consul和docker swarm配置后端是否兼容?
我的要求是我需要启动N个traefik容器作为docker服务,在那里他们通过docker swarm获得他们的动态前端/后端,但我还需要所有N个traefik容器来使用共享的ACME配置(即来自consul).
我希望它能让Frontends /后端信息来自docker swarm,而ACME配置应来自领事.对于任何其他静态traefik配置,我很好,如果它来自静态文件,但这实际上不适用于ACME.json作为文件通过volumne因为如何管理写入锁?我看到的唯一选择是领事KV商店.
我看到的问题是这种设置是不可能的?
Traefik版本v1.3.0建立在2017-05-31_05:48:42PM
将我的TOML配置上传到consul KV,看起来像这样:(存储在领事KV中的“traefik-stage”根目录下)
defaultEntryPoints = ["http","https"]
debug=true
logLevel="DEBUG"
InsecureSkipVerify=true
[web]
address = ":8080"
[web.statistics]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
acmeLogging=true
onDemand=true
entryPoint="https"
OnHostRule=true
caServer="https://acme-v01.api.letsencrypt.org/directory"
email="obgt.letsencrypt@my-domain.com"
storage="traefik-stage/acme/account"
# TRIED BOTH WITH AND WITHOUT
# THE DOCKER CONFIG LOADED INTO CONSUL
# AND AS command line flags.... to no avail
[docker]
swarmmode=true
domain="traefik"
watch=true
[[acme.domains]]
main = "local1.com"
[[acme.domains]]
main = "myapp1.my-domain.com"
sans = ["myapp1-stage.my-domain.com"]
[[acme.domains]]
main = "myapp2.my-domain.com"
sans = ["myapp2-stage.my-domain.com"]
开始traefik:
docker service create
--name traefik
--constraint=node.role==manager
--publish 80:80
--publish 8080:8080
--publish 443:443
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock
--network my-net
-e "CONSUL_HTTP_TOKEN=xxxxxx"
traefik
--consul
--consul.endpoint=my-consul.my-domain.com:8500
--consul.watch=true
--consul.prefix="traefik-stage"
注意!无论是在领事中还是在命令行标志中使用和不使用docker标志都尝试了无效:
--docker
--docker.swarmmode
--docker.domain=traefik
--docker.watch
接下来我启动了我想要traefik代理的其他N个docker服务,每个都启动了w /相关的标志
...
--publish :9000
--label traefik.protocol=https
--label traefik.port=9000
--label traefik.frontend.rule='Host:myapp1.my-domain.com,myapp1-stage.my-domain.com'
--label traefik.docker.network=my-net
--network my-net
...
注意上面的设置(在TOML文件中完全使用traefik配置,而不是在领事中)工作正常
我期待看到什么?
当我去http://localhost:8080/dashboard/#/时,我看到我的2个前端/后端通过traefik正确发现并正确设置,因为他们工作不带领事
我看到了什么?
UI中没有任何内容,但是日志显示traefik确实从docker获取前端/后端信息并将其连接起来的证据.但是UI中没有显示任何内容,也没有任何实际路由适用于这些主机.
记录输出
2017-06-09T16:22:38.049816971Z time="2017-06-09T16:22:38Z" level=info msg="Traefik version v1.3.0 built on 2017-05-31_05:48:42PM"
2017-06-09T16:22:38.056705032Z time="2017-06-09T16:22:38Z" level=debug msg="Global configuration loaded {"GraceTimeOut":10000000000,"Debug":true,"CheckNewVersion":true,"AccessLogsFile":"","TraefikLogsFile":"","LogLevel":"DEBUG","EntryPoints":{"http":{"Network":"","Address":":80","TLS":null,"Redirect":null,"Auth":null,"Compress":false},"https":{"Network":"","Address":":443","TLS":{"MinVersion":"","CipherSuites":null,"Certificates":null,"ClientCAFiles":null},"Compress":false}},"Cluster":{"Node":"1ae7b5d5-9382-4a67-b608-1e39e6fba1e5","Store":{"Store":{},"Prefix":"traefik-stage"}},"Constraints":[],"ACME":{"Email":"letsencrypt@my-domain.com","Domains":[{"Main":"local1.com","SANs":null},{"Main":"myapp1.my-domain.com","SANs":["myapp1-stage.my-domain.com"]},{"Main":"myapp2.my-domain.com","SANs":["myapp2-stage.my-domain.com"]}],"Storage":"","StorageFile":"/var/run/acme.json","OnDemand":true,"OnHostRule":true,"CAServer":"https://acme-v01.api.letsencrypt.org/directory","EntryPoint":"https","DNSProvider":"","DelayDontCheckDNS":0,"ACMELogging":true,"TLSConfig":null},"DefaultEntryPoints":["http","https"],"ProvidersThrottleDuration":2000000000,"MaxIdleConnsPerHost":200,"IdleTimeout":180000000000,"InsecureSkipVerify":true,"Retry":null,"HealthCheck":{"Interval":30000000000},"Docker":{"Watch":true,"Filename":"","Constraints":null,"Endpoint":"unix:///var/run/docker.sock","Domain":"traefik","ExposedByDefault":true,"UseBindPortIP":false,"SwarmMode":true},"File":null,"Web":{"Address":":8080","CertFile":"","KeyFile":"","ReadOnly":false,"Statistics":{"RecentErrors":10},"Metrics":null,"Path":"","Auth":null},"Marathon":null,"Consul":{"Watch":true,"Endpoint":"my-consul.my-domain.com:8500","Prefix":"traefik-stage","Username":"","Password":""},"ConsulCatalog":null,"Etcd":null,"Zookeeper":null,"Boltdb":null,"Kubernetes":null,"Mesos":null,"Eureka":null,"ECS":null,"Rancher":null,"DynamoDB":null}"
2017-06-09T16:22:38.056793712Z time="2017-06-09T16:22:38Z" level=info msg="Preparing server https &{Network: Address::443 TLS:0xc420065260 Redirect:
如果上述情况不可能……这种要求的推荐设置是什么?即N traefik实例,使用共享配置,共享ACME,但来自docker的前端/后端.
