Traefik
π Traefik
[!info]
Traefik is an open-source Edge Router designed for easy and dynamic routing of traffic to Docker, Kubernetes, and other services. It automatically discovers services and configures itself, enabling you to publish applications effortlessly and securely.
π Project Homepage: Traefik
π Documentation: Traefik Docs
π Overview
[!info]
Traefik simplifies routing for modern cloud-native applications by integrating with Docker, Kubernetes, and more. It automatically handles traffic distribution, security, and scaling without complex configurations.
Why Use Traefik?
Dynamic Service Discovery: Automatically configures routes to services.
Integrated #SSL: Traefik supports automatic #SSL certificates via #ACME and integrates easily with Let's Encrypt.
** #Multi-cluster and #Multi-cloud**: Seamlessly deploys across various platforms like Docker, Kubernetes, and Swarm.
Rich Dashboard: Provides a comprehensive UI to manage and monitor your routes and services.
π οΈ Features
[!tip]
Traefik enhances your workflow with several powerful features:
π #Multi-Provider Support: Supports Docker, Kubernetes, Swarm, and more.
π #HTTPS and #TLS: Automatic #SSL certificate generation with Let's Encrypt or custom certs.
π Auto-scaling: Automatically routes traffic based on the available services and replicas.
π Dashboard: Real-time visibility of traffic, service status, and more.
βοΈ Easy Configuration: Configuration via simple #YAML files or via providers (Docker, Kubernetes, etc.).
π Getting Started
π§βπ» Install Traefik
[!info]
To install Traefik on Kubernetes using Helm, follow these commands:
helm repo add traefik https://traefik.github.io/charts
helm repo update
helm install traefik traefik/traefik
[!warning]
The Docker installation method is still a work in progress (WIP). Please refer to the official documentation for the latest updates.
π§ Configuration
π EntryPoints
#HTTP Redirection
You can define #HTTP redirection to #HTTPS with the following configuration:
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
scheme: https
#HTTPS Configuration
To enable #HTTPS:
entryPoints:
websecure:
address: :443
π οΈ Routers
traefik.http.routers.router.entrypoints
Specifies which entrypoints the router listens on. Setting this to traefik.http.routers.router.entrypoints: websecure will expose the container on the websecure entrypoint.
[!tip]
When usingwebsecure, enabletraefik.http.routers.router.tlsto activate #TLS.
traefik.http.routers.router.rule
Defines the rules for the router, such as #FQDN, PathPrefix, etc.
- "traefik.enable=true"
- "traefik.http.routers.nginx-test.entrypoints=websecure"
- "traefik.http.routers.nginx-test.tls=true"
- "traefik.http.routers.nginx-test.rule=PathPrefix(`/nginx-test/`)"
- "traefik.http.routers.nginx-test.middlewares=nginx-test"
- "traefik.http.middlewares.nginx-test.stripprefix.prefixes=/nginx-test"
π CertificatesResolvers
To enable DNS-based challenges (e.g., using Cloudflare, DigitalOcean, etc.) for #ACME certificates:
certificatesResolvers:
yourresolver:
acme:
email: "your-mail-address"
dnsChallenge:
provider: your-dns-provider
resolvers:
- "your-dns-resolver-ip-addr:53"
π ServersTransport
InsecureSkipVerify
To skip #TLS verification from Traefik to your Servers, you can configure it like this:
serversTransport:
insecureSkipVerify: true
π‘οΈ TLS Settings
defaultCertificates
Define default certificates in Traefik:
tls:
stores:
default:
defaultCertificate:
certFile: /your-traefik-cert.crt
keyFile: /your-traefik-key.key
options
Define #TLS options like disabling insecure #TLS versions:
tls:
options:
default:
minVersion: VersionTLS12
π Related
Docker β Container platform supported by Traefik for easy integration.
Kubernetes β Orchestrator supported by Traefik for managing containerized applications.
Helm β Package manager for Kubernetes used to install Traefik.
π Explore More
π Tags
#Traefik
#Docker
#Kubernetes
#HTTPS
#TLS
#Routing
#DevOps
#Cloud