Option to disable expose of all docker containers
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
This commit is contained in:
parent
d1112a0feb
commit
b80479f9ef
6 changed files with 91 additions and 20 deletions
|
@ -218,6 +218,7 @@ func NewTraefikDefaultPointersConfiguration() *TraefikConfiguration {
|
||||||
//default Docker
|
//default Docker
|
||||||
var defaultDocker provider.Docker
|
var defaultDocker provider.Docker
|
||||||
defaultDocker.Watch = true
|
defaultDocker.Watch = true
|
||||||
|
defaultDocker.ExposedByDefault = true
|
||||||
defaultDocker.Endpoint = "unix:///var/run/docker.sock"
|
defaultDocker.Endpoint = "unix:///var/run/docker.sock"
|
||||||
|
|
||||||
// default File
|
// default File
|
||||||
|
|
|
@ -521,6 +521,13 @@ watch = true
|
||||||
#
|
#
|
||||||
# filename = "docker.tmpl"
|
# filename = "docker.tmpl"
|
||||||
|
|
||||||
|
# Expose containers by default in traefik
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
# Default: true
|
||||||
|
#
|
||||||
|
exposedbydefault = true
|
||||||
|
|
||||||
# Enable docker TLS connection
|
# Enable docker TLS connection
|
||||||
#
|
#
|
||||||
# [docker.tls]
|
# [docker.tls]
|
||||||
|
|
|
@ -12,3 +12,4 @@ logLevel = "DEBUG"
|
||||||
endpoint = "{{.DockerHost}}"
|
endpoint = "{{.DockerHost}}"
|
||||||
|
|
||||||
domain = "docker.localhost"
|
domain = "docker.localhost"
|
||||||
|
exposedbydefault = true
|
|
@ -33,6 +33,7 @@ type Docker struct {
|
||||||
Endpoint string `description:"Docker server endpoint. Can be a tcp or a unix socket endpoint"`
|
Endpoint string `description:"Docker server endpoint. Can be a tcp or a unix socket endpoint"`
|
||||||
Domain string `description:"Default domain used"`
|
Domain string `description:"Default domain used"`
|
||||||
TLS *DockerTLS `description:"Enable Docker TLS support"`
|
TLS *DockerTLS `description:"Enable Docker TLS support"`
|
||||||
|
ExposedByDefault bool `description:"Expose containers by default"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// DockerTLS holds TLS specific configurations
|
// DockerTLS holds TLS specific configurations
|
||||||
|
@ -177,7 +178,9 @@ func (provider *Docker) loadDockerConfig(containersInspected []dockertypes.Conta
|
||||||
}
|
}
|
||||||
|
|
||||||
// filter containers
|
// filter containers
|
||||||
filteredContainers := fun.Filter(provider.ContainerFilter, containersInspected).([]dockertypes.ContainerJSON)
|
filteredContainers := fun.Filter(func(container dockertypes.ContainerJSON) bool {
|
||||||
|
return provider.containerFilter(container, provider.ExposedByDefault)
|
||||||
|
}, containersInspected).([]dockertypes.ContainerJSON)
|
||||||
|
|
||||||
frontends := map[string][]dockertypes.ContainerJSON{}
|
frontends := map[string][]dockertypes.ContainerJSON{}
|
||||||
for _, container := range filteredContainers {
|
for _, container := range filteredContainers {
|
||||||
|
@ -202,8 +205,7 @@ func (provider *Docker) loadDockerConfig(containersInspected []dockertypes.Conta
|
||||||
return configuration
|
return configuration
|
||||||
}
|
}
|
||||||
|
|
||||||
// ContainerFilter checks if container have to be exposed
|
func (provider *Docker) containerFilter(container dockertypes.ContainerJSON, exposedByDefaultFlag bool) bool {
|
||||||
func (provider *Docker) ContainerFilter(container dockertypes.ContainerJSON) bool {
|
|
||||||
_, err := strconv.Atoi(container.Config.Labels["traefik.port"])
|
_, err := strconv.Atoi(container.Config.Labels["traefik.port"])
|
||||||
if len(container.NetworkSettings.Ports) == 0 && err != nil {
|
if len(container.NetworkSettings.Ports) == 0 && err != nil {
|
||||||
log.Debugf("Filtering container without port and no traefik.port label %s", container.Name)
|
log.Debugf("Filtering container without port and no traefik.port label %s", container.Name)
|
||||||
|
@ -214,7 +216,7 @@ func (provider *Docker) ContainerFilter(container dockertypes.ContainerJSON) boo
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
if container.Config.Labels["traefik.enable"] == "false" {
|
if !isContainerEnabled(container, exposedByDefaultFlag) {
|
||||||
log.Debugf("Filtering disabled container %s", container.Name)
|
log.Debugf("Filtering disabled container %s", container.Name)
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
@ -326,6 +328,10 @@ func (provider *Docker) getEntryPoints(container dockertypes.ContainerJSON) []st
|
||||||
return []string{}
|
return []string{}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func isContainerEnabled(container dockertypes.ContainerJSON, exposedByDefault bool) bool {
|
||||||
|
return exposedByDefault && container.Config.Labels["traefik.enable"] != "false" || container.Config.Labels["traefik.enable"] == "true"
|
||||||
|
}
|
||||||
|
|
||||||
func getLabel(container dockertypes.ContainerJSON, label string) (string, error) {
|
func getLabel(container dockertypes.ContainerJSON, label string) (string, error) {
|
||||||
for key, value := range container.Config.Labels {
|
for key, value := range container.Config.Labels {
|
||||||
if key == label {
|
if key == label {
|
||||||
|
|
|
@ -648,6 +648,7 @@ func TestDockerTraefikFilter(t *testing.T) {
|
||||||
provider := Docker{}
|
provider := Docker{}
|
||||||
containers := []struct {
|
containers := []struct {
|
||||||
container docker.ContainerJSON
|
container docker.ContainerJSON
|
||||||
|
exposedByDefault bool
|
||||||
expected bool
|
expected bool
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
|
@ -658,6 +659,7 @@ func TestDockerTraefikFilter(t *testing.T) {
|
||||||
Config: &container.Config{},
|
Config: &container.Config{},
|
||||||
NetworkSettings: &docker.NetworkSettings{},
|
NetworkSettings: &docker.NetworkSettings{},
|
||||||
},
|
},
|
||||||
|
exposedByDefault: true,
|
||||||
expected: false,
|
expected: false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -678,6 +680,7 @@ func TestDockerTraefikFilter(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
exposedByDefault: true,
|
||||||
expected: false,
|
expected: false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -698,6 +701,7 @@ func TestDockerTraefikFilter(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
exposedByDefault: true,
|
||||||
expected: true,
|
expected: true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -715,6 +719,7 @@ func TestDockerTraefikFilter(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
exposedByDefault: true,
|
||||||
expected: false,
|
expected: false,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -731,6 +736,7 @@ func TestDockerTraefikFilter(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
exposedByDefault: true,
|
||||||
expected: true,
|
expected: true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -752,6 +758,7 @@ func TestDockerTraefikFilter(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
exposedByDefault: true,
|
||||||
expected: true,
|
expected: true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -772,6 +779,7 @@ func TestDockerTraefikFilter(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
exposedByDefault: true,
|
||||||
expected: true,
|
expected: true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -792,6 +800,7 @@ func TestDockerTraefikFilter(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
exposedByDefault: true,
|
||||||
expected: true,
|
expected: true,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -812,12 +821,51 @@ func TestDockerTraefikFilter(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
exposedByDefault: true,
|
||||||
|
expected: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
container: docker.ContainerJSON{
|
||||||
|
ContainerJSONBase: &docker.ContainerJSONBase{
|
||||||
|
Name: "container",
|
||||||
|
},
|
||||||
|
Config: &container.Config{},
|
||||||
|
NetworkSettings: &docker.NetworkSettings{
|
||||||
|
NetworkSettingsBase: docker.NetworkSettingsBase{
|
||||||
|
Ports: nat.PortMap{
|
||||||
|
"80/tcp": {},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
exposedByDefault: false,
|
||||||
|
expected: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
container: docker.ContainerJSON{
|
||||||
|
ContainerJSONBase: &docker.ContainerJSONBase{
|
||||||
|
Name: "container",
|
||||||
|
},
|
||||||
|
Config: &container.Config{
|
||||||
|
Labels: map[string]string{
|
||||||
|
"traefik.enable": "true",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
NetworkSettings: &docker.NetworkSettings{
|
||||||
|
NetworkSettingsBase: docker.NetworkSettingsBase{
|
||||||
|
Ports: nat.PortMap{
|
||||||
|
"80/tcp": {},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
exposedByDefault: false,
|
||||||
expected: true,
|
expected: true,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, e := range containers {
|
for _, e := range containers {
|
||||||
actual := provider.ContainerFilter(e.container)
|
actual := provider.containerFilter(e.container, e.exposedByDefault)
|
||||||
if actual != e.expected {
|
if actual != e.expected {
|
||||||
t.Fatalf("expected %v for %+v, got %+v", e.expected, e, actual)
|
t.Fatalf("expected %v for %+v, got %+v", e.expected, e, actual)
|
||||||
}
|
}
|
||||||
|
@ -972,6 +1020,7 @@ func TestDockerLoadDockerConfig(t *testing.T) {
|
||||||
|
|
||||||
provider := &Docker{
|
provider := &Docker{
|
||||||
Domain: "docker.localhost",
|
Domain: "docker.localhost",
|
||||||
|
ExposedByDefault: true,
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, c := range cases {
|
for _, c := range cases {
|
||||||
|
|
|
@ -246,6 +246,13 @@
|
||||||
#
|
#
|
||||||
# filename = "docker.tmpl"
|
# filename = "docker.tmpl"
|
||||||
|
|
||||||
|
# Expose containers by default in traefik
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
# Default: true
|
||||||
|
#
|
||||||
|
# exposedbydefault = true
|
||||||
|
|
||||||
# Enable docker TLS connection
|
# Enable docker TLS connection
|
||||||
#
|
#
|
||||||
# Optional
|
# Optional
|
||||||
|
|
Loading…
Reference in a new issue