fix(traefik): again (#762)

* first draft * first draft * working configuration * update preview script * Update Phonebook/readme.md * Update demo/assets/Dockerfile * fix assets not showing up in demo * finally fix traefik on current version resolves #578 * Restyled by prettier (#763) Co-authored-by: Restyled.io <[email protected]> * update pr pipeline * update preview pipeline * update preview pipeline * Update demo/values.yml * Restyled by prettier (#764) Co-authored-by: Restyled.io <[email protected]> * - recreate pods on update - add to docs - rename fronted pods and services - adds health enpoint from #594 Co-authored-by: restyled-io[bot] <32688539+restyled-io[bot]@users.noreply.github.com> Co-authored-by: Restyled.io <[email protected]>
T-Systems-MMS · Oct 15, 2020 · afc5d4d · afc5d4d
1 parent 63ea2e5
commit afc5d4d
Show file tree

Hide file tree

Showing 18 changed files with 241 additions and 176 deletions.
diff --git a/.azure/pipelines/Phonebook.preview.yml b/.azure/pipelines/Phonebook.preview.yml
@@ -66,16 +66,17 @@ jobs:
       vmImage: 'ubuntu-16.04'
     steps:
       - task: HelmInstaller@1
-        inputs:
-          helmVersionToInstall: '2.14.2'
-      - script: helm dep update
-        workingDirectory: 'Phonebook/phonebook/'
+        displayName: Helm install latest
+        # inputs:
+        #   helmVersionToInstall: '2.14.2'
       - task: HelmDeploy@0
         displayName: Helm package
         inputs:
           command: package
           chartPath: Phonebook/phonebook
           destination: $(Build.ArtifactStagingDirectory)
+          arguments: --dependency-update
+
       - publish: $(Build.ArtifactStagingDirectory)
         artifact: $(helm_artifact_name)
 
@@ -93,37 +94,22 @@ jobs:
         artifact: $(helm_artifact_name)
 
       - task: HelmInstaller@1
-        displayName: 'Install Helm'
-
-      - task: Kubernetes@1
-        displayName: 'Create Namespace'
-        inputs:
-          connectionType: 'Kubernetes Service Connection'
-          kubernetesServiceEndpoint: 'Phonebook Kubernetes Demo Cluster'
-          namespace: 'kube-public'
-          command: 'apply'
-          useConfigurationFile: true
-          configurationType: 'inline'
-          inline: |
-            apiVersion: v1
-            kind: Namespace
-            metadata:
-              name: $(namespace)
+        displayName: Helm install latest
+        # inputs:
+        #   helmVersionToInstall: '2.14.2'
 
       - task: HelmDeploy@0
         displayName: 'helm upgrade'
         inputs:
           connectionType: 'Kubernetes Service Connection'
           kubernetesServiceConnection: 'Phonebook Kubernetes Demo Cluster'
-          namespace: $(namespace)
+          arguments: '--namespace $(namespace) --create-namespace --cleanup-on-fail --wait'
           command: upgrade
           chartType: FilePath
           chartPath: '$(Pipeline.Workspace)/$(helm_artifact_name)/phonebook-0.1.0.tgz'
           releaseName: phonebook-$(namespace)
           overrideValues: 'frontend.image.tag=$(image_tag_frontend),frontend.image.repository=$(image_repo),frontend.image.name=$(image_namespace),source.peoplesoft.image.tag=$(image_tag_source_peoplesoft),source.peoplesoft.image.name=$(image_namespace),traefik.enabled=false,host=$(image_tag_frontend).demo-phonebook.aquiver.de'
           valueFile: 'demo/values.yml'
-          recreate: true
-          tillerNamespace: kube-system
 
       - task: Kubernetes@1
         displayName: 'Delete Namespace'
@@ -135,7 +121,7 @@ jobs:
           arguments: 'namespace $(namespace)'
 
   - job: notify
-    displayName: 'Notify Github '
+    displayName: 'Notify Github'
     pool: server
     dependsOn: deploy_preview
     steps:
@@ -179,16 +165,15 @@ jobs:
     steps:
       - checkout: none
       - task: HelmInstaller@1
-        displayName: 'Install Helm 2.14.2'
-        inputs:
-          helmVersionToInstall: 2.14.2
+        displayName: Helm install latest
+        # inputs:
+        #   helmVersionToInstall: '2.14.2'
       - task: HelmDeploy@0
         inputs:
           connectionType: 'Kubernetes Service Connection'
           kubernetesServiceConnection: 'Phonebook Kubernetes Demo Cluster'
           command: 'delete'
-          arguments: '--purge phonebook-$(namespace)'
-          tillerNamespace: kube-system
+          arguments: '--purge phonebook-$(namespace) --namespace $(namespace)'
       - task: Kubernetes@1
         displayName: 'Delete Namespace'
         condition: always()

diff --git a/.azure/pipelines/pr/Phonebook.pr.yml b/.azure/pipelines/pr/Phonebook.pr.yml
@@ -14,16 +14,16 @@ jobs:
       vmImage: 'ubuntu-16.04'
     steps:
       - task: HelmInstaller@1
-        inputs:
-          helmVersionToInstall: '2.14.2'
-      - script: helm dep update
-        workingDirectory: 'Phonebook/phonebook/'
+        displayName: Helm install latest
+        # inputs:
+        #   helmVersionToInstall: '2.14.2'
       - task: HelmDeploy@0
         displayName: Helm package
         inputs:
           command: package
           chartPath: Phonebook/phonebook
           destination: $(Build.ArtifactStagingDirectory)
+          arguments: --dependency-update
       - task: PublishBuildArtifacts@1
         inputs:
           pathToPublish: $(Build.ArtifactStagingDirectory)

diff --git a/Phonebook/local-values.yml b/Phonebook/local-values.yml
@@ -17,42 +17,31 @@ source:
     replicaCount: 1
     environment: Development
 
+# Traefik Configuration
 traefik:
-  enabled: true
-  additional:
-    checkNewVersion: false
-    sendAnonymousUsage: false
-  dashboard:
-    # Enable the dashboard on Traefik
-    enable: true
-    # Expose the dashboard and api through an ingress route at /dashboard
-    # and /api This is not secure and SHOULD NOT be enabled on production
-    # deployments
-    ingressRoute: true
+  deployment:
+    enabled: true
 
+  # Only modify these do not touch "globalArguments"
   additionalArguments:
-    - '--providers.kubernetesingress'
-    - '--api.insecure=true'
-  logs:
-    loglevel: debug
-  globalArguments:
-    - ''
-  # Old
-  # startupArguments:
-  #   - ''
-  # dashboard:
-  #   enabled: true
-  #   domain: board.demo-phonebook.local
-  #   ingress:
-  #     annotations:
-  #       traefik.frontend.priority: '100'
+    - --entrypoints.web.http.redirections.entrypoint.to=:443
+    - --entrypoints.websecure.http.tls.certResolver=default
+    - --certificatesresolvers.default.acme.httpchallenge=true
+    - --certificatesresolvers.default.acme.httpchallenge.entrypoint=web
+    - --certificatesresolvers.default.acme.storage=tmp/acme.json
+    - --certificatesresolvers.default.acme.email=phonebook-t-systems-mms@mg.telekom.de
+    - --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
+    - --api.dashboard=true
+    - --api=true
 
-  ssl:
-    enabled: true
-    enforced: true
-  rbac:
-    enabled: true
-  kubernetes:
-    namespaces:
-      - kube-public
-      - default
+  logs:
+    # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
+    general:
+      # By default, the logs use a text format (common), but you can
+      # also ask for the json format in the format option
+      # format: json
+      # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
+      level: INFO
+    access:
+      # To enable access log
+      enabled: true
diff --git a/Phonebook/phonebook/requirements.lock b/Phonebook/phonebook/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
-  - name: traefik
-    repository: https://containous.github.io/traefik-helm-chart
-    version: 3.4.0
-digest: sha256:69f27dcbfa7eacbaa64365626276506c7050ab2c65d0db8780f4c2adc882d3d6
-generated: '2020-04-08T14:26:29.6008416+02:00'
+- name: traefik
+  repository: https://helm.traefik.io/traefik
+  version: 9.4.3
+digest: sha256:fd64faa165f4cd75bce09c96fd7e5c0222fde2427ace15ce144e32bc452869f3
+generated: "2020-10-11T21:50:24.9918945+02:00"
diff --git a/Phonebook/phonebook/requirements.yaml b/Phonebook/phonebook/requirements.yaml
@@ -1,6 +1,7 @@
 dependencies:
   - name: traefik
     condition: traefik.enabled
-    version: 3.4.0
-    appVersion: 2.1.3
-    repository: https://containous.github.io/traefik-helm-chart
+    version: 9.4.3
+    appVersion: 2.3.1
+    repository: https://helm.traefik.io/traefik
+
diff --git a/Phonebook/phonebook/templates/frontend-deployment.yaml b/Phonebook/phonebook/templates/frontend-deployment.yaml
@@ -1,28 +1,30 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "phonebook.fullname" . }}
+  name: {{ include "phonebook.fullname" . }}-frontend
   labels:
-    app.kubernetes.io/name: {{ include "phonebook.name" . }}
+    app.kubernetes.io/name: {{ include "phonebook.name" . }}-frontend
     helm.sh/chart: {{ include "phonebook.chart" . }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
   replicas: {{ .Values.frontend.replicaCount }}
   selector:
     matchLabels:
-      app.kubernetes.io/name: {{ include "phonebook.name" . }}
+      app.kubernetes.io/name: {{ include "phonebook.name" . }}-frontend
       app.kubernetes.io/instance: {{ .Release.Name }}
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: {{ include "phonebook.name" . }}
+        app.kubernetes.io/name: {{ include "phonebook.name" . }}-frontend
         app.kubernetes.io/instance: {{ .Release.Name }}
+      annotations: 
+        rollme: "{{ now | unixEpoch }}"
     spec:
       nodeSelector:
         'beta.kubernetes.io/os': linux
       containers:
-        - name: {{ .Chart.Name }}-{{ .Values.frontend.name }}
+        - name: {{ .Chart.Name }}-{{ .Values.frontend.name }}-frontend
           image: "{{ .Values.frontend.image.repository }}/{{ .Values.frontend.image.name}}:{{ .Values.frontend.image.tag }}"
           imagePullPolicy: {{ .Values.frontend.image.pullPolicy }}
           ports:
@@ -75,4 +77,4 @@ spec:
     {{- with .Values.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}
-    {{- end }}
+    {{- end }}
diff --git a/Phonebook/phonebook/templates/frontend-ingress.yaml b/Phonebook/phonebook/templates/frontend-ingress.yaml
@@ -1,30 +1,37 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "phonebook.fullname" . -}}
-apiVersion: extensions/v1beta1
-kind: Ingress
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
 metadata:
   name: {{ $fullName }}
+  namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ include "phonebook.name" . }}
+    app.kubernetes.io/name: {{ include "phonebook.name" . }}-frontend
     helm.sh/chart: {{ include "phonebook.chart" . }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
-  annotations:
-    traefik.ingress.kubernetes.io/router.entrypoints: "web"
-    traefik.ingress.kubernetes.io/router.priority: "42"
-    traefik.ingress.kubernetes.io/router.tls: "true"
-    traefik.ingress.kubernetes.io/router.tls.certresolver: http-01
-    kubernetes.io/ingress.class: traefik
-  {{- with .Values.ingress.annotations }}
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
 spec:
-  rules:
-    - host: {{ .Values.host }}
-      http:
-        paths:
-          - path: /
-            backend:
-              serviceName: {{ $fullName }}
-              servicePort: http
+  entryPoints:
+    - web
+    - websecure
+  routes:                           
+  - kind: Rule
+    match: Host(`{{ .Values.host }}`)
+    priority: 40             
+    middlewares:                  
+    - name: ratelimit
+      namespace: {{ .Release.Namespace }}
+    services:                       
+    - kind: Service
+      name: {{ $fullName }}-frontend
+      namespace: {{ .Release.Namespace }}
+      passHostHeader: true
+      port: 80
+      strategy: RoundRobin
+      weight: 10
+  tls:
+    certResolver: default
+    options:                        
+      name: tlsoption
+      namespace: {{ .Release.Namespace }}                
 {{- end }}
diff --git a/Phonebook/phonebook/templates/frontend-service.yaml b/Phonebook/phonebook/templates/frontend-service.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "phonebook.fullname" . }}
+  name: {{ include "phonebook.fullname" . }}-frontend
   labels:
     app.kubernetes.io/name: {{ include "phonebook.name" . }}
     helm.sh/chart: {{ include "phonebook.chart" . }}
@@ -15,5 +15,5 @@ spec:
       protocol: TCP
       name: http
   selector:
-    app.kubernetes.io/name: {{ include "phonebook.name" . }}
+    app.kubernetes.io/name: {{ include "phonebook.name" . }}-frontend
     app.kubernetes.io/instance: {{ .Release.Name }}
diff --git a/Phonebook/phonebook/templates/source-peoplesoft-deployment.yaml b/Phonebook/phonebook/templates/source-peoplesoft-deployment.yaml
@@ -18,6 +18,8 @@ spec:
       labels:
         app.kubernetes.io/name: {{ include "phonebook.name" . }}-peoplesoft
         app.kubernetes.io/instance: {{ .Release.Name }}
+      annotations: 
+        rollme: "{{ now | unixEpoch }}"
     spec:
       nodeSelector:
         'beta.kubernetes.io/os': linux
@@ -32,17 +34,16 @@ spec:
             - name: https
               containerPort: 443
               protocol: TCP
-          # TODO: use when issue #594 is resolved
-          # livenessProbe:
-          #   httpGet:
-          #     path: /health
-          #     port: http
-          #   initialDelaySeconds: 6
-          # readinessProbe:
-          #   httpGet:
-          #     path: /health
-          #     port: http
-          #   initialDelaySeconds: 6
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: http
+            initialDelaySeconds: 6
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: http
+            initialDelaySeconds: 6
           env: 
             - name: ASPNETCORE_ENVIRONMENT
               value: "{{ .Values.source.peoplesoft.environment }}"