Tags

Other

A quick guide to getting Traefik up and running with Kubernetes.

What is Traefik?

From their website; Traefik is a modern HTTP reverse proxy and load balancer made to deploy micro-services with ease. It supports several backends (DockerSwarmKubernetesMarathonMesosConsulEtcdZookeeperBoltDB, Rest API, file…) to manage its configuration automatically and dynamically.

Why EvaluAgent started using Traefik?

Our Kubernetes cluster runs on a fleet of Amazon Web Services (AWS) EC2 instances. We also utilise their Elastic Load Balancer (ELB) service that provisioned an ELB to each micro-service we run. Running ~10 micro-services per customer, the cost was getting quite high having an ELB for each service, so we needed to find an alternative. Enter Traefik.

By using Kubernetes Ingress controllers with Traefik we now have a single ELB per customer that we route all traffic to. From there, the Ingress controller (we setup one per externally exposed micro-service) tells Traefik what service needs the traffic, and how it’s going to get there.

Getting Started

Traefik provides a tiny docker image that you can use to get started, or you can fork the Github repo and go from there. For this, we’ll be using their docker image, version: v1.2.0-rc1-alpine. We are running Traefik on Kubernetes v1.5.2, but it should work from Kubernetes v1.4.7+.

The Deployment Controller

As a quick start, I’ve left the replicas as one although I’d recommend at least three if your going to run in production. The resource limits are also minimal, so they’ll probably need fine-tuning to suit your environment.

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: traefik-proxy
  labels:
    app: traefik-proxy
    tier: proxy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik-proxy
      tier: proxy
  template:
    metadata:
      labels:
        app: traefik-proxy
        tier: proxy
    spec:
      terminationGracePeriodSeconds: 60
      containers:
      - image: traefik:v1.2.0-rc1-alpine
        name: traefik-proxy
        resources:
          limits:
            cpu: "200m"
            memory: "30Mi"
          requests:
            cpu: "100m"
            memory: "20Mi"
        ports:
        - containerPort: 80
          hostPort: 80
          name: traefik-proxy
        - containerPort: 8080
          name: traefik-ui
        args:
        - --web
        - --kubernetes

Exposing the Proxy Service

There are two services that run on the container; Traefik Proxy (Port 80) and Traefik UI (Port 8080). The service for the Proxy, i’ve exposed on Port 443 so we can get HTTPS termination.

apiVersion: v1
kind: Service
metadata:
  name: traefik-proxy
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:eu-west-1:ACCOUNTID:certificate/CERT-ID"
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
spec:
  type: LoadBalancer
  selector:
    app: traefik-proxy
    tier: proxy
  ports:
  - port: 443
    targetPort: 80

Running the above will provision a single ELB in your AWS account that you can then CNAME your DNS entries too. You can use kubectl to get the ELB’s address by running:

kubectl describe service traefik-proxy | grep LoadBalancer

That command will return something like:

Type:   LoadBalancer
LoadBalancer Ingress: XXXXXXX-XXXXXXXXXX.eu-west-1.elb.amazonaws.com

Exposing the Traefik UI

This step will create a service in your Kubernetes cluster that will allow you to view the Traefik UI.

apiVersion: v1
kind: Service
metadata:
  name: traefik-web-ui
spec:
  selector:
    app: traefik-proxy
    tier: proxy
  ports:
  - port: 80
    targetPort: 8080

Creating Ingress Rules

The ingress rules can be as simple or complex as you require. For this example, I’m going to define a host name and what backend service I want the traffic routed to.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: auth-service
spec:
  rules:
  - host: auth-service.domain.com
    http:
      paths:
      - backend:
          serviceName: auth-service
          servicePort: 80

Once you’ve configured your DNS to CNAME your traffic to the Proxies ELB, any user that requests https://auth-service.domain.com in their browser will come through the ELB and into Traefik Proxy which will then route the traffic to my auth-service backend on Port 80.

The User Interface

You can access the UI by using the port-forwarding command in kubectl. To do this run;

kubectl port-forward $(kubectl get pods | grep traefik | awk -F' ' '{print $1}DD') 8080:8080

This command assumes you only have one pod running called Traefik. From your web browser, you can then visit localhost:8080 and you should see something like;

This screen will list all of your ingress controller rules and show you where the backend target is.

The health screen will give you some metrics around average response time and total status code count.

About EvaluAgent

We provide call centres with the software and support they need to engage their agents and deliver a truly great customer experience.

We are recruiting for Platform Engineers and UI Engineers. If your interested in working with some cool stuff like Amazon Web Services (EC2, RDS, Elasticache, Route53, S3, IAM, SQS, etc.), Kubernetes, Docker, Laravel, Symfony, Python and React take a look at our Careers page: http://www.evaluagent.net/careers.

Guest Blogger

emmawedekind profile

Special thanks to our guest blogger Alex Richards, a DevOps for his contribution to the Ronald James Blog this week.

twitter Alex Richards

Who Are Ronald James?

We are a leading niche digital & tech recruitment specialist for the North East of England. We Specialise in the acquisition of high-performing technology talent across a variety of IT sectors including Digital & Technology Software Development.

Our ultimate goal is to make a positive impact on every client and candidate we serve - from the initial call and introduction, right up to the final delivery, we want our clients and candidates to feel they have had a beneficial and productive experience.

Contact our Team

If you’re looking to start your journey in sourcing talent or find your dream job, you’ll need a passionate, motivated team of experts to guide you. Check out our Jobs page for open vacancies. If interested, contact us or call 0191 620 0123 for a quick chat with our team.

Let's be Friends!

Follow us on our blog, FacebookLinkedInTwitter or Instagram to follow industry news, events, success stories and new blogs releases.

 

 

Back to Blog

</Follow Us>