Option to disable expose of all docker containers

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
This commit is contained in:
Vincent Demeester 2016-07-14 11:32:15 +02:00
parent d1112a0feb
commit b80479f9ef
No known key found for this signature in database
GPG key ID: 083CC6FD6EB699A3
6 changed files with 91 additions and 20 deletions

View file

@ -218,6 +218,7 @@ func NewTraefikDefaultPointersConfiguration() *TraefikConfiguration {
//default Docker //default Docker
var defaultDocker provider.Docker var defaultDocker provider.Docker
defaultDocker.Watch = true defaultDocker.Watch = true
defaultDocker.ExposedByDefault = true
defaultDocker.Endpoint = "unix:///var/run/docker.sock" defaultDocker.Endpoint = "unix:///var/run/docker.sock"
// default File // default File

View file

@ -521,6 +521,13 @@ watch = true
# #
# filename = "docker.tmpl" # filename = "docker.tmpl"
# Expose containers by default in traefik
#
# Optional
# Default: true
#
exposedbydefault = true
# Enable docker TLS connection # Enable docker TLS connection
# #
# [docker.tls] # [docker.tls]

View file

@ -12,3 +12,4 @@ logLevel = "DEBUG"
endpoint = "{{.DockerHost}}" endpoint = "{{.DockerHost}}"
domain = "docker.localhost" domain = "docker.localhost"
exposedbydefault = true

View file

@ -33,6 +33,7 @@ type Docker struct {
Endpoint string `description:"Docker server endpoint. Can be a tcp or a unix socket endpoint"` Endpoint string `description:"Docker server endpoint. Can be a tcp or a unix socket endpoint"`
Domain string `description:"Default domain used"` Domain string `description:"Default domain used"`
TLS *DockerTLS `description:"Enable Docker TLS support"` TLS *DockerTLS `description:"Enable Docker TLS support"`
ExposedByDefault bool `description:"Expose containers by default"`
} }
// DockerTLS holds TLS specific configurations // DockerTLS holds TLS specific configurations
@ -177,7 +178,9 @@ func (provider *Docker) loadDockerConfig(containersInspected []dockertypes.Conta
} }
// filter containers // filter containers
filteredContainers := fun.Filter(provider.ContainerFilter, containersInspected).([]dockertypes.ContainerJSON) filteredContainers := fun.Filter(func(container dockertypes.ContainerJSON) bool {
return provider.containerFilter(container, provider.ExposedByDefault)
}, containersInspected).([]dockertypes.ContainerJSON)
frontends := map[string][]dockertypes.ContainerJSON{} frontends := map[string][]dockertypes.ContainerJSON{}
for _, container := range filteredContainers { for _, container := range filteredContainers {
@ -202,8 +205,7 @@ func (provider *Docker) loadDockerConfig(containersInspected []dockertypes.Conta
return configuration return configuration
} }
// ContainerFilter checks if container have to be exposed func (provider *Docker) containerFilter(container dockertypes.ContainerJSON, exposedByDefaultFlag bool) bool {
func (provider *Docker) ContainerFilter(container dockertypes.ContainerJSON) bool {
_, err := strconv.Atoi(container.Config.Labels["traefik.port"]) _, err := strconv.Atoi(container.Config.Labels["traefik.port"])
if len(container.NetworkSettings.Ports) == 0 && err != nil { if len(container.NetworkSettings.Ports) == 0 && err != nil {
log.Debugf("Filtering container without port and no traefik.port label %s", container.Name) log.Debugf("Filtering container without port and no traefik.port label %s", container.Name)
@ -214,7 +216,7 @@ func (provider *Docker) ContainerFilter(container dockertypes.ContainerJSON) boo
return false return false
} }
if container.Config.Labels["traefik.enable"] == "false" { if !isContainerEnabled(container, exposedByDefaultFlag) {
log.Debugf("Filtering disabled container %s", container.Name) log.Debugf("Filtering disabled container %s", container.Name)
return false return false
} }
@ -326,6 +328,10 @@ func (provider *Docker) getEntryPoints(container dockertypes.ContainerJSON) []st
return []string{} return []string{}
} }
func isContainerEnabled(container dockertypes.ContainerJSON, exposedByDefault bool) bool {
return exposedByDefault && container.Config.Labels["traefik.enable"] != "false" || container.Config.Labels["traefik.enable"] == "true"
}
func getLabel(container dockertypes.ContainerJSON, label string) (string, error) { func getLabel(container dockertypes.ContainerJSON, label string) (string, error) {
for key, value := range container.Config.Labels { for key, value := range container.Config.Labels {
if key == label { if key == label {

View file

@ -648,6 +648,7 @@ func TestDockerTraefikFilter(t *testing.T) {
provider := Docker{} provider := Docker{}
containers := []struct { containers := []struct {
container docker.ContainerJSON container docker.ContainerJSON
exposedByDefault bool
expected bool expected bool
}{ }{
{ {
@ -658,6 +659,7 @@ func TestDockerTraefikFilter(t *testing.T) {
Config: &container.Config{}, Config: &container.Config{},
NetworkSettings: &docker.NetworkSettings{}, NetworkSettings: &docker.NetworkSettings{},
}, },
exposedByDefault: true,
expected: false, expected: false,
}, },
{ {
@ -678,6 +680,7 @@ func TestDockerTraefikFilter(t *testing.T) {
}, },
}, },
}, },
exposedByDefault: true,
expected: false, expected: false,
}, },
{ {
@ -698,6 +701,7 @@ func TestDockerTraefikFilter(t *testing.T) {
}, },
}, },
}, },
exposedByDefault: true,
expected: true, expected: true,
}, },
{ {
@ -715,6 +719,7 @@ func TestDockerTraefikFilter(t *testing.T) {
}, },
}, },
}, },
exposedByDefault: true,
expected: false, expected: false,
}, },
{ {
@ -731,6 +736,7 @@ func TestDockerTraefikFilter(t *testing.T) {
}, },
}, },
}, },
exposedByDefault: true,
expected: true, expected: true,
}, },
{ {
@ -752,6 +758,7 @@ func TestDockerTraefikFilter(t *testing.T) {
}, },
}, },
}, },
exposedByDefault: true,
expected: true, expected: true,
}, },
{ {
@ -772,6 +779,7 @@ func TestDockerTraefikFilter(t *testing.T) {
}, },
}, },
}, },
exposedByDefault: true,
expected: true, expected: true,
}, },
{ {
@ -792,6 +800,7 @@ func TestDockerTraefikFilter(t *testing.T) {
}, },
}, },
}, },
exposedByDefault: true,
expected: true, expected: true,
}, },
{ {
@ -812,12 +821,51 @@ func TestDockerTraefikFilter(t *testing.T) {
}, },
}, },
}, },
exposedByDefault: true,
expected: true,
},
{
container: docker.ContainerJSON{
ContainerJSONBase: &docker.ContainerJSONBase{
Name: "container",
},
Config: &container.Config{},
NetworkSettings: &docker.NetworkSettings{
NetworkSettingsBase: docker.NetworkSettingsBase{
Ports: nat.PortMap{
"80/tcp": {},
},
},
},
},
exposedByDefault: false,
expected: false,
},
{
container: docker.ContainerJSON{
ContainerJSONBase: &docker.ContainerJSONBase{
Name: "container",
},
Config: &container.Config{
Labels: map[string]string{
"traefik.enable": "true",
},
},
NetworkSettings: &docker.NetworkSettings{
NetworkSettingsBase: docker.NetworkSettingsBase{
Ports: nat.PortMap{
"80/tcp": {},
},
},
},
},
exposedByDefault: false,
expected: true, expected: true,
}, },
} }
for _, e := range containers { for _, e := range containers {
actual := provider.ContainerFilter(e.container) actual := provider.containerFilter(e.container, e.exposedByDefault)
if actual != e.expected { if actual != e.expected {
t.Fatalf("expected %v for %+v, got %+v", e.expected, e, actual) t.Fatalf("expected %v for %+v, got %+v", e.expected, e, actual)
} }
@ -972,6 +1020,7 @@ func TestDockerLoadDockerConfig(t *testing.T) {
provider := &Docker{ provider := &Docker{
Domain: "docker.localhost", Domain: "docker.localhost",
ExposedByDefault: true,
} }
for _, c := range cases { for _, c := range cases {

View file

@ -246,6 +246,13 @@
# #
# filename = "docker.tmpl" # filename = "docker.tmpl"
# Expose containers by default in traefik
#
# Optional
# Default: true
#
# exposedbydefault = true
# Enable docker TLS connection # Enable docker TLS connection
# #
# Optional # Optional