Træfik

As an Ingress Controller for Kubernetes

Træfik's Logo

Presentation available at https://geraldcroes.github.io/devconf-us-2018-boston

Whoami

  • Gerald Croes - @geraldcroes dev-to

  • Senior Developer @ Containous

  • Former Chief Enterprise Architect for an Insurance Company

  • Passionate about Taekwondo …​

  • …​ since people were making fun of my former love for PHP

Containous

  • https://containo.us

  • We Believe in Open Source

  • We Deliver Træfik

  • Commercial Support for Træfik

  • 12 people, 90% technical experts

  • We Are Hiring!

Containous Logo

The Project

The Cloud Native Edge Router

Træfik's Logo

The Project

I’ve Found a Bug!

./traefik bug

Autofills the issue template (environment, configuration files, …​)

Why Træfik?

Why, Mr Anderson?

Why, Mr Anderson?

Evolution of Software Design

Evolution of Software Design

The Premise of Microservices …​

Asterix - Premise

…​ And What Happens

Asterix - Fighting

Nice, but Unconfortable

traefik morbier

Where Is the Service?

Where os Charlie?

Tools of the Trade

docker
rancher os
docker swarm
kubernetes
marathon
ec2
mesos
dynamodb
ecs
service fabric
consul
netflix oss
etcd
zookeeper

What If I Told You …​

What If I Told You

  1. That You Don’t Have to Write This Configuration File?

Here Comes Træfik!

Træfik's Architecture

Træfik with Kubernetes

Træfik with Kubernetes Diagram

Kubernetes, a Quick Recap

Cluster

Kubernetes, as in Cluster

Nodes

Nodes are the machines

Pods

Pods are container wrappers

Deployments

article kubernetes deployment

Services

article kubernetes services

Ingress

article kubernetes ingress

Ingress Controller

Traefik as an Ingress Controller

Træfik Set Up

We have Helm support - https://helm.sh/

Helm Logo

# Kubernetes Ready
kubectl get all
...

# Install Traefik into your Kubernetes cluster
helm install stable/traefik

# Start your service in Kubernetes
kubectl apply -f ./myservice.yml

Træfik’s Web Dashboard: Frontends

Træfik's Web Dashboard: Frontends
helm install stable/traefik
   --set dashboard.enabled=true,dashboard.domain=dashboard.localhost

Træfik Core Concepts

traefik must learn

Remember the Diagram?

Træfik's Architecture

Let’s Simplify

Træfik's Simplified Architecture

Providers

Træfik's Simplified Architecture

Entrypoints

Træfik's Entrypoints

Backends

Træfik's Backends

Frontends

Træfik's Frontends

At a Glance

Træfik Architecture At A Glance

In Practice

Træfik in Practise

End of Core Concepts

traefik raclette

Time to Deploy Some Stuff!

traefik roquefort

This Is the Story of a Pod …​

article kubernetes whoami service

…​ Who Defined Itself as a YAML …​

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: whoami-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: whoami
  template:
    metadata:
      labels:
        app: whoami
    spec:
      containers:
      - name: whoami-container
        image: containous/whoami
---
apiVersion: v1
kind: Service
metadata:
  name: whoami-service
spec:
  ports:
  - name: http
    targetPort: 80
    port: 80
  selector:
    app: whoami
kubectl apply -f whoami-service.yml

…​ That Meets an Ingress …​

article kubernetes ingress 2

…​ That Also Defined Itself a YAML …​

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: whoami-ingress
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: whoami.localhost
    http:
      paths:
      - path: /
        backend:
          serviceName: whoami-service
          servicePort: http
kubectl apply -f whoami-service.yml

…​ And in the End They Have a Route Together …​

dashboard whoami route

…​ And It Lived Connected to the World Ever After …​

whoami routed

Such a Cute Example!

traefik cute

More Routes?

With Two Replicas

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: whoareyou-deployment
spec:
  replicas: 2
  selector:
    matchLabels:
      app: whoareyou
  template:
    metadata:
      labels:
        app: whoareyou
    spec:
      containers:
      - name: whoareyou-container
        image: containous/whoami
---
apiVersion: v1
kind: Service
metadata:
  name: whoareyou-service
spec:
  ports:
  - name: http
    targetPort: 80
    port: 80
  selector:
    app: whoareyou
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: whoareyou-ingress
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: whoareyou.localhost
    http:
      paths:
      - path: /
        backend:
          serviceName: whoareyou-service
          servicePort: http
kubectl apply -f whoareyou.yml

And the New Routes

dashboard whoareyou

The Whole Picture

article kubernetes demo architecture

Because Security Matters

captain traefik

HTTPS — Traefik & Let’s Encrypt

traefik lets encrypt diagram

Let’s Encrypt: Configuration Example

[acme]
email = "me@mydomain.me"
storage = "/acme/acme.json"
entryPoint = "https"
OnHostRule = true
   [acme.httpChallenge]
   entryPoint="http"

Let’s Encrypt: Http Challenge

lets encrypt http challenge

Let’s Encrypt: DNS Challenge

lets encrypt dns challenge

Authentication — Basic Auth

htpasswd -c authfile myuser
kubectl create secret generic mysecretplace --from-file authfile

Then add the following annotations to your ingress object:

 annotations:
   kubernetes.io/ingress.class: traefik
   ingress.kubernetes.io/auth-type: "basic"
   ingress.kubernetes.io/auth-secret: "mysecret"

I Wish We Could Have Talked About …​

Other Supported Providers

  • Docker / Swarm

  • Mesos / Marathon

  • Consul / Consul Catalog

  • Eureka

Reverse Proxy Features

  • Rate Limiting

  • Health Checks

  • Circuit Breakers

  • Cluster Mode

  • GRPC

Security Features

  • Tls Certificates

  • Kubernetes Secrets

  • Auth Forward

HTTP Features

  • Custom Headers

  • Custom Error Pages

  • Redirects

  • Proxy Protocol

  • HSTS

  • Websockets

Tracing, Metrics

  • ZIPKIN

  • JAEGER

  • PROMETHEUS

And Other Features Coming Soon!

Thank You!

traefik cancoillotte relax