Static Configuration in TraefikEE

TraefikEE uses the same static configuration system as Traefik with a few additions. Unlike Traefik however, TraefikEE does not require a restart to update the configuration.

To get an overview of the static configuration capabilities, please refer to the static configuration reference.

Applying a Static Configuration

Static Configuration can be applied to a cluster using the apply command in teectl:

teectl apply --file=config.toml

The apply command supports both TOML and YAML static configuration formats.

More information about the apply command can be found in the teectl reference

Getting the Cluster Static Configuration

It is possible to get the currently applied cluster static configuration using teectl:

teectl get static-config

The format of the output can be customized with the --format option.

More information about the get static-config command can be found in the teectl reference

Configuring Authentication Sources

Static Configuration can include Authentication Sources which are required for middleware such as the LDAP authentication to work. An example configuration of an LDAP authentication source can be seen below:

#...

authSources:
  ldapSource:
    ldap:
      url: ldap://ldap.test.svc.cluster.local:389
#...

[authSources]
  [authSources.ldapSource]
    [authSources.ldapSource.ldap]
      url = "ldap://ldap.test.svc.cluster.local:389"

For more information on configuring the LDAP authentication sources, please refer to the LDAP documentation

Cluster Configuration

Cleanup Grace Period

When a proxy fails, it is not immediately removed from the cluster. A grace period (by default 1 Hour) is given to allow the proxy to recover. After this grace period the proxy will be removed from the cluster. The grace period can be configured as follows:

#...

cluster:
  cleanup:
    gracePeriod: 20m
#...

[cluster]
  [cluster.cleanup]
    gracePeriod = "20m"

Docker Swarm Network Discovery

Docker Swarm has to ability to discover new and existing networks on which to find applications to route. The network discovery is disabled by default, and can be enabled with the following cofiguration:

#...

cluster:
  swarm:
    networkdiscovery: true
#...

[cluster]
  [cluster.swarm]
    networkdiscovery = true

More information about network discovery can be found in the documentation.

Examples

Basic Static Configuration

The most basic static configuration must include entry-points and at least one provider:

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

providers:
  kubernetesCRD: {}
[entryPoints]
  [entryPoints.web]
    address = ":80"
  [entryPoints.websecure]
    address = ":443"

[providers.kubernetesCRD]
entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

providers:
  docker:
    swarmMode: true
[entryPoints]
  [entryPoints.web]
    address = ":80"
  [entryPoints.websecure]
    address = ":443"

[providers.docker]
  swarmMode: true  
entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

providers:
  file:
    filename: dynamic_config.yml
[entryPoints]
  [entryPoints.web]
    address = ":80"
  [entryPoints.websecure]
    address = ":443"

[providers]
  [providers.file]
    filename = "dynamic_config.toml"

Customized Configuration for Kubernetes

The following static configuration will configure the Kubernetes CRD provider to watch only the namespaces traefikee and production for routing configuration:

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

providers:
  kubernetesCRD:
    namespaces:
      - traefikee
      - production
[entryPoints]
  [entryPoints.web]
    address = ":80"
  [entryPoints.websecure]
    address = ":443"

[kubernetescrd]
namespaces = ["traefikee", "production"]

More information can be found on Traefik's Kubernetes Ingress Provider page.

Custom Entrypoint

The following static configuration will configure TraefikEE to listen to a custom entrypoint for incoming requests.

entryPoints:
  internal:
    address: ":8888"

providers:
  kubernetesCRD: {}
[entryPoints]
  [entryPoints.internal]
    address = ":8888"
[providers.kubernetesCRD]

Important

When using an orchestrator, TraefikEE creates two network services for:

  • HTTP on port 80
  • HTTPS on port 443

In order to add a custom entrypoint on a different port, it is necessary to configure the network service. This "service" allows incoming requests to reach proxies on the custom entrypoint's port.