Closed simiwe closed 6 years ago
I am unable to repro this issue. I deployed Traefik and got it to work using the guide linked in the issue (https://github.com/openfaas/faas/blob/master/guide/traefik_integration.md).
@simi-- I would recommend that you reduce this issue down to just the parts that describe the issue to us -- please cut the docker service logs -f func_traefik
output to just what we need. Also please reduce the size of the copy-pasted docker-compose.yml
file -- we don't need all the extra details.
@ericstoekl now I use the docker-compose.yml
version: "3.3"
services:
traefik:
image: traefik:v1.3
command: -c --docker=true
--docker.swarmmode=true
--docker.domain=traefik
--docker.watch=true
--web=true
--debug=true
--defaultEntryPoints=https,http
--acme=true
--acme.domains='local.traefik.com'
--acme.email=ssl@mulantech.com
--acme.ondemand=true
--acme.onhostrule=true
--acme.storage=/etc/traefik/acme/acme.json
--entryPoints=Name:https Address::443 TLS
--entryPoints=Name:http Address::80 Redirect.EntryPoint:https
ports:
- 80:80
- 8080:8080
- 443:443
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "acme:/etc/traefik/acme"
networks:
- functions
deploy:
labels:
- traefik.port=8080
- traefik.frontend.rule=PathPrefix:/ui,/system,/function
- traefik.frontend.auth.basic=user:$$apr1$$B0dhdzez$$x/CVSO5OykseXnSSARQMy0
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 20
window: 380s
placement:
constraints: [node.role == manager]
gateway:
# ports:
# - 8080:8080
image: functions/gateway:0.7.9
networks:
- functions
environment:
functions_provider_url: "http://faas-swarm:8080/"
read_timeout: "25s" # Maximum time to read HTTP request
write_timeout: "25s" # Maximum time to write HTTP response
upstream_timeout: "20s" # Maximum duration of upstream function call - should be more than read_timeout and write_timeout
dnsrr: "true" # Temporarily use dnsrr in place of VIP while issue persists on PWD
faas_nats_address: "nats"
faas_nats_port: 4222
direct_functions: "true" # Functions are invoked directly over the overlay network
direct_functions_suffix: ""
deploy:
labels:
- traefik.port=8080
- traefik.frontend.rule=PathPrefix:/ui,/system,/function
- traefik.frontend.auth.basic=user:$$apr1$$B0dhdzez$$x/CVSO5OykseXnSSARQMy0 #copy/paste the contents of password.txt here
resources:
# limits: # Enable if you want to limit memory usage
# memory: 200M
reservations:
memory: 100M
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 20
window: 380s
placement:
constraints:
- 'node.platform.os == linux'
# Docker Swarm provider
faas-swarm:
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
# ports:
# - 8081:8080
image: functions/faas-swarm:0.2.3
networks:
- functions
environment:
read_timeout: "25s" # set both here, and on your functions
write_timeout: "25s" # set both here, and on your functions
DOCKER_API_VERSION: "1.30"
deploy:
placement:
constraints:
- 'node.role == manager'
- 'node.platform.os == linux'
resources:
# limits: # Enable if you want to limit memory usage
# memory: 100M
reservations:
memory: 100M
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 20
window: 380s
nats:
image: nats-streaming:0.6.0
# Uncomment the following port mappings if you wish to expose the
# NATS client and/or management ports
# ports:
# - 4222:4222
# - 8222:8222
command: "--store memory --cluster_id faas-cluster"
networks:
- functions
deploy:
resources:
limits:
memory: 125M
reservations:
memory: 50M
placement:
constraints:
- 'node.platform.os == linux'
queue-worker:
image: functions/queue-worker:0.4.3
networks:
- functions
environment:
max_inflight: "1"
ack_timeout: "30s" # Max duration of any async task / request
deploy:
resources:
limits:
memory: 50M
reservations:
memory: 20M
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 20
window: 380s
placement:
constraints:
- 'node.platform.os == linux'
# End services
# Start monitoring
prometheus:
image: prom/prometheus:v2.2.0
environment:
no_proxy: "gateway"
configs:
- source: prometheus_config
target: /etc/prometheus/prometheus.yml
- source: prometheus_rules
target: /etc/prometheus/alert.rules.yml
command:
- '--config.file=/etc/prometheus/prometheus.yml'
# - '-storage.local.path=/prometheus'
ports:
- 9090:9090
networks:
- functions
deploy:
placement:
constraints:
- 'node.role == manager'
- 'node.platform.os == linux'
resources:
limits:
memory: 500M
reservations:
memory: 200M
alertmanager:
image: prom/alertmanager:v0.15.0-rc.0
environment:
no_proxy: "gateway"
command:
- '--config.file=/alertmanager.yml'
- '--storage.path=/alertmanager'
networks:
- functions
# Uncomment the following port mapping if you wish to expose the Prometheus
# Alertmanager UI.
# ports:
# - 9093:9093
deploy:
resources:
limits:
memory: 50M
reservations:
memory: 20M
placement:
constraints:
- 'node.role == manager'
- 'node.platform.os == linux'
configs:
- source: alertmanager_config
target: /alertmanager.yml
# Uses `cat` to echo back response, fastest function to execute.
echoit:
image: functions/alpine:latest
labels:
function: "true"
networks:
- functions
environment:
fprocess: "cat"
no_proxy: "gateway"
https_proxy: $https_proxy
deploy:
placement:
constraints:
- 'node.platform.os == linux'
configs:
prometheus_config:
file: ./prometheus/prometheus.yml
prometheus_rules:
file: ./prometheus/alert.rules.yml
alertmanager_config:
file: ./prometheus/alertmanager.yml
networks:
functions:
driver: overlay
attachable: true
labels:
- "openfaas=true"
volumes:
acme:
the Traefik can run but still Can't connect via https
$ curl -u user:password -X POST http://local.traefik.com/function/func_echoit -d "hello"
hello
$ curl -u user:password -X POST https://local.traefik.com/function/func_echoit -d "hello"
curl: (35) Server aborted the SSL handshake
@ericstoekl I use traefik:1.5
instead of traefit:1.3
, it work well, now visit http://local.traefik.com/ui/
it will auto redirect to https://local.traefik.com/ui/
docker-compose.yml
like this:
version: "3.4"
services:
traefik_init:
image: traefik:1.5
command:
- "storeconfig"
- "--api"
- "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
- "--entrypoints=Name:https Address::443 TLS"
- "--defaultentrypoints=http,https"
- "--acme"
- "--acme.storage=traefik/acme/account"
- "--acme.entryPoint=https"
- "--acme.httpChallenge.entryPoint=http"
- "--acme.OnHostRule=true"
- "--acme.onDemand=false"
- "--acme.email=coolman@gmail.com"
- "--docker"
- "--docker.swarmmode"
- "--docker.domain=local.traefit.com,faas.traefik.com"
- "--docker.watch"
- "--consul"
- "--consul.endpoint=consul:8500"
- "--consul.prefix=traefik"
networks:
- traefik
deploy:
restart_policy:
condition: on-failure
depends_on:
- consul
traefik:
image: traefik:1.5
depends_on:
- traefik_init
- consul
command:
- "--consul"
- "--consul.endpoint=consul:8500"
- "--consul.prefix=traefik"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- functions
- traefik
ports:
- 80:80
- 8080:8080
- 443:443
deploy:
labels:
- traefik.port=8080
- traefik.frontend.rule=PathPrefix:/ui,/system,/function
- traefik.frontend.auth.basic=user:$$apr1$$B0dhdzez$$x/CVSO5OykseXnSSARQMy0
mode: global
placement:
constraints:
- node.role == manager
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: on-failure
consul:
image: consul
command: agent -server -bootstrap-expect=1
environment:
- CONSUL_LOCAL_CONFIG={"datacenter":"us_east2","server":true}
- CONSUL_BIND_INTERFACE=eth0
- CONSUL_CLIENT_INTERFACE=eth0
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
restart_policy:
condition: on-failure
networks:
- traefik
gateway:
# ports:
# - 8080:8080
image: functions/gateway:0.7.9
networks:
- functions
environment:
functions_provider_url: "http://faas-swarm:8080/"
read_timeout: "25s" # Maximum time to read HTTP request
write_timeout: "25s" # Maximum time to write HTTP response
upstream_timeout: "20s" # Maximum duration of upstream function call - should be more than read_timeout and write_timeout
dnsrr: "true" # Temporarily use dnsrr in place of VIP while issue persists on PWD
faas_nats_address: "nats"
faas_nats_port: 4222
direct_functions: "true" # Functions are invoked directly over the overlay network
direct_functions_suffix: ""
deploy:
labels:
- traefik.port=8080
- traefik.frontend.rule=PathPrefix:/ui,/system,/function
- traefik.frontend.auth.basic=user:$$apr1$$B0dhdzez$$x/CVSO5OykseXnSSARQMy0 #copy/paste the contents of password.txt here
resources:
# limits: # Enable if you want to limit memory usage
# memory: 200M
reservations:
memory: 100M
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 20
window: 380s
placement:
constraints:
- 'node.platform.os == linux'
# Docker Swarm provider
faas-swarm:
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
# ports:
# - 8081:8080
image: functions/faas-swarm:0.2.3
networks:
- functions
environment:
read_timeout: "25s" # set both here, and on your functions
write_timeout: "25s" # set both here, and on your functions
DOCKER_API_VERSION: "1.30"
deploy:
placement:
constraints:
- 'node.role == manager'
- 'node.platform.os == linux'
resources:
# limits: # Enable if you want to limit memory usage
# memory: 100M
reservations:
memory: 100M
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 20
window: 380s
nats:
image: nats-streaming:0.6.0
# Uncomment the following port mappings if you wish to expose the
# NATS client and/or management ports
# ports:
# - 4222:4222
# - 8222:8222
command: "--store memory --cluster_id faas-cluster"
networks:
- functions
deploy:
resources:
limits:
memory: 125M
reservations:
memory: 50M
placement:
constraints:
- 'node.platform.os == linux'
queue-worker:
image: functions/queue-worker:0.4.3
networks:
- functions
environment:
max_inflight: "1"
ack_timeout: "30s" # Max duration of any async task / request
deploy:
resources:
limits:
memory: 50M
reservations:
memory: 20M
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 20
window: 380s
placement:
constraints:
- 'node.platform.os == linux'
# End services
# Start monitoring
prometheus:
image: prom/prometheus:v2.2.0
environment:
no_proxy: "gateway"
configs:
- source: prometheus_config
target: /etc/prometheus/prometheus.yml
- source: prometheus_rules
target: /etc/prometheus/alert.rules.yml
command:
- '--config.file=/etc/prometheus/prometheus.yml'
ports:
- 9090:9090
networks:
- functions
deploy:
placement:
constraints:
- 'node.role == manager'
- 'node.platform.os == linux'
resources:
limits:
memory: 500M
reservations:
memory: 200M
alertmanager:
image: prom/alertmanager:v0.15.0-rc.0
environment:
no_proxy: "gateway"
command:
- '--config.file=/alertmanager.yml'
- '--storage.path=/alertmanager'
networks:
- functions
# Uncomment the following port mapping if you wish to expose the Prometheus
# Alertmanager UI.
# ports:
# - 9093:9093
deploy:
resources:
limits:
memory: 50M
reservations:
memory: 20M
placement:
constraints:
- 'node.role == manager'
- 'node.platform.os == linux'
configs:
- source: alertmanager_config
target: /alertmanager.yml
# Uses `cat` to echo back response, fastest function to execute.
echoit:
image: functions/alpine:latest
labels:
function: "true"
networks:
- functions
environment:
fprocess: "cat"
no_proxy: "gateway"
https_proxy: $https_proxy
deploy:
placement:
constraints:
- 'node.platform.os == linux'
configs:
prometheus_config:
file: ./prometheus/prometheus.yml
prometheus_rules:
file: ./prometheus/alert.rules.yml
alertmanager_config:
file: ./prometheus/alertmanager.yml
networks:
functions:
driver: overlay
attachable: true
labels:
- "openfaas=true"
traefik:
driver: overlay
Derek close
Thanks for trying out the project Simi -- glad this issue is now resolved.
Thanks for this awesome project.
I was trying to follow Integrate Traefik with your OpenFaaS cluster to add SSL support using LetsEncrypt.
I faced the below issue after Configure Traefik with SSL Support and run
$ ./deploy_stack.sh
:Expected Behaviour
Current Behaviour
traefik container exited after run
$ ./deploy_stack.sh
Possible Solution
I edit the
docker-compose.yml
follow Traefik - Can't connect via https , and traefik service can run but still Can't connect via httpsSteps to Reproduce (for bugs)
$ git clone https://github.com/alexellis/faas $ cd faas $ ./deploy_stack.sh
version: "3.3" services: traefik: image: traefik:v1.3 command: -c --docker=true --docker.swarmmode=true --docker.domain=traefik --docker.watch=true --web=true --debug=true --defaultEntryPoints='http,https' --acme=true --acme.domains='local.traefit.com,faas.traefik.com' --acme.email=coolman@gmail.com --acme.ondemand=true --acme.onhostrule=true --acme.storage=/etc/traefik/acme/acme.json --entryPoints='Name:https Address::443 TLS' --entryPoints='Name:http Address::80' ports:
ports:
- 8080:8080
functions environment: functions_provider_url: "http://faas-swarm:8080/" read_timeout: "25s" # Maximum time to read HTTP request write_timeout: "25s" # Maximum time to write HTTP response upstream_timeout: "20s" # Maximum duration of upstream function call - should be more than read_timeout and write_timeout dnsrr: "true" # Temporarily use dnsrr in place of VIP while issue persists on PWD faas_nats_address: "nats" faas_nats_port: 4222 direct_functions: "true" # Functions are invoked directly over the overlay network direct_functions_suffix: "" deploy: labels:
limits: # Enable if you want to limit memory usage
Docker Swarm provider
faas-swarm: volumes:
ports:
functions environment: read_timeout: "25s" # set both here, and on your functions write_timeout: "25s" # set both here, and on your functions DOCKER_API_VERSION: "1.30" deploy: placement: constraints:
limits: # Enable if you want to limit memory usage
nats: image: nats-streaming:0.6.0
Uncomment the following port mappings if you wish to expose the
functions deploy: resources: limits: memory: 125M reservations: memory: 50M placement: constraints:
queue-worker: image: functions/queue-worker:0.4.3 networks:
functions environment: max_inflight: "1" ack_timeout: "30s" # Max duration of any async task / request deploy: resources: limits: memory: 50M reservations: memory: 20M restart_policy: condition: on-failure delay: 5s max_attempts: 20 window: 380s placement: constraints:
End services
Start monitoring
prometheus: image: prom/prometheus:v2.2.0 environment: no_proxy: "gateway" configs:
- '-storage.local.path=/prometheus'
ports:
functions deploy: placement: constraints:
alertmanager: image: prom/alertmanager:v0.15.0-rc.0 environment: no_proxy: "gateway" command:
Uncomment the following port mapping if you wish to expose the Prometheus
source: alertmanager_config target: /alertmanager.yml
Sample functions go here.
Pass a username as an argument to find how many images user has pushed to Docker Hub.
hubstats: image: functions/hubstats:latest labels: function: "true" networks:
functions environment: no_proxy: "gateway" https_proxy: $https_proxy deploy: placement: constraints:
Node.js gives OS info about the node (Host)
nodeinfo: image: functions/nodeinfo:latest labels: function: "true" networks:
functions environment: no_proxy: "gateway" https_proxy: $https_proxy deploy: placement: constraints:
Uses
cat
to echo back response, fastest function to execute.echoit: image: functions/alpine:latest labels: function: "true" networks:
functions environment: fprocess: "cat" no_proxy: "gateway" https_proxy: $https_proxy deploy: placement: constraints:
Counts words in request with
wc
utilitywordcount: image: functions/alpine:latest labels: function: "true" com.faas.max_replicas: "10" networks:
functions environment: fprocess: "wc" no_proxy: "gateway" https_proxy: $https_proxy deploy: placement: constraints:
Calculates base64 representation of request body.
base64: image: functions/alpine:latest labels: function: "true" networks:
functions environment: fprocess: "base64" no_proxy: "gateway" https_proxy: $https_proxy deploy: placement: constraints:
Converts body in (markdown format) -> (html)
markdown: image: functions/markdown-render:latest labels: function: "true" networks:
configs: prometheus_config: file: ./prometheus/prometheus.yml prometheus_rules: file: ./prometheus/alert.rules.yml alertmanager_config: file: ./prometheus/alertmanager.yml
networks: functions: driver: overlay attachable: true labels:
volumes: acme:
$ ./deploy_stack.sh
Client: Version: 18.03.0-ce API version: 1.37 Go version: go1.9.4 Git commit: 0520e24 Built: Wed Mar 21 23:06:22 2018 OS/Arch: darwin/amd64 Experimental: false Orchestrator: swarm
Server: Engine: Version: 18.03.0-ce API version: 1.37 (minimum version 1.12) Go version: go1.9.4 Git commit: 0520e24 Built: Wed Mar 21 23:14:32 2018 OS/Arch: linux/amd64 Experimental: true