Open in app

Sign in

Write

Sign in

Getting started with Traefik

Alex Richards
4 min readMar 1, 2017

--

A quick guide to getting Traefik up and running with Kubernetes.

What is Traefik?

From their website; Traefik is a modern HTTP reverse proxy and load balancer made to deploy micro-services with ease. It supports several backends (Docker, Swarm, Kubernetes, Marathon, Mesos, Consul, Etcd, Zookeeper, BoltDB, Rest API, file…) to manage its configuration automatically and dynamically.

Why EvaluAgent started using Traefik?

Our Kubernetes cluster runs on a fleet of Amazon Web Services (AWS) EC2 instances. We also utilise their Elastic Load Balancer (ELB) service that provisioned an ELB to each micro-service we run. Running ~10 micro-services per customer, the cost was getting quite high having an ELB for each service, so we needed to find an alternative. Enter Traefik.

By using Kubernetes Ingress controllers with Traefik we now have a single ELB per customer that we route all traffic to. From there, the Ingress controller (we setup one per externally exposed micro-service) tells Traefik what service needs the traffic, and how it’s going to get there.

Getting Started

Traefik provides a tiny docker image that you can use to get started, or you can fork the Github repo and go from there. For this, we’ll be using their docker image, version: v1.2.0-rc1-alpine. We are running Traefik on Kubernetes v1.5.2, but it should work from Kubernetes v1.4.7+.

The Deployment Controller
As a quick start, I’ve left the replicas as one although I’d recommend at least three if your going to run in production. The resource limits are also minimal, so they’ll probably need fine-tuning to suit your environment.

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: traefik-proxy
  labels:
    app: traefik-proxy
    tier: proxy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik-proxy
      tier: proxy
  template:
    metadata:
      labels:
        app: traefik-proxy
        tier: proxy
    spec:
      terminationGracePeriodSeconds: 60
      containers:
      - image: traefik:v1.2.0-rc1-alpine
        name: traefik-proxy
        resources:
          limits:
            cpu: "200m"
            memory: "30Mi"
          requests:
            cpu: "100m"
            memory: "20Mi"
        ports:
        - containerPort: 80
          hostPort: 80
          name: traefik-proxy
        - containerPort: 8080
          name: traefik-ui
        args:
        - --web
        - --kubernetes

Exposing the Proxy Service
There are two services that run on the container; Traefik Proxy (Port 80) and Traefik UI (Port 8080). The service for the Proxy, i’ve exposed on Port 443 so we can get HTTPS termination.

apiVersion: v1
kind: Service
metadata:
  name: traefik-proxy
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:eu-west-1:ACCOUNTID:certificate/CERT-ID"
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
spec:
  type: LoadBalancer
  selector:
    app: traefik-proxy
    tier: proxy
  ports:
  - port: 443
    targetPort: 80

Running the above will provision a single ELB in your AWS account that you can then CNAME your DNS entries too. You can use kubectl to get the ELB’s address by running:

kubectl describe service traefik-proxy | grep LoadBalancer

That command will return something like:

Type:   LoadBalancer
LoadBalancer Ingress: XXXXXXX-XXXXXXXXXX.eu-west-1.elb.amazonaws.com

Exposing the Traefik UI
This step will create a service in your Kubernetes cluster that will allow you to view the Traefik UI.

apiVersion: v1
kind: Service
metadata:
  name: traefik-web-ui
spec:
  selector:
    app: traefik-proxy
    tier: proxy
  ports:
  - port: 80
    targetPort: 8080

Creating Ingress Rules
The ingress rules can be as simple or complex as you require. For this example, I’m going to define a host name and what backend service I want the traffic routed to.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: auth-service
spec:
  rules:
  - host: auth-service.domain.com
    http:
      paths:
      - backend:
          serviceName: auth-service
          servicePort: 80

Once you’ve configured your DNS to CNAME your traffic to the Proxies ELB, any user that requests https://auth-service.domain.com in their browser will come through the ELB and into Traefik Proxy which will then route the traffic to my auth-service backend on Port 80.

The User Interface
You can access the UI by using the port-forwarding command in kubectl. To do this run;

kubectl port-forward $(kubectl get pods | grep traefik | awk -F' ' '{print $1}DD') 8080:8080

This command assumes you only have one pod running called Traefik. From your web browser, you can then visit localhost:8080 and you should see something like;

This screen will list all of your ingress controller rules and show you where the backend target is.

The health screen will give you some metrics around average response time and total status code count.

Health Screen

About EvaluAgent

We provide call centres with the software and support they need to engage their agents and deliver a truly great customer experience.

We are recruiting for Platform Engineers and UI Engineers. If your interested in working with some cool stuff like Amazon Web Services (EC2, RDS, Elasticache, Route53, S3, IAM, SQS, etc.), Kubernetes, Docker, Laravel, Symfony, Python and React take a look at our Careers page: http://www.evaluagent.net/careers

Kubernetes
Docker
Traefik
DevOps
Amazon Web Services

--

--

Alex Richards

Written by Alex Richards

63 Followers

DevOps & Co-Founder at EvaluAgent. Keen photographer. Father.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams