ECS Backend¶
Træfik can be configured to use Amazon ECS as a backend configuration.
Configuration¶
################################################################
# ECS configuration backend
################################################################
# Enable ECS configuration backend.
[ecs]
# ECS Cluster Name.
#
# DEPRECATED - Please use `clusters`.
#
cluster = "default"
# ECS Clusters Name.
#
# Optional
# Default: ["default"]
#
clusters = ["default"]
# Enable watch ECS changes.
#
# Optional
# Default: true
#
watch = true
# Default domain used.
#
# Optional
# Default: ""
#
domain = "ecs.localhost"
# Enable auto discover ECS clusters.
#
# Optional
# Default: false
#
autoDiscoverClusters = false
# Polling interval (in seconds).
#
# Optional
# Default: 15
#
refreshSeconds = 15
# Expose ECS services by default in Traefik.
#
# Optional
# Default: true
#
exposedByDefault = false
# Region to use when connecting to AWS.
#
# Optional
#
region = "us-east-1"
# AccessKeyID to use when connecting to AWS.
#
# Optional
#
accessKeyID = "abc"
# SecretAccessKey to use when connecting to AWS.
#
# Optional
#
secretAccessKey = "123"
# Override default configuration template.
# For advanced users :)
#
# Optional
#
# filename = "ecs.tmpl"
If AccessKeyID
/SecretAccessKey
is not given credentials will be resolved in the following order:
- From environment variables;
AWS_ACCESS_KEY_ID
,AWS_SECRET_ACCESS_KEY
, andAWS_SESSION_TOKEN
. - Shared credentials, determined by
AWS_PROFILE
andAWS_SHARED_CREDENTIALS_FILE
, defaults todefault
and~/.aws/credentials
. - EC2 instance role or ECS task role
Policy¶
Træfik needs the following policy to read ECS information:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "TraefikECSReadAccess",
"Effect": "Allow",
"Action": [
"ecs:ListClusters",
"ecs:DescribeClusters",
"ecs:ListTasks",
"ecs:DescribeTasks",
"ecs:DescribeContainerInstances",
"ecs:DescribeTaskDefinition",
"ec2:DescribeInstances"
],
"Resource": [
"*"
]
}
]
}
Labels: overriding default behaviour¶
Labels can be used on task containers to override default behaviour:
Label | Description |
---|---|
traefik.protocol=https |
override the default http protocol |
traefik.weight=10 |
assign this weight to the container |
traefik.enable=false |
disable this container in Træfik |
traefik.port=80 |
override the default port value. Overrides NetworkBindings from Docker Container |
traefik.backend.loadbalancer.method=drr |
override the default wrr load balancer algorithm |
traefik.backend.loadbalancer.stickiness=true |
enable backend sticky sessions |
traefik.backend.loadbalancer.stickiness.cookieName=NAME |
Manually set the cookie name for sticky sessions |
traefik.backend.loadbalancer.sticky=true |
enable backend sticky sessions (DEPRECATED) |
traefik.backend.healthcheck.path=/health |
enable health checks for the backend, hitting the container at path |
traefik.backend.healthcheck.interval=1s |
configure the health check interval |
traefik.frontend.rule=Host:test.traefik.io |
override the default frontend rule (Default: Host:{containerName}.{domain} ). |
traefik.frontend.passHostHeader=true |
forward client Host header to the backend. |
traefik.frontend.priority=10 |
override default frontend priority |
traefik.frontend.entryPoints=http,https |
assign this frontend to entry points http and https . Overrides defaultEntryPoints . |
traefik.frontend.auth.basic=EXPR |
Sets basic authentication for that frontend in CSV format: User:Hash,User:Hash |