Traefik

Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. you can use this addon as a cluster gateway or a microservices gateway.

Install

  1. vela addon enable traefik

Visit Traefik dashboard by port-forward

Port forward will work as a proxy to allow visiting Traefik dashboard by local port.

  1. vela port-forward -n vela-system addon-traefik

expected output:

  1. Forwarding from 127.0.0.1:9000 -> 9000
  2. Forwarding from [::1]:9000 -> 9000
  4. Forward successfully! Opening browser ...
  5. Handling connection for 9000

You can visiting Traefik dashboard with address http://127.0.0.1:9000/dashboard/.

Setup with Specified Service Type

If your cluster has cloud LoadBalancer available:

  1. vela addon enable traefik serviceType=LoadBalancer

How to use

  1. Configure a HTTP domain for a component.
  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: example
  5.   namespace: e2e-test
  6. spec:
  7.   components:
  8.   - name: express-server
  9.     type: webservice
  10.     properties:
  11.         image: oamdev/hello-world
  12.         ports:
  13.          - port: 8000
  14.            expose: true
  15.     traits:
  16.     - properties:
  17.         domains:
  18.         - example.domain.com
  19.         rules:
  20.         - path:
  21.             type: PathPrefix
  22.             value: /
  23.           port: 8080
  24.       type: http-route
  1. Configure a HTTPS domain for a component.

You should create a secret that includes the certificate first.

  2. apiVersion: v1
  3. type: Opaque
  4. data:
  5.   tls.crt: <BASE64>
  6.   tls.key: <BASE64>
  7. kind: Secret
  8. metadata:
  9.   annotations:
  10.     config.oam.dev/alias: ""
  11.     config.oam.dev/description: ""
  12.   labels:
  13.     config.oam.dev/catalog: velacore-config
  14.     config.oam.dev/multi-cluster: "true"
  15.     config.oam.dev/project: addons
  16.     config.oam.dev/type: config-tls-certificate
  17.     workload.oam.dev/type: config-tls-certificate
  18.   name: example

The example application configuration:

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: example-https
  5.   namespace: e2e-test
  6. spec:
  7.   components:
  8.   - name: express-server
  9.     type: webservice
  10.     properties:
  11.         image: oamdev/hello-world
  12.         ports:
  13.          - port: 8000
  14.            expose: true
  15.     traits:
  16.     - properties:
  17.         domains:
  18.         - example.domain.com
  19.         rules:
  20.         - path:
  21.             type: PathPrefix
  22.             value: /
  23.           port: 8080
  24.         secrets: 
  25.         - name: example
  26.       type: https-route

Definitions

http-route(trait)

defines HTTP rules for mapping requests from a Gateway to Application.

Properties

NameDescriptionTypeRequiredDefault
gatewayNameSpecify the gateway namestringfalsetraefik-gateway
listenerNameSpecify the listener name of the gatewaystringfalseweb
domainsSpecify some domains, the domain may be prefixed with a wildcard label (*.)[]stringtrue
rulesSpecify some HTTP matchers, filters and actions.[]rulestrue
rules
NameDescriptionTypeRequiredDefault
pathAn HTTP request path matcher. If this field is not specified, a default prefix match on the “/“ path is provided.pathfalse
headersConditions to select a HTTP route by matching HTTP request headers.[]headersfalse
serviceNameSpecify the service name of component, the default is component name.stringfalse
portSpecify the service port of component.inttrue
headers
NameDescriptionTypeRequiredDefault
namestringtrue
typestringtrue
valuestringtrue
path
NameDescriptionTypeRequiredDefault
typestringtruePathPrefix
valuestringtrue/

https-route(trait)

defines HTTPS rules for mapping requests from a Gateway to Application.

Properties

NameDescriptionTypeRequiredDefault
secretsSpecify the TLS secrets[]secretstrue
TLSPortinttrue443
domainsSpecify some domains, the domain may be prefixed with a wildcard label (*.)[]stringtrue
rulesSpecify some HTTP matchers, filters and actions.[]rulestrue
rules
NameDescriptionTypeRequiredDefault
pathAn HTTP request path matcher. If this field is not specified, a default prefix match on the “/“ path is provided.pathfalse
portSpecify the service port of component.inttrue
headersConditions to select a HTTP route by matching HTTP request headers.[]headersfalse
serviceNameSpecify the service name of component, the default is component name.stringfalse
headers
NameDescriptionTypeRequiredDefault
namestringtrue
typestringtrue
valuestringtrue
path
NameDescriptionTypeRequiredDefault
typestringtruePathPrefix
valuestringtrue/
secrets
NameDescriptionTypeRequiredDefault
namestringtrue
namespacestringfalse

tcp-route(trait)

defines TCP rules for mapping requests from a Gateway to Application.

Properties

NameDescriptionTypeRequiredDefault
rulesSpecify the TCP matchers[]rulestrue
rules
NameDescriptionTypeRequiredDefault
gatewayPortSpecify the gateway listener portinttrue
portSpecify the service port of component.inttrue
serviceNameSpecify the service name of component, the default is component name.stringfalse

config-tls-certificate(config)

This component definition is designed to manage the TLS certificate

Properties

NameDescriptionTypeRequiredDefault
certthe certificate public key encrypted by base64stringtrue
keythe certificate private key encrypted by base64stringtrue