Traefik 2.0 is here !
Traefik is a reverse proxy load balancer (and more), it can learn the routes to respond to by discovering them in multiple providers, Docker, Kubernetes …
Traefik v1.x is very stable, v2.x is fresh new tech, with breaking changes and unfinished documentation, so test it first.
From Traefik’s documentation:
- Providers discover the services that live on your infrastructure (their IP, health, …)
- Entrypoints listen for incoming traffic (ports, …)
- Routers analyze the requests (host, path, headers, SSL, …)
- Services forward the request to your services (load balancing, …)
- Middlewares may update the request or make decisions based on the request (authentication, rate limiting, headers, …)
In Traefik v1, Kubernetes ingress were used to discover the routes:
apiVersion: extensions/v1beta1 kind: Ingress
In Traefik v2, a custom resource definition is needed to provide
With Kubernetes the providers is called Kubernetes-crd
The CRD can be found here
It provides, Middleware, IngressRoute, IngressRouteTCP & TLSOption.
We need a service account, same as before, and then deploy Traefik itself, the good thing with Traefik v2 is you don’t need a traefik config file anymore, since you can do almost anything with the
Here is a complete gist which will install the CRD, the needed service account and deploy one Traefik 2.0 pod.
kubectl apply -f https://gist.github.com/akhenakh/56f922f39f7b8b212e3f878f91a00b10
Now the real changes, the way you declare a route:
First in v1, we used to redirect http to https as follow using the
defaultEntryPoints = ["http","https"] [entryPoints] [entryPoints.http] address = ":80" compress = true [entryPoints.http.redirect] regex = "^http://(.*)" replacement = "https://$1" permanent = true
In v2 we need to create a middleware, expressed like this for Kubernetes
apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: name: https-only spec: redirectScheme: scheme: https
Note: Middlewares can be chained using the Chain middleware!
In v1 we used to describe a route as follow:
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: caddy-git labels: app: "caddy-git" annotations: kubernetes.io/ingress.class: traefik spec: rules: - host: blog.nobugware.com http: paths: - path: / backend: serviceName: caddy-git servicePort: http
apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: blog-ingress namespace: default spec: entryPoints: - websecure routes: - match: Host(`blog.nobugware.com`) kind: Rule services: - name: caddy-git port: 80 tls: certResolver: default --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: blog-ingress80 namespace: default spec: entryPoints: - web routes: - match: Host(`blog.nobugware.com`) middlewares: - name: https-only kind: Rule services: - name: caddy-git port: 80
There are way more to explore, like traffic mirroring and canary updates.
This is a really promising new beginning for Traefik !
If you are are interested in advanced configuration example read my second post about Traefik 2.