Expose application using Ingress with Traefik
On k3s, the Traefik Ingress controller is installed by default and runs inside the cluster as a pod.
We will create an Ingress Resource using a YAML file which contains routing rules for forwarding incoming traffic from the ingress controller to the respective application pods based on the request URL.
We will expose the mealie application using Ingress.
Step 1: Create a deployment
k create deploy mealie --image=ghcr.io/mealie-recipes/mealie:v3.11.0 --port=9000 -n mealie --dry-run=client -o yaml > mealie.yaml
k apply -f mealie.yaml
## verify the deployment is created.
k get deploy -n mealie
k get pods -n mealie
Step 2: Expose the application with a service of type ClusterIP
k expose deployment mealie --port=9000 --target-port=9000 -n mealie --dry-run=client -o yaml >> mealie.yaml
k apply -f mealie.yaml
## verify the svc is created.
k get svc -n mealie
Step 3: Create an Ingress resource
k create ingress mealie-ing -n mealie --rule="mealie.homelab.com/=mealie:9000" --dry-run=client -o yaml >> mealie.yaml
Open mealie.yaml file and make pathType to Prefix :
apply the configuration:
k apply -f mealie.yaml
## Verify that the ingress was created correctly.
k get ingress -n mealie
Verify Ingress Host Routing within the cluster:
curl -H "Host: mealie.homelab.com" http://192.168.1.225
After this, open the mealie.yaml file and add three dashes like --- after each resource to separate multiple Kubernetes resources in a single YAML file so that kubectl can correctly parse and apply them individually.
Step 4: Get k3s Node IP
k get nodes -o wide
Output could look like this:
NAME STATUS ROLES INTERNAL-IP
k3s-master Ready control-plane 192.168.1.225
Ingress will be reachable at:
192.168.1.225
Step 5: Add the fake domain to /etc/hosts
We will use a fake domain to simulate a real DNS hostname in our local environment, allowing us to test Kubernetes Ingress routing without needing a publicly registered domain.
On the machine where we will access the application (your laptop or desktop), edit this file:
/etc/hosts
In Linux: /etc/hosts
In Windows: C:\Windows\System32\drivers\etc\hosts (Open it with Run as Administrator)
Add this line to the /etc/hosts file:
192.168.1.225 mealie.homelab.com
Save the file.
This makes the desktop's OS resolve the local domain to the Node's IP:
mealie.homelab.com → 192.168.1.225
Step 6: Verify DNS resolution
Test that the fake domain resolves correctly on desktop with:
ping mealie.homelab.com
Step 8: Open the application
Now open the application in a browser:
http://mealie.homelab.com
There we go! We can now access the mealie application from an external browser using a domain. We can access it from any desktop by simply resolving the k3s node IP to the domain name.
Architecture:
Flow of the request:
Browser (192.168.1.14)
↓
mealie.homelab.com
↓
/etc/hosts → 192.168.1.225
↓
k3s node IP (192.168.1.225)
↓
Traefik Service
↓
Traefik Ingress Controller Pod
↓
Mealie Service
↓
Mealie Pod