Add ondemand plugin

defaults/main.yml

@@ -1,5 +1,5 @@
 my_context: kubernetes
-traefik_version: "2.7.1"
+traefik_version: "2.8.1"
 cluster_domain: "local"
 traefik_namespace: "traefik"
 traefik_service_type: LoadBalancer

tasks/main.yml

@@ -128,6 +128,19 @@
 #      - traefik-svc.yml.j2
 #      - traefik-defaultbackend.yml.j2
 
+  - name: Install traefik plugin's
+    k8s:
+      state: "present"
+      context: "{{ my_context }}"
+      namespace: '{{ traefik_namespace }}'
+#      merge_type: merge
+      apply: yes
+      resource_definition: "{{ lookup('template', item) | from_yaml_all }}"
+    with_items:
+      - traefik-ondemand-plugin.yml.j2
+    when:
+      - traefik_ondemand is defined
+
   - name: Defined traefik-hub repository
     kubernetes.core.helm_repository:
       name: traefik-hub

templates/traefik-cm.yml.j2

@@ -24,6 +24,9 @@ data:
             entryPoint:
               to: websecure
               scheme: https
+              permanent: true
+    #    http3:
+    #      advertisedPort: 42
       websecure:
         address: ":8443/tcp"
         http:
@@ -33,6 +36,8 @@ data:
     #        - auth@file
     #        - secure_headers@file
     #        - crowdsec-bouncer@file
+    #    http3:
+    #      advertisedPort: 42
       traefik:
         address: ":9000/tcp"
       metrics:
@@ -63,8 +68,10 @@ data:
       kubernetesCRD:
     #    ingressClass: "traefik"
         throttleDuration: 2s
+        allowEmptyServices: true
       kubernetesIngress:
         ingressClass: "traefik"
+        allowEmptyServices: true
       file:
         directory: /etc/traefik/file/
         watch: true
@@ -99,3 +106,9 @@ data:
 {% if traefik_hub_token is defined %}
       hub: true
 {% endif %}
+{% if traefik_ondemand is defined %}
+      plugins:
+        traefik-ondemand-plugin:
+          moduleName: github.com/acouvreur/traefik-ondemand-plugin
+          version: v1.2.0
+{% endif %}

templates/traefik-ondemand-plugin.yml.j2

@@ -0,0 +1,81 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: traefik-ondemand-service
+  labels:
+    app: traefik-ondemand-service
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: traefik-ondemand-service
+  template:
+    metadata:
+      labels:
+        app: traefik-ondemand-service
+    spec:
+      serviceAccountName: traefik-ondemand-service
+      serviceAccount: traefik-ondemand-service
+      containers:
+      - name: traefik-ondemand-service
+        image: ghcr.io/acouvreur/traefik-ondemand-service:1
+        args: ["--swarmMode=false", "--kubernetesMode=true"]
+        ports:
+        - containerPort: 10000
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik-ondemand-service
+spec:
+  selector:
+    app: traefik-ondemand-service
+  ports:
+    - protocol: TCP
+      port: 10000
+      targetPort: 10000
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: traefik-ondemand-service
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: traefik-ondemand-service
+  namespace: {{ traefik_namespace }}
+rules:
+  - apiGroups:
+      - apps
+    resources:
+      - deployments
+      - deployments/scale
+    verbs:
+      - patch
+      - get
+      - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: traefik-ondemand-service
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: traefik-ondemand-service
+subjects:
+  - kind: ServiceAccount
+    name: traefik-ondemand-service
+    namespace: {{ traefik_namespace }}
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: ondemand
+spec:
+  plugin:
+    traefik-ondemand-plugin:
+      name: traefik_ondemand_plugin
+      serviceUrl: 'http://traefik-ondemand-service.{{ traefik_namespace }}:10000'
+      timeout: 1m