Thumbnail image

Installing Microk8s With Traefik and Metallb

For some time, I have been writing about setting up Traefik, with docker, and using it as a reverse proxy, for my workloads.

I have been running a stand alone Docker host, for a while, but due to changes in my job (more about that in the next post), I wanted to change this to Kubernetes instead, to get a lot more hands on.

I have been a fan of Traefik, for quite some time. But getting it up and running on Kubernetes, has not been easy. I think that it’s mostly due to Kubernetes evolving so fast, so the guides out there, quickly get’s outdated (or maybe it’s just my lack of knowledge)

I ended up asking on the Traefik forum for help, and I got pointed to a Youtube channel, that had a lot of good videos, on how to set this up. A big thanks to Ramon Tayag for pointing me this way.

The playlist, that helped me, was this one, but there is so much good content in there, so I highly recommend giving the channel a subscribe, and a lot of likes, for the awsome work.

This is my attempt, to write a simple guide, based on these youtube videos, on how to get Microk8s, up and running with Traefik and MetalLB.

There are a lot of Kubernetes distributions out there. VMware just released a community version, of Tanzu, that I highly recommend, you take a look at, if you are looking into Kubernetes.

Expect to se a blog post or 2, around tthat in the future :-)

But since this was done, before Tanzu community edition was released, I will stick with MicroK8S, for this guide.

Let’s get started.


I’m using a cleanly installed Ubuntu 20.04 for this guide.

Microk8S is deliveres as a Snap package, so it’s easy to install.

Start by installing Snap, and nfs-common, if you want to use NFS for external storage (we will use this later in the guide).

apt update && apt install snapd nfs-common

Install MicroK8s.

snap install microk8s --classic

This will install a single Kubernetes host. If you want more, then follow the documentation, on how to do this.

To get the details for connection to the server, from your own laptop, type

microk8s config

For documentation and howto’s on MicroK8S take a look at the website.


Next step is install MetalLB, to get an external ipadress, that we can use for Traefik.

Reserve an iprange that it can use, and enable metalLB using the following command (substitute this range, with yours)

microk8s enable metallb:

You now have a working Loadbalancer service, that we can use.


Traefik requires storage, for saving the certificates it pulls from Let’s Encrypt. In my case, I have used NFS. So if you want to do the same, then make sure you have some NFS storage, that you can access from your Kubernetes cluster.

We then add the Helm repo, update it, and deploy it to the cluster, in a namespace, called Operations. Replace ipadress and path, to make it fit your storage.

helm repo add nfs-subdir-external-provisioner
helm repo update
helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner -n operations \
    --set nfs.server= \
    --set nfs.path=/volume1/kube \
    --set storageClass.archiveOnDelete=false \
    --set storageClass.defaultClass=true 

If you run

kubectl get sc

Get SC

you shuld now see you new storage class, with a (default) after it, showing that it’s the default storage, meaning we don’t have to specify it later. If you want other configurations, then look at the Github page, for the project. for documentation.


To install Traefik we add the Helm repo (There is also a build in option, but that is for another guide).

helm repo add traefik
helm repo update
helm show values traefik/traefik > traefik-values.yaml
helm install traefik traefik/traefik -n traefik --create-namespace

Traefik is now installed in the namespace traefik, and we have a config file, that we can edit, to make it fit our needs.

Open traefik-values.yaml and edit/add the following options.

  - --certificatesresolvers.letsencrypt.acme.tlschallenge=true
  - --certificatesresolvers.letsencrypt.acme.caserver=


  enabled: true
  name: data
#  existingClaim: ""
  accessMode: ReadWriteOnce
  size: 128Mi
  # storageClass: ""
  path: /data
  annotations: {}

and the update your Traefik deployment using

helm upgrade --install traefik traefik/traefik --values traefik-values.yaml -n traefik

If you have DNS and port forward in place, you should be able to expose your traefik dashboard, with an Let’s Encrypt certificate, by creating the file dashboard.yaml with the following content

kind: IngressRoute
  name: dashboard
    - websecure
    - match: Host(`your public DNS name`) 
      kind: Rule
        - name: api@internal
          kind: TraefikService
    certResolver: letsencrypt

and running

kubectl apply -f dashboard.yaml

To check that the dashboard is working go to https://yoururl/dashboard/ remember the last / it’s important.

You should also see, that a file acme.json shows up, in a folder traefik-traefik-pvc-xxxxxxx in the nfs directory you specified. This is the certificate, that Traefik get’s from Let’s Encrypt.

Exposing apps

You can now expose your apps, by creating an IngressRoute, in the following way, on your apps. The TLS part, tells Traefik to pull a valid certificate from Let’s Encrypt.

kind: IngressRoute
  name: whoami-https
    - websecure
    - match: Host(`your-dns-name`)
      kind: Rule
        - name: whoami-service
          port: 80
    certResolver: letsencrypt


There is probably tons of more stuff, I could show, but this must be it for now. I hope this guide, can help some of you, that is also struggeling.

And again I highly recommend that you take a look at the Youtube Channel if you want to learn more.

Photo by kimi lee on Unsplash