From a2eabe02826003525bac566763c1c11ed6598a1c Mon Sep 17 00:00:00 2001 From: Raul Sanchez Date: Mon, 19 Feb 2018 12:33:51 +0100 Subject: [PATCH 1/3] Updated traefik to v1.5.2 --- templates/traefik/19/README.md | 104 +++++++++ templates/traefik/19/docker-compose.yml.tpl | 124 +++++++++++ templates/traefik/19/rancher-compose.yml | 234 ++++++++++++++++++++ templates/traefik/config.yml | 2 +- 4 files changed, 463 insertions(+), 1 deletion(-) create mode 100644 templates/traefik/19/README.md create mode 100644 templates/traefik/19/docker-compose.yml.tpl create mode 100644 templates/traefik/19/rancher-compose.yml diff --git a/templates/traefik/19/README.md b/templates/traefik/19/README.md new file mode 100644 index 0000000..0af0f65 --- /dev/null +++ b/templates/traefik/19/README.md @@ -0,0 +1,104 @@ +# Traefik active load balancer + +### Info: + + This template deploys traefik active load balancers on top of Rancher. The configuration is generated and updated with confd from Rancher metadata. + It would be deployed in hosts with label traefik_lb=true. + +### Config: + +- rancher_integration = "metadata" # Rancher integration method. +- rancher_healthcheck = false # Enable/Disable traefik rancher services healthcheck filter. Only valid for api and metadata integration. +- usage_enable = false # Enable/disable send Traefik [anonymous usage collection](https://docs.traefik.io/basics/#collected-data) +- constraints = "" # Traefik constraints for rancher provider. Only valid for api and metadata integration. +- host_label = "traefik_lb=true" # Host label where to run traefik service. +- http_port = 8080 # Port exposed to get access to the published services. +- https_port = 8443 # Port exposed to get secured access to the published services. +- admin_port = 8000 # Port exposed to get admin access to the traefik service. +- admin_ssl = false # Enable/Disable ssl on api, rest, ping and webui using `ssl_key` and `ssl_crt` +- https_enable = + - false: Enable http enpoints and disable https ones. + - true: Enable http and https endpoints. + - only: Enable https endpoints and redirect http to https. +- https_min_tls = "" # See the [traefik documentation](https://docs.traefik.io/configuration/entrypoints/#specify-minimum-tls-version) for allowed values. +- acme_enable = false # Enable/Disable acme traefik support. [acme](https://docs.traefik.io/configuration/acme/) +- acme_email = "test@traefik.io" # acme user email +- acme_challenge = http # acme challenge parameter. WIP to support dns. +- acme_onhostrule = true # acme onHostRule parameter. +- acme_caserver = "https://acme-v01.api.letsencrypt.org/directory" # acme caServer parameter. +- acme_vol_name = "traefik_acme_vol" # Volume name to user by acme sidekick +- acme_vol_driver = "local" # Volume driver to user by acme sidekick +- ssl_key # Paste your ssl key. *Required if you enable https +- ssl_crt # Paste your ssl crt. *Required if you enable https +- insecure_skip = false # Enable InsecureSkipVerify param. +- compress_enable = true # Enable traefik compression +- refresh_interval = 10s # Interval to refresh traefik rules.toml from rancher-metadata. +- admin_readonly = false # Set REST API to read-only mode. +- admin_statistics = 10 # Enable more detailed statistics, extend recent errors number. +- admin_auth_method = "basic" # Selec auth method, basic or digest. +- admin_users = "" # Paste basic or digest users created with htdigest, one user per line. +- metrics_enable="false" # Enable/disable traefik [metrics](https://docs.traefik.io/configuration/metrics/) +- metrics_exporter="" # Metrics exporter prometheus | datadog | statsd | influxdb +- metrics_push="10" # Metrics exporter push interval (s). datadog | statsd | influxdb +- metrics_address="" # Metrics exporter address. datadog | statsd | influxdb +- metrics_prometheus_buckets="[0.1,0.3,1.2,5.0]" # Metrics buckets for prometheus + +### Service configuration labels: + +Traefik labels has to be added to your services, in order to get included in traefik config. + +## Metadata or api + +Please use traefik defined labels if you choose metadata or api rancher integration. + +[Traefik rancher backend labels][traefik rancher backend] + +Metadata is the prefered and recommended rancher integration. + +## External + +Use this labels if you choose extenal rancher integration. + +- traefik.enable = < true | stack | false > #Controls if you want to publish or not the service + - true: the service will be published as *service_name.stack_name.traefik_domain* + - stack: the service will be published as *stack_name.domain*. WARNING: You can have collisions inside services within your stack + - false: the service will not be published +- traefik.priority = # Override for frontend priority. Default `5` +- traefik.protocol = < http | https > # Override the default protocol `http` +- traefik.sticky = < true | false > # Enable/disable sticky sessions to the backend. Default `false` +- traefik.backend.loadbalancer.method = < drr | wrr > # Override default lb algorithm `drr` +- traefik.backend.circuitbreaker.expression = < expression > # Override default backend circuitbreaker expression `NetworkErrorRatio() > 0.5` +- traefik.frontend.passHostHeader = < true | false > # Forward client Host header to the backend. Default `true` +- traefik.weight = < weight > # Override default backend weight `5` +- traefik.alias = < alias > # Alternate names to route rule. Multiple values separated by ",". traefik.domain is appended. WARNING: You could have collisions BE CAREFULL +- traefik.alias.fqdn = < alias fqdn > # Alternate names to route rule. Multiple values separated by ",". traefik.domain must be defined but is not appended here. +- traefik.domain = < domain.name > # Domain names to route rules. Multiple domains separated by "," +- traefik.domain.regexp = < domain.regexp > # Domain name regexp rule. Multiple domains separated by "," +- traefik.port = # port to expose throught traefik. Default `80` +- traefik.acme = < true | false > # Enable/disable ACME traefik feature. Default `false` +- traefik.path = < path > # Path rule. Multiple values separated by "," +- traefik.path.strip = < path > # Path strip rule. Multiple values separated by "," +- traefik.path.prefix = < path > # Path prefix rule. Multiple values separated by "," +- traefik.path.prefix.strip = < path > # Path prefix strip rule. Multiple values separated by "," +- traefik.ratelimit.enable = < true | false > # Enable/disabe rate-limiting based on client ip. Default `false` +- traefik.ratelimit.period = < n > # Replace n with desired amount of seconds in which traefik is checking the limits "average" and "burst". Default `10` +- traefik.ratelimit.average = < n > # Change to desired average allowed requests by client ip. Default `100` +- traefik.ratelimit.burst = < n > # State what limit the client ip is allowed to burst up to respectively. Default `200` + +WARNING: Only services with healthy state are added to traefik, so health checks are mandatory. + +More info [rancher-traefik](https://github.com/rawmind0/rancher-traefik) + +### Usage: + + Select Traefik from catalog. + + Set the params. + + Click deploy. + + Access your traefik admin service at $admin_port to see your published services. + +Note: To access the services, you need to create A or CNAMES dns entries for every one. + +[traefik rancher backend]: https://docs.traefik.io/configuration/backends/rancher/#labels-overriding-default-behaviour diff --git a/templates/traefik/19/docker-compose.yml.tpl b/templates/traefik/19/docker-compose.yml.tpl new file mode 100644 index 0000000..2cf902a --- /dev/null +++ b/templates/traefik/19/docker-compose.yml.tpl @@ -0,0 +1,124 @@ +version: '2' +services: + traefik: + ports: + - ${admin_port}:8000/tcp + - ${http_port}:${http_port}/tcp + {{- if ne .Values.https_enable "false"}} + - ${https_port}:${https_port}/tcp + {{- end}} + labels: + io.rancher.scheduler.global: 'true' + io.rancher.scheduler.affinity:host_label: ${host_label} + io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + {{- if eq .Values.rancher_integration "api"}} + io.rancher.container.agent.role: environment + io.rancher.container.create_agent: 'true' + {{- end}} + {{- if or (eq .Values.rancher_integration "external") (eq .Values.acme_enable "true")}} + io.rancher.sidekicks: + {{- if eq .Values.rancher_integration "external"}} traefik-conf + {{- if eq .Values.acme_enable "true" -}},{{- end -}} + {{- end -}} + {{- if eq .Values.acme_enable "true" -}} + {{- if ne .Values.rancher_integration "external"}} traefik-acme + {{- else -}}traefik-acme + {{- end -}} + {{- end -}} + {{- end}} + io.rancher.container.hostname_override: container_name + image: rawmind/alpine-traefik:1.5.2-0 + environment: + - TRAEFIK_HTTP_PORT=${http_port} + - TRAEFIK_HTTP_COMPRESSION=${compress_enable} + - TRAEFIK_HTTPS_PORT=${https_port} + - TRAEFIK_HTTPS_ENABLE=${https_enable} + - TRAEFIK_HTTPS_COMPRESSION=${compress_enable} + - TRAEFIK_USAGE_ENABLE=${usage_enable} + {{- if ne .Values.https_min_tls ""}} + - TRAEFIK_HTTPS_MIN_TLS=${https_min_tls} + {{- end}} + {{- if ne .Values.ssl_key ""}} + - TRAEFIK_SSL_KEY=${ssl_key} + {{- end}} + {{- if ne .Values.ssl_crt ""}} + - TRAEFIK_SSL_CRT=${ssl_crt} + {{- end}} + - TRAEFIK_INSECURE_SKIP=${insecure_skip} + - TRAEFIK_ADMIN_ENABLE=true + - TRAEFIK_ADMIN_SSL=${admin_ssl} + - TRAEFIK_ADMIN_STATISTICS=${admin_statistics} + - TRAEFIK_ADMIN_AUTH_METHOD=${admin_auth_method} + - TRAEFIK_ADMIN_AUTH_USERS=${admin_users} + {{- if eq .Values.acme_enable "true"}} + - TRAEFIK_ACME_ENABLE=${acme_enable} + - TRAEFIK_ACME_EMAIL=${acme_email} + - TRAEFIK_ACME_CHALLENGE=${acme_challenge} + - TRAEFIK_ACME_CHALLENGE_HTTP_ENTRYPOINT=http + - TRAEFIK_ACME_ONHOSTRULE=${acme_onhostrule} + - TRAEFIK_ACME_CASERVER=${acme_caserver} + {{- end}} + {{- if ne .Values.rancher_integration "external"}} + - TRAEFIK_RANCHER_ENABLE=true + - TRAEFIK_FILE_ENABLE=false + - TRAEFIK_CONSTRAINTS=${constraints} + - TRAEFIK_RANCHER_HEALTHCHECK=${rancher_healthcheck} + - TRAEFIK_RANCHER_MODE=${rancher_integration} + {{- else}} + - TRAEFIK_FILE_ENABLE=true + {{- end}} + {{- if eq .Values.metrics_enable "true"}} + - TRAEFIK_METRICS_ENABLE=${metrics_enable} + - TRAEFIK_METRICS_EXPORTER=${metrics_exporter} + - TRAEFIK_METRICS_PUSH=${metrics_push} + - TRAEFIK_METRICS_ADDRESS=${metrics_address} + - TRAEFIK_METRICS_PROMETHEUS_BUCKETS=${metrics_prometheus_buckets} + {{- end}} + {{- if or (eq .Values.rancher_integration "external") (eq .Values.acme_enable "true")}} + volumes_from: + {{- if eq .Values.rancher_integration "external"}} + - traefik-conf + {{- end}} + {{- if eq .Values.acme_enable "true"}} + - traefik-acme + {{- end}} + {{- end}} + {{- if eq .Values.rancher_integration "external"}} + traefik-conf: + labels: + io.rancher.scheduler.global: 'true' + io.rancher.scheduler.affinity:host_label: ${host_label} + io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.container.start_once: 'true' + image: rawmind/rancher-traefik:1.5.0-0 + network_mode: none + volumes: + - tools-volume:/opt/tools + {{- end}} + {{- if eq .Values.acme_enable "true"}} + traefik-acme: + network_mode: none + labels: + io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.container.hostname_override: container_name + io.rancher.container.start_once: true + environment: + - SERVICE_UID=10001 + - SERVICE_GID=10001 + - SERVICE_VOLUME=/opt/traefik/acme + volumes: + - ${acme_vol_name}:/opt/traefik/acme + image: rawmind/alpine-volume:0.0.2-1 + {{- end}} +{{- if or (eq .Values.rancher_integration "external") (eq .Values.acme_enable "true")}} +volumes: + {{- if eq .Values.rancher_integration "external"}} + tools-volume: + driver: local + per_container: true + {{- end}} + {{- if eq .Values.acme_enable "true"}} + ${acme_vol_name}: + driver: ${acme_vol_driver} + {{- end}} +{{- end}} diff --git a/templates/traefik/19/rancher-compose.yml b/templates/traefik/19/rancher-compose.yml new file mode 100644 index 0000000..939058f --- /dev/null +++ b/templates/traefik/19/rancher-compose.yml @@ -0,0 +1,234 @@ +version: '2' +catalog: + name: traefik + version: v1.5.2-rancher1 + description: | + Traefik load balancer. + minimum_rancher_version: v0.59.0 + maintainer: "Raul Sanchez " + uuid: traefik-0 + questions: + - variable: "rancher_integration" + label: "Choose rancher integration:" + description: | + Enable rancher integration mode. Traefik built in integration, metadata or api, or external sidekick integration with confd. + default: metadata + required: true + type: enum + options: + - metadata + - api + - external + - variable: "rancher_healthcheck" + description: | + Enable/disable rancher services healtcheck filter. If enable, just healthy services will be published. + Only valid for api and metadata integration. + label: "Rancher healthcheck filter:" + required: true + default: false + type: "boolean" + - variable: "usage_enable" + description: | + Enable/disable send anonymous usage collection to Traefik. See https://docs.traefik.io/basics/#collected-data + label: "Traefik send anonymous usage:" + required: true + default: false + type: "boolean" + - variable: "constraints" + description: | + Traefik constraints for rancher provider. Eg: "tag==api" + Only valid for api and metadata integration. + label: "Traefik constraints:" + required: false + default: "" + type: "string" + - variable: "host_label" + description: "Host label where to run traefik service." + label: "Host label:" + required: true + default: "traefik_lb=true" + type: "string" + - variable: "http_port" + description: "Traefik http public port to listen." + label: "Http port:" + required: true + default: 8080 + type: "int" + - variable: "https_port" + description: "Traefik https public port to listen." + label: "Https port:" + required: true + default: 8443 + type: "int" + - variable: "admin_port" + description: "Traefik admin public port to listen for api, rest, ping and webui." + label: "Admin port:" + required: true + default: 8000 + type: "int" + - variable: "admin_ssl" + description: "Enable ssl for api, rest, ping and webui." + label: "Admin ssl:" + required: true + default: false + type: "boolean" + - variable: "https_enable" + label: "Https enable:" + description: | + Enable https working mode. If you activate, you need to fill SSL key and SSL crt in order to work. + default: false + required: true + type: enum + options: + - false + - true + - only + - variable: "https_min_tls" + description: | + Minimal allowed tls version to accept connections from. + See the traefik documentation for allowed values. Default is `VersionTLS12`. + label: "Https min tls:" + required: false + default: "" + type: "string" + - variable: "acme_enable" + description: "Enable acme support on traefik." + label: "ACME enable:" + required: true + default: false + type: "boolean" + - variable: "acme_email" + description: "ACME user email." + label: "ACME email:" + required: true + default: "test@traefik.io" + type: "string" + - variable: "acme_challenge" + description: "ACME challenge." + label: "ACME challenge:" + required: true + default: http + type: enum + options: # List of options if using type of `enum` + - http + - variable: "acme_onhostrule" + description: "Enable acme onHostRule." + label: "ACME onHostRule:" + required: true + default: true + type: "boolean" + - variable: "acme_caserver" + description: "ACME caServer to use." + label: "ACME caServer:" + required: true + default: "https://acme-v01.api.letsencrypt.org/directory" + type: "string" + - variable: "acme_vol_name" + description: "The volume name shared to store ACME certs" + label: "ACME Volume Name" + required: true + default: "traefik_acme_vol" + type: "string" + - variable: "acme_vol_driver" + description: "The volume driver shared to store ACME certs" + label: "ACME Volume Driver" + required: true + default: "local" + type: enum + options: # List of options if using type of `enum` + - local + - rancher-nfs + - rancher-efs + - rancher-ebs + - variable: "ssl_key" + description: "SSL key to secure the service. *Required if you enable https or admin ssl" + label: "Https key" + type: "multiline" + required: false + default: "" + - variable: "ssl_crt" + description: "SSL cert to secure the service. *Required if you enable https or admin ssl" + label: "Https crt" + type: "multiline" + required: false + default: "" + - variable: "insecure_skip" + description: "Enable InsecureSkipVerify param." + label: "InsecureSkipVerify:" + required: true + default: false + type: "boolean" + - variable: "compress_enable" + label: "Enable compression:" + description: | + Enable Traefik compression for entrypoints. + default: true + required: true + type: "boolean" + - variable: "admin_statistics" + description: "Enable more detailed statistics." + label: "Admin statistics history:" + required: true + default: 10 + type: "int" + - variable: "admin_auth_method" + description: "Admin auth method on api, rest and webui." + label: "Admin auth method:" + required: true + default: "basic" + type: enum + options: # List of options if using type of `enum` + - basic + - digest + - variable: "admin_users" + description: "Admin auth user list on api, rest and webui. Generate with htpassword for basic or htdigest with traefik realm for digest." + label: "Admin users:" + type: "multiline" + required: false + default: "" + - variable: "metrics_enable" + description: "Enable traefik metrics." + label: "Metrics enable" + default: false + required: true + type: "boolean" + - variable: "metrics_exporter" + description: "Traefik metrics exporter." + label: "Metrics exporter:" + required: false + default: + type: enum + options: # List of options if using type of `enum` + - prometheus + - datadog + - statsd + - influxdb + - variable: "metrics_push" + description: "Traefik metrics exporter push interval. Apply on datadog, statsd and influxdb." + label: "Metrics push interval (s):" + required: false + default: 10 + type: "int" + - variable: "metrics_address" + description: "Traefik metrics exporter address to push. Apply on datadog, statsd and influxdb." + label: "Metrics address:" + required: false + default: "" + type: "string" + - variable: "metrics_prometheus_buckets" + description: "Traefik metrics buckets for prometheus." + label: "Metrics prometheus buckets" + default: "[0.1,0.3,1.2,5.0]" + required: false + type: "string" +services: + traefik: + retain_ip: true + health_check: + healthy_threshold: 2 + response_timeout: 5000 + port: 8000 + unhealthy_threshold: 3 + interval: 5000 + strategy: recreate + diff --git a/templates/traefik/config.yml b/templates/traefik/config.yml index b893891..ab159e7 100644 --- a/templates/traefik/config.yml +++ b/templates/traefik/config.yml @@ -1,7 +1,7 @@ name: Traefik description: | Traefik active load balancer -version: v1.5.1-rancher1 +version: v1.5.2-rancher1 category: Load Balancing maintainer: "Raul Sanchez " minimum_rancher_version: v0.59.0 From bf6c4bda125285d64b9a40622c0868b403a6b481 Mon Sep 17 00:00:00 2001 From: Matthias Schneider Date: Wed, 21 Feb 2018 17:23:47 +0100 Subject: [PATCH 2/3] update to version 2018-02-09_1 --- templates/minio/4/README.md | 49 ++++++++++ templates/minio/4/docker-compose.yml.tpl | 71 ++++++++++++++ templates/minio/4/rancher-compose.yml | 118 +++++++++++++++++++++++ templates/minio/config.yml | 2 +- 4 files changed, 239 insertions(+), 1 deletion(-) create mode 100644 templates/minio/4/README.md create mode 100644 templates/minio/4/docker-compose.yml.tpl create mode 100644 templates/minio/4/rancher-compose.yml diff --git a/templates/minio/4/README.md b/templates/minio/4/README.md new file mode 100644 index 0000000..7891062 --- /dev/null +++ b/templates/minio/4/README.md @@ -0,0 +1,49 @@ +# Minio.io + +### Info: + +This template creates, scale in and scale out a multinodes minio cluster on top of Rancher. The configuration is generated with confd from Rancher metadata. +Cluster size is static after deployement. It's mean that you should redeploy the stack if you should change the size of your cluster (minio.io limitation). + + +### Usage: + +Select Minio Cloud Storage from catalog. + +Enter the number of nodes for your minio cluster and set the key and secret to connect in minio. + +Click deploy. + +Minio can now be accessed over the Rancher network on port `9000` (http://IP_CONTAINER:9000). To access from external Rancher network, you need to set load balancer or expose the port 9000. + +### Disks / nodes + +You can set many disks per nodes (max of 4). If you use local disk (no extra Docker driver), you need to mount them on the same `base path` and indicate this name on `Volume Driver / Path` section. +Moreover, you need to use the same disk name with a number as suffix (from 0 to 4) and report this on `Disk base name` section. + +For example, if you should to use 4 disks per nodes: +- Number of disks per node: 4 +- Volume driver / Path: /data/minio +- Disk base name: disk + +And you have to mount the following partition: +- /data/minio/disk0 +- /data/minio/disk1 +- /data/minio/disk2 +- /data/minio/disk3 +- + +To more info about nodes and disks, you can read the [official documentation](https://github.com/minio/minio/tree/master/docs/distributed) + + + +### Advance info +1. This template create first the container called `rancher-cattle-metadata`. It embedded confd, with some scripts to get many settings from Cattle scheduler and expose them through the volume. +2. Then, the template create `minio` container. It will launch the scripts provided from `rancher-cattle-metadata` container with `volumes_from`. it will create /opt/scheduler/conf/scheduler.cfg file with some usefull infos about container, service, stack and host. Next, it will source `/opt/scheduler/conf/scheduler.cfg` and launch confd scripts to configure minio. + +### Source, bugs and enhances + + If you found bugs or need enhance, you can open ticket on github: + - [Minio official core project](https://github.com/minio/minio) + - [Minio docker image](https://github.com/mschneider82/alpine-minio) + - [Rancher Cattle metadata docker image](https://github.com/disaster37/rancher-cattle-metadata) diff --git a/templates/minio/4/docker-compose.yml.tpl b/templates/minio/4/docker-compose.yml.tpl new file mode 100644 index 0000000..d83df75 --- /dev/null +++ b/templates/minio/4/docker-compose.yml.tpl @@ -0,0 +1,71 @@ +version: '2' +services: + minio-server: + tty: true + image: mschneider82/alpine-minio:2018-02-09_1 + volumes: + - minio-scheduler-setting:/opt/scheduler + {{- if eq (printf "%.1s" .Values.VOLUME_DRIVER) "/" }} + {{- range $idx, $e := atoi .Values.MINIO_DISKS | until }} + - ${VOLUME_DRIVER}/${DISK_BASE_NAME}{{$idx}}:/data/disk{{$idx}} + {{- end}} + {{- else}} + {{- range $idx, $e := atoi .Values.MINIO_DISKS | until }} + - minio-data-{{$idx}}:/data/disk{{$idx}} + {{- end}} + {{- end}} + environment: + - MINIO_CONFIG_accesskey=${MINIO_ACCESS_KEY} + - MINIO_CONFIG_secretkey=${MINIO_SECRET_KEY} + - TLS_FQDN=${TLS_FQDN} + - CONFD_BACKEND=${CONFD_BACKEND} + - CONFD_NODES=${CONFD_NODES} + - CONFD_PREFIX_KEY=${CONFD_PREFIX} + {{- range $idx, $e := atoi .Values.MINIO_DISKS | until }} + - MINIO_DISKS_{{$idx}}=disk{{$idx}} + {{- end}} + {{- if (ne .Values.DEPLOY_LB "true") and .Values.PUBLISH_PORT}} + ports: + - ${PUBLISH_PORT}:9000 + {{- end}} + labels: + io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.container.hostname_override: container_name + io.rancher.sidekicks: rancher-cattle-metadata + rancher-cattle-metadata: + network_mode: none + labels: + io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.container.hostname_override: container_name + io.rancher.container.start_once: "true" + image: webcenter/rancher-cattle-metadata:1.0.1 + volumes: + - minio-scheduler-setting:/opt/scheduler + {{- if eq .Values.DEPLOY_LB "true"}} + lb: + image: rancher/lb-service-haproxy:v0.7.20 + {{- if .Values.PUBLISH_PORT}} + ports: + - ${PUBLISH_PORT}:9000/tcp + {{- else}} + expose: + - 9000:9000/tcp + {{- end}} + links: + - minio-server:minio-server + labels: + io.rancher.container.agent.role: environmentAdmin + io.rancher.container.create_agent: 'true' + {{- end}} + +volumes: + minio-scheduler-setting: + driver: local + per_container: true + {{- if ne (printf "%.1s" .Values.VOLUME_DRIVER) "/" }} + {{- range $idx, $e := atoi .Values.MINIO_DISKS | until }} + minio-data-{{$idx}}: + per_container: true + driver: ${VOLUME_DRIVER} + {{- end}} + {{- end}} diff --git a/templates/minio/4/rancher-compose.yml b/templates/minio/4/rancher-compose.yml new file mode 100644 index 0000000..be42c70 --- /dev/null +++ b/templates/minio/4/rancher-compose.yml @@ -0,0 +1,118 @@ +version: '2' +catalog: + name: Minio + version: 2018-02-09_1 + questions: + - variable: "MINIO_SCALE" + description: "Number of minio nodes." + label: "Minio Nodes" + required: true + default: 1 + type: enum + options: + - 1 + - 4 + - 6 + - 8 + - 10 + - 12 + - 14 + - 16 + - variable: "MINIO_DISKS" + description: "Number of disks per node" + label: "Disks Per Node" + required: true + type: enum + default: 1 + options: + - 1 + - 2 + - 4 + - variable: "DISK_BASE_NAME" + description: "The base name for each disk" + label: "Disk base name" + type: "string" + required: true + default: "disk" + - variable: "VOLUME_DRIVER" + description: "Docker driver to store volume or base path for each disks" + label: "Volume drver / Path" + type: "string" + required: true + default: "local" + - variable: "MINIO_ACCESS_KEY" + description: "The key to connect on minio" + label: "Minio key" + required: true + type: "string" + - variable: "MINIO_SECRET_KEY" + description: "The secret key to connect on minio" + label: "Minio secret key" + required: true + type: "password" + - variable: "DEPLOY_LB" + description: "Deploy Loadbalancer" + label: "Deploy Loadbalancer" + required: true + type: enum + default: "true" + options: + - "true" + - "false" + - variable: "PUBLISH_PORT" + description: "Set port if you want publish external port for minio or Loadbalancer" + label: "Publish port" + required: false + type: "string" + default: "9000" + - variable: "TLS_FQDN" + description: "Set a FQDN if you want to use https instead of http. A selfsinged cert will be generated." + label: "TLS FQDN" + required: false + type: "string" + - variable: "CONFD_BACKEND" + description: "The confd backend to grab config" + label: "Confd backend" + required: true + default: "env" + type: "string" + - variable: "CONFD_NODES" + description: "The confd nodes" + label: "Confd nodes" + required: false + type: "string" + - variable: "CONFD_PREFIX" + description: "The confd prefix" + label: "Confd prefix" + required: true + default: "/minio" + type: "string" + +services: + minio-server: + scale: ${MINIO_SCALE} + retain_ip: true + health_check: + port: 9000 + interval: 5000 + unhealthy_threshold: 3 + request_line: '' + healthy_threshold: 2 + response_timeout: 5000 + lb: + scale: 1 + start_on_create: true + lb_config: + certs: [] + port_rules: + - priority: 1 + protocol: http + service: minio-server + source_port: 9000 + target_port: 9000 + health_check: + response_timeout: 2000 + healthy_threshold: 2 + port: 42 + unhealthy_threshold: 3 + interval: 2000 diff --git a/templates/minio/config.yml b/templates/minio/config.yml index 441d993..f68d264 100644 --- a/templates/minio/config.yml +++ b/templates/minio/config.yml @@ -1,7 +1,7 @@ name: Minio Cloud Storage description: | Store photos, videos, VMs, containers, log files, or any blob of data as objects. -version: 2018-01-02_1 +version: 2018-02-09_1 category: Storage maintainer: "Matthias Schneider " license: Apache License From fde452c86958c675ec73d827fdaf63583b619547 Mon Sep 17 00:00:00 2001 From: Jason-ZW Date: Tue, 27 Feb 2018 21:02:50 +0800 Subject: [PATCH 3/3] Catalog for CoreDNS cattle orchestration. --- templates/coredns/0/README.md | 108 ++++++++++++++++++++++ templates/coredns/0/docker-compose.yml | 45 +++++++++ templates/coredns/0/rancher-compose.yml | 92 ++++++++++++++++++ templates/coredns/catalogIcon-coredns.svg | 1 + templates/coredns/config.yml | 7 ++ 5 files changed, 253 insertions(+) create mode 100644 templates/coredns/0/README.md create mode 100644 templates/coredns/0/docker-compose.yml create mode 100644 templates/coredns/0/rancher-compose.yml create mode 100644 templates/coredns/catalogIcon-coredns.svg create mode 100644 templates/coredns/config.yml diff --git a/templates/coredns/0/README.md b/templates/coredns/0/README.md new file mode 100644 index 0000000..7a15183 --- /dev/null +++ b/templates/coredns/0/README.md @@ -0,0 +1,108 @@ +## CoreDNS + +CoreDNS (written in Go) chains [plugins](https://coredns.io/plugins). Each plugin performs a DNS +function. + +CoreDNS is a [Cloud Native Computing Foundation](https://cncf.io) incubating level project. + +CoreDNS is a fast and flexible DNS server. The keyword here is *flexible*: with CoreDNS you +are able to do what you want with your DNS data by utilizing plugins. If some functionality is not +provided out of the box you can add it by [writing a plugin](https://coredns.io/explugins). + + +And more. Each of the plugins is documented. See [coredns.io/plugins](https://coredns.io/plugins) +for all in-tree plugins, and [coredns.io/explugins](https://coredns.io/explugins) for all +out-of-tree plugins. + +## Dockerfile +The Dockerfile source is under below: +[https://github.com/Jason-ZW/Dockerfile/tree/master/coredns](https://github.com/Jason-ZW/Dockerfile/tree/master/coredns) + +## Parameters + +- Publish port: Port to publish coredns service. (eg. 53) +- DNS zone names: you can put multiple zone names.(eg. rancher.io,rancher.io,172.in-addr.arpa) +- Etcd root path: etcd root path which is used to save records. (eg. /skydns) +- Etcd endpoints: etcd service endpoints,this catalog don't include etcd service,please use external etcd service. (eg. http://localhost:2379, endpoints2, ...) +- UpStream for dns: upstream configuration for dns server. (eg. /etc/resolv.conf) +- Forward addresses: the address which to be forwarded DNS query. (eg. 8.8.8.8:53,8.8.4.4:53) +- Prometheus plugin support: whether to enable prometheus plugin. +- Errors plugin support: whether to enable errors plugin. +- Log plugin support: whether to enable log plugin. +- Proxy plugin support: whether to enable proxy plugin. +- Cache plugin support: whether to enable cache plugin. +- Loadbalance plugin support: whether to enable loadbalance plugin. + +More detail for CoreDNS plugin +[https://coredns.io/plugins](https://coredns.io/plugins) + +## Guide + +Serve for DNS `A/AAAA` Records: + +> Put DNS A record to etcd server. + +``` +curl -XPUT http://{ETCD_ENDPOINT}:2379/v2/keys/skydns/io/rancher/busybox -d value='{"host":"172.16.80.175","port":8080}' +``` + +> Set `nameserver` to `/etc/resolv.conf`. +``` +nameserver {DNS_SERVER_ADDRESS} +search rancher.io +``` + +> Query DNS use dns tools(eg. `dig` or `nslookup`) +``` +nslookup busybox.rancher.io + +#output: +Server: xxx.xxx.xxx.xxx +Address: xxx.xxx.xxx.xxx#53 + +Name: busybox.rancher.io +Address: 172.16.80.175 +``` + +Serve for DNS `PTR` Records: +> Modify the DNS zone names section on Catalog template. + +``` +# DNS zone names section on Catalog template. +rancher.io,172.in-addr.arpa +``` + +> Put DNS PTR record to etcd server. +``` +curl -XPUT http://{ETCD_ENDPOINT}:2379/v2/keys/skydns/arpa/in-addr/172/16/80/175 -d value='{"host":"busybox.rancher.io"}' +``` + +> Set `nameserver` to `/etc/resolv.conf`. +``` +nameserver {DNS_SERVER_ADDRESS} +search rancher.io +``` + +> Query DNS use dns tools(eg. `dig` or `nslookup`) +``` +dig @localhost -x 172.16.80.175 +short + +#output: +busybox.rancher.io. +``` + +## Community + +We're most active on Slack (and Github): + +- Slack: #coredns on +- Github: + +More resources can be found: + +- Website: +- Blog: +- Twitter: [@corednsio](https://twitter.com/corednsio) +- Mailing list/group: + +**Notice: For kubernetes, please use helm coredns's chart.** \ No newline at end of file diff --git a/templates/coredns/0/docker-compose.yml b/templates/coredns/0/docker-compose.yml new file mode 100644 index 0000000..f218f4c --- /dev/null +++ b/templates/coredns/0/docker-compose.yml @@ -0,0 +1,45 @@ +version: '2' +services: + coredns: + image: coredns/coredns:1.0.1 + labels: + io.rancher.sidekicks: data + io.rancher.container.hostname_override: container_name + command: [ "-conf", "/etc/coredns/Corefile" ] + ports: + - ${PUBLISH_PORT}:${PUBLISH_PORT}/tcp + - ${PUBLISH_PORT}:${PUBLISH_PORT}/udp + volumes_from: + - data + data: + image: zhenyangzhao/coredns-file:v0.8.0 + labels: + io.rancher.container.start_once: 'true' + io.rancher.container.pull_image: always + network_mode: none + entrypoint: + - confd + - -backend + - env + - -onetime + environment: + PLUGIN_ZONES: ${ZONES} + PLUGIN_ROOT_PATH: ${ROOT_PATH} + PLUGIN_ETCD_ENDPOINTS: ${ETCD_ENDPOINTS} + PLUGIN_UPSTREAM: ${UPSTREAM} + PLUGIN_PROM: ${PLUGIN_PROM} + PLUGIN_ERRORS: ${PLUGIN_ERRORS} + PLUGIN_LOG: ${PLUGIN_LOG} + PLUGIN_HEALTH: true + PLUGIN_PROXY: ${PLUGIN_PROXY} + PLUGIN_CACHE: ${PLUGIN_CACHE} + PLUGIN_LOADBALANCE: ${PLUGIN_LOADBALANCE} + PLUGIN_FORWARDS: ${FORWARDS} + PUBLISH_PORT: ${PUBLISH_PORT} + volumes: + - coredns_data:/etc/coredns +volumes: + coredns_data: + driver: local + per_container: true + diff --git a/templates/coredns/0/rancher-compose.yml b/templates/coredns/0/rancher-compose.yml new file mode 100644 index 0000000..6c484b2 --- /dev/null +++ b/templates/coredns/0/rancher-compose.yml @@ -0,0 +1,92 @@ +version: '2' +catalog: + name: "CoreDNS" + version: "1.0.1" + minimum_rancher_version: v1.6.14 + description: "CoreDNS is a DNS server that chains plugins and provides such DNS Services like Etcd & Kubernetes. For kubernetes, please use helm coredns's chart." + questions: + - variable: "PUBLISH_PORT" + description: "Port to publish coredns service." + label: "Publish port" + required: true + default: "53" + type: "int" + - variable: "ZONES" + label: "DNS zone names" + description: "The name of an existing zone in which to create the records." + type: "string" + default: "rancher.io" + required: true + - variable: "ROOT_PATH" + label: "Etcd root path" + description: "Etcd root path which is used to save records." + default: "/skydns" + type: "string" + required: true + - variable: "ETCD_ENDPOINTS" + label: "Etcd endpoints" + description: "Etcd service endpoints which support multiple parameters separated by comma." + type: "string" + default: "" + required: true + - variable: "UPSTREAM" + label: "Upstream for dns" + description: "The DNS server upstream." + type: "string" + default: "/etc/resolv.conf" + required: false + - variable: "FORWARDS" + label: "Forward addresses" + description: "The address which to be forwarded DNS query." + type: "string" + default: "8.8.8.8:53,8.8.4.4:53" + - variable: "PLUGIN_PROM" + label: "Prometheus plugin support" + description: "Whether to enable prometheus plugin." + type: "boolean" + default: true + required: true + - variable: "PLUGIN_ERRORS" + label: "Errors plugin support" + description: "Whether to enable errors plugin." + type: "boolean" + default: true + required: true + - variable: "PLUGIN_LOG" + label: "Log plugin support" + description: "Whether to enable log plugin." + type: "boolean" + default: true + required: true + - variable: "PLUGIN_PROXY" + label: "Proxy plugin support" + description: "Whether to enable proxy plugin." + type: "boolean" + default: true + required: true + - variable: "PLUGIN_CACHE" + label: "Cache plugin support" + description: "Whether to enable cache plugin." + type: "boolean" + default: true + required: true + - variable: "PLUGIN_LOADBALANCE" + label: "Loadbalance plugin support" + description: "Whether to enable loadbalance plugin." + type: "boolean" + default: true + required: true +services: + coredns: + scale: 1 + health_check: + response_timeout: 4000 + healthy_threshold: 2 + port: 8080 + unhealthy_threshold: 3 + initializing_timeout: 60000 + interval: 2000 + strategy: recreate + request_line: GET "/health" "HTTP/1.0" + reinitializing_timeout: 60000 + diff --git a/templates/coredns/catalogIcon-coredns.svg b/templates/coredns/catalogIcon-coredns.svg new file mode 100644 index 0000000..a5bac8f --- /dev/null +++ b/templates/coredns/catalogIcon-coredns.svg @@ -0,0 +1 @@ +CoreDNS_Colour_Icon \ No newline at end of file diff --git a/templates/coredns/config.yml b/templates/coredns/config.yml new file mode 100644 index 0000000..cae9015 --- /dev/null +++ b/templates/coredns/config.yml @@ -0,0 +1,7 @@ +name: Core DNS +description: | + CoreDNS is a DNS server that chains plugins and provides such DNS Services like Etcd & Kubernetes.For kubernetes, please use helm coredns's chart. +version: 1.0.1 +category: External DNS +labels: + io.rancher.orchestration.supported: 'cattle' \ No newline at end of file