Traefik Service in Kubernetes

A TraefikService is a Traefik Hub API Gateway Custom Resource that can be put on top of the Kubernetes Services. It brings advanced load-balancing feature such as a Weighted Round Robin load balancing or a Mirroring between your Kubernetes Services.

Weighted Round Robin

The WRR is able to load balance the requests between multiple services based on weights. The WRR TraefikService allows you to load balance the traffic between Kubernetes Services and other instances of TraefikService (another WRR service -, or a mirroring service).

Configuration Example

IngressRoute
TraefikService WRR Level#1
TraefikService WRR Level#2
Kubernetes Services
Secret

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: test-name
  namespace: apps
spec:
  entryPoints:
  - websecure
  routes:
  - match: Host(`example.com`) && PathPrefix(`/foo`)
    kind: Rule
    services:
    # Set a WRR TraefikService
    - name: wrr1
      namespace: apps
      kind: TraefikService
  tls:
    # Add a TLS certificate from a Kubernetes Secret
    secretName: supersecret

apiVersion: traefik.io/v1alpha1
kind: TraefikService
metadata:
  name: wrr1
  namespace: apps
spec:
  weighted:
    services:
        # Kubernetes Service
      - name: svc1
        namespace: apps
        port: 80
        weight: 1
        # Second level WRR service
      - name: wrr2
        namespace: apps
        kind: TraefikService
        weight: 1
        # Mirroring service
        # The service is described in the Mirroring example
      - name: mirror1
        namespace: apps
        kind: TraefikService
        weight: 1

apiVersion: traefik.io/v1alpha1
kind: TraefikService
metadata:
  name: wrr2
  namespace: apps
spec:
  weighted:
    services:
      # Kubernetes Service
      - name: svc2
        namespace: apps
        port: 80
        weight: 1
      # Kubernetes Service
      - name: svc3
        namespace: apps
        port: 80
        weight: 1

apiVersion: v1
kind: Service
metadata:
  name: svc1
  namespace: apps
spec:
  ports:
  - name: http
      port: 80
  selector:
    app: traefiklabs
    task: app1
---
apiVersion: v1
kind: Service
metadata:
  name: svc2
  namespace: apps
spec:
  ports:
  - name: http
    port: 80
  selector:
    app: traefiklabs
    task: app2
---
apiVersion: v1
kind: Service
metadata:
  name: svc3
  namespace: apps
spec:
  ports:
  - name: http
    port: 80
  selector:
    app: traefiklabs
    task: app3

  apiVersion: v1
  kind: Secret
  metadata:
    name: supersecret
    namespace: apps
  data:
    tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
    tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=

Configuration Options

Field	Description	Default	Required
`services`	List of any combination of TraefikService and Kubernetes service. More information here.		No
`services[m].` `kind`	Kind of the service targeted. Two values allowed: - Service: Kubernetes Service TraefikService: Traefik Service. More information here	""	No
`services[m].` `name`	Service name. The character `@` is not authorized.	""	Yes
`services[m].` `namespace`	Service namespace. More information here.	""	No
`services[m].` `port`	Service port (number or port name). Evaluated only if the kind is Service.	""	No
`services[m].` `responseForwarding.` `flushInterval`	Interval, in milliseconds, in between flushes to the client while copying the response body. A negative value means to flush immediately after each write to the client. This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately. Evaluated only if the kind is Service.	100ms	No
`services[m].` `scheme`	Scheme to use for the request to the upstream Kubernetes Service. Evaluated only if the kind is Service.	"http" "https" if `port` is 443 or contains the string https.	No
`services[m].` `serversTransport`	Name of ServersTransport resource to use to configure the transport between Traefik and your servers. Evaluated only if the kind is Service.	""	No
`services[m].` `passHostHeader`	Forward client Host header to server. Evaluated only if the kind is Service.	true	No
`services[m].` `healthCheck.scheme`	Server URL scheme for the health check endpoint. Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName.	""	No
`services[m].` `healthCheck.mode`	Health check mode. If defined to grpc, will use the gRPC health check protocol to probe the server. Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName.	"http"	No
`services[m].` `healthCheck.path`	Server URL path for the health check endpoint. Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName.	""	No
`services[m].` `healthCheck.interval`	Frequency of the health check calls. Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName.	"100ms"	No
`services[m].` `healthCheck.method`	HTTP method for the health check endpoint. Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName.	"GET"	No
`services[m].` `healthCheck.status`	Expected HTTP status code of the response to the health check request. Only for Kubernetes service of type ExternalName. If not set, expect a status between 200 and 399. Evaluated only if the kind is Service.		No
`services[m].` `healthCheck.port`	URL port for the health check endpoint. Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName.		No
`services[m].` `healthCheck.timeout`	Maximum duration to wait before considering the server unhealthy. Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName.	"5s"	No
`services[m].` `healthCheck.hostname`	Value in the Host header of the health check request. Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName.	""	No
`services[m].` `healthCheck.` `followRedirect`	Follow the redirections during the healtchcheck. Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName.	true	No
`services[m].` `healthCheck.headers`	Map of header to send to the health check endpoint Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName.		No
`services[m].` `sticky.` `cookie.name`	Name of the cookie used for the stickiness. Evaluated only if the kind is Service.	Abbreviation of a sha1 (ex: `_1d52e`).	No
`services[m].` `sticky.` `cookie.httpOnly`	Allow the cookie can be accessed by client-side APIs, such as JavaScript. Evaluated only if the kind is Service.	false	No
`services[m].` `sticky.` `cookie.secure`	Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS). Evaluated only if the kind is Service.	false	No
`services[m].` `sticky.` `cookie.sameSite`	SameSite policy. Allowed values: -`none` -`lax` `strict` Evaluated only if the kind is Service.	""	No
`services[m].` `sticky.` `cookie.maxAge`	Number of seconds until the cookie expires. Negative number, the cookie expires immediately. 0, the cookie never expires. Evaluated only if the kind is Service.	0	No
`services[m].` `strategy`	Load balancing strategy between the servers. RoundRobin is the only supported value yet. Evaluated only if the kind is Service.	"RoundRobin"	No
`services[m].` `weight`	Service weight. To use only to refer to WRR TraefikService	""	No
`services[m].` `nativeLB`	Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik Hub API Gateway. Evaluated only if the kind is Service.	false	No
`services[m].` `nodePortLB`	Use the nodePort IP address when the service type is NodePort. It allows services to be reachable when Traefik Hub APi Gateway runs externally from the Kubernetes cluster but within the same network of the nodes. Evaluated only if the kind is Service.	false	No
`sticky.` `cookie.name`	Name of the cookie used for the stickiness at the WRR service level. When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response. On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set. If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server). More information about WRR stickiness here	Abbreviation of a sha1 (ex: `_1d52e`).	No
`sticky.` `cookie.httpOnly`	Allow the cookie used for the stickiness at the WRR service level to be accessed by client-side APIs, such as JavaScript. More information about WRR stickiness here	false	No
`sticky.` `cookie.secure`	Allow the cookie used for the stickiness at the WRR service level to be only transmitted over an encrypted connection (i.e. HTTPS). More information about WRR stickiness here	false	No
`sticky.` `cookie.sameSite`	SameSite policy for the cookie used for the stickiness at the WRR service level. Allowed values: -`none` -`lax` `strict` More information about WRR stickiness here	""	No
`sticky.` `cookie.maxAge`	Number of seconds until the cookie used for the stickiness at the WRR service level expires. Negative number, the cookie expires immediately. 0, the cookie never expires.	0	No

Stickiness on multiple levels

When chaining or mixing load-balancers (e.g. a load-balancer of servers is one of the "children" of a load-balancer of services), for stickiness to work all the way, the option needs to be specified at all required levels. Which means the client needs to send a cookie with as many key/value pairs as there are sticky levels.

Sticky sessions, for stickiness to work all the way, must be specified at each load-balancing level.

For instance, in the example below, there is a first level of load-balancing because there is a (Weighted Round Robin) load-balancing of the two whoami services, and there is a second level because each whoami service is a replicaset and is thus handled as a load-balancer of servers.

IngressRoute
TraefikService WRR with 2 level of stickiness

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: ingressroutebar
  namespace: apps
spec:
  entryPoints:
  - web
  routes:
  - match: Host(`example.com`) && PathPrefix(`/foo`)
    kind: Rule
    services:
    - name: wrr1
      namespace: apps
      kind: TraefikService

apiVersion: traefik.io/v1alpha1
kind: TraefikService
metadata:
  name: wrr1
  namespace: apps
spec:
  weighted:
    services:
    - name: whoami1
      kind: Service
      port: 80
      weight: 1
      # Stickiness level2 (on the Kubernetes service)
      sticky:
        cookie:
        name: lvl2
    - name: whoami2
      kind: Service
      weight: 1
      port: 80
      # Stickiness level2 (on the Kubernetes service)
      sticky:
        cookie:
        name: lvl2
  # Stickiness level2 (on the WRR service)
  sticky:
    cookie:
    name: lvl1

In the example above, to keep a session open with the same server, the client would then need to specify the two levels within the cookie for each request, e.g. with curl:

# Assuming `10.42.0.6` is the IP address of one of the replicas (a pod then) of the `whoami1` service.
curl -H Host:example.com -b "lvl1=default-whoami1-80; lvl2=http://10.42.0.6:80" http://localhost:8000/foo

Mirroring

The mirroring is able to mirror requests sent to a service to other services.

A mirroring service allows you to send the trafiic to many services together:

The main service receives 100% of the traffic,
The mirror services receive a percentage of the traffic.

For example, to upgrade the version of your application. You can set the service that targets current version as the main service, and the service of the new version a mirror service. Thus you can start testing the behavior of the new version keeping the current version reachable.

The mirroring TraefikService allows you to reference Kubernetes Services and other instances of TraefikService (another WRR service -, or a mirroring service).

Please note that by default the whole request is buffered in memory while it is being mirrored. See the maxBodySize option in the example below for how to modify this behavior.

Configuration Example

IngressRoute
Mirroring from a Kubernetes Service
Mirroring from a TraefikService (WRR)
Kubernetes Services
Secret

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: test-name
  namespace: apps
spec:
  entryPoints:
  - websecure
  routes:
  - match: Host(`example.com`) && PathPrefix(`/foo`)
    kind: Rule
    services:
    # Set a Mirror TraefikService
    - name: mirror1
      namespace: apps
      kind: TraefikService
  tls:
    # Add a TLS certificate from a Kubernetes Secret
    secretName: supersecret

apiVersion: traefik.io/v1alpha1
kind: TraefikService
metadata:
  name: mirror1
  namespace: apps
spec:
  mirroring:
    name: svc1                      # svc1 receives 100% of the traffic
    namespace: apps
    port: 80
    mirrorBody: true
    mirrors:
      - name: svc2                  # svc2 receives a copy of 20% of this traffic
        namespace: apps
        port: 80
        percent: 20
      - name: svc3                  # svc3 receives a copy of 15% of this traffic
        namespace: apps
        kind: TraefikService
        percent: 15

apiVersion: traefik.io/v1alpha1
kind: TraefikService
metadata:
  name: mirror1
  namespace: apps
spec:
  mirroring:
    name: wrr1                      # wrr1 (described in the Weight Round Robin example) receives 100% of the traffic
    namespace: apps
    kind: TraefikService
    mirrors:
      - name: svc2                  # svc2 receives a copy of 20% of this traffic
        namespace: apps
        port: 80
        percent: 20
      - name: svc3                  # svc3 receives a copy of 15% of this traffic
        namespace: apps
        kind: TraefikService
        percent: 15

apiVersion: v1
kind: Service
metadata:
  name: svc1
  namespace: apps
spec:
  ports:
  - name: http
      port: 80
  selector:
    app: traefiklabs
    task: app1
---
apiVersion: v1
kind: Service
metadata:
  name: svc2
  namespace: apps
spec:
  ports:
  - name: http
    port: 80
  selector:
    app: traefiklabs
    task: app2
---
apiVersion: v1
kind: Service
metadata:
  name: svc3
  namespace: apps
spec:
  ports:
  - name: http
    port: 80
  selector:
    app: traefiklabs
    task: app3

  apiVersion: v1
  kind: Secret
  metadata:
    name: supersecret
    namespace: apps
  data:
    tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
    tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=

Configuration Options

"Main and mirrored services"

The main service properties are set as the option root level.

The mirrored services properties are set in the mirrors list.

Field	Description	Default	Required
`kind`	Kind of the main service. Two values allowed: - Service: Kubernetes Service - TraefikService: Traefik Service. More information here	""	No
`name`	Main service name. The character `@` is not authorized.	""	Yes
`namespace`	Main service namespace. More information here.	""	No
`port`	Main service port (number or port name). Evaluated only if the kind of the main service is Service.	""	No
`responseForwarding.` `flushInterval`	Interval, in milliseconds, in between flushes to the client while copying the response body. A negative value means to flush immediately after each write to the client. This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately. Evaluated only if the kind of the main service is Service.	100ms	No
`scheme`	Scheme to use for the request to the upstream Kubernetes Service. Evaluated only if the kind of the main service is Service.	"http" "https" if `port` is 443 or contains the string https.	No
`serversTransport`	Name of ServersTransport resource to use to configure the transport between Traefik and the main service's servers. Evaluated only if the kind of the main service is Service.	""	No
`passHostHeader`	Forward client Host header to main service's server. Evaluated only if the kind of the main service is Service.	true	No
`healthCheck.scheme`	Server URL scheme for the health check endpoint. Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName.	""	No
`healthCheck.mode`	Health check mode. If defined to grpc, will use the gRPC health check protocol to probe the server. Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName.	"http"	No
`healthCheck.path`	Server URL path for the health check endpoint. Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName.	""	No
`healthCheck.interval`	Frequency of the health check calls. Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName.	"100ms"	No
`healthCheck.method`	HTTP method for the health check endpoint. Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName.	"GET"	No
`healthCheck.status`	Expected HTTP status code of the response to the health check request. Only for Kubernetes service of type ExternalName. If not set, expect a status between 200 and 399. Evaluated only if the kind of the main service is Service.		No
`healthCheck.port`	URL port for the health check endpoint. Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName.		No
`healthCheck.timeout`	Maximum duration to wait before considering the server unhealthy. Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName.	"5s"	No
`healthCheck.hostname`	Value in the Host header of the health check request. Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName.	""	No
`healthCheck.` `followRedirect`	Follow the redirections during the healtchcheck. Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName.	true	No
`healthCheck.headers`	Map of header to send to the health check endpoint Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName.		No
`sticky.` `cookie.name`	Name of the cookie used for the stickiness on the main service. Evaluated only if the kind of the main service is Service.	Abbreviation of a sha1 (ex: `_1d52e`).	No
`sticky.` `cookie.httpOnly`	Allow the cookie can be accessed by client-side APIs, such as JavaScript. Evaluated only if the kind of the main service is Service.	false	No
`sticky.` `cookie.secure`	Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS). Evaluated only if the kind of the main service is Service.	false	No
`sticky.` `cookie.sameSite`	SameSite policy. Allowed values: -`none` -`lax` `strict` Evaluated only if the kind of the main service is Service.	""	No
`sticky.` `cookie.maxAge`	Number of seconds until the cookie expires. Negative number, the cookie expires immediately. 0, the cookie never expires. Evaluated only if the kind of the main service is Service.	0	No
`strategy`	Load balancing strategy between the main service's servers. RoundRobin is the only supported value yet. Evaluated only if the kind of the main service is Service.	"RoundRobin"	No
`weight`	Service weight. To use only to refer to WRR TraefikService	""	No
`nativeLB`	Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik Hub API Gateway. Evaluated only if the kind of the main service is Service.	false	No
`nodePortLB`	Use the nodePort IP address when the service type is NodePort. It allows services to be reachable when Traefik Hub APi Gateway runs externally from the Kubernetes cluster but within the same network of the nodes. Evaluated only if the kind of the main service is Service.	false	No
`maxBodySize`	Maximum size allowed for the body of the request. If the body is larger, the request is not mirrored. -1 means unlimited size.	-1	No
`mirrors`	List of mirrored services to target. It can be any combination of TraefikService and Kubernetes service. More information here.		No
`mirrors[m].` `kind`	Kind of the mirrored service targeted. Two values allowed: - Service: Kubernetes Service - TraefikService: Traefik Service. More information here	""	No
`mirrors[m].` `name`	Mirrored service name. The character `@` is not authorized.	""	Yes
`mirrors[m].` `namespace`	Mirrored service namespace. More information here.	""	No
`mirrors[m].` `port`	Mirrored service port (number or port name). Evaluated only if the kind of the mirrored service is Service.	""	No
`mirrors[m].` `percent`	Part of the traffic to mirror in percent (from 0 to 100)	0	No
`mirrors[m].` `responseForwarding.` `flushInterval`	Interval, in milliseconds, in between flushes to the client while copying the response body. A negative value means to flush immediately after each write to the client. This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately. Evaluated only if the kind of the mirrored service is Service.	100ms	No
`mirrors[m].` `scheme`	Scheme to use for the request to the mirrored service. Evaluated only if the kind of the mirrored service is Service.	"http" "https" if `port` is 443 or contains the string https.	No
`mirrors[m].` `serversTransport`	Name of ServersTransport resource to use to configure the transport between Traefik and the mirrored service servers. Evaluated only if the kind of the mirrored service is Service.	""	No
`mirrors[m].` `passHostHeader`	Forward client Host header to the mirrored service servers. Evaluated only if the kind of the mirrored service is Service.	true	No
`mirrors[m].` `healthCheck.scheme`	Server URL scheme for the health check endpoint. Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName.	""	No
`mirrors[m].` `healthCheck.mode`	Health check mode. If defined to grpc, will use the gRPC health check protocol to probe the server. Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName.	"http"	No
`mirrors[m].` `healthCheck.path`	Server URL path for the health check endpoint. Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName.	""	No
`mirrors[m].` `healthCheck.interval`	Frequency of the health check calls. Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName.	"100ms"	No
`mirrors[m].` `healthCheck.method`	HTTP method for the health check endpoint. Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName.	"GET"	No
`mirrors[m].` `healthCheck.status`	Expected HTTP status code of the response to the health check request. Only for Kubernetes service of type ExternalName. If not set, expect a status between 200 and 399. Evaluated only if the kind of the mirrored service is Service.		No
`mirrors[m].` `healthCheck.port`	URL port for the health check endpoint. Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName.		No
`mirrors[m].` `healthCheck.timeout`	Maximum duration to wait before considering the server unhealthy. Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName.	"5s"	No
`mirrors[m].` `healthCheck.hostname`	Value in the Host header of the health check request. Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName.	""	No
`mirrors[m].` `healthCheck.` `followRedirect`	Follow the redirections during the healtchcheck. Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName.	true	No
`mirrors[m].` `healthCheck.headers`	Map of header to send to the health check endpoint Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName.		No
`mirrors[m].` `sticky.` `cookie.name`	Name of the cookie used for the stickiness. When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response. On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set. If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server). Evaluated only if the kind of the mirrored service is Service.	""	No
`mirrors[m].` `sticky.` `cookie.httpOnly`	Allow the cookie can be accessed by client-side APIs, such as JavaScript. Evaluated only if the kind of the mirrored service is Service.	false	No
`mirrors[m].` `sticky.` `cookie.secure`	Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS). Evaluated only if the kind of the mirrored service is Service.	false	No
`mirrors[m].` `sticky.` `cookie.sameSite`	SameSite policy. Allowed values: -`none` -`lax` `strict` Evaluated only if the kind of the mirrored service is Service.	""	No
`mirrors[m].` `sticky.` `cookie.maxAge`	Number of seconds until the cookie expires. Negative number, the cookie expires immediately. 0, the cookie never expires. Evaluated only if the kind of the mirrored service is Service.	0	No
`mirrors[m].` `strategy`	Load balancing strategy between the servers. RoundRobin is the only supported value yet. Evaluated only if the kind of the mirrored service is Service.	"RoundRobin"	No
`mirrors[m].` `weight`	Service weight. To use only to refer to WRR TraefikService	""	No
`mirrors[m].` `nativeLB`	Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik Hub API Gateway. Evaluated only if the kind of the mirrored service is Service.	false	No
`mirrors[m].` `nodePortLB`	Use the nodePort IP address when the service type is NodePort. It allows services to be reachable when Traefik Hub APi Gateway runs externally from the Kubernetes cluster but within the same network of the nodes. Evaluated only if the kind of the mirrored service is Service.	false	No
`mirrorBody`	Defines whether the request body should be mirrored.	true	No

Services

The service to target can be either a Kubernetes service or a TraefikService

Kubernetes Service vs TraefikService

A Kubernetes service allows exposing a pod.

A TraefikService allows using any (valid) combinations of:

Weighted Round Robin load balancing. More information in the dedicated Weighted Round Robin service load balancing section.
Mirroring. More information in the dedicated mirroring service section.

routes.services.kind

As the field name can reference different types of objects, use the field kind to avoid any ambiguity. The field kind allows the following values:

Service (default value): to reference a Kubernetes Service
TraefikService: to reference an object TraefikService

ExternalName Service

ExternalName Services are used to reference services that exist off platform, on other clusters, or locally.

Healthcheck

As the healthchech cannot be done using the usual Kubernetes livenessprobe and readinessprobe, the IngressRoute brings an option to check the ExternalName Service health.

Port Definition

Traefik Hub connect to a backend with a domain and a port. However, Kubernetes ExternalName Service can be defined without any port. Accordingly, Traefik supports defining a port in two ways:

only on IngressRoute service
on both sides, you'll be warned if the ports don't match, and the IngressRoute service port is used

Thus, in case of two sides port definition, Traefik expects a match between ports.

Port defined on the Resource
Port defined on the Service
Port defined on both sides

IngressRoute
Service ExternalName

apiVersion: traefik.io/v1alpha1
  kind: IngressRoute
  metadata:
    name: test.route
    namespace: apps
  spec:
    entryPoints:
      - foo
    routes:
    - match: Host(`example.net`)
      kind: Rule
      services:
      - name: external-svc
        port: 80

apiVersion: v1
kind: Service
metadata:
  name: external-svc
  namespace: apps
spec:
  externalName: external.domain
  type: ExternalName

IngressRoute
Service ExternalName

apiVersion: traefik.io/v1alpha1
  kind: IngressRoute
  metadata:
    name: test.route
    namespace: apps
  spec:
    entryPoints:
      - foo
    routes:
    - match: Host(`example.net`)
      kind: Rule
      services:
      - name: external-svc

apiVersion: v1
kind: Service
metadata:
  name: external-svc
  namespace: apps
spec:
  externalName: external.domain
  type: ExternalName
  ports:
    - port: 80

IngressRoute
Service ExternalName

apiVersion: traefik.io/v1alpha1
  kind: IngressRoute
  metadata:
    name: test.route
    namespace: apps
  spec:
    entryPoints:
      - foo
    routes:
    - match: Host(`example.net`)
      kind: Rule
      services:
      - name: external-svc
        port: 80

apiVersion: v1
kind: Service
metadata:
  name: external-svc
  namespace: apps
spec:
  externalName: external.domain
  type: ExternalName
  ports:
    - port: 80

Weighted Round Robin​

Configuration Example​

Configuration Options​

Stickiness on multiple levels​

Mirroring​

Configuration Example​

Configuration Options​

Services​

Kubernetes Service vs TraefikService​

routes.services.kind​

ExternalName Service​

Healthcheck​

Port Definition​

Weighted Round Robin

Configuration Example

Configuration Options

Stickiness on multiple levels

Mirroring

Configuration Example

Configuration Options

Services

Kubernetes Service vs TraefikService

routes.services.kind

ExternalName Service

Healthcheck

Port Definition