Traefik 集群无法在 Consul 中找到密钥

Traefik cluster fails to find keys in Consul

我决定遵循 this 指南,但我遇到了很多问题。

首先需要在 command 中指定 traefik 命令,否则我会遇到 entrypoint.sh 找不到命令 storedata 的错误,是的> yaml 语法是在 docker-compose.yml

中传递多行命令的有效方式

所以这是 docker-compose.yml:

docker-compose.yml
    visualizer:
      image: dockersamples/visualizer:latest
      volumes:
        - "/var/run/docker.sock:/var/run/docker.sock"
      networks:
        - traefik
        - default
      ports:
        - "8001:8080"
      deploy:
        labels:
          - "traefik.port=8080"
          - "traefik.tags=monitoring"
          - "traefik.docker.network=infra_traefik"
          - "traefik.backend=visualizer"
          - "traefik.frontend.rule=Host:visualizer.swarm.xxx.io"
          - "traefik.frontend.auth.basic=admin:$$apr1$$dxw2H03E$$VWrfVhKQWyaRiZ4XsfWCK/"
        restart_policy:
          condition: on-failure
        replicas: 1
        placement:
          constraints:
            - node.labels.name == master
    consul:
      image: consul
      command: agent -server -bootstrap-expect=1
      volumes:
        - consul-data:/consul/data
      environment:
        - CONSUL_LOCAL_CONFIG={"datacenter":"ams3","server":true}
        - CONSUL_BIND_INTERFACE=eth0
        - CONSUL_CLIENT_INTERFACE=eth0
      deploy:
        labels:
          - "traefik.enable=false"
        replicas: 1
        placement:
          constraints:
            - node.role == manager
        restart_policy:
         condition: on-failure
      networks:
        - traefik
    proxy_init:
      image: traefik:1.6.3-alpine
      command: >
         traefik
         storeconfig
         --api
         --entrypoints='Name:http Address::80 Redirect.EntryPoint:https'
         --entrypoints='Name:https Address::443 TLS'
         --defaultentrypoints=http,https
         --acme
         --acme.storage="traefik/acme/account"
         --acme.entryPoint=https
         --acme.httpChallenge.entryPoint=http
         --acme.onHostRule=true
         --acme.acmelogging=true
         --acme.onDemand=false
         --acme.email="xxx@gmail.com"
         --docker
         --docker.swarmMode
         --docker.domain=swarm.xxx.io
         --docker.watch
         --consul
         --consul.endpoint=consul:8500
         --consul.prefix=traefik
         --accesslogsfile=/dev/stdout
         --debug
      networks:
         - traefik
      deploy:
         placement:
            constraints:
              - node.role == manager
         restart_policy:
            condition: on-failure
      depends_on:
        - consul
    proxy:
      image: traefik:1.6.3-alpine
      depends_on:
        - traefik_init
        - consul
      command: >
        traefik
        --consul
        --consul.watch
        --consul.endpoint=consul:8500
        --consul.prefix=traefik
      volumes:
        - /var/run/docker.sock:/var/run/docker.sock
      networks:
        - traefik
      ports:
        - 80:80
        - 443:443
        - 8080:8080
      deploy:
        labels:
          - "traefik.docker.network=infra_traefik"
          - "traefik.port=8080"
          - "traefik.tags=monitoring"
          - "traefik.backend.loadbalancer.stickiness=true"
          - "traefik.frontend.passHostHeader=true"
          - "traefik.frontend.rule=Host:proxy.swarm.xxx.io"
          - "traefik.frontend.auth.basic=admin:$$apr1$$hfqD9TtY$$oGSy9nS."
        mode: global
        restart_policy:
          condition: on-failure
        placement:
          constraints:
            - node.role == manager
        update_config:
          parallelism: 1
          delay: 10s
      volumes:
        - "/var/run/docker.sock:/var/run/docker.sock"
networks:
  traefik:
      driver: overlay
volumes:
  portainer-data:
    driver: local
  consul-data:
    driver: local
  traefik-data:
    driver: local

下面是 proxy_init 容器的日志显示:

infra_proxy_init.1.4rtllualg8od@swarm-manager-0    | 2018/06/12 15:41:35 Storing configuration: 
{
  "LifeCycle": {
    "RequestAcceptGraceTimeout": 0,
    "GraceTimeOut": 10000000000
  },
  "GraceTimeOut": 0,
  "Debug": true,
  "CheckNewVersion": true,
  "SendAnonymousUsage": false,
  "AccessLogsFile": "/dev/stdout",
  "AccessLog": null,
  "TraefikLogsFile": "",
  "TraefikLog": null,
  "Tracing": null,
  "LogLevel": "DEBUG",
  "EntryPoints": {
    "http": {
      "Address": ":80",
      "TLS": null,
      "Redirect": {
        "entryPoint": "https"
      },
      "Auth": null,
      "WhitelistSourceRange": null,
      "WhiteList": null,
      "Compress": false,
      "ProxyProtocol": null,
      "ForwardedHeaders": {
        "Insecure": true,
        "TrustedIPs": null
      }
    },
    "https": {
      "Address": ":443",
      "TLS": {
        "MinVersion": "",
        "CipherSuites": null,
        "Certificates": [],
        "ClientCAFiles": null,
        "ClientCA": {
          "Files": null,
          "Optional": false
        }
      },
      "Redirect": null,
      "Auth": null,
      "WhitelistSourceRange": null,
      "WhiteList": null,
      "Compress": false,
      "ProxyProtocol": null,
      "ForwardedHeaders": {
        "Insecure": true,
        "TrustedIPs": null
      }
    }
  },
  "Cluster": null,
  "Constraints": [],
  "ACME": {
    "Email": "xxx@gmail.com",
    "Domains": null,
    "Storage": "traefik/acme/account",
    "StorageFile": "",
    "OnDemand": false,
    "OnHostRule": true,
    "CAServer": "",
    "EntryPoint": "https",
    "DNSChallenge": null,
    "HTTPChallenge": {
      "EntryPoint": "http"
    },
    "DNSProvider": "",
    "DelayDontCheckDNS": 0,
    "ACMELogging": true,
    "TLSConfig": null
  },
  "DefaultEntryPoints": [
    "http",
    "https"
  ],
  "ProvidersThrottleDuration": 2000000000,
  "MaxIdleConnsPerHost": 200,
  "IdleTimeout": 0,
  "InsecureSkipVerify": false,
  "RootCAs": null,
  "Retry": null,
  "HealthCheck": {
    "Interval": 30000000000
  },
  "RespondingTimeouts": null,
  "ForwardingTimeouts": null,
  "AllowMinWeightZero": false,
  "Web": null,
  "Docker": {
    "Watch": true,
    "Filename": "",
    "Constraints": null,
    "Trace": false,
    "TemplateVersion": 0,
    "DebugLogGeneratedTemplate": false,
    "Endpoint": "unix:///var/run/docker.sock",
    "Domain": "swarm.xxx.io",
    "TLS": null,
    "ExposedByDefault": true,
    "UseBindPortIP": false,
    "SwarmMode": true
  },
  "File": null,
  "Marathon": null,
  "Consul": {
    "Watch": true,
    "Filename": "",
    "Constraints": [],
    "Trace": false,
    "TemplateVersion": 0,
    "DebugLogGeneratedTemplate": false,
    "Endpoint": "consul:8500",
    "Prefix": "traefik",
    "TLS": null,
    "Username": "",
    "Password": ""
  },
  "ConsulCatalog": null,
  "Etcd": null,
  "Zookeeper": null,
  "Boltdb": null,
  "Kubernetes": null,
  "Mesos": null,
  "Eureka": null,
  "ECS": null,
  "Rancher": null,
  "DynamoDB": null,
  "ServiceFabric": null,
  "Rest": null,
  "API": {
    "EntryPoint": "traefik",
    "Dashboard": true,
    "Debug": false,
    "CurrentConfigurations": null,
    "Statistics": null
  },
  "Metrics": null,
  "Ping": null
}

其次,我已经指定了该手册中的所有内容,所有 consul 前缀,等等,Traefik 说他找不到前端和后端,也找不到 traefik/ 中的几乎所有内容:

infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/backends/\": Key not found in store"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/frontends/\": Key not found in store"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:54:59Z" level=debug msg="Transaction 8714f767-ed5a-477f-ae46-6ebd0b4e15c2 begins"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/tls/\": Key not found in store"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:54:59Z" level=debug msg="Configuration received from provider consul: {}"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:54:59Z" level=info msg="Skipping same configuration for provider consul"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:54:59Z" level=debug msg="Cannot get key traefik/alias Key not found in store, setting default traefik"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/backends/\": Key not found in store"
infra_proxy.0.vzv9q4rns6r7@swarm-manager-0    | time="2018-06-12T15:54:59Z" level=debug msg="Datastore reload"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:54:59Z" level=error msg="Datastore sync error: Object lock value: expected 8714f767-ed5a-477f-ae46-6ebd0b4e15c2, got 068a8a6d-66a9-4d01-b44e-020a601c05da, retrying in 677.561632ms"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:54:59Z" level=debug msg="Datastore reload"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:54:59Z" level=debug msg="Datastore reload"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/frontends/\": Key not found in store"
infra_proxy.0.vzv9q4rns6r7@swarm-manager-0    | time="2018-06-12T15:54:59Z" level=debug msg="Cannot get key traefik/alias Key not found in store, setting default traefik"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/tls/\": Key not found in store"
infra_proxy.0.vzv9q4rns6r7@swarm-manager-0    | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/backends/\": Key not found in store"
infra_proxy.0.vzv9q4rns6r7@swarm-manager-0    | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/frontends/\": Key not found in store"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:54:59Z" level=debug msg="Configuration received from provider consul: {}"
infra_proxy.0.vzv9q4rns6r7@swarm-manager-0    | time="2018-06-12T15:55:00Z" level=debug msg="Cannot list keys under \"traefik/tls/\": Key not found in store"
infra_proxy.0.vzv9q4rns6r7@swarm-manager-0    | time="2018-06-12T15:55:00Z" level=debug msg="Configuration received from provider consul: {}"
infra_proxy.0.vzv9q4rns6r7@swarm-manager-0    | time="2018-06-12T15:55:00Z" level=info msg="Skipping same configuration for provider consul"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:54:59Z" level=info msg="Skipping same configuration for provider consul"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:54:59Z" level=debug msg="Cannot get key traefik/alias Key not found in store, setting default traefik"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/backends/\": Key not found in store"
infra_proxy.0.vzv9q4rns6r7@swarm-manager-0    | time="2018-06-12T15:55:00Z" level=debug msg="Building ACME client..."
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:54:59Z" level=debug msg="Cannot list keys under \"traefik/frontends/\": Key not found in store"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:55:00Z" level=debug msg="Cannot list keys under \"traefik/tls/\": Key not found in store"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:55:00Z" level=debug msg="Configuration received from provider consul: {}"
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:55:00Z" level=info msg="Skipping same configuration for provider consul"
infra_proxy.0.vzv9q4rns6r7@swarm-manager-0    | time="2018-06-12T15:55:00Z" level=debug msg="Using HTTP Challenge provider."
infra_proxy.0.xu6e4zez242f@swarm-master    | time="2018-06-12T15:55:00Z" level=debug msg="Reset ACME account object."

这是来自 consul 容器的日志:

holms@debian ~> docker --tls service logs -f infra_consul
infra_consul.1.uo2dqcm0s6tv@swarm-master    | ==> Found address '10.0.2.253' for interface 'eth0', setting bind option...
infra_consul.1.uo2dqcm0s6tv@swarm-master    | ==> Found address '10.0.2.253' for interface 'eth0', setting client option...
infra_consul.1.uo2dqcm0s6tv@swarm-master    | BootstrapExpect is set to 1; this is the same as Bootstrap mode.
infra_consul.1.uo2dqcm0s6tv@swarm-master    | bootstrap = true: do not enable unless necessary
infra_consul.1.uo2dqcm0s6tv@swarm-master    | ==> Starting Consul agent...
infra_consul.1.uo2dqcm0s6tv@swarm-master    | ==> Consul agent running!
infra_consul.1.uo2dqcm0s6tv@swarm-master    |            Version: 'v1.1.0'
infra_consul.1.uo2dqcm0s6tv@swarm-master    |            Node ID: '05472876-6f66-bb37-5f4d-62b08624a655'
infra_consul.1.uo2dqcm0s6tv@swarm-master    |          Node name: 'ef0f060252d0'
infra_consul.1.uo2dqcm0s6tv@swarm-master    |         Datacenter: 'ams3' (Segment: '<all>')
infra_consul.1.uo2dqcm0s6tv@swarm-master    |             Server: true (Bootstrap: true)
infra_consul.1.uo2dqcm0s6tv@swarm-master    |        Client Addr: [10.0.2.253] (HTTP: 8500, HTTPS: -1, DNS: 8600)
infra_consul.1.uo2dqcm0s6tv@swarm-master    |       Cluster Addr: 10.0.2.253 (LAN: 8301, WAN: 8302)
infra_consul.1.uo2dqcm0s6tv@swarm-master    |            Encrypt: Gossip: false, TLS-Outgoing: false, TLS-Incoming: false
infra_consul.1.uo2dqcm0s6tv@swarm-master    | 
infra_consul.1.uo2dqcm0s6tv@swarm-master    | ==> Log data will now stream in as it occurs:
infra_consul.1.uo2dqcm0s6tv@swarm-master    | 
infra_consul.1.uo2dqcm0s6tv@swarm-master    |     2018/06/12 14:38:19 [INFO] raft: Initial configuration (index=1): [{Suffrage:Voter ID:05472876-6f66-bb37-5f4d-62b08624a655 Address:10.0.2.253:8300}]
infra_consul.1.uo2dqcm0s6tv@swarm-master    |     2018/06/12 14:38:19 [INFO] serf: EventMemberJoin: ef0f060252d0.ams3 10.0.2.253
infra_consul.1.uo2dqcm0s6tv@swarm-master    |     2018/06/12 14:38:19 [INFO] serf: EventMemberJoin: ef0f060252d0 10.0.2.253
infra_consul.1.uo2dqcm0s6tv@swarm-master    |     2018/06/12 14:38:19 [INFO] agent: Started DNS server 10.0.2.253:8600 (udp)
infra_consul.1.uo2dqcm0s6tv@swarm-master    |     2018/06/12 14:38:19 [INFO] raft: Node at 10.0.2.253:8300 [Follower] entering Follower state (Leader: "")
infra_consul.1.uo2dqcm0s6tv@swarm-master    |     2018/06/12 14:38:19 [INFO] consul: Adding LAN server ef0f060252d0 (Addr: tcp/10.0.2.253:8300) (DC: ams3)
infra_consul.1.uo2dqcm0s6tv@swarm-master    |     2018/06/12 14:38:19 [INFO] consul: Handled member-join event for server "ef0f060252d0.ams3" in area "wan"
infra_consul.1.uo2dqcm0s6tv@swarm-master    |     2018/06/12 14:38:19 [INFO] agent: Started DNS server 10.0.2.253:8600 (tcp)
infra_consul.1.uo2dqcm0s6tv@swarm-master    |     2018/06/12 14:38:19 [INFO] agent: Started HTTP server on 10.0.2.253:8500 (tcp)
infra_consul.1.uo2dqcm0s6tv@swarm-master    |     2018/06/12 14:38:19 [INFO] agent: started state syncer
infra_consul.1.uo2dqcm0s6tv@swarm-master    |     2018/06/12 14:38:25 [WARN] raft: Heartbeat timeout from "" reached, starting election
infra_consul.1.uo2dqcm0s6tv@swarm-master    |     2018/06/12 14:38:25 [INFO] raft: Node at 10.0.2.253:8300 [Candidate] entering Candidate state in term 2
infra_consul.1.uo2dqcm0s6tv@swarm-master    |     2018/06/12 14:38:25 [INFO] raft: Election won. Tally: 1
infra_consul.1.uo2dqcm0s6tv@swarm-master    |     2018/06/12 14:38:25 [INFO] raft: Node at 10.0.2.253:8300 [Leader] entering Leader state
infra_consul.1.uo2dqcm0s6tv@swarm-master    |     2018/06/12 14:38:25 [INFO] consul: cluster leadership acquired
infra_consul.1.uo2dqcm0s6tv@swarm-master    |     2018/06/12 14:38:25 [INFO] consul: New leader elected: ef0f060252d0
infra_consul.1.uo2dqcm0s6tv@swarm-master    |     2018/06/12 14:38:25 [INFO] consul: member 'ef0f060252d0' joined, marking health alive
infra_consul.1.uo2dqcm0s6tv@swarm-master    |     2018/06/12 14:38:26 [INFO] agent: Synced node info

问题与command有关,它必须是数组而不是多行字符串(>)。

另请注意,对于 alpine 版本(且仅适用于 alpine 版本),您需要在 storeconfig 之前添加 traefik:

proxy_init:
  image: traefik:1.6.3-alpine
  command:
     - "traefik"
     - "storeconfig"
     - ...

--

无效:

command: >
    traefik
    --consul
    --consul.watch
    --consul.endpoint=consul:8500
    --consul.prefix=traefik

有效:

command:
    - "traefik"
    - "--consul"
    - "--consul.watch"
    - "--consul.endpoint=consul:8500"
    - "--consul.prefix=traefik"

--

visualizer:
  image: dockersamples/visualizer:latest
  volumes:
    - "/var/run/docker.sock:/var/run/docker.sock"
  networks:
    - traefik
    - default
  ports:
    - "8001:8080"
  deploy:
    labels:
      - "traefik.port=8080"
      - "traefik.tags=monitoring"
      - "traefik.docker.network=infra_traefik"
      - "traefik.backend=visualizer"
      - "traefik.frontend.rule=Host:visualizer.swarm.xxx.io"
      - "traefik.frontend.auth.basic=admin:$$apr1$$dxw2H03E$$VWrfVhKQWyaRiZ4XsfWCK/"
    restart_policy:
      condition: on-failure
    replicas: 1
    placement:
      constraints:
        - node.labels.name == master
consul:
  image: consul
  command: agent -server -bootstrap-expect=1
  volumes:
    - consul-data:/consul/data
  environment:
    - CONSUL_LOCAL_CONFIG={"datacenter":"ams3","server":true}
    - CONSUL_BIND_INTERFACE=eth0
    - CONSUL_CLIENT_INTERFACE=eth0
  deploy:
    labels:
      - "traefik.enable=false"
    replicas: 1
    placement:
      constraints:
        - node.role == manager
    restart_policy:
     condition: on-failure
  networks:
    - traefik
proxy_init:
  image: traefik:1.6.3-alpine
  command:
     - "traefik"
     - "storeconfig"
     - "--api"
     - "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
     - "--entrypoints=Name:https Address::443 TLS"
     - "--defaultentrypoints=http,https"
     - "--acme"
     - "--acme.storage=traefik/acme/account"
     - "--acme.entryPoint=https"
     - "--acme.httpChallenge.entryPoint=http"
     - "--acme.onHostRule=true"
     - "--acme.acmelogging=true"
     - "--acme.onDemand=false"
     - "--acme.email=xxx@gmail.com"
     - "--docker"
     - "--docker.swarmMode"
     - "--docker.domain=swarm.xxx.io"
     - "--docker.watch"
     - "--consul"
     - "--consul.endpoint=consul:8500"
     - "--consul.prefix=traefik"
     - "--accesslogsfile=/dev/stdout"
     - "--debug"
  networks:
     - traefik
  deploy:
     placement:
        constraints:
          - node.role == manager
     restart_policy:
        condition: on-failure
  depends_on:
    - consul
proxy:
  image: traefik:1.6.3-alpine
  depends_on:
    - traefik_init
    - consul
  command:
    - "traefik"
    - "--consul"
    - "--consul.watch"
    - "--consul.endpoint=consul:8500"
    - "--consul.prefix=traefik"
  volumes:
    - /var/run/docker.sock:/var/run/docker.sock
  networks:
    - traefik
  ports:
    - 80:80
    - 443:443
    - 8080:8080
  deploy:
    labels:
      - "traefik.docker.network=infra_traefik"
      - "traefik.port=8080"
      - "traefik.tags=monitoring"
      - "traefik.backend.loadbalancer.stickiness=true"
      - "traefik.frontend.passHostHeader=true"
      - "traefik.frontend.rule=Host:proxy.swarm.xxx.io"
      - "traefik.frontend.auth.basic=admin:$$apr1$$hfqD9TtY$$oGSy9nS."
    mode: global
    restart_policy:
      condition: on-failure
    placement:
      constraints:
        - node.role == manager
    update_config:
      parallelism: 1
      delay: 10s
  volumes:
    - "/var/run/docker.sock:/var/run/docker.sock"
networks:
  traefik:
    driver: overlay
volumes:
  portainer-data:
    driver: local
  consul-data:
    driver: local
  traefik-data:
    driver: local