Traefik & Rancher

A Story of Labels, Services & Containers

Rancher

Attach labels to your services and let Traefik do the rest!

This provider is specific to Rancher 1.x.

Rancher 2.x requires Kubernetes and does not have a metadata endpoint of its own for Traefik to query. As such, Rancher 2.x users should utilize the Kubernetes CRD provider directly.

Configuration Examples

Configuring Rancher & Deploying / Exposing Services

Enabling the Rancher provider

File (YAML)

  1. providers:
  2. rancher: {}

File (TOML)

  1. [providers.rancher]

CLI

  1. --providers.rancher=true

Attaching labels to services

  1. labels:
  2. - traefik.http.services.my-service.rule=Host(`example.com`)

Routing Configuration

See the dedicated section in routing.

Provider Configuration

Browse the Reference

For an overview of all the options that can be set with the Rancher provider, see the following snippets:

File (YAML)

  1. # Enable Rancher Provider.
  2. providers:
  3. rancher:
  4. # Expose Rancher services by default in Traefik.
  5. exposedByDefault: true
  6. # Enable watch Rancher changes.
  7. watch: true
  8. # Filter services with unhealthy states and inactive states.
  9. enableServiceHealthFilter: true
  10. # Defines the polling interval (in seconds).
  11. refreshSeconds: 15
  12. # Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
  13. intervalPoll: false
  14. # Prefix used for accessing the Rancher metadata service
  15. prefix: /latest

File (TOML)

  1. # Enable Rancher Provider.
  2. [providers.rancher]
  3. # Expose Rancher services by default in Traefik.
  4. exposedByDefault = true
  5. # Enable watch Rancher changes.
  6. watch = true
  7. # Filter services with unhealthy states and inactive states.
  8. enableServiceHealthFilter = true
  9. # Defines the polling interval (in seconds).
  10. refreshSeconds = 15
  11. # Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
  12. intervalPoll = false
  13. # Prefix used for accessing the Rancher metadata service
  14. prefix = "/latest"

CLI

  1. # Enable Rancher Provider.
  2. --providers.rancher=true
  3. # Expose Rancher services by default in Traefik.
  4. --providers.rancher.exposedByDefault=true
  5. # Enable watch Rancher changes.
  6. --providers.rancher.watch=true
  7. # Filter services with unhealthy states and inactive states.
  8. --providers.rancher.enableServiceHealthFilter=true
  9. # Defines the polling interval (in seconds).
  10. --providers.rancher.refreshSeconds=15
  11. # Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
  12. --providers.rancher.intervalPoll=false
  13. # Prefix used for accessing the Rancher metadata service
  14. --providers.rancher.prefix=/latest

exposedByDefault

Optional, Default=true

Expose Rancher services by default in Traefik. If set to false, services that do not have a traefik.enable=true label are ignored from the resulting routing configuration.

For additional information, refer to Restrict the Scope of Service Discovery.

File (YAML)

  1. providers:
  2. rancher:
  3. exposedByDefault: false
  4. # ...

File (TOML)

  1. [providers.rancher]
  2. exposedByDefault = false
  3. # ...

CLI

  1. --providers.rancher.exposedByDefault=false
  2. # ...

defaultRule

Optional, Default=Host(`{{ normalize .Name }}`)

The default host rule for all services.

The defaultRule option defines what routing rule to apply to a container if no rule is defined by a label.

It must be a valid Go template, and can use sprig template functions. The service name can be accessed with the Name identifier, and the template has access to all the labels defined on this container.

This option can be overridden on a container basis with the traefik.http.routers.Router1.rule label.

File (YAML)

  1. providers:
  2. rancher:
  3. defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
  4. # ...

File (TOML)

  1. [providers.rancher]
  2. defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
  3. # ...

CLI

  1. --providers.rancher.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
  2. # ...

Default rule and Traefik service

The exposure of the Traefik container, combined with the default rule mechanism, can lead to create a router targeting itself in a loop. In this case, to prevent an infinite loop, Traefik adds an internal middleware to refuse the request if it comes from the same router.

enableServiceHealthFilter

Optional, Default=true

Filter out services with unhealthy states and inactive states.

File (YAML)

  1. providers:
  2. rancher:
  3. enableServiceHealthFilter: false
  4. # ...

File (TOML)

  1. [providers.rancher]
  2. enableServiceHealthFilter = false
  3. # ...

CLI

  1. --providers.rancher.enableServiceHealthFilter=false
  2. # ...

refreshSeconds

Optional, Default=15

Defines the polling interval (in seconds).

File (YAML)

  1. providers:
  2. rancher:
  3. refreshSeconds: 30
  4. # ...

File (TOML)

  1. [providers.rancher]
  2. refreshSeconds = 30
  3. # ...

CLI

  1. --providers.rancher.refreshSeconds=30
  2. # ...

intervalPoll

Optional, Default=false

Poll the Rancher metadata service for changes every rancher.refreshSeconds, which is less accurate than the default long polling technique which provides near instantaneous updates to Traefik.

File (YAML)

  1. providers:
  2. rancher:
  3. intervalPoll: true
  4. # ...

File (TOML)

  1. [providers.rancher]
  2. intervalPoll = true
  3. # ...

CLI

  1. --providers.rancher.intervalPoll=true
  2. # ...

prefix

Optional, Default=”/latest”

Prefix used for accessing the Rancher metadata service.

File (YAML)

  1. providers:
  2. rancher:
  3. prefix: "/test"
  4. # ...

File (TOML)

  1. [providers.rancher]
  2. prefix = "/test"
  3. # ...

CLI

  1. --providers.rancher.prefix=/test
  2. # ...

constraints

Optional, Default=””

The constraints option can be set to an expression that Traefik matches against the container labels to determine whether to create any route for that container. If none of the container tags match the expression, no route for that container is created. If the expression is empty, all detected containers are included.

The expression syntax is based on the Label("key", "value"), and LabelRegex("key", "value") functions, as well as the usual boolean logic, as shown in examples below.

Constraints Expression Examples

  1. # Includes only containers having a label with key `a.label.name` and value `foo`
  2. constraints = "Label(`a.label.name`, `foo`)"
  1. # Excludes containers having any label with key `a.label.name` and value `foo`
  2. constraints = "!Label(`a.label.name`, `value`)"
  1. # With logical AND.
  2. constraints = "Label(`a.label.name`, `valueA`) && Label(`another.label.name`, `valueB`)"
  1. # With logical OR.
  2. constraints = "Label(`a.label.name`, `valueA`) || Label(`another.label.name`, `valueB`)"
  1. # With logical AND and OR, with precedence set by parentheses.
  2. constraints = "Label(`a.label.name`, `valueA`) && (Label(`another.label.name`, `valueB`) || Label(`yet.another.label.name`, `valueC`))"
  1. # Includes only containers having a label with key `a.label.name` and a value matching the `a.+` regular expression.
  2. constraints = "LabelRegex(`a.label.name`, `a.+`)"

For additional information, refer to Restrict the Scope of Service Discovery.

File (YAML)

  1. providers:
  2. rancher:
  3. constraints: "Label(`a.label.name`,`foo`)"
  4. # ...

File (TOML)

  1. [providers.rancher]
  2. constraints = "Label(`a.label.name`,`foo`)"
  3. # ...

CLI

  1. --providers.rancher.constraints=Label(`a.label.name`,`foo`)
  2. # ...