From aa3927a4296b1d292b41db2929bfeb12456f9971 Mon Sep 17 00:00:00 2001 From: Srinivas Surishetty Date: Tue, 16 Jan 2018 12:40:44 +0530 Subject: [PATCH 01/20] Update docker-compose.yml --- templates/avi/2/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/avi/2/docker-compose.yml b/templates/avi/2/docker-compose.yml index 137a8ee..55aa12c 100644 --- a/templates/avi/2/docker-compose.yml +++ b/templates/avi/2/docker-compose.yml @@ -1,5 +1,5 @@ avi: - image: avinetworks/avi-rancher-controller:2017-12-01T194110.475015629Z + image: avinetworks/avi-rancher-controller:2018-01-15T13-14-21.462733879Z expose: - 1000 environment: From 8c57fd0c300279a104e643f88114f64a5cfac370 Mon Sep 17 00:00:00 2001 From: Max Schmitt Date: Fri, 16 Mar 2018 17:32:02 +0100 Subject: [PATCH 02/20] updated hetzner ui driver --- machine-templates/hetzner/1/checksum | 1 + machine-templates/hetzner/1/rancher-compose.yml | 3 +++ machine-templates/hetzner/1/uiUrl | 1 + machine-templates/hetzner/1/url | 1 + machine-templates/hetzner/config.yml | 2 +- 5 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 machine-templates/hetzner/1/checksum create mode 100644 machine-templates/hetzner/1/rancher-compose.yml create mode 100644 machine-templates/hetzner/1/uiUrl create mode 100644 machine-templates/hetzner/1/url diff --git a/machine-templates/hetzner/1/checksum b/machine-templates/hetzner/1/checksum new file mode 100644 index 0000000..2be88bb --- /dev/null +++ b/machine-templates/hetzner/1/checksum @@ -0,0 +1 @@ +00f8be1f5f3ca11275d931080cf1aac7 \ No newline at end of file diff --git a/machine-templates/hetzner/1/rancher-compose.yml b/machine-templates/hetzner/1/rancher-compose.yml new file mode 100644 index 0000000..4672a77 --- /dev/null +++ b/machine-templates/hetzner/1/rancher-compose.yml @@ -0,0 +1,3 @@ +.catalog: + name: hetzner + version: "1.0.1" diff --git a/machine-templates/hetzner/1/uiUrl b/machine-templates/hetzner/1/uiUrl new file mode 100644 index 0000000..6711be7 --- /dev/null +++ b/machine-templates/hetzner/1/uiUrl @@ -0,0 +1 @@ +https://storage.googleapis.com/hcloud-rancher-v1-ui-driver/component.js \ No newline at end of file diff --git a/machine-templates/hetzner/1/url b/machine-templates/hetzner/1/url new file mode 100644 index 0000000..7c4e614 --- /dev/null +++ b/machine-templates/hetzner/1/url @@ -0,0 +1 @@ +https://github.com/JonasProgrammer/docker-machine-driver-hetzner/releases/download/1.0.0/docker-machine-driver-hetzner_1.0.0_linux_amd64.tar.gz \ No newline at end of file diff --git a/machine-templates/hetzner/config.yml b/machine-templates/hetzner/config.yml index e860529..2dd6ac8 100644 --- a/machine-templates/hetzner/config.yml +++ b/machine-templates/hetzner/config.yml @@ -1,2 +1,2 @@ name: hetzner -version: "1.0.0" +version: "1.0.1" From d2039defebd9060dd9d394b1b50742ec7d9e3196 Mon Sep 17 00:00:00 2001 From: Max Schmitt Date: Tue, 20 Mar 2018 22:13:18 +0100 Subject: [PATCH 03/20] updated catalog icon to new hcloud logo --- machine-templates/hetzner/catalogIcon-hetzner.svg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machine-templates/hetzner/catalogIcon-hetzner.svg b/machine-templates/hetzner/catalogIcon-hetzner.svg index c261689..0af1e50 100644 --- a/machine-templates/hetzner/catalogIcon-hetzner.svg +++ b/machine-templates/hetzner/catalogIcon-hetzner.svg @@ -1 +1 @@ - \ No newline at end of file + From 49ba0c1a5e3a74cdbd18fda60187df9fc4faeae6 Mon Sep 17 00:00:00 2001 From: Max Schmitt Date: Wed, 21 Mar 2018 13:23:51 +0100 Subject: [PATCH 04/20] hetzner: updated docker driver for cloud-init support --- machine-templates/hetzner/1/checksum | 2 +- machine-templates/hetzner/1/url | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/machine-templates/hetzner/1/checksum b/machine-templates/hetzner/1/checksum index 2be88bb..49d39d8 100644 --- a/machine-templates/hetzner/1/checksum +++ b/machine-templates/hetzner/1/checksum @@ -1 +1 @@ -00f8be1f5f3ca11275d931080cf1aac7 \ No newline at end of file +1b1c6e0ce8669ae76e7ea9fd7c8de32d \ No newline at end of file diff --git a/machine-templates/hetzner/1/url b/machine-templates/hetzner/1/url index 7c4e614..6a52f3d 100644 --- a/machine-templates/hetzner/1/url +++ b/machine-templates/hetzner/1/url @@ -1 +1 @@ -https://github.com/JonasProgrammer/docker-machine-driver-hetzner/releases/download/1.0.0/docker-machine-driver-hetzner_1.0.0_linux_amd64.tar.gz \ No newline at end of file +https://github.com/JonasProgrammer/docker-machine-driver-hetzner/releases/download/1.1.0/docker-machine-driver-hetzner_1.1.0_linux_amd64.tar.gz \ No newline at end of file From f19a7d1ad96b822bf6bbb7fc6f3228d9b6b2c85f Mon Sep 17 00:00:00 2001 From: srinivas Date: Sun, 25 Mar 2018 13:06:00 +0530 Subject: [PATCH 05/20] Added new Avi version --- templates/avi/2/docker-compose.yml | 2 +- templates/avi/3/README.md | 29 +++++++++++++++ templates/avi/3/docker-compose.yml | 13 +++++++ templates/avi/3/rancher-compose.yml | 57 +++++++++++++++++++++++++++++ templates/avi/config.yml | 2 +- 5 files changed, 101 insertions(+), 2 deletions(-) create mode 100644 templates/avi/3/README.md create mode 100644 templates/avi/3/docker-compose.yml create mode 100644 templates/avi/3/rancher-compose.yml diff --git a/templates/avi/2/docker-compose.yml b/templates/avi/2/docker-compose.yml index 55aa12c..137a8ee 100644 --- a/templates/avi/2/docker-compose.yml +++ b/templates/avi/2/docker-compose.yml @@ -1,5 +1,5 @@ avi: - image: avinetworks/avi-rancher-controller:2018-01-15T13-14-21.462733879Z + image: avinetworks/avi-rancher-controller:2017-12-01T194110.475015629Z expose: - 1000 environment: diff --git a/templates/avi/3/README.md b/templates/avi/3/README.md new file mode 100644 index 0000000..5f11ed2 --- /dev/null +++ b/templates/avi/3/README.md @@ -0,0 +1,29 @@ +Avi Vantage Platform Load Balancer Provider +======== + +## About Avi Vantage Platform +The [Avi Vantage Platform](https://avinetworks.com/software-load-balancer-for-any-cloud/) is built on software-defined architectural principles to create a centrally managed pool of distributed load balancers to deliver application services close to the applications. + +## About this provider +This provider load balances Rancher services using Avi Vantage Platform Load Balancer. It uses REST API to update the Avi controller which enables the Avi Service Engines to load balance the Rancher Services. + +## Usage + +1. Deploy the stack for this provider from Rancher Community Catalog. + While deploying, you need to give the username, password, + Avi Controller IP address, Avi Controller Port, the Cloud name + where Virtual Services and Pools are created. +2. Create services in Rancher with public host port mapping and corresponding + Virtual services are created in Avi. All CRUD operations on services get + reflected in Avi Controller and Service Engine. +3. You can scale out/in the service and the changes will get reflected on + Avi Controller and Service Engine. + +### Using Rancher Secrets for Avi Password + +Optionally, you can use the Rancher Secrets to pass the Avi controller +password instead of using environment variable. +1. Run the Rancher Secrets service before deploying this provider stack. +2. Create a secret named "avi-creds". +3. While deploying the Avi provider stack, use the "avi-creds" secret + for Avi Provider service. diff --git a/templates/avi/3/docker-compose.yml b/templates/avi/3/docker-compose.yml new file mode 100644 index 0000000..00d0f0a --- /dev/null +++ b/templates/avi/3/docker-compose.yml @@ -0,0 +1,13 @@ +avi: + image: avinetworks/avi-rancher-controller:latest + expose: + - 1000 + environment: + AVI_USER: ${AVI_USER} + AVI_PASSWORD: ${AVI_PASSWORD} + AVI_CONTROLLER_ADDR: ${AVI_CONTROLLER_ADDR} + AVI_CONTROLLER_PORT: ${AVI_CONTROLLER_PORT} + AVI_SSL_VERIFY: ${AVI_SSL_VERIFY} + AVI_CLOUD_NAME: ${AVI_CLOUD_NAME} + AVI_DNS_SUBDOMAIN: ${AVI_DNS_SUBDOMAIN} + AVI_TENANT: ${AVI_TENANT} diff --git a/templates/avi/3/rancher-compose.yml b/templates/avi/3/rancher-compose.yml new file mode 100644 index 0000000..e08fb73 --- /dev/null +++ b/templates/avi/3/rancher-compose.yml @@ -0,0 +1,57 @@ +.catalog: + name: Avi Vantange Platform Load Balancer + version: "v2-Avi" + description: "External LB service powered by Avi Vantage Platform" + minimum_rancher_version: v1.1.0 + questions: + - variable: "AVI_USER" + label: "Avi account username" + description: "User name for your account on Avi Controller" + type: "string" + required: true + - variable: "AVI_PASSWORD" + label: "Avi user account password" + description: "Password for your account on Avi Controller" + type: "password" + required: false + - variable: "AVI_CONTROLLER_ADDR" + label: "Avi Controller IP Address" + description: "IP Address of the Avi Controller" + type: "string" + required: true + - variable: "AVI_CONTROLLER_PORT" + label: "Avi Controller Port (Optional)" + description: "Port on which Avi Controller is listening for API requests" + type: "string" + required: false + - variable: "AVI_CLOUD_NAME" + label: "Avi Cloud Name (Optional)" + description: "Name of Avi Cloud in which Virtual Services are created" + required: false + type: "string" + - variable: "AVI_SSL_VERIFY" + label: "Avi SSL Verify (Optional)" + description: "SSL certificate validation while connecting to Avi Controller" + required: false + type: "boolean" + default: false + - variable: "AVI_DNS_SUBDOMAIN" + label: "Avi VS subdomain" + description: "Avi Virtual services are created with the subdomain config" + type: "string" + required: false + - variable: "AVI_TENANT" + label: "Avi tenant name" + description: "Avi Virtual service created in tenant" + type: "string" + required: false + default: admin + +avi: + health_check: + port: 1000 + interval: 5000 + unhealthy_threshold: 2 + request_line: GET / HTTP/1.0 + healthy_threshold: 2 + response_timeout: 2000 diff --git a/templates/avi/config.yml b/templates/avi/config.yml index c8641fd..e9ad6dc 100644 --- a/templates/avi/config.yml +++ b/templates/avi/config.yml @@ -1,5 +1,5 @@ name: Avi Vantage Platform description: | External LB service powered by Avi Vantage Platform -version: v1-Avi +version: v2-Avi category: Load Balancing From ffb61694a57efc7e718be0d15a0e96a94fb15738 Mon Sep 17 00:00:00 2001 From: cr0hn Date: Sun, 25 Mar 2018 16:01:39 +0200 Subject: [PATCH 06/20] Update README.md - Added an small FAQ - Added usage examples - Added new label 'traefik.frontend.rule', more useful to add your own domains --- templates/traefik/20/README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/templates/traefik/20/README.md b/templates/traefik/20/README.md index de5e2e8..1648ee8 100644 --- a/templates/traefik/20/README.md +++ b/templates/traefik/20/README.md @@ -70,6 +70,7 @@ Use this labels if you choose extenal rancher integration. - traefik.backend.loadbalancer.method = < drr | wrr > # Override default lb algorithm `drr` - traefik.backend.circuitbreaker.expression = < expression > # Override default backend circuitbreaker expression `NetworkErrorRatio() > 0.5` - traefik.frontend.passHostHeader = < true | false > # Forward client Host header to the backend. Default `true` +- traefik.frontend.rule = < rule > # Rule for host. Usually used to specify a host. I.e: 'Host:MySite.com' - traefik.weight = < weight > # Override default backend weight `5` - traefik.alias = < alias > # Alternate names to route rule. Multiple values separated by ",". traefik.domain is appended. WARNING: You could have collisions BE CAREFULL - traefik.alias.fqdn = < alias fqdn > # Alternate names to route rule. Multiple values separated by ",". traefik.domain must be defined but is not appended here. @@ -102,4 +103,24 @@ More info [rancher-traefik](https://github.com/rawmind0/rancher-traefik) Note: To access the services, you need to create A or CNAMES dns entries for every one. +### Usage examples + +#### Setup Traefik for a custom domain + +You must set these labels for the service your want to expose: +- traefik.port = 8080 +- traefik.acme = true +- traefik.frontend.rule = Host:MyCustoDomain.com +- traefik.enable = true + +### F.A.Q + +#### Q: Traefik doesn't expose my service + +Depending of de Traefik configuration we can diffenciate two cases: +- If you configured Traefik with label *rancher_healthcheck=true* -> ensure your service has a healthcheck +- If you configured Traefik without healthcheck, then check the Traefik log. Some times Traefik fails when try to load an invalid config and, before that, doesn't load new services -> restart Traefik should fix that + +### References + [traefik rancher backend]: https://docs.traefik.io/configuration/backends/rancher/#labels-overriding-default-behaviour From 6fc5f53a5d8f9288d1ab9626f04e917eb74562c7 Mon Sep 17 00:00:00 2001 From: cr0hn Date: Mon, 26 Mar 2018 11:23:34 +0200 Subject: [PATCH 07/20] Update README.md --- templates/traefik/20/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/traefik/20/README.md b/templates/traefik/20/README.md index 1648ee8..b986f73 100644 --- a/templates/traefik/20/README.md +++ b/templates/traefik/20/README.md @@ -70,7 +70,6 @@ Use this labels if you choose extenal rancher integration. - traefik.backend.loadbalancer.method = < drr | wrr > # Override default lb algorithm `drr` - traefik.backend.circuitbreaker.expression = < expression > # Override default backend circuitbreaker expression `NetworkErrorRatio() > 0.5` - traefik.frontend.passHostHeader = < true | false > # Forward client Host header to the backend. Default `true` -- traefik.frontend.rule = < rule > # Rule for host. Usually used to specify a host. I.e: 'Host:MySite.com' - traefik.weight = < weight > # Override default backend weight `5` - traefik.alias = < alias > # Alternate names to route rule. Multiple values separated by ",". traefik.domain is appended. WARNING: You could have collisions BE CAREFULL - traefik.alias.fqdn = < alias fqdn > # Alternate names to route rule. Multiple values separated by ",". traefik.domain must be defined but is not appended here. @@ -111,6 +110,7 @@ You must set these labels for the service your want to expose: - traefik.port = 8080 - traefik.acme = true - traefik.frontend.rule = Host:MyCustoDomain.com + - traefik.enable = true ### F.A.Q From 00c22f856379a11b17d5407ab32d5e083ff9810b Mon Sep 17 00:00:00 2001 From: rawmind0 Date: Mon, 26 Mar 2018 12:35:57 +0200 Subject: [PATCH 08/20] Updated traefik package to v1.5.4 --- templates/traefik/20/README.md | 19 +- templates/traefik/21/README.md | 136 ++++++++++ templates/traefik/21/docker-compose.yml.tpl | 133 ++++++++++ templates/traefik/21/rancher-compose.yml | 277 ++++++++++++++++++++ templates/traefik/config.yml | 2 +- 5 files changed, 559 insertions(+), 8 deletions(-) create mode 100644 templates/traefik/21/README.md create mode 100644 templates/traefik/21/docker-compose.yml.tpl create mode 100644 templates/traefik/21/rancher-compose.yml diff --git a/templates/traefik/20/README.md b/templates/traefik/20/README.md index b986f73..dc82647 100644 --- a/templates/traefik/20/README.md +++ b/templates/traefik/20/README.md @@ -88,7 +88,7 @@ Use this labels if you choose extenal rancher integration. WARNING: Only services with healthy state are added to traefik, so health checks are mandatory. -More info [rancher-traefik](https://github.com/rawmind0/rancher-traefik) +More info [rancher-traefik][rancher-traefik] ### Usage: @@ -107,20 +107,25 @@ Note: To access the services, you need to create A or CNAMES dns entries for eve #### Setup Traefik for a custom domain You must set these labels for the service your want to expose: +- traefik.enable = true - traefik.port = 8080 - traefik.acme = true -- traefik.frontend.rule = Host:MyCustoDomain.com - -- traefik.enable = true +- traefik.frontend.rule = Host:MyCustoDomain.com (`api` or `metadata` rancher integration) +- traefik.domain = MyCustoDomain.com (`external` rancher integration) ### F.A.Q +#### Q: Traefik doesn't apply labels + +Depending on traefik rancher integration, available labels are differents. +- [api and metadata][traefik rancher backend] +- [external][rancher-traefik] + #### Q: Traefik doesn't expose my service -Depending of de Traefik configuration we can diffenciate two cases: +Depending on Traefik configuration we can diffenciate two cases: - If you configured Traefik with label *rancher_healthcheck=true* -> ensure your service has a healthcheck - If you configured Traefik without healthcheck, then check the Traefik log. Some times Traefik fails when try to load an invalid config and, before that, doesn't load new services -> restart Traefik should fix that -### References - [traefik rancher backend]: https://docs.traefik.io/configuration/backends/rancher/#labels-overriding-default-behaviour +[rancher-traefik]: https://github.com/rawmind0/rancher-traefik diff --git a/templates/traefik/21/README.md b/templates/traefik/21/README.md new file mode 100644 index 0000000..e426e5a --- /dev/null +++ b/templates/traefik/21/README.md @@ -0,0 +1,136 @@ +# Traefik active load balancer + +### Info: + + This template deploys traefik active load balancers on top of Rancher. The configuration is generated and updated with confd from Rancher metadata. + It would be deployed in hosts with label traefik_lb=true. + +### Config: + +- rancher_integration = "metadata" # Rancher integration method. +- rancher_healthcheck = false # Enable/Disable traefik rancher services healthcheck filter. Only valid for api and metadata integration. +- usage_enable = false # Enable/disable send Traefik [anonymous usage collection](https://docs.traefik.io/basics/#collected-data) +- constraints = "" # Traefik constraints for rancher provider. Only valid for api and metadata integration. +- host_label = "traefik_lb=true" # Host label where to run traefik service. +- http_port = 8080 # Port exposed to get access to the published services. +- https_port = 8443 # Port exposed to get secured access to the published services. +- admin_port = 8000 # Port exposed to get admin access to the traefik service. +- admin_ssl = false # Enable/Disable ssl on api, rest, ping and webui using `ssl_key` and `ssl_crt` +- https_enable = + - false: Enable http enpoints and disable https ones. + - true: Enable http and https endpoints. + - only: Enable https endpoints and redirect http to https. +- https_min_tls = "" # See the [traefik documentation](https://docs.traefik.io/configuration/entrypoints/#specify-minimum-tls-version) for allowed values. +- trusted_ips="" # Enable [proxyProtocol](https://docs.traefik.io/configuration/entrypoints/#proxyprotocol) and [forwardHeaders](https://docs.traefik.io/configuration/entrypoints/#forwarded-header) for these IPs (eg: "172.0.0.0/16,192.168.0.1") +- acme_enable = false # Enable/Disable acme traefik support. [acme](https://docs.traefik.io/configuration/acme/) +- acme_email = "test@traefik.io" # acme user email +- acme_challenge = http # acme challenge parameter. WIP to support dns. +- acme_onhostrule = true # acme onHostRule parameter. +- acme_caserver = "https://acme-v01.api.letsencrypt.org/directory" # acme caServer parameter. +- acme_vol_name = "traefik_acme_vol" # Volume name to user by acme sidekick +- acme_vol_driver = "local" # Volume driver to user by acme sidekick +- ssl_key # Paste your ssl key. *Required if you enable https +- ssl_crt # Paste your ssl crt. *Required if you enable https +- insecure_skip = false # Enable InsecureSkipVerify param. +- compress_enable = true # Enable traefik compression +- timeout_read="0" # respondingTimeouts [readTimeout](https://docs.traefik.io/configuration/commons/#responding-timeouts) +- timeout_write="0" # respondingTimeouts [writeTimeout](https://docs.traefik.io/configuration/commons/#responding-timeouts) +- timeout_idle="180" # respondingTimeouts [idleTimeout](https://docs.traefik.io/configuration/commons/#responding-timeouts) +- timeout_dial="30" # forwardingTimeouts [dialTimeout](https://docs.traefik.io/configuration/commons/#forwarding-timeouts) +- timeout_header="0" # forwardingTimeouts [responseHeaderTimeout](https://docs.traefik.io/configuration/commons/#forwarding-timeouts) +- refresh_interval = 10s # Interval to refresh traefik rules.toml from rancher-metadata. +- admin_readonly = false # Set REST API to read-only mode. +- admin_statistics = 10 # Enable more detailed statistics, extend recent errors number. +- admin_auth_method = "basic" # Selec auth method, basic or digest. +- admin_users = "" # Paste basic or digest users created with htdigest, one user per line. +- metrics_enable="false" # Enable/disable traefik [metrics](https://docs.traefik.io/configuration/metrics/) +- metrics_exporter="" # Metrics exporter prometheus | datadog | statsd | influxdb +- metrics_push="10" # Metrics exporter push interval (s). datadog | statsd | influxdb +- metrics_address="" # Metrics exporter address. datadog | statsd | influxdb +- metrics_prometheus_buckets="[0.1,0.3,1.2,5.0]" # Metrics buckets for prometheus + +### Service configuration labels: + +Traefik labels has to be added to your services, in order to get included in traefik config. + +#### Metadata or api + +Please use traefik defined labels if you choose metadata or api rancher integration. + +[Traefik rancher backend labels][traefik rancher backend] + +Metadata is the prefered and recommended rancher integration. + +#### External + +Use this labels if you choose extenal rancher integration. + +- traefik.enable = < true | stack | false > #Controls if you want to publish or not the service + - true: the service will be published as *service_name.stack_name.traefik_domain* + - stack: the service will be published as *stack_name.domain*. WARNING: You can have collisions inside services within your stack + - false: the service will not be published +- traefik.priority = # Override for frontend priority. Default `5` +- traefik.protocol = < http | https > # Override the default protocol `http` +- traefik.sticky = < true | false > # Enable/disable sticky sessions to the backend. Default `false` +- traefik.backend.loadbalancer.method = < drr | wrr > # Override default lb algorithm `drr` +- traefik.backend.circuitbreaker.expression = < expression > # Override default backend circuitbreaker expression `NetworkErrorRatio() > 0.5` +- traefik.frontend.passHostHeader = < true | false > # Forward client Host header to the backend. Default `true` +- traefik.weight = < weight > # Override default backend weight `5` +- traefik.alias = < alias > # Alternate names to route rule. Multiple values separated by ",". traefik.domain is appended. WARNING: You could have collisions BE CAREFULL +- traefik.alias.fqdn = < alias fqdn > # Alternate names to route rule. Multiple values separated by ",". traefik.domain must be defined but is not appended here. +- traefik.domain = < domain.name > # Domain names to route rules. Multiple domains separated by "," +- traefik.domain.regexp = < domain.regexp > # Domain name regexp rule. Multiple domains separated by "," +- traefik.port = # port to expose throught traefik. Default `80` +- traefik.acme = < true | false > # Enable/disable ACME traefik feature. Default `false` +- traefik.path = < path > # Path rule. Multiple values separated by "," +- traefik.path.strip = < path > # Path strip rule. Multiple values separated by "," +- traefik.path.prefix = < path > # Path prefix rule. Multiple values separated by "," +- traefik.path.prefix.strip = < path > # Path prefix strip rule. Multiple values separated by "," +- traefik.ratelimit.enable = < true | false > # Enable/disabe rate-limiting based on client ip. Default `false` +- traefik.ratelimit.period = < n > # Replace n with desired amount of seconds in which traefik is checking the limits "average" and "burst". Default `10` +- traefik.ratelimit.average = < n > # Change to desired average allowed requests by client ip. Default `100` +- traefik.ratelimit.burst = < n > # State what limit the client ip is allowed to burst up to respectively. Default `200` + +WARNING: Only services with healthy state are added to traefik, so health checks are mandatory. + +More info [rancher-traefik][rancher-traefik] + +### Usage: + + Select Traefik from catalog. + + Set the params. + + Click deploy. + + Access your traefik admin service at $admin_port to see your published services. + +Note: To access the services, you need to create A or CNAMES dns entries for every one. + +### Usage examples + +#### Setup Traefik for a custom domain + +You must set these labels for the service your want to expose: +- traefik.enable = true +- traefik.port = 8080 +- traefik.acme = true +- traefik.frontend.rule = Host:MyCustoDomain.com (`api` or `metadata` rancher integration) +- traefik.domain = MyCustoDomain.com (`external` rancher integration) + +### F.A.Q + +#### Q: Traefik doesn't apply labels + +Depending on traefik rancher integration, available labels are differents. +- [api and metadata][traefik rancher backend] +- [external][rancher-traefik] + +#### Q: Traefik doesn't expose my service + +Depending on Traefik configuration we can diffenciate two cases: +- If you configured Traefik with label *rancher_healthcheck=true* -> ensure your service has a healthcheck +- If you configured Traefik without healthcheck, then check the Traefik log. Some times Traefik fails when try to load an invalid config and, before that, doesn't load new services -> restart Traefik should fix that + +[traefik rancher backend]: https://docs.traefik.io/configuration/backends/rancher/#labels-overriding-default-behaviour +[rancher-traefik]: https://github.com/rawmind0/rancher-traefik diff --git a/templates/traefik/21/docker-compose.yml.tpl b/templates/traefik/21/docker-compose.yml.tpl new file mode 100644 index 0000000..6c351b9 --- /dev/null +++ b/templates/traefik/21/docker-compose.yml.tpl @@ -0,0 +1,133 @@ +version: '2' +services: + traefik: + ports: + - ${admin_port}:${admin_port}/tcp + - ${http_port}:${http_port}/tcp + {{- if ne .Values.https_enable "false"}} + - ${https_port}:${https_port}/tcp + {{- end}} + labels: + io.rancher.scheduler.global: 'true' + io.rancher.scheduler.affinity:host_label: ${host_label} + io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + {{- if eq .Values.rancher_integration "api"}} + io.rancher.container.agent.role: environment + io.rancher.container.create_agent: 'true' + {{- end}} + {{- if or (eq .Values.rancher_integration "external") (eq .Values.acme_enable "true")}} + io.rancher.sidekicks: + {{- if eq .Values.rancher_integration "external"}} traefik-conf + {{- if eq .Values.acme_enable "true" -}},{{- end -}} + {{- end -}} + {{- if eq .Values.acme_enable "true" -}} + {{- if ne .Values.rancher_integration "external"}} traefik-acme + {{- else -}}traefik-acme + {{- end -}} + {{- end -}} + {{- end}} + io.rancher.container.hostname_override: container_name + image: rawmind/alpine-traefik:1.5.4-1 + environment: + - TRAEFIK_HTTP_PORT=${http_port} + - TRAEFIK_HTTP_COMPRESSION=${compress_enable} + - TRAEFIK_HTTPS_PORT=${https_port} + - TRAEFIK_HTTPS_ENABLE=${https_enable} + - TRAEFIK_HTTPS_COMPRESSION=${compress_enable} + - TRAEFIK_USAGE_ENABLE=${usage_enable} + - TRAEFIK_TIMEOUT_READ=${timeout_read} + - TRAEFIK_TIMEOUT_WRITE=${timeout_write} + - TRAEFIK_TIMEOUT_IDLE=${timeout_idle} + - TRAEFIK_TIMEOUT_DIAL=${timeout_dial} + - TRAEFIK_TIMEOUT_HEADER=${timeout_header} + {{- if ne .Values.https_min_tls ""}} + - TRAEFIK_HTTPS_MIN_TLS=${https_min_tls} + {{- end}} + {{- if ne .Values.trusted_ips ""}} + - TRAEFIK_TRUSTEDIPS=${trusted_ips} + {{- end}} + {{- if ne .Values.ssl_key ""}} + - TRAEFIK_SSL_KEY=${ssl_key} + {{- end}} + {{- if ne .Values.ssl_crt ""}} + - TRAEFIK_SSL_CRT=${ssl_crt} + {{- end}} + - TRAEFIK_INSECURE_SKIP=${insecure_skip} + - TRAEFIK_ADMIN_ENABLE=true + - TRAEFIK_ADMIN_PORT=${admin_port} + - TRAEFIK_ADMIN_SSL=${admin_ssl} + - TRAEFIK_ADMIN_STATISTICS=${admin_statistics} + - TRAEFIK_ADMIN_AUTH_METHOD=${admin_auth_method} + - TRAEFIK_ADMIN_AUTH_USERS=${admin_users} + {{- if eq .Values.acme_enable "true"}} + - TRAEFIK_ACME_ENABLE=${acme_enable} + - TRAEFIK_ACME_EMAIL=${acme_email} + - TRAEFIK_ACME_CHALLENGE=${acme_challenge} + - TRAEFIK_ACME_CHALLENGE_HTTP_ENTRYPOINT=http + - TRAEFIK_ACME_ONHOSTRULE=${acme_onhostrule} + - TRAEFIK_ACME_CASERVER=${acme_caserver} + {{- end}} + {{- if ne .Values.rancher_integration "external"}} + - TRAEFIK_RANCHER_ENABLE=true + - TRAEFIK_FILE_ENABLE=false + - TRAEFIK_CONSTRAINTS=${constraints} + - TRAEFIK_RANCHER_HEALTHCHECK=${rancher_healthcheck} + - TRAEFIK_RANCHER_MODE=${rancher_integration} + {{- else}} + - TRAEFIK_FILE_ENABLE=true + {{- end}} + {{- if eq .Values.metrics_enable "true"}} + - TRAEFIK_METRICS_ENABLE=${metrics_enable} + - TRAEFIK_METRICS_EXPORTER=${metrics_exporter} + - TRAEFIK_METRICS_PUSH=${metrics_push} + - TRAEFIK_METRICS_ADDRESS=${metrics_address} + - TRAEFIK_METRICS_PROMETHEUS_BUCKETS=${metrics_prometheus_buckets} + {{- end}} + {{- if or (eq .Values.rancher_integration "external") (eq .Values.acme_enable "true")}} + volumes_from: + {{- if eq .Values.rancher_integration "external"}} + - traefik-conf + {{- end}} + {{- if eq .Values.acme_enable "true"}} + - traefik-acme + {{- end}} + {{- end}} + {{- if eq .Values.rancher_integration "external"}} + traefik-conf: + labels: + io.rancher.scheduler.global: 'true' + io.rancher.scheduler.affinity:host_label: ${host_label} + io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.container.start_once: 'true' + image: rawmind/rancher-traefik:1.5.0-0 + network_mode: none + volumes: + - tools-volume:/opt/tools + {{- end}} + {{- if eq .Values.acme_enable "true"}} + traefik-acme: + network_mode: none + labels: + io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.container.hostname_override: container_name + io.rancher.container.start_once: true + environment: + - SERVICE_UID=10001 + - SERVICE_GID=10001 + - SERVICE_VOLUME=/opt/traefik/acme + volumes: + - ${acme_vol_name}:/opt/traefik/acme + image: rawmind/alpine-volume:0.0.2-1 + {{- end}} +{{- if or (eq .Values.rancher_integration "external") (eq .Values.acme_enable "true")}} +volumes: + {{- if eq .Values.rancher_integration "external"}} + tools-volume: + driver: local + per_container: true + {{- end}} + {{- if eq .Values.acme_enable "true"}} + ${acme_vol_name}: + driver: ${acme_vol_driver} + {{- end}} +{{- end}} diff --git a/templates/traefik/21/rancher-compose.yml b/templates/traefik/21/rancher-compose.yml new file mode 100644 index 0000000..ea0911f --- /dev/null +++ b/templates/traefik/21/rancher-compose.yml @@ -0,0 +1,277 @@ +version: '2' +catalog: + name: traefik + version: v1.5.4-rancher1 + description: | + Traefik load balancer. + minimum_rancher_version: v0.59.0 + maintainer: "Raul Sanchez " + uuid: traefik-0 + questions: + - variable: "rancher_integration" + label: "Choose rancher integration:" + description: | + Enable rancher integration mode. Traefik built in integration, metadata or api, or external sidekick integration with confd. + default: metadata + required: true + type: enum + options: + - metadata + - api + - external + - variable: "rancher_healthcheck" + description: | + Enable/disable rancher services healtcheck filter. If enable, just healthy services will be published. + Only valid for api and metadata integration. + label: "Rancher healthcheck filter:" + required: true + default: false + type: "boolean" + - variable: "usage_enable" + description: | + Enable/disable send anonymous usage collection to Traefik. See https://docs.traefik.io/basics/#collected-data + label: "Traefik send anonymous usage:" + required: true + default: false + type: "boolean" + - variable: "constraints" + description: | + Traefik constraints for rancher provider. Eg: "tag==api" + Only valid for api and metadata integration. + label: "Traefik constraints:" + required: false + default: "" + type: "string" + - variable: "host_label" + description: "Host label where to run traefik service." + label: "Host label:" + required: true + default: "traefik_lb=true" + type: "string" + - variable: "http_port" + description: "Traefik http public port to listen." + label: "Http port:" + required: true + default: 8080 + type: "int" + - variable: "https_port" + description: "Traefik https public port to listen." + label: "Https port:" + required: true + default: 8443 + type: "int" + - variable: "admin_port" + description: "Traefik admin public port to listen for api, rest, ping and webui." + label: "Admin port:" + required: true + default: 8000 + type: "int" + - variable: "admin_ssl" + description: "Enable ssl for api, rest, ping and webui." + label: "Admin ssl:" + required: true + default: false + type: "boolean" + - variable: "https_enable" + label: "Https enable:" + description: | + Enable https working mode. If you activate, you need to fill SSL key and SSL crt in order to work. + default: false + required: true + type: enum + options: + - false + - true + - only + - variable: "https_min_tls" + description: | + Minimal allowed tls version to accept connections from. + See the traefik documentation for allowed values. Default is `VersionTLS12`. + label: "Https min tls:" + required: false + default: "" + type: "string" + - variable: "trusted_ips" + description: | + Enable proxyProtocol and forwardHeaders just for trusted IPs. Eg: `172.0.0.0/16,192.168.0.1` + See the traefik documentation for more info. Default is ``. + label: "Trusted IPs:" + required: false + default: "" + type: "string" + - variable: "acme_enable" + description: "Enable acme support on traefik." + label: "ACME enable:" + required: true + default: false + type: "boolean" + - variable: "acme_email" + description: "ACME user email." + label: "ACME email:" + required: true + default: "test@traefik.io" + type: "string" + - variable: "acme_challenge" + description: "ACME challenge." + label: "ACME challenge:" + required: true + default: http + type: enum + options: # List of options if using type of `enum` + - http + - variable: "acme_onhostrule" + description: "Enable acme onHostRule." + label: "ACME onHostRule:" + required: true + default: true + type: "boolean" + - variable: "acme_caserver" + description: "ACME caServer to use." + label: "ACME caServer:" + required: true + default: "https://acme-v01.api.letsencrypt.org/directory" + type: "string" + - variable: "acme_vol_name" + description: "The volume name shared to store ACME certs" + label: "ACME Volume Name" + required: true + default: "traefik_acme_vol" + type: "string" + - variable: "acme_vol_driver" + description: "The volume driver shared to store ACME certs" + label: "ACME Volume Driver" + required: true + default: "local" + type: enum + options: # List of options if using type of `enum` + - local + - rancher-nfs + - rancher-efs + - rancher-ebs + - variable: "ssl_key" + description: "SSL key to secure the service. *Required if you enable https or admin ssl" + label: "Https key" + type: "multiline" + required: false + default: "" + - variable: "ssl_crt" + description: "SSL cert to secure the service. *Required if you enable https or admin ssl" + label: "Https crt" + type: "multiline" + required: false + default: "" + - variable: "insecure_skip" + description: "Enable InsecureSkipVerify param." + label: "InsecureSkipVerify:" + required: true + default: false + type: "boolean" + - variable: "compress_enable" + label: "Enable compression:" + description: | + Enable Traefik compression for entrypoints. + default: true + required: true + type: "boolean" + - variable: "timeout_read" + label: "Timeout read:" + description: | + Traefik respondingTimeouts readTimeout (s). + default: 0 + required: true + type: "int" + - variable: "timeout_write" + label: "Timeout write:" + description: | + Traefik respondingTimeouts writeTimeout (s). + default: 0 + required: true + type: "int" + - variable: "timeout_idle" + label: "Timeout idle:" + description: | + Traefik respondingTimeouts idleTimeout (s). + default: 180 + required: true + type: "int" + - variable: "timeout_dial" + label: "Timeout dial:" + description: | + Traefik forwardingTimeouts dialTimeout (s). + default: 30 + required: true + type: "int" + - variable: "timeout_header" + label: "Timeout header:" + description: | + Traefik forwardingTimeouts responseHeaderTimeout (s). + default: 0 + required: true + type: "int" + - variable: "admin_statistics" + description: "Enable more detailed statistics." + label: "Admin statistics history:" + required: true + default: 10 + type: "int" + - variable: "admin_auth_method" + description: "Admin auth method on api, rest and webui." + label: "Admin auth method:" + required: true + default: "basic" + type: enum + options: # List of options if using type of `enum` + - basic + - digest + - variable: "admin_users" + description: "Admin auth user list on api, rest and webui. Generate with htpassword for basic or htdigest with traefik realm for digest." + label: "Admin users:" + type: "multiline" + required: false + default: "" + - variable: "metrics_enable" + description: "Enable traefik metrics." + label: "Metrics enable" + default: false + required: true + type: "boolean" + - variable: "metrics_exporter" + description: "Traefik metrics exporter." + label: "Metrics exporter:" + required: false + default: + type: enum + options: # List of options if using type of `enum` + - prometheus + - datadog + - statsd + - influxdb + - variable: "metrics_push" + description: "Traefik metrics exporter push interval. Apply on datadog, statsd and influxdb." + label: "Metrics push interval (s):" + required: false + default: 10 + type: "int" + - variable: "metrics_address" + description: "Traefik metrics exporter address to push. Apply on datadog, statsd and influxdb." + label: "Metrics address:" + required: false + default: "" + type: "string" + - variable: "metrics_prometheus_buckets" + description: "Traefik metrics buckets for prometheus." + label: "Metrics prometheus buckets" + default: "[0.1,0.3,1.2,5.0]" + required: false + type: "string" +services: + traefik: + retain_ip: true + health_check: + healthy_threshold: 2 + response_timeout: 5000 + port: ${admin_port} + unhealthy_threshold: 3 + interval: 5000 + strategy: recreate + diff --git a/templates/traefik/config.yml b/templates/traefik/config.yml index 65fd4c3..dfed582 100644 --- a/templates/traefik/config.yml +++ b/templates/traefik/config.yml @@ -1,7 +1,7 @@ name: Traefik description: | Traefik active load balancer -version: v1.5.3-rancher1 +version: v1.5.4-rancher1 category: Load Balancing maintainer: "Raul Sanchez " license: From 26ffb9c8053238a4fb8c32b183c6d3436a94596d Mon Sep 17 00:00:00 2001 From: Christophe Kyvrakidis Date: Sat, 24 Mar 2018 15:49:08 +0100 Subject: [PATCH 09/20] Update es-cluster to 6.2.3 --- templates/es-cluster/4/README.md | 5 + templates/es-cluster/4/docker-compose.yml.tpl | 122 ++++++++++++++++++ templates/es-cluster/4/rancher-compose.yml | 111 ++++++++++++++++ templates/es-cluster/config.yml | 4 +- 4 files changed, 240 insertions(+), 2 deletions(-) create mode 100644 templates/es-cluster/4/README.md create mode 100644 templates/es-cluster/4/docker-compose.yml.tpl create mode 100644 templates/es-cluster/4/rancher-compose.yml diff --git a/templates/es-cluster/4/README.md b/templates/es-cluster/4/README.md new file mode 100644 index 0000000..c662188 --- /dev/null +++ b/templates/es-cluster/4/README.md @@ -0,0 +1,5 @@ +# Elasticsearch Cluster + +A scalable Elasticsearch cluster + +WARN: To avoid vm.max_map_count errors you could set "Update host sysctl" to true. Then param vm.max_map_count will be update to 262144 if it's less in your hosts. diff --git a/templates/es-cluster/4/docker-compose.yml.tpl b/templates/es-cluster/4/docker-compose.yml.tpl new file mode 100644 index 0000000..6ed93e0 --- /dev/null +++ b/templates/es-cluster/4/docker-compose.yml.tpl @@ -0,0 +1,122 @@ +version: '2' +services: + es-master: + labels: + io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.container.hostname_override: container_name + io.rancher.sidekicks: es-storage{{- if eq .Values.UPDATE_SYSCTL "true" -}},es-sysctl{{- end}} + image: docker.elastic.co/elasticsearch/elasticsearch:6.2.3 + environment: + - "cluster.name=${cluster_name}" + - "node.name=$${HOSTNAME}" + - "bootstrap.memory_lock=true" + - "xpack.security.enabled=false" + - "ES_JAVA_OPTS=-Xms${master_heap_size} -Xmx${master_heap_size}" + - "discovery.zen.ping.unicast.hosts=es-master" + - "discovery.zen.minimum_master_nodes=${minimum_master_nodes}" + - "node.master=true" + - "node.data=false" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + mem_limit: ${master_mem_limit} + mem_swappiness: 0 + cap_add: + - IPC_LOCK + volumes_from: + - es-storage + + es-data: + labels: + io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.container.hostname_override: container_name + io.rancher.sidekicks: es-storage{{- if eq .Values.UPDATE_SYSCTL "true" -}},es-sysctl{{- end}} + image: docker.elastic.co/elasticsearch/elasticsearch:6.2.3 + environment: + - "cluster.name=${cluster_name}" + - "node.name=$${HOSTNAME}" + - "bootstrap.memory_lock=true" + - "xpack.security.enabled=false" + - "discovery.zen.ping.unicast.hosts=es-master" + - "ES_JAVA_OPTS=-Xms${data_heap_size} -Xmx${data_heap_size}" + - "node.master=false" + - "node.data=true" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + mem_limit: ${data_mem_limit} + mem_swappiness: 0 + cap_add: + - IPC_LOCK + volumes_from: + - es-storage + depends_on: + - es-master + + es-client: + labels: + io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.container.hostname_override: container_name + io.rancher.sidekicks: es-storage{{- if eq .Values.UPDATE_SYSCTL "true" -}},es-sysctl{{- end}} + image: docker.elastic.co/elasticsearch/elasticsearch:6.2.3 + environment: + - "cluster.name=${cluster_name}" + - "node.name=$${HOSTNAME}" + - "bootstrap.memory_lock=true" + - "xpack.security.enabled=false" + - "discovery.zen.ping.unicast.hosts=es-master" + - "ES_JAVA_OPTS=-Xms${client_heap_size} -Xmx${client_heap_size}" + - "node.master=false" + - "node.data=false" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + mem_limit: ${client_mem_limit} + mem_swappiness: 0 + cap_add: + - IPC_LOCK + volumes_from: + - es-storage + depends_on: + - es-master + + es-storage: + labels: + io.rancher.container.start_once: true + network_mode: none + image: rawmind/alpine-volume:0.0.2-1 + environment: + - SERVICE_UID=1000 + - SERVICE_GID=1000 + - SERVICE_VOLUME=/usr/share/elasticsearch/data + volumes: + - es-storage-volume:/usr/share/elasticsearch/data + + {{- if eq .Values.UPDATE_SYSCTL "true" }} + es-sysctl: + labels: + io.rancher.container.start_once: true + network_mode: none + image: rawmind/alpine-sysctl:0.1 + privileged: true + environment: + - "SYSCTL_KEY=vm.max_map_count" + - "SYSCTL_VALUE=262144" + {{- end}} + +volumes: + es-storage-volume: + driver: ${VOLUME_DRIVER} + per_container: true diff --git a/templates/es-cluster/4/rancher-compose.yml b/templates/es-cluster/4/rancher-compose.yml new file mode 100644 index 0000000..287c035 --- /dev/null +++ b/templates/es-cluster/4/rancher-compose.yml @@ -0,0 +1,111 @@ +version: '2' +catalog: + name: Elasticsearch Cluster + version: 6.2.3-rancher1 + description: Scalable Elasticsearch Cluster + + questions: + - variable: "cluster_name" + type: "string" + required: true + label: "Cluster name" + description: "Name of the Elasticsearch Cluster" + default: "es-cluster" + + - variable: "UPDATE_SYSCTL" + label: "Update host sysctl:" + description: | + Set true to avoid vm.max_map_count errors. + WARN: If set true, host param vm.max_map_count will be update to 262144. + default: false + required: true + type: enum + options: + - false + - true + + - variable: "master_heap_size" + type: "string" + required: true + label: "Heap size (master nodes)" + description: "Heap size to be allocated for Java (master nodes)" + default: "512m" + + - variable: "master_mem_limit" + type: "int" + required: true + label: "Memory limit in byte (master nodes)" + description: "Memory limit in Byte per elasticsearch container. AT LEAST double the heap size! (master nodes)" + default: 1073741824 + + - variable: "data_heap_size" + type: "string" + required: true + label: "Heap size (data nodes)" + description: "Heap size to be allocated for Java (data nodes)" + default: "512m" + + - variable: "data_mem_limit" + type: "int" + required: true + label: "Memory limit in byte (data nodes)" + description: "Memory limit in Byte per elasticsearch container. AT LEAST double the heap size! (data nodes)" + default: 1073741824 + + - variable: "client_heap_size" + type: "string" + required: true + label: "Heap size (client nodes)" + description: "Heap size to be allocated for Java (client nodes)" + default: "512m" + + - variable: "client_mem_limit" + type: "int" + required: true + label: "Memory limit in byte (client nodes)" + description: "Memory limit in Byte per elasticsearch container. AT LEAST double the heap size! (client nodes)" + default: 1073741824 + + - variable: "minimum_master_nodes" + type: "int" + required: true + label: "# of minimum Master Nodes" + description: "Set the number of required master nodes to reach quorum. Sets initial scale to this value as well" + default: 3 + + - variable: "initial_data_nodes" + type: "int" + required: true + label: "# of initial data nodes" + description: "Set the initial number of data nodes" + default: 2 + + - variable: "initial_client_nodes" + type: "int" + required: true + label: "# of initial client nodes" + description: "Set the initial number of client nodes" + default: 1 + + - variable: "VOLUME_DRIVER" + description: "The VOLUME driver to associate with this server" + label: "VOLUME Driver" + required: true + default: "local" + type: enum + options: + - local + - rancher-nfs + - rancher-efs + - rancher-ebs + +services: + + es-master: + scale: ${minimum_master_nodes} + + es-data: + scale: ${initial_data_nodes} + + es-client: + scale: ${initial_client_nodes} diff --git a/templates/es-cluster/config.yml b/templates/es-cluster/config.yml index bb8b8c6..ce6d654 100644 --- a/templates/es-cluster/config.yml +++ b/templates/es-cluster/config.yml @@ -1,5 +1,5 @@ -name: Elasticsearch Cluster 5.5.1 +name: Elasticsearch Cluster 6.2.3 description: | Elasticsearch, you know for search! -version: 5.5.1-rancher1 +version: 6.2.3-rancher1 category: ELK From 4619f9a23edc4584b8d15f9a9c8c761fe856e8e0 Mon Sep 17 00:00:00 2001 From: Christophe Kyvrakidis Date: Mon, 26 Mar 2018 14:19:55 +0200 Subject: [PATCH 10/20] Update kibana to 6.2.3 --- templates/kibana/4/docker-compose.yml | 33 +++++++++++ templates/kibana/4/rancher-compose.yml | 24 ++++++++ templates/kibana/catalogIcon-kibana.svg | 79 ++++++++++++++----------- templates/kibana/config.yml | 4 +- 4 files changed, 104 insertions(+), 36 deletions(-) create mode 100644 templates/kibana/4/docker-compose.yml create mode 100644 templates/kibana/4/rancher-compose.yml diff --git a/templates/kibana/4/docker-compose.yml b/templates/kibana/4/docker-compose.yml new file mode 100644 index 0000000..1287953 --- /dev/null +++ b/templates/kibana/4/docker-compose.yml @@ -0,0 +1,33 @@ +kibana-vip: + ports: + - "${public_port}:80" + restart: always + tty: true + image: rancher/load-balancer-service + links: + - nginx-proxy:kibana6 + stdin_open: true +nginx-proxy-conf: + image: rancher/nginx-conf:v0.2.0 + command: "-backend=rancher --prefix=/2015-07-25" + labels: + io.rancher.container.hostname_override: container_name +nginx-proxy: + image: rancher/nginx:v1.9.4-3 + volumes_from: + - nginx-proxy-conf + labels: + io.rancher.container.hostname_override: container_name + io.rancher.sidekicks: nginx-proxy-conf,kibana6 + external_links: + - ${elasticsearch_source}:elasticsearch +kibana6: + restart: always + tty: true + image: docker.elastic.co/kibana/kibana:6.2.3 + net: "container:nginx-proxy" + stdin_open: true + environment: + ELASTICSEARCH_URL: "http://elasticsearch:9200" + labels: + io.rancher.container.hostname_override: container_name diff --git a/templates/kibana/4/rancher-compose.yml b/templates/kibana/4/rancher-compose.yml new file mode 100644 index 0000000..37b8723 --- /dev/null +++ b/templates/kibana/4/rancher-compose.yml @@ -0,0 +1,24 @@ +.catalog: + name: "Kibana" + version: "6.2.3-rancher1" + description: "Kibana: Explore & Visualize Your Data" + questions: + - variable: "elasticsearch_source" + description: "Link to elasticsearch service or stack/service" + label: "Elasticsearch source" + type: "service" + required: true + default: "es/elasticsearch-clients" + - variable: "public_port" + label: "Public Port" + description: "Unique public port for Kibana" + type: "int" + default: 80 + required: true + +nginx-proxy: + metadata: + nginx: + conf: + servername: "kibana" + upstream_port: 5601 diff --git a/templates/kibana/catalogIcon-kibana.svg b/templates/kibana/catalogIcon-kibana.svg index 6f5091e..5cac2fb 100644 --- a/templates/kibana/catalogIcon-kibana.svg +++ b/templates/kibana/catalogIcon-kibana.svg @@ -1,34 +1,45 @@ - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/templates/kibana/config.yml b/templates/kibana/config.yml index cdadc3d..41d5de4 100644 --- a/templates/kibana/config.yml +++ b/templates/kibana/config.yml @@ -1,4 +1,4 @@ -name: "Kibana 4" +name: "Kibana" description: "Visualization dashboard" -version: "4.6.3-rancher1" +version: "6.2.3-rancher1" category: ELK From f97d512f9f32a02c29e800dd58ec07bdc083e1d7 Mon Sep 17 00:00:00 2001 From: Christophe Kyvrakidis Date: Mon, 26 Mar 2018 15:53:56 +0200 Subject: [PATCH 11/20] Update logstash to 6.2.3 --- templates/logstash/4/docker-compose.yml | 54 ++++++ templates/logstash/4/rancher-compose.yml | 73 +++++++ templates/logstash/catalogIcon-logstash.svg | 200 ++++++-------------- templates/logstash/config.yml | 2 +- 4 files changed, 184 insertions(+), 145 deletions(-) create mode 100644 templates/logstash/4/docker-compose.yml create mode 100644 templates/logstash/4/rancher-compose.yml diff --git a/templates/logstash/4/docker-compose.yml b/templates/logstash/4/docker-compose.yml new file mode 100644 index 0000000..8743df8 --- /dev/null +++ b/templates/logstash/4/docker-compose.yml @@ -0,0 +1,54 @@ +logstash-indexer-config: + restart: always + image: rancher/logstash-config:v0.2.0 + labels: + io.rancher.container.hostname_override: container_name +redis: + restart: always + tty: true + image: redis:3.2.6-alpine + stdin_open: true + labels: + io.rancher.container.hostname_override: container_name +logstash-indexer: + restart: always + tty: true + volumes_from: + - logstash-indexer-config + command: + - logstash + - -f + - /etc/logstash + image: docker.elastic.co/logstash/logstash:6.2.3 + links: + - redis:redis + external_links: + - ${elasticsearch_link}:elasticsearch + stdin_open: true + labels: + io.rancher.sidekicks: logstash-indexer-config + io.rancher.container.hostname_override: container_name +logstash-collector-config: + restart: always + image: rancher/logstash-config:v0.2.0 + labels: + io.rancher.container.hostname_override: container_name +logstash-collector: + restart: always + tty: true + links: + - redis:redis + ports: + - "5000/udp" + - "6000/tcp" + volumes_from: + - logstash-collector-config + command: + - logstash + - -f + - /etc/logstash + image: docker.elastic.co/logstash/logstash:6.2.3 + stdin_open: true + labels: + io.rancher.sidekicks: logstash-collector-config + io.rancher.container.hostname_override: container_name diff --git a/templates/logstash/4/rancher-compose.yml b/templates/logstash/4/rancher-compose.yml new file mode 100644 index 0000000..b5cde38 --- /dev/null +++ b/templates/logstash/4/rancher-compose.yml @@ -0,0 +1,73 @@ +.catalog: + name: "Logstash" + version: "6.2.3-rancher1" + description: "Logstash: Process Any Data, From Any Source" + questions: + - variable: "collector_inputs" + description: | + Logstash collection tier inputs. These will be added + directly to input { } section of logstash.conf + label: "Logstash inputs" + type: "multiline" + required: true + default: | + udp { + port => 5000 + codec => "json" + } + - variable: "indexer_filters" + description: | + Logstash indexing tier filters. These will be added + directly to filter { } section of logstash.conf + label: "Logstash filters" + type: "multiline" + required: false + default: "" + - variable: "indexer_outputs" + description: | + Logstash indexing tier outputs. These will be added + directly to output { } section of logstash.conf + label: "Logstash outputs" + type: "multiline" + required: true + default: | + elasticsearch { + hosts => ["elasticsearch.rancher.internal:9200"] + } + stdout { + codec => rubydebug + } + - variable: "elasticsearch_link" + description: | + stack/service link or external service link to elasticsearch + cluster. + label: "Elasticsearch stack/service" + default: "es/elasticsearch-clients" + required: true + type: "service" +logstash-indexer: + metadata: + logstash: + inputs: | + redis { + host => "redis.rancher.internal" + port => "6379" + data_type => "list" + key => "logstash" + } + filters: | + ${indexer_filters} + outputs: | + ${indexer_outputs} +logstash-collector: + metadata: + logstash: + inputs: | + ${collector_inputs} + outputs: | + redis { + host => "redis.rancher.internal" + port => "6379" + data_type => "list" + key => "logstash" + } diff --git a/templates/logstash/catalogIcon-logstash.svg b/templates/logstash/catalogIcon-logstash.svg index 15f65af..c3928f3 100644 --- a/templates/logstash/catalogIcon-logstash.svg +++ b/templates/logstash/catalogIcon-logstash.svg @@ -1,145 +1,57 @@ - - - - - - - - - - image/svg+xml - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/templates/logstash/config.yml b/templates/logstash/config.yml index aff47ca..27a7319 100644 --- a/templates/logstash/config.yml +++ b/templates/logstash/config.yml @@ -1,5 +1,5 @@ name: Logstash description: | Centralize data processing of all types -version: 5.1.1-rancher1 +version: 6.2.3-rancher1 category: ELK From 3d676df8973f829e317778aa5be0906e5b040eef Mon Sep 17 00:00:00 2001 From: rawmind0 Date: Thu, 29 Mar 2018 18:01:21 +0200 Subject: [PATCH 12/20] Feat: infoblox package option to use rancher secrets intead env variable for password --- infra-templates/infoblox/1/README.md | 7 ++++ infra-templates/infoblox/1/docker-compose.yml | 16 --------- .../infoblox/1/docker-compose.yml.tpl | 35 +++++++++++++++++++ .../infoblox/1/rancher-compose.yml | 2 +- 4 files changed, 43 insertions(+), 17 deletions(-) delete mode 100644 infra-templates/infoblox/1/docker-compose.yml create mode 100644 infra-templates/infoblox/1/docker-compose.yml.tpl diff --git a/infra-templates/infoblox/1/README.md b/infra-templates/infoblox/1/README.md index 3f3636b..e012c6e 100644 --- a/infra-templates/infoblox/1/README.md +++ b/infra-templates/infoblox/1/README.md @@ -4,6 +4,13 @@ Rancher External DNS service powered by Infoblox DNS #### Usage +##### Using Rancher Secrets for infloblox Password + +Optionally, you can use the Rancher Secrets to pass infloblox password instead of using environment variable. +1. Run the Rancher Secrets service before deploying this provider stack. +2. Create a secret named "infoblox-pass". +3. Deploy this stack, emptying `Infoblox password` field. + ##### Supported host labels `io.rancher.host.external_dns_ip` diff --git a/infra-templates/infoblox/1/docker-compose.yml b/infra-templates/infoblox/1/docker-compose.yml deleted file mode 100644 index 9208a36..0000000 --- a/infra-templates/infoblox/1/docker-compose.yml +++ /dev/null @@ -1,16 +0,0 @@ -infoblox: - image: rancher/external-dns:v0.7.8 - command: -provider=infoblox - expose: - - 1000 - environment: - INFOBLOX_URL: ${INFOBLOX_URL} - INFOBLOX_USER_NAME: ${INFOBLOX_USER_NAME} - INFOBLOX_PASSWORD: ${INFOBLOX_PASSWORD} - ROOT_DOMAIN: ${ROOT_DOMAIN} - SSL_VERIFY: ${SSL_VERIFY} - USE_COOKIES: ${USE_COOKIES} - TTL: ${TTL} - labels: - io.rancher.container.create_agent: "true" - io.rancher.container.agent.role: "external-dns" diff --git a/infra-templates/infoblox/1/docker-compose.yml.tpl b/infra-templates/infoblox/1/docker-compose.yml.tpl new file mode 100644 index 0000000..817104e --- /dev/null +++ b/infra-templates/infoblox/1/docker-compose.yml.tpl @@ -0,0 +1,35 @@ +version: '2' +services: + infoblox: + image: rancher/external-dns:v0.7.8 + expose: + - 1000 + environment: + INFOBLOX_URL: ${INFOBLOX_URL} + INFOBLOX_USER_NAME: ${INFOBLOX_USER_NAME} + INFOBLOX_PASSWORD: ${INFOBLOX_PASSWORD} + INFOBLOX_SECRET: '/run/secrets/infoblox-pass' + ROOT_DOMAIN: ${ROOT_DOMAIN} + SSL_VERIFY: ${SSL_VERIFY} + USE_COOKIES: ${USE_COOKIES} + TTL: ${TTL} + labels: + io.rancher.container.create_agent: "true" + io.rancher.container.agent.role: "external-dns" +{{- if ne .Values.INFOBLOX_PASSWORD ""}} + command: -provider=infoblox +{{- else}} + entrypoint: + - bash + - -c + - 'INFOBLOX_PASSWORD=$$(cat $${INFOBLOX_SECRET}) /usr/bin/rancher-entrypoint.sh -provider=infoblox' + secrets: + - mode: '0444' + uid: '0' + gid: '0' + source: 'infoblox-pass' + target: '' +secrets: + infoblox-pass: + external: 'true' +{{- end}} diff --git a/infra-templates/infoblox/1/rancher-compose.yml b/infra-templates/infoblox/1/rancher-compose.yml index 809f055..6425436 100644 --- a/infra-templates/infoblox/1/rancher-compose.yml +++ b/infra-templates/infoblox/1/rancher-compose.yml @@ -19,7 +19,7 @@ label: "Infoblox password" description: "Infoblox password for your Infoblox service" type: "password" - required: true + required: false - variable: "SSL_VERIFY" label: "Ssl verify" description: "Infoblox Ssl verify for your Infoblox service" From 5941778004d98bce74c58bf84fe4ea2a2194d322 Mon Sep 17 00:00:00 2001 From: Ron Williams Date: Wed, 4 Apr 2018 21:14:57 -0600 Subject: [PATCH 13/20] Implement initial MailHog Support. --- templates/mailhog/0/docker-compose.yml | 12 ++++++++++++ templates/mailhog/0/rancher-compose.yml | 17 +++++++++++++++++ templates/mailhog/catalogIcon-mailhog.png | Bin 0 -> 2806 bytes templates/mailhog/config.yml | 4 ++++ 4 files changed, 33 insertions(+) create mode 100644 templates/mailhog/0/docker-compose.yml create mode 100644 templates/mailhog/0/rancher-compose.yml create mode 100644 templates/mailhog/catalogIcon-mailhog.png create mode 100644 templates/mailhog/config.yml diff --git a/templates/mailhog/0/docker-compose.yml b/templates/mailhog/0/docker-compose.yml new file mode 100644 index 0000000..36f29cc --- /dev/null +++ b/templates/mailhog/0/docker-compose.yml @@ -0,0 +1,12 @@ +version: '2' +services: + mailhog: + image: mailhog/mailhog + environment: + MH_UI_WEB_PATH: ${mh_ui_web_path} + MH_SMTP_BIND_ADDR: ${mh_smtp_bind_addr} + stdin_open: true + tty: true + user: root + labels: + io.rancher.container.pull_image: always diff --git a/templates/mailhog/0/rancher-compose.yml b/templates/mailhog/0/rancher-compose.yml new file mode 100644 index 0000000..eae53e6 --- /dev/null +++ b/templates/mailhog/0/rancher-compose.yml @@ -0,0 +1,17 @@ +.catalog: + name: MailHog + version: 0.0.1 + description: MailHog E-mail Capture Tools + questions: + - variable: mh_ui_web_path + label: Web UI Path + type: string + required: true + default: '' + description: Defines the URL path for viewing MailHog. + - variable: mh_smtp_bind_addr + label: SMTP Bind Address + type: string + required: true + default: 0.0.0.0:25 + description: Defines the IP/Port combination for the SMTP listener. diff --git a/templates/mailhog/catalogIcon-mailhog.png b/templates/mailhog/catalogIcon-mailhog.png new file mode 100644 index 0000000000000000000000000000000000000000..c846729fbbba52c9e64b2576945bc50dcdfd43fe GIT binary patch literal 2806 zcma)8`9IT-;~$Zuj5S9T*`f)_8*leyyoMDc*4rJ*8Jp#(oVlir99ym!G0XAJ5viOJ zDl|vTHF7magm;V%s*k_m`}qFwJbrlo^8Drbcv9@JmSUoEq971R3}Xe@ALxezYPZ~fstYQ>9 zS3WNHo&3}}0-c4EH4w)jRUxJg{Kw{}vjvob^4izmO~=wxts-exz~p~SPXU^Ptz4C* z-9%_So)51M8T!`R)4Bm4+kGbOx|yEI2rX8VH?BxLs%bqN^Sgn377?Ps7(#oh#xk-s z-sS8TU+E1lv;6uk>Q@8-93cEKKtdMgcAD8blOIwrbrC^iqyrV#s42148K0!3uI8dq zPN$BvBg*QSNXg8jl5SQ1LEy}FRm)C_u>loao#KB>G(kiJ!cH?OJ5SPv2>Ua@4XWA> zU}x4{xre!JXz`Hi^}ptTK}kmQz~$lpR&QrWpfH4RwVFk9oIDqm-NZD= zb>srlg~DIe<$D@OPpXA0GQ@LMy;|O5`4ILHc+ps*47{wM2K`tD*Y5Ol=HAj?5fvKF z1>g#yibc1$r8J?kqcZunAD0guSKHmywKRHZHb|k9S86@(&JHCM6+Ccii2hRvKHjk! zl=a?TNZmdc=6NC>JW1L5;Q%K;bO}56SHQ}x>~17S`Un)6j>C-$UhX%S_)u)QeE-gG z8-?0&*6;7jn*nLxtb!v@Q{ZG==#!`zbzPoA>Yv+sx8I^N24qoIuv3ynkvp^#&T?9$ zJ3{C(_eQTTYOWV@@Ep2b${|#L=Egu+6-~5sVS11mPM*X0Ea z^fLTjO;BgM0Q7EhPW1rPu!sV2=aMsIH<4Jmpi2H@F&go|> zMLDw7^Z~;iwUOOer)vuTLen0Jd`&?J%;i(LpXY-QRx61^n31?m3GR zLn@JG?C!xY!8|cp{Jtsl$FU8nN%r{}TGP!aHcX(ShC(0qL^lAQFJ3tC`*%*0{f*c} zf~@S05TEAQrSq3l$V9N&e1lHunP^C_)Tg91v;=r|dGyT^&?u3Vd^EzNTZwUQ^(eo$ zM-m(DzibAaUOi$aMKdt*?}Idu-?F6ySWYAz5oZ8Y@~p(nkg)B$Cga*Kvu7cX0(ypv zoVT9ZE~NjCtq29woXc6DSmNWv;n4c1&ALG%0o7*8WyLH5tc~OeOiZe^lyvtlDg0R7+|wF;Va#yCfAb(q+EQkwXiL=veo9R1vFPo> zTK=G>-j}EwipL21u6k}b2wbLEk(63&lb@E9@~%x?fzk0e&!*J%qwKZ;>&a8izso-u zQB$lU7sUB+46fu}X5!)ils(wWf zmX`nxAl>~skxKa4Lpo_NUKgP++8qIIIcD2~6grx2L(Br*m}53)52Wy8;y|6op5K+9a85WGx3?yr`Q=HJJKQ=BW3M zqVV7I9I{1BN?HL-HYQiQAR0nrbMKIqFE1kG_U{Xd!%&=C$P4pscMO!ZrD>bn%}kUZQX20e z!Z_VYQMm4sTk@KGcot(K31BG)`&-lK=H7SEoUD>{J^_j}gp33)!1Drw^r^c_a&kIi z;=Ur6WDkpDvy7c>+1+W}rAzga5w33p4xPkxP&lWbsQ3vA8Ff<^2t6efMPJBhI0Lcg z^CT1N-xo)waRUoA7ao?3o-yaT;7wpSQZq^0e=fIia&C zePK<1$a;h1glAnVMg&k{2q12-CK5C)B?DXG98(}IB6waKa=9BW*Pi+1#lxMUZ+3)7 zhcn3ew4cJk{7YG9(#Zctj^_e)e!AZ?lN%q_nP@`Rt2mlrwkv2c81}IJqZgf1BK8y` z`um*ywgFJrUOXF-c#d2#jL)G|47lXB#WzyVA%4nMCY@z8b&U(lSXjjj$_C+eFIcF0 zrBnSCMuW4TrP#8wU3-ajs@CD_t|xU7d^cj}0qlv?c91aSN?g<;rGX>mLWJ)<Y kLHHEm|CjAB`XizV+UO Date: Wed, 4 Apr 2018 21:18:35 -0600 Subject: [PATCH 14/20] Remove requirement for WebUI path. --- templates/mailhog/0/rancher-compose.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/templates/mailhog/0/rancher-compose.yml b/templates/mailhog/0/rancher-compose.yml index eae53e6..52e2d79 100644 --- a/templates/mailhog/0/rancher-compose.yml +++ b/templates/mailhog/0/rancher-compose.yml @@ -6,9 +6,7 @@ - variable: mh_ui_web_path label: Web UI Path type: string - required: true - default: '' - description: Defines the URL path for viewing MailHog. + description: Defines the URL path for viewing MailHog. Will use "/" if left blank. - variable: mh_smtp_bind_addr label: SMTP Bind Address type: string From 606a848e3bc464d34efa4b94d7495212a3be79da Mon Sep 17 00:00:00 2001 From: Ron Williams Date: Wed, 4 Apr 2018 21:25:16 -0600 Subject: [PATCH 15/20] Specify version for MailHog container image. --- templates/mailhog/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mailhog/0/docker-compose.yml b/templates/mailhog/0/docker-compose.yml index 36f29cc..807d04d 100644 --- a/templates/mailhog/0/docker-compose.yml +++ b/templates/mailhog/0/docker-compose.yml @@ -1,7 +1,7 @@ version: '2' services: mailhog: - image: mailhog/mailhog + image: mailhog/mailhog:v1.0.0 environment: MH_UI_WEB_PATH: ${mh_ui_web_path} MH_SMTP_BIND_ADDR: ${mh_smtp_bind_addr} From d130609e1cdfbe361ccc9ba323725698c3e0bbd7 Mon Sep 17 00:00:00 2001 From: Srinivas Surishetty Date: Thu, 5 Apr 2018 14:26:15 +0530 Subject: [PATCH 16/20] Update docker-compose.yml --- templates/avi/3/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/avi/3/docker-compose.yml b/templates/avi/3/docker-compose.yml index 00d0f0a..785d9aa 100644 --- a/templates/avi/3/docker-compose.yml +++ b/templates/avi/3/docker-compose.yml @@ -1,5 +1,5 @@ avi: - image: avinetworks/avi-rancher-controller:latest + image: avinetworks/avi-rancher-controller:2018-01-24T04-59-04.487263875Z expose: - 1000 environment: From a8b269231cd1a32a983931dc9017e49f9b4a69b6 Mon Sep 17 00:00:00 2001 From: Ben Yanke Date: Thu, 5 Apr 2018 11:12:20 -0500 Subject: [PATCH 17/20] Adding DNS TTL --- infra-templates/digitalocean-dns/3/README.md | 2 +- infra-templates/digitalocean-dns/3/docker-compose.yml | 2 +- infra-templates/digitalocean-dns/3/rancher-compose.yml | 7 +++++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/infra-templates/digitalocean-dns/3/README.md b/infra-templates/digitalocean-dns/3/README.md index 013559c..a3bd095 100644 --- a/infra-templates/digitalocean-dns/3/README.md +++ b/infra-templates/digitalocean-dns/3/README.md @@ -11,7 +11,7 @@ Rancher External DNS service powered by DigitalOcean #### Usage ##### DigitalOcean DNS record TTL -The DigitalOcean API currently does not support per-record TTL setting. You should configure the global TTL setting for the domain manually and set it to a low value (e.g. 60). +The DigitalOcean API currently supports per-record TTL setting (https://developers.digitalocean.com/documentation/v2/#create-a-new-domain-record), but it is not yet implemented in this tool. You should configure the global TTL setting for the domain manually and set it to a low value (e.g. 60). ##### Limitation when running the service on multiple Rancher servers diff --git a/infra-templates/digitalocean-dns/3/docker-compose.yml b/infra-templates/digitalocean-dns/3/docker-compose.yml index 1564ee2..7d85d09 100644 --- a/infra-templates/digitalocean-dns/3/docker-compose.yml +++ b/infra-templates/digitalocean-dns/3/docker-compose.yml @@ -7,7 +7,7 @@ digitalocean: DO_PAT: ${DO_PAT} ROOT_DOMAIN: ${ROOT_DOMAIN} NAME_TEMPLATE: ${NAME_TEMPLATE} - TTL: 300 + TTL: ${DNS_TTL} labels: io.rancher.container.create_agent: "true" io.rancher.container.agent.role: "external-dns" diff --git a/infra-templates/digitalocean-dns/3/rancher-compose.yml b/infra-templates/digitalocean-dns/3/rancher-compose.yml index 64d5f43..6b62bb5 100644 --- a/infra-templates/digitalocean-dns/3/rancher-compose.yml +++ b/infra-templates/digitalocean-dns/3/rancher-compose.yml @@ -15,6 +15,13 @@ description: "The domain name managed by DigitalOcean." type: "string" required: true + - variable: "DNS_TTL" + label: "TTL" + description: | + TTL used for new DNS records. + type: "string" + default: "300" + required: true - variable: "NAME_TEMPLATE" label: "DNS Name Template" description: | From 729ff392dddb341cb17fdb61b668e6114dd023e7 Mon Sep 17 00:00:00 2001 From: rawmind0 Date: Fri, 6 Apr 2018 12:18:32 +0200 Subject: [PATCH 18/20] Updated infoblox package --- infra-templates/infoblox/2/README.md | 57 ++++++++++++++ .../infoblox/2/docker-compose.yml.tpl | 32 ++++++++ .../infoblox/2/rancher-compose.yml | 77 +++++++++++++++++++ infra-templates/infoblox/config.yml | 2 +- 4 files changed, 167 insertions(+), 1 deletion(-) create mode 100644 infra-templates/infoblox/2/README.md create mode 100644 infra-templates/infoblox/2/docker-compose.yml.tpl create mode 100644 infra-templates/infoblox/2/rancher-compose.yml diff --git a/infra-templates/infoblox/2/README.md b/infra-templates/infoblox/2/README.md new file mode 100644 index 0000000..01da874 --- /dev/null +++ b/infra-templates/infoblox/2/README.md @@ -0,0 +1,57 @@ +## Infoblox DNS + +Rancher External DNS service powered by Infoblox DNS + +#### Usage + +##### Infloblox Password + +Infoblox password could be provided in 2 ways, depending what you set at `Infoblox password type` enum: + +- `env` by environment var. + + Infoblox password is provided at `Infoblox password | secret name` field. This generates an enviroment variable inside container, `INFOBLOX_PASSWORD`, that contains the password in CLEAR. + +- `secret` by rancher secret. + + Infoblox password is provided by a Rancher Secret to secure it. Secret name is provided at `Infoblox password | secret name` field. + + Previous steps are required to use rancher secrets: + 1. Deploy Rancher Secrets service from library catalog, before deploying this stack. + 2. Create a rancher secret with your infoblox password. From ui, `Infrastructure -> Secrets`. + 3. Deploy this stack, setting `Infoblox password type` enum to `secret` and setting `Infoblox password | secret name` field to previously created secret name. + +##### Supported host labels + +`io.rancher.host.external_dns_ip` +Override the IP address used in DNS records for containers running on the host. Defaults to the IP address the host is registered with in Rancher. + +`io.rancher.host.external_dns` +Accepts 'true' (default) or 'false' +When this is set to 'false' no DNS records will ever be created for containers running on this host. + +##### Supported service labels + +`io.rancher.service.external_dns` +Accepts 'always', 'never' or 'auto' (default) +- `always`: Always create DNS records for this service +- `never`: Never create DNS records for this service +- `auto`: Create DNS records for this service if it exposes ports on the host + +`io.rancher.service.external_dns_name_template` +Custom DNS name template that overrides global custom DNS name template (see below) of default DNS name template for a specific service + +##### Custom DNS name template + +By default DNS entries are named `...`. +You can specify a custom name template used to construct the subdomain part (left of the domain/zone name) of the DNS records. The following placeholders are supported: + +* `%{{service_name}}` +* `%{{stack_name}}` +* `%{{environment_name}}` + +**Example:** + +`%{{stack_name}}-%{{service_name}}.statictext` + +Make sure to only use characters in static text and separators that your provider allows in DNS names. \ No newline at end of file diff --git a/infra-templates/infoblox/2/docker-compose.yml.tpl b/infra-templates/infoblox/2/docker-compose.yml.tpl new file mode 100644 index 0000000..04bef3d --- /dev/null +++ b/infra-templates/infoblox/2/docker-compose.yml.tpl @@ -0,0 +1,32 @@ +version: '2' +services: + infoblox: + image: rancher/external-dns:v0.7.10 + command: -provider=infoblox {{if eq .Values.DEBUG_MODE "true" -}}-debug{{- end}} + expose: + - 1000 + labels: + io.rancher.container.create_agent: "true" + io.rancher.container.agent.role: "external-dns" + environment: + INFOBLOX_URL: ${INFOBLOX_URL} + INFOBLOX_USER_NAME: ${INFOBLOX_USER_NAME} + ROOT_DOMAIN: ${ROOT_DOMAIN} + SSL_VERIFY: ${SSL_VERIFY} + USE_COOKIES: ${USE_COOKIES} + TTL: ${TTL} +{{- if eq .Values.INFOBLOX_PASSWORD_TYPE "env"}} + INFOBLOX_PASSWORD: ${INFOBLOX_PASSWORD} +{{- else}} + INFOBLOX_PASSWORD: '' + INFOBLOX_SECRET: '/run/secrets/${INFOBLOX_PASSWORD}' + secrets: + - mode: '0444' + uid: '0' + gid: '0' + source: '${INFOBLOX_PASSWORD}' + target: '' +secrets: + {{- .Values.INFOBLOX_PASSWORD}}: + external: 'true' +{{- end}} diff --git a/infra-templates/infoblox/2/rancher-compose.yml b/infra-templates/infoblox/2/rancher-compose.yml new file mode 100644 index 0000000..baeb280 --- /dev/null +++ b/infra-templates/infoblox/2/rancher-compose.yml @@ -0,0 +1,77 @@ +# notemplating +.catalog: + name: "Infoblox DNS" + version: "v0.2.1" + description: "Rancher External DNS service powered by Infoblox" + minimum_rancher_version: v1.6.0 + questions: + - variable: "INFOBLOX_URL" + label: "Infoblox url" + description: "Infoblox url for your Infoblox service" + type: "string" + required: true + - variable: "INFOBLOX_USER_NAME" + label: "Infoblox user name" + description: "Infoblox user name for your Infoblox service" + type: "string" + required: true + - variable: "INFOBLOX_PASSWORD_TYPE" + label: "Infoblox password type" + description: "How infoblox password is provided by environment var or by rancher secret" + required: true + default: env + type: enum + options: + - env + - secret + - variable: "INFOBLOX_PASSWORD" + label: "Infoblox password | secret name" + description: "Infoblox password or secret name for your Infoblox service " + type: "string" + required: true + - variable: "ROOT_DOMAIN" + label: "Infoblox zone" + description: "The DNS zone name (root domain) managed by Infoblox. DNS entries will be created for ..." + type: "string" + required: true + - variable: "NAME_TEMPLATE" + label: "DNS Name Template" + description: | + Name template used to construct the subdomain part (left of the domain) of the DNS record names. + Supported placeholders: %{{service_name}}, %{{stack_name}}, %{{environment_name}}. + By default DNS entries will be named '...'. + type: "string" + default: "%{{service_name}}.%{{stack_name}}.%{{environment_name}}" + required: true + - variable: "TTL" + label: "TTL" + description: "The resource record cache time to live (TTL), in seconds" + type: "int" + default: 600 + min: 1 + max: 86400 + required: true + - variable: "DEBUG_MODE" + label: "Debug mode" + description: "Activate debug mode" + type: "boolean" + required: true + default: false + - variable: "SSL_VERIFY" + label: "Ssl verify" + description: "Infoblox Ssl verify for your Infoblox service" + type: "boolean" + required: true + - variable: "USE_COOKIES" + label: "Use cookies" + description: "Uses cookies if specified, re-creating the request and falling back to basic auth if a cookie is not present" + type: "boolean" + required: true +infoblox: + health_check: + port: 1000 + interval: 5000 + unhealthy_threshold: 3 + request_line: GET / HTTP/1.0 + healthy_threshold: 2 + response_timeout: 2000 diff --git a/infra-templates/infoblox/config.yml b/infra-templates/infoblox/config.yml index 835d88d..aa154fa 100644 --- a/infra-templates/infoblox/config.yml +++ b/infra-templates/infoblox/config.yml @@ -1,7 +1,7 @@ name: Infoblox DNS description: | Rancher External DNS service powered by Infoblox -version: v0.2.0 +version: v0.2.1 category: External DNS labels: io.rancher.orchestration.supported: 'cattle,mesos,swarm,kubernetes' From 05019d8f31f0d7a6fc6d26c8d675cd782515e38b Mon Sep 17 00:00:00 2001 From: Ron Williams Date: Fri, 6 Apr 2018 08:28:45 -0600 Subject: [PATCH 19/20] Add README for use until a public port available for conditional exposure. --- templates/mailhog/0/README.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 templates/mailhog/0/README.md diff --git a/templates/mailhog/0/README.md b/templates/mailhog/0/README.md new file mode 100644 index 0000000..8e00b33 --- /dev/null +++ b/templates/mailhog/0/README.md @@ -0,0 +1 @@ +The mailhog catalog configuration provides SMTP access on the internal network by default. External SMTP access can be exposed through a TCP Rancher load balancer routing to internal port 25. The Mailhog UI can be exposed through an HTTP(S) Rancher Load Balancer routing to internal port 8025. From 1c8a18dfddbef4e6a9305920ec7f435280106975 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Monnot=20St=C3=A9phane?= Date: Sat, 7 Apr 2018 09:30:47 +0200 Subject: [PATCH 20/20] Add OVH provider for external DNS --- infra-templates/ovh-dns/0/README.md | 44 +++++++++++ infra-templates/ovh-dns/0/docker-compose.yml | 16 ++++ infra-templates/ovh-dns/0/rancher-compose.yml | 50 +++++++++++++ .../ovh-dns/catalogIcon-ovh-dns.svg | 73 +++++++++++++++++++ infra-templates/ovh-dns/config.yml | 7 ++ 5 files changed, 190 insertions(+) create mode 100644 infra-templates/ovh-dns/0/README.md create mode 100644 infra-templates/ovh-dns/0/docker-compose.yml create mode 100644 infra-templates/ovh-dns/0/rancher-compose.yml create mode 100644 infra-templates/ovh-dns/catalogIcon-ovh-dns.svg create mode 100644 infra-templates/ovh-dns/config.yml diff --git a/infra-templates/ovh-dns/0/README.md b/infra-templates/ovh-dns/0/README.md new file mode 100644 index 0000000..abc9734 --- /dev/null +++ b/infra-templates/ovh-dns/0/README.md @@ -0,0 +1,44 @@ +## OVH DNS + +Rancher External DNS service powered by OVH + +#### Usage + +##### Limitation when running the service on multiple Rancher servers + +When running multiple instances of the External DNS service configured to use the same domain name, then only one of them can run in the "Default" environment of a Rancher server instance. + +##### Supported host labels + +`io.rancher.host.external_dns_ip` +Override the IP address used in DNS records for containers running on the host. Defaults to the IP address the host is registered with in Rancher. + +`io.rancher.host.external_dns` +Accepts 'true' (default) or 'false' +When this is set to 'false' no DNS records will ever be created for containers running on this host. + +##### Supported service labels + +`io.rancher.service.external_dns` +Accepts 'always', 'never' or 'auto' (default) +- `always`: Always create DNS records for this service +- `never`: Never create DNS records for this service +- `auto`: Create DNS records for this service if it exposes ports on the host + +`io.rancher.service.external_dns_name_template` +Custom DNS name template that overrides global custom DNS name template (see below) of default DNS name template for a specific service + +##### Custom DNS name template + +By default DNS entries are named `...`. +You can specify a custom name template used to construct the subdomain part (left of the domain/zone name) of the DNS records. The following placeholders are supported: + +* `%{{service_name}}` +* `%{{stack_name}}` +* `%{{environment_name}}` + +**Example:** + +`%{{stack_name}}-%{{service_name}}.statictext` + +Make sure to only use characters in static text and separators that your provider allows in DNS names. diff --git a/infra-templates/ovh-dns/0/docker-compose.yml b/infra-templates/ovh-dns/0/docker-compose.yml new file mode 100644 index 0000000..7d27d73 --- /dev/null +++ b/infra-templates/ovh-dns/0/docker-compose.yml @@ -0,0 +1,16 @@ +ovh: + image: rancher/external-dns:v0.7.10 + command: -provider=ovh + expose: + - 1000 + environment: + OVH_ENDPOINT: ${OVH_ENDPOINT} + OVH_APPLICATION_KEY: ${OVH_APPLICATION_KEY} + OVH_APPLICATION_SECRET: ${OVH_APPLICATION_SECRET} + OVH_CONSUMER_KEY: ${OVH_CONSUMER_KEY} + ROOT_DOMAIN: ${ROOT_DOMAIN} + NAME_TEMPLATE: ${NAME_TEMPLATE} + TTL: 300 + labels: + io.rancher.container.create_agent: "true" + io.rancher.container.agent.role: "external-dns" diff --git a/infra-templates/ovh-dns/0/rancher-compose.yml b/infra-templates/ovh-dns/0/rancher-compose.yml new file mode 100644 index 0000000..a77f313 --- /dev/null +++ b/infra-templates/ovh-dns/0/rancher-compose.yml @@ -0,0 +1,50 @@ +# notemplating +.catalog: + name: "OVH DNS" + version: "v0.1.0" + description: "Rancher External DNS service powered by OVH" + minimum_rancher_version: v1.6.0-rc1 + questions: + - variable: "OVH_ENDPOINT" + label: "OVH Endpoint" + description: "Enter your endpoint" + type: "string" + required: true + - variable: "OVH_APPLICATION_KEY" + label: "OVH Application Key" + description: "Enter your application key" + type: "string" + required: true + - variable: "OVH_APPLICATION_SECRET" + label: "OVH Application Secret" + description: "Enter your application secret" + type: "string" + required: true + - variable: "OVH_CONSUMER_KEY" + label: "OVH Consumer Key" + description: "Enter your consumer key" + type: "string" + required: true + - variable: "ROOT_DOMAIN" + label: "Domain Name" + description: "The domain name managed by OVH." + type: "string" + required: true + - variable: "NAME_TEMPLATE" + label: "DNS Name Template" + description: | + Name template used to construct the subdomain part (left of the domain) of the DNS record names. + Supported placeholders: %{{service_name}}, %{{stack_name}}, %{{environment_name}}. + By default DNS entries will be named '...'. + type: "string" + default: "%{{service_name}}.%{{stack_name}}.%{{environment_name}}" + required: false + +ovh: + health_check: + port: 1000 + interval: 5000 + unhealthy_threshold: 3 + request_line: GET / HTTP/1.0 + healthy_threshold: 2 + response_timeout: 2000 diff --git a/infra-templates/ovh-dns/catalogIcon-ovh-dns.svg b/infra-templates/ovh-dns/catalogIcon-ovh-dns.svg new file mode 100644 index 0000000..ec6fca6 --- /dev/null +++ b/infra-templates/ovh-dns/catalogIcon-ovh-dns.svg @@ -0,0 +1,73 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + diff --git a/infra-templates/ovh-dns/config.yml b/infra-templates/ovh-dns/config.yml new file mode 100644 index 0000000..3e13a83 --- /dev/null +++ b/infra-templates/ovh-dns/config.yml @@ -0,0 +1,7 @@ +name: OVH DNS +description: | + Rancher External DNS service powered by OVH +version: v0.1.0 +category: External DNS +labels: + io.rancher.orchestration.supported: 'cattle,mesos,swarm,kubernetes'