From d85c7c18968b383961bac11c30e9af28292ab6cf Mon Sep 17 00:00:00 2001 From: Jacob Cody Wimer Date: Fri, 12 Apr 2019 14:37:17 -0400 Subject: [PATCH] Put traefik in place until I figure out how to do acme --- roles/kubernetes/tasks/main.yml | 3 + .../kubernetes/templates/rke-cluster.yaml.j2 | 6 ++ roles/kubernetes/templates/traefik-ds.yaml.j2 | 69 +++++++++++++++++++ .../templates/traefik-ingress.yaml.j2 | 16 +++++ .../kubernetes/templates/traefik-rbac.yaml.j2 | 43 ++++++++++++ 5 files changed, 137 insertions(+) create mode 100644 roles/kubernetes/templates/traefik-ds.yaml.j2 create mode 100644 roles/kubernetes/templates/traefik-ingress.yaml.j2 create mode 100644 roles/kubernetes/templates/traefik-rbac.yaml.j2 diff --git a/roles/kubernetes/tasks/main.yml b/roles/kubernetes/tasks/main.yml index 8e89889..6921d30 100644 --- a/roles/kubernetes/tasks/main.yml +++ b/roles/kubernetes/tasks/main.yml @@ -39,6 +39,9 @@ src: ../templates/rke-configs/{{ item }}.j2 dest: "{{ rke_directory }}/configs/{{ item }}" with_items: + - traefik-rbac.yaml + - traefik-ds.yaml + - traefik-ingress.yaml - nfs-client-deployment.yaml - nfs-client-rbac.yaml - nfs-client-storageclass.yaml diff --git a/roles/kubernetes/templates/rke-cluster.yaml.j2 b/roles/kubernetes/templates/rke-cluster.yaml.j2 index c750977..1374d59 100644 --- a/roles/kubernetes/templates/rke-cluster.yaml.j2 +++ b/roles/kubernetes/templates/rke-cluster.yaml.j2 @@ -33,7 +33,13 @@ authentication: - "{{ vip_address }}" - "kube.{{ domain }}" +#ingress: +# provider: none + addons_include: + #- ./configs/traefik-rbac.yaml + #- ./configs/traefik-ds.yaml + #- ./configs/traefik-ingress.yaml - ./configs/nfs-client-deployment.yaml - ./configs/nfs-client-rbac.yaml - ./configs/nfs-client-storageclass.yaml diff --git a/roles/kubernetes/templates/traefik-ds.yaml.j2 b/roles/kubernetes/templates/traefik-ds.yaml.j2 new file mode 100644 index 0000000..b02a2bf --- /dev/null +++ b/roles/kubernetes/templates/traefik-ds.yaml.j2 @@ -0,0 +1,69 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: traefik-ingress-controller + namespace: kube-system +--- +kind: DaemonSet +apiVersion: extensions/v1beta1 +metadata: + name: traefik-ingress-controller + namespace: kube-system + labels: + k8s-app: traefik-ingress-lb +spec: + template: + metadata: + labels: + k8s-app: traefik-ingress-lb + name: traefik-ingress-lb + spec: + serviceAccountName: traefik-ingress-controller + terminationGracePeriodSeconds: 60 + containers: + - image: traefik + name: traefik-ingress-lb + ports: + - name: https + containerPort: 443 + hostPort: 443 + - name: http + containerPort: 80 + hostPort: 80 + - name: admin + containerPort: 8080 + hostPort: 8080 + securityContext: + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + args: + - --api + - --kubernetes + # v2.0 - --providers.kubernetes + - --defaultentrypoints=http,https + - --InsecureSkipVerify + - --entrypoints=Name:http Address::80 + - --entrypoints=Name:https Address::443 TLS + - --logLevel=INFO + # v2.0 - --log.loglevel=INFO + +--- +kind: Service +apiVersion: v1 +metadata: + name: traefik-ingress-service + namespace: kube-system +spec: + selector: + k8s-app: traefik-ingress-lb + ports: + - protocol: TCP + port: 80 + name: web + - protocol: TCP + port: 8080 + name: admin diff --git a/roles/kubernetes/templates/traefik-ingress.yaml.j2 b/roles/kubernetes/templates/traefik-ingress.yaml.j2 new file mode 100644 index 0000000..ea37cc4 --- /dev/null +++ b/roles/kubernetes/templates/traefik-ingress.yaml.j2 @@ -0,0 +1,16 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: traefik-web-ui + namespace: kube-system + annotations: + kubernetes.io/ingress.class: traefik + traefik.ingress.kubernetes.io/frontend-entry-points: http,https +spec: + rules: + - host: traefik.wimer.home + http: + paths: + - backend: + serviceName: traefik-ingress-service + servicePort: admin diff --git a/roles/kubernetes/templates/traefik-rbac.yaml.j2 b/roles/kubernetes/templates/traefik-rbac.yaml.j2 new file mode 100644 index 0000000..35601da --- /dev/null +++ b/roles/kubernetes/templates/traefik-rbac.yaml.j2 @@ -0,0 +1,43 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: traefik-ingress-controller +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - update +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: traefik-ingress-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: traefik-ingress-controller +subjects: +- kind: ServiceAccount + name: traefik-ingress-controller + namespace: kube-system