Forked from saiyam1814/gist:25b77af095042160353aeeccfbd85830
Created
September 5, 2020 15:30
-
-
Save prayagsingh/05f489279183b2f911ba90d15230e428 to your computer and use it in GitHub Desktop.
Traefik Demos
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Ingress - https://kubernetes.io/docs/concepts/services-networking/ingress/ | |
| Ingress controller - https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/ | |
| DEMO 1 | |
| ======================= | |
| Centos 7 system | |
| yum install docker -y | |
| systemctl start docker | |
| systemctl enable docker | |
| #install docker-compose | |
| sudo curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | |
| sudo chmod +x /usr/local/bin/docker-compose | |
| # create a file docker-compose.yml | |
| version: '3' | |
| services: | |
| reverse-proxy: | |
| # The official v2 Traefik docker image | |
| image: traefik:v2.2 | |
| # Enables the web UI and tells Traefik to listen to docker | |
| command: --api.insecure=true --providers.docker | |
| ports: | |
| # The HTTP port | |
| - "80:80" | |
| # The Web UI (enabled by --api.insecure=true) | |
| - "8080:8080" | |
| volumes: | |
| # So that Traefik can listen to the Docker events | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| docker-compose up -d | |
| IP:8080/api/rawdata | |
| {"routers":{"api@internal":{"entryPoints":["traefik"],"service":"api@internal","rule":"PathPrefix(`/api`)","priority":2147483646,"status":"enabled","using":["traefik"]},"dashboard@internal":{"entryPoints":["traefik"],"middlewares":["dashboard_redirect@internal","dashboard_stripprefix@internal"],"service":"dashboard@internal","rule":"PathPrefix(`/`)","priority":2147483645,"status":"enabled","using":["traefik"]},"portainer@docker":{"entryPoints":["http"],"service":"portainer","rule":"Host(`portainer`)","status":"enabled","using":["http"]},"reverse-proxy-root@docker":{"entryPoints":["http"],"service":"reverse-proxy-root","rule":"Host(`reverse-proxy-root`)","status":"enabled","using":["http"]}},"middlewares":{"dashboard_redirect@internal":{"redirectRegex":{"regex":"^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$","replacement":"${1}/dashboard/","permanent":true},"status":"enabled","usedBy":["dashboard@internal"]},"dashboard_stripprefix@internal":{"stripPrefix":{"prefixes":["/dashboard/","/dashboard"]},"status":"enabled","usedBy":["dashboard@internal"]}},"services":{"api@internal":{"status":"enabled","usedBy":["api@internal"]},"dashboard@internal":{"status":"enabled","usedBy":["dashboard@internal"]},"noop@internal":{"status":"enabled"},"portainer@docker":{"loadBalancer":{"servers":[{"url":"http://172.17.0.2:8000"}],"passHostHeader":true},"status":"enabled","usedBy":["portainer@docker"],"serverStatus":{"http://172.17.0.2:8000":"UP"}},"reverse-proxy-root@docker":{"loadBalancer":{"servers":[{"url":"http://172.19.0.2:80"}],"passHostHeader":true},"status":"enabled","usedBy":["reverse-proxy-root@docker"],"serverStatus":{"http://172.19.0.2:80":"UP"}}}} | |
| # ... | |
| whoami: | |
| # A container that exposes an API to show its IP address | |
| image: containous/whoami | |
| labels: | |
| - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)" | |
| # docker-compose up -d whoami | |
| curl -H Host:whoami.docker.localhost http://127.0.0.1 | |
| docker-compose up -d --scale whoami=2 | |
| curl -H Host:whoami.docker.localhost http://127.0.0.1 | |
| ======================================================= | |
| DEMO 2 | |
| Kubernetes ingress | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: ingressroutes.traefik.containo.us | |
| spec: | |
| group: traefik.containo.us | |
| version: v1alpha1 | |
| names: | |
| kind: IngressRoute | |
| plural: ingressroutes | |
| singular: ingressroute | |
| scope: Namespaced | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: middlewares.traefik.containo.us | |
| spec: | |
| group: traefik.containo.us | |
| version: v1alpha1 | |
| names: | |
| kind: Middleware | |
| plural: middlewares | |
| singular: middleware | |
| scope: Namespaced | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: ingressroutetcps.traefik.containo.us | |
| spec: | |
| group: traefik.containo.us | |
| version: v1alpha1 | |
| names: | |
| kind: IngressRouteTCP | |
| plural: ingressroutetcps | |
| singular: ingressroutetcp | |
| scope: Namespaced | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: ingressrouteudps.traefik.containo.us | |
| spec: | |
| group: traefik.containo.us | |
| version: v1alpha1 | |
| names: | |
| kind: IngressRouteUDP | |
| plural: ingressrouteudps | |
| singular: ingressrouteudp | |
| scope: Namespaced | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: tlsoptions.traefik.containo.us | |
| spec: | |
| group: traefik.containo.us | |
| version: v1alpha1 | |
| names: | |
| kind: TLSOption | |
| plural: tlsoptions | |
| singular: tlsoption | |
| scope: Namespaced | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: tlsstores.traefik.containo.us | |
| spec: | |
| group: traefik.containo.us | |
| version: v1alpha1 | |
| names: | |
| kind: TLSStore | |
| plural: tlsstores | |
| singular: tlsstore | |
| scope: Namespaced | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: traefikservices.traefik.containo.us | |
| spec: | |
| group: traefik.containo.us | |
| version: v1alpha1 | |
| names: | |
| kind: TraefikService | |
| plural: traefikservices | |
| singular: traefikservice | |
| scope: Namespaced | |
| --- | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: traefik-ingress-controller | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - services | |
| - endpoints | |
| - secrets | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - extensions | |
| resources: | |
| - ingresses | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - extensions | |
| resources: | |
| - ingresses/status | |
| verbs: | |
| - update | |
| - apiGroups: | |
| - traefik.containo.us | |
| resources: | |
| - middlewares | |
| - ingressroutes | |
| - traefikservices | |
| - ingressroutetcps | |
| - ingressrouteudps | |
| - tlsoptions | |
| - tlsstores | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| --- | |
| kind: ClusterRoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: traefik-ingress-controller | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: traefik-ingress-controller | |
| subjects: | |
| - kind: ServiceAccount | |
| name: traefik-ingress-controller | |
| namespace: default | |
| ===================== | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: traefik-manual-token | |
| namespace: kube-system | |
| annotations: | |
| kubernetes.io/service-account.name: traefik-ingress-controller | |
| type: kubernetes.io/service-account-token | |
| ===================== | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: traefik | |
| spec: | |
| ports: | |
| - protocol: TCP | |
| name: web | |
| port: 8000 | |
| - protocol: TCP | |
| name: admin | |
| port: 8080 | |
| - protocol: TCP | |
| name: websecure | |
| port: 4443 | |
| selector: | |
| app: traefik | |
| type: NodePort | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: whoami | |
| spec: | |
| ports: | |
| - protocol: TCP | |
| name: web | |
| port: 80 | |
| selector: | |
| app: whoami | |
| ================================= | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| namespace: default | |
| name: traefik-ingress-controller | |
| --- | |
| kind: Deployment | |
| apiVersion: apps/v1 | |
| metadata: | |
| namespace: default | |
| name: traefik | |
| labels: | |
| app: traefik | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: traefik | |
| template: | |
| metadata: | |
| labels: | |
| app: traefik | |
| spec: | |
| serviceAccountName: traefik-ingress-controller | |
| containers: | |
| - name: traefik | |
| image: traefik:v2.2 | |
| args: | |
| - --api.insecure | |
| - --accesslog | |
| - --entrypoints.web.Address=:8000 | |
| - --entrypoints.websecure.Address=:4443 | |
| - --providers.kubernetescrd | |
| - --providers.kubernetesingress=true | |
| - --certificatesresolvers.myresolver.acme.tlschallenge | |
| - [email protected] | |
| - --certificatesresolvers.myresolver.acme.storage=acme.json | |
| # Please note that this is the staging Let's Encrypt server. | |
| # Once you get things working, you should remove that whole line altogether. | |
| - --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory | |
| ports: | |
| - name: web | |
| containerPort: 8000 | |
| - name: websecure | |
| containerPort: 4443 | |
| - name: admin | |
| containerPort: 8080 | |
| --- | |
| kind: Deployment | |
| apiVersion: apps/v1 | |
| metadata: | |
| namespace: default | |
| name: whoami | |
| labels: | |
| app: whoami | |
| spec: | |
| replicas: 2 | |
| selector: | |
| matchLabels: | |
| app: whoami | |
| template: | |
| metadata: | |
| labels: | |
| app: whoami | |
| spec: | |
| containers: | |
| - name: whoami | |
| image: containous/whoami | |
| ports: | |
| - name: web | |
| containerPort: 80 | |
| ==================================== | |
| apiVersion: traefik.containo.us/v1alpha1 | |
| kind: IngressRoute | |
| metadata: | |
| name: simpleingressroute | |
| namespace: default | |
| spec: | |
| entryPoints: | |
| - web | |
| routes: | |
| - match: PathPrefix(`/notls`) | |
| kind: Rule | |
| services: | |
| - name: whoami | |
| port: 80 | |
| --- | |
| apiVersion: traefik.containo.us/v1alpha1 | |
| kind: IngressRoute | |
| metadata: | |
| name: ingressroutetls | |
| namespace: default | |
| spec: | |
| entryPoints: | |
| - websecure | |
| routes: | |
| - match: PathPrefix(`/tls`) | |
| kind: Rule | |
| services: | |
| - name: whoami | |
| port: 80 | |
| tls: | |
| certResolver: myresolver |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment