Nomad, Consul and Traefik routing Help

johnson · September 29, 2021, 2:43pm

Hello,

I am currently try to deploy prometheus with nomad, consul, traefik and AWS as the external load-balancer. Currently everything works when deployed on Nomad but is there a way I can access the application without having to define the port in the url to access the app?

Currently I have to access the application like this externally:

Current:
https://demo.domain.com:9090

Preferred:
https://demo.domain.com
(Have port 80/443 to the mapped port of the container)

I thought Traefik was suppose to route this like that using Consul but that doesn’t seem to be the case unless I’m missing something in the configs. Thanks!

Prometheus.nomad

job "prometheus" {
  datacenters = ["us-east-1a"]
  type        = "service"

  group "monitoring" {
    count = 1

    network {
      port "http" {
        static = 9090
      }
    }

    restart {
      attempts = 2
      interval = "30m"
      delay    = "15s"
      mode     = "fail"
    }

    ephemeral_disk {
      size = 300
    }

    task "prometheus" {
      template {
        change_mode = "noop"
        destination = "local/prometheus.yml"

        data = <<EOH
---
global:
  scrape_interval:     5s
  evaluation_interval: 5s

scrape_configs:

  - job_name: 'nomad_metrics'

    consul_sd_configs:
    - server: 'http://127.0.0.1:8500'
      services: ['nomad-client', 'nomad']

    relabel_configs:
    - source_labels: ['__meta_consul_tags']
      regex: '(.*)http(.*)'
      action: keep

    scrape_interval: 5s
    metrics_path: /v1/metrics
    params:
      format: ['prometheus']
EOH
      }

      driver = "docker"

      config {
        image = "prom/prometheus:latest"
        network_mode = "host"

        volumes = [
          "local/prometheus.yml:/etc/prometheus/prometheus.yml",
        ]
      }

      resources {
        network {
          mbits = 10
        }
      }

      service {
        name = "prometheus"
        port = "http"
        tags = [
              "traefik.enable=true",
              "traefik.http.routers.prometheus-dashboard.rule=Host(`demo.domain.com`)",
              "traefik.http.routers.prometheus-dashboard.entrypoints=websecure",
            ]

        check {
          type     = "http"
          path     = "/-/healthy"
          interval = "10s"
          timeout  = "2s"
        }
      }
    }
  }
}

Traefik.toml

[entryPoints]
	[entryPoints.http]
	address = ":80"

    [entryPoints.websecure]
    address = ":443"

    [entryPoints.traefik]
    address = ":8080"

# [certificatesResolvers.myresolver.acme]
#   email = "<youremail@company.com>"
#   storage = "acme.json"
#   [certificatesResolvers.myresolver.acme.httpChallenge]
#     # used during the challenge
#     entryPoint = "http"

[api]
    dashboard = true
    insecure  = true

# Enable Consul Catalog configuration backend.
[providers.consulCatalog]
    prefix           = "traefik"
    exposedByDefault = false

    [providers.consulCatalog.endpoint]
      address = "127.0.0.1:8500"
      scheme  = "http"

mike2 · November 2, 2021, 12:40pm

I’m not a Traefik SME but I think you need to create load balancer. Something like: traefik.http.services.${NOMAD_JOB_NAME}.loadbalancer.server.port=${NOMAD_HOST_PORT_prometheus}