-
Question: When will there be QUIC Support?
Answer: It is already on our radar. If you are interested in it, leave a thumbs up here.
-
Question: Is there a big step from moving from 'docker-compose'-traefik to 'Kubernetes' and set Traefik up?
Answer: The Traefik port from docker-compose to K8s is relatively easy. What is way more complex and also requires more work, is the transition from docker compose based app deploy (labels) to the combination of Deployments, Services and Ingress inside K8s.
-
Question: Can you provide Traefik with a Vault token as an environment variable?
Answer: Not today, but you can use Vault integration on K8s, Nomad or Vault agent to pull from Vault and render the yaml.
-
Question: Is host networking required?
Answer: No.
Question: Will you use Docker in the dev environment?
Answer: Not this time, just to save time (there's a lot to cover), although I'm sharing a couple of development tricks in the end.
Question: Why is the convention ‘app’ not 'api'?
Answer: To simplify things. It might be more familiar for people coming from other frameworks. Also because you can serve things like templates rendered on the backend, so, to avoid confusion. But you can also name the object differently if that works better for you.
Question: What is your Kubernetes upgrade strategy? Do you have Dev and Staging area as well?
Answer: We recommend to our users to upgrade by deploying new clusters and redirecting traffic gradually to the new resources - and move capacity from one cluster to the other along that. This requires users set external LB instances for their services. For cases where in-place upgrades are required, we recommend prod/staging clusters - usually staging takes ~10% of the traffic/requests. We do use grafana for visualization, on top of Prometheus.
Question: What are you using for Prometheus aggregation? Is that Thanos/Cortex?
Answer: We have an internal solution where a central Prometheus instance queries each cluster that is subscribed to central metric collection. The usual long term aggregation is done with 1h granularity (vs 10min for the in cluster metrics).
Check out the YouTube video: https://youtu.be/m-S8YZVwkfg
Question: Does Maesh handle SSL between services?
Answer: Maesh does not currently handle TLS/SSL between services. However, if your service implements TLS, a TCP connection through maesh will allow this to function properly. Full discussion: traefik/mesh#213
Question: When using Maesh to connect to other pods, does it use end to end SSL/TLS?
Q & A Online Meetup: Container Orchestration with Traefik on Docker Swarm by Jakub Hajek, Cometari Dedicated Solutions
Check out the YouTube video: https://www.youtube.com/watch?v=ga3cv0RHxQg
Question: Will the demo code be published to GitHub?
Answer: Yes, it is. Here is a link to Github repo: https://github.com/jakubhajek/traefik-consul-swarm
Question: Can you say something on the placement of the Consul? Are you using just the server cluster or agents too? Are the agents running in the Docker vms, or in the containers directly?
Q & A Online Meetup: Deploy, Configure, and Monitor Traefik with Prometheus and Grafana with Brian Christner, 56K.Cloud
Check out the YouTube video: https://youtu.be/3q-K4JDcH6I
Repo: A Docker Swarm Stack for monitoring Traefik with Promethues and Grafana https://github.com/vegasbrianc/docker-traefik-prometheus
Question: You mentioned your Prometheus/Grafana would normally be node==worker deployments, for the demo it's just on the manager. Why is it necessary to add the constraint for them, doesn't Swarm do that automatically?
Answer: Yes, Swarm without a constraint automatically schedules services on the first node available. Typically, I add a constraint to monitoring services to run it separate from my workload. I try to dedicate nodes just for monitoring.
Question: Did you have configuration shifts between the multiple Traefik pods (behind the Service Traefik’s VIP)? If yes, how did you manage it?
Answer: No, not that we noticed. We are very happy on how the ingress controller works.
Question: Is your Traefik image a custom one or the upstream one?
Answer: Yes, we are still maintaining an internal fork with a small set of patches. Previsously the set included patches of pending upstream PRs. Since we were part of the maintainers team we had a strong feeling of urgency to move forward our PRs and close the gap to upstream. Currently the only missing patch provides OpenCensus support for our demands. However, we believe this will be eliminated in the near future thanks to the merger with OpenTracing. Latter is support by Traefik for a long time.
Question: Do you intend to run any Windows containers, or are you keeping them as VMs and only use Linux containers?
Answer: We might. For now, the strategy is to migrate as-is to AWS which means traditional VMs. From there, we'll see how quickly we're able to transition to .net core and Linux-based containers. So at the moment, we're not actively researching Windows containers but that might change down the road.
Question: I see the version of Traefik is a little old (1.7.5). From your experience, how easy is to update traefik in production environment?
Answer: Very easy! For VM-based Traefik instances everything is managed by Ansible in Autoscaling Groups, so it's a matter of flipping the version, and perform a scale-out/scale-in to replace nodes. For Traefik running in Kubernetes its even easier (I even show this in as a demo in the webast). It's worth mentioning how important it is to tune the shutd