Question about Traefik and Docker swarm local containers

Before I start configuring docker swarm I wanted to make sure I’m doing the right thing. So, containers in docker swarm can be deployed locally or to the swarm. If Traefik is configured for docker swarm will is “see” the local containers (containers not deployed to the swarm)?

Containers can be deployed independently or in docker swarm.

No

Once again thank you so much for your help. Not what I wanted to hear but it saved me a ton of time :grinning:

If the swarm mode cannot be a separate provider, so it could co-exist with a regular docker mode then maybe there could be a workaround with a distributed deployment? Have one traefik instance run in docker provider mode to pick up container labels. Have another one in swarm mode for service labels. And then build a dynamic routing config for the actual reverse proxy instance.
a) directly by expose config via internal debug API or
b) middleware - API to generate a dynamic routing config json from the different treaefik instances

Maybe this fails into the Enterprise product category though, but the API middleware should be a couple hours of work if someone might find it useful.

Thanks odt. This is way over my head but the distributed deployment seems interesting. Will have to read about it a little more.
Basically I have two hosts. Each of them is running docker. I wanted to have few services accessible from outside but some of them are on host A and some on Host B. You can call it manual load balancing :smiley:
I thought about swarm but looks like docker swarm is going away in a year or two so deploying it probably doesn’t make sense right now. Kubernetes looks like a decent solution too but it will take some time to figure it out.
Seems there is no easy and quick solution that would fit my case.

You're welcome. I think in the end it's about doing what makes the most sense vs. effort. As we already have attached labels to our containers for traefik I don't think it is very efficient to go for another KV store or Kubernetes altogether for solving this fairly common use-case of having several independent nodes behind the same reverse proxy.

I have a compose which is mostly self contained with only one container publishing ports. I was able to include this in my swarm + traefik in this manner:

  1. In the swarm stack create an overlay network that is attachable.
  2. Do the usual things in this stack.
  3. Connect the standalone container to the network.
  4. Update traefik to use a file-provider to access the standalone container.

Here is a representative configuration:

stack.yaml
version: "3.8"

networks:
  traefik:
    attachable: true
    name: traefik

configs:
  dynamic-file.yaml:
    file: ./dynamic-file.yaml

services:
  traefik-r:
    image: "traefik:v2.3"
    command:
    - --entrypoints.web.address=:80
    - --entrypoints.web.http.redirections.entryPoint.to=websecure
    - --entrypoints.web.http.redirections.entryPoint.scheme=https
    - --entrypoints.web.http.redirections.entrypoint.permanent=true
    - --entrypoints.websecure.address=:443
    - --entrypoints.websecure.http.tls=true
    - --providers.file=true
    - --providers.file.filename=/dynamic-file.yaml
    - --providers.docker=true
    - --providers.docker.swarmMode=true
    - --providers.docker.exposedbydefault=false
    - --api
    - --accesslog=true
    - --accesslog.format=json
    configs:
      - dynamic-file.yaml
    deploy:
      placement:
        constraints:
        - node.id == s4oymnon9yc06ldxvzo2lzxgi
      labels:
        traefik.enable: "true"
        traefik.http.routers.api.rule: Host(`traefik.example.com`) 
        traefik.http.routers.api.service: api@internal
        traefik.http.routers.api.middlewares: dashboard-auth
        traefik.http.services.dummy.loadBalancer.server.port: 65535
        traefik.http.middlewares.dashboard-auth.basicauth.users: test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/
    networks:
      - traefik
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  whoami:
    image: containous/whoami
    command: --name swarm
    deploy:
      replicas: 2
      labels:
        traefik.enable: "true"
        traefik.http.routers.whoami.rule: PathPrefix(`/`)
        traefik.http.services.whoami.loadBalancer.server.port: 80
    networks:
      - traefik
dynamic-file.yaml
http:
  routers:
    some-name:
      rule: Host(`standalone.example.com`)
      service: some-name
  services:
    some-name:
      loadBalancer:
        servers:
          - url: http://standalone
docker-compose-yaml
version: "3.8"

networks:
  traefik:
    external: true

services:
  standalone:
    image: containous/whoami
    command: --name standalone
    networks:
      - traefik
start
08:33 $ docker stack deploy --compose-file stack.yaml mytraefikstack
Creating network traefik
Creating config mytraefikstack_dynamic-file.yaml
Creating service mytraefikstack_traefik-r
Creating service mytraefikstack_whoami

08:33 $ docker-compose up -d 
WARNING: The Docker Engine you're using is running in swarm mode.

Compose does not use swarm mode to deploy services to multiple nodes in a swarm. All containers will be scheduled on the current node.

To deploy your application across the swarm, use `docker stack deploy`.

Creating swarmtraefik_standalone_1 ... done
test swarm whoami
curl -k https://localhost
Name: swarm
Hostname: 3fa79f4758ab
IP: 127.0.0.1
IP: 10.0.4.7
IP: 172.19.0.4
RemoteAddr: 10.0.4.3:34808
GET / HTTP/1.1
Host: localhost
User-Agent: curl/7.68.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 10.0.0.2
X-Forwarded-Host: localhost
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: f1926a7d8160
X-Real-Ip: 10.0.0.2

09:10 $ curl -k https://localhost
Name: swarm
Hostname: 24781fcb0866
IP: 127.0.0.1
IP: 10.0.4.6
IP: 172.19.0.5
RemoteAddr: 10.0.4.3:33332
GET / HTTP/1.1
Host: localhost
User-Agent: curl/7.68.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 10.0.0.2
X-Forwarded-Host: localhost
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: f1926a7d8160
X-Real-Ip: 10.0.0.2
test standalone
09:10 $ curl -k https://standalone.example.com --resolve standalone.example.com:443:127.0.0.1
Name: standalone
Hostname: 6e539b86e69d
IP: 127.0.0.1
IP: 10.0.4.8
IP: 172.19.0.6
RemoteAddr: 10.0.4.3:39500
GET / HTTP/1.1
Host: standalone.example.com
User-Agent: curl/7.68.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 10.0.0.2
X-Forwarded-Host: standalone.example.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: f1926a7d8160
X-Real-Ip: 10.0.0.2

Not sure where you are seeing this. Mirantis in 2020 have committed to continue developing swarm.

I just started reading up on the distributed deployment and if I understand it correctly it will do exactly what I need. Just to verify my take on the idea. I install Traefik on Host A and Host B than create the KV store, configure it and that’s it? Since I’m still new to Traefik I will have to find some sample configs to wrap my head around it but it really seems like a perfect solution.

I watched this video (Is Docker Swarm Dead 💀 - 2020 - YouTube). Looked legit so I didn't investigate further.

Awesome, thank you so much for sharing this. Sample configs is what I understand :smiley: Let me see if I can figure this out.

You're welcome. I'll answer any question if you have them.

Swarm will continue.
No worries
link to the official source