Drone Introduction and Practice-9 Traefik Gateway construction

Treafik is a gateway developed based on Go, which can be well combined with Docker, can automatically discover containers under Docker, and supports load balancing. Especially after docker containers scale horizontally, new containers can be automatically discovered without restarting the gateway, or automatically adjusted when containers are reduced. Compared to Nginx, which requires manual modification of configuration files and a hot restart, nginx is slightly more cumbersome.

Traefik also supports circuit breakers, as well as various plug-ins. More functions need to be explored on the official website.

1. Configuration files

Here is my profile:

################################################################ # # Configuration sample for Traefik v2. # # For Traefik v1: https://github.com/traefik/traefik/blob/v1.7/traefik.sample.toml # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ################################################################ # Global configuration ################################################################ [global] checkNewVersion = true sendAnonymousUsage = true ################################################################ # Entrypoints configuration ################################################################ # Entrypoints definition # # Optional # Default: [entryPoints] [entryPoints.web] address = ":80" [entryPoints.websecure] address = ":443" ################################################################ # Traefik logs configuration ################################################################ # Traefik logs # Enabled by default and log to stdout #  # Optional # [log] # Log level # # Optional # Default: "ERROR" # # level = "DEBUG" # Sets the filepath for the traefik log. If not specified, stdout will be used. # Intermediate directories are created if necessary. # # Optional # Default: os.Stdout # filePath = "log/traefik.log" # Format is either "json" or "common". # # Optional # Default: "common" # # format = "json" ################################################################ # Access logs configuration ################################################################ # Enable access logs # By default it will  write to stdout and produce logs in the textual # Common Log Format (CLF), extended with additional fields. # # Optional # [accessLog] # Sets the file path for the access log. If not specified, stdout will be used. # Intermediate directories are created if necessary. # # Optional # Default: os.Stdout # filePath = "/log/log.txt" # Format is either "json" or "common". # # Optional # Default: "common" # # format = "json" ################################################################ # API and dashboard configuration ################################################################ # Enable API and dashboard [api] # Enable  the API in insecure mode # # Optional # Default: false # insecure = true # Enabled Dashboard # # Optional # Default: true # dashboard = true ################################################################ # Ping configuration ################################################################ # Enable ping [ping] # Name of the related entry point # # Optional # Default: "traefik" # # entryPoint = "traefik" ################################################################ # Docker configuration backend ################################################################ # Enable Docker configuration backend [providers.docker] # Docker server endpoint. Can be a tcp or a unix socket endpoint. # # Required # Default: "Unix: / / / var/run/docker. The sock" # # of this machine is a machine we used to deploy the application endpoint = "SSH: / / [email protected]" network = "app_network #" Default host rule. # # Optional # Default: "Host(`{{ normalize .Name }}`)" # # defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)" # Expose containers by default in traefik # # Optional # Default: true # # exposedByDefault = false # # [metrics] [metrics.influxDB] address = "influxdb:8089" protocol = "udp" #database = "traefik"Copy the code

2. Preparation

In the test – node – 1

#Create a directory for storing configuration files
mkdir /data/traefik/conf
#Create a configuration file, copy the previous configuration file, and paste it
vim /data/treafik/conf/traefik.toml
Copy the code

3. Traefik installation

So we’re going to use ports 80 and 443 for Traefik, so we don’t have to carry ports every time we access our application.

docker run -d -p 81:8080 -p 80:80 -p 443:443 \ -v /data/traefik/conf/traefik.toml:/etc/traefik/traefik.toml \ SSH :/root/.ssh \ traefik:v2.4.8Copy the code

4. Verify the installation

After the installation is complete, you can access http://172.16.113.9:81 in your browser, which is the gateway’s built-in dashboard.

⚠️ don’t think OK here, in fact, can not use it! At this point, traefik is running, but it doesn’t work as a gateway.

5. Configure SSH password-free login

Since we are using SSH to communicate with the docker on 172.16.113.10, we need to configure a secret-free login. Run the ssh-keygen command on test-nodes-1 and then run the ssh-copy-id -i ~/. SSH /id_rsa.pub [email protected] command to upload the public key to test-Nodes-2.

6. Install SSH in containers

Traefik image does not include an SSH program, so you will need to install it manually. The process is also relatively simple. First go inside the Traefik container and execute apk add OpenSSH. Once installed, Traefik automatically connects to test-Node-2 docker.

7. Error checking

If there is a problem with the gateway, for example, the container cannot be automatically discovered, you can view the log file in the container. The log file is under /log.

8. Traefik monitoring

The gateway is a core component, so it’s best to get a quick look at its health, so let’s have it write monitoring data to a live database and present it.

8.1. Influxdb configuration file

Note You need to manually prepare the configuration file and enable the UPD data ports of the influxDB. By default, the upD data ports are not enabled.

#⚠️ The two directories must be created manually. Otherwise, data cannot be written by InfluxDB.
mkdir /data/influxdb/conf
mkdir /data/influxdb/data
vim /data/influxdb/conf/influxdb.conf
Copy the code

Configuration file contents:

[meta]
  dir = "/var/lib/influxdb/meta"

[data]
  dir = "/var/lib/influxdb/data"
  engine = "tsm1"
  wal-dir = "/var/lib/influxdb/wal"

[[udp]]
  enabled = true
  bind-address = ": 8089" # the bind address
  database = "telegraf" # name of the database that will be written to
  batch-size = 5000 # will flush if this many points get buffered
  batch-timeout = "1s" # will flush at least this often even if the batch-size is not reached
  batch-pending = 10 # number of batches that may be pending in memory
  read-buffer = 0 # UDP read buffer, 0 means to use OS default
  precision = "n" # sets the default precision of points written via UDP
Copy the code

8.2. Install the influxDB

Here we need to install an InfluxDB to store the monitoring data. ⚠️ Note the following version number. 1.8.3 is used here. The 2.0 series version is currently unavailable.

docker run -d \ --privileged=true \ -p 8089:8089 \ -p 8086:8086 \ --network=app_network \ -v / data/influxdb/data: / var/lib/influxdb \ v/data/influxdb/conf /, / etc/influxdb \ - name influxdb influxdb: 1.8.3Copy the code

Verify that Traefik actually writes data to the InfluxDB

Enter the InfluxDB container on the Portainer and enter it on the command lineinfluxAnd then typeshow databases;Enter (this may take a few minutes to appear). Check if there is a default databasetelegrafJust appear. The database name can also be changed. intraefik.tomlIn the modification. The diagram below:

8.4 install Grafana

For monitoring data visualization, use Grafana, a chart creation tool that supports InfluxDB well. Here are the installation commands:

docker run -d \
--name=grafana \
-p 4000:3000 \
--network=app_network \
grafana/grafana
Copy the code

The default username and password are admin and admin.

8.5 configure Grafana

accesshttp://172.16.113.9:4000After logging in using the default account and password:Let’s click on the left sidebargearButton to add data source:We chooseinfluxDB:Fill in the configuration, if the database does not exist will prompt:The result should be something like this:With that done, we can create the dashboard. Here, check the query statements of influxDB online.

9, summary

Now the gateway and monitoring infrastructure is complete. For the creation of monitoring charts, please check online materials.