Cleanup

consul/policies/traefik.hcl

@@ -1,4 +1,4 @@
-key_prefix "service/[[ .traefik.instance ]]" {
+key_prefix "service/[[ .instance ]]" {
   policy = "read"
 }
 
@@ -6,7 +6,7 @@ key_prefix "common/ip" {
   policy = "read"
 }
 
-service "[[ .traefik.instance ]]" {
+service "[[ .instance ]]" {
   policy = "write"
 }
 

prep.d/rename_policies.sh

@@ -1,15 +1 @@
-#!/bin/sh
-
-# vim: syntax=sh
-
-set -euo pipefail
-
-[[- if ne .traefik.instance "traefik" ]]
-# Rename policies (consul and vault) to match Traefik instance name
-for TOOL in vault consul; do
-  echo "Renaming ${TOOL} policy to [[ .traefik.instance ]]"
-  mv output/${TOOL}/policies/traefik.hcl output/${TOOL}/policies/[[ .traefik.instance ]].hcl
-done
-[[- else ]]
-echo "No need to rename policy files"
-[[- end ]]
+[[ template "common/mv_conf.sh" dict "ctx" . "services" (dict "traefik" .instance) ]]

templates/traefik.yml.tpl

@@ -40,7 +40,7 @@ api:
 
 providers:
   consulCatalog:
-    prefix: [[ .traefik.instance ]]
+    prefix: [[ .instance ]]
     endpoint:
       address: {{ sockaddr "GetInterfaceIP \"nomad\"" }}:8500
       scheme: http
@@ -48,7 +48,7 @@ providers:
     exposedByDefault: False
     connectAware: True
     connectByDefault: True
-    serviceName: [[ .traefik.instance ]]
+    serviceName: [[ .instance ]]
     refreshInterval: 5s
     watch: True
   file:

traefik.nomad.hcl

@@ -1,8 +1,8 @@
 [[ $c:= merge .traefik . -]]
 
-job [[ .traefik.instance | toJSON ]] {
+job [[ .instance | toJSON ]] {
 
-[[- template "common/job_start.tpl" $c ]]
+[[- template "common/job_start" $c ]]
 
   group "traefik" {
     count          = [[ .traefik.count ]]
@@ -36,15 +36,15 @@ job [[ .traefik.instance | toJSON ]] {
       name = "traefik-sidecar[[ .consul.suffix ]]"
       port = "https"
 
-[[ template "common/connect.tpl" $c ]]
+[[ template "common/connect" $c ]]
     }
 
     service {
-      name = "[[ .traefik.instance ]]"
+      name = "[[ .instance ]]"
       port = "https"
       task = "traefik"
 
-[[ template "common/metrics-meta.tpl" $c ]]
+[[ template "common/metrics-meta" $c ]]
 
       # Traefik supports native Consul service mesh
       connect {
@@ -52,28 +52,28 @@ job [[ .traefik.instance | toJSON ]] {
       }
 
       tags = [
-        "[[ .traefik.instance ]].enable=true",
+        "[[ .instance ]].enable=true",
 
-        "[[ .traefik.instance ]].http.middlewares.[[ .traefik.instance ]]-path.replacepathregex.regex=^[[ (.traefik.public_url | urlParse).Path |regexp.Replace "/$" "" ]]/(.*)",
-        "[[ .traefik.instance ]].http.middlewares.[[ .traefik.instance ]]-path.replacepathregex.replacement=/dashboard/$${1}",
+        "[[ .instance ]].http.middlewares.[[ .instance ]]-path.replacepathregex.regex=^[[ (.traefik.public_url | urlParse).Path |regexp.Replace "/$" "" ]]/(.*)",
+        "[[ .instance ]].http.middlewares.[[ .instance ]]-path.replacepathregex.replacement=/dashboard/$${1}",
 
-        "[[ .traefik.instance ]].http.routers.[[ .traefik.instance ]]-api.rule=(Host(`[[ (.traefik.public_url | urlParse).Hostname ]]`) || HostRegexp(`(.+\\.)?[[ .traefik.instance ]].service.[[ .consul.domain ]]`)) && (PathPrefix(`/api`) || PathPrefix(`[[ (.traefik.public_url | urlParse).Path ]]`))",
-        "[[ .traefik.instance ]].http.routers.[[ .traefik.instance ]]-api.entrypoints=[[ join (merge .traefik.api.traefik .traefik).entrypoints "," ]]",
-        "[[ .traefik.instance ]].http.routers.[[ .traefik.instance ]]-api.service=api@internal",
-        "[[ .traefik.instance ]].http.routers.[[ .traefik.instance ]]-api.middlewares=[[ template "common/traefik_middlewares.tpl" merge .traefik.api.traefik .traefik ]],traefik-path",
+        "[[ .instance ]].http.routers.[[ .instance ]]-api.rule=(Host(`[[ (.traefik.public_url | urlParse).Hostname ]]`) || HostRegexp(`(.+\\.)?[[ .instance ]].service.[[ .consul.domain ]]`)) && (PathPrefix(`/api`) || PathPrefix(`[[ (.traefik.public_url | urlParse).Path ]]`))",
+        "[[ .instance ]].http.routers.[[ .instance ]]-api.entrypoints=[[ join (merge .traefik.api.traefik .traefik).entrypoints "," ]]",
+        "[[ .instance ]].http.routers.[[ .instance ]]-api.service=api@internal",
+        "[[ .instance ]].http.routers.[[ .instance ]]-api.middlewares=[[ template "common/traefik_middlewares" merge .traefik.api.traefik .traefik ]],traefik-path",
 
-        "[[ .traefik.instance ]].http.routers.[[ .traefik.instance ]]-ping.rule=(Host(`[[ (.traefik.public_url | urlParse).Hostname ]]`) || HostRegexp(`(.+\\.)?[[ .traefik.instance ]].service.[[ .consul.domain ]]`)) && Path(`/ping`) && Method(`GET`)",
-        "[[ .traefik.instance ]].http.routers.[[ .traefik.instance ]]-ping.entrypoints=[[ join (merge .traefik.ping.traefik .traefik).entrypoints "," ]]",
-        "[[ .traefik.instance ]].http.routers.[[ .traefik.instance ]]-ping.service=ping@internal",
-        "[[ .traefik.instance ]].http.routers.[[ .traefik.instance ]]-ping.priority=[[ .traefik.ping.traefik.priority ]]",
-        "[[ .traefik.instance ]].http.routers.[[ .traefik.instance ]]-ping.middlewares=[[ template "common/traefik_middlewares.tpl" merge .traefik.ping.traefik .traefik ]]",
+        "[[ .instance ]].http.routers.[[ .instance ]]-ping.rule=(Host(`[[ (.traefik.public_url | urlParse).Hostname ]]`) || HostRegexp(`(.+\\.)?[[ .instance ]].service.[[ .consul.domain ]]`)) && Path(`/ping`) && Method(`GET`)",
+        "[[ .instance ]].http.routers.[[ .instance ]]-ping.entrypoints=[[ join (merge .traefik.ping.traefik .traefik).entrypoints "," ]]",
+        "[[ .instance ]].http.routers.[[ .instance ]]-ping.service=ping@internal",
+        "[[ .instance ]].http.routers.[[ .instance ]]-ping.priority=[[ .traefik.ping.traefik.priority ]]",
+        "[[ .instance ]].http.routers.[[ .instance ]]-ping.middlewares=[[ template "common/traefik_middlewares" merge .traefik.ping.traefik .traefik ]]",
 
         "traefik-${NOMAD_ALLOC_INDEX}"
       ]
     }
 
 [[- if.prometheus.enabled ]]
-  [[- template "common/task.metrics_proxy.tpl" $c ]]
+  [[- template "common/task.metrics_proxy" $c ]]
 [[- end ]]
 
     task "traefik" {
@@ -81,7 +81,7 @@ job [[ .traefik.instance | toJSON ]] {
       user   = 5443
 
       vault {
-        policies = ["[[ .traefik.instance ]][[ .consul.suffix ]]"]
+        policies = ["[[ .instance ]][[ .consul.suffix ]]"]
       }
 
       config {
@@ -119,7 +119,7 @@ _EOF
 
 [[ end -]]
 
-[[ template "common/resources.tpl" .traefik.resources ]]
+[[ template "common/resources" .traefik.resources ]]
     }
 
 [[- if .lemonldap.enabled ]]
@@ -144,7 +144,7 @@ _EOF
       }
 
       vault {
-        policies     = ["[[ .traefik.instance ]][[ .consul.suffix ]]"]
+        policies     = ["[[ .instance ]][[ .consul.suffix ]]"]
         env          = false
         disable_file = true
       }
@@ -166,7 +166,7 @@ _EOT
         destination = "local/Traefik.pm"
       }
 
-      [[ template "common/resources.tpl" .lemonldap.resources ]]
+      [[ template "common/resources" .lemonldap.resources ]]
     }
 [[- end ]]
   }

variables.yml

@@ -1,12 +1,12 @@
 ---
 
+# Instance (if several instances run on the same namespace)
+instance: traefik
+
 traefik:
 
-  # Instance (if several instances run on the same namespace)
-  instance: traefik
-
   # Docker image to use for Traefik
-  image: danielberteaud/traefik:3.0.0-beta5-1
+  image: '[[ .docker.repo ]]traefik:3.0.0-beta5-1'
 
   # Resources for traefik instances
   resources:
@@ -86,7 +86,7 @@ lemonldap:
   enabled: False
 
   # Docker image to use for Lemonldap::NG handler
-  image: danielberteaud/lemonldap-ng-handler:2.17.2-1
+  image: '[[ .docker.repo ]]lemonldap-ng-handler:2.17.2-1'
 
   # Resources for Lemonldap::NG handlers
   resources: