Kicksware gateway is a unified cloud-native networking solution that brings modern HTTP\TCP\UDP reverse proxy and load balancer together with Kubernetes ingress controller and Service Mesh in one simply deployable and configurable project.
To achieve all of the above-mentioned goals it actually takes just one piece of software, but what an excellent one, though - it's Træfik by Traefik Labs!
For such a complex, distributed, diverse microservice-based software infrastructure like Kicksware it's important to be able to route all traffic from the outside into the internal mesh of numerous microservices as well as ensure their efficient inner communication.
Currently, Kicksware's networking profile has total of 18 subdomains. Almost all of them require a secure TLS connection, using auto-signing certificates. However, managing the system with this level of complexity isn't as hard as it seems with Traefik.
Reason for this is its simplicity achieved by cleverly hiding a great deal of complexity. Likewise Go (programming language on which its written), Traefik is made with the intended simplicity in mind, therefore it is easy to use it. However, to achieve this goal Traefik actually handles a lot of hidden processes ranging from a dynamically routing request to their target services, to auto-signing TLS certificates with an ACME provider (like Let’s Encrypt).
However, even such an autonomous program as Traefik needs to be configured to fit into the system it's applied to.
Thankfully, it's not a hard thing to do, all thats need is to define both router endpoint rule and target server, but even this step can be omitted if proxy configuration is bonded directly to service definition, like in docker-compose service config or Kubernetes ingress route where only service name is required.
As it's going to be described in further sections, Kicksware can be deployed using docker-compose and K8s methods. For both of them Traefik provides efficient way to configure itself.
For Docker, Rancher, and a few more container orchestration platforms label-based configuration is available.
As for Kubernetes, there are 2 methods of doing this:
- By using a native ingress controller with the corresponding class.
- Since the appearance of version 1.16 of Kubernetes an alternative and in fact, more flexible way was introduced with
CustomResourceDefinitions (CRD). Traefik defines its own kind resources to configure all three HTTP\TCP\UDP ingressroutes, middleware, services, and TLS options.
As designed Kicksware gateway solution must be deployed at the very beginning. Therefore, in every following deployment Traefik would be already there to dynamically process and expose newly created services.
Kicksware gateway can be deployed using the following methods:
-
Docker Compose file
This method require single dedicated server with installed both
dockeranddocker-composeutilities.Compose configuration file can be found in the root of the project. This file already contains setting for reverse proxy routing and load balancing.
Gitlab CI deployment pipeline configuration file for compose method can be found in
.gitlabdirectory. -
Kubernetes Helm charts
Deployment to Kubernetes cluster is the default and desired way.
For more flexible and easier deployment Helm package manager is used. It provides a simple, yet elegant way to write pre-configured, reusable Kubernetes resource configuration using YAML and Go Templates (or Lua scripts). Helm packages are called
charts.Traefik ingress deployment chart directory can be found in the root of the project.
Helm chart configuration already contains configuration of Traefik IngressRoute Custom Resource Definition (CRD) for reverse proxy routing and load balancing.
Gitlab CI deployment pipeline configuration file for K8s method can be found in the root of the project.
Kicksware gateway solution is designed to solve problems of network management, traffic routing, inner services interaction, and secure connection provisioning.
To handle its primary purpose of acting as a reverse proxy for distributed microservice-based cloud infrastructure the open-source Traefik proxy application is used.
Thanks to its simplicity-driven design, intuitive dynamic configuration system, native support for microservices, and overall extensive feature set, Traefik makes the best possible fit for Kicksware sneaker resale platform!
If you have enjoyed reading about Traefik implementation in the Kicksware system, consider leaving a star on it's GitHub repository, and while you're there, drop one for this repo too.😉
Thanks for attention!
See other Kicksware project repositories.
Licensed under the GNU AGPL-3.0.