search

jittering / traefik-kop

A dynamic docker->redis->traefik discovery agent
MIT License
179 stars 13 forks source link

Provide IP for each docker via label #17

Closed Svenum closed 1 year ago

Svenum commented 1 year ago

It would be nice to add for each docker a own "bind_ip". Maybe via label. So that you can multiple IPs. example:

labels:
    kop.bind.ip: 10.10.10.16
    ...

If you don't have this feature you need a second reverse-proxy, or not?

dorianim commented 1 year ago

Why would you need that? This tool is meant to manage containers on one machine, so they should all have the same ip ...

Svenum commented 1 year ago

I want to use different ips for each docker, that I don't have to look after witch port is available and witch not.

dorianim commented 1 year ago

This is not how it works ... All the ports have to be available on the host machine so they can be accessed by Traefik

Svenum commented 1 year ago

But i want for security reasons, that some container get their own ip (for example: Firewall-Rules). I know, that this is not the typical way to use Docker. But I believe that more people then I need this. Maybe that you can set an default with the BIND_IP ENV, but that you can override the default with an Label.

chetan commented 1 year ago

@Svenum I think I understand what you're asking for but how are you assigning the IPs to the containers? Are you not using some CNI plugin which assigns routable IPs? As long as docker is doing the assigning, the correct IP should be picked up.

You can confirm what traefik-kop sees by checking the output of docker inspect <container id>. The logs of the latest version of traefik-kop should also show you what host:ip combination are being published.

chetan commented 1 year ago

@Svenum there's another provider config option called useBindPortIP that I was previously unaware of. Would exposing this option solve your problem?

Svenum commented 1 year ago

@chetan yes, that is what i am looking for, will try it and tell the result.

Svenum commented 1 year ago

That is not working because traefik-kop is everytime sending the "BIND_IP" IP to traefik. I want somthing like this:

                        +---------------------+                      +---------------------+
                        |                     |                      |                     |
+---------+     :443    |  +---------+        |   XXX.XXX.0.10:8088  |  +------------+     |
|   WAN   |--------------->| traefik |<---------+---------------------->| svc-nginx  |     |
+---------+             |  +---------+        | |                    |  +------------+     |
                        |       |             | |                    |                     |
                        |  +---------+        | | XXX.XXX.0.13:443   |  +-------------+    |
                        |  |  redis  |        | +---------------------->| svc-apache  |    |
                        |  +---------+        |                      |  +-------------+    |
                        |       ^     docker1 |                      |             docker2 |
                        +-------|-------------+                      |  +-------------+    |
                                +-------------------------------------->| traefik-kop |    |
                                                                     |  +-------------+    |
                                                                     +---------------------+