Traefik V2

I have been really thinking about moving v8 edge “ingress”!

Traefik has been a great addition and if currently doing all our JWT and legecy tokens.

Recently ran 10% of v8’s cookie traffic uuid magic with amazing success: “Sorry HaProxy

#docker-compose-traefik-v2.yml
version: "3.7"

services:
  traefik:
    networks: 
      - backend
    image: "traefik:v2.0.4"
    container_name: "traefik"
    command:
      - "--log.level=ERROR" #${LOG_LEVEL} shell LOG_LEVEL=DEBUG, LOG_LEVEL=ERROR
      - "--accesslog=true"
      - "--accesslog.fields.headers.defaultmode=keep"
      - "--providers.file.filename=/dynamic_conf.toml"
      - "--global.sendAnonymousUsage=false"
      - "--api=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mydnschallenge.acme.dnschallenge=true"
      - "--certificatesResolvers.mydnschallenge.acme.dnsChallenge.delayBeforeCheck=90"
      - "--certificatesresolvers.mydnschallenge.acme.dnschallenge.provider=godaddy"
#      - "--certificatesresolvers.mydnschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.mydnschallenge.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.mydnschallenge.acme.email=emailAdd@example.com"
      - "--certificatesresolvers.mydnschallenge.acme.storage=/letsencrypt/acme.json"
      - "--metrics.influxDB"
      - "--metrics.influxdb=true"
      - "--metrics.influxdb.database=metrics"
      - "--metrics.influxdb.address=influx:8086"
      - "--metrics.influxdb.protocol=http"
      - "--metrics.influxdb.pushInterval=1s"
      - "--metrics.influxdb.addEntryPointsLabels=true"
      - "--metrics.influxdb.addServicesLabels=true"
    # HAck for Global routers to provide the client IP
    ports:
      - mode: host
        protocol: tcp
        published: 80
        target: 80
      - mode: host
        protocol: tcp
        published: 443
        target: 443
      - mode: host
        protocol: tcp
        published: 8080
        target: 8080

    environment:
      - "GODADDY_API_SECRET=ADD Secret"
      - "GODADDY_API_KEY=API KEY"
    volumes:
      - "letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    #deploy:
    #configs:
      #- source: traefik1
      #- source: traefik2
      #  target: /dynamic_conf.toml
volumes:
  letsencrypt:
    driver: local

networks:
  backend:
    external: false
    name: custom_backend
    driver: overlay

influxdb

#docker-compose-influx.yml
version: "3.7"

services:
  influx:
    networks: 
      - backend
    image: "influxdb"
    container_name: "influx"
    environment:
      - INFLUXDB_DB=metrics
      - INFLUXDB_GRAPHITE_ENABLED=true
      - INFLUXDB_GRAPHITE_0_ENABLED=true
      - INFLUXDB_GRAPHITE_0_DATABASE=graphite
      - INFLUXDB_GRAPHITE_0_BIND_ADDRESS=0.0.0.0:2003
      - INFLUXDB_GRAPHITE_PROTOCOL=tcp
      - INFLUXDB_ADMIN_ENABLED=true
      - INFLUXDB_HTTP_ENABLED=true
      - INFLUXDB_HTTP_BIND_ADDRESS=0.0.0.0:8086
    volumes:
      - "influx:/var/lib/influxdb"
    deploy:
      placement:
        constraints:
          - node.role == manager
volumes:
  influx:
    driver: local

networks:
  backend:
    external: true
    name: custom_backend
    driver: overlay

deploy

docker swarm init # Run if your docker daemon is not already a member of a cluster.
docker stack deploy --with-registry-auth --compose-file docker-compose-traefik-v2.yml --prune ROUTER
docker stack deploy --with-registry-auth --compose-file docker-compose-influx.yml --prune INFLUX
# Or under one stack
docker stack deploy --with-registry-auth --compose-file docker-compose-traefik-v2.yml --compose-file docker-compose-influx.yml --prune ALL

Confirm traefik is running

curl -sv http://127.0.0.1:8080/