What are we going to do
Now that we have a running wsl2/ubuntu with docker installed and our first container service (coredns) we will run another core container : a small and powerful reverse proxy and load balancer named traefik.
Run an ADC container as a service
We will do the same as our dns service but using traefik to publish an internal docker endpoint to our windows host.
Lets go to wsl2/ubuntu machine.
PS C:\Users\tdesa> wsl |
The structure will look like the following (my core containers are hosted on a GitLab repository).
tdesaules@DESKTOP-IVUMN45-wsl:~$ cd ~/GitLab/containers/traefik/ tdesaules@DESKTOP-IVUMN45-wsl:~/GitLab/containers/traefik$ tree . ├── config │ ├── dynamic.yml │ └── traefik.yml ├── docker-compose.yml ├── traefik-l4.initd └── traefik-l4.service |
So we have : One config folder with the traefik.yml base config file and a dynamic.yml file that is used to configure static reverse rules reloaded dynamically, one docker-compose.yml file to manage the container and the traefik-l4.service systemd service file.
First we need to create a docker-compose file to manage the container. On it, we fix the ip on the development network to be sure it will not change, configure the dns, expose some ports, mount the local config folder and add the command to correctly launch traefik.
— version: ‘3’ services: traefik-l4: container_name: ‘traefik-l4’ restart: ‘no’ image: ‘traefik:v2.8’ networks: development: ipv4_address: ‘172.16.254.254’ dns: [‘172.16.254.253’] command: – ‘–configFile=/etc/traefik/traefik.yml’ ports: – ’80:80′ – ‘443:443’ – ‘8080:8080’ – ‘9000:9000’ volumes: – ‘/var/run/docker.sock:/var/run/docker.sock:ro’ – ‘/etc/localtime:/etc/localtime:ro’ – ‘./config:/etc/traefik’ networks: development: external: true … |
In the traefik config file (config/traefik.yml) we are able to enable the webui, configure some entrypoints (80 for futures webapps and 9000 for the traefik gui) and add providers to autodiscover our container.
— api: dashboard: true insecure: true entryPoints: web: address: :80 admin: address: :9000 providers: file: filename: /etc/traefik/dynamic.yml docker: { } log: level: INFO … |
The local file (config/dynamic.yml) can be used to configure some endpoints. We will only use it to publish the traefik admin gui with a router based on a hostname rule pointing to the internal gui service api@internal that will allow us to access the traefik gui from our browser using an internal dns name.
— http: routers: dashboard: entryPoints: admin rule: Host(`traefik-l4.desaules.local`) service: api@internal … |
The systemd file (traefik-l4.service) looks like the one created for the coredns.
[Unit] Description=Traefik L4 Container Service BindsTo=docker.service After=docker.service [Service] Type=oneshot RemainAfterExit=true RestartSec=10 ExecStart=/usr/bin/docker-compose –file /home/tdesaules/GitLab/containers/traefik/docker-compose.yml up –detach –remove-orphans –force-recreate ExecStop=/usr/bin/docker-compose –file /home/tdesaules/GitLab/containers/traefik/docker-compose.yml down ExecReload=/usr/bin/docker-compose –file /home/tdesaules/GitLab/containers/traefik/docker-compose.yml restart [Install] WantedBy=multi-user.target |
Now we have all the stuff we need. Let’s configure the systemd service.
tdesaules@DESKTOP-IVUMN45-wsl:~/GitLab/containers/traefik$ sudo ln -s /home/tdesaules/GitLab/containers/traefik/traefik-l4.service /etc/systemd/system/traefik-l4.service tdesaules@DESKTOP-IVUMN45-wsl:~$ sudo systemctl daemon-reload tdesaules@DESKTOP-IVUMN45-wsl:~$ sudo systemctl enable traefik-l4 tdesaules@DESKTOP-IVUMN45-wsl:~$ sudo systemctl start traefik-l4 tdesaules@DESKTOP-IVUMN45-wsl:~/GitLab/containers/traefik$ sudo systemctl status traefik-l4 ● traefik-l4.service – Traefik L4 Container Service Loaded: loaded (/etc/systemd/system/traefik-l4.service; enabled; vendor preset: enabled) […] tdesaules@DESKTOP-IVUMN45-wsl:~$ docker ps –format “{{.ID}}: {{.Image}} {{.State}}” e20bfa634b39: traefik:v2.8 running 5a5d5681bc61: coredns/coredns:1.9.2 running |
On the coredns local zone file we need to add a new entry to resolve the traefik gui. (Remember the ip used is the one hosted by the wsl2/ubuntu machine because our traefik service is exposing its entrypoints using the docker compose ports entry)
172.31.54.61 traefik-l4.desaules.local |
And check that the traefik gui is correctly responding over the dns configured on the coredns local zone (traefik-l4.desaules.local) and port defined in the traefik entrypoints (admin with port 9000).
Note 1: On the traefik webui we can see that the file rule is correctly working because we have access to the admin gui from the dns configured on coredns. Our browser can access it with port tcp/9000 that we configured on traefik and exposed with our docker compose file.
We also see that our docker provider automatically discovers our two containers (coredns and traefik-l4).
Expose the whoami web application with Traefik
Traefik gives us a small container acting as a whoami webapp. We will use it with docker compose to start and scale it to see if traefik follows our moves.
The important part in this docker compose file is the labels entries that is used by traefik when reading the docker socket to expose a docker service with the rules configured. Here is a simple router named whoami with a host rule to respond over whoami.desaules.local dns and exposed over the traefik entrypoints named web over tcp/80.
— version: ‘3’ services: whoami: restart: ‘no’ image: ‘traefik/whoami’ networks: development: dns: [‘172.16.254.253’] volumes: – ‘/var/run/docker.sock:/var/run/docker.sock:ro’ – ‘/etc/localtime:/etc/localtime:ro’ labels: – “traefik.http.routers.whoami.rule=Host(`whoami.desaules.local`)” – “traefik.http.routers.whoami.entryPoints=web” networks: development: external: true … |
On the coredns local zone file we need to add a new entry to resolve the whoami webapp.
172.31.54.61 whoami.desaules.local |
Launch the service.
tdesaules@DESKTOP-IVUMN45-wsl:~/GitLab/containers/whoami$ docker-compose up [+] Running 1/0 ⠿ Container whoami Created 0.1s Attaching to whoami whoami | 2022/06/20 19:27:49 Starting up on port 80 |
We can see that the whoami container is running.
tdesaules@DESKTOP-IVUMN45-wsl:~$ docker ps –format “{{.ID}}: {{.Image}} {{.State}}” e20bfa634b39: traefik:v2.8 running 5a5d5681bc61: coredns/coredns:1.9.2 running 695a0d48466d: traefik/whoami running |
We can check on the traefik gui that our whoami is correctly exposed.
And finally open the webapp in a browser.
Scale the whoami web application
Now that we confirm that the web application is working, we can try to scale it to see what happens.
tdesaules@DESKTOP-IVUMN45-wsl:~/GitLab/containers/whoami$ docker-compose up –scale whoami=5 [+] Running 5/0 ⠿ Container whoami-whoami-5 Created 0.1s ⠿ Container whoami-whoami-2 Created 0.1s ⠿ Container whoami-whoami-3 Created 0.1s ⠿ Container whoami-whoami-4 Created 0.1s ⠿ Container whoami Recreated 0.1s Attaching to whoami-whoami-1, whoami-whoami-2, whoami-whoami-3, whoami-whoami-4, whoami-whoami-5 whoami-whoami-5 | 2022/07/05 19:27:09 Starting up on port 80 whoami-whoami-2 | 2022/07/05 19:27:09 Starting up on port 80 whoami-whoami-4 | 2022/07/05 19:27:10 Starting up on port 80 whoami-whoami-3 | 2022/07/05 19:27:10 Starting up on port 80 whoami-whoami-1 | 2022/07/05 19:27:10 Starting up on port 80 |
On traefik we can see if the service is correctly distributed over the 5 containers.
Note 1: If you try to refresh the http://whoami.desaules.local/ web page on the browser you will see that the targeted server ip changes based on the round robin load balancing algorithm.
Clean whoami
tdesaules@DESKTOP-IVUMN45-wsl:~/GitLab/containers/whoami$ docker-compose down [+] Running 5/0 ⠿ Container whoami-whoami-5 Removed 0.0s ⠿ Container whoami-whoami-4 Removed 0.0s ⠿ Container whoami-whoami-1 Removed 0.0s ⠿ Container whoami-whoami-2 Removed 0.0s ⠿ Container whoami-whoami-3 Removed 0.0s |
Next steps
In the “Part 4” we will see how to use our wsl2/ubuntu machine to do some vscode remote development with and without containers.
Links:
https://doc.traefik.io/traefik/getting-started/quick-start/