nomad/traefik
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleanup

Browse Source
This commit is contained in:
Daniel Berteaud 2023-12-21 23:27:52 +01:00
parent 21f02158d6
commit 6aa8a287ff
5 changed files with 32 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
consul/policies/traefik.hcl
View File

@ -1,4 +1,4 @@
key_prefix "service/[[ .traefik.instance ]]" { key_prefix "service/[[ .instance ]]" {
policy = "read" policy = "read"
} }
@ -6,7 +6,7 @@ key_prefix "common/ip" {
policy = "read" policy = "read"
} }
service "[[ .traefik.instance ]]" { service "[[ .instance ]]" {
policy = "write" policy = "write"
} }

16
prep.d/rename_policies.sh
View File

@ -1,15 +1 @@
#!/bin/sh [[ template "common/mv_conf.sh" dict "ctx" . "services" (dict "traefik" .instance) ]]
# vim: syntax=sh
set -euo pipefail
[[- if ne .traefik.instance "traefik" ]]
# Rename policies (consul and vault) to match Traefik instance name
for TOOL in vault consul; do
echo "Renaming ${TOOL} policy to [[ .traefik.instance ]]"
mv output/${TOOL}/policies/traefik.hcl output/${TOOL}/policies/[[ .traefik.instance ]].hcl
done
[[- else ]]
echo "No need to rename policy files"
[[- end ]]

4
templates/traefik.yml.tpl
View File

@ -40,7 +40,7 @@ api:
providers: providers:
consulCatalog: consulCatalog:
prefix: [[ .traefik.instance ]] prefix: [[ .instance ]]
endpoint: endpoint:
address: {{ sockaddr "GetInterfaceIP \"nomad\"" }}:8500 address: {{ sockaddr "GetInterfaceIP \"nomad\"" }}:8500
scheme: http scheme: http
@ -48,7 +48,7 @@ providers:
exposedByDefault: False exposedByDefault: False
connectAware: True connectAware: True
connectByDefault: True connectByDefault: True
serviceName: [[ .traefik.instance ]] serviceName: [[ .instance ]]
refreshInterval: 5s refreshInterval: 5s
watch: True watch: True
file: file:

44
traefik.nomad.hcl
View File

@ -1,8 +1,8 @@
[[ $c:= merge .traefik . -]] [[ $c:= merge .traefik . -]]
job [[ .traefik.instance | toJSON ]] { job [[ .instance | toJSON ]] {
[[- template "common/job_start.tpl" $c ]] [[- template "common/job_start" $c ]]
group "traefik" { group "traefik" {
count = [[ .traefik.count ]] count = [[ .traefik.count ]]
@ -36,15 +36,15 @@ job [[ .traefik.instance | toJSON ]] {
name = "traefik-sidecar[[ .consul.suffix ]]" name = "traefik-sidecar[[ .consul.suffix ]]"
port = "https" port = "https"
[[ template "common/connect.tpl" $c ]] [[ template "common/connect" $c ]]
} }
service { service {
name = "[[ .traefik.instance ]]" name = "[[ .instance ]]"
port = "https" port = "https"
task = "traefik" task = "traefik"
[[ template "common/metrics-meta.tpl" $c ]] [[ template "common/metrics-meta" $c ]]
# Traefik supports native Consul service mesh # Traefik supports native Consul service mesh
connect { connect {
@ -52,28 +52,28 @@ job [[ .traefik.instance | toJSON ]] {
} }
tags = [ tags = [
"[[ .traefik.instance ]].enable=true", "[[ .instance ]].enable=true",
"[[ .traefik.instance ]].http.middlewares.[[ .traefik.instance ]]-path.replacepathregex.regex=^[[ (.traefik.public_url | urlParse).Path |regexp.Replace "/$" "" ]]/(.*)", "[[ .instance ]].http.middlewares.[[ .instance ]]-path.replacepathregex.regex=^[[ (.traefik.public_url | urlParse).Path |regexp.Replace "/$" "" ]]/(.*)",
"[[ .traefik.instance ]].http.middlewares.[[ .traefik.instance ]]-path.replacepathregex.replacement=/dashboard/$${1}", "[[ .instance ]].http.middlewares.[[ .instance ]]-path.replacepathregex.replacement=/dashboard/$${1}",
"[[ .traefik.instance ]].http.routers.[[ .traefik.instance ]]-api.rule=(Host(`[[ (.traefik.public_url | urlParse).Hostname ]]`) || HostRegexp(`(.+\\.)?[[ .traefik.instance ]].service.[[ .consul.domain ]]`)) && (PathPrefix(`/api`) || PathPrefix(`[[ (.traefik.public_url | urlParse).Path ]]`))", "[[ .instance ]].http.routers.[[ .instance ]]-api.rule=(Host(`[[ (.traefik.public_url | urlParse).Hostname ]]`) || HostRegexp(`(.+\\.)?[[ .instance ]].service.[[ .consul.domain ]]`)) && (PathPrefix(`/api`) || PathPrefix(`[[ (.traefik.public_url | urlParse).Path ]]`))",
"[[ .traefik.instance ]].http.routers.[[ .traefik.instance ]]-api.entrypoints=[[ join (merge .traefik.api.traefik .traefik).entrypoints "," ]]", "[[ .instance ]].http.routers.[[ .instance ]]-api.entrypoints=[[ join (merge .traefik.api.traefik .traefik).entrypoints "," ]]",
"[[ .traefik.instance ]].http.routers.[[ .traefik.instance ]]-api.service=api@internal", "[[ .instance ]].http.routers.[[ .instance ]]-api.service=api@internal",
"[[ .traefik.instance ]].http.routers.[[ .traefik.instance ]]-api.middlewares=[[ template "common/traefik_middlewares.tpl" merge .traefik.api.traefik .traefik ]],traefik-path", "[[ .instance ]].http.routers.[[ .instance ]]-api.middlewares=[[ template "common/traefik_middlewares" merge .traefik.api.traefik .traefik ]],traefik-path",
"[[ .traefik.instance ]].http.routers.[[ .traefik.instance ]]-ping.rule=(Host(`[[ (.traefik.public_url | urlParse).Hostname ]]`) || HostRegexp(`(.+\\.)?[[ .traefik.instance ]].service.[[ .consul.domain ]]`)) && Path(`/ping`) && Method(`GET`)", "[[ .instance ]].http.routers.[[ .instance ]]-ping.rule=(Host(`[[ (.traefik.public_url | urlParse).Hostname ]]`) || HostRegexp(`(.+\\.)?[[ .instance ]].service.[[ .consul.domain ]]`)) && Path(`/ping`) && Method(`GET`)",
"[[ .traefik.instance ]].http.routers.[[ .traefik.instance ]]-ping.entrypoints=[[ join (merge .traefik.ping.traefik .traefik).entrypoints "," ]]", "[[ .instance ]].http.routers.[[ .instance ]]-ping.entrypoints=[[ join (merge .traefik.ping.traefik .traefik).entrypoints "," ]]",
"[[ .traefik.instance ]].http.routers.[[ .traefik.instance ]]-ping.service=ping@internal", "[[ .instance ]].http.routers.[[ .instance ]]-ping.service=ping@internal",
"[[ .traefik.instance ]].http.routers.[[ .traefik.instance ]]-ping.priority=[[ .traefik.ping.traefik.priority ]]", "[[ .instance ]].http.routers.[[ .instance ]]-ping.priority=[[ .traefik.ping.traefik.priority ]]",
"[[ .traefik.instance ]].http.routers.[[ .traefik.instance ]]-ping.middlewares=[[ template "common/traefik_middlewares.tpl" merge .traefik.ping.traefik .traefik ]]", "[[ .instance ]].http.routers.[[ .instance ]]-ping.middlewares=[[ template "common/traefik_middlewares" merge .traefik.ping.traefik .traefik ]]",
"traefik-${NOMAD_ALLOC_INDEX}" "traefik-${NOMAD_ALLOC_INDEX}"
] ]
} }
[[- if.prometheus.enabled ]] [[- if.prometheus.enabled ]]
[[- template "common/task.metrics_proxy.tpl" $c ]] [[- template "common/task.metrics_proxy" $c ]]
[[- end ]] [[- end ]]
task "traefik" { task "traefik" {
@ -81,7 +81,7 @@ job [[ .traefik.instance | toJSON ]] {
user = 5443 user = 5443
vault { vault {
policies = ["[[ .traefik.instance ]][[ .consul.suffix ]]"] policies = ["[[ .instance ]][[ .consul.suffix ]]"]
} }
config { config {
@ -119,7 +119,7 @@ _EOF
[[ end -]] [[ end -]]
[[ template "common/resources.tpl" .traefik.resources ]] [[ template "common/resources" .traefik.resources ]]
} }
[[- if .lemonldap.enabled ]] [[- if .lemonldap.enabled ]]
@ -144,7 +144,7 @@ _EOF
} }
vault { vault {
policies = ["[[ .traefik.instance ]][[ .consul.suffix ]]"] policies = ["[[ .instance ]][[ .consul.suffix ]]"]
env = false env = false
disable_file = true disable_file = true
} }
@ -166,7 +166,7 @@ _EOT
destination = "local/Traefik.pm" destination = "local/Traefik.pm"
} }
[[ template "common/resources.tpl" .lemonldap.resources ]] [[ template "common/resources" .lemonldap.resources ]]
} }
[[- end ]] [[- end ]]
} }

10
variables.yml
View File

@ -1,12 +1,12 @@
--- ---
# Instance (if several instances run on the same namespace)
instance: traefik
traefik: traefik:
# Instance (if several instances run on the same namespace)
instance: traefik
# Docker image to use for Traefik # Docker image to use for Traefik
image: danielberteaud/traefik:3.0.0-beta5-1 image: '[[ .docker.repo ]]traefik:3.0.0-beta5-1'
# Resources for traefik instances # Resources for traefik instances
resources: resources:
@ -86,7 +86,7 @@ lemonldap:
enabled: False enabled: False
# Docker image to use for Lemonldap::NG handler # Docker image to use for Lemonldap::NG handler
image: danielberteaud/lemonldap-ng-handler:2.17.2-1 image: '[[ .docker.repo ]]lemonldap-ng-handler:2.17.2-1'
# Resources for Lemonldap::NG handlers # Resources for Lemonldap::NG handlers
resources: resources: