Harness your routing super-hero power in Kubernetes with Traefik, Maesh and Konvoy

Traefik's Logo
Maesh's Logo

How to Access these Slides?

QRCode to this presentation

Whoami

damien
Containous Logo

https://containo.us

  • We Believe in Open Source

  • We Deliver Traefik, Traefik Enterprise Edition and Maesh

  • Commercial Support

  • 30 people distributed, 90% tech

  • We are hiring!

    docker run -it containous/jobs

Why Konvoy?

D2IQ

  • Formerly known as Mesosphere

  • "Day-Two-I-Q"

  • A smarter approach to "Day 2 Operations"

Day 2 Operations

"Day 2" refers to the phase of the development lifecycle that follows initial deployment where the real application demands exist.

KSphere

Embrace Kubernetes when:

  • Beginning your journey 🐣

  • Preparing for Day 2 🦅

KSphere Offer

  • Technical Solutions:

    • Konvoy

    • MKE (Mesosphere Kubernetes Engine)

  • Services:

    • Professionnal Services

    • Training

    • Support

What is Konvoy?

A packaged 📦 Kubernetes ⎈ with integrated operational services 🛠.

Why using Konvoy?

  • Gain Flexibility Across Any Infrastructure

  • Manage Operations With Ease

  • Ensure Rapid Technology Adoption and Scale

  • Harness Premiere Domain Expertise

Konvoy

Konvoy Concepts

  • Standalone Native Distribution of Kubernetes

  • "One button push" User Experience

  • Packaged with a set of services for Operations

Konvoy Architecture

Konvoy Architecture
Diagram form Konvoy Documentation

Quick Start

Install a Konvoy Cluster in AWS EC2:

  • Prepare installation:

    $ konvoy init --provisioner=aws

  • Run installation:

    $ konvoy up

  • Use it:

    $ konvoy apply kubeconfig && kubectl cluster-info

Kubernetes master is running at (...)
KubeDNS is running at (...)
kubernetes-dashboard is running at (...)

Konvoy Operations

  • Operations Portal

  • Network: CoreDNS, Calico, MetalLB, Traefik

  • Security: Identity Management, SSO, TLS

  • Logging: Fluentbit, Elasticsearch, Kibana

  • Monitoring and Metrics: Prometheus, Grafana

  • Back up and restore: Velero

Operations Portal

Operations Portal

Operation Portal Components

Operations Portal Components
Emphasis on Traefik

Why Traefik?

Why, Mr Anderson?

Why, Mr Anderson?

Evolution of Software Design

The Premise of Microservices…​

Asterix - Premise

…​and What Happens

Asterix - Fighting

Where’s My Service?

Where os Charlie?

Tools of the Trade

docker
rancher os
docker swarm
kubernetes
marathon
ec2
mesos
dynamodb
ecs
service fabric
consul
netflix oss
etcd
zookeeper

What If I Told You?

What If I Told You

That You Don’t Have to Write This Configuration File…​?

Here Comes Traefik!

Traefik's Architecture

Traefik Project

Traefik is an Edge Proxy

Traefik Edge Router

It Dynamically Discovers Services

Traefik Automatic Config

Traefik With ⎈

Traefik with Kubernetes Diagram
Diagram from https://medium.com/@geraldcroes

Demo Time!

Konvoy and Traefik v1

Traefik v2

traefik v2

Architecture at a Glance

Traefik Architecture At A Glance

Static & Dynamic Configuration

Static and Dynamic Configuration

Remember Traefik in ⎈?

Traefik with Kubernetes Diagram
Diagram from https://medium.com/@geraldcroes

But…​

traefik ingress annotations
nginx ingress annotations

⎈ CRD - Custom Resources Definition

# File "webapp.yaml"
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: simpleingressroute
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`localhost`) && PathPrefix(`/whoami`)
    kind: Rule
    services:
    - name: webapp
      port: 80
$ kubectl apply -f webapp.yaml
$ kubectl get ingressroute

⎈ & TCP (with CRD)

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  name: ingressroutetcpmongo.crd
spec:
  entryPoints:
    - mongotcp
  routes:
  - match: HostSNI(`mongo-prod`)
    services:
    - name: mongo-prod
      port: 27017

Demo Time (2)!

Traefik v2 in Konvoy

East / West Traefik

What about routing traffic from service to services?

compass

Say Hello to Maesh

maesh

What is Maesh?

Maesh is a lightweight, easy to configure, and non-invasive service mesh that allows visibility and management of the traffic flows inside any Kubernetes cluster.

Maesh Architecture

before maesh graphic
after maesh graphic

More on Maesh

Maesh Website

Show Me The Code!

  • Install Maesh (Helm Chart):

    helm repo add maesh https://containous.github.io/maesh/charts
helm repo update
helm install --name=maesh --namespace=maesh maesh/maesh --values=./maesh/values.yaml

  • Deploy Applications:

    kubectl apply -f apps/0-namespace.yaml
kubectl apply -f apps/1-svc-accounts.yaml
kubectl apply -f apps/2-apps-client.yaml
kubectl apply -f apps/3-apps-servers.yaml
kubectl apply -f apps/4-ingressroutes.yaml

  • Deploy SMI Objects to allow traffic in the mesh:

    kubectl apply -f apps/5-smi-http-route-groups.yaml
kubectl apply -f apps/6-smi-traffic-targets.yaml

A Closer Look to SMI Objects

apiVersion: specs.smi-spec.io/v1alpha1
kind: HTTPRouteGroup
metadata:
  name: app-routes
  namespace: apps
matches:
- name: all
  pathRegex: "/"
  methods: ["*"]
---
apiVersion: access.smi-spec.io/v1alpha1
kind: TrafficTarget
metadata:
  name: client-apps
  namespace: apps
destination:
  kind: ServiceAccount
  name: apps-server
  namespace: apps
specs:
- kind: HTTPRouteGroup
  name: app-routes
  matches:
  - all
sources:
- kind: ServiceAccount
  name: apps-client
  namespace: apps

Demo Time (3)!

Maesh in Konvoy

That’s All Folks!

Thank you!

@DamienDuportal

dduportal

QRCode to this presentation