Traefik Service in Kubernetes
A TraefikService
is a Traefik Hub API Gateway Custom Resource that can be put on top of the Kubernetes Services.
It brings advanced load-balancing feature such as a Weighted Round Robin load balancing or a Mirroring between your Kubernetes Services.
Weighted Round Robin
The WRR is able to load balance the requests between multiple services based on weights.
The WRR TraefikService
allows you to load balance the traffic between Kubernetes Services and other instances of TraefikService
(another WRR service -, or a mirroring service).
Configuration Example
- IngressRoute
- TraefikService WRR Level#1
- TraefikService WRR Level#2
- Kubernetes Services
- Secret
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: test-name
namespace: apps
spec:
entryPoints:
- websecure
routes:
- match: Host(`example.com`) && PathPrefix(`/foo`)
kind: Rule
services:
# Set a WRR TraefikService
- name: wrr1
namespace: apps
kind: TraefikService
tls:
# Add a TLS certificate from a Kubernetes Secret
secretName: supersecret
apiVersion: traefik.io/v1alpha1
kind: TraefikService
metadata:
name: wrr1
namespace: apps
spec:
weighted:
services:
# Kubernetes Service
- name: svc1
namespace: apps
port: 80
weight: 1
# Second level WRR service
- name: wrr2
namespace: apps
kind: TraefikService
weight: 1
# Mirroring service
# The service is described in the Mirroring example
- name: mirror1
namespace: apps
kind: TraefikService
weight: 1
apiVersion: traefik.io/v1alpha1
kind: TraefikService
metadata:
name: wrr2
namespace: apps
spec:
weighted:
services:
# Kubernetes Service
- name: svc2
namespace: apps
port: 80
weight: 1
# Kubernetes Service
- name: svc3
namespace: apps
port: 80
weight: 1
apiVersion: v1
kind: Service
metadata:
name: svc1
namespace: apps
spec:
ports:
- name: http
port: 80
selector:
app: traefiklabs
task: app1
---
apiVersion: v1
kind: Service
metadata:
name: svc2
namespace: apps
spec:
ports:
- name: http
port: 80
selector:
app: traefiklabs
task: app2
---
apiVersion: v1
kind: Service
metadata:
name: svc3
namespace: apps
spec:
ports:
- name: http
port: 80
selector:
app: traefiklabs
task: app3
apiVersion: v1
kind: Secret
metadata:
name: supersecret
namespace: apps
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
Configuration Options
Field | Description | Default | Required |
---|---|---|---|
services | List of any combination of TraefikService and Kubernetes service. More information here. | No | |
services[m]. kind | Kind of the service targeted. Two values allowed: - Service: Kubernetes Service TraefikService: Traefik Service. More information here | "" | No |
services[m]. name | Service name. The character @ is not authorized. | "" | Yes |
services[m]. namespace | Service namespace. More information here. | "" | No |
services[m]. port | Service port (number or port name). Evaluated only if the kind is Service. | "" | No |
services[m]. responseForwarding. flushInterval | Interval, in milliseconds, in between flushes to the client while copying the response body. A negative value means to flush immediately after each write to the client. This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately. Evaluated only if the kind is Service. | 100ms | No |
services[m]. scheme | Scheme to use for the request to the upstream Kubernetes Service. Evaluated only if the kind is Service. | "http" "https" if port is 443 or contains the string https. | No |
services[m]. serversTransport | Name of ServersTransport resource to use to configure the transport between Traefik and your servers. Evaluated only if the kind is Service. | "" | No |
services[m]. passHostHeader | Forward client Host header to server. Evaluated only if the kind is Service. | true | No |
services[m]. healthCheck.scheme | Server URL scheme for the health check endpoint. Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName. | "" | No |
services[m]. healthCheck.mode | Health check mode. If defined to grpc, will use the gRPC health check protocol to probe the server. Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName. | "http" | No |
services[m]. healthCheck.path | Server URL path for the health check endpoint. Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName. | "" | No |
services[m]. healthCheck.interval | Frequency of the health check calls. Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName. | "100ms" | No |
services[m]. healthCheck.method | HTTP method for the health check endpoint. Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName. | "GET" | No |
services[m]. healthCheck.status | Expected HTTP status code of the response to the health check request. Only for Kubernetes service of type ExternalName. If not set, expect a status between 200 and 399. Evaluated only if the kind is Service. | No | |
services[m]. healthCheck.port | URL port for the health check endpoint. Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName. | No | |
services[m]. healthCheck.timeout | Maximum duration to wait before considering the server unhealthy. Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName. | "5s" | No |
services[m]. healthCheck.hostname | Value in the Host header of the health check request. Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName. | "" | No |
services[m]. healthCheck. followRedirect | Follow the redirections during the healtchcheck. Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName. | true | No |
services[m]. healthCheck.headers | Map of header to send to the health check endpoint Evaluated only if the kind is Service. Only for Kubernetes service of type ExternalName. | No | |
services[m]. sticky. cookie.name | Name of the cookie used for the stickiness. Evaluated only if the kind is Service. | Abbreviation of a sha1 (ex: _1d52e ). | No |
services[m]. sticky. cookie.httpOnly | Allow the cookie can be accessed by client-side APIs, such as JavaScript. Evaluated only if the kind is Service. | false | No |
services[m]. sticky. cookie.secure | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS). Evaluated only if the kind is Service. | false | No |
services[m]. sticky. cookie.sameSite | SameSite policy. Allowed values: - none - lax strict Evaluated only if the kind is Service. | "" | No |
services[m]. sticky. cookie.maxAge | Number of seconds until the cookie expires. Negative number, the cookie expires immediately. 0, the cookie never expires. Evaluated only if the kind is Service. | 0 | No |
services[m]. strategy | Load balancing strategy between the servers. RoundRobin is the only supported value yet. Evaluated only if the kind is Service. | "RoundRobin" | No |
services[m]. weight | Service weight. To use only to refer to WRR TraefikService | "" | No |
services[m]. nativeLB | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik Hub API Gateway. Evaluated only if the kind is Service. | false | No |
services[m]. nodePortLB | Use the nodePort IP address when the service type is NodePort. It allows services to be reachable when Traefik Hub APi Gateway runs externally from the Kubernetes cluster but within the same network of the nodes. Evaluated only if the kind is Service. | false | No |
sticky. cookie.name | Name of the cookie used for the stickiness at the WRR service level. When sticky sessions are enabled, a Set-Cookie header is set on the initial response to let the client know which server handles the first response.On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set. If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server). More information about WRR stickiness here | Abbreviation of a sha1 (ex: _1d52e ). | No |
sticky. cookie.httpOnly | Allow the cookie used for the stickiness at the WRR service level to be accessed by client-side APIs, such as JavaScript. More information about WRR stickiness here | false | No |
sticky. cookie.secure | Allow the cookie used for the stickiness at the WRR service level to be only transmitted over an encrypted connection (i.e. HTTPS). More information about WRR stickiness here | false | No |
sticky. cookie.sameSite | SameSite policy for the cookie used for the stickiness at the WRR service level. Allowed values: - none - lax strict More information about WRR stickiness here | "" | No |
sticky. cookie.maxAge | Number of seconds until the cookie used for the stickiness at the WRR service level expires. Negative number, the cookie expires immediately. 0, the cookie never expires. | 0 | No |
Stickiness on multiple levels
When chaining or mixing load-balancers (e.g. a load-balancer of servers is one of the "children" of a load-balancer of services), for stickiness to work all the way, the option needs to be specified at all required levels. Which means the client needs to send a cookie with as many key/value pairs as there are sticky levels.
Sticky sessions, for stickiness to work all the way, must be specified at each load-balancing level.
For instance, in the example below, there is a first level of load-balancing because there is a (Weighted Round Robin) load-balancing of the two whoami
services,
and there is a second level because each whoami service is a replicaset
and is thus handled as a load-balancer of servers.
- IngressRoute
- TraefikService WRR with 2 level of stickiness
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
namespace: apps
spec:
entryPoints:
- web
routes:
- match: Host(`example.com`) && PathPrefix(`/foo`)
kind: Rule
services:
- name: wrr1
namespace: apps
kind: TraefikService
apiVersion: traefik.io/v1alpha1
kind: TraefikService
metadata:
name: wrr1
namespace: apps
spec:
weighted:
services:
- name: whoami1
kind: Service
port: 80
weight: 1
# Stickiness level2 (on the Kubernetes service)
sticky:
cookie:
name: lvl2
- name: whoami2
kind: Service
weight: 1
port: 80
# Stickiness level2 (on the Kubernetes service)
sticky:
cookie:
name: lvl2
# Stickiness level2 (on the WRR service)
sticky:
cookie:
name: lvl1
In the example above, to keep a session open with the same server, the client would then need to specify the two levels within the cookie for each request, e.g. with curl:
# Assuming `10.42.0.6` is the IP address of one of the replicas (a pod then) of the `whoami1` service.
curl -H Host:example.com -b "lvl1=default-whoami1-80; lvl2=http://10.42.0.6:80" http://localhost:8000/foo
Mirroring
The mirroring is able to mirror requests sent to a service to other services.
A mirroring service allows you to send the trafiic to many services together:
- The main service receives 100% of the traffic,
- The mirror services receive a percentage of the traffic.
For example, to upgrade the version of your application. You can set the service that targets current version as the main service, and the service of the new version a mirror service. Thus you can start testing the behavior of the new version keeping the current version reachable.
The mirroring TraefikService
allows you to reference Kubernetes Services and other instances of TraefikService
(another WRR service -, or a mirroring service).
Please note that by default the whole request is buffered in memory while it is being mirrored.
See the maxBodySize
option in the example below for how to modify this behavior.
Configuration Example
- IngressRoute
- Mirroring from a Kubernetes Service
- Mirroring from a TraefikService (WRR)
- Kubernetes Services
- Secret
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: test-name
namespace: apps
spec:
entryPoints:
- websecure
routes:
- match: Host(`example.com`) && PathPrefix(`/foo`)
kind: Rule
services:
# Set a Mirror TraefikService
- name: mirror1
namespace: apps
kind: TraefikService
tls:
# Add a TLS certificate from a Kubernetes Secret
secretName: supersecret
apiVersion: traefik.io/v1alpha1
kind: TraefikService
metadata:
name: mirror1
namespace: apps
spec:
mirroring:
name: svc1 # svc1 receives 100% of the traffic
namespace: apps
port: 80
mirrorBody: true
mirrors:
- name: svc2 # svc2 receives a copy of 20% of this traffic
namespace: apps
port: 80
percent: 20
- name: svc3 # svc3 receives a copy of 15% of this traffic
namespace: apps
kind: TraefikService
percent: 15
apiVersion: traefik.io/v1alpha1
kind: TraefikService
metadata:
name: mirror1
namespace: apps
spec:
mirroring:
name: wrr1 # wrr1 (described in the Weight Round Robin example) receives 100% of the traffic
namespace: apps
kind: TraefikService
mirrors:
- name: svc2 # svc2 receives a copy of 20% of this traffic
namespace: apps
port: 80
percent: 20
- name: svc3 # svc3 receives a copy of 15% of this traffic
namespace: apps
kind: TraefikService
percent: 15
apiVersion: v1
kind: Service
metadata:
name: svc1
namespace: apps
spec:
ports:
- name: http
port: 80
selector:
app: traefiklabs
task: app1
---
apiVersion: v1
kind: Service
metadata:
name: svc2
namespace: apps
spec:
ports:
- name: http
port: 80
selector:
app: traefiklabs
task: app2
---
apiVersion: v1
kind: Service
metadata:
name: svc3
namespace: apps
spec:
ports:
- name: http
port: 80
selector:
app: traefiklabs
task: app3
apiVersion: v1
kind: Secret
metadata:
name: supersecret
namespace: apps
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
Configuration Options
The main service properties are set as the option root level.
The mirrored services properties are set in the mirrors
list.
Field | Description | Default | Required |
---|---|---|---|
kind | Kind of the main service. Two values allowed: - Service: Kubernetes Service - TraefikService: Traefik Service. More information here | "" | No |
name | Main service name. The character @ is not authorized. | "" | Yes |
namespace | Main service namespace. More information here. | "" | No |
port | Main service port (number or port name). Evaluated only if the kind of the main service is Service. | "" | No |
responseForwarding. flushInterval | Interval, in milliseconds, in between flushes to the client while copying the response body. A negative value means to flush immediately after each write to the client. This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately. Evaluated only if the kind of the main service is Service. | 100ms | No |
scheme | Scheme to use for the request to the upstream Kubernetes Service. Evaluated only if the kind of the main service is Service. | "http" "https" if port is 443 or contains the string https. | No |
serversTransport | Name of ServersTransport resource to use to configure the transport between Traefik and the main service's servers. Evaluated only if the kind of the main service is Service. | "" | No |
passHostHeader | Forward client Host header to main service's server. Evaluated only if the kind of the main service is Service. | true | No |
healthCheck.scheme | Server URL scheme for the health check endpoint. Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName. | "" | No |
healthCheck.mode | Health check mode. If defined to grpc, will use the gRPC health check protocol to probe the server. Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName. | "http" | No |
healthCheck.path | Server URL path for the health check endpoint. Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName. | "" | No |
healthCheck.interval | Frequency of the health check calls. Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName. | "100ms" | No |
healthCheck.method | HTTP method for the health check endpoint. Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName. | "GET" | No |
healthCheck.status | Expected HTTP status code of the response to the health check request. Only for Kubernetes service of type ExternalName. If not set, expect a status between 200 and 399. Evaluated only if the kind of the main service is Service. | No | |
healthCheck.port | URL port for the health check endpoint. Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName. | No | |
healthCheck.timeout | Maximum duration to wait before considering the server unhealthy. Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName. | "5s" | No |
healthCheck.hostname | Value in the Host header of the health check request. Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName. | "" | No |
healthCheck. followRedirect | Follow the redirections during the healtchcheck. Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName. | true | No |
healthCheck.headers | Map of header to send to the health check endpoint Evaluated only if the kind of the main service is Service. Only for Kubernetes service of type ExternalName. | No | |
sticky. cookie.name | Name of the cookie used for the stickiness on the main service. Evaluated only if the kind of the main service is Service. | Abbreviation of a sha1 (ex: _1d52e ). | No |
sticky. cookie.httpOnly | Allow the cookie can be accessed by client-side APIs, such as JavaScript. Evaluated only if the kind of the main service is Service. | false | No |
sticky. cookie.secure | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS). Evaluated only if the kind of the main service is Service. | false | No |
sticky. cookie.sameSite | SameSite policy. Allowed values: - none - lax strict Evaluated only if the kind of the main service is Service. | "" | No |
sticky. cookie.maxAge | Number of seconds until the cookie expires. Negative number, the cookie expires immediately. 0, the cookie never expires. Evaluated only if the kind of the main service is Service. | 0 | No |
strategy | Load balancing strategy between the main service's servers. RoundRobin is the only supported value yet. Evaluated only if the kind of the main service is Service. | "RoundRobin" | No |
weight | Service weight. To use only to refer to WRR TraefikService | "" | No |
nativeLB | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik Hub API Gateway. Evaluated only if the kind of the main service is Service. | false | No |
nodePortLB | Use the nodePort IP address when the service type is NodePort. It allows services to be reachable when Traefik Hub APi Gateway runs externally from the Kubernetes cluster but within the same network of the nodes. Evaluated only if the kind of the main service is Service. | false | No |
maxBodySize | Maximum size allowed for the body of the request. If the body is larger, the request is not mirrored. -1 means unlimited size. | -1 | No |
mirrors | List of mirrored services to target. It can be any combination of TraefikService and Kubernetes service. More information here. | No | |
mirrors[m]. kind | Kind of the mirrored service targeted. Two values allowed: - Service: Kubernetes Service - TraefikService: Traefik Service. More information here | "" | No |
mirrors[m]. name | Mirrored service name. The character @ is not authorized. | "" | Yes |
mirrors[m]. namespace | Mirrored service namespace. More information here. | "" | No |
mirrors[m]. port | Mirrored service port (number or port name). Evaluated only if the kind of the mirrored service is Service. | "" | No |
mirrors[m]. percent | Part of the traffic to mirror in percent (from 0 to 100) | 0 | No |
mirrors[m]. responseForwarding. flushInterval | Interval, in milliseconds, in between flushes to the client while copying the response body. A negative value means to flush immediately after each write to the client. This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately. Evaluated only if the kind of the mirrored service is Service. | 100ms | No |
mirrors[m]. scheme | Scheme to use for the request to the mirrored service. Evaluated only if the kind of the mirrored service is Service. | "http" "https" if port is 443 or contains the string https. | No |
mirrors[m]. serversTransport | Name of ServersTransport resource to use to configure the transport between Traefik and the mirrored service servers. Evaluated only if the kind of the mirrored service is Service. | "" | No |
mirrors[m]. passHostHeader | Forward client Host header to the mirrored service servers. Evaluated only if the kind of the mirrored service is Service. | true | No |
mirrors[m]. healthCheck.scheme | Server URL scheme for the health check endpoint. Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName. | "" | No |
mirrors[m]. healthCheck.mode | Health check mode. If defined to grpc, will use the gRPC health check protocol to probe the server. Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName. | "http" | No |
mirrors[m]. healthCheck.path | Server URL path for the health check endpoint. Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName. | "" | No |
mirrors[m]. healthCheck.interval | Frequency of the health check calls. Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName. | "100ms" | No |
mirrors[m]. healthCheck.method | HTTP method for the health check endpoint. Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName. | "GET" | No |
mirrors[m]. healthCheck.status | Expected HTTP status code of the response to the health check request. Only for Kubernetes service of type ExternalName. If not set, expect a status between 200 and 399. Evaluated only if the kind of the mirrored service is Service. | No | |
mirrors[m]. healthCheck.port | URL port for the health check endpoint. Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName. | No | |
mirrors[m]. healthCheck.timeout | Maximum duration to wait before considering the server unhealthy. Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName. | "5s" | No |
mirrors[m]. healthCheck.hostname | Value in the Host header of the health check request. Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName. | "" | No |
mirrors[m]. healthCheck. followRedirect | Follow the redirections during the healtchcheck. Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName. | true | No |
mirrors[m]. healthCheck.headers | Map of header to send to the health check endpoint Evaluated only if the kind of the mirrored service is Service. Only for Kubernetes service of type ExternalName. | No | |
mirrors[m]. sticky. cookie.name | Name of the cookie used for the stickiness. When sticky sessions are enabled, a Set-Cookie header is set on the initial response to let the client know which server handles the first response.On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set. If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server). Evaluated only if the kind of the mirrored service is Service. | "" | No |
mirrors[m]. sticky. cookie.httpOnly | Allow the cookie can be accessed by client-side APIs, such as JavaScript. Evaluated only if the kind of the mirrored service is Service. | false | No |
mirrors[m]. sticky. cookie.secure | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS). Evaluated only if the kind of the mirrored service is Service. | false | No |
mirrors[m]. sticky. cookie.sameSite | SameSite policy. Allowed values: - none - lax strict Evaluated only if the kind of the mirrored service is Service. | "" | No |
mirrors[m]. sticky. cookie.maxAge | Number of seconds until the cookie expires. Negative number, the cookie expires immediately. 0, the cookie never expires. Evaluated only if the kind of the mirrored service is Service. | 0 | No |
mirrors[m]. strategy | Load balancing strategy between the servers. RoundRobin is the only supported value yet. Evaluated only if the kind of the mirrored service is Service. | "RoundRobin" | No |
mirrors[m]. weight | Service weight. To use only to refer to WRR TraefikService | "" | No |
mirrors[m]. nativeLB | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik Hub API Gateway. Evaluated only if the kind of the mirrored service is Service. | false | No |
mirrors[m]. nodePortLB | Use the nodePort IP address when the service type is NodePort. It allows services to be reachable when Traefik Hub APi Gateway runs externally from the Kubernetes cluster but within the same network of the nodes. Evaluated only if the kind of the mirrored service is Service. | false | No |
mirrorBody | Defines whether the request body should be mirrored. | true | No |
Services
The service to target can be either a Kubernetes service
or a TraefikService
Kubernetes Service vs TraefikService
A Kubernetes service allows exposing a pod.
A TraefikService
allows using any (valid) combinations of:
- Weighted Round Robin load balancing. More information in the dedicated Weighted Round Robin service load balancing section.
- Mirroring. More information in the dedicated mirroring service section.
routes.services.kind
As the field name
can reference different types of objects, use the field kind
to avoid any ambiguity.
The field kind
allows the following values:
Service
(default value): to reference a Kubernetes ServiceTraefikService
: to reference an objectTraefikService
ExternalName Service
ExternalName Services are used to reference services that exist off platform, on other clusters, or locally.
Healthcheck
As the healthchech cannot be done using the usual Kubernetes livenessprobe and readinessprobe, the IngressRoute brings an option to check the ExternalName Service health.
Port Definition
Traefik Hub connect to a backend with a domain and a port. However, Kubernetes ExternalName Service can be defined without any port. Accordingly, Traefik supports defining a port in two ways:
- only on IngressRoute service
- on both sides, you'll be warned if the ports don't match, and the IngressRoute service port is used
Thus, in case of two sides port definition, Traefik expects a match between ports.
- Port defined on the Resource
- Port defined on the Service
- Port defined on both sides
- IngressRoute
- Service ExternalName
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: test.route
namespace: apps
spec:
entryPoints:
- foo
routes:
- match: Host(`example.net`)
kind: Rule
services:
- name: external-svc
port: 80
apiVersion: v1
kind: Service
metadata:
name: external-svc
namespace: apps
spec:
externalName: external.domain
type: ExternalName
- IngressRoute
- Service ExternalName
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: test.route
namespace: apps
spec:
entryPoints:
- foo
routes:
- match: Host(`example.net`)
kind: Rule
services:
- name: external-svc
apiVersion: v1
kind: Service
metadata:
name: external-svc
namespace: apps
spec:
externalName: external.domain
type: ExternalName
ports:
- port: 80
- IngressRoute
- Service ExternalName
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: test.route
namespace: apps
spec:
entryPoints:
- foo
routes:
- match: Host(`example.net`)
kind: Rule
services:
- name: external-svc
port: 80
apiVersion: v1
kind: Service
metadata:
name: external-svc
namespace: apps
spec:
externalName: external.domain
type: ExternalName
ports:
- port: 80