traefikee
Command-Line Reference¶
The traefikee
command-line manages the elements in your Traefik Enterprise cluster.
Synopsis¶
Check below the list of commands, with their respective flags.
traefikee Traefik Enterprise (Enterprise Edition) is a Cloud Native Edge Routing Platform based on Traefik Proxy,
a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.
Complete documentation is available at https://doc.traefik.io.
Usage: traefikee [command] [resource] [flags]
Use "traefikee [command] --help" for help on any command.
Commands:
controller Start a new controller
proxy Start a new proxy
tokens Get tokens from the cluster
version Print version
Commands¶
The Traefik Enterprise command-line (CLI) provides the following commands:
Start Controller (controller)¶
This command starts a controller and joins it to a cluster.
Usage:
traefikee controller --name="controller-0" --advertise=172.17.0.2:4242 --discovery.static.peers=172.17.0.1:4242,172.17.0.3:4242,172.17.0.4:4242 --license="XXX" --api.bundle="./bundle.zip"
Flags:
--advertise
Address to advertise to peers
--api.addr (Default: ":55055")
Address to listen on for the API
--api.autocerts (Default: "false")
Generate the required mTLS certificates to access the cluster API with teectl
--api.bundle
Specify a certificate bundle to access the cluster API with teectl
--api.socket (Default: "/var/run/traefikee/teectl.sock")
Socket to listen on for the API
--bind (Default: "0.0.0.0:4242")
Address to listen for peers on
--configfile
Static Configuration file to use. If specified the controllers will watch it for modifications.
--discovery.dns.bootstrapexpected (Default: "0")
Number of controllers needed to bootstrap the cluster (DNS Discovery Only)
--discovery.dns.domain
Domain where the controllers are exposed
--discovery.dns.port
Port where the discovered controller can be contacted on
--discovery.static.peers
Comma separated list of peers to connect to
--jointoken.file.path (Default: "/var/run/secrets")
The path to the join tokens
--jointoken.kubernetes.namespace
The kubernetes namespace of the join tokens
--jointoken.kubernetes.prefix
The prefix for join token naming
--jointoken.swarm.certpath
Path to the mTLS certificates
--jointoken.swarm.endpoint
Endpoint to use to access the swarm API
--jointoken.swarm.prefix
The prefix for join token naming
--jointoken.value
The value of the join token
--license
License key to use
--log.filepath
Log file path. Stdout is used when omitted or empty.
--log.format
Log format: json | common
--log.level
Log level set to restrict logs to logs.
--name (Default: "hostname reported by the kernel")
Name of the node
--socket (Default: "/var/run/traefikee/cluster.sock")
Path to the control socket
--statedir (Default: "/var/lib/traefikee")
Path to the state directory
Start Proxy (proxy)¶
This command starts a proxy and joins it to a cluster.
Usage:
traefikee proxy --name="proxy-0" --discovery.static.peers=172.17.0.1:4242,172.17.0.3:4242,172.17.0.4:4242
Flags:
--discovery.dns.domain
Domain where the controllers are exposed
--discovery.dns.port
Port where the discovered server can be contacted
--discovery.static.peers
Comma separated list of peers to join
--distributed.listen (Default: ":8484")
Address to listen to for distributed features
--jointoken.file.path (Default: "/var/run/secrets")
The path to the join tokens
--jointoken.kubernetes.namespace
The kubernetes namespace of the join tokens
--jointoken.kubernetes.prefix
The prefix for join token naming
--jointoken.swarm.certpath
Path to the mTLS certificates
--jointoken.swarm.endpoint
Endpoint to use to access the swarm API
--jointoken.swarm.prefix
The prefix for join token naming
--jointoken.value
The value of the join token
--log.filepath
Log file path. Stdout is used when omitted or empty.
--log.format
Log format: json | common
--log.level
Log level set to restrict logs to logs.
--name (Default: "hostname reported by the kernel")
Name of the node
--statedir (Default: "/var/lib/traefikee")
Path to the state directory
Get Join Tokens (tokens)¶
This command prints the Join Tokens of the cluster.
Usage:
traefikee token
Flags:
--format (Default: "env")
The output format (json | yaml | toml | env)
--socket
Path to the Traefik Enterprise socket
Recover a Cluster (recover)¶
This command recovers a cluster that has lost quorum.
Usage:
traefikee recover
Flags:
--socket
Path to the Traefik Enterprise socket
Generate Cluster Assets (generate)¶
Generate Credentials (generate credentials)¶
This command generates a new set of credentials used to authenticate with the cluster API.
Usage:
traefikee generate credentials --cluster="mycluster"
Flags:
--cluster
The cluster name
--kubernetes (Default: "false")
Kubernetes configuration
--kubernetes.forwardedport (Default: "0")
Local port to forward the API on
--kubernetes.kubeconfig
Path to the local Kubernetes config file (usually $HOME/.kube/config)
--kubernetes.namespace (Default: "traefikee")
Kubernetes namespace to install TraefikEE in
--socket
Path to the TraefikEE socket
--swarm (Default: "false")
Swarm configuration
--swarm.hosts
A comma separated list of hosts/IPs to connect to the TraefikEE Controller API
on
--swarm.port (Default: "55055")
The port on which to connect to the TraefikEE Controller API on
Get Health Status (healthcheck)¶
This command checks the health of an ingress node.
Usage:
traefikee healthcheck
Flags:
--accesslog (Default: "false")
Access log settings.
--accesslog.bufferingsize (Default: "0")
Number of access log lines to process in a buffered way.
--accesslog.fields.defaultmode (Default: "keep")
Default mode for fields: keep | drop
--accesslog.fields.headers.defaultmode (Default: "drop")
Default mode for fields: keep | drop | redact
--accesslog.fields.headers.names.<name> (Default: "")
Override mode for headers
--accesslog.fields.names.<name> (Default: "")
Override mode for fields
--accesslog.filepath (Default: "")
Access log file path. Stdout is used when omitted or empty.
--accesslog.filters.minduration (Default: "0")
Keep access logs when request took longer than the specified duration.
--accesslog.filters.retryattempts (Default: "false")
Keep access logs when at least one retry happened.
--accesslog.filters.statuscodes (Default: "")
Keep access logs with status codes in the specified range.
--accesslog.format (Default: "common")
Access log format: json | common
--api (Default: "false")
Enable api/dashboard.
--api.dashboard (Default: "true")
Activate dashboard.
--api.debug (Default: "false")
Enable additional endpoints for debugging and profiling.
--api.insecure (Default: "false")
Activate API directly on the entryPoint named traefik.
--certificatesresolvers.<name> (Default: "false")
Certificates resolvers configuration.
--certificatesresolvers.<name>.acme.caserver (Default: "https://acme-v02.api.letsencrypt.org/directory")
CA server to use.
--certificatesresolvers.<name>.acme.dnschallenge (Default: "false")
Activate DNS-01 Challenge.
--certificatesresolvers.<name>.acme.dnschallenge.delaybeforecheck (Default: "0")
Assume DNS propagates after a delay in seconds rather than finding and querying
nameservers.
--certificatesresolvers.<name>.acme.dnschallenge.disablepropagationcheck (Default: "false")
Disable the DNS propagation checks before notifying ACME that the DNS challenge
is ready. [not recommended]
--certificatesresolvers.<name>.acme.dnschallenge.provider (Default: "")
Use a DNS-01 based challenge provider rather than HTTPS.
--certificatesresolvers.<name>.acme.dnschallenge.resolvers (Default: "")
Use following DNS servers to resolve the FQDN authority.
--certificatesresolvers.<name>.acme.email (Default: "")
Email address used for registration.
--certificatesresolvers.<name>.acme.httpchallenge (Default: "false")
Activate HTTP-01 Challenge.
--certificatesresolvers.<name>.acme.httpchallenge.entrypoint (Default: "")
HTTP challenge EntryPoint
--certificatesresolvers.<name>.acme.keytype (Default: "RSA4096")
KeyType used for generating certificate private key. Allow value 'EC256',
'EC384', 'RSA2048', 'RSA4096', 'RSA8192'.
--certificatesresolvers.<name>.acme.preferredchain (Default: "")
Preferred chain to use.
--certificatesresolvers.<name>.acme.storage (Default: "acme.json")
Storage to use.
--certificatesresolvers.<name>.acme.tlschallenge (Default: "true")
Activate TLS-ALPN-01 Challenge.
--certificatesresolvers.<name>.vault.enginepath (Default: "pki")
Path under which the Vault PKI secret engine is enabled
--certificatesresolvers.<name>.vault.role (Default: "")
Role to be used to issue certificates
--certificatesresolvers.<name>.vault.token (Default: "")
Token used to authenticate with Vault
--certificatesresolvers.<name>.vault.url (Default: "")
URL of the Vault server
--entrypoints.<name> (Default: "false")
Entry points definition.
--entrypoints.<name>.address (Default: "")
Entry point address.
--entrypoints.<name>.forwardedheaders.insecure (Default: "false")
Trust all forwarded headers.
--entrypoints.<name>.forwardedheaders.trustedips (Default: "")
Trust only forwarded headers from selected IPs.
--entrypoints.<name>.http (Default: "")
HTTP configuration.
--entrypoints.<name>.http.middlewares (Default: "")
Default middlewares for the routers linked to the entry point.
--entrypoints.<name>.http.redirections.entrypoint.permanent (Default: "true")
Applies a permanent redirection.
--entrypoints.<name>.http.redirections.entrypoint.priority (Default: "2147483647")
Priority of the generated router.
--entrypoints.<name>.http.redirections.entrypoint.scheme (Default: "https")
Scheme used for the redirection.
--entrypoints.<name>.http.redirections.entrypoint.to (Default: "")
Targeted entry point of the redirection.
--entrypoints.<name>.http.tls (Default: "false")
Default TLS configuration for the routers linked to the entry point.
--entrypoints.<name>.http.tls.certresolver (Default: "")
Default certificate resolver for the routers linked to the entry point.
--entrypoints.<name>.http.tls.domains (Default: "")
Default TLS domains for the routers linked to the entry point.
--entrypoints.<name>.http.tls.domains[n].main (Default: "")
Default subject name.
--entrypoints.<name>.http.tls.domains[n].sans (Default: "")
Subject alternative names.
--entrypoints.<name>.http.tls.options (Default: "")
Default TLS options for the routers linked to the entry point.
--entrypoints.<name>.proxyprotocol (Default: "false")
Proxy-Protocol configuration.
--entrypoints.<name>.proxyprotocol.insecure (Default: "false")
Trust all.
--entrypoints.<name>.proxyprotocol.trustedips (Default: "")
Trust only selected IPs.
--entrypoints.<name>.transport.lifecycle.gracetimeout (Default: "10")
Duration to give active requests a chance to finish before Traefik stops.
--entrypoints.<name>.transport.lifecycle.requestacceptgracetimeout (Default: "0")
Duration to keep accepting requests before Traefik initiates the graceful
shutdown procedure.
--entrypoints.<name>.transport.respondingtimeouts.idletimeout (Default: "180")
IdleTimeout is the maximum amount duration an idle (keep-alive) connection will
remain idle before closing itself. If zero, no timeout is set.
--entrypoints.<name>.transport.respondingtimeouts.readtimeout (Default: "0")
ReadTimeout is the maximum duration for reading the entire request, including
the body. If zero, no timeout is set.
--entrypoints.<name>.transport.respondingtimeouts.writetimeout (Default: "0")
WriteTimeout is the maximum duration before timing out writes of the response.
If zero, no timeout is set.
--experimental.devplugin.gopath (Default: "")
plugin's GOPATH.
--experimental.devplugin.modulename (Default: "")
plugin's module name.
--experimental.plugins.<name> (Default: "false")
Plugins configuration.
--experimental.plugins.<name>.modulename (Default: "")
plugin's module name.
--experimental.plugins.<name>.version (Default: "")
plugin's version.
--global.checknewversion (Default: "true")
Periodically check if a new version has been released.
--global.sendanonymoususage
Periodically send anonymous usage statistics. If the option is not specified, it
will be enabled by default.
--hostresolver (Default: "false")
Enable CNAME Flattening.
--hostresolver.cnameflattening (Default: "false")
A flag to enable/disable CNAME flattening
--hostresolver.resolvconfig (Default: "/etc/resolv.conf")
resolv.conf used for DNS resolving
--hostresolver.resolvdepth (Default: "5")
The maximal depth of DNS recursive resolving
--log (Default: "false")
Traefik log settings.
--log.filepath (Default: "")
Traefik log file path. Stdout is used when omitted or empty.
--log.format (Default: "common")
Traefik log format: json | common
--log.level (Default: "ERROR")
Log level set to traefik logs.
--metrics.datadog (Default: "false")
Datadog metrics exporter type.
--metrics.datadog.addentrypointslabels (Default: "true")
Enable metrics on entry points.
--metrics.datadog.address (Default: "localhost:8125")
Datadog's address.
--metrics.datadog.addserviceslabels (Default: "true")
Enable metrics on services.
--metrics.datadog.pushinterval (Default: "10")
Datadog push interval.
--metrics.influxdb (Default: "false")
InfluxDB metrics exporter type.
--metrics.influxdb.addentrypointslabels (Default: "true")
Enable metrics on entry points.
--metrics.influxdb.address (Default: "localhost:8089")
InfluxDB address.
--metrics.influxdb.addserviceslabels (Default: "true")
Enable metrics on services.
--metrics.influxdb.database (Default: "")
InfluxDB database used when protocol is http.
--metrics.influxdb.password (Default: "")
InfluxDB password (only with http).
--metrics.influxdb.protocol (Default: "udp")
InfluxDB address protocol (udp or http).
--metrics.influxdb.pushinterval (Default: "10")
InfluxDB push interval.
--metrics.influxdb.retentionpolicy (Default: "")
InfluxDB retention policy used when protocol is http.
--metrics.influxdb.username (Default: "")
InfluxDB username (only with http).
--metrics.prometheus (Default: "false")
Prometheus metrics exporter type.
--metrics.prometheus.addentrypointslabels (Default: "true")
Enable metrics on entry points.
--metrics.prometheus.addserviceslabels (Default: "true")
Enable metrics on services.
--metrics.prometheus.buckets (Default: "0.100000, 0.300000, 1.200000, 5.000000")
Buckets for latency metrics.
--metrics.prometheus.entrypoint (Default: "traefik")
EntryPoint
--metrics.prometheus.manualrouting (Default: "false")
Manual routing
--metrics.statsd (Default: "false")
StatsD metrics exporter type.
--metrics.statsd.addentrypointslabels (Default: "true")
Enable metrics on entry points.
--metrics.statsd.address (Default: "localhost:8125")
StatsD address.
--metrics.statsd.addserviceslabels (Default: "true")
Enable metrics on services.
--metrics.statsd.prefix (Default: "traefik")
Prefix to use for metrics collection.
--metrics.statsd.pushinterval (Default: "10")
StatsD push interval.
--pilot.token (Default: "")
Traefik Pilot token.
--ping (Default: "false")
Enable ping.
--ping.entrypoint (Default: "traefik")
EntryPoint
--ping.manualrouting (Default: "false")
Manual routing
--ping.terminatingstatuscode (Default: "503")
Terminating status code
--providers.consul (Default: "false")
Enable Consul backend with default settings.
--providers.consul.endpoints (Default: "127.0.0.1:8500")
KV store endpoints
--providers.consul.password (Default: "")
KV Password
--providers.consul.rootkey (Default: "traefik")
Root key used for KV store
--providers.consul.tls.ca (Default: "")
TLS CA
--providers.consul.tls.caoptional (Default: "false")
TLS CA.Optional
--providers.consul.tls.cert (Default: "")
TLS cert
--providers.consul.tls.insecureskipverify (Default: "false")
TLS insecure skip verify
--providers.consul.tls.key (Default: "")
TLS key
--providers.consul.username (Default: "")
KV Username
--providers.consulcatalog.cache (Default: "false")
Use local agent caching for catalog reads.
--providers.consulcatalog.constraints (Default: "")
Constraints is an expression that Traefik matches against the container's labels
to determine whether to create any route for that container.
--providers.consulcatalog.defaultrule (Default: "Host(`{{ normalize .Name }}`)")
Default rule.
--providers.consulcatalog.endpoint.address (Default: "http://127.0.0.1:8500")
The address of the Consul server
--providers.consulcatalog.endpoint.datacenter (Default: "")
Data center to use. If not provided, the default agent data center is used
--providers.consulcatalog.endpoint.endpointwaittime (Default: "0")
WaitTime limits how long a Watch will block. If not provided, the agent default
values will be used
--providers.consulcatalog.endpoint.httpauth.password (Default: "")
Basic Auth password
--providers.consulcatalog.endpoint.httpauth.username (Default: "")
Basic Auth username
--providers.consulcatalog.endpoint.scheme (Default: "")
The URI scheme for the Consul server
--providers.consulcatalog.endpoint.tls.ca (Default: "")
TLS CA
--providers.consulcatalog.endpoint.tls.caoptional (Default: "false")
TLS CA.Optional
--providers.consulcatalog.endpoint.tls.cert (Default: "")
TLS cert
--providers.consulcatalog.endpoint.tls.insecureskipverify (Default: "false")
TLS insecure skip verify
--providers.consulcatalog.endpoint.tls.key (Default: "")
TLS key
--providers.consulcatalog.endpoint.token (Default: "")
Token is used to provide a per-request ACL token which overrides the agent's
default token
--providers.consulcatalog.exposedbydefault (Default: "true")
Expose containers by default.
--providers.consulcatalog.prefix (Default: "traefik")
Prefix for consul service tags. Default 'traefik'
--providers.consulcatalog.refreshinterval (Default: "15")
Interval for check Consul API. Default 100ms
--providers.consulcatalog.requireconsistent (Default: "false")
Forces the read to be fully consistent.
--providers.consulcatalog.stale (Default: "false")
Use stale consistency for catalog reads.
--providers.docker (Default: "false")
Enable Docker backend with default settings.
--providers.docker.constraints (Default: "")
Constraints is an expression that Traefik matches against the container's labels
to determine whether to create any route for that container.
--providers.docker.defaultrule (Default: "Host(`{{ normalize .Name }}`)")
Default rule.
--providers.docker.endpoint (Default: "unix:///var/run/docker.sock")
Docker server endpoint. Can be a tcp or a unix socket endpoint.
--providers.docker.exposedbydefault (Default: "true")
Expose containers by default.
--providers.docker.network (Default: "")
Default Docker network used.
--providers.docker.swarmmode (Default: "false")
Use Docker on Swarm Mode.
--providers.docker.swarmmoderefreshseconds (Default: "15")
Polling interval for swarm mode.
--providers.docker.tls.ca (Default: "")
TLS CA
--providers.docker.tls.caoptional (Default: "false")
TLS CA.Optional
--providers.docker.tls.cert (Default: "")
TLS cert
--providers.docker.tls.insecureskipverify (Default: "false")
TLS insecure skip verify
--providers.docker.tls.key (Default: "")
TLS key
--providers.docker.usebindportip (Default: "false")
Use the ip address from the bound port, rather than from the inner network.
--providers.docker.watch (Default: "true")
Watch Docker Swarm events.
--providers.ecs.accesskeyid (Default: "")
The AWS credentials access key to use for making requests
--providers.ecs.autodiscoverclusters (Default: "false")
Auto discover cluster
--providers.ecs.clusters (Default: "default")
ECS Clusters name
--providers.ecs.constraints (Default: "")
Constraints is an expression that Traefik matches against the container's labels
to determine whether to create any route for that container.
--providers.ecs.defaultrule (Default: "Host(`{{ normalize .Name }}`)")
Default rule.
--providers.ecs.exposedbydefault (Default: "true")
Expose services by default
--providers.ecs.refreshseconds (Default: "15")
Polling interval (in seconds)
--providers.ecs.region (Default: "")
The AWS region to use for requests
--providers.ecs.secretaccesskey (Default: "")
The AWS credentials access key to use for making requests
--providers.etcd (Default: "false")
Enable Etcd backend with default settings.
--providers.etcd.endpoints (Default: "127.0.0.1:2379")
KV store endpoints
--providers.etcd.password (Default: "")
KV Password
--providers.etcd.rootkey (Default: "traefik")
Root key used for KV store
--providers.etcd.tls.ca (Default: "")
TLS CA
--providers.etcd.tls.caoptional (Default: "false")
TLS CA.Optional
--providers.etcd.tls.cert (Default: "")
TLS cert
--providers.etcd.tls.insecureskipverify (Default: "false")
TLS insecure skip verify
--providers.etcd.tls.key (Default: "")
TLS key
--providers.etcd.username (Default: "")
KV Username
--providers.file.debugloggeneratedtemplate (Default: "false")
Enable debug logging of generated configuration template.
--providers.file.directory (Default: "")
Load dynamic configuration from one or more .toml or .yml files in a directory.
--providers.file.filename (Default: "")
Load dynamic configuration from a file.
--providers.file.watch (Default: "true")
Watch provider.
--providers.http (Default: "false")
Enable HTTP backend with default settings.
--providers.http.endpoint (Default: "")
Load configuration from this endpoint.
--providers.http.pollinterval (Default: "5")
Polling interval for endpoint.
--providers.http.polltimeout (Default: "5")
Polling timeout for endpoint.
--providers.http.tls.ca (Default: "")
TLS CA
--providers.http.tls.caoptional (Default: "false")
TLS CA.Optional
--providers.http.tls.cert (Default: "")
TLS cert
--providers.http.tls.insecureskipverify (Default: "false")
TLS insecure skip verify
--providers.http.tls.key (Default: "")
TLS key
--providers.kubernetescrd (Default: "false")
Enable Kubernetes backend with default settings.
--providers.kubernetescrd.certauthfilepath (Default: "")
Kubernetes certificate authority file path (not needed for in-cluster client).
--providers.kubernetescrd.disablepasshostheaders (Default: "false")
Kubernetes disable PassHost Headers.
--providers.kubernetescrd.endpoint (Default: "")
Kubernetes server endpoint (required for external cluster client).
--providers.kubernetescrd.ingressclass (Default: "")
Value of kubernetes.io/ingress.class annotation to watch for.
--providers.kubernetescrd.labelselector (Default: "")
Kubernetes label selector to use.
--providers.kubernetescrd.namespaces (Default: "")
Kubernetes namespaces.
--providers.kubernetescrd.throttleduration (Default: "0")
Ingress refresh throttle duration
--providers.kubernetescrd.token (Default: "")
Kubernetes bearer token (not needed for in-cluster client).
--providers.kubernetesingress (Default: "false")
Enable Kubernetes backend with default settings.
--providers.kubernetesingress.certauthfilepath (Default: "")
Kubernetes certificate authority file path (not needed for in-cluster client).
--providers.kubernetesingress.disablepasshostheaders (Default: "false")
Kubernetes disable PassHost Headers.
--providers.kubernetesingress.endpoint (Default: "")
Kubernetes server endpoint (required for external cluster client).
--providers.kubernetesingress.ingressclass (Default: "")
Value of kubernetes.io/ingress.class annotation to watch for.
--providers.kubernetesingress.ingressendpoint.hostname (Default: "")
Hostname used for Kubernetes Ingress endpoints.
--providers.kubernetesingress.ingressendpoint.ip (Default: "")
IP used for Kubernetes Ingress endpoints.
--providers.kubernetesingress.ingressendpoint.publishedservice (Default: "")
Published Kubernetes Service to copy status from.
--providers.kubernetesingress.labelselector (Default: "")
Kubernetes Ingress label selector to use.
--providers.kubernetesingress.namespaces (Default: "")
Kubernetes namespaces.
--providers.kubernetesingress.throttleduration (Default: "0")
Ingress refresh throttle duration
--providers.kubernetesingress.token (Default: "")
Kubernetes bearer token (not needed for in-cluster client).
--providers.marathon (Default: "false")
Enable Marathon backend with default settings.
--providers.marathon.basic.httpbasicauthuser (Default: "")
Basic authentication User.
--providers.marathon.basic.httpbasicpassword (Default: "")
Basic authentication Password.
--providers.marathon.constraints (Default: "")
Constraints is an expression that Traefik matches against the application's
labels to determine whether to create any route for that application.
--providers.marathon.dcostoken (Default: "")
DCOSToken for DCOS environment, This will override the Authorization header.
--providers.marathon.defaultrule (Default: "Host(`{{ normalize .Name }}`)")
Default rule.
--providers.marathon.dialertimeout (Default: "5")
Set a dialer timeout for Marathon.
--providers.marathon.endpoint (Default: "http://127.0.0.1:8080")
Marathon server endpoint. You can also specify multiple endpoint for Marathon.
--providers.marathon.exposedbydefault (Default: "true")
Expose Marathon apps by default.
--providers.marathon.forcetaskhostname (Default: "false")
Force to use the task's hostname.
--providers.marathon.keepalive (Default: "10")
Set a TCP Keep Alive time.
--providers.marathon.respectreadinesschecks (Default: "false")
Filter out tasks with non-successful readiness checks during deployments.
--providers.marathon.responseheadertimeout (Default: "60")
Set a response header timeout for Marathon.
--providers.marathon.tls.ca (Default: "")
TLS CA
--providers.marathon.tls.caoptional (Default: "false")
TLS CA.Optional
--providers.marathon.tls.cert (Default: "")
TLS cert
--providers.marathon.tls.insecureskipverify (Default: "false")
TLS insecure skip verify
--providers.marathon.tls.key (Default: "")
TLS key
--providers.marathon.tlshandshaketimeout (Default: "5")
Set a TLS handshake timeout for Marathon.
--providers.marathon.trace (Default: "false")
Display additional provider logs.
--providers.marathon.watch (Default: "true")
Watch provider.
--providers.plugin.vault.enginepath (Default: "secret")
Path under which the KV secret engine is enabled
--providers.plugin.vault.rescaninterval (Default: "60")
Interval to rescan all certificates for changes
--providers.plugin.vault.syncinterval (Default: "5")
Interval to synchronize new and deleted certificates
--providers.plugin.vault.token (Default: "")
Token used to authenticate with the API
--providers.plugin.vault.url (Default: "")
URL of the Vault API
--providers.providersthrottleduration (Default: "2")
Backends throttle duration: minimum duration between 2 events from providers
before applying a new configuration. It avoids unnecessary reloads if multiples
events are sent in a short amount of time.
--providers.rancher (Default: "false")
Enable Rancher backend with default settings.
--providers.rancher.constraints (Default: "")
Constraints is an expression that Traefik matches against the container's labels
to determine whether to create any route for that container.
--providers.rancher.defaultrule (Default: "Host(`{{ normalize .Name }}`)")
Default rule.
--providers.rancher.enableservicehealthfilter (Default: "true")
Filter services with unhealthy states and inactive states.
--providers.rancher.exposedbydefault (Default: "true")
Expose containers by default.
--providers.rancher.intervalpoll (Default: "false")
Poll the Rancher metadata service every 'rancher.refreshseconds' (less
accurate).
--providers.rancher.prefix (Default: "latest")
Prefix used for accessing the Rancher metadata service.
--providers.rancher.refreshseconds (Default: "15")
Defines the polling interval in seconds.
--providers.rancher.watch (Default: "true")
Watch provider.
--providers.redis (Default: "false")
Enable Redis backend with default settings.
--providers.redis.endpoints (Default: "127.0.0.1:6379")
KV store endpoints
--providers.redis.password (Default: "")
KV Password
--providers.redis.rootkey (Default: "traefik")
Root key used for KV store
--providers.redis.tls.ca (Default: "")
TLS CA
--providers.redis.tls.caoptional (Default: "false")
TLS CA.Optional
--providers.redis.tls.cert (Default: "")
TLS cert
--providers.redis.tls.insecureskipverify (Default: "false")
TLS insecure skip verify
--providers.redis.tls.key (Default: "")
TLS key
--providers.redis.username (Default: "")
KV Username
--providers.rest (Default: "false")
Enable Rest backend with default settings.
--providers.rest.insecure (Default: "false")
Activate REST Provider directly on the entryPoint named traefik.
--providers.zookeeper (Default: "false")
Enable ZooKeeper backend with default settings.
--providers.zookeeper.endpoints (Default: "127.0.0.1:2181")
KV store endpoints
--providers.zookeeper.password (Default: "")
KV Password
--providers.zookeeper.rootkey (Default: "traefik")
Root key used for KV store
--providers.zookeeper.tls.ca (Default: "")
TLS CA
--providers.zookeeper.tls.caoptional (Default: "false")
TLS CA.Optional
--providers.zookeeper.tls.cert (Default: "")
TLS cert
--providers.zookeeper.tls.insecureskipverify (Default: "false")
TLS insecure skip verify
--providers.zookeeper.tls.key (Default: "")
TLS key
--providers.zookeeper.username (Default: "")
KV Username
--serverstransport.forwardingtimeouts.dialtimeout (Default: "30")
The amount of time to wait until a connection to a backend server can be
established. If zero, no timeout exists.
--serverstransport.forwardingtimeouts.idleconntimeout (Default: "90")
The maximum period for which an idle HTTP keep-alive connection will remain open
before closing itself
--serverstransport.forwardingtimeouts.responseheadertimeout (Default: "0")
The amount of time to wait for a server's response headers after fully writing
the request (including its body, if any). If zero, no timeout exists.
--serverstransport.insecureskipverify (Default: "false")
Disable SSL certificate verification.
--serverstransport.maxidleconnsperhost (Default: "200")
If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero,
DefaultMaxIdleConnsPerHost is used
--serverstransport.rootcas (Default: "")
Add cert file for self-signed certificate.
--tracing (Default: "false")
OpenTracing configuration.
--tracing.datadog (Default: "false")
Settings for Datadog.
--tracing.datadog.bagageprefixheadername (Default: "")
Specifies the header name prefix that will be used to store baggage items in a
map.
--tracing.datadog.debug (Default: "false")
Enable Datadog debug.
--tracing.datadog.globaltag (Default: "")
Key:Value tag to be set on all the spans.
--tracing.datadog.localagenthostport (Default: "localhost:8126")
Set datadog-agent's host:port that the reporter will used.
--tracing.datadog.parentidheadername (Default: "")
Specifies the header name that will be used to store the parent ID.
--tracing.datadog.prioritysampling (Default: "false")
Enable priority sampling. When using distributed tracing, this option must be
enabled in order to get all the parts of a distributed trace sampled.
--tracing.datadog.samplingpriorityheadername (Default: "")
Specifies the header name that will be used to store the sampling priority.
--tracing.datadog.traceidheadername (Default: "")
Specifies the header name that will be used to store the trace ID.
--tracing.elastic (Default: "false")
Settings for Elastic.
--tracing.elastic.secrettoken (Default: "")
Set the token used to connect to Elastic APM Server.
--tracing.elastic.serverurl (Default: "")
Set the URL of the Elastic APM server.
--tracing.elastic.serviceenvironment (Default: "")
Set the name of the environment Traefik is deployed in, e.g. 'production' or
'staging'.
--tracing.haystack (Default: "false")
Settings for Haystack.
--tracing.haystack.baggageprefixheadername (Default: "")
Specifies the header name prefix that will be used to store baggage items in a
map.
--tracing.haystack.globaltag (Default: "")
Key:Value tag to be set on all the spans.
--tracing.haystack.localagenthost (Default: "127.0.0.1")
Set haystack-agent's host that the reporter will used.
--tracing.haystack.localagentport (Default: "35000")
Set haystack-agent's port that the reporter will used.
--tracing.haystack.parentidheadername (Default: "")
Specifies the header name that will be used to store the parent ID.
--tracing.haystack.spanidheadername (Default: "")
Specifies the header name that will be used to store the span ID.
--tracing.haystack.traceidheadername (Default: "")
Specifies the header name that will be used to store the trace ID.
--tracing.instana (Default: "false")
Settings for Instana.
--tracing.instana.localagenthost (Default: "")
Set instana-agent's host that the reporter will used.
--tracing.instana.localagentport (Default: "42699")
Set instana-agent's port that the reporter will used.
--tracing.instana.loglevel (Default: "info")
Set instana-agent's log level. ('error','warn','info','debug')
--tracing.jaeger (Default: "false")
Settings for Jaeger.
--tracing.jaeger.collector.endpoint (Default: "")
Instructs reporter to send spans to jaeger-collector at this URL.
--tracing.jaeger.collector.password (Default: "")
Password for basic http authentication when sending spans to jaeger-collector.
--tracing.jaeger.collector.user (Default: "")
User for basic http authentication when sending spans to jaeger-collector.
--tracing.jaeger.disableattemptreconnecting (Default: "true")
Disable the periodic re-resolution of the agent's hostname and reconnection if
there was a change.
--tracing.jaeger.gen128bit (Default: "false")
Generate 128 bit span IDs.
--tracing.jaeger.localagenthostport (Default: "127.0.0.1:6831")
Set jaeger-agent's host:port that the reporter will used.
--tracing.jaeger.propagation (Default: "jaeger")
Which propagation format to use (jaeger/b3).
--tracing.jaeger.samplingparam (Default: "1.000000")
Set the sampling parameter.
--tracing.jaeger.samplingserverurl (Default: "http://localhost:5778/sampling")
Set the sampling server url.
--tracing.jaeger.samplingtype (Default: "const")
Set the sampling type.
--tracing.jaeger.tracecontextheadername (Default: "uber-trace-id")
Set the header to use for the trace-id.
--tracing.servicename (Default: "traefik")
Set the name for this service.
--tracing.spannamelimit (Default: "0")
Set the maximum character limit for Span names (default 0 = no limit).
--tracing.zipkin (Default: "false")
Settings for Zipkin.
--tracing.zipkin.httpendpoint (Default: "http://localhost:9411/api/v2/spans")
HTTP Endpoint to report traces to.
--tracing.zipkin.id128bit (Default: "true")
Use Zipkin 128 bit root span IDs.
--tracing.zipkin.samespan (Default: "false")
Use Zipkin SameSpan RPC style traces.
--tracing.zipkin.samplerate (Default: "1.000000")
The rate between 0.0 and 1.0 of requests to trace.
Show the Version (version)¶
This command shows the Traefik Enterprise version.
Usage:
traefikee version