traefik
gateway-api
traefik | gateway-api | |
---|---|---|
4 | 30 | |
36,761 | 1,589 | |
- | 2.7% | |
9.4 | 9.8 | |
about 2 years ago | about 11 hours ago | |
Go | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
traefik
-
Traefik : Add Custom Header Only for specific files
UPDATE: ATM this is not possible via traefik. I have openend an issue : https://github.com/containous/traefik/issues/4228
-
uwsgi master graceful shutdown
;https://uwsgi-docs.readthedocs.io/en/latest/HTTP.htmlhttp = :8080wsgi-file = main.pycallable = wsgi_applicationprocesses = 2enable-threads = truemaster = truereload-mercy = 30worker-reload-mercy = 30log-5xx = truelog-4xx = truedisable-logging = truestats = 127.0.0.1:1717stats-http = truesingle-interpreter= true;https://github.com/containous/traefik/issues/615http-keepalive=trueadd-header = Connection: Keep-Alive
-
Back to basics: accessing Kubernetes pods
It's implementation-dependent and implementations offer different features, e.g., Nginx, Traefik, HAProxy, etc.
-
Install letsecrypt certificates on all your docker containers
version: "3" services: influx: image: influxdb:1.7 # or any other recent version labels: # SSL endpoint - "traefik.http.routers.influx-ssl.entryPoints=port8086" - "traefik.http.routers.influx-ssl.rule=host(`influx.mydomain.com`)" - "traefik.http.routers.influx-ssl.tls=true" - "traefik.http.routers.influx-ssl.tls.certResolver=le-ssl" - "traefik.http.routers.influx-ssl.service=influx-ssl" - "traefik.http.services.influx-ssl.loadBalancer.server.port=8086" restart: always container_name: influxdb volumes: - influx-data:/var/lib/influxdb environment: # - INFLUXDB_DB= - INFLUXDB_HTTP_ENABLED=true - INFLUXDB_HTTP_AUTH_ENABLED=true # - INFLUXDB_ADMIN_USER= # - INFLUXDB_ADMIN_PASSWORD= grafana: labels: # SSL redirect requires a separate router (https://github.com/containous/traefik/issues/4688#issuecomment-477800500) - "traefik.http.routers.grafana.entryPoints=port80" - "traefik.http.routers.grafana.rule=host(`grafana.mydomain.com`)" - "traefik.http.middlewares.grafana-redirect.redirectScheme.scheme=https" - "traefik.http.middlewares.grafana-redirect.redirectScheme.permanent=true" - "traefik.http.routers.grafana.middlewares=grafana-redirect" # SSL endpoint - "traefik.http.routers.grafana-ssl.entryPoints=port443" - "traefik.http.routers.grafana-ssl.rule=host(`grafana.mydomain.com`)" - "traefik.http.routers.grafana-ssl.tls=true" - "traefik.http.routers.grafana-ssl.tls.certResolver=le-ssl" - "traefik.http.routers.grafana-ssl.service=grafana-ssl" - "traefik.http.services.grafana-ssl.loadBalancer.server.port=3000" image: grafana/grafana container_name: grafana restart: always volumes: - grafana-data:/var/lib/grafana environment: - GF_SERVER_ROOT_URL=https://grafana.mydomain.com - GF_SERVER_DOMAIN=grafana.mydomain.com - GF_USERS_ALLOW_SIGN_UP=false volumes: traefik-data: influx-data: grafana-data:
gateway-api
-
cert-manager: All-in-One Kubernetes TLS Certificate Manager
# cilium/playbook.yml - name: Bootstrap the Kubernetes cluster hosts: localhost gather_facts: false become: true environment: KUBECONFIG: ~/.kube/config vars: helm_version: v3.14.4 kube_context: k3d-k3s-default tasks: - name: Install Kubernetes library ansible.builtin.pip: name: kubernetes<30 state: present - name: Install helm binary ansible.builtin.shell: cmd: "{{ lookup('ansible.builtin.url', 'https://git.io/get_helm.sh', split_lines=false) }}" creates: /usr/local/bin/helm environment: DESIRED_VERSION: "{{ helm_version }}" - name: Install Kubernetes gateway CRDs kubernetes.core.k8s: src: "{{ item }}" state: present context: "{{ kube_context }}" loop: - https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml - https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/experimental-install.yaml - name: Install cilium block: - name: Add cilium helm repository kubernetes.core.helm_repository: name: cilium repo_url: https://helm.cilium.io - name: Install cilium helm release kubernetes.core.helm: name: cilium chart_ref: cilium/cilium namespace: kube-system state: present chart_version: 1.15.x kube_context: "{{ kube_context }}" values: gatewayAPI: enabled: true kubeProxyReplacement: true encryption: enabled: true type: wireguard operator: replicas: 1
-
ArgoCD Deployment on RKE2 with Cilium Gateway API
It has already been a couple of years since the Kubernetes Ingress was defined as a “frozen” feature while further development will be added to the Gateway API.
-
A Comprehensive Guide to API Gateways, Kubernetes Gateways, and Service Meshes
Kubernetes provides two APIs to achieve this, the Ingress API and the Gateway API.
-
Using k8s-apiserver as AAA server for microservices?
With all that said, K8s is not really meant to function as an API gateway to arbitrary services. You should look into API gateways such as NGINX, Kong or others, service meshes as others have already pointed out, or have a look at the K8s Gateway API the SIG is currently working on. The last one is in the early stages of adoption, but it could provide you with a nice way to do an API Gateway right in K8s.
-
load balancer and kubernetes
Maybe there's something in the new fangled gateways.
-
Service Mesh Considerations
Keep an eye on the Gateway API GAMMA Initiative as it is currently evolving with the goal of streamlining how services meshes can implement the Gateway API and reduce some overlap.
- EKS: is it possible to rewrite the URL with ALB?
-
Apache Apisix: Open-Source API Gateway and API Management Platform
The selling point for me was ability to configure it using Kubernetes CRD's and future support of the Gateway API (under development - <https://gateway-api.sigs.k8s.io/>).
Developers can version their API now within helm charts or even yaml templates held along the code in their repositories.
-
A quick glance at the Kubernetes Gateway API
-- https://gateway-api.sigs.k8s.io
-
Sharing load balancers between containers
While you're learning about ingresses, also look into the k8s Gateway API, which is the next generation. https://gateway-api.sigs.k8s.io/
What are some alternatives?
metallb - A network load-balancer implementation for Kubernetes using standard routing protocols
caddy-l4 - Layer 4 (TCP/UDP) app for Caddy
simple-go-boilerplate - Simple microservices-oriented go project layout boilerplate to provide some ideas and tips.
apisix-opa-plugin
kubernetes-ingress - NGINX and NGINX Plus Ingress Controllers for Kubernetes
kubernetes-ingress-controller - :gorilla: Kong for Kubernetes: The official Ingress Controller for Kubernetes.
aws-ecr-image-pull-secret-controller - Custom controller for Kubernetes which automatically renews image pull secrets for AWS ECR
tyk-operator - Tyk Operator for Kubernetes
xdcc-cli - A command line tool for searching and downloading files from the IRC network.
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
kubebrain - A High Performance Metadata System for Kubernetes
multus-cni - A CNI meta-plugin for multi-homed pods in Kubernetes