adrien/ansible-role-k8s-traefik
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Deploy without hostport
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Adrien Reslinger 2021-12-25 01:56:25 +01:00
parent 288a4454da
commit 0735682969
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
4 changed files with 44 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

12
defaults/main.yml
View file

@ -1,5 +1,5 @@
my_context: kubernetes my_context: kubernetes
traefik_version: "2.4.1" traefik_version: "2.5.6"
traefik_domain: "local" traefik_domain: "local"
traefik_namespace: "traefik" traefik_namespace: "traefik"
#ingress_whitelist: #ingress_whitelist:
@ -10,10 +10,12 @@ traefik_namespace: "traefik"
# - localhost # - localhost
traefik_cpu_limit: 500m traefik_cpu_limit: 500m
traefik_memory_limit: 300Mi traefik_memory_limit: 300Mi
traefik_entrypoints: traefik_entrypoints: []
- { name: "http", port: 8000, proto: "TCP", hostport: 80 } # - { name: "http", port: 8000, proto: "TCP", hostport: 80 }
- { name: "https", port: 4443, proto: "TCP", hostport: 443, tls: true } # - { name: "https", port: 4443, proto: "TCP", hostport: 443, tls: true }
- { name: "traefik", port: 8080, proto: "TCP" } # - { name: "traefik", port: 8080, proto: "TCP" }
#traefik_external_ips: []
# - 1.2.3.4
basic_auth: false basic_auth: false
#traefik_dashboard_certificate: wildcard-cluster #traefik_dashboard_certificate: wildcard-cluster

29
tasks/main.yml
View file

@ -9,7 +9,7 @@
api_version: v1 api_version: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: traefik name: '{{ traefik_namespace }}'
labels: labels:
namespace: '{{ traefik_namespace }}' namespace: '{{ traefik_namespace }}'
@ -17,12 +17,12 @@
k8s: k8s:
state: present state: present
context: "{{ my_context }}" context: "{{ my_context }}"
namespace: '{{ traefik_namespace }}'
definition: definition:
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: basic-auth name: basic-auth
namespace: '{{ traefik_namespace }}'
type: Opaque type: Opaque
data: data:
basic_auth: "{{ basic_auth_data | b64encode }}" basic_auth: "{{ basic_auth_data | b64encode }}"
@ -74,12 +74,12 @@
# - traefik_actual_version.stdout is version(traefik_version, '>') # - traefik_actual_version.stdout is version(traefik_version, '>')
- name: Defined traefik repository - name: Defined traefik repository
community.kubernetes.helm_repository: kubernetes.core.helm_repository:
name: traefik name: traefik
repo_url: "https://helm.traefik.io/traefik" repo_url: "https://helm.traefik.io/traefik"
tags: traefik tags: traefik
- name: Deploy latest version of Traefik - name: Deploy latest version of Traefik
community.kubernetes.helm: kubernetes.core.helm:
context: "{{ my_context }}" context: "{{ my_context }}"
name: traefik name: traefik
chart_ref: traefik/traefik chart_ref: traefik/traefik
@ -99,12 +99,15 @@
ingressClass: ingressClass:
enabled: true enabled: true
isDefaultClass: true isDefaultClass: true
ports: # ports:
web: # web:
redirectTo: websecure # redirectTo: websecure
hostPort: 80 # hostPort: 80
websecure: # websecure:
hostPort: 443 # hostPort: 443
# tls:
# enabled: true
# options: default
volumes: volumes:
- mountPath: /etc/traefik - mountPath: /etc/traefik
name: traefik-conf name: traefik-conf
@ -115,6 +118,11 @@
- mountPath: /etc/traefik/basic-auth - mountPath: /etc/traefik/basic-auth
name: basic-auth name: basic-auth
type: secret type: secret
deployment:
replicas: 1
podAnnotations:
prometheus.io/port: '9000'
prometheus.io/scrape: 'true'
- name: Install traefik configuration - name: Install traefik configuration
k8s: k8s:
@ -126,6 +134,7 @@
resource_definition: "{{ lookup('template', item) | from_yaml }}" resource_definition: "{{ lookup('template', item) | from_yaml }}"
with_items: with_items:
# - "{{ lookup('vars', 'traefik_' + traefik_version | regex_replace('[.]','_') + '_list') }}" # - "{{ lookup('vars', 'traefik_' + traefik_version | regex_replace('[.]','_') + '_list') }}"
- traefik-certificate.yml.j2
- traefik-cm.yml.j2 - traefik-cm.yml.j2
- traefik-files.yml.j2 - traefik-files.yml.j2
# - traefik-sa.yml.j2 # - traefik-sa.yml.j2

12
templates/traefik-certificate.yml.j2 Normal file
View file

@ -0,0 +1,12 @@
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: traefik.{{ traefik_domain }}
spec:
dnsNames:
- traefik.{{ traefik_domain }}
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
secretName: traefik.{{ traefik_domain }}

8
templates/traefik-svc.yml.j2
View file

@ -9,15 +9,19 @@ metadata:
spec: spec:
ports: ports:
- name: web - name: web
hostPort: 80
port: 80 port: 80
protocol: TCP protocol: TCP
targetPort: web targetPort: web
- name: websecure - name: websecure
hostPort: 443
port: 443 port: 443
protocol: TCP protocol: TCP
targetPort: websecure targetPort: websecure
{% if traefik_external_ips is defined %}
externalIPs:
{% for traefik_external_ip in traefik_external_ips %}
- {{ traefik_external_ip }}
{% endfor %}
{% endif %}
selector: selector:
app.kubernetes.io/instance: traefik app.kubernetes.io/instance: traefik
app.kubernetes.io/name: traefik app.kubernetes.io/name: traefik