Overview

Traefik’s Many Friends

Providers

Configuration discovery in Traefik is achieved through Providers.

The providers are infrastructure components, whether orchestrators, container engines, cloud providers, or key-value stores. The idea is that Traefik queries the provider APIs in order to find relevant information about routing, and when Traefik detects a change, it dynamically updates the routes.

Orchestrators

While each provider is different, you can think of each as belonging to one of four categories:

  • Label-based: each deployed container has a set of labels attached to it
  • Key-Value-based: each deployed container updates a key-value store with relevant information
  • Annotation-based: a separate object, with annotations, defines the characteristics of the container
  • File-based: uses files to define configuration

Provider Namespace

When you declare certain objects in the Traefik dynamic configuration, such as middleware, services, TLS options or server transports, they reside in their provider’s namespace. For example, if you declare a middleware using a Docker label, it resides in the Docker provider namespace.

If you use multiple providers and wish to reference such an object declared in another provider (e.g. referencing a cross-provider object like middleware), then the object name should be suffixed by the @ separator, and the provider name.

For the list of the providers names, see the supported providers table below.

  1. <resource-name>@<provider-name>

Kubernetes Namespace

As Kubernetes also has its own notion of namespace, one should not confuse the provider namespace with the Kubernetes Namespace of a resource when in the context of cross-provider usage.

In this case, since the definition of a Traefik dynamic configuration object is not in Kubernetes, specifying a Kubernetes Namespace when referring to the resource does not make any sense.

On the other hand, if you were to declare a middleware as a Custom Resource in Kubernetes and use the non-CRD Ingress objects, you would have to add the Kubernetes Namespace of the middleware to the annotation like this <middleware-namespace>-<middleware-name>@kubernetescrd.

Referencing a Traefik Dynamic Configuration Object from Another Provider

Declaring the add-foo-prefix in the file provider.

File (YAML)

  1. http:
  2. middlewares:
  3. add-foo-prefix:
  4. addPrefix:
  5. prefix: "/foo"

File (TOML)

  1. [http.middlewares]
  2. [http.middlewares.add-foo-prefix.addPrefix]
  3. prefix = "/foo"

Using the add-foo-prefix middleware from other providers:

Docker

  1. your-container: #
  2. image: your-docker-image
  3. labels:
  4. # Attach [email protected] middleware (declared in file)
  5. - "[email protected]e"

Kubernetes Ingress Route

  1. apiVersion: traefik.containo.us/v1alpha1
  2. kind: IngressRoute
  3. metadata:
  4. name: ingressroutestripprefix
  5. spec:
  6. entryPoints:
  7. - web
  8. routes:
  9. - match: Host(`example.com`)
  10. kind: Rule
  11. services:
  12. - name: whoami
  13. port: 80
  14. middlewares:
  15. - name: [email protected]
  16. # namespace: bar
  17. # A namespace specification such as above is ignored
  18. # when the cross-provider syntax is used.

Kubernetes Ingress

  1. apiVersion: traefik.containo.us/v1alpha1
  2. kind: Middleware
  3. metadata:
  4. name: stripprefix
  5. namespace: appspace
  6. spec:
  7. stripPrefix:
  8. prefixes:
  9. - /stripit
  10. ---
  11. apiVersion: networking.k8s.io/v1
  12. kind: Ingress
  13. metadata:
  14. name: ingress
  15. namespace: appspace
  16. annotations:
  17. # referencing a middleware from Kubernetes CRD provider:
  18. # <middleware-namespace>-<middleware-name>@kubernetescrd
  19. "traefik.ingress.kubernetes.io/router.middlewares": [email protected]
  20. spec:
  21. # ... regular ingress definition

Supported Providers

Below is the list of the currently supported providers in Traefik.

ProviderTypeConfiguration TypeProvider Name
DockerOrchestratorLabeldocker
Kubernetes IngressRouteOrchestratorCustom Resourcekubernetescrd
Kubernetes IngressOrchestratorIngresskubernetes
Kubernetes Gateway APIOrchestratorGateway API Resourcekubernetesgateway
Consul CatalogOrchestratorLabelconsulcatalog
NomadOrchestratorLabelnomad
ECSOrchestratorLabelecs
MarathonOrchestratorLabelmarathon
RancherOrchestratorLabelrancher
FileManualYAML/TOML formatfile
ConsulKVKVconsul
EtcdKVKVetcd
ZooKeeperKVKVzookeeper
RedisKVKVredis
HTTPManualJSON formathttp

More Providers

The current version of Traefik does not yet support every provider that Traefik v1.7 did. See the previous version (v1.7) for more providers.

Configuration Reload Frequency

providers.providersThrottleDuration

Optional, Default: 2s

In some cases, some providers might undergo a sudden burst of changes, which would generate a lot of configuration change events. If Traefik took them all into account, that would trigger a lot more configuration reloads than is necessary, or even useful.

In order to mitigate that, the providers.providersThrottleDuration option can be set. It is the duration that Traefik waits for, after a configuration reload, before taking into account any new configuration refresh event. If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.

This option cannot be set per provider, but the throttling algorithm applies to each of them independently.

The value of providers.providersThrottleDuration should be provided in seconds or as a valid duration format, see time.ParseDuration.

File (YAML)

  1. providers:
  2. providersThrottleDuration: 10s

File (TOML)

  1. [providers]
  2. providers.providersThrottleDuration = 10s

CLI

  1. --providers.providersThrottleDuration=10s

Restrict the Scope of Service Discovery

By default, Traefik creates routes for all detected containers.

If you want to limit the scope of the Traefik service discovery, i.e. disallow route creation for some containers, you can do so in two different ways:

  • the generic configuration option exposedByDefault,
  • a finer granularity mechanism based on constraints.

exposedByDefault and traefik.enable

List of providers that support these features:

Constraints

List of providers that support constraints:


Using Traefik for Business Applications?

If you are using Traefik for commercial applications, consider the Enterprise Edition. You can use it as your:

Traefik Enterprise enables centralized access management, distributed Let’s Encrypt, and other advanced capabilities. Learn more in this 15-minute technical walkthrough.