I am setting up a environment for a web application on AWS ECS using Fargate. The Setup uses several containers for front and backends and Traefik (also in a container) for routing behind an ALB. I am using ecs-cli and docker-compose files for deployments and everything works quite fine.
Despite everything is working properly the traefik container is logging errors continuously about not being able to connect to docker.sock
time="2019-09-12T21:54:13Z" level=error msg="Failed to retrieve information of the docker client and server host: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?"
time="2019-09-12T21:54:13Z" level=error msg="Provider connection error Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?, retrying in 3.829225701s"
I very much understand that traefik won't be able to connect to the docker.sock in that environment and as I configured the ECS Provider apparently correctly it does not need to connect to the socket. Hence it still tries.
traefik.toml
[entryPoints]
...
[ecs]
clusters = ["cluster-name"]
watch = true
refreshSeconds = 15
exposedByDefault = true
region = "eu-west-1"
domain = "ecs.domain"
[retry]
docker-comopse.yml
version: "3"
services:
proxy:
image: ${custom-image-with-toml-baked-in}
command: --api --docker
ports:
- "80:80"
- "443:443"
- "8080:8080"
labels:
- "traefik.enable=true"
- "traefik.backend=traefik"
- "traefik.frontend.rule=Host:traefik.ecs.domain"
- "traefik.port=8080"
logging:
driver: awslogs
...
...
So as I mentioned it looks like Traefik still wants to connect to docker.sock while I cannot find a way to tell Traefik to only rely on ECS.
So while reviewing my question I scrutinised the line command: --api --docker
in my docker-compose file and it turns out that the error comes from the --docker
option...
This line is legacy stuff from earlier simple docker deployments, so removing this option worked for me.
docker-compose.yml
version: "3"
services:
proxy:
image: ${custom-image-with-toml-baked-in}
command: --api
ports:
- "80:80"
- "443:443"
- "8080:8080"
labels:
- "traefik.enable=true"
- "traefik.backend=traefik"
- "traefik.frontend.rule=Host:traefik.ecs.domain"
- "traefik.port=8080"
logging:
driver: awslogs
...
...
So in case anyone runs into the same stupid issue, I hope this monologue can help.