K3S: Traefik Dashboard activation

Very new to the Kubernetes world I just installed K3S. All good and running.
As I see, Traefik was already installed. Got my first Ingress rule running.

But for hours I am not able to figure out, what steps need to be done to get the Traefik Dashboard running. Too many different guidelines that might not fit here.

with

kubectl -n kube-system edit configmap traefik

I found the configuration file and after “traefik.toml:” I added “dashboard = true

Is this the correct location? What else needs to be done? Do I need to set Ingress rule? Kind of some “steps needed” guide would be great.

Thanks,
Wolfram

I usually edit the Helm chart directly on the master by SSH-ing into it as user rancher:

sudo vi /var/lib/rancher/k3s/server/manifests/traefik.yaml

apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
  name: traefik
  namespace: kube-system
spec:
  chart: https://%{KUBERNETES_API}%/static/charts/traefik-1.81.0.tgz
  set:
    rbac.enabled: "true"
    ssl.enabled: "true"
    metrics.prometheus.enabled: "true"
    kubernetes.ingressEndpoint.useDefaultPublishedService: "true"
    image: "rancher/library-traefik"
    dashboard.enabled: "true"             # <-- add this line
    dashboard.domain: "traefik.internal"  # <-- and this one with a resolvable DNS name

Helm will pick up the changes automagically and the dashboard will be available under http://traefik.internal/dashboard/.
Keep in mind that after a reboot of the master the file will be restored without the added lines.

1 Like

Thanks, got it running.

Hello,

Do you know how to keep this change persistent ?

Best regards

I did it the different way and did not use Rancher Traefik manifests at all. Regular Traefik installation into Kubernetes. This will survive reboot, BUT (in my case) only accessible via localhost (ssh tunnel to local machine). This works for me well enough.
Wolfram

@hbokh editing the traefik.yaml file didn’t work for me. I manually started the k3s server using the “–disable traefik” flag and deployed your yaml above and still no luck. Anything else I could try?

It worked for me. After adding dashboard enabled:true, you can use kubectl apply -f /var/lib/rancher/k3s/server/manifests/traefik.yaml to get the dashboard up n running

Thank you @Kunchala_Vikram it just worked for me without adding the “dashboard.domain” line.

This is what I’ve done to make change persistant.
Edited/creted a config.yaml file under /var/lib/rancher/k3os/ folder like this:

k3os-13082 [~]$ sudo cat /var/lib/rancher/k3os/config.yaml
k3os:
k3s_args:

  • “server”
  • “–no-deploy=traefik”
    write_files:
  • encoding: “”
    content: |
    apiVersion: helm.cattle.io/v1
    kind: HelmChart
    metadata:
    name: traefik
    namespace: kube-system
    spec:
    chart: https://%{KUBERNETES_API}%/static/charts/traefik-1.81.0.tgz
    set:
    rbac.enabled: “true”
    ssl.enabled: “true”
    metrics.prometheus.enabled: “true”
    kubernetes.ingressEndpoint.useDefaultPublishedService: “true”
    image: “rancher/library-traefik”
    dashboard.enabled: “true”
    dashboard.domain: “YOUR_WANTED_DOMAIN”
    owner: root
    path: /var/lib/rancher/k3s/server/manifests/traefik.yaml
    permissions: ‘0600’

This make the change consistant after the reboot.

That’s handy! But hardly readable. I’ve put it in between ```yaml <config> ```: :innocent:

k3os:
  k3s_args:
    - server
    - "--no-deploy=traefik"
  write_files:
  - encoding: ""
    content: |-
      apiVersion: helm.cattle.io/v1
      kind: HelmChart
      metadata:
        name: traefik
        namespace: kube-system
      spec:
        chart: https://%{KUBERNETES_API}%/static/charts/traefik-1.81.0.tgz
        set:
          rbac.enabled: "true"
          ssl.enabled: "true"
          metrics.prometheus.enabled: "true"
          kubernetes.ingressEndpoint.useDefaultPublishedService: "true"
          image: "rancher/library-traefik"
          dashboard.enabled: "true"
          dashboard.domain: "YOUR_WANTED_DOMAIN"
  owner: root
  path: /var/lib/rancher/k3s/server/manifests/traefik.yaml
  permissions: '0600'