diff --git a/defaults/main.yml b/defaults/main.yml index 4cd513a..e6b9cfd 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,7 +1,8 @@ my_context: kubernetes -traefik_version: "2.5.6" -traefik_domain: "local" +traefik_version: "2.6.1" +cluster_domain: "local" traefik_namespace: "traefik" +traefik_service_type: LoadBalancer #ingress_whitelist: # - 10.96.0.0/12 # - 10.244.0.0/16 diff --git a/templates/traefik-certificate.yml.j2 b/templates/traefik-certificate.yml.j2 index 5fa7feb..799ef52 100644 --- a/templates/traefik-certificate.yml.j2 +++ b/templates/traefik-certificate.yml.j2 @@ -2,11 +2,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: traefik.{{ traefik_domain }} + name: traefik.{{ cluster_domain }} spec: dnsNames: - - traefik.{{ traefik_domain }} + - traefik.{{ cluster_domain }} issuerRef: name: letsencrypt-prod kind: ClusterIssuer - secretName: traefik.{{ traefik_domain }} + secretName: traefik.{{ cluster_domain }} diff --git a/templates/traefik-files.yml.j2 b/templates/traefik-files.yml.j2 index 261a26e..b5ab8e9 100644 --- a/templates/traefik-files.yml.j2 +++ b/templates/traefik-files.yml.j2 @@ -51,11 +51,13 @@ data: # users: # - {{ basic_auth_data }} {% endif %} +{% if false %} authelia: forwardAuth: address: "http://authelia:9091/api/verify?rd=https://login.example.com/" trustForwardHeader: true authReponseHeaders: ["Remote-User", "Remote-Groups", "Remote-Name", "Remote-Email"] +{% endif %} traefik-tls-defaults-options.yaml: | tls: diff --git a/templates/traefik-helm-value.yaml.j2 b/templates/traefik-helm-value.yaml.j2 index f430e44..61f273a 100644 --- a/templates/traefik-helm-value.yaml.j2 +++ b/templates/traefik-helm-value.yaml.j2 @@ -1,18 +1,16 @@ -image: - tag: "{{ traefik_version }}" +#image: +# tag: "{{ traefik_version }}" additionalArguments: - --configFile=/etc/traefik/traefik.yaml #podSecurityPolicy: # enabled: true service: + type: {{ traefik_service_type }} {% if traefik_external_ips is defined %} - type: ClusterIP externalIPs: {% for external_ip in traefik_external_ips %} - {{ external_ip }} {% endfor %} -{% elseif %} - type: LoadBalancer {% endif %} ingressRoute: dashboard: diff --git a/templates/traefik-ingressroute.yml.j2 b/templates/traefik-ingressroute.yml.j2 index dded99b..e35e618 100644 --- a/templates/traefik-ingressroute.yml.j2 +++ b/templates/traefik-ingressroute.yml.j2 @@ -12,7 +12,7 @@ spec: # Match is the rule corresponding to an underlying router. # Later on, match could be the simple form of a path prefix, e.g. just "/bar", # but for now we only support a traefik style matching rule. - - match: Host(`traefik.{{ traefik_domain }}`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`)) + - match: Host(`traefik.{{ cluster_domain }}`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`)) # kind could eventually be one of "Rule", "Path", "Host", "Method", "Header", # "Parameter", etc, to support simpler forms of rule matching, but for now we # only support "Rule". @@ -20,25 +20,25 @@ spec: {% if basic_auth is defined or ingress_whitelist is defined %} middlewares: {% if ingress_whitelist is defined %} - - name: traefik-ipwhitelist + - name: traefik-ipwhitelist@file {% endif %} {% if basic_auth is defined %} - - name: basic-auth + - name: basic-auth@file {% endif %} {% endif %} services: - name: api@internal kind: TraefikService - - match: Host(`traefik.{{ traefik_domain }}`) && PathPrefix(`/ping`) + - match: Host(`traefik.{{ cluster_domain }}`) && PathPrefix(`/ping`) kind: Rule services: - name: ping@internal kind: TraefikService - - match: Host(`traefik.{{ traefik_domain }}`) && PathPrefix(`/metrics`) - kind: Rule - services: - - name: prometheus@internal - kind: TraefikService +# - match: Host(`traefik.{{ cluster_domain }}`) && PathPrefix(`/metrics`) +# kind: Rule +# services: +# - name: prometheus@internal +# kind: TraefikService @@ -46,5 +46,5 @@ spec: {% if traefik_dashboard_certificate is defined %} secretName: {{ traefik_dashboard_certificate }} {% else %} - secretName: traefik.{{ traefik_domain }} + secretName: traefik.{{ cluster_domain }} {% endif %}