Cleanup
This commit is contained in:
parent
cbf84f0530
commit
f89ebce9e7
|
@ -5,35 +5,6 @@ accessLog:
|
|||
bufferingSize: 100
|
||||
|
||||
entryPoints:
|
||||
http:
|
||||
address: ":{{ env "NOMAD_PORT_http" }}"
|
||||
[[- if gt (len .traefik.trusted_proxies) 0 ]]
|
||||
proxyProtocol:
|
||||
trustedIPs:[[ range $idx, $ip := .traefik.trusted_proxies ]]
|
||||
- [[ $ip ]][[ end ]]
|
||||
[[- end ]]
|
||||
http:
|
||||
redirections:
|
||||
entryPoint:
|
||||
to: ":{{ env "NOMAD_HOST_PORT_https" }}"
|
||||
priority: 1000
|
||||
transport:
|
||||
lifeCycle:
|
||||
requestAcceptGraceTimeout: 4
|
||||
|
||||
https:
|
||||
address: ":{{ env "NOMAD_PORT_https" }}"
|
||||
[[- if gt (len .traefik.trusted_proxies) 0 ]]
|
||||
proxyProtocol:
|
||||
trustedIPs:[[ range $idx, $ip := .traefik.trusted_proxies ]]
|
||||
- [[ $ip ]][[ end ]]
|
||||
[[- end ]]
|
||||
http:
|
||||
tls: {}
|
||||
transport:
|
||||
lifeCycle:
|
||||
requestAcceptGraceTimeout: 4
|
||||
|
||||
[[- if .prometheus.enabled ]]
|
||||
metrics:
|
||||
address: "127.0.0.1:9500"
|
||||
|
@ -47,6 +18,10 @@ entryPoints:
|
|||
proxyProtocol:
|
||||
trustedIPs:[[ range $idx, $ip := $.traefik.trusted_proxies ]]
|
||||
- [[ $ip ]][[ end ]]
|
||||
[[- if has $def "http" ]]
|
||||
http:
|
||||
[[ $def.http | toYAML | indent 6 ]]
|
||||
[[- end ]]
|
||||
transport:
|
||||
lifeCycle:
|
||||
requestAcceptGraceTimeout: 4
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
job "traefik" {
|
||||
[[ $c:= merge .traefik . -]]
|
||||
|
||||
[[- template "common/job_start.tpl" dict "ctx" . "nomad" .nomad ]]
|
||||
job [[ .traefik.instance | toJSON ]] {
|
||||
|
||||
[[- template "common/job_start.tpl" $c ]]
|
||||
|
||||
group "traefik" {
|
||||
count = [[ .traefik.count ]]
|
||||
|
@ -9,15 +11,8 @@ job "traefik" {
|
|||
network {
|
||||
mode = "bridge"
|
||||
|
||||
port "http" {
|
||||
static = 80
|
||||
to = 5080
|
||||
}
|
||||
port "https" {
|
||||
static = 443
|
||||
to = 5443
|
||||
}
|
||||
[[- range $name, $def := .traefik.entrypoints ]]
|
||||
[[- if or (not (has $def "enabled")) ($def.enabled) ]]
|
||||
port "[[ $name ]]" {
|
||||
[[- if has $def "static" ]]
|
||||
static = [[ $def.static ]]
|
||||
|
@ -26,15 +21,16 @@ job "traefik" {
|
|||
to = [[ $def.to ]]
|
||||
[[- end ]]
|
||||
}
|
||||
[[- end ]]
|
||||
[[- end ]]
|
||||
port "metrics" {}
|
||||
}
|
||||
|
||||
service {
|
||||
name = "traefik-sidecar[[ .env.suffix ]]"
|
||||
name = "traefik-sidecar[[ .consul.suffix ]]"
|
||||
port = "https"
|
||||
|
||||
[[ template "common/connect.tpl" dict "ctx" . "config" .traefik ]]
|
||||
[[ template "common/connect.tpl" $c ]]
|
||||
}
|
||||
|
||||
service {
|
||||
|
@ -42,7 +38,7 @@ job "traefik" {
|
|||
port = "https"
|
||||
task = "traefik"
|
||||
|
||||
[[ template "common/metrics-meta.tpl" . ]]
|
||||
[[ template "common/metrics-meta.tpl" $c ]]
|
||||
|
||||
check_restart {
|
||||
limit = 3
|
||||
|
@ -90,57 +86,16 @@ job "traefik" {
|
|||
]
|
||||
}
|
||||
|
||||
[[- if .lemonldap.enabled ]]
|
||||
|
||||
# LL::NG handler for sso
|
||||
task "llng-handler" {
|
||||
driver = [[ .lemonldap.driver | toJSON ]]
|
||||
|
||||
config {
|
||||
image = [[ .lemonldap.image | toJSON ]]
|
||||
volumes = [
|
||||
"secrets/lemonldap-ng.ini:/etc/lemonldap-ng/lemonldap-ng.ini:ro",
|
||||
]
|
||||
}
|
||||
|
||||
lifecycle {
|
||||
hook = "prestart"
|
||||
sidecar = true
|
||||
}
|
||||
|
||||
vault {
|
||||
policies = ["[[ .traefik.instance ]][[ .env.suffix ]]"]
|
||||
env = false
|
||||
disable_file = true
|
||||
}
|
||||
|
||||
template {
|
||||
data =<<_EOF
|
||||
[[ template "traefik/lemonldap-ng.ini.tpl" . ]]
|
||||
_EOF
|
||||
destination = "secrets/lemonldap-ng.ini"
|
||||
perms = "0400"
|
||||
uid = 100048
|
||||
gid = 100048
|
||||
}
|
||||
|
||||
[[ template "common/resources.tpl" .lemonldap.resources ]]
|
||||
}
|
||||
[[- end ]]
|
||||
|
||||
[[- if.prometheus.enabled ]]
|
||||
[[- template "common/task.metrics_proxy.tpl"
|
||||
dict "env_suffix" .env.suffix
|
||||
"vault_prefix" .vault.prefix
|
||||
"metrics_url" "http://localhost:9500/metrics" ]]
|
||||
[[- end ]]
|
||||
[[- if.prometheus.enabled ]]
|
||||
[[- template "common/task.metrics_proxy.tpl" $c ]]
|
||||
[[- end ]]
|
||||
|
||||
task "traefik" {
|
||||
driver = [[ .traefik.driver | toJSON ]]
|
||||
driver = [[ $c.nomad.driver | toJSON ]]
|
||||
user = 5443
|
||||
|
||||
vault {
|
||||
policies = ["[[ .traefik.instance ]][[ .env.suffix ]]"]
|
||||
policies = ["[[ .traefik.instance ]][[ .consul.suffix ]]"]
|
||||
}
|
||||
|
||||
config {
|
||||
|
@ -180,6 +135,46 @@ _EOF
|
|||
|
||||
[[ template "common/resources.tpl" .traefik.resources ]]
|
||||
}
|
||||
|
||||
[[- if .lemonldap.enabled ]]
|
||||
|
||||
[[- $c = merge .lemonldap . ]]
|
||||
|
||||
# LL::NG handler for sso
|
||||
task "llng-handler" {
|
||||
driver = [[ $c.nomad.driver | toJSON ]]
|
||||
|
||||
config {
|
||||
image = [[ .lemonldap.image | toJSON ]]
|
||||
volumes = [
|
||||
"secrets/lemonldap-ng.ini:/etc/lemonldap-ng/lemonldap-ng.ini:ro",
|
||||
]
|
||||
}
|
||||
|
||||
lifecycle {
|
||||
hook = "prestart"
|
||||
sidecar = true
|
||||
}
|
||||
|
||||
vault {
|
||||
policies = ["[[ .traefik.instance ]][[ .consul.suffix ]]"]
|
||||
env = false
|
||||
disable_file = true
|
||||
}
|
||||
|
||||
template {
|
||||
data =<<_EOF
|
||||
[[ template "traefik/lemonldap-ng.ini.tpl" . ]]
|
||||
_EOF
|
||||
destination = "secrets/lemonldap-ng.ini"
|
||||
perms = "0400"
|
||||
uid = 100048
|
||||
gid = 100048
|
||||
}
|
||||
|
||||
[[ template "common/resources.tpl" .lemonldap.resources ]]
|
||||
}
|
||||
[[- end ]]
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
---
|
||||
|
||||
traefik:
|
||||
|
||||
# Instance (if several instances run on the same namespace)
|
||||
instance: traefik
|
||||
|
||||
# Docker image to use for Traefik
|
||||
image: danielberteaud/traefik:3.0-1
|
||||
|
||||
|
@ -9,9 +13,6 @@ traefik:
|
|||
cpu: 200
|
||||
memory: 180
|
||||
|
||||
# The driver to use (docker or podman)
|
||||
driver: docker
|
||||
|
||||
# Number of traefik instances
|
||||
count: 2
|
||||
|
||||
|
@ -37,10 +38,7 @@ traefik:
|
|||
# List of trusted proxies from whom to trust proxy protocol v1/v2 source address
|
||||
trusted_proxies: []
|
||||
|
||||
# List of additional entrypoints. There's already 3 configured
|
||||
# - https on port 443
|
||||
# - http on port 80
|
||||
# - metrics on port 9500
|
||||
# List entrypoints to configure. Note that if prometheus is enabled, another entrypoint named metrics will bind on 127.0.0.1:9500
|
||||
# entrypoints:
|
||||
# postgres:
|
||||
# static: 5432
|
||||
|
@ -52,7 +50,20 @@ traefik:
|
|||
# static: 514
|
||||
# to: 5514
|
||||
# protocol: udp
|
||||
entrypoints: {}
|
||||
entrypoints:
|
||||
http:
|
||||
static: 80
|
||||
to: 5080
|
||||
http:
|
||||
redirections:
|
||||
entryPoint:
|
||||
to: :{{ env "NOMAD_HOST_PORT_https" }}
|
||||
priority: 1000
|
||||
https:
|
||||
static: 443
|
||||
to: 5443
|
||||
http:
|
||||
tls: {}
|
||||
|
||||
# The public URL, on which the following endpoints will be exposed
|
||||
# - /api : the API
|
||||
|
@ -60,6 +71,12 @@ traefik:
|
|||
# Note : this URL should have a path (so https://traefik.example.org/ is invalid but https://traefik/example.org/dashboard is valid)
|
||||
public_url: https://traefik.example.org/dashboard
|
||||
|
||||
# Prometheus settings
|
||||
prometheus:
|
||||
# The metrics_url should point on the metrics endpoint from the container's POV
|
||||
# It'll be used to exposed metrics using a nginx proxy (adding mTLS)
|
||||
metrics_url: http://localhost:9500/metrics
|
||||
|
||||
lemonldap:
|
||||
# If enabled, will run a Lemonldap::NG handler sidecar
|
||||
# able to auth using the lemonldap@file middleware
|
||||
|
@ -73,9 +90,6 @@ lemonldap:
|
|||
cpu: 100
|
||||
memory: 128
|
||||
|
||||
# The driver to use (docker or podman)
|
||||
driver: docker
|
||||
|
||||
# DB the handler will use for config and session
|
||||
# Only MySQL/MariaDB is supported for now
|
||||
db:
|
||||
|
|
Loading…
Reference in New Issue