"Fossies" - the Fresh Open Source Software Archive

Member "magnum-8.2.0/magnum/drivers/common/templates/kubernetes/fragments/enable-ingress-traefik.sh" (6 Dec 2019, 5066 Bytes) of package /linux/misc/openstack/magnum-8.2.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "enable-ingress-traefik.sh": 8.1.0_vs_8.2.0.

    1 INGRESS_TRAEFIK_MANIFEST=/srv/magnum/kubernetes/ingress-traefik.yaml
    2 INGRESS_TRAEFIK_MANIFEST_CONTENT=$(cat <<EOF
    3 ---
    4 kind: ConfigMap
    5 apiVersion: v1
    6 metadata:
    7   name: ingress-traefik
    8   namespace: kube-system
    9   labels:
   10     k8s-app: ingress-traefik-backend
   11 data:
   12   traefik.toml: |-
   13     logLevel = "INFO"
   14     defaultEntryPoints = ["http", "https"]
   15     [api]
   16     [kubernetes]
   17     [entryPoints]
   18       [entryPoints.http]
   19         address = ":80"
   20       [entryPoints.https]
   21         address = ":443"
   22         [entryPoints.https.tls]
   23           cipherSuites = [
   24             "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
   25             "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
   26             "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
   27             "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
   28             "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
   29             "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
   30             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
   31             "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
   32             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
   33             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
   34             "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
   35             "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
   36             "TLS_RSA_WITH_AES_256_GCM_SHA384",
   37             "TLS_RSA_WITH_AES_128_GCM_SHA256",
   38             "TLS_RSA_WITH_AES_128_CBC_SHA256",
   39             "TLS_RSA_WITH_AES_256_CBC_SHA",
   40             "TLS_RSA_WITH_AES_128_CBC_SHA"
   41           ]
   42 ---
   43 kind: DaemonSet
   44 apiVersion: extensions/v1beta1
   45 metadata:
   46   name: ingress-traefik
   47   namespace: kube-system
   48   labels:
   49     k8s-app: ingress-traefik-backend
   50 spec:
   51   template:
   52     metadata:
   53       labels:
   54         k8s-app: ingress-traefik-backend
   55         name: ingress-traefik-backend
   56     spec:
   57       serviceAccountName: ingress-traefik
   58       terminationGracePeriodSeconds: 60
   59       hostNetwork: true
   60       containers:
   61       - image: ${CONTAINER_INFRA_PREFIX:-docker.io/}traefik:${TRAEFIK_INGRESS_CONTROLLER_TAG}
   62         name: ingress-traefik-backend
   63         ports:
   64         - name: http
   65           containerPort: 80
   66           hostPort: 80
   67         - name: https
   68           containerPort: 443
   69           hostPort: 443
   70         - name: admin
   71           containerPort: 8080
   72         securityContext:
   73           capabilities:
   74             drop:
   75             - ALL
   76             add:
   77             - NET_BIND_SERVICE
   78         volumeMounts:
   79         - name: ingress-traefik
   80           mountPath: /etc/traefik/traefik.toml
   81           subPath: traefik.toml
   82       volumes:
   83       - name: ingress-traefik
   84         configMap:
   85           name: ingress-traefik
   86       nodeSelector:
   87         role: ${INGRESS_CONTROLLER_ROLE}
   88 ---
   89 kind: Service
   90 apiVersion: v1
   91 metadata:
   92   name: ingress-traefik
   93   namespace: kube-system
   94 spec:
   95   selector:
   96     k8s-app: ingress-traefik-backend
   97   ports:
   98     - name: http
   99       protocol: TCP
  100       port: 80
  101     - name: https
  102       protocol: TCP
  103       port: 443
  104     - name: admin
  105       protocol: TCP
  106       port: 8080
  107 ---
  108 kind: ClusterRole
  109 apiVersion: rbac.authorization.k8s.io/v1beta1
  110 metadata:
  111   name: ingress-traefik
  112 rules:
  113   - apiGroups:
  114       - ""
  115     resources:
  116       - services
  117       - endpoints
  118       - secrets
  119     verbs:
  120       - get
  121       - list
  122       - watch
  123   - apiGroups:
  124       - extensions
  125     resources:
  126       - ingresses
  127     verbs:
  128       - get
  129       - list
  130       - watch
  131 ---
  132 kind: ClusterRoleBinding
  133 apiVersion: rbac.authorization.k8s.io/v1beta1
  134 metadata:
  135   name: ingress-traefik
  136 roleRef:
  137   apiGroup: rbac.authorization.k8s.io
  138   kind: ClusterRole
  139   name: ingress-traefik
  140 subjects:
  141 - kind: ServiceAccount
  142   name: ingress-traefik
  143   namespace: kube-system
  144 ---
  145 apiVersion: v1
  146 kind: ServiceAccount
  147 metadata:
  148   name: ingress-traefik
  149   namespace: kube-system
  150 EOF
  151 )
  152 writeFile $INGRESS_TRAEFIK_MANIFEST "$INGRESS_TRAEFIK_MANIFEST_CONTENT"
  153 
  154 INGRESS_TRAEFIK_BIN="/srv/magnum/kubernetes/bin/ingress-traefik"
  155 INGRESS_TRAEFIK_SERVICE="/etc/systemd/system/ingress-traefik.service"
  156 
  157 # Binary for ingress traefik
  158 INGRESS_TRAEFIK_BIN_CONTENT='''#!/bin/sh
  159 until  [ "ok" = "$(curl --silent http://127.0.0.1:8080/healthz)" ]
  160 do
  161     echo "Waiting for Kubernetes API..."
  162     sleep 5
  163 done
  164 
  165 # Check if all resources exist already before creating them
  166 kubectl -n kube-system get service ingress-traefik
  167 if [ "$?" != "0" ] && \
  168         [ -f "'''${INGRESS_TRAEFIK_MANIFEST}'''" ]; then
  169     kubectl create -f '''${INGRESS_TRAEFIK_MANIFEST}'''
  170 fi
  171 '''
  172 writeFile $INGRESS_TRAEFIK_BIN "$INGRESS_TRAEFIK_BIN_CONTENT"
  173 
  174 
  175 # Service for ingress traefik
  176 INGRESS_TRAEFIK_SERVICE_CONTENT='''[Unit]
  177 Requires=kube-apiserver.service
  178 
  179 [Service]
  180 Type=oneshot
  181 Environment=HOME=/root
  182 EnvironmentFile=-/etc/kubernetes/config
  183 ExecStart='''${INGRESS_TRAEFIK_BIN}'''
  184 
  185 [Install]
  186 WantedBy=multi-user.target
  187 '''
  188 writeFile $INGRESS_TRAEFIK_SERVICE "$INGRESS_TRAEFIK_SERVICE_CONTENT"
  189 
  190 chown root:root ${INGRESS_TRAEFIK_BIN}
  191 chmod 0755 ${INGRESS_TRAEFIK_BIN}
  192 
  193 chown root:root ${INGRESS_TRAEFIK_SERVICE}
  194 chmod 0644 ${INGRESS_TRAEFIK_SERVICE}
  195 
  196 # Launch the ingress traefik service
  197 set -x
  198 systemctl daemon-reload
  199 systemctl enable ingress-traefik.service
  200 systemctl start --no-block ingress-traefik.service