Swarm Network Discovery¶

On Docker Swarm, one of the best practices is to isolate a service within its own network. Unfortunately this creates complexity as Traefik Enterprise has to join a network to expose the web service.

To solve this problem, we built a network discovery system into Traefik Enterprise. When Traefik Enterprise discovers a new exposable service, it updates the data plane service to join the network the service is on.

Service Update

Under the hood Traefik Enterprise performs a service update to join the new network. This will trigger a rolling update of all the replicas. Please make sure that the service update configuration of the data plane is setup correctly.

Enabling Network Discovery¶

Network Discovery is enabled in the static configuration. Below is an example configuration to enabled Network Discovery:

Swarm Network Discovery (YAML)

#...

cluster:
  swarm:
    networkdiscovery: true

Swarm Network Discovery (TOML)

#...

[cluster]
  [cluster.swarm]
    networkdiscovery = true

Customizing Label For Proxies Service Lookup¶

When dealing with advanced deployment modes, like blue-green deployments, one could have multiple Treafik Enterprise clusters in the same stack. In those situation, the Controller of one cluster, managing the swarm network discovery, needs to identify the Proxies service it is tied to. To do so, it is necessary to add a label on the Proxies service to identify it. This custom label has to be configured as below for the Controller to make use of it to lookup for the Proxies service.

Swarm Network Discovery Label Expression (YAML)

#...

cluster:
  swarm:
    labelExpression: label:value

Swarm Network Discovery Label Expression (TOML)

#...

[cluster]
  [cluster.swarm]
   labelExpression = "label:value"

Manifest Update

The manifest for the Proxies service needs to be updated to have the additional label that will allow the Controller to identify it:

...
services:
    proxies:
    image: {{ $.Image }}
    deploy:
        mode: replicated
        replicas: {{ .Config.Proxies }}
        labels:
            com.containous.traefikee.component: proxies
            label: value
...

Apply the configuration using teectl apply command:

teectl apply --file=config.toml

Using the Network Discovery¶

To use the automatic network discovery system, deploy an app with the Traefik Proxy routing information labels. Please make sure to set the traefik.docker.network label with the name of the network you would like Traefik Enterprise to join. Remember that in the context of a docker stack, the network name is prefixed by the stack name if you did not specify it.

Below is an example stack configuration that would instruct Traefik Enterprise to join the network awesome_network and expose the whoami service:

version: '3.4'
networks:
  mynetwork:
    driver: "overlay"
    name: "awesome_network"

services:
  whoami:
    image: traefik/whoami:v1.6.1
    deploy:
      mode: replicated
      replicas: 2
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.whoami.entrypoints=web"
        - "traefik.http.routers.whoami.rule=Host(`localhost`) && Path(`/whoami`)"
        - "traefik.http.services.whoami.loadbalancer.server.port=80"
        - "traefik.docker.network=awesome_network" # <- Note the network name.
    networks:
      - mynetwork