traefik101

Traefik
Traefik is an open-source Edge Router that makes publishing your services a fun and easy experience. It receives requests on behalf of your system and finds out which components are responsible for handling them.

  • Ingress objects are the rules that define the routes to our services. It’s like a proxy config ?
    ```
    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
    name: whoami-ingress
    annotations:
    kubernetes.io/ingress.class: traefik
    spec:
    rules:
  • host: whoami.localhost
    http:
    paths:
    • path: /
      backend:
      serviceName: whoami-service
      servicePort: http
      ```
  • Ingress controllers , Now that you have defined the rules to access your services from the outside, all you need is a component that routes the incoming requests according to the rules … and these components are called Ingress Controllers!
  • Traefik work as ingress controller, read INGRESS(rules) to know where to route the requests
  • certs for traefik and assign specific host 
    kubectl get secret api  -o=go-template='' | base64 -D | openssl x509 -text
curl -v -H "Host: api.aaa.com" https://api.com/fun1

Traefik vs Haproxy/Nginx

Traefik is a rather young project squarely aimed at those running their applications in orchestrated containers. It’s a load balancer that goes hand in hand with service discovery methods and tools, reload-less reconfiguration, modern metrics and monitoring, all the goodies that are essential when behind a nice frontend may hide hundreds of small (should I say micro?) services.

Configs

  • requestAcceptGraceTimeout
    Duration to give active requests a chance to finish before Traefik stops.

Metallb vs Ingress
refer_image
refer_git

  • MetalLB
    will allow us to emulate the power of the load balancers of the Cloud providers.
    a load balancer to allow nodes to communicate with the external world.
  • Ingress
    Define Host and route
    The ingress controller in this scenario will act as a reverse-proxy for your applications. This will enable domain binding, routing, url rewrite, etc

middlewares
ref
Attached to the routers, pieces of middleware are a means of tweaking the requests before they are sent to your service (or before the answer from the services are sent to the clients).

There are several available middleware in Traefik, some can modify the request, the headers, some are in charge of redirections, some add authentication, and so on.
img(°0°)

demo
demo

IngressRouteTCP
When web application security is a top concern then SSL passthrough should be opted at load balancer so that an incoming security sockets layer (SSL) request is not decrypted at the load balancer rather passed along to the server for decryption as is.
refer