Traefik + Consul not generaitng SSL certificates in replicated mode, using TRAEFIK DEFAULT CERT
Asked Answered
T

0

2

I have a setup of 1 master and 2 worker nodes running docker swarm. I deployed Traefik + Consul using the setup below:

version: '3.3'
services:
  consul-leader:
    image: consul:latest
    command:
     - agent
     - -server
     - -client=0.0.0.0
     - -bootstrap
     - -ui
    environment:
      CONSUL_BIND_INTERFACE: eth0
      CONSUL_LOCAL_CONFIG: '{"leave_on_terminate": true}'
    volumes:
     - consul-data-leader:/consul/data
    networks:
     - default
     - traefik-public
    logging:
      driver: json-file
    deploy:
      labels:
        traefik.tags: traefik-public
        traefik.redirectorservice.frontend.redirect.entryPoint: https
        traefik.webservice.frontend.entryPoints: https
        traefik.redirectorservice.frontend.entryPoints: http
        traefik.docker.network: traefik-public
        traefik.enable: 'true'
        traefik.frontend.auth.basic.users: admin:$apr1$lKAo73kT$xlahD.KLANH8ZbMaDXDsC.
        traefik.port: '8500'
        traefik.frontend.rule: Host:consul.live.mydomain.app
  consul-replica:
    image: consul:latest
    command:
     - agent
     - -server
     - -client=0.0.0.0
     - -retry-join=consul-leader
    environment:
      CONSUL_BIND_INTERFACE: eth0
      CONSUL_LOCAL_CONFIG: '{"leave_on_terminate": true}'
    volumes:
     - consul-data-replica:/consul/data
    networks:
     - default
     - traefik-public
    logging:
      driver: json-file
    deploy:
      replicas: 3
  traefik:
    image: traefik:v1.7
    command:
     - --docker
     - --docker.swarmmode
     - --docker.watch
     - --docker.exposedbydefault=false
     - --constraints=tag==traefik-public
     - --entrypoints=Name:http Address::80
     - --entrypoints=Name:https Address::443 TLS
     - --consul
     - --consul.endpoint=consul-leader:8500
     - --acme
     - [email protected]
     - --acme.storage=traefik/acme/account
     - --acme.entryPoint=https
     - --acme.httpChallenge.entryPoint=http
     - --acme.onhostrule=true
     - --acme.acmelogging=true
     - --logLevel=INFO
     - --accessLog
     - --api
    ports:
     - 80:80
     - 443:443
    volumes:
     - /var/run/docker.sock:/var/run/docker.sock
    networks:
     - default
     - traefik-public
    logging:
      driver: json-file
    deploy:
      replicas: 3
      labels:
        traefik.tags: traefik-public
        traefik.redirectorservice.frontend.redirect.entryPoint: https
        traefik.webservice.frontend.entryPoints: https
        traefik.redirectorservice.frontend.entryPoints: http
        traefik.docker.network: traefik-public
        traefik.enable: 'true'
        traefik.frontend.auth.basic.users: admin:$apr1$lKAo73kT$xlahD.KLANH8ZbMaDXDsC.
        traefik.port: '8080'
        traefik.frontend.rule: Host:traefik.live.mydomain.app
      placement:
        constraints:
         - node.role == manager
networks:
  default:
    driver: overlay
  traefik-public:
    external: true
volumes:
  consul-data-replica:
    driver: local

When I deploy a service or stack in GLOBAL mode, everything seems to work fine. However, when I try to deploy stack using replicated mode, SSL certificate is not generated and Traefik is using TRAEFIK DEFAULT CERT instead. Can anyone tell me what I'm doing wrong ?

Teofilateosinte answered 28/3, 2020 at 16:37 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.