diff --git a/defaults/main.yml b/defaults/main.yml index 4cd513a..c56661e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ my_context: kubernetes -traefik_version: "2.5.6" +traefik_version: "2.4.1" traefik_domain: "local" traefik_namespace: "traefik" #ingress_whitelist: @@ -10,12 +10,10 @@ traefik_namespace: "traefik" # - localhost traefik_cpu_limit: 500m traefik_memory_limit: 300Mi -traefik_entrypoints: [] -# - { name: "http", port: 8000, proto: "TCP", hostport: 80 } -# - { name: "https", port: 4443, proto: "TCP", hostport: 443, tls: true } -# - { name: "traefik", port: 8080, proto: "TCP" } -#traefik_external_ips: [] -# - 1.2.3.4 +traefik_entrypoints: + - { name: "http", port: 8000, proto: "TCP", hostport: 80 } + - { name: "https", port: 4443, proto: "TCP", hostport: 443, tls: true } + - { name: "traefik", port: 8080, proto: "TCP" } basic_auth: false #traefik_dashboard_certificate: wildcard-cluster \ No newline at end of file diff --git a/meta/main.yml b/meta/main.yml index 65154b8..c8bee80 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -6,7 +6,7 @@ galaxy_info: galaxy_tags: [] license: GPL2 collections: - - kubernetes.core + - community.kubernetes platforms: - name: kubernetes version: diff --git a/tasks/main.yml b/tasks/main.yml index c997bc5..60c4ef3 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -9,7 +9,7 @@ api_version: v1 kind: Namespace metadata: - name: '{{ traefik_namespace }}' + name: traefik labels: namespace: '{{ traefik_namespace }}' @@ -17,12 +17,12 @@ k8s: state: present context: "{{ my_context }}" - namespace: '{{ traefik_namespace }}' definition: apiVersion: v1 kind: Secret metadata: name: basic-auth + namespace: '{{ traefik_namespace }}' type: Opaque data: basic_auth: "{{ basic_auth_data | b64encode }}" @@ -74,12 +74,12 @@ # - traefik_actual_version.stdout is version(traefik_version, '>') - name: Defined traefik repository - kubernetes.core.helm_repository: + community.kubernetes.helm_repository: name: traefik repo_url: "https://helm.traefik.io/traefik" tags: traefik - name: Deploy latest version of Traefik - kubernetes.core.helm: + community.kubernetes.helm: context: "{{ my_context }}" name: traefik chart_ref: traefik/traefik @@ -99,15 +99,12 @@ ingressClass: enabled: true isDefaultClass: true -# ports: -# web: -# redirectTo: websecure -# hostPort: 80 -# websecure: -# hostPort: 443 -# tls: -# enabled: true -# options: default + ports: + web: + redirectTo: websecure + hostPort: 80 + websecure: + hostPort: 443 volumes: - mountPath: /etc/traefik name: traefik-conf @@ -118,11 +115,6 @@ - mountPath: /etc/traefik/basic-auth name: basic-auth type: secret - deployment: - replicas: 1 - podAnnotations: - prometheus.io/port: '9000' - prometheus.io/scrape: 'true' - name: Install traefik configuration k8s: @@ -134,7 +126,6 @@ resource_definition: "{{ lookup('template', item) | from_yaml }}" with_items: # - "{{ lookup('vars', 'traefik_' + traefik_version | regex_replace('[.]','_') + '_list') }}" - - traefik-certificate.yml.j2 - traefik-cm.yml.j2 - traefik-files.yml.j2 # - traefik-sa.yml.j2 diff --git a/templates/traefik-certificate.yml.j2 b/templates/traefik-certificate.yml.j2 deleted file mode 100644 index 3042d55..0000000 --- a/templates/traefik-certificate.yml.j2 +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: cert-manager.io/v1alpha2 -kind: Certificate -metadata: - name: traefik.{{ traefik_domain }} -spec: - dnsNames: - - traefik.{{ traefik_domain }} - issuerRef: - name: letsencrypt-prod - kind: ClusterIssuer - secretName: traefik.{{ traefik_domain }} diff --git a/templates/traefik-cm.yml.j2 b/templates/traefik-cm.yml.j2 index 9d831ce..a29ddaa 100644 --- a/templates/traefik-cm.yml.j2 +++ b/templates/traefik-cm.yml.j2 @@ -15,9 +15,6 @@ data: web: address: ":8000/tcp" http: -# middlewares: -# - auth@file -# - secure_headers@file redirections: entryPoint: to: websecure diff --git a/templates/traefik-files.yml.j2 b/templates/traefik-files.yml.j2 index aacb804..4a0c27e 100644 --- a/templates/traefik-files.yml.j2 +++ b/templates/traefik-files.yml.j2 @@ -70,16 +70,3 @@ data: - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 -{% if false %} - stores: - default: - defaultCertificate: - certFile: path/to/wildcardcert.crt - keyFile: path/to/wildcardcert.key - - certificates: - - certFile: /path/to/domain.cert - keyFile: /path/to/domain.key - - certFile: /path/to/other-domain.cert - keyFile: /path/to/other-domain.key -{% endif %} diff --git a/templates/traefik-ingressroute.yml.j2 b/templates/traefik-ingressroute.yml.j2 index dded99b..587857f 100644 --- a/templates/traefik-ingressroute.yml.j2 +++ b/templates/traefik-ingressroute.yml.j2 @@ -7,7 +7,7 @@ metadata: spec: entryPoints: - - websecure + - https routes: # Match is the rule corresponding to an underlying router. # Later on, match could be the simple form of a path prefix, e.g. just "/bar", @@ -45,6 +45,4 @@ spec: tls: {% if traefik_dashboard_certificate is defined %} secretName: {{ traefik_dashboard_certificate }} -{% else %} - secretName: traefik.{{ traefik_domain }} {% endif %} diff --git a/templates/traefik-svc.yml.j2 b/templates/traefik-svc.yml.j2 index 1397dd8..dc82b82 100644 --- a/templates/traefik-svc.yml.j2 +++ b/templates/traefik-svc.yml.j2 @@ -9,19 +9,15 @@ metadata: spec: ports: - name: web + hostPort: 80 port: 80 protocol: TCP targetPort: web - name: websecure + hostPort: 443 port: 443 protocol: TCP targetPort: websecure -{% if traefik_external_ips is defined %} - externalIPs: -{% for traefik_external_ip in traefik_external_ips %} - - {{ traefik_external_ip }} -{% endfor %} -{% endif %} selector: app.kubernetes.io/instance: traefik app.kubernetes.io/name: traefik