October 2020 - Sergio Matone • Introducing Traefik Proxy 2.3. A Journey into Traefik Plugins via Gitops • S01-E02 - 16 November 2020 - Kevin Crawley [Traefik Labs] • Kubernetes Ingress Today and Tomorrow • S01-E03 – 17 December 2020 - Brian Christner [The Byte] • Metrics and Prometheus in Traefik Proxy and Pilot
became officially Traefik Labs • https://traefik.io/blog/traefik-labs-incubating-the-future-of-cloud-native- networking/ • What was formerly known as Traefik was renamed Traefik Proxy • But, how do you pronounce Traefik? • You pronounce Traefik like the regular word Traffic (/ˈtræfɪk/) • Using International Phonetic Alphabet (IPA) • ɪ was replaced with i, which makes the sound more French-friendly
• 30k+ Stars on GitHub • 500+ Contributors • Top 10 most popular image from Docker • Use Cases: • Routing & Load balancing • API Gateway • Certificate Management • Kubernetes Ingress
door to your platform or orchestrated microservices. • Intercepts and route incoming requests. • Routes and load balances requests to internal services according to specific logic. • Resilient to configuration changes. Dynamic configuration watches to orchestrators for new events.
for incoming traffic (port numbers exposed by Traefik). • Providers: existing infrastructure components, whose API are queried to find information about «real» services (IP, health). • Routers: analyze the request (host, path, headers, SSL) in order forward it to the correct service. • Services: abstraction that forward the request to the corresponding «real» services in the infrastructure (load balancing). • Middlewares: may transform the request before they are sent to services (auth, rate limiting, headers, path modifier)
two: • Static (or startup) configuration. The base configuration for Traefik (Entrypoints, Provider [type]). • Dynamic configuration (or Configuration Discovery), which is hot-reloaded anytime there are changes (Provider-dependant: Routers, Services, Middlewares).
to Provider: • Label based (Docker, Rancher, Consul) • CRD or Ingress (Kubernetes) • Key-Value based (etcd, Redis, ZooKeeper) • File based (YAML or TOML) HTTPS & TLS: • Traefik Proxy can act as entry point for TLS connections. • Let's Encrypt (ACME) is supported natively: • Automatic Certificate Generation & Renewal
the ability to add custom middleware functionality easily • Traefik Pilot Integration • SaaS application providing performance metrics, security, and update notifications in real time • Amazon ECS Provider • allows for the dynamic configuration of the provider using labels attached to ECS containers. • Improved Kubernetes IngressClass • New features enabled thanks to improvements to Ingress API released with K8s 1.18
open issues on middleware ideas go unimplemented (lack of resources / interest) • Proposed middlewares have been rejected based on maintenance or performance overhead concerns • High demand for custom middlewares as popular issue within Traefik Proxy repository (59 comments, 122 ) How ? • Written in GO • Interpreted and Executed real-time via Yaegi GO Interpreter • Stored and hosted as public Github Repos • Repositories must have ‘traefik-plugin’ topic set • Available through Plugin Marketplace in Traefik Pilot
Elegant Go Interpreter • Allows for the real-time execution of Go code • Exposes a simple interpreter API: New(), Eval(), Use() • Unsafe and Syscall are not used or exported by default • Support for Go 1.14 & 1.15 (ongoing support for latest releases) Developing Plugins • Traefik Proxy includes a development mode where loading plugins via filesystem is permitted • Go must be installed and configured • Plugins must have a valid `.traefik.yml` configuration manifest
Source Of Truth. • use Git Operations for building and deployment • hold separete repositories for any application and for infrastructure. GitOps Flavours • Push strategy: based on “push” made in git (GitLab CI, GitHub Actions, Jenkins X). • Pull strategy: which let the infrastructure manage itself performing its own “pull” from the git repository and applying it itself (ArgoCD, Flux).
our goal: • Start from an existing Cluster configured and deployed using Traefik Proxy and a «CNCF» plugin • We can validate and test locally that the configuration is working • Modify an existing plugin • Adding an extra header in all responses • Push modification into git • Wait for our cluster configuration to be reloaded (hopefully!)
October 2020 - Sergio Matone • Introducing Traefik Proxy 2.3. A Journey into Traefik Plugins via Gitops • S01-E02 - 16 November 2020 - Kevin Crawley [Traefik Labs] • Kubernetes Ingress Today and Tomorrow • S01-E03 – 17 December 2020 - Brian Christner [The Byte] • Metrics and Prometheus in Traefik Proxy and Pilot
futabato
estie
mizdra
sonatard
stewemetal
ryunakayama
hanetsuki
yoppie
hinakko2
lewuathe
bkuhlmann
kj455
cromwellryan
marktimemedia
danielanewman
chriscoyier
nonsquared
eileencodes
marcduiker
akosma
mthomps
thoeni
holman
tmm1
