Ingress controller for k8s
1

Whoami
Swapnasagar Pradhan
https://www.linkedin.com/in/swapnasagar-pradhan-724b2649/
Engineer @visa
Active member in - https://collabnix.slack.com/
Posting my views - @p0906swap
2

Why Traefik?
Why, Mr Anderson?
Why do you do it ?
5 . 1

Evolution Of Software Design
5 . 2

The Premise Of Microservices…
5 . 3

…And What Happens
5 . 4

Where’s My Service?
5 . 5

Tools Of The Trade
5 . 6

External traffic to k8s cluster
6 . 4
ClusterIP - exposes service only within cluster
NodePort - creates ClusterIP and exposes the same port on every node.
LoadBalancer- creates LB in cloud provider and points to respective ports (NodePort)
Ingress – gives you a way to route requests to services based on the request host or path
(L7), centralizing a number of services into a single entrypoint.

Ingress controllers
6 . 4
Nginx-ingress : Nginx Ingress Controller = Nginx + config generator for Nginx (you can
use to automate this but apparently it’s terrible.)
No dynamic discovery and dashboard and it’s the first choice and commonly used.
Haproxy : Best choice for load balancing TCP connections and great load balancing
algos.
Ambassador : Feature like traffic shadowing which allows you to test services in a live
production environment by mirroring request data.
Istio Ingress : More of a gateway and moving away from ingress
Voyager based on haproxy – not used much as believe more on roundrobin .
For most of all you need to write config files ….

What If ITold You?
That You Don’t Have to Write This Configuration File…?
5 . 8

Here Comes Traefik!
6. 1

Dev-ops criteria
6 . 4
Internal and external routing - Able to define how traffic external originating
outside cluster and internal traffic originating and terminating with in cluster is
routed between services.
Secure communication – communication endpoints to be secure.
Traffic shifting – Able to shift traffic between services – especially canary testing
Resiliency – able to throttle connections or implement circuit breaking.
Tracing – To see what’s going on across my entire application

Traefik 2.0 Quick Overview
Clarified Concepts
Expressive Routing Rule Syntax
Middlewares
T C P Support Canary /
Mirroring And so Much More…
Learn more on the blog post
6 . 4

Traefik (V2.0) Core Concepts
7. 1

Traefik Is An Edge Router
7 . 2

Traefik Dynamically Discovers
Services
7 . 3

Architecture (V2.0) At A Glance
7 . 4

Entrypoints
7 . 5

Routers
7 . 6

Middlewares
7 . 7

Services
7 . 8

Architecture (Again) At A Glance
7 . 9

Static & Dynamic Configuration
7. 10

Show Me The Configuration!
8. 1

Simple Example With ὃ
8 . 2

With ὃ
With Docker Compose:
v e r s i o n : ' 3 '
s e r v i c e s : r ever s e- pr oxy:
image: t r a e f i k : v 2 . 0
c ommand: - - pr ovi der s . doc ker p o r t s :
- "80:80"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
webapp:
image: containous/whoami l a b e l s :
- " t r a e f i k . h t t p . r o u t e r s . w e b a p p . r u l e = H o s t ( ` l o c a l h o s t ` ) "
8 . 3

With ὃ : Context
# https://mycompany.org/jenkins -> http://jenkins:8080/jenkins
j e n k i n s :
i mage: j enki ns /j enki ns : l t s environment:
- JENKINS_OPTS=--prefix=/jenkins
l a b e l s :
- " t r a e f i k . h t t p . s e r v i c e s . j e n k i n s . L o a d B a l a n c e r . s e r v e r . P o r t = 8 0 8 0 " # Because 50000 is also exposed
- " t r a e f i k . h t t p . r o u t e r s . j e n k i n s . r u l e = H o s t ( ` m y c o m p a n y . o r g ` ) && P a t h P r e f i x ( ` / j e n k i n s ` ) "
- " t r a e f i k . h t t p . r o u t e r s . j e n k i n s . s e r v i c e = j e n k i n s "
8 . 4

With ὃ : Rewrites
# https://mycompany.org/gitserver -> http://gitserver:3000/
g i t s e r v e r :
i mage: gi t ea/gi t ea l a b e l s :
- " t r a e f i k . h t t p . r o u t e r s . g i t s e r v e r . r u l e = H o s t ( ` m y c o m p a n y . o r g ` ) && P a t h P r e f i x ( ` / g i t s e r v e r ` ) "
- " t r a e f i k . h t t p . m i d d l e w a r e s . g i t s e r v e r - s t r i p p r e f i x . s t r i p p r e f i x . p r e f i x e s = / g i t s e r v e r "
- " t r a e f i k . h t t p . r o u t e r s . g i t s e r v e r . m i d d l e w a r e s = g i t s e r v e r - s t r i p p r e f i x "
8 . 5

With ὃ : Websockets
# https://webterminal.mycompany.org -> http://webterminal/
webterminal:
i mage: t s l 0922/t t yd l a b e l s :
- "traefik.http.routers.devbox.rule=Host(`webterminal.mycompany.org`)"
8 . 6

With File Configuration
8 . 7

Canaray Releases
h t t p :
s er vi c es : c anar y:
weighted:
s e r v i c e s :
- name: appv1 weight: 3 # 75%
- name: appv2
weight: 1 #25%
appv1:
l oadBal anc er : s e r v e r s :
- u r l : " h t t p : / / p r i v a t e - i p - s e r v e r - 1 / "
appv2:
l oadBal anc er : s e r v e r s :
- u r l : " h t t p : / / p r i v a t e - i p - s e r v e r - 2 / "
8 . 8

Traefik With ⎈
Diagram from https://medium.com/@geraldcroes
9. 1

Example Code With ⎈
api Ver s i on: ext ens i ons /v1bet a1 k i n d : Ingress
metadata:
annotations: kuber net es . i o/i ngr es s . c l as s : ' t r aef i k'
s p e c :
r u l e s :
- hos t : l oc al hos t h t t p :
p a t h s :
- pat h: " /whoami " backend:
serviceName: webapp
s e r v i c e P o r t : 80
9 . 2

⎈CRD - Custom Resources
Definition
# File "webapp.yaml"
a p i V e r s i o n : t r a e f i k . c o n t a i n o . u s / v 1 a l p h a 1 k i n d : IngressRoute
metadata:
name: s i mpl ei ngr es s r out e s p e c :
e n t r y P o i n t s :
- web r out es :
- match: H o s t ( ` l o c a l h o s t ` ) && PathPrefix(`/whoami`)
ki nd: Rul e s e r v i c e s :
- name: webapp
p o r t : 80
$ kubectl apply - f webapp.yaml
$ kubectl g e t ingressroute
9 . 3

⎈& TCP (With CRD)
a p i V e r s i o n : t r a e f i k . c o n t a i n o . u s / v 1 a l p h a 1 k i n d : IngressRouteTCP
metadata:
name: ingressroutetcpmongo.crd s p e c :
e n t r y P o i n t s :
- mongot c p r o u t e s :
- match: HostSNI(`mongo-prod`)
s e r v i c e s :
- name: mongo- pr od p o r t : 27017
9 . 4

Demo
10. 1

That’s All Folks!
13. 1