Traefik is a reverse proxy written in Go. It can be used in multiple situations with many providers (Kubernetes, Swarm, ...). Version 2 is also capable of TCP routing.
This role sets up traefik on a host as reverse proxy and load balancer. This allows you, to use one server as a host for multiple dockerized applications.
Note: This role allows you to use one (1) server as a host for many applications. Depending on your usecase, this might not be what you are looking for. For services that need to be highly-available, consider using Kubernetes or other systems and setup traefik there.
ansible-galaxy install arillso.traefik- Docker
Traefik v2.0 onwards supports yaml configuration. This role uses this to generate the configuration directly from the given ansible variables. There are certain quick-setup variables, which allow you to setup a simple instance, but there is also the option to fully configure every key yourself. The quick-setup allows you to:
- Setup a lets-encrypt based certificate resolver
- Setup standard entrypoints
- Setup standard Docker provider
The quick-setup variables are prefixed with traefik_qs_.
| Name | Default | Description |
|---|---|---|
traefik_dir |
/etc/traefik |
where to store traefik data |
traefik_hostname |
"{{ inventory_hostname }}" |
the hostname of this instance |
traefik_network |
traefik_proxy |
the name of the generated network |
traefik_qs_send_anonymous_usage |
false |
wether to send anonymous usage |
traefik_qs_https |
false |
wether to setup a https endpoint |
traefik_qs_https_redirect |
false |
wether to setup a redirection to https |
traefik_qs_https_le |
false |
wether to setup letsencrypt using tls (only if https is enabled) |
traefik_qs_https_le_mail |
undefined | the email to use for letsencrypt (Required) |
traefik_qs_log_level |
ERROR |
the loglevel to apply |
traefik_container_name |
'traefik' |
the container name |
traefik_network_name |
'traefik_proxy' |
the network name |
traefik_network_ipam_subnet |
'172.16.1.0/24' |
subnet |
traefik_network_ipam_gateway |
'172.16.1.1' |
gateway |
traefik_network_ipam_iprange |
'172.16.1.0/24' |
iprange |
traefik_image |
'traefik' |
the image used |
traefik_add_volumes |
[] |
additional volumes to mount |
traefik_ports |
['80:80', '443:443'] |
the ports shared |
traefik_labels |
{} |
labels to set on the traefik container. |
The default names of the generated configs are:
- Entrypoints:
httphttps
- Providers:
docker
- Certificate Resolvers:
letsencrypt
As stated before, this role also allows you to configure traefik in-depth by using the traefik yaml config. The following variables can be used:
| Name | Default | Description |
|---|---|---|
traefik_confkey_global |
undefined | see Docs 📑 |
traefik_confkey_serversTransport |
undefined | see Docs 📑 |
traefik_confkey_entryPoints |
undefined | see Docs 📑 |
traefik_confkey_providers |
undefined | see Docs 📑 |
traefik_confkey_api |
undefined | see Docs 📑 |
traefik_confkey_metrics |
undefined | see Docs 📑 |
traefik_confkey_ping |
undefined | see Docs 📑 |
traefik_confkey_log |
undefined | see Docs 📑 |
traefik_confkey_accessLog |
undefined | see Docs 📑 |
traefik_confkey_tracing |
undefined | see Docs 📑 |
traefik_confkey_hostResolver |
undefined | see Docs 📑 |
traefik_confkey_certificatesResolvers |
undefined | see Docs 📑 |
These keys are merged into the configuration after the quick-setup config using
the combine()
filter in non recursive mode. This allows you to add configuration options as
you need them. If you want to overwrite the quick-setup items, use their key
(as specified above).
This role is intended as a continuation of the
sbaerlocher/ansible.traefik
role for traefik v2. Most of the variables set for said role will continue
to work in this role, except for three special cases, where you must
recreate a custom configuration using the _confkey_ variables.
These are explained in the following sections.
Using the traefik_configuration_file has no influence on your installation.
The configuration of Traefik has changed with the introduction of v2 and is not
backwards compatible. Use the Traefik docs
to recreate your custom configuration using the _confkey_ variables.
The way API is defined in Traefik v2 allows you, to use several diffrent configurations. For the sake of simplicity, we dropped the automatic generation of an api config, as it not simply mergeable with a custom config and could lead to unforseen side effects.
To setup a simple, insecure api on container port 8080, use the following
config (Note: this example is insecure, please consider securing your api
for use in production):
traefik_confkey_api:
insecure: true
dashboard: true # use this for enabling the dashboard
traefik_ports:
- '80:80'
- '443:443'
- '8080:8080'This will automatically configure an entrypoint on port 8080.
Similar to the api definition, the ping definition allows custom configuration over multiple diffrent configuration keys, making an automatically generated config unfeasable.
Follow the Traefik config docs about ping
to find the configuration you want to apply. As an Example, take a look at this
config, which will expose the ping endpoint on port 8082:
traefik_confkey_entryPoints:
ping:
address: ':8082'
traefik_confkey_ping:
entryPoint: 'ping'
traefik_ports:
- '80:80'
- '443:443'
- '8082:8082'