2017-08-26 10:12:44 +00:00
|
|
|
# ECS Backend
|
2017-08-25 19:32:33 +00:00
|
|
|
|
2017-09-11 17:10:04 +00:00
|
|
|
Træfik can be configured to use Amazon ECS as a backend configuration.
|
|
|
|
|
|
|
|
|
|
## Configuration
|
2017-08-25 19:32:33 +00:00
|
|
|
|
|
|
|
|
```toml
|
|
|
|
|
################################################################
|
|
|
|
|
# ECS configuration backend
|
|
|
|
|
################################################################
|
|
|
|
|
|
2017-09-11 17:10:04 +00:00
|
|
|
# Enable ECS configuration backend.
|
2017-08-25 19:32:33 +00:00
|
|
|
[ecs]
|
|
|
|
|
|
2017-09-11 17:10:04 +00:00
|
|
|
# ECS Cluster Name.
|
2017-08-25 19:32:33 +00:00
|
|
|
#
|
2017-09-11 17:10:04 +00:00
|
|
|
# DEPRECATED - Please use `clusters`.
|
2017-08-25 19:32:33 +00:00
|
|
|
#
|
2017-09-11 17:10:04 +00:00
|
|
|
cluster = "default"
|
2017-08-25 19:32:33 +00:00
|
|
|
|
2017-09-11 17:10:04 +00:00
|
|
|
# ECS Clusters Name.
|
2017-08-25 19:32:33 +00:00
|
|
|
#
|
|
|
|
|
# Optional
|
|
|
|
|
# Default: ["default"]
|
|
|
|
|
#
|
2017-09-11 17:10:04 +00:00
|
|
|
clusters = ["default"]
|
2017-08-25 19:32:33 +00:00
|
|
|
|
2017-09-11 17:10:04 +00:00
|
|
|
# Enable watch ECS changes.
|
2017-08-25 19:32:33 +00:00
|
|
|
#
|
|
|
|
|
# Optional
|
|
|
|
|
# Default: true
|
|
|
|
|
#
|
2017-09-11 17:10:04 +00:00
|
|
|
watch = true
|
|
|
|
|
|
|
|
|
|
# Default domain used.
|
|
|
|
|
#
|
|
|
|
|
# Optional
|
|
|
|
|
# Default: ""
|
|
|
|
|
#
|
|
|
|
|
domain = "ecs.localhost"
|
2017-08-25 19:32:33 +00:00
|
|
|
|
2017-09-11 17:10:04 +00:00
|
|
|
# Enable auto discover ECS clusters.
|
2017-08-25 19:32:33 +00:00
|
|
|
#
|
|
|
|
|
# Optional
|
|
|
|
|
# Default: false
|
|
|
|
|
#
|
2017-09-11 17:10:04 +00:00
|
|
|
autoDiscoverClusters = false
|
2017-08-25 19:32:33 +00:00
|
|
|
|
2017-09-11 17:10:04 +00:00
|
|
|
# Polling interval (in seconds).
|
2017-08-25 19:32:33 +00:00
|
|
|
#
|
|
|
|
|
# Optional
|
|
|
|
|
# Default: 15
|
|
|
|
|
#
|
2017-09-11 17:10:04 +00:00
|
|
|
refreshSeconds = 15
|
2017-08-25 19:32:33 +00:00
|
|
|
|
2017-09-11 17:10:04 +00:00
|
|
|
# Expose ECS services by default in Traefik.
|
2017-08-25 19:32:33 +00:00
|
|
|
#
|
|
|
|
|
# Optional
|
|
|
|
|
# Default: true
|
|
|
|
|
#
|
2017-09-11 17:10:04 +00:00
|
|
|
exposedByDefault = false
|
2017-08-25 19:32:33 +00:00
|
|
|
|
2017-09-11 17:10:04 +00:00
|
|
|
# Region to use when connecting to AWS.
|
2017-08-25 19:32:33 +00:00
|
|
|
#
|
|
|
|
|
# Optional
|
|
|
|
|
#
|
2017-09-11 17:10:04 +00:00
|
|
|
region = "us-east-1"
|
2017-08-25 19:32:33 +00:00
|
|
|
|
2017-09-11 17:10:04 +00:00
|
|
|
# AccessKeyID to use when connecting to AWS.
|
2017-08-25 19:32:33 +00:00
|
|
|
#
|
|
|
|
|
# Optional
|
|
|
|
|
#
|
2017-09-11 17:10:04 +00:00
|
|
|
accessKeyID = "abc"
|
2017-08-25 19:32:33 +00:00
|
|
|
|
2017-09-11 17:10:04 +00:00
|
|
|
# SecretAccessKey to use when connecting to AWS.
|
2017-08-25 19:32:33 +00:00
|
|
|
#
|
|
|
|
|
# Optional
|
|
|
|
|
#
|
2017-09-11 17:10:04 +00:00
|
|
|
secretAccessKey = "123"
|
2017-08-25 19:32:33 +00:00
|
|
|
|
2017-09-11 17:10:04 +00:00
|
|
|
# Override default configuration template.
|
|
|
|
|
# For advanced users :)
|
2017-08-26 10:12:44 +00:00
|
|
|
#
|
|
|
|
|
# Optional
|
|
|
|
|
#
|
|
|
|
|
# filename = "ecs.tmpl"
|
2017-08-25 19:32:33 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
|
|
If `AccessKeyID`/`SecretAccessKey` is not given credentials will be resolved in the following order:
|
|
|
|
|
|
|
|
|
|
- From environment variables; `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN`.
|
|
|
|
|
- Shared credentials, determined by `AWS_PROFILE` and `AWS_SHARED_CREDENTIALS_FILE`, defaults to `default` and `~/.aws/credentials`.
|
|
|
|
|
- EC2 instance role or ECS task role
|
|
|
|
|
|
2017-09-11 17:10:04 +00:00
|
|
|
## Policy
|
|
|
|
|
|
2017-08-25 19:32:33 +00:00
|
|
|
Træfik needs the following policy to read ECS information:
|
|
|
|
|
|
|
|
|
|
```json
|
|
|
|
|
{
|
|
|
|
|
"Version": "2012-10-17",
|
|
|
|
|
"Statement": [
|
|
|
|
|
{
|
2017-09-07 08:08:04 +00:00
|
|
|
"Sid": "TraefikECSReadAccess",
|
2017-08-25 19:32:33 +00:00
|
|
|
"Effect": "Allow",
|
|
|
|
|
"Action": [
|
|
|
|
|
"ecs:ListClusters",
|
|
|
|
|
"ecs:DescribeClusters",
|
|
|
|
|
"ecs:ListTasks",
|
|
|
|
|
"ecs:DescribeTasks",
|
|
|
|
|
"ecs:DescribeContainerInstances",
|
|
|
|
|
"ecs:DescribeTaskDefinition",
|
|
|
|
|
"ec2:DescribeInstances"
|
|
|
|
|
],
|
|
|
|
|
"Resource": [
|
|
|
|
|
"*"
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
```
|
2017-09-11 17:10:04 +00:00
|
|
|
|
|
|
|
|
## Labels: overriding default behaviour
|
|
|
|
|
|
|
|
|
|
Labels can be used on task containers to override default behaviour:
|
|
|
|
|
|
|
|
|
|
| Label | Description |
|
|
|
|
|
|---------------------------------------------------|------------------------------------------------------------------------------------------|
|
|
|
|
|
| `traefik.protocol=https` | override the default `http` protocol |
|
|
|
|
|
| `traefik.weight=10` | assign this weight to the container |
|
|
|
|
|
| `traefik.enable=false` | disable this container in Træfik |
|
|
|
|
|
| `traefik.backend.loadbalancer.method=drr` | override the default `wrr` load balancer algorithm |
|
|
|
|
|
| `traefik.backend.loadbalancer.sticky=true` | enable backend sticky sessions |
|
|
|
|
|
| `traefik.frontend.rule=Host:test.traefik.io` | override the default frontend rule (Default: `Host:{containerName}.{domain}`). |
|
|
|
|
|
| `traefik.frontend.passHostHeader=true` | forward client `Host` header to the backend. |
|
|
|
|
|
| `traefik.frontend.priority=10` | override default frontend priority |
|
|
|
|
|
| `traefik.frontend.entryPoints=http,https` | assign this frontend to entry points `http` and `https`. Overrides `defaultEntryPoints`. |
|
|
|
|
|
| `traefik.frontend.auth.basic=EXPR` | Sets basic authentication for that frontend in CSV format: `User:Hash,User:Hash` |
|
