Deploy Traefik with Ket’s Encrypt SST certificates in HakunaCloud!
Traefik is a load balancer and HTTP reverse proxy that makes working with microservices and integrating with your infrastructure seamless.
Why Traefik is a must in your stack:
More information about Traefik can be found in their great online docs
In this tutorial we are going to:
0) You have an AWS Route53 zone configured, with an IAM user that can create records on your behalf;
1) Create traefik.yaml
and routes.yaml
;
2) Deploy Traefik on HakunaCloud;
Traefik has 2 configurations:
We will use files for both of them.
The contents of traefik.yaml
:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
## traefik.yml
log:
level: INFO
entryPoints:
websecure:
address: :443
# Enable TLS/SSL on port 443 - domains are taken from the routes, certificates will be automagically
# provisioned and renewed
http:
tls:
certResolver: leresolver
web:
address: :80
providers:
file:
# Load routes from a file in the mounted volume
filename: /etc/traefik/routes.yaml
# Watch the file for new routes
watch: true
certificatesResolvers:
leresolver:
acme:
email: "it@hakuna.cloud"
# Save the certs in the mounted volume
storage: "/etc/traefik/acme.json"
# Use the dns challenge to verify the domain ownership
# The domains are taken fom the routers that have a reference to this resolver
dnsChallenge:
provider: "route53"
Add the routes to proxy in the routes.yaml
file. In this scenario, we are exposing a container named jira
- from this blog article
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
## routes.yml
http:
routers:
routerjira:
entryPoints: ["websecure"]
rule: "Host(`jira.hakuna.cloud`)"
service: "jira"
tls:
certResolver: leresolver
domains:
- main: "jira.hakuna.cloud"
services:
jira:
loadBalancer:
passHostHeader: true
servers:
- url: "http://jira:8080"
We need a volume to persist the configuration
1
hakuna volume create traefik
Now we can upload the files in the volume, using any of the available methods
Finally, we can start the Traefik container
1
2
3
4
5
6
7
8
hakuna run --name traefik \
--network jira \ # Traefik in the same network of your services
-p 443:443 \
-p 80:80 \
-e "AWS_ACCESS_KEY_ID=AKIAxxxx" \ # Confugure the AWS credential to perform the Let's Encrypt DNS challenge
-e "AWS_SECRET_ACCESS_KEY=yyyy" \
-v traefik:/etc/traefik \ # Mount the configuration
traefik:2.2
That’s IT! Now update your DNS record to point to the Traefik CNAME.
Tommaso Doninelli
CEO @ HakunaCloud
10 years as CTO, former Software Engineer at Amazon AWS, Cloud Solution Architect with projects in US, Europe and United Arab Emirates.
"I am a DevOps and automation advocate; you can test, deploy, analyze and improve even your grandma recipes. "