December 2018


Manage episode 234884428 series 2422542
By Fergal Moran and PodNoms Podcasts. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Container labels

First, we specify the backend name which corresponds to the actual service we're routing to.

We also tell Traefik to use the web network to route HTTP traffic to this container. With the traefik.enable label, we tell Traefik to include this container in its internal configuration.

With the frontend.rule label, we tell Traefik that we want to route to this container if the incoming HTTP request contains the Host Essentially, this is the actual rule used for Layer-7 load balancing.

Finally but not unimportantly, we tell Traefik to route to port 9000, since that is the actual TCP/IP port the container actually listens on.

Service labels

Service labels allow managing many routes for the same container.

When both container labels and service labels are defined, container labels are just used as default values for missing service labels but no frontend/backend are going to be defined only with these labels. Obviously, labels traefik.frontend.rule and traefik.port described above, will only be used to complete information set in service labels during the container frontends/backends creation.

In the example, two service names are defined : basic and admin. They allow creating two frontends and two backends.

  • basic has only one service label : traefik.basic.protocol. Traefik will use values set in traefik.frontend.rule and traefik.port to create the basic frontend and backend. The frontend listens to incoming HTTP requests which contain the Host and redirect them in HTTP to the port 9000 of the backend.
  • admin has all the services labels needed to create the admin frontend and backend (traefik.admin.frontend.rule, traefik.admin.protocol, traefik.admin.port). Traefik will create a frontend to listen to incoming HTTP requests which contain the Host and redirect them in HTTPS to the port 9443 of the backend.

Gotchas and tips

  • Always specify the correct port where the container expects HTTP traffic using traefik.port label.
  • If a container exposes multiple ports, Traefik may forward traffic to the wrong port. Even if a container only exposes one port, you should always write configuration defensively and explicitly.
  • Should you choose to enable the exposedByDefault flag in the traefik.toml configuration, be aware that all containers that are placed in the same network as Traefik will automatically be reachable from the outside world, for everyone and everyone to see. Usually, this is a bad idea.
  • With the traefik.frontend.auth.basic label, it's possible for Traefik to provide a HTTP basic-auth challenge for the endpoints you provide the label for.
  • Traefik has built-in support to automatically export Prometheus metrics
  • Traefik supports websockets out of the box. In the example above, the events-service could be a NodeJS-based application which allows clients to connect using websocket protocol. Thanks to the fact that HTTPS in our example is enforced, these websockets are automatically secure as well (WSS)

44 episodes