Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Traefik

Introduction to Traefik

From zero to Traefik in 40 minutes slides

First release at Container Day 2018 in Verona (26 Oct)
Reprise at Incontro DevOps 2019 in Bologna (8 Mar)
Third round at GDG DevFest 2019 in Pisa (13 Apr)

Example code: https://github.com/gionn/owncloud-traefik-example

#containerday #idi2019 #traefik #docker #golang

Giovanni Toraldo

October 26, 2018
Tweet

More Decks by Giovanni Toraldo

Other Decks in Technology

Transcript

  1. Introduction to Traefik
    #idi2019 Bologna
    Giovanni Toraldo
    @gionn

    View Slide

  2. ➔ Open Source enthusiast
    ➔ software developer / devops
    ➔ writer
    ➔ speaker
    ➔ aiming 2 euro coin at 36
    meters with medieval
    crossbow
    ➔ Lead Developer & Co-Founder
    https://cloudesire.com

    View Slide

  3. https://demo.cloudesire.com

    View Slide

  4. Why ANOTHER reverse-proxy?

    View Slide

  5. Static configuration in a
    dynamic environment
    infrastructure and microservices

    View Slide

  6. HTTPS everywhere
    rsync certificates and pkey everywhere

    View Slide

  7. Metrics & Monitoring

    View Slide

  8. Lack of API

    View Slide

  9. modern HTTP reverse proxy and load balancer

    View Slide

  10. Project overview

    View Slide

  11. View Slide

  12. Architecture

    View Slide

  13. View Slide

  14. View Slide

  15. Plot twist
    Configuration hierarchy
    is going to change
    https://blog.containo.us/traefik-spoile
    r-season-episode-1-3dbcb1f5d8b9
    (Nov 2018)

    View Slide

  16. Static configuration
    (TOML syntax)

    View Slide

  17. Basic configuration - Entrypoints
    [entryPoints]
    [entryPoints.http]
    address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
    [entryPoints.https]
    address = ":443"
    [entryPoints.https.tls]
    [[entryPoints.https.tls.certificates]]
    certFile = "https/snitest.com.cert"
    keyFile = "https/snitest.com.key"
    [[entryPoints.https.tls.certificates]]
    certFile = "https/snitest.org.cert"
    keyFile = "https/snitest.org.key"

    View Slide

  18. Basic configuration - Frontends
    [frontends]
    [frontends.frontend1]
    backend = "backend2"
    [frontends.frontend1.routes.test_1]
    rule = "Host:test.localhost,test2.localhost"
    [frontends.frontend2]
    backend = "backend1"
    [frontends.frontend2.routes.test_1]
    rule = "HostRegexp:localhost,{subdomain:[a-z]+}.localhost"
    [frontends.frontend3]
    backend = "backend2"
    [frontends.frontend3.routes.test_1]
    rule = "Host:test3.localhost;Path:/test"

    View Slide

  19. Basic configuration - Backends
    [backends]
    [backends.backend1]
    [backends.backend1.servers.server1]
    url = "http://172.17.0.2:80"
    weight = 10
    [backends.backend1.servers.server2]
    url = "http://172.17.0.3:80"
    weight = 1
    [backends.backend2]
    [backends.backend2.servers.server1]
    url = "https://172.17.0.4:443"
    weight = 1
    [backends.backend2.servers.server2]
    url = "https://172.17.0.5:443"
    weight = 2

    View Slide

  20. docker run -p 80:80 -p 443:443
    -v ./traefik.toml:/traefik.toml
    traefik:latest -c /traefik.toml

    View Slide

  21. Dynamic configuration
    Let magic happen

    View Slide

  22. Backends real-time discovery
    ● Docker / Docker Swarm
    ● Kubernetes / Rancher
    ● Mesos / Marathon
    ● Consul Catalog
    ● Eureka (Netflix)
    ● Amazon ECS
    ● Azure Service Fabric
    ● Rest API
    ● Plain File

    View Slide

  23. Docker backend
    # Enable Docker Provider.
    [docker]
    # Docker server endpoint. Can be a tcp or a unix socket endpoint.
    #
    # Required
    #
    endpoint = "unix:///var/run/docker.sock"
    # Default base domain used for the frontend rules.
    #
    # Required
    #
    domain = "docker.localhost"

    View Slide

  24. Shared configuration
    (cluster mode)
    K/V store: Consul / Etcd / Zookeeper / BoltDB / DynamoDB

    View Slide

  25. Traefik storeconfig
    -c traefik.toml

    View Slide

  26. traefik --consul
    --consul.endpoint=127.0.0.1:8500
    Cluster mode enabled

    View Slide

  27. Real-life example
    OwnCloud + Docker-compose + Letsencrypt
    https://github.com/gionn/owncloud-traefik-example

    View Slide

  28. Real-life example - traefik.toml
    logLevel = "INFO"
    defaultEntryPoints =
    ["https","http"]
    [entryPoints]
    [entryPoints.http]
    address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
    [entryPoints.https]
    address = ":443"
    [entryPoints.https.tls]
    [acme]
    email = "[email protected]"
    storage = "acme.json"
    entryPoint = "https"
    onHostRule = true
    [acme.httpChallenge]
    entryPoint = "http"

    View Slide

  29. Real-life example - docker-compose.yml
    services:
    reverse-proxy:
    image: traefik
    command: --api --docker -c /etc/traefik.toml
    ports:
    - "80:80"
    - "443:443"
    - "8080:8080" # The Web UI (enabled by --api)
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock # Listen on Docker events
    - ./traefik.toml:/etc/traefik.toml
    - ./acme.json:/acme.json

    View Slide

  30. Real-life example - docker-compose.yml (2)
    services:
    owncloud:
    image: owncloud/server:${OWNCLOUD_VERSION}
    ...
    labels:
    - "traefik.frontend.rule=Host:owncloud.gionn.net"
    db:
    image: webhippie/mariadb:latest
    ...
    labels:
    - "traefik.enable=false"

    View Slide

  31. Docker-compose up -d
    profit

    View Slide

  32. Native status & monitoring UI

    View Slide

  33. View Slide

  34. View Slide

  35. Prometheus/InfluxDB/Statsd

    View Slide

  36. View Slide

  37. Load balancing
    wrr: Weighted Round Robin
    drr: Dynamic Round Robin

    View Slide

  38. Dynamic Round Robin examples
    [backends]
    [backends.backend1]
    [backends.backend1.circuitbreaker]
    expression = "NetworkErrorRatio() > 0.5"
    #expression = "ResponseCodeRatio(500, 600, 0, 600) > 0.5"
    #expression = "LatencyAtQuantileMS(50.0) > 50"
    [backends.backend1.servers.server1]
    url = "http://172.17.0.2:80"
    weight = 10
    [backends.backend1.servers.server2]
    url = "http://172.17.0.3:80"
    weight = 1

    View Slide

  39. Health checks
    GET /endpoint to validate backend

    View Slide

  40. Health check example
    [backends]
    [backends.backend1]
    [backends.backend1.healthcheck]
    path = "/ping"
    interval = "10s"
    scheme = "http"

    View Slide

  41. Introducing Traefik Enterprise Edition (Dec 2018)

    View Slide

  42. Recap
    ● Distributed as alpine-based docker image (22 MB!)
    ● Configuration auto-reload
    ● Dynamic backend discovery
    ● Letsencrypt HTTPS with autopilot
    ○ HTTP token challenge
    ○ DNS challenge (wildcard certificates)
    ● First-class load balancing with circuit-breakers, active health
    checks
    ● Shared configuration (Cluster mode) with K/V store
    ● Native metrics & status UI
    ● TraefikEE: native raft (no K/V store), operator CLI

    View Slide

  43. THANKS

    View Slide