Skip to main content
Skip table of contents

Migration Guide: Moving from Traefik to NGINX Ingress Controller

This document provides step-by-step instructions to back up and remove Traefik and deploy the NGINX Ingress Controller.

  1. Backup Traefik (Helm-Based Installation)

    CODE 
    # Backup Helm values
helm get values traefik -n <namespace> -o yaml > traefik-helm-values-backup.yaml

# Backup Helm release details
helm get all traefik -n <namespace> > traefik-helm-release-backup.txt

# Backup all resources in the Traefik namespace
kubectl get all -n <namespace> -o yaml > traefik-resources-backup.yaml

  2. Backup CRDs and CRs

    CODE 
    kubectl get crds | grep traefik
kubectl get crd <crd-name> -o yaml > traefik-crd-<name>.yaml

# Export associated CRs
kubectl get ingressroutes -A -o yaml > traefik-ingressroutes.yaml
kubectl get middlewares -A -o yaml > traefik-middlewares.yaml
kubectl get tlsoptions -A -o yaml > traefik-tlsoptions.yaml
kubectl get tlsstores -A -o yaml > traefik-tlsstores.yaml

  3. Backup RBAC

    CODE 
    kubectl get clusterrole traefik -o yaml > traefik-clusterrole.yaml
kubectl get clusterrolebinding traefik -o yaml > traefik-clusterrolebinding.yaml

  4. Organise Backup Files

    CODE 
    mkdir traefik-backup
mv traefik-* traefik-backup/

  5. Uninstall Traefik (Helm-Based Installation)

    CODE 
    helm uninstall traefik -n <namespace>

  6. Uninstall Traefik (Manual Removal)

    CODE 
    kubectl delete deployment traefik -n <namespace>
kubectl delete svc traefik -n <namespace>
kubectl delete ingressroutes --all -A
kubectl delete middlewares --all -A
kubectl delete tlsoptions --all -A
kubectl delete tlsstores --all -A

    Backups in traefik namespace (CRDs, CRs, RBAC):

    CODE 
    kubectl get all -n <namespace> -o yaml > traefik-resources-backup.yaml
kubectl get crds | grep traefik
kubectl get crd <crd-name> -o yaml > traefik-crd-<name>.yaml
kubectl get ingressroutes -A -o yaml > traefik-ingressroutes.yaml
kubectl get middlewares -A -o yaml > traefik-middlewares.yaml
kubectl get tlsoptions -A -o yaml > traefik-tlsoptions.yaml
kubectl get tlsstores -A -o yaml > traefik-tlsstores.yaml
kubectl get clusterrole traefik -o yaml > traefik-clusterrole.yaml
kubectl get clusterrolebinding traefik -o yaml > traefik-clusterrolebinding.yaml

    Organise:

    CODE 
    mkdir traefik-backup
mv traefik-* traefik-backup/

  7. Verify Removal

    CODE 
    kubectl get pods --all-namespaces | grep traefik
kubectl get ingresscontrollers --all-namespaces
kubectl get crds | grep traefik

  8. Deploy NGINX Ingress Controller
    Add Helm Repo

    CODE 
    helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx

    Update Helm Repo

    CODE 
    helm repo update

    Create Values File

    CODE 
    vi ingress-nginx-values.yaml

    Paste Configuration

    CODE 
    controller:
  config:
    use-forwarded-headers: "true"
    keep-alive-requests: "10000"
    upstream-keepalive-requests: "1000"
    worker-processes: "auto"
    max-worker-connections: "65535"
    use-gzip: "true"
    allow-snippet-annotations: true
    enable-brotli: true
    enable-vts-status: true
    annotations-risk-level: "Critical"
    ssl-ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
    ssl-protocols: "TLSv1.2 TLSv1.3"
  replicaCount: 1
  extraArgs:
      ## Configures the external IP address used to publish the Ingress status. DO NOT ENABLE/EDIT
      #publish-status-address: "11.22.33.44"
      ## Sets the default SSL certificate for HTTPS traffic. Useful when no specific certificate is defined in the Ingress resource. DO NOT ENABLE/EDIT
      #default-ssl-certificate: "kube-system/wildcard-tls"
      ## Allows encrypted traffic (HTTPS) to be passed directly to the backend without termination at the Ingress. DO NOT ENABLE/EDIT
      #enable-ssl-passthrough: true
      ## Enables HTTP status code breakdowns in metrics. For example, you can see 2XX, 3XX, 4XX, and 5XX response counts grouped together instead individual status codes. DO NOT EDIT
      report-status-classes: true
      ## Prevents requests without matching Ingress rules from being routed to the default backend, improving security and performance DO NOT ENABLE/EDIT
      #disable-catch-all: true
      #Enables fine-grained customizations for specific Ingress resources using annotations.

    Install/Upgrade NGINX Controller

    CODE 
    helm upgrade --install --create-namespace ingress-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx --values ingress-nginx-values.yaml

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close