Replace caretakerd with minit
This commit is contained in:
parent
88435e8361
commit
163e7fe08c
|
@ -1,4 +1,4 @@
|
||||||
FROM danielberteaud/alpine:24.1-2
|
FROM danielberteaud/alpine:24.1-7
|
||||||
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
||||||
|
|
||||||
ARG VERSION=3.0.0-beta5
|
ARG VERSION=3.0.0-beta5
|
||||||
|
@ -11,7 +11,7 @@ RUN set -eux &&\
|
||||||
curl -sSLO "https://github.com/traefik/traefik/releases/download/v${VERSION}/traefik_v${VERSION}_checksums.txt" &&\
|
curl -sSLO "https://github.com/traefik/traefik/releases/download/v${VERSION}/traefik_v${VERSION}_checksums.txt" &&\
|
||||||
grep traefik_v${VERSION}_linux_amd64.tar.gz traefik_v${VERSION}_checksums.txt | sha256sum -c &&\
|
grep traefik_v${VERSION}_linux_amd64.tar.gz traefik_v${VERSION}_checksums.txt | sha256sum -c &&\
|
||||||
tar xzvf traefik_v${VERSION}_linux_amd64.tar.gz -C /usr/local/bin traefik &&\
|
tar xzvf traefik_v${VERSION}_linux_amd64.tar.gz -C /usr/local/bin traefik &&\
|
||||||
rm -f traefik_v${VERSION}_linux_amd64.tar.gz &&\
|
rm -f traefik_v${VERSION}_linux_amd64.tar.gz traefik_v${VERSION}_checksums.txt &&\
|
||||||
chmod +x /usr/local/bin/traefik
|
chmod +x /usr/local/bin/traefik
|
||||||
|
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
job "traefik" {
|
job "traefik" {
|
||||||
|
|
||||||
|
|
||||||
datacenters = ["dc1"]
|
datacenters = ["dc1"]
|
||||||
priority = 100
|
priority = 100
|
||||||
|
|
||||||
|
@ -65,13 +67,13 @@ job "traefik" {
|
||||||
"traefik.http.routers.traefik-api.rule=(Host(`traefik.example.org`) || HostRegexp(`(.+\\.)?traefik.service.consul`)) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))",
|
"traefik.http.routers.traefik-api.rule=(Host(`traefik.example.org`) || HostRegexp(`(.+\\.)?traefik.service.consul`)) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))",
|
||||||
"traefik.http.routers.traefik-api.entrypoints=https",
|
"traefik.http.routers.traefik-api.entrypoints=https",
|
||||||
"traefik.http.routers.traefik-api.service=api@internal",
|
"traefik.http.routers.traefik-api.service=api@internal",
|
||||||
"traefik.http.routers.traefik-api.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file,csp-relaxed@file,ip-trusted@file,csp-strict@file,traefik-path",
|
"traefik.http.routers.traefik-api.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,ip-trusted@file,csp-strict@file,traefik-path",
|
||||||
|
|
||||||
"traefik.http.routers.traefik-ping.rule=(Host(`traefik.example.org`) || HostRegexp(`(.+\\.)?traefik.service.consul`)) && Path(`/ping`) && Method(`GET`)",
|
"traefik.http.routers.traefik-ping.rule=(Host(`traefik.example.org`) || HostRegexp(`(.+\\.)?traefik.service.consul`)) && Path(`/ping`) && Method(`GET`)",
|
||||||
"traefik.http.routers.traefik-ping.entrypoints=http,https",
|
"traefik.http.routers.traefik-ping.entrypoints=http,https",
|
||||||
"traefik.http.routers.traefik-ping.service=ping@internal",
|
"traefik.http.routers.traefik-ping.service=ping@internal",
|
||||||
"traefik.http.routers.traefik-ping.priority=2000",
|
"traefik.http.routers.traefik-ping.priority=2000",
|
||||||
"traefik.http.routers.traefik-ping.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file,compression@file,csp-relaxed@file",
|
"traefik.http.routers.traefik-ping.middlewares=rate-limit-std@file,inflight-std@file,security-headers@file,hsts@file",
|
||||||
|
|
||||||
"traefik-${NOMAD_ALLOC_INDEX}"
|
"traefik-${NOMAD_ALLOC_INDEX}"
|
||||||
]
|
]
|
||||||
|
@ -86,7 +88,7 @@ job "traefik" {
|
||||||
}
|
}
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "danielberteaud/traefik:3.0.0-beta5-1"
|
image = "danielberteaud/traefik:3.0.0-beta5-2"
|
||||||
command = "traefik"
|
command = "traefik"
|
||||||
args = [
|
args = [
|
||||||
"--configfile=/secrets/traefik.yml"
|
"--configfile=/secrets/traefik.yml"
|
||||||
|
|
|
@ -11,7 +11,7 @@ RUN set -eux &&\
|
||||||
curl -sSLO "https://github.com/traefik/traefik/releases/download/v${VERSION}/traefik_v${VERSION}_checksums.txt" &&\
|
curl -sSLO "https://github.com/traefik/traefik/releases/download/v${VERSION}/traefik_v${VERSION}_checksums.txt" &&\
|
||||||
grep traefik_v${VERSION}_linux_amd64.tar.gz traefik_v${VERSION}_checksums.txt | sha256sum -c &&\
|
grep traefik_v${VERSION}_linux_amd64.tar.gz traefik_v${VERSION}_checksums.txt | sha256sum -c &&\
|
||||||
tar xzvf traefik_v${VERSION}_linux_amd64.tar.gz -C /usr/local/bin traefik &&\
|
tar xzvf traefik_v${VERSION}_linux_amd64.tar.gz -C /usr/local/bin traefik &&\
|
||||||
rm -f traefik_v${VERSION}_linux_amd64.tar.gz &&\
|
rm -f traefik_v${VERSION}_linux_amd64.tar.gz traefik_v${VERSION}_checksums.txt &&\
|
||||||
chmod +x /usr/local/bin/traefik
|
chmod +x /usr/local/bin/traefik
|
||||||
|
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
services:
|
|
||||||
lemonldap:
|
|
||||||
type: master
|
|
||||||
command: ["lemonldap-ng"]
|
|
||||||
local_cache:
|
|
||||||
command: ["/usr/libexec/lemonldap-ng/bin/purgeLocalCache"]
|
|
||||||
cronExpression: '1 * * * *'
|
|
||||||
logger:
|
|
||||||
level: debug
|
|
10
templates/minit.yml.tpl
Normal file
10
templates/minit.yml.tpl
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
kind: daemon
|
||||||
|
name: lemonldap
|
||||||
|
command: ["lemonldap-ng"]
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: cron
|
||||||
|
name: local_cache
|
||||||
|
command: ["/usr/libexec/lemonldap-ng/bin/purgeLocalCache"]
|
||||||
|
cron: [[ .llng.portal.cron.clean_local_cache | toJSON ]]
|
|
@ -1,8 +1,10 @@
|
||||||
[[ $c:= merge .traefik . -]]
|
[[ $c:= merge .traefik . -]]
|
||||||
|
|
||||||
job [[ .instance | toJSON ]] {
|
job "[[ .instance ]]" {
|
||||||
|
|
||||||
[[- template "common/job_start" $c ]]
|
[[- $c:= merge .traefik . ]]
|
||||||
|
|
||||||
|
[[ template "common/job_start" $c ]]
|
||||||
|
|
||||||
group "traefik" {
|
group "traefik" {
|
||||||
count = [[ .traefik.count ]]
|
count = [[ .traefik.count ]]
|
||||||
|
@ -17,7 +19,7 @@ job [[ .instance | toJSON ]] {
|
||||||
network {
|
network {
|
||||||
mode = "bridge"
|
mode = "bridge"
|
||||||
|
|
||||||
[[- range $name, $def := .traefik.entrypoints ]]
|
[[- range $name, $def := $c.entrypoints ]]
|
||||||
[[- if or (not (has $def "enabled")) ($def.enabled) ]]
|
[[- if or (not (has $def "enabled")) ($def.enabled) ]]
|
||||||
port "[[ $name ]]" {
|
port "[[ $name ]]" {
|
||||||
[[- if has $def "static" ]]
|
[[- if has $def "static" ]]
|
||||||
|
@ -35,14 +37,14 @@ job [[ .instance | toJSON ]] {
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
name = "traefik-sidecar[[ .consul.suffix ]]"
|
name = "[[ .instance ]]-sidecar[[ .consul.suffix ]]"
|
||||||
port = "https"
|
port = "https"
|
||||||
|
|
||||||
[[ template "common/connect" $c ]]
|
[[ template "common/connect" $c ]]
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
name = "[[ .instance ]]"
|
name = "[[ .instance ]][[ .consul.suffix ]]"
|
||||||
port = "https"
|
port = "https"
|
||||||
task = "traefik"
|
task = "traefik"
|
||||||
|
|
||||||
|
@ -79,7 +81,7 @@ job [[ .instance | toJSON ]] {
|
||||||
[[- end ]]
|
[[- end ]]
|
||||||
|
|
||||||
task "traefik" {
|
task "traefik" {
|
||||||
driver = [[ $c.nomad.driver | toJSON ]]
|
driver = "[[ $c.nomad.driver ]]"
|
||||||
user = 5443
|
user = 5443
|
||||||
|
|
||||||
vault {
|
vault {
|
||||||
|
@ -121,7 +123,7 @@ _EOF
|
||||||
|
|
||||||
[[ end -]]
|
[[ end -]]
|
||||||
|
|
||||||
[[ template "common/resources" .traefik.resources ]]
|
[[ template "common/resources" $c ]]
|
||||||
}
|
}
|
||||||
|
|
||||||
[[- if .lemonldap.enabled ]]
|
[[- if .lemonldap.enabled ]]
|
||||||
|
@ -130,10 +132,10 @@ _EOF
|
||||||
|
|
||||||
# LL::NG handler for sso
|
# LL::NG handler for sso
|
||||||
task "lemonldap-ng-handler" {
|
task "lemonldap-ng-handler" {
|
||||||
driver = [[ $c.nomad.driver | toJSON ]]
|
driver = "[[ $c.nomad.driver ]]"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = [[ .lemonldap.image | toJSON ]]
|
image = "[[ .lemonldap.image ]]"
|
||||||
volumes = [
|
volumes = [
|
||||||
"secrets/lemonldap-ng.ini:/etc/lemonldap-ng/lemonldap-ng.ini:ro",
|
"secrets/lemonldap-ng.ini:/etc/lemonldap-ng/lemonldap-ng.ini:ro",
|
||||||
# Workaround this bug: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3047
|
# Workaround this bug: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3047
|
||||||
|
@ -149,13 +151,13 @@ _EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
env {
|
env {
|
||||||
CTD_CONFIG = "/local/caretakerd.yaml"
|
|
||||||
LLNG_SOCKET_PROTO = "http"
|
LLNG_SOCKET_PROTO = "http"
|
||||||
LLNG_LISTEN = "127.0.0.1:8183"
|
LLNG_LISTEN = "127.0.0.1:8183"
|
||||||
SOURCE_SERVER = "traefik"
|
SOURCE_SERVER = "traefik"
|
||||||
|
MINIT_UNIT_DIR = "/local/minit.d"
|
||||||
}
|
}
|
||||||
|
|
||||||
[[ template "common/file_env" $c.env ]]
|
[[ template "common/file_env" $c ]]
|
||||||
|
|
||||||
vault {
|
vault {
|
||||||
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
|
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
|
||||||
|
@ -182,12 +184,12 @@ _EOT
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data =<<_EOT
|
data =<<_EOT
|
||||||
[[ template "traefik/caretakerd.yaml.tpl" . ]]
|
[[ template "traefik/minit.yml.tpl" . ]]
|
||||||
_EOT
|
_EOT
|
||||||
destination = "local/caretakerd.yaml"
|
destination = "local/minit.d/lemonldap-ng.yml"
|
||||||
}
|
}
|
||||||
|
|
||||||
[[ template "common/resources" .lemonldap.resources ]]
|
[[ template "common/resources" $c ]]
|
||||||
}
|
}
|
||||||
[[- end ]]
|
[[- end ]]
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,7 +6,7 @@ instance: traefik
|
||||||
traefik:
|
traefik:
|
||||||
|
|
||||||
# Docker image to use for Traefik
|
# Docker image to use for Traefik
|
||||||
image: '[[ .docker.repo ]]traefik:3.0.0-beta5-1'
|
image: '[[ .docker.repo ]]traefik:3.0.0-beta5-2'
|
||||||
|
|
||||||
# Resources for traefik instances
|
# Resources for traefik instances
|
||||||
resources:
|
resources:
|
||||||
|
|
Loading…
Reference in New Issue
Block a user