Tweet
Tweet

Slide 1

Slide 1 text

Introduction to Traefik #idi2019 Bologna Giovanni Toraldo @gionn

Slide 2

Slide 2 text

➔ Open Source enthusiast ➔ software developer / devops ➔ writer ➔ speaker ➔ aiming 2 euro coin at 36 meters with medieval crossbow ➔ Lead Developer & Co-Founder https://cloudesire.com

Slide 3

Slide 3 text

https://demo.cloudesire.com

Slide 4

Slide 4 text

Why ANOTHER reverse-proxy?

Slide 5

Slide 5 text

Static configuration in a dynamic environment infrastructure and microservices

Slide 6

Slide 6 text

HTTPS everywhere rsync certificates and pkey everywhere

Slide 7

Slide 7 text

Metrics & Monitoring

Slide 8

Slide 8 text

Lack of API

Slide 9

Slide 9 text

modern HTTP reverse proxy and load balancer

Slide 10

Slide 10 text

Project overview

Slide 11

Slide 11 text

No content

Slide 12

Slide 12 text

Architecture

Slide 13

Slide 13 text

No content

Slide 14

Slide 14 text

No content

Slide 15

Slide 15 text

Plot twist Configuration hierarchy is going to change https://blog.containo.us/traefik-spoile r-season-episode-1-3dbcb1f5d8b9 (Nov 2018)

Slide 16

Slide 16 text

Static configuration (TOML syntax)

Slide 17

Slide 17 text

Basic configuration - Entrypoints [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] [[entryPoints.https.tls.certificates]] certFile = "https/snitest.com.cert" keyFile = "https/snitest.com.key" [[entryPoints.https.tls.certificates]] certFile = "https/snitest.org.cert" keyFile = "https/snitest.org.key"

Slide 18

Slide 18 text

Basic configuration - Frontends [frontends] [frontends.frontend1] backend = "backend2" [frontends.frontend1.routes.test_1] rule = "Host:test.localhost,test2.localhost" [frontends.frontend2] backend = "backend1" [frontends.frontend2.routes.test_1] rule = "HostRegexp:localhost,{subdomain:[a-z]+}.localhost" [frontends.frontend3] backend = "backend2" [frontends.frontend3.routes.test_1] rule = "Host:test3.localhost;Path:/test"

Slide 19

Slide 19 text

Basic configuration - Backends [backends] [backends.backend1] [backends.backend1.servers.server1] url = "http://172.17.0.2:80" weight = 10 [backends.backend1.servers.server2] url = "http://172.17.0.3:80" weight = 1 [backends.backend2] [backends.backend2.servers.server1] url = "https://172.17.0.4:443" weight = 1 [backends.backend2.servers.server2] url = "https://172.17.0.5:443" weight = 2

Slide 20

Slide 20 text

docker run -p 80:80 -p 443:443 -v ./traefik.toml:/traefik.toml traefik:latest -c /traefik.toml

Slide 21

Slide 21 text

Dynamic configuration Let magic happen

Slide 22

Slide 22 text

Backends real-time discovery ● Docker / Docker Swarm ● Kubernetes / Rancher ● Mesos / Marathon ● Consul Catalog ● Eureka (Netflix) ● Amazon ECS ● Azure Service Fabric ● Rest API ● Plain File

Slide 23

Slide 23 text

Docker backend # Enable Docker Provider. [docker] # Docker server endpoint. Can be a tcp or a unix socket endpoint. # # Required # endpoint = "unix:///var/run/docker.sock" # Default base domain used for the frontend rules. # # Required # domain = "docker.localhost"

Slide 24

Slide 24 text

Shared configuration (cluster mode) K/V store: Consul / Etcd / Zookeeper / BoltDB / DynamoDB

Slide 25

Slide 25 text

Traefik storeconfig -c traefik.toml

Slide 26

Slide 26 text

traefik --consul --consul.endpoint=127.0.0.1:8500 Cluster mode enabled

Slide 27

Slide 27 text

Real-life example OwnCloud + Docker-compose + Letsencrypt https://github.com/gionn/owncloud-traefik-example

Slide 28

Slide 28 text

Real-life example - traefik.toml logLevel = "INFO" defaultEntryPoints = ["https","http"] [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] [acme] email = "me@gionn.net" storage = "acme.json" entryPoint = "https" onHostRule = true [acme.httpChallenge] entryPoint = "http"

Slide 29

Slide 29 text

Real-life example - docker-compose.yml services: reverse-proxy: image: traefik command: --api --docker -c /etc/traefik.toml ports: - "80:80" - "443:443" - "8080:8080" # The Web UI (enabled by --api) volumes: - /var/run/docker.sock:/var/run/docker.sock # Listen on Docker events - ./traefik.toml:/etc/traefik.toml - ./acme.json:/acme.json

Slide 30

Slide 30 text

Real-life example - docker-compose.yml (2) services: owncloud: image: owncloud/server:${OWNCLOUD_VERSION} ... labels: - "traefik.frontend.rule=Host:owncloud.gionn.net" db: image: webhippie/mariadb:latest ... labels: - "traefik.enable=false"

Slide 31

Slide 31 text

Docker-compose up -d profit

Slide 32

Slide 32 text

Native status & monitoring UI

Slide 33

Slide 33 text

No content

Slide 34

Slide 34 text

No content

Slide 35

Slide 35 text

Prometheus/InfluxDB/Statsd

Slide 36

Slide 36 text

No content

Slide 37

Slide 37 text

Load balancing wrr: Weighted Round Robin drr: Dynamic Round Robin

Slide 38

Slide 38 text

Dynamic Round Robin examples [backends] [backends.backend1] [backends.backend1.circuitbreaker] expression = "NetworkErrorRatio() > 0.5" #expression = "ResponseCodeRatio(500, 600, 0, 600) > 0.5" #expression = "LatencyAtQuantileMS(50.0) > 50" [backends.backend1.servers.server1] url = "http://172.17.0.2:80" weight = 10 [backends.backend1.servers.server2] url = "http://172.17.0.3:80" weight = 1

Slide 39

Slide 39 text

Health checks GET /endpoint to validate backend

Slide 40

Slide 40 text

Health check example [backends] [backends.backend1] [backends.backend1.healthcheck] path = "/ping" interval = "10s" scheme = "http"

Slide 41

Slide 41 text

Introducing Traefik Enterprise Edition (Dec 2018)

Slide 42

Slide 42 text

Recap ● Distributed as alpine-based docker image (22 MB!) ● Configuration auto-reload ● Dynamic backend discovery ● Letsencrypt HTTPS with autopilot ○ HTTP token challenge ○ DNS challenge (wildcard certificates) ● First-class load balancing with circuit-breakers, active health checks ● Shared configuration (Cluster mode) with K/V store ● Native metrics & status UI ● TraefikEE: native raft (no K/V store), operator CLI

Slide 43

Slide 43 text

THANKS