是否可以使用docker swarm和consul后端的traefik配置？

consul和docker swarm配置后端是否兼容？

我的要求是我需要启动N个traefik容器作为docker服务,在那里他们通过docker swarm获得他们的动态前端/后端,但我还需要所有N个traefik容器来使用共享的ACME配置(即来自consul).

我希望它能让Frontends /后端信息来自docker swarm,而ACME配置应来自领事.对于任何其他静态traefik配置,我很好,如果它来自静态文件,但这实际上不适用于ACME.json作为文件通过volumne因为如何管理写入锁？我看到的唯一选择是领事KV商店.

我看到的问题是这种设置是不可能的？

Traefik版本v1.3.0建立在2017-05-31_05：48：42PM

将我的TOML配置上传到consul KV,看起来像这样:(存储在领事KV中的“traefik-stage”根目录下)

defaultEntryPoints = ["http","https"]

debug=true
logLevel="DEBUG"
InsecureSkipVerify=true

[web]
address = ":8080"

[web.statistics]

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

[acme]
acmeLogging=true
onDemand=true
entryPoint="https"
OnHostRule=true
caServer="https://acme-v01.api.letsencrypt.org/directory"
email="obgt.letsencrypt@my-domain.com"
storage="traefik-stage/acme/account"

# TRIED BOTH WITH AND WITHOUT
# THE DOCKER CONFIG LOADED INTO CONSUL
# AND AS command line flags.... to no avail
[docker]
swarmmode=true
domain="traefik"
watch=true

[[acme.domains]]
   main = "local1.com"
[[acme.domains]]
   main = "myapp1.my-domain.com"
   sans = ["myapp1-stage.my-domain.com"]
[[acme.domains]]
   main = "myapp2.my-domain.com"
   sans = ["myapp2-stage.my-domain.com"]

开始traefik：

docker service create \
--name traefik \
--constraint=node.role==manager \
--publish 80:80 \
--publish 8080:8080 \
--publish 443:443 \
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
--network my-net \
-e "CONSUL_HTTP_TOKEN=xxxxxx" \
traefik  \
--consul \
--consul.endpoint=my-consul.my-domain.com:8500 \
--consul.watch=true \
--consul.prefix="traefik-stage"

注意！无论是在领事中还是在命令行标志中使用和不使用docker标志都尝试了无效：

--docker \
--docker.swarmmode \
--docker.domain=traefik \
--docker.watch

接下来我启动了我想要traefik代理的其他N个docker服务,每个都启动了w /相关的标志

...
--publish :9000 
--label traefik.protocol=https 
--label traefik.port=9000 
--label traefik.frontend.rule='Host:myapp1.my-domain.com,myapp1-stage.my-domain.com' 
--label traefik.docker.network=my-net
--network my-net
...

注意上面的设置(在TOML文件中完全使用traefik配置,而不是在领事中)工作正常

我期待看到什么？

当我去http://localhost:8080/dashboard/#/时,我看到我的2个前端/后端通过traefik正确发现并正确设置,因为他们工作不带领事

我看到了什么？

UI中没有任何内容,但是日志显示traefik确实从docker获取前端/后端信息并将其连接起来的证据.但是UI中没有显示任何内容,也没有任何实际路由适用于这些主机.

记录输出

2017-06-09T16:22:38.049816971Z time="2017-06-09T16:22:38Z" level=info msg="Traefik version v1.3.0 built on 2017-05-31_05:48:42PM"
2017-06-09T16:22:38.056705032Z time="2017-06-09T16:22:38Z" level=debug msg="Global configuration loaded {"GraceTimeOut":10000000000,"Debug":true,"CheckNewVersion":true,"AccessLogsFile":"","TraefikLogsFile":"","LogLevel":"DEBUG","EntryPoints":{"http":{"Network":"","Address":":80","TLS":null,"Redirect":null,"Auth":null,"Compress":false},"https":{"Network":"","Address":":443","TLS":{"MinVersion":"","CipherSuites":null,"Certificates":null,"ClientCAFiles":null},"Compress":false}},"Cluster":{"Node":"1ae7b5d5-9382-4a67-b608-1e39e6fba1e5","Store":{"Store":{},"Prefix":"traefik-stage"}},"Constraints":[],"ACME":{"Email":"letsencrypt@my-domain.com","Domains":[{"Main":"local1.com","SANs":null},{"Main":"myapp1.my-domain.com","SANs":["myapp1-stage.my-domain.com"]},{"Main":"myapp2.my-domain.com","SANs":["myapp2-stage.my-domain.com"]}],"Storage":"","StorageFile":"/var/run/acme.json","OnDemand":true,"OnHostRule":true,"CAServer":"https://acme-v01.api.letsencrypt.org/directory","EntryPoint":"https","DNSProvider":"","DelayDontCheckDNS":0,"ACMELogging":true,"TLSConfig":null},"DefaultEntryPoints":["http","https"],"ProvidersThrottleDuration":2000000000,"MaxIdleConnsPerHost":200,"IdleTimeout":180000000000,"InsecureSkipVerify":true,"Retry":null,"HealthCheck":{"Interval":30000000000},"Docker":{"Watch":true,"Filename":"","Constraints":null,"Endpoint":"unix:///var/run/docker.sock","Domain":"traefik","ExposedByDefault":true,"UseBindPortIP":false,"SwarmMode":true},"File":null,"Web":{"Address":":8080","CertFile":"","KeyFile":"","ReadOnly":false,"Statistics":{"RecentErrors":10},"Metrics":null,"Path":"","Auth":null},"Marathon":null,"Consul":{"Watch":true,"Endpoint":"my-consul.my-domain.com:8500","Prefix":"traefik-stage","Username":"","Password":""},"ConsulCatalog":null,"Etcd":null,"Zookeeper":null,"Boltdb":null,"Kubernetes":null,"Mesos":null,"Eureka":null,"ECS":null,"Rancher":null,"DynamoDB":null}"
2017-06-09T16:22:38.056793712Z time="2017-06-09T16:22:38Z" level=info msg="Preparing server https &{Network: Address::443 TLS:0xc420065260 Redirect:


如果上述情况不可能……这种要求的推荐设置是什么？即N traefik实例,使用共享配置,共享ACME,但来自docker的前端/后端.


最佳答案
请注意,这是由于UI中的问题导致的：https://github.com/containous/traefik/pull/1757
docker

是否可以使用docker swarm和consul后端的traefik配置？

相关文章