Update role

defaults/main.yml

@@ -1,7 +1,8 @@
 my_context: kubernetes
-traefik_version: "2.5.6"
-traefik_domain: "local"
+traefik_version: "2.6.1"
+cluster_domain: "local"
 traefik_namespace: "traefik"
+traefik_service_type: LoadBalancer
 #ingress_whitelist:
 #  - 10.96.0.0/12
 #  - 10.244.0.0/16

templates/traefik-certificate.yml.j2

@@ -2,11 +2,11 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: traefik.{{ traefik_domain }}
+  name: traefik.{{ cluster_domain }}
 spec:
   dnsNames:
-  - traefik.{{ traefik_domain }}
+  - traefik.{{ cluster_domain }}
   issuerRef:
     name: letsencrypt-prod
     kind: ClusterIssuer
-  secretName: traefik.{{ traefik_domain }}
+  secretName: traefik.{{ cluster_domain }}

templates/traefik-files.yml.j2

@@ -51,11 +51,13 @@ data:
     #        users:
     #          - {{ basic_auth_data }}
 {% endif %}
+{% if false %}
         authelia:
           forwardAuth:
             address: "http://authelia:9091/api/verify?rd=https://login.example.com/"
             trustForwardHeader: true
             authReponseHeaders: ["Remote-User", "Remote-Groups", "Remote-Name", "Remote-Email"]
+{% endif %}
 
   traefik-tls-defaults-options.yaml: |
     tls:

templates/traefik-helm-value.yaml.j2

@@ -1,18 +1,16 @@
-image:
-  tag: "{{ traefik_version }}"
+#image:
+#  tag: "{{ traefik_version }}"
 additionalArguments:
   - --configFile=/etc/traefik/traefik.yaml
 #podSecurityPolicy:
 #  enabled: true
 service:
+  type: {{ traefik_service_type }}
 {% if traefik_external_ips is defined %}
-  type: ClusterIP
   externalIPs:
 {% for external_ip in traefik_external_ips %}
     - {{ external_ip }}
 {% endfor %}
-{% elseif %}
-  type: LoadBalancer
 {% endif %}
 ingressRoute:
   dashboard:

templates/traefik-ingressroute.yml.j2

@@ -12,7 +12,7 @@ spec:
   # Match is the rule corresponding to an underlying router.
   # Later on, match could be the simple form of a path prefix, e.g. just "/bar",
   # but for now we only support a traefik style matching rule.
-  - match: Host(`traefik.{{ traefik_domain }}`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
+  - match: Host(`traefik.{{ cluster_domain }}`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
     # kind could eventually be one of "Rule", "Path", "Host", "Method", "Header",
     # "Parameter", etc, to support simpler forms of rule matching, but for now we
     # only support "Rule".
@@ -20,25 +20,25 @@ spec:
 {% if basic_auth is defined or ingress_whitelist is defined %}
     middlewares:
 {% if ingress_whitelist is defined %}
-      - name: traefik-ipwhitelist
+      - name: traefik-ipwhitelist@file
 {% endif %}
 {% if basic_auth is defined %}
-      - name: basic-auth
+      - name: basic-auth@file
 {% endif %}
 {% endif %}
     services:
     - name: api@internal
       kind: TraefikService
-  - match: Host(`traefik.{{ traefik_domain }}`) && PathPrefix(`/ping`)
+  - match: Host(`traefik.{{ cluster_domain }}`) && PathPrefix(`/ping`)
     kind: Rule
     services:
     - name: ping@internal
       kind: TraefikService
-  - match: Host(`traefik.{{ traefik_domain }}`) && PathPrefix(`/metrics`)
-    kind: Rule
-    services:
-    - name: prometheus@internal
-      kind: TraefikService
+#  - match: Host(`traefik.{{ cluster_domain }}`) && PathPrefix(`/metrics`)
+#    kind: Rule
+#    services:
+#    - name: prometheus@internal
+#      kind: TraefikService
 
 
 
@@ -46,5 +46,5 @@ spec:
 {% if traefik_dashboard_certificate is defined %}
     secretName: {{ traefik_dashboard_certificate }}
 {% else %}
-    secretName: traefik.{{ traefik_domain }}
+    secretName: traefik.{{ cluster_domain }}
 {% endif %}