Traefik & Rancher
A Story of Labels, Services & Containers
Attach labels to your services and let Traefik do the rest!
Important
This provider is specific to Rancher 1.x.Rancher 2.x requires Kubernetes and does not have a metadata endpoint of its own for Traefik to query.As such, Rancher 2.x users should utilize the Kubernetes provider directly.
Configuration Examples
Configuring Rancher & Deploying / Exposing ServicesEnabling the rancher provider
[providers.rancher]
providers:
rancher: {}
--providers.rancher=true
Attaching labels to services
labels:
- traefik.http.services.my-service.rule=Host(`my-domain`)
Provider Configuration Options
Browse the ReferenceIf you're in a hurry, maybe you'd rather go through the configuration reference:
# Enable Rancher Provider.
[providers.rancher]
# Expose Rancher services by default in Traefik.
exposedByDefault = true
# Enable watch Rancher changes.
watch = true
# Filter services with unhealthy states and inactive states.
enableServiceHealthFilter = true
# Defines the polling interval (in seconds).
refreshSeconds = 15
# Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
intervalPoll = false
# Prefix used for accessing the Rancher metadata service
prefix = "/latest"
# Enable Rancher Provider.
providers:
rancher:
# Expose Rancher services by default in Traefik.
exposedByDefault: true
# Enable watch Rancher changes.
watch: true
# Filter services with unhealthy states and inactive states.
enableServiceHealthFilter: true
# Defines the polling interval (in seconds).
refreshSeconds: 15
# Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
intervalPoll: false
# Prefix used for accessing the Rancher metadata service
prefix: "/latest"
# Enable Rancher Provider.
--providers.rancher=true
# Expose Rancher services by default in Traefik.
--providers.rancher.exposedByDefault=true
# Enable watch Rancher changes.
--providers.rancher.watch=true
# Filter services with unhealthy states and inactive states.
--providers.rancher.enableServiceHealthFilter=true
# Defines the polling interval (in seconds).
--providers.rancher.refreshSeconds=15
# Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
--providers.rancher.intervalPoll=false
# Prefix used for accessing the Rancher metadata service
--providers.rancher.prefix="/latest"
List of all available labels for the dynamic configuration references.
exposedByDefault
Optional, Default=true
[providers.rancher]
exposedByDefault = false
# ...
providers:
rancher:
exposedByDefault: false
# ...
--providers.rancher.exposedByDefault=false
# ...
Expose Rancher services by default in Traefik.If set to false, services that don't have a traefik.enable=true
label will be ignored from the resulting routing configuration.
See also Restrict the Scope of Service Discovery.
defaultRule
Optional, Default=Host(
{{ normalize .Name }}
)
[providers.rancher]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
providers:
rancher:
defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
--providers.rancher.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
The default host rule for all services.
For a given container if no routing rule was defined by a label, it is defined by this defaultRule instead.It must be a valid Go template,augmented with the sprig template functions.The service name can be accessed as the Name
identifier,and the template has access to all the labels defined on this container.
This option can be overridden on a container basis with the traefik.http.routers.Router1.rule
label.
enableServiceHealthFilter
Optional, Default=true
[providers.rancher]
enableServiceHealthFilter = false
# ...
providers:
rancher:
enableServiceHealthFilter: false
# ...
--providers.rancher.enableServiceHealthFilter=false
# ...
Filter services with unhealthy states and inactive states.
refreshSeconds
Optional, Default=15
[providers.rancher]
refreshSeconds = 30
# ...
providers:
rancher:
refreshSeconds: 30
# ...
--providers.rancher.refreshSeconds=30
# ...
Defines the polling interval (in seconds).
intervalPoll
Optional, Default=false
[providers.rancher]
intervalPoll = true
# ...
providers:
rancher:
intervalPoll: true
# ...
--providers.rancher.intervalPoll=true
# ...
Poll the Rancher metadata service for changes every rancher.refreshSeconds
,which is less accurate than the default long polling technique which will provide near instantaneous updates to Traefik.
prefix
Optional, Default=/latest
[providers.rancher]
prefix = "/test"
# ...
providers:
rancher:
prefix: "/test"
# ...
--providers.rancher.prefix="/test"
# ...
Prefix used for accessing the Rancher metadata service
constraints
Optional, Default=""
[providers.rancher]
constraints = "Label(`a.label.name`, `foo`)"
# ...
providers:
rancher:
constraints: "Label(`a.label.name`, `foo`)"
# ...
--providers.rancher.constraints="Label(`a.label.name`, `foo`)"
# ...
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.That is to say, if none of the container's labels match the expression, no route for the container is created.If the expression is empty, all detected containers are included.
The expression syntax is based on the Label("key", "value")
, and LabelRegex("key", "value")
functions, as well as the usual boolean logic, as shown in examples below.Constraints Expression Examples
# Includes only containers having a label with key `a.label.name` and value `foo`
constraints = "Label(`a.label.name`, `foo`)"
# Excludes containers having any label with key `a.label.name` and value `foo`
constraints = "!Label(`a.label.name`, `value`)"
# With logical AND.
constraints = "Label(`a.label.name`, `valueA`) && Label(`another.label.name`, `valueB`)"
# With logical OR.
constraints = "Label(`a.label.name`, `valueA`) || Label(`another.label.name`, `valueB`)"
# With logical AND and OR, with precedence set by parentheses.
constraints = "Label(`a.label.name`, `valueA`) && (Label(`another.label.name`, `valueB`) || Label(`yet.another.label.name`, `valueC`))"
# Includes only containers having a label with key `a.label.name` and a value matching the `a.+` regular expression.
constraints = "LabelRegex(`a.label.name`, `a.+`)"
See also Restrict the Scope of Service Discovery.
Routing Configuration Options
General
Traefik creates, for each rancher service, a corresponding service and router.
The Service automatically gets a server per container in this rancher service, and the router gets a default rule attached to it, based on the service name.
Routers
To update the configuration of the Router automatically attached to the container, add labels starting with traefik.routers.{name-of-your-choice}.
and followed by the option you want to change.For example, to change the rule, you could add the label traefik.http.routers.my-container.rule=Host(my-domain)
.
Every Router parameter can be updated this way.
Services
To update the configuration of the Service automatically attached to the container, add labels starting with traefik.http.services.{name-of-your-choice}.
,followed by the option you want to change. For example, to change the passhostheader behavior,you'd add the label traefik.http.services.{name-of-your-choice}.loadbalancer.passhostheader=false
.
Every Service parameter can be updated this way.
Middleware
You can declare pieces of middleware using labels starting with traefik.http.middlewares.{name-of-your-choice}.
, followed by the middleware type/options.For example, to declare a middleware redirectscheme
named my-redirect
, you'd write traefik.http.middlewares.my-redirect.redirectscheme.scheme: https
.Declaring and Referencing a Middleware
# ...
labels:
- traefik.http.middlewares.my-redirect.redirectscheme.scheme=https
- traefik.http.routers.my-container.middlewares=my-redirect
Conflicts in Declaration
If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.
More information about available middlewares in the dedicated middlewares section.
Specific Options
traefik.enable
You can tell Traefik to consider (or not) the container by setting traefik.enable
to true or false.
This option overrides the value of exposedByDefault
.
Port Lookup
Traefik is now capable of detecting the port to use, by following the default rancher flow.That means, if you just expose lets say port :1337 on the rancher ui, traefik will pick up this port and use it.