SlideShare a Scribd company logo

Traefik 2.x features - canary deployment with Traefik and K3S

Jakub Hajek
Jakub Hajek

Traefik 2.x has implemented a few new features such as canary deployment, mirroring, and great integration with Kubernetes via CRD.

1 of 28
Download to read offline
TRAEFIK 2.X JAKUB HAJEK MAY, 7TH, 2020 WHAT HAS CANARY DEPLOYMENT GOT TO DO WITH SCRAMBLED EGGS?
▸ I am the owner and technical consultant (SRE) ▸ I work for Cometari ▸ I’ve been system admin since 1998 ▸ Cometari is a solutions company implementing DevOps culture and providing consultancy, workshops and software services. ▸ Our expertise are DevOps, Elastic Stack log analysis INTRODUCTION - JAKUB HAJEK
▸ SRE & Co - founder 56k.cloud ▸ Background containers, Cloud & engineering ▸ Cloud Architect for large deployments ▸ Passionate about DevOps & Monitoring and of course Mountain Biking ▸ Host of TheByte.io Podcast ▸ Docker Captain ▸ Traefik Ambassador INTRODUCTION - BRIAN CHRISTNER
▸ Cloud Development Manager @Done ▸ Software Section Lead, writer and speaker @msHOWTO ▸ An active member of Cloud Family ▸ Passionate about Software Development, Cloud and DevOps ▸ Mountain Biking ▸ Traefik Ambassador INTRODUCTION - MERT YETER
The aim of this meetup is to present what the key features delivered with Traefik 2.x are
TRAEFIK
ENTRYPOINT ROUTER SERVICE MIDDLEWARE 1 MIDDLEWARE 2 MIDDLEWARE 3 Request Calls to backend servers WHAT IS IT TRAEFIK?
TRAEFIK 2.X KEY FEATURES ▸ ROUTER= frontend, SERVICE=backend, MIDDLEWARE=rules ▸ TCP / UDP / GRPC support ▸ Kubernetes CRD ▸ Fully customisable routes via middleware, which can be reused on many routers ▸ YAML, TOML is still good ▸ A new dashboard with web UI ▸ Canary deployment with Service Load balancer ▸ Network traffic Mirroring with Service Load balancer ▸ Session Stickiness ▸ Consul catalog
ENTRYPOINTS :80, :443 ROUTERS PROVIDER 1 Traefik configuration introduction PROVIDER CONNECTION INFORMATION SERVICES MIDDLEWARES CERTIFICATES PROVIDER 2 DYNAMIC (WHILE RUNNING)STATIC (STARTUP TIME)
KUBERNETES CRD
KUBERNETES CRD AND AVAILABLE CUSTOM RESOURCES ▸ Ingressroute - HTTP routing - http router ▸ Middleware - tweaks the HTTP before they are sent to a service - HTTP Middleware ▸ TraefikService - abstraction for HTTP LB/mirroring ▸ IngressRouteTCP - TCP routing - TCP router ▸ TLSOptions - TLS connection parameters https://docs.traefik.io/routing/providers/kubernetes-crd/
CANARY DEPLOYMENT AND TRAFFIC MIRRORING
Traefik 2.x features - canary deployment with Traefik and K3S
CANARY DEPLOYMENT ▸ Deployment vs Release ▸ Instead of switching to new version in one step, we use a phased approach ▸ We deploy a new app in a small part of the production infrastructure ▸ Only a few users (1%) are routed to the newest version (Release) ▸ With no errors reported, the new version can be released to the rest of the infrastructure.
CANARY VERSION 2 VERSION 1 https://service Canary deployment with Service Load balancers 1% of live traffic, a few users Majority of users https://github.com/containous/traefik/issues/1164
CANARY VERSION 2 https://service Canary deployment with Service Load balancers VERSION 2VERSION 2VERSION 2
MIRRORING OR LIVE TRAFFIC SHADOW ▸ Understand difference between Deployment vs Release ▸ Deployment brings new code to the production, no production traffic yet! ▸ Run smoke, integration tests to make sure that new deployment has no impact to your users ▸ Release brings live traffic to a deployment. ▸ We can shadow live traffic to the new deployment and reduce the risk of failure.
MIRRORING VERSION 2 VERSION 1 https://service Mirroring with Service Load Balancer 20% https://github.com/containous/traefik/issues/2989
DEMO ENVIRONMENT
DEMO ENVIRONMENT IN DETAILS ▸ K3S cluster consisting of 3 nodes ▸ SSL certs issued by Lets Encrypt ▸ FQDN domains: ▸ https://a.labs.cometari.eu ▸ https://c.labs.cometari.eu ▸ DNS Round Robin: Route 53 with its implemented health checks
K3S CLUSTER IN 2 COMMANDS ▸ MASTER: ▸ curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="server --no-deploy traefik -- node-name node1" sh - ▸ WORKERS: ▸ curl -sfL https://get.k3s.io | K3S_URL=https://master- node.com:6443 K3S_TOKEN=SECRET_TOKEN INSTALL_K3S_EXEC=“agent --node-name node2" sh -
Talk is cheap, show me the code!
DEMO TIME
DEMO SCENARIOS ▸ Web UI to see how services are deployed ▸ Example of Canary deployment ▸ Example of Mirroring configuration
A FEW BENEFITS OF CANARY DEPLOYMENT ▸ Traefik provides flexible way to proceed with canary (K8S, K3S, Swarm) ▸ Reduce time to market ▸ Canary deployment allows you validate your application in real production environment ▸ Rolling out releases ▸ No need to maintain a lot of staging / testing environments
SOURCE CODE OF CONFIGURATION FILES ▸ https://github.com/jakubhajek/traefik-kubernetescrd
THANK YOU @_JAKUBHAJEK JAKUB.HAJEK@COMETARI.COM
“I strongly believe that implementing DevOps culture, across the entire organisation, should provide measurable value and solve the real issue rather than generate a new one.” Jakub Hajek, Cometari
Ad

Recommended

How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switch
IT Tech
 
NAT Traversal
NAT TraversalNAT Traversal
NAT Traversal
Davide Carboni
 
Canary deployment with Traefik and K3S
Canary deployment with Traefik and K3SCanary deployment with Traefik and K3S
Canary deployment with Traefik and K3S
Jakub Hajek
 
pfSense Installation Slide
pfSense Installation SlidepfSense Installation Slide
pfSense Installation Slide
Sopon Tumchota
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
Peng Xiao
 
Netacad
NetacadNetacad
Netacad
aparrilli
 
Understanding docker networking
Understanding docker networkingUnderstanding docker networking
Understanding docker networking
Lorenzo Fontana
 
FortiMail
FortiMailFortiMail
FortiMail
TestSpam1
 
Firewall and NAT Fundamentals - pfSense Hangout January 2014
Firewall and NAT Fundamentals - pfSense Hangout January 2014Firewall and NAT Fundamentals - pfSense Hangout January 2014
Firewall and NAT Fundamentals - pfSense Hangout January 2014
Netgate
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected access
Lopamudra Das
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
AWS Germany
 
How Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsHow Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptions
Uday Bhatia
 
Build and run embedded apps faster from qt creator with docker
Build and run embedded apps faster from qt creator with dockerBuild and run embedded apps faster from qt creator with docker
Build and run embedded apps faster from qt creator with docker
Qt
 
Hacking the swisscom modem
Hacking the swisscom modemHacking the swisscom modem
Hacking the swisscom modem
Cyber Security Alliance
 
Building a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istioBuilding a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istio
SAMIR BEHARA
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
Dhrumil Shah
 
Dell VLT reference architecture v2 0
Dell VLT reference architecture v2 0Dell VLT reference architecture v2 0
Dell VLT reference architecture v2 0
David Pasek
 
Board Support Package Fact Sheet | Manual Guide
Board Support Package Fact Sheet | Manual GuideBoard Support Package Fact Sheet | Manual Guide
Board Support Package Fact Sheet | Manual Guide
Embitel Technologies - A VOLKSWAGEN GROUP COMPANY
 
VLAN and its implementation
VLAN and its implementation VLAN and its implementation
VLAN and its implementation
Mohit Kumar
 
IS-IS Protocol Introduction
IS-IS Protocol IntroductionIS-IS Protocol Introduction
IS-IS Protocol Introduction
NetProtocol Xpert
 
VoIP and data communication using cisco packet tracer
VoIP and data communication using cisco packet tracerVoIP and data communication using cisco packet tracer
VoIP and data communication using cisco packet tracer
Fikri Paramadina
 
LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?
Jérôme Petazzoni
 
Cisco router basic
Cisco router basicCisco router basic
Cisco router basic
Tapan Khilar
 
Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016
Netgate
 
wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL and TLS 1.3
wolfSSL and TLS 1.3
wolfSSL
 
Intrusion Detection And Prevention
Intrusion Detection And PreventionIntrusion Detection And Prevention
Intrusion Detection And Prevention
Nicholas Davis
 
Secure shell
Secure shellSecure shell
Secure shell
Arjun Aj
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
Juraj Hantak
 
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
Juraj Hantak
 
Traefik as an open source edge router for microservice architectures
Traefik as an open source edge router for microservice architecturesTraefik as an open source edge router for microservice architectures
Traefik as an open source edge router for microservice architectures
Jakub Hajek
 
Ad

More Related Content

What's hot (20)

Firewall and NAT Fundamentals - pfSense Hangout January 2014
Firewall and NAT Fundamentals - pfSense Hangout January 2014Firewall and NAT Fundamentals - pfSense Hangout January 2014
Firewall and NAT Fundamentals - pfSense Hangout January 2014
Netgate
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected access
Lopamudra Das
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
AWS Germany
 
How Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsHow Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptions
Uday Bhatia
 
Build and run embedded apps faster from qt creator with docker
Build and run embedded apps faster from qt creator with dockerBuild and run embedded apps faster from qt creator with docker
Build and run embedded apps faster from qt creator with docker
Qt
 
Hacking the swisscom modem
Hacking the swisscom modemHacking the swisscom modem
Hacking the swisscom modem
Cyber Security Alliance
 
Building a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istioBuilding a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istio
SAMIR BEHARA
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
Dhrumil Shah
 
Dell VLT reference architecture v2 0
Dell VLT reference architecture v2 0Dell VLT reference architecture v2 0
Dell VLT reference architecture v2 0
David Pasek
 
Board Support Package Fact Sheet | Manual Guide
Board Support Package Fact Sheet | Manual GuideBoard Support Package Fact Sheet | Manual Guide
Board Support Package Fact Sheet | Manual Guide
Embitel Technologies - A VOLKSWAGEN GROUP COMPANY
 
VLAN and its implementation
VLAN and its implementation VLAN and its implementation
VLAN and its implementation
Mohit Kumar
 
IS-IS Protocol Introduction
IS-IS Protocol IntroductionIS-IS Protocol Introduction
IS-IS Protocol Introduction
NetProtocol Xpert
 
VoIP and data communication using cisco packet tracer
VoIP and data communication using cisco packet tracerVoIP and data communication using cisco packet tracer
VoIP and data communication using cisco packet tracer
Fikri Paramadina
 
LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?
Jérôme Petazzoni
 
Cisco router basic
Cisco router basicCisco router basic
Cisco router basic
Tapan Khilar
 
Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016
Netgate
 
wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL and TLS 1.3
wolfSSL and TLS 1.3
wolfSSL
 
Intrusion Detection And Prevention
Intrusion Detection And PreventionIntrusion Detection And Prevention
Intrusion Detection And Prevention
Nicholas Davis
 
Secure shell
Secure shellSecure shell
Secure shell
Arjun Aj
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
Juraj Hantak
 
Firewall and NAT Fundamentals - pfSense Hangout January 2014
Firewall and NAT Fundamentals - pfSense Hangout January 2014Firewall and NAT Fundamentals - pfSense Hangout January 2014
Firewall and NAT Fundamentals - pfSense Hangout January 2014
Netgate
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected access
Lopamudra Das
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
AWS Germany
 
How Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsHow Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptions
Uday Bhatia
 
Build and run embedded apps faster from qt creator with docker
Build and run embedded apps faster from qt creator with dockerBuild and run embedded apps faster from qt creator with docker
Build and run embedded apps faster from qt creator with docker
Qt
 
Hacking the swisscom modem
Hacking the swisscom modemHacking the swisscom modem
Hacking the swisscom modem
Cyber Security Alliance
 
Building a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istioBuilding a scalable microservice architecture with envoy, kubernetes and istio
Building a scalable microservice architecture with envoy, kubernetes and istio
SAMIR BEHARA
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
Dhrumil Shah
 
Dell VLT reference architecture v2 0
Dell VLT reference architecture v2 0Dell VLT reference architecture v2 0
Dell VLT reference architecture v2 0
David Pasek
 
Board Support Package Fact Sheet | Manual Guide
Board Support Package Fact Sheet | Manual GuideBoard Support Package Fact Sheet | Manual Guide
Board Support Package Fact Sheet | Manual Guide
Embitel Technologies - A VOLKSWAGEN GROUP COMPANY
 
VLAN and its implementation
VLAN and its implementation VLAN and its implementation
VLAN and its implementation
Mohit Kumar
 
IS-IS Protocol Introduction
IS-IS Protocol IntroductionIS-IS Protocol Introduction
IS-IS Protocol Introduction
NetProtocol Xpert
 
VoIP and data communication using cisco packet tracer
VoIP and data communication using cisco packet tracerVoIP and data communication using cisco packet tracer
VoIP and data communication using cisco packet tracer
Fikri Paramadina
 
LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?
Jérôme Petazzoni
 
Cisco router basic
Cisco router basicCisco router basic
Cisco router basic
Tapan Khilar
 
Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016
Netgate
 
wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL and TLS 1.3
wolfSSL and TLS 1.3
wolfSSL
 
Intrusion Detection And Prevention
Intrusion Detection And PreventionIntrusion Detection And Prevention
Intrusion Detection And Prevention
Nicholas Davis
 
Secure shell
Secure shellSecure shell
Secure shell
Arjun Aj
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
Juraj Hantak
 

Similar to Traefik 2.x features - canary deployment with Traefik and K3S (20)

10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
Juraj Hantak
 
Traefik as an open source edge router for microservice architectures
Traefik as an open source edge router for microservice architecturesTraefik as an open source edge router for microservice architectures
Traefik as an open source edge router for microservice architectures
Jakub Hajek
 
Container Orchestration with Traefik 2.x
Container Orchestration with Traefik 2.xContainer Orchestration with Traefik 2.x
Container Orchestration with Traefik 2.x
Jakub Hajek
 
Cloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesCloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit Kubernetes
QAware GmbH
 
JDO 2019: Container orchestration with Docker Swarm - Jakub Hajek
JDO 2019: Container orchestration with Docker Swarm - Jakub HajekJDO 2019: Container orchestration with Docker Swarm - Jakub Hajek
JDO 2019: Container orchestration with Docker Swarm - Jakub Hajek
PROIDEA
 
Full stack development best practice and toolset
Full stack development best practice and toolsetFull stack development best practice and toolset
Full stack development best practice and toolset
Reid Lai
 
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAconCloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
Mario-Leander Reimer
 
Connect Everything with NATS - Cloud Expo Europe
Connect Everything with NATS - Cloud Expo EuropeConnect Everything with NATS - Cloud Expo Europe
Connect Everything with NATS - Cloud Expo Europe
wallyqs
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting Techniques
Sreenivas Makam
 
Kubernetes Navigation Stories – DevOpsStage 2019, Kyiv
Kubernetes Navigation Stories – DevOpsStage 2019, KyivKubernetes Navigation Stories – DevOpsStage 2019, Kyiv
Kubernetes Navigation Stories – DevOpsStage 2019, Kyiv
Aleksey Asiutin
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017
Patrick Chanezon
 
Containerising bootiful microservices javaeeconf
Containerising bootiful microservices javaeeconfContainerising bootiful microservices javaeeconf
Containerising bootiful microservices javaeeconf
Ivan Vasyliev
 
Kubered -Recipes for C2 Operations on Kubernetes
Kubered -Recipes for C2 Operations on KubernetesKubered -Recipes for C2 Operations on Kubernetes
Kubered -Recipes for C2 Operations on Kubernetes
Jeffrey Holden
 
21st Docker Switzerland Meetup - ISTIO
21st Docker Switzerland Meetup - ISTIO21st Docker Switzerland Meetup - ISTIO
21st Docker Switzerland Meetup - ISTIO
Niklaus Hirt
 
Docker meetup - PaaS interoperability
Docker meetup - PaaS interoperabilityDocker meetup - PaaS interoperability
Docker meetup - PaaS interoperability
Ludovic Piot
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stack
QAware GmbH
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
Mario-Leander Reimer
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Patrick Chanezon
 
Chicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyChicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - Mediafly
Mediafly
 
Natively clouded Journey
Natively clouded JourneyNatively clouded Journey
Natively clouded Journey
Haggai Philip Zagury
 
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
10. th cncf meetup - Routing microservice-architectures-with-traefik-cncfsk
Juraj Hantak
 
Traefik as an open source edge router for microservice architectures
Traefik as an open source edge router for microservice architecturesTraefik as an open source edge router for microservice architectures
Traefik as an open source edge router for microservice architectures
Jakub Hajek
 
Container Orchestration with Traefik 2.x
Container Orchestration with Traefik 2.xContainer Orchestration with Traefik 2.x
Container Orchestration with Traefik 2.x
Jakub Hajek
 
Cloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit KubernetesCloud-native .NET Microservices mit Kubernetes
Cloud-native .NET Microservices mit Kubernetes
QAware GmbH
 
JDO 2019: Container orchestration with Docker Swarm - Jakub Hajek
JDO 2019: Container orchestration with Docker Swarm - Jakub HajekJDO 2019: Container orchestration with Docker Swarm - Jakub Hajek
JDO 2019: Container orchestration with Docker Swarm - Jakub Hajek
PROIDEA
 
Full stack development best practice and toolset
Full stack development best practice and toolsetFull stack development best practice and toolset
Full stack development best practice and toolset
Reid Lai
 
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAconCloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
Mario-Leander Reimer
 
Connect Everything with NATS - Cloud Expo Europe
Connect Everything with NATS - Cloud Expo EuropeConnect Everything with NATS - Cloud Expo Europe
Connect Everything with NATS - Cloud Expo Europe
wallyqs
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting Techniques
Sreenivas Makam
 
Kubernetes Navigation Stories – DevOpsStage 2019, Kyiv
Kubernetes Navigation Stories – DevOpsStage 2019, KyivKubernetes Navigation Stories – DevOpsStage 2019, Kyiv
Kubernetes Navigation Stories – DevOpsStage 2019, Kyiv
Aleksey Asiutin
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017
Patrick Chanezon
 
Containerising bootiful microservices javaeeconf
Containerising bootiful microservices javaeeconfContainerising bootiful microservices javaeeconf
Containerising bootiful microservices javaeeconf
Ivan Vasyliev
 
Kubered -Recipes for C2 Operations on Kubernetes
Kubered -Recipes for C2 Operations on KubernetesKubered -Recipes for C2 Operations on Kubernetes
Kubered -Recipes for C2 Operations on Kubernetes
Jeffrey Holden
 
21st Docker Switzerland Meetup - ISTIO
21st Docker Switzerland Meetup - ISTIO21st Docker Switzerland Meetup - ISTIO
21st Docker Switzerland Meetup - ISTIO
Niklaus Hirt
 
Docker meetup - PaaS interoperability
Docker meetup - PaaS interoperabilityDocker meetup - PaaS interoperability
Docker meetup - PaaS interoperability
Ludovic Piot
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stack
QAware GmbH
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
Mario-Leander Reimer
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Patrick Chanezon
 
Chicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - MediaflyChicago Docker Meetup Presentation - Mediafly
Chicago Docker Meetup Presentation - Mediafly
Mediafly
 
Natively clouded Journey
Natively clouded JourneyNatively clouded Journey
Natively clouded Journey
Haggai Philip Zagury
 
Ad

More from Jakub Hajek (6)

Docker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic StackDocker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic Stack
Jakub Hajek
 
Docker Swarm and Traefik 2.0
Docker Swarm and Traefik 2.0Docker Swarm and Traefik 2.0
Docker Swarm and Traefik 2.0
Jakub Hajek
 
Container Orchestration with Traefk on Docker Swarm
Container Orchestration with Traefk on Docker SwarmContainer Orchestration with Traefk on Docker Swarm
Container Orchestration with Traefk on Docker Swarm
Jakub Hajek
 
Cometari Dedicated Solutions Company Presentation
Cometari Dedicated Solutions Company PresentationCometari Dedicated Solutions Company Presentation
Cometari Dedicated Solutions Company Presentation
Jakub Hajek
 
Cometari Dedicated Solutions Oferta ogólna
Cometari Dedicated Solutions Oferta ogólnaCometari Dedicated Solutions Oferta ogólna
Cometari Dedicated Solutions Oferta ogólna
Jakub Hajek
 
Cometari Dedicated Solutions General Offer
Cometari Dedicated Solutions General OfferCometari Dedicated Solutions General Offer
Cometari Dedicated Solutions General Offer
Jakub Hajek
 
Docker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic StackDocker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic Stack
Jakub Hajek
 
Docker Swarm and Traefik 2.0
Docker Swarm and Traefik 2.0Docker Swarm and Traefik 2.0
Docker Swarm and Traefik 2.0
Jakub Hajek
 
Container Orchestration with Traefk on Docker Swarm
Container Orchestration with Traefk on Docker SwarmContainer Orchestration with Traefk on Docker Swarm
Container Orchestration with Traefk on Docker Swarm
Jakub Hajek
 
Cometari Dedicated Solutions Company Presentation
Cometari Dedicated Solutions Company PresentationCometari Dedicated Solutions Company Presentation
Cometari Dedicated Solutions Company Presentation
Jakub Hajek
 
Cometari Dedicated Solutions Oferta ogólna
Cometari Dedicated Solutions Oferta ogólnaCometari Dedicated Solutions Oferta ogólna
Cometari Dedicated Solutions Oferta ogólna
Jakub Hajek
 
Cometari Dedicated Solutions General Offer
Cometari Dedicated Solutions General OfferCometari Dedicated Solutions General Offer
Cometari Dedicated Solutions General Offer
Jakub Hajek
 
Ad

Recently uploaded (20)

2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 

Traefik 2.x features - canary deployment with Traefik and K3S

  • 1. TRAEFIK 2.X JAKUB HAJEK MAY, 7TH, 2020 WHAT HAS CANARY DEPLOYMENT GOT TO DO WITH SCRAMBLED EGGS?
  • 2. ▸ I am the owner and technical consultant (SRE) ▸ I work for Cometari ▸ I’ve been system admin since 1998 ▸ Cometari is a solutions company implementing DevOps culture and providing consultancy, workshops and software services. ▸ Our expertise are DevOps, Elastic Stack log analysis INTRODUCTION - JAKUB HAJEK
  • 3. ▸ SRE & Co - founder 56k.cloud ▸ Background containers, Cloud & engineering ▸ Cloud Architect for large deployments ▸ Passionate about DevOps & Monitoring and of course Mountain Biking ▸ Host of TheByte.io Podcast ▸ Docker Captain ▸ Traefik Ambassador INTRODUCTION - BRIAN CHRISTNER
  • 4. ▸ Cloud Development Manager @Done ▸ Software Section Lead, writer and speaker @msHOWTO ▸ An active member of Cloud Family ▸ Passionate about Software Development, Cloud and DevOps ▸ Mountain Biking ▸ Traefik Ambassador INTRODUCTION - MERT YETER
  • 5. The aim of this meetup is to present what the key features delivered with Traefik 2.x are
  • 7. ENTRYPOINT ROUTER SERVICE MIDDLEWARE 1 MIDDLEWARE 2 MIDDLEWARE 3 Request Calls to backend servers WHAT IS IT TRAEFIK?
  • 8. TRAEFIK 2.X KEY FEATURES ▸ ROUTER= frontend, SERVICE=backend, MIDDLEWARE=rules ▸ TCP / UDP / GRPC support ▸ Kubernetes CRD ▸ Fully customisable routes via middleware, which can be reused on many routers ▸ YAML, TOML is still good ▸ A new dashboard with web UI ▸ Canary deployment with Service Load balancer ▸ Network traffic Mirroring with Service Load balancer ▸ Session Stickiness ▸ Consul catalog
  • 9. ENTRYPOINTS :80, :443 ROUTERS PROVIDER 1 Traefik configuration introduction PROVIDER CONNECTION INFORMATION SERVICES MIDDLEWARES CERTIFICATES PROVIDER 2 DYNAMIC (WHILE RUNNING)STATIC (STARTUP TIME)
  • 11. KUBERNETES CRD AND AVAILABLE CUSTOM RESOURCES ▸ Ingressroute - HTTP routing - http router ▸ Middleware - tweaks the HTTP before they are sent to a service - HTTP Middleware ▸ TraefikService - abstraction for HTTP LB/mirroring ▸ IngressRouteTCP - TCP routing - TCP router ▸ TLSOptions - TLS connection parameters https://docs.traefik.io/routing/providers/kubernetes-crd/
  • 14. CANARY DEPLOYMENT ▸ Deployment vs Release ▸ Instead of switching to new version in one step, we use a phased approach ▸ We deploy a new app in a small part of the production infrastructure ▸ Only a few users (1%) are routed to the newest version (Release) ▸ With no errors reported, the new version can be released to the rest of the infrastructure.
  • 15. CANARY VERSION 2 VERSION 1 https://service Canary deployment with Service Load balancers 1% of live traffic, a few users Majority of users https://github.com/containous/traefik/issues/1164
  • 16. CANARY VERSION 2 https://service Canary deployment with Service Load balancers VERSION 2VERSION 2VERSION 2
  • 17. MIRRORING OR LIVE TRAFFIC SHADOW ▸ Understand difference between Deployment vs Release ▸ Deployment brings new code to the production, no production traffic yet! ▸ Run smoke, integration tests to make sure that new deployment has no impact to your users ▸ Release brings live traffic to a deployment. ▸ We can shadow live traffic to the new deployment and reduce the risk of failure.
  • 18. MIRRORING VERSION 2 VERSION 1 https://service Mirroring with Service Load Balancer 20% https://github.com/containous/traefik/issues/2989
  • 20. DEMO ENVIRONMENT IN DETAILS ▸ K3S cluster consisting of 3 nodes ▸ SSL certs issued by Lets Encrypt ▸ FQDN domains: ▸ https://a.labs.cometari.eu ▸ https://c.labs.cometari.eu ▸ DNS Round Robin: Route 53 with its implemented health checks
  • 21. K3S CLUSTER IN 2 COMMANDS ▸ MASTER: ▸ curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="server --no-deploy traefik -- node-name node1" sh - ▸ WORKERS: ▸ curl -sfL https://get.k3s.io | K3S_URL=https://master- node.com:6443 K3S_TOKEN=SECRET_TOKEN INSTALL_K3S_EXEC=“agent --node-name node2" sh -
  • 22. Talk is cheap, show me the code!
  • 24. DEMO SCENARIOS ▸ Web UI to see how services are deployed ▸ Example of Canary deployment ▸ Example of Mirroring configuration
  • 25. A FEW BENEFITS OF CANARY DEPLOYMENT ▸ Traefik provides flexible way to proceed with canary (K8S, K3S, Swarm) ▸ Reduce time to market ▸ Canary deployment allows you validate your application in real production environment ▸ Rolling out releases ▸ No need to maintain a lot of staging / testing environments
  • 26. SOURCE CODE OF CONFIGURATION FILES ▸ https://github.com/jakubhajek/traefik-kubernetescrd
  • 28. “I strongly believe that implementing DevOps culture, across the entire organisation, should provide measurable value and solve the real issue rather than generate a new one.” Jakub Hajek, Cometari