diff --git a/templates/traefik/2/README.md b/templates/traefik/2/README.md new file mode 100644 index 0000000..8f2d637 --- /dev/null +++ b/templates/traefik/2/README.md @@ -0,0 +1,55 @@ +# Traefik active load balancer (Experimental) + +### Info: + + This template deploys traefik active load balancers on top of Rancher. The configuration is generated and updated with confd from Rancher metadata. + It would be deployed in hosts with label traefik_lb=true. + +### Config: + +- host_label = "traefik_lb=true" # Host label where to run traefik service. +- http_port = 8080 # Port exposed to get access to the published services. +- https_port = 8443 # Port exposed to get secured access to the published services. +- admin_port = 8000 # Port exposed to get admin access to the traefik service. +- https_enable = + - false: Enable http enpoints and disable https ones. + - true: Enable http and https endpoints. + - only: Enable https endpoints and redirect http to https. +- acme_enable = false # Enable/Disable acme traefik support. +- acme_email = "test@traefik.io" # acme user email +- acme_ondemand = true # acme ondemand parameter. +- ssl_key # Paste your ssl key. *Required if you enable https +- ssl_crt # Paste your ssl crt. *Required if you enable https +- refresh_interval = 10s # Interval to refresh traefik rules.toml from rancher-metadata. + +### Service configuration labels: + +Traefik labels has to be added in your services, in order to get included in traefik dynamic config. + +- traefik.enable = + - true: the service will be published as *service_name.stack_name.traefik_domain* + - stack: the service will be published as *stack_name.traefik_domain*. WARNING: You could have collisions inside services within your stack + - false: the service will not be published +- traefik.domain = < domain > # Domain names to route rule. Multiple values separated by "," > +- traefik.port = < port > # Port to expose throught traefik +- traefik.acme = < true | false > # Enable/disable ACME traefik feature + +### Usage: + + Select Traefik from catalog. + + Set the params. + + Click deploy. + + Services will be accessed throught hosts ip's whith $host_label: + + - http://${service_name}.${stack_name}.${traefik.domain}:${http_port} + - https://${service_name}.${stack_name}.${traefik.domain}:${https_port} + + or + + - http://${stack_name}.${traefik.domain}:${http_port} + - https://${stack_name}.${traefik.domain}:${https_port} + +Note: To access the services, you need to create A or CNAMES dns entries for every one. diff --git a/templates/traefik/2/docker-compose.yml b/templates/traefik/2/docker-compose.yml new file mode 100644 index 0000000..df21943 --- /dev/null +++ b/templates/traefik/2/docker-compose.yml @@ -0,0 +1,39 @@ +traefik: + ports: + - ${admin_port}:8000/tcp + - ${http_port}:${http_port}/tcp + - ${https_port}:${https_port}/tcp + log_driver: '' + labels: + io.rancher.scheduler.global: 'true' + io.rancher.scheduler.affinity:host_label: ${host_label} + io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.sidekicks: traefik-conf + io.rancher.container.hostname_override: container_name + tty: true + log_opt: {} + image: rawmind/alpine-traefik:1.0.2-6 + environment: + - CONF_INTERVAL=${refresh_interval} + - TRAEFIK_HTTP_PORT=${http_port} + - TRAEFIK_HTTPS_PORT=${https_port} + - TRAEFIK_HTTPS_ENABLE=${https_enable} + - TRAEFIK_ACME_ENABLE=${acme_enable} + - TRAEFIK_ACME_EMAIL=${acme_email} + - TRAEFIK_ACME_ONDEMAND=${acme_ondemand} + volumes_from: + - traefik-conf +traefik-conf: + log_driver: '' + labels: + io.rancher.scheduler.global: 'true' + io.rancher.scheduler.affinity:host_label: ${host_label} + io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.container.start_once: 'true' + tty: true + log_opt: {} + image: rawmind/rancher-traefik:0.3.4-6 + net: none + volumes: + - /opt/tools + diff --git a/templates/traefik/2/rancher-compose.yml b/templates/traefik/2/rancher-compose.yml new file mode 100644 index 0000000..dfe59e5 --- /dev/null +++ b/templates/traefik/2/rancher-compose.yml @@ -0,0 +1,95 @@ +.catalog: + name: traefik + version: v1.0.2-rancher1 + description: | + (Experimental) Traefik load balancer. + minimum_rancher_version: v0.59.0 + maintainer: "Raul Sanchez " + uuid: traefik-0 + questions: + - variable: "host_label" + description: "Host label where to run traefik service." + label: "Host label:" + required: true + default: "traefik_lb=true" + type: "string" + - variable: "http_port" + description: "Traefik http public port to listen." + label: "Http port:" + required: true + default: 8080 + type: "int" + - variable: "https_port" + description: "Traefik https public port to listen." + label: "Https port:" + required: true + default: 8443 + type: "int" + - variable: "admin_port" + description: "Traefik admin public port to listen." + label: "Admin port:" + required: true + default: 8000 + type: "int" + - variable: "https_enable" + label: "Enable HTTPS:" + description: | + Enable https working mode. If you activate, you need to fill SSL key and SSL crt in order to work. + default: false + required: true + type: enum + options: + - false + - true + - only + - variable: "acme_enable" + description: "Enable acme support on traefik." + label: "Enable ACME:" + required: true + default: false + type: "boolean" + - variable: "acme_email" + description: "ACME user email." + label: "ACME email:" + required: true + default: "test@traefik.io" + type: "string" + - variable: "acme_ondemand" + description: "Enable acme ondemand." + label: "ACME ondemand:" + required: true + default: true + type: "boolean" + - variable: "ssl_key" + description: "SSL key to secure the service. *Required if you enable https" + label: "SSL key" + type: "multiline" + required: false + default: "" + - variable: "ssl_crt" + description: "SSL cert to secure the service. *Required if you enable https" + label: "SSL crt" + type: "multiline" + required: false + default: "" + - variable: "refresh_interval" + description: "Interval to poll/apply configuration changes." + label: "Refresh Interval (s):" + required: true + default: 10 + type: "int" +traefik: + retain_ip: true + health_check: + port: 8000 + interval: 5000 + unhealthy_threshold: 3 + request_line: 'GET /dashboard/# HTTP/1.0' + healthy_threshold: 2 + response_timeout: 5000 + metadata: + traefik: + ssl_key: | + ${ssl_key} + ssl_crt: | + ${ssl_crt} diff --git a/templates/traefik/3/README.md b/templates/traefik/3/README.md new file mode 100644 index 0000000..8f2d637 --- /dev/null +++ b/templates/traefik/3/README.md @@ -0,0 +1,55 @@ +# Traefik active load balancer (Experimental) + +### Info: + + This template deploys traefik active load balancers on top of Rancher. The configuration is generated and updated with confd from Rancher metadata. + It would be deployed in hosts with label traefik_lb=true. + +### Config: + +- host_label = "traefik_lb=true" # Host label where to run traefik service. +- http_port = 8080 # Port exposed to get access to the published services. +- https_port = 8443 # Port exposed to get secured access to the published services. +- admin_port = 8000 # Port exposed to get admin access to the traefik service. +- https_enable = + - false: Enable http enpoints and disable https ones. + - true: Enable http and https endpoints. + - only: Enable https endpoints and redirect http to https. +- acme_enable = false # Enable/Disable acme traefik support. +- acme_email = "test@traefik.io" # acme user email +- acme_ondemand = true # acme ondemand parameter. +- ssl_key # Paste your ssl key. *Required if you enable https +- ssl_crt # Paste your ssl crt. *Required if you enable https +- refresh_interval = 10s # Interval to refresh traefik rules.toml from rancher-metadata. + +### Service configuration labels: + +Traefik labels has to be added in your services, in order to get included in traefik dynamic config. + +- traefik.enable = + - true: the service will be published as *service_name.stack_name.traefik_domain* + - stack: the service will be published as *stack_name.traefik_domain*. WARNING: You could have collisions inside services within your stack + - false: the service will not be published +- traefik.domain = < domain > # Domain names to route rule. Multiple values separated by "," > +- traefik.port = < port > # Port to expose throught traefik +- traefik.acme = < true | false > # Enable/disable ACME traefik feature + +### Usage: + + Select Traefik from catalog. + + Set the params. + + Click deploy. + + Services will be accessed throught hosts ip's whith $host_label: + + - http://${service_name}.${stack_name}.${traefik.domain}:${http_port} + - https://${service_name}.${stack_name}.${traefik.domain}:${https_port} + + or + + - http://${stack_name}.${traefik.domain}:${http_port} + - https://${stack_name}.${traefik.domain}:${https_port} + +Note: To access the services, you need to create A or CNAMES dns entries for every one. diff --git a/templates/traefik/3/docker-compose.yml b/templates/traefik/3/docker-compose.yml new file mode 100644 index 0000000..4c013f2 --- /dev/null +++ b/templates/traefik/3/docker-compose.yml @@ -0,0 +1,38 @@ +traefik: + ports: + - ${admin_port}:8000/tcp + - ${http_port}:${http_port}/tcp + - ${https_port}:${https_port}/tcp + log_driver: '' + labels: + io.rancher.scheduler.global: 'true' + io.rancher.scheduler.affinity:host_label: ${host_label} + io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.sidekicks: traefik-conf + io.rancher.container.hostname_override: container_name + tty: true + log_opt: {} + image: rawmind/alpine-traefik:1.0.3 + environment: + - CONF_INTERVAL=${refresh_interval} + - TRAEFIK_HTTP_PORT=${http_port} + - TRAEFIK_HTTPS_PORT=${https_port} + - TRAEFIK_HTTPS_ENABLE=${https_enable} + - TRAEFIK_ACME_ENABLE=${acme_enable} + - TRAEFIK_ACME_EMAIL=${acme_email} + - TRAEFIK_ACME_ONDEMAND=${acme_ondemand} + volumes_from: + - traefik-conf +traefik-conf: + log_driver: '' + labels: + io.rancher.scheduler.global: 'true' + io.rancher.scheduler.affinity:host_label: ${host_label} + io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.container.start_once: 'true' + tty: true + log_opt: {} + image: rawmind/rancher-traefik:0.3.4-6 + net: none + volumes: + - /opt/tools diff --git a/templates/traefik/3/rancher-compose.yml b/templates/traefik/3/rancher-compose.yml new file mode 100644 index 0000000..3d2b8c5 --- /dev/null +++ b/templates/traefik/3/rancher-compose.yml @@ -0,0 +1,95 @@ +.catalog: + name: traefik + version: v1.0.3-rancher1 + description: | + (Experimental) Traefik load balancer. + minimum_rancher_version: v0.59.0 + maintainer: "Raul Sanchez " + uuid: traefik-0 + questions: + - variable: "host_label" + description: "Host label where to run traefik service." + label: "Host label:" + required: true + default: "traefik_lb=true" + type: "string" + - variable: "http_port" + description: "Traefik http public port to listen." + label: "Http port:" + required: true + default: 8080 + type: "int" + - variable: "https_port" + description: "Traefik https public port to listen." + label: "Https port:" + required: true + default: 8443 + type: "int" + - variable: "admin_port" + description: "Traefik admin public port to listen." + label: "Admin port:" + required: true + default: 8000 + type: "int" + - variable: "https_enable" + label: "Enable HTTPS:" + description: | + Enable https working mode. If you activate, you need to fill SSL key and SSL crt in order to work. + default: false + required: true + type: enum + options: + - false + - true + - only + - variable: "acme_enable" + description: "Enable acme support on traefik." + label: "Enable ACME:" + required: true + default: false + type: "boolean" + - variable: "acme_email" + description: "ACME user email." + label: "ACME email:" + required: true + default: "test@traefik.io" + type: "string" + - variable: "acme_ondemand" + description: "Enable acme ondemand." + label: "ACME ondemand:" + required: true + default: true + type: "boolean" + - variable: "ssl_key" + description: "SSL key to secure the service. *Required if you enable https" + label: "SSL key" + type: "multiline" + required: false + default: "" + - variable: "ssl_crt" + description: "SSL cert to secure the service. *Required if you enable https" + label: "SSL crt" + type: "multiline" + required: false + default: "" + - variable: "refresh_interval" + description: "Interval to poll/apply configuration changes." + label: "Refresh Interval (s):" + required: true + default: 10 + type: "int" +traefik: + retain_ip: true + health_check: + port: 8000 + interval: 5000 + unhealthy_threshold: 3 + request_line: 'GET /dashboard/# HTTP/1.0' + healthy_threshold: 2 + response_timeout: 5000 + metadata: + traefik: + ssl_key: | + ${ssl_key} + ssl_crt: | + ${ssl_crt} diff --git a/templates/traefik/config.yml b/templates/traefik/config.yml index 726db15..79e8a31 100644 --- a/templates/traefik/config.yml +++ b/templates/traefik/config.yml @@ -1,8 +1,9 @@ name: Traefik description: | (Experimental) Traefik active load balancer -version: v1.0.1-rancher1 +version: v1.0.3-rancher1 category: Load Balancing maintainer: "Raul Sanchez " minimum_rancher_version: v0.59.0 license: +projectURL: https://github.com/rawmind0/alpine-traefik