我的书签
添加书签
移除书签- Migration Guide: From v1 to v2
- Frontends and Backends Are Dead… … Long Live Routers, Middlewares, and Services
- v1
- v2
- TLS configuration is now dynamic, per router.
- v1
- v2
- HTTP -> HTTPS Redirection
- ACME (let's encrypt)
- Traefik Logs
- Tracing
- Metrics
- No more root level key/values
- Providers
- Frontends and Backends Are Dead… … Long Live Routers, Middlewares, and Services
Migration Guide: From v1 to v2
How to Migrate from Traefik v1 to Traefik v2.
The version 2 of Traefik introduces a number of breaking changes,which require one to update their configuration when they migrate from v1 to v2.The goal of this page is to recapitulate all of these changes, and in particular to give examples,feature by feature, of how the configuration looked like in v1, and how it now looks like in v2.
Migration Helper
We created a tool to help during the migration: traefik-migration-tool
This tool allows to:
- convert
Ingressto TraefikIngressRouteresources. - convert
acme.jsonfile from v1 to v2 format.
Frontends and Backends Are Dead… … Long Live Routers, Middlewares, and Services
During the transition from v1 to v2, a number of internal pieces and components of Traefik were rewritten and reorganized.As such, the combination of core notions such as frontends and backends has been replaced with the combination of routers, services, and middlewares.
Typically, a router replaces a frontend, and a service assumes the role of a backend, with each router referring to a service.However, even though a backend was in charge of applying any desired modification on the fly to the incoming request,the router defers that responsibility to another component.Instead, a dedicated middleware is now defined for each kind of such modification.Then any router can refer to an instance of the wanted middleware.
One frontend with basic auth and one backend, become one router, one service, and one basic auth middleware.
v1
labels:- "traefik.frontend.rule=Host:test.localhost;PathPrefix:/test"- "traefik.frontend.auth.basic.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
apiVersion: extensions/v1beta1kind: Ingressmetadata:name: traefiknamespace: kube-systemannotations:kubernetes.io/ingress.class: traefiktraefik.ingress.kubernetes.io/rule-type: PathPrefixspec:rules:- host: test.locahosthttp:paths:- path: /testbackend:serviceName: server0servicePort: 80- path: /testbackend:serviceName: server1servicePort: 80
[frontends][frontends.frontend1]entryPoints = ["http"]backend = "backend1"[frontends.frontend1.routes][frontends.frontend1.routes.route0]rule = "Host:test.localhost"[frontends.frontend1.routes.route0]rule = "PathPrefix:/test"[frontends.frontend1.auth][frontends.frontend1.auth.basic]users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/","test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",][backends][backends.backend1][backends.backend1.servers.server0]url = "http://10.10.10.1:80"[backends.backend1.servers.server1]url = "http://10.10.10.2:80"[backends.backend1.loadBalancer]method = "wrr"
v2
labels:- "traefik.http.routers.router0.rule=Host(`bar.com`) && PathPrefix(`/test`)"- "traefik.http.routers.router0.middlewares=auth"- "traefik.http.middlewares.auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
# The definitions below require the definitions for the Middleware and IngressRoute kinds.# https://docs.traefik.io/v2.0/providers/kubernetes-crd/#traefik-ingressroute-definitionapiVersion: traefik.containo.us/v1alpha1kind: Middlewaremetadata:name: basicauthnamespace: foospec:basicAuth:users:- test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/- test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0---apiVersion: traefik.containo.us/v1alpha1kind: IngressRoutemetadata:name: ingressroutebarspec:entryPoints:- httproutes:- match: Host(`test.localhost`) && PathPrefix(`/test`)kind: Ruleservices:- name: server0port: 80- name: server1port: 80middlewares:- name: basicauthnamespace: foo
[http.routers][http.routers.router0]rule = "Host(`test.localhost`) && PathPrefix(`/test`)"middlewares = ["auth"]service = "my-service"[http.services][[http.services.my-service.loadBalancer.servers]]url = "http://10.10.10.1:80"[[http.services.my-service.loadBalancer.servers]]url = "http://10.10.10.2:80"[http.middlewares][http.middlewares.auth.basicAuth]users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/","test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",]
http:routers:router0:rule: "Host(`test.localhost`) && PathPrefix(`/test`)"service: my-servicemiddlewares:- authservices:my-service:loadBalancer:servers:- url: http://10.10.10.1:80- url: http://10.10.10.2:80middlewares:auth:basicAuth:users:- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
TLS configuration is now dynamic, per router.
TLS parameters used to be specified in the static configuration, as an entryPoint field.With Traefik v2, a new dynamic TLS section at the root contains all the desired TLS configurations.Then, a router's TLS field can refer to one of the TLS configurations defined at the root, hence defining the TLS configuration for that router.
TLS on web-secure entryPoint becomes TLS option on Router-1
v1
# static configuration[entryPoints][entryPoints.web-secure]address = ":443"[entryPoints.web-secure.tls]minVersion = "VersionTLS12"cipherSuites = ["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_RSA_WITH_AES_256_GCM_SHA384"][[entryPoints.web-secure.tls.certificates]]certFile = "path/to/my.cert"keyFile = "path/to/my.key"
--entryPoints='Name:web-secure Address::443 TLS:path/to/my.cert,path/to/my.key TLS.MinVersion:VersionTLS12 TLS.CipherSuites:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384'
v2
# dynamic configuration[http.routers][http.routers.Router-1]rule = "Host(`bar.com`)"service = "service-id"# will terminate the TLS request[http.routers.Router-1.tls]options = "myTLSOptions"[[tls.certificates]]certFile = "/path/to/domain.cert"keyFile = "/path/to/domain.key"[tls.options][tls.options.default]minVersion = "VersionTLS12"[tls.options.myTLSOptions]minVersion = "VersionTLS13"cipherSuites = ["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_RSA_WITH_AES_256_GCM_SHA384"]
http:routers:Router-1:rule: "Host(`bar.com`)"service: service-id# will terminate the TLS requesttls:options: myTLSOptionstls:certificates:- certFile: /path/to/domain.certkeyFile: /path/to/domain.keyoptions:myTLSOptions:minVersion: VersionTLS13cipherSuites:- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256- TLS_RSA_WITH_AES_256_GCM_SHA384
# The definitions below require the definitions for the TLSOption and IngressRoute kinds.# https://docs.traefik.io/v2.0/providers/kubernetes-crd/#traefik-ingressroute-definitionapiVersion: traefik.containo.us/v1alpha1kind: TLSOptionmetadata:name: mytlsoptionnamespace: defaultspec:minVersion: VersionTLS13cipherSuites:- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256- TLS_RSA_WITH_AES_256_GCM_SHA384---apiVersion: traefik.containo.us/v1alpha1kind: IngressRoutemetadata:name: ingressroutebarspec:entryPoints:- webroutes:- match: Host(`bar.com`)kind: Ruleservices:- name: whoamiport: 80tls:options:name: mytlsoptionnamespace: default
labels:# myTLSOptions must be defined by another provider, in this instance in the File Provider.# see the cross provider section- "[email protected]"
HTTP -> HTTPS Redirection
TODO
ACME (let's encrypt)
TODO
Traefik Logs
TODO
Tracing
TODO
Metrics
TODO
No more root level key/values
TODO
Providers
Supported providers, for now:
- Azure Service Fabric
- BoltDB
- Consul
- Consul Catalog
- Docker
- DynamoDB
- ECS
- Etcd
- Eureka
- File
- Kubernetes Ingress (without annotations)
- Kubernetes IngressRoute
- Marathon
- Mesos
- Rest
- Zookeeper
