Swarm Network Discovery

On Docker Swarm, one of the best practices is to isolate a service within its own network. Unfortunately this creates complexity as Traefik Enterprise has to join a network to expose the web service.

To solve this problem, we built a network discovery system into Traefik Enterprise. When Traefik Enterprise discovers a new exposable service, it updates the data plane service to join the network the service is on.

Service Update

Under the hood Traefik Enterprise performs a service update to join the new network. This will trigger a rolling update of all the replicas. Please make sure that the service update configuration of the data plane is setup correctly.

Enabling Network Discovery

Network Discovery is enabled in the static configuration. Below is an example configuration to enabled Network Discovery:

#...

cluster:
  swarm:
    networkdiscovery: true
#...

[cluster]
  [cluster.swarm]
    networkdiscovery = true

Apply the configuration using teectl apply command:

teectl apply --file=config.toml

Using the Network Discovery

To use the automatic network discovery system, deploy an app with the Traefik Proxy routing information labels. Please make sure to set the traefik.docker.network label with the name of the network you would like Traefik Enterprise to join. Remember that in the context of a docker stack, the network name is prefixed by the stack name if you did not specify it.

Below is an example stack configuration that would instruct Traefik Enterprise to join the network awesome_network and expose the whoami service:

version: '3.4'
networks:
  mynetwork:
    driver: "overlay"
    name: "awesome_network"

services:
  whoami:
    image: traefik/whoami:v1.0.1
    deploy:
      mode: replicated
      replicas: 2
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.whoami.entrypoints=web"
        - "traefik.http.routers.whoami.rule=Host(`localhost`) && Path(`/whoami`)"
        - "traefik.http.services.whoami.loadbalancer.server.port=80"
        - "traefik.docker.network=awesome_network" # <- Note the network name.
    networks:
      - mynetwork