3.8 KiB
Traefik & Etcd
A Story of KV store & Containers {: .subtitle }
Store your configuration in etcd and let Traefik do the rest!
Routing Configuration
See the dedicated section in routing.
Provider Configuration
endpoints
Required, Default="127.0.0.1:2379"
Defines how to access etcd.
providers:
etcd:
endpoints:
- "127.0.0.1:2379"
[providers.etcd]
endpoints = ["127.0.0.1:2379"]
--providers.etcd.endpoints=127.0.0.1:2379
rootKey
Required, Default="traefik"
Defines the root key of the configuration.
providers:
etcd:
rootKey: "traefik"
[providers.etcd]
rootKey = "traefik"
--providers.etcd.rootkey=traefik
username
Optional, Default=""
Defines a username with which to connect to etcd.
providers:
etcd:
# ...
username: "foo"
[providers.etcd]
# ...
username = "foo"
--providers.etcd.username=foo
password
Optional, Default=""
Defines a password with which to connect to etcd.
providers:
etcd:
# ...
password: "bar"
[providers.etcd]
# ...
password = "bar"
--providers.etcd.password=foo
tls
Optional
tls.ca
Certificate Authority used for the secure connection to etcd.
providers:
etcd:
tls:
ca: path/to/ca.crt
[providers.etcd.tls]
ca = "path/to/ca.crt"
--providers.etcd.tls.ca=path/to/ca.crt
tls.caOptional
The value of tls.caOptional
defines which policy should be used for the secure connection with TLS Client Authentication to etcd.
!!! warning ""
If `tls.ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
When this option is set to true
, a client certificate is requested during the handshake but is not required. If a certificate is sent, it is required to be valid.
When this option is set to false
, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
providers:
etcd:
tls:
caOptional: true
[providers.etcd.tls]
caOptional = true
--providers.etcd.tls.caOptional=true
tls.cert
Public certificate used for the secure connection to etcd.
providers:
etcd:
tls:
cert: path/to/foo.cert
key: path/to/foo.key
[providers.etcd.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
--providers.etcd.tls.cert=path/to/foo.cert
--providers.etcd.tls.key=path/to/foo.key
tls.key
Private certificate used for the secure connection to etcd.
providers:
etcd:
tls:
cert: path/to/foo.cert
key: path/to/foo.key
[providers.etcd.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
--providers.etcd.tls.cert=path/to/foo.cert
--providers.etcd.tls.key=path/to/foo.key
tls.insecureSkipVerify
If insecureSkipVerify
is true
, the TLS connection to etcd accepts any certificate presented by the server regardless of the hostnames it covers.
providers:
etcd:
tls:
insecureSkipVerify: true
[providers.etcd.tls]
insecureSkipVerify = true
--providers.etcd.tls.insecureSkipVerify=true