.3.4 # One of SingleStack, PreferDualStack, or RequireDualStack. # ipFamilyPolicy: SingleStack EOF ``` This should bring up NLB instead of classic load balancer when you deploy traefik.