From 5fbb40ffda08624205e545604b0386aba9df9f3c Mon Sep 17 00:00:00 2001 From: Adrien Reslinger Date: Fri, 6 Dec 2019 14:54:01 +0100 Subject: [PATCH] Update for traefik 2.0 --- defaults/main.yml | 1 + tasks/main.yml | 33 +++++++++++++++++++- templates/weave_ingress.yaml.j2 | 54 +++++++++++++++++++++++++++++++++ 3 files changed, 87 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index da92659..66ae38c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,5 +5,6 @@ ingress_domain: "local.dataminem.net" # - 10.244.0.0/16 # - 192.168.140.0/24 basic_auth: false +#traefik_version: "2.0" scope_version: 1.12.0 diff --git a/tasks/main.yml b/tasks/main.yml index 0d45994..3d04ada 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -11,7 +11,7 @@ api_version: v1 kind: Namespace - - name: Create a Secret object for basic authentification + - name: Create a Secret object for basic authentification (traefik 1.7) k8s: state: present context: "{{ my_context }}" @@ -26,8 +26,39 @@ basic_auth: "{{ basic_auth_data | b64encode }}" when: - basic_auth == true + - traefik_version is not defined or traefik_version == "1.7" tags: weave + - name: Remove a Secret object for basic authentification (traefik 1.7) + k8s: + state: absent + context: "{{ my_context }}" + definition: + apiVersion: v1 + kind: Secret + metadata: + name: basic-auth + namespace: weave + type: Opaque + data: + basic_auth: "{{ basic_auth_data | b64encode }}" + when: + - traefik_version is defined + - traefik_version != "1.7" + tags: weave + + - name: Remove old existing Ingress object + k8s: + context: "{{ my_context }}" + state: absent + api_version: extensions/v1beta1 + kind: Ingress + namespace: weave + name: weave + when: + - traefik_version is defined + - traefik_version != "1.7" + # file found https://github.com/weaveworks/scope/tree/master/examples/k8s/ - name: Weave Scope files k8s: diff --git a/templates/weave_ingress.yaml.j2 b/templates/weave_ingress.yaml.j2 index 618f1ef..6916e68 100644 --- a/templates/weave_ingress.yaml.j2 +++ b/templates/weave_ingress.yaml.j2 @@ -1,4 +1,5 @@ --- +{% if traefik_version is not defined %} #will not work: weave hate https... apiVersion: extensions/v1beta1 kind: Ingress @@ -23,4 +24,57 @@ spec: backend: serviceName: weave-scope-app servicePort: 80 +{% else %} +{% if traefik_version == "2.0" %} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: weave + namespace: weave + labels: + app: weave +spec: + entryPoints: + - https + routes: + # Match is the rule corresponding to an underlying router. + # Later on, match could be the simple form of a path prefix, e.g. just "/bar", + # but for now we only support a traefik style matching rule. + - match: Host(`weave.{{ ingress_domain }}`) + # kind could eventually be one of "Rule", "Path", "Host", "Method", "Header", + # "Parameter", etc, to support simpler forms of rule matching, but for now we + # only support "Rule". + kind: Rule + # (optional) Priority disambiguates rules of the same length, for route matching. + priority: 12 +{% if basic_auth is defined or ingress_whitelist is defined %} + middlewares: +{% if basic_auth is defined %} + - name: basic-auth + namespace: tools +{% endif %} +{% if ingress_whitelist is defined %} + - name: traefik-ipwhitelist + namespace: tools +{% endif %} +{% endif %} + services: + - name: weave-scope-app + port: 80 + # (default 1) A weight used by the weighted round-robin strategy (WRR). + weight: 1 + # (default true) PassHostHeader controls whether to leave the request's Host + # Header as it was before it reached the proxy, or whether to let the proxy set it + # to the destination (backend) host. + passHostHeader: true + responseForwarding: + # (default 100ms) Interval between flushes of the buffered response body to the client. + flushInterval: 100ms + tls: + secretName: wildcard-cluster + options: + name: default + namespace: tools +{% endif %} +{% endif %} \ No newline at end of file