kubectl apply -f <https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/experimental-install.yaml>
helm repo add traefik <https://traefik.github.io/charts>
helm repo update
helm show values traefik/traefik > traefik-values.yaml
---
provider:
kubernetesGateway:
enabled: true
# On the newest version, you don't need this anymore. Just leave it false
experimental:
kubernetesGateway:
enabled: true # false
# ctrl + w dashboard
enabled: true
# Optional if you use cert-manager for automatic certificate renewal
# Or you can just create your own gateway (Recommended Way)
gateway:
listeners:
websecure:
certificateRefs:
- name: "tls-secret-name" # Got from secretName: <value>
namespace: "cert-manager" # from cert-manager Certificate
FOR USING CERT-MANAGER ONLY:
IMPORTANT: You need ReferenceGrant for this to work! This is because you want to take a secret from another namespace, which is disallowed by default for security purposes.
By using Reference Grant, you allow certain secrets to be accessed on another namespace.
apiVersion: gateway.networking.k8s.io/v1beta1
kind: ReferenceGrant
metadata:
name: allow-traefik-to-access-cert
namespace: cert-manager # This is the namespace where the secret resides
spec:
from:
- group: gateway.networking.k8s.io
kind: Gateway
namespace: traefik # The namespace where your Gateway is
to:
- group: ""
kind: Secret
name: davenathaniel-my-id-tls # The name of your TLS secret
helm install traefik traefik/traefik --values traefik-values.yaml -n traefik --create-namespace
# To update a new traefik values
helm upgrade traefik traefik/traefik -n traefik -f traefik-values.yaml
# Exposing traefik dashboard directly
kubectl -n traefik port-forward <traefik-pod-id> 9000:9000