I’m trying to get nomad Traefik deployment with Consul Connect to work but no rule is working.
My goal is that Traefik is deployed by nomad as a system service on every node, listening on TCP 80 / 443 / 8090. For the moment the traefik dashboard should be on 8090.
I do must admit that I don’t know how to configure traefik with consul connect and that I feel a bit lost. This is a test environment and in theory this sounds like a great solution.
job "traefik2-b2" {
datacenters = ["dc1"]
type = "system"
group "traefik" {
network{
mode = "host"
port "http" {
static = 80
}
port "https" {
static = 443
}
port "api" {
static = 8090
}
}
service {
name = "traefik-web"
port = "http"
#check {
# name = "Alive"
# type = "tcp"
# port = "http"
# interval = "10s"
# timeout = "2s"
#}
#connect {
# native = true
#}
}
service {
name = "traefik-websecure"
port = "https"
#check {
# name = "Alive"
# type = "tcp"
# port = "https"
# interval = "10s"
# timeout = "2s"
#}
#connect {
# native = true
#}
}
service {
name = "traefik-api"
port = "api"
#check {
# name = "Alive"
# type = "tcp"
# port = "api"
# interval = "10s"
# timeout = "2s"
#}
tags = [
"traefik",
"metrics",
"metrics_port=8090",
"metrics_scheme=http",
"metrics_path=/metrics",
"traefik.tags=clusterservice",
"traefik.enable=true",
#"traefik.consulcatalog.connect=false",
"traefik.http.routers.metrics.rule=PathPrefix(`/metrics`)",
"traefik.http.routers.metrics.entrypoints=api",
"traefik.http.routers.metrics.service=prometheus@internal",
"traefik.http.routers.api.rule=(PathPrefix(`/api`) || PathPrefix(`/dashboard`))",
"traefik.http.routers.api.entrypoints=api",
"traefik.http.routers.api.service=api@internal",
"traefik.http.routers.api.middlewares=AdminAuth@file"
]
connect {
native = true
}
}
task "traefik" {
driver = "docker"
config {
image = "traefik:v2.6.6"
#network_mode = "host"
volumes = [
"local/dynamic.toml:/etc/traefik/dynamic.toml",
]
args = [
"--api.dashboard=true",
"--global.checkNewVersion=true",
"--global.sendAnonymousUsage=true",
"--log.level=DEBUG",
"--metrics.prometheus.buckets=0.100000, 0.300000, 1.200000, 5.000000",
"--metrics.prometheus.manualRouting=true",
"--metrics.prometheus.entrypoint=api",
"--entrypoints.http.address=:80",
"--entrypoints.https.address=:443",
"--entrypoints.api.address=:8090",
"--accesslog=false",
"--accesslog.fields.defaultmode=keep",
"--accesslog.fields.headers.defaultmode=keep",
"--providers.file.filename=/etc/traefik/dynamic.toml",
"--providers.file.watch=true",
"--serversTransport.insecureSkipVerify=true",
"--serversTransport.maxIdleConnsPerHost=0",
"--providers.consulcatalog.connectAware=true",
"--providers.consulcatalog.connectByDefault=true",
"--providers.consulcatalog.exposedByDefault=false",
"--providers.consulcatalog.prefix=traefik",
"--providers.consulcatalog.constraints=Tag(`traefik.tags=clusterservice`)",
"--providers.consulcatalog.endpoint.address=node01.example.com:8501",
"--providers.consulcatalog.endpoint.scheme=https",
"--providers.consulcatalog.endpoint.tls.insecureskipverify=true",
]
}
template {
change_mode = "signal"
change_signal = "SIGHUP"
data = <<EOF
# Dynamic config preparation
[http.middlewares]
[http.middlewares.AdminAuth.basicAuth]
removeHeader = false
realm = "Services"
headerField = "X-WebAuth-User"
users = [
"admin:<SECRET>",
]
EOF
destination = "local/dynamic.toml"
}
resources {
cpu = 300
memory = 128
}
}
}
}