A journey with Traefik 2.0 in Kubernetes

Traefik's Logo

San Francisco Kubernetes Meetup - Wednesday 18th of September 2019

How to use these slides?

  • Browse the slides: Use the arrows

    • Change chapter: Left/Right arrows

    • Next or previous slide: Top and bottom arrows

  • Overview of the slides: keyboard’s shortcut "o"

  • Speaker mode (and notes): keyboard’s shortcut "s"

Whoami

Emile vauge

emile bw

Containous

https://containo.us

  • We Believe in Open Source

  • We Deliver Traefik and Traefik Enterprise Edition

  • Commercial Support

  • 30 people distributed, 90% tech

Containous Logo

Why Traefik?

Why, Mr Anderson?

Why, Mr Anderson?

Evolution of Software Design

Evolution of Software Design

The Premise of Microservices…​

Asterix - Premise

…​and What Happens

Asterix - Fighting

Where’s My Service?

Where os Charlie?

Tools of the Trade

docker
rancher os
docker swarm
kubernetes
marathon
ec2
mesos
dynamodb
ecs
service fabric
consul
netflix oss
etcd
zookeeper
yaml
Source: https://twitter.com/Caged/status/1039937162769096704

What If I Told You?

What If I Told You

That You Don’t Have to Write This Configuration File…​?

Here Comes Traefik!

Traefik's Architecture

Traefik Project

Traefik 2.0 Quick Overview

  • Revamped Documentation

  • Clarified Concepts

  • Expressive Routing Rule Syntax

  • Middlewares

  • TCP Support

  • Canary / Mirroring

  • And so Much More…​

Learn more on the blog post

Traefik (v2.0) Core Concepts

Bored Minion

Traefik is an Edge Router

Traefik Edge Router

Traefik Dynamically Discovers Services

Traefik Automatic Config

Architecture (v2.0) at a Glance

Traefik Architecture At A Glance

Entrypoints

Traefik's Entrypoints

Routers

Traefik's Frontends

Middlewares

Traefik Middlewares

Services

Traefik's Services

Architecture (again) at a Glance

Traefik Architecture At A Glance

Static & Dynamic Configuration

Static and Dynamic Configuration

Show Me the Configuration!

Simple Example with 🐳

Quickstart Diagram

With 🐳

  • With Docker Compose:

version: '3'

services:
  reverse-proxy:
    image: traefik:v2.0
    command: --providers.docker
    ports:
      - "80:80"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

  webapp:
    image: containous/whoami
    labels:
      - "traefik.http.routers.webapp.rule=Host(`localhost`)"

With 🐳: Context

# https://mycompany.org/jenkins -> http://jenkins:8080/jenkins
jenkins:
    image: jenkins/jenkins:lts
    environment:
      - JENKINS_OPTS=--prefix=/jenkins
    labels:
      - "traefik.http.services.jenkins.LoadBalancer.server.Port=8080" # Because 50000 is also exposed
      - "traefik.http.routers.jenkins.rule=Host(`mycompany.org`) && PathPrefix(`/jenkins`)"
      - "traefik.http.routers.jenkins.service=jenkins"

With 🐳: Rewrites

# https://mycompany.org/gitserver -> http://gitserver:3000/
gitserver:
    image: gitea/gitea
    labels:
      - "traefik.http.routers.gitserver.rule=Host(`mycompany.org`) && PathPrefix(`/gitserver`)"
      - "traefik.http.middlewares.gitserver-stripprefix.stripprefix.prefixes=/gitserver"
      - "traefik.http.routers.gitserver.middlewares=gitserver-stripprefix"

With 🐳: Websockets

# https://webterminal.mycompany.org -> http://webterminal/
webterminal:
    image: tsl0922/ttyd
    labels:
      - "traefik.http.routers.devbox.rule=Host(`webterminal.mycompany.org`)"

With File Configuration

Canaray releases

http:
  services:
    canary:
      weighted:
        services:
        - name: appv1
          weight: 3 # 75%
        - name: appv2
          weight: 1 #25%
    appv1:
      loadBalancer:
        servers:
        - url: "http://private-ip-server-1/"
    appv2:
      loadBalancer:
        servers:
        - url: "http://private-ip-server-2/"

Traefik with ⎈

Traefik with Kubernetes Diagram
Diagram from https://medium.com/@geraldcroes

Example Code with ⎈

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: 'traefik'
spec:
  rules:
  - host: localhost
    http:
      paths:
      - path: "/whoami"
        backend:
          serviceName: webapp
          servicePort: 80

⎈ CRD - Custom Resources Definition

# File "webapp.yaml"
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: simpleingressroute
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`localhost`) && PathPrefix(`/whoami`)
    kind: Rule
    services:
    - name: webapp
      port: 80
$ kubectl apply -f webapp.yaml
$ kubectl get ingressroute

⎈ & TCP (with CRD)

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  name: ingressroutetcpmongo.crd
spec:
  entryPoints:
    - mongotcp
  routes:
  - match: HostSNI(`mongo-prod`)
    services:
    - name: mongo-prod
      port: 27017

Demo

demo

Demo 1 - SNI Routing + TLS Passthrough for TCP

demo3 v2 tcp sni
Demo Code on

Demo 1 - Configuration

demo3 v2 config

Demo 2 - Muxing HTTPS and TCP on the Same Port

demo4 v2 tcp http
Demo Code on

Demo 3 - Canaray Release of a WebApp

Demo 4 - Cheesy Kubernetes

The Herd

herd of goats
You came to the wrong neighbour

Traefik comes in Herd

cluster traefikee
High Availability
Security
Scalability

As Simple As Traefik

  • Install it:

# Cluster Installation
traefikeectl install \
    --licensekey="SuperSecretLicence" \
    --dashboard \
    --kubernetes # Or --swarm

  • Configure it:

# Routing Configuration, same as Traefik's
traefikeectl deploy \
    --acme.email=ssl-admin@mycompany.org
    --acme.tlsChallenge
    ...

Free Trial

https://containo.us/traefikee

East / West Traefik

compass

Say Hello to Maesh

maesh

What is Maesh?

Maesh is a lightweight, easy to configure, and non-invasive service mesh that allows visibility and management of the traffic flows inside any Kubernetes cluster.

Maesh Architecture

before maesh graphic
after maesh graphic

More on Maesh

  • Built on top of Traefik,

  • SMI (Service Mesh Interface specification) compliant,

  • Opt-in by default.

Maesh Website

That’s All Folks!

We have

stickers!

We are hiring!

Containous
docker run -it containous/jobs

Thank you!

@emilevauge

emilevauge

QRCode to this presentation