traefikeectl Command-Line Tool Reference¶
For the installation of the traefikeectl command-line tool,
please check the following page: Installing the traefikeectl command-line tool.
Synopsis¶
Check below the list of commands, with their respective flags.
traefikeectl is a controller for TraefikEE (Enterprise Edition).
Complete documentation is available at https://docs.containo.us.
Usage: traefikeectl [flags] <command> [<arguments>]
Use "traefikeectl <command> --help" for help on any command.
Commands:
acme-add-account Add an ACME account to the cluster
acme-add-certificate Add an ACME certificate to the cluster
acme-list-accounts List all ACME accounts of a cluster and shows which is the current
acme-list-certificates List all ACME certificates of a cluster
acme-use-account Sets the ACME account to use for ACME operations
backup Backs up the configuration of a running TraefikEE cluster
connect Connects to a TraefikEE cluster
deploy Deploys a new configuration to a TraefikEE cluster
install Installs a TraefikEE cluster
list-nodes List all nodes of a cluster and their statuses
logs Prints the logs from the TraefikEE nodes on a cluster
support-dump Gather data from the cluster to assist in support.
uninstall Uninstalls a TraefikEE cluster
version Print version
Flag's usage: traefikeectl [--flag=flag_argument] [-f[flag_argument]] ... set flag_argument to flag(s)
or: traefikeectl [--flag[=true|false| ]] [-f[true|false| ]] ... set true/false to boolean flag(s)
Flags:
-h, --help Print Help (this message) and exiCommands¶
The TraefikEE command line (CLI) provides these commands:
- Install (
install) - Connect (
connect) - Uninstall (
uninstall) - Logs (
logs) - List Nodes (
list-nodes) - List ACME Accounts (
acme-list-accounts) - Add ACME Account (
acme-add-account) - Use ACME Account (
acme-use-accounts) - Add ACME Certificate (
acme-add-certificate) - List ACME Certificates (
acme-list-certificates) - Deploy (
deploy) - Backup (
backup)
Install (install)¶
This command initializes a TraefikEE cluster. It starts the first control node which becomes the first leader of the cluster.
Usage:
traefikeectl install --kubernetes --licensekey="XXXX"
traefikeectl install --kubernetes --licensekey="XXXX" --kubernetes.namespace="traefikee" --controlnodes=5 --datanodes=8 --api --debugFlags:
--api Enable the dashboard, API and the metrics (default "false")
--archivepath Path to the backup archive to restore
--clustername Name of the cluster (default "traefikee")
--controlnodes Number of control nodes to be in the cluster (default "1")
--dashboard Dashboard configuration. Enables the API and the metrics as well (default "false")
--dashboard.insecure Disable authentication in the dashboard if enabled (default "false")
--dashboard.user Set dashboard user (user:htpasswd_password)
--datanodes Number of data nodes to be in the cluster. Set to auto for one per machine (default "2")
--debug Enable verbose install logs. Overrides --loglevel (default "false")
--downloadfolder Path in which to download temporary files to install the cluster (default "/tmp/traefikee/")
--force Overwrite previous TraefikEE installation (default "false")
--kubernetes Install configuration for the kubernetes provider (default "false")
--kubernetes.configpath Set path to kubernetes config file (usually located in $HOME/.kube/config)
--kubernetes.ctlapiport Port to use on the local machine for traefikeectl (default "55055")
--kubernetes.deletenamespace Delete the whole namespace (default "false")
--kubernetes.helmchart Use this Helm chart for installation. Can be a path or a reference (default "containous/traefikee")
--kubernetes.helmvaluespath Path to an optional yaml file to be passed to helm during install
--kubernetes.namespace Kubernetes namespace (default "traefikee")
--timeout Time after which the install command should time out (default "5m0s")
--licensekey The TraefikEE license key
--logformat Log output format: 'json' | 'common' (default "common")
--loglevel Log level for the TraefikEE cluster
--skipdeploy Skip initial config deployment (default "false")
--swarm Install configuration for the docker swarm provider (default "false")
--swarm.certpath Optional certificate path to use to connect to the docker daemon
--swarm.composefilespath Path to a directory containing docker-compose files to use
--swarm.ctlapi Ingress port for the control API (default "55055")
--swarm.dashboard Ingress port for the dasbhoard (default "8080")
--swarm.host Host of the docker daemon to connect to (default "unix:///var/run/docker.sock")
--swarm.http Ingress port for HTTP (default "80")
--swarm.https Ingress port for HTTPS (default "443")
--swarm.insecureskipverify Disable certificate verification when contacting the docker daemon (default "false")
--swarm.networkautodiscovery Enable network autodiscovery (default "false")
--swarm.networkname Swarm network to use (default "traefikee_net")
--swarm.timeout Time after which the command should time out (deprecated) (default "5m0s")
--swarm.ucpbundle Path to the UCP bundle archive to use to access the UCP API
-h, --help Print Help (this message) and exitSwarm Custom Compose Files (--swarm.composefilespath)
About --swarm.composefilespath, traefikeectl expects to have four specific files in the directory pointed to with this flag. Those are bootstrap-node.yml, control-node.yml, data-node-global.yml and data-node-replicated.yml.
Modifying the dashboard authorization user¶
To create a custom user and password for the dashboard, you need to use htpasswd to generate a password string.
You will need to provide a <user>, and a <password> to create the password string using htpasswd -nbs <user> <password>.
Usage:
htpasswd -nbs admin passwordadmin:{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=Note
You can replace the s argument in htpasswd with B to create a stronger password string, by using bcrypt instead of sha.
Usage:
htpasswd -nbB admin passwordadmin:$2y$05$0Xa8o7oog51NrPdP6OHmvuJiwTMAlvBvF5YNnC0cvDV5Tg8E1cqGuOnce you have created the password string, you can use it in combination with --dashboard.user.
traefikeectl install \
--licensekey="XXXXXXXXX" \
--dashboard \
--dashboard.user="admin:{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g="
--kubernetesConnect (connect)¶
This command connects to a TraefikEE cluster and creates a serialized configuration file, allowing you to use traefikeectl on that cluster. What this command does is also done by the install command, so this is useful if you have an already existing cluster that wasn't created with traefikeectl, or if you lost your configuration file.
Usage:
traefikeectl connect --swarm
traefikeectl connect --swarm.networkname="traefikee_net"
traefikeectl connect --kubernetes.namespace="traefikee"Flags:
--clustername Name of the cluster (default "traefikee")
--force Whether whe should override an existing connection to a cluster having the same (default "false")
name
--kubernetes Cluster configuration for the kubernetes provider (default "false")
--kubernetes.configpath Set path to kubernetes config file (usually located in $HOME/.kube/config)
--kubernetes.ctlapiport Port to use on the local machine for traefikeectl (default "55055")
--kubernetes.namespace Kubernetes namespace (default "traefikee")
--onpremise Cluster configuration for an on-premise cluster (default "false")
--onpremise.apiaddress The TraefikEE Control API address
--onpremise.mtlscertsdir The directory that contains the certificates used to connect to the TraefikEE
Control API
--swarm Cluster configuration for the docker swarm provider (default "false")
--swarm.certpath Optional certificate path to use to connect to the docker daemon
--swarm.ctlapiport Traefikee Control API port (default "55055")
--swarm.host Host of the docker daemon to connect to (default "unix:///var/run/docker.sock")
--swarm.insecureskipverify Disable certificate verification when contacting the docker daemon (default "false")
--swarm.networkname Name of the docker network (default "traefikee_net")
--swarm.stackname Name of the docker stack to use (default "traefikee")
-h, --help Print Help (this message) and exitUninstall (uninstall)¶
This command uninstalls a TraefikEE cluster.
Usage:
traefikeectl uninstall --kubernetes
traefikeectl uninstall --kubernetes --kubernetes.deletenamespace --debugFlags:
--clustername Name of the cluster (default "traefikee")
--debug Enable verbose logs (default "false")
--downloadfolder Path in which to download temporary files to uninstall the cluster (default "/tmp/traefikee/")
--kubernetes Specific configuration for the kubernetes provider (default "false")
--kubernetes.configpath Set path to kubernetes config file (usually located in $HOME/.kube/config)
--kubernetes.deletenamespace Delete the whole namespace (default "false")
--kubernetes.helmchart Use this Helm chart for installation. Can be a path or a reference.
--kubernetes.helmvaluespath Path to an optional yaml file to be passed to helm during install
--swarm Specific configuration for the docker swarm provider (default "false")
--swarm.deletenetwork Remove the docker network at the end of the uninstall (default "false")
--swarm.timeout Time after which the command should time out (default "5m0s")
-h, --help Print Help (this message) and exitLogs (logs)¶
This command prints the logs of all nodes of a TraefikEE cluster.
Usage:
traefikeectl logs --kubernetes
traefikeectl logs --swarm
traefikeectl logs --onlyshowcontrolnodesFlags:
--clustername Name of the cluster (default "traefikee")
--onlyshowcontrolnodes Display logs from control nodes only (default "false")
--onlyshowdatanodes Display logs from data nodes only (default "false")
-h, --help Print Help (this message) and exitList Nodes (list-nodes)¶
This command lists the nodes of a TraefikEE cluster.
Usage:
traefikeectl list-nodes --kubernetes
traefikeectl list-nodes --swarmFlags:
--clustername Name of the cluster (default "traefikee")
--details Display a detailed description of the nodes (default "false")
-h, --help Print Help (this message) and exitList ACME Accounts (acme-list-accounts)¶
This command lists the ACME accounts available in your cluster. It also displays which is the current ACME account used.
Usage:
traefikee acme-list-accounts --clustername="traefikee"Flags:
--clustername Name of the cluster (default "traefikee")
-h, --help Print Help (this message) and exiAdd ACME Account (acme-add-account)¶
This command adds a new account to the TraefiKEE ACME account pool. It can be used to create a new account or to import an existing one.
Usage:
# Create a new account
traefikeectl acme-add-account \
--name=acme-account \
[email protected] \
--caserver=https://ca.server.com
# Import an existing account
traefikeectl acme-add-account \
--name=acme-account \
[email protected] \
--caserver=https://ca.server.com \
--privatekey=./key.pem \
--uri=https://ca.server.com/idFlags:
--backupaccount JSON file from a TraefikEE Backup containing the account data
--caserver CAServer to register with (default "https://acme-v02.api.letsencrypt.org/directory")
--clustername Name of the cluster (default "traefikee")
--email Email of the ACME account
--keytype Type of the private key (default "RSA4096")
--name Name of the ACME account
--privatekey Filepath or content containing private key in PEM or base64 encoded PEM content
format(for existing
account)
--uri Registration URI (for existing account)
--use Set this account as the current ACME account for this cluster (irreversible) (default "false")
-h, --help Print Help (this message) and exiUse ACME Account (acme-use-account)¶
This command marks an account as the one to use by TraefikEE for all ACME operations.
One time operation
You can only run this command once per installed cluster.
Usage:
traefikeectl acme-use-account --name=acme-accountFlags:
--clustername Name of the cluster (default "traefikee")
--name Name of the ACME account to use
-h, --help Print Help (this message) and exitAdd ACME Certificate (acme-add-certificate)¶
This command enables to add a new certificate to the TraefiKEE ACME certificate pool. It can be used to create a new certificate or to import an existing one.
Usage:
# Import a certificate from a backup file
traefikeectl acme-add-certificate \
--backupcert="/path/to/cert.json" \
--accountname="myaccount"
# Import a certificate from PEM encoded files
traefikeectl acme-add-certificate \
--certfile="/path/to/cert.pem" \
--keyfile="/path/to/key.pem" \
--accountname="myaccount"Flags:
--accountname ACME Account to link to the certificate
--backupcert JSON file from a TraefikEE Backup containing the certificate data
--certfile PEM-encoded certificate to be imported
--clustername Name of the cluster (default "traefikee")
--keyfile PEM-encoded certificate key to be imported
-h, --help Print Help (this message) and exiList ACME Certificates (acme-list-certificates)¶
This command lists ACME certificates available in a cluster.
Usage:
traefikeectl acme-list-certificates
# The option `--notrunc` prevents the output of this command from being truncated.
traefikeectl acme-list-certificates --notruncFlags:
--clustername Name of the cluster (default "traefikee")
--notrunc Do not truncate output (default "false")
-h, --help Print Help (this message) and exitDeploy (deploy)¶
This command deploys a Traefik configuration on the TraefikEE cluster.
Usage:
traefikeectl deploy --clustername="traefikee" --kubernetes --insecureSkipVerifyFlags:
--accesslog Access log settings (default "false")
--accesslog.bufferingsize Number of access log lines to process in a buffered way. Default 0. (default "0")
--accesslog.fields AccessLogFields (default "false")
--accesslog.fields.defaultmode Default mode for fields: keep | drop (default "keep")
--accesslog.fields.headers Headers to keep, drop or redact (default "false")
--accesslog.fields.headers.defaultmode Default mode for fields: keep | drop | redact (default "keep")
--accesslog.fields.headers.names Override mode for headers (default "map[]")
--accesslog.fields.names Override mode for fields (default "map[]")
--accesslog.filepath Access log file path. Stdout is used when omitted or empty
--accesslog.filters Access log filters, used to keep only specific access logs (default "false")
--accesslog.filters.minduration Keep access logs when request took longer than the specified duration (default "0s")
--accesslog.filters.retryattempts Keep access logs when at least one retry happened (default "false")
--accesslog.filters.statuscodes Keep access logs with status codes in the specified range (default "[]")
--accesslog.format Access log format: json | common (default "common")
--accesslogsfile (Deprecated) Access logs file
--acme Enable ACME (Let's Encrypt): automatic SSL (default "false")
--acme.acmelogging Enable debug logging of ACME actions. (default "false")
--acme.caserver CA server to use.
--acme.delaydontcheckdns (Deprecated) Assume DNS propagates after a delay in seconds rather than finding (default "0s")
and querying nameservers.
--acme.dnschallenge Activate DNS-01 Challenge (default "false")
--acme.dnschallenge.delaybeforecheck Assume DNS propagates after a delay in seconds rather than finding and querying (default "0s")
nameservers.
--acme.dnschallenge.disablepropagationcheck Disable the DNS propagation checks before notifying ACME that the DNS challenge (default "false")
is ready. [not recommended]
--acme.dnschallenge.provider Use a DNS-01 based challenge provider rather than HTTPS.
--acme.dnschallenge.resolvers Use following DNS servers to resolve the FQDN authority.
--acme.dnsprovider (Deprecated) Activate DNS-01 Challenge
--acme.domains SANs (alternative domains) to each main domain using format: (default "[]")
--acme.domains='main.com,san1.com,san2.com'
--acme.domains='main.net,san1.net,san2.net'
--acme.email Email address used for registration
--acme.entrypoint Entrypoint to proxy acme challenge to.
--acme.httpchallenge Activate HTTP-01 Challenge (default "false")
--acme.httpchallenge.entrypoint HTTP challenge EntryPoint
--acme.keytype KeyType used for generating certificate private key. Allow value 'EC256',
'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. Default to 'RSA4096'
--acme.ondemand (Deprecated) Enable on demand certificate generation. This will request a (default "false")
certificate from Let's Encrypt during the first TLS handshake for a hostname
that does not yet have a certificate.
--acme.onhostrule Enable certificate generation on frontends Host rules. (default "false")
--acme.overridecertificates Enable to override certificates in key-value store when using storeconfig (default "false")
--acme.storage File or key used for certificates storage.
--acme.tlschallenge Activate TLS-ALPN-01 Challenge (default "false")
--acme.tlsconfig TLS config in case wildcard certs are used (default "false")
--acmeconfig Enable ACME (Let's Encrypt): automatic SSL (default "false")
--acmeconfig.acmelogging Enable debug logging of ACME actions. (default "false")
--acmeconfig.caserver CA server to use.
--acmeconfig.delaydontcheckdns (Deprecated) Assume DNS propagates after a delay in seconds rather than finding (default "0s")
and querying nameservers.
--acmeconfig.dnschallenge Activate DNS-01 Challenge (default "false")
--acmeconfig.dnschallenge.delaybeforecheck Assume DNS propagates after a delay in seconds rather than finding and querying (default "0s")
nameservers.
--acmeconfig.dnschallenge.disablepropagationcheck Disable the DNS propagation checks before notifying ACME that the DNS challenge (default "false")
is ready. [not recommended]
--acmeconfig.dnschallenge.provider Use a DNS-01 based challenge provider rather than HTTPS.
--acmeconfig.dnschallenge.resolvers Use following DNS servers to resolve the FQDN authority.
--acmeconfig.dnsprovider (Deprecated) Activate DNS-01 Challenge
--acmeconfig.domains SANs (alternative domains) to each main domain using format: (default "[]")
--acme.domains='main.com,san1.com,san2.com'
--acme.domains='main.net,san1.net,san2.net'
--acmeconfig.email Email address used for registration
--acmeconfig.entrypoint Entrypoint to proxy acme challenge to.
--acmeconfig.httpchallenge Activate HTTP-01 Challenge (default "false")
--acmeconfig.httpchallenge.entrypoint HTTP challenge EntryPoint
--acmeconfig.keytype KeyType used for generating certificate private key. Allow value 'EC256',
'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. Default to 'RSA4096'
--acmeconfig.ondemand (Deprecated) Enable on demand certificate generation. This will request a (default "false")
certificate from Let's Encrypt during the first TLS handshake for a hostname
that does not yet have a certificate.
--acmeconfig.onhostrule Enable certificate generation on frontends Host rules. (default "false")
--acmeconfig.overridecertificates Enable to override certificates in key-value store when using storeconfig (default "false")
--acmeconfig.storage File or key used for certificates storage.
--acmeconfig.tlschallenge Activate TLS-ALPN-01 Challenge (default "false")
--acmeconfig.tlsconfig TLS config in case wildcard certs are used (default "false")
--allowminweightzero Allow weight to take 0 as minimum real value. (default "false")
--boltdb Enable Boltdb backend with default settings (default "false")
--boltdb.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--boltdb.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false")
--boltdb.endpoint Comma separated server endpoints (default "127.0.0.1:4001")
--boltdb.filename Override default configuration template. For advanced users :)
--boltdb.password KV Password
--boltdb.prefix Prefix used for KV store (default "/traefik")
--boltdb.templateversion Template version. (default "0")
--boltdb.tls Enable TLS support (default "false")
--boltdb.tls.ca TLS CA
--boltdb.tls.caoptional TLS CA.Optional (default "false")
--boltdb.tls.cert TLS cert
--boltdb.tls.insecureskipverify TLS insecure skip verify (default "false")
--boltdb.tls.key TLS key
--boltdb.trace Display additional provider logs (if available). (default "false")
--boltdb.username KV Username
--boltdb.watch Watch provider (default "true")
--checknewversion Periodically check if a new version has been released (default "true")
--clustername Name of the cluster (default "traefikee")
-c, --configfile Path to a traefik TOML configuration file
--constraints Filter services by constraint, matching with service tags (default "[]")
--consul Enable Consul backend with default settings (default "true")
--consul.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--consul.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false")
--consul.endpoint Comma separated server endpoints (default "127.0.0.1:8500")
--consul.filename Override default configuration template. For advanced users :)
--consul.password KV Password
--consul.prefix Prefix used for KV store (default "traefik")
--consul.templateversion Template version. (default "0")
--consul.tls Enable TLS support (default "false")
--consul.tls.ca TLS CA
--consul.tls.caoptional TLS CA.Optional (default "false")
--consul.tls.cert TLS cert
--consul.tls.insecureskipverify TLS insecure skip verify (default "false")
--consul.tls.key TLS key
--consul.trace Display additional provider logs (if available). (default "false")
--consul.username KV Username
--consul.watch Watch provider (default "true")
--consulcatalog Enable Consul catalog backend with default settings (default "true")
--consulcatalog.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--consulcatalog.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false")
--consulcatalog.domain Default domain used
--consulcatalog.endpoint Consul server endpoint (default "127.0.0.1:8500")
--consulcatalog.exposedbydefault Expose Consul services by default (default "true")
--consulcatalog.filename Override default configuration template. For advanced users :)
--consulcatalog.frontendrule Frontend rule used for Consul services
--consulcatalog.prefix Prefix used for Consul catalog tags (default "traefik")
--consulcatalog.stale Use stale consistency for catalog reads (default "false")
--consulcatalog.templateversion Template version. (default "0")
--consulcatalog.tls Enable TLS support (default "false")
--consulcatalog.tls.ca TLS CA
--consulcatalog.tls.caoptional TLS CA.Optional (default "false")
--consulcatalog.tls.cert TLS cert
--consulcatalog.tls.insecureskipverify TLS insecure skip verify (default "false")
--consulcatalog.tls.key TLS key
--consulcatalog.trace Display additional provider logs (if available). (default "false")
--consulcatalog.watch Watch provider (default "false")
-d, --debug Enable debug mode (default "false")
--defaultentrypoints Entrypoints to be used by frontends that do not specify any entrypoint (default "http")
--defaultentrypointsconfig Entrypoints to be used by frontends that do not specify any entrypoint (default "http")
--docker Enable Docker backend with default settings (default "false")
--docker.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--docker.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false")
--docker.domain Default domain used
--docker.endpoint Docker server endpoint. Can be a tcp or a unix socket endpoint (default "unix:///var/run/docker.sock")
--docker.exposedbydefault Expose containers by default (default "true")
--docker.filename Override default configuration template. For advanced users :)
--docker.network Default Docker network used
--docker.swarmmode Use Docker on Swarm Mode (default "false")
--docker.swarmmoderefreshseconds Polling interval for swarm mode (in seconds) (default "15")
--docker.templateversion Template version. (default "0")
--docker.tls Enable Docker TLS support (default "false")
--docker.tls.ca TLS CA
--docker.tls.caoptional TLS CA.Optional (default "false")
--docker.tls.cert TLS cert
--docker.tls.insecureskipverify TLS insecure skip verify (default "false")
--docker.tls.key TLS key
--docker.trace Display additional provider logs (if available). (default "false")
--docker.usebindportip Use the ip address from the bound port, rather than from the inner network (default "false")
--docker.watch Watch provider (default "true")
--dynamodb Enable DynamoDB backend with default settings (default "true")
--dynamodb.accesskeyid The AWS credentials access key to use for making requests
--dynamodb.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--dynamodb.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false")
--dynamodb.endpoint The endpoint of a dynamodb. Used for testing with a local dynamodb
--dynamodb.filename Override default configuration template. For advanced users :)
--dynamodb.refreshseconds Polling interval (in seconds) (default "15")
--dynamodb.region The AWS region to use for requests
--dynamodb.secretaccesskey The AWS credentials secret key to use for making requests
--dynamodb.tablename The AWS dynamodb table that stores configuration for traefik (default "traefik")
--dynamodb.templateversion Template version. (default "0")
--dynamodb.trace Display additional provider logs (if available). (default "false")
--dynamodb.watch Watch provider (default "true")
--ecs Enable ECS backend with default settings (default "true")
--ecs.accesskeyid The AWS credentials access key to use for making requests
--ecs.autodiscoverclusters Auto discover cluster (default "false")
--ecs.cluster deprecated - ECS Cluster name
--ecs.clusters ECS Clusters name (default "[default]")
--ecs.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--ecs.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false")
--ecs.domain Default domain used
--ecs.exposedbydefault Expose containers by default (default "true")
--ecs.filename Override default configuration template. For advanced users :)
--ecs.refreshseconds Polling interval (in seconds) (default "15")
--ecs.region The AWS region to use for requests
--ecs.secretaccesskey The AWS credentials access key to use for making requests
--ecs.templateversion Template version. (default "0")
--ecs.trace Display additional provider logs (if available). (default "false")
--ecs.watch Watch provider (default "true")
--entrypoints Entrypoints definition using format: --entryPoints='Name:http Address::8000 (default "map[]")
Redirect.EntryPoint:https' --entryPoints='Name:https Address::4442
TLS:tests/traefik.crt,tests/traefik.key;prod/traefik.crt,prod/traefik.key'
--etcd Enable Etcd backend with default settings (default "true")
--etcd.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--etcd.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false")
--etcd.endpoint Comma separated server endpoints (default "127.0.0.1:2379")
--etcd.filename Override default configuration template. For advanced users :)
--etcd.password KV Password
--etcd.prefix Prefix used for KV store (default "/traefik")
--etcd.templateversion Template version. (default "0")
--etcd.tls Enable TLS support (default "false")
--etcd.tls.ca TLS CA
--etcd.tls.caoptional TLS CA.Optional (default "false")
--etcd.tls.cert TLS cert
--etcd.tls.insecureskipverify TLS insecure skip verify (default "false")
--etcd.tls.key TLS key
--etcd.trace Display additional provider logs (if available). (default "false")
--etcd.useapiv3 Use ETCD API V3 (default "false")
--etcd.username KV Username
--etcd.watch Watch provider (default "true")
--eureka Enable Eureka backend with default settings (default "true")
--eureka.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--eureka.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false")
--eureka.delay Override default configuration time between refresh (Deprecated) (default "0s")
--eureka.endpoint Eureka server endpoint
--eureka.filename Override default configuration template. For advanced users :)
--eureka.refreshseconds Override default configuration time between refresh (default "30s")
--eureka.templateversion Template version. (default "0")
--eureka.trace Display additional provider logs (if available). (default "false")
--eureka.watch Watch provider (default "false")
--forwardingtimeouts Timeouts for requests forwarded to the backend servers (default "false")
--forwardingtimeouts.dialtimeout The amount of time to wait until a connection to a backend server can be (default "30s")
established. Defaults to 30 seconds. If zero, no timeout exists
--forwardingtimeouts.responseheadertimeout The amount of time to wait for a server's response headers after fully writing (default "0s")
the request (including its body, if any). If zero, no timeout exists
-g, --gracetimeout (Deprecated) Duration to give active requests a chance to finish before Traefik (default "0s")
stops
--healthcheck Health check parameters (default "false")
--healthcheck.interval Default periodicity of enabled health checks (default "30s")
--hostresolver Enable CNAME Flattening (default "false")
--hostresolver.cnameflattening A flag to enable/disable CNAME flattening (default "false")
--hostresolver.resolvconfig resolv.conf used for DNS resolving (default "/etc/resolv.conf")
--hostresolver.resolvdepth The maximal depth of DNS recursive resolving (default "5")
--idletimeout (Deprecated) maximum amount of time an idle (keep-alive) connection will remain (default "0s")
idle before closing itself.
--insecureskipverify Disable SSL certificate verification (default "false")
--kubernetes Enable Kubernetes backend with default settings (default "false")
--kubernetes.certauthfilepath Kubernetes certificate authority file path (not needed for in-cluster client)
--kubernetes.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--kubernetes.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false")
--kubernetes.disablepasshostheaders Kubernetes disable PassHost Headers (default "false")
--kubernetes.enablepasstlscert Kubernetes enable Pass TLS Client Certs (default "false")
--kubernetes.endpoint Kubernetes server endpoint (required for external cluster client)
--kubernetes.filename Override default configuration template. For advanced users :)
--kubernetes.ingressclass Value of kubernetes.io/ingress.class annotation to watch for
--kubernetes.ingressendpoint Kubernetes Ingress Endpoint (default "false")
--kubernetes.ingressendpoint.hostname Hostname used for Kubernetes Ingress endpoints
--kubernetes.ingressendpoint.ip IP used for Kubernetes Ingress endpoints
--kubernetes.ingressendpoint.publishedservice Published Kubernetes Service to copy status from
--kubernetes.labelselector Kubernetes Ingress label selector to use
--kubernetes.namespaces Kubernetes namespaces (default "[]")
--kubernetes.templateversion Template version. (default "0")
--kubernetes.token Kubernetes bearer token (not needed for in-cluster client)
--kubernetes.trace Display additional provider logs (if available). (default "false")
--kubernetes.watch Watch provider (default "true")
--lifecycle Timeouts influencing the server life cycle (default "true")
--lifecycle.gracetimeout Duration to give active requests a chance to finish before Traefik stops (default "10s")
--lifecycle.requestacceptgracetimeout Duration to keep accepting requests before Traefik initiates the graceful (default "0s")
shutdown procedure
-l, --loglevel Log level
--marathon Enable Marathon backend with default settings (default "true")
--marathon.basic Enable basic authentication (default "true")
--marathon.basic.httpbasicauthuser Basic authentication User
--marathon.basic.httpbasicpassword Basic authentication Password
--marathon.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--marathon.dcostoken DCOSToken for DCOS environment, This will override the Authorization header
--marathon.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false")
--marathon.dialertimeout Set a dialer timeout for Marathon (default "5s")
--marathon.domain Default domain used
--marathon.endpoint Marathon server endpoint. You can also specify multiple endpoint for Marathon (default "http://127.0.0.1:8080")
--marathon.exposedbydefault Expose Marathon apps by default (default "true")
--marathon.filename Override default configuration template. For advanced users :)
--marathon.filtermarathonconstraints Enable use of Marathon constraints in constraint filtering (default "false")
--marathon.forcetaskhostname Force to use the task's hostname. (default "false")
--marathon.groupsassubdomains Convert Marathon groups to subdomains (default "false")
--marathon.keepalive Set a TCP Keep Alive time in seconds (default "10s")
--marathon.marathonlbcompatibility Add compatibility with marathon-lb labels (default "false")
--marathon.respectreadinesschecks Filter out tasks with non-successful readiness checks during deployments (default "false")
--marathon.responseheadertimeout Set a response header timeout for Marathon (default "1m0s")
--marathon.templateversion Template version. (default "0")
--marathon.tls Enable TLS support (default "false")
--marathon.tls.ca TLS CA
--marathon.tls.caoptional TLS CA.Optional (default "false")
--marathon.tls.cert TLS cert
--marathon.tls.insecureskipverify TLS insecure skip verify (default "false")
--marathon.tls.key TLS key
--marathon.tlshandshaketimeout Set a TLS handhsake timeout for Marathon (default "5s")
--marathon.trace Display additional provider logs (if available). (default "false")
--marathon.watch Watch provider (default "true")
--maxidleconnsperhost If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, (default "200")
DefaultMaxIdleConnsPerHost is used
--mesos Enable Mesos backend with default settings (default "true")
--mesos.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--mesos.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false")
--mesos.domain Default domain used
--mesos.endpoint Mesos server endpoint. You can also specify multiple endpoint for Mesos (default "http://127.0.0.1:5050")
--mesos.exposedbydefault Expose Mesos apps by default (default "true")
--mesos.filename Override default configuration template. For advanced users :)
--mesos.groupsassubdomains Convert Mesos groups to subdomains (default "false")
--mesos.ipsources IPSources (e.g. host, docker, mesos, netinfo)
--mesos.refreshseconds Polling interval (in seconds) (default "30")
--mesos.statetimeoutsecond HTTP Timeout (in seconds) (default "30")
--mesos.templateversion Template version. (default "0")
--mesos.trace Display additional provider logs (if available). (default "false")
--mesos.watch Watch provider (default "true")
--mesos.zkdetectiontimeout Zookeeper timeout (in seconds) (default "30")
--metrics Enable a metrics exporter (default "true")
--metrics.datadog DataDog metrics exporter type (default "true")
--metrics.datadog.address DataDog's address (default "localhost:8125")
--metrics.datadog.pushinterval DataDog push interval (default "10s")
--metrics.influxdb InfluxDB metrics exporter type (default "true")
--metrics.influxdb.address InfluxDB address (default "localhost:8089")
--metrics.influxdb.database InfluxDB database used when protocol is http
--metrics.influxdb.protocol InfluxDB address protocol (udp or http) (default "udp")
--metrics.influxdb.pushinterval InfluxDB push interval (default "10s")
--metrics.influxdb.retentionpolicy InfluxDB retention policy used when protocol is http
--metrics.prometheus Prometheus metrics exporter type (default "true")
--metrics.prometheus.buckets Buckets for latency metrics (default "[0.1 0.3 1.2 5]")
--metrics.prometheus.entrypoint EntryPoint (default "traefik")
--metrics.statsd StatsD metrics exporter type (default "true")
--metrics.statsd.address StatsD address (default "localhost:8125")
--metrics.statsd.pushinterval StatsD push interval (default "10s")
--providersthrottleduration Backends throttle duration: minimum duration between 2 events from providers (default "2s")
before applying a new configuration. It avoids unnecessary reloads if multiples
events are sent in a short amount of time.
--rancher Enable Rancher backend with default settings (default "true")
--rancher.accesskey Rancher server API access key
--rancher.api Enable the Rancher API provider (default "true")
--rancher.api.accesskey Rancher server API access key
--rancher.api.endpoint Rancher server API HTTP(S) endpoint
--rancher.api.secretkey Rancher server API secret key
--rancher.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--rancher.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false")
--rancher.domain Default domain used
--rancher.enableservicehealthfilter Filter services with unhealthy states and inactive states (default "false")
--rancher.endpoint Rancher server API HTTP(S) endpoint
--rancher.exposedbydefault Expose services by default (default "true")
--rancher.filename Override default configuration template. For advanced users :)
--rancher.metadata Enable the Rancher metadata service provider (default "true")
--rancher.metadata.intervalpoll Poll the Rancher metadata service every 'rancher.refreshseconds' (less accurate) (default "false")
--rancher.metadata.prefix Prefix used for accessing the Rancher metadata service
--rancher.refreshseconds Polling interval (in seconds) (default "15")
--rancher.secretkey Rancher server API secret key
--rancher.templateversion Template version. (default "0")
--rancher.trace Display additional provider logs (if available). (default "false")
--rancher.watch Watch provider (default "true")
--respondingtimeouts Timeouts for incoming requests to the Traefik instance (default "true")
--respondingtimeouts.idletimeout IdleTimeout is the maximum amount duration an idle (keep-alive) connection will (default "3m0s")
remain idle before closing itself. Defaults to 180 seconds. If zero, no timeout
is set
--respondingtimeouts.readtimeout ReadTimeout is the maximum duration for reading the entire request, including (default "0s")
the body. If zero, no timeout is set
--respondingtimeouts.writetimeout WriteTimeout is the maximum duration before timing out writes of the response. (default "0s")
If zero, no timeout is set
--rest Enable Rest backend with default settings (default "true")
--rest.entrypoint EntryPoint (default "traefik")
--retry Enable retry sending request if network error (default "true")
--retry.attempts Number of attempts (default "0")
--rootcas Add cert file for self-signed certificate
--sendanonymoususage send periodically anonymous usage statistics (default "false")
--servicefabric Enable Service Fabric backend with default settings (default "false")
--servicefabric.apiversion Service Fabric API version
--servicefabric.appinsightsbatchsize Number of trace lines per batch, optional (default "0")
--servicefabric.appinsightsclientname The client name, Identifies the cloud instance
--servicefabric.appinsightsinterval The interval for sending data to Application Insights, optional (default "0s")
--servicefabric.appinsightskey Application Insights Instrumentation Key
--servicefabric.clustermanagementurl Service Fabric API endpoint
--servicefabric.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--servicefabric.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false")
--servicefabric.filename Override default configuration template. For advanced users :)
--servicefabric.refreshseconds Polling interval (in seconds) (default "0s")
--servicefabric.templateversion Template version. (default "0")
--servicefabric.tls Enable TLS support (default "false")
--servicefabric.tls.ca TLS CA
--servicefabric.tls.caoptional TLS CA.Optional (default "false")
--servicefabric.tls.cert TLS cert
--servicefabric.tls.insecureskipverify TLS insecure skip verify (default "false")
--servicefabric.tls.key TLS key
--servicefabric.trace Display additional provider logs (if available). (default "false")
--servicefabric.watch Watch provider (default "false")
--tracing OpenTracing configuration (default "false")
--tracing.backend Selects the tracking backend ('jaeger','zipkin', 'datadog'). (default "jaeger")
--tracing.datadog Settings for DataDog (default "false")
--tracing.datadog.debug Enable DataDog debug. (default "false")
--tracing.datadog.globaltag Key:Value tag to be set on all the spans.
--tracing.datadog.localagenthostport Set datadog-agent's host:port that the reporter will used. Defaults to (default "localhost:8126")
localhost:8126
--tracing.datadog.prioritysampling Enable priority sampling. When using distributed tracing, this option must be (default "false")
enabled in order to get all the parts of a distributed trace sampled.
--tracing.jaeger Settings for jaeger (default "false")
--tracing.jaeger.localagenthostport set jaeger-agent's host:port that the reporter will used. (default "127.0.0.1:6831")
--tracing.jaeger.samplingparam set the sampling parameter. (default "1")
--tracing.jaeger.samplingserverurl set the sampling server url. (default "http://localhost:5778/sampling")
--tracing.jaeger.samplingtype set the sampling type. (default "const")
--tracing.jaeger.tracecontextheadername set the header to use for the trace-id. (default "uber-trace-id")
--tracing.servicename Set the name for this service (default "traefik")
--tracing.spannamelimit Set the maximum character limit for Span names (default 0 = no limit) (default "0")
--tracing.zipkin Settings for zipkin (default "false")
--tracing.zipkin.debug Enable Zipkin debug. (default "false")
--tracing.zipkin.httpendpoint HTTP Endpoint to report traces to. (default "http://localhost:9411/api/v1/spans")
--tracing.zipkin.id128bit Use ZipKin 128 bit root span IDs. (default "true")
--tracing.zipkin.samespan Use ZipKin SameSpan RPC style traces. (default "false")
--traefiklog Traefik log settings (default "false")
--traefiklog.filepath Traefik log file path. Stdout is used when omitted or empty
--traefiklog.format Traefik log format: json | common (default "common")
--traefiklogsfile (Deprecated) Traefik logs file. Overrides stdout
--verbose Enable verbose logs (default "false")
--web (Deprecated) Enable Web backend with default settings (default "false")
--web.address (Deprecated) Web administration port (default ":8080")
--web.certfile (Deprecated) SSL certificate
--web.keyfile (Deprecated) SSL certificate
--web.metrics (Deprecated) Enable a metrics exporter (default "false")
--web.metrics.datadog DataDog metrics exporter type (default "false")
--web.metrics.datadog.address DataDog's address (default "localhost:8125")
--web.metrics.datadog.pushinterval DataDog push interval (default "10s")
--web.metrics.influxdb InfluxDB metrics exporter type (default "false")
--web.metrics.influxdb.address InfluxDB address (default "localhost:8089")
--web.metrics.influxdb.database InfluxDB database used when protocol is http
--web.metrics.influxdb.protocol InfluxDB address protocol (udp or http) (default "udp")
--web.metrics.influxdb.pushinterval InfluxDB push interval (default "10s")
--web.metrics.influxdb.retentionpolicy InfluxDB retention policy used when protocol is http
--web.metrics.prometheus Prometheus metrics exporter type (default "false")
--web.metrics.prometheus.buckets Buckets for latency metrics (default "[0.1 0.3 1.2 5]")
--web.metrics.prometheus.entrypoint EntryPoint (default "traefik")
--web.metrics.statsd StatsD metrics exporter type (default "false")
--web.metrics.statsd.address StatsD address (default "localhost:8125")
--web.metrics.statsd.pushinterval StatsD push interval (default "10s")
--web.path (Deprecated) Root path for dashboard and API
--web.readonly (Deprecated) Enable read only API (default "false")
--web.statistics (Deprecated) Enable more detailed statistics (default "false")
--web.statistics.recenterrors Number of recent errors logged (default "10")
--zookeeper Enable Zookeeper backend with default settings (default "false")
--zookeeper.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--zookeeper.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false")
--zookeeper.endpoint Comma separated server endpoints (default "127.0.0.1:2181")
--zookeeper.filename Override default configuration template. For advanced users :)
--zookeeper.password KV Password
--zookeeper.prefix Prefix used for KV store (default "traefik")
--zookeeper.templateversion Template version. (default "0")
--zookeeper.tls Enable TLS support (default "false")
--zookeeper.tls.ca TLS CA
--zookeeper.tls.caoptional TLS CA.Optional (default "false")
--zookeeper.tls.cert TLS cert
--zookeeper.tls.insecureskipverify TLS insecure skip verify (default "false")
--zookeeper.tls.key TLS key
--zookeeper.trace Display additional provider logs (if available). (default "false")
--zookeeper.username KV Username
--zookeeper.watch Watch provider (default "true")
-h, --help Print Help (this message) and exitNote
When a TLS entryPoint is defined, the certificate and the key file have to be present on the machine where the traefikeectl deploy command is launched.
The content of these files is provided in an encoded format to the TraefikEE data-nodes.
Backup (backup)¶
Backups the configuration of a running TraefikEE cluster.
Usage:
traefikeectl backup
traefikeectl backup --clustername='traefikee-cluster' --archivepath='/tmp/traefikee.zip' --archivetype='zip'Flags:
--archivepath Path of the archive to create (default "traefikee-backup")
--archivetype Type of the archive to create (default "tar")
--clustername Name of the cluster (default "traefikee")
--force Force new backup, canceling already running backup and starting a new one (default "false")
-h, --help Print Help (this message) and exitSupport Dump (support-dump)¶
This command generates a dump file with information about the TrafikEE cluster
Usage:
traefikeectl support-dump
# The option `--outputpath` specify the full path for the output file.
traefikeectl support-dump --outputpath=/tmp/dump.tar.gz
# The option `--clustername` specify the TraefikEE cluster name.
traefikeectl support-dump --clustername="mycluster"Flags:
--clustername Name of the cluster (default "traefikee")
--outputpath Output path for the dump file (default "traefikee-support-dump")
-h, --help Print Help (this message) and exi