我的书签
添加书签
移除书签Traefik & Consul Catalog
Attach tags to your services and let Traefik do the rest!
Configuring Consul Catalog & Deploying / Exposing Services
Enabling the consul catalog provider
consulCatalog: {}
--providers.consulcatalog=true
Attaching tags to services
- traefik.http.services.my-service.rule=Host(`example.com`)
See the dedicated section in routing.
Optional, Default=15s
[providers.consulCatalog]refreshInterval = "30s"# ...
providers:consulCatalog:refreshInterval: 30s# ...
--providers.consulcatalog.refreshInterval=30s# ...
Defines the polling interval.
prefix
required, Default="traefik"
[providers.consulCatalog]prefix = "test"# ...
providers:consulCatalog:prefix: test# ...
--providers.consulcatalog.prefix=test# ...
The prefix for Consul Catalog tags defining traefik labels.
requireConsistent
Optional, Default=false
[providers.consulCatalog]requireConsistent = true# ...
providers:consulCatalog:requireConsistent: true# ...
--providers.consulcatalog.requireConsistent=true# ...
Forces the read to be fully consistent.
Optional, Default=false
[providers.consulCatalog]stale = true# ...
providers:consulCatalog:stale: true# ...
--providers.consulcatalog.stale=true# ...
Use stale consistency for catalog reads.
cache
Optional, Default=false
[providers.consulCatalog]cache = true# ...
providers:consulCatalog:cache: true# ...
--providers.consulcatalog.cache=true
Use local agent caching for catalog reads.
endpoint
Defines the Consul server endpoint.
address
Optional, Default="http://127.0.0.1:8500"
[providers.consulCatalog][providers.consulCatalog.endpoint]address = "http://127.0.0.1:8500"# ...
providers:consulCatalog:endpoint:address: http://127.0.0.1:8500# ...
--providers.consulcatalog.endpoint.address=http://127.0.0.1:8500# ...
scheme
Optional, Default=""
[providers.consulCatalog][providers.consulCatalog.endpoint]scheme = "https"# ...
--providers.consulcatalog.endpoint.scheme=https# ...
Defines the URI scheme for the Consul server.
datacenter
Optional, Default=""
[providers.consulCatalog][providers.consulCatalog.endpoint]datacenter = "test"# ...
providers:endpoint:datacenter: test# ...
--providers.consulcatalog.endpoint.datacenter=test# ...
Defines the Data center to use. If not provided, the default agent data center is used.
token
Optional, Default=""
[providers.consulCatalog][providers.consulCatalog.endpoint]token = "test"# ...
providers:consulCatalog:endpoint:token: test# ...
--providers.consulcatalog.endpoint.token=test# ...
Token is used to provide a per-request ACL token which overrides the agent's default token.
endpointWaitTime
Optional, Default=""
[providers.consulCatalog][providers.consulCatalog.endpoint]endpointWaitTime = "15s"# ...
providers:consulCatalog:endpoint:endpointWaitTime: 15s# ...
--providers.consulcatalog.endpoint.endpointwaittime=15s# ...
WaitTime limits how long a Watch will block. If not provided, the agent default values will be used
httpAuth
Optional
Used to authenticate http client with HTTP Basic Authentication.
username
Optional
[providers.consulCatalog.endpoint.httpAuth]username = "test"
providers:consulCatalog:endpoint:httpAuth:username: test
--providers.consulcatalog.endpoint.httpauth.username=test
Username to use for HTTP Basic Authentication
password
Optional
[providers.consulCatalog.endpoint.httpAuth]password = "test"
providers:consulCatalog:endpoint:httpAuth:password: test
--providers.consulcatalog.endpoint.httpauth.password=test
Password to use for HTTP Basic Authentication
tls
Optional
Defines TLS options for Consul server endpoint.
ca
Optional
[providers.consulCatalog.endpoint.tls]ca = "path/to/ca.crt"
providers:consulCatalog:endpoint:tls:ca: path/to/ca.crt
--providers.consulcatalog.endpoint.tls.ca=path/to/ca.crt
ca is the path to the CA certificate used for Consul communication, defaults to the system bundle if not specified.
caOptional
caOptional = true
providers:consulCatalog:endpoint:tls:caOptional: true
--providers.consulcatalog.endpoint.tls.caoptional=true
Policy followed for the secured connection with TLS Client Authentication to Consul. Requires tls.ca to be defined.
true: VerifyClientCertIfGivenfalse: RequireAndVerifyClientCert- if
tls.cais undefined NoClientCert
cert
Optional
providers:consulCatalog:endpoint:tls:cert: path/to/foo.certkey: path/to/foo.key
--providers.consulcatalog.endpoint.tls.key=path/to/foo.key
cert is the path to the public certificate for Consul communication. If this is set then you need to also set `key.
key
Optional
[providers.consulCatalog.endpoint.tls]cert = "path/to/foo.cert"key = "path/to/foo.key"
providers:consulCatalog:endpoint:tls:cert: path/to/foo.certkey: path/to/foo.key
--providers.consulcatalog.endpoint.tls.cert=path/to/foo.cert--providers.consulcatalog.endpoint.tls.key=path/to/foo.key
key is the path to the private key for Consul communication. If this is set then you need to also set cert.
insecureSkipVerify
Optional
[providers.consulCatalog.endpoint.tls]insecureSkipVerify = true
providers:consulCatalog:endpoint:tls:insecureSkipVerify: true
--providers.consulcatalog.endpoint.tls.insecureskipverify=true
If insecureSkipVerify is true, TLS for the connection to Consul server accepts any certificate presented by the server and any host name in that certificate.
Optional, Default=true
[providers.consulCatalog]exposedByDefault = false# ...
providers:consulCatalog:exposedByDefault: false# ...
--providers.consulcatalog.exposedByDefault=false# ...
Expose Consul Catalog services by default in Traefik. If set to false, services that don't have a traefik.enable=true tag will be ignored from the resulting routing configuration.
See also Restrict the Scope of Service Discovery.
defaultRule
Optional, Default=Host({{ normalize .Name }})
[providers.consulCatalog]defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"# ...
providers:consulCatalog:defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"# ...
--providers.consulcatalog.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"# ...
The default host rule for all services.
For a given service if no routing rule was defined by a tag, it is defined by this defaultRule instead. It must be a valid Go template, augmented with the . The service name can be accessed as the Name identifier, and the template has access to all the labels (i.e. tags beginning with the prefix) defined on this service.
The option can be overridden on an instance basis with the traefik.http.routers.{name-of-your-choice}.rule tag.
constraints
Optional, Default=""
[providers.consulCatalog]constraints = "Tag(`a.tag.name`)"# ...
providers:consulCatalog:constraints: "Tag(`a.tag.name`)"# ...
--providers.consulcatalog.constraints="Tag(`a.tag.name`)"# ...
Constraints is an expression that Traefik matches against the service's tags to determine whether to create any route for that service. That is to say, if none of the service's tags match the expression, no route for that service is created. If the expression is empty, all detected services are included.
The expression syntax is based on the Tag(, and tag)TagRegex( functions, as well as the usual boolean logic, as shown in examples below.tag)
Constraints Expression Examples
# Includes only services having the tag `a.tag.name=foo`constraints = "Tag(`a.tag.name=foo`)"
# Excludes services having any tag `a.tag.name=foo`constraints = "!Tag(`a.tag.name=foo`)"
# With logical AND.constraints = "Tag(`a.tag.name`) && Tag(`another.tag.name`)"
# With logical OR.constraints = "Tag(`a.tag.name`) || Tag(`another.tag.name`)"
constraints = "Tag(`a.tag.name`) && (Tag(`another.tag.name`) || Tag(`yet.another.tag.name`))"
