Edge Routing et HTTPS pour tous: Traefik en pratique (πŸ‡«πŸ‡·)

Traefik

How to use these slides?

  • Browse the slides: Use the arrows

    • Change chapter: Left/Right arrows

    • Next or previous slide: Top and bottom arrows

  • Overview of the slides: keyboard’s shortcut "o"

  • Speaker mode (and notes): keyboard’s shortcut "s"

Whoami

damien

Containous

https://containo.us

  • We Believe in Open Source

  • We Deliver Traefik and Traefik Enterprise Edition

  • Commercial Support

  • 20 people, 90% tech

Containous Logo

Why Traefik?

Why, Mr Anderson?

Why, Mr Anderson?

Evolution of Software Design

Evolution of Software Design

The Premise of Microservices…​

Asterix - Premise

…​and What Happens

Asterix - Fighting

Tools of the Trade

docker
rancher os
docker swarm
kubernetes
marathon
ec2
mesos
dynamodb
ecs
service fabric
consul
netflix oss
etcd
zookeeper

Where’s My Service?

Where os Charlie?
yaml
Source: https://twitter.com/Caged/status/1039937162769096704

What If I Told You?

What If I Told You

That You Don’t Have to Write This Configuration File…​?

Here Comes Traefik!

Traefik's Architecture

Traefik Project

Traefik 2.0 Quick Overview

  • Revamped Documentation

  • Clarified Concepts

  • Expressive Routing Rule Syntax

  • Middlewares

  • TCP Support

  • TLS stores & options

  • And so Much More…​

Learn more on the blog post

Traefik (v2.0) Core Concepts

Bored Minion

Traefik is an Edge Router

Traefik Edge Router

Traefik Dynamically Discovers Services

Traefik Automatic Config

Architecture (v2.0) at a Glance

Traefik Architecture At A Glance

Entrypoints

Traefik's Entrypoints

Routers

Traefik's Frontends

Middlewares

Traefik Middlewares

Services

Traefik's Services

Architecture (again) at a Glance

Traefik Architecture At A Glance

Static & Dynamic Configuration

Static and Dynamic Configuration

Show Me the Configuration!

Simple Example with 🐳

Quickstart Diagram

With 🐳

  • With Docker Compose:

version: '3'

services:
  reverse-proxy:
    image: traefik:v2.0
    command: --providers.docker
    ports:
      - "80:80"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

  webapp:
    image: containous/whoami
    labels:
      - "traefik.http.routers.webapp.rule=Host(`localhost`)"

With 🐳: Context

# https://mycompany.org/jenkins -> http://jenkins:8080/jenkins
jenkins:
    image: jenkins/jenkins:lts
    environment:
      - JENKINS_OPTS=--prefix=/jenkins
    labels:
      - "traefik.http.services.jenkins.LoadBalancer.server.Port=8080" # Because 50000 is also exposed
      - "traefik.http.routers.jenkins.rule=Host(`mycompany.org`) && PathPrefix(`/jenkins`)"
      - "traefik.http.routers.jenkins.service=jenkins"

With 🐳: Rewrites

# https://mycompany.org/gitserver -> http://gitserver:3000/
gitserver:
    image: gitea/gitea
    labels:
      - "traefik.http.routers.gitserver.rule=Host(`mycompany.org`) && PathPrefix(`/gitserver`)"
      - "traefik.http.middlewares.gitserver-stripprefix.stripprefix.prefixes=/gitserver"
      - "traefik.http.routers.gitserver.middlewares=gitserver-stripprefix"

With 🐳: Websockets

# https://mycompany.org/webterminal -> http://webterminal/
webterminal:
    image: tsl0922/ttyd
    labels:
      - "traefik.http.routers.devbox.rule=Host(`mycompany.org`) && PathPrefix(`/webterminal`)"
traefik v2 tcp

Demo 1 - Straightforward TCP Routing

demo1 v2 tcp
Demo Code on

Demo 1 - Configuration

demo1 v2 config

Demo 2 - Let’s Add TLS to TCP with Traefik

demo2 v2 tcp tls
Demo Code on

Demo 2 - Configuration

demo2 v2 config

Demo 3 - SNI Routing + TLS Passthrough

demo3 v2 tcp sni
Demo Code on

Demo 3 - Configuration

demo3 v2 config

Demo 4 - Muxing HTTPS and TCP on the Same Port

demo4 v2 tcp http
Demo Code on

Traefik with ⎈

Traefik with Kubernetes Diagram
Diagram from https://medium.com/@geraldcroes

Example Code with ⎈

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: 'traefik'
spec:
  rules:
  - host: localhost
    http:
      paths:
      - path: "/whoami"
        backend:
          serviceName: webapp
          servicePort: 80

⎈ CRD - Custom Resources Definition

# File "webapp.yaml"
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: simpleingressroute
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`localhost`) && PathPrefix(`/whoami`)
    kind: Rule
    services:
    - name: webapp
      port: 80
$ kubectl apply -f webapp.yaml
$ kubectl get ingressroute

⎈ & TCP (with CRD)

πŸ”₯ (Merged this week)

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  name: ingressroutetcpmongo.crd
spec:
  entryPoints:
    - mongotcp
  routes:
  - match: HostSNI(`mongo-prod`)
    services:
    - name: mongo-prod
      port: 27017

More to come for v2.0

  • New WebUI

  • New metrics

  • UDP

  • YAML

  • Canary

More info

bit.ly/traefik-v2

We Also Missed Talking About …​

word cloud

The Herd

herd of goats
You came to the wrong neighbour

Traefik comes in Herd

cluster traefikee
High Availability
Security
Scalability

As Simple As Traefik

  • Install it:

# Cluster Installation
traefikeectl install \
    --licensekey="SuperSecretLicence" \
    --dashboard \
    --kubernetes # Or --swarm

  • Configure it:

# Routing Configuration, same as Traefik's
traefikeectl deploy \
    --acme.email=ssl-admin@mycompany.org
    --acme.tlsChallenge
    ...

Early (Free) Access

https://containo.us/traefikee

Thanks!

We have

stickers!

We are hiring!

Containous
docker run -it containous/jobs

Thank you!

@DamienDuportal

dduportal

QRCode to this presentation