traefik/docs/configuration/backends/ecs.md

140 lines
4.4 KiB
Markdown
Raw Normal View History

# ECS Backend
2017-08-25 15:32:33 -04:00
2017-09-11 19:10:04 +02:00
Træfik can be configured to use Amazon ECS as a backend configuration.
## Configuration
2017-08-25 15:32:33 -04:00
```toml
################################################################
# ECS configuration backend
################################################################
2017-09-11 19:10:04 +02:00
# Enable ECS configuration backend.
2017-08-25 15:32:33 -04:00
[ecs]
2017-09-11 19:10:04 +02:00
# ECS Cluster Name.
2017-08-25 15:32:33 -04:00
#
2017-09-11 19:10:04 +02:00
# DEPRECATED - Please use `clusters`.
2017-08-25 15:32:33 -04:00
#
2017-09-11 19:10:04 +02:00
cluster = "default"
2017-08-25 15:32:33 -04:00
2017-09-11 19:10:04 +02:00
# ECS Clusters Name.
2017-08-25 15:32:33 -04:00
#
# Optional
# Default: ["default"]
#
2017-09-11 19:10:04 +02:00
clusters = ["default"]
2017-08-25 15:32:33 -04:00
2017-09-11 19:10:04 +02:00
# Enable watch ECS changes.
2017-08-25 15:32:33 -04:00
#
# Optional
# Default: true
#
2017-09-11 19:10:04 +02:00
watch = true
# Default domain used.
#
# Optional
# Default: ""
#
domain = "ecs.localhost"
2017-08-25 15:32:33 -04:00
2017-09-11 19:10:04 +02:00
# Enable auto discover ECS clusters.
2017-08-25 15:32:33 -04:00
#
# Optional
# Default: false
#
2017-09-11 19:10:04 +02:00
autoDiscoverClusters = false
2017-08-25 15:32:33 -04:00
2017-09-11 19:10:04 +02:00
# Polling interval (in seconds).
2017-08-25 15:32:33 -04:00
#
# Optional
# Default: 15
#
2017-09-11 19:10:04 +02:00
refreshSeconds = 15
2017-08-25 15:32:33 -04:00
2017-09-11 19:10:04 +02:00
# Expose ECS services by default in Traefik.
2017-08-25 15:32:33 -04:00
#
# Optional
# Default: true
#
2017-09-11 19:10:04 +02:00
exposedByDefault = false
2017-08-25 15:32:33 -04:00
2017-09-11 19:10:04 +02:00
# Region to use when connecting to AWS.
2017-08-25 15:32:33 -04:00
#
# Optional
#
2017-09-11 19:10:04 +02:00
region = "us-east-1"
2017-08-25 15:32:33 -04:00
2017-09-11 19:10:04 +02:00
# AccessKeyID to use when connecting to AWS.
2017-08-25 15:32:33 -04:00
#
# Optional
#
2017-09-11 19:10:04 +02:00
accessKeyID = "abc"
2017-08-25 15:32:33 -04:00
2017-09-11 19:10:04 +02:00
# SecretAccessKey to use when connecting to AWS.
2017-08-25 15:32:33 -04:00
#
# Optional
#
2017-09-11 19:10:04 +02:00
secretAccessKey = "123"
2017-08-25 15:32:33 -04:00
2017-09-11 19:10:04 +02:00
# Override default configuration template.
# For advanced users :)
#
# Optional
#
# filename = "ecs.tmpl"
2017-08-25 15:32:33 -04:00
```
If `AccessKeyID`/`SecretAccessKey` is not given credentials will be resolved in the following order:
- From environment variables; `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN`.
- Shared credentials, determined by `AWS_PROFILE` and `AWS_SHARED_CREDENTIALS_FILE`, defaults to `default` and `~/.aws/credentials`.
- EC2 instance role or ECS task role
2017-09-11 19:10:04 +02:00
## Policy
2017-08-25 15:32:33 -04:00
Træfik needs the following policy to read ECS information:
```json
{
"Version": "2012-10-17",
"Statement": [
{
2017-09-07 01:08:04 -07:00
"Sid": "TraefikECSReadAccess",
2017-08-25 15:32:33 -04:00
"Effect": "Allow",
"Action": [
"ecs:ListClusters",
"ecs:DescribeClusters",
"ecs:ListTasks",
"ecs:DescribeTasks",
"ecs:DescribeContainerInstances",
"ecs:DescribeTaskDefinition",
"ec2:DescribeInstances"
],
"Resource": [
"*"
]
}
]
}
```
2017-09-11 19:10:04 +02:00
## Labels: overriding default behaviour
Labels can be used on task containers to override default behaviour:
2017-10-10 15:24:03 +02:00
| Label | Description |
|-----------------------------------------------------------|------------------------------------------------------------------------------------------|
| `traefik.protocol=https` | override the default `http` protocol |
| `traefik.weight=10` | assign this weight to the container |
| `traefik.enable=false` | disable this container in Træfik |
| `traefik.backend.loadbalancer.method=drr` | override the default `wrr` load balancer algorithm |
| `traefik.backend.loadbalancer.stickiness=true` | enable backend sticky sessions |
| `traefik.backend.loadbalancer.stickiness.cookieName=NAME` | Manually set the cookie name for sticky sessions |
| `traefik.backend.loadbalancer.sticky=true` | enable backend sticky sessions (DEPRECATED) |
| `traefik.frontend.rule=Host:test.traefik.io` | override the default frontend rule (Default: `Host:{containerName}.{domain}`). |
| `traefik.frontend.passHostHeader=true` | forward client `Host` header to the backend. |
| `traefik.frontend.priority=10` | override default frontend priority |
| `traefik.frontend.entryPoints=http,https` | assign this frontend to entry points `http` and `https`. Overrides `defaultEntryPoints`. |
| `traefik.frontend.auth.basic=EXPR` | Sets basic authentication for that frontend in CSV format: `User:Hash,User:Hash` |