defaults/main.yml

@@ -1,5 +1,5 @@
 my_context: kubernetes
-traefik_version: "2.5.6"
+traefik_version: "2.4.1"
 traefik_domain: "local"
 traefik_namespace: "traefik"
 #ingress_whitelist:
@@ -10,12 +10,10 @@ traefik_namespace: "traefik"
 #  - localhost
 traefik_cpu_limit: 500m
 traefik_memory_limit: 300Mi
-traefik_entrypoints: []
-#    - { name: "http", port: 8000, proto: "TCP", hostport: 80 }
-#    - { name: "https", port: 4443, proto: "TCP", hostport: 443, tls: true }
-#    - { name: "traefik", port: 8080, proto: "TCP" }
-#traefik_external_ips: []
-#   - 1.2.3.4
+traefik_entrypoints:
+    - { name: "http", port: 8000, proto: "TCP", hostport: 80 }
+    - { name: "https", port: 4443, proto: "TCP", hostport: 443, tls: true }
+    - { name: "traefik", port: 8080, proto: "TCP" }
 
 basic_auth: false
 #traefik_dashboard_certificate: wildcard-cluster

meta/main.yml

@@ -6,7 +6,7 @@ galaxy_info:
   galaxy_tags: []
   license: GPL2
   collections:
-    - kubernetes.core
+    - community.kubernetes
   platforms:
   - name: kubernetes
     version:

tasks/main.yml

@@ -9,7 +9,7 @@
         api_version: v1
         kind: Namespace
         metadata:
-          name: '{{ traefik_namespace }}'
+          name: traefik
           labels:
             namespace: '{{ traefik_namespace }}'
 
@@ -17,12 +17,12 @@
     k8s:
       state: present
       context: "{{ my_context }}"
-      namespace: '{{ traefik_namespace }}'
       definition:
         apiVersion: v1
         kind: Secret
         metadata:
           name: basic-auth
+          namespace: '{{ traefik_namespace }}'
         type: Opaque
         data:
           basic_auth: "{{ basic_auth_data | b64encode }}"
@@ -74,12 +74,12 @@
 #      - traefik_actual_version.stdout is version(traefik_version, '>')
 
   - name: Defined traefik repository
-    kubernetes.core.helm_repository:
+    community.kubernetes.helm_repository:
       name: traefik
       repo_url: "https://helm.traefik.io/traefik"
     tags: traefik
   - name: Deploy latest version of Traefik
-    kubernetes.core.helm:
+    community.kubernetes.helm:
       context: "{{ my_context }}"
       name: traefik
       chart_ref: traefik/traefik
@@ -99,15 +99,12 @@
         ingressClass:
           enabled: true
           isDefaultClass: true
-#        ports:
-#          web:
-#            redirectTo: websecure
-#            hostPort: 80
-#          websecure:
-#            hostPort: 443
-#            tls:
-#              enabled: true
-#              options: default
+        ports:
+          web:
+            redirectTo: websecure
+            hostPort: 80
+          websecure:
+            hostPort: 443
         volumes:
           - mountPath: /etc/traefik
             name: traefik-conf
@@ -118,11 +115,6 @@
           - mountPath: /etc/traefik/basic-auth
             name: basic-auth
             type: secret
-        deployment:
-          replicas: 1
-          podAnnotations: 
-            prometheus.io/port: '9000'
-            prometheus.io/scrape: 'true'
 
   - name: Install traefik configuration
     k8s:
@@ -134,7 +126,6 @@
       resource_definition: "{{ lookup('template', item) | from_yaml }}"
     with_items:
 #      - "{{ lookup('vars', 'traefik_' + traefik_version | regex_replace('[.]','_') + '_list') }}"
-      - traefik-certificate.yml.j2
       - traefik-cm.yml.j2
       - traefik-files.yml.j2
 #      - traefik-sa.yml.j2

templates/traefik-certificate.yml.j2

@@ -1,12 +0,0 @@
----
-apiVersion: cert-manager.io/v1alpha2
-kind: Certificate
-metadata:
-  name: traefik.{{ traefik_domain }}
-spec:
-  dnsNames:
-  - traefik.{{ traefik_domain }}
-  issuerRef:
-    name: letsencrypt-prod
-    kind: ClusterIssuer
-  secretName: traefik.{{ traefik_domain }}

templates/traefik-cm.yml.j2

@@ -15,9 +15,6 @@ data:
       web:
         address: ":8000/tcp"
         http:
-#          middlewares:
-#            - auth@file
-#            - secure_headers@file
           redirections:
             entryPoint:
               to: websecure

templates/traefik-files.yml.j2

@@ -70,16 +70,3 @@ data:
               - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
               - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
               - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
-{% if false %}
-      stores:
-        default:
-          defaultCertificate:
-            certFile: path/to/wildcardcert.crt
-            keyFile: path/to/wildcardcert.key
-
-      certificates:
-      - certFile: /path/to/domain.cert
-        keyFile: /path/to/domain.key
-      - certFile: /path/to/other-domain.cert
-        keyFile: /path/to/other-domain.key
-{% endif %}

templates/traefik-ingressroute.yml.j2

@@ -7,7 +7,7 @@ metadata:
 
 spec:
   entryPoints:
-    - websecure
+    - https
   routes:
   # Match is the rule corresponding to an underlying router.
   # Later on, match could be the simple form of a path prefix, e.g. just "/bar",
@@ -45,6 +45,4 @@ spec:
   tls:
 {% if traefik_dashboard_certificate is defined %}
     secretName: {{ traefik_dashboard_certificate }}
-{% else %}
-    secretName: traefik.{{ traefik_domain }}
 {% endif %}

templates/traefik-svc.yml.j2

@@ -9,19 +9,15 @@ metadata:
 spec:
   ports:
   - name: web
+    hostPort: 80
     port: 80
     protocol: TCP
     targetPort: web
   - name: websecure
+    hostPort: 443
     port: 443
     protocol: TCP
     targetPort: websecure
-{% if traefik_external_ips is defined %}
-  externalIPs:
-{% for traefik_external_ip in traefik_external_ips %}
-    - {{ traefik_external_ip }}
-{% endfor %}
-{% endif %}
   selector:
     app.kubernetes.io/instance: traefik
     app.kubernetes.io/name: traefik