Traefik & Rancher

标签,服务和容器的故事

Rancher

Attach labels to your services and let Traefik do the rest!

此提供程序特定于Rancher1.x.

Rancher 2.x需要Kubernetes,并且没有自己的元数据端点供Traefik查询. 因此,Rancher 2.x用户应直接利用Kubernetes提供程序 .

Routing Configuration

Labels

  • 标签不区分大小写.
  • 标签的完整列表可以在参考页中找到.

General

Traefik为每个牧场主服务创建一个相应的服务路由器 .

该服务会自动在此rancher服务中为每个容器获取一台服务器,并且路由器会根据服务名称获取默认规则.

Service definition

通常,在配置Traefik提供程序时,还必须定义分配给一个(或多个)路由器的服务,以使路由起作用.

但是,使用基于标签的配置时会有例外:

  1. 如果标签定义了路由器(例如,通过路由器规则)并且标签定义了服务(例如,通过负载平衡器服务器端口值隐式),但是路由器未指定任何服务,则该服务会自动分配给路由器.
  2. 如果标签定义了路由器(例如,通过路由器规则),但未定义服务,则将自动创建服务并将其分配给路由器.

正如人们所期望的那样,在这两种情况下,如果还为路由器指定了一项服务,则该服务即为已分配的服务,而不管它是实际定义的还是其他任何定义的服务.

带标签的自动服务分配

在撰写文件中带有标签

labels:
  - "traefik.http.routers.myproxy.rule=Host(`foo.com`)"
  # service myservice gets automatically assigned to router myproxy
  - "traefik.http.services.myservice.loadbalancer.server.port=80"
自动创建服务并分配标签

在撰写文件中带有标签

labels:
  # no service specified or defined and yet one gets automatically created
  # and assigned to router myproxy.
  - "traefik.http.routers.myproxy.rule=Host(`foo.com`)"

Routers

要更新自动附加到容器的路由器的配置,请添加以traefik.routers.{name-of-your-choice}.开头的标签traefik.routers.{name-of-your-choice}. 然后是您要更改的选项.

例如,要更改规则,可以添加标签traefik.http.routers.my-container.rule=Host(`mydomain.com`) .

路由器名称<router_name>未授权字符@ .

traefik.http.routers.<router_name>.rule

有关更多信息,请参见规则 .

- "traefik.http.routers.myrouter.rule=Host(`mydomain.com`)"
traefik.http.routers.<router_name>.entrypoints

有关更多信息,请参见入口点 .

- "traefik.http.routers.myrouter.entrypoints=ep1,ep2"
traefik.http.routers.<router_name>.middlewares

有关更多信息,请参见中间件中间件概述 .

- "traefik.http.routers.myrouter.middlewares=auth,prefix,cb"
traefik.http.routers.<router_name>.service

有关更多信息,请参见规则 .

- "traefik.http.routers.myrouter.service=myservice"
traefik.http.routers.<router_name>.tls

有关更多信息,请参见tls .

- "traefik.http.routers.myrouter>.tls=true"
traefik.http.routers.<router_name>.tls.certresolver

有关更多信息,请参见certResolver .

- "traefik.http.routers.myrouter.tls.certresolver=myresolver"
traefik.http.routers.<router_name>.tls.domains[n].main

有关更多信息,请参见 .

- "traefik.http.routers.myrouter.tls.domains[0].main=foobar.com"
traefik.http.routers.<router_name>.tls.domains[n].sans

有关更多信息,请参见 .

- "traefik.http.routers.myrouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com"
traefik.http.routers.<router_name>.tls.options

请参阅选项以获取更多信息.

- "traefik.http.routers.myrouter.tls.options=foobar"
traefik.http.routers.<router_name>.priority

有关更多信息,请参见优先级 .

- "traefik.http.routers.myrouter.priority=42"

Services

要更新自动附加到容器的服务的配置,请添加以traefik.http.services.{name-of-your-choice}.开头的标签traefik.http.services.{name-of-your-choice}. ,然后是您要更改的选项.

例如,要更改passHostHeader行为,您可以添加标签traefik.http.services.{name-of-your-choice}.loadbalancer.passhostheader=false .

服务名称<service_name>未授权字符@ .

traefik.http.services.<service_name>.loadbalancer.server.port

注册端口. 当容器公开多个端口时很有用.

- "traefik.http.services.myservice.loadbalancer.server.port=8080"
traefik.http.services.<service_name>.loadbalancer.server.scheme

覆盖默认方案.

- "traefik.http.services.myservice.loadbalancer.server.scheme=http"
traefik.http.services.<service_name>.loadbalancer.passhostheader

有关更多信息,请参见传递主机头 .

- "traefik.http.services.myservice.loadbalancer.passhostheader=true"
traefik.http.services.<service_name>.loadbalancer.healthcheck.headers.<header_name>

请参阅运行状况检查以获取更多信息.

- "traefik.http.services.myservice.loadbalancer.healthcheck.headers.X-Foo=foobar"
traefik.http.services.<service_name>.loadbalancer.healthcheck.hostname

请参阅运行状况检查以获取更多信息.

- "traefik.http.services.myservice.loadbalancer.healthcheck.hostname=foobar.com"
traefik.http.services.<service_name>.loadbalancer.healthcheck.interval

请参阅运行状况检查以获取更多信息.

- "traefik.http.services.myservice.loadbalancer.healthcheck.interval=10"
traefik.http.services.<service_name>.loadbalancer.healthcheck.path

请参阅运行状况检查以获取更多信息.

- "traefik.http.services.myservice.loadbalancer.healthcheck.path=/foo"
traefik.http.services.<service_name>.loadbalancer.healthcheck.port

请参阅运行状况检查以获取更多信息.

- "traefik.http.services.myservice.loadbalancer.healthcheck.port=42"
traefik.http.services.<service_name>.loadbalancer.healthcheck.scheme

请参阅运行状况检查以获取更多信息.

- "traefik.http.services.myservice.loadbalancer.healthcheck.scheme=http"
traefik.http.services.<service_name>.loadbalancer.healthcheck.timeout

请参阅运行状况检查以获取更多信息.

- "traefik.http.services.myservice.loadbalancer.healthcheck.timeout=10"
traefik.http.services.<service_name>.loadbalancer.sticky

有关更多信息,请参见粘性会话 .

- "traefik.http.services.myservice.loadbalancer.sticky=true"
traefik.http.services.<service_name>.loadbalancer.sticky.cookie.httponly

有关更多信息,请参见粘性会话 .

- "traefik.http.services.myservice.loadbalancer.sticky.cookie.httponly=true"
traefik.http.services.<service_name>.loadbalancer.sticky.cookie.name

有关更多信息,请参见粘性会话 .

- "traefik.http.services.myservice.loadbalancer.sticky.cookie.name=foobar"
traefik.http.services.<service_name>.loadbalancer.sticky.cookie.secure

有关更多信息,请参见粘性会话 .

- "traefik.http.services.myservice.loadbalancer.sticky.cookie.secure=true"
traefik.http.services.<service_name>.loadbalancer.responseforwarding.flushinterval

有关更多信息,请参见响应转发 .

- "traefik.http.services.myservice.loadbalancer.responseforwarding.flushinterval=10"

Middleware

您可以使用以traefik.http.middlewares.{name-of-your-choice}.开头的标签声明中间件traefik.http.middlewares.{name-of-your-choice}. ,然后是中间件类型/选项.

例如,要声明名为my-redirect的中间件redirectscheme ,您可以编写traefik.http.middlewares.my-redirect.redirectscheme.scheme: https .

专用中间件部分中提供了有关可用中间件的更多信息.

中间件名称中未授权字符@ .

声明和引用中间件
# ...
labels:
  # Declaring a middleware
  - traefik.http.middlewares.my-redirect.redirectscheme.scheme=https
  # Referencing a middleware
  - traefik.http.routers.my-container.middlewares=my-redirect

宣言冲突

如果用相同的名称声明了多个具有不同参数的中间件,则中间件将无法声明.

TCP

您可以使用标签声明TCP路由器和/或服务.

声明TCP路由器和服务
   services:
     my-container:
       # ...
       labels:
         - "traefik.tcp.routers.my-router.rule=HostSNI(`my-host.com`)"
         - "traefik.tcp.routers.my-router.tls=true"
         - "traefik.tcp.services.my-service.loadbalancer.server.port=4123"

TCP和HTTP

如果声明了TCP路由器/服务,它将阻止Traefik自动创建HTTP路由器/服务(就像没有定义TCP路由器/服务时默认情况下一样). 您可以为同一容器声明TCP路由器/服务和HTTP路由器/服务(但必须手动进行声明).

TCP Routers

traefik.tcp.routers.<router_name>.entrypoints

有关更多信息,请参见入口点 .

- "traefik.tcp.routers.mytcprouter.entrypoints=ep1,ep2"
traefik.tcp.routers.<router_name>.rule

有关更多信息,请参见规则 .

- "traefik.tcp.routers.mytcprouter.rule=HostSNI(`myhost.com`)"
traefik.tcp.routers.<router_name>.service

有关更多信息,请参见服务 .

- "traefik.tcp.routers.mytcprouter.service=myservice"
traefik.tcp.routers.<router_name>.tls

有关更多信息,请参见TLS .

- "traefik.tcp.routers.mytcprouter.tls=true"
traefik.tcp.routers.<router_name>.tls.certresolver

有关更多信息,请参见certResolver .

- "traefik.tcp.routers.mytcprouter.tls.certresolver=myresolver"
traefik.tcp.routers.<router_name>.tls.domains[n].main

有关更多信息,请参见 .

- "traefik.tcp.routers.mytcprouter.tls.domains[0].main=foobar.com"
traefik.tcp.routers.<router_name>.tls.domains[n].sans

有关更多信息,请参见 .

- "traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com"
traefik.tcp.routers.<router_name>.tls.options

请参阅选项以获取更多信息.

- "traefik.tcp.routers.mytcprouter.tls.options=mysoptions"
traefik.tcp.routers.<router_name>.tls.passthrough

有关更多信息,请参见TLS .

- "traefik.tcp.routers.mytcprouter.tls.passthrough=true"

TCP Services

traefik.tcp.services.<service_name>.loadbalancer.server.port

注册应用程序的端口.

- "traefik.tcp.services.mytcpservice.loadbalancer.server.port=423"
traefik.tcp.services.<service_name>.loadbalancer.terminationdelay

有关更多信息,请参见终止延迟 .

- "traefik.tcp.services.mytcpservice.loadbalancer.terminationdelay=100"

Specific Provider Options

traefik.enable

- "traefik.enable=true"

您可以通过将traefik.enable设置为true或false来告诉Traefik考虑(或不考虑)容器.

此选项将覆盖exposedByDefault的值.

Port Lookup

通过遵循默认的rancher流,Traefik能够检测要使用的端口. 这意味着,如果您仅在rancher ui上公开说端口:1337 ,traefik将选择并使用该端口.