Upgrade Traefik to v2.3.0.

SorenA · Sep 23, 2020 · 53988a5 · 53988a5
1 parent 4465e41
commit 53988a5
Show file tree

Hide file tree

Showing 14 changed files with 167 additions and 200 deletions.
diff --git a/README.md b/README.md
@@ -189,8 +189,7 @@ In order to get a cluster up and running fast, an extra Ansible playbook is prov
 - Deploy [Hetzner CSI Driver v1.4.0](https://github.com/hetznercloud/csi-driver) - Container Storage Interface for persistent volumes
 - Deploy [cbeneke's Hetzner FIP controller v0.3.5](https://github.com/cbeneke/hcloud-fip-controller) - Assigns the cluster floating IP to the node running the controller, effectively keeping the cluster resources HA
 - Deploy [Jetstack cert-manager v1.0.1](https://github.com/jetstack/cert-manager)
-- Deploy [Traefik](https://github.com/containous/traefik/)
-- Deploy Traefik Dashboard - with LetsEncrypt cert available on traefik.(cluster-domain), eg. traefik.default.cluster.example.com
+- Deploy [Traefik Proxy v2.3.0](https://github.com/traefik/traefik)
 - Deploy [Kubernetes Dashboard v2.0.4](https://github.com/kubernetes/dashboard) - available through `kubectl proxy`
 
 Running the playbook requires the Ansible variables that Terraform generates.

diff --git a/k8s/provision-k8s.yml b/k8s/provision-k8s.yml
@@ -9,4 +9,3 @@
   - ansible-role-k8s-traefik
   - ansible-role-k8s-cert-manager
   - ansible-role-k8s-kubernetes-dashboard
-  - ansible-role-k8s-traefik-dashboard
diff --git a/k8s/roles/ansible-role-k8s-traefik-dashboard/tasks/main.yml b/k8s/roles/ansible-role-k8s-traefik-dashboard/tasks/main.yml
diff --git a/k8s/roles/ansible-role-k8s-traefik-dashboard/templates/00-certificate.yml b/k8s/roles/ansible-role-k8s-traefik-dashboard/templates/00-certificate.yml
diff --git a/k8s/roles/ansible-role-k8s-traefik-dashboard/templates/01-secret.yml b/k8s/roles/ansible-role-k8s-traefik-dashboard/templates/01-secret.yml
diff --git a/k8s/roles/ansible-role-k8s-traefik-dashboard/templates/02-service.yml b/k8s/roles/ansible-role-k8s-traefik-dashboard/templates/02-service.yml
diff --git a/k8s/roles/ansible-role-k8s-traefik-dashboard/templates/03-traefik-middleware.yml b/k8s/roles/ansible-role-k8s-traefik-dashboard/templates/03-traefik-middleware.yml
diff --git a/k8s/roles/ansible-role-k8s-traefik-dashboard/templates/04-traefik-ingress-route.yml b/k8s/roles/ansible-role-k8s-traefik-dashboard/templates/04-traefik-ingress-route.yml
diff --git a/k8s/roles/ansible-role-k8s-traefik/tasks/main.yml b/k8s/roles/ansible-role-k8s-traefik/tasks/main.yml
@@ -14,7 +14,12 @@
     state: present
     definition: "{{ lookup('template', '02-rbac.yml') }}"
 
+- name: Apply Service
+  k8s:
+    state: present
+    definition: "{{ lookup('template', '03-service.yml') }}"
+
 - name: Apply Daemon Set
   k8s:
     state: present
-    definition: "{{ lookup('template', '03-daemon-set.yml') }}"
+    definition: "{{ lookup('template', '04-daemon-set.yml') }}"
diff --git a/k8s/roles/ansible-role-k8s-traefik/templates/01-crd.yml b/k8s/roles/ansible-role-k8s-traefik/templates/01-crd.yml
@@ -32,6 +32,22 @@ spec:
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 
+metadata:
+  name: ingressrouteudps.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: IngressRouteUDP
+    plural: ingressrouteudps
+    singular: ingressrouteudp
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+
 metadata:
   name: middlewares.traefik.containo.us
 spec:
@@ -56,4 +72,35 @@ spec:
     kind: TLSOption
     plural: tlsoptions
     singular: tlsoption
-  scope: Namespaced
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+
+metadata:
+  name: tlsstores.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TLSStore
+    plural: tlsstores
+    singular: tlsstore
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+
+metadata:
+  name: traefikservices.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TraefikService
+    plural: traefikservices
+    singular: traefikservice
+  scope: Namespaced
diff --git a/k8s/roles/ansible-role-k8s-traefik/templates/02-rbac.yml b/k8s/roles/ansible-role-k8s-traefik/templates/02-rbac.yml
@@ -1,9 +1,12 @@
 ---
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
 
 metadata:
-  name: traefik-ingress-controller
+  name: traefik
+  labels:
+    app.kubernetes.io/name: traefik
+    app.kubernetes.io/instance: traefik
 rules:
   - apiGroups:
       - ""
@@ -29,58 +32,47 @@ rules:
       - ingresses/status
     verbs:
       - update
-  - apiGroups:
-      - traefik.containo.us
-    resources:
-      - middlewares
-    verbs:
-      - get
-      - list
-      - watch
   - apiGroups:
       - traefik.containo.us
     resources:
       - ingressroutes
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - traefik.containo.us
-    resources:
       - ingressroutetcps
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - traefik.containo.us
-    resources:
+      - ingressrouteudps
+      - middlewares
       - tlsoptions
+      - tlsstores
+      - traefikservices
     verbs:
       - get
       - list
       - watch
 
 ---
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
 
 metadata:
-  name: traefik-ingress-controller
+  name: traefik
+  labels:
+    app.kubernetes.io/name: traefik
+    app.kubernetes.io/instance: traefik
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: traefik-ingress-controller
+  name: traefik
 subjects:
   - kind: ServiceAccount
-    name: traefik-ingress-controller
+    name: traefik
     namespace: traefik
 
 ---
 apiVersion: v1
 kind: ServiceAccount
 
 metadata:
+  name: traefik
   namespace: traefik
-  name: traefik-ingress-controller
+  labels:
+    app.kubernetes.io/name: traefik
+    app.kubernetes.io/instance: traefik
+  annotations:
diff --git a/k8s/roles/ansible-role-k8s-traefik/templates/03-daemon-set.yml b/k8s/roles/ansible-role-k8s-traefik/templates/03-daemon-set.yml
diff --git a/k8s/roles/ansible-role-k8s-traefik/templates/03-service.yml b/k8s/roles/ansible-role-k8s-traefik/templates/03-service.yml
@@ -0,0 +1,19 @@
+---
+apiVersion: v1
+kind: Service
+
+metadata:
+  name: traefik
+  namespace: traefik
+  labels:
+    app.kubernetes.io/name: traefik
+    app.kubernetes.io/instance: traefik
+  annotations:
+spec:
+  selector:
+    app.kubernetes.io/name: traefik
+    app.kubernetes.io/instance: traefik
+  ports:
+  - port: 9000
+    name: dashboard
+    protocol: TCP