Option to disable expose of all docker containers

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-07-14 11:32:15 +02:00 · 2016-07-14 11:32:15 +02:00 · b80479f9ef
parent d1112a0feb
commit b80479f9ef
6 changed files with 91 additions and 20 deletions
--- a/configuration.go
+++ b/configuration.go
@ -218,6 +218,7 @@ func NewTraefikDefaultPointersConfiguration() *TraefikConfiguration {
 	//default Docker
 	var defaultDocker provider.Docker
 	defaultDocker.Watch = true
 	defaultDocker.ExposedByDefault = true
 	defaultDocker.Endpoint = "unix:///var/run/docker.sock"
 	// default File
--- a/docs/toml.md
+++ b/docs/toml.md
@ -521,6 +521,13 @@ watch = true
 #
 # filename = "docker.tmpl"
 # Expose containers by default in traefik
 #
 # Optional
 # Default: true
 #
 exposedbydefault = true
 # Enable docker TLS connection
 #
 #  [docker.tls]
--- a/integration/fixtures/docker/simple.toml
+++ b/integration/fixtures/docker/simple.toml
@ -12,3 +12,4 @@ logLevel = "DEBUG"
 endpoint = "{{.DockerHost}}"
 domain = "docker.localhost"
 exposedbydefault = true
--- a/provider/docker.go
+++ b/provider/docker.go
@ -30,9 +30,10 @@ const DockerAPIVersion string = "1.21"
 // Docker holds configurations of the Docker provider.
 type Docker struct {
 	BaseProvider
-	Endpoint string     `description:"Docker server endpoint. Can be a tcp or a unix socket endpoint"`
+	Endpoint         string     `description:"Docker server endpoint. Can be a tcp or a unix socket endpoint"`
-	Domain   string     `description:"Default domain used"`
+	Domain           string     `description:"Default domain used"`
-	TLS      *DockerTLS `description:"Enable Docker TLS support"`
+	TLS              *DockerTLS `description:"Enable Docker TLS support"`
 	ExposedByDefault bool       `description:"Expose containers by default"`
 }
 // DockerTLS holds TLS specific configurations
@ -177,7 +178,9 @@ func (provider *Docker) loadDockerConfig(containersInspected []dockertypes.Conta
 	}
 	// filter containers
-	filteredContainers := fun.Filter(provider.ContainerFilter, containersInspected).([]dockertypes.ContainerJSON)
+	filteredContainers := fun.Filter(func(container dockertypes.ContainerJSON) bool {
 		return provider.containerFilter(container, provider.ExposedByDefault)
 	}, containersInspected).([]dockertypes.ContainerJSON)
 	frontends := map[string][]dockertypes.ContainerJSON{}
 	for _, container := range filteredContainers {
@ -202,8 +205,7 @@ func (provider *Docker) loadDockerConfig(containersInspected []dockertypes.Conta
 	return configuration
 }
-// ContainerFilter checks if container have to be exposed
+func (provider *Docker) containerFilter(container dockertypes.ContainerJSON, exposedByDefaultFlag bool) bool {
 func (provider *Docker) ContainerFilter(container dockertypes.ContainerJSON) bool {
 	_, err := strconv.Atoi(container.Config.Labels["traefik.port"])
 	if len(container.NetworkSettings.Ports) == 0 && err != nil {
 		log.Debugf("Filtering container without port and no traefik.port label %s", container.Name)
@ -214,7 +216,7 @@ func (provider *Docker) ContainerFilter(container dockertypes.ContainerJSON) boo
 		return false
 	}
-	if container.Config.Labels["traefik.enable"] == "false" {
+	if !isContainerEnabled(container, exposedByDefaultFlag) {
 		log.Debugf("Filtering disabled container %s", container.Name)
 		return false
 	}
@ -326,6 +328,10 @@ func (provider *Docker) getEntryPoints(container dockertypes.ContainerJSON) []st
 	return []string{}
 }
 func isContainerEnabled(container dockertypes.ContainerJSON, exposedByDefault bool) bool {
 	return exposedByDefault && container.Config.Labels["traefik.enable"] != "false" || container.Config.Labels["traefik.enable"] == "true"
 }
 func getLabel(container dockertypes.ContainerJSON, label string) (string, error) {
 	for key, value := range container.Config.Labels {
 		if key == label {
--- a/provider/docker_test.go
+++ b/provider/docker_test.go
@ -647,8 +647,9 @@ func TestDockerGetLabels(t *testing.T) {
 func TestDockerTraefikFilter(t *testing.T) {
 	provider := Docker{}
 	containers := []struct {
-		container docker.ContainerJSON
+		container        docker.ContainerJSON
-		expected  bool
+		exposedByDefault bool
 		expected         bool
 	}{
 		{
 			container: docker.ContainerJSON{
@ -658,7 +659,8 @@ func TestDockerTraefikFilter(t *testing.T) {
 				Config:          &container.Config{},
 				NetworkSettings: &docker.NetworkSettings{},
 			},
-			expected: false,
+			exposedByDefault: true,
 			expected:         false,
 		},
 		{
 			container: docker.ContainerJSON{
@ -678,7 +680,8 @@ func TestDockerTraefikFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: false,
+			exposedByDefault: true,
 			expected:         false,
 		},
 		{
 			container: docker.ContainerJSON{
@ -698,7 +701,8 @@ func TestDockerTraefikFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: true,
+			exposedByDefault: true,
 			expected:         true,
 		},
 		{
 			container: docker.ContainerJSON{
@ -715,7 +719,8 @@ func TestDockerTraefikFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: false,
+			exposedByDefault: true,
 			expected:         false,
 		},
 		{
 			container: docker.ContainerJSON{
@ -731,7 +736,8 @@ func TestDockerTraefikFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: true,
+			exposedByDefault: true,
 			expected:         true,
 		},
 		{
 			container: docker.ContainerJSON{
@ -752,7 +758,8 @@ func TestDockerTraefikFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: true,
+			exposedByDefault: true,
 			expected:         true,
 		},
 		{
 			container: docker.ContainerJSON{
@ -772,7 +779,8 @@ func TestDockerTraefikFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: true,
+			exposedByDefault: true,
 			expected:         true,
 		},
 		{
 			container: docker.ContainerJSON{
@ -792,7 +800,8 @@ func TestDockerTraefikFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: true,
+			exposedByDefault: true,
 			expected:         true,
 		},
 		{
 			container: docker.ContainerJSON{
@ -812,12 +821,51 @@ func TestDockerTraefikFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: true,
+			exposedByDefault: true,
 			expected:         true,
 		},
 		{
 			container: docker.ContainerJSON{
 				ContainerJSONBase: &docker.ContainerJSONBase{
 					Name: "container",
 				},
 				Config: &container.Config{},
 				NetworkSettings: &docker.NetworkSettings{
 					NetworkSettingsBase: docker.NetworkSettingsBase{
 						Ports: nat.PortMap{
 							"80/tcp": {},
 						},
 					},
 				},
 			},
 			exposedByDefault: false,
 			expected:         false,
 		},
 		{
 			container: docker.ContainerJSON{
 				ContainerJSONBase: &docker.ContainerJSONBase{
 					Name: "container",
 				},
 				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.enable": "true",
 					},
 				},
 				NetworkSettings: &docker.NetworkSettings{
 					NetworkSettingsBase: docker.NetworkSettingsBase{
 						Ports: nat.PortMap{
 							"80/tcp": {},
 						},
 					},
 				},
 			},
 			exposedByDefault: false,
 			expected:         true,
 		},
 	}
 	for _, e := range containers {
-		actual := provider.ContainerFilter(e.container)
+		actual := provider.containerFilter(e.container, e.exposedByDefault)
 		if actual != e.expected {
 			t.Fatalf("expected %v for %+v, got %+v", e.expected, e, actual)
 		}
@ -971,7 +1019,8 @@ func TestDockerLoadDockerConfig(t *testing.T) {
 	}
 	provider := &Docker{
-		Domain: "docker.localhost",
+		Domain:           "docker.localhost",
 		ExposedByDefault: true,
 	}
 	for _, c := range cases {
--- a/traefik.sample.toml
+++ b/traefik.sample.toml
@ -246,6 +246,13 @@
 #
 # filename = "docker.tmpl"
 # Expose containers by default in traefik
 #
 # Optional
 # Default: true
 #
 # exposedbydefault = true
 # Enable docker TLS connection
 #
 # Optional