Traefik v2.0 & Maesh: Look Ma’, routing HTTP and TCP with no Hands!

Traefik's Logo

Belgium Kubernetes Meetup - October 2019 @ Louvain

How to use these slides?

  • Browse the slides: Use the arrows

    • Change chapter: Left/Right arrows

    • Next or previous slide: Top and bottom arrows

  • Overview of the slides: keyboard’s shortcut "o"

  • Speaker mode (and notes): keyboard’s shortcut "s"

Whoami

damien

Containous

https://containo.us

  • We Believe in Open Source

  • We Deliver Traefik and Traefik Enterprise Edition

  • Commercial Support

  • 30 people distributed, 90% tech

Containous Logo

Why Traefik?

Why, Mr Anderson?

Why, Mr Anderson?

Evolution of Software Design

Evolution of Software Design

The Premise of Microservices…​

Asterix - Premise

…​and What Happens

Asterix - Fighting

Where’s My Service?

Where os Charlie?

Tools of the Trade

docker
rancher os
docker swarm
kubernetes
marathon
ec2
mesos
dynamodb
ecs
service fabric
consul
netflix oss
etcd
zookeeper
yaml
Source: https://twitter.com/Caged/status/1039937162769096704

What If I Told You?

What If I Told You

That You Don’t Have to Write This Configuration File…​?

Here Comes Traefik!

Traefik's Architecture

Traefik Project

Traefik 2.0 Quick Overview

  • Revamped Documentation

  • Clarified Concepts

  • Expressive Routing Rule Syntax

  • Middlewares

  • TCP Support

  • Canary / Mirroring

  • And so Much More…​

Learn more on the blog post

Traefik (v2.0) Core Concepts

Bored Minion

Traefik is an Edge Router

Traefik Edge Router

Dynamically Discovers Services

Traefik Automatic Config

Architecture (v2.0) at a Glance

Traefik Architecture At A Glance

Entrypoints

Traefik's Entrypoints

Routers

Traefik's Frontends

Middlewares

Traefik Middlewares

Services

Traefik's Services

Architecture (again) at a Glance

Traefik Architecture At A Glance

Static & Dynamic Configuration

Static and Dynamic Configuration

Show Me the Configuration!

Traefik with 🐳

Quickstart Diagram

Example With 🐳

version: '3'

services:
  reverse-proxy:
    image: traefik:v2.0
    command: --providers.docker.endpoint="tcp://proxy-docker.svc.local:2376"
    ports:
      - "80:80"

  corporate-webapp:
    image: company/corporate-webapp:1.2.3
    labels:
      - "traefik.http.routers.webapp.rule=Host(`company.com`)"

  admin-webapp:
    image: company/admin-webapp:15.2.2
    labels:
      - "traefik.http.routers.admin-webapp.rule=Host(`company.com`) && PathPrefix(`/admin`)"
      - "traefik.http.routers.admin-webapp.service=admin-svc"
      - "traefik.http.services.admin-svc.LoadBalancer.server.Port=9999"

Traefik With ⎈

Traefik with Kubernetes Diagram
Diagram from https://medium.com/@geraldcroes

Ingress Example with ⎈

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: corporate-webapp
  annotations:
    kubernetes.io/ingress.class: 'traefik'
spec:
  rules:
  - host: localhost
    http:
      paths:
      - backend:
          serviceName: corporate-webapp
          servicePort: 80

But…​

traefik ingress annotations
nginx ingress annotations

⎈ CRD - Custom Resources Definition

# File "webapp.yaml"
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: simpleingressroute
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`localhost`) && PathPrefix(`/whoami`)
    kind: Rule
    services:
    - name: webapp
      port: 80
$ kubectl apply -f webapp.yaml
$ kubectl get ingressroute

⎈ & TCP (with CRD)

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  name: ingressroutetcpmongo.crd
spec:
  entryPoints:
    - mongotcp
  routes:
  - match: HostSNI(`mongo-prod`)
    services:
    - name: mongo-prod
      port: 27017

Demo

demo

Demo Menu

Click here for demo’s instructions

  1. Install Traefik v2 in Kubernetes cluster

  2. Deploy and expose an HTTP application

  3. Deploy and expose a TCP application

Install Traefik in Kubernetes

Click here for demo’s instructions

  1. 🛠 Custom Resource Definitions

  2. ‍👮 Configure RBAC

    • To allow watching the Kubernetes API

  3. 📦 Install Traefik as a Deployment

  4. 🚪 Expose and 📣 publish Traefik with the right Service type

    • LoadBalancer, NodePort?

  5. ✅ Configure Traefik and its features

Example: HTTP application

Click here for demo’s instructions

  1. 📦 Install the web application as a Deployment

  2. 🚪 Expose the web application with a Service of type ClusterIP

    • Internal access only

  3. 📣 Publish the web application with an IngressRoute

Example: TCP application

Click here for demo’s instructions

Example with MongoDB:

  1. 📦 Install MongoDB as a Deployment

  2. 🚪 Expose MongoDB with a Service of type ClusterIP

    • Internal access only

  3. 📣 Publish MongoDB with an IngressRouteTCP

More to come

  • New Helm Chart for v2.0

  • Advanced Load-Balancing with CRDs: Canary, Mirroring, StickySession, etc.

    • Available today with File and Docker providers

  • Example and Guides

  • UDP?

More info

to be continued

We Also Missed Talking About …​

word cloud

Traefik also comes in Herd

cluster traefikee

As Simple As Traefik

  • Install it:

# Cluster Installation
traefikeectl install \
    --licensekey="SuperSecretLicence" \
    --dashboard \
    --kubernetes # Or --swarm

  • Configure it:

# Routing Configuration, same as Traefik's
traefikeectl deploy \
    --acme.email=ssl-admin@mycompany.org
    --acme.tlsChallenge
    ...

Free Trial

https://containo.us/traefikee

East / West Traefik

compass

Say Hello to Maesh

maesh

What is Maesh?

Maesh is a lightweight, easy to configure, and non-invasive service mesh that allows visibility and management of the traffic flows inside any Kubernetes cluster.

Maesh Architecture

before maesh graphic
after maesh graphic

More on Maesh

  • Built on top of Traefik,

  • SMI (Service Mesh Interface specification) compliant,

  • Opt-in by default.

Maesh Website

Show Me The Code!

  • Install Maesh (Helm Chart):

    helm repo add maesh https://containous.github.io/maesh/charts
helm repo update
helm install --name=maesh --namespace=maesh maesh/maesh --values=./maesh/values.yaml

  • Deploy Applications:

    kubectl apply -f apps/0-namespace.yaml
kubectl apply -f apps/1-svc-accounts.yaml
kubectl apply -f apps/2-apps-client.yaml
kubectl apply -f apps/3-apps-servers.yaml
kubectl apply -f apps/4-ingressroutes.yaml

  • Deploy SMI Objects to allow traffic in the mesh:

    kubectl apply -f apps/5-smi-http-route-groups.yaml
kubectl apply -f apps/6-smi-traffic-targets.yaml

A Closer Look to SMI Objects

apiVersion: specs.smi-spec.io/v1alpha1
kind: HTTPRouteGroup
metadata:
  name: app-routes
  namespace: apps
matches:
- name: all
  pathRegex: "/"
  methods: ["*"]
---
apiVersion: access.smi-spec.io/v1alpha1
kind: TrafficTarget
metadata:
  name: client-apps
  namespace: apps
destination:
  kind: ServiceAccount
  name: apps-server
  namespace: apps
specs:
- kind: HTTPRouteGroup
  name: app-routes
  matches:
  - all
sources:
- kind: ServiceAccount
  name: apps-client
  namespace: apps

That’s All Folks!

We have

stickers!

We are hiring!

Containous
docker run -it containous/jobs

Thank you!

@DamienDuportal

dduportal

QRCode to this presentation