2 min read

K3s Traefik dashboard

To install the K3s, on the new VM instance, you can simply run the script in the terminal:

curl -sfL https://get.k3s.io | sh -

After the installation and initial setup process (which can take a few minutes), you can access the k3s cluster using the kube config file located at the /etc/rancher/k3s/k3s.yaml.

Configure access to the cluster

First way

To access the cluster copy the k3s.yaml to the ~/.kube/config.

$ mkdir ~/.kube
$ cp ~/.kube/config ~/.kube/config.bak
$ sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config

Second way

After the installation and initial setup process (which can take a few minutes), you can access the k3s cluster using the kube config file located at the /etc/rancher/k3s/k3s.yaml.

You can easily use this file as a Kube config exporting KUBECONF environment variable.

export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
ubuntu@k3s:~$ k get pods -n kube-system
NAME                                      READY   STATUS
local-path-provisioner-6c79684f77-zv678   1/1     Running
coredns-d76bd69b-j9b6z                    1/1     Running
metrics-server-7cd5fcb6b7-g5ff6           1/1     Running
helm-install-traefik-crd-w7b52            0/1     Completed
helm-install-traefik-tnt4w                0/1     Completed
svclb-traefik-c7zxl                       2/2     Running
traefik-df4ff85d6-w8wn4                   1/1     Running

It can be possible for path /etc/rancher to be under root ownership so you should set permissions accordingly for the user. For the current setup: sudo chown $USER /etc/rancher/k3s/k3s.yaml.

Configure traefik dashboard on the k3s

K3s is managing Traefik using CRs and helm-controller. To configure Traefik to expose the dashboard apply the next YAML configuration.

K3s install URL from above will install Traefik by default.

$ kubectl get pods -n kube-system
NAME                                     READY   STATUS              RESTARTS   AGE
local-path-provisioner-957fdf8bc-rhxr4   1/1     Running             0          109s
metrics-server-648b5df564-djdwd          1/1     Running             0          109s
coredns-77ccd57875-ps9v7                 1/1     Running             0          109s
traefik-7fbbb44c44-d2t9q                 0/1     ContainerCreating   0          23s
helm-install-traefik-crd-dlkkx           0/1     Completed           0          109s
helm-install-traefik-fvz42               0/1     Completed           1          109s
svclb-traefik-923b92ea-gszp9             2/2     Running             0          23s

Traefik dashboard is disabled by default. You need to enable it explicitly.

K3s uses HelmChartConfig object to install helm charts. Using the HelmChartConfig below will restart the cluster and expose the dashboard.

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
  name: traefik
  namespace: kube-system
  valuesContent: |-
      - "--api"
      - "--api.dashboard=true"
      - "--api.insecure=true"
        expose: true
        allowCrossNamespace: true

It's important to say that you need to specify the namespace as kube-system, since Traefik should be running there.

When you run kubectl apply -f traefik-custom-conf.yaml, Traefik will be restarted and the new pod will pick up the configuration provided (Can take some time).

If you want to persist the changes on k3s restart you can create a new file in the /etc/rancher/k3s/server/manifests/ named traefik-anything-you-want.yaml and k3s will pick up the configuration on file change and k3s restarts.

➜ kubectl get svc -n kube-system
NAME             TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                                     AGE
kube-dns         ClusterIP      <none>        53/UDP,53/TCP,9153/TCP                      121d
metrics-server   ClusterIP   <none>        443/TCP                                     121d
traefik          LoadBalancer      9000:31012/TCP,80:32380/TCP,443:31450/TCP   121d

You will see the 9000 port exposed in the service trefik. This is the traefik port and you can access the dashboard via 9000 port.

Access traefik dashboard

If you installed directly on your operating system you can access the Traefik dashboard via IP of your machine.


Ingresses are exposed via 80 and 443 ports.