Custom Traefik (local) plugins

[[442556]]

Traefik has implemented a lot of middleware by default, which can meet most of our daily needs. However, in actual work, users still have the need to customize middleware. To solve this problem, the official launched a Traefik Pilot[1] function. In addition, the Traefik v2.5 version also launched a function that supports local private plug-ins.

Traefik Pilot

Traefik Pilot is a SaaS platform that links with Traefik to extend its functionality. It provides many features to enhance the observation and control of Traefik through a global control panel and dashboard:

• Metrics for network activity of Traefik proxies and proxy groups
• Service health issues and security breach alerts
• Plugins to extend Traefik functionality

Before Traefik can use the features of Traefik Pilot, it must connect to them. We only need to make a few changes to Traefik's static configuration.

[[442557]]

The Traefik proxy must have access to the internet to connect to Traefik Pilot, establishing a connection over HTTPS on port 443.

First we need to create an account on the Traefik Pilot homepage (https://pilot.traefik.io/), register a new Traefik instance and start using Traefik Pilot. After logging in, you can create a new instance by selecting Register New Traefik Instance.

In addition, when our Traefik is not yet connected to Traefik Pilot, a bell icon will appear in the Traefik Web UI, and we can select Connect with Traefik Pilot to navigate to the Traefik Pilot UI for operation.

After the login is complete, Traefik Pilot will generate a token for a new instance. We need to add this Token to the Traefik static configuration.

Enable Pilot's configuration in the Traefik installation configuration file:

 # Activate Pilot integration
 Pilot:
 enabled: true  
  token: "e079ea6e-536a-48c6-b3e3-f7cfaf94f477"  

After the update is complete, we can see the information related to Traefik Pilot UI in Traefik's Web UI.

Next, we can select the plugin we want to use on the plugin page of Traefik Pilot. For example, we use the Demo Plugin[2] plugin here.

Click the Install Plugin button in the upper right corner to install the plug-in, and a dialog box will pop up to prompt us how to install it.

First we need to register the current Traefik to Traefik Pilot (completed), then we need to add this plug-in to Traefik in a static configuration, and then add the plug-in startup parameters:

 # Activate Pilot integration
 Pilot:
 enabled: true  
  token: "e079ea6e-536a-48c6-b3e3-f7cfaf94f477"   
 
 additionalArguments:
 # Add support for demo plugin
 - --experimental.plugins.plugindemo.modulename=github.com/traefik/plugindemo  
 - --experimental.plugins.plugindemo.version=v0.2.1  
 # Other Configuration

After the update is complete, create a Middleware object as follows:

 ➜ cat <<EOF | kubectl apply -f -
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
 name : myplugin
 spec:
 plugin:
 plugindemo: # plugin name
 Headers:
 X-Demo: test
 Foo: bar
 EOF 

Then add it to the IngressRoute object of the whoami application above:

 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
 name : ingressroute-demo
 namespace: default  
 spec:
 entryPoints:
 - web
 routes:
  - match: Host(`who.qikqiak.com`) && PathPrefix(`/notls`)
 kind: Rule  
 services:
    - name : whoami # K8s Service
 port: 80
 middlewares:
 - name : myplugin # Use the newly created middleware above

After the update is complete, when we visit http://who.qikqiak.com/notls, we can see that the two headers defined in the above plug-in have been added.

In addition to using the plugins provided by developers on Traefik Pilot, we can also develop our own plugins according to our needs. You can refer to the plugin development documentation [3].

Local private plugin

Above we introduced that you can use Traefik Pilot to use plug-ins, but this is a SaaS service platform, which is not very suitable for most enterprise scenarios. In more scenarios, we need to load plug-ins in the local environment. To solve this problem, after Traefik v2.5, a new method of loading plug-ins directly from the local storage directory is provided. There is no need to enable Traefik Pilot. You only need to put the plug-in source code into a new directory called /plugins-local and create this directory relative to the current working directory. For example, if we directly use the docker image of traefik, the entry point is the root directory /. Traefik itself will build your plug-in, so all we have to do is write the source code and put it in the correct directory and let Traefik load it.

It should be noted that since the plugin is only loaded once at each startup, if we want to reload your plugin source code, we need to restart Traefik.

Below we use a simple custom plug-in example to illustrate how to use private plug-ins. First, we define a Dockerfile file named Dockerfile.demo, clone the plug-in source code from the git repository, and then use traefik:v2.5 as the base image to copy the plug-in source code to the /plugins-local directory, as shown below:

 FROM alpine:3
 ARG PLUGIN_MODULE=github.com/traefik/plugindemo
 ARG PLUGIN_GIT_REPO=https://github.com/traefik/plugindemo.git
 ARG PLUGIN_GIT_BRANCH=master
 RUN apk add   --update git && \  
    git clone ${PLUGIN_GIT_REPO} /plugins- local /src/${PLUGIN_MODULE} \
 --depth 1 --single-branch --branch ${PLUGIN_GIT_BRANCH}   
 
 FROM traefik:v2.5
 COPY --from=0 /plugins-local /plugins-local  

The demonstration plug-in we use here is the same plug-in demonstrated in the Pilot above. We can use this plug-in to customize the request header information.

Then build the image in the Dockerfile.demo directory:

 ➜ docker build -f Dockerfile.demo -t cnych/traefik-private-demo-plugin:2.5.4 .
 # Push to the image repository
 ➜ docker push cnych/traefik-private-demo-plugin:2.5.4

After the image is built, you can use this image to test the demo plug-in. Change the image to the image address we customized above:

 image:
 name : cnych/traefik-private-demo-plugin
 tag: 2.5.4 
 
 # Other omissions 
 
 # No need to enable pilot
 Pilot:
 enabled: false   
 
 additionalArguments:
 # Add native support for demo plugin
 - --experimental.localPlugins.plugindemo.moduleName=github.com/traefik/plugindemo  
 # Other omissions

Note that we used --experimental.localPlugins when adding Traefik's startup parameters above. After the update is complete, we can use our private plug-in to create a Middleware object:

 ➜ cat <<EOF | kubectl apply -f -
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
 name : my-private-plugin
 spec:
 plugin:
 plugindemo: # plugin name
 Headers:
 X-Demo: private-demo
 Foo: bar
 EOF 

Then add it to the IngressRoute object of the whoami application above:

 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
 name : ingressroute-demo
 namespace: default  
 spec:
 entryPoints:
 - web
 routes:
  - match: Host(`who.qikqiak.com`) && PathPrefix(`/notls`)
 kind: Rule  
 services:
    - name : whoami # K8s Service
 port: 80
 middlewares:
 - name : my-private-plugin # Use the newly created middleware above

After updating the above resource object, we visit http://who.qikqiak.com/notls and we can see that the two Headers defined in the above plug-in have been added, proving that our private plug-in configuration is successful:

With the support of local private plugins, Traefik is really starting to take off, right?

References

[1]Traefik Pilot: https://pilot.traefik.io/

[2]Demo Plugin: https://github.com/traefik/plugindemo

[3]Plugin dev doc: https://doc.traefik.io/traefik-pilot/plugins/plugin-dev/