You Had One Job:Configuring The Edge Proxy!

DevOps Pro Europe Vilnius 2019

1

About This PresentationPresentation available at

Q & A:Q & A: Join at with code #devops2019

https://containous.github.io/slides/devopspro-vilnius-2019

https://slido.com

2

WhoamiDamien DUPORTAL:

's Developer 🥑 Advocate @ Træ�k Containous

@DamienDuportal

dduportal

3

How To Use These Slides?Browse the slides:Browse the slides: Use the arrows

Change chapter: Left/Right arrows

Next or previous slide: Top and bottom arrows

Overview of the slides:Overview of the slides: keyboard’s shortcut "o"

Speaker mode (and notes):Speaker mode (and notes): keyboard’s shortcut "s"

4

Containous

We Believe in Open Source

We Deliver Trae�k

Commercial Support for Trae�k

20 people, 90% technical experts

https://containo.us

5

Why Traefik?

Why, Mr Anderson?

6 . 1

Evolution Of Software Design

6 . 2

The Premise Of Microservices…

6 . 3

… And What Happens

6 . 4

Where Is The Service?

6 . 5

Tools Of The Trade

6 . 6

Source: https://twitter.com/Caged/status/1039937162769096704

6 . 7

What If I Told You?

That You Don’t Have to Write This Con�guration File… ?

6 . 8

Here Comes Traefik!

6 . 9

Traefik Project

MIT License

Written in Go, a popular language

20,000+ ⭐

500M+ ⬇

350+ 👷

https://github.com/containous/trae�k

6 . 10

Traefik Core Concepts

7 . 1

Remember The Diagram?

7 . 2

Let’s Simplify

7 . 3

Providers

7 . 4

Entrypoints

7 . 5

Backends

7 . 6

Frontends

7 . 7

At A Glance

7 . 8

Show Me The Configuration!

8 . 1

Keep It SimpleWith 🐳:

entrypoint: image: traefik:v1.7 command: - "--docker" - "--docker.domain=mycompany.org" - "--acme.email=ssl-admin@mycompany.org" - "--acme.httpChallenge.entryPoint=http" # Or you could use a TOML file with "--configFile=/etc/traefik/traefik.toml volumes: - /var/run/docker.sock:/var/run/docker.sock

8 . 2

HTTPS For Everyone With Let’s Encrypt

TLS, DNS and HTTP challenges supported

8 . 3

With 🐳: Simple Backend# https://www.mycompany.org -> http://webserver:80/ webserver: image: nginx:alpine labels: - "traefik.frontend.rule=Host:www.mycompany.org"

8 . 4

With 🐳: Context# https://mycompany.org/jenkins -> http://jenkins:8080/jenkins jenkins: image: jenkins/jenkins:lts labels: - "traefik.frontend.rule=PathPrefix:/jenkins" - "traefik.port=8080" # Because 50000 is also exposed environment: - JENKINS_OPTS=--prefix=/jenkins

8 . 5

With 🐳: Rewrites# https://mycompany.org/gitserver -> http://gitserver:3000/ gitserver: image: gitea/gitea:1.5 labels: - "traefik.frontend.rule=PathPrefixStrip:/gitserver" - "traefik.port=3000" # Because 22 is also exposed

8 . 6

With 🐳: Websockets# https://mycompany.org/webterminal -> http://webterminal:7681/ webterminal: image: tsl0922/ttyd labels: - "traefik.frontend.rule=PathPrefixStrip:/webterminal" expose: - "7681"

8 . 7

Traefik With ⎈

Diagram from https://medium.com/@geraldcroes

8 . 8

Did You Say YAML?apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: # kubernetes.io/ingress.class: 'nginx' kubernetes.io/ingress.class: 'traefik' spec: rules: - host: mycompany.org http: paths: - path: "/whoami" backend: serviceName: whoami servicePort: 80

8 . 9

We Missed Talking About …

8 . 10

The Herd

You came to the wrong neighbour

9 . 1

Traefik Comes In Herd

9 . 2

High Availability

9 . 3

Security

9 . 4

Scalability

9 . 5

9 . 6

As Simple As TraefikInstall it:

Con�gure it:

# Cluster Installation traefikeectl install \ --licensekey="SuperSecretLicence" \ --dashboard \ --kubernetes # Or --swarm

# Routing Configuration, same as Traefik's traefikeectl deploy \ --acme.email=ssl-admin@mycompany.org --acme.tlsChallenge ...

9 . 7

Early (Free) Accesshttps://containo.us/trae�kee

9 . 8

ButWhat About Open Source?

9 . 9

10 . 1

Revamped Documentation

10 . 2

Clarified Concepts

10 . 3

Expressive Routing Rule Syntax

# Send both requests to backend service: # https://api.mycompany.com/v2 # https://api-v2.mycompany.com rule=(Host('api.mycompany.com') && PathPrefix('/v2')) || Host('api-v2.mycompany.com')

10 . 4

Middlewares

10 . 5

10 . 6

Quick Glance[entrypoints] [entrypoints.web-secure] address = ":443"

[http] [http.routers.to-service-1] rule = "Host(`demo.containous.cloud`)" service = "service-1" [http.routers.to-service-1.tls] # terminates the tls connection at HTTP

[tcp] [tcp.routers.to-service-2] rule = "HostSNI(`demo.containous.cloud`)" service = "service-2" [tcp.routers.to-service-2.tls] # terminates the tls connection at TCP

[tcp.routers.to-service-3] rule = "HostSNI(`demo.containous.cloud`)" service = "service-3" [tcp.routers.to-service-3.tls] passthrough = true # sends encrypted data "as is" to service-3

10 . 7

And So Much More… Learn more on the

Call for contribution: Grab it, Try it, and give us your feedback!

blog post

10 . 8

The End

11 . 1

We HaveStickers!

11 . 2

We Are Hiring!

docker run -it containous/jobs

11 . 3

Thank You!

Presentation available at

@DamienDuportal

dduportal

https://containous.github.io/slides/devopspro-vilnius-2019

11 . 4