Swarm Network Autodiscovery (BETA)

On Docker Swarm, one of the best practices is to isolate a service within its own network. Unfortunately this makes it more complicated for TraefikEE to join every network when there is a web service to expose.

To solve this problem, we built a network autodiscovery system inside TraefikEE. Each time it discovers a new exposable service, it updates the data plane service to join the network the service is on.

Using ACME / Let's Encrypt with the autodiscovery

When using ACME / Let's Encrypt along with the autodiscovery feature, certificate generation is very slow if you activated the OnHostRule option and that you are using either the HTTP challenge or the TLS challenge.

The reason why it's slow is because the autodiscovery feature keeps your data plane up to date by progressively restarting replicas to give them access to new networks, which means that whenever this update process is in progress, ACME certificate generation is halted.

If that's your case, we recommend switching to the DNS challenge instead, since it is not impacted by the autodiscovery service updating your data plane.

Service update

Under the hood, TraefikEE performs a service update to join the new network. Which trigger a rolling update of all the replicas.Please make sure that the service update configuration of the data plane is setup correctly.

Enabling Automatic Network Discovery

As this mechanism is currently in beta, this feature needs to be enabled at TraefikEE installation, using the --swarm.networkautodiscovery option of the traefikeectl command-line or the --swarmmode.networkautodiscovery of the traefikee command-line.

traefikeectl install \
  --swarm \
  --swarm.networkautodiscovery \
  --clustername="my cluster" \
  --licensekey=${TRAEFIKEE_LICENSE_KEY}
traefikee bootstrap \
  --swarmmode \
  --swarmmode.network=${TRAEFIKEE_SWARM_NETWORK} \
  --swarmmode.networkautodiscovery=true

Using the Automatic Network Discovery

To use the automatic network discovery system, deploy an app with the Traefik routing information labels. Please make sure to set the traefik.docker.network label with the name of the network you want your service joined by TraefikEE, remember that in the context of a docker stack, the network name is prefixed by the stack name if you don't specify it.

For instance, if we deploy the following stack using docker stack deploy -c app.yml mywebapp, and the content of the compose file like the following:

version: '3.4'
networks:
  mynetwork:
    driver: "overlay"
    name: "awesome_network"

services:
  whoami:
    image: containous/whoami:v1.0.1
    deploy:
      mode: replicated
      replicas: 2
      labels:
        - "traefik.port=80"
        - "traefik.enable=true"
        - "traefik.docker.network=awesome_network" # <- Note the network name.
        - "traefik.frontend.rule=Host:localhost;Path:/whoami"
    networks:
      - mynetwork

Then TraefikEE will join the network created by the stack awesome_network automatically.