Traefik & Marathon

可以将Traefik配置为使用Marathon作为提供程序.

另请参阅Marathon用户指南 .

Configuration Examples

配置马拉松和部署/公开应用程序

启用马拉松提供者

[providers.marathon]
providers:
  marathon: {}
--providers.marathon=true

在马拉松比赛上贴标签

{
    "id": "/whoami",
    "container": {
        "type": "DOCKER",
        "docker": {
            "image": "containous/whoami",
            "network": "BRIDGE",
            "portMappings": [
                {
                    "containerPort": 80,
                    "hostPort": 0,
                    "protocol": "tcp"
                }
            ]
        }
    },
    "labels": {
        "traefik.http.Routers.app.Rule": "PathPrefix(`/app`)"
    }
}

Routing Configuration

请参阅路由中的专用部分.

Provider Configuration

basic

Optional

[providers.marathon.basic]
  httpBasicAuthUser = "foo"
  httpBasicPassword = "bar"
providers:
  marathon:
    basic:
      httpBasicAuthUser: foo
      httpBasicPassword: bar
--providers.marathon.basic.httpbasicauthuser=foo
--providers.marathon.basic.httpbasicpassword=bar

启用Marathon基本身份验证.

dcosToken

Optional

[providers.marathon]
  dcosToken = "xxxxxx"
  # ...
providers:
  marathon:
    dcosToken: "xxxxxx"
    # ...
--providers.marathon.dcosToken=xxxxxx

DCOSToken用于DCOS环境.

如果设置,它将覆盖Authorization标头.

defaultRule

可选,默认为Host(`{{ normalize .Name }}`)

[providers.marathon]
  defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
  # ...
providers:
  marathon:
    defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
    # ...
--providers.marathon.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
# ...

对于给定的应用程序,如果标签未定义任何路由规则,则由此defaultRule定义.

它必须是有效的Go模板 ,并带有sprig模板功能 .

可以将应用程序ID作为名称标识符进行访问,并且模板可以访问此Marathon应用程序上定义的所有标签.

dialerTimeout

可选,默认= 5s

[providers.marathon]
  dialerTimeout = "10s"
  # ...
providers:
  marathon:
    dialerTimeout: "10s"
    # ...
--providers.marathon.dialerTimeout=10s

覆盖DialerTimeout.

尝试打开与Marathon主服务器的TCP连接时,Marathon提供程序应等待超时的时间.

可以以time.ParseDuration支持的格式提供,或直接以秒为单位提供.

endpoint

可选,默认= http://127.0.0.1:8080

[providers.marathon]
  endpoint = "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
  # ...
providers:
  marathon:
    endpoint: "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
    # ...
--providers.marathon.endpoint=http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080

Marathon服务器端点.

您可以选择指定多个端点:

exposedByDefault

可选,默认= true

[providers.marathon]
  exposedByDefault = false
  # ...
providers:
  marathon:
    exposedByDefault: false
    # ...
--providers.marathon.exposedByDefault=false
# ...

默认情况下,通过Traefik公开Marathon应用程序.

如果设置为false,则没有traefik.enable=true标签的应用程序将从生成的路由配置中忽略.

另请参阅限制服务发现范围 .

constraints

可选,默认值=""

[providers.marathon]
  constraints = "Label(`a.label.name`,`foo`)"
  # ...
providers:
  marathon:
    constraints: "Label(`a.label.name`,`foo`)"
    # ...
--providers.marathon.constraints=Label(`a.label.name`,`foo`)
# ...

约束是Traefik与应用程序的标签相匹配的表达式,以确定是否为该应用程序创建任何路由. 也就是说,如果应用程序的标签都不匹配表达式,则不会为该应用程序创建路由. 此外,该表达式还与应用程序的约束匹配,如Marathon约束中所述 . 如果表达式为空,则包括所有检测到的应用程序.

表达式语法基于Label("key", "value")LabelRegex("key", "value")以及通常的布尔逻辑. 另外,为了与马拉松约束匹配,可以使用函数MarathonConstraint("field:operator:value") ,其中将字段,运算符和值部分用:分隔符连接在一起.

约束表达式示例
# Includes only applications having a label with key `a.label.name` and value `foo`
constraints = "Label(`a.label.name`, `foo`)"
# Excludes applications having any label with key `a.label.name` and value `foo`
constraints = "!Label(`a.label.name`, `value`)"
# With logical AND.
constraints = "Label(`a.label.name`, `valueA`) && Label(`another.label.name`, `valueB`)"
# With logical OR.
constraints = "Label(`a.label.name`, `valueA`) || Label(`another.label.name`, `valueB`)"
# With logical AND and OR, with precedence set by parentheses.
constraints = "Label(`a.label.name`, `valueA`) && (Label(`another.label.name`, `valueB`) || Label(`yet.another.label.name`, `valueC`))"
# Includes only applications having a label with key `a.label.name` and a value matching the `a.+` regular expression.
constraints = "LabelRegex(`a.label.name`, `a.+`)"
# Includes only applications having a Marathon constraint with field `A`, operator `B`, and value `C`.
constraints = "MarathonConstraint(`A:B:C`)"
# Uses both Marathon constraint and application label with logical operator.
constraints = "MarathonConstraint(`A:B:C`) && Label(`a.label.name`, `value`)"

另请参阅限制服务发现范围 .

forceTaskHostname

可选,默认= false

[providers.marathon]
  forceTaskHostname = true
  # ...
providers:
  marathon:
    forceTaskHostname: true
    # ...
--providers.marathon.forceTaskHostname=true
# ...

默认情况下,如果可以找到每个任务的IP配置,则将任务的IP地址(由Marathon API返回)用作后端服务器. 否则,将使用运行任务的主机的名称. 通过启用此开关可以强制执行后一种行为.

keepAlive

可选,默认= 10s

[providers.marathon]
  keepAlive = "30s"
  # ...
providers:
  marathon:
    keepAlive: "30s"
    # ...
--providers.marathon.keepAlive=30s
# ...

设置Marathon HTTP客户端的TCP Keep Alive间隔. 可以以time.ParseDuration支持的格式提供,或直接以秒为单位提供.

respectReadinessChecks

可选,默认= false

[providers.marathon]
  respectReadinessChecks = true
  # ...
providers:
  marathon:
    respectReadinessChecks: true
    # ...
--providers.marathon.respectReadinessChecks=true
# ...

应用程序可以定义准备情况检查,Marathon会在部署期间定期对其进行检查,这些检查结果将通过API公开. 启用AspectReadinessChecks会使Traefik过滤掉未成功完成准备检查的任务. 请注意,这些检查仅在部署时有效.

有关详细信息,请参阅《马拉松指南》.

responseHeaderTimeout

可选,默认= 60s

[providers.marathon]
  responseHeaderTimeout = "66s"
  # ...
providers:
  marathon:
    responseHeaderTimeout: "66s"
    # ...
--providers.marathon.responseHeaderTimeout=66s
# ...

覆盖ResponseHeaderTimeout. 当等待来自Marathon主机的第一个响应标头时,Marathon提供程序应在超时之前等待的时间.

可以以time.ParseDuration支持的格式提供,或直接以秒为单位提供.

tls

Optional

tls.ca

用于安全连接到Marathon的证书颁发机构.

[providers.marathon.tls]
  ca = "path/to/ca.crt"
providers:
  marathon:
    tls:
      ca: path/to/ca.crt
--providers.marathon.tls.ca=path/to/ca.crt

tls.caOptional

遵循使用TLS客户端身份验证安全连接到Marathon的策略. 需要定义tls.ca

  • true :VerifyClientCertIfGiven
  • false :RequireAndVerifyClientCert
  • 如果tls.ca是未定义的NoClientCert
[providers.marathon.tls]
  caOptional = true
providers:
  marathon:
    tls:
      caOptional: true
--providers.marathon.tls.caOptional=true

tls.cert

用于安全连接到Marathon的公共证书.

[providers.marathon.tls]
  cert = "path/to/foo.cert"
  key = "path/to/foo.key"
providers:
  marathon:
    tls:
      cert: path/to/foo.cert
      key: path/to/foo.key
--providers.marathon.tls.cert=path/to/foo.cert
--providers.marathon.tls.key=path/to/foo.key

tls.key

用于安全连接到Marathon的私人证书.

[providers.marathon.tls]
  cert = "path/to/foo.cert"
  key = "path/to/foo.key"
providers:
  marathon:
    tls:
      cert: path/to/foo.cert
      key: path/to/foo.key
--providers.marathon.tls.cert=path/to/foo.cert
--providers.marathon.tls.key=path/to/foo.key

tls.insecureSkipVerify

如果insecureSkipVerifytrue ,则与Marathon的连接的TLS接受服务器提供的任何证书以及该证书中的任何主机名.

[providers.marathon.tls]
  insecureSkipVerify = true
providers:
  marathon:
    tls:
      insecureSkipVerify: true
--providers.marathon.tls.insecureSkipVerify=true

tlsHandshakeTimeout

可选,默认= 5s

[providers.marathon]
  responseHeaderTimeout = "10s"
  # ...
providers:
  marathon:
    responseHeaderTimeout: "10s"
    # ...
--providers.marathon.responseHeaderTimeout=10s
# ...

覆盖TLSHandshakeTimeout.

当等待TLS握手完成时,Marathon提供程序应在超时之前等待的时间. 可以以time.ParseDuration支持的格式提供,或直接以秒为单位提供.

trace

可选,默认= false

[providers.marathon]
  trace = true
  # ...
providers:
  marathon:
    trace: true
    # ...
--providers.marathon.trace=true
# ...

显示其他提供程序日志(如果有).

watch

可选,默认= true

[providers.marathon]
  watch = false
  # ...
providers:
  marathon:
    watch: false
    # ...
--providers.marathon.watch=false
# ...

可以监视马拉松的变化.