-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10 changed files
with
294 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| # Patterns to ignore when building packages. | ||
| # This supports shell glob matching, relative path matching, and | ||
| # negation (prefixed with !). Only one pattern per line. | ||
| .DS_Store | ||
| # Common VCS dirs | ||
| .git/ | ||
| .gitignore | ||
| .bzr/ | ||
| .bzrignore | ||
| .hg/ | ||
| .hgignore | ||
| .svn/ | ||
| # Common backup files | ||
| *.swp | ||
| *.bak | ||
| *.tmp | ||
| *~ | ||
| # Various IDEs | ||
| .project | ||
| .idea/ | ||
| *.tmproj |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| apiVersion: v1 | ||
| description: Traefik Helm chart for Kubernetes | ||
| name: traefik | ||
| version: 0.1.0 |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| {{/* vim: set filetype=mustache: */}} | ||
| {{/* | ||
| Expand the name of the chart. | ||
| */}} | ||
| {{- define "kubernetes.name" -}} | ||
| {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} | ||
| {{- end -}} | ||
|
|
||
| {{/* | ||
| Create a default fully qualified app name. | ||
| We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). | ||
| */}} | ||
| {{- define "kubernetes.fullname" -}} | ||
| {{- $name := default .Chart.Name .Values.nameOverride -}} | ||
| {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} | ||
| {{- end -}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,116 @@ | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: {{ template "kubernetes.name" . }} | ||
| namespace: {{ .Release.Namespace }} | ||
| labels: | ||
| app: {{ template "kubernetes.name" . }} | ||
| chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} | ||
| release: {{ .Release.Name }} | ||
| heritage: {{ .Release.Service }} | ||
| data: | ||
| traefik.toml: |- | ||
| checkNewVersion = false | ||
| MaxIdleConnsPerHost = 500 | ||
| logLevel = "INFO" | ||
| defaultEntryPoints = ["http", "https"] | ||
| [respondingTimeouts] | ||
| idleTimeout = "180s" | ||
| writeTimeout = "60s" | ||
| readTimeout = "60s" | ||
| [retry] | ||
| attempts = {{ .Values.traefikConfigRetryAttemps }} | ||
| [web] | ||
| address = ":8081" | ||
| [kubernetes] | ||
| endpoint = "http://localhost:8080" | ||
| [consul] | ||
| endpoint = "consul:8500" | ||
| watch = true | ||
| prefix = "traefik" | ||
| [acme] | ||
| email = "{{ .Values.traefikConfigAcmeEmail }}" | ||
| storage = "traefik/acme/account" | ||
| entryPoint = "https" | ||
| OnHostRule = true | ||
| onDemand = true | ||
| acmeLogging = true | ||
| dnsProvider = "{{ .Values.traefikConfigAcmeDnsProvider }}" | ||
| delaydontcheckdns = 20 | ||
| #caServer = "https://acme-staging.api.letsencrypt.org/directory" | ||
| {{- range .Values.traefikConfigAcmeDomains }} | ||
| [[acme.domains]] | ||
| main = {{ . | quote }} | ||
| {{- end }} | ||
| [entryPoints] | ||
| [entryPoints.http] | ||
| address = ":80" | ||
| compress = true | ||
| [entryPoints.http.redirect] | ||
| entryPoint = "https" | ||
| [entryPoints.https] | ||
| address = ":443" | ||
| [entryPoints.https.tls] | ||
| resolv.conf: |- | ||
| nameserver {{ .Values.traefikResolvConfNameServer }} | ||
| search {{ .Release.Namespace }}.svc.{{ .Values.traefikResolvConfDomainNameCluster }} svc.{{ .Values.traefikResolvConfDomainNameCluster }} {{ .Values.traefikResolvConfDomainNameCluster }} | ||
| options ndots:5 | ||
| bootstrap.sh: |- | ||
| #!/bin/sh | ||
| apk update 1>/dev/null || exit 1 | ||
| apk add curl jq 1>/dev/null || exit 1 | ||
| cat /etc/traefik/resolv.conf > /etc/resolv.conf | ||
| # Check if boostrap has already been done | ||
| if [ $(curl http://consul-0.consul.{{ .Release.Namespace }}.svc.{{ .Values.traefikResolvConfDomainNameCluster }}:8500/v1/kv/traefik/acme/ 2>/dev/null | wc -c) -eq 0 ] ; then | ||
| sleep $((($RANDOM%10)+1)) | ||
| else | ||
| echo "Traefik config already exists, no need to bootrap" | ||
| exit 0 | ||
| fi | ||
| # Check consul pod availability before requesting lock | ||
| nc -z consul-0.consul.{{ .Release.Namespace }}.svc.{{ .Values.traefikResolvConfDomainNameCluster }} 8500 | ||
| if [ $? -ne 0 ] ; then | ||
| echo "Should exit, couldn't locate consul pod: consul-0.consul.{{ .Release.Namespace }}.svc.{{ .Values.traefikResolvConfDomainNameCluster }} port 8500" | ||
| exit 1 | ||
| fi | ||
| # Get session ID | ||
| id=$(curl -XPUT http://consul-0.consul.{{ .Release.Namespace }}.svc.{{ .Values.traefikResolvConfDomainNameCluster }}:8500/v1/session/create 2>/dev/null | jq -r '.ID') | ||
| # Check if a lock has been acquired and get one if not the case to bootstrap | ||
| if [ "$(curl -XPUT http://consul-0.consul.{{ .Release.Namespace }}.svc.{{ .Values.traefikResolvConfDomainNameCluster }}:8500/v1/kv/locks/traefik-bootstrap/.lock\?acquire=$id -d $(hostname) 2>/dev/null)" == "true" ] ; then | ||
| echo "Traefik bootstrap" | ||
| traefik storeconfig --configfile=/etc/traefik/traefik.toml && \ | ||
| curl -XDELETE http://consul-0.consul.{{ .Release.Namespace }}.svc.{{ .Values.traefikResolvConfDomainNameCluster }}:8500/v1/kv/traefik/acme/storagefile 2>/dev/null | ||
| # Release lock and delete kv entry | ||
| curl -XPUT "http://consul-0.consul.{{ .Release.Namespace }}.svc.{{ .Values.traefikResolvConfDomainNameCluster }}:8500/v1/kv/locks/traefik-bootstrap/.lock\?acquire=$id" 2>/dev/null | ||
| else | ||
| # Wait until bootstrap ended | ||
| counter=0 | ||
| while [ $(curl http://consul-0.consul.{{ .Release.Namespace }}.svc.{{ .Values.traefikResolvConfDomainNameCluster }}:8500/v1/kv/traefik/acme/ 2>/dev/null | wc -c) -eq 0 ] ; do | ||
| if [[ "$counter" -gt 300 ]]; then | ||
| echo "After 1 min, the traefik bootstrap has not been done, exiting" | ||
| exit 1 | ||
| fi | ||
| sleep 2 | ||
| counter=$((counter+1)) | ||
| done | ||
| fi | ||
| # Delete session | ||
| curl -XPUT "http://consul-0.consul.{{ .Release.Namespace }}.svc.{{ .Values.traefikResolvConfDomainNameCluster }}:8500/v1/session/destroy/$id" 2>/dev/null | ||
| echo "Bootstrap has been detected, traefik container will start" | ||
| exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,74 @@ | ||
| apiVersion: extensions/v1beta1 | ||
| kind: DaemonSet | ||
| metadata: | ||
| name: {{ template "kubernetes.name" . }} | ||
| namespace: {{ .Release.Namespace }} | ||
| labels: | ||
| app: {{ template "kubernetes.name" . }} | ||
| chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} | ||
| release: {{ .Release.Name }} | ||
| heritage: {{ .Release.Service }} | ||
| spec: | ||
| updateStrategy: | ||
| type: "RollingUpdate" | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: {{ template "kubernetes.name" . }} | ||
| spec: | ||
| nodeSelector: | ||
| type: {{ .Values.traefikNodeSelector }} | ||
| serviceAccountName: {{ template "kubernetes.name" . }} | ||
| terminationGracePeriodSeconds: 60 | ||
| hostNetwork: true | ||
| initContainers: | ||
| - name: {{ template "kubernetes.name" . }}-bootstrap | ||
| image: traefik:{{ .Values.traefikImageVersion }} | ||
| command: [ '/bin/sh', '-c', '/etc/traefik/bootstrap.sh' ] | ||
| volumeMounts: | ||
| - name: traefik-config | ||
| mountPath: /etc/traefik | ||
| containers: | ||
| - image: traefik:{{ .Values.traefikImageVersion }} | ||
| name: {{ template "kubernetes.name" . }} | ||
| command: | ||
| - "/bin/sh" | ||
| - "-c" | ||
| - "cat /etc/traefik/resolv.conf > /etc/resolv.conf ; /entrypoint.sh --consul --consul.endpoint=consul:8500" | ||
| env: | ||
| - name: CLOUDFLARE_EMAIL | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: externaldns | ||
| key: cloudflare.api.email | ||
| - name: CLOUDFLARE_API_KEY | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: externaldns | ||
| key: cloudflare.api.key | ||
| resources: | ||
| limits: | ||
| cpu: 200m | ||
| memory: 30Mi | ||
| requests: | ||
| cpu: 100m | ||
| memory: 20Mi | ||
| ports: | ||
| - name: http | ||
| hostPort: 80 | ||
| containerPort: 80 | ||
| - name: https | ||
| hostPort: 443 | ||
| containerPort: 443 | ||
| - name: admin | ||
| containerPort: 8081 | ||
| securityContext: | ||
| privileged: true | ||
| volumeMounts: | ||
| - name: traefik-config | ||
| mountPath: /etc/traefik | ||
| volumes: | ||
| - name: traefik-config | ||
| configMap: | ||
| name: {{ template "kubernetes.name" . }} | ||
| defaultMode: 0775 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| apiVersion: extensions/v1beta1 | ||
| kind: Ingress | ||
| metadata: | ||
| name: {{ template "kubernetes.name" . }}-web-ui | ||
| namespace: {{ .Release.Namespace }} | ||
| labels: | ||
| app: {{ template "kubernetes.name" . }} | ||
| chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} | ||
| release: {{ .Release.Name }} | ||
| heritage: {{ .Release.Service }} | ||
| spec: | ||
| rules: | ||
| - host: {{ template "kubernetes.name" . }}-web-ui.local | ||
| http: | ||
| paths: | ||
| - path: / | ||
| backend: | ||
| serviceName: {{ template "kubernetes.name" . }}-web-ui | ||
| servicePort: web |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| apiVersion: v1 | ||
| kind: ServiceAccount | ||
| metadata: | ||
| name: {{ template "kubernetes.name" . }} | ||
| namespace: {{ .Release.Namespace }} | ||
| labels: | ||
| app: {{ template "kubernetes.name" . }} | ||
| chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} | ||
| release: {{ .Release.Name }} | ||
| heritage: {{ .Release.Service }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: {{ template "kubernetes.name" . }}-web-ui | ||
| namespace: {{ .Release.Namespace }} | ||
| labels: | ||
| app: {{ template "kubernetes.name" . }} | ||
| chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} | ||
| release: {{ .Release.Name }} | ||
| heritage: {{ .Release.Service }} | ||
| spec: | ||
| selector: | ||
| app: {{ template "kubernetes.name" . }} | ||
| ports: | ||
| - name: web | ||
| port: 80 | ||
| targetPort: 8081 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # Traefik Kubernetes | ||
| traefikNodeSelector: worker | ||
| traefikImageVersion: v1.4.5-alpine | ||
|
|
||
| # Traefik config | ||
| traefikConfigRetryAttemps: 3 | ||
| traefikConfigAcmeEmail: "my@email.com" | ||
| traefikConfigAcmeDnsProvider: "cloudflare" | ||
| traefikConfigAcmeCloudflareEmail: "my@email.com" | ||
| traefikConfigAcmeCloudflareApiKey: "key" | ||
| traefikConfigAcmeDomains: | ||
| - "domain1" | ||
| - "domain2" | ||
|
|
||
| # Kubernetes DNS Service IP | ||
| traefikResolvConfNameServer: 10.3.0.10 | ||
| traefikResolvConfDomainNameCluster: "fqdn.com" |