Provider for Traefik to use Apache Mesos



Traefik is a reverse proxy and load balancer for HTTP, TCP, and UDP in microservice environments. While Traefik 2.x does not officially support Apache Mesos, I have developed a custom Mesos provider that allows you to integrate Traefik into Mesos environments seamlessly.

How to use the Docker image?

Using my Traefik Docker image is relatively simple. The only difference to the original is that the directory in which the traefik.toml file is located is passed as a volume. This has the advantage that (if ACME SSL providers are used) ACME state files are also stored persistently.

docker run -p 80:80 -p 443:433 -p 9000:9000 -v <config_toml_directory>:/data:rw avhost/traefik_mesos:<version>

How to add Mesos to the Traefik configuration?

To use Apache Mesos as a provider, the following configuration must be adapted and adopted.

[providers.mesos]
endpoint = "<your_mesos_master>"
principal = "<mesos_usernname>"
secret = "<mesos_password>"
SSL = false

How are Traefik routes and services used in Mesos?

In order for Traefik to know the services to which corresponding routes are to be generated, these must be added in the form of labels to the respective Mesos tasks (or Marathon Apps). to the respective Mesos Tasks (or Marathon Apps).

As example:

    "traefik.enable": "true",
    "traefik.http.routers.homepage-ssl.tls": "true",
    "traefik.http.routers.homepage.entrypoints": "web",

    "traefik.http.middlewares.homepage.redirectscheme.scheme": "https",

    # The service object with the name "homepage-web" and "homepage-web-ssl" will be generated from the name of the Mesos Task (or Marathon) PortMapping object.
    "traefik.http.routers.homepage-ssl.service": "homepage-web",
    "traefik.http.routers.homepage.service": "homepage-web",

    "traefik.http.routers.homepage.rule": "Host(`your.example.com`)",
    "traefik.http.routers.homepage-ssl.rule": "Host(`your.example.com`)",
    "traefik.http.routers.homepage-ssl.tls.certresolver": "sslcert",
    "traefik.http.routers.homepage-ssl.entrypoints": "websecure",

    "traefik.http.services.homepage.loadBalancer.healthCheck.path": "/index.html"
    "traefik.http.services.homepage.loadBalancer.healthCheck.interval": "10s"
    "traefik.http.services.homepage.loadBalancer.healthCheck.timeout": "3s"    

After that, the services and routers will be visible in the Traefik environment accordingly.

The new “Healthcheck” feature is also supported.