Traefik & Consul¶
A Story of KV store & Containers
Store your configuration in Consul and let Traefik do the rest!
Routing Configuration¶
See the dedicated section in routing.
Provider Configuration¶
endpoints
¶
Required, Default="127.0.0.1:8500"
Defines how to access Consul.
providers:
consul:
endpoints:
- "127.0.0.1:8500"
[providers.consul]
endpoints = ["127.0.0.1:8500"]
--providers.consul.endpoints=127.0.0.1:8500
rootKey
¶
Required, Default="traefik"
Defines the root key of the configuration.
providers:
consul:
rootKey: "traefik"
[providers.consul]
rootKey = "traefik"
--providers.consul.rootkey=traefik
namespaces
¶
Optional, Default=""
The namespaces
option defines the namespaces to query.
When using the namespaces
option, the discovered configuration object names will be suffixed as shown below:
<resource-name>@consul-<namespace>
Warning
The namespaces option only works with Consul Enterprise, which provides the Namespaces feature.
Warning
One should only define either the namespaces
option or the namespace
option.
providers:
consul:
namespaces:
- "ns1"
- "ns2"
# ...
[providers.consul]
namespaces = ["ns1", "ns2"]
# ...
--providers.consul.namespaces=ns1,ns2
# ...
username
¶
Optional, Default=""
Defines a username to connect to Consul with.
providers:
consul:
# ...
username: "foo"
[providers.consul]
# ...
username = "foo"
--providers.consul.username=foo
password
¶
Optional, Default=""
Defines a password with which to connect to Consul.
providers:
consul:
# ...
password: "bar"
[providers.consul]
# ...
password = "bar"
--providers.consul.password=bar
token
¶
Optional, Default=""
Defines a token with which to connect to Consul.
providers:
consul:
# ...
token: "bar"
[providers.consul]
# ...
token = "bar"
--providers.consul.token=bar
tls
¶
Optional
Defines the TLS configuration used for the secure connection to Consul.
ca
¶
Optional
ca
is the path to the certificate authority used for the secure connection to Consul,
it defaults to the system bundle.
providers:
consul:
tls:
ca: path/to/ca.crt
[providers.consul.tls]
ca = "path/to/ca.crt"
--providers.consul.tls.ca=path/to/ca.crt
cert
¶
Optional
cert
is the path to the public certificate used for the secure connection to Consul.
When using this option, setting the key
option is required.
providers:
consul:
tls:
cert: path/to/foo.cert
key: path/to/foo.key
[providers.consul.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
--providers.consul.tls.cert=path/to/foo.cert
--providers.consul.tls.key=path/to/foo.key
key
¶
Optional
key
is the path to the private key used for the secure connection to Consul.
When using this option, setting the cert
option is required.
providers:
consul:
tls:
cert: path/to/foo.cert
key: path/to/foo.key
[providers.consul.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
--providers.consul.tls.cert=path/to/foo.cert
--providers.consul.tls.key=path/to/foo.key
insecureSkipVerify
¶
Optional, Default=false
If insecureSkipVerify
is true
, the TLS connection to Consul accepts any certificate presented by the server regardless of the hostnames it covers.
providers:
consul:
tls:
insecureSkipVerify: true
[providers.consul.tls]
insecureSkipVerify = true
--providers.consul.tls.insecureSkipVerify=true