Introduction to Traefik

Introduction to Traefik

From zero to Traefik in 40 minutes slides

First release at Container Day 2018 in Verona (26 Oct)
Reprise at Incontro DevOps 2019 in Bologna (8 Mar)
Third round at GDG DevFest 2019 in Pisa (13 Apr)

Example code: https://github.com/gionn/owncloud-traefik-example

#containerday #idi2019 #traefik #docker #golang

416c04c6f0793e236381c2f5df80c9ed?s=128

Giovanni Toraldo

October 26, 2018
Tweet

Transcript

  1. Introduction to Traefik #idi2019 Bologna Giovanni Toraldo @gionn

  2. ➔ Open Source enthusiast ➔ software developer / devops ➔

    writer ➔ speaker ➔ aiming 2 euro coin at 36 meters with medieval crossbow ➔ Lead Developer & Co-Founder https://cloudesire.com
  3. https://demo.cloudesire.com

  4. Why ANOTHER reverse-proxy?

  5. Static configuration in a dynamic environment infrastructure and microservices

  6. HTTPS everywhere rsync certificates and pkey everywhere

  7. Metrics & Monitoring

  8. Lack of API

  9. modern HTTP reverse proxy and load balancer

  10. Project overview

  11. None
  12. Architecture

  13. None
  14. None
  15. Plot twist Configuration hierarchy is going to change https://blog.containo.us/traefik-spoile r-season-episode-1-3dbcb1f5d8b9

    (Nov 2018)
  16. Static configuration (TOML syntax)

  17. Basic configuration - Entrypoints [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect]

    entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] [[entryPoints.https.tls.certificates]] certFile = "https/snitest.com.cert" keyFile = "https/snitest.com.key" [[entryPoints.https.tls.certificates]] certFile = "https/snitest.org.cert" keyFile = "https/snitest.org.key"
  18. Basic configuration - Frontends [frontends] [frontends.frontend1] backend = "backend2" [frontends.frontend1.routes.test_1]

    rule = "Host:test.localhost,test2.localhost" [frontends.frontend2] backend = "backend1" [frontends.frontend2.routes.test_1] rule = "HostRegexp:localhost,{subdomain:[a-z]+}.localhost" [frontends.frontend3] backend = "backend2" [frontends.frontend3.routes.test_1] rule = "Host:test3.localhost;Path:/test"
  19. Basic configuration - Backends [backends] [backends.backend1] [backends.backend1.servers.server1] url = "http://172.17.0.2:80"

    weight = 10 [backends.backend1.servers.server2] url = "http://172.17.0.3:80" weight = 1 [backends.backend2] [backends.backend2.servers.server1] url = "https://172.17.0.4:443" weight = 1 [backends.backend2.servers.server2] url = "https://172.17.0.5:443" weight = 2
  20. docker run -p 80:80 -p 443:443 -v ./traefik.toml:/traefik.toml traefik:latest -c

    /traefik.toml
  21. Dynamic configuration Let magic happen

  22. Backends real-time discovery • Docker / Docker Swarm • Kubernetes

    / Rancher • Mesos / Marathon • Consul Catalog • Eureka (Netflix) • Amazon ECS • Azure Service Fabric • Rest API • Plain File
  23. Docker backend # Enable Docker Provider. [docker] # Docker server

    endpoint. Can be a tcp or a unix socket endpoint. # # Required # endpoint = "unix:///var/run/docker.sock" # Default base domain used for the frontend rules. # # Required # domain = "docker.localhost"
  24. Shared configuration (cluster mode) K/V store: Consul / Etcd /

    Zookeeper / BoltDB / DynamoDB
  25. Traefik storeconfig -c traefik.toml

  26. traefik --consul --consul.endpoint=127.0.0.1:8500 Cluster mode enabled

  27. Real-life example OwnCloud + Docker-compose + Letsencrypt https://github.com/gionn/owncloud-traefik-example

  28. Real-life example - traefik.toml logLevel = "INFO" defaultEntryPoints = ["https","http"]

    [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] [acme] email = "me@gionn.net" storage = "acme.json" entryPoint = "https" onHostRule = true [acme.httpChallenge] entryPoint = "http"
  29. Real-life example - docker-compose.yml services: reverse-proxy: image: traefik command: --api

    --docker -c /etc/traefik.toml ports: - "80:80" - "443:443" - "8080:8080" # The Web UI (enabled by --api) volumes: - /var/run/docker.sock:/var/run/docker.sock # Listen on Docker events - ./traefik.toml:/etc/traefik.toml - ./acme.json:/acme.json
  30. Real-life example - docker-compose.yml (2) services: owncloud: image: owncloud/server:${OWNCLOUD_VERSION} ...

    labels: - "traefik.frontend.rule=Host:owncloud.gionn.net" db: image: webhippie/mariadb:latest ... labels: - "traefik.enable=false"
  31. Docker-compose up -d profit

  32. Native status & monitoring UI

  33. None
  34. None
  35. Prometheus/InfluxDB/Statsd

  36. None
  37. Load balancing wrr: Weighted Round Robin drr: Dynamic Round Robin

  38. Dynamic Round Robin examples [backends] [backends.backend1] [backends.backend1.circuitbreaker] expression = "NetworkErrorRatio()

    > 0.5" #expression = "ResponseCodeRatio(500, 600, 0, 600) > 0.5" #expression = "LatencyAtQuantileMS(50.0) > 50" [backends.backend1.servers.server1] url = "http://172.17.0.2:80" weight = 10 [backends.backend1.servers.server2] url = "http://172.17.0.3:80" weight = 1
  39. Health checks GET /endpoint to validate backend

  40. Health check example [backends] [backends.backend1] [backends.backend1.healthcheck] path = "/ping" interval

    = "10s" scheme = "http"
  41. Introducing Traefik Enterprise Edition (Dec 2018)

  42. Recap • Distributed as alpine-based docker image (22 MB!) •

    Configuration auto-reload • Dynamic backend discovery • Letsencrypt HTTPS with autopilot ◦ HTTP token challenge ◦ DNS challenge (wildcard certificates) • First-class load balancing with circuit-breakers, active health checks • Shared configuration (Cluster mode) with K/V store • Native metrics & status UI • TraefikEE: native raft (no K/V store), operator CLI
  43. THANKS