Traefik 使用 KV 存储的路由配置

Traefik 与 KV 存储

配置示例

配置 KV Store 并部署/暴露一个 Service

启用 KV store provider（示例：Consul）

YAML

yaml

providers:
  consul:
    endpoints:
      - "127.0.0.1:8500"

TOML

toml

[providers.consul]
  endpoints = ["127.0.0.1:8500"]

CLI

bash

--providers.consul.endpoints=127.0.0.1:8500

在 KV 存储中设置键（示例：Consul）

bash

consul kv put traefik/http/routers/my-router/rule "Host(`example.com`)"
consul kv put traefik/http/routers/my-router/service "my-service"
consul kv put traefik/http/services/my-service/loadbalancer/servers/0/url "http://127.0.0.1:8080"

为 Service 指定自定义端口

将 http://example.com 的请求转发到 http://127.0.0.1:12345：

bash

consul kv put traefik/http/routers/my-router/rule "Host(`example.com`)"
consul kv put traefik/http/routers/my-router/service "my-service"
consul kv put traefik/http/services/my-service/loadbalancer/servers/0/url "http://127.0.0.1:12345"

指定多个 router 和 service

将请求转发到多个 service 需要定义多个 routers 和 services。

bash

consul kv put traefik/http/routers/www-router/rule "Host(`example-a.com`)"
consul kv put traefik/http/routers/www-router/service "www-service"
consul kv put traefik/http/services/www-service/loadbalancer/servers/0/url "http://127.0.0.1:8000"

consul kv put traefik/http/routers/admin-router/rule "Host(`example-b.com`)"
consul kv put traefik/http/routers/admin-router/service "admin-service"
consul kv put traefik/http/services/admin-service/loadbalancer/servers/0/url "http://127.0.0.1:9000"

配置选项

Keys
键不区分大小写。

HTTP

Routers

字符 @ 在路由器名称 <router_name> 中不允许。

Key (Path)	描述	值
`traefik/http/routers/<router_name>/rule`	路由规则。	`Host(`example.com`)`
`traefik/http/routers/<router_name>/ruleSyntax`	规则语法（已弃用）。	`v3`
`traefik/http/routers/<router_name>/entrypoints/0`	entry points。	`web`
`traefik/http/routers/<router_name>/entrypoints/1`	entry points。	`websecure`
`traefik/http/routers/<router_name>/middlewares/0`	中间件。	`auth`
`traefik/http/routers/<router_name>/middlewares/1`	中间件。	`prefix`
`traefik/http/routers/<router_name>/service`	service 名称。	`myservice`
`traefik/http/routers/<router_name>/tls`	启用 TLS。	`true`
`traefik/http/routers/<router_name>/tls/certresolver`	证书解析器。	`myresolver`
`traefik/http/routers/<router_name>/tls/domains/0/main`	TLS 主域名。	`example.org`
`traefik/http/routers/<router_name>/tls/domains/0/sans/0`	TLS SANs。	`test.example.org`
`traefik/http/routers/<router_name>/tls/domains/0/sans/1`	TLS SANs。	`dev.example.org`
`traefik/http/routers/<router_name>/tls/options`	TLS 选项。	`foobar`
`traefik/http/routers/<router_name>/observability/accesslogs`	启用访问日志。	`true`
`traefik/http/routers/<router_name>/observability/metrics`	启用指标。	`true`
`traefik/http/routers/<router_name>/observability/tracing`	启用链路追踪。	`true`
`traefik/http/routers/<router_name>/priority`	优先级。	`42`

Services

字符 @ 在 service 名称 <service_name> 中不允许。

Key (Path)	描述	值
`traefik/http/services/myservice/loadbalancer/servers/0/url`	服务器 URL。	`http://<ip-server-1>:<port-server-1>/`
`traefik/http/services/myservice/loadbalancer/servers/0/preservePath`	保留路径。	`true`
`traefik/http/services/myservice/loadbalancer/servers/0/weight`	服务器权重。	`1`
`traefik/http/services/myservice/loadbalancer/serverstransport`	引用 ServersTransport 资源。	`foobar@file`
`traefik/http/services/myservice/loadbalancer/passhostheader`	转发 Host 头。	`true`
`traefik/http/services/myservice/loadbalancer/healthcheck/...`	健康检查选项（headers、hostname、interval、path、method、status、port、scheme、timeout、followredirects）。
`traefik/http/services/myservice/loadbalancer/sticky/...`	粘性会话选项。
`traefik/http/services/myservice/loadbalancer/responseforwarding/flushinterval`	响应刷新间隔。	`10`
`traefik/http/services/<service_name>/mirroring/...`	镜像选项。
`traefik/http/services/<service_name>/weighted/...`	WRR 选项。
`traefik/http/services/<service_name>/failover/...`	故障转移选项。

Middleware

traefik/http/middlewares/mymiddleware/middleware_type/middleware_option - 中间件类型（如 forwardAuth、headers 等）和要设置的中间件选项（例如对于 addPrefix 中间件：prefix）。

字符 @ 在中间件名称中不允许。

声明冲突
如果你使用相同的名称但不同的参数声明多个中间件，则中间件声明失败。

ServerTransport

traefik/http/serversTransports/<serversTransportName>/st_option - ServersTransport 选项（如 maxIdleConnsPerHost）。

TCP

你可以使用 KV 声明 TCP Routers 和/或 Services。

Routers

Key (Path)	描述	值
`traefik/tcp/routers/mytcprouter/entrypoints/0`	entry points。	`ep1`
`traefik/tcp/routers/mytcprouter/entrypoints/1`	entry points。	`ep2`
`traefik/tcp/routers/my-router/rule`	规则。	`HostSNI(`example.com`)`
`traefik/tcp/routers/mytcprouter/service`	service 名称。	`myservice`
`traefik/tcp/routers/mytcprouter/tls`	启用 TLS。	`true`
`traefik/tcp/routers/mytcprouter/tls/certresolver`	证书解析器。	`myresolver`
`traefik/tcp/routers/mytcprouter/tls/domains/0/main`	TLS 主域名。	`example.org`
`traefik/tcp/routers/mytcprouter/tls/domains/0/sans/0`	TLS SANs。	`test.example.org`
`traefik/tcp/routers/mytcprouter/tls/options`	TLS 选项。	`foobar`
`traefik/tcp/routers/mytcprouter/tls/passthrough`	透传 TLS。	`true`
`traefik/tcp/routers/mytcprouter/priority`	优先级。	`42`

Services

Key (Path)	描述	值
`traefik/tcp/services/mytcpservice/loadbalancer/servers/0/address`	服务器地址。	`xx.xx.xx.xx:xx`
`traefik/tcp/services/mytcpservice/loadbalancer/servers/0/tls`	与后端通信时使用 TLS。	`true`
`traefik/tcp/services/myservice/loadbalancer/serverstransport`	引用 ServersTransport 资源。	`foobar@file`
`traefik/tcp/services/<service_name>/weighted/services/0/name`	WRR service 名称。	`foobar`
`traefik/tcp/services/<service_name>/weighted/services/0/weight`	WRR 权重。	`42`

Middleware

例如，要声明名为 test-inflightconn 的 InFlightConn 中间件，你可以写 traefik/tcp/middlewares/test-inflightconn/inflightconn/amount=10。

ServerTransport

traefik/tcp/serversTransports/<serversTransportName>/st_option - TCP ServersTransport 选项。

UDP

你可以使用 KV 声明 UDP Routers 和/或 Services。

Routers

Key (Path)	描述	值
`traefik/udp/routers/myudprouter/entrypoints/0`	entry points。	`foobar`
`traefik/udp/routers/myudprouter/service`	service 名称。	`foobar`

Services

Key (Path)	描述	值
`traefik/udp/services/loadBalancer/servers/<n>/address`	服务器地址。	`foobar`
`traefik/udp/services/weighted/services/0/name`	WRR service 名称。	`foobar`
`traefik/udp/services/weighted/servers/0/weight`	WRR 权重。	`42`

TLS

TLS Options

使用 KV provider，你可以使用 tls/options 键配置 TLS 连接的一些参数。

例如，你可以这样定义基本设置：

Key (Path)	描述	值
`traefik/tls/options/Options0/alpnProtocols/0`	ALPN 协议。	`foobar`
`traefik/tls/options/Options0/cipherSuites/0`	密码套件。	`foobar`
`traefik/tls/options/Options0/clientAuth/caFiles/0`	客户端 CA 证书。	`foobar`
`traefik/tls/options/Options0/disableSessiontickets`	禁用 session tickets。	`true`

TLS 默认生成证书

你可以配置 Traefik 使用 ACME provider（如 Let's Encrypt）生成默认证书。

解析默认证书的配置应在 TLS store 中定义。

Key (Path)	描述	值
`traefik/tls/stores/Store0/defaultGeneratedCert/domain/main`	默认证书主域名。	`foobar`
`traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/0`	默认证书 SANs。	`foobar`
`traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/1`	默认证书 SANs。	`foobar`
`traefik/tls/stores/Store0/defaultGeneratedCert/resolver`	ACME 解析器名称。	`foobar`

在生产环境使用 Traefik OSS？
如果你在工作中使用 Traefik，可以考虑为其添加企业级 API 网关能力或获取 Traefik OSS 的商业支持。
观看 API 网关演示视频
申请 24/7/365 OSS 支持

Traefik 使用 KV 存储的路由配置 ​

Traefik 与 KV 存储 ​

配置示例 ​

配置选项 ​

HTTP ​

Routers ​

Services ​

Middleware ​

ServerTransport ​

TCP ​

Routers ​

Services ​

Middleware ​

ServerTransport ​

UDP ​

Routers ​

Services ​

TLS ​

TLS Options ​

TLS 默认生成证书 ​

Traefik 使用 KV 存储的路由配置

Traefik 与 KV 存储

配置示例

配置选项

HTTP

Routers

Services

Middleware

ServerTransport

TCP

Routers

Services

Middleware

ServerTransport

UDP

Routers

Services

TLS

TLS Options

TLS 默认生成证书