[Feature Request]: Option to deploy traefik in k3s's default namespace kube-system
#1042
Replies: 8 comments 1 reply
-
@schlichtanders Are you sure about this, normally kube-hetzner has traefik deployed on kube-system. See: |
Beta Was this translation helpful? Give feedback.
-
Hi @mysticaltech, it seems that the namespace attribute of a helmchart kind does not really count - the https://github.com/kube-hetzner/terraform-hcloud-kube-hetzner/blob/master/templates/traefik_ingress.yaml.tpl#L15 ---
apiVersion: v1
kind: Namespace
metadata:
name: traefik
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: traefik
namespace: kube-system
spec:
chart: traefik
repo: https://traefik.github.io/charts
targetNamespace: traefik
bootstrap: true
valuesContent: |-
${values} |
Beta Was this translation helpful? Give feedback.
-
I guess the same request holds for nginx, which is currently deployed into its own nginx namespace instead of kube-system. |
Beta Was this translation helpful? Give feedback.
-
@schlichtanders You are right, thanks for the info. Will do but it needs to be backward compatible, so will add a |
Beta Was this translation helpful? Give feedback.
-
@schlichtanders I'm not sure if we should take a development/test K8s setup as a reference for Kube Hetzner. All smaller K8s setups like k3d, kind, etc. do not have presets for production purposes, but just for simplicity and quick/easy deployment. You won't find many best practices there. I'm not sure about the Traefik recommendations, but at least the K8s Ingress NGINX Controller should be installed in a dedicated namespace according to the docs. Technically, it doesn't matter in which namespace ingress controllers are installed, as they usually work across namespaces by default. The only reason to separate it (afaik) is for better RBAC management. See also here: https://kubernetes.github.io/ingress-nginx/deploy/rbac/ Btw, the default namespace for K8s Ingress NGINX Controller is Regarding
Example: metadata:
namespace: kube-system
spec:
targetNamespace: web |
Beta Was this translation helpful? Give feedback.
-
I first stumbled about this with k3d, correct, I now had a second motivation: https://docs.k3s.io/security/hardening-guide I would like to realize the k3s hardening guide on top of kube-hetzner (actually I haven't checked, maybe it is already realized). The documentation is really great and only a few changes would be needed which are well summarized. However, of course, this all assumes that traefik is running inside kube-system |
Beta Was this translation helpful? Give feedback.
-
Thanks for clarifying both, super interesting. It would be good that we move the ingress-nginx NS to |
Beta Was this translation helpful? Give feedback.
-
Description
I am creating a local test environment via k3d (which probably almost everyone else would also prefer for a local test environment similar to kube-hetzner)
I was surprised finding that my traefik configuration mismatched between kube-hetzner and k3d, which seems to be because k3s by default deploys traefik into
kube-system
namespace.Could we create an option to create traefik in this default namespace, or is there a particular preventing reason why the namespace was changed to
traefik
in kube-hetznerBeta Was this translation helpful? Give feedback.
All reactions