diff --git a/defaults/main.yml b/defaults/main.yml index 0fc87cf..07a1970 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ my_context: kubernetes -traefik_version: "2.2" +traefik_version: "2.3" traefik_domain: "local" traefik_namespace: "traefik" #ingress_whitelist: diff --git a/tasks/main.yml b/tasks/main.yml index 3630314..1e57147 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -49,7 +49,7 @@ k8s_info: context: "{{ my_context }}" api_version: v1 - kind: DaemonSet + kind: Deployment name: traefik namespace: '{{ traefik_namespace }}' field_selectors: @@ -77,6 +77,7 @@ k8s: state: "present" context: "{{ my_context }}" + namespace: '{{ traefik_namespace }}' merge_type: merge resource_definition: "{{ lookup('template', item) | from_yaml }}" with_items: diff --git a/templates/2.3/Ressources-exemple.yml b/templates/2.3/Ressources-exemple.yml new file mode 100644 index 0000000..bf512dd --- /dev/null +++ b/templates/2.3/Ressources-exemple.yml @@ -0,0 +1,157 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: TraefikService +metadata: + name: wrr2 + namespace: {{ traefik_namespace }} + +spec: + weighted: + services: + - name: s1 + weight: 1 + port: 80 + # Optional, as it is the default value + kind: Service + - name: s3 + weight: 1 + port: 80 + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: TraefikService +metadata: + name: wrr1 + namespace: {{ traefik_namespace }} + +spec: + weighted: + services: + - name: wrr2 + kind: TraefikService + weight: 1 + - name: s3 + weight: 1 + port: 80 + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: TraefikService +metadata: + name: mirror1 + namespace: {{ traefik_namespace }} + +spec: + mirroring: + name: s1 + port: 80 + mirrors: + - name: s3 + percent: 20 + port: 80 + - name: mirror2 + kind: TraefikService + percent: 20 + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: TraefikService +metadata: + name: mirror2 + namespace: {{ traefik_namespace }} + +spec: + mirroring: + name: wrr2 + kind: TraefikService + mirrors: + - name: s2 + # Optional, as it is the default value + kind: Service + percent: 20 + port: 80 + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: ingressroute +spec: + entryPoints: + - web + - websecure + routes: + - match: Host(`foo.com`) && PathPrefix(`/bar`) + kind: Rule + priority: 12 + # defining several services is possible and allowed, but for now the servers of + # all the services (for a given route) get merged altogether under the same + # load-balancing strategy. + services: + - name: s1 + port: 80 + healthCheck: + path: /health + host: baz.com + intervalSeconds: 7 + timeoutSeconds: 60 + # strategy defines the load balancing strategy between the servers. It defaults + # to Round Robin, and for now only Round Robin is supported anyway. + strategy: RoundRobin + - name: s2 + port: 433 + healthCheck: + path: /health + host: baz.com + intervalSeconds: 7 + timeoutSeconds: 60 + - match: PathPrefix(`/misc`) + services: + - name: s3 + port: 80 + middlewares: + - name: stripprefix + - name: addprefix + - match: PathPrefix(`/misc`) + services: + - name: s3 + # Optional, as it is the default value + kind: Service + port: 8443 + # scheme allow to override the scheme for the service. (ex: https or h2c) + scheme: https + - match: PathPrefix(`/lb`) + services: + - name: wrr1 + kind: TraefikService + - match: PathPrefix(`/mirrored`) + services: + - name: mirror1 + kind: TraefikService + # use an empty tls object for TLS with Let's Encrypt + tls: + secretName: supersecret + options: + name: myTLSOption + namespace: default + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRouteTCP +metadata: + name: ingressroutetcp.crd + namespace: default + +spec: + entryPoints: + - footcp + routes: + - match: HostSNI(`bar.com`) + services: + - name: whoamitcp + port: 8080 + tls: + secretName: foosecret + passthrough: false + options: + name: myTLSOption + namespace: default \ No newline at end of file diff --git a/templates/2.3/traefik-clusterrole.yml.j2 b/templates/2.3/traefik-clusterrole.yml.j2 new file mode 100644 index 0000000..50b65c9 --- /dev/null +++ b/templates/2.3/traefik-clusterrole.yml.j2 @@ -0,0 +1,50 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: traefik-ingress-controller + +rules: + - apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: ['traefik-ingress-controller'] + - apiGroups: + - "" + resources: + - services + - endpoints + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - traefik.containo.us + resources: + - middlewares + - ingressroutes + - traefikservices + - ingressroutetcps + - ingressrouteudps + - tlsoptions + - tlsstores + verbs: + - get + - list + - watch \ No newline at end of file diff --git a/templates/2.3/traefik-clusterrolebinding.yml.j2 b/templates/2.3/traefik-clusterrolebinding.yml.j2 new file mode 100644 index 0000000..2a4398a --- /dev/null +++ b/templates/2.3/traefik-clusterrolebinding.yml.j2 @@ -0,0 +1,13 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: traefik-ingress-controller + +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: traefik-ingress-controller +subjects: + - kind: ServiceAccount + name: traefik-ingress-controller + namespace: {{ traefik_namespace }} diff --git a/templates/2.3/traefik-crd-ingressroutes.yml.j2 b/templates/2.3/traefik-crd-ingressroutes.yml.j2 new file mode 100644 index 0000000..0bcfd35 --- /dev/null +++ b/templates/2.3/traefik-crd-ingressroutes.yml.j2 @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ingressroutes.traefik.containo.us + +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: IngressRoute + plural: ingressroutes + singular: ingressroute + scope: Namespaced diff --git a/templates/2.3/traefik-crd-ingressroutetcps.yml.j2 b/templates/2.3/traefik-crd-ingressroutetcps.yml.j2 new file mode 100644 index 0000000..36b202a --- /dev/null +++ b/templates/2.3/traefik-crd-ingressroutetcps.yml.j2 @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ingressroutetcps.traefik.containo.us + +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: IngressRouteTCP + plural: ingressroutetcps + singular: ingressroutetcp + scope: Namespaced diff --git a/templates/2.3/traefik-crd-ingressrouteudps.yml.j2 b/templates/2.3/traefik-crd-ingressrouteudps.yml.j2 new file mode 100644 index 0000000..d7c2624 --- /dev/null +++ b/templates/2.3/traefik-crd-ingressrouteudps.yml.j2 @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ingressrouteudps.traefik.containo.us + +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: IngressRouteUDP + plural: ingressrouteudps + singular: ingressrouteudp + scope: Namespaced diff --git a/templates/2.3/traefik-crd-middlewares.yml.j2 b/templates/2.3/traefik-crd-middlewares.yml.j2 new file mode 100644 index 0000000..d1ae35f --- /dev/null +++ b/templates/2.3/traefik-crd-middlewares.yml.j2 @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: middlewares.traefik.containo.us + +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: Middleware + plural: middlewares + singular: middleware + scope: Namespaced diff --git a/templates/2.3/traefik-crd-tlsoptions.yml.j2 b/templates/2.3/traefik-crd-tlsoptions.yml.j2 new file mode 100644 index 0000000..1495e0d --- /dev/null +++ b/templates/2.3/traefik-crd-tlsoptions.yml.j2 @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: tlsoptions.traefik.containo.us + +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: TLSOption + plural: tlsoptions + singular: tlsoption + scope: Namespaced diff --git a/templates/2.3/traefik-crd-tlsstores.yml.j2 b/templates/2.3/traefik-crd-tlsstores.yml.j2 new file mode 100644 index 0000000..f9a4005 --- /dev/null +++ b/templates/2.3/traefik-crd-tlsstores.yml.j2 @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: tlsstores.traefik.containo.us + +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: TLSStore + plural: tlsstores + singular: tlsstore + scope: Namespaced diff --git a/templates/2.3/traefik-crd-traefikservices.yml.j2 b/templates/2.3/traefik-crd-traefikservices.yml.j2 new file mode 100644 index 0000000..3262c43 --- /dev/null +++ b/templates/2.3/traefik-crd-traefikservices.yml.j2 @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: traefikservices.traefik.containo.us + +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: TraefikService + plural: traefikservices + singular: traefikservice + scope: Namespaced \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml index b63e505..e77897e 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -28,3 +28,15 @@ traefik_2_2_list: - 2.2/traefik-crd-traefikservices.yml.j2 - 2.2/traefik-clusterrole.yml.j2 - 2.2/traefik-clusterrolebinding.yml.j2 + +traefik_version_2_3: 2.3.1 +traefik_2_3_list: + - 2.3/traefik-crd-ingressroutes.yml.j2 + - 2.3/traefik-crd-ingressroutetcps.yml.j2 + - 2.3/traefik-crd-ingressrouteudps.yml.j2 + - 2.3/traefik-crd-middlewares.yml.j2 + - 2.3/traefik-crd-tlsoptions.yml.j2 + - 2.3/traefik-crd-tlsstores.yml.j2 + - 2.3/traefik-crd-traefikservices.yml.j2 + - 2.3/traefik-clusterrole.yml.j2 + - 2.3/traefik-clusterrolebinding.yml.j2