When I deploy jenkins on the docker swarm, jenkins is not registered on traefik 2.2
Traefik 2.2 was installed as follows:
[root@master-node01 ~]# cat traefik.yml
version: '3.3'
services:
traefik:
# Use the latest Traefik image
image: traefik:v2.2
ports:
# Listen on port 80, default for HTTP, necessary to redirect to HTTPS
- 80:80
# Listen on port 443, default for HTTPS
- 443:443
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: on-failure
placement:
constraints:
# Make the traefik service run only on the node with this label
# as the node with it has the volume for the certificates
- node.labels.traefik-public.traefik-public-certificates == true
labels:
# Enable Traefik for this service, to make it available in the public network
- traefik.enable=true
# Use the traefik-public network (declared below)
- traefik.docker.network=traefik-public
# Use the custom label "traefik.constraint-label=traefik-public"
# This public Traefik will only use services with this label
# That way you can add other internal Traefik instances per stack if needed
- traefik.constraint-label=traefik-public
# admin-auth middleware with HTTP Basic auth
# Using the environment variables USERNAME and HASHED_PASSWORD
- traefik.http.middlewares.admin-auth.basicauth.users={USERNAME?Variable not set}:{HASHED_PASSWORD?Variable not set}
# https-redirect middleware to redirect HTTP to HTTPS
# It can be re-used by other stacks in other Docker Compose files
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
# traefik-http set up only to use the middleware to redirect to https
# Uses the environment variable DOMAIN
- traefik.http.routers.traefik-public-http.rule=Host(traefik.${DOMAIN?Variable not set}
)
- traefik.http.routers.traefik-public-http.entrypoints=http
- traefik.http.routers.traefik-public-http.middlewares=https-redirect
# traefik-https the actual router using HTTPS
# Uses the environment variable DOMAIN
- traefik.http.routers.traefik-public-https.rule=Host(traefik.${DOMAIN?Variable not set}
)
- traefik.http.routers.traefik-public-https.entrypoints=https
- traefik.http.routers.traefik-public-https.tls=true
# Use the special Traefik service api@internal with the web UI/Dashboard
- traefik.http.routers.traefik-public-https.service=api@internal
# Use the "le" (Let's Encrypt) resolver created below
- traefik.http.routers.traefik-public-https.tls.certresolver=le
# Enable HTTP Basic auth, using the middleware created above
- traefik.http.routers.traefik-public-https.middlewares=admin-auth
# Define the port inside of the Docker service to use
- traefik.http.services.traefik-public.loadbalancer.server.port=8080
volumes:
# Add Docker as a mounted volume, so that Traefik can read the labels of other services
- /var/run/docker.sock:/var/run/docker.sock:ro
# Mount the volume to store the certificates
- traefik-public-certificates:/certificates
command:
# Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker
# Add a constraint to only use services with the label "traefik.constraint-label=traefik-public"
- --providers.docker.constraints=Label(traefik.constraint-label
, traefik-public
)
# Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false
# Enable Docker Swarm mode
- --providers.docker.swarmmode
# Create an entrypoint "http" listening on address 80
- --entrypoints.http.address=:80
# Create an entrypoint "https" listening on address 80
- --entrypoints.https.address=:443
# Create the certificate resolver "le" for Let's Encrypt, uses the environment variable EMAIL
- --certificatesresolvers.le.acme.email=${EMAIL?Variable not set}
# Store the Let's Encrypt certificates in the mounted volume
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
# Use the TLS Challenge for Let's Encrypt
- --certificatesresolvers.le.acme.tlschallenge=true
# Enable the access log, with HTTP requests
- --accesslog
# Enable the Traefik log, for configurations and errors
- --log
# Enable the Dashboard and API
- --api
networks:
# Use the public network created to be shared between Traefik and
# any other service that needs to be publicly available with HTTPS
- traefik-public
volumes:
Create a volume to store the certificates, there is a constraint to make sure
Traefik is always deployed to the same Docker node with the same volume containing
the HTTPS certificates
traefik-public-certificates:
networks:
Use the previously created public network "traefik-public", shared with other
services that need to be publicly available via this Traefik
traefik-public:
external: true
Jenkins I'm using the following form:
export DOMAIN=tce.mt.gov.br
[root@master-node01 ~]# cat jenkins.yml
version: "3.7"
services:
jenkins:
image: jenkins/jenkins
ports:
- 50000:50000
volumes:
# Ensure Jenkins content persist between restarts.
- /opt/jenkins:/var/jenkins_home # << The Folder need "chown - R 1000:1000 /opt/jenkins/" permission
# remove the '#' if you want to run blueocean docker agents (advanced only)
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik-public
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
- traefik.docker.network=traefik-public
- traefik.constraint-label=traefik-public
- traefik.http.routers.jenkins-http.rule=Host(jenk.${DOMAIN?Variable not set}
)
- traefik.http.routers.jenkins-http.entrypoints=http
- traefik.http.routers.jenkins-http.middlewares=https-redirect
- traefik.http.routers.jenkins-https.rule=Host(jenk.${DOMAIN?Variable not set}
)
- traefik.http.routers.jenkins-https.entrypoints=https
- traefik.http.routers.jenkins-https.tls=true
- traefik.http.routers.jenkins-https.tls.certresolver=le
- traefik.http.services.jenkins.loadbalancer.server.port=8080
networks:
traefik-public:
external: true
Where can the error be, as it starts in the docker service normally without error::
[root@master-node01 ~]# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
ybrw4025tggi jenkins_jenkins replicated 1/1 jenkins/jenkins:latest *:50000->50000/tcp
lrtko3wzufu4 swarmpit_agent global 5/5 swarmpit/agent:latest
vqjromv2ub6y swarmpit_app replicated 1/1 swarmpit/swarmpit:latest *:888->8080/tcp
hgzl9qriq2kr swarmpit_db replicated 1/1 couchdb:2.3.0
npv7tbcn40kw swarmpit_influxdb replicated 1/1 influxdb:1.7
o2zhk4s50e79 swarmprom_alertmanager replicated 1/1 stefanprodan/swarmprom-alertmanager:v0.14.0
q2qptommu6ym swarmprom_cadvisor global 5/5 google/cadvisor:latest
gzl99q6osxmo swarmprom_dockerd-exporter global 5/5 stefanprodan/caddy:latest
4bl8zkdjyt59 swarmprom_grafana replicated 1/1 stefanprodan/swarmprom-grafana:5.3.4
t5uomka23nmi swarmprom_node-exporter global 5/5 stefanprodan/swarmprom-node-exporter:v0.16.0
u7nuyr54xutb swarmprom_prometheus replicated 1/1 stefanprodan/swarmprom-prometheus:v2.5.0
dkxq9xbwn6xm swarmprom_unsee replicated 1/1 cloudflare/unsee:v0.8.0
rysip4i2yh3o traefik_traefik replicated 1/1 traefik:v2.2 *:80->80/tcp, *:443->443/tcp