TechQA.

google cAdvisor with Traefik

1.4k views Asked by At

I tried to deploy google cAdvisor with traefik reverse proxy

Working nginx configuration

With nginx docker-compose:

  cadvisor:
container_name: cadvisor
build:
  context: .
  dockerfile: projects/cadvisor/Dockerfile
command:
  - '-port=80'
  - '-url_base_prefix=/admin/cadvisor'
volumes:
  - "/:/rootfs:ro"
  - "/var/run:/var/run:ro"
  - "/sys:/sys:ro"
  - "/var/lib/docker:/var/lib/docker:ro"
  - "/dev/disk:/dev/disk:ro"
expose:
  - 80

Nginx configuration :

location  ~* /admin/cadvisor/.*$ {
    proxy_pass http://cadvisor;
}

Failed traefik configuration

 cadvisor:
container_name:cadvisor
image:  gcr.io/google-containers/cadvisor:latest
restart: always
privileged: true
networks:
  - back-network
ports:
  - "8080:8080"
command:
  - '-url_base_prefix=/cadvisor'
volumes:
  - /:/rootfs:ro
  - /var/run:/var/run:rw
  - /sys:/sys:ro
  - /var/lib/docker/:/var/lib/docker:ro
labels:
  - "traefik.http.routers.cadvisor.rule=Host(`localhost`) && PathPrefix(`/cadvisor`)"
  - "traefik.http.services.cadvisor.loadbalancer.server.port=8080"

Main issue with cAdvisor is redirection, that's why we need to add url_base_prefix arg

But previous docker-compose with traefik is not working

I don't know how to transpose location ~* /admin/cadvisor/.*$ to Traefik configuration

docker nginx traefik cadvisor
Original Q&A
1

There are 1 answers

0
Ralf Geschke On BEST ANSWER

What do you do with Nginx there? Does it run on the host to handle other requests to another services? Nginx is not necessary for cAdvisor.

Here's a working example from my current installation:

version: '3.8'
services:
  cadvisor:
    image: gcr.io/cadvisor/cadvisor:latest
    restart: always
    volumes:
      - /:/rootfs:ro
      - /var/run:/var/run:ro
      - /sys:/sys:ro
      - /var/lib/docker/:/var/lib/docker:ro
      - /dev/disk/:/dev/disk:ro
    privileged: true
    devices:
      - "/dev/kmsg:/dev/kmsg"
    command: --url_base_prefix=/cadvisor
    environment:
      - CADVISOR_HEALTHCHECK_URL=http://localhost:8080/cadvisor/healthz 
    labels:
      - "traefik.enable=true" # enable traefik
      - "traefik.docker.network=traefik-public" # put it in the same network as traefik
      - "traefik.constraint-label=traefik-public" # assign the same label as traefik so it can be discovered

      - "traefik.http.routers.cadvisor-01.service=cadvisor-01-secured"
      - "traefik.http.routers.cadvisor-01.rule=Host(`host.example.com`) && PathPrefix(`/cadvisor`)"
      - "traefik.http.routers.cadvisor-01.priority=20"
      - "traefik.http.routers.cadvisor-01.entrypoints=http"
      - "traefik.http.middlewares.cadvisor-01.redirectscheme.scheme=https" # redirect traffic to https
      - "traefik.http.middlewares.cadvisor-01.redirectscheme.permanent=true" # redirect traffic to https

      - "traefik.http.middlewares.def-cadvisor-01.headers.customrequestheaders.X-Forwarded-Server=host.example.com"
      - "traefik.http.middlewares.def-cadvisor-01.headers.referrerPolicy=origin"
      - "traefik.http.middlewares.def-cadvisor-01-auth.basicauth.users=USERNAME:PASSWORD"
      - "traefik.http.routers.cadvisor-01.middlewares=https-redirect"

      - "traefik.http.routers.cadvisor-01-secured.service=cadvisor-01-secured"
      - "traefik.http.routers.cadvisor-01-secured.rule=Host(`host.example.com`) && PathPrefix(`/cadvisor`)"
      - "traefik.http.routers.cadvisor-01-secured.priority=20"
      - "traefik.http.routers.cadvisor-01-secured.entrypoints=https"
      - "traefik.http.routers.cadvisor-01-secured.tls.certresolver=le-tls" # use the Let's Encrypt certificate resolver
      - "traefik.http.services.cadvisor-01-secured.loadbalancer.server.port=8080" # ask Traefik to search for port 8080
      - "traefik.http.routers.cadvisor-01-secured.middlewares=secHeaders@file,def-cadvisor-01-auth,def-cadvisor-01,def-compress"
    networks:
      - "traefik-public"


networks:
  traefik-public:
    external: true`

The health check is a bit tricky, it is a fixed URL in the cAdvisor Dockerfile, but using the environment variable overwrites it. As you can see, I'm running cAdvisor with the path /cadvisor/, so I had to add this as command option "--url_base_prefix" and to modify the CADVISOR_HEALTHCHECK_URL environment variable.

Traefik runs as reverse proxy, it listens on Port 443 and 80, I didn't want to open another port like 8080 to the public, so Traefik is responsible to handle the TLS stuff and redirects from http to https. So you DON'T need to open port 8080 or expose port 80 in your cAdvisor definition! This will be handled by Traefik. Traefik reaches your containers by using the same Docker network.

Beware of priority settings! If another Traefik service handles the root URL, it must have a lower priority. Otherwise your service definition will never be matched.

If it is not allowed to post URLs, I apologize, but maybe it's useful for somebody. I've written introduction articles on https://www.kuerbis.org/traefik-und-mehr/ - in one of them you will find more about Traefik and cAdvisor. They are written in German, but I guess Google Translate or similar should help.

Kind regards, Ralf

Related Questions in DOCKER

Related Questions in NGINX

Related Questions in TRAEFIK

Related Questions in CADVISOR

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions