π Traefik
Info
Traefik is an open-source Edge Router designed for easy and dynamic routing of traffic to Docker, Kubernetes, and other services. It automatically discovers services and configures itself, enabling you to publish applications effortlessly and securely.
π Project Homepage: Traefik
π Documentation: Traefik Docs
π Overview
Info
Traefik simplifies routing for modern cloud-native applications by integrating with Docker, Kubernetes, and more. It automatically handles traffic distribution, security, and scaling without complex configurations.
Why Use Traefik?
-
Dynamic Service Discovery: Automatically configures routes to services.
-
Integrated SSL: Traefik supports automatic SSL certificates via ACME and integrates easily with Letβs Encrypt.
-
** Multi-cluster and Multi-cloud**: Seamlessly deploys across various platforms like Docker, Kubernetes, and Swarm.
-
Rich Dashboard: Provides a comprehensive UI to manage and monitor your routes and services.
π οΈ Features
Tip
Traefik enhances your workflow with several powerful features:
-
π Multi-Provider Support: Supports Docker, Kubernetes, Swarm, and more.
-
π HTTPS and TLS: Automatic SSL certificate generation with Letβs Encrypt or custom certs.
-
π Auto-scaling: Automatically routes traffic based on the available services and replicas.
-
π Dashboard: Real-time visibility of traffic, service status, and more.
-
βοΈ Easy Configuration: Configuration via simple YAML files or via providers (Docker, Kubernetes, etc.).
π Getting Started
π§βπ» Install Traefik
Info
To install Traefik on Kubernetes using Helm, follow these commands:
helm repo add traefik https://traefik.github.io/charts
helm repo update
helm install traefik traefik/traefikWarning
The Docker installation method is still a work in progress (WIP). Please refer to the official documentation for the latest updates.
π§ Configuration
π EntryPoints
HTTP Redirection
You can define HTTP redirection to HTTPS with the following configuration:
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
scheme: httpsHTTPS Configuration
To enable HTTPS:
entryPoints:
websecure:
address: :443π οΈ Routers
traefik.http.routers.router.entrypoints
Specifies which entrypoints the router listens on. Setting this to traefik.http.routers.router.entrypoints: websecure will expose the container on the websecure entrypoint.
Tip
When using
websecure, enabletraefik.http.routers.router.tlsto activate TLS.
traefik.http.routers.router.rule
Defines the rules for the router, such as FQDN, PathPrefix, etc.
- "traefik.enable=true"
- "traefik.http.routers.nginx-test.entrypoints=websecure"
- "traefik.http.routers.nginx-test.tls=true"
- "traefik.http.routers.nginx-test.rule=PathPrefix(`/nginx-test/`)"
- "traefik.http.routers.nginx-test.middlewares=nginx-test"
- "traefik.http.middlewares.nginx-test.stripprefix.prefixes=/nginx-test"π CertificatesResolvers
To enable DNS-based challenges (e.g., using Cloudflare, DigitalOcean, etc.) for ACME certificates:
certificatesResolvers:
yourresolver:
acme:
email: "your-mail-address"
dnsChallenge:
provider: your-dns-provider
resolvers:
- "your-dns-resolver-ip-addr:53"π ServersTransport
InsecureSkipVerify
To skip TLS verification from Traefik to your Servers, you can configure it like this:
serversTransport:
insecureSkipVerify: trueπ‘οΈ TLS Settings
defaultCertificates
Define default certificates in Traefik:
tls:
stores:
default:
defaultCertificate:
certFile: /your-traefik-cert.crt
keyFile: /your-traefik-key.keyoptions
Define TLS options like disabling insecure TLS versions:
tls:
options:
default:
minVersion: VersionTLS12π Related
-
Docker β Container platform supported by Traefik for easy integration.
-
Kubernetes β Orchestrator supported by Traefik for managing containerized applications.
-
Helm β Package manager for Kubernetes used to install Traefik.