From 01c981c2c0d2231a6ca6d245d6a8a0649cf7aae9 Mon Sep 17 00:00:00 2001 From: Adrien Date: Mon, 18 May 2020 20:43:22 +0200 Subject: [PATCH] Restructure ansible code --- tasks/main.yml | 56 ++++++++++++----- tasks/main.yml.old | 49 --------------- tasks/version_2.0.yml | 46 -------------- tasks/version_2.1.yml | 47 -------------- tasks/version_2.2.yml | 49 --------------- templates/2.0/traefik-dp.yml.j2 | 2 +- templates/2.1/traefik-dp.yml.j2 | 2 +- templates/2.2/traefik-dp.yml.j2 | 2 +- .../traefik-middleware-ipwhitelist.yml.j2 | 0 vars/main.yml | 63 +++++++++++++++++++ 10 files changed, 105 insertions(+), 211 deletions(-) delete mode 100644 tasks/main.yml.old delete mode 100644 tasks/version_2.0.yml delete mode 100644 tasks/version_2.1.yml delete mode 100644 tasks/version_2.2.yml rename templates/{2.2 => }/traefik-middleware-ipwhitelist.yml.j2 (100%) diff --git a/tasks/main.yml b/tasks/main.yml index 7685184..c543cfd 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,6 +1,3 @@ -#- debug: var=my_context -# tags: traefik - - name: traefik setup block: - name: namespace @@ -15,7 +12,6 @@ name: traefik labels: namespace: traefik - tags: traefik - name: Create a Secret object for basic authentification k8s: @@ -32,7 +28,6 @@ basic_auth: "{{ basic_auth_data | b64encode }}" when: - basic_auth == true - tags: traefik - name: Add host label for traefik deployment k8s: @@ -49,7 +44,6 @@ - '{{ traefik_node_selector }}' when: - traefik_node_selector is defined - tags: traefik - name: Get Deployment information object k8s_info: @@ -63,20 +57,48 @@ register: traefik_actual_resources - name: Retreive actual traefik version - shell: echo "{{ traefik_actual_resources.resources }}" | sed "s/.*traefik:\([.0-9]*\).*/\1/" | uniq + shell: echo "{{ traefik_actual_resources.resources }}" | sed "s/.*traefik:\([0-9]\.[0-9]*\).*/\1/" | uniq register: traefik_actual_version - - name: install / uninstall version 2.0 - include_tasks: "version_2.0.yml" + - name: Remove old traefik version {{ traefik_actual_version.stdout }} + k8s: + state: "absent" + context: "{{ my_context }}" + resource_definition: "{{ lookup('template', item) | from_yaml }}" + with_items: + - "{{ lookup('vars', 'traefik_' + traefik_actual_version.stdout + '_list') | reverse | list}}" +# - hostvars[inventory_hostname]['traefik_' + traefik_actual_version.stdout + '_list'] | reverse when: - - traefik_version | regex_search('(^2.0)') + - not traefik_actual_version.stdout == "[]" + - not traefik_version == traefik_actual_version.stdout - - name: install / uninstall version 2.1 - include_tasks: "version_2.1.yml" - when: - - traefik_version | regex_search('(^2.1)') + - name: Install traefik version {{ traefik_version }} + k8s: + state: "present" + context: "{{ my_context }}" + merge_type: merge + resource_definition: "{{ lookup('template', item) | from_yaml }}" + with_items: + - "{{ lookup('vars', 'traefik_' + traefik_version + '_list') }}" - - name: install / uninstall version 2.2 - include_tasks: "version_2.2.yml" + - name: Define state of ipwhitelist middleware to present + set_fact: + traefik_ipwhitelist_state: present when: - - traefik_version | regex_search('(^2.2)') or traefik_actual_version.stdout | regex_search('(^2.)') + - traefik_version | regex_search('(^2.)') + - ingress_whitelist is defined + - name: Define state of ipwhitelist middleware to absent + set_fact: + traefik_ipwhitelist_state: absent + when: + - not ingress_whitelist is defined or traefik_ipwhitelist_state is not defined + - name: IP white list need to be {{ traefik_ipwhitelist_state }} + k8s: + state: "{{ traefik_ipwhitelist_state }}" + context: "{{ my_context }}" + merge_type: merge + resource_definition: "{{ lookup('template', item) | from_yaml }}" + with_items: + - traefik-middleware-ipwhitelist.yml.j2 + + tags: traefik diff --git a/tasks/main.yml.old b/tasks/main.yml.old deleted file mode 100644 index d68c97f..0000000 --- a/tasks/main.yml.old +++ /dev/null @@ -1,49 +0,0 @@ -#- debug: var=my_context -# tags: traefik - -- name: traefik setup - block: - - name: namespace - k8s: - state: present - context: "{{ my_context }}" - name: {{ traefik_namespace }} - api_version: v1 - kind: Namespace - - - name: Create a Secret object for basic authentification - k8s: - state: present - context: "{{ my_context }}" - definition: - apiVersion: v1 - kind: Secret - metadata: - name: basic-auth - namespace: {{ traefik_namespace }} - type: Opaque - data: - basic_auth: "{{ basic_auth_data | b64encode }}" - when: - - basic_auth == true - tags: traefik - - - name: Get Deployment information object - k8s_facts: - context: "{{ my_context }}" - api_version: v1 - kind: Deployment - name: traefik - namespace: {{ traefik_namespace }} - field_selectors: - - spec.template.spec.containers.image - register: traefik_actual_resources - - - name: Retreive actual traefik version - shell: echo "{{ traefik_actual_resources.resources }}" | sed "s/.*traefik:v\([.0-9]*\).*/\1/" | uniq - register: traefik_actual_version - - - name: install / uninstall version 2.0 - include_tasks: "version_2.0.yml" - when: - - traefik_version == 2.0 or traefik_actual_version.stdout == 2.0 diff --git a/tasks/version_2.0.yml b/tasks/version_2.0.yml deleted file mode 100644 index 539bc97..0000000 --- a/tasks/version_2.0.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- set_fact: - traefik_2_0_state: "present" - when: - - traefik_version | regex_search('(^2.0)') - -- set_fact: - traefik_2_0_state: "absent" - when: - - not traefik_version | regex_search('(^2.0)') - -- name: traefik files version {{ traefik_version }} need to be {{ traefik_2_0_state }} - k8s: - state: "{{ traefik_2_0_state }}" - context: "{{ my_context }}" - resource_definition: "{{ lookup('template', item) | from_yaml }}" - with_items: - - 2.0/traefik-cm.yml.j2 - - 2.0/traefik-sa.yml.j2 - - 2.0/traefik-clusterrole.yml.j2 - - 2.0/traefik-clusterrolebinding.yml.j2 - - 2.0/traefik-crd-ingressroute.yml.j2 - - 2.0/traefik-crd-ingressroutetcp.yml.j2 - - 2.0/traefik-crd-middleware.yml.j2 - - 2.0/traefik-crd-tlsoption.yml.j2 - - 2.0/traefik-dp.yml.j2 - - 2.0/traefik-svc.yml.j2 - - 2.0/traefik-dashboard-svc.yml.j2 - - 2.0/traefik-middleware-httpsredirect.yml.j2 - - 2.0/traefik-middleware-basicauth.yml.j2 - - 2.0/traefik-tls-options.yml.j2 - - 2.0/traefik-dashboard.yml.j2 - - 2.0/traefik-dashboard-insecure.yml.j2 - - 2.0/traefik-ping.yml.j2 - tags: traefik - -- name: IP white list need to be {{ traefik_2_0_state }} for traefik version 2.0 - k8s: - state: "{{ traefik_2_0_state }}" - context: "{{ my_context }}" - resource_definition: "{{ lookup('template', item) | from_yaml }}" - with_items: - - 2.0/traefik-middleware-ipwhitelist.yml.j2 - when: - - ingress_whitelist is defined or traefik_2_0_state == "absent" - tags: traefik diff --git a/tasks/version_2.1.yml b/tasks/version_2.1.yml deleted file mode 100644 index 9f7cc0d..0000000 --- a/tasks/version_2.1.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -- set_fact: - traefik_2_1_state: "present" - when: - - traefik_version | regex_search('(^2.1)') - -- set_fact: - traefik_2_1_state: "absent" - when: - - not traefik_version | regex_search('(^2.1)') - -- name: traefik files version 2.1 need to be {{ traefik_2_1_state }} - k8s: - state: "{{ traefik_2_1_state }}" - context: "{{ my_context }}" - resource_definition: "{{ lookup('template', item) | from_yaml }}" - with_items: - - 2.1/traefik-cm.yml.j2 - - 2.1/traefik-sa.yml.j2 - - 2.1/traefik-clusterrole.yml.j2 - - 2.1/traefik-clusterrolebinding.yml.j2 - - 2.1/traefik-crd-ingressroute.yml.j2 - - 2.1/traefik-crd-ingressroutetcp.yml.j2 - - 2.1/traefik-crd-middleware.yml.j2 - - 2.1/traefik-crd-tlsoption.yml.j2 - - 2.1/traefik-crd-traefikservice.yml.j2 - - 2.1/traefik-dp.yml.j2 - - 2.1/traefik-svc.yml.j2 - - 2.1/traefik-dashboard-svc.yml.j2 - - 2.1/traefik-middleware-httpsredirect.yml.j2 - - 2.1/traefik-middleware-basicauth.yml.j2 - - 2.1/traefik-tls-options.yml.j2 - - 2.1/traefik-dashboard.yml.j2 - - 2.1/traefik-dashboard-insecure.yml.j2 - - 2.1/traefik-ping.yml.j2 - tags: traefik - -- name: IP white list need to be {{ traefik_2_1_state }} for traefik version 2.1 - k8s: - state: "{{ traefik_2_1_state }}" - context: "{{ my_context }}" - resource_definition: "{{ lookup('template', item) | from_yaml }}" - with_items: - - 2.1/traefik-middleware-ipwhitelist.yml.j2 - when: - - ingress_whitelist is defined or traefik_2_1_state == "absent" - tags: traefik diff --git a/tasks/version_2.2.yml b/tasks/version_2.2.yml deleted file mode 100644 index ec4e175..0000000 --- a/tasks/version_2.2.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -- set_fact: - traefik_2_2_state: "present" - when: - - traefik_version | regex_search('(^2.)') - -- set_fact: - traefik_2_2_state: "absent" - when: - - traefik_version | regex_search('(^1.)') - -- name: traefik files version 2.2 need to be {{ traefik_2_2_state }} - k8s: - state: "{{ traefik_2_2_state }}" - context: "{{ my_context }}" - resource_definition: "{{ lookup('template', item) | from_yaml }}" - with_items: - - 2.2/traefik-crd-ingressroutes.yml.j2 - - 2.2/traefik-crd-ingressroutetcps.yml.j2 - - 2.2/traefik-crd-ingressrouteudps.yml.j2 - - 2.2/traefik-crd-middlewares.yml.j2 - - 2.2/traefik-crd-tlsoptions.yml.j2 - - 2.2/traefik-crd-tlsstores.yml.j2 - - 2.2/traefik-crd-traefikservices.yml.j2 - - 2.2/traefik-cm.yml.j2 - - 2.2/traefik-sa.yml.j2 - - 2.2/traefik-clusterrole.yml.j2 - - 2.2/traefik-clusterrolebinding.yml.j2 - - 2.2/traefik-dp.yml.j2 - - 2.2/traefik-svc.yml.j2 - - 2.2/traefik-dashboard-svc.yml.j2 - - 2.2/traefik-middleware-httpsredirect.yml.j2 - - 2.2/traefik-middleware-basicauth.yml.j2 - - 2.2/traefik-tls-options.yml.j2 - - 2.2/traefik-dashboard.yml.j2 - - 2.2/traefik-dashboard-insecure.yml.j2 - - 2.2/traefik-ping.yml.j2 - tags: traefik - -- name: IP white list need to be {{ traefik_2_2_state }} for traefik version 2.2 - k8s: - state: "{{ traefik_2_2_state }}" - context: "{{ my_context }}" - resource_definition: "{{ lookup('template', item) | from_yaml }}" - with_items: - - 2.2/traefik-middleware-ipwhitelist.yml.j2 - when: - - ingress_whitelist is defined or traefik_2_2_state == "absent" - tags: traefik diff --git a/templates/2.0/traefik-dp.yml.j2 b/templates/2.0/traefik-dp.yml.j2 index b291ce1..11209c3 100644 --- a/templates/2.0/traefik-dp.yml.j2 +++ b/templates/2.0/traefik-dp.yml.j2 @@ -21,7 +21,7 @@ spec: serviceAccountName: traefik-ingress-controller containers: - name: traefik - image: traefik:{{ traefik_version }} + image: traefik:{{ traefik_version_2_0 }} args: - --configfile=/config/traefik.yaml # imagePullPolicy: IfNotPresent diff --git a/templates/2.1/traefik-dp.yml.j2 b/templates/2.1/traefik-dp.yml.j2 index b9e18a1..f7e3dbc 100644 --- a/templates/2.1/traefik-dp.yml.j2 +++ b/templates/2.1/traefik-dp.yml.j2 @@ -21,7 +21,7 @@ spec: serviceAccountName: traefik-ingress-controller containers: - name: traefik - image: traefik:{{ traefik_version }} + image: traefik:{{ traefik_version_2_1 }} args: - --configfile=/config/traefik.yaml # imagePullPolicy: IfNotPresent diff --git a/templates/2.2/traefik-dp.yml.j2 b/templates/2.2/traefik-dp.yml.j2 index b9e18a1..48b351d 100644 --- a/templates/2.2/traefik-dp.yml.j2 +++ b/templates/2.2/traefik-dp.yml.j2 @@ -21,7 +21,7 @@ spec: serviceAccountName: traefik-ingress-controller containers: - name: traefik - image: traefik:{{ traefik_version }} + image: traefik:{{ traefik_version_2_2 }} args: - --configfile=/config/traefik.yaml # imagePullPolicy: IfNotPresent diff --git a/templates/2.2/traefik-middleware-ipwhitelist.yml.j2 b/templates/traefik-middleware-ipwhitelist.yml.j2 similarity index 100% rename from templates/2.2/traefik-middleware-ipwhitelist.yml.j2 rename to templates/traefik-middleware-ipwhitelist.yml.j2 diff --git a/vars/main.yml b/vars/main.yml index e69de29..d620452 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -0,0 +1,63 @@ +traefik_version_2_0:2.0.7 +traefik_2.0_list: + - 2.0/traefik-cm.yml.j2 + - 2.0/traefik-sa.yml.j2 + - 2.0/traefik-clusterrole.yml.j2 + - 2.0/traefik-clusterrolebinding.yml.j2 + - 2.0/traefik-crd-ingressroute.yml.j2 + - 2.0/traefik-crd-ingressroutetcp.yml.j2 + - 2.0/traefik-crd-middleware.yml.j2 + - 2.0/traefik-crd-tlsoption.yml.j2 + - 2.0/traefik-dp.yml.j2 + - 2.0/traefik-svc.yml.j2 + - 2.0/traefik-dashboard-svc.yml.j2 + - 2.0/traefik-middleware-httpsredirect.yml.j2 + - 2.0/traefik-middleware-basicauth.yml.j2 + - 2.0/traefik-tls-options.yml.j2 + - 2.0/traefik-dashboard.yml.j2 + - 2.0/traefik-dashboard-insecure.yml.j2 + - 2.0/traefik-ping.yml.j2 + +traefik_version_2_1:2.1.9 +traefik_2.1_list: + - 2.1/traefik-cm.yml.j2 + - 2.1/traefik-sa.yml.j2 + - 2.1/traefik-clusterrole.yml.j2 + - 2.1/traefik-clusterrolebinding.yml.j2 + - 2.1/traefik-crd-ingressroute.yml.j2 + - 2.1/traefik-crd-ingressroutetcp.yml.j2 + - 2.1/traefik-crd-middleware.yml.j2 + - 2.1/traefik-crd-tlsoption.yml.j2 + - 2.1/traefik-crd-traefikservice.yml.j2 + - 2.1/traefik-dp.yml.j2 + - 2.1/traefik-svc.yml.j2 + - 2.1/traefik-dashboard-svc.yml.j2 + - 2.1/traefik-middleware-httpsredirect.yml.j2 + - 2.1/traefik-middleware-basicauth.yml.j2 + - 2.1/traefik-tls-options.yml.j2 + - 2.1/traefik-dashboard.yml.j2 + - 2.1/traefik-dashboard-insecure.yml.j2 + - 2.1/traefik-ping.yml.j2 + +traefik_version_2_2:2.2.1 +traefik_2.2_list: + - 2.2/traefik-crd-ingressroutes.yml.j2 + - 2.2/traefik-crd-ingressroutetcps.yml.j2 + - 2.2/traefik-crd-ingressrouteudps.yml.j2 + - 2.2/traefik-crd-middlewares.yml.j2 + - 2.2/traefik-crd-tlsoptions.yml.j2 + - 2.2/traefik-crd-tlsstores.yml.j2 + - 2.2/traefik-crd-traefikservices.yml.j2 + - 2.2/traefik-cm.yml.j2 + - 2.2/traefik-sa.yml.j2 + - 2.2/traefik-clusterrole.yml.j2 + - 2.2/traefik-clusterrolebinding.yml.j2 + - 2.2/traefik-dp.yml.j2 + - 2.2/traefik-svc.yml.j2 + - 2.2/traefik-dashboard-svc.yml.j2 + - 2.2/traefik-middleware-httpsredirect.yml.j2 + - 2.2/traefik-middleware-basicauth.yml.j2 + - 2.2/traefik-tls-options.yml.j2 + - 2.2/traefik-dashboard.yml.j2 + - 2.2/traefik-dashboard-insecure.yml.j2 + - 2.2/traefik-ping.yml.j2