7.9 KiB
Traefik + Redis (KV provider): how to use it, where keys go, and how to notify Traefik
1) Enable the Redis provider (static config)
Add the Redis provider to Traefik’s install/static configuration (YAML example):
providers:
redis:
endpoints: # one or more Redis endpoints
- "127.0.0.1:6379"
rootKey: "traefik" # KV root/prefix (default: traefik)
db: 0 # optional
username: "" # optional
password: "" # optional
tls: # optional (use if Redis is TLS-enabled)
ca: /path/to/ca.crt
cert: /path/to/client.crt
key: /path/to/client.key
insecureSkipVerify: false
sentinel: # optional (if using Redis Sentinel)
masterName: my-master
# username/password/latencyStrategy/randomStrategy/replicaStrategy/useDisconnectedReplicas available
CLI equivalents (examples):
--providers.redis.endpoints=127.0.0.1:6379 --providers.redis.rootkey=traefik --providers.redis.db=0 (see docs for all flags). (Traefik Docs)
Important: Traefik only reads/watches dynamic (routing) configuration from Redis. It doesn’t store anything there automatically. You populate keys yourself (see §3). (Traefik Docs)
2) “Notifying” Traefik about changes (Redis keyspace notifications)
To have Traefik react to updates without restart, Redis must have keyspace notifications enabled. A safe, common setting is:
# temporary (runtime):
redis-cli CONFIG SET notify-keyspace-events AKE
# verify:
redis-cli CONFIG GET notify-keyspace-events
Or set notify-keyspace-events AKE in redis.conf, or via your cloud provider’s parameter group (e.g., ElastiCache / Memorystore). (Traefik Docs, Redis, Traefik Labs Community Forum)
Notes
- Managed Redis services often disable these notifications by default for performance reasons—enable them explicitly. (Traefik Docs)
AKEmeans “all” (A) generic/string/list/set/zset/stream + keyspace (K) + keyevent (E) messages. (TECHCOMMUNITY.MICROSOFT.COM)
3) Where values must live in Redis (key layout)
Traefik expects a hierarchical path under rootKey (default traefik). You set one string value per path. Examples below show minimal keys for an HTTP route + service.
3.1 Minimal HTTP router + service
traefik/http/routers/myrouter/rule = Host(`kv.example.com`)
traefik/http/routers/myrouter/entryPoints/0 = web
traefik/http/routers/myrouter/entryPoints/1 = websecure
traefik/http/routers/myrouter/service = myservice
traefik/http/services/myservice/loadBalancer/servers/0/url = http://10.0.10.5:8080
traefik/http/services/myservice/loadBalancer/servers/1/url = http://10.0.10.6:8080
(Write these with redis-cli SET <key> "<value>".) (Traefik Docs)
3.2 Add middlewares and TLS (optional)
traefik/http/routers/myrouter/middlewares/0 = auth
traefik/http/routers/myrouter/middlewares/1 = prefix
traefik/http/routers/myrouter/tls = true
traefik/http/routers/myrouter/tls/certResolver = myresolver
traefik/http/routers/myrouter/tls/domains/0/main = example.org
traefik/http/routers/myrouter/tls/domains/0/sans/0 = dev.example.org
3.3 TCP example (e.g., pass-through services)
traefik/tcp/routers/mytcprouter/rule = HostSNI(`*`)
traefik/tcp/routers/mytcprouter/entryPoints/0 = redis-tcp
traefik/tcp/routers/mytcprouter/service = mytcpservice
traefik/tcp/routers/mytcprouter/tls/passthrough = true
traefik/tcp/services/mytcpservice/loadBalancer/servers/0/address = 10.0.10.7:6379
The full KV reference (all keys for routers/services/middlewares/TLS/options/observability) is here and shows many more fields you can set. (Traefik Docs)
4) End-to-end quickstart (commands you can paste)
# 1) Enable keyspace notifications (see §2)
redis-cli CONFIG SET notify-keyspace-events AKE
# 2) Create minimal HTTP route + service (see §3.1)
redis-cli SET traefik/http/routers/myrouter/rule "Host(`kv.example.com`)"
redis-cli SET traefik/http/routers/myrouter/entryPoints/0 "web"
redis-cli SET traefik/http/routers/myrouter/entryPoints/1 "websecure"
redis-cli SET traefik/http/routers/myrouter/service "myservice"
redis-cli SET traefik/http/services/myservice/loadBalancer/servers/0/url "http://10.0.10.5:8080"
redis-cli SET traefik/http/services/myservice/loadBalancer/servers/1/url "http://10.0.10.6:8080"
Traefik will pick these up automatically (no restart) once keyspace notifications are on. (Traefik Docs)
5) Operational tips / gotchas
- Managed Redis: enable
notify-keyspace-events(e.g., ElastiCache parameter group; Memorystore config). Without it, Traefik won’t react to updates. (Traefik Docs, Traefik Labs Community Forum) - Persistence: if you want the config to survive Redis restarts, enable AOF or snapshots per your ops policy. (General Redis ops guidance.) (JupyterHub Traefik Proxy)
- Sentinel / TLS: configure the provider fields accordingly (see §1). (Traefik Docs)
- Deletions: some users reported recent Traefik versions not always propagating deletions from Redis the same way as updates—test your workflow; if needed, set empty values or overwrite keys. Track open issues. (GitHub, Traefik Labs Community Forum)
6) Checklist
- Traefik started with
providers.redispointing at your Redis. (Traefik Docs) notify-keyspace-eventsenabled (e.g.,AKE). (Traefik Docs, Redis)- Keys created under
rootKey(defaulttraefik) following the KV path schema shown above. (Traefik Docs) - Verify in Traefik dashboard/API that routers/services appear. (General provider behavior.) (Traefik Docs)
Sources
- Traefik Redis provider docs (static options & keyspace note). (Traefik Docs)
- KV dynamic configuration reference (full key paths). (Traefik Docs)
- KV provider routing examples (HTTP services/routers). (Traefik Docs)
- Example KV layout (Hub ref, same model). (Traefik Docs)
- Redis keyspace notifications (what
AKEmeans). (Redis, TECHCOMMUNITY.MICROSOFT.COM)
If you want, I can output the exact redis-cli commands for any specific route/service you plan to add.