From 88bdd203777c5d319dbb5d39fc0e5f49bc7ef21a Mon Sep 17 00:00:00 2001 From: Adrien Reslinger Date: Tue, 19 Jan 2021 00:00:47 +0100 Subject: [PATCH] Use helm to deploy traefik --- tasks/main.yml | 21 ++- templates/2.0/traefik-clusterrole.yml.j2 | 62 ------- .../2.0/traefik-clusterrolebinding.yml.j2 | 13 -- templates/2.0/traefik-crd-ingressroute.yml.j2 | 16 -- .../2.0/traefik-crd-ingressroutetcp.yml.j2 | 16 -- templates/2.0/traefik-crd-middleware.yml.j2 | 16 -- templates/2.0/traefik-crd-tlsoption.yml.j2 | 13 -- templates/2.1/Ressources-exemple.yml | 157 ------------------ templates/2.1/traefik-clusterrole.yml.j2 | 42 ----- .../2.1/traefik-clusterrolebinding.yml.j2 | 13 -- templates/2.1/traefik-crd-ingressroute.yml.j2 | 16 -- .../2.1/traefik-crd-ingressroutetcp.yml.j2 | 16 -- templates/2.1/traefik-crd-middleware.yml.j2 | 16 -- templates/2.1/traefik-crd-tlsoption.yml.j2 | 16 -- .../2.1/traefik-crd-traefikservice.yml.j2 | 16 -- templates/2.2/Ressources-exemple.yml | 157 ------------------ templates/2.2/traefik-clusterrole.yml.j2 | 48 ------ .../2.2/traefik-clusterrolebinding.yml.j2 | 13 -- .../2.2/traefik-crd-ingressroutes.yml.j2 | 16 -- .../2.2/traefik-crd-ingressroutetcps.yml.j2 | 16 -- .../2.2/traefik-crd-ingressrouteudps.yml.j2 | 16 -- templates/2.2/traefik-crd-middlewares.yml.j2 | 16 -- templates/2.2/traefik-crd-tlsoptions.yml.j2 | 16 -- templates/2.2/traefik-crd-tlsstores.yml.j2 | 16 -- .../2.2/traefik-crd-traefikservices.yml.j2 | 16 -- templates/2.3/Ressources-exemple.yml | 157 ------------------ templates/2.3/traefik-clusterrole.yml.j2 | 50 ------ .../2.3/traefik-clusterrolebinding.yml.j2 | 13 -- .../2.3/traefik-crd-ingressroutes.yml.j2 | 13 -- .../2.3/traefik-crd-ingressroutetcps.yml.j2 | 13 -- .../2.3/traefik-crd-ingressrouteudps.yml.j2 | 13 -- templates/2.3/traefik-crd-middlewares.yml.j2 | 13 -- templates/2.3/traefik-crd-tlsoptions.yml.j2 | 13 -- templates/2.3/traefik-crd-tlsstores.yml.j2 | 13 -- .../2.3/traefik-crd-traefikservices.yml.j2 | 13 -- templates/traefik-cm.yml.j2 | 11 +- templates/traefik-dashboard-insecure.yml.j2 | 40 ----- templates/traefik-dashboard-svc.yml.j2 | 24 --- templates/traefik-dp.yml.j2 | 93 ----------- ...e-provider.yml.j2 => traefik-files.yml.j2} | 3 +- templates/traefik-ingressroute.yml.j2 | 1 - templates/traefik-middleware-basicauth.yml.j2 | 8 - templates/traefik-middleware-headers.yml.j2 | 31 ---- .../traefik-middleware-httpsredirect.yml.j2 | 8 - .../traefik-middleware-ipwhitelist.yml.j2 | 1 - templates/traefik-ping.yml.j2 | 41 ----- templates/traefik-psp.yml.j2 | 49 ------ templates/traefik-sa.yml.j2 | 1 - templates/traefik-svc.yml.j2 | 1 - templates/traefik-tls-options.yml.j2 | 16 -- vars/main.yml | 30 ---- 51 files changed, 16 insertions(+), 1432 deletions(-) delete mode 100644 templates/2.0/traefik-clusterrole.yml.j2 delete mode 100644 templates/2.0/traefik-clusterrolebinding.yml.j2 delete mode 100644 templates/2.0/traefik-crd-ingressroute.yml.j2 delete mode 100644 templates/2.0/traefik-crd-ingressroutetcp.yml.j2 delete mode 100644 templates/2.0/traefik-crd-middleware.yml.j2 delete mode 100644 templates/2.0/traefik-crd-tlsoption.yml.j2 delete mode 100644 templates/2.1/Ressources-exemple.yml delete mode 100644 templates/2.1/traefik-clusterrole.yml.j2 delete mode 100644 templates/2.1/traefik-clusterrolebinding.yml.j2 delete mode 100644 templates/2.1/traefik-crd-ingressroute.yml.j2 delete mode 100644 templates/2.1/traefik-crd-ingressroutetcp.yml.j2 delete mode 100644 templates/2.1/traefik-crd-middleware.yml.j2 delete mode 100644 templates/2.1/traefik-crd-tlsoption.yml.j2 delete mode 100644 templates/2.1/traefik-crd-traefikservice.yml.j2 delete mode 100644 templates/2.2/Ressources-exemple.yml delete mode 100644 templates/2.2/traefik-clusterrole.yml.j2 delete mode 100644 templates/2.2/traefik-clusterrolebinding.yml.j2 delete mode 100644 templates/2.2/traefik-crd-ingressroutes.yml.j2 delete mode 100644 templates/2.2/traefik-crd-ingressroutetcps.yml.j2 delete mode 100644 templates/2.2/traefik-crd-ingressrouteudps.yml.j2 delete mode 100644 templates/2.2/traefik-crd-middlewares.yml.j2 delete mode 100644 templates/2.2/traefik-crd-tlsoptions.yml.j2 delete mode 100644 templates/2.2/traefik-crd-tlsstores.yml.j2 delete mode 100644 templates/2.2/traefik-crd-traefikservices.yml.j2 delete mode 100644 templates/2.3/Ressources-exemple.yml delete mode 100644 templates/2.3/traefik-clusterrole.yml.j2 delete mode 100644 templates/2.3/traefik-clusterrolebinding.yml.j2 delete mode 100644 templates/2.3/traefik-crd-ingressroutes.yml.j2 delete mode 100644 templates/2.3/traefik-crd-ingressroutetcps.yml.j2 delete mode 100644 templates/2.3/traefik-crd-ingressrouteudps.yml.j2 delete mode 100644 templates/2.3/traefik-crd-middlewares.yml.j2 delete mode 100644 templates/2.3/traefik-crd-tlsoptions.yml.j2 delete mode 100644 templates/2.3/traefik-crd-tlsstores.yml.j2 delete mode 100644 templates/2.3/traefik-crd-traefikservices.yml.j2 delete mode 100644 templates/traefik-dashboard-insecure.yml.j2 delete mode 100644 templates/traefik-dashboard-svc.yml.j2 delete mode 100644 templates/traefik-dp.yml.j2 rename templates/{traefik-file-provider.yml.j2 => traefik-files.yml.j2} (97%) delete mode 100644 templates/traefik-middleware-basicauth.yml.j2 delete mode 100644 templates/traefik-middleware-headers.yml.j2 delete mode 100644 templates/traefik-middleware-httpsredirect.yml.j2 delete mode 100644 templates/traefik-ping.yml.j2 delete mode 100644 templates/traefik-psp.yml.j2 delete mode 100644 templates/traefik-tls-options.yml.j2 diff --git a/tasks/main.yml b/tasks/main.yml index a4c6b05..9844fba 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -73,7 +73,7 @@ # - not traefik_version == traefik_actual_version.stdout # - traefik_actual_version.stdout is version(traefik_version, '>') - - name: deploy traefik + - name: Defined traefik repository community.kubernetes.helm_repository: name: traefik repo_url: "https://helm.traefik.io/traefik" @@ -84,6 +84,8 @@ chart_ref: traefik/traefik release_namespace: traefik values: + image: + tag: "{{ traefik_version_2_3 }}" additionalArguments: - --configFile=/etc/traefik/traefik.yaml podSecurityPolicy: @@ -93,6 +95,9 @@ ingressRoute: dashboard: enabled: false + ingressClass: + enabled: true + isDefaultClass: true ports: web: redirectTo: websecure @@ -104,7 +109,7 @@ name: traefik-conf type: configMap - mountPath: /etc/traefik/file - name: traefik-file-provider + name: traefik-files type: configMap - mountPath: /etc/traefik/basic-auth name: basic-auth @@ -115,21 +120,15 @@ state: "present" context: "{{ my_context }}" namespace: '{{ traefik_namespace }}' - merge_type: merge +# merge_type: merge + apply: yes resource_definition: "{{ lookup('template', item) | from_yaml }}" with_items: # - "{{ lookup('vars', 'traefik_' + traefik_version | regex_replace('[.]','_') + '_list') }}" -# - traefik-psp.yml.j2 - traefik-cm.yml.j2 - - traefik-file-provider.yml.j2 + - traefik-files.yml.j2 # - traefik-sa.yml.j2 -# - traefik-dp.yml.j2 -# - traefik-middleware-httpsredirect.yml.j2 -# - traefik-middleware-basicauth.yml.j2 -# - traefik-middleware-headers.yml.j2 -# - traefik-tls-options.yml.j2 - traefik-ingressroute.yml.j2 -# - traefik-dashboard-insecure.yml.j2 - traefik-svc.yml.j2 tags: traefik diff --git a/templates/2.0/traefik-clusterrole.yml.j2 b/templates/2.0/traefik-clusterrole.yml.j2 deleted file mode 100644 index 537813c..0000000 --- a/templates/2.0/traefik-clusterrole.yml.j2 +++ /dev/null @@ -1,62 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: traefik-ingress-controller - -rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - traefik.containo.us - resources: - - middlewares - verbs: - - get - - list - - watch - - apiGroups: - - traefik.containo.us - resources: - - ingressroutes - verbs: - - get - - list - - watch - - apiGroups: - - traefik.containo.us - resources: - - ingressroutetcps - verbs: - - get - - list - - watch - - apiGroups: - - traefik.containo.us - resources: - - tlsoptions - verbs: - - get - - list - - watch diff --git a/templates/2.0/traefik-clusterrolebinding.yml.j2 b/templates/2.0/traefik-clusterrolebinding.yml.j2 deleted file mode 100644 index 9f58700..0000000 --- a/templates/2.0/traefik-clusterrolebinding.yml.j2 +++ /dev/null @@ -1,13 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: traefik-ingress-controller - -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: traefik-ingress-controller -subjects: - - kind: ServiceAccount - name: traefik-ingress-controller - namespace: traefik diff --git a/templates/2.0/traefik-crd-ingressroute.yml.j2 b/templates/2.0/traefik-crd-ingressroute.yml.j2 deleted file mode 100644 index 41f70f9..0000000 --- a/templates/2.0/traefik-crd-ingressroute.yml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ingressroutes.traefik.containo.us - namespace: traefik - labels: - app: traefik - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: IngressRoute - plural: ingressroutes - singular: ingressroute - scope: Namespaced diff --git a/templates/2.0/traefik-crd-ingressroutetcp.yml.j2 b/templates/2.0/traefik-crd-ingressroutetcp.yml.j2 deleted file mode 100644 index 107c4e5..0000000 --- a/templates/2.0/traefik-crd-ingressroutetcp.yml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ingressroutetcps.traefik.containo.us - namespace: traefik - labels: - app: traefik - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: IngressRouteTCP - plural: ingressroutetcps - singular: ingressroutetcp - scope: Namespaced diff --git a/templates/2.0/traefik-crd-middleware.yml.j2 b/templates/2.0/traefik-crd-middleware.yml.j2 deleted file mode 100644 index b517ac8..0000000 --- a/templates/2.0/traefik-crd-middleware.yml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: middlewares.traefik.containo.us - namespace: traefik - labels: - app: traefik - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: Middleware - plural: middlewares - singular: middleware - scope: Namespaced diff --git a/templates/2.0/traefik-crd-tlsoption.yml.j2 b/templates/2.0/traefik-crd-tlsoption.yml.j2 deleted file mode 100644 index 1495e0d..0000000 --- a/templates/2.0/traefik-crd-tlsoption.yml.j2 +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: tlsoptions.traefik.containo.us - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: TLSOption - plural: tlsoptions - singular: tlsoption - scope: Namespaced diff --git a/templates/2.1/Ressources-exemple.yml b/templates/2.1/Ressources-exemple.yml deleted file mode 100644 index bf512dd..0000000 --- a/templates/2.1/Ressources-exemple.yml +++ /dev/null @@ -1,157 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: TraefikService -metadata: - name: wrr2 - namespace: {{ traefik_namespace }} - -spec: - weighted: - services: - - name: s1 - weight: 1 - port: 80 - # Optional, as it is the default value - kind: Service - - name: s3 - weight: 1 - port: 80 - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: TraefikService -metadata: - name: wrr1 - namespace: {{ traefik_namespace }} - -spec: - weighted: - services: - - name: wrr2 - kind: TraefikService - weight: 1 - - name: s3 - weight: 1 - port: 80 - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: TraefikService -metadata: - name: mirror1 - namespace: {{ traefik_namespace }} - -spec: - mirroring: - name: s1 - port: 80 - mirrors: - - name: s3 - percent: 20 - port: 80 - - name: mirror2 - kind: TraefikService - percent: 20 - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: TraefikService -metadata: - name: mirror2 - namespace: {{ traefik_namespace }} - -spec: - mirroring: - name: wrr2 - kind: TraefikService - mirrors: - - name: s2 - # Optional, as it is the default value - kind: Service - percent: 20 - port: 80 - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: ingressroute -spec: - entryPoints: - - web - - websecure - routes: - - match: Host(`foo.com`) && PathPrefix(`/bar`) - kind: Rule - priority: 12 - # defining several services is possible and allowed, but for now the servers of - # all the services (for a given route) get merged altogether under the same - # load-balancing strategy. - services: - - name: s1 - port: 80 - healthCheck: - path: /health - host: baz.com - intervalSeconds: 7 - timeoutSeconds: 60 - # strategy defines the load balancing strategy between the servers. It defaults - # to Round Robin, and for now only Round Robin is supported anyway. - strategy: RoundRobin - - name: s2 - port: 433 - healthCheck: - path: /health - host: baz.com - intervalSeconds: 7 - timeoutSeconds: 60 - - match: PathPrefix(`/misc`) - services: - - name: s3 - port: 80 - middlewares: - - name: stripprefix - - name: addprefix - - match: PathPrefix(`/misc`) - services: - - name: s3 - # Optional, as it is the default value - kind: Service - port: 8443 - # scheme allow to override the scheme for the service. (ex: https or h2c) - scheme: https - - match: PathPrefix(`/lb`) - services: - - name: wrr1 - kind: TraefikService - - match: PathPrefix(`/mirrored`) - services: - - name: mirror1 - kind: TraefikService - # use an empty tls object for TLS with Let's Encrypt - tls: - secretName: supersecret - options: - name: myTLSOption - namespace: default - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRouteTCP -metadata: - name: ingressroutetcp.crd - namespace: default - -spec: - entryPoints: - - footcp - routes: - - match: HostSNI(`bar.com`) - services: - - name: whoamitcp - port: 8080 - tls: - secretName: foosecret - passthrough: false - options: - name: myTLSOption - namespace: default \ No newline at end of file diff --git a/templates/2.1/traefik-clusterrole.yml.j2 b/templates/2.1/traefik-clusterrole.yml.j2 deleted file mode 100644 index fe4f9c9..0000000 --- a/templates/2.1/traefik-clusterrole.yml.j2 +++ /dev/null @@ -1,42 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: traefik-ingress-controller - -rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - traefik.containo.us - resources: - - middlewares - - ingressroutes - - traefikservices - - ingressroutetcps - - tlsoptions - verbs: - - get - - list - - watch diff --git a/templates/2.1/traefik-clusterrolebinding.yml.j2 b/templates/2.1/traefik-clusterrolebinding.yml.j2 deleted file mode 100644 index 2a4398a..0000000 --- a/templates/2.1/traefik-clusterrolebinding.yml.j2 +++ /dev/null @@ -1,13 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: traefik-ingress-controller - -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: traefik-ingress-controller -subjects: - - kind: ServiceAccount - name: traefik-ingress-controller - namespace: {{ traefik_namespace }} diff --git a/templates/2.1/traefik-crd-ingressroute.yml.j2 b/templates/2.1/traefik-crd-ingressroute.yml.j2 deleted file mode 100644 index f31a6bd..0000000 --- a/templates/2.1/traefik-crd-ingressroute.yml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ingressroutes.traefik.containo.us - namespace: {{ traefik_namespace }} - labels: - app: traefik - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: IngressRoute - plural: ingressroutes - singular: ingressroute - scope: Namespaced diff --git a/templates/2.1/traefik-crd-ingressroutetcp.yml.j2 b/templates/2.1/traefik-crd-ingressroutetcp.yml.j2 deleted file mode 100644 index a766ed8..0000000 --- a/templates/2.1/traefik-crd-ingressroutetcp.yml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ingressroutetcps.traefik.containo.us - namespace: {{ traefik_namespace }} - labels: - app: traefik - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: IngressRouteTCP - plural: ingressroutetcps - singular: ingressroutetcp - scope: Namespaced diff --git a/templates/2.1/traefik-crd-middleware.yml.j2 b/templates/2.1/traefik-crd-middleware.yml.j2 deleted file mode 100644 index 1c0168e..0000000 --- a/templates/2.1/traefik-crd-middleware.yml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: middlewares.traefik.containo.us - namespace: {{ traefik_namespace }} - labels: - app: traefik - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: Middleware - plural: middlewares - singular: middleware - scope: Namespaced diff --git a/templates/2.1/traefik-crd-tlsoption.yml.j2 b/templates/2.1/traefik-crd-tlsoption.yml.j2 deleted file mode 100644 index a1200f0..0000000 --- a/templates/2.1/traefik-crd-tlsoption.yml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: tlsoptions.traefik.containo.us - namespace: {{ traefik_namespace }} - labels: - app: traefik - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: TLSOption - plural: tlsoptions - singular: tlsoption - scope: Namespaced diff --git a/templates/2.1/traefik-crd-traefikservice.yml.j2 b/templates/2.1/traefik-crd-traefikservice.yml.j2 deleted file mode 100644 index 46ce7ca..0000000 --- a/templates/2.1/traefik-crd-traefikservice.yml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: traefikservices.traefik.containo.us - namespace: {{ traefik_namespace }} - labels: - app: traefik - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: TraefikService - plural: traefikservices - singular: traefikservice - scope: Namespaced diff --git a/templates/2.2/Ressources-exemple.yml b/templates/2.2/Ressources-exemple.yml deleted file mode 100644 index bf512dd..0000000 --- a/templates/2.2/Ressources-exemple.yml +++ /dev/null @@ -1,157 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: TraefikService -metadata: - name: wrr2 - namespace: {{ traefik_namespace }} - -spec: - weighted: - services: - - name: s1 - weight: 1 - port: 80 - # Optional, as it is the default value - kind: Service - - name: s3 - weight: 1 - port: 80 - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: TraefikService -metadata: - name: wrr1 - namespace: {{ traefik_namespace }} - -spec: - weighted: - services: - - name: wrr2 - kind: TraefikService - weight: 1 - - name: s3 - weight: 1 - port: 80 - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: TraefikService -metadata: - name: mirror1 - namespace: {{ traefik_namespace }} - -spec: - mirroring: - name: s1 - port: 80 - mirrors: - - name: s3 - percent: 20 - port: 80 - - name: mirror2 - kind: TraefikService - percent: 20 - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: TraefikService -metadata: - name: mirror2 - namespace: {{ traefik_namespace }} - -spec: - mirroring: - name: wrr2 - kind: TraefikService - mirrors: - - name: s2 - # Optional, as it is the default value - kind: Service - percent: 20 - port: 80 - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: ingressroute -spec: - entryPoints: - - web - - websecure - routes: - - match: Host(`foo.com`) && PathPrefix(`/bar`) - kind: Rule - priority: 12 - # defining several services is possible and allowed, but for now the servers of - # all the services (for a given route) get merged altogether under the same - # load-balancing strategy. - services: - - name: s1 - port: 80 - healthCheck: - path: /health - host: baz.com - intervalSeconds: 7 - timeoutSeconds: 60 - # strategy defines the load balancing strategy between the servers. It defaults - # to Round Robin, and for now only Round Robin is supported anyway. - strategy: RoundRobin - - name: s2 - port: 433 - healthCheck: - path: /health - host: baz.com - intervalSeconds: 7 - timeoutSeconds: 60 - - match: PathPrefix(`/misc`) - services: - - name: s3 - port: 80 - middlewares: - - name: stripprefix - - name: addprefix - - match: PathPrefix(`/misc`) - services: - - name: s3 - # Optional, as it is the default value - kind: Service - port: 8443 - # scheme allow to override the scheme for the service. (ex: https or h2c) - scheme: https - - match: PathPrefix(`/lb`) - services: - - name: wrr1 - kind: TraefikService - - match: PathPrefix(`/mirrored`) - services: - - name: mirror1 - kind: TraefikService - # use an empty tls object for TLS with Let's Encrypt - tls: - secretName: supersecret - options: - name: myTLSOption - namespace: default - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRouteTCP -metadata: - name: ingressroutetcp.crd - namespace: default - -spec: - entryPoints: - - footcp - routes: - - match: HostSNI(`bar.com`) - services: - - name: whoamitcp - port: 8080 - tls: - secretName: foosecret - passthrough: false - options: - name: myTLSOption - namespace: default \ No newline at end of file diff --git a/templates/2.2/traefik-clusterrole.yml.j2 b/templates/2.2/traefik-clusterrole.yml.j2 deleted file mode 100644 index bef2410..0000000 --- a/templates/2.2/traefik-clusterrole.yml.j2 +++ /dev/null @@ -1,48 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: traefik-ingress-controller - -rules: - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: ['traefik-ingress-controller'] - - apiGroups: - - "" - resources: - - services - - endpoints - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - traefik.containo.us - resources: - - middlewares - - ingressroutes - - traefikservices - - ingressroutetcps - - ingressrouteudps - - tlsoptions - - tlsstores - verbs: - - get - - list - - watch \ No newline at end of file diff --git a/templates/2.2/traefik-clusterrolebinding.yml.j2 b/templates/2.2/traefik-clusterrolebinding.yml.j2 deleted file mode 100644 index 2a4398a..0000000 --- a/templates/2.2/traefik-clusterrolebinding.yml.j2 +++ /dev/null @@ -1,13 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: traefik-ingress-controller - -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: traefik-ingress-controller -subjects: - - kind: ServiceAccount - name: traefik-ingress-controller - namespace: {{ traefik_namespace }} diff --git a/templates/2.2/traefik-crd-ingressroutes.yml.j2 b/templates/2.2/traefik-crd-ingressroutes.yml.j2 deleted file mode 100644 index f31a6bd..0000000 --- a/templates/2.2/traefik-crd-ingressroutes.yml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ingressroutes.traefik.containo.us - namespace: {{ traefik_namespace }} - labels: - app: traefik - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: IngressRoute - plural: ingressroutes - singular: ingressroute - scope: Namespaced diff --git a/templates/2.2/traefik-crd-ingressroutetcps.yml.j2 b/templates/2.2/traefik-crd-ingressroutetcps.yml.j2 deleted file mode 100644 index a766ed8..0000000 --- a/templates/2.2/traefik-crd-ingressroutetcps.yml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ingressroutetcps.traefik.containo.us - namespace: {{ traefik_namespace }} - labels: - app: traefik - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: IngressRouteTCP - plural: ingressroutetcps - singular: ingressroutetcp - scope: Namespaced diff --git a/templates/2.2/traefik-crd-ingressrouteudps.yml.j2 b/templates/2.2/traefik-crd-ingressrouteudps.yml.j2 deleted file mode 100644 index 535726c..0000000 --- a/templates/2.2/traefik-crd-ingressrouteudps.yml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ingressrouteudps.traefik.containo.us - namespace: {{ traefik_namespace }} - labels: - app: traefik - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: IngressRouteUDP - plural: ingressrouteudps - singular: ingressrouteudp - scope: Namespaced diff --git a/templates/2.2/traefik-crd-middlewares.yml.j2 b/templates/2.2/traefik-crd-middlewares.yml.j2 deleted file mode 100644 index 1c0168e..0000000 --- a/templates/2.2/traefik-crd-middlewares.yml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: middlewares.traefik.containo.us - namespace: {{ traefik_namespace }} - labels: - app: traefik - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: Middleware - plural: middlewares - singular: middleware - scope: Namespaced diff --git a/templates/2.2/traefik-crd-tlsoptions.yml.j2 b/templates/2.2/traefik-crd-tlsoptions.yml.j2 deleted file mode 100644 index a1200f0..0000000 --- a/templates/2.2/traefik-crd-tlsoptions.yml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: tlsoptions.traefik.containo.us - namespace: {{ traefik_namespace }} - labels: - app: traefik - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: TLSOption - plural: tlsoptions - singular: tlsoption - scope: Namespaced diff --git a/templates/2.2/traefik-crd-tlsstores.yml.j2 b/templates/2.2/traefik-crd-tlsstores.yml.j2 deleted file mode 100644 index eae918f..0000000 --- a/templates/2.2/traefik-crd-tlsstores.yml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: tlsstores.traefik.containo.us - namespace: {{ traefik_namespace }} - labels: - app: traefik - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: TLSStore - plural: tlsstores - singular: tlsstore - scope: Namespaced diff --git a/templates/2.2/traefik-crd-traefikservices.yml.j2 b/templates/2.2/traefik-crd-traefikservices.yml.j2 deleted file mode 100644 index 46ce7ca..0000000 --- a/templates/2.2/traefik-crd-traefikservices.yml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: traefikservices.traefik.containo.us - namespace: {{ traefik_namespace }} - labels: - app: traefik - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: TraefikService - plural: traefikservices - singular: traefikservice - scope: Namespaced diff --git a/templates/2.3/Ressources-exemple.yml b/templates/2.3/Ressources-exemple.yml deleted file mode 100644 index bf512dd..0000000 --- a/templates/2.3/Ressources-exemple.yml +++ /dev/null @@ -1,157 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: TraefikService -metadata: - name: wrr2 - namespace: {{ traefik_namespace }} - -spec: - weighted: - services: - - name: s1 - weight: 1 - port: 80 - # Optional, as it is the default value - kind: Service - - name: s3 - weight: 1 - port: 80 - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: TraefikService -metadata: - name: wrr1 - namespace: {{ traefik_namespace }} - -spec: - weighted: - services: - - name: wrr2 - kind: TraefikService - weight: 1 - - name: s3 - weight: 1 - port: 80 - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: TraefikService -metadata: - name: mirror1 - namespace: {{ traefik_namespace }} - -spec: - mirroring: - name: s1 - port: 80 - mirrors: - - name: s3 - percent: 20 - port: 80 - - name: mirror2 - kind: TraefikService - percent: 20 - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: TraefikService -metadata: - name: mirror2 - namespace: {{ traefik_namespace }} - -spec: - mirroring: - name: wrr2 - kind: TraefikService - mirrors: - - name: s2 - # Optional, as it is the default value - kind: Service - percent: 20 - port: 80 - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: ingressroute -spec: - entryPoints: - - web - - websecure - routes: - - match: Host(`foo.com`) && PathPrefix(`/bar`) - kind: Rule - priority: 12 - # defining several services is possible and allowed, but for now the servers of - # all the services (for a given route) get merged altogether under the same - # load-balancing strategy. - services: - - name: s1 - port: 80 - healthCheck: - path: /health - host: baz.com - intervalSeconds: 7 - timeoutSeconds: 60 - # strategy defines the load balancing strategy between the servers. It defaults - # to Round Robin, and for now only Round Robin is supported anyway. - strategy: RoundRobin - - name: s2 - port: 433 - healthCheck: - path: /health - host: baz.com - intervalSeconds: 7 - timeoutSeconds: 60 - - match: PathPrefix(`/misc`) - services: - - name: s3 - port: 80 - middlewares: - - name: stripprefix - - name: addprefix - - match: PathPrefix(`/misc`) - services: - - name: s3 - # Optional, as it is the default value - kind: Service - port: 8443 - # scheme allow to override the scheme for the service. (ex: https or h2c) - scheme: https - - match: PathPrefix(`/lb`) - services: - - name: wrr1 - kind: TraefikService - - match: PathPrefix(`/mirrored`) - services: - - name: mirror1 - kind: TraefikService - # use an empty tls object for TLS with Let's Encrypt - tls: - secretName: supersecret - options: - name: myTLSOption - namespace: default - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRouteTCP -metadata: - name: ingressroutetcp.crd - namespace: default - -spec: - entryPoints: - - footcp - routes: - - match: HostSNI(`bar.com`) - services: - - name: whoamitcp - port: 8080 - tls: - secretName: foosecret - passthrough: false - options: - name: myTLSOption - namespace: default \ No newline at end of file diff --git a/templates/2.3/traefik-clusterrole.yml.j2 b/templates/2.3/traefik-clusterrole.yml.j2 deleted file mode 100644 index 46bbd16..0000000 --- a/templates/2.3/traefik-clusterrole.yml.j2 +++ /dev/null @@ -1,50 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: traefik-ingress-controller - -rules: - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: ['traefik-ingress-controller'] - - apiGroups: - - "" - resources: - - services - - endpoints - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - extensions - - networking.k8s.io - resources: - - ingresses - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - traefik.containo.us - resources: - - middlewares - - ingressroutes - - traefikservices - - ingressroutetcps - - ingressrouteudps - - tlsoptions - - tlsstores - verbs: - - get - - list - - watch \ No newline at end of file diff --git a/templates/2.3/traefik-clusterrolebinding.yml.j2 b/templates/2.3/traefik-clusterrolebinding.yml.j2 deleted file mode 100644 index 2a4398a..0000000 --- a/templates/2.3/traefik-clusterrolebinding.yml.j2 +++ /dev/null @@ -1,13 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: traefik-ingress-controller - -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: traefik-ingress-controller -subjects: - - kind: ServiceAccount - name: traefik-ingress-controller - namespace: {{ traefik_namespace }} diff --git a/templates/2.3/traefik-crd-ingressroutes.yml.j2 b/templates/2.3/traefik-crd-ingressroutes.yml.j2 deleted file mode 100644 index 0bcfd35..0000000 --- a/templates/2.3/traefik-crd-ingressroutes.yml.j2 +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ingressroutes.traefik.containo.us - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: IngressRoute - plural: ingressroutes - singular: ingressroute - scope: Namespaced diff --git a/templates/2.3/traefik-crd-ingressroutetcps.yml.j2 b/templates/2.3/traefik-crd-ingressroutetcps.yml.j2 deleted file mode 100644 index 36b202a..0000000 --- a/templates/2.3/traefik-crd-ingressroutetcps.yml.j2 +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ingressroutetcps.traefik.containo.us - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: IngressRouteTCP - plural: ingressroutetcps - singular: ingressroutetcp - scope: Namespaced diff --git a/templates/2.3/traefik-crd-ingressrouteudps.yml.j2 b/templates/2.3/traefik-crd-ingressrouteudps.yml.j2 deleted file mode 100644 index d7c2624..0000000 --- a/templates/2.3/traefik-crd-ingressrouteudps.yml.j2 +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ingressrouteudps.traefik.containo.us - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: IngressRouteUDP - plural: ingressrouteudps - singular: ingressrouteudp - scope: Namespaced diff --git a/templates/2.3/traefik-crd-middlewares.yml.j2 b/templates/2.3/traefik-crd-middlewares.yml.j2 deleted file mode 100644 index d1ae35f..0000000 --- a/templates/2.3/traefik-crd-middlewares.yml.j2 +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: middlewares.traefik.containo.us - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: Middleware - plural: middlewares - singular: middleware - scope: Namespaced diff --git a/templates/2.3/traefik-crd-tlsoptions.yml.j2 b/templates/2.3/traefik-crd-tlsoptions.yml.j2 deleted file mode 100644 index 1495e0d..0000000 --- a/templates/2.3/traefik-crd-tlsoptions.yml.j2 +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: tlsoptions.traefik.containo.us - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: TLSOption - plural: tlsoptions - singular: tlsoption - scope: Namespaced diff --git a/templates/2.3/traefik-crd-tlsstores.yml.j2 b/templates/2.3/traefik-crd-tlsstores.yml.j2 deleted file mode 100644 index f9a4005..0000000 --- a/templates/2.3/traefik-crd-tlsstores.yml.j2 +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: tlsstores.traefik.containo.us - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: TLSStore - plural: tlsstores - singular: tlsstore - scope: Namespaced diff --git a/templates/2.3/traefik-crd-traefikservices.yml.j2 b/templates/2.3/traefik-crd-traefikservices.yml.j2 deleted file mode 100644 index 3262c43..0000000 --- a/templates/2.3/traefik-crd-traefikservices.yml.j2 +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: traefikservices.traefik.containo.us - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: TraefikService - plural: traefikservices - singular: traefikservice - scope: Namespaced \ No newline at end of file diff --git a/templates/traefik-cm.yml.j2 b/templates/traefik-cm.yml.j2 index 876b6b4..a29ddaa 100644 --- a/templates/traefik-cm.yml.j2 +++ b/templates/traefik-cm.yml.j2 @@ -1,4 +1,9 @@ apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: traefik + name: traefik-conf data: traefik.yaml: | global: @@ -56,9 +61,3 @@ data: BackendName: keep BackendURL: keep FrontendName: keep -kind: ConfigMap -metadata: - labels: - app: traefik - name: traefik - namespace: {{ traefik_namespace }} diff --git a/templates/traefik-dashboard-insecure.yml.j2 b/templates/traefik-dashboard-insecure.yml.j2 deleted file mode 100644 index 4ed4b56..0000000 --- a/templates/traefik-dashboard-insecure.yml.j2 +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: traefik-dashboard-insecure - namespace: {{ traefik_namespace }} - labels: - app: traefik - -spec: - entryPoints: - - http - routes: - # Match is the rule corresponding to an underlying router. - # Later on, match could be the simple form of a path prefix, e.g. just "/bar", - # but for now we only support a traefik style matching rule. - - match: Host(`traefik.{{ traefik_domain }}`) - # kind could eventually be one of "Rule", "Path", "Host", "Method", "Header", - # "Parameter", etc, to support simpler forms of rule matching, but for now we - # only support "Rule". - kind: Rule - # (optional) Priority disambiguates rules of the same length, for route matching. - middlewares: -{% if ingress_whitelist is defined %} - - name: traefik-ipwhitelist -{% endif %} - - name: https-only - services: - - name: api@internal - kind: TraefikService -# - name: traefik-dashboard -# port: 8080 -# # (default 1) A weight used by the weighted round-robin strategy (WRR). -# weight: 1 -# # (default true) PassHostHeader controls whether to leave the request's Host -# # Header as it was before it reached the proxy, or whether to let the proxy set it -# # to the destination (backend) host. -# passHostHeader: true -# responseForwarding: -# # (default 100ms) Interval between flushes of the buffered response body to the client. -# flushInterval: 100ms diff --git a/templates/traefik-dashboard-svc.yml.j2 b/templates/traefik-dashboard-svc.yml.j2 deleted file mode 100644 index f6973c0..0000000 --- a/templates/traefik-dashboard-svc.yml.j2 +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: traefik - name: traefik-dashboard - namespace: {{ traefik_namespace }} - -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 -# - name: traefik -# port: 8080 -# protocol: TCP - - protocol: TCP - port: 443 - name: https - targetPort: 443 - type: ClusterIP - selector: - app: traefik diff --git a/templates/traefik-dp.yml.j2 b/templates/traefik-dp.yml.j2 deleted file mode 100644 index b7f3a54..0000000 --- a/templates/traefik-dp.yml.j2 +++ /dev/null @@ -1,93 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - namespace: {{ traefik_namespace }} - name: traefik - labels: - app: traefik - -spec: -# replicas: {% if traefik_node_selector is defined %}{{ traefik_node_selector|length }}{% else %}1{% endif %} - strategy: - type: Recreate - selector: - matchLabels: - app: traefik - template: - metadata: - labels: - app: traefik - spec: - serviceAccountName: traefik-ingress-controller -# securityContext: -# sysctls: -# - name: kernel.net.ipv4.ip_unprivileged_port_start -# value: "80" - containers: - - name: traefik - image: traefik:{{ lookup('vars', 'traefik_version_' + traefik_version | regex_replace('\.','_')) }} - args: - - --configfile=/config/traefik.yaml -# imagePullPolicy: IfNotPresent - ports: -{% for traefik_entrypoint in traefik_entrypoints %} - - name: {{ traefik_entrypoint.name }} - containerPort: {{ traefik_entrypoint.port }} - protocol: {{ traefik_entrypoint.proto }} -{% if traefik_entrypoint.hostport is defined %} - hostPort: {{ traefik_entrypoint.hostport }} -{% endif %} -{% endfor %} - readinessProbe: - httpGet: - path: /ping - port: traefik - failureThreshold: 1 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - livenessProbe: - httpGet: - path: /ping - port: traefik - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - securityContext: - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - runAsUser: 1000 - runAsGroup: 1000 - allowPrivilegeEscalation: true - resources: - limits: - cpu: {{ traefik_cpu_limit }} - memory: {{ traefik_memory_limit }} - requests: - cpu: 100m - memory: 20Mi - volumeMounts: - - mountPath: /config - name: config -{% if traefik_node_selector is defined %} - nodeSelector: - reslinger.net/entrypoint: traefik -{% endif %} - dnsPolicy: ClusterFirst - hostNetwork: false - restartPolicy: Always - terminationGracePeriodSeconds: 1 - tolerations: - - effect: NoSchedule - operator: Exists - volumes: - - configMap: - defaultMode: 420 - name: traefik - name: config diff --git a/templates/traefik-file-provider.yml.j2 b/templates/traefik-files.yml.j2 similarity index 97% rename from templates/traefik-file-provider.yml.j2 rename to templates/traefik-files.yml.j2 index c91b56b..4a0c27e 100644 --- a/templates/traefik-file-provider.yml.j2 +++ b/templates/traefik-files.yml.j2 @@ -2,8 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: traefik-file-provider - namespace: traefik + name: traefik-files data: traefik-middlewares.yaml: | http: diff --git a/templates/traefik-ingressroute.yml.j2 b/templates/traefik-ingressroute.yml.j2 index b7f199a..587857f 100644 --- a/templates/traefik-ingressroute.yml.j2 +++ b/templates/traefik-ingressroute.yml.j2 @@ -2,7 +2,6 @@ apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: traefik - namespace: {{ traefik_namespace }} labels: app: traefik diff --git a/templates/traefik-middleware-basicauth.yml.j2 b/templates/traefik-middleware-basicauth.yml.j2 deleted file mode 100644 index 797fe1f..0000000 --- a/templates/traefik-middleware-basicauth.yml.j2 +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: basic-auth - namespace: {{ traefik_namespace }} -spec: - basicAuth: - secret: basic-auth \ No newline at end of file diff --git a/templates/traefik-middleware-headers.yml.j2 b/templates/traefik-middleware-headers.yml.j2 deleted file mode 100644 index 50172d4..0000000 --- a/templates/traefik-middleware-headers.yml.j2 +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: security-headers - namespace: {{ traefik_namespace }} -spec: - headers: - browserXssFilter: "true" - contentTypeNosniff: "true" - forceSTSHeader: "true" - frameDeny: "true" - stsIncludeSubdomains: "true" - stsPreload: "true" - stsSeconds: "15768000" - sslRedirect: "true" - contentSecurityPolicy: "default-src 'self' 'unsafe-inline'" - customFrameOptionsValue: "SAMEORIGIN" - referrerPolicy: "same-origin" - featurePolicy: "vibrate 'self'" - - # CORS - accessControlAllowMethods: - - "GET" - - "OPTIONS" - - "PUT" - accessControlAllowOrigin: "origin-list-or-null" - #accessControlAllowOriginList: - # - "https://foo.bar.org" - # - "https://example.org" - accessControlMaxAge: 100 - addVaryHeader: "true" \ No newline at end of file diff --git a/templates/traefik-middleware-httpsredirect.yml.j2 b/templates/traefik-middleware-httpsredirect.yml.j2 deleted file mode 100644 index d5f4cb3..0000000 --- a/templates/traefik-middleware-httpsredirect.yml.j2 +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: https-only - namespace: {{ traefik_namespace }} -spec: - redirectScheme: - scheme: https \ No newline at end of file diff --git a/templates/traefik-middleware-ipwhitelist.yml.j2 b/templates/traefik-middleware-ipwhitelist.yml.j2 index 0722f45..2e987a9 100644 --- a/templates/traefik-middleware-ipwhitelist.yml.j2 +++ b/templates/traefik-middleware-ipwhitelist.yml.j2 @@ -2,7 +2,6 @@ apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: name: traefik-ipwhitelist - namespace: {{ traefik_namespace }} spec: ipWhiteList: sourceRange: diff --git a/templates/traefik-ping.yml.j2 b/templates/traefik-ping.yml.j2 deleted file mode 100644 index 86666f8..0000000 --- a/templates/traefik-ping.yml.j2 +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: traefik-ping - namespace: {{ traefik_namespace }} - labels: - app: traefik - -spec: - entryPoints: - - https - routes: - # Match is the rule corresponding to an underlying router. - # Later on, match could be the simple form of a path prefix, e.g. just "/bar", - # but for now we only support a traefik style matching rule. - - match: Host(`traefik.{{ traefik_domain }}`) && PathPrefix(`/ping`) - # kind could eventually be one of "Rule", "Path", "Host", "Method", "Header", - # "Parameter", etc, to support simpler forms of rule matching, but for now we - # only support "Rule". - kind: Rule - # (optional) Priority disambiguates rules of the same length, for route matching. - priority: 14 - services: - - name: ping@internal - kind: TraefikService -# - name: traefik-dashboard -# port: 8080 -# # (default 1) A weight used by the weighted round-robin strategy (WRR). -# weight: 1 -# # (default true) PassHostHeader controls whether to leave the request's Host -# # Header as it was before it reached the proxy, or whether to let the proxy set it -# # to the destination (backend) host. -# passHostHeader: true -# responseForwarding: -# # (default 100ms) Interval between flushes of the buffered response body to the client. -# flushInterval: 100ms - tls: - secretName: wildcard-cluster - options: - name: default - namespace: {{ traefik_namespace }} \ No newline at end of file diff --git a/templates/traefik-psp.yml.j2 b/templates/traefik-psp.yml.j2 deleted file mode 100644 index ac10d3d..0000000 --- a/templates/traefik-psp.yml.j2 +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: runtime/default - seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default - name: traefik-ingress-controller -spec: - requiredDropCapabilities: - - ALL - allowedCapabilities: - - NET_BIND_SERVICE - privileged: false - allowPrivilegeEscalation: false - # Allow core volume types. - volumes: - - configMap - - downwardAPI - - secret - - emptyDir - - projected - # - persistentVolumeClaim - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: 'MustRunAsNonRoot' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - hostPorts: - readOnlyRootFilesystem: true - seLinux: - rule: 'RunAsAny' - hostPorts: - - max: 65535 - min: 1 - #allowedUnsafeSysctls: - # - kernel.net.ipv4.ip_unprivileged_port_start \ No newline at end of file diff --git a/templates/traefik-sa.yml.j2 b/templates/traefik-sa.yml.j2 index 07c38a6..8a31290 100644 --- a/templates/traefik-sa.yml.j2 +++ b/templates/traefik-sa.yml.j2 @@ -1,5 +1,4 @@ apiVersion: v1 kind: ServiceAccount metadata: - namespace: {{ traefik_namespace }} name: traefik-ingress-controller diff --git a/templates/traefik-svc.yml.j2 b/templates/traefik-svc.yml.j2 index 71d2044..dc82b82 100644 --- a/templates/traefik-svc.yml.j2 +++ b/templates/traefik-svc.yml.j2 @@ -5,7 +5,6 @@ metadata: app.kubernetes.io/instance: traefik app.kubernetes.io/name: traefik name: traefik - namespace: {{ traefik_namespace }} spec: ports: diff --git a/templates/traefik-tls-options.yml.j2 b/templates/traefik-tls-options.yml.j2 deleted file mode 100644 index 6f64045..0000000 --- a/templates/traefik-tls-options.yml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: TLSOption -metadata: - name: default - namespace: {{ traefik_namespace }} - -spec: - sniStrict: true - minVersion: VersionTLS12 - cipherSuites: - - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 - curvePreferences: - - CurveP521 - - CurveP384 \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml index ffe6edb..3720128 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,33 +1,3 @@ -traefik_version_2_0: 2.0.7 -traefik_2_0_list: - - 2.0/traefik-clusterrole.yml.j2 - - 2.0/traefik-clusterrolebinding.yml.j2 - - 2.0/traefik-crd-ingressroute.yml.j2 - - 2.0/traefik-crd-ingressroutetcp.yml.j2 - - 2.0/traefik-crd-middleware.yml.j2 - - 2.0/traefik-crd-tlsoption.yml.j2 - -traefik_version_2_1: 2.1.9 -traefik_2_1_list: - - 2.1/traefik-clusterrole.yml.j2 - - 2.1/traefik-clusterrolebinding.yml.j2 - - 2.1/traefik-crd-ingressroute.yml.j2 - - 2.1/traefik-crd-ingressroutetcp.yml.j2 - - 2.1/traefik-crd-middleware.yml.j2 - - 2.1/traefik-crd-tlsoption.yml.j2 - - 2.1/traefik-crd-traefikservice.yml.j2 - -traefik_version_2_2: 2.2.11 -traefik_2_2_list: - - 2.2/traefik-crd-ingressroutes.yml.j2 - - 2.2/traefik-crd-ingressroutetcps.yml.j2 - - 2.2/traefik-crd-ingressrouteudps.yml.j2 - - 2.2/traefik-crd-middlewares.yml.j2 - - 2.2/traefik-crd-tlsoptions.yml.j2 - - 2.2/traefik-crd-tlsstores.yml.j2 - - 2.2/traefik-crd-traefikservices.yml.j2 - - 2.2/traefik-clusterrole.yml.j2 - - 2.2/traefik-clusterrolebinding.yml.j2 traefik_version_2_3: 2.3.7 traefik_2_3_list: