A quick guide to getting Traefik up and running with Kubernetes.
From their website; Traefik is a modern HTTP reverse proxy and load balancer made to deploy micro-services with ease. It supports several backends (Docker, Swarm, Kubernetes, Marathon, Mesos, Consul, Etcd, Zookeeper, BoltDB, Rest API, file…) to manage its configuration automatically and dynamically.
Our Kubernetes cluster runs on a fleet of Amazon Web Services (AWS) EC2 instances. We also utilise their Elastic Load Balancer (ELB) service that provisioned an ELB to each micro-service we run. Running ~10 micro-services per customer, the cost was getting quite high having an ELB for each service, so we needed to find an alternative. Enter Traefik.
By using Kubernetes Ingress controllers with Traefik we now have a single ELB per customer that we route all traffic to. From there, the Ingress controller (we setup one per externally exposed micro-service) tells Traefik what service needs the traffic, and how it’s going to get there.
Traefik provides a tiny docker image that you can use to get started, or you can fork the Github repo and go from there. For this, we’ll be using their docker image, version: v1.2.0-rc1-alpine. We are running Traefik on Kubernetes v1.5.2, but it should work from Kubernetes v1.4.7+.
As a quick start, I’ve left the replicas as one although I’d recommend at least three if your going to run in production. The resource limits are also minimal, so they’ll probably need fine-tuning to suit your environment.
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: traefik-proxy
labels:
app: traefik-proxy
tier: proxy
spec:
replicas: 1
selector:
matchLabels:
app: traefik-proxy
tier: proxy
template:
metadata:
labels:
app: traefik-proxy
tier: proxy
spec:
terminationGracePeriodSeconds: 60
containers:
- image: traefik:v1.2.0-rc1-alpine
name: traefik-proxy
resources:
limits:
cpu: "200m"
memory: "30Mi"
requests:
cpu: "100m"
memory: "20Mi"
ports:
- containerPort: 80
hostPort: 80
name: traefik-proxy
- containerPort: 8080
name: traefik-ui
args:
- --web
- --kubernetes
There are two services that run on the container; Traefik Proxy (Port 80) and Traefik UI (Port 8080). The service for the Proxy, i’ve exposed on Port 443 so we can get HTTPS termination.
apiVersion: v1
kind: Service
metadata:
name: traefik-proxy
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:eu-west-1:ACCOUNTID:certificate/CERT-ID"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
spec:
type: LoadBalancer
selector:
app: traefik-proxy
tier: proxy
ports:
- port: 443
targetPort: 80
Running the above will provision a single ELB in your AWS account that you can then CNAME your DNS entries too. You can use kubectl
to get the ELB’s address by running:
kubectl describe service traefik-proxy | grep LoadBalancer
That command will return something like:
Type: LoadBalancer
LoadBalancer Ingress: XXXXXXX-XXXXXXXXXX.eu-west-1.elb.amazonaws.com
This step will create a service in your Kubernetes cluster that will allow you to view the Traefik UI.
apiVersion: v1
kind: Service
metadata:
name: traefik-web-ui
spec:
selector:
app: traefik-proxy
tier: proxy
ports:
- port: 80
targetPort: 8080
The ingress rules can be as simple or complex as you require. For this example, I’m going to define a host name and what backend service I want the traffic routed to.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: auth-service
spec:
rules:
- host: auth-service.domain.com
http:
paths:
- backend:
serviceName: auth-service
servicePort: 80
Once you’ve configured your DNS to CNAME your traffic to the Proxies ELB, any user that requests https://auth-service.domain.com
in their browser will come through the ELB and into Traefik Proxy which will then route the traffic to my auth-service backend on Port 80.
You can access the UI by using the port-forwarding command in kubectl
. To do this run;
kubectl port-forward $(kubectl get pods | grep traefik | awk -F' ' '{print $1}DD') 8080:8080
This command assumes you only have one pod running called Traefik. From your web browser, you can then visit localhost:8080
and you should see something like;
This screen will list all of your ingress controller rules and show you where the backend target is.
The health screen will give you some metrics around average response time and total status code count.
We provide call centres with the software and support they need to engage their agents and deliver a truly great customer experience.
We are recruiting for Platform Engineers and UI Engineers. If your interested in working with some cool stuff like Amazon Web Services (EC2, RDS, Elasticache, Route53, S3, IAM, SQS, etc.), Kubernetes, Docker, Laravel, Symfony, Python and React take a look at our Careers page: http://www.evaluagent.net/careers.
We are a leading niche digital & tech recruitment specialist for the North East of England. We Specialise in the acquisition of high-performing technology talent across a variety of IT sectors including Digital & Technology Software Development.
Our ultimate goal is to make a positive impact on every client and candidate we serve - from the initial call and introduction, right up to the final delivery, we want our clients and candidates to feel they have had a beneficial and productive experience.
If you’re looking to start your journey in sourcing talent or find your dream job, you’ll need a passionate, motivated team of experts to guide you. Check out our Jobs page for open vacancies. If interested, contact us or call 0191 620 0123 for a quick chat with our team.
Follow us on our blog, Facebook, LinkedIn, Twitter or Instagram to follow industry news, events, success stories and new blogs releases.
Back to Blog