Updated traefik packages v1.0.2 and v1.0.3. Added acme configuration

2016-09-29 22:23:21 +02:00 · 2016-09-29 22:23:21 +02:00 · 5d4849f5f0
commit 5d4849f5f0
parent c154d188ac
7 changed files with 379 additions and 1 deletions
--- a/templates/traefik/2/README.md
+++ b/templates/traefik/2/README.md
@ -0,0 +1,55 @@
+# Traefik active load balancer (Experimental)
+
+### Info:
+
+ This template deploys traefik active load balancers on top of Rancher. The configuration is generated and updated with confd from Rancher metadata. 
+ It would be deployed in hosts with label traefik_lb=true.
+
+### Config:
+
+- host_label = "traefik_lb=true" # Host label where to run traefik service.
+- http_port = 8080  # Port exposed to get access to the published services.
+- https_port = 8443  # Port exposed to get secured access to the published services.
+- admin_port = 8000  # Port exposed to get admin access to the traefik service.
+- https_enable = <false | true | only>
+  - false: Enable http enpoints and disable https ones.
+  - true: Enable http and https endpoints.
+  - only: Enable https endpoints and redirect http to https.
+- acme_enable = false 				# Enable/Disable acme traefik support.
+- acme_email = "test@traefik.io" 	# acme user email
+- acme_ondemand = true 				# acme ondemand parameter.
+- ssl_key # Paste your ssl key. *Required if you enable https
+- ssl_crt # Paste your ssl crt. *Required if you enable https
+- refresh_interval = 10s  # Interval to refresh traefik rules.toml from rancher-metadata.
+
+### Service configuration labels:
+
+Traefik labels has to be added in your services, in order to get included in traefik dynamic config.
+
+- traefik.enable = <true | false> 
+  - true: the service will be published as *service_name.stack_name.traefik_domain*
+  - stack: the service will be published as *stack_name.traefik_domain*. WARNING: You could have collisions inside services within your stack
+  - false: the service will not be published
+- traefik.domain = < domain >		# Domain names to route rule. Multiple values separated by "," > 
+- traefik.port = < port > 			# Port to expose throught traefik  
+- traefik.acme = < true | false >	# Enable/disable ACME traefik feature
+ 
+### Usage:
+
+ Select Traefik from catalog. 
+ 
+ Set the params.
+
+ Click deploy.
+
+ Services will be accessed throught hosts ip's whith $host_label: 
+
+ - http://${service_name}.${stack_name}.${traefik.domain}:${http_port}
+ - https://${service_name}.${stack_name}.${traefik.domain}:${https_port}
+ 
+ or 
+ 
+ - http://${stack_name}.${traefik.domain}:${http_port}
+ - https://${stack_name}.${traefik.domain}:${https_port}
+
+Note: To access the services, you need to create A or CNAMES dns entries for every one. 
--- a/templates/traefik/2/docker-compose.yml
+++ b/templates/traefik/2/docker-compose.yml
@ -0,0 +1,39 @@
+traefik:
+  ports:
+  - ${admin_port}:8000/tcp
+  - ${http_port}:${http_port}/tcp
+  - ${https_port}:${https_port}/tcp
+  log_driver: ''
+  labels:
+    io.rancher.scheduler.global: 'true'
+    io.rancher.scheduler.affinity:host_label: ${host_label}
+    io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+    io.rancher.sidekicks: traefik-conf
+    io.rancher.container.hostname_override: container_name
+  tty: true
+  log_opt: {}
+  image: rawmind/alpine-traefik:1.0.2-6
+  environment:
+  - CONF_INTERVAL=${refresh_interval}
+  - TRAEFIK_HTTP_PORT=${http_port}
+  - TRAEFIK_HTTPS_PORT=${https_port}
+  - TRAEFIK_HTTPS_ENABLE=${https_enable}
+  - TRAEFIK_ACME_ENABLE=${acme_enable}
+  - TRAEFIK_ACME_EMAIL=${acme_email}
+  - TRAEFIK_ACME_ONDEMAND=${acme_ondemand}
+  volumes_from:
+  - traefik-conf
+traefik-conf:
+  log_driver: ''
+  labels:
+    io.rancher.scheduler.global: 'true'
+    io.rancher.scheduler.affinity:host_label: ${host_label}
+    io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+    io.rancher.container.start_once: 'true'
+  tty: true
+  log_opt: {}
+  image: rawmind/rancher-traefik:0.3.4-6
+  net: none
+  volumes:
+    - /opt/tools
+
--- a/templates/traefik/2/rancher-compose.yml
+++ b/templates/traefik/2/rancher-compose.yml
@ -0,0 +1,95 @@
+.catalog:
+  name: traefik
+  version: v1.0.2-rancher1
+  description: |
+    (Experimental) Traefik load balancer.
+  minimum_rancher_version: v0.59.0
+  maintainer: "Raul Sanchez <rawmind@gmail.com>"
+  uuid: traefik-0
+  questions:
+    - variable: "host_label"
+      description: "Host label where to run traefik service."
+      label: "Host label:"
+      required: true
+      default: "traefik_lb=true" 
+      type: "string"
+    - variable: "http_port"
+      description: "Traefik http public port to listen."
+      label: "Http port:"
+      required: true
+      default: 8080
+      type: "int"
+    - variable: "https_port"
+      description: "Traefik https public port to listen."
+      label: "Https port:"
+      required: true
+      default: 8443
+      type: "int"
+    - variable: "admin_port"
+      description: "Traefik admin public port to listen."
+      label: "Admin port:"
+      required: true
+      default: 8000 
+      type: "int"
+    - variable: "https_enable"
+      label: "Enable HTTPS:"
+      description: |
+        Enable https working mode. If you activate, you need to fill SSL key and SSL crt in order to work.
+      default: false
+      required: true
+      type: enum
+      options:
+        - false
+        - true
+        - only
+    - variable: "acme_enable"
+      description: "Enable acme support on traefik."
+      label: "Enable ACME:"
+      required: true
+      default: false 
+      type: "boolean"
+    - variable: "acme_email"
+      description: "ACME user email."
+      label: "ACME email:"
+      required: true
+      default: "test@traefik.io" 
+      type: "string"
+    - variable: "acme_ondemand"
+      description: "Enable acme ondemand."
+      label: "ACME ondemand:"
+      required: true
+      default: true 
+      type: "boolean"
+    - variable: "ssl_key"
+      description: "SSL key to secure the service. *Required if you enable https"
+      label: "SSL key"
+      type: "multiline"
+      required: false
+      default: ""
+    - variable: "ssl_crt"
+      description: "SSL cert to secure the service. *Required if you enable https"
+      label: "SSL crt"
+      type: "multiline"
+      required: false
+      default: ""
+    - variable: "refresh_interval"
+      description: "Interval to poll/apply configuration changes." 
+      label: "Refresh Interval (s):"
+      required: true
+      default: 10 
+      type: "int"
+traefik:
+  retain_ip: true
+  health_check:
+    port: 8000
+    interval: 5000
+    unhealthy_threshold: 3
+    request_line: 'GET /dashboard/# HTTP/1.0'
+    healthy_threshold: 2
+    response_timeout: 5000
+  metadata:
+    traefik:
+      ssl_key: |
+        ${ssl_key}
+      ssl_crt: |
+        ${ssl_crt}
--- a/templates/traefik/3/README.md
+++ b/templates/traefik/3/README.md
@ -0,0 +1,55 @@
+# Traefik active load balancer (Experimental)
+
+### Info:
+
+ This template deploys traefik active load balancers on top of Rancher. The configuration is generated and updated with confd from Rancher metadata. 
+ It would be deployed in hosts with label traefik_lb=true.
+
+### Config:
+
+- host_label = "traefik_lb=true" # Host label where to run traefik service.
+- http_port = 8080  # Port exposed to get access to the published services.
+- https_port = 8443  # Port exposed to get secured access to the published services.
+- admin_port = 8000  # Port exposed to get admin access to the traefik service.
+- https_enable = <false | true | only>
+  - false: Enable http enpoints and disable https ones.
+  - true: Enable http and https endpoints.
+  - only: Enable https endpoints and redirect http to https.
+- acme_enable = false 				# Enable/Disable acme traefik support.
+- acme_email = "test@traefik.io" 	# acme user email
+- acme_ondemand = true 				# acme ondemand parameter.
+- ssl_key # Paste your ssl key. *Required if you enable https
+- ssl_crt # Paste your ssl crt. *Required if you enable https
+- refresh_interval = 10s  # Interval to refresh traefik rules.toml from rancher-metadata.
+
+### Service configuration labels:
+
+Traefik labels has to be added in your services, in order to get included in traefik dynamic config.
+
+- traefik.enable = <true | false> 
+  - true: the service will be published as *service_name.stack_name.traefik_domain*
+  - stack: the service will be published as *stack_name.traefik_domain*. WARNING: You could have collisions inside services within your stack
+  - false: the service will not be published
+- traefik.domain = < domain >		# Domain names to route rule. Multiple values separated by "," > 
+- traefik.port = < port > 			# Port to expose throught traefik  
+- traefik.acme = < true | false >	# Enable/disable ACME traefik feature
+ 
+### Usage:
+
+ Select Traefik from catalog. 
+ 
+ Set the params.
+
+ Click deploy.
+
+ Services will be accessed throught hosts ip's whith $host_label: 
+
+ - http://${service_name}.${stack_name}.${traefik.domain}:${http_port}
+ - https://${service_name}.${stack_name}.${traefik.domain}:${https_port}
+ 
+ or 
+ 
+ - http://${stack_name}.${traefik.domain}:${http_port}
+ - https://${stack_name}.${traefik.domain}:${https_port}
+
+Note: To access the services, you need to create A or CNAMES dns entries for every one. 
--- a/templates/traefik/3/docker-compose.yml
+++ b/templates/traefik/3/docker-compose.yml
@ -0,0 +1,38 @@
+traefik:
+  ports:
+  - ${admin_port}:8000/tcp
+  - ${http_port}:${http_port}/tcp
+  - ${https_port}:${https_port}/tcp
+  log_driver: ''
+  labels:
+    io.rancher.scheduler.global: 'true'
+    io.rancher.scheduler.affinity:host_label: ${host_label}
+    io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+    io.rancher.sidekicks: traefik-conf
+    io.rancher.container.hostname_override: container_name
+  tty: true
+  log_opt: {}
+  image: rawmind/alpine-traefik:1.0.3
+  environment:
+  - CONF_INTERVAL=${refresh_interval}
+  - TRAEFIK_HTTP_PORT=${http_port}
+  - TRAEFIK_HTTPS_PORT=${https_port}
+  - TRAEFIK_HTTPS_ENABLE=${https_enable}
+  - TRAEFIK_ACME_ENABLE=${acme_enable}
+  - TRAEFIK_ACME_EMAIL=${acme_email}
+  - TRAEFIK_ACME_ONDEMAND=${acme_ondemand}
+  volumes_from:
+  - traefik-conf
+traefik-conf:
+  log_driver: ''
+  labels:
+    io.rancher.scheduler.global: 'true'
+    io.rancher.scheduler.affinity:host_label: ${host_label}
+    io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name}
+    io.rancher.container.start_once: 'true'
+  tty: true
+  log_opt: {}
+  image: rawmind/rancher-traefik:0.3.4-6
+  net: none
+  volumes:
+    - /opt/tools
--- a/templates/traefik/3/rancher-compose.yml
+++ b/templates/traefik/3/rancher-compose.yml
@ -0,0 +1,95 @@
+.catalog:
+  name: traefik
+  version: v1.0.3-rancher1
+  description: |
+    (Experimental) Traefik load balancer.
+  minimum_rancher_version: v0.59.0
+  maintainer: "Raul Sanchez <rawmind@gmail.com>"
+  uuid: traefik-0
+  questions:
+    - variable: "host_label"
+      description: "Host label where to run traefik service."
+      label: "Host label:"
+      required: true
+      default: "traefik_lb=true" 
+      type: "string"
+    - variable: "http_port"
+      description: "Traefik http public port to listen."
+      label: "Http port:"
+      required: true
+      default: 8080
+      type: "int"
+    - variable: "https_port"
+      description: "Traefik https public port to listen."
+      label: "Https port:"
+      required: true
+      default: 8443
+      type: "int"
+    - variable: "admin_port"
+      description: "Traefik admin public port to listen."
+      label: "Admin port:"
+      required: true
+      default: 8000 
+      type: "int"
+    - variable: "https_enable"
+      label: "Enable HTTPS:"
+      description: |
+        Enable https working mode. If you activate, you need to fill SSL key and SSL crt in order to work.
+      default: false
+      required: true
+      type: enum
+      options:
+        - false
+        - true
+        - only
+    - variable: "acme_enable"
+      description: "Enable acme support on traefik."
+      label: "Enable ACME:"
+      required: true
+      default: false 
+      type: "boolean"
+    - variable: "acme_email"
+      description: "ACME user email."
+      label: "ACME email:"
+      required: true
+      default: "test@traefik.io" 
+      type: "string"
+    - variable: "acme_ondemand"
+      description: "Enable acme ondemand."
+      label: "ACME ondemand:"
+      required: true
+      default: true 
+      type: "boolean"
+    - variable: "ssl_key"
+      description: "SSL key to secure the service. *Required if you enable https"
+      label: "SSL key"
+      type: "multiline"
+      required: false
+      default: ""
+    - variable: "ssl_crt"
+      description: "SSL cert to secure the service. *Required if you enable https"
+      label: "SSL crt"
+      type: "multiline"
+      required: false
+      default: ""
+    - variable: "refresh_interval"
+      description: "Interval to poll/apply configuration changes." 
+      label: "Refresh Interval (s):"
+      required: true
+      default: 10 
+      type: "int"
+traefik:
+  retain_ip: true
+  health_check:
+    port: 8000
+    interval: 5000
+    unhealthy_threshold: 3
+    request_line: 'GET /dashboard/# HTTP/1.0'
+    healthy_threshold: 2
+    response_timeout: 5000
+  metadata:
+    traefik:
+      ssl_key: |
+        ${ssl_key}
+      ssl_crt: |
+        ${ssl_crt}
--- a/templates/traefik/config.yml
+++ b/templates/traefik/config.yml
@ -1,8 +1,9 @@
 name: Traefik
 description: |
  (Experimental) Traefik active load balancer
-version: v1.0.1-rancher1
+version: v1.0.3-rancher1
 category: Load Balancing
 maintainer: "Raul Sanchez <rawmind@gmail.com>"
 minimum_rancher_version: v0.59.0
 license: 
+projectURL: https://github.com/rawmind0/alpine-traefik