Search code examples
prometheusmetricstraefik

Traefik V2.0 Metrics with Prometheus

If I want to capture metrics of Traefik with Prometheus, this only works if insecure= true is activated. If I set insecure=false I get a 404. Maybe someone has an example of what a correct configuration looks like. So the configuration of Traefik (V2.0 CLI) and the prometheus.yml.

traefik.yml command Section:

      command:
        - "--metrics=true"
        - "--metrics.prometheus=true"
        - "--metrics.prometheus.buckets=0.100000, 0.300000, 1.200000, 5.000000"
        - "--metrics.prometheus.entrypoint='metrics'"
        - "--metrics.prometheus.addEntryPointsLabels=true"
        - "--metrics.prometheus.addServicesLabels=true"

        - "--api=true"
        - "--api.dashboard=true"

        - "--log.level=INFO"

        - "--providers.docker=true"
        - "--providers.docker.swarmmode=true"
        - "--providers.docker.exposedbydefault=false"

        - "--entrypoints.web.address=:80"
        - "--entrypoints.websecure.address=:443"
        - "--certificatesResolvers.sec.acme.email=foo@bar.com"
        - "--certificatesResolvers.sec.acme.storage=/letsencrypt/acme.json"
        - "--certificatesResolvers.sec.acme.httpChallenge.entryPoint=web"
      deploy:
        labels:
            - "traefik.enable=true"

            - "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
            - "traefik.http.routers.api.rule=Host(`foo.bar`)"

            - "traefik.http.routers.api.service=api@internal"
            - "traefik.http.routers.api.middlewares=myauth"
            - "traefik.http.services.api.loadbalancer.server.port=8080"
            - "traefik.http.routers.api.tls.certresolver=sec"
            - "traefik.http.middlewares.myauth.basicauth.users=xxx"

prometheus.yml:

global:
    scrape_interval: 10s
    scrape_timeout: 10s
scrape_configs:
    - job_name: 'pushgateway'
      static_configs:
              - targets: ['pushgateway:9091']
      honor_labels: true
    - job_name: 'traefik'
      scheme: https
      static_configs:
              - targets: ['foo.bar']
      basic_auth:
              username: myusername
              password: mypassword
Solution

  • First expose 8082 port if you're in docker.

    And add these commands when starting Traefik.

    --metrics.prometheus=true
--metrics.prometheus.entryPoint=metrics
--entryPoints.metrics.address=:8082

    Access that metrics in domain:8082/metrics

    If you also add the following labels it will allow you to access the metrics on traefikmetrics.mydomain.com/metrics. You need to fill in the values in the angle braces depending on your setup.

    traefik.http.routers.traefikmetrics.entrypoints: <http or https entrypoint>
traefik.http.routers.traefikmetrics.rule: Host(`traefikmetrics.mydomain.com`)
traefik.http.services.<traefik-service-name>.loadbalancer.server.port: 8082