Compare commits
No commits in common. "24d977621bbd0d1dbbc10676f0522e62bd100e1e" and "8db2742da0d4664b1d4e30c76ff8b2849e873f35" have entirely different histories.
24d977621b
...
8db2742da0
6 changed files with 11 additions and 79 deletions
|
|
@ -1,6 +1,6 @@
|
||||||
my_context: kubernetes
|
my_context: kubernetes
|
||||||
traefik_version: "3.1.4"
|
traefik_version: "3.0.4"
|
||||||
traefik_helm_chart_version: "31.1.1"
|
traefik_helm_chart_version: "28.0.0"
|
||||||
cluster_domain: "local"
|
cluster_domain: "local"
|
||||||
traefik_namespace: "traefik"
|
traefik_namespace: "traefik"
|
||||||
traefik_service_type: LoadBalancer
|
traefik_service_type: LoadBalancer
|
||||||
|
|
|
||||||
|
|
@ -106,9 +106,6 @@
|
||||||
kubernetes.core.helm_repository:
|
kubernetes.core.helm_repository:
|
||||||
name: traefik
|
name: traefik
|
||||||
repo_url: "https://helm.traefik.io/traefik"
|
repo_url: "https://helm.traefik.io/traefik"
|
||||||
# - name: show templating results
|
|
||||||
# ansible.builtin.debug:
|
|
||||||
# msg: "{{ lookup('ansible.builtin.template', 'traefik-helm-value.yaml.j2') }}"
|
|
||||||
- name: Deploy latest version of Traefik
|
- name: Deploy latest version of Traefik
|
||||||
kubernetes.core.helm:
|
kubernetes.core.helm:
|
||||||
context: "{{ my_context }}"
|
context: "{{ my_context }}"
|
||||||
|
|
@ -116,7 +113,6 @@
|
||||||
chart_ref: traefik/traefik
|
chart_ref: traefik/traefik
|
||||||
chart_version: "{{ traefik_helm_chart_version }}"
|
chart_version: "{{ traefik_helm_chart_version }}"
|
||||||
release_namespace: "{{ traefik_namespace }}"
|
release_namespace: "{{ traefik_namespace }}"
|
||||||
create_namespace: true
|
|
||||||
values: "{{ lookup('template', 'traefik-helm-value.yaml.j2') | from_yaml }}"
|
values: "{{ lookup('template', 'traefik-helm-value.yaml.j2') | from_yaml }}"
|
||||||
|
|
||||||
- name: Install traefik configuration
|
- name: Install traefik configuration
|
||||||
|
|
@ -126,9 +122,8 @@
|
||||||
namespace: '{{ traefik_namespace }}'
|
namespace: '{{ traefik_namespace }}'
|
||||||
# merge_type: merge
|
# merge_type: merge
|
||||||
apply: true
|
apply: true
|
||||||
resource_definition: "{{ lookup('template', item) | from_yaml_all }}"
|
resource_definition: "{{ lookup('template', item) | from_yaml }}"
|
||||||
with_items:
|
with_items:
|
||||||
- default-network-dns-policy.yaml.j2
|
|
||||||
# - "{{ lookup('vars', 'traefik_' + traefik_version | regex_replace('[.]','_') + '_list') }}"
|
# - "{{ lookup('vars', 'traefik_' + traefik_version | regex_replace('[.]','_') + '_list') }}"
|
||||||
- traefik-certificate.yml.j2
|
- traefik-certificate.yml.j2
|
||||||
- traefik-cm.yml.j2
|
- traefik-cm.yml.j2
|
||||||
|
|
|
||||||
|
|
@ -1,46 +0,0 @@
|
||||||
kind: NetworkPolicy
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
metadata:
|
|
||||||
name: intra-namespace
|
|
||||||
spec:
|
|
||||||
podSelector: {}
|
|
||||||
ingress:
|
|
||||||
- from:
|
|
||||||
- namespaceSelector:
|
|
||||||
matchLabels:
|
|
||||||
name: {{ traefik_namespace }}
|
|
||||||
|
|
||||||
#---
|
|
||||||
#apiVersion: networking.k8s.io/v1
|
|
||||||
#kind: NetworkPolicy
|
|
||||||
#metadata:
|
|
||||||
# name: allow-dns-access
|
|
||||||
#spec:
|
|
||||||
# podSelector:
|
|
||||||
# matchLabels: {}
|
|
||||||
# policyTypes:
|
|
||||||
# - Egress
|
|
||||||
# egress:
|
|
||||||
# - to:
|
|
||||||
# - namespaceSelector:
|
|
||||||
# matchLabels:
|
|
||||||
# kubernetes.io/metadata.name: kube-system
|
|
||||||
# podSelector:
|
|
||||||
# matchLabels:
|
|
||||||
# k8s-app: kube-dns
|
|
||||||
# ports:
|
|
||||||
# - protocol: UDP
|
|
||||||
# port: 53
|
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: NetworkPolicy
|
|
||||||
metadata:
|
|
||||||
name: allow-all-traefik-v121-ingress
|
|
||||||
spec:
|
|
||||||
podSelector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: traefik
|
|
||||||
ingress:
|
|
||||||
- {}
|
|
||||||
policyTypes:
|
|
||||||
- Ingress
|
|
||||||
|
|
@ -140,10 +140,11 @@ metrics:
|
||||||
# severity: warning
|
# severity: warning
|
||||||
# annotations:
|
# annotations:
|
||||||
# summary: "Traefik Down"
|
# summary: "Traefik Down"
|
||||||
# description: "{% raw %}{{ $labels.pod }} on {{ $labels.nodename }} is down{% endraw %}"
|
# description: "{{ $labels.pod }} on {{ $labels.nodename }} is down"
|
||||||
experimental:
|
experimental:
|
||||||
{% if traefik_ondemand is defined %}
|
|
||||||
plugins:
|
plugins:
|
||||||
|
enabled: true
|
||||||
|
{% if traefik_ondemand is defined %}
|
||||||
sablier:
|
sablier:
|
||||||
moduleName: "github.com/acouvreur/sablier"
|
moduleName: "github.com/acouvreur/sablier"
|
||||||
version: "v1.7.0"
|
version: "v1.7.0"
|
||||||
|
|
@ -154,10 +155,3 @@ experimental:
|
||||||
hub:
|
hub:
|
||||||
enabled: true
|
enabled: true
|
||||||
{% endif %}
|
{% endif %}
|
||||||
securityContext:
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
capabilities:
|
|
||||||
drop: [ALL]
|
|
||||||
readOnlyRootFilesystem: true
|
|
||||||
seccompProfile:
|
|
||||||
type: RuntimeDefault
|
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
apiVersion: traefik.io/v1alpha1
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
kind: IngressRoute
|
kind: IngressRoute
|
||||||
metadata:
|
metadata:
|
||||||
name: traefik
|
name: traefik
|
||||||
|
|
|
||||||
|
|
@ -19,21 +19,9 @@ spec:
|
||||||
containers:
|
containers:
|
||||||
- name: sablier
|
- name: sablier
|
||||||
image: acouvreur/sablier:1.7.0
|
image: acouvreur/sablier:1.7.0
|
||||||
args: ["start", "--provider.name=kubernetes", "--storage.file=/dev/shm/state.json"]
|
args: ["start", "--provider.name=kubernetes"]
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 10000
|
- containerPort: 10000
|
||||||
securityContext:
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
capabilities:
|
|
||||||
drop: [ALL]
|
|
||||||
readOnlyRootFilesystem: true
|
|
||||||
seccompProfile:
|
|
||||||
type: RuntimeDefault
|
|
||||||
securityContext:
|
|
||||||
runAsGroup: 65532
|
|
||||||
runAsNonRoot: true
|
|
||||||
runAsUser: 65532
|
|
||||||
# --configFile=path/to/myconfigfile.yml
|
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
|
|
@ -51,6 +39,7 @@ apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: sablier
|
name: sablier
|
||||||
|
namespace: {{ traefik_namespace }}
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
|
|
@ -98,7 +87,7 @@ subjects:
|
||||||
name: sablier
|
name: sablier
|
||||||
namespace: {{ traefik_namespace }}
|
namespace: {{ traefik_namespace }}
|
||||||
#---
|
#---
|
||||||
#apiVersion: traefik.io/v1alpha1
|
#apiVersion: traefik.containo.us/v1alpha1
|
||||||
#kind: Middleware
|
#kind: Middleware
|
||||||
#metadata:
|
#metadata:
|
||||||
# name: ondemand
|
# name: ondemand
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue