Static Configuration in TraefikEE¶
TraefikEE uses the same static configuration system as Traefik with a few additions. Unlike Traefik however, TraefikEE does not require a restart to update the configuration.
To get an overview of the static configuration capabilities, please refer to the static configuration reference.
Applying a Static Configuration¶
Static Configuration can be applied to a cluster using the apply
command in teectl
:
teectl apply --file=config.toml
The apply
command supports both TOML and YAML static configuration formats.
More information about the apply
command can be found in the teectl
reference
Getting the Cluster Static Configuration¶
It is possible to get the currently applied cluster static configuration using teectl
:
teectl get static-config
The format of the output can be customized with the --format
option.
More information about the get static-config
command can be found in the teectl
reference
Configuring Authentication Sources¶
Static Configuration can include Authentication Sources which are required for middleware such as the LDAP authentication to work. An example configuration of an LDAP authentication source can be seen below:
#...
authSources:
ldapSource:
ldap:
url: ldap://ldap.test.svc.cluster.local:389
#...
[authSources]
[authSources.ldapSource]
[authSources.ldapSource.ldap]
url = "ldap://ldap.test.svc.cluster.local:389"
For more information on configuring the LDAP authentication sources, please refer to the LDAP documentation
Cluster Configuration¶
Cleanup Grace Period¶
When a proxy fails, it is not immediately removed from the cluster. A grace period (by default 1 Hour) is given to allow the proxy to recover. After this grace period the proxy will be removed from the cluster. The grace period can be configured as follows:
#...
cluster:
cleanup:
gracePeriod: 20m
#...
[cluster]
[cluster.cleanup]
gracePeriod = "20m"
Docker Swarm Network Discovery¶
Docker Swarm has to ability to discover new and existing networks on which to find applications to route. The network discovery is disabled by default, and can be enabled with the following cofiguration:
#...
cluster:
swarm:
networkdiscovery: true
#...
[cluster]
[cluster.swarm]
networkdiscovery = true
More information about network discovery can be found in the documentation.
Examples¶
Basic Static Configuration¶
The most basic static configuration must include entry-points and at least one provider:
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
kubernetesCRD: {}
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[providers.kubernetesCRD]
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
swarmMode: true
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[providers.docker]
swarmMode: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
file:
filename: dynamic_config.yml
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[providers]
[providers.file]
filename = "dynamic_config.toml"
Customized Configuration for Kubernetes¶
The following static configuration will configure the Kubernetes CRD provider to watch only the namespaces
traefikee
and production
for routing configuration:
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
providers:
kubernetesCRD:
namespaces:
- traefikee
- production
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[kubernetescrd]
namespaces = ["traefikee", "production"]
More information can be found on Traefik's Kubernetes Ingress Provider page.
Custom Entrypoint¶
The following static configuration will configure TraefikEE to listen to a custom entrypoint for incoming requests.
entryPoints:
internal:
address: ":8888"
providers:
kubernetesCRD: {}
[entryPoints]
[entryPoints.internal]
address = ":8888"
[providers.kubernetesCRD]
Important
When using an orchestrator, TraefikEE creates two network services for:
- HTTP on port 80
- HTTPS on port 443
In order to add a custom entrypoint on a different port, it is necessary to configure the network service. This "service" allows incoming requests to reach proxies on the custom entrypoint's port.