545 lines
10 KiB
Markdown
545 lines
10 KiB
Markdown
|
---
|
||
|
title: "Nomad Service Discovery"
|
||
|
description: "Learn how to use Nomad as a provider for configuration discovery in Traefik Proxy. Read the technical documentation."
|
||
|
---
|
||
|
|
||
|
# Traefik & Nomad Service Discovery
|
||
|
|
||
|
A Story of Tags, Services & Nomads
|
||
|
{: .subtitle }
|
||
|
|
||
|
![Nomad Service Discovery](../assets/img/providers/nomad.png)
|
||
|
|
||
|
Attach tags to your Nomad services and let Traefik do the rest!
|
||
|
|
||
|
## Configuration Examples
|
||
|
|
||
|
??? example "Configuring Nomad & Deploying Services"
|
||
|
|
||
|
Enabling the nomad provider
|
||
|
|
||
|
```yaml tab="File (YAML)"
|
||
|
providers:
|
||
|
nomad: {}
|
||
|
```
|
||
|
|
||
|
```toml tab="File (TOML)"
|
||
|
[providers.nomad]
|
||
|
```
|
||
|
|
||
|
```bash tab="CLI"
|
||
|
--providers.nomad=true
|
||
|
```
|
||
|
|
||
|
Attaching tags to services:
|
||
|
|
||
|
```
|
||
|
...
|
||
|
service {
|
||
|
name = "myService"
|
||
|
tags = [
|
||
|
"traefik.http.routers.my-router.rule=Host(`example.com`)",
|
||
|
]
|
||
|
}
|
||
|
...
|
||
|
```
|
||
|
|
||
|
## Routing Configuration
|
||
|
|
||
|
See the dedicated section in [routing](../routing/providers/nomad.md).
|
||
|
|
||
|
## Provider Configuration
|
||
|
|
||
|
### `refreshInterval`
|
||
|
|
||
|
_Optional, Default=15s_
|
||
|
|
||
|
Defines the polling interval.
|
||
|
|
||
|
```yaml tab="File (YAML)"
|
||
|
providers:
|
||
|
nomad:
|
||
|
refreshInterval: 30s
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```toml tab="File (TOML)"
|
||
|
[providers.nomad]
|
||
|
refreshInterval = "30s"
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```bash tab="CLI"
|
||
|
--providers.nomad.refreshInterval=30s
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
### `prefix`
|
||
|
|
||
|
_required, Default="traefik"_
|
||
|
|
||
|
The prefix for Nomad service tags defining Traefik labels.
|
||
|
|
||
|
```yaml tab="File (YAML)"
|
||
|
providers:
|
||
|
nomad:
|
||
|
prefix: test
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```toml tab="File (TOML)"
|
||
|
[providers.nomad]
|
||
|
prefix = "test"
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```bash tab="CLI"
|
||
|
--providers.nomad.prefix=test
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
### `stale`
|
||
|
|
||
|
_Optional, Default=false_
|
||
|
|
||
|
Use stale consistency for Nomad service API reads.
|
||
|
|
||
|
!!! note ""
|
||
|
|
||
|
This makes reads very fast and scalable at the cost of a higher likelihood of stale values.
|
||
|
|
||
|
For more information, see the Nomad [documentation on consistency](https://www.nomadproject.io/api-docs#consistency-modes).
|
||
|
|
||
|
```yaml tab="File (YAML)"
|
||
|
providers:
|
||
|
nomad:
|
||
|
stale: true
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```toml tab="File (TOML)"
|
||
|
[providers.nomad]
|
||
|
stale = true
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```bash tab="CLI"
|
||
|
--providers.nomad.stale=true
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
### `endpoint`
|
||
|
|
||
|
Defines the Nomad server endpoint.
|
||
|
|
||
|
#### `address`
|
||
|
|
||
|
Defines the address of the Nomad server.
|
||
|
|
||
|
_Optional, Default="http://127.0.0.1:4646"_
|
||
|
|
||
|
```yaml tab="File (YAML)"
|
||
|
providers:
|
||
|
nomad:
|
||
|
endpoint:
|
||
|
address: http://127.0.0.1:4646
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```toml tab="File (TOML)"
|
||
|
[providers.nomad]
|
||
|
[providers.nomad.endpoint]
|
||
|
address = "http://127.0.0.1:4646"
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```bash tab="CLI"
|
||
|
--providers.nomad.endpoint.address=http://127.0.0.1:4646
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
#### `datacenter`
|
||
|
|
||
|
_Optional, Default=""_
|
||
|
|
||
|
Defines the datacenter to use.
|
||
|
If not provided in Traefik, Nomad uses the agent datacenter.
|
||
|
|
||
|
```yaml tab="File (YAML)"
|
||
|
providers:
|
||
|
nomad:
|
||
|
endpoint:
|
||
|
datacenter: dc1
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```toml tab="File (TOML)"
|
||
|
[providers.nomad]
|
||
|
[providers.nomad.endpoint]
|
||
|
datacenter = "dc1"
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```bash tab="CLI"
|
||
|
--providers.nomad.endpoint.datacenter=dc1
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
#### `token`
|
||
|
|
||
|
_Optional, Default=""_
|
||
|
|
||
|
Token is used to provide a per-request ACL token, if Nomad ACLs are enabled.
|
||
|
|
||
|
```yaml tab="File (YAML)"
|
||
|
providers:
|
||
|
nomad:
|
||
|
endpoint:
|
||
|
token: test
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```toml tab="File (TOML)"
|
||
|
[providers.nomad]
|
||
|
[providers.nomad.endpoint]
|
||
|
token = "test"
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```bash tab="CLI"
|
||
|
--providers.nomad.endpoint.token=test
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
#### `endpointWaitTime`
|
||
|
|
||
|
_Optional, Default=""_
|
||
|
|
||
|
Limits the duration for which a Watch can block.
|
||
|
If not provided, the agent default values will be used.
|
||
|
|
||
|
```yaml tab="File (YAML)"
|
||
|
providers:
|
||
|
nomad:
|
||
|
endpoint:
|
||
|
endpointWaitTime: 15s
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```toml tab="File (TOML)"
|
||
|
[providers.nomad]
|
||
|
[providers.nomad.endpoint]
|
||
|
endpointWaitTime = "15s"
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```bash tab="CLI"
|
||
|
--providers.nomad.endpoint.endpointwaittime=15s
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
#### `httpAuth`
|
||
|
|
||
|
_Optional_
|
||
|
|
||
|
Used to authenticate the HTTP client using HTTP Basic Authentication.
|
||
|
|
||
|
##### `username`
|
||
|
|
||
|
_Optional, Default=""_
|
||
|
|
||
|
Username to use for HTTP Basic Authentication.
|
||
|
|
||
|
```yaml tab="File (YAML)"
|
||
|
providers:
|
||
|
nomad:
|
||
|
endpoint:
|
||
|
httpAuth:
|
||
|
username: admin
|
||
|
```
|
||
|
|
||
|
```toml tab="File (TOML)"
|
||
|
[providers.nomad.endpoint.httpAuth]
|
||
|
username = "admin"
|
||
|
```
|
||
|
|
||
|
```bash tab="CLI"
|
||
|
--providers.nomad.endpoint.httpauth.username=admin
|
||
|
```
|
||
|
|
||
|
##### `password`
|
||
|
|
||
|
_Optional, Default=""_
|
||
|
|
||
|
Password to use for HTTP Basic Authentication.
|
||
|
|
||
|
```yaml tab="File (YAML)"
|
||
|
providers:
|
||
|
nomad:
|
||
|
endpoint:
|
||
|
httpAuth:
|
||
|
password: passw0rd
|
||
|
```
|
||
|
|
||
|
```toml tab="File (TOML)"
|
||
|
[providers.nomad.endpoint.httpAuth]
|
||
|
password = "passw0rd"
|
||
|
```
|
||
|
|
||
|
```bash tab="CLI"
|
||
|
--providers.nomad.endpoint.httpauth.password=passw0rd
|
||
|
```
|
||
|
|
||
|
#### `tls`
|
||
|
|
||
|
_Optional_
|
||
|
|
||
|
Defines the TLS configuration used for the secure connection to the Nomad API.
|
||
|
|
||
|
##### `ca`
|
||
|
|
||
|
_Optional_
|
||
|
|
||
|
`ca` is the path to the certificate authority used for the secure connection to Nomad,
|
||
|
it defaults to the system bundle.
|
||
|
|
||
|
```yaml tab="File (YAML)"
|
||
|
providers:
|
||
|
nomad:
|
||
|
endpoint:
|
||
|
tls:
|
||
|
ca: path/to/ca.crt
|
||
|
```
|
||
|
|
||
|
```toml tab="File (TOML)"
|
||
|
[providers.nomad.endpoint.tls]
|
||
|
ca = "path/to/ca.crt"
|
||
|
```
|
||
|
|
||
|
```bash tab="CLI"
|
||
|
--providers.nomad.endpoint.tls.ca=path/to/ca.crt
|
||
|
```
|
||
|
|
||
|
##### `cert`
|
||
|
|
||
|
_Optional_
|
||
|
|
||
|
`cert` is the path to the public certificate used for the secure connection to the Nomad API.
|
||
|
When using this option, setting the `key` option is required.
|
||
|
|
||
|
```yaml tab="File (YAML)"
|
||
|
providers:
|
||
|
nomad:
|
||
|
endpoint:
|
||
|
tls:
|
||
|
cert: path/to/foo.cert
|
||
|
key: path/to/foo.key
|
||
|
```
|
||
|
|
||
|
```toml tab="File (TOML)"
|
||
|
[providers.nomad.endpoint.tls]
|
||
|
cert = "path/to/foo.cert"
|
||
|
key = "path/to/foo.key"
|
||
|
```
|
||
|
|
||
|
```bash tab="CLI"
|
||
|
--providers.nomad.endpoint.tls.cert=path/to/foo.cert
|
||
|
--providers.nomad.endpoint.tls.key=path/to/foo.key
|
||
|
```
|
||
|
|
||
|
##### `key`
|
||
|
|
||
|
_Optional_
|
||
|
|
||
|
`key` is the path to the private key used for the secure connection to the Nomad API.
|
||
|
When using this option, setting the `cert` option is required.
|
||
|
|
||
|
```yaml tab="File (YAML)"
|
||
|
providers:
|
||
|
nomad:
|
||
|
endpoint:
|
||
|
tls:
|
||
|
cert: path/to/foo.cert
|
||
|
key: path/to/foo.key
|
||
|
```
|
||
|
|
||
|
```toml tab="File (TOML)"
|
||
|
[providers.nomad.endpoint.tls]
|
||
|
cert = "path/to/foo.cert"
|
||
|
key = "path/to/foo.key"
|
||
|
```
|
||
|
|
||
|
```bash tab="CLI"
|
||
|
--providers.nomad.endpoint.tls.cert=path/to/foo.cert
|
||
|
--providers.nomad.endpoint.tls.key=path/to/foo.key
|
||
|
```
|
||
|
|
||
|
##### `insecureSkipVerify`
|
||
|
|
||
|
_Optional, Default=false_
|
||
|
|
||
|
If `insecureSkipVerify` is `true`, the TLS connection to Nomad accepts any certificate presented by the server regardless of the hostnames it covers.
|
||
|
|
||
|
```yaml tab="File (YAML)"
|
||
|
providers:
|
||
|
nomad:
|
||
|
endpoint:
|
||
|
tls:
|
||
|
insecureSkipVerify: true
|
||
|
```
|
||
|
|
||
|
```toml tab="File (TOML)"
|
||
|
[providers.nomad.endpoint.tls]
|
||
|
insecureSkipVerify = true
|
||
|
```
|
||
|
|
||
|
```bash tab="CLI"
|
||
|
--providers.nomad.endpoint.tls.insecureskipverify=true
|
||
|
```
|
||
|
|
||
|
### `exposedByDefault`
|
||
|
|
||
|
_Optional, Default=true_
|
||
|
|
||
|
Expose Nomad services by default in Traefik.
|
||
|
If set to `false`, services that do not have a `traefik.enable=true` tag will be ignored from the resulting routing configuration.
|
||
|
|
||
|
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
|
||
|
|
||
|
```yaml tab="File (YAML)"
|
||
|
providers:
|
||
|
nomad:
|
||
|
exposedByDefault: false
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```toml tab="File (TOML)"
|
||
|
[providers.nomad]
|
||
|
exposedByDefault = false
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```bash tab="CLI"
|
||
|
--providers.nomad.exposedByDefault=false
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
### `defaultRule`
|
||
|
|
||
|
_Optional, Default=```Host(`{{ normalize .Name }}`)```_
|
||
|
|
||
|
The default host rule for all services.
|
||
|
|
||
|
For a given service, if no routing rule was defined by a tag, it is defined by this `defaultRule` instead.
|
||
|
The `defaultRule` must be set to a valid [Go template](https://pkg.go.dev/text/template/),
|
||
|
and can include [sprig template functions](https://masterminds.github.io/sprig/).
|
||
|
The service name can be accessed with the `Name` identifier,
|
||
|
and the template has access to all the labels (i.e. tags beginning with the `prefix`) defined on this service.
|
||
|
|
||
|
The option can be overridden on an instance basis with the `traefik.http.routers.{name-of-your-choice}.rule` tag.
|
||
|
|
||
|
```yaml tab="File (YAML)"
|
||
|
providers:
|
||
|
nomad:
|
||
|
defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```toml tab="File (TOML)"
|
||
|
[providers.nomad]
|
||
|
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```bash tab="CLI"
|
||
|
--providers.nomad.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
### `constraints`
|
||
|
|
||
|
_Optional, Default=""_
|
||
|
|
||
|
The `constraints` option can be set to an expression that Traefik matches against the service tags to determine whether
|
||
|
to create any route for that service. If none of the service tags match the expression, no route for that service is
|
||
|
created. If the expression is empty, all detected services are included.
|
||
|
|
||
|
The expression syntax is based on the ```Tag(`tag`)```, and ```TagRegex(`tag`)``` functions,
|
||
|
as well as the usual boolean logic, as shown in examples below.
|
||
|
|
||
|
??? example "Constraints Expression Examples"
|
||
|
|
||
|
```toml
|
||
|
# Includes only services having the tag `a.tag.name=foo`
|
||
|
constraints = "Tag(`a.tag.name=foo`)"
|
||
|
```
|
||
|
|
||
|
```toml
|
||
|
# Excludes services having any tag `a.tag.name=foo`
|
||
|
constraints = "!Tag(`a.tag.name=foo`)"
|
||
|
```
|
||
|
|
||
|
```toml
|
||
|
# With logical AND.
|
||
|
constraints = "Tag(`a.tag.name`) && Tag(`another.tag.name`)"
|
||
|
```
|
||
|
|
||
|
```toml
|
||
|
# With logical OR.
|
||
|
constraints = "Tag(`a.tag.name`) || Tag(`another.tag.name`)"
|
||
|
```
|
||
|
|
||
|
```toml
|
||
|
# With logical AND and OR, with precedence set by parentheses.
|
||
|
constraints = "Tag(`a.tag.name`) && (Tag(`another.tag.name`) || Tag(`yet.another.tag.name`))"
|
||
|
```
|
||
|
|
||
|
```toml
|
||
|
# Includes only services having a tag matching the `a\.tag\.t.+` regular expression.
|
||
|
constraints = "TagRegex(`a\.tag\.t.+`)"
|
||
|
```
|
||
|
|
||
|
```yaml tab="File (YAML)"
|
||
|
providers:
|
||
|
nomad:
|
||
|
constraints: "Tag(`a.tag.name`)"
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```toml tab="File (TOML)"
|
||
|
[providers.nomad]
|
||
|
constraints = "Tag(`a.tag.name`)"
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```bash tab="CLI"
|
||
|
--providers.nomad.constraints="Tag(`a.tag.name`)"
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
|
||
|
|
||
|
### `namespace`
|
||
|
|
||
|
_Optional, Default=""_
|
||
|
|
||
|
The `namespace` option defines the namespace in which the Nomad services will be discovered.
|
||
|
|
||
|
```yaml tab="File (YAML)"
|
||
|
providers:
|
||
|
nomad:
|
||
|
namespace: "production"
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```toml tab="File (TOML)"
|
||
|
[providers.nomad]
|
||
|
namespace = "production"
|
||
|
# ...
|
||
|
```
|
||
|
|
||
|
```bash tab="CLI"
|
||
|
--providers.nomad.namespace=production
|
||
|
# ...
|
||
|
```
|