Skip to content

Traefik & Rancher

A Story of Labels, Services & Containers

Rancher

Attach labels to your services and let Traefik do the rest!

Important

This provider is specific to Rancher 1.x. Rancher 2.x requires Kubernetes and does not have a metadata endpoint of its own for Traefik to query. As such, Rancher 2.x users should utilize the Kubernetes provider directly.

Configuration Examples

Configuring Rancher & Deploying / Exposing Services

Enabling the rancher provider

[providers.rancher]
providers:
  rancher: {}
--providers.rancher=true

Attaching labels to services

labels:
  - traefik.http.services.my-service.rule=Host(`my-domain`)

Provider Configuration Options

Browse the Reference

If you're in a hurry, maybe you'd rather go through the configuration reference:

# Enable Rancher Provider.
[providers.rancher]

  # Expose Rancher services by default in Traefik.
  exposedByDefault = true

  # Enable watch Rancher changes.
  watch = true

  # Filter services with unhealthy states and inactive states.
  enableServiceHealthFilter = true

  # Defines the polling interval (in seconds).
  refreshSeconds = 15

  # Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
  intervalPoll = false

  # Prefix used for accessing the Rancher metadata service
  prefix = "/latest"
# Enable Rancher Provider.
providers:
  rancher:

  # Expose Rancher services by default in Traefik.
  exposedByDefault: true

  # Enable watch Rancher changes.
  watch: true

  # Filter services with unhealthy states and inactive states.
  enableServiceHealthFilter: true

  # Defines the polling interval (in seconds).
  refreshSeconds: 15

  # Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
  intervalPoll: false

  # Prefix used for accessing the Rancher metadata service
  prefix: "/latest"
# Enable Rancher Provider.
--providers.rancher=true

# Expose Rancher services by default in Traefik.
--providers.rancher.exposedByDefault=true

# Enable watch Rancher changes.
--providers.rancher.watch=true

# Filter services with unhealthy states and inactive states.
--providers.rancher.enableServiceHealthFilter=true

# Defines the polling interval (in seconds).
--providers.rancher.refreshSeconds=15

# Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
--providers.rancher.intervalPoll=false

# Prefix used for accessing the Rancher metadata service
--providers.rancher.prefix="/latest"

List of all available labels for the dynamic configuration references.

exposedByDefault

Optional, Default=true

[providers.rancher]
  exposedByDefault = false
  # ...
providers:
  rancher:
    exposedByDefault: false
    # ...
--providers.rancher.exposedByDefault=false
# ...

Expose Rancher services by default in Traefik. If set to false, services that don't have a traefik.enable=true label will be ignored from the resulting routing configuration.

See also Restrict the Scope of Service Discovery.

defaultRule

Optional, Default=Host(`{{ normalize .Name }}`)

[providers.rancher]
  defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
  # ...
providers:
  rancher:
    defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
    # ...
--providers.rancher.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...

The default host rule for all services.

For a given container if no routing rule was defined by a label, it is defined by this defaultRule instead. It must be a valid Go template, augmented with the sprig template functions. The service name can be accessed as the Name identifier, and the template has access to all the labels defined on this container.

This option can be overridden on a container basis with the traefik.http.routers.Router1.rule label.

enableServiceHealthFilter

Optional, Default=true

[providers.rancher]
  enableServiceHealthFilter = false
  # ...
providers:
  rancher:
    enableServiceHealthFilter: false
    # ...
--providers.rancher.enableServiceHealthFilter=false
# ...

Filter services with unhealthy states and inactive states.

refreshSeconds

Optional, Default=15

[providers.rancher]
  refreshSeconds = 30
  # ...
providers:
  rancher:
    refreshSeconds: 30
    # ...
--providers.rancher.refreshSeconds=30
# ...

Defines the polling interval (in seconds).

intervalPoll

Optional, Default=false

[providers.rancher]
  intervalPoll = true
  # ...
providers:
  rancher:
    intervalPoll: true
    # ...
--providers.rancher.intervalPoll=true
# ...

Poll the Rancher metadata service for changes every rancher.refreshSeconds, which is less accurate than the default long polling technique which will provide near instantaneous updates to Traefik.

prefix

Optional, Default=/latest

[providers.rancher]
  prefix = "/test"
  # ...
providers:
  rancher:
    prefix: "/test"
    # ...
--providers.rancher.prefix="/test"
# ...

Prefix used for accessing the Rancher metadata service

constraints

Optional, Default=""

[providers.rancher]
  constraints = "Label(`a.label.name`, `foo`)"
  # ...
providers:
  rancher:
    constraints: "Label(`a.label.name`, `foo`)"
    # ...
--providers.rancher.constraints="Label(`a.label.name`, `foo`)"
# ...

Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. That is to say, if none of the container's labels match the expression, no route for the container is created. If the expression is empty, all detected containers are included.

The expression syntax is based on the Label("key", "value"), and LabelRegexp("key", "value") functions, as well as the usual boolean logic, as shown in examples below.

Constraints Expression Examples
# Includes only containers having a label with key `a.label.name` and value `foo`
constraints = "Label(`a.label.name`, `foo`)"
# Excludes containers having any label with key `a.label.name` and value `foo`
constraints = "!Label(`a.label.name`, `value`)"
# With logical AND.
constraints = "Label(`a.label.name`, `valueA`) && Label(`another.label.name`, `valueB`)"
# With logical OR.
constraints = "Label(`a.label.name`, `valueA`) || Label(`another.label.name`, `valueB`)"
# With logical AND and OR, with precedence set by parentheses.
constraints = "Label(`a.label.name`, `valueA`) && (Label(`another.label.name`, `valueB`) || Label(`yet.another.label.name`, `valueC`))"
# Includes only containers having a label with key `a.label.name` and a value matching the `a.+` regular expression.
constraints = "LabelRegexp(`a.label.name`, `a.+`)"

See also Restrict the Scope of Service Discovery.

Routing Configuration Options

General

Traefik creates, for each rancher service, a corresponding service and router.

The Service automatically gets a server per container in this rancher service, and the router gets a default rule attached to it, based on the service name.

Routers

To update the configuration of the Router automatically attached to the container, add labels starting with traefik.routers.{name-of-your-choice}. and followed by the option you want to change. For example, to change the rule, you could add the label traefik.http.routers.my-container.rule=Host(my-domain).

Every Router parameter can be updated this way.

Services

To update the configuration of the Service automatically attached to the container, add labels starting with traefik.http.services.{name-of-your-choice}., followed by the option you want to change. For example, to change the passhostheader behavior, you'd add the label traefik.http.services.{name-of-your-choice}.loadbalancer.passhostheader=false.

Every Service parameter can be updated this way.

Middleware

You can declare pieces of middleware using labels starting with traefik.http.middlewares.{name-of-your-choice}., followed by the middleware type/options. For example, to declare a middleware redirectscheme named my-redirect, you'd write traefik.http.middlewares.my-redirect.redirectscheme.scheme: https.

Declaring and Referencing a Middleware
# ...
labels:
 - traefik.http.middlewares.my-redirect.redirectscheme.scheme=https
 - traefik.http.routers.my-container.middlewares=my-redirect

Conflicts in Declaration

If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.

More information about available middlewares in the dedicated middlewares section.

Specific Options

traefik.enable

You can tell Traefik to consider (or not) the container by setting traefik.enable to true or false.

This option overrides the value of exposedByDefault.

Port Lookup

Traefik is now capable of detecting the port to use, by following the default rancher flow. That means, if you just expose lets say port :1337 on the rancher ui, traefik will pick up this port and use it.