Search code examples
amazon-ecstraefikaws-fargate

How to tell Traefik not to try to connect to docker.sock when using AWS ECS and Fargate

I am setting up a environment for a web application on AWS ECS using Fargate. The Setup uses several containers for front and backends and Traefik (also in a container) for routing behind an ALB. I am using ecs-cli and docker-compose files for deployments and everything works quite fine.

Despite everything is working properly the traefik container is logging errors continuously about not being able to connect to docker.sock

time="2019-09-12T21:54:13Z" level=error msg="Failed to retrieve information of the docker client and server host: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?"
time="2019-09-12T21:54:13Z" level=error msg="Provider connection error Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?, retrying in 3.829225701s"

I very much understand that traefik won't be able to connect to the docker.sock in that environment and as I configured the ECS Provider apparently correctly it does not need to connect to the socket. Hence it still tries.

traefik.toml

[entryPoints]
  ...

[ecs]
clusters = ["cluster-name"]
watch = true
refreshSeconds = 15
exposedByDefault = true
region = "eu-west-1"
domain = "ecs.domain"

[retry]

docker-comopse.yml

version: "3"
services:
  proxy:
    image: ${custom-image-with-toml-baked-in}
    command: --api --docker
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    labels:
      - "traefik.enable=true"
      - "traefik.backend=traefik"
      - "traefik.frontend.rule=Host:traefik.ecs.domain"
      - "traefik.port=8080"
    logging:
      driver: awslogs
      ...

...

So as I mentioned it looks like Traefik still wants to connect to docker.sock while I cannot find a way to tell Traefik to only rely on ECS.

Solution

  • So while reviewing my question I scrutinised the line command: --api --docker in my docker-compose file and it turns out that the error comes from the --docker option...

    This line is legacy stuff from earlier simple docker deployments, so removing this option worked for me.

    docker-compose.yml

    version: "3"
services:
  proxy:
    image: ${custom-image-with-toml-baked-in}
    command: --api
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    labels:
      - "traefik.enable=true"
      - "traefik.backend=traefik"
      - "traefik.frontend.rule=Host:traefik.ecs.domain"
      - "traefik.port=8080"
    logging:
      driver: awslogs
      ...

...

    So in case anyone runs into the same stupid issue, I hope this monologue can help.