Really quick, the subject describes it - and I found the solution and was curious if there was any intent to make this more standardized, at least in documentation?
The Traefik instances will come up, but the sites that require in this case a CrowdSec Blocker Plugin for the Middleware assigned fail to come up. A redeploy will fix it, ever time, in short the host is coming up and resources fail to allow the host to reach all the way to Github or something/haven’t traced that out yet.
What appears to be the solution is to engage that Middleware, and let’s face it - it is security (WAF style feature for Traefik, huge win), on the Ping entrypoint. This is not an exhaustive example, and it only focuses on the specific features that enable middleware dependent deployment enhancement. Actually setting up the CrowdSec middleware requires a bit more than this gets into, further, if you needed a different middleware/plugin this should work for you too - just enable that Middleware on the Ping entrypoint.
In traefik.yml:
ping:
entryPoint: pingmk2
manualRouting: true
...
entryPoints:
pingmk2:
address: :8082
...
experimental:
plugins:
bouncer:
moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
version: v1.5.1
In middlewares.yml:
http:
middlewares:
crowdsec:
plugin:
bouncer:
enabled: true
In routers.yml:
http:
routers:
...
pingmk2:
service: ping@internal
rule: PathPrefix(`/ping`)
middlewares:
- crowdsec
entryPoints:
- pingmk2
In docker-compose.yml:
services:
traefik:
image: traefik:latest
...
restart: always
healthcheck:
test: ["CMD", "traefik", "healthcheck", "--ping"]
interval: 10s
timeout: 10s
start_period: 10s
retries: 10
Now the container is dependent on the middleware plugin to start, which if it fails to get on deploy will not re-attempt to enable/engage, so this causes a restart built in to resolve that issue.