Traefik balancer review

Comparison with other balancers:

Functional	Traefik	Nginx	HAProxy
Automatic service discovery	Yes	No (requires additional settings)	No (requires additional settings)
Support for containers and orchestrators	Docker, Kubernetes, etc.	Limited	Limited
Dynamic configuration	Yes	Limited (with reboot)	Limited (with reboot)
HTTPS support and automatic receipt of certificates	Yes	Yes	Yes
Plugins and Extensibility	Eat	Yes (via modules)	Limited

Architecture

Traefik divides its architecture into two main components: Control plane And Data plane:

Control plane

Control plane is responsible for all the logic: discovering services before generating and applying routing configurations, interacts with various providers (like cybernets) to dynamically discover services and their states, and then form routing rules based on this data.

Main components of the Control plane:

Providers: configuration sources for Traefik. Providers can be static (configuration files) or dynamic (container orchestrators, discovery services, etc.). The control plane subscribes to changes in these providers to update the routing configuration in real time.

API and Dashboard: The interface allows you to view the current configuration, statistics and manage Traefik through the web interface or programmatically.

Configuration storage system: stores the current Traefik configuration received from all connected providers. This configuration is dynamically updated as the state of services or their configurations change.

When Traefik starts, the Control plane begins the service discovery process by connecting to the configured providers.

Traefik establishes connections with configured providers to obtain information about services and their status. The control plane collects configurations from all providers, combining them into a single routing configuration.

When a service state or configuration changes in one of the providers, the Control plane automatically updates the routing configuration in Traefik.

Data plane

Data plane is responsible for directly processing and routing incoming traffic to the appropriate services.

Based on the rules defined in the Control plane, the Data plane routes incoming requests to the appropriate backends or services, and also distributes requests across multiple service instances and decrypts encrypted traffic on the balancer side, reducing the load on the backends.

The data plane also uses various middleware to modify requests/responses or perform additional security checks.

The Data plane is very closely integrated with the Control plane and is capable of dynamically updating its configuration without restarts or interruption of traffic service.

traefik configuration

Traefik configuration file can be in TOML, YAML and JSON formats

Global:

global:
  checkNewVersion: true
  sendAnonymousUsage: true

checkNewVersion: Check for new versions on startup.

sendAnonymousUsage: Send anonymous usage statistics to improve Traefik.

EntryPoints:

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

Defines the entry points through which traffic enters Traefik, configures listening ports and, if necessary, TLS settings.

Providers:

providers:
  file:
    filename: /path/to/dynamic/conf.yaml
  docker:
    exposedByDefault: false

Provider configuration from where Traefik gets information about services. May include Docker, Kubernetes, file system, etc. More on this later.

APIs and dashboards:

api:
  dashboard: true

Includes Dashboard Traefik

Log:

log:
  level: ERROR
  filePath: /path/to/log/file.log
  format: common

Logging settings, including logging level, path to the log file and logging format.

Access log:

accessLog:
  filePath: /path/to/access/log/file.log
  bufferingSize: 100

Access log configuration, including file path and logging buffer size.

Certificates Resolvers for TLS:

certificatesResolvers:
  myresolver:
    acme:
      email: email@example.com
      storage: acme.json
      httpChallenge:
        entryPoint: web

Configuring certificate resolvers to automatically obtain and update SSL/TLS certificates via ACME, specifying the method for obtaining certificates and the entry point for verification.

Middlewares:

http:
  middlewares:
    testHeader:
      headers:
        customRequestHeaders:
          X-Script-Name: "traefik"

Defining middleware that can be used to modify requests/responses, add headers, redirect, etc.

services and loadbalancer:

http:
  routers:
    myRouter:
      rule: "Host(`example.com`)"
      service: "myService"
  services:
    myService:
      loadBalancer:
        servers:
        - url: "http://127.0.0.1:80"

Defines routers and services. Routers define rules for directing traffic to services, and services describe how traffic should be distributed among backends.

Setting up Traefik in Docker and Kubernetes

Docker

First you need to prepare docker-compose.yml file for Traefik. In this file we define how Traefik will be launched and how it will discover Docker containers:

version: '3'

services:
  traefik:
    image: traefik:v2.5
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
    ports:
      - "80:80"
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"

We mount a Docker socket so that Traefik can communicate with the Docker daemon and automatically detect running containers. Open port 80 for web traffic and port 8080 for access to Dashboard Traefik. We tell Traefik not to consider all containers by default to avoid unwanted publication of services.

Next, we'll add a service that Traefik should automatically discover and route traffic to. To do this, we will add another service to docker-compose.yml file:

services:
  my-service:
    image: my-service-image
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.my-service.rule=Host(`my-service.local`)"
      - "traefik.http.routers.my-service.entrypoints=web"

Let's launch my-service with the image my-service-image.

traefik.enable=true tells Traefik to process this container.

traefik.http.routers.my-service.rule=Host(my-service.local) defines a host-based routing rule.

traefik.http.routers.my-service.entrypoints=web points to the entrypoint we defined in the Traefik configuration.

After setup docker-compose.ymlrun:

docker-compose up -d

Traefik automatically detects my-service and begins to route traffic to it. You can check this via Dashboard Traefik at http://localhost:8080.

Kubernetes

We install Traefik as an Ingress Controller in our Kubernetes cluster. You can do this using Helm:

helm repo add traefik https://helm.traefik.io/traefik
helm repo update

helm install traefik traefik/traefik

You can customize the installation using the file values.yaml or passing parameters directly via cmd

Next you need to configure Ingress so that traffic can be directed to services:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
  annotations:
    kubernetes.io/ingress.class: "traefik"
spec:
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: example-service
            port:
              number: 80

The manifest creates an Ingress rule that directs all traffic to example.com to the service example-service per port 80.

Traefik automatically discovers services and Ingress resources in yours thanks to integration with the Kubernetes API.

Plugins

Plugins in Traefik are developed using Go and are implemented as individual modules that can be loaded and activated at runtime.

Traefik Pilot is a SaaS platform from the developers of Traefik that allows you to manage and monitor Traefik instances. To use plugins, you must register your instance of Traefik with Pilot and activate the required plugins through the web interface.

Once the plugin is activated in Pilot, it can be configured and used in your Traefik instance by adding the appropriate settings to the Traefik configuration.

Some of the popular plugins:

Traefik Custom Log Fields: Allows you to add custom fields to Traefik logs.
CORS: adds support CORS to requests.
Authelia: integrates Traefik with Authelia for strong authentication and authorization.
OAuth: OAuth support for user authentication.

Configuration for example for the CORS plugin in dynamic_conf.toml might look something like this:

[http.middlewares]
  [http.middlewares.myCorsPlugin.plugin.cors]
    accessControlAllowMethods = ["GET", "OPTIONS", "PUT"]
    accessControlAllowHeaders = ["Content-Type", "Authorization"]
    accessControlAllowOriginList = ["https://example.com"]
    accessControlMaxAge = 100
    addVaryHeader = true

Sample configuration configures CORS to allow requests with https://example.comsupporting methods GET, OPTIONS, PUT and setting the maximum prefetch cache time to 100 seconds.

In conclusion, I would like to remind you that my friends from OTUS There are a number of infrastructure courses taught by practicing industry experts. Details in the catalog.

Traefik balancer review

Architecture

Control plane

Data plane

traefik configuration

Setting up Traefik in Docker and Kubernetes

Docker

Kubernetes

Plugins

History of one interview. life hack

Burnout Revenge: Concentrated Racing Madness

Migrating the ribbon, menu and toolbar to nanoCAD. Import CUIX

Design meeting in the St. Petersburg office of Wrike December 5

Benchmark Prometheus vs VictoriaMetrics on node_exporter metrics

How do you know that a new feature will benefit the product and not harm it?

Leave a Reply Cancel reply

Architecture

Control plane

Data plane

traefik configuration

Setting up Traefik in Docker and Kubernetes

Docker

Kubernetes

Plugins

Similar Posts

Leave a Reply Cancel reply