New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Traefik doesn't acknowledge containers started using docker stack deploy #994

Closed
chaosk opened this Issue Dec 24, 2016 · 12 comments

Comments

Projects
None yet
9 participants
@chaosk

chaosk commented Dec 24, 2016

What version of Traefik are you using (traefik version)?

v.1.1.2

What is your environment & configuration (arguments, toml...)?

I'm running Traefik using the following command:

docker service create --name traefik --constraint=node.role==manager --publish 80:80 --publish 8080:8080 --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock --network traefik-net traefik --docker --docker.swarmmode --docker.domain=traefik.local --docker.watch --web --logLevel=DEBUG

Docker version is 1.13.0rc4.

What did you do?

I'm attempting to use docker stacks and route traffic to specified container.

I have a simplified docker-compose.yml file here:

version: "3"
services:
  web:
    image: emilevauge/whoami
    labels:
      - "traefik.port=80"
      - "traefik.docker.network=traefik-net"
      - "traefik.frontend.rule=Host:whoamistack.traefik.local"
    networks:
      - default
      - traefik-net
networks:
  traefik-net:
    external: true

And it's being used with:

docker stack deploy --compose-file ./docker-compose.yml whoami

What did you expect to see?

I expected to get a response from the container by visiting whoamistack.traefik.local.

What did you see instead?

I found the following in Traefik logs:

traefik.1.j5z1q7jjbn3t@local    | time="2016-12-24T15:19:30Z" level=debug msg="Filtering container without port and no traefik.port label whoamistack_web"

I tried to analyze what happens and I successfully started a service manually:

docker service create --name whoami --label traefik.port=80 --network traefik-net emilevauge/whoami

I've compared output of docker service inspect for both of those services and noticed that traefik-related labels are in different locations:

$ docker service inspect whoami
[
    {
        "ID": "qg3a5p47uxqf6awjy2agy3lxc",
        "Version": {
            "Index": 4962004
        },
        "CreatedAt": "2016-12-24T15:15:46.029626434Z",
        "UpdatedAt": "2016-12-24T15:15:46.066804668Z",
        "Spec": {
            "Name": "whoami",
            "Labels": {
                "traefik.port": "80"
            },
...
$ docker service inspect whoamistack_web
[
    {
        "ID": "fqbn0wpzgx34o2g11kgivnhuz",
        "Version": {
            "Index": 4961908
        },
        "CreatedAt": "2016-12-24T15:13:30.114908601Z",
        "UpdatedAt": "2016-12-24T15:13:30.153680158Z",
        "Spec": {
            "Name": "whoamistack_web",
            "Labels": {
                "com.docker.stack.namespace": "whoamistack"
            },
            "TaskTemplate": {
                "ContainerSpec": {
                    "Image": "emilevauge/whoami:latest@sha256:348eb7b296538f972afc8ccb3c97d88ae444f98944d58e812b00606407396bbc",
                    "Labels": {
                        "com.docker.stack.namespace": "whoamistack",
                        "traefik.docker.network": "traefik-net",
                        "traefik.frontend.rule": "Host:whoamistack.traefik.local",
                        "traefik.port": "80"
                    }
                },
                "Resources": {},
                "Placement": {},
                "ForceUpdate": 0
            },
...
@vdemeester

This comment has been minimized.

Show comment
Hide comment
@vdemeester

vdemeester Dec 24, 2016

Member

I've compared output of docker service inspect for both of those services and noticed that traefik-related labels are in different locations

Yep, on the docker side this is to be compatible with the way docker-compose work (that way, labels are still put into). But this mean, as is it won't correctly work with traefik. We need to work around that but there is a workaround:

version: "3"
services:
  web:
    image: emilevauge/whoami
    networks:
      - default
      - traefik-net
    deploy:
      labels:
        - "traefik.port=80"
        - "traefik.docker.network=traefik-net"
        - "traefik.frontend.rule=Host:whoamistack.traefik.local"
networks:
  traefik-net:
    external: true

This compose-file will add labels to the service and allow traefik to see it. If you want to have labels on the container too (in term of swarm mode, the task), you can also duplicate the labels part but meh 😅.

Member

vdemeester commented Dec 24, 2016

I've compared output of docker service inspect for both of those services and noticed that traefik-related labels are in different locations

Yep, on the docker side this is to be compatible with the way docker-compose work (that way, labels are still put into). But this mean, as is it won't correctly work with traefik. We need to work around that but there is a workaround:

version: "3"
services:
  web:
    image: emilevauge/whoami
    networks:
      - default
      - traefik-net
    deploy:
      labels:
        - "traefik.port=80"
        - "traefik.docker.network=traefik-net"
        - "traefik.frontend.rule=Host:whoamistack.traefik.local"
networks:
  traefik-net:
    external: true

This compose-file will add labels to the service and allow traefik to see it. If you want to have labels on the container too (in term of swarm mode, the task), you can also duplicate the labels part but meh 😅.

@chaosk

This comment has been minimized.

Show comment
Hide comment
@chaosk

chaosk Dec 29, 2016

Lovely, thanks for providing that method so quickly.

chaosk commented Dec 29, 2016

Lovely, thanks for providing that method so quickly.

@twelvelabs

This comment has been minimized.

Show comment
Hide comment
@twelvelabs

twelvelabs Jan 17, 2017

Contributor

Just ran into this same problem while going through https://docs.traefik.io/user-guide/swarm-mode/. Really glad I thought to search through the GH issues 😄

Is that user guide in git? I can submit a PR to add a note about compose v3 files if so.

Contributor

twelvelabs commented Jan 17, 2017

Just ran into this same problem while going through https://docs.traefik.io/user-guide/swarm-mode/. Really glad I thought to search through the GH issues 😄

Is that user guide in git? I can submit a PR to add a note about compose v3 files if so.

@prologic

This comment has been minimized.

Show comment
Hide comment
@prologic

prologic Jun 8, 2017

Thanks for the tips in this issue and the linked docs! I've almost got a new deployment of traefik up and running via docker swarm mode / as a service:

version: "3.1"

services:
  sslcerts:
    image: prologic/mksslcrt
    command: "*.mydomain"
    volumes:
      - sslcerts:/ssl
    deploy:
      restart_policy:
        condition: none
      replicas: 1
      placement:
        constraints:
          - "node.hostname == dm1.mydomain"

  traefik:
    depends_on:
      - sslcerts
    image: traefik
    ports:
      - "0.0.0.0:80:80"
      - "0.0.0.0:443:443"
      - "10.0.0.10:8080:8080"
    networks:
      - traefik
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - traefik:/data
      - sslcerts:/ssl
    command:
      - --accesslogsfile=/data/access.log
      - --web
      - --docker
      - --docker.swarmmode
      - --docker.domain="mydomain"
      # - --docker.constraints="tag==web"
      - --entrypoints="Name:http Address::80 Redirect.EntryPoint:https"
      - --entryPoints="Name:https Address::443 TLS:/ssl/ssl.crt,/ssl/ssl.key"
      - --defaultentrypoints="http,https"
    deploy:
      restart_policy:
        condition: on-failure
      replicas: 1
      placement:
        constraints:
          - "node.hostname == dm1.mydomain"

  whoami:
    image: emilevauge/whoami
    labels:
      - "traefik.tags=web"
      - "traefik.backend=whoami"
      - "traefik.frontend.rule=Host:whoami.mydomain"
    networks:
      - default
      - traefik
    deploy:
      restart_policy:
        condition: on-failure
      replicas: 1

networks:
  traefik:
    external: true

volumes:
  sslcerts:
    driver: local
  traefik:
    driver: local

Just running into some issues with the sslcerts task and volumes :)

$ dlogs 42cff2f0d97c
time="2017-06-08T06:24:58Z" level=error msg="Error creating TLS config: bad TLS Certificate KeyFile format, expected a path"
time="2017-06-08T06:24:58Z" level=fatal msg="Error preparing server: bad TLS Certificate KeyFile format, expected a path"

I've given up for now; but if anyone wants to try the stack above or spots what I'm doing wrong 👍

prologic commented Jun 8, 2017

Thanks for the tips in this issue and the linked docs! I've almost got a new deployment of traefik up and running via docker swarm mode / as a service:

version: "3.1"

services:
  sslcerts:
    image: prologic/mksslcrt
    command: "*.mydomain"
    volumes:
      - sslcerts:/ssl
    deploy:
      restart_policy:
        condition: none
      replicas: 1
      placement:
        constraints:
          - "node.hostname == dm1.mydomain"

  traefik:
    depends_on:
      - sslcerts
    image: traefik
    ports:
      - "0.0.0.0:80:80"
      - "0.0.0.0:443:443"
      - "10.0.0.10:8080:8080"
    networks:
      - traefik
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - traefik:/data
      - sslcerts:/ssl
    command:
      - --accesslogsfile=/data/access.log
      - --web
      - --docker
      - --docker.swarmmode
      - --docker.domain="mydomain"
      # - --docker.constraints="tag==web"
      - --entrypoints="Name:http Address::80 Redirect.EntryPoint:https"
      - --entryPoints="Name:https Address::443 TLS:/ssl/ssl.crt,/ssl/ssl.key"
      - --defaultentrypoints="http,https"
    deploy:
      restart_policy:
        condition: on-failure
      replicas: 1
      placement:
        constraints:
          - "node.hostname == dm1.mydomain"

  whoami:
    image: emilevauge/whoami
    labels:
      - "traefik.tags=web"
      - "traefik.backend=whoami"
      - "traefik.frontend.rule=Host:whoami.mydomain"
    networks:
      - default
      - traefik
    deploy:
      restart_policy:
        condition: on-failure
      replicas: 1

networks:
  traefik:
    external: true

volumes:
  sslcerts:
    driver: local
  traefik:
    driver: local

Just running into some issues with the sslcerts task and volumes :)

$ dlogs 42cff2f0d97c
time="2017-06-08T06:24:58Z" level=error msg="Error creating TLS config: bad TLS Certificate KeyFile format, expected a path"
time="2017-06-08T06:24:58Z" level=fatal msg="Error preparing server: bad TLS Certificate KeyFile format, expected a path"

I've given up for now; but if anyone wants to try the stack above or spots what I'm doing wrong 👍

@ldez

This comment has been minimized.

Show comment
Hide comment
@ldez

ldez Jun 8, 2017

Member

I'll close this issue, because I think the question is answered, but feel free to continue the conversation.

Member

ldez commented Jun 8, 2017

I'll close this issue, because I think the question is answered, but feel free to continue the conversation.

@ldez ldez closed this Jun 8, 2017

@pascalandy

This comment has been minimized.

Show comment
Hide comment
@pascalandy

pascalandy Jun 10, 2017

@prologic

forgot some slash / :-p

volumes:
  - /var/run/docker.sock:/var/run/docker.sock
  - /traefik:/data
  - /sslcerts:/ssl

pascalandy commented Jun 10, 2017

@prologic

forgot some slash / :-p

volumes:
  - /var/run/docker.sock:/var/run/docker.sock
  - /traefik:/data
  - /sslcerts:/ssl

@prologic

This comment has been minimized.

Show comment
Hide comment
@prologic

prologic Jun 26, 2017

@pascalandy I don't think that's the problem here? I'm referencing name volumes.

prologic commented Jun 26, 2017

@pascalandy I don't think that's the problem here? I'm referencing name volumes.

@pascalandy

This comment has been minimized.

Show comment
Hide comment
@pascalandy

pascalandy Jun 26, 2017

Ahh sure. I always mount local directories :-p

pascalandy commented Jun 26, 2017

Ahh sure. I always mount local directories :-p

@prologic

This comment has been minimized.

Show comment
Hide comment
@prologic

prologic Jun 26, 2017

prologic commented Jun 26, 2017

@rgarrigue

This comment has been minimized.

Show comment
Hide comment
@rgarrigue

rgarrigue Nov 17, 2017

@ldez, the docker-compose.yml example from @prologic for docker swarm could go somewhere in the doc, maybe a specific User Guides.

The current one are instructive to get started, but in the end one won't go for bash one liner, more likely for a docker-compose.yml. And the exact syntax is hard to come by, especially since there's so many doc to be read... I think I overlooked swarm-mode' node linking here a dozen of times at least !

... gosh, finaly it's working, so happy :-)

rgarrigue commented Nov 17, 2017

@ldez, the docker-compose.yml example from @prologic for docker swarm could go somewhere in the doc, maybe a specific User Guides.

The current one are instructive to get started, but in the end one won't go for bash one liner, more likely for a docker-compose.yml. And the exact syntax is hard to come by, especially since there's so many doc to be read... I think I overlooked swarm-mode' node linking here a dozen of times at least !

... gosh, finaly it's working, so happy :-)

@ericlannaud

This comment has been minimized.

Show comment
Hide comment
@ericlannaud

ericlannaud Mar 20, 2018

works with:

command: -c /dev/null --web --docker --docker.domain='mydomain' --logLevel=INFO --defaultEntryPoints='https,http' --entryPoints='Name:https Address::443
 TLS:/ssl/ssl.crt,/ssl/ssl.key' --entryPoints='Name:http Address::80'

ericlannaud commented Mar 20, 2018

works with:

command: -c /dev/null --web --docker --docker.domain='mydomain' --logLevel=INFO --defaultEntryPoints='https,http' --entryPoints='Name:https Address::443
 TLS:/ssl/ssl.crt,/ssl/ssl.key' --entryPoints='Name:http Address::80'
@lherman-cs

This comment has been minimized.

Show comment
Hide comment
@lherman-cs

lherman-cs Jul 4, 2018

@vdemeester You're my lifesaver!! I've been looking for this issue for days! I think this kind of details should be added to the documentation.

lherman-cs commented Jul 4, 2018

@vdemeester You're my lifesaver!! I've been looking for this issue for days! I think this kind of details should be added to the documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment