Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Traefik

Introduction to Traefik

From zero to Traefik in 40 minutes slides

First release at Container Day 2018 in Verona (26 Oct)
Reprise at Incontro DevOps 2019 in Bologna (8 Mar)
Third round at GDG DevFest 2019 in Pisa (13 Apr)

Example code: https://github.com/gionn/owncloud-traefik-example

#containerday #idi2019 #traefik #docker #golang

Giovanni Toraldo

October 26, 2018
Tweet

More Decks by Giovanni Toraldo

Other Decks in Technology

Transcript

  1. ➔ Open Source enthusiast ➔ software developer / devops ➔

    writer ➔ speaker ➔ aiming 2 euro coin at 36 meters with medieval crossbow ➔ Lead Developer & Co-Founder https://cloudesire.com
  2. Basic configuration - Entrypoints [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect]

    entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] [[entryPoints.https.tls.certificates]] certFile = "https/snitest.com.cert" keyFile = "https/snitest.com.key" [[entryPoints.https.tls.certificates]] certFile = "https/snitest.org.cert" keyFile = "https/snitest.org.key"
  3. Basic configuration - Frontends [frontends] [frontends.frontend1] backend = "backend2" [frontends.frontend1.routes.test_1]

    rule = "Host:test.localhost,test2.localhost" [frontends.frontend2] backend = "backend1" [frontends.frontend2.routes.test_1] rule = "HostRegexp:localhost,{subdomain:[a-z]+}.localhost" [frontends.frontend3] backend = "backend2" [frontends.frontend3.routes.test_1] rule = "Host:test3.localhost;Path:/test"
  4. Basic configuration - Backends [backends] [backends.backend1] [backends.backend1.servers.server1] url = "http://172.17.0.2:80"

    weight = 10 [backends.backend1.servers.server2] url = "http://172.17.0.3:80" weight = 1 [backends.backend2] [backends.backend2.servers.server1] url = "https://172.17.0.4:443" weight = 1 [backends.backend2.servers.server2] url = "https://172.17.0.5:443" weight = 2
  5. Backends real-time discovery • Docker / Docker Swarm • Kubernetes

    / Rancher • Mesos / Marathon • Consul Catalog • Eureka (Netflix) • Amazon ECS • Azure Service Fabric • Rest API • Plain File
  6. Docker backend # Enable Docker Provider. [docker] # Docker server

    endpoint. Can be a tcp or a unix socket endpoint. # # Required # endpoint = "unix:///var/run/docker.sock" # Default base domain used for the frontend rules. # # Required # domain = "docker.localhost"
  7. Real-life example - traefik.toml logLevel = "INFO" defaultEntryPoints = ["https","http"]

    [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] [acme] email = "[email protected]" storage = "acme.json" entryPoint = "https" onHostRule = true [acme.httpChallenge] entryPoint = "http"
  8. Real-life example - docker-compose.yml services: reverse-proxy: image: traefik command: --api

    --docker -c /etc/traefik.toml ports: - "80:80" - "443:443" - "8080:8080" # The Web UI (enabled by --api) volumes: - /var/run/docker.sock:/var/run/docker.sock # Listen on Docker events - ./traefik.toml:/etc/traefik.toml - ./acme.json:/acme.json
  9. Real-life example - docker-compose.yml (2) services: owncloud: image: owncloud/server:${OWNCLOUD_VERSION} ...

    labels: - "traefik.frontend.rule=Host:owncloud.gionn.net" db: image: webhippie/mariadb:latest ... labels: - "traefik.enable=false"
  10. Dynamic Round Robin examples [backends] [backends.backend1] [backends.backend1.circuitbreaker] expression = "NetworkErrorRatio()

    > 0.5" #expression = "ResponseCodeRatio(500, 600, 0, 600) > 0.5" #expression = "LatencyAtQuantileMS(50.0) > 50" [backends.backend1.servers.server1] url = "http://172.17.0.2:80" weight = 10 [backends.backend1.servers.server2] url = "http://172.17.0.3:80" weight = 1
  11. Recap • Distributed as alpine-based docker image (22 MB!) •

    Configuration auto-reload • Dynamic backend discovery • Letsencrypt HTTPS with autopilot ◦ HTTP token challenge ◦ DNS challenge (wildcard certificates) • First-class load balancing with circuit-breakers, active health checks • Shared configuration (Cluster mode) with K/V store • Native metrics & status UI • TraefikEE: native raft (no K/V store), operator CLI