homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Support YAML for the dynamic configuration.

Browse source
This commit is contained in:
Ludovic Fernandez 2019-06-26 18:18:04 +02:00 committed by Traefiker Bot
parent 96962dd21f
commit e69d4cba88
36 changed files with 1529 additions and 289 deletions
Download patch file Download diff file Expand all files Collapse all files

7
docs/content/getting-started/configuration-overview.md
View file

@ -49,7 +49,12 @@ Once positioned, this option sets (and resets) all the default values of the sub
### Configuration File
At startup, Traefik searches for a file named `traefik.toml` in `/etc/traefik/`, `$XDG_CONFIG_HOME/`, `$HOME/.config/`, and `.` (_the working directory_).
At startup, Traefik searches for a file named `traefik.toml` (or `traefik.yml` or `traefik.yaml`) in:
- `/etc/traefik/`
- `$XDG_CONFIG_HOME/`
- `$HOME/.config/`
- `.` (_the working directory_).
You can override this using the `configFile` argument.

122
docs/content/providers/file.md
View file

@ -3,10 +3,10 @@
Good Old Configuration File
{: .subtitle }
The file provider lets you define the [dynamic configuration](./overview.md) in a `toml` file.
The file provider lets you define the [dynamic configuration](./overview.md) in a TOML or YAML file.
You can write these configuration elements:
* At the end of the main Traefik configuration file (by default: `traefik.toml`).
* At the end of the main Traefik configuration file (by default: `traefik.toml`/`traefik.yml`/`traefik.yaml`).
* In [a dedicated file](#filename)
* In [several dedicated files](#directory)
@ -20,10 +20,20 @@ You can write these configuration elements:
??? example "Declaring Routers, Middlewares & Services"
``` toml
# Enabling the file provider
[providers.file]
Enabling the file provider:
```toml tab="TOML"
[providers.file]
```
```yaml tab="YAML"
providers:
file: {}
```
Declaring Routers, Middlewares & Services:
```toml tab="TOML"
[http]
# Add the router
[http.routers]
@ -49,6 +59,32 @@ You can write these configuration elements:
[[http.services.service-foo.LoadBalancer.Servers]]
url = "http://bar/"
```
```yaml tab="YAML"
http:
routers:
router0:
entrypoints:
- web
middlewares:
- my-basic-auth
service: service-foo
rule: Path(`foo`)
middlewares:
my-basic-auth:
basicAuth:
users:
- test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
- test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
usersfile: etc/traefik/.htpasswd
headerfield: ""
services:
service-foo:
loadbalancer:
servers:
- url: http://foo/
- url: http://bar/
```
## Provider Configuration Options
@ -61,24 +97,36 @@ _Optional_
Defines the path of the configuration file.
```toml
```toml tab="TOML"
[providers]
[providers.file]
filename = "rules.toml"
```
```yaml tab="YAML"
providers:
file:
filename: rules.yaml
```
### `directory`
_Optional_
Defines the directory that contains the configuration files.
```toml
```toml tab="TOML"
[providers]
[providers.file]
directory = "/path/to/config"
```
```yaml tab="YAML"
providers:
file:
directory: /path/to/config
```
### `watch`
_Optional_
@ -86,24 +134,32 @@ _Optional_
Set the `watch` option to `true` to allow Traefik to automatically watch for file changes.
It works with both the `filename` and the `directory` options.
```toml
```toml tab="TOML"
[providers]
[providers.file]
filename = "rules.toml"
watch = true
```
### TOML Templating
```yaml tab="YAML"
providers:
file:
filename: rules.yml
watch: true
```
### Go Templating
!!! warning
TOML templating only works along with dedicated configuration files. Templating does not work in the Traefik main configuration file.
Go Templating only works along with dedicated configuration files.
Templating does not work in the Traefik main configuration file.
Traefik allows using TOML templating.
Traefik allows using Go templating.
Thus, it's possible to define easily lot of routers, services and TLS certificates as described in the file `template-rules.toml` :
??? example "Configuring Using Templating"
```toml
```toml tab="TOML"
# template-rules.toml
[http]
@ -149,3 +205,43 @@ Thus, it's possible to define easily lot of routers, services and TLS certificat
# ...
{{ end }}
```
```yaml tab="YAML"
http:
{{range $i, $e := until 100 }}
routers:
router{{ $e }:
# ...
{{end}}
{{range $i, $e := until 100 }}
services:
application{{ $e }}:
# ...
{{end}}
tcp:
{{range $i, $e := until 100 }}
routers:
router{{ $e }:
# ...
{{end}}
{{range $i, $e := until 100 }}
services:
service{{ $e }}:
# ...
{{end}}
{{ range $i, $e := until 10 }}
tls:
store:
- "my-store-foo-{{ $e }}"
- "my-store-bar-{{ $e }}"
certificate:
certfile: "/etc/traefik/cert-{{ $e }}.pem"
keyfile: "/etc/traefik/cert-{{ $e }}.key"
{{end}}
```

8
docs/content/reference/dynamic-configuration/file.md
View file

@ -1,8 +1,12 @@
# File Configuration Reference
Dynamic configuration with toml files
Dynamic configuration with files
{: .subtitle }
```toml
```toml tab="TOML"
--8<-- "content/reference/dynamic-configuration/file.toml"
```
```yml tab="YAML"
--8<-- "content/reference/dynamic-configuration/file.yaml"
```

294
docs/content/reference/dynamic-configuration/file.yaml Normal file
View file

@ -0,0 +1,294 @@
http:
routers:
Router0:
entrypoints:
- foobar
- foobar
middlewares:
- foobar
- foobar
service: foobar
rule: foobar
priority: 42
tls:
options: TLS0
middlewares:
Middleware0:
addPrefix:
prefix: foobar
Middleware1:
stripPrefix:
prefixes:
- foobar
- foobar
Middleware2:
stripPrefixRegex:
regex:
- foobar
- foobar
Middleware3:
replacePath:
path: foobar
Middleware4:
replacePathRegex:
regex: foobar
replacement: foobar
Middleware5:
chain:
middlewares:
- foobar
- foobar
Middleware6:
ipWhiteList:
sourcerange:
- foobar
- foobar
ipstrategy: null
Middleware7:
ipWhiteList:
sourcerange: []
ipstrategy:
depth: 42
excludedips:
- foobar
- foobar
Middleware8:
headers:
customrequestheaders:
name0: foobar
name1: foobar
customresponseheaders:
name0: foobar
name1: foobar
accesscontrolallowcredentials: true
accesscontrolallowheaders:
- foobar
- foobar
accesscontrolallowmethods:
- foobar
- foobar
accesscontrolalloworigin: foobar
accesscontrolexposeheaders:
- foobar
- foobar
accesscontrolmaxage: 42
addvaryheader: true
allowedhosts:
- foobar
- foobar
hostsproxyheaders:
- foobar
- foobar
sslredirect: true
ssltemporaryredirect: true
sslhost: foobar
sslproxyheaders:
name0: foobar
name1: foobar
sslforcehost: true
stsseconds: 42
stsincludesubdomains: true
stspreload: true
forcestsheader: true
framedeny: true
customframeoptionsvalue: foobar
contenttypenosniff: true
browserxssfilter: true
custombrowserxssvalue: foobar
contentsecuritypolicy: foobar
publickey: foobar
referrerpolicy: foobar
isdevelopment: true
Middleware9:
errors:
status:
- foobar
- foobar
service: foobar
query: foobar
Middleware10:
rateLimit:
rateset:
Rate0:
period: 42000000000
average: 42
burst: 42
Rate1:
period: 42000000000
average: 42
burst: 42
extractorfunc: foobar
Middleware11:
redirectRegex:
regex: foobar
replacement: foobar
permanent: true
Middleware12:
redirectScheme:
scheme: foobar
port: foobar
permanent: true
Middleware13:
basicAuth:
users:
- foobar
- foobar
usersfile: foobar
realm: foobar
removeheader: true
headerfield: foobar
Middleware14:
digestAuth:
users:
- foobar
- foobar
usersfile: foobar
removeheader: true
realm: foobar
headerfield: foobar
Middleware15:
forwardAuth:
address: foobar
tls:
ca: foobar
caoptional: true
cert: foobar
key: foobar
insecureskipverify: true
trustforwardheader: true
authresponseheaders:
- foobar
- foobar
Middleware16:
maxConn:
amount: 42
extractorfunc: foobar
Middleware17:
buffering:
maxrequestbodybytes: 42
memrequestbodybytes: 42
maxresponsebodybytes: 42
memresponsebodybytes: 42
retryexpression: foobar
Middleware18:
circuitBreaker:
expression: foobar
Middleware19:
compress: {}
Middleware20:
passTLSClientCert:
pem: true
info:
notafter: true
notbefore: true
sans: true
subject:
country: true
province: true
locality: true
organization: true
commonname: true
serialnumber: true
domaincomponent: true
issuer:
country: true
province: true
locality: true
organization: true
commonname: true
serialnumber: true
domaincomponent: true
Middleware21:
retry:
attempts: 42
services:
Service0:
loadbalancer:
stickiness:
cookiename: foobar
securecookie: false
httponlycookie: false
servers:
- url: foobar
scheme: ""
port: ""
- url: foobar
scheme: ""
port: ""
healthcheck:
scheme: foobar
path: foobar
port: 42
interval: foobar
timeout: foobar
hostname: foobar
headers:
name0: foobar
name1: foobar
passhostheader: true
responseforwarding:
flushinterval: foobar
tcp:
routers:
TCPRouter0:
entrypoints:
- foobar
- foobar
service: foobar
rule: foobar
tls:
passthrough: true
options: TLS1
services:
TCPService0:
loadbalancer:
servers:
- address: foobar
port: ""
- address: foobar
port: ""
tls:
- stores:
- foobar
- foobar
certificate:
certfile: foobar
keyfile: foobar
- stores:
- foobar
- foobar
certificate:
certfile: foobar
keyfile: foobar
tlsoptions:
TLS0:
minversion: foobar
ciphersuites:
- foobar
- foobar
clientca:
files:
- foobar
- foobar
optional: true
snistrict: true
TLS1:
minversion: foobar
ciphersuites:
- foobar
- foobar
clientca:
files:
- foobar
- foobar
optional: true
snistrict: true
tlsstores:
Store0:
defaultcertificate:
certfile: foobar
keyfile: foobar
Store1:
defaultcertificate:
certfile: foobar
keyfile: foobar

8
docs/content/reference/static-configuration/file.md
View file

@ -1,7 +1,9 @@
# Static Configuration: File
## TOML
```toml
```toml tab="TOML"
--8<-- "content/reference/static-configuration/file.toml"
```
```yml tab="YAML"
--8<-- "content/reference/static-configuration/file.yaml"
```

6
docs/content/reference/static-configuration/file.toml
View file

@ -133,16 +133,16 @@
[Metrics.Datadog]
Address = "foobar"
PushInterval = "foobar"
PushInterval = "10s"
[Metrics.StatsD]
Address = "foobar"
PushInterval = "foobar"
PushInterval = "10s"
[Metrics.InfluxDB]
Address = "foobar"
Protocol = "foobar"
PushInterval = "foobar"
PushInterval = "10s"
Database = "foobar"
RetentionPolicy = "foobar"
Username = "foobar"

240
docs/content/reference/static-configuration/file.yaml Normal file
View file

@ -0,0 +1,240 @@
global:
checknewversion: true
sendanonymoususage: true
serverstransport:
insecureskipverify: true
rootcas:
- foobar
- foobar
maxidleconnsperhost: 42
forwardingtimeouts:
dialtimeout: 42000000000
responseheadertimeout: 42000000000
entrypoints:
EntryPoint0:
address: foobar
transport:
lifecycle:
requestacceptgracetimeout: 42000000000
gracetimeout: 42000000000
respondingtimeouts:
readtimeout: 42000000000
writetimeout: 42000000000
idletimeout: 42000000000
proxyprotocol:
insecure: true
trustedips:
- foobar
- foobar
forwardedheaders:
insecure: true
trustedips:
- foobar
- foobar
providers:
providersthrottleduration: 42000000000
docker:
constraints: foobar
watch: true
endpoint: foobar
defaultrule: foobar
tls:
ca: foobar
caoptional: true
cert: foobar
key: foobar
insecureskipverify: true
exposedbydefault: true
usebindportip: true
swarmmode: true
network: foobar
swarmmoderefreshseconds: 42000000000
file:
directory: foobar
watch: true
filename: foobar
debugloggeneratedtemplate: true
traefikfile: foobar
marathon:
constraints: foobar
trace: true
watch: true
endpoint: foobar
defaultrule: foobar
exposedbydefault: true
dcostoken: foobar
tls:
ca: foobar
caoptional: true
cert: foobar
key: foobar
insecureskipverify: true
dialertimeout: 42000000000
responseheadertimeout: 42000000000
tlshandshaketimeout: 42000000000
keepalive: 42000000000
forcetaskhostname: true
basic:
httpbasicauthuser: foobar
httpbasicpassword: foobar
respectreadinesschecks: true
kubernetes:
endpoint: foobar
token: foobar
certauthfilepath: foobar
disablepasshostheaders: true
namespaces:
- foobar
- foobar
labelselector: foobar
ingressclass: foobar
ingressendpoint:
ip: foobar
hostname: foobar
publishedservice: foobar
kubernetescrd:
endpoint: foobar
token: foobar
certauthfilepath: foobar
disablepasshostheaders: true
namespaces:
- foobar
- foobar
labelselector: foobar
ingressclass: foobar
rest:
entrypoint: foobar
rancher:
constraints: foobar
watch: true
defaultrule: foobar
exposedbydefault: true
enableservicehealthfilter: true
refreshseconds: 42
intervalpoll: true
prefix: foobar
api:
entrypoint: foobar
dashboard: true
debug: false
statistics:
recenterrors: 42
middlewares:
- foobar
- foobar
dashboardassets: null
metrics:
prometheus:
buckets:
- 42
- 42
entrypoint: foobar
middlewares:
- foobar
- foobar
datadog:
address: foobar
pushinterval: 10000000000
statsd:
address: foobar
pushinterval: 10000000000
influxdb:
address: foobar
protocol: foobar
pushinterval: 10000000000
database: foobar
retentionpolicy: foobar
username: foobar
password: foobar
ping:
entrypoint: foobar
middlewares:
- foobar
- foobar
log:
level: foobar
filepath: foobar
format: foobar
accesslog:
filepath: foobar
format: foobar
filters:
statuscodes:
- foobar
- foobar
retryattempts: true
minduration: 42000000000
fields:
defaultmode: foobar
names:
name0: foobar
name1: foobar
headers:
defaultmode: foobar
names:
name0: foobar
name1: foobar
bufferingsize: 42
tracing:
backend: foobar
servicename: foobar
spannamelimit: 42
jaeger:
samplingserverurl: foobar
samplingtype: foobar
samplingparam: 42
localagenthostport: foobar
gen128bit: true
propagation: foobar
tracecontextheadername: foobar
zipkin:
httpendpoint: foobar
samespan: true
id128bit: true
debug: true
samplerate: 42
datadog:
localagenthostport: foobar
globaltag: foobar
debug: true
prioritysampling: true
traceidheadername: foobar
parentidheadername: foobar
samplingpriorityheadername: foobar
bagageprefixheadername: foobar
instana:
localagenthost: foobar
localagentport: 42
loglevel: foobar
haystack: null
hostresolver:
cnameflattening: true
resolvconfig: foobar
resolvdepth: 42
acme:
email: foobar
acmelogging: true
caserver: foobar
storage: foobar
entrypoint: foobar
keytype: foobar
onhostrule: true
dnschallenge:
provider: foobar
delaybeforecheck: 42000000000
resolvers:
- foobar
- foobar
disablepropagationcheck: true
httpchallenge:
entrypoint: foobar
tlschallenge: {}
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar

164
docs/content/routing/overview.md
View file

@ -24,29 +24,79 @@ If they do, the router might transform the request using pieces of [middleware](
Below is an example of a full configuration file for the [file provider](../providers/file.md) that forwards `http://domain/whoami/` requests to a service reachable on `http://private/whoami-service/`.
In the process, Traefik will make sure that the user is authenticated (using the [BasicAuth middleware](../middlewares/basicauth.md)).
```toml
Static configuration:
```toml tab="TOML"
[entryPoints]
[entryPoints.web]
address = ":8081" # Listen on port 8081 for incoming requests
[entryPoints.web]
# Listen on port 8081 for incoming requests
address = ":8081"
[providers]
[providers.file] # Enable the file provider to define routers / middlewares / services in a file
# Enable the file provider to define routers / middlewares / services in a file
[providers.file]
```
[http] # http routing section
[http.routers]
[http.routers.to-whoami] # Define a connection between requests and services
rule = "Host(domain) && PathPrefix(/whoami/)"
middlewares = ["test-user"] # If the rule matches, applies the middleware
service = "whoami" # If the rule matches, forward to the whoami service (declared below)
```yaml tab="YAML"
entrypoints:
web:
# Listen on port 8081 for incoming requests
address: :8081
providers:
# Enable the file provider to define routers / middlewares / services in a file
file: {}
```
[http.middlewares]
[http.middlewares.test-user.basicauth] # Define an authentication mechanism
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
Dynamic configuration:
[http.services]
[http.services.whoami.loadbalancer] # Define how to reach an existing service on our infrastructure
[[http.services.whoami.loadbalancer.servers]]
url = "http://private/whoami-service"
```toml tab="TOML"
# http routing section
[http]
[http.routers]
# Define a connection between requests and services
[http.routers.to-whoami]
rule = "Host(`domain`) && PathPrefix(`/whoami/`)"
# If the rule matches, applies the middleware
middlewares = ["test-user"]
# If the rule matches, forward to the whoami service (declared below)
service = "whoami"
[http.middlewares]
# Define an authentication mechanism
[http.middlewares.test-user.basicauth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.services]
# Define how to reach an existing service on our infrastructure
[http.services.whoami.loadbalancer]
[[http.services.whoami.loadbalancer.servers]]
url = "http://private/whoami-service"
```
```yaml tab="YAML"
# http routing section
http:
routers:
# Define a connection between requests and services
to-whoami:
rule: "Host(`domain`) && PathPrefix(`/whoami/`)"
# If the rule matches, applies the middleware
middlewares:
- test-user
# If the rule matches, forward to the whoami service (declared below)
service: whoami
middlewares:
# Define an authentication mechanism
test-user:
basicAuth:
users:
- test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
services:
# Define how to reach an existing service on our infrastructure
whoami:
loadbalancer:
servers:
- url: http://private/whoami-service
```
!!! note "The File Provider"
@ -61,27 +111,51 @@ In the process, Traefik will make sure that the user is authenticated (using the
??? example "Adding a TCP route for TLS requests on whoami.traefik.io"
```toml
Static configuration:
```toml tab="TOML"
[entryPoints]
[entryPoints.web]
address = ":8081" # Listen on port 8081 for incoming requests
# Listen on port 8081 for incoming requests
address = ":8081"
[providers]
[providers.file] # Enable the file provider to define routers / middlewares / services in a file
# Enable the file provider to define routers / middlewares / services in a file
[providers.file]
```
```yaml tab="YAML"
entrypoints:
web:
# Listen on port 8081 for incoming requests
address: :8081
providers:
# Enable the file provider to define routers / middlewares / services in a file
file: {}
```
Dynamic configuration:
[http] # http routing section
```toml tab="TOML"
# http routing section
[http]
[http.routers]
[http.routers.to-whoami] # Define a connection between requests and services
rule = "Host(`domain`) && PathPrefix(/whoami/)"
middlewares = ["test-user"] # If the rule matches, applies the middleware
service = "whoami" # If the rule matches, forward to the whoami service (declared below)
# Define a connection between requests and services
[http.routers.to-whoami]
rule = "Host(`domain`) && PathPrefix(`/whoami/`)"
# If the rule matches, applies the middleware
middlewares = ["test-user"]
# If the rule matches, forward to the whoami service (declared below)
service = "whoami"
[http.middlewares]
[http.middlewares.test-user.basicauth] # Define an authentication mechanism
# Define an authentication mechanism
[http.middlewares.test-user.basicauth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.services]
[http.services.whoami.loadbalancer] # Define how to reach an existing service on our infrastructure
# Define how to reach an existing service on our infrastructure
[http.services.whoami.loadbalancer]
[[http.services.whoami.loadbalancer.servers]]
url = "http://private/whoami-service"
@ -97,3 +171,39 @@ In the process, Traefik will make sure that the user is authenticated (using the
[[tcp.services.whoami-tcp.loadbalancer.servers]]
address = "xx.xx.xx.xx:xx"
```
```yaml tab="YAML"
# http routing section
http:
routers:
# Define a connection between requests and services
to-whoami:
rule: Host(`domain`) && PathPrefix(`/whoami/`)
# If the rule matches, applies the middleware
middlewares:
- test-user
# If the rule matches, forward to the whoami service (declared below)
service: whoami
middlewares:
# Define an authentication mechanism
test-user:
basicAuth:
users:
- test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
services:
# Define how to reach an existing service on our infrastructure
whoami:
loadbalancer:
servers:
- url: http://private/whoami-service
tcp:
routers:
to-whoami-tcp:
service: whoami-tcp
rule: HostSNI(`whoami-tcp.traefik.io`)
services:
whoami-tcp:
loadbalancer:
servers:
- address: xx.xx.xx.xx:xx
```