Update guide to use the traefik 2.1.0

**What** - Update the instructions to use the latest Traefik version and based on the Traefik user guide https://docs.traefik.io/user-guides/docker-compose/acme-http/ This also make several other changes to improve the readability Signed-off-by: Lucas Roesler <[email protected]>
openfaas · Feb 1, 2020 · 0157693 · 0157693
1 parent ce6fecd
commit 0157693
Show file tree

Hide file tree

Showing 2 changed files with 317 additions and 46 deletions.
diff --git a/docs/reference/ssl/compose-example.yaml b/docs/reference/ssl/compose-example.yaml
@@ -0,0 +1,265 @@
+version: "3.3"
+services:
+    traefik:
+        image: traefik:v2.1.3
+        container_name: "traefik"
+        command:
+            - "--api.insecure=true"
+            - "--providers.docker=true"
+            - "--providers.docker.exposedbydefault=false"
+            - "--entrypoints.web.address=:80"
+            - "--entrypoints.websecure.address=:443"
+            - "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true"
+            - "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web"
+            - "--certificatesresolvers.myhttpchallenge.acme.email=<your-email-here>"
+            - "--certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json"
+        ports:
+            - "80:80"
+            - "443:443"
+            - "8080:8080"
+        volumes:
+            - "./letsencrypt:/letsencrypt"
+            - "/var/run/docker.sock:/var/run/docker.sock"
+        networks:
+            - functions
+        placement:
+            constraints: [node.role == manager]
+
+    gateway:
+        ports:
+            - 8080:8080
+        image: openfaas/gateway:0.18.10
+        networks:
+            - functions
+        labels:
+            - "traefik.enable=true"
+            - "traefik.http.routers.gateway.rule=Host(`gw.example.com`)"
+            - "traefik.http.routers.gateway.entrypoints=websecure"
+            - "traefik.http.routers.gateway.tls.certresolver=myhttpchallenge"
+        environment:
+            functions_provider_url: "http://faas-swarm:8080/"
+            read_timeout: "5m5s" # Maximum time to read HTTP request
+            write_timeout: "5m5s" # Maximum time to write HTTP response
+            upstream_timeout: "5m" # Maximum duration of upstream function call - should be more than read_timeout and write_timeout
+            dnsrr: "true" # Temporarily use dnsrr in place of VIP while issue persists on PWD
+            faas_nats_address: "nats"
+            faas_nats_port: 4222
+            direct_functions: "true" # Functions are invoked directly over the overlay network
+            direct_functions_suffix: ""
+            basic_auth: "${BASIC_AUTH:-false}"
+            secret_mount_path: "/run/secrets/"
+            scale_from_zero: "true" # Enable if you want functions to scale from 0/0 to min replica count upon invoke
+            max_idle_conns: 1024
+            max_idle_conns_per_host: 1024
+            auth_proxy_url: "${AUTH_URL:-}"
+            auth_proxy_pass_body: "false"
+        deploy:
+            resources:
+                # limits:   # Enable if you want to limit memory usage
+                #     memory: 200M
+                reservations:
+                    memory: 100M
+            restart_policy:
+                condition: on-failure
+                delay: 5s
+                max_attempts: 20
+                window: 380s
+            placement:
+                constraints:
+                    - "node.platform.os == linux"
+        secrets:
+            - basic-auth-user
+            - basic-auth-password
+
+    # auth service provide basic-auth plugin for system APIs
+    basic-auth-plugin:
+        image: openfaas/basic-auth-plugin:0.18.10
+        networks:
+            - functions
+        environment:
+            secret_mount_path: "/run/secrets/"
+            user_filename: "basic-auth-user"
+            pass_filename: "basic-auth-password"
+        deploy:
+            placement:
+                constraints:
+                    - "node.role == manager"
+                    - "node.platform.os == linux"
+            resources:
+                # limits:   # Enable if you want to limit memory usage
+                #     memory: 100M
+                reservations:
+                    memory: 50M
+            restart_policy:
+                condition: on-failure
+                delay: 5s
+                max_attempts: 20
+                window: 380s
+        secrets:
+            - basic-auth-user
+            - basic-auth-password
+
+    # Docker Swarm provider
+    faas-swarm:
+        volumes:
+            - "/var/run/docker.sock:/var/run/docker.sock"
+        image: openfaas/faas-swarm:0.8.2
+        networks:
+            - functions
+        environment:
+            read_timeout: "5m5s" # set both here, and on your functions
+            write_timeout: "5m5s" # set both here, and on your functions
+            DOCKER_API_VERSION: "1.30"
+            basic_auth: "${BASIC_AUTH:-false}"
+            secret_mount_path: "/run/secrets/"
+        deploy:
+            placement:
+                constraints:
+                    - "node.role == manager"
+                    - "node.platform.os == linux"
+            resources:
+                # limits:   # Enable if you want to limit memory usage
+                #     memory: 100M
+                reservations:
+                    memory: 100M
+            restart_policy:
+                condition: on-failure
+                delay: 5s
+                max_attempts: 20
+                window: 380s
+        secrets:
+            - basic-auth-user
+            - basic-auth-password
+
+    nats:
+        image: nats-streaming:0.11.2
+        # Uncomment the following port mappings if you wish to expose the
+        # NATS client and/or management ports you must also add `-m 8222` to the command
+        # ports:
+        #     - 4222:4222
+        #     - 8222:8222
+        command: "--store memory --cluster_id faas-cluster"
+        networks:
+            - functions
+        deploy:
+            resources:
+                limits:
+                    memory: 125M
+                reservations:
+                    memory: 50M
+            placement:
+                constraints:
+                    - "node.platform.os == linux"
+
+    queue-worker:
+        image: openfaas/queue-worker:0.8.4
+        networks:
+            - functions
+        environment:
+            max_inflight: "1"
+            ack_wait: "5m5s" # Max duration of any async task / request
+            basic_auth: "${BASIC_AUTH:-false}"
+            secret_mount_path: "/run/secrets/"
+            gateway_invoke: "true"
+            faas_gateway_address: "gateway"
+        deploy:
+            resources:
+                limits:
+                    memory: 50M
+                reservations:
+                    memory: 20M
+            restart_policy:
+                condition: on-failure
+                delay: 5s
+                max_attempts: 20
+                window: 380s
+            placement:
+                constraints:
+                    - "node.platform.os == linux"
+        secrets:
+            - basic-auth-user
+            - basic-auth-password
+
+    # End services
+
+    # Start monitoring
+
+    prometheus:
+        image: prom/prometheus:v2.11.0
+        environment:
+            no_proxy: "gateway"
+        configs:
+            - source: prometheus_config
+              target: /etc/prometheus/prometheus.yml
+            - source: prometheus_rules
+              target: /etc/prometheus/alert.rules.yml
+        command:
+            - "--config.file=/etc/prometheus/prometheus.yml"
+        #   - '-storage.local.path=/prometheus'
+        ports:
+            - 9090:9090
+        networks:
+            - functions
+        deploy:
+            placement:
+                constraints:
+                    - "node.role == manager"
+                    - "node.platform.os == linux"
+            resources:
+                limits:
+                    memory: 500M
+                reservations:
+                    memory: 200M
+
+    alertmanager:
+        image: prom/alertmanager:v0.18.0
+        environment:
+            no_proxy: "gateway"
+        command:
+            - "--config.file=/alertmanager.yml"
+            - "--storage.path=/alertmanager"
+        networks:
+            - functions
+        # Uncomment the following port mapping if you wish to expose the Prometheus
+        # Alertmanager UI.
+        # ports:
+        #     - 9093:9093
+        deploy:
+            resources:
+                limits:
+                    memory: 50M
+                reservations:
+                    memory: 20M
+            placement:
+                constraints:
+                    - "node.role == manager"
+                    - "node.platform.os == linux"
+        configs:
+            - source: alertmanager_config
+              target: /alertmanager.yml
+        secrets:
+            - basic-auth-password
+
+configs:
+    prometheus_config:
+        file: ./prometheus/prometheus.yml
+    prometheus_rules:
+        file: ./prometheus/alert.rules.yml
+    alertmanager_config:
+        file: ./prometheus/alertmanager.yml
+
+networks:
+    functions:
+        driver: overlay
+        attachable: true
+        labels:
+            - "openfaas=true"
+
+secrets:
+    basic-auth-user:
+        external: true
+    basic-auth-password:
+        external: true
+
+volumes:
+    letsencrypt: