Stack service load balancing with Traefik in Rancher (Docker)

Update 2018–06–30

Description

Objective

version: '2'
services:
server:
build: ./server
frontend:
build: ./frontend

Idea

TL;DR

version: '2'
services:
proxy:
image: traefik:v1.4
command: --web --accessLog --constraints=tag==my-stack --rancher --rancher.exposedbydefault=false --rancher.metadata=true
volumes:
- /dev/null:/traefik.toml
server:
build: ./server
labels:
- "traefik.frontend.rule=PathPrefix:/api"
- "traefik.enable=true"
- "traefik.port=80"
- "traefik.tags=my-stack"
frontend:
build: ./frontend
labels:
- "traefik.frontend.rule=PathPrefix:/"
- "traefik.enable=true"
- "traefik.port=80"
- "traefik.tags=my-stack"

Traefik

  • You can configure it as a reverse proxy, to handle TLS (HTTPS) connections in front of your app, so your app doesn’t have to deal with that. This is known as “TLS termination”.
  • You could use it to load balance traffic between back-end services, depending on domains, URL paths, etc.
  • It can automatize the generation of TLS certificates with Let’s encrypt.
  • It can interact with several Docker systems to update its configuration.
  • It updates its configuration live, you don’t have to restart it.
  • You can set the configurations for each of your Docker services setting Docker labels in them. Traefik will catch that and update its configuration.

Rancher

Problem

Solution

version: '2'
services:
proxy:
image: traefik:v1.4
command: --web --accessLog --constraints=tag==my-stack --rancher --rancher.exposedbydefault=false --rancher.metadata=true
volumes:
- /dev/null:/traefik.toml
server:
build: ./server
labels:
- "traefik.frontend.rule=PathPrefix:/api"
- "traefik.enable=true"
- "traefik.port=80"
- "traefik.tags=my-stack"
frontend:
build: ./frontend
labels:
- "traefik.frontend.rule=PathPrefix:/"
- "traefik.enable=true"
- "traefik.port=80"
- "traefik.tags=my-stack"
  • This parameter makes Traefik enable Rancher:
--rancher
  • This parameter makes Traefik talk with the Rancher metadata, that way it can read the other services configurations:
--rancher.metadata=true
  • This parameter makes Traefik expose the Web UI:
--web
  • When I created more than one stack with services that had Traefik labels, the Traefik proxy service would catch all the labels in all the stacks and take them as rules. To make it filter only the services in my stack, I added a constraint to filter on a specific tag, it can be any string:
--constraints=tag==my-stack
  • This Docker label (set in the server service) is what tells Traefik that it should send traffic with the prefix URL path /api to it:
- "traefik.frontend.rule=PathPrefix:/api"
  • This Docker label (set in the frontend service) is what tells Traefik that it should send traffic with the prefix URL path /to it:
- "traefik.frontend.rule=PathPrefix:/"
  • Somehow, Traefik needed Rancher services to declare their port, even if the image already exposes it. Without it, I always got an empty tab, that’s why both services have this label:
- "traefik.port=80"
  • Adding the same tag that the Traefik service is using as constraint, I make the services in this stack pass the filter while all the services in other stacks don’t:
- "traefik.tags=my-stack"
  • Make sure you don’t add a label with traefik.backend= as it will break how Traefik isolates Rancher stacks.
  • Notice that there’s nothing else. No Rancher keys, no Rancher labels in the proxy, no Docker mounting, etc.

Test

Update

About me

--

--

--

Creator of FastAPI and Typer. Dev at Exposion AI. APIs, Deep Learning/Machine Learning, full-stack distributed systems, SQL/NoSQL, Python, Docker, JS, TS, etc.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Using GNOME Keyring in Docker Container

Upcoming Web Design Conferences (August–November 2017)

Use Your Storage Space More Effectively with ZFS: Exploring vdevs

The Present and Future of DevOps — Part 2

Well=architectured framework..Let’s talk!

Top Tutorials to Learn Microsoft Azure For Cloud Computing

Discovering Existing and Connecting Users on a Linux Server

Java Exception Hierarchy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sebastián Ramírez

Sebastián Ramírez

Creator of FastAPI and Typer. Dev at Exposion AI. APIs, Deep Learning/Machine Learning, full-stack distributed systems, SQL/NoSQL, Python, Docker, JS, TS, etc.

More from Medium

Build and monitor your FastAPI microservice with Docker, Prometheus and Grafana. [Part-1]

Migrate your local database to Docker container: Step-by-Step guide.

Securing a FastAPI route using JWT token (step-by-step)

FastAPI JWT authentication