diff --git a/defaults/main.yml b/defaults/main.yml index c56661e..4cd513a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ my_context: kubernetes -traefik_version: "2.4.1" +traefik_version: "2.5.6" traefik_domain: "local" traefik_namespace: "traefik" #ingress_whitelist: @@ -10,10 +10,12 @@ traefik_namespace: "traefik" # - localhost traefik_cpu_limit: 500m traefik_memory_limit: 300Mi -traefik_entrypoints: - - { name: "http", port: 8000, proto: "TCP", hostport: 80 } - - { name: "https", port: 4443, proto: "TCP", hostport: 443, tls: true } - - { name: "traefik", port: 8080, proto: "TCP" } +traefik_entrypoints: [] +# - { name: "http", port: 8000, proto: "TCP", hostport: 80 } +# - { name: "https", port: 4443, proto: "TCP", hostport: 443, tls: true } +# - { name: "traefik", port: 8080, proto: "TCP" } +#traefik_external_ips: [] +# - 1.2.3.4 basic_auth: false #traefik_dashboard_certificate: wildcard-cluster \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 60c4ef3..c997bc5 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -9,7 +9,7 @@ api_version: v1 kind: Namespace metadata: - name: traefik + name: '{{ traefik_namespace }}' labels: namespace: '{{ traefik_namespace }}' @@ -17,12 +17,12 @@ k8s: state: present context: "{{ my_context }}" + namespace: '{{ traefik_namespace }}' definition: apiVersion: v1 kind: Secret metadata: name: basic-auth - namespace: '{{ traefik_namespace }}' type: Opaque data: basic_auth: "{{ basic_auth_data | b64encode }}" @@ -74,12 +74,12 @@ # - traefik_actual_version.stdout is version(traefik_version, '>') - name: Defined traefik repository - community.kubernetes.helm_repository: + kubernetes.core.helm_repository: name: traefik repo_url: "https://helm.traefik.io/traefik" tags: traefik - name: Deploy latest version of Traefik - community.kubernetes.helm: + kubernetes.core.helm: context: "{{ my_context }}" name: traefik chart_ref: traefik/traefik @@ -99,12 +99,15 @@ ingressClass: enabled: true isDefaultClass: true - ports: - web: - redirectTo: websecure - hostPort: 80 - websecure: - hostPort: 443 +# ports: +# web: +# redirectTo: websecure +# hostPort: 80 +# websecure: +# hostPort: 443 +# tls: +# enabled: true +# options: default volumes: - mountPath: /etc/traefik name: traefik-conf @@ -115,6 +118,11 @@ - mountPath: /etc/traefik/basic-auth name: basic-auth type: secret + deployment: + replicas: 1 + podAnnotations: + prometheus.io/port: '9000' + prometheus.io/scrape: 'true' - name: Install traefik configuration k8s: @@ -126,6 +134,7 @@ resource_definition: "{{ lookup('template', item) | from_yaml }}" with_items: # - "{{ lookup('vars', 'traefik_' + traefik_version | regex_replace('[.]','_') + '_list') }}" + - traefik-certificate.yml.j2 - traefik-cm.yml.j2 - traefik-files.yml.j2 # - traefik-sa.yml.j2 diff --git a/templates/traefik-certificate.yml.j2 b/templates/traefik-certificate.yml.j2 new file mode 100644 index 0000000..3042d55 --- /dev/null +++ b/templates/traefik-certificate.yml.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: traefik.{{ traefik_domain }} +spec: + dnsNames: + - traefik.{{ traefik_domain }} + issuerRef: + name: letsencrypt-prod + kind: ClusterIssuer + secretName: traefik.{{ traefik_domain }} diff --git a/templates/traefik-svc.yml.j2 b/templates/traefik-svc.yml.j2 index dc82b82..1397dd8 100644 --- a/templates/traefik-svc.yml.j2 +++ b/templates/traefik-svc.yml.j2 @@ -9,15 +9,19 @@ metadata: spec: ports: - name: web - hostPort: 80 port: 80 protocol: TCP targetPort: web - name: websecure - hostPort: 443 port: 443 protocol: TCP targetPort: websecure +{% if traefik_external_ips is defined %} + externalIPs: +{% for traefik_external_ip in traefik_external_ips %} + - {{ traefik_external_ip }} +{% endfor %} +{% endif %} selector: app.kubernetes.io/instance: traefik app.kubernetes.io/name: traefik