baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions
traefik/docs/content/providers/ecs.md
Brendan Le Glaunec 0937cba870
Provider documentation fixes
2021-02-11 19:04:03 +01:00

222 lines
4.4 KiB
Markdown
Raw Blame History

# Traefik & AWS ECS
A Story of Labels & Elastic Containers
{: .subtitle }
Attach labels to your ECS containers and let Traefik do the rest!
## Configuration Examples
??? example "Configuring ECS provider"
Enabling the ECS provider:
```toml tab="File (TOML)"
[providers.ecs]
```
```yaml tab="File (YAML)"
providers:
ecs: {}
```
```bash tab="CLI"
--providers.ecs=true
```
## Policy
Traefik needs the following policy to read ECS information:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "TraefikECSReadAccess",
"Effect": "Allow",
"Action": [
"ecs:ListClusters",
"ecs:DescribeClusters",
"ecs:ListTasks",
"ecs:DescribeTasks",
"ecs:DescribeContainerInstances",
"ecs:DescribeTaskDefinition",
"ec2:DescribeInstances"
],
"Resource": [
"*"
]
}
]
}
```
## Provider Configuration
### `autoDiscoverClusters`
_Optional, Default=false_
Search for services in cluster list.
- If set to `true` service discovery is disabled on configured clusters, but enabled for all other clusters.
- If set to `false` service discovery is enabled on configured clusters only.
```toml tab="File (TOML)"
[providers.ecs]
autoDiscoverClusters = true
# ...
```
```yaml tab="File (YAML)"
providers:
ecs:
autoDiscoverClusters: true
# ...
```
```bash tab="CLI"
--providers.ecs.autoDiscoverClusters=true
# ...
```
### `clusters`
_Optional, Default=["default"]_
Search for services in cluster list.
```toml tab="File (TOML)"
[providers.ecs]
clusters = ["default"]
# ...
```
```yaml tab="File (YAML)"
providers:
ecs:
clusters:
- default
# ...
```
```bash tab="CLI"
--providers.ecs.clusters=default
# ...
```
### `exposedByDefault`
_Optional, Default=true_
Expose ECS services by default in Traefik.
If set to `false`, services that do not have a `traefik.enable=true` label are ignored from the resulting routing configuration.
```toml tab="File (TOML)"
[providers.ecs]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)"
providers:
ecs:
exposedByDefault: false
# ...
```
```bash tab="CLI"
--providers.ecs.exposedByDefault=false
# ...
```
### `defaultRule`
_Optional, Default=```Host(`{{ normalize .Name }}`)```_
The `defaultRule` option defines what routing rule to apply to a container if no rule is defined by a label.
It must be a valid [Go template](https://golang.org/pkg/text/template/), and can use
[sprig template functions](http://masterminds.github.io/sprig/).
The container service name can be accessed with the `Name` identifier,
and the template has access to all the labels defined on this container.
```toml tab="File (TOML)"
[providers.ecs]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)"
providers:
ecs:
defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI"
--providers.ecs.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
# ...
```
### `refreshSeconds`
_Optional, Default=15_
Polling interval (in seconds).
```toml tab="File (TOML)"
[providers.ecs]
refreshSeconds = 15
# ...
```
```yaml tab="File (YAML)"
providers:
ecs:
refreshSeconds: 15
# ...
```
```bash tab="CLI"
--providers.ecs.refreshSeconds=15
# ...
```
### Credentials
_Optional_
If `region` is not provided, it is resolved from the EC2 metadata endpoint for EC2 tasks.
In a FARGATE context it is resolved from the `AWS_REGION` environment variable.
If `accessKeyID` and `secretAccessKey` are not provided, credentials are resolved in the following order:
- Using the environment variables `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN`.
- Using shared credentials, determined by `AWS_PROFILE` and `AWS_SHARED_CREDENTIALS_FILE`, defaults to `default` and `~/.aws/credentials`.
- Using EC2 instance role or ECS task role
```toml tab="File (TOML)"
[providers.ecs]
region = "us-east-1"
accessKeyID = "abc"
secretAccessKey = "123"
```
```yaml tab="File (YAML)"
providers:
ecs:
region: us-east-1
accessKeyID: "abc"
secretAccessKey: "123"
# ...
```
```bash tab="CLI"
--providers.ecs.region="us-east-1"
--providers.ecs.accessKeyID="abc"
--providers.ecs.secretAccessKey="123"
# ...
```
Reference in a new issue View git blame Copy permalink