Docker overlay network "traefik"이 external network로 정의되어 있고, traefik은 이 네트워크와 연결되어 있음.
따라서, Traefik을 사용하는 서비스의 네트워크는 항상 "traefik"을 포함하고 있어야 함.
some-service:
...
networks:
- traefik
- ...
Traefik은 Docker label을 읽어서 reverse proxy 설정을 업데이트함.
기본
Stack 이름 겹치지 않는지 확인
deploy
replicas - DB가 2개 이상의 replicas를 갖지 않도록 확인
placement.constraints - 적절하게 정의되었는지 (대부분 서비스는 node.role == worker 명시 필요)
resources.limits - 테스트 배포에서는 넉넉히, 운영 배포에서는 필요 수준으로만 (서비스 비용 청구 근거)
labels
..router, service, middleware 이름 겹치지 않는지 확인
..도메인이 겹치지 않는지
..(참고) 운영 배포 시에는 Stack Name을 도메인 네임으로 사용하도록 유도
예시
################################################################
# 볼륨을 사용하지 않는 서비스의 배포
################################################################
version: "3.8"
# SERVICES
services:
# your-service
your-service:
image: registry-url/image-name:image-tag
environments:
IF_YOU_NEED: your-environment
command: if command required --port=80
# note this!
deploy:
mode: replicated
replicas: 2
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 12
update_config:
parallelism: 1
order: start-first
delay: 30s
failure_action: rollback
placement:
constraints:
- node.role == worker
resources:
limits:
cpus: "0.5"
memory: 512M
labels:
- "traefik.enable=true"
- "traefik.network=traefik"
# http
- "traefik.http.routers.web-your-service.entrypoints=web"
- "traefik.http.routers.web-your-service.rule=Host(`your-service.example.com`)"
- "traefik.http.routers.web-your-service.middlewares=http-redirect"
# https
- "traefik.http.routers.websecure-your-service.entrypoints=websecure"
- "traefik.http.routers.websecure-your-service.tls=true"
- "traefik.http.routers.websecure-your-service.rule=Host(`your-service.example.com`)"
- "traefik.http.routers.websecure-your-service.service=your-service"
# service
- "traefik.http.services.your-service.loadbalancer.server.port=80"
logging:
driver: "json-file"
options:
max-size: "64M"
max-file: "4"
networks:
- traefik
# NETWORKS
networks:
traefik:
external: true
예시
################################################################
# 볼륨을 사용하는 서비스의 배포
################################################################
version: "3.8"
# SERVICES
services:
# your-service
your-service:
image: registry-url/image-name:image-tag
environments:
IF_YOU_NEED: your-environment
command: if command required --port=80
# note this!
deploy:
mode: replicated
replicas: 2
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 12
update_config:
parallelism: 1
order: start-first
delay: 30s
failure_action: rollback
placement:
constraints:
- node.role == worker
resources:
limits:
cpus: "0.5"
memory: 512M
labels:
- "traefik.enable=true"
- "traefik.network=traefik"
# http
- "traefik.http.routers.web-your-service.entrypoints=web"
- "traefik.http.routers.web-your-service.rule=Host(`your-service.example.com`)"
- "traefik.http.routers.web-your-service.middlewares=http-redirect"
# https
- "traefik.http.routers.websecure-your-service.entrypoints=websecure"
- "traefik.http.routers.websecure-your-service.tls=true"
- "traefik.http.routers.websecure-your-service.rule=Host(`your-service.example.com`)"
- "traefik.http.routers.websecure-your-service.service=your-service"
# service
- "traefik.http.services.your-service.loadbalancer.server.port=80"
logging:
driver: "json-file"
options:
max-size: "64M"
max-file: "4"
volumes:
# bind는 container가 가동하는 host의 disk를 사용 - placement에서 node를 특정하지 않은 경우 사용하지 말 것
- type: bind
source: /host/directory
target: /docker/dicrectory-1
- type: volume
source: your-external-volume-name
target: /docker/directory-2
- type: volume
source: nfs-name__dir1__dir2__dir3
target: /docker/dir1/dir2/dir3
networks:
- traefik
# VOLUMES
volumes:
# External
your-external-volume-name:
external: true
# New (NFS) - [규칙] <nfs 이름>__<directory>__<sub directory>__<...> ("/" 대신 "__" 사용)
nfs-name__dir1__dir2__dir3:
driver_opts:
type: "nfs"
o: "addr=your.nfs.example.com,rw,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport,nfsvers=4.1"
device: ":/dir1/dir2/dir3"
# NETWORKS
networks:
traefik:
external: true
예시
################################################################
# Frontend (볼륨 X)와 DB (볼륨 O)을 하나의 Stack에서 배포
# [NOTE]
# Frontend는 Traefik과 your-db-network에 모두 연결
# DB는 your-db-network에만 연결 ~ Reverse Proxy 사용하지 않아서
################################################################
# SERVICES
services:
# your-frontend
your-frontend:
image: registry-url/your-frontend-image:image-tag
environments:
IF_YOU_NEED: your-environment
command: if command required --port=80
# note this!
deploy:
mode: replicated
replicas: 2
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 12
update_config:
parallelism: 1
order: start-first
delay: 30s
failure_action: rollback
placement:
constraints:
- node.role == worker
resources:
limits:
cpus: "0.5"
memory: 512M
labels:
- "traefik.enable=true"
- "traefik.network=traefik"
# http
- "traefik.http.routers.web-your-frontend.entrypoints=web"
- "traefik.http.routers.web-your-frontend.rule=Host(`your-frontend.example.com`)"
- "traefik.http.routers.web-your-frontend.middlewares=http-redirect"
# https
- "traefik.http.routers.websecure-your-frontend.entrypoints=websecure"
- "traefik.http.routers.websecure-your-frontend.tls=true"
- "traefik.http.routers.websecure-your-frontend.rule=Host(`your-frontend.example.com`)"
- "traefik.http.routers.websecure-your-frontend.service=your-frontend"
# service
- "traefik.http.services.your-frontend.loadbalancer.server.port=80"
logging:
driver: "json-file"
options:
max-size: "64M"
max-file: "4"
networks:
- traefik
- your-db-network
# your-db
your-db:
image: registry-url/your-db-image:image-tag
environments:
IF_YOU_NEED: your-environment
command: if command required --port=80
# note this!
deploy:
mode: replicated
# DB는 replicas = 1이어야 함 (cluster 구성하려면 volume 대신 bind를 사용!)
replicas: 1
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 12
update_config:
parallelism: 1
# DB는
order: stop-first
delay: 30s
failure_action: rollback
placement:
constraints:
- node.role == worker
resources:
limits:
cpus: "0.5"
memory: 512M
logging:
driver: "json-file"
options:
max-size: "64M"
max-file: "4"
volumes:
- type: volume
source: volume-for-your-db__var__lib__your-db
target: /var/lib/your-db
networks:
- traefik
- your-db-network
# VOLUMES
volumes:
# External
volume-for-your-db__var__lib__your-db:
external: true
# NETWORKS
networks:
traefik:
external: true
your-db-network:
driver: overlay
yaml-anchor
go template