October 2020 - Sergio Matone • Introducing Traefik Proxy 2.3. A Journey into Traefik Plugins via Gitops • S01-E02 - 16 November 2020 - Kevin Crawley [Traefik Labs] • Kubernetes Ingress Today and Tomorrow • S01-E03 – 17 December 2020 - Brian Christner [The Byte] • Metrics and Prometheus in Traefik Proxy and Pilot
became officially Traefik Labs • https://traefik.io/blog/traefik-labs-incubating-the-future-of-cloud-native- networking/ • What was formerly known as Traefik was renamed Traefik Proxy • But, how do you pronounce Traefik? • You pronounce Traefik like the regular word Traffic (/ˈtræfɪk/) • Using International Phonetic Alphabet (IPA) • ɪ was replaced with i, which makes the sound more French-friendly
• 30k+ Stars on GitHub • 500+ Contributors • Top 10 most popular image from Docker • Use Cases: • Routing & Load balancing • API Gateway • Certificate Management • Kubernetes Ingress
door to your platform or orchestrated microservices. • Intercepts and route incoming requests. • Routes and load balances requests to internal services according to specific logic. • Resilient to configuration changes. Dynamic configuration watches to orchestrators for new events.
for incoming traffic (port numbers exposed by Traefik). • Providers: existing infrastructure components, whose API are queried to find information about «real» services (IP, health). • Routers: analyze the request (host, path, headers, SSL) in order forward it to the correct service. • Services: abstraction that forward the request to the corresponding «real» services in the infrastructure (load balancing). • Middlewares: may transform the request before they are sent to services (auth, rate limiting, headers, path modifier)
two: • Static (or startup) configuration. The base configuration for Traefik (Entrypoints, Provider [type]). • Dynamic configuration (or Configuration Discovery), which is hot-reloaded anytime there are changes (Provider-dependant: Routers, Services, Middlewares).
to Provider: • Label based (Docker, Rancher, Consul) • CRD or Ingress (Kubernetes) • Key-Value based (etcd, Redis, ZooKeeper) • File based (YAML or TOML) HTTPS & TLS: • Traefik Proxy can act as entry point for TLS connections. • Let's Encrypt (ACME) is supported natively: • Automatic Certificate Generation & Renewal
the ability to add custom middleware functionality easily • Traefik Pilot Integration • SaaS application providing performance metrics, security, and update notifications in real time • Amazon ECS Provider • allows for the dynamic configuration of the provider using labels attached to ECS containers. • Improved Kubernetes IngressClass • New features enabled thanks to improvements to Ingress API released with K8s 1.18
open issues on middleware ideas go unimplemented (lack of resources / interest) • Proposed middlewares have been rejected based on maintenance or performance overhead concerns • High demand for custom middlewares as popular issue within Traefik Proxy repository (59 comments, 122 ) How ? • Written in GO • Interpreted and Executed real-time via Yaegi GO Interpreter • Stored and hosted as public Github Repos • Repositories must have ‘traefik-plugin’ topic set • Available through Plugin Marketplace in Traefik Pilot
Elegant Go Interpreter • Allows for the real-time execution of Go code • Exposes a simple interpreter API: New(), Eval(), Use() • Unsafe and Syscall are not used or exported by default • Support for Go 1.14 & 1.15 (ongoing support for latest releases) Developing Plugins • Traefik Proxy includes a development mode where loading plugins via filesystem is permitted • Go must be installed and configured • Plugins must have a valid `.traefik.yml` configuration manifest
Source Of Truth. • use Git Operations for building and deployment • hold separete repositories for any application and for infrastructure. GitOps Flavours • Push strategy: based on “push” made in git (GitLab CI, GitHub Actions, Jenkins X). • Pull strategy: which let the infrastructure manage itself performing its own “pull” from the git repository and applying it itself (ArgoCD, Flux).
our goal: • Start from an existing Cluster configured and deployed using Traefik Proxy and a «CNCF» plugin • We can validate and test locally that the configuration is working • Modify an existing plugin • Adding an extra header in all responses • Push modification into git • Wait for our cluster configuration to be reloaded (hopefully!)
October 2020 - Sergio Matone • Introducing Traefik Proxy 2.3. A Journey into Traefik Plugins via Gitops • S01-E02 - 16 November 2020 - Kevin Crawley [Traefik Labs] • Kubernetes Ingress Today and Tomorrow • S01-E03 – 17 December 2020 - Brian Christner [The Byte] • Metrics and Prometheus in Traefik Proxy and Pilot