Commit df7c9cab authored by Pedro Eduardo Trujillo's avatar Pedro Eduardo Trujillo
Browse files

Migra a Traefik v2 y adapta config 

Apunta por defecto al tag latest de la imagen Docker.

Cambia configuración basada en argumentos pasados al comando de arranque
por la definición de variables de entorno adaptadas a v2.

Añade por defecto logs de acceso para peticiones que devuelven error.
Muestra por defecto solamente la salida de logs con nivel 'error'.

Deja de exponer automáticamente por defecto a cualquier contenedor
encontrado, requiere la etiqueta 'traefik.enable=true' para ello.

Adapta comprobación de salud y etiquetas del servicio a v2. Renombra
variables aprovechando la migración.

Incluye router+middleware para redirigir peticiones al subdominio 'www'
hacia su dominio de nivel superior automáticamente.

Cambia las restricciones de ubicación del servicio para requerir una
etiqueta en los nodos, en lugar de diferenciar por tipo manager (swarm).
parent fb3dcf4f

deploy/.env

+37 −2
Original line number Diff line number Diff line 
TRAEFIK_NET_NAME=traefik-net

PUBLIC_HOSTNAME=change.me

UI_AUTH=user:$apr1$md5password
 
TRAEFIK_ENTRYPOINT=http

TRAEFIK_AUTH=user:$apr1$md5password

TRAEFIK_NET_NAME=traefik-net

HTTP_INTERNAL_PORT=80



TRAEFIK_API=true

TRAEFIK_API_DASHBOARD=true

TRAEFIK_API_INSECURE=false

TRAEFIK_PING=true

TRAEFIK_PING_ENTRYPOINT=traefik

TRAEFIK_LOG_LEVEL=ERROR

TRAEFIK_ACCESSLOG=true

TRAEFIK_ACCESSLOG_FILTERS_STATUSCODES=400-599

TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE=true

TRAEFIK_GLOBAL_CHECKNEWVERSION=false



TRAEFIK_SERVERSTRANSPORT_MAXIDLECONNSPERHOST=1000

TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_DIALTIMEOUT=15s

TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_IDLECONNTIMEOUT=90s

TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_RESPONSEHEADERTIMEOUT=0s

TRAEFIK_SERVERSTRANSPORT_INSECURESKIPVERIFY=true



TRAEFIK_ENTRYPOINTS_HTTP_TRANSPORT_RESPONDINGTIMEOUTS_IDLETIMEOUT=3m

TRAEFIK_ENTRYPOINTS_HTTP_TRANSPORT_RESPONDINGTIMEOUTS_READTIMEOUT=0s

TRAEFIK_ENTRYPOINTS_HTTP_TRANSPORT_RESPONDINGTIMEOUTS_WRITETIMEOUT=0s



TRAEFIK_PROVIDERS_DOCKER=true

TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false

TRAEFIK_PROVIDERS_DOCKER_WATCH=true

TRAEFIK_PROVIDERS_DOCKER_SWARMMODE=true

TRAEFIK_PROVIDERS_DOCKER_SWARMMODEREFRESHSECONDS=15



TRAEFIK_METRICS_PROMETHEUS=true

TRAEFIK_METRICS_PROMETHEUS_ADDENTRYPOINTSLABELS=true

TRAEFIK_METRICS_PROMETHEUS_ADDSERVICESLABELS=true

TRAEFIK_METRICS_PROMETHEUS_BUCKETS=0.1,0.3,1.2,5.0

TRAEFIK_METRICS_PROMETHEUS_ENTRYPOINT=traefik

deploy/docker-compose.dev.yml

+1 −6
Original line number Diff line number Diff line 
version: '3.5'



services:

  traefik:

    command:

      - --logLevel=INFO
 
version: '3.9'

deploy/docker-compose.prod.yml

+1 −6
Original line number Diff line number Diff line 
version: '3.5'



services:

  traefik:

    command:

      - --logLevel=ERROR
 
version: '3.9'

deploy/docker-compose.tmpl.yml

+51 −31
Original line number Diff line number Diff line 
version: '3.5'

version: '3.9'



services:

  traefik:

    image: ${IMAGE_NAME:-traefik}:${IMAGE_TAG:-v1.7}

    command:

      - --api

      - --ping

      - --ping.entrypoint=traefik

      - --sendAnonymousUsage=true

      - --checkNewVersion=false

      - --insecureSkipVerify=true

      - --entrypoints=Name:http Address::80

      - --defaultentrypoints=http

      - --maxIdleConnsPerHost=1000

      - --forwardingtimeouts.dialtimeout=15s

      - --forwardingtimeouts.responseheadertimeout=0s

      - --respondingtimeouts.idletimeout=3m

      - --respondingtimeouts.readtimeout=0s

      - --respondingtimeouts.writetimeout=0s

      - --docker

      - --docker.watch

      - --docker.network=${TRAEFIK_NET_NAME}

      - --docker.domain=${PUBLIC_HOSTNAME}

      - --docker.swarmmode

      - --metrics.prometheus=true

      - --metrics.prometheus.buckets=0.1,0.3,1.2,5.0

      - --metrics.prometheus.entrypoint=traefik

    image: ${IMAGE_NAME:-traefik}:${IMAGE_TAG:-latest}

    environment:

      TRAEFIK_API:

      TRAEFIK_API_DASHBOARD:

      TRAEFIK_API_INSECURE:

      TRAEFIK_PING:

      TRAEFIK_PING_ENTRYPOINT:

      TRAEFIK_LOG_LEVEL:

      TRAEFIK_ACCESSLOG:

      TRAEFIK_ACCESSLOG_FILTERS_STATUSCODES:

      TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE:

      TRAEFIK_GLOBAL_CHECKNEWVERSION:

      TRAEFIK_SERVERSTRANSPORT_MAXIDLECONNSPERHOST:

      TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_DIALTIMEOUT:

      TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_IDLECONNTIMEOUT:

      TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_RESPONSEHEADERTIMEOUT:

      TRAEFIK_SERVERSTRANSPORT_INSECURESKIPVERIFY:

      TRAEFIK_ENTRYPOINTS_HTTP_ADDRESS: :${HTTP_INTERNAL_PORT}

      TRAEFIK_ENTRYPOINTS_HTTP_TRANSPORT_RESPONDINGTIMEOUTS_IDLETIMEOUT:

      TRAEFIK_ENTRYPOINTS_HTTP_TRANSPORT_RESPONDINGTIMEOUTS_READTIMEOUT:

      TRAEFIK_ENTRYPOINTS_HTTP_TRANSPORT_RESPONDINGTIMEOUTS_WRITETIMEOUT:

      TRAEFIK_PROVIDERS_DOCKER:

      TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT:

      TRAEFIK_PROVIDERS_DOCKER_WATCH:

      TRAEFIK_PROVIDERS_DOCKER_NETWORK: ${TRAEFIK_NET_NAME}

      TRAEFIK_PROVIDERS_DOCKER_SWARMMODE:

      TRAEFIK_PROVIDERS_DOCKER_SWARMMODEREFRESHSECONDS:

      TRAEFIK_METRICS_PROMETHEUS:

      TRAEFIK_METRICS_PROMETHEUS_ADDENTRYPOINTSLABELS:

      TRAEFIK_METRICS_PROMETHEUS_ADDSERVICESLABELS:

      TRAEFIK_METRICS_PROMETHEUS_BUCKETS:

      TRAEFIK_METRICS_PROMETHEUS_ENTRYPOINT:

    networks:

      traefik-net:

    volumes:

      - tmp-vol:/tmp

      - /var/run/docker.sock:/var/run/docker.sock:ro

    healthcheck:

      test: ["CMD", "/traefik", "healthcheck", "--ping"]

      test: traefik healthcheck

      interval: ${HEALTHCHECK_INTERVAL:-30s}

      timeout: ${HEALTHCHECK_TIMEOUT:-30s}

      retries: ${HEALTHCHECK_RETRIES:-10}
@@ -42,16 +50,28 @@ services: 
      replicas: ${REPLICAS:-1}

      placement:

        constraints:

          - node.role == manager

          - node.labels.${PLACEMENT_CONSTRAINTS_NODE_LABELS_NAME:-gateway} == ${PLACEMENT_CONSTRAINTS_NODE_LABELS_VALUE:-true}

      restart_policy:

        delay: ${RESTART_DELAY:-0s}

      update_config:

        delay: ${UPDATE_DELAY:-1m}

      labels:

        traefik.frontend.auth.basic.users: ${UI_AUTH}

        traefik.frontend.rule: Host:${TRAEFIK_SUBDOMAIN:-traefik}.${PUBLIC_HOSTNAME}

        traefik.backend: traefik

        traefik.port: '8080'

        traefik.enable: 'true'

        traefik.http.services.dummy.loadbalancer.server.port: 0



        traefik.http.routers.traefik-dashboard.entrypoints: ${TRAEFIK_ENTRYPOINT}

        traefik.http.routers.traefik-dashboard.rule: Host(`${TRAEFIK_SUBDOMAIN:-traefik}.${PUBLIC_HOSTNAME}`)

        traefik.http.middlewares.traefik-dashboard-auth.basicauth.users: ${TRAEFIK_AUTH}

        traefik.http.routers.traefik-dashboard.middlewares: traefik-dashboard-auth

        traefik.http.routers.traefik-dashboard.service: api@internal



        traefik.http.routers.www-redirect.entrypoints: ${TRAEFIK_ENTRYPOINT}

        traefik.http.routers.www-redirect.rule: HostRegexp(`www.{any-subdomain:.*}${PUBLIC_HOSTNAME}`)

        traefik.http.middlewares.www-redirect-regex.redirectregex.regex: ^http://www.(.*)

        traefik.http.middlewares.www-redirect-regex.redirectregex.replacement: http://$${1}

        traefik.http.middlewares.www-redirect-regex.redirectregex.permanent: 'true'

        traefik.http.routers.www-redirect.middlewares: www-redirect-regex

        traefik.http.routers.www-redirect.service: noop@internal

      resources:

        limits:

          cpus: '${RESOURCES_LIMITS_CPUS:-1}'