Use helm and local provider

2020-12-19 13:20:57 +01:00 · 2020-12-19 13:20:57 +01:00 · 0e6f763db5
commit 0e6f763db5
parent d44bea3d66
7 changed files with 177 additions and 90 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -45,35 +45,72 @@
    when:
      - traefik_node_selector is defined

-  - name: Get Deployment information object
-    k8s_info:
-      context: "{{ my_context }}"
-      api_version: v1
-      kind: DaemonSet
+#  - name: Get Deployment information object
+#    k8s_info:
+#      context: "{{ my_context }}"
+#      api_version: v1
+#      kind: DaemonSet
+#      name: traefik
+#      namespace: '{{ traefik_namespace }}'
+#      field_selectors:
+#        - spec.template.spec.containers.image
+#    register: traefik_actual_resources
+#
+#  - name: Retreive actual traefik version
+#    shell: echo "{{ traefik_actual_resources.resources }}" | sed "s/.*traefik:\([0-9]\.[0-9]*\).*/\1/" | uniq
+#    register: traefik_actual_version
+#
+#  - name: Remove old traefik version {{ traefik_actual_version.stdout }}
+#    k8s:
+#      state: "absent"
+#      context: "{{ my_context }}"
+#      resource_definition: "{{ lookup('template', item) | from_yaml }}"
+#    with_items:
+#      - "{{ lookup('vars', 'traefik_' + traefik_actual_version.stdout | regex_replace('[.]','_') + '_list') | reverse | list }}"
+##      - hostvars[inventory_hostname]['traefik_' + traefik_actual_version.stdout + '_list'] | reverse
+#    when:
+#      - not traefik_actual_version.stdout == "[]"
+#      - not traefik_version == traefik_actual_version.stdout
+#      - traefik_actual_version.stdout is version(traefik_version, '>')
+
+  - name: deploy traefik
+    community.kubernetes.helm_repository:
      name: traefik
-      namespace: '{{ traefik_namespace }}'
-      field_selectors:
-        - spec.template.spec.containers.image
-    register: traefik_actual_resources
+      repo_url: "https://helm.traefik.io/traefik"
+    tags: traefik
+  - name: Deploy latest version of Traefik
+    community.kubernetes.helm:
+      name: traefik
+      chart_ref: traefik/traefik
+      release_namespace: traefik
+      values:
+        additionalArguments:
+          - --configFile=/etc/traefik/traefik.yaml
+        podSecurityPolicy:
+          enabled: true
+        service:
+          enabled: false
+        ingressRoute:
+          dashboard:
+            enabled: false
+        ports:
+          web:
+            redirectTo: websecure
+            hostPort: 80
+          websecure:
+            hostPort: 443
+        volumes:
+          - mountPath: /etc/traefik
+            name: traefik-conf
+            type: configMap
+          - mountPath: /etc/traefik/file
+            name: traefik-file-provider
+            type: configMap
+          - mountPath: /etc/traefik/basic-auth
+            name: basic-auth
+            type: secret

-  - name: Retreive actual traefik version
-    shell: echo "{{ traefik_actual_resources.resources }}" | sed "s/.*traefik:\([0-9]\.[0-9]*\).*/\1/" | uniq
-    register: traefik_actual_version
-
-  - name: Remove old traefik version {{ traefik_actual_version.stdout }}
-    k8s:
-      state: "absent"
-      context: "{{ my_context }}"
-      resource_definition: "{{ lookup('template', item) | from_yaml }}"
-    with_items:
-      - "{{ lookup('vars', 'traefik_' + traefik_actual_version.stdout | regex_replace('[.]','_') + '_list') | reverse | list }}"
-#      - hostvars[inventory_hostname]['traefik_' + traefik_actual_version.stdout + '_list'] | reverse
-    when:
-      - not traefik_actual_version.stdout == "[]"
-      - not traefik_version == traefik_actual_version.stdout
-      - traefik_actual_version.stdout is version(traefik_version, '>')
-
-  - name: Install traefik version {{ traefik_version }}
+  - name: Install traefik configuration
    k8s:
      state: "present"
      context: "{{ my_context }}"
@ -81,40 +118,18 @@
      merge_type: merge
      resource_definition: "{{ lookup('template', item) | from_yaml }}"
    with_items:
-      - "{{ lookup('vars', 'traefik_' + traefik_version | regex_replace('[.]','_') + '_list') }}"
-      - traefik-psp.yml.j2
+#      - "{{ lookup('vars', 'traefik_' + traefik_version | regex_replace('[.]','_') + '_list') }}"
+#      - traefik-psp.yml.j2
      - traefik-cm.yml.j2
-      - traefik-sa.yml.j2
-      - traefik-dp.yml.j2
-#      - traefik-svc.yml.j2
-#      - traefik-dashboard-svc.yml.j2
-      - traefik-middleware-httpsredirect.yml.j2
-      - traefik-middleware-basicauth.yml.j2
-      - traefik-middleware-headers.yml.j2
-      - traefik-tls-options.yml.j2
+      - traefik-file-provider.yml.j2
+#      - traefik-sa.yml.j2
+#      - traefik-dp.yml.j2
+#      - traefik-middleware-httpsredirect.yml.j2
+#      - traefik-middleware-basicauth.yml.j2
+#      - traefik-middleware-headers.yml.j2
+#      - traefik-tls-options.yml.j2
      - traefik-ingressroute.yml.j2
-      - traefik-dashboard-insecure.yml.j2
-#      - traefik-ping.yml.j2
-
-
-  - name: Define state of ipwhitelist middleware to present
-    set_fact:
-      traefik_ipwhitelist_state: present
-    when:
-      - traefik_version | regex_search('(^2.)')
-      - ingress_whitelist is defined
-  - name: Define state of ipwhitelist middleware to absent
-    set_fact:
-      traefik_ipwhitelist_state: absent
-    when:
-      - not ingress_whitelist is defined or traefik_ipwhitelist_state is not defined
-  - name: IP white list need to be {{ traefik_ipwhitelist_state }}
-    k8s:
-      state: "{{ traefik_ipwhitelist_state }}"
-      context: "{{ my_context }}"
-      merge_type: merge
-      resource_definition: "{{ lookup('template', item) | from_yaml }}"
-    with_items:
-      - traefik-middleware-ipwhitelist.yml.j2
+#      - traefik-dashboard-insecure.yml.j2
+      - traefik-svc.yml.j2

  tags: traefik