Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Ingress controller for k8s 1
Whoami Swapnasagar Pradhan https://www.linkedin.com/in/swapnasagar-pradhan-724b2649/ Engineer @visa  Active member in - ht...
Why Traefik? Why, Mr Anderson?  Why do you do it ? 5 . 1
Evolution Of Software Design 5 . 2
The Premise Of Microservices… 5 . 3
…And What Happens 5 . 4
Where’s My Service? 5 . 5
Tools Of The Trade 5 . 6
External traffic to k8s cluster 6 . 4 ClusterIP - exposes service only within cluster NodePort - creates ClusterIP and exp...
Ingress controllers 6 . 4 Nginx-ingress : Nginx Ingress Controller = Nginx + config generator for Nginx (you can  use to a...
What If ITold You? That You Don’t Have to Write This Configuration File…? 5 . 8
Here Comes Traefik! 6. 1
Dev-ops criteria 6 . 4 Internal and external routing  - Able to define how traffic external originating  outside cluster a...
Traefik 2.0 Quick Overview Clarified Concepts Expressive Routing Rule Syntax   Middlewares T C P   Support  Canary /  Mirr...
Traefik (V2.0) Core Concepts 7. 1
Traefik Is An Edge Router 7 . 2
Traefik Dynamically Discovers Services 7 . 3
Architecture (V2.0) At A Glance 7 . 4
Entrypoints 7 . 5
Routers 7 . 6
Middlewares 7 . 7
Services 7 . 8
Architecture (Again) At A Glance 7 . 9
Static & Dynamic Configuration 7. 10
Show Me The Configuration! 8. 1
Simple Example With ὃ 8 . 2
With ὃ With Docker Compose: v e r s i o n : ' 3 ' s e r v i c e s : r ever s e- pr oxy: image: t r a e f i k : v 2 . 0 c o...
With ὃ : Context # https://mycompany.org/jenkins -> http://jenkins:8080/jenkins j e n k i n s : i mage: j enki ns /j enki ...
With ὃ : Rewrites # https://mycompany.org/gitserver -> http://gitserver:3000/ g i t s e r v e r : i mage: gi t ea/gi t ea ...
With ὃ : Websockets # https://webterminal.mycompany.org -> http://webterminal/ webterminal: i mage: t s l 0922/t t yd l a ...
With File Configuration 8 . 7
Canaray Releases h t t p : s er vi c es : c anar y: weighted: s e r v i c e s : - name: appv1 weight: 3 # 75% - name: appv...
Traefik With ⎈ Diagram from https://medium.com/@geraldcroes 9. 1
Example Code With ⎈ api Ver s i on: ext ens i ons /v1bet a1 k i n d : Ingress metadata: annotations: kuber net es . i o/i ...
⎈CRD - Custom Resources Definition # File "webapp.yaml" a p i V e r s i o n : t r a e f i k . c o n t a i n o . u s / v 1 ...
⎈& TCP (With CRD) a p i V e r s i o n : t r a e f i k . c o n t a i n o . u s / v 1 a l p h a 1 k i n d : IngressRouteTCP ...
Demo 10. 1
That’s All Folks! 13. 1
Awesome Traefik - Ingress Controller for Kubernetes - Swapnasagar Pradhan
Upcoming SlideShare
Loading in …5
×

Awesome Traefik - Ingress Controller for Kubernetes - Swapnasagar Pradhan

497 views

Published on

Collabnix Community conduct webinar on regular basis. Swapnasagar Pradhan, an engineer from VISA delivered a talk on Traefik this January 11th 2020. Check this out.

Published in: Engineering
no profile picture user

  • Login to see the comments

Awesome Traefik - Ingress Controller for Kubernetes - Swapnasagar Pradhan

  1. 1. Ingress controller for k8s 1
  2. 2. Whoami Swapnasagar Pradhan https://www.linkedin.com/in/swapnasagar-pradhan-724b2649/ Engineer @visa  Active member in - https://collabnix.slack.com/ Posting my views - @p0906swap 2
  3. 3. Why Traefik? Why, Mr Anderson?  Why do you do it ? 5 . 1
  4. 4. Evolution Of Software Design 5 . 2
  5. 5. The Premise Of Microservices… 5 . 3
  6. 6. …And What Happens 5 . 4
  7. 7. Where’s My Service? 5 . 5
  8. 8. Tools Of The Trade 5 . 6
  9. 9. External traffic to k8s cluster 6 . 4 ClusterIP - exposes service only within cluster NodePort - creates ClusterIP and exposes the same port on every node. LoadBalancer- creates LB in cloud provider and points to respective ports (NodePort) Ingress –  gives you a way to route requests to services based on the request host or path  (L7), centralizing a number of services into a single entrypoint.
  10. 10. Ingress controllers 6 . 4 Nginx-ingress : Nginx Ingress Controller = Nginx + config generator for Nginx (you can  use to automate this but apparently it’s terrible.)  No dynamic discovery and dashboard and it’s the first choice and commonly used. Haproxy :  Best choice for load balancing TCP connections and great load balancing  algos.   Ambassador : Feature like traffic shadowing which allows you to test services in a live  production environment by mirroring request data. Istio Ingress : More of a gateway and moving away from ingress   Voyager based on haproxy – not used much as believe more on roundrobin . For most of all you need to write config files ….
  11. 11. What If ITold You? That You Don’t Have to Write This Configuration File…? 5 . 8
  12. 12. Here Comes Traefik! 6. 1
  13. 13. Dev-ops criteria 6 . 4 Internal and external routing  - Able to define how traffic external originating  outside cluster and internal traffic originating and terminating with in cluster is  routed between services. Secure communication – communication endpoints to be secure. Traffic shifting – Able to shift traffic between services – especially canary testing  Resiliency – able to throttle connections or implement circuit breaking. Tracing – To see what’s going on across my entire application 
  14. 14. Traefik 2.0 Quick Overview Clarified Concepts Expressive Routing Rule Syntax   Middlewares T C P   Support  Canary /  Mirroring  And so Much More… Learn more on the blog post 6 . 4
  15. 15. Traefik (V2.0) Core Concepts 7. 1
  16. 16. Traefik Is An Edge Router 7 . 2
  17. 17. Traefik Dynamically Discovers Services 7 . 3
  18. 18. Architecture (V2.0) At A Glance 7 . 4
  19. 19. Entrypoints 7 . 5
  20. 20. Routers 7 . 6
  21. 21. Middlewares 7 . 7
  22. 22. Services 7 . 8
  23. 23. Architecture (Again) At A Glance 7 . 9
  24. 24. Static & Dynamic Configuration 7. 10
  25. 25. Show Me The Configuration! 8. 1
  26. 26. Simple Example With ὃ 8 . 2
  27. 27. With ὃ With Docker Compose: v e r s i o n : ' 3 ' s e r v i c e s : r ever s e- pr oxy: image: t r a e f i k : v 2 . 0 c ommand: - - pr ovi der s . doc ker p o r t s : - "80:80" volumes: - /var/run/docker.sock:/var/run/docker.sock webapp: image: containous/whoami l a b e l s : - " t r a e f i k . h t t p . r o u t e r s . w e b a p p . r u l e = H o s t ( ` l o c a l h o s t ` ) " 8 . 3
  28. 28. With ὃ : Context # https://mycompany.org/jenkins -> http://jenkins:8080/jenkins j e n k i n s : i mage: j enki ns /j enki ns : l t s environment: - JENKINS_OPTS=--prefix=/jenkins l a b e l s : - " t r a e f i k . h t t p . s e r v i c e s . j e n k i n s . L o a d B a l a n c e r . s e r v e r . P o r t = 8 0 8 0 " # Because 50000 is also exposed - " t r a e f i k . h t t p . r o u t e r s . j e n k i n s . r u l e = H o s t ( ` m y c o m p a n y . o r g ` ) && P a t h P r e f i x ( ` / j e n k i n s ` ) " - " t r a e f i k . h t t p . r o u t e r s . j e n k i n s . s e r v i c e = j e n k i n s " 8 . 4
  29. 29. With ὃ : Rewrites # https://mycompany.org/gitserver -> http://gitserver:3000/ g i t s e r v e r : i mage: gi t ea/gi t ea l a b e l s : - " t r a e f i k . h t t p . r o u t e r s . g i t s e r v e r . r u l e = H o s t ( ` m y c o m p a n y . o r g ` ) && P a t h P r e f i x ( ` / g i t s e r v e r ` ) " - " t r a e f i k . h t t p . m i d d l e w a r e s . g i t s e r v e r - s t r i p p r e f i x . s t r i p p r e f i x . p r e f i x e s = / g i t s e r v e r " - " t r a e f i k . h t t p . r o u t e r s . g i t s e r v e r . m i d d l e w a r e s = g i t s e r v e r - s t r i p p r e f i x " 8 . 5
  30. 30. With ὃ : Websockets # https://webterminal.mycompany.org -> http://webterminal/ webterminal: i mage: t s l 0922/t t yd l a b e l s : - "traefik.http.routers.devbox.rule=Host(`webterminal.mycompany.org`)" 8 . 6
  31. 31. With File Configuration 8 . 7
  32. 32. Canaray Releases h t t p : s er vi c es : c anar y: weighted: s e r v i c e s : - name: appv1 weight: 3 # 75% - name: appv2 weight: 1 #25% appv1: l oadBal anc er : s e r v e r s : - u r l : " h t t p : / / p r i v a t e - i p - s e r v e r - 1 / " appv2: l oadBal anc er : s e r v e r s : - u r l : " h t t p : / / p r i v a t e - i p - s e r v e r - 2 / " 8 . 8
  33. 33. Traefik With ⎈ Diagram from https://medium.com/@geraldcroes 9. 1
  34. 34. Example Code With ⎈ api Ver s i on: ext ens i ons /v1bet a1 k i n d : Ingress metadata: annotations: kuber net es . i o/i ngr es s . c l as s : ' t r aef i k' s p e c : r u l e s : - hos t : l oc al hos t h t t p : p a t h s : - pat h: " /whoami " backend: serviceName: webapp s e r v i c e P o r t : 80 9 . 2
  35. 35. ⎈CRD - Custom Resources Definition # File "webapp.yaml" a p i V e r s i o n : t r a e f i k . c o n t a i n o . u s / v 1 a l p h a 1 k i n d : IngressRoute metadata: name: s i mpl ei ngr es s r out e s p e c : e n t r y P o i n t s : - web r out es : - match: H o s t ( ` l o c a l h o s t ` ) && PathPrefix(`/whoami`) ki nd: Rul e s e r v i c e s : - name: webapp p o r t : 80 $ kubectl apply - f webapp.yaml $ kubectl g e t ingressroute 9 . 3
  36. 36. ⎈& TCP (With CRD) a p i V e r s i o n : t r a e f i k . c o n t a i n o . u s / v 1 a l p h a 1 k i n d : IngressRouteTCP metadata: name: ingressroutetcpmongo.crd s p e c : e n t r y P o i n t s : - mongot c p r o u t e s : - match: HostSNI(`mongo-prod`) s e r v i c e s : - name: mongo- pr od p o r t : 27017 9 . 4
  37. 37. Demo 10. 1
  38. 38. That’s All Folks! 13. 1

×