Traefik with Docker - Docker Meetup Bochum 2016-12

Traefik with Docker - Docker Meetup Bochum 2016-12

**Træfɪk with Docker talk**

Here you can find my docker slide container decks from my træfɪk docker orchestration talks:

- [Docker Meetup Bochum 2016 - Traefik with docker][1].
- open slidefire presentation container with `docker run -d -p 8000:80 infrabricks/traefik-with-docker:docker-meetup-bochum-2016-12`
- pdf [Traefik with Docker][2] is now avaiable!

Open slidefire presentation container with your browser `http :8000/traefik-with-docker`

Source and examples can be find at

* https://github.com/bee42/traefik-with-docker

Feedback welcome

[Peter Rossbach][3]

[1]: https://www.meetup.com/de-DE/Docker-Bochum/events/235649414/
[2]: https://speakerdeck.com/rossbachp/traefik-with-docker-docker-meetup-bochum-2016-12
[3]: http://twitter.com/PRossbach

6ebe854441b4860e1df99176012c8fea?s=128

Peter Rossbach

December 01, 2016
Tweet

Transcript

  1. 2.

    2 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 The Purpose, Organisation, Technology transition service Peter Rossbach - bee42 solutions gmbh @PRossbach Nicals Mietz - bee42 solutions gmbh @solidnerd peter.rossbach@bee42.com nicals.mietz@bee42.com
  2. 3.

    3 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 ɪ @traefikproxy @emilevauge https://traefik.io
  3. 4.

    4 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 ɪ Project founder is Emile Vauge (23.8.2015) Status at 29.11.2016 5419 Stars 309 issues closed 78 Contributors 6 Maintainer https://github.com/containous/traefik
  4. 5.

    5 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 ɪ It's fast No dependency hell, single binary made with go Rest API Multiple backends supported: Docker, Swarm, Kubernetes, Marathon, Mesos, Consul, Etcd, and more to come Watchers for backends, can listen for changes in backends to apply a new configuration automatically Hot-reloading of configuration. No need to restart the process Graceful shutdown http connections Circuit breakers on backends Round Robin, rebalancer load-balancers
  5. 6.

    6 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 ɪ Rest Metrics Tiny official docker image included SSL backends support SSL frontend support (with SNI) Clean AngularJS Web UI Websocket support HTTP/2 support Retry request if network error Let's Encrypt support (Automatic HTTPS with renewal) High Availability with cluster mode
  6. 9.

    9 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 ɪ $ cat >docker-compose.yml <<EOF version: "2" services: traefik: image: traefik command: --web --docker --docker.domain=docker.localhost --logLevel=DEBUG ports: - "80:80" - "8080:8080" volumes: - /var/run/docker.sock:/var/run/docker.sock - /dev/null:/traefik.toml labels: - "traefik.enable=false" whoami: image: emilevauge/whoami labels: - "traefik.backend=whoami" - "traefik.frontend.rule=Host:whoami.docker.localhost" EOF $ docker-compose up -d $ curl -L -H Host:whoami.docker.localhost http://localhost $ docker-compose scale whoami=3 $ curl -L -H Host:whoami.docker.localhost http://localhost $ curl -L -H Host:whoami.docker.localhost http://localhost $ docker-compose down
  7. 12.

    12 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 $ docker swarm init $ SWARM_TOKEN=$(docker swarm join-token -q worker) $ SWARM_MASTER=$(docker info | grep -w 'Node Address' | awk '{print $3}') $ NUM_WORKERS=3 $ for i in $(seq "${NUM_WORKERS}"); do \ docker run -d --privileged --name worker-${i} \ --hostname=worker-${i} -p ${i}2375:2375 docker:1.13.0-rc2-dind docker --host=localhost:${i}2375 \ swarm join --token ${SWARM_TOKEN} ${SWARM_MASTER}:2377 done $ docker run -it -d -p 5080:8000 \ -v /var/run/docker.sock:/var/run/docker.sock \ manomarks/visualizer http://blog.terranillius.com/post/swarm_dind/ https://github.com/ManoMarks/docker-swarm-visualizer https://medium.com/@alexeiled/docker-swarm-cluster-with-docker- in-docker-on-macos-bdbb97d6bb07#.yry5s0jiv
  8. 13.

    13 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 ɪ $ docker network create --driver=overlay traefik-net" $ docker service create \ --name traefik \ --constraint=node.role==manager \ --publish 80:80 \ --publish 8080:8080 \ --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock --network traefik-net \ traefik:v1.1.0 \ --docker \ --docker.swarmmode \ --docker.domain=traefik \ --docker.watch \ --web" https://github.com/containous/traefik/blob/master/docs/user- guide/swarm-mode.md
  9. 14.

    14 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 $ docker service create --name registry \ --constraint=node.role==manager \ --publish 5000:5000 registry:2 $ curl localhost:5000/v2/_catalog push your service image $ DOCKER_REGISTRY=localhost:5000 $ docker tag emilevauge/whoami $DOCKER_REGISTRY/emilevauge/whoami $ docker push $DOCKER_REGISTRY/emilevauge/whoami
  10. 15.

    15 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 Create whoami services $ docker service create \ --name whoami1 \ --label traefik.port=80 \ --network traefik-net \ $DOCKER_REGISTRY/emilevauge/whoami $ docker service create \ --name whoami2 \ --label traefik.port=80 \ --network traefik-net \ $DOCKER_REGISTRY/emilevauge/whoami Access the services $ docker service update --replicas 2 whoami1 $ docker service scale whoami1=4 whoami2=3 $ curl -H Host:whoami1.traefik http://localhost $ curl -H Host:whoami2.traefik http://localhost
  11. 16.

    16 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 ɪ [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] [[entryPoints.https.tls.certificates]] certFile = "tests/traefik.crt" keyFile = "tests/traefik.key"
  12. 17.

    17 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 ɪ [frontends] [frontends.frontend1] backend = "backend2" [frontends.frontend1.routes.test_1] rule = "Host:test.localhost,test2.localhost" [frontends.frontend2] backend = "backend1" passHostHeader = true priority = 10 entrypoints = ["https"] # overrides defaultEntryPoints [frontends.frontend2.routes.test_1] rule = "Host:localhost,{subdomain:[a-z]+}.localhost" [frontends.frontend3] backend = "backend2" [frontends.frontend3.routes.test_1] rule = "Host:test3.localhost;Path:/test" https://docs.traefik.io/basics/#frontends https://docs.traefik.io/basics/#backends
  13. 18.

    18 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 ɪ Docker socket support Docker swarm proxy Docker with swarming mode https://docs.traefik.io/#docker https://docs.traefik.io/user-guide/swarm/ https://docs.traefik.io/user-guide/swarm-mode/
  14. 19.

    19 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 ɪ traefik.backend=foo assign the container to foo backend traefik.backend.maxconn.amount=10 set a maximum number of connections to the backend. Must be used in conjunction with the below label to take effect. traefik.backend.maxconn.extractorfunc=client.ip set the function to be used against the request to determine what to limit maximum connections to the backend by. Must be used in conjunction with the above label to take effect. traefik.backend.loadbalancer.method=drr override the default wrr load balancer algorithm traefik.backend.loadbalancer.sticky=true enable backend sticky sessions traefik.backend.circuitbreaker.expression=NetworkErrorRatio() > 0.5 create a circuit breaker to be used against the backend traefik.port=80 register this port. Useful when the container exposes multiples ports. traefik.protocol=https override the default http protocol
  15. 20.

    20 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 ɪ traefik.weight=10 assign this weight to the container traefik.enable=false disable this container in Træfɪk traefik.frontend.rule=Host:test.traefik.io override the default frontend rule (Default: Host:{containerName}. {domain}). traefik.frontend.passHostHeader=true forward client Host header to the backend. traefik.frontend.priority=10 override default frontend priority traefik.frontend.entryPoints=http,https assign this frontend to entry points http and https. Overrides defaultEntryPoints. traefik.docker.network Set the docker network to use for connections to this container
  16. 23.

    23 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 ɪ $ curl -L http://localhost:8080/health { "pid": 1, "uptime": "32m13.34712143s", "uptime_sec": 1933.34712143, "time": "2016-12-01 05:35:52.819831303 +0000 UTC", "unixtime": 1480570552, "status_code_count": {}, "total_status_code_count": { "200": 12, "504": 5 }, "count": 0, "total_count": 17, "total_response_time": "2m30.038738015s", "total_response_time_sec": 150.038738015, "average_response_time": "8.825808118s", "average_response_time_sec": 8.825808118 }
  17. 24.

    24 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 start registry at your swarm localhost trick! push your build to registry start service from your local registry
  18. 25.

    25 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 Public TLS certs Automatic certs rotation Træfɪk use : The best Let's Encrypt library in go Lego https://letsencrypt.org/ https://github.com/xenolf/lego https://docs.traefik.io/user-guide/examples/#lets-encrypt- support
  19. 26.

    26 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 https://docs.traefik.io/toml/#acme-lets-encrypt-configuration
  20. 27.

    27 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 Check your certs A+ Talk from WJAX 2016 https://www.ssllabs.com/ssltest/ https://github.com/tboeghk/terrific-tls-tuning-tips
  21. 28.

    28 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 ɪ Redirect http to https on a per container (per frontend) basis Support Opentracing Traefik Stats System + Prometheus Exporter Docker - 2 independant rules on same container X-Forwarded-Proto and Websockets Add arbitrary headers to requests https://github.com/containous/traefik/projects/2
  22. 29.

    29 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 Træfɪk is a reverse proxy with easy setup and config Is supports static and dynamic Loadbalacing HTTP/1.1, HTTP/2 and websocket support Auto config with multiple service discoveries Kubernetes Docker + Docker swarming Consul ETCD ... Designed in mind for dynamic infrastructure and microservices Cool simple dashboard Metrics support Easy and free TLS support is now possible!
  23. 31.

    31 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 Start this presentation with docker run -d -ti -p 4212:80 infrabricks/traefik-with-docker open http://<dockerhost>:4212/traefik-with- docker Peter Rossbach follow the blog www.infrabricks.de @PRossbach More Training: http://www.bee42.com/training/
  24. 32.

    32 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 1.12 Docker Meetup Bochum - Træfɪk 5.12 DevOpsCon Docker Basic Workshop (Munich) 8.12 DevOpsCOn Docker Expert OpenSpace Workshop (Munich) 12-14.12 Docker Camp at Berlin 21.12 Docker Meetup Dortmund http://devops-training.de/
  25. 33.

    33 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 We offer TOP-IT jobs... http://bee42.github.io http://www.bee42.com
  26. 34.

    34 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 Living an Agile culture Influence us to DevOps-Journey Enable people to use modern technologies Build applications that living at the clouds Design services with clever API's Think infrastructure first send your offering to peter.rossbach@bee42.com
  27. 35.

    35 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 Create beautiful human responsive services Find new ways to create creative web service Find good solutions with HTML/CSS/Javascript to create simple services Think mobile first send your offering to peter.rossbach@bee42.com
  28. 36.

    36 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 We offer jobs... Administrator Experiences with Maintain a cluster of linux machines Setup Docker infrastructure Config management with ansible Release java applications Linux and mysql skills Developer Experiences with Create java based microservices Spring Boot and Netflix Stack Docker knowledge send your offering to p.rossbach@setlog.com
  29. 39.

    39 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 This slides shows shell commands executed in different places. The line prefix shows where to run them: $ ... – local machine > ... – remote machine # ... – docker container
  30. 40.

    40 / 40 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    12/2016 https:/traefik.io http://programmableinfrastructure.com/guides/load- balancing/traefik/ http://www.abhishekamralkar.com/2015-11-20-traefik- reverse-proxy-microservice http://www.infrabricks.de http://www.bee42.com https://www.docker.com https://github.com/docker/docker https://github.com/docker/machine https://github.com/docker/swarmkit