- name: traefik setup block: # - name: Deploy Traefik CRDs # kubernetes.core.k8s: # state: present # context: "{{ my_context }}" # apply: true # definition: "{{ lookup('url', item , split_lines=False) | from_yaml_all }}" # with_items: ## - "https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml" # - "https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml" ## - "https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml" ## ansible.builtin.command: > ## kubectl --context "{{ my_context }}" apply --server-side --force-conflicts -k ## https://github.com/traefik/traefik-helm-chart/tree/v{{ traefik_helm_chart_version }}/traefik/crds/ - name: namespace kubernetes.core.k8s: state: present context: "{{ my_context }}" merge_type: merge definition: api_version: v1 kind: Namespace metadata: name: '{{ traefik_namespace }}' labels: namespace: '{{ traefik_namespace }}' - name: Create a Secret object for basic authentification kubernetes.core.k8s: state: present context: "{{ my_context }}" namespace: '{{ traefik_namespace }}' definition: apiVersion: v1 kind: Secret metadata: name: basic-auth type: Opaque data: basic_auth: "{{ basic_auth_data | b64encode }}" when: - basic_auth|bool - name: Add host label for traefik deployment kubernetes.core.k8s: state: present context: "{{ my_context }}" definition: apiVersion: v1 kind: Node metadata: name: "{{ item }}" labels: entrypoint: traefik with_items: - '{{ traefik_node_selector }}' when: - traefik_node_selector is defined - name: Deploy latest version of CrowdSec Traefik bouncer kubernetes.core.helm: context: "{{ my_context }}" name: crowdsec-traefik-bouncer release_namespace: "{{ traefik_namespace }}" create_namespace: true chart_ref: crowdsec/crowdsec-traefik-bouncer chart_version: "{{ crowdsec_traefik_bouncer_chart_version }}" values: image: tag: "0.5.0" bouncer: crowdsec_bouncer_api_key: "{{ traefik_crowdsec_bouncer_apikey }}" crowdsec_agent_host: "crowdsec-service.{{ crowdsec_namespace }}.svc.cluster.local:8080" crowdsec_bouncer_gin_mode: "release" replicaCount: 1 podSecurityContext: fsGroup: 2000 securityContext: capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 when: - traefik_crowdsec_bouncer_apikey is defined # - name: Get Deployment information object # kubernetes.core.k8s_info: # context: "{{ my_context }}" # api_version: v1 # kind: DaemonSet # name: traefik # namespace: '{{ traefik_namespace }}' # field_selectors: # - spec.template.spec.containers.image # register: traefik_actual_resources # # - name: Retreive actual traefik version # ansible.builtin.shell: echo "{{ traefik_actual_resources.resources }}" | sed "s/.*traefik:\([0-9]\.[0-9]*\).*/\1/" | uniq # register: traefik_actual_version # # - name: Remove old traefik version {{ traefik_actual_version.stdout }} # kubernetes.core.k8s: # state: "absent" # context: "{{ my_context }}" # resource_definition: "{{ lookup('template', item) | from_yaml }}" # with_items: # - "{{ lookup('vars', 'traefik_' + traefik_actual_version.stdout | regex_replace('[.]','_') + '_list') | reverse | list }}" ## - hostvars[inventory_hostname]['traefik_' + traefik_actual_version.stdout + '_list'] | reverse # when: # - not traefik_actual_version.stdout == "[]" # - not traefik_version == traefik_actual_version.stdout # - traefik_actual_version.stdout is version(traefik_version, '>') # https://github.com/traefik/traefik-helm-chart - name: Defined traefik repository kubernetes.core.helm_repository: name: traefik repo_url: "https://helm.traefik.io/traefik" - name: Deploy Traefik CRDs kubernetes.core.helm: context: "{{ my_context }}" name: traefik-crds chart_ref: traefik/traefik-crds chart_version: "{{ traefikcrds_helm_chart_version }}" release_namespace: "{{ traefik_namespace }}" create_namespace: true # - name: show templating results # ansible.builtin.debug: # msg: "{{ lookup('ansible.builtin.template', 'traefik-helm-value.yaml.j2') }}" - name: Deploy latest version of Traefik kubernetes.core.helm: context: "{{ my_context }}" name: traefik chart_ref: traefik/traefik chart_version: "{{ traefik_helm_chart_version }}" release_namespace: "{{ traefik_namespace }}" create_namespace: true skip_crds: true values: "{{ lookup('template', 'traefik-helm-value.yaml.j2') | from_yaml }}" - name: Install traefik configuration kubernetes.core.k8s: state: "present" context: "{{ my_context }}" namespace: '{{ traefik_namespace }}' # merge_type: merge apply: true resource_definition: "{{ lookup('template', item) | from_yaml_all }}" with_items: - default-network-dns-policy.yaml.j2 # - "{{ lookup('vars', 'traefik_' + traefik_version | regex_replace('[.]','_') + '_list') }}" - traefik-certificate.yml.j2 - traefik-cm.yml.j2 - traefik-files.yml.j2 # - traefik-sa.yml.j2 - traefik-ingressroute.yml.j2 # - traefik-svc.yml.j2 # - traefik-defaultbackend.yml.j2 - name: Install traefik plugin's kubernetes.core.k8s: state: "present" context: "{{ my_context }}" namespace: '{{ traefik_namespace }}' # merge_type: merge apply: true resource_definition: "{{ lookup('template', item) | from_yaml_all }}" with_items: - traefik-ondemand-plugin.yml.j2 when: - traefik_ondemand is defined - name: ReInstall traefik-hub certificate if already know kubernetes.core.k8s: state: "present" context: "{{ my_context }}" namespace: '{{ traefik_namespace }}' # merge_type: merge # apply: true resource_definition: "{{ lookup('template', item) | from_yaml_all }}" with_items: - traefik-hub-certificate.yml.j2 when: - traefik_hub_tlscrt is defined - traefik_hub_tlskey is defined - name: Defined traefik-hub repository kubernetes.core.helm_repository: name: traefik-hub repo_url: "https://helm.traefik.io/hub" when: - traefik_hub_token is defined - name: Deploy latest version of Traefik-hub kubernetes.core.helm: context: "{{ my_context }}" name: hub-agent chart_ref: traefik-hub/hub-agent release_namespace: "{{ traefik_namespace }}" values: token: "{{ traefik_hub_token }}" when: - traefik_hub_token is defined # echo 'apiVersion: v1 # kind: Service # metadata: # annotations: # # external-dns.alpha.kubernetes.io/endpoints-type: HostIP # external-dns.alpha.kubernetes.io/hostname: traefik.ibm.reslinger.net # external-dns.alpha.kubernetes.io/endpoints-type: NodeExternalIP # # external-dns.alpha.kubernetes.io/target: "1.2.3.4" # name: traefik-dns # namespace: traefik # spec: # clusterIP: None # ports: # - name: web # port: 80 # protocol: TCP # targetPort: web # - name: websecure # port: 443 # protocol: TCP # targetPort: websecure # selector: # app.kubernetes.io/instance: traefik-traefik # app.kubernetes.io/name: traefik' | kubectl --context kubeibm -n traefik apply -f - # - name: Deploy latest version of Switchboard # kubernetes.core.helm: # context: "{{ my_context }}" # name: switchboard # chart_ref: oci://ghcr.io/borchero/charts/switchboard # release_namespace: "{{ traefik_namespace }}" # # values: "{{ lookup('template', 'traefik-helm-value.yaml.j2') | from_yaml }}" # values: # integrations: # # certManager: # # enabled: true # # issuer: "letsencrypt-prod" # externalDNS: # enabled: true # targetIPs: [10.144.217.172] - name: Install traefik grafana dashboard kubernetes.core.k8s: state: "present" context: "{{ my_context }}" namespace: 'traefik' apply: yes resource_definition: "{{ lookup('file', item) | from_yaml_all }}" with_items: - grafana-dashboard.yml tags: traefik