diff --git a/infra-templates/digitalocean-dns/3/README.md b/infra-templates/digitalocean-dns/3/README.md index 013559c..a3bd095 100644 --- a/infra-templates/digitalocean-dns/3/README.md +++ b/infra-templates/digitalocean-dns/3/README.md @@ -11,7 +11,7 @@ Rancher External DNS service powered by DigitalOcean #### Usage ##### DigitalOcean DNS record TTL -The DigitalOcean API currently does not support per-record TTL setting. You should configure the global TTL setting for the domain manually and set it to a low value (e.g. 60). +The DigitalOcean API currently supports per-record TTL setting (https://developers.digitalocean.com/documentation/v2/#create-a-new-domain-record), but it is not yet implemented in this tool. You should configure the global TTL setting for the domain manually and set it to a low value (e.g. 60). ##### Limitation when running the service on multiple Rancher servers diff --git a/infra-templates/digitalocean-dns/3/docker-compose.yml b/infra-templates/digitalocean-dns/3/docker-compose.yml index 1564ee2..7d85d09 100644 --- a/infra-templates/digitalocean-dns/3/docker-compose.yml +++ b/infra-templates/digitalocean-dns/3/docker-compose.yml @@ -7,7 +7,7 @@ digitalocean: DO_PAT: ${DO_PAT} ROOT_DOMAIN: ${ROOT_DOMAIN} NAME_TEMPLATE: ${NAME_TEMPLATE} - TTL: 300 + TTL: ${DNS_TTL} labels: io.rancher.container.create_agent: "true" io.rancher.container.agent.role: "external-dns" diff --git a/infra-templates/digitalocean-dns/3/rancher-compose.yml b/infra-templates/digitalocean-dns/3/rancher-compose.yml index 64d5f43..6b62bb5 100644 --- a/infra-templates/digitalocean-dns/3/rancher-compose.yml +++ b/infra-templates/digitalocean-dns/3/rancher-compose.yml @@ -15,6 +15,13 @@ description: "The domain name managed by DigitalOcean." type: "string" required: true + - variable: "DNS_TTL" + label: "TTL" + description: | + TTL used for new DNS records. + type: "string" + default: "300" + required: true - variable: "NAME_TEMPLATE" label: "DNS Name Template" description: | diff --git a/infra-templates/infoblox/1/README.md b/infra-templates/infoblox/1/README.md index 3f3636b..e012c6e 100644 --- a/infra-templates/infoblox/1/README.md +++ b/infra-templates/infoblox/1/README.md @@ -4,6 +4,13 @@ Rancher External DNS service powered by Infoblox DNS #### Usage +##### Using Rancher Secrets for infloblox Password + +Optionally, you can use the Rancher Secrets to pass infloblox password instead of using environment variable. +1. Run the Rancher Secrets service before deploying this provider stack. +2. Create a secret named "infoblox-pass". +3. Deploy this stack, emptying `Infoblox password` field. + ##### Supported host labels `io.rancher.host.external_dns_ip` diff --git a/infra-templates/infoblox/1/docker-compose.yml b/infra-templates/infoblox/1/docker-compose.yml deleted file mode 100644 index 9208a36..0000000 --- a/infra-templates/infoblox/1/docker-compose.yml +++ /dev/null @@ -1,16 +0,0 @@ -infoblox: - image: rancher/external-dns:v0.7.8 - command: -provider=infoblox - expose: - - 1000 - environment: - INFOBLOX_URL: ${INFOBLOX_URL} - INFOBLOX_USER_NAME: ${INFOBLOX_USER_NAME} - INFOBLOX_PASSWORD: ${INFOBLOX_PASSWORD} - ROOT_DOMAIN: ${ROOT_DOMAIN} - SSL_VERIFY: ${SSL_VERIFY} - USE_COOKIES: ${USE_COOKIES} - TTL: ${TTL} - labels: - io.rancher.container.create_agent: "true" - io.rancher.container.agent.role: "external-dns" diff --git a/infra-templates/infoblox/1/docker-compose.yml.tpl b/infra-templates/infoblox/1/docker-compose.yml.tpl new file mode 100644 index 0000000..817104e --- /dev/null +++ b/infra-templates/infoblox/1/docker-compose.yml.tpl @@ -0,0 +1,35 @@ +version: '2' +services: + infoblox: + image: rancher/external-dns:v0.7.8 + expose: + - 1000 + environment: + INFOBLOX_URL: ${INFOBLOX_URL} + INFOBLOX_USER_NAME: ${INFOBLOX_USER_NAME} + INFOBLOX_PASSWORD: ${INFOBLOX_PASSWORD} + INFOBLOX_SECRET: '/run/secrets/infoblox-pass' + ROOT_DOMAIN: ${ROOT_DOMAIN} + SSL_VERIFY: ${SSL_VERIFY} + USE_COOKIES: ${USE_COOKIES} + TTL: ${TTL} + labels: + io.rancher.container.create_agent: "true" + io.rancher.container.agent.role: "external-dns" +{{- if ne .Values.INFOBLOX_PASSWORD ""}} + command: -provider=infoblox +{{- else}} + entrypoint: + - bash + - -c + - 'INFOBLOX_PASSWORD=$$(cat $${INFOBLOX_SECRET}) /usr/bin/rancher-entrypoint.sh -provider=infoblox' + secrets: + - mode: '0444' + uid: '0' + gid: '0' + source: 'infoblox-pass' + target: '' +secrets: + infoblox-pass: + external: 'true' +{{- end}} diff --git a/infra-templates/infoblox/1/rancher-compose.yml b/infra-templates/infoblox/1/rancher-compose.yml index 809f055..6425436 100644 --- a/infra-templates/infoblox/1/rancher-compose.yml +++ b/infra-templates/infoblox/1/rancher-compose.yml @@ -19,7 +19,7 @@ label: "Infoblox password" description: "Infoblox password for your Infoblox service" type: "password" - required: true + required: false - variable: "SSL_VERIFY" label: "Ssl verify" description: "Infoblox Ssl verify for your Infoblox service" diff --git a/infra-templates/infoblox/2/README.md b/infra-templates/infoblox/2/README.md new file mode 100644 index 0000000..01da874 --- /dev/null +++ b/infra-templates/infoblox/2/README.md @@ -0,0 +1,57 @@ +## Infoblox DNS + +Rancher External DNS service powered by Infoblox DNS + +#### Usage + +##### Infloblox Password + +Infoblox password could be provided in 2 ways, depending what you set at `Infoblox password type` enum: + +- `env` by environment var. + + Infoblox password is provided at `Infoblox password | secret name` field. This generates an enviroment variable inside container, `INFOBLOX_PASSWORD`, that contains the password in CLEAR. + +- `secret` by rancher secret. + + Infoblox password is provided by a Rancher Secret to secure it. Secret name is provided at `Infoblox password | secret name` field. + + Previous steps are required to use rancher secrets: + 1. Deploy Rancher Secrets service from library catalog, before deploying this stack. + 2. Create a rancher secret with your infoblox password. From ui, `Infrastructure -> Secrets`. + 3. Deploy this stack, setting `Infoblox password type` enum to `secret` and setting `Infoblox password | secret name` field to previously created secret name. + +##### Supported host labels + +`io.rancher.host.external_dns_ip` +Override the IP address used in DNS records for containers running on the host. Defaults to the IP address the host is registered with in Rancher. + +`io.rancher.host.external_dns` +Accepts 'true' (default) or 'false' +When this is set to 'false' no DNS records will ever be created for containers running on this host. + +##### Supported service labels + +`io.rancher.service.external_dns` +Accepts 'always', 'never' or 'auto' (default) +- `always`: Always create DNS records for this service +- `never`: Never create DNS records for this service +- `auto`: Create DNS records for this service if it exposes ports on the host + +`io.rancher.service.external_dns_name_template` +Custom DNS name template that overrides global custom DNS name template (see below) of default DNS name template for a specific service + +##### Custom DNS name template + +By default DNS entries are named `...`. +You can specify a custom name template used to construct the subdomain part (left of the domain/zone name) of the DNS records. The following placeholders are supported: + +* `%{{service_name}}` +* `%{{stack_name}}` +* `%{{environment_name}}` + +**Example:** + +`%{{stack_name}}-%{{service_name}}.statictext` + +Make sure to only use characters in static text and separators that your provider allows in DNS names. \ No newline at end of file diff --git a/infra-templates/infoblox/2/docker-compose.yml.tpl b/infra-templates/infoblox/2/docker-compose.yml.tpl new file mode 100644 index 0000000..04bef3d --- /dev/null +++ b/infra-templates/infoblox/2/docker-compose.yml.tpl @@ -0,0 +1,32 @@ +version: '2' +services: + infoblox: + image: rancher/external-dns:v0.7.10 + command: -provider=infoblox {{if eq .Values.DEBUG_MODE "true" -}}-debug{{- end}} + expose: + - 1000 + labels: + io.rancher.container.create_agent: "true" + io.rancher.container.agent.role: "external-dns" + environment: + INFOBLOX_URL: ${INFOBLOX_URL} + INFOBLOX_USER_NAME: ${INFOBLOX_USER_NAME} + ROOT_DOMAIN: ${ROOT_DOMAIN} + SSL_VERIFY: ${SSL_VERIFY} + USE_COOKIES: ${USE_COOKIES} + TTL: ${TTL} +{{- if eq .Values.INFOBLOX_PASSWORD_TYPE "env"}} + INFOBLOX_PASSWORD: ${INFOBLOX_PASSWORD} +{{- else}} + INFOBLOX_PASSWORD: '' + INFOBLOX_SECRET: '/run/secrets/${INFOBLOX_PASSWORD}' + secrets: + - mode: '0444' + uid: '0' + gid: '0' + source: '${INFOBLOX_PASSWORD}' + target: '' +secrets: + {{- .Values.INFOBLOX_PASSWORD}}: + external: 'true' +{{- end}} diff --git a/infra-templates/infoblox/2/rancher-compose.yml b/infra-templates/infoblox/2/rancher-compose.yml new file mode 100644 index 0000000..baeb280 --- /dev/null +++ b/infra-templates/infoblox/2/rancher-compose.yml @@ -0,0 +1,77 @@ +# notemplating +.catalog: + name: "Infoblox DNS" + version: "v0.2.1" + description: "Rancher External DNS service powered by Infoblox" + minimum_rancher_version: v1.6.0 + questions: + - variable: "INFOBLOX_URL" + label: "Infoblox url" + description: "Infoblox url for your Infoblox service" + type: "string" + required: true + - variable: "INFOBLOX_USER_NAME" + label: "Infoblox user name" + description: "Infoblox user name for your Infoblox service" + type: "string" + required: true + - variable: "INFOBLOX_PASSWORD_TYPE" + label: "Infoblox password type" + description: "How infoblox password is provided by environment var or by rancher secret" + required: true + default: env + type: enum + options: + - env + - secret + - variable: "INFOBLOX_PASSWORD" + label: "Infoblox password | secret name" + description: "Infoblox password or secret name for your Infoblox service " + type: "string" + required: true + - variable: "ROOT_DOMAIN" + label: "Infoblox zone" + description: "The DNS zone name (root domain) managed by Infoblox. DNS entries will be created for ..." + type: "string" + required: true + - variable: "NAME_TEMPLATE" + label: "DNS Name Template" + description: | + Name template used to construct the subdomain part (left of the domain) of the DNS record names. + Supported placeholders: %{{service_name}}, %{{stack_name}}, %{{environment_name}}. + By default DNS entries will be named '...'. + type: "string" + default: "%{{service_name}}.%{{stack_name}}.%{{environment_name}}" + required: true + - variable: "TTL" + label: "TTL" + description: "The resource record cache time to live (TTL), in seconds" + type: "int" + default: 600 + min: 1 + max: 86400 + required: true + - variable: "DEBUG_MODE" + label: "Debug mode" + description: "Activate debug mode" + type: "boolean" + required: true + default: false + - variable: "SSL_VERIFY" + label: "Ssl verify" + description: "Infoblox Ssl verify for your Infoblox service" + type: "boolean" + required: true + - variable: "USE_COOKIES" + label: "Use cookies" + description: "Uses cookies if specified, re-creating the request and falling back to basic auth if a cookie is not present" + type: "boolean" + required: true +infoblox: + health_check: + port: 1000 + interval: 5000 + unhealthy_threshold: 3 + request_line: GET / HTTP/1.0 + healthy_threshold: 2 + response_timeout: 2000 diff --git a/infra-templates/infoblox/config.yml b/infra-templates/infoblox/config.yml index 835d88d..aa154fa 100644 --- a/infra-templates/infoblox/config.yml +++ b/infra-templates/infoblox/config.yml @@ -1,7 +1,7 @@ name: Infoblox DNS description: | Rancher External DNS service powered by Infoblox -version: v0.2.0 +version: v0.2.1 category: External DNS labels: io.rancher.orchestration.supported: 'cattle,mesos,swarm,kubernetes' diff --git a/infra-templates/ovh-dns/0/README.md b/infra-templates/ovh-dns/0/README.md new file mode 100644 index 0000000..abc9734 --- /dev/null +++ b/infra-templates/ovh-dns/0/README.md @@ -0,0 +1,44 @@ +## OVH DNS + +Rancher External DNS service powered by OVH + +#### Usage + +##### Limitation when running the service on multiple Rancher servers + +When running multiple instances of the External DNS service configured to use the same domain name, then only one of them can run in the "Default" environment of a Rancher server instance. + +##### Supported host labels + +`io.rancher.host.external_dns_ip` +Override the IP address used in DNS records for containers running on the host. Defaults to the IP address the host is registered with in Rancher. + +`io.rancher.host.external_dns` +Accepts 'true' (default) or 'false' +When this is set to 'false' no DNS records will ever be created for containers running on this host. + +##### Supported service labels + +`io.rancher.service.external_dns` +Accepts 'always', 'never' or 'auto' (default) +- `always`: Always create DNS records for this service +- `never`: Never create DNS records for this service +- `auto`: Create DNS records for this service if it exposes ports on the host + +`io.rancher.service.external_dns_name_template` +Custom DNS name template that overrides global custom DNS name template (see below) of default DNS name template for a specific service + +##### Custom DNS name template + +By default DNS entries are named `...`. +You can specify a custom name template used to construct the subdomain part (left of the domain/zone name) of the DNS records. The following placeholders are supported: + +* `%{{service_name}}` +* `%{{stack_name}}` +* `%{{environment_name}}` + +**Example:** + +`%{{stack_name}}-%{{service_name}}.statictext` + +Make sure to only use characters in static text and separators that your provider allows in DNS names. diff --git a/infra-templates/ovh-dns/0/docker-compose.yml b/infra-templates/ovh-dns/0/docker-compose.yml new file mode 100644 index 0000000..7d27d73 --- /dev/null +++ b/infra-templates/ovh-dns/0/docker-compose.yml @@ -0,0 +1,16 @@ +ovh: + image: rancher/external-dns:v0.7.10 + command: -provider=ovh + expose: + - 1000 + environment: + OVH_ENDPOINT: ${OVH_ENDPOINT} + OVH_APPLICATION_KEY: ${OVH_APPLICATION_KEY} + OVH_APPLICATION_SECRET: ${OVH_APPLICATION_SECRET} + OVH_CONSUMER_KEY: ${OVH_CONSUMER_KEY} + ROOT_DOMAIN: ${ROOT_DOMAIN} + NAME_TEMPLATE: ${NAME_TEMPLATE} + TTL: 300 + labels: + io.rancher.container.create_agent: "true" + io.rancher.container.agent.role: "external-dns" diff --git a/infra-templates/ovh-dns/0/rancher-compose.yml b/infra-templates/ovh-dns/0/rancher-compose.yml new file mode 100644 index 0000000..a77f313 --- /dev/null +++ b/infra-templates/ovh-dns/0/rancher-compose.yml @@ -0,0 +1,50 @@ +# notemplating +.catalog: + name: "OVH DNS" + version: "v0.1.0" + description: "Rancher External DNS service powered by OVH" + minimum_rancher_version: v1.6.0-rc1 + questions: + - variable: "OVH_ENDPOINT" + label: "OVH Endpoint" + description: "Enter your endpoint" + type: "string" + required: true + - variable: "OVH_APPLICATION_KEY" + label: "OVH Application Key" + description: "Enter your application key" + type: "string" + required: true + - variable: "OVH_APPLICATION_SECRET" + label: "OVH Application Secret" + description: "Enter your application secret" + type: "string" + required: true + - variable: "OVH_CONSUMER_KEY" + label: "OVH Consumer Key" + description: "Enter your consumer key" + type: "string" + required: true + - variable: "ROOT_DOMAIN" + label: "Domain Name" + description: "The domain name managed by OVH." + type: "string" + required: true + - variable: "NAME_TEMPLATE" + label: "DNS Name Template" + description: | + Name template used to construct the subdomain part (left of the domain) of the DNS record names. + Supported placeholders: %{{service_name}}, %{{stack_name}}, %{{environment_name}}. + By default DNS entries will be named '...'. + type: "string" + default: "%{{service_name}}.%{{stack_name}}.%{{environment_name}}" + required: false + +ovh: + health_check: + port: 1000 + interval: 5000 + unhealthy_threshold: 3 + request_line: GET / HTTP/1.0 + healthy_threshold: 2 + response_timeout: 2000 diff --git a/infra-templates/ovh-dns/catalogIcon-ovh-dns.svg b/infra-templates/ovh-dns/catalogIcon-ovh-dns.svg new file mode 100644 index 0000000..ec6fca6 --- /dev/null +++ b/infra-templates/ovh-dns/catalogIcon-ovh-dns.svg @@ -0,0 +1,73 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + diff --git a/infra-templates/ovh-dns/config.yml b/infra-templates/ovh-dns/config.yml new file mode 100644 index 0000000..3e13a83 --- /dev/null +++ b/infra-templates/ovh-dns/config.yml @@ -0,0 +1,7 @@ +name: OVH DNS +description: | + Rancher External DNS service powered by OVH +version: v0.1.0 +category: External DNS +labels: + io.rancher.orchestration.supported: 'cattle,mesos,swarm,kubernetes' diff --git a/machine-templates/hetzner/1/checksum b/machine-templates/hetzner/1/checksum new file mode 100644 index 0000000..49d39d8 --- /dev/null +++ b/machine-templates/hetzner/1/checksum @@ -0,0 +1 @@ +1b1c6e0ce8669ae76e7ea9fd7c8de32d \ No newline at end of file diff --git a/machine-templates/hetzner/1/rancher-compose.yml b/machine-templates/hetzner/1/rancher-compose.yml new file mode 100644 index 0000000..4672a77 --- /dev/null +++ b/machine-templates/hetzner/1/rancher-compose.yml @@ -0,0 +1,3 @@ +.catalog: + name: hetzner + version: "1.0.1" diff --git a/machine-templates/hetzner/1/uiUrl b/machine-templates/hetzner/1/uiUrl new file mode 100644 index 0000000..6711be7 --- /dev/null +++ b/machine-templates/hetzner/1/uiUrl @@ -0,0 +1 @@ +https://storage.googleapis.com/hcloud-rancher-v1-ui-driver/component.js \ No newline at end of file diff --git a/machine-templates/hetzner/1/url b/machine-templates/hetzner/1/url new file mode 100644 index 0000000..6a52f3d --- /dev/null +++ b/machine-templates/hetzner/1/url @@ -0,0 +1 @@ +https://github.com/JonasProgrammer/docker-machine-driver-hetzner/releases/download/1.1.0/docker-machine-driver-hetzner_1.1.0_linux_amd64.tar.gz \ No newline at end of file diff --git a/machine-templates/hetzner/catalogIcon-hetzner.svg b/machine-templates/hetzner/catalogIcon-hetzner.svg index c261689..0af1e50 100644 --- a/machine-templates/hetzner/catalogIcon-hetzner.svg +++ b/machine-templates/hetzner/catalogIcon-hetzner.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/machine-templates/hetzner/config.yml b/machine-templates/hetzner/config.yml index e860529..2dd6ac8 100644 --- a/machine-templates/hetzner/config.yml +++ b/machine-templates/hetzner/config.yml @@ -1,2 +1,2 @@ name: hetzner -version: "1.0.0" +version: "1.0.1" diff --git a/templates/avi/3/README.md b/templates/avi/3/README.md new file mode 100644 index 0000000..5f11ed2 --- /dev/null +++ b/templates/avi/3/README.md @@ -0,0 +1,29 @@ +Avi Vantage Platform Load Balancer Provider +======== + +## About Avi Vantage Platform +The [Avi Vantage Platform](https://avinetworks.com/software-load-balancer-for-any-cloud/) is built on software-defined architectural principles to create a centrally managed pool of distributed load balancers to deliver application services close to the applications. + +## About this provider +This provider load balances Rancher services using Avi Vantage Platform Load Balancer. It uses REST API to update the Avi controller which enables the Avi Service Engines to load balance the Rancher Services. + +## Usage + +1. Deploy the stack for this provider from Rancher Community Catalog. + While deploying, you need to give the username, password, + Avi Controller IP address, Avi Controller Port, the Cloud name + where Virtual Services and Pools are created. +2. Create services in Rancher with public host port mapping and corresponding + Virtual services are created in Avi. All CRUD operations on services get + reflected in Avi Controller and Service Engine. +3. You can scale out/in the service and the changes will get reflected on + Avi Controller and Service Engine. + +### Using Rancher Secrets for Avi Password + +Optionally, you can use the Rancher Secrets to pass the Avi controller +password instead of using environment variable. +1. Run the Rancher Secrets service before deploying this provider stack. +2. Create a secret named "avi-creds". +3. While deploying the Avi provider stack, use the "avi-creds" secret + for Avi Provider service. diff --git a/templates/avi/3/docker-compose.yml b/templates/avi/3/docker-compose.yml new file mode 100644 index 0000000..785d9aa --- /dev/null +++ b/templates/avi/3/docker-compose.yml @@ -0,0 +1,13 @@ +avi: + image: avinetworks/avi-rancher-controller:2018-01-24T04-59-04.487263875Z + expose: + - 1000 + environment: + AVI_USER: ${AVI_USER} + AVI_PASSWORD: ${AVI_PASSWORD} + AVI_CONTROLLER_ADDR: ${AVI_CONTROLLER_ADDR} + AVI_CONTROLLER_PORT: ${AVI_CONTROLLER_PORT} + AVI_SSL_VERIFY: ${AVI_SSL_VERIFY} + AVI_CLOUD_NAME: ${AVI_CLOUD_NAME} + AVI_DNS_SUBDOMAIN: ${AVI_DNS_SUBDOMAIN} + AVI_TENANT: ${AVI_TENANT} diff --git a/templates/avi/3/rancher-compose.yml b/templates/avi/3/rancher-compose.yml new file mode 100644 index 0000000..e08fb73 --- /dev/null +++ b/templates/avi/3/rancher-compose.yml @@ -0,0 +1,57 @@ +.catalog: + name: Avi Vantange Platform Load Balancer + version: "v2-Avi" + description: "External LB service powered by Avi Vantage Platform" + minimum_rancher_version: v1.1.0 + questions: + - variable: "AVI_USER" + label: "Avi account username" + description: "User name for your account on Avi Controller" + type: "string" + required: true + - variable: "AVI_PASSWORD" + label: "Avi user account password" + description: "Password for your account on Avi Controller" + type: "password" + required: false + - variable: "AVI_CONTROLLER_ADDR" + label: "Avi Controller IP Address" + description: "IP Address of the Avi Controller" + type: "string" + required: true + - variable: "AVI_CONTROLLER_PORT" + label: "Avi Controller Port (Optional)" + description: "Port on which Avi Controller is listening for API requests" + type: "string" + required: false + - variable: "AVI_CLOUD_NAME" + label: "Avi Cloud Name (Optional)" + description: "Name of Avi Cloud in which Virtual Services are created" + required: false + type: "string" + - variable: "AVI_SSL_VERIFY" + label: "Avi SSL Verify (Optional)" + description: "SSL certificate validation while connecting to Avi Controller" + required: false + type: "boolean" + default: false + - variable: "AVI_DNS_SUBDOMAIN" + label: "Avi VS subdomain" + description: "Avi Virtual services are created with the subdomain config" + type: "string" + required: false + - variable: "AVI_TENANT" + label: "Avi tenant name" + description: "Avi Virtual service created in tenant" + type: "string" + required: false + default: admin + +avi: + health_check: + port: 1000 + interval: 5000 + unhealthy_threshold: 2 + request_line: GET / HTTP/1.0 + healthy_threshold: 2 + response_timeout: 2000 diff --git a/templates/avi/config.yml b/templates/avi/config.yml index c8641fd..e9ad6dc 100644 --- a/templates/avi/config.yml +++ b/templates/avi/config.yml @@ -1,5 +1,5 @@ name: Avi Vantage Platform description: | External LB service powered by Avi Vantage Platform -version: v1-Avi +version: v2-Avi category: Load Balancing diff --git a/templates/es-cluster/4/README.md b/templates/es-cluster/4/README.md new file mode 100644 index 0000000..c662188 --- /dev/null +++ b/templates/es-cluster/4/README.md @@ -0,0 +1,5 @@ +# Elasticsearch Cluster + +A scalable Elasticsearch cluster + +WARN: To avoid vm.max_map_count errors you could set "Update host sysctl" to true. Then param vm.max_map_count will be update to 262144 if it's less in your hosts. diff --git a/templates/es-cluster/4/docker-compose.yml.tpl b/templates/es-cluster/4/docker-compose.yml.tpl new file mode 100644 index 0000000..6ed93e0 --- /dev/null +++ b/templates/es-cluster/4/docker-compose.yml.tpl @@ -0,0 +1,122 @@ +version: '2' +services: + es-master: + labels: + io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.container.hostname_override: container_name + io.rancher.sidekicks: es-storage{{- if eq .Values.UPDATE_SYSCTL "true" -}},es-sysctl{{- end}} + image: docker.elastic.co/elasticsearch/elasticsearch:6.2.3 + environment: + - "cluster.name=${cluster_name}" + - "node.name=$${HOSTNAME}" + - "bootstrap.memory_lock=true" + - "xpack.security.enabled=false" + - "ES_JAVA_OPTS=-Xms${master_heap_size} -Xmx${master_heap_size}" + - "discovery.zen.ping.unicast.hosts=es-master" + - "discovery.zen.minimum_master_nodes=${minimum_master_nodes}" + - "node.master=true" + - "node.data=false" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + mem_limit: ${master_mem_limit} + mem_swappiness: 0 + cap_add: + - IPC_LOCK + volumes_from: + - es-storage + + es-data: + labels: + io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.container.hostname_override: container_name + io.rancher.sidekicks: es-storage{{- if eq .Values.UPDATE_SYSCTL "true" -}},es-sysctl{{- end}} + image: docker.elastic.co/elasticsearch/elasticsearch:6.2.3 + environment: + - "cluster.name=${cluster_name}" + - "node.name=$${HOSTNAME}" + - "bootstrap.memory_lock=true" + - "xpack.security.enabled=false" + - "discovery.zen.ping.unicast.hosts=es-master" + - "ES_JAVA_OPTS=-Xms${data_heap_size} -Xmx${data_heap_size}" + - "node.master=false" + - "node.data=true" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + mem_limit: ${data_mem_limit} + mem_swappiness: 0 + cap_add: + - IPC_LOCK + volumes_from: + - es-storage + depends_on: + - es-master + + es-client: + labels: + io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.container.hostname_override: container_name + io.rancher.sidekicks: es-storage{{- if eq .Values.UPDATE_SYSCTL "true" -}},es-sysctl{{- end}} + image: docker.elastic.co/elasticsearch/elasticsearch:6.2.3 + environment: + - "cluster.name=${cluster_name}" + - "node.name=$${HOSTNAME}" + - "bootstrap.memory_lock=true" + - "xpack.security.enabled=false" + - "discovery.zen.ping.unicast.hosts=es-master" + - "ES_JAVA_OPTS=-Xms${client_heap_size} -Xmx${client_heap_size}" + - "node.master=false" + - "node.data=false" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + mem_limit: ${client_mem_limit} + mem_swappiness: 0 + cap_add: + - IPC_LOCK + volumes_from: + - es-storage + depends_on: + - es-master + + es-storage: + labels: + io.rancher.container.start_once: true + network_mode: none + image: rawmind/alpine-volume:0.0.2-1 + environment: + - SERVICE_UID=1000 + - SERVICE_GID=1000 + - SERVICE_VOLUME=/usr/share/elasticsearch/data + volumes: + - es-storage-volume:/usr/share/elasticsearch/data + + {{- if eq .Values.UPDATE_SYSCTL "true" }} + es-sysctl: + labels: + io.rancher.container.start_once: true + network_mode: none + image: rawmind/alpine-sysctl:0.1 + privileged: true + environment: + - "SYSCTL_KEY=vm.max_map_count" + - "SYSCTL_VALUE=262144" + {{- end}} + +volumes: + es-storage-volume: + driver: ${VOLUME_DRIVER} + per_container: true diff --git a/templates/es-cluster/4/rancher-compose.yml b/templates/es-cluster/4/rancher-compose.yml new file mode 100644 index 0000000..287c035 --- /dev/null +++ b/templates/es-cluster/4/rancher-compose.yml @@ -0,0 +1,111 @@ +version: '2' +catalog: + name: Elasticsearch Cluster + version: 6.2.3-rancher1 + description: Scalable Elasticsearch Cluster + + questions: + - variable: "cluster_name" + type: "string" + required: true + label: "Cluster name" + description: "Name of the Elasticsearch Cluster" + default: "es-cluster" + + - variable: "UPDATE_SYSCTL" + label: "Update host sysctl:" + description: | + Set true to avoid vm.max_map_count errors. + WARN: If set true, host param vm.max_map_count will be update to 262144. + default: false + required: true + type: enum + options: + - false + - true + + - variable: "master_heap_size" + type: "string" + required: true + label: "Heap size (master nodes)" + description: "Heap size to be allocated for Java (master nodes)" + default: "512m" + + - variable: "master_mem_limit" + type: "int" + required: true + label: "Memory limit in byte (master nodes)" + description: "Memory limit in Byte per elasticsearch container. AT LEAST double the heap size! (master nodes)" + default: 1073741824 + + - variable: "data_heap_size" + type: "string" + required: true + label: "Heap size (data nodes)" + description: "Heap size to be allocated for Java (data nodes)" + default: "512m" + + - variable: "data_mem_limit" + type: "int" + required: true + label: "Memory limit in byte (data nodes)" + description: "Memory limit in Byte per elasticsearch container. AT LEAST double the heap size! (data nodes)" + default: 1073741824 + + - variable: "client_heap_size" + type: "string" + required: true + label: "Heap size (client nodes)" + description: "Heap size to be allocated for Java (client nodes)" + default: "512m" + + - variable: "client_mem_limit" + type: "int" + required: true + label: "Memory limit in byte (client nodes)" + description: "Memory limit in Byte per elasticsearch container. AT LEAST double the heap size! (client nodes)" + default: 1073741824 + + - variable: "minimum_master_nodes" + type: "int" + required: true + label: "# of minimum Master Nodes" + description: "Set the number of required master nodes to reach quorum. Sets initial scale to this value as well" + default: 3 + + - variable: "initial_data_nodes" + type: "int" + required: true + label: "# of initial data nodes" + description: "Set the initial number of data nodes" + default: 2 + + - variable: "initial_client_nodes" + type: "int" + required: true + label: "# of initial client nodes" + description: "Set the initial number of client nodes" + default: 1 + + - variable: "VOLUME_DRIVER" + description: "The VOLUME driver to associate with this server" + label: "VOLUME Driver" + required: true + default: "local" + type: enum + options: + - local + - rancher-nfs + - rancher-efs + - rancher-ebs + +services: + + es-master: + scale: ${minimum_master_nodes} + + es-data: + scale: ${initial_data_nodes} + + es-client: + scale: ${initial_client_nodes} diff --git a/templates/es-cluster/config.yml b/templates/es-cluster/config.yml index bb8b8c6..ce6d654 100644 --- a/templates/es-cluster/config.yml +++ b/templates/es-cluster/config.yml @@ -1,5 +1,5 @@ -name: Elasticsearch Cluster 5.5.1 +name: Elasticsearch Cluster 6.2.3 description: | Elasticsearch, you know for search! -version: 5.5.1-rancher1 +version: 6.2.3-rancher1 category: ELK diff --git a/templates/kibana/4/docker-compose.yml b/templates/kibana/4/docker-compose.yml new file mode 100644 index 0000000..1287953 --- /dev/null +++ b/templates/kibana/4/docker-compose.yml @@ -0,0 +1,33 @@ +kibana-vip: + ports: + - "${public_port}:80" + restart: always + tty: true + image: rancher/load-balancer-service + links: + - nginx-proxy:kibana6 + stdin_open: true +nginx-proxy-conf: + image: rancher/nginx-conf:v0.2.0 + command: "-backend=rancher --prefix=/2015-07-25" + labels: + io.rancher.container.hostname_override: container_name +nginx-proxy: + image: rancher/nginx:v1.9.4-3 + volumes_from: + - nginx-proxy-conf + labels: + io.rancher.container.hostname_override: container_name + io.rancher.sidekicks: nginx-proxy-conf,kibana6 + external_links: + - ${elasticsearch_source}:elasticsearch +kibana6: + restart: always + tty: true + image: docker.elastic.co/kibana/kibana:6.2.3 + net: "container:nginx-proxy" + stdin_open: true + environment: + ELASTICSEARCH_URL: "http://elasticsearch:9200" + labels: + io.rancher.container.hostname_override: container_name diff --git a/templates/kibana/4/rancher-compose.yml b/templates/kibana/4/rancher-compose.yml new file mode 100644 index 0000000..37b8723 --- /dev/null +++ b/templates/kibana/4/rancher-compose.yml @@ -0,0 +1,24 @@ +.catalog: + name: "Kibana" + version: "6.2.3-rancher1" + description: "Kibana: Explore & Visualize Your Data" + questions: + - variable: "elasticsearch_source" + description: "Link to elasticsearch service or stack/service" + label: "Elasticsearch source" + type: "service" + required: true + default: "es/elasticsearch-clients" + - variable: "public_port" + label: "Public Port" + description: "Unique public port for Kibana" + type: "int" + default: 80 + required: true + +nginx-proxy: + metadata: + nginx: + conf: + servername: "kibana" + upstream_port: 5601 diff --git a/templates/kibana/catalogIcon-kibana.svg b/templates/kibana/catalogIcon-kibana.svg index 6f5091e..5cac2fb 100644 --- a/templates/kibana/catalogIcon-kibana.svg +++ b/templates/kibana/catalogIcon-kibana.svg @@ -1,34 +1,45 @@ - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/templates/kibana/config.yml b/templates/kibana/config.yml index cdadc3d..41d5de4 100644 --- a/templates/kibana/config.yml +++ b/templates/kibana/config.yml @@ -1,4 +1,4 @@ -name: "Kibana 4" +name: "Kibana" description: "Visualization dashboard" -version: "4.6.3-rancher1" +version: "6.2.3-rancher1" category: ELK diff --git a/templates/logstash/4/docker-compose.yml b/templates/logstash/4/docker-compose.yml new file mode 100644 index 0000000..8743df8 --- /dev/null +++ b/templates/logstash/4/docker-compose.yml @@ -0,0 +1,54 @@ +logstash-indexer-config: + restart: always + image: rancher/logstash-config:v0.2.0 + labels: + io.rancher.container.hostname_override: container_name +redis: + restart: always + tty: true + image: redis:3.2.6-alpine + stdin_open: true + labels: + io.rancher.container.hostname_override: container_name +logstash-indexer: + restart: always + tty: true + volumes_from: + - logstash-indexer-config + command: + - logstash + - -f + - /etc/logstash + image: docker.elastic.co/logstash/logstash:6.2.3 + links: + - redis:redis + external_links: + - ${elasticsearch_link}:elasticsearch + stdin_open: true + labels: + io.rancher.sidekicks: logstash-indexer-config + io.rancher.container.hostname_override: container_name +logstash-collector-config: + restart: always + image: rancher/logstash-config:v0.2.0 + labels: + io.rancher.container.hostname_override: container_name +logstash-collector: + restart: always + tty: true + links: + - redis:redis + ports: + - "5000/udp" + - "6000/tcp" + volumes_from: + - logstash-collector-config + command: + - logstash + - -f + - /etc/logstash + image: docker.elastic.co/logstash/logstash:6.2.3 + stdin_open: true + labels: + io.rancher.sidekicks: logstash-collector-config + io.rancher.container.hostname_override: container_name diff --git a/templates/logstash/4/rancher-compose.yml b/templates/logstash/4/rancher-compose.yml new file mode 100644 index 0000000..b5cde38 --- /dev/null +++ b/templates/logstash/4/rancher-compose.yml @@ -0,0 +1,73 @@ +.catalog: + name: "Logstash" + version: "6.2.3-rancher1" + description: "Logstash: Process Any Data, From Any Source" + questions: + - variable: "collector_inputs" + description: | + Logstash collection tier inputs. These will be added + directly to input { } section of logstash.conf + label: "Logstash inputs" + type: "multiline" + required: true + default: | + udp { + port => 5000 + codec => "json" + } + - variable: "indexer_filters" + description: | + Logstash indexing tier filters. These will be added + directly to filter { } section of logstash.conf + label: "Logstash filters" + type: "multiline" + required: false + default: "" + - variable: "indexer_outputs" + description: | + Logstash indexing tier outputs. These will be added + directly to output { } section of logstash.conf + label: "Logstash outputs" + type: "multiline" + required: true + default: | + elasticsearch { + hosts => ["elasticsearch.rancher.internal:9200"] + } + stdout { + codec => rubydebug + } + - variable: "elasticsearch_link" + description: | + stack/service link or external service link to elasticsearch + cluster. + label: "Elasticsearch stack/service" + default: "es/elasticsearch-clients" + required: true + type: "service" +logstash-indexer: + metadata: + logstash: + inputs: | + redis { + host => "redis.rancher.internal" + port => "6379" + data_type => "list" + key => "logstash" + } + filters: | + ${indexer_filters} + outputs: | + ${indexer_outputs} +logstash-collector: + metadata: + logstash: + inputs: | + ${collector_inputs} + outputs: | + redis { + host => "redis.rancher.internal" + port => "6379" + data_type => "list" + key => "logstash" + } diff --git a/templates/logstash/catalogIcon-logstash.svg b/templates/logstash/catalogIcon-logstash.svg index 15f65af..c3928f3 100644 --- a/templates/logstash/catalogIcon-logstash.svg +++ b/templates/logstash/catalogIcon-logstash.svg @@ -1,145 +1,57 @@ - - - - - - - - - - image/svg+xml - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/templates/logstash/config.yml b/templates/logstash/config.yml index aff47ca..27a7319 100644 --- a/templates/logstash/config.yml +++ b/templates/logstash/config.yml @@ -1,5 +1,5 @@ name: Logstash description: | Centralize data processing of all types -version: 5.1.1-rancher1 +version: 6.2.3-rancher1 category: ELK diff --git a/templates/mailhog/0/README.md b/templates/mailhog/0/README.md new file mode 100644 index 0000000..8e00b33 --- /dev/null +++ b/templates/mailhog/0/README.md @@ -0,0 +1 @@ +The mailhog catalog configuration provides SMTP access on the internal network by default. External SMTP access can be exposed through a TCP Rancher load balancer routing to internal port 25. The Mailhog UI can be exposed through an HTTP(S) Rancher Load Balancer routing to internal port 8025. diff --git a/templates/mailhog/0/docker-compose.yml b/templates/mailhog/0/docker-compose.yml new file mode 100644 index 0000000..807d04d --- /dev/null +++ b/templates/mailhog/0/docker-compose.yml @@ -0,0 +1,12 @@ +version: '2' +services: + mailhog: + image: mailhog/mailhog:v1.0.0 + environment: + MH_UI_WEB_PATH: ${mh_ui_web_path} + MH_SMTP_BIND_ADDR: ${mh_smtp_bind_addr} + stdin_open: true + tty: true + user: root + labels: + io.rancher.container.pull_image: always diff --git a/templates/mailhog/0/rancher-compose.yml b/templates/mailhog/0/rancher-compose.yml new file mode 100644 index 0000000..52e2d79 --- /dev/null +++ b/templates/mailhog/0/rancher-compose.yml @@ -0,0 +1,15 @@ +.catalog: + name: MailHog + version: 0.0.1 + description: MailHog E-mail Capture Tools + questions: + - variable: mh_ui_web_path + label: Web UI Path + type: string + description: Defines the URL path for viewing MailHog. Will use "/" if left blank. + - variable: mh_smtp_bind_addr + label: SMTP Bind Address + type: string + required: true + default: 0.0.0.0:25 + description: Defines the IP/Port combination for the SMTP listener. diff --git a/templates/mailhog/catalogIcon-mailhog.png b/templates/mailhog/catalogIcon-mailhog.png new file mode 100644 index 0000000..c846729 Binary files /dev/null and b/templates/mailhog/catalogIcon-mailhog.png differ diff --git a/templates/mailhog/config.yml b/templates/mailhog/config.yml new file mode 100644 index 0000000..484b4e2 --- /dev/null +++ b/templates/mailhog/config.yml @@ -0,0 +1,4 @@ +name: MailHog +description: MailHog E-mail Capture Tools +version: 0.0.1 +category: Services diff --git a/templates/traefik/20/README.md b/templates/traefik/20/README.md index de5e2e8..dc82647 100644 --- a/templates/traefik/20/README.md +++ b/templates/traefik/20/README.md @@ -88,7 +88,7 @@ Use this labels if you choose extenal rancher integration. WARNING: Only services with healthy state are added to traefik, so health checks are mandatory. -More info [rancher-traefik](https://github.com/rawmind0/rancher-traefik) +More info [rancher-traefik][rancher-traefik] ### Usage: @@ -102,4 +102,30 @@ More info [rancher-traefik](https://github.com/rawmind0/rancher-traefik) Note: To access the services, you need to create A or CNAMES dns entries for every one. +### Usage examples + +#### Setup Traefik for a custom domain + +You must set these labels for the service your want to expose: +- traefik.enable = true +- traefik.port = 8080 +- traefik.acme = true +- traefik.frontend.rule = Host:MyCustoDomain.com (`api` or `metadata` rancher integration) +- traefik.domain = MyCustoDomain.com (`external` rancher integration) + +### F.A.Q + +#### Q: Traefik doesn't apply labels + +Depending on traefik rancher integration, available labels are differents. +- [api and metadata][traefik rancher backend] +- [external][rancher-traefik] + +#### Q: Traefik doesn't expose my service + +Depending on Traefik configuration we can diffenciate two cases: +- If you configured Traefik with label *rancher_healthcheck=true* -> ensure your service has a healthcheck +- If you configured Traefik without healthcheck, then check the Traefik log. Some times Traefik fails when try to load an invalid config and, before that, doesn't load new services -> restart Traefik should fix that + [traefik rancher backend]: https://docs.traefik.io/configuration/backends/rancher/#labels-overriding-default-behaviour +[rancher-traefik]: https://github.com/rawmind0/rancher-traefik diff --git a/templates/traefik/21/README.md b/templates/traefik/21/README.md new file mode 100644 index 0000000..e426e5a --- /dev/null +++ b/templates/traefik/21/README.md @@ -0,0 +1,136 @@ +# Traefik active load balancer + +### Info: + + This template deploys traefik active load balancers on top of Rancher. The configuration is generated and updated with confd from Rancher metadata. + It would be deployed in hosts with label traefik_lb=true. + +### Config: + +- rancher_integration = "metadata" # Rancher integration method. +- rancher_healthcheck = false # Enable/Disable traefik rancher services healthcheck filter. Only valid for api and metadata integration. +- usage_enable = false # Enable/disable send Traefik [anonymous usage collection](https://docs.traefik.io/basics/#collected-data) +- constraints = "" # Traefik constraints for rancher provider. Only valid for api and metadata integration. +- host_label = "traefik_lb=true" # Host label where to run traefik service. +- http_port = 8080 # Port exposed to get access to the published services. +- https_port = 8443 # Port exposed to get secured access to the published services. +- admin_port = 8000 # Port exposed to get admin access to the traefik service. +- admin_ssl = false # Enable/Disable ssl on api, rest, ping and webui using `ssl_key` and `ssl_crt` +- https_enable = + - false: Enable http enpoints and disable https ones. + - true: Enable http and https endpoints. + - only: Enable https endpoints and redirect http to https. +- https_min_tls = "" # See the [traefik documentation](https://docs.traefik.io/configuration/entrypoints/#specify-minimum-tls-version) for allowed values. +- trusted_ips="" # Enable [proxyProtocol](https://docs.traefik.io/configuration/entrypoints/#proxyprotocol) and [forwardHeaders](https://docs.traefik.io/configuration/entrypoints/#forwarded-header) for these IPs (eg: "172.0.0.0/16,192.168.0.1") +- acme_enable = false # Enable/Disable acme traefik support. [acme](https://docs.traefik.io/configuration/acme/) +- acme_email = "test@traefik.io" # acme user email +- acme_challenge = http # acme challenge parameter. WIP to support dns. +- acme_onhostrule = true # acme onHostRule parameter. +- acme_caserver = "https://acme-v01.api.letsencrypt.org/directory" # acme caServer parameter. +- acme_vol_name = "traefik_acme_vol" # Volume name to user by acme sidekick +- acme_vol_driver = "local" # Volume driver to user by acme sidekick +- ssl_key # Paste your ssl key. *Required if you enable https +- ssl_crt # Paste your ssl crt. *Required if you enable https +- insecure_skip = false # Enable InsecureSkipVerify param. +- compress_enable = true # Enable traefik compression +- timeout_read="0" # respondingTimeouts [readTimeout](https://docs.traefik.io/configuration/commons/#responding-timeouts) +- timeout_write="0" # respondingTimeouts [writeTimeout](https://docs.traefik.io/configuration/commons/#responding-timeouts) +- timeout_idle="180" # respondingTimeouts [idleTimeout](https://docs.traefik.io/configuration/commons/#responding-timeouts) +- timeout_dial="30" # forwardingTimeouts [dialTimeout](https://docs.traefik.io/configuration/commons/#forwarding-timeouts) +- timeout_header="0" # forwardingTimeouts [responseHeaderTimeout](https://docs.traefik.io/configuration/commons/#forwarding-timeouts) +- refresh_interval = 10s # Interval to refresh traefik rules.toml from rancher-metadata. +- admin_readonly = false # Set REST API to read-only mode. +- admin_statistics = 10 # Enable more detailed statistics, extend recent errors number. +- admin_auth_method = "basic" # Selec auth method, basic or digest. +- admin_users = "" # Paste basic or digest users created with htdigest, one user per line. +- metrics_enable="false" # Enable/disable traefik [metrics](https://docs.traefik.io/configuration/metrics/) +- metrics_exporter="" # Metrics exporter prometheus | datadog | statsd | influxdb +- metrics_push="10" # Metrics exporter push interval (s). datadog | statsd | influxdb +- metrics_address="" # Metrics exporter address. datadog | statsd | influxdb +- metrics_prometheus_buckets="[0.1,0.3,1.2,5.0]" # Metrics buckets for prometheus + +### Service configuration labels: + +Traefik labels has to be added to your services, in order to get included in traefik config. + +#### Metadata or api + +Please use traefik defined labels if you choose metadata or api rancher integration. + +[Traefik rancher backend labels][traefik rancher backend] + +Metadata is the prefered and recommended rancher integration. + +#### External + +Use this labels if you choose extenal rancher integration. + +- traefik.enable = < true | stack | false > #Controls if you want to publish or not the service + - true: the service will be published as *service_name.stack_name.traefik_domain* + - stack: the service will be published as *stack_name.domain*. WARNING: You can have collisions inside services within your stack + - false: the service will not be published +- traefik.priority = # Override for frontend priority. Default `5` +- traefik.protocol = < http | https > # Override the default protocol `http` +- traefik.sticky = < true | false > # Enable/disable sticky sessions to the backend. Default `false` +- traefik.backend.loadbalancer.method = < drr | wrr > # Override default lb algorithm `drr` +- traefik.backend.circuitbreaker.expression = < expression > # Override default backend circuitbreaker expression `NetworkErrorRatio() > 0.5` +- traefik.frontend.passHostHeader = < true | false > # Forward client Host header to the backend. Default `true` +- traefik.weight = < weight > # Override default backend weight `5` +- traefik.alias = < alias > # Alternate names to route rule. Multiple values separated by ",". traefik.domain is appended. WARNING: You could have collisions BE CAREFULL +- traefik.alias.fqdn = < alias fqdn > # Alternate names to route rule. Multiple values separated by ",". traefik.domain must be defined but is not appended here. +- traefik.domain = < domain.name > # Domain names to route rules. Multiple domains separated by "," +- traefik.domain.regexp = < domain.regexp > # Domain name regexp rule. Multiple domains separated by "," +- traefik.port = # port to expose throught traefik. Default `80` +- traefik.acme = < true | false > # Enable/disable ACME traefik feature. Default `false` +- traefik.path = < path > # Path rule. Multiple values separated by "," +- traefik.path.strip = < path > # Path strip rule. Multiple values separated by "," +- traefik.path.prefix = < path > # Path prefix rule. Multiple values separated by "," +- traefik.path.prefix.strip = < path > # Path prefix strip rule. Multiple values separated by "," +- traefik.ratelimit.enable = < true | false > # Enable/disabe rate-limiting based on client ip. Default `false` +- traefik.ratelimit.period = < n > # Replace n with desired amount of seconds in which traefik is checking the limits "average" and "burst". Default `10` +- traefik.ratelimit.average = < n > # Change to desired average allowed requests by client ip. Default `100` +- traefik.ratelimit.burst = < n > # State what limit the client ip is allowed to burst up to respectively. Default `200` + +WARNING: Only services with healthy state are added to traefik, so health checks are mandatory. + +More info [rancher-traefik][rancher-traefik] + +### Usage: + + Select Traefik from catalog. + + Set the params. + + Click deploy. + + Access your traefik admin service at $admin_port to see your published services. + +Note: To access the services, you need to create A or CNAMES dns entries for every one. + +### Usage examples + +#### Setup Traefik for a custom domain + +You must set these labels for the service your want to expose: +- traefik.enable = true +- traefik.port = 8080 +- traefik.acme = true +- traefik.frontend.rule = Host:MyCustoDomain.com (`api` or `metadata` rancher integration) +- traefik.domain = MyCustoDomain.com (`external` rancher integration) + +### F.A.Q + +#### Q: Traefik doesn't apply labels + +Depending on traefik rancher integration, available labels are differents. +- [api and metadata][traefik rancher backend] +- [external][rancher-traefik] + +#### Q: Traefik doesn't expose my service + +Depending on Traefik configuration we can diffenciate two cases: +- If you configured Traefik with label *rancher_healthcheck=true* -> ensure your service has a healthcheck +- If you configured Traefik without healthcheck, then check the Traefik log. Some times Traefik fails when try to load an invalid config and, before that, doesn't load new services -> restart Traefik should fix that + +[traefik rancher backend]: https://docs.traefik.io/configuration/backends/rancher/#labels-overriding-default-behaviour +[rancher-traefik]: https://github.com/rawmind0/rancher-traefik diff --git a/templates/traefik/21/docker-compose.yml.tpl b/templates/traefik/21/docker-compose.yml.tpl new file mode 100644 index 0000000..6c351b9 --- /dev/null +++ b/templates/traefik/21/docker-compose.yml.tpl @@ -0,0 +1,133 @@ +version: '2' +services: + traefik: + ports: + - ${admin_port}:${admin_port}/tcp + - ${http_port}:${http_port}/tcp + {{- if ne .Values.https_enable "false"}} + - ${https_port}:${https_port}/tcp + {{- end}} + labels: + io.rancher.scheduler.global: 'true' + io.rancher.scheduler.affinity:host_label: ${host_label} + io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + {{- if eq .Values.rancher_integration "api"}} + io.rancher.container.agent.role: environment + io.rancher.container.create_agent: 'true' + {{- end}} + {{- if or (eq .Values.rancher_integration "external") (eq .Values.acme_enable "true")}} + io.rancher.sidekicks: + {{- if eq .Values.rancher_integration "external"}} traefik-conf + {{- if eq .Values.acme_enable "true" -}},{{- end -}} + {{- end -}} + {{- if eq .Values.acme_enable "true" -}} + {{- if ne .Values.rancher_integration "external"}} traefik-acme + {{- else -}}traefik-acme + {{- end -}} + {{- end -}} + {{- end}} + io.rancher.container.hostname_override: container_name + image: rawmind/alpine-traefik:1.5.4-1 + environment: + - TRAEFIK_HTTP_PORT=${http_port} + - TRAEFIK_HTTP_COMPRESSION=${compress_enable} + - TRAEFIK_HTTPS_PORT=${https_port} + - TRAEFIK_HTTPS_ENABLE=${https_enable} + - TRAEFIK_HTTPS_COMPRESSION=${compress_enable} + - TRAEFIK_USAGE_ENABLE=${usage_enable} + - TRAEFIK_TIMEOUT_READ=${timeout_read} + - TRAEFIK_TIMEOUT_WRITE=${timeout_write} + - TRAEFIK_TIMEOUT_IDLE=${timeout_idle} + - TRAEFIK_TIMEOUT_DIAL=${timeout_dial} + - TRAEFIK_TIMEOUT_HEADER=${timeout_header} + {{- if ne .Values.https_min_tls ""}} + - TRAEFIK_HTTPS_MIN_TLS=${https_min_tls} + {{- end}} + {{- if ne .Values.trusted_ips ""}} + - TRAEFIK_TRUSTEDIPS=${trusted_ips} + {{- end}} + {{- if ne .Values.ssl_key ""}} + - TRAEFIK_SSL_KEY=${ssl_key} + {{- end}} + {{- if ne .Values.ssl_crt ""}} + - TRAEFIK_SSL_CRT=${ssl_crt} + {{- end}} + - TRAEFIK_INSECURE_SKIP=${insecure_skip} + - TRAEFIK_ADMIN_ENABLE=true + - TRAEFIK_ADMIN_PORT=${admin_port} + - TRAEFIK_ADMIN_SSL=${admin_ssl} + - TRAEFIK_ADMIN_STATISTICS=${admin_statistics} + - TRAEFIK_ADMIN_AUTH_METHOD=${admin_auth_method} + - TRAEFIK_ADMIN_AUTH_USERS=${admin_users} + {{- if eq .Values.acme_enable "true"}} + - TRAEFIK_ACME_ENABLE=${acme_enable} + - TRAEFIK_ACME_EMAIL=${acme_email} + - TRAEFIK_ACME_CHALLENGE=${acme_challenge} + - TRAEFIK_ACME_CHALLENGE_HTTP_ENTRYPOINT=http + - TRAEFIK_ACME_ONHOSTRULE=${acme_onhostrule} + - TRAEFIK_ACME_CASERVER=${acme_caserver} + {{- end}} + {{- if ne .Values.rancher_integration "external"}} + - TRAEFIK_RANCHER_ENABLE=true + - TRAEFIK_FILE_ENABLE=false + - TRAEFIK_CONSTRAINTS=${constraints} + - TRAEFIK_RANCHER_HEALTHCHECK=${rancher_healthcheck} + - TRAEFIK_RANCHER_MODE=${rancher_integration} + {{- else}} + - TRAEFIK_FILE_ENABLE=true + {{- end}} + {{- if eq .Values.metrics_enable "true"}} + - TRAEFIK_METRICS_ENABLE=${metrics_enable} + - TRAEFIK_METRICS_EXPORTER=${metrics_exporter} + - TRAEFIK_METRICS_PUSH=${metrics_push} + - TRAEFIK_METRICS_ADDRESS=${metrics_address} + - TRAEFIK_METRICS_PROMETHEUS_BUCKETS=${metrics_prometheus_buckets} + {{- end}} + {{- if or (eq .Values.rancher_integration "external") (eq .Values.acme_enable "true")}} + volumes_from: + {{- if eq .Values.rancher_integration "external"}} + - traefik-conf + {{- end}} + {{- if eq .Values.acme_enable "true"}} + - traefik-acme + {{- end}} + {{- end}} + {{- if eq .Values.rancher_integration "external"}} + traefik-conf: + labels: + io.rancher.scheduler.global: 'true' + io.rancher.scheduler.affinity:host_label: ${host_label} + io.rancher.scheduler.affinity:container_label_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.container.start_once: 'true' + image: rawmind/rancher-traefik:1.5.0-0 + network_mode: none + volumes: + - tools-volume:/opt/tools + {{- end}} + {{- if eq .Values.acme_enable "true"}} + traefik-acme: + network_mode: none + labels: + io.rancher.scheduler.affinity:container_label_soft_ne: io.rancher.stack_service.name=$${stack_name}/$${service_name} + io.rancher.container.hostname_override: container_name + io.rancher.container.start_once: true + environment: + - SERVICE_UID=10001 + - SERVICE_GID=10001 + - SERVICE_VOLUME=/opt/traefik/acme + volumes: + - ${acme_vol_name}:/opt/traefik/acme + image: rawmind/alpine-volume:0.0.2-1 + {{- end}} +{{- if or (eq .Values.rancher_integration "external") (eq .Values.acme_enable "true")}} +volumes: + {{- if eq .Values.rancher_integration "external"}} + tools-volume: + driver: local + per_container: true + {{- end}} + {{- if eq .Values.acme_enable "true"}} + ${acme_vol_name}: + driver: ${acme_vol_driver} + {{- end}} +{{- end}} diff --git a/templates/traefik/21/rancher-compose.yml b/templates/traefik/21/rancher-compose.yml new file mode 100644 index 0000000..ea0911f --- /dev/null +++ b/templates/traefik/21/rancher-compose.yml @@ -0,0 +1,277 @@ +version: '2' +catalog: + name: traefik + version: v1.5.4-rancher1 + description: | + Traefik load balancer. + minimum_rancher_version: v0.59.0 + maintainer: "Raul Sanchez " + uuid: traefik-0 + questions: + - variable: "rancher_integration" + label: "Choose rancher integration:" + description: | + Enable rancher integration mode. Traefik built in integration, metadata or api, or external sidekick integration with confd. + default: metadata + required: true + type: enum + options: + - metadata + - api + - external + - variable: "rancher_healthcheck" + description: | + Enable/disable rancher services healtcheck filter. If enable, just healthy services will be published. + Only valid for api and metadata integration. + label: "Rancher healthcheck filter:" + required: true + default: false + type: "boolean" + - variable: "usage_enable" + description: | + Enable/disable send anonymous usage collection to Traefik. See https://docs.traefik.io/basics/#collected-data + label: "Traefik send anonymous usage:" + required: true + default: false + type: "boolean" + - variable: "constraints" + description: | + Traefik constraints for rancher provider. Eg: "tag==api" + Only valid for api and metadata integration. + label: "Traefik constraints:" + required: false + default: "" + type: "string" + - variable: "host_label" + description: "Host label where to run traefik service." + label: "Host label:" + required: true + default: "traefik_lb=true" + type: "string" + - variable: "http_port" + description: "Traefik http public port to listen." + label: "Http port:" + required: true + default: 8080 + type: "int" + - variable: "https_port" + description: "Traefik https public port to listen." + label: "Https port:" + required: true + default: 8443 + type: "int" + - variable: "admin_port" + description: "Traefik admin public port to listen for api, rest, ping and webui." + label: "Admin port:" + required: true + default: 8000 + type: "int" + - variable: "admin_ssl" + description: "Enable ssl for api, rest, ping and webui." + label: "Admin ssl:" + required: true + default: false + type: "boolean" + - variable: "https_enable" + label: "Https enable:" + description: | + Enable https working mode. If you activate, you need to fill SSL key and SSL crt in order to work. + default: false + required: true + type: enum + options: + - false + - true + - only + - variable: "https_min_tls" + description: | + Minimal allowed tls version to accept connections from. + See the traefik documentation for allowed values. Default is `VersionTLS12`. + label: "Https min tls:" + required: false + default: "" + type: "string" + - variable: "trusted_ips" + description: | + Enable proxyProtocol and forwardHeaders just for trusted IPs. Eg: `172.0.0.0/16,192.168.0.1` + See the traefik documentation for more info. Default is ``. + label: "Trusted IPs:" + required: false + default: "" + type: "string" + - variable: "acme_enable" + description: "Enable acme support on traefik." + label: "ACME enable:" + required: true + default: false + type: "boolean" + - variable: "acme_email" + description: "ACME user email." + label: "ACME email:" + required: true + default: "test@traefik.io" + type: "string" + - variable: "acme_challenge" + description: "ACME challenge." + label: "ACME challenge:" + required: true + default: http + type: enum + options: # List of options if using type of `enum` + - http + - variable: "acme_onhostrule" + description: "Enable acme onHostRule." + label: "ACME onHostRule:" + required: true + default: true + type: "boolean" + - variable: "acme_caserver" + description: "ACME caServer to use." + label: "ACME caServer:" + required: true + default: "https://acme-v01.api.letsencrypt.org/directory" + type: "string" + - variable: "acme_vol_name" + description: "The volume name shared to store ACME certs" + label: "ACME Volume Name" + required: true + default: "traefik_acme_vol" + type: "string" + - variable: "acme_vol_driver" + description: "The volume driver shared to store ACME certs" + label: "ACME Volume Driver" + required: true + default: "local" + type: enum + options: # List of options if using type of `enum` + - local + - rancher-nfs + - rancher-efs + - rancher-ebs + - variable: "ssl_key" + description: "SSL key to secure the service. *Required if you enable https or admin ssl" + label: "Https key" + type: "multiline" + required: false + default: "" + - variable: "ssl_crt" + description: "SSL cert to secure the service. *Required if you enable https or admin ssl" + label: "Https crt" + type: "multiline" + required: false + default: "" + - variable: "insecure_skip" + description: "Enable InsecureSkipVerify param." + label: "InsecureSkipVerify:" + required: true + default: false + type: "boolean" + - variable: "compress_enable" + label: "Enable compression:" + description: | + Enable Traefik compression for entrypoints. + default: true + required: true + type: "boolean" + - variable: "timeout_read" + label: "Timeout read:" + description: | + Traefik respondingTimeouts readTimeout (s). + default: 0 + required: true + type: "int" + - variable: "timeout_write" + label: "Timeout write:" + description: | + Traefik respondingTimeouts writeTimeout (s). + default: 0 + required: true + type: "int" + - variable: "timeout_idle" + label: "Timeout idle:" + description: | + Traefik respondingTimeouts idleTimeout (s). + default: 180 + required: true + type: "int" + - variable: "timeout_dial" + label: "Timeout dial:" + description: | + Traefik forwardingTimeouts dialTimeout (s). + default: 30 + required: true + type: "int" + - variable: "timeout_header" + label: "Timeout header:" + description: | + Traefik forwardingTimeouts responseHeaderTimeout (s). + default: 0 + required: true + type: "int" + - variable: "admin_statistics" + description: "Enable more detailed statistics." + label: "Admin statistics history:" + required: true + default: 10 + type: "int" + - variable: "admin_auth_method" + description: "Admin auth method on api, rest and webui." + label: "Admin auth method:" + required: true + default: "basic" + type: enum + options: # List of options if using type of `enum` + - basic + - digest + - variable: "admin_users" + description: "Admin auth user list on api, rest and webui. Generate with htpassword for basic or htdigest with traefik realm for digest." + label: "Admin users:" + type: "multiline" + required: false + default: "" + - variable: "metrics_enable" + description: "Enable traefik metrics." + label: "Metrics enable" + default: false + required: true + type: "boolean" + - variable: "metrics_exporter" + description: "Traefik metrics exporter." + label: "Metrics exporter:" + required: false + default: + type: enum + options: # List of options if using type of `enum` + - prometheus + - datadog + - statsd + - influxdb + - variable: "metrics_push" + description: "Traefik metrics exporter push interval. Apply on datadog, statsd and influxdb." + label: "Metrics push interval (s):" + required: false + default: 10 + type: "int" + - variable: "metrics_address" + description: "Traefik metrics exporter address to push. Apply on datadog, statsd and influxdb." + label: "Metrics address:" + required: false + default: "" + type: "string" + - variable: "metrics_prometheus_buckets" + description: "Traefik metrics buckets for prometheus." + label: "Metrics prometheus buckets" + default: "[0.1,0.3,1.2,5.0]" + required: false + type: "string" +services: + traefik: + retain_ip: true + health_check: + healthy_threshold: 2 + response_timeout: 5000 + port: ${admin_port} + unhealthy_threshold: 3 + interval: 5000 + strategy: recreate + diff --git a/templates/traefik/config.yml b/templates/traefik/config.yml index 65fd4c3..dfed582 100644 --- a/templates/traefik/config.yml +++ b/templates/traefik/config.yml @@ -1,7 +1,7 @@ name: Traefik description: | Traefik active load balancer -version: v1.5.3-rancher1 +version: v1.5.4-rancher1 category: Load Balancing maintainer: "Raul Sanchez " license: