Skip to content
Replicate config from one Traefik instance to another, to avoid exposing orchestrators to the web.
Python Makefile Dockerfile
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Initial commit Dec 6, 2018
.vscode Initial commit Dec 6, 2018
docs Initial commit Dec 6, 2018
tests update readme Dec 6, 2018
traefik_prism Add Dockerfile Dec 6, 2018
.editorconfig Initial commit Dec 6, 2018
.gitignore Add Dockerfile Dec 6, 2018
.travis.yml Initial commit Dec 6, 2018
AUTHORS.rst Initial commit Dec 6, 2018
CONTRIBUTING.rst Initial commit Dec 6, 2018
Dockerfile Fix bugs in Dockerfile Dec 6, 2018
HISTORY.rst Initial commit Dec 6, 2018
LICENSE Initial commit Dec 6, 2018
MANIFEST.in Initial commit Dec 6, 2018
Makefile Initial commit Dec 6, 2018
README.rst update readme Dec 6, 2018
requirements.txt Initial commit Dec 6, 2018
requirements_dev.txt Initial commit Dec 6, 2018
setup.cfg Initial commit Dec 6, 2018
setup.py Initial commit Dec 6, 2018
tox.ini Initial commit Dec 6, 2018

README.rst

Docker Traefik Event Forwarder

Documentation Status

Docker Traefik Event Forwarder

Features

  • Pulls config from one Traefik instance to another to avoid exposing orchestrators (mainly Docker socket) in internet facing containers

Usage

Configured via env variables;

  • Pulls config from /api on endpoint defined in SRC_TRAEFIK
  • Extracts backend config from a comma-separated list of providers in PROVIDERS
  • Pushes config based on DEST_TRAEFIK TO /api/providers/rest

To integrate, extend the 'config generator' pattern seen in https://docs.traefik.io/user-guide/cluster-docker-consul/;

  • create a treafik container with the REST provider enabled (--rest), but not bound to docker socket (this will become your frontend)
  • another which is (which the only purpose is to generate config based on orchestrator events).

Example Compose;

version: "3.6"
services:
  traefik_dockerinit:
    image: traefik:1.6
    command:
      - "storeconfig"
      - "--loglevel=debug"
      - "--api"
      - "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
      - "--entrypoints=Name:https Address::443 TLS TLS.SniStrict:true TLS.MinVersion:VersionTLS12"
      - "--defaultentrypoints=http,https"
      - "--acme"
      - "--acme.storage=traefik/acme/account"
      - "--acme.entryPoint=https"
      - "--acme.httpChallenge.entryPoint=http"
      - "--acme.onHostRule=true"
      - "--acme.onDemand=false"
      - "--acme.email=hello@example.com"
      - "--docker"
      - "--docker.swarmMode"
      - "--docker.domain=test.example.com"
      - "--docker.watch"
      - "--consul"
      - "--consul.endpoint=consul:8500"
      - "--consul.prefix=traefikdocker"
      - "--rest"
    networks:
      - traefik
    deploy:
      restart_policy:
        condition: on-failure
    depends_on:
      - consul

  traefik_init:
    image: traefik:1.6
    command:
      - "storeconfig"
      - "--loglevel=debug"
      - "--api"
      - "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
      - "--entrypoints=Name:https Address::443 TLS TLS.SniStrict:true TLS.MinVersion:VersionTLS12"
      - "--defaultentrypoints=http,https"
      - "--acme"
      - "--acme.storage=traefik/acme/account"
      - "--acme.entryPoint=https"
      - "--acme.httpChallenge.entryPoint=http"
      - "--acme.onHostRule=true"
      - "--acme.onDemand=false"
      - "--acme.email=test@example.com
      - "--consul"
      - "--consul.endpoint=consul:8500"
      - "--consul.prefix=traefik"
      - "--rest"
    networks:
      - traefik
    deploy:
      restart_policy:
        condition: on-failure
    depends_on:
      - consul

  traefikgen:
    image: traefik:1.6
    depends_on:
      - traefik_dockerinit
      - consul
    command:
      - "--consul"
      - "--consul.endpoint=consul:8500"
      - "--consul.prefix=traefikdocker"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - traefik
    deploy:
      restart_policy:
        condition: on-failure

  traefik:
    image: traefik:1.6
    depends_on:
      - traefik_init
      - consul
    command:
      - "--consul"
      - "--consul.endpoint=consul:8500"
      - "--consul.prefix=traefik"
    networks:
      - traefik
    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host
      - target: 8080
        published: 8080
        mode: host
    deploy:
      mode: global
      placement:
        constraints:
          - node.role == manager
      update_config:
        parallelism: 1
        delay: 10s
      restart_policy:
        condition: on-failure

  consul:
    image: consul
    command: agent -server -bootstrap-expect=1 -ui
    volumes:
      - consul-data:/consul/data
    environment:
      - CONSUL_LOCAL_CONFIG={"datacenter":"us_east2","server":true}
      - CONSUL_BIND_INTERFACE=eth0
      - CONSUL_CLIENT_INTERFACE=eth0
    ports:
      - target: 8500
        published: 8539
        mode: host
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.role == manager
      restart_policy:
        condition: on-failure
    networks:
      - traefik

  traefik_config_prism:
    image: tomwerneruk/traefik-prism:latest
    environment:
      - PYTHONUNBUFFERED=1
      - BACKENDS=docker
      - SRC_TRAEFIK=http://traefikgen:8080/
      - DEST_TRAEFIK=http://traefik:8080/
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - traefik

networks:
  traefik:
    driver: overlay

volumes:
  consul-data:
      driver: local

Credits

This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.

You can’t perform that action at this time.