arcodange-org/factory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

upgrade to traefik v3 - switched to DaemonSet to prevent NAT and keep source IP

Browse Source
This commit is contained in:
Gabriel Radureau
2024-08-26 19:27:45 +02:00
parent f15bdb707e
commit 3c77cb007a
2 changed files with 28 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
ansible/arcodange/factory/playbooks/01_system.yml
View File

@@ -14,6 +14,12 @@
become: yes
when: inventory_hostname != ansible_hostname
- name: Prevent apt source conflict
ansible.builtin.file:
state: absent
path: /etc/apt/sources.list.d/docker.list
become: yes
- name: Install role geerlingguy.docker
community.general.ansible_galaxy_install:
type: role
@@ -71,7 +77,7 @@
vars:
k3s_version: v1.30.3+k3s1
token: changeme!
extra_server_args: "--docker"
extra_server_args: "--docker --disable traefik"
extra_agent_args: "--docker"
api_endpoint: "{{ hostvars[groups['server'][0]]['ansible_host'] | default(groups['server'][0]) }}"
@@ -98,7 +104,7 @@
community.general.ipify_facts:
- become: true
ansible.builtin.copy:
dest: /var/lib/rancher/k3s/server/manifests/traefik-config.yaml
dest: /var/lib/rancher/k3s/server/manifests/traefik-v3.yaml
content: |-
apiVersion: v1
data:
@@ -110,11 +116,15 @@
namespace: kube-system
---
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
kind: HelmChart
metadata:
name: traefik
namespace: kube-system
spec:
repo: https://traefik.github.io/charts
chart: traefik
version: v30.1.0
targetNamespace: kube-system
valuesContent: |-
{{ traefik_helm_values | to_nice_yaml | indent( width=4 ) }}
vars:
@@ -149,21 +159,29 @@
- websecure
middlewares:
localIp:
ipWhiteList:
IPAllowList:
sourceRange:
- "192.168.1.0/24"
- "{{ ipify_public_ip }}/32"
traefik_helm_values: # https://github.com/traefik/traefik-helm-chart/blob/v25.0.0/traefik/values.yaml <- for v25 (`kubectl describe deployments.apps traefik -n kube-system | grep helm.sh/chart`)
traefik_helm_values:
# default is https://github.com/traefik/traefik-helm-chart/blob/v25.0.0/traefik/values.yaml <- for v25 (`kubectl describe deployments.apps traefik -n kube-system | grep helm.sh/chart`)
# current is https://github.com/traefik/traefik-helm-chart/blob/v30.1.0/traefik/values.yaml
deployment:
kind: DaemonSet
service:
spec:
externalTrafficPolicy: Local
ports:
traefik:
expose: true
expose:
default: true
ingressRoute:
dashboard:
enabled: true
globalArguments: [] # deactivate --global.sendanonymoususage
logs:
general:
level: TRACE
level: DEBUG
# format: json
access:
enabled: true
@@ -204,9 +222,9 @@
name: traefik-duckdns-token
# MY_TOKEN=<my token (see https://www.duckdns.org/domains)>
# kubectl create secret generic traefik-duckdns-token --from-literal="DUCKDNS_TOKEN=$MY_TOKEN" -n kube-system
- name: touch manifests/traefik-config.yaml to trigger update
- name: touch manifests/traefik.yaml to trigger update
ansible.builtin.file:
path: /var/lib/rancher/k3s/server/manifests/traefik-config.yaml
path: /var/lib/rancher/k3s/server/manifests/traefik-v3.yaml
state: touch
become: true

2
ansible/arcodange/factory/playbooks/03_cicd.yml
View File

@@ -215,7 +215,7 @@
gitea_credentials:
username: arcodange
password: "{{ argocd_token }}"
argocd_helm_values:
argocd_helm_values: # https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/values.yaml
global:
domain: argocd.arcodange.duckdns.org
configs: