diff --git a/defaults/main.yml b/defaults/main.yml index 59ff3ce..576f812 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ my_context: kubernetes -traefik_version: "2.7.1" +traefik_version: "2.8.1" cluster_domain: "local" traefik_namespace: "traefik" traefik_service_type: LoadBalancer diff --git a/tasks/main.yml b/tasks/main.yml index 7dbcfa9..1b65f06 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -128,6 +128,19 @@ # - traefik-svc.yml.j2 # - traefik-defaultbackend.yml.j2 + - name: Install traefik plugin's + k8s: + state: "present" + context: "{{ my_context }}" + namespace: '{{ traefik_namespace }}' +# merge_type: merge + apply: yes + resource_definition: "{{ lookup('template', item) | from_yaml_all }}" + with_items: + - traefik-ondemand-plugin.yml.j2 + when: + - traefik_ondemand is defined + - name: Defined traefik-hub repository kubernetes.core.helm_repository: name: traefik-hub diff --git a/templates/traefik-cm.yml.j2 b/templates/traefik-cm.yml.j2 index 947afae..f7ec403 100644 --- a/templates/traefik-cm.yml.j2 +++ b/templates/traefik-cm.yml.j2 @@ -24,6 +24,9 @@ data: entryPoint: to: websecure scheme: https + permanent: true + # http3: + # advertisedPort: 42 websecure: address: ":8443/tcp" http: @@ -33,6 +36,8 @@ data: # - auth@file # - secure_headers@file # - crowdsec-bouncer@file + # http3: + # advertisedPort: 42 traefik: address: ":9000/tcp" metrics: @@ -63,8 +68,10 @@ data: kubernetesCRD: # ingressClass: "traefik" throttleDuration: 2s + allowEmptyServices: true kubernetesIngress: ingressClass: "traefik" + allowEmptyServices: true file: directory: /etc/traefik/file/ watch: true @@ -99,3 +106,9 @@ data: {% if traefik_hub_token is defined %} hub: true {% endif %} +{% if traefik_ondemand is defined %} + plugins: + traefik-ondemand-plugin: + moduleName: github.com/acouvreur/traefik-ondemand-plugin + version: v1.2.0 +{% endif %} diff --git a/templates/traefik-ondemand-plugin.yml.j2 b/templates/traefik-ondemand-plugin.yml.j2 new file mode 100644 index 0000000..d983519 --- /dev/null +++ b/templates/traefik-ondemand-plugin.yml.j2 @@ -0,0 +1,81 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: traefik-ondemand-service + labels: + app: traefik-ondemand-service +spec: + replicas: 1 + selector: + matchLabels: + app: traefik-ondemand-service + template: + metadata: + labels: + app: traefik-ondemand-service + spec: + serviceAccountName: traefik-ondemand-service + serviceAccount: traefik-ondemand-service + containers: + - name: traefik-ondemand-service + image: ghcr.io/acouvreur/traefik-ondemand-service:1 + args: ["--swarmMode=false", "--kubernetesMode=true"] + ports: + - containerPort: 10000 +--- +apiVersion: v1 +kind: Service +metadata: + name: traefik-ondemand-service +spec: + selector: + app: traefik-ondemand-service + ports: + - protocol: TCP + port: 10000 + targetPort: 10000 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: traefik-ondemand-service +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: traefik-ondemand-service + namespace: {{ traefik_namespace }} +rules: + - apiGroups: + - apps + resources: + - deployments + - deployments/scale + verbs: + - patch + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: traefik-ondemand-service +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: traefik-ondemand-service +subjects: + - kind: ServiceAccount + name: traefik-ondemand-service + namespace: {{ traefik_namespace }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: ondemand +spec: + plugin: + traefik-ondemand-plugin: + name: traefik_ondemand_plugin + serviceUrl: 'http://traefik-ondemand-service.{{ traefik_namespace }}:10000' + timeout: 1m \ No newline at end of file