Traefik

Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. you can use this addon as a cluster gateway or a microservices gateway.

  1. vela addon enable traefik

Port forward will work as a proxy to allow visiting Traefik dashboard by local port.

  1. vela port-forward -n vela-system addon-traefik

expected output:

  1. Forwarding from 127.0.0.1:9000 -> 9000
  2. Forwarding from [::1]:9000 -> 9000
  4. Forward successfully! Opening browser ...
  5. Handling connection for 9000

You can visiting Traefik dashboard with address http://127.0.0.1:9000/dashboard/.

If your cluster has cloud LoadBalancer available:

  1. vela addon enable traefik serviceType=LoadBalancer
  1. Configure a HTTP domain for a component.
  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: example
  5.   namespace: e2e-test
  6. spec:
  7.   components:
  8.   - name: express-server
  9.     type: webservice
  10.     properties:
  11.         image: oamdev/hello-world
  12.         ports:
  13.          - port: 8000
  14.            expose: true
  15.     traits:
  16.     - properties:
  17.         domains:
  18.         - example.domain.com
  19.         rules:
  20.         - path:
  21.             type: PathPrefix
  22.             value: /
  23.           port: 8080
  24.       type: http-route
  1. Configure a HTTPS domain for a component.

You should create a secret that includes the certificate first.

  2. apiVersion: v1
  3. type: Opaque
  4. data:
  5.   tls.crt: <BASE64>
  6.   tls.key: <BASE64>
  7. kind: Secret
  8. metadata:
  9.   annotations:
  10.     config.oam.dev/alias: ""
  11.     config.oam.dev/description: ""
  12.   labels:
  13.     config.oam.dev/catalog: velacore-config
  14.     config.oam.dev/multi-cluster: "true"
  15.     config.oam.dev/project: addons
  16.     config.oam.dev/type: config-tls-certificate
  17.     workload.oam.dev/type: config-tls-certificate
  18.   name: example

The example application configuration:

  1. apiVersion: core.oam.dev/v1beta1
  2. kind: Application
  3. metadata:
  4.   name: example-https
  5.   namespace: e2e-test
  6. spec:
  7.   components:
  8.   - name: express-server
  9.     type: webservice
  10.     properties:
  11.         image: oamdev/hello-world
  12.         ports:
  13.          - port: 8000
  14.            expose: true
  15.     traits:
  16.     - properties:
  17.         domains:
  18.         - example.domain.com
  19.         rules:
  20.         - path:
  21.             type: PathPrefix
  22.             value: /
  23.           port: 8080
  24.         secrets: 
  25.         - name: example
  26.       type: https-route

defines HTTP rules for mapping requests from a Gateway to Application.

NameDescriptionTypeRequiredDefault
gatewayNameSpecify the gateway namestringfalsetraefik-gateway
listenerNameSpecify the listener name of the gatewaystringfalseweb
domainsSpecify some domains, the domain may be prefixed with a wildcard label (*.)[]stringtrue
rulesSpecify some HTTP matchers, filters and actions.[]rulestrue
NameDescriptionTypeRequiredDefault
pathAn HTTP request path matcher. If this field is not specified, a default prefix match on the “/“ path is provided.pathfalse
headersConditions to select a HTTP route by matching HTTP request headers.[]headersfalse
serviceNameSpecify the service name of component, the default is component name.stringfalse
portSpecify the service port of component.inttrue
NameDescriptionTypeRequiredDefault
namestringtrue
typestringtrue
valuestringtrue
NameDescriptionTypeRequiredDefault
typestringtruePathPrefix
valuestringtrue/

defines HTTPS rules for mapping requests from a Gateway to Application.

NameDescriptionTypeRequiredDefault
secretsSpecify the TLS secrets[]secretstrue
TLSPortinttrue443
domainsSpecify some domains, the domain may be prefixed with a wildcard label (*.)[]stringtrue
rulesSpecify some HTTP matchers, filters and actions.[]rulestrue
NameDescriptionTypeRequiredDefault
pathAn HTTP request path matcher. If this field is not specified, a default prefix match on the “/“ path is provided.pathfalse
portSpecify the service port of component.inttrue
headersConditions to select a HTTP route by matching HTTP request headers.[]headersfalse
serviceNameSpecify the service name of component, the default is component name.stringfalse
NameDescriptionTypeRequiredDefault
namestringtrue
typestringtrue
valuestringtrue
NameDescriptionTypeRequiredDefault
typestringtruePathPrefix
valuestringtrue/
NameDescriptionTypeRequiredDefault
namestringtrue
namespacestringfalse

defines TCP rules for mapping requests from a Gateway to Application.

NameDescriptionTypeRequiredDefault
rulesSpecify the TCP matchers[]rulestrue
NameDescriptionTypeRequiredDefault
gatewayPortSpecify the gateway listener portinttrue
portSpecify the service port of component.inttrue
serviceNameSpecify the service name of component, the default is component name.stringfalse

This component definition is designed to manage the TLS certificate

NameDescriptionTypeRequiredDefault
certthe certificate public key encrypted by base64stringtrue
keythe certificate private key encrypted by base64stringtrue

Last updated on Aug 4, 2023 by Daniel Higuero