Replace caretakerd with minit
This commit is contained in:
parent
88435e8361
commit
163e7fe08c
|
@ -1,4 +1,4 @@
|
|||
FROM danielberteaud/alpine:24.1-2
|
||||
FROM danielberteaud/alpine:24.1-7
|
||||
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
||||
|
||||
ARG VERSION=3.0.0-beta5
|
||||
|
@ -11,7 +11,7 @@ RUN set -eux &&\
|
|||
curl -sSLO "https://github.com/traefik/traefik/releases/download/v${VERSION}/traefik_v${VERSION}_checksums.txt" &&\
|
||||
grep traefik_v${VERSION}_linux_amd64.tar.gz traefik_v${VERSION}_checksums.txt | sha256sum -c &&\
|
||||
tar xzvf traefik_v${VERSION}_linux_amd64.tar.gz -C /usr/local/bin traefik &&\
|
||||
rm -f traefik_v${VERSION}_linux_amd64.tar.gz &&\
|
||||
rm -f traefik_v${VERSION}_linux_amd64.tar.gz traefik_v${VERSION}_checksums.txt &&\
|
||||
chmod +x /usr/local/bin/traefik
|
||||
|
||||
EXPOSE 80
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
job "traefik" {
|
||||
|
||||
|
||||
datacenters = ["dc1"]
|
||||
priority = 100
|
||||
|
||||
|
@ -65,13 +67,13 @@ job "traefik" {
|
|||
"traefik.http.routers.traefik-api.rule=(Host(`traefik.example.org`) || HostRegexp(`(.+\\.)?traefik.service.consul`)) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))",
|
||||
"traefik.http.routers.traefik-api.entrypoints=https",
|
||||
"traefik.http.routers.traefik-api.service=api@internal",
|
||||
"traefik.http.routers.traefik-api.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file,csp-relaxed@file,ip-trusted@file,csp-strict@file,traefik-path",
|
||||
"traefik.http.routers.traefik-api.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,ip-trusted@file,csp-strict@file,traefik-path",
|
||||
|
||||
"traefik.http.routers.traefik-ping.rule=(Host(`traefik.example.org`) || HostRegexp(`(.+\\.)?traefik.service.consul`)) && Path(`/ping`) && Method(`GET`)",
|
||||
"traefik.http.routers.traefik-ping.entrypoints=http,https",
|
||||
"traefik.http.routers.traefik-ping.service=ping@internal",
|
||||
"traefik.http.routers.traefik-ping.priority=2000",
|
||||
"traefik.http.routers.traefik-ping.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file,csp-relaxed@file",
|
||||
"traefik.http.routers.traefik-ping.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file",
|
||||
|
||||
"traefik-${NOMAD_ALLOC_INDEX}"
|
||||
]
|
||||
|
@ -86,7 +88,7 @@ job "traefik" {
|
|||
}
|
||||
|
||||
config {
|
||||
image = "danielberteaud/traefik:3.0.0-beta5-1"
|
||||
image = "danielberteaud/traefik:3.0.0-beta5-2"
|
||||
command = "traefik"
|
||||
args = [
|
||||
"--configfile=/secrets/traefik.yml"
|
||||
|
|
|
@ -11,7 +11,7 @@ RUN set -eux &&\
|
|||
curl -sSLO "https://github.com/traefik/traefik/releases/download/v${VERSION}/traefik_v${VERSION}_checksums.txt" &&\
|
||||
grep traefik_v${VERSION}_linux_amd64.tar.gz traefik_v${VERSION}_checksums.txt | sha256sum -c &&\
|
||||
tar xzvf traefik_v${VERSION}_linux_amd64.tar.gz -C /usr/local/bin traefik &&\
|
||||
rm -f traefik_v${VERSION}_linux_amd64.tar.gz &&\
|
||||
rm -f traefik_v${VERSION}_linux_amd64.tar.gz traefik_v${VERSION}_checksums.txt &&\
|
||||
chmod +x /usr/local/bin/traefik
|
||||
|
||||
EXPOSE 80
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
services:
|
||||
lemonldap:
|
||||
type: master
|
||||
command: ["lemonldap-ng"]
|
||||
local_cache:
|
||||
command: ["/usr/libexec/lemonldap-ng/bin/purgeLocalCache"]
|
||||
cronExpression: '1 * * * *'
|
||||
logger:
|
||||
level: debug
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
kind: daemon
|
||||
name: lemonldap
|
||||
command: ["lemonldap-ng"]
|
||||
|
||||
---
|
||||
kind: cron
|
||||
name: local_cache
|
||||
command: ["/usr/libexec/lemonldap-ng/bin/purgeLocalCache"]
|
||||
cron: [[ .llng.portal.cron.clean_local_cache | toJSON ]]
|
|
@ -1,8 +1,10 @@
|
|||
[[ $c:= merge .traefik . -]]
|
||||
|
||||
job [[ .instance | toJSON ]] {
|
||||
job "[[ .instance ]]" {
|
||||
|
||||
[[- template "common/job_start" $c ]]
|
||||
[[- $c:= merge .traefik . ]]
|
||||
|
||||
[[ template "common/job_start" $c ]]
|
||||
|
||||
group "traefik" {
|
||||
count = [[ .traefik.count ]]
|
||||
|
@ -17,7 +19,7 @@ job [[ .instance | toJSON ]] {
|
|||
network {
|
||||
mode = "bridge"
|
||||
|
||||
[[- range $name, $def := .traefik.entrypoints ]]
|
||||
[[- range $name, $def := $c.entrypoints ]]
|
||||
[[- if or (not (has $def "enabled")) ($def.enabled) ]]
|
||||
port "[[ $name ]]" {
|
||||
[[- if has $def "static" ]]
|
||||
|
@ -35,14 +37,14 @@ job [[ .instance | toJSON ]] {
|
|||
}
|
||||
|
||||
service {
|
||||
name = "traefik-sidecar[[ .consul.suffix ]]"
|
||||
name = "[[ .instance ]]-sidecar[[ .consul.suffix ]]"
|
||||
port = "https"
|
||||
|
||||
[[ template "common/connect" $c ]]
|
||||
}
|
||||
|
||||
service {
|
||||
name = "[[ .instance ]]"
|
||||
name = "[[ .instance ]][[ .consul.suffix ]]"
|
||||
port = "https"
|
||||
task = "traefik"
|
||||
|
||||
|
@ -79,7 +81,7 @@ job [[ .instance | toJSON ]] {
|
|||
[[- end ]]
|
||||
|
||||
task "traefik" {
|
||||
driver = [[ $c.nomad.driver | toJSON ]]
|
||||
driver = "[[ $c.nomad.driver ]]"
|
||||
user = 5443
|
||||
|
||||
vault {
|
||||
|
@ -121,7 +123,7 @@ _EOF
|
|||
|
||||
[[ end -]]
|
||||
|
||||
[[ template "common/resources" .traefik.resources ]]
|
||||
[[ template "common/resources" $c ]]
|
||||
}
|
||||
|
||||
[[- if .lemonldap.enabled ]]
|
||||
|
@ -130,10 +132,10 @@ _EOF
|
|||
|
||||
# LL::NG handler for sso
|
||||
task "lemonldap-ng-handler" {
|
||||
driver = [[ $c.nomad.driver | toJSON ]]
|
||||
driver = "[[ $c.nomad.driver ]]"
|
||||
|
||||
config {
|
||||
image = [[ .lemonldap.image | toJSON ]]
|
||||
image = "[[ .lemonldap.image ]]"
|
||||
volumes = [
|
||||
"secrets/lemonldap-ng.ini:/etc/lemonldap-ng/lemonldap-ng.ini:ro",
|
||||
# Workaround this bug: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3047
|
||||
|
@ -149,13 +151,13 @@ _EOF
|
|||
}
|
||||
|
||||
env {
|
||||
CTD_CONFIG = "/local/caretakerd.yaml"
|
||||
LLNG_SOCKET_PROTO = "http"
|
||||
LLNG_LISTEN = "127.0.0.1:8183"
|
||||
SOURCE_SERVER = "traefik"
|
||||
MINIT_UNIT_DIR = "/local/minit.d"
|
||||
}
|
||||
|
||||
[[ template "common/file_env" $c.env ]]
|
||||
[[ template "common/file_env" $c ]]
|
||||
|
||||
vault {
|
||||
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
|
||||
|
@ -182,12 +184,12 @@ _EOT
|
|||
|
||||
template {
|
||||
data =<<_EOT
|
||||
[[ template "traefik/caretakerd.yaml.tpl" . ]]
|
||||
[[ template "traefik/minit.yml.tpl" . ]]
|
||||
_EOT
|
||||
destination = "local/caretakerd.yaml"
|
||||
destination = "local/minit.d/lemonldap-ng.yml"
|
||||
}
|
||||
|
||||
[[ template "common/resources" .lemonldap.resources ]]
|
||||
[[ template "common/resources" $c ]]
|
||||
}
|
||||
[[- end ]]
|
||||
}
|
||||
|
|
|
@ -6,7 +6,7 @@ instance: traefik
|
|||
traefik:
|
||||
|
||||
# Docker image to use for Traefik
|
||||
image: '[[ .docker.repo ]]traefik:3.0.0-beta5-1'
|
||||
image: '[[ .docker.repo ]]traefik:3.0.0-beta5-2'
|
||||
|
||||
# Resources for traefik instances
|
||||
resources:
|
||||
|
|
Loading…
Reference in New Issue