mirror of
https://github.com/containous/traefik.git
synced 2024-12-22 13:34:03 +03:00
Remove everything templates related
This commit is contained in:
parent
e2ec64947a
commit
03d5a95bde
4
Makefile
4
Makefile
@ -59,8 +59,8 @@ test-integration: build ## run the integration tests
|
||||
$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate binary test-integration
|
||||
TEST_HOST=1 ./script/make.sh test-integration
|
||||
|
||||
validate: build ## validate code, vendor and autogen
|
||||
$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate validate-lint validate-misspell validate-vendor validate-autogen
|
||||
validate: build ## validate code, vendor
|
||||
$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate validate-lint validate-misspell validate-vendor
|
||||
|
||||
build: dist
|
||||
docker build $(DOCKER_BUILD_ARGS) -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile .
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -35,7 +35,6 @@ Successfully built 5c3c1a911277
|
||||
Successfully tagged traefik-dev:4475--feature-documentation
|
||||
docker run -e "TEST_CONTAINER=1" -v "/var/run/docker.sock:/var/run/docker.sock" -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -e VERBOSE -e VERSION -e CODENAME -e TESTDIRS -e CI -e CONTAINER=DOCKER -v "/home/ldez/sources/go/src/github.com/containous/traefik/"dist":/go/src/github.com/containous/traefik/"dist"" "traefik-dev:4475--feature-documentation" ./script/make.sh generate binary
|
||||
---> Making bundle: generate (in .)
|
||||
removed 'autogen/gentemplates/gen.go'
|
||||
removed 'autogen/genstatic/gen.go'
|
||||
|
||||
---> Making bundle: binary (in .)
|
||||
|
@ -7,7 +7,6 @@ A Simple Use Case Using Docker
|
||||
|
||||
!!! tip
|
||||
To save some time, you can clone [Traefik's repository](https://github.com/containous/traefik).
|
||||
The quickstart files are located in the [examples/quickstart](https://github.com/containous/traefik/tree/master/examples/quickstart/) directory.
|
||||
|
||||
## Launch Traefik With the Docker Provider
|
||||
|
||||
|
2
examples/accessLog/.gitignore
vendored
2
examples/accessLog/.gitignore
vendored
@ -1,2 +0,0 @@
|
||||
exampleHandler
|
||||
exampleHandler.exe
|
@ -1,46 +0,0 @@
|
||||
/*
|
||||
Simple program to start a web server on a specified port
|
||||
*/
|
||||
package main
|
||||
|
||||
import (
|
||||
"flag"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
)
|
||||
|
||||
var (
|
||||
name string
|
||||
port int
|
||||
help *bool
|
||||
)
|
||||
|
||||
func init() {
|
||||
flag.StringVar(&name, "n", "", "Name of handler for messages")
|
||||
flag.IntVar(&port, "p", 0, "Port number to listen")
|
||||
help = flag.Bool("h", false, "Displays help message")
|
||||
}
|
||||
|
||||
func usage() {
|
||||
fmt.Printf("Usage: example -n name -p port \n")
|
||||
os.Exit(2)
|
||||
}
|
||||
|
||||
func handler(w http.ResponseWriter, r *http.Request) {
|
||||
fmt.Fprintf(w, "%s: Received query %s!\n", name, r.URL.Path[1:])
|
||||
}
|
||||
|
||||
func main() {
|
||||
flag.Parse()
|
||||
if *help || len(name) == 0 || port <= 0 {
|
||||
usage()
|
||||
}
|
||||
http.HandleFunc("/", handler)
|
||||
fmt.Printf("%s: Listening on :%d...\n", name, port)
|
||||
if er := http.ListenAndServe(fmt.Sprintf(":%d", port), nil); er != nil {
|
||||
fmt.Printf("%s: Error from ListenAndServe: %s", name, er.Error())
|
||||
os.Exit(1)
|
||||
}
|
||||
fmt.Printf("%s: How'd we get past listen and serve???\n", name)
|
||||
}
|
@ -1,122 +0,0 @@
|
||||
#!/bin/bash
|
||||
usage()
|
||||
{
|
||||
echo 'runAb.sh - Run Apache Benchmark to test access log'
|
||||
echo ' Usage: runAb.sh [--conn nnn] [--log xxx] [--num nnn] [--time nnn] [--wait nn]'
|
||||
echo ' -c|--conn - number of simultaneous connections (default 100)'
|
||||
echo ' -l|--log - name of logfile (default benchmark.log)'
|
||||
echo ' -n|--num - number of requests (default 50000); ignored when -t specified'
|
||||
echo ' -t|--time - time in seconds for benchmark (default no limit)'
|
||||
echo ' -w|--wait - number of seconds to wait for Traefik to initialize (default 15)'
|
||||
echo ' '
|
||||
exit
|
||||
}
|
||||
|
||||
# Parse options
|
||||
|
||||
conn=100
|
||||
num=50000
|
||||
wait=15
|
||||
time=0
|
||||
logfile=""
|
||||
while [[ $1 =~ ^- ]]
|
||||
do
|
||||
case $1 in
|
||||
-c|--conn)
|
||||
conn=$2
|
||||
shift
|
||||
;;
|
||||
-h|--help)
|
||||
usage
|
||||
;;
|
||||
-l|--log|--logfile)
|
||||
logfile=$2
|
||||
shift
|
||||
;;
|
||||
-n|--num)
|
||||
num=$2
|
||||
shift
|
||||
;;
|
||||
-t|--time)
|
||||
time=$2
|
||||
shift
|
||||
;;
|
||||
-w|--wait)
|
||||
wait=$2
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
echo Unknown option "$1"
|
||||
usage
|
||||
esac
|
||||
shift
|
||||
done
|
||||
if [ -z "$logfile" ] ; then
|
||||
logfile="benchmark.log"
|
||||
fi
|
||||
|
||||
# Change to accessLog examples directory
|
||||
|
||||
[ -d examples/accessLog ] && cd examples/accessLog
|
||||
if [ ! -r exampleHandler.go ] ; then
|
||||
echo Please run this script either from the traefik repo root or from the examples/accessLog directory
|
||||
exit
|
||||
fi
|
||||
|
||||
# Kill traefik and any running example processes
|
||||
|
||||
sudo pkill -f traefik
|
||||
pkill -f exampleHandler
|
||||
[ ! -d log ] && mkdir log
|
||||
|
||||
# Start new example processes
|
||||
|
||||
go build exampleHandler.go
|
||||
[ $? -ne 0 ] && exit $?
|
||||
./exampleHandler -n Handler1 -p 8081 &
|
||||
[ $? -ne 0 ] && exit $?
|
||||
./exampleHandler -n Handler2 -p 8082 &
|
||||
[ $? -ne 0 ] && exit $?
|
||||
./exampleHandler -n Handler3 -p 8083 &
|
||||
[ $? -ne 0 ] && exit $?
|
||||
|
||||
# Wait a couple of seconds for handlers to initialize and start Traefik
|
||||
|
||||
cd ../..
|
||||
sleep 2s
|
||||
echo Starting Traefik...
|
||||
sudo ./traefik -c examples/accessLog/traefik.ab.toml &
|
||||
[ $? -ne 0 ] && exit $?
|
||||
|
||||
# Wait for Traefik to initialize and run ab
|
||||
|
||||
echo Waiting $wait seconds before starting ab benchmark
|
||||
sleep ${wait}s
|
||||
echo
|
||||
stime=`date '+%s'`
|
||||
if [ $time -eq 0 ] ; then
|
||||
echo Benchmark starting `date` with $conn connections until $num requests processed | tee $logfile
|
||||
echo | tee -a $logfile
|
||||
echo ab -k -c $conn -n $num http://127.0.0.1/test | tee -a $logfile
|
||||
echo | tee -a $logfile
|
||||
ab -k -c $conn -n $num http://127.0.0.1/test 2>&1 | tee -a $logfile
|
||||
else
|
||||
if [ $num -ne 50000 ] ; then
|
||||
echo Request count ignored when --time specified
|
||||
fi
|
||||
echo Benchmark starting `date` with $conn connections for $time seconds | tee $logfile
|
||||
echo | tee -a $logfile
|
||||
echo ab -k -c $conn -t $time -n 100000000 http://127.0.0.1/test | tee -a $logfile
|
||||
echo | tee -a $logfile
|
||||
ab -k -c $conn -t $time -n 100000000 http://127.0.0.1/test 2>&1 | tee -a $logfile
|
||||
fi
|
||||
|
||||
etime=`date '+%s'`
|
||||
let "dt=$etime - $stime"
|
||||
let "ds=$dt % 60"
|
||||
let "dm=($dt / 60) % 60"
|
||||
let "dh=$dt / 3600"
|
||||
echo | tee -a $logfile
|
||||
printf "Benchmark ended `date` after %d:%02d:%02d\n" $dh $dm $ds | tee -a $logfile
|
||||
echo Results available in $logfile
|
||||
|
@ -1,40 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Script to run a three-server example. This script runs the three servers and restarts Traefik
|
||||
# Once it is running, use the command:
|
||||
#
|
||||
# curl http://127.0.0.1:80/test{1,2,2}
|
||||
#
|
||||
# to send requests to send test requests to the servers. You should see a response like:
|
||||
#
|
||||
# Handler1: received query test1!
|
||||
# Handler2: received query test2!
|
||||
# Handler3: received query test2!
|
||||
#
|
||||
# and can then inspect log/access.log to see frontend, backend, and timing
|
||||
|
||||
# Kill traefik and any running example processes
|
||||
sudo pkill -f traefik
|
||||
pkill -f exampleHandler
|
||||
[ ! -d log ] && mkdir log
|
||||
|
||||
# Start new example processes
|
||||
cd examples/accessLog
|
||||
go build exampleHandler.go
|
||||
[ $? -ne 0 ] && exit $?
|
||||
./exampleHandler -n Handler1 -p 8081 &
|
||||
[ $? -ne 0 ] && exit $?
|
||||
./exampleHandler -n Handler2 -p 8082 &
|
||||
[ $? -ne 0 ] && exit $?
|
||||
./exampleHandler -n Handler3 -p 8083 &
|
||||
[ $? -ne 0 ] && exit $?
|
||||
|
||||
# Wait a couple of seconds for handlers to initialize and start Traefik
|
||||
cd ../..
|
||||
sleep 2s
|
||||
echo Starting Traefik...
|
||||
sudo ./traefik -c examples/accessLog/traefik.example.toml &
|
||||
[ $? -ne 0 ] && exit $?
|
||||
|
||||
echo Sample handlers and traefik started successfully!
|
||||
echo 'Use command curl http://127.0.0.1:80/test{1,2,2} to drive test'
|
||||
echo Then inspect log/access.log to verify it contains frontend, backend, and timing
|
@ -1,44 +0,0 @@
|
||||
################################################################
|
||||
# Global configuration
|
||||
################################################################
|
||||
traefikLogsFile = "log/traefik.log"
|
||||
accessLogsFile = "log/access.log"
|
||||
logLevel = "DEBUG"
|
||||
|
||||
[entrypoints]
|
||||
[entrypoints.api]
|
||||
address = ":7888"
|
||||
|
||||
################################################################
|
||||
# API configuration
|
||||
################################################################
|
||||
[api]
|
||||
entryPoint = "api"
|
||||
|
||||
################################################################
|
||||
# File configuration backend
|
||||
################################################################
|
||||
[file]
|
||||
|
||||
################################################################
|
||||
# rules
|
||||
################################################################
|
||||
[backends]
|
||||
[backends.backend]
|
||||
[backends.backend.LoadBalancer]
|
||||
method = "drr"
|
||||
[backends.backend.servers.server1]
|
||||
url = "http://127.0.0.1:8081"
|
||||
weight = 1
|
||||
[backends.backend.servers.server2]
|
||||
url = "http://127.0.0.1:8082"
|
||||
weight = 1
|
||||
[backends.backend.servers.server3]
|
||||
url = "http://127.0.0.1:8083"
|
||||
weight = 1
|
||||
[frontends]
|
||||
[frontends.frontend]
|
||||
backend = "backend"
|
||||
passHostHeader = true
|
||||
[frontends.frontend.routes.test]
|
||||
rule = "Path: /test"
|
@ -1,52 +0,0 @@
|
||||
################################################################
|
||||
# Global configuration
|
||||
################################################################
|
||||
traefikLogsFile = "log/traefik.log"
|
||||
accessLogsFile = "log/access.log"
|
||||
logLevel = "DEBUG"
|
||||
|
||||
[entrypoints]
|
||||
[entrypoints.api]
|
||||
address = ":7888"
|
||||
|
||||
################################################################
|
||||
# API configuration
|
||||
################################################################
|
||||
[api]
|
||||
entryPoint = "api"
|
||||
|
||||
################################################################
|
||||
# File configuration backend
|
||||
################################################################
|
||||
[file]
|
||||
|
||||
################################################################
|
||||
# rules
|
||||
################################################################
|
||||
[backends]
|
||||
[backends.backend1]
|
||||
[backends.backend1.servers.server1]
|
||||
url = "http://127.0.0.1:8081"
|
||||
weight = 1
|
||||
|
||||
[backends.backend2]
|
||||
[backends.backend2.LoadBalancer]
|
||||
method = "drr"
|
||||
[backends.backend2.servers.server1]
|
||||
url = "http://127.0.0.1:8082"
|
||||
weight = 1
|
||||
[backends.backend2.servers.server2]
|
||||
url = "http://127.0.0.1:8083"
|
||||
weight = 1
|
||||
|
||||
[frontends]
|
||||
[frontends.frontend1]
|
||||
backend = "backend1"
|
||||
[frontends.frontend1.routes.test_1]
|
||||
rule = "Path: /test1"
|
||||
|
||||
[frontends.frontend2]
|
||||
backend = "backend2"
|
||||
passHostHeader = true
|
||||
[frontends.frontend2.routes.test_2]
|
||||
rule = "Path: /test2"
|
@ -1,31 +0,0 @@
|
||||
# ACME Testing environment
|
||||
|
||||
## Objectives
|
||||
|
||||
In our integration ACME tests, we use a simulated Let's Encrypt container based stack named boulder.
|
||||
|
||||
The goal of this directory is to provide to developers a Traefik-boulder full stack environment.
|
||||
This environment may be used in order to quickly test developments on ACME certificates management.
|
||||
|
||||
The provided Boulder stack is based on the environment used during integration tests.
|
||||
|
||||
## Directory content
|
||||
|
||||
* **docker-compose.yml** : Docker-Compose file which contains the description of Traefik and all the boulder stack containers to get,
|
||||
* **acme.toml** : Traefik configuration file used by the Traefik container described above,
|
||||
* **manage_acme_docker_environment.sh** Shell script which does all needed checks and manages the docker-compose environment.
|
||||
|
||||
## Shell script
|
||||
|
||||
### Description
|
||||
|
||||
To work fine, boulder needs a domain name, with a related IP and storage file. The shell script allows to check the environment before launching the Docker environment with the rights parameters and to managing this environment.
|
||||
|
||||
### Use
|
||||
|
||||
The script **manage_acme_docker_environment.sh** requires one argument. This argument can have 3 values :
|
||||
|
||||
* **--start** : Launch a new Docker environment Boulder + Traefik.
|
||||
* **--stop** : Stop and delete the current Docker environment.
|
||||
* **--restart--** : Concatenate **--stop** and **--start** actions.
|
||||
* **--dev** : Launch a new Boulder Docker environment.
|
@ -1,30 +0,0 @@
|
||||
logLevel = "DEBUG"
|
||||
|
||||
[entrypoints]
|
||||
[entrypoints.web]
|
||||
address = ":80"
|
||||
[entrypoints.web.redirect]
|
||||
entryPoint = "https"
|
||||
[entrypoints.web-secure]
|
||||
address = ":443"
|
||||
[entrypoints.web-secure.tls]
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/etc/traefik/conf/acme.json"
|
||||
entryPoint = "https"
|
||||
onDemand = false
|
||||
onHostRule = true
|
||||
caServer = "http://traefik.boulder.com:4001/directory"
|
||||
[acme.httpChallenge]
|
||||
entryPoint="http"
|
||||
|
||||
[api]
|
||||
|
||||
[docker]
|
||||
endpoint = "unix:///var/run/docker.sock"
|
||||
domain = "traefik.localhost.com"
|
||||
watch = true
|
||||
exposedByDefault = false
|
||||
|
||||
|
@ -1,97 +0,0 @@
|
||||
version: "2"
|
||||
|
||||
services :
|
||||
|
||||
boulder:
|
||||
# To minimize fetching this should be the same version used below
|
||||
image: containous/boulder:containous-acmev2
|
||||
environment:
|
||||
FAKE_DNS: 172.17.0.1
|
||||
PKCS11_PROXY_SOCKET: tcp://boulder-hsm:5657
|
||||
restart: unless-stopped
|
||||
extra_hosts:
|
||||
- le.wtf:127.0.0.1
|
||||
- boulder:127.0.0.1
|
||||
ports:
|
||||
- 4000:4000 # ACME
|
||||
- 4001:4001 # ACMEv2
|
||||
- 4002:4002 # OCSP
|
||||
- 4003:4003 # OCSP
|
||||
- 4430:4430 # ACME via HTTPS
|
||||
- 4431:4431 # ACMEv2 via HTTPS
|
||||
- 4500:4500 # ct-test-srv
|
||||
- 6000:6000 # gsb-test-srv
|
||||
- 8000:8000 # debug ports
|
||||
- 8001:8001
|
||||
- 8002:8002
|
||||
- 8003:8003
|
||||
- 8004:8004
|
||||
- 8005:8005
|
||||
- 8006:8006
|
||||
- 8008:8008
|
||||
- 8009:8009
|
||||
- 8010:8010
|
||||
- 8055:8055 # dns-test-srv updates
|
||||
- 9380:9380 # mail-test-srv
|
||||
- 9381:9381 # mail-test-srv
|
||||
depends_on:
|
||||
- bhsm
|
||||
- bmysql
|
||||
networks:
|
||||
- default
|
||||
|
||||
bhsm:
|
||||
# To minimize fetching this should be the same version used above
|
||||
image: letsencrypt/boulder-tools:2018-03-07
|
||||
hostname: boulder-hsm
|
||||
environment:
|
||||
PKCS11_DAEMON_SOCKET: tcp://0.0.0.0:5657
|
||||
command: /usr/local/bin/pkcs11-daemon /usr/lib/softhsm/libsofthsm2.so
|
||||
expose:
|
||||
- 5657
|
||||
networks:
|
||||
default:
|
||||
aliases:
|
||||
- boulder-hsm
|
||||
|
||||
bmysql:
|
||||
image: mariadb:10.1
|
||||
hostname: boulder-mysql
|
||||
environment:
|
||||
MYSQL_ALLOW_EMPTY_PASSWORD: "yes"
|
||||
command: mysqld --bind-address=0.0.0.0
|
||||
logging:
|
||||
driver: none
|
||||
networks:
|
||||
default:
|
||||
aliases:
|
||||
- boulder-mysql
|
||||
|
||||
## TRAEFIK part ##
|
||||
|
||||
traefik:
|
||||
build:
|
||||
context: ../..
|
||||
image: containous/traefik:latest
|
||||
command: --configFile=/etc/traefik/conf/acme.toml
|
||||
restart: unless-stopped
|
||||
extra_hosts:
|
||||
- traefik.boulder.com:172.17.0.1
|
||||
volumes:
|
||||
- "./acme.toml:/etc/traefik/conf/acme.toml:ro"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
- "./acme.json:/etc/traefik/conf/acme.json:rw"
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
- "5001:443" # Needed for SNI challenge
|
||||
- "5002:80" # Needed for HTTP challenge
|
||||
expose:
|
||||
- "8080"
|
||||
labels:
|
||||
- "traefik.port=8080"
|
||||
- "traefik.backend=traefikception"
|
||||
- "traefik.frontend.rule=Host:traefik.localhost.com"
|
||||
- "traefik.enable=true"
|
||||
depends_on:
|
||||
- boulder
|
@ -1,91 +0,0 @@
|
||||
#! /usr/bin/env bash
|
||||
|
||||
# Initialize variables
|
||||
readonly traefik_url="traefik.localhost.com"
|
||||
readonly basedir=$(dirname $0)
|
||||
readonly doc_file=$basedir"/docker-compose.yml"
|
||||
|
||||
# Stop and remove Docker environment
|
||||
down_environment() {
|
||||
echo "STOP Docker environment"
|
||||
! docker-compose -f $doc_file down -v &>/dev/null && \
|
||||
echo "[ERROR] Unable to stop the Docker environment" && exit 11
|
||||
}
|
||||
|
||||
# Create and start Docker-compose environment or subpart of its services (if services are listed)
|
||||
# $@ : List of services to start (optional)
|
||||
up_environment() {
|
||||
echo "START Docker environment"
|
||||
! docker-compose -f $doc_file up -d $@ &>/dev/null && \
|
||||
echo "[ERROR] Unable to start Docker environment" && exit 21
|
||||
}
|
||||
|
||||
# Init the environment : get IP address and create needed files
|
||||
init_environment() {
|
||||
echo "CREATE empty acme.json file"
|
||||
rm -f $basedir/acme.json && \
|
||||
touch $basedir/acme.json && \
|
||||
chmod 600 $basedir/acme.json # Needed for ACME
|
||||
}
|
||||
|
||||
# Start all the environement
|
||||
start_boulder() {
|
||||
init_environment
|
||||
echo "Start boulder environment"
|
||||
up_environment bmysql bhsm boulder
|
||||
waiting_counter=12
|
||||
# Not start Traefik if boulder is not started
|
||||
echo "WAIT for boulder..."
|
||||
while [[ -z $(curl -s http://127.0.0.1:4000/directory) ]]; do
|
||||
sleep 5
|
||||
let waiting_counter-=1
|
||||
if [[ $waiting_counter -eq 0 ]]; then
|
||||
echo "[ERROR] Unable to start boulder container in the allowed time, the Docker environment will be stopped"
|
||||
down_environment
|
||||
exit 41
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# Script usage
|
||||
show_usage() {
|
||||
echo
|
||||
echo "USAGE : manage_acme_docker_environment.sh [--dev|--start|--stop|--restart]"
|
||||
echo
|
||||
}
|
||||
|
||||
# Main method
|
||||
# $@ All parameters given
|
||||
main() {
|
||||
|
||||
[[ $# -ne 1 ]] && show_usage && exit 1
|
||||
|
||||
case $1 in
|
||||
"--dev")
|
||||
start_boulder
|
||||
;;
|
||||
"--start")
|
||||
# Start boulder environment
|
||||
start_boulder
|
||||
echo "START Traefik container"
|
||||
up_environment traefik
|
||||
echo "ENVIRONMENT SUCCESSFULLY STARTED"
|
||||
;;
|
||||
"--stop")
|
||||
! down_environment
|
||||
echo "ENVIRONMENT SUCCESSFULLY STOPPED"
|
||||
;;
|
||||
"--restart")
|
||||
down_environment
|
||||
start_boulder
|
||||
echo "START Traefik container"
|
||||
up_environment traefik
|
||||
echo "ENVIRONMENT SUCCESSFULLY RESTARTED"
|
||||
;;
|
||||
*)
|
||||
show_usage && exit 2
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
main $@
|
@ -1,205 +0,0 @@
|
||||
version: '2'
|
||||
|
||||
services:
|
||||
|
||||
## KV part ##
|
||||
|
||||
# CONSUL
|
||||
|
||||
consul:
|
||||
image: progrium/consul
|
||||
command: -server -bootstrap -log-level debug -ui-dir /ui
|
||||
ports:
|
||||
- "8400:8400"
|
||||
- "8500:8500"
|
||||
- "8600:53/udp"
|
||||
expose:
|
||||
- "8300"
|
||||
- "8301"
|
||||
- "8301/udp"
|
||||
- "8302"
|
||||
- "8302/udp"
|
||||
networks:
|
||||
net:
|
||||
ipv4_address: 10.0.1.2
|
||||
|
||||
# ETCD V3
|
||||
|
||||
etcd3:
|
||||
image: quay.io/coreos/etcd:v3.2.9
|
||||
command: /usr/local/bin/etcd --data-dir=/etcd-data --name node1 --initial-advertise-peer-urls http://10.0.1.12:2380 --listen-peer-urls http://10.0.1.12:2380 --advertise-client-urls http://10.0.1.12:2379,http://10.0.1.12:4001 --listen-client-urls http://10.0.1.12:2379,http://10.0.1.12:4001 --initial-cluster node1=http://10.0.1.12:2380 --debug
|
||||
ports:
|
||||
- "4001:4001"
|
||||
- "2380:2380"
|
||||
- "2379:2379"
|
||||
networks:
|
||||
net:
|
||||
ipv4_address: 10.0.1.12
|
||||
|
||||
etcdctl-ping:
|
||||
image: tenstartups/etcdctl
|
||||
command: --endpoints=[10.0.1.12:2379] get "traefik/acme/storage"
|
||||
environment:
|
||||
ETCDCTL_DIAL_: "TIMEOUT 10s"
|
||||
ETCDCTL_API : "3"
|
||||
networks:
|
||||
- net
|
||||
|
||||
## BOULDER part ##
|
||||
|
||||
boulder:
|
||||
# To minimize fetching this should be the same version used below
|
||||
image: containous/boulder:containous-acmev2
|
||||
environment:
|
||||
FAKE_DNS: 172.17.0.1
|
||||
PKCS11_PROXY_SOCKET: tcp://boulder-hsm:5657
|
||||
restart: unless-stopped
|
||||
extra_hosts:
|
||||
- le.wtf:127.0.0.1
|
||||
- boulder:127.0.0.1
|
||||
ports:
|
||||
- 4000:4000 # ACME
|
||||
- 4001:4001 # ACMEv2
|
||||
- 4002:4002 # OCSP
|
||||
- 4003:4003 # OCSP
|
||||
- 4430:4430 # ACME via HTTPS
|
||||
- 4431:4431 # ACMEv2 via HTTPS
|
||||
- 4500:4500 # ct-test-srv
|
||||
- 6000:6000 # gsb-test-srv
|
||||
- 8000:8000 # debug ports
|
||||
- 8001:8001
|
||||
- 8002:8002
|
||||
- 8003:8003
|
||||
- 8004:8004
|
||||
- 8005:8005
|
||||
- 8006:8006
|
||||
- 8008:8008
|
||||
- 8009:8009
|
||||
- 8010:8010
|
||||
- 8055:8055 # dns-test-srv updates
|
||||
- 9380:9380 # mail-test-srv
|
||||
- 9381:9381 # mail-test-srv
|
||||
depends_on:
|
||||
- bhsm
|
||||
- bmysql
|
||||
networks:
|
||||
net:
|
||||
ipv4_address: 10.0.1.3
|
||||
|
||||
bhsm:
|
||||
# To minimize fetching this should be the same version used above
|
||||
image: letsencrypt/boulder-tools:2018-03-07
|
||||
hostname: boulder-hsm
|
||||
environment:
|
||||
PKCS11_DAEMON_SOCKET: tcp://0.0.0.0:5657
|
||||
command: /usr/local/bin/pkcs11-daemon /usr/lib/softhsm/libsofthsm2.so
|
||||
expose:
|
||||
- 5657
|
||||
networks:
|
||||
net:
|
||||
ipv4_address: 10.0.1.4
|
||||
aliases:
|
||||
- boulder-hsm
|
||||
bmysql:
|
||||
image: mariadb:10.1
|
||||
hostname: boulder-mysql
|
||||
environment:
|
||||
MYSQL_ALLOW_EMPTY_PASSWORD: "yes"
|
||||
command: mysqld --bind-address=0.0.0.0
|
||||
logging:
|
||||
driver: none
|
||||
networks:
|
||||
net:
|
||||
ipv4_address: 10.0.1.5
|
||||
aliases:
|
||||
- boulder-mysql
|
||||
|
||||
## TRAEFIK part ##
|
||||
|
||||
storeconfig:
|
||||
build:
|
||||
context: ../..
|
||||
image: containous/traefik
|
||||
volumes:
|
||||
- "./traefik.toml:/traefik.toml:ro"
|
||||
command: storeconfig --debug
|
||||
networks:
|
||||
- net
|
||||
|
||||
traefik01:
|
||||
build:
|
||||
context: ../..
|
||||
image: containous/traefik
|
||||
command: ${TRAEFIK_CMD}
|
||||
extra_hosts:
|
||||
- traefik.boulder.com:172.17.0.1
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
expose:
|
||||
- "443"
|
||||
- "5001"
|
||||
- "5002"
|
||||
ports:
|
||||
- "80:80"
|
||||
- "8080:8080"
|
||||
- "443:443"
|
||||
- "5001:443" # Needed for SNI challenge
|
||||
- "5002:80" # Needed for HTTP challenge
|
||||
networks:
|
||||
net:
|
||||
ipv4_address: 10.0.1.8
|
||||
|
||||
traefik02:
|
||||
build:
|
||||
context: ../..
|
||||
image: containous/traefik
|
||||
command: ${TRAEFIK_CMD}
|
||||
extra_hosts:
|
||||
- traefik.boulder.com:172.17.0.1
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
expose:
|
||||
- "443"
|
||||
- "5001"
|
||||
- "5002"
|
||||
ports:
|
||||
- "88:80"
|
||||
- "8888:8080"
|
||||
- "8443:443"
|
||||
depends_on:
|
||||
- traefik01
|
||||
networks:
|
||||
net:
|
||||
ipv4_address: 10.0.1.9
|
||||
|
||||
whoami01:
|
||||
image: containous/whoami
|
||||
expose:
|
||||
- "80"
|
||||
labels:
|
||||
- "traefik.port=80"
|
||||
- "traefik.backend=wam01"
|
||||
- "traefik.frontend.rule=Host:who01.localhost.com"
|
||||
- "traefik.enable=true"
|
||||
networks:
|
||||
net:
|
||||
ipv4_address: 10.0.1.10
|
||||
|
||||
whoami02:
|
||||
image: containous/whoami
|
||||
expose:
|
||||
- "80"
|
||||
labels:
|
||||
- "traefik.port=80"
|
||||
- "traefik.backend=wam02"
|
||||
- "traefik.frontend.rule=Host:who02.localhost.com"
|
||||
- "traefik.enable=true"
|
||||
networks:
|
||||
- net
|
||||
|
||||
networks:
|
||||
net:
|
||||
driver: bridge
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 10.0.1.0/26
|
@ -1,215 +0,0 @@
|
||||
#! /usr/bin/env bash
|
||||
|
||||
# Initialize variables
|
||||
readonly basedir=$(dirname $0)
|
||||
readonly doc_file=$basedir"/docker-compose.yml"
|
||||
export COMPOSE_PROJECT_NAME="cluster"
|
||||
|
||||
# Stop and remove Docker environment
|
||||
down_environment() {
|
||||
echo "DOWN Docker environment"
|
||||
! docker-compose -f $doc_file down -v &>/dev/null && \
|
||||
echo "[ERROR] Unable to stop the Docker environment" && exit 11
|
||||
return 0
|
||||
}
|
||||
|
||||
# Create and start Docker-compose environment or subpart of its services (if services are listed)
|
||||
# $@ : List of services to start (optional)
|
||||
up_environment() {
|
||||
echo "START Docker environment "$@
|
||||
! docker-compose -f $doc_file up -d $@ &>/dev/null && \
|
||||
echo "[ERROR] Unable to start Docker environment ${@}" && exit 21
|
||||
return 0
|
||||
}
|
||||
|
||||
# Stop and remove Docker environment
|
||||
delete_services() {
|
||||
echo "DELETE services "$@
|
||||
! docker-compose -f $doc_file stop $@ &>/dev/null && \
|
||||
echo "[ERROR] Unable to stop services "$@ && exit 31
|
||||
! docker-compose -f $doc_file rm -vf $@ &>/dev/null && \
|
||||
echo "[ERROR] Unable to delete services "$@ && exit 31
|
||||
return 0
|
||||
}
|
||||
|
||||
start_consul() {
|
||||
up_environment consul
|
||||
waiting_counter=12
|
||||
# Not start Traefik store config if consul is not started
|
||||
echo "WAIT for consul..."
|
||||
sleep 5
|
||||
while [[ -z $(curl -s http://10.0.1.2:8500/v1/status/leader) ]]; do
|
||||
sleep 5
|
||||
let waiting_counter-=1
|
||||
if [[ $waiting_counter -eq 0 ]]; then
|
||||
echo "[ERROR] Unable to start consul container in the allowed time, the Docker environment will be stopped"
|
||||
down_environment
|
||||
exit 41
|
||||
fi
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
start_etcd3() {
|
||||
up_environment etcd3
|
||||
waiting_counter=12
|
||||
# Not start Traefik store config if consul is not started
|
||||
echo "WAIT for ETCD3..."
|
||||
while [[ -z $(curl -s --connect-timeout 2 http://10.0.1.12:2379/version) ]]; do
|
||||
sleep 5
|
||||
let waiting_counter-=1
|
||||
if [[ $waiting_counter -eq 0 ]]; then
|
||||
echo "[ERROR] Unable to start etcd3 container in the allowed time, the Docker environment will be stopped"
|
||||
down_environment
|
||||
exit 51
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
start_storeconfig_consul() {
|
||||
# Create traefik.toml with consul provider
|
||||
cp $basedir/traefik.toml.tmpl $basedir/traefik.toml
|
||||
echo '
|
||||
[consul]
|
||||
endpoint = "10.0.1.2:8500"
|
||||
watch = true
|
||||
prefix = "traefik"' >> $basedir/traefik.toml
|
||||
up_environment storeconfig
|
||||
rm -f $basedir/traefik.toml
|
||||
waiting_counter=5
|
||||
delete_services storeconfig
|
||||
|
||||
}
|
||||
|
||||
start_storeconfig_etcd3() {
|
||||
# Create traefik.toml with consul provider
|
||||
cp $basedir/traefik.toml.tmpl $basedir/traefik.toml
|
||||
echo '
|
||||
[etcd]
|
||||
endpoint = "10.0.1.12:2379"
|
||||
watch = true
|
||||
prefix = "/traefik"' >> $basedir/traefik.toml
|
||||
up_environment storeconfig
|
||||
rm -f $basedir/traefik.toml
|
||||
waiting_counter=5
|
||||
# Don't start Traefik store config if ETCD3 is not started
|
||||
echo "Delete storage file key..."
|
||||
while [[ $(docker-compose -f $doc_file up --exit-code-from etcdctl-ping etcdctl-ping &>/dev/null) -ne 0 && $waiting_counter -gt 0 ]]; do
|
||||
sleep 5
|
||||
let waiting_counter-=1
|
||||
done
|
||||
delete_services storeconfig etcdctl-ping
|
||||
}
|
||||
|
||||
start_traefik() {
|
||||
up_environment traefik01
|
||||
# Waiting for the first instance which is mapped to the host as leader before to start the second one
|
||||
waiting_counter=5
|
||||
echo "WAIT for traefik leader..."
|
||||
sleep 10
|
||||
while [[ -z $(curl -s --connect-timeout 3 http://10.0.1.8:8080/ping) ]]; do
|
||||
sleep 2
|
||||
let waiting_counter-=1
|
||||
if [[ $waiting_counter -eq 0 ]]; then
|
||||
echo "[ERROR] Unable to start Traefik leader container in the allowed time, the Docker environment will be stopped"
|
||||
down_environment
|
||||
exit 51
|
||||
fi
|
||||
done
|
||||
up_environment whoami01
|
||||
waiting_counter=5
|
||||
echo "WAIT for whoami..."
|
||||
sleep 10
|
||||
while [[ -z $(curl -s --connect-timeout 3 http://10.0.1.10) ]]; do
|
||||
sleep 2
|
||||
let waiting_counter-=1
|
||||
if [[ $waiting_counter -eq 0 ]]; then
|
||||
echo "[ERROR] Unable to start whoami container in the allowed time, the Docker environment will be stopped"
|
||||
down_environment
|
||||
exit 52
|
||||
fi
|
||||
done
|
||||
up_environment traefik02 whoami02
|
||||
}
|
||||
|
||||
# Start boulder services
|
||||
start_boulder() {
|
||||
echo "Start boulder environment"
|
||||
up_environment bmysql bhsm boulder
|
||||
waiting_counter=12
|
||||
# Not start Traefik if boulder is not started
|
||||
echo "WAIT for boulder..."
|
||||
while [[ -z $(curl -s http://10.0.1.3:4001/directory) ]]; do
|
||||
sleep 5
|
||||
let waiting_counter-=1
|
||||
if [[ $waiting_counter -eq 0 ]]; then
|
||||
echo "[ERROR] Unable to start boulder container in the allowed time, the Docker environment will be stopped"
|
||||
down_environment
|
||||
exit 61
|
||||
fi
|
||||
done
|
||||
echo "Boulder started."
|
||||
}
|
||||
|
||||
# Script usage
|
||||
show_usage() {
|
||||
echo
|
||||
echo "USAGE : manage_cluster_docker_environment.sh [--start [--consul|--etcd3]|--stop|--restart [--consul|--etcd3]]"
|
||||
echo
|
||||
}
|
||||
|
||||
# Main method
|
||||
# $@ All parameters given
|
||||
main() {
|
||||
|
||||
[[ $# -lt 1 && $# -gt 2 ]] && show_usage && exit 1
|
||||
|
||||
case $1 in
|
||||
"--start")
|
||||
[[ $# -ne 2 ]] && show_usage && exit 2
|
||||
# The domains who01.localhost.com and who02.localhost.com have to refer 127.0.0.1
|
||||
# I, the /etc/hosts file
|
||||
for whoami_idx in "01" "02"; do
|
||||
[[ -z $(cat /etc/hosts | grep "127.0.0.1" | grep -vE "^#" | grep "who${whoami_idx}.localhost.com") ]] && \
|
||||
echo "[ERROR] Domain who${whoami_idx}.localhost.com has to refer to 127.0.0.1 into /etc/hosts file." && \
|
||||
exit 3
|
||||
done
|
||||
case $2 in
|
||||
"--etcd3")
|
||||
echo "USE ETCD V3 AS KV STORE"
|
||||
export TRAEFIK_CMD="--etcd --etcd.endpoint=10.0.1.12:2379"
|
||||
start_boulder && \
|
||||
start_etcd3 && \
|
||||
start_storeconfig_etcd3 && \
|
||||
start_traefik
|
||||
;;
|
||||
"--consul")
|
||||
echo "USE CONSUL AS KV STORE"
|
||||
export TRAEFIK_CMD="--consul --consul.endpoint=10.0.1.2:8500"
|
||||
start_boulder && \
|
||||
start_consul && \
|
||||
start_storeconfig_consul && \
|
||||
start_traefik
|
||||
;;
|
||||
*)
|
||||
show_usage && exit 4
|
||||
;;
|
||||
esac
|
||||
echo "ENVIRONMENT SUCCESSFULLY STARTED"
|
||||
;;
|
||||
"--stop")
|
||||
! down_environment
|
||||
echo "ENVIRONMENT SUCCESSFULLY STOPPED"
|
||||
;;
|
||||
"--restart")
|
||||
[[ $# -ne 2 ]] && show_usage && exit 5
|
||||
down_environment
|
||||
main --start $2
|
||||
;;
|
||||
*)
|
||||
show_usage && exit 6
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
main $@
|
@ -1,26 +0,0 @@
|
||||
logLevel = "DEBUG"
|
||||
|
||||
[entrypoints]
|
||||
[entrypoints.web]
|
||||
address = ":80"
|
||||
[entrypoints.web-secure]
|
||||
address = ":443"
|
||||
[entrypoints.web-secure.tls]
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "traefik/acme/account"
|
||||
entryPoint = "https"
|
||||
onHostRule = true
|
||||
caServer = "http://traefik.boulder.com:4001/directory"
|
||||
[acme.httpChallenge]
|
||||
entryPoint="http"
|
||||
|
||||
|
||||
[api]
|
||||
|
||||
[docker]
|
||||
endpoint = "unix:///var/run/docker.sock"
|
||||
domain = "localhost.com"
|
||||
watch = true
|
||||
exposedByDefault = false
|
@ -1,25 +0,0 @@
|
||||
version: '2'
|
||||
services:
|
||||
consul:
|
||||
image: progrium/consul
|
||||
command: -server -bootstrap -advertise 12.0.0.254 -log-level debug -ui-dir /ui
|
||||
ports:
|
||||
- "8400:8400"
|
||||
- "8500:8500"
|
||||
- "8600:53/udp"
|
||||
expose:
|
||||
- "8300"
|
||||
- "8301"
|
||||
- "8301/udp"
|
||||
- "8302"
|
||||
- "8302/udp"
|
||||
|
||||
registrator:
|
||||
depends_on:
|
||||
- consul
|
||||
image: gliderlabs/registrator:master
|
||||
command: -internal consul://consul:8500
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock
|
||||
links:
|
||||
- consul
|
@ -1,4 +0,0 @@
|
||||
etcd:
|
||||
image: gcr.io/google_containers/etcd:2.2.1
|
||||
net: host
|
||||
command: ['/usr/local/bin/etcd', '--addr=127.0.0.1:2379', '--bind-addr=0.0.0.0:2379', '--data-dir=/var/etcd/data']
|
@ -1,11 +0,0 @@
|
||||
kubelet:
|
||||
image: gcr.io/google_containers/hyperkube-amd64:v1.5.2
|
||||
privileged: true
|
||||
pid: host
|
||||
net : host
|
||||
volumes:
|
||||
- /sys:/sys:rw
|
||||
- /var/lib/docker/:/var/lib/docker:rw
|
||||
- /var/lib/kubelet/:/var/lib/kubelet:rw,shared
|
||||
- /var/run:/var/run:rw
|
||||
command: ['/hyperkube', 'kubelet', '--hostname-override=127.0.0.1', '--api-servers=http://localhost:8080', '--config=/etc/kubernetes/manifests', '--allow-privileged=true', '--v=2', '--cluster-dns=10.0.0.10', '--cluster-domain=cluster.local']
|
@ -1,59 +0,0 @@
|
||||
|
||||
version: '2'
|
||||
services:
|
||||
zookeeper:
|
||||
image: netflixoss/exhibitor:1.5.2
|
||||
hostname: zookeeper
|
||||
ports:
|
||||
- "2181:2181"
|
||||
mesos-master:
|
||||
image: mesosphere/marathon:v1.2.0-RC6
|
||||
hostname: mesos-master
|
||||
entrypoint: [ "mesos-master" ]
|
||||
ports:
|
||||
- "5050:5050"
|
||||
links:
|
||||
- zookeeper
|
||||
environment:
|
||||
- MESOS_CLUSTER=local
|
||||
- MESOS_HOSTNAME=mesos-master.docker
|
||||
- MESOS_LOG_DIR=/var/log
|
||||
- MESOS_WORK_DIR=/var/lib/mesos
|
||||
- MESOS_QUORUM=1
|
||||
- MESOS_ZK=zk://zookeeper:2181/mesos
|
||||
mesos-slave:
|
||||
image: mesosphere/mesos-slave-dind:0.2.4_mesos-0.27.2_docker-1.8.2_ubuntu-14.04.4
|
||||
entrypoint:
|
||||
- mesos-slave
|
||||
privileged: true
|
||||
hostname: mesos-slave
|
||||
ports:
|
||||
- "5051:5051"
|
||||
links:
|
||||
- zookeeper
|
||||
- mesos-master
|
||||
environment:
|
||||
- MESOS_CONTAINERIZERS=docker,mesos
|
||||
- MESOS_ISOLATOR=cgroups/cpu,cgroups/mem
|
||||
- MESOS_LOG_DIR=/var/log
|
||||
- MESOS_MASTER=zk://zookeeper:2181/mesos
|
||||
- MESOS_PORT=5051
|
||||
- MESOS_WORK_DIR=/var/lib/mesos
|
||||
- MESOS_EXECUTOR_REGISTRATION_TIMEOUT=5mins
|
||||
- MESOS_EXECUTOR_SHUTDOWN_GRACE_PERIOD=90secs
|
||||
- MESOS_DOCKER_STOP_TIMEOUT=60secs
|
||||
- MESOS_RESOURCES=cpus:2;mem:2048;disk:20480;ports(*):[12000-12999]
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
marathon:
|
||||
image: mesosphere/marathon:v1.2.0-RC6
|
||||
ports:
|
||||
- "8080:8080"
|
||||
links:
|
||||
- zookeeper
|
||||
- mesos-master
|
||||
extra_hosts:
|
||||
- "mesos-slave:172.17.0.1"
|
||||
environment:
|
||||
- MARATHON_ZK=zk://zookeeper:2181/marathon
|
||||
- MARATHON_MASTER=zk://zookeeper:2181/mesos
|
@ -1,7 +0,0 @@
|
||||
traefik:
|
||||
image: traefik
|
||||
command: --api --rancher --rancher.domain=rancher.localhost --rancher.endpoint=http://example.com --rancher.accesskey=XXXXXXX --rancher.secretkey=YYYYYY --logLevel=DEBUG
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
- "8080:8080"
|
@ -1,20 +0,0 @@
|
||||
traefik:
|
||||
image: traefik
|
||||
command: -c /dev/null --api --docker --docker.domain=docker.localhost --logLevel=DEBUG
|
||||
ports:
|
||||
- "80:80"
|
||||
- "8080:8080"
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
|
||||
whoami1:
|
||||
image: containous/whoami
|
||||
labels:
|
||||
- "traefik.backend=whoami"
|
||||
- "traefik.frontend.rule=Host:whoami.docker.localhost"
|
||||
|
||||
whoami2:
|
||||
image: containous/whoami
|
||||
labels:
|
||||
- "traefik.backend=whoami"
|
||||
- "traefik.frontend.rule=Host:whoami.docker.localhost"
|
@ -1,36 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# backend 1
|
||||
curl -i -H "Accept: application/json" -X PUT -d "NetworkErrorRatio() > 0.5" http://localhost:8500/v1/kv/traefik/backends/backend1/circuitbreaker/expression
|
||||
curl -i -H "Accept: application/json" -X PUT -d "http://172.17.0.2:80" http://localhost:8500/v1/kv/traefik/backends/backend1/servers/server1/url
|
||||
curl -i -H "Accept: application/json" -X PUT -d "10" http://localhost:8500/v1/kv/traefik/backends/backend1/servers/server1/weight
|
||||
curl -i -H "Accept: application/json" -X PUT -d "http://172.17.0.3:80" http://localhost:8500/v1/kv/traefik/backends/backend1/servers/server2/url
|
||||
curl -i -H "Accept: application/json" -X PUT -d "1" http://localhost:8500/v1/kv/traefik/backends/backend1/servers/server2/weight
|
||||
|
||||
# backend 2
|
||||
curl -i -H "Accept: application/json" -X PUT -d "drr" http://localhost:8500/v1/kv/traefik/backends/backend2/loadbalancer/method
|
||||
curl -i -H "Accept: application/json" -X PUT -d "http://172.17.0.4:80" http://localhost:8500/v1/kv/traefik/backends/backend2/servers/server1/url
|
||||
curl -i -H "Accept: application/json" -X PUT -d "1" http://localhost:8500/v1/kv/traefik/backends/backend2/servers/server1/weight
|
||||
curl -i -H "Accept: application/json" -X PUT -d "http://172.17.0.5:80" http://localhost:8500/v1/kv/traefik/backends/backend2/servers/server2/url
|
||||
curl -i -H "Accept: application/json" -X PUT -d "2" http://localhost:8500/v1/kv/traefik/backends/backend2/servers/server2/weight
|
||||
|
||||
# frontend 1
|
||||
curl -i -H "Accept: application/json" -X PUT -d "backend2" http://localhost:8500/v1/kv/traefik/frontends/frontend1/backend
|
||||
curl -i -H "Accept: application/json" -X PUT -d "http" http://localhost:8500/v1/kv/traefik/frontends/frontend1/entrypoints
|
||||
curl -i -H "Accept: application/json" -X PUT -d "Host:test.localhost" http://localhost:8500/v1/kv/traefik/frontends/frontend1/routes/test_1/rule
|
||||
|
||||
# frontend 2
|
||||
curl -i -H "Accept: application/json" -X PUT -d "backend1" http://localhost:8500/v1/kv/traefik/frontends/frontend2/backend
|
||||
curl -i -H "Accept: application/json" -X PUT -d "http" http://localhost:8500/v1/kv/traefik/frontends/frontend2/entrypoints
|
||||
curl -i -H "Accept: application/json" -X PUT -d "Path:/test" http://localhost:8500/v1/kv/traefik/frontends/frontend2/routes/test_2/rule
|
||||
|
||||
|
||||
# certificate 1
|
||||
curl -i -H "Accept: application/json" -X PUT -d "https" http://localhost:8500/v1/kv/traefik/tls/pair1/entrypoints
|
||||
curl -i -H "Accept: application/json" -X PUT -d "/tmp/test1.crt" http://localhost:8500/v1/kv/traefik/tls/pair1/certificate/certfile
|
||||
curl -i -H "Accept: application/json" -X PUT -d "/tmp/test1.key" http://localhost:8500/v1/kv/traefik/tls/pair1/certificate/keyfile
|
||||
|
||||
# certificate 2
|
||||
curl -i -H "Accept: application/json" -X PUT -d "http,https" http://localhost:8500/v1/kv/traefik/tls/pair2/entrypoints
|
||||
curl -i -H "Accept: application/json" -X PUT -d "/tmp/test2.crt" http://localhost:8500/v1/kv/traefik/tls/pair2/certificate/certfile
|
||||
curl -i -H "Accept: application/json" -X PUT -d "/tmp/test2.key" http://localhost:8500/v1/kv/traefik/tls/pair2/certificate/keyfile
|
@ -1,115 +0,0 @@
|
||||
#! /usr/bin/env bash
|
||||
|
||||
#
|
||||
# Insert data in ETCD V3
|
||||
function insert_etcd2_data() {
|
||||
# backend 1
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="NetworkErrorRatio() > 0.5" http://localhost:2379/v2/keys/traefik/backends/backend1/circuitbreaker/expression
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="http://172.17.0.2:80" http://localhost:2379/v2/keys/traefik/backends/backend1/servers/server1/url
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="10" http://localhost:2379/v2/keys/traefik/backends/backend1/servers/server1/weight
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="http://172.17.0.3:80" http://localhost:2379/v2/keys/traefik/backends/backend1/servers/server2/url
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="1" http://localhost:2379/v2/keys/traefik/backends/backend1/servers/server2/weight
|
||||
|
||||
# backend 2
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="drr" http://localhost:2379/v2/keys/traefik/backends/backend2/loadbalancer/method
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="http://172.17.0.4:80" http://localhost:2379/v2/keys/traefik/backends/backend2/servers/server1/url
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="1" http://localhost:2379/v2/keys/traefik/backends/backend2/servers/server1/weight
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="http://172.17.0.5:80" http://localhost:2379/v2/keys/traefik/backends/backend2/servers/server2/url
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="2" http://localhost:2379/v2/keys/traefik/backends/backend2/servers/server2/weight
|
||||
|
||||
# frontend 1
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="backend2" http://localhost:2379/v2/keys/traefik/frontends/frontend1/backend
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="http" http://localhost:2379/v2/keys/traefik/frontends/frontend1/entrypoints
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="Host:test.localhost" http://localhost:2379/v2/keys/traefik/frontends/frontend1/routes/test_1/rule
|
||||
|
||||
# frontend 2
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="backend1" http://localhost:2379/v2/keys/traefik/frontends/frontend2/backend
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="http" http://localhost:2379/v2/keys/traefik/frontends/frontend2/entrypoints
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="Path:/test" http://localhost:2379/v2/keys/traefik/frontends/frontend2/routes/test_2/rule
|
||||
|
||||
# certificate 1
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="https" http://localhost:2379/v2/keys/traefik/tls/pair1/entrypoints
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="/tmp/test1.crt" http://localhost:2379/v2/keys/traefik/tls/pair1/certificate/certfile
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="/tmp/test1.key" http://localhost:2379/v2/keys/traefik/tls/pair1/certificate/keyfile
|
||||
|
||||
# certificate 2
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="http,https" http://localhost:2379/v2/keys/traefik/tls/pair2/entrypoints
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="/tmp/test2.crt" http://localhost:2379/v2/keys/traefik/tls/pair2/certificate/certfile
|
||||
curl -i -H "Accept: application/json" -X PUT -d value="/tmp/test2.key" http://localhost:2379/v2/keys/traefik/tls/pair2/certificate/keyfile
|
||||
}
|
||||
|
||||
#
|
||||
# Insert data in ETCD V3
|
||||
# $1 = ECTD IP address
|
||||
# Note : This function allows adding data in a ETCD V3 which is directly installed on a host
|
||||
# or in container which binds its port 2379 on a host in the way to allows etcd_client container to access it.
|
||||
function insert_etcd3_data() {
|
||||
|
||||
readonly etcd_ip=$1
|
||||
# backend 1
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/backends/backend1/circuitbreaker/expression" "NetworkErrorRatio() > 0.5"
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/backends/backend1/servers/server1/url" "http://172.17.0.2:80"
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/backends/backend1/servers/server1/weight" "10"
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/backends/backend1/servers/server2/url" "http://172.17.0.3:80"
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/backends/backend1/servers/server2/weight" "1"
|
||||
|
||||
# backend 2
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/backends/backend2/loadbalancer/method" "drr"
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/backends/backend2/servers/server1/url" "http://172.17.0.4:80"
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/backends/backend2/servers/server1/weight" "1"
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/backends/backend2/servers/server2/url" "http://172.17.0.5:80"
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/backends/backend2/servers/server2/weight" "2"
|
||||
|
||||
# frontend 1
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/frontends/frontend1/backend" "backend2"
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik//frontends/frontend1/entrypoints" "http"
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/frontends/frontend1/routes/test_1/rule" "Host:test.localhost"
|
||||
|
||||
# frontend 2
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/frontends/frontend2/backend" "backend1"
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/frontends/frontend2/entrypoints" "http"
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/frontends/frontend2/routes/test_2/rule" "Path:/test"
|
||||
|
||||
# certificate 1
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/tls/pair1/entrypoints" "https"
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/tls/pair1/certificate/certfile" "/tmp/test1.crt"
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/tls/pair1/certificate/keyfile" "/tmp/test1.key"
|
||||
|
||||
# certificate 2
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/tls/pair2/entrypoints" "https"
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/tls/pair2/certificate/certfile" "/tmp/test2.crt"
|
||||
docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/tls/pair2/certificate/keyfile" "/tmp/test2.key"
|
||||
}
|
||||
|
||||
function show_usage() {
|
||||
echo "USAGE : etcd-config.sh ETCD_API_VERSION [ETCD_IP_ADDRESS]"
|
||||
echo " ETCD_API_VERSION : Values V2 or V3 (V3 requires ETCD_IP_ADDRESS)"
|
||||
echo " ETCD_IP_ADDRESS : Host ETCD IP address (not 127.0.0.1)"
|
||||
}
|
||||
|
||||
function main() {
|
||||
case $# in
|
||||
1)
|
||||
if [[ $1 == "V2" ]]; then
|
||||
insert_etcd2_data
|
||||
else
|
||||
show_usage
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
2)
|
||||
if [[ $1 == "V3" && $2 != "127.0.0.1" && ! -z $(echo $2 | grep -oE "([0-9]+(\.)?){4}") ]]; then
|
||||
insert_etcd3_data $2
|
||||
else
|
||||
show_usage
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
show_usage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
main $@
|
@ -1,6 +0,0 @@
|
||||
kind: Namespace
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: kube-system
|
||||
labels:
|
||||
name: kube-system
|
@ -1,8 +0,0 @@
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: cheese-default
|
||||
spec:
|
||||
backend:
|
||||
serviceName: stilton
|
||||
servicePort: 80
|
@ -1,99 +0,0 @@
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: extensions/v1beta1
|
||||
metadata:
|
||||
name: stilton
|
||||
labels:
|
||||
app: cheese
|
||||
cheese: stilton
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: cheese
|
||||
task: stilton
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: cheese
|
||||
task: stilton
|
||||
version: v0.0.1
|
||||
spec:
|
||||
containers:
|
||||
- name: cheese
|
||||
image: errm/cheese:stilton
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 50Mi
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 50Mi
|
||||
ports:
|
||||
- containerPort: 80
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: extensions/v1beta1
|
||||
metadata:
|
||||
name: cheddar
|
||||
labels:
|
||||
app: cheese
|
||||
cheese: cheddar
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: cheese
|
||||
task: cheddar
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: cheese
|
||||
task: cheddar
|
||||
version: v0.0.1
|
||||
spec:
|
||||
containers:
|
||||
- name: cheese
|
||||
image: errm/cheese:cheddar
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 50Mi
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 50Mi
|
||||
ports:
|
||||
- containerPort: 80
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: extensions/v1beta1
|
||||
metadata:
|
||||
name: wensleydale
|
||||
labels:
|
||||
app: cheese
|
||||
cheese: wensleydale
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: cheese
|
||||
task: wensleydale
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: cheese
|
||||
task: wensleydale
|
||||
version: v0.0.1
|
||||
spec:
|
||||
containers:
|
||||
- name: cheese
|
||||
image: errm/cheese:wensleydale
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 50Mi
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 50Mi
|
||||
ports:
|
||||
- containerPort: 80
|
@ -1,27 +0,0 @@
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: cheese
|
||||
spec:
|
||||
rules:
|
||||
- host: stilton.minikube
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
backend:
|
||||
serviceName: stilton
|
||||
servicePort: http
|
||||
- host: cheddar.minikube
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
backend:
|
||||
serviceName: cheddar
|
||||
servicePort: http
|
||||
- host: wensleydale.minikube
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
backend:
|
||||
serviceName: wensleydale
|
||||
servicePort: http
|
@ -1,39 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: stilton
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
targetPort: 80
|
||||
port: 80
|
||||
selector:
|
||||
app: cheese
|
||||
task: stilton
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: cheddar
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
targetPort: 80
|
||||
port: 80
|
||||
selector:
|
||||
app: cheese
|
||||
task: cheddar
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: wensleydale
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
targetPort: 80
|
||||
port: 80
|
||||
selector:
|
||||
app: cheese
|
||||
task: wensleydale
|
@ -1,23 +0,0 @@
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: cheeses
|
||||
annotations:
|
||||
traefik.frontend.rule.type: PathPrefixStrip
|
||||
spec:
|
||||
rules:
|
||||
- host: cheeses.minikube
|
||||
http:
|
||||
paths:
|
||||
- path: /stilton
|
||||
backend:
|
||||
serviceName: stilton
|
||||
servicePort: http
|
||||
- path: /cheddar
|
||||
backend:
|
||||
serviceName: cheddar
|
||||
servicePort: http
|
||||
- path: /wensleydale
|
||||
backend:
|
||||
serviceName: wensleydale
|
||||
servicePort: http
|
@ -1,56 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: traefik-ingress-controller
|
||||
namespace: kube-system
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: extensions/v1beta1
|
||||
metadata:
|
||||
name: traefik-ingress-controller
|
||||
namespace: kube-system
|
||||
labels:
|
||||
k8s-app: traefik-ingress-lb
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: traefik-ingress-lb
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: traefik-ingress-lb
|
||||
name: traefik-ingress-lb
|
||||
spec:
|
||||
serviceAccountName: traefik-ingress-controller
|
||||
terminationGracePeriodSeconds: 60
|
||||
containers:
|
||||
- image: traefik
|
||||
name: traefik-ingress-lb
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
- name: admin
|
||||
containerPort: 8080
|
||||
args:
|
||||
- --api
|
||||
- --kubernetes
|
||||
- --logLevel=INFO
|
||||
---
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: traefik-ingress-service
|
||||
namespace: kube-system
|
||||
spec:
|
||||
selector:
|
||||
k8s-app: traefik-ingress-lb
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
name: web
|
||||
- protocol: TCP
|
||||
port: 8080
|
||||
name: admin
|
||||
type: NodePort
|
@ -1,59 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: traefik-ingress-controller
|
||||
namespace: kube-system
|
||||
---
|
||||
kind: DaemonSet
|
||||
apiVersion: extensions/v1beta1
|
||||
metadata:
|
||||
name: traefik-ingress-controller
|
||||
namespace: kube-system
|
||||
labels:
|
||||
k8s-app: traefik-ingress-lb
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: traefik-ingress-lb
|
||||
name: traefik-ingress-lb
|
||||
spec:
|
||||
serviceAccountName: traefik-ingress-controller
|
||||
terminationGracePeriodSeconds: 60
|
||||
containers:
|
||||
- image: traefik
|
||||
name: traefik-ingress-lb
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
hostPort: 80
|
||||
- name: admin
|
||||
containerPort: 8080
|
||||
hostPort: 8080
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
add:
|
||||
- NET_BIND_SERVICE
|
||||
args:
|
||||
- --api
|
||||
- --kubernetes
|
||||
- --logLevel=INFO
|
||||
---
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: traefik-ingress-service
|
||||
namespace: kube-system
|
||||
spec:
|
||||
selector:
|
||||
k8s-app: traefik-ingress-lb
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
name: web
|
||||
- protocol: TCP
|
||||
port: 8080
|
||||
name: admin
|
@ -1,43 +0,0 @@
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: traefik-ingress-controller
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
- endpoints
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
resources:
|
||||
- ingresses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
resources:
|
||||
- ingresses/status
|
||||
verbs:
|
||||
- update
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: traefik-ingress-controller
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: traefik-ingress-controller
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: traefik-ingress-controller
|
||||
namespace: kube-system
|
@ -1,28 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: traefik-web-ui
|
||||
namespace: kube-system
|
||||
spec:
|
||||
selector:
|
||||
k8s-app: traefik-ingress-lb
|
||||
ports:
|
||||
- name: web
|
||||
port: 80
|
||||
targetPort: 8080
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: traefik-web-ui
|
||||
namespace: kube-system
|
||||
spec:
|
||||
rules:
|
||||
- host: traefik-ui.minikube
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
backend:
|
||||
serviceName: traefik-web-ui
|
||||
servicePort: web
|
@ -1,107 +0,0 @@
|
||||
## The Traefik Quickstart (Using Docker)
|
||||
|
||||
In this quickstart, we'll use [Docker compose](https://docs.docker.com/compose) to create our demo infrastructure.
|
||||
|
||||
To save some time, you can clone [Traefik's repository](https://github.com/containous/traefik) and use the quickstart files located in the [examples/quickstart](https://github.com/containous/traefik/tree/master/examples/quickstart/) directory.
|
||||
|
||||
### 1 — Launch Traefik — Tell It to Listen to Docker
|
||||
|
||||
Create a `docker-compose.yml` file where you will define a `reverse-proxy` service that uses the official Traefik image:
|
||||
|
||||
```yaml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
reverse-proxy:
|
||||
image: traefik # The official Traefik docker image
|
||||
command: --api --docker # Enables the web UI and tells Traefik to listen to docker
|
||||
ports:
|
||||
- "80:80" # The HTTP port
|
||||
- "8080:8080" # The Web UI (enabled by --api)
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock #So that Traefik can listen to the Docker events
|
||||
```
|
||||
|
||||
**That's it. Now you can launch Traefik!**
|
||||
|
||||
Start your `reverse-proxy` with the following command:
|
||||
|
||||
```shell
|
||||
docker-compose up -d reverse-proxy
|
||||
```
|
||||
|
||||
You can open a browser and go to [http://localhost:8080](http://localhost:8080) to see Traefik's dashboard (we'll go back there once we have launched a service in step 2).
|
||||
|
||||
### 2 — Launch a Service — Traefik Detects It and Creates a Route for You
|
||||
|
||||
Now that we have a Traefik instance up and running, we will deploy new services.
|
||||
|
||||
Edit your `docker-compose.yml` file and add the following at the end of your file.
|
||||
|
||||
```yaml
|
||||
# ...
|
||||
whoami:
|
||||
image: containous/whoami # A container that exposes an API to show its IP address
|
||||
labels:
|
||||
- "traefik.http.routers.whoami.rule=Host:whoami.docker.localhost"
|
||||
```
|
||||
|
||||
The above defines `whoami`: a simple web service that outputs information about the machine it is deployed on (its IP address, host, and so on).
|
||||
|
||||
Start the `whoami` service with the following command:
|
||||
|
||||
```shell
|
||||
docker-compose up -d whoami
|
||||
```
|
||||
|
||||
Go back to your browser ([http://localhost:8080](http://localhost:8080)) and see that Traefik has automatically detected the new container and updated its own configuration.
|
||||
|
||||
When Traefik detects new services, it creates the corresponding routes so you can call them ... _let's see!_ (Here, we're using curl)
|
||||
|
||||
```shell
|
||||
curl -H Host:whoami.docker.localhost http://127.0.0.1
|
||||
```
|
||||
|
||||
_Shows the following output:_
|
||||
```yaml
|
||||
Hostname: 8656c8ddca6c
|
||||
IP: 172.27.0.3
|
||||
#...
|
||||
```
|
||||
|
||||
### 3 — Launch More Instances — Traefik Load Balances Them
|
||||
|
||||
Run more instances of your `whoami` service with the following command:
|
||||
|
||||
```shell
|
||||
docker-compose up -d --scale whoami=2
|
||||
```
|
||||
|
||||
Go back to your browser ([http://localhost:8080](http://localhost:8080)) and see that Traefik has automatically detected the new instance of the container.
|
||||
|
||||
Finally, see that Traefik load-balances between the two instances of your services by running twice the following command:
|
||||
|
||||
```shell
|
||||
curl -H Host:whoami.docker.localhost http://127.0.0.1
|
||||
```
|
||||
|
||||
The output will show alternatively one of the followings:
|
||||
|
||||
```yaml
|
||||
Hostname: 8656c8ddca6c
|
||||
IP: 172.27.0.3
|
||||
#...
|
||||
```
|
||||
|
||||
```yaml
|
||||
Hostname: 8458f154e1f1
|
||||
IP: 172.27.0.4
|
||||
# ...
|
||||
```
|
||||
|
||||
### 4 — Enjoy Traefik's Magic
|
||||
|
||||
Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it might be time to dive into [the documentation](https://docs.traefik.io/) and let Traefik work for you!
|
||||
Whatever your infrastructure is, there is probably [an available Traefik backend](https://docs.traefik.io/#supported-backends) that will do the job.
|
||||
|
||||
Our recommendation would be to see for yourself how simple it is to enable HTTPS with [Traefik's let's encrypt integration](https://docs.traefik.io/user-guide/examples/#lets-encrypt-support) using the dedicated [user guide](https://docs.traefik.io/user-guide/docker-and-lets-encrypt/).
|
@ -1,18 +0,0 @@
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
# The reverse proxy service (Traefik)
|
||||
reverse-proxy:
|
||||
image: traefik # The official Traefik docker image
|
||||
command: --api --docker # Enables the web UI and tells Traefik to listen to docker
|
||||
ports:
|
||||
- "80:80" # The HTTP port
|
||||
- "8080:8080" # The Web UI (enabled by --api)
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
|
||||
|
||||
# A container that exposes a simple API
|
||||
whoami:
|
||||
image: containous/whoami # A container that exposes an API to show its IP address
|
||||
labels:
|
||||
- "traefik.http.routers.whoami.rule=Host:whoami.docker.localhost"
|
@ -1,19 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDHDCCAgQCCQDODsC1A72mSDANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJG
|
||||
UjELMAkGA1UECAwCTVAxDTALBgNVBAcMBFRsc2UxEzARBgNVBAoMCkNvbnRhaW5v
|
||||
dXMxEDAOBgNVBAsMB1RyYWVmaWswHhcNMTcwODI1MTQxMzU3WhcNMjcwODIzMTQx
|
||||
MzU3WjBQMQswCQYDVQQGEwJGUjELMAkGA1UECAwCTVAxDTALBgNVBAcMBFRsc2Ux
|
||||
EzARBgNVBAoMCkNvbnRhaW5vdXMxEDAOBgNVBAsMB1RyYWVmaWswggEiMA0GCSqG
|
||||
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCacKEL5+AlaArZWyfysY1qbtOWdGj0xwq1
|
||||
tZ6GZ0fb+0uVeKzJxPBulpwhmXiofUncvFOpr1paaQQRRgE71A6PSIzc64a3NGmm
|
||||
dbju3eOdFVm9za37asFTA2Y87v9HSYJyNSeQgdVCbykhHBrHPrP6kfPx8T7uiPRT
|
||||
cYWhL9Ko1IuW2rTjMt2UUmk1IPk2WFMWKM1mopqzrxu/NB+O5wOs7MRO1Z8BtAak
|
||||
bclxCQaaE0TgjChlxVPP0us77rCq3///i9kf1x0PGt/LyseaxzAoKfZ6kM6Uq0yk
|
||||
psWGSxu7sPXmERsN4tZLj7d/J5A2nvnO7h/bhl2FtBAauzsi3LIbAgMBAAEwDQYJ
|
||||
KoZIhvcNAQELBQADggEBACQbp2gcCFbbQE47SwdI7rWDIITylHj0uCXHJfUggkUl
|
||||
F/WHIBUdpVaWVOLSysmG8n6fmWTDZOCVNA1+XMjRZUPwVvr//XHjcFpOKfHW47r2
|
||||
VeMHQYQpZH7QmsjyvxXZOrz/Ft3uA9Dna1N5nHRYflpfasdRmXbNK81IykR93Dfn
|
||||
jV9ecDAQl0ru/YcMmabYx3uoWyTvO57EnbXfiPcwIdKGpykXKTv64vAMtkrJicgX
|
||||
jhh+p7ayKklfxinEL7/GCjfSBip7J4DszvLVoyIzmS7HjVdJkpu9agZLYsSl4tCJ
|
||||
qnh7nkp/Fd0XdTV17FwL/veMlpq9AkillIKjHl6vFL0=
|
||||
-----END CERTIFICATE-----
|
@ -1,27 +0,0 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAmnChC+fgJWgK2Vsn8rGNam7TlnRo9McKtbWehmdH2/tLlXis
|
||||
ycTwbpacIZl4qH1J3LxTqa9aWmkEEUYBO9QOj0iM3OuGtzRppnW47t3jnRVZvc2t
|
||||
+2rBUwNmPO7/R0mCcjUnkIHVQm8pIRwaxz6z+pHz8fE+7oj0U3GFoS/SqNSLltq0
|
||||
4zLdlFJpNSD5NlhTFijNZqKas68bvzQfjucDrOzETtWfAbQGpG3JcQkGmhNE4Iwo
|
||||
ZcVTz9LrO+6wqt///4vZH9cdDxrfy8rHmscwKCn2epDOlKtMpKbFhksbu7D15hEb
|
||||
DeLWS4+3fyeQNp75zu4f24ZdhbQQGrs7ItyyGwIDAQABAoIBAQCYFpBSJC/1Rmdg
|
||||
s0c81iMYjDlsMgll/FmMpmWNoEoA1ZESintGW94WWdU5tWRAMNm7Oe797ISDAmYS
|
||||
CKmQXH1WFzE5IexRoJjmZ4oOGY9cEzmEE/fg3rmxYWieWxIkBr0icTwcL+9u8/9B
|
||||
7uZkDli5SmA8g8HgsBhD0Eizel/vB5DyUtm8VoVYvDkkljYO/PGT/ectclr6JK9g
|
||||
biP4jkA2a3CTb8KeyBTrYbULWCtwZ7H5fmySXIX4QpJmEcx5Af7nYITU0OEK63uV
|
||||
NKCQLDpHyOrDIj+mwjxASBQdUDU7NApCR2MrzmGDRPPCGiEWYao5bCrsNRAoDFuy
|
||||
Ux2H+jnRAoGBAM2nOcjJ7nKmOEUTyB0J9ElJRBoChBJAF3ak/aj4xDYAz/hadQL0
|
||||
OuulOgmYwHjv7Y5Tx6P5ZQgyComa6rKfNZ/mzgm1wMPsKOi5q5T2Zj/0Pt6xih3x
|
||||
+PxonLiIS7221U5xlBZUyW1LLIM4gT7NS9n2pxBuNESotmSwFnPru4OzAoGBAMA/
|
||||
vyXAnOTRi1on8TDItdPDgq13s0I+q+Fj4+KVCEifRiT9P9NRKQNfvRZI39QGmJ+x
|
||||
kGx6VY96SZo5ysm4ElkcKLJ7EcZ38XehG9rar6ZLEAgY4KnA4wDZWmJ1dUm4ZJZI
|
||||
Sj2EFmb30V1FP/qo9TFro5Je6P0m9TjFeLKwF4P5AoGAKIu0x9KQMYh2BaB9zsPc
|
||||
pupMA/jFAzghqCGlZUAOpzsHxcZH1ZpDV5xO0f+Myws6wdngvYJ5GeGL1E93wFnF
|
||||
X85Ihv+PjtEry553prnhtPA5yPwl5/uCBHm3lGZC0JeQfJPGB5UV1XeBwilMyg39
|
||||
y25mx8WChprgwv84ngg3AyMCgYEAlb2RPvCFw9xK9FAEFwFeTrELyd1gLIrwCcBq
|
||||
MYPvTdFxK0JuQkQG8+/QMdlVLaptmoUNftDSb8zKI2w8PV44PFwofsxJDhNCavF7
|
||||
5r1K7vWsaQIni1EH/xNMyT+/uUn8XumzmbKWWGFSG5niuXR8dp/mag2u3+9GNY/p
|
||||
8RQjXNECgYAnA7rQ7UVayRQUL8NKB0jhP/J0UomrJRXYx+J5UP7QIoObXlTbDVSi
|
||||
VTAiSrhPQIFa1s8ghUgCghwq6KJsZoQzrp1fLLlV/HIN+4XXhYVAmOI/k41rCj/0
|
||||
eYTkXlXyFpcaW3h9vVjT1wN9FwbU1kNpFo/PvDLM/SQB7GhFRznDDw==
|
||||
-----END RSA PRIVATE KEY-----
|
@ -1,40 +0,0 @@
|
||||
{
|
||||
"id": "/foo",
|
||||
"groups": [
|
||||
{
|
||||
"id": "/foo/bar",
|
||||
"apps": [
|
||||
{
|
||||
"id": "whoami",
|
||||
"cpus": 0.1,
|
||||
"mem": 64.0,
|
||||
"instances": 3,
|
||||
"container": {
|
||||
"type": "DOCKER",
|
||||
"docker": {
|
||||
"image": "containous/whoami",
|
||||
"network": "BRIDGE",
|
||||
"portMappings": [
|
||||
{
|
||||
"containerPort": 80,
|
||||
"hostPort": 0,
|
||||
"protocol": "tcp"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"healthChecks": [
|
||||
{
|
||||
"protocol": "HTTP",
|
||||
"portIndex": 0,
|
||||
"path": "/",
|
||||
"gracePeriodSeconds": 5,
|
||||
"intervalSeconds": 20,
|
||||
"maxConsecutiveFailures": 3
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -1,32 +0,0 @@
|
||||
{
|
||||
"id": "whoami",
|
||||
"cpus": 0.1,
|
||||
"mem": 64.0,
|
||||
"instances": 3,
|
||||
"container": {
|
||||
"type": "DOCKER",
|
||||
"docker": {
|
||||
"image": "containous/whoami",
|
||||
"network": "BRIDGE",
|
||||
"portMappings": [
|
||||
{ "containerPort": 80, "hostPort": 0, "protocol": "tcp" }
|
||||
]
|
||||
}
|
||||
},
|
||||
"healthChecks": [
|
||||
{
|
||||
"protocol": "HTTP",
|
||||
"portIndex": 0,
|
||||
"path": "/",
|
||||
"gracePeriodSeconds": 5,
|
||||
"intervalSeconds": 20,
|
||||
"maxConsecutiveFailures": 3
|
||||
}
|
||||
],
|
||||
"labels": {
|
||||
"traefik.weight": "1",
|
||||
"traefik.protocol": "http",
|
||||
"traefik.frontend.rule" : "Host:test.marathon.localhost",
|
||||
"traefik.frontend.priority" : "10"
|
||||
}
|
||||
}
|
@ -1,8 +1,5 @@
|
||||
//go:generate rm -vf autogen/gentemplates/gen.go
|
||||
//go:generate rm -vf autogen/genstatic/gen.go
|
||||
//go:generate mkdir -p static
|
||||
//go:generate go-bindata -pkg gentemplates -nometadata -nocompress -o autogen/gentemplates/gen.go ./templates/...
|
||||
//go:generate gofmt -s -w autogen/gentemplates/gen.go
|
||||
//go:generate go-bindata -pkg genstatic -nocompress -o autogen/genstatic/gen.go ./static/...
|
||||
|
||||
package main
|
||||
|
@ -1,3 +1,5 @@
|
||||
// +build ignore
|
||||
|
||||
package consulcatalog
|
||||
|
||||
import (
|
||||
|
@ -1,3 +1,5 @@
|
||||
// +build ignore
|
||||
|
||||
package ecs
|
||||
|
||||
import (
|
||||
|
@ -1,3 +1,5 @@
|
||||
// +build ignore
|
||||
|
||||
package ecs
|
||||
|
||||
import (
|
||||
|
@ -1,3 +1,5 @@
|
||||
// +build ignore
|
||||
|
||||
package mesos
|
||||
|
||||
import (
|
||||
|
@ -1,3 +1,5 @@
|
||||
// +build ignore
|
||||
|
||||
package mesos
|
||||
|
||||
import (
|
||||
|
@ -2,14 +2,12 @@ package provider
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"io/ioutil"
|
||||
"strings"
|
||||
"text/template"
|
||||
"unicode"
|
||||
|
||||
"github.com/BurntSushi/toml"
|
||||
"github.com/Masterminds/sprig"
|
||||
"github.com/containous/traefik/autogen/gentemplates"
|
||||
"github.com/containous/traefik/old/log"
|
||||
"github.com/containous/traefik/old/types"
|
||||
"github.com/containous/traefik/safe"
|
||||
@ -107,24 +105,9 @@ func (p *BaseProvider) DecodeConfiguration(content string) (*types.Configuration
|
||||
return configuration, nil
|
||||
}
|
||||
|
||||
// genTemplate does not do anything anymore because we removed the templates
|
||||
func (p *BaseProvider) getTemplateContent(defaultTemplateFile string) (string, error) {
|
||||
if len(p.Filename) > 0 {
|
||||
buf, err := ioutil.ReadFile(p.Filename)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return string(buf), nil
|
||||
}
|
||||
|
||||
if strings.HasSuffix(defaultTemplateFile, ".tmpl") {
|
||||
buf, err := gentemplates.Asset(defaultTemplateFile)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return string(buf), nil
|
||||
}
|
||||
|
||||
return defaultTemplateFile, nil
|
||||
return "", nil
|
||||
}
|
||||
|
||||
func split(sep, s string) []string {
|
||||
|
@ -1,3 +1,5 @@
|
||||
// +build ignore
|
||||
|
||||
package rancher
|
||||
|
||||
import (
|
||||
|
@ -1,31 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -o errexit
|
||||
set -o pipefail
|
||||
set -o nounset
|
||||
|
||||
SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"; export SCRIPTDIR
|
||||
source "${SCRIPTDIR}/.validate"
|
||||
|
||||
# Iterate over all directories containing templates folders.
|
||||
IFS=$'\n' files=( $(validate_diff --diff-filter=ACMR --name-only -- templates || true) )
|
||||
|
||||
if [[ ${#files[@]} -gt 0 ]]; then
|
||||
echo "checking autogen is up-to-date with templates..."
|
||||
go generate >/dev/null
|
||||
# Let see if the working directory is clean
|
||||
diffs="$(git status --porcelain -- autogen 2>/dev/null)"
|
||||
if [[ "$diffs" ]]; then
|
||||
{
|
||||
echo "The result of 'go generate' differs"
|
||||
echo
|
||||
echo "$diffs"
|
||||
echo
|
||||
echo 'Please do "go generate" to update the `autogen` package.'
|
||||
echo
|
||||
} >&2
|
||||
exit 2
|
||||
fi
|
||||
fi
|
||||
|
||||
echo 'Congratulations! All autogen changes are done the right way.'
|
@ -1,276 +0,0 @@
|
||||
[backends]
|
||||
{{range $service := .Services}}
|
||||
{{ $backendName := getServiceBackendName $service }}
|
||||
|
||||
{{ $circuitBreaker := getCircuitBreaker $service.TraefikLabels }}
|
||||
{{if $circuitBreaker }}
|
||||
[backends."backend-{{ $backendName }}".circuitBreaker]
|
||||
expression = "{{ $circuitBreaker.Expression }}"
|
||||
{{end}}
|
||||
|
||||
{{ $responseForwarding := getResponseForwarding $service.TraefikLabels }}
|
||||
{{if $responseForwarding }}
|
||||
[backends."backend-{{ $backendName }}".responseForwarding]
|
||||
flushInterval = "{{ $responseForwarding.FlushInterval }}"
|
||||
{{end}}
|
||||
|
||||
|
||||
|
||||
{{ $loadBalancer := getLoadBalancer $service.TraefikLabels }}
|
||||
{{if $loadBalancer }}
|
||||
[backends."backend-{{ $backendName }}".loadBalancer]
|
||||
method = "{{ $loadBalancer.Method }}"
|
||||
{{if $loadBalancer.Stickiness }}
|
||||
[backends."backend-{{ $backendName }}".loadBalancer.stickiness]
|
||||
cookieName = "{{ $loadBalancer.Stickiness.CookieName }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $maxConn := getMaxConn $service.TraefikLabels }}
|
||||
{{if $maxConn }}
|
||||
[backends."backend-{{ $backendName }}".maxConn]
|
||||
extractorFunc = "{{ $maxConn.ExtractorFunc }}"
|
||||
amount = {{ $maxConn.Amount }}
|
||||
{{end}}
|
||||
|
||||
{{ $healthCheck := getHealthCheck $service.TraefikLabels }}
|
||||
{{if $healthCheck }}
|
||||
[backends."backend-{{ $backendName }}".healthCheck]
|
||||
scheme = "{{ $healthCheck.Scheme }}"
|
||||
path = "{{ $healthCheck.Path }}"
|
||||
port = {{ $healthCheck.Port }}
|
||||
interval = "{{ $healthCheck.Interval }}"
|
||||
timeout = "{{ $healthCheck.Timeout }}"
|
||||
hostname = "{{ $healthCheck.Hostname }}"
|
||||
{{if $healthCheck.Headers }}
|
||||
[backends."backend-{{ $backendName }}".healthCheck.headers]
|
||||
{{range $k, $v := $healthCheck.Headers }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $buffering := getBuffering $service.TraefikLabels }}
|
||||
{{if $buffering }}
|
||||
[backends."backend-{{ $backendName }}".buffering]
|
||||
maxRequestBodyBytes = {{ $buffering.MaxRequestBodyBytes }}
|
||||
memRequestBodyBytes = {{ $buffering.MemRequestBodyBytes }}
|
||||
maxResponseBodyBytes = {{ $buffering.MaxResponseBodyBytes }}
|
||||
memResponseBodyBytes = {{ $buffering.MemResponseBodyBytes }}
|
||||
retryExpression = "{{ $buffering.RetryExpression }}"
|
||||
{{end}}
|
||||
|
||||
{{end}}
|
||||
{{range $index, $node := .Nodes}}
|
||||
{{ $server := getServer $node }}
|
||||
[backends."backend-{{ getNodeBackendName $node }}".servers."{{ getServerName $node $index }}"]
|
||||
url = "{{ $server.URL }}"
|
||||
weight = {{ $server.Weight }}
|
||||
|
||||
{{end}}
|
||||
|
||||
[frontends]
|
||||
{{range $service := .Services}}
|
||||
|
||||
[frontends."frontend-{{ $service.ServiceName }}"]
|
||||
backend = "backend-{{ getServiceBackendName $service }}"
|
||||
priority = {{ getPriority $service.TraefikLabels }}
|
||||
passHostHeader = {{ getPassHostHeader $service.TraefikLabels }}
|
||||
passTLSCert = {{ getPassTLSCert $service.TraefikLabels }}
|
||||
|
||||
entryPoints = [{{range getFrontEndEntryPoints $service.TraefikLabels }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
|
||||
{{ $tlsClientCert := getPassTLSClientCert $service.TraefikLabels }}
|
||||
{{if $tlsClientCert }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".passTLSClientCert]
|
||||
pem = {{ $tlsClientCert.PEM }}
|
||||
{{ $infos := $tlsClientCert.Infos }}
|
||||
{{if $infos }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".passTLSClientCert.infos]
|
||||
notAfter = {{ $infos.NotAfter }}
|
||||
notBefore = {{ $infos.NotBefore }}
|
||||
sans = {{ $infos.Sans }}
|
||||
{{ $subject := $infos.Subject }}
|
||||
{{if $subject }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".passTLSClientCert.infos.subject]
|
||||
country = {{ $subject.Country }}
|
||||
province = {{ $subject.Province }}
|
||||
locality = {{ $subject.Locality }}
|
||||
organization = {{ $subject.Organization }}
|
||||
commonName = {{ $subject.CommonName }}
|
||||
serialNumber = {{ $subject.SerialNumber }}
|
||||
domainComponent = {{ $subject.DomainComponent }}
|
||||
{{end}}
|
||||
{{ $issuer := $infos.Subject }}
|
||||
{{if $issuer }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".passTLSClientCert.infos.issuer]
|
||||
country = {{ $issuer.Country }}
|
||||
province = {{ $issuer.Province }}
|
||||
locality = {{ $issuer.Locality }}
|
||||
organization = {{ $issuer.Organization }}
|
||||
commonName = {{ $issuer.CommonName }}
|
||||
serialNumber = {{ $issuer.SerialNumber }}
|
||||
domainComponent = {{ $issuer.DomainComponent }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $auth := getAuth $service.TraefikLabels }}
|
||||
{{if $auth }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".auth]
|
||||
headerField = "{{ $auth.HeaderField }}"
|
||||
|
||||
{{if $auth.Forward }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".auth.forward]
|
||||
address = "{{ $auth.Forward.Address }}"
|
||||
trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }}
|
||||
{{if $auth.Forward.AuthResponseHeaders }}
|
||||
authResponseHeaders = [{{range $auth.Forward.AuthResponseHeaders }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Forward.TLS }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".auth.forward.tls]
|
||||
ca = "{{ $auth.Forward.TLS.CA }}"
|
||||
caOptional = {{ $auth.Forward.TLS.CAOptional }}
|
||||
cert = """{{ $auth.Forward.TLS.Cert }}"""
|
||||
key = """{{ $auth.Forward.TLS.Key }}"""
|
||||
insecureSkipVerify = {{ $auth.Forward.TLS.InsecureSkipVerify }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Basic }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".auth.basic]
|
||||
removeHeader = {{ $auth.Basic.RemoveHeader }}
|
||||
{{if $auth.Basic.Users }}
|
||||
users = [{{range $auth.Basic.Users }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
usersFile = "{{ $auth.Basic.UsersFile }}"
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Digest }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".auth.digest]
|
||||
removeHeader = {{ $auth.Digest.RemoveHeader }}
|
||||
{{if $auth.Digest.Users }}
|
||||
users = [{{range $auth.Digest.Users }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
usersFile = "{{ $auth.Digest.UsersFile }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $whitelist := getWhiteList $service.TraefikLabels }}
|
||||
{{if $whitelist }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".whiteList]
|
||||
sourceRange = [{{range $whitelist.SourceRange }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{if $whitelist.IPStrategy }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".whiteList.IPStrategy]
|
||||
depth = {{ $whitelist.IPStrategy.Depth }}
|
||||
excludedIPs = [{{range $whitelist.IPStrategy.ExcludedIPs }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $redirect := getRedirect $service.TraefikLabels }}
|
||||
{{if $redirect }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".redirect]
|
||||
entryPoint = "{{ $redirect.EntryPoint }}"
|
||||
regex = "{{ $redirect.Regex }}"
|
||||
replacement = "{{ $redirect.Replacement }}"
|
||||
permanent = {{ $redirect.Permanent }}
|
||||
{{end}}
|
||||
|
||||
{{ $errorPages := getErrorPages $service.TraefikLabels }}
|
||||
{{if $errorPages }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".errors]
|
||||
{{range $pageName, $page := $errorPages }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".errors."{{ $pageName }}"]
|
||||
status = [{{range $page.Status }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
backend = "backend-{{ $page.Backend }}"
|
||||
query = "{{ $page.Query }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $rateLimit := getRateLimit $service.TraefikLabels }}
|
||||
{{if $rateLimit }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".rateLimit]
|
||||
extractorFunc = "{{ $rateLimit.ExtractorFunc }}"
|
||||
[frontends."frontend-{{ $service.ServiceName }}".rateLimit.rateSet]
|
||||
{{ range $limitName, $limit := $rateLimit.RateSet }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".rateLimit.rateSet."{{ $limitName }}"]
|
||||
period = "{{ $limit.Period }}"
|
||||
average = {{ $limit.Average }}
|
||||
burst = {{ $limit.Burst }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $headers := getHeaders $service.TraefikLabels }}
|
||||
{{if $headers }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".headers]
|
||||
SSLRedirect = {{ $headers.SSLRedirect }}
|
||||
SSLTemporaryRedirect = {{ $headers.SSLTemporaryRedirect }}
|
||||
SSLHost = "{{ $headers.SSLHost }}"
|
||||
SSLForceHost = {{ $headers.SSLForceHost }}
|
||||
STSSeconds = {{ $headers.STSSeconds }}
|
||||
STSIncludeSubdomains = {{ $headers.STSIncludeSubdomains }}
|
||||
STSPreload = {{ $headers.STSPreload }}
|
||||
ForceSTSHeader = {{ $headers.ForceSTSHeader }}
|
||||
FrameDeny = {{ $headers.FrameDeny }}
|
||||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
IsDevelopment = {{ $headers.IsDevelopment }}
|
||||
|
||||
{{if $headers.AllowedHosts }}
|
||||
AllowedHosts = [{{range $headers.AllowedHosts }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $headers.HostsProxyHeaders }}
|
||||
HostsProxyHeaders = [{{range $headers.HostsProxyHeaders }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $headers.CustomRequestHeaders }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".headers.customRequestHeaders]
|
||||
{{range $k, $v := $headers.CustomRequestHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $headers.CustomResponseHeaders }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".headers.customResponseHeaders]
|
||||
{{range $k, $v := $headers.CustomResponseHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $headers.SSLProxyHeaders }}
|
||||
[frontends."frontend-{{ $service.ServiceName }}".headers.SSLProxyHeaders]
|
||||
{{range $k, $v := $headers.SSLProxyHeaders}}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
[frontends."frontend-{{ $service.ServiceName }}".routes."route-host-{{ $service.ServiceName }}"]
|
||||
rule = "{{ getFrontendRule $service }}"
|
||||
|
||||
{{end}}
|
@ -1,277 +0,0 @@
|
||||
{{$backendServers := .Servers}}
|
||||
[backends]
|
||||
{{range $backendName, $servers := .Servers}}
|
||||
{{ $backend := index $servers 0 }}
|
||||
|
||||
{{ $circuitBreaker := getCircuitBreaker $backend.SegmentLabels }}
|
||||
{{if $circuitBreaker }}
|
||||
[backends."backend-{{ $backendName }}".circuitBreaker]
|
||||
expression = "{{ $circuitBreaker.Expression }}"
|
||||
{{end}}
|
||||
|
||||
{{ $responseForwarding := getResponseForwarding $backend.SegmentLabels }}
|
||||
{{if $responseForwarding }}
|
||||
[backends."backend-{{ $backendName }}".responseForwarding]
|
||||
flushInterval = "{{ $responseForwarding.FlushInterval }}"
|
||||
{{end}}
|
||||
|
||||
{{ $loadBalancer := getLoadBalancer $backend.SegmentLabels }}
|
||||
{{if $loadBalancer }}
|
||||
[backends."backend-{{ $backendName }}".loadBalancer]
|
||||
method = "{{ $loadBalancer.Method }}"
|
||||
{{if $loadBalancer.Stickiness }}
|
||||
[backends."backend-{{ $backendName }}".loadBalancer.stickiness]
|
||||
cookieName = "{{ $loadBalancer.Stickiness.CookieName }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $maxConn := getMaxConn $backend.SegmentLabels }}
|
||||
{{if $maxConn }}
|
||||
[backends."backend-{{ $backendName }}".maxConn]
|
||||
extractorFunc = "{{ $maxConn.ExtractorFunc }}"
|
||||
amount = {{ $maxConn.Amount }}
|
||||
{{end}}
|
||||
|
||||
{{ $healthCheck := getHealthCheck $backend.SegmentLabels }}
|
||||
{{if $healthCheck }}
|
||||
[backends."backend-{{ $backendName }}".healthCheck]
|
||||
scheme = "{{ $healthCheck.Scheme }}"
|
||||
path = "{{ $healthCheck.Path }}"
|
||||
port = {{ $healthCheck.Port }}
|
||||
interval = "{{ $healthCheck.Interval }}"
|
||||
timeout = "{{ $healthCheck.Timeout }}"
|
||||
hostname = "{{ $healthCheck.Hostname }}"
|
||||
{{if $healthCheck.Headers }}
|
||||
[backends."backend-{{ $backendName }}".healthCheck.headers]
|
||||
{{range $k, $v := $healthCheck.Headers }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $buffering := getBuffering $backend.SegmentLabels }}
|
||||
{{if $buffering }}
|
||||
[backends."backend-{{ $backendName }}".buffering]
|
||||
maxRequestBodyBytes = {{ $buffering.MaxRequestBodyBytes }}
|
||||
memRequestBodyBytes = {{ $buffering.MemRequestBodyBytes }}
|
||||
maxResponseBodyBytes = {{ $buffering.MaxResponseBodyBytes }}
|
||||
memResponseBodyBytes = {{ $buffering.MemResponseBodyBytes }}
|
||||
retryExpression = "{{ $buffering.RetryExpression }}"
|
||||
{{end}}
|
||||
|
||||
{{range $serverName, $server := getServers $servers }}
|
||||
[backends."backend-{{ $backendName }}".servers."{{ $serverName }}"]
|
||||
url = "{{ $server.URL }}"
|
||||
weight = {{ $server.Weight }}
|
||||
{{end}}
|
||||
|
||||
{{end}}
|
||||
|
||||
[frontends]
|
||||
{{range $frontendName, $containers := .Frontends }}
|
||||
{{ $container := index $containers 0 }}
|
||||
|
||||
[frontends."frontend-{{ $frontendName }}"]
|
||||
backend = "backend-{{ getBackendName $container }}"
|
||||
priority = {{ getPriority $container.SegmentLabels }}
|
||||
passHostHeader = {{ getPassHostHeader $container.SegmentLabels }}
|
||||
passTLSCert = {{ getPassTLSCert $container.SegmentLabels }}
|
||||
|
||||
entryPoints = [{{range getEntryPoints $container.SegmentLabels }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
|
||||
{{ $tlsClientCert := getPassTLSClientCert $container.SegmentLabels }}
|
||||
{{if $tlsClientCert }}
|
||||
[frontends."frontend-{{ $frontendName }}".passTLSClientCert]
|
||||
pem = {{ $tlsClientCert.PEM }}
|
||||
{{ $infos := $tlsClientCert.Infos }}
|
||||
{{if $infos }}
|
||||
[frontends."frontend-{{ $frontendName }}".passTLSClientCert.infos]
|
||||
notAfter = {{ $infos.NotAfter }}
|
||||
notBefore = {{ $infos.NotBefore }}
|
||||
sans = {{ $infos.Sans }}
|
||||
{{ $subject := $infos.Subject }}
|
||||
{{if $subject }}
|
||||
[frontends."frontend-{{ $frontendName }}".passTLSClientCert.infos.subject]
|
||||
country = {{ $subject.Country }}
|
||||
province = {{ $subject.Province }}
|
||||
locality = {{ $subject.Locality }}
|
||||
organization = {{ $subject.Organization }}
|
||||
commonName = {{ $subject.CommonName }}
|
||||
serialNumber = {{ $subject.SerialNumber }}
|
||||
domainComponent = {{ $subject.DomainComponent }}
|
||||
{{end}}
|
||||
{{ $issuer := $infos.Issuer }}
|
||||
{{if $issuer }}
|
||||
[frontends."frontend-{{ $frontendName }}".passTLSClientCert.infos.issuer]
|
||||
country = {{ $issuer.Country }}
|
||||
province = {{ $issuer.Province }}
|
||||
locality = {{ $issuer.Locality }}
|
||||
organization = {{ $issuer.Organization }}
|
||||
commonName = {{ $issuer.CommonName }}
|
||||
serialNumber = {{ $issuer.SerialNumber }}
|
||||
domainComponent = {{ $issuer.DomainComponent }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $auth := getAuth $container.SegmentLabels }}
|
||||
{{if $auth }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth]
|
||||
headerField = "{{ $auth.HeaderField }}"
|
||||
|
||||
{{if $auth.Forward }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth.forward]
|
||||
address = "{{ $auth.Forward.Address }}"
|
||||
trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }}
|
||||
{{if $auth.Forward.AuthResponseHeaders }}
|
||||
authResponseHeaders = [{{range $auth.Forward.AuthResponseHeaders }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Forward.TLS }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth.forward.tls]
|
||||
ca = "{{ $auth.Forward.TLS.CA }}"
|
||||
caOptional = {{ $auth.Forward.TLS.CAOptional }}
|
||||
cert = """{{ $auth.Forward.TLS.Cert }}"""
|
||||
key = """{{ $auth.Forward.TLS.Key }}"""
|
||||
insecureSkipVerify = {{ $auth.Forward.TLS.InsecureSkipVerify }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Basic }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth.basic]
|
||||
realm = "{{ $auth.Basic.Realm }}"
|
||||
removeHeader = {{ $auth.Basic.RemoveHeader }}
|
||||
{{if $auth.Basic.Users }}
|
||||
users = [{{range $auth.Basic.Users }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
usersFile = "{{ $auth.Basic.UsersFile }}"
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Digest }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth.digest]
|
||||
removeHeader = {{ $auth.Digest.RemoveHeader }}
|
||||
{{if $auth.Digest.Users }}
|
||||
users = [{{range $auth.Digest.Users }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
usersFile = "{{ $auth.Digest.UsersFile }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $whitelist := getWhiteList $container.SegmentLabels }}
|
||||
{{if $whitelist }}
|
||||
[frontends."frontend-{{ $frontendName }}".whiteList]
|
||||
sourceRange = [{{range $whitelist.SourceRange }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{if $whitelist.IPStrategy }}
|
||||
[frontends."frontend-{{ $frontendName }}".whiteList.IPStrategy]
|
||||
depth = {{ $whitelist.IPStrategy.Depth }}
|
||||
excludedIPs = [{{range $whitelist.IPStrategy.ExcludedIPs }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $redirect := getRedirect $container.SegmentLabels }}
|
||||
{{if $redirect }}
|
||||
[frontends."frontend-{{ $frontendName }}".redirect]
|
||||
entryPoint = "{{ $redirect.EntryPoint }}"
|
||||
regex = "{{ $redirect.Regex }}"
|
||||
replacement = "{{ $redirect.Replacement }}"
|
||||
permanent = {{ $redirect.Permanent }}
|
||||
{{end}}
|
||||
|
||||
{{ $errorPages := getErrorPages $container.SegmentLabels }}
|
||||
{{if $errorPages }}
|
||||
[frontends."frontend-{{ $frontendName }}".errors]
|
||||
{{range $pageName, $page := $errorPages }}
|
||||
[frontends."frontend-{{ $frontendName }}".errors."{{ $pageName }}"]
|
||||
status = [{{range $page.Status }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
backend = "backend-{{ $page.Backend }}"
|
||||
query = "{{ $page.Query }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $rateLimit := getRateLimit $container.SegmentLabels }}
|
||||
{{if $rateLimit }}
|
||||
[frontends."frontend-{{ $frontendName }}".rateLimit]
|
||||
extractorFunc = "{{ $rateLimit.ExtractorFunc }}"
|
||||
[frontends."frontend-{{ $frontendName }}".rateLimit.rateSet]
|
||||
{{ range $limitName, $limit := $rateLimit.RateSet }}
|
||||
[frontends."frontend-{{ $frontendName }}".rateLimit.rateSet."{{ $limitName }}"]
|
||||
period = "{{ $limit.Period }}"
|
||||
average = {{ $limit.Average }}
|
||||
burst = {{ $limit.Burst }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $headers := getHeaders $container.SegmentLabels }}
|
||||
{{if $headers }}
|
||||
[frontends."frontend-{{ $frontendName }}".headers]
|
||||
SSLRedirect = {{ $headers.SSLRedirect }}
|
||||
SSLTemporaryRedirect = {{ $headers.SSLTemporaryRedirect }}
|
||||
SSLHost = "{{ $headers.SSLHost }}"
|
||||
SSLForceHost = {{ $headers.SSLForceHost }}
|
||||
STSSeconds = {{ $headers.STSSeconds }}
|
||||
STSIncludeSubdomains = {{ $headers.STSIncludeSubdomains }}
|
||||
STSPreload = {{ $headers.STSPreload }}
|
||||
ForceSTSHeader = {{ $headers.ForceSTSHeader }}
|
||||
FrameDeny = {{ $headers.FrameDeny }}
|
||||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
IsDevelopment = {{ $headers.IsDevelopment }}
|
||||
|
||||
{{if $headers.AllowedHosts }}
|
||||
AllowedHosts = [{{range $headers.AllowedHosts }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $headers.HostsProxyHeaders }}
|
||||
HostsProxyHeaders = [{{range $headers.HostsProxyHeaders }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $headers.CustomRequestHeaders }}
|
||||
[frontends."frontend-{{ $frontendName }}".headers.customRequestHeaders]
|
||||
{{range $k, $v := $headers.CustomRequestHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $headers.CustomResponseHeaders }}
|
||||
[frontends."frontend-{{ $frontendName }}".headers.customResponseHeaders]
|
||||
{{range $k, $v := $headers.CustomResponseHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $headers.SSLProxyHeaders }}
|
||||
[frontends."frontend-{{ $frontendName }}".headers.SSLProxyHeaders]
|
||||
{{range $k, $v := $headers.SSLProxyHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{end}}
|
||||
|
||||
[frontends."frontend-{{ $frontendName }}".routes."route-frontend-{{ $frontendName }}"]
|
||||
rule = "{{ getFrontendRule $container $container.SegmentLabels }}"
|
||||
|
||||
{{end}}
|
@ -1,277 +0,0 @@
|
||||
[backends]
|
||||
{{range $serviceName, $instances := .Services }}
|
||||
{{ $firstInstance := index $instances 0 }}
|
||||
|
||||
{{ $circuitBreaker := getCircuitBreaker $firstInstance.SegmentLabels }}
|
||||
{{if $circuitBreaker }}
|
||||
[backends."backend-{{ $serviceName }}".circuitBreaker]
|
||||
expression = "{{ $circuitBreaker.Expression }}"
|
||||
{{end}}
|
||||
|
||||
{{ $responseForwarding := getResponseForwarding $firstInstance.SegmentLabels }}
|
||||
{{if $responseForwarding }}
|
||||
[backends."backend-{{ $serviceName }}".responseForwarding]
|
||||
flushInterval = "{{ $responseForwarding.FlushInterval }}"
|
||||
{{end}}
|
||||
|
||||
{{ $loadBalancer := getLoadBalancer $firstInstance.SegmentLabels }}
|
||||
{{if $loadBalancer }}
|
||||
[backends."backend-{{ $serviceName }}".loadBalancer]
|
||||
method = "{{ $loadBalancer.Method }}"
|
||||
{{if $loadBalancer.Stickiness }}
|
||||
[backends."backend-{{ $serviceName }}".loadBalancer.stickiness]
|
||||
cookieName = "{{ $loadBalancer.Stickiness.CookieName }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $maxConn := getMaxConn $firstInstance.SegmentLabels }}
|
||||
{{if $maxConn }}
|
||||
[backends."backend-{{ $serviceName }}".maxConn]
|
||||
extractorFunc = "{{ $maxConn.ExtractorFunc }}"
|
||||
amount = {{ $maxConn.Amount }}
|
||||
{{end}}
|
||||
|
||||
{{ $healthCheck := getHealthCheck $firstInstance.SegmentLabels }}
|
||||
{{if $healthCheck }}
|
||||
[backends."backend-{{ $serviceName }}".healthCheck]
|
||||
scheme = "{{ $healthCheck.Scheme }}"
|
||||
path = "{{ $healthCheck.Path }}"
|
||||
port = {{ $healthCheck.Port }}
|
||||
interval = "{{ $healthCheck.Interval }}"
|
||||
timeout = "{{ $healthCheck.Timeout }}"
|
||||
hostname = "{{ $healthCheck.Hostname }}"
|
||||
{{if $healthCheck.Headers }}
|
||||
[backends."backend-{{ $serviceName }}".healthCheck.headers]
|
||||
{{range $k, $v := $healthCheck.Headers }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $buffering := getBuffering $firstInstance.SegmentLabels }}
|
||||
{{if $buffering }}
|
||||
[backends."backend-{{ $serviceName }}".buffering]
|
||||
maxRequestBodyBytes = {{ $buffering.MaxRequestBodyBytes }}
|
||||
memRequestBodyBytes = {{ $buffering.MemRequestBodyBytes }}
|
||||
maxResponseBodyBytes = {{ $buffering.MaxResponseBodyBytes }}
|
||||
memResponseBodyBytes = {{ $buffering.MemResponseBodyBytes }}
|
||||
retryExpression = "{{ $buffering.RetryExpression }}"
|
||||
{{end}}
|
||||
|
||||
{{range $serverName, $server := getServers $instances }}
|
||||
[backends."backend-{{ $serviceName }}".servers."{{ $serverName }}"]
|
||||
url = "{{ $server.URL }}"
|
||||
weight = {{ $server.Weight }}
|
||||
{{end}}
|
||||
|
||||
{{end}}
|
||||
|
||||
[frontends]
|
||||
{{range $serviceName, $instances := .Services }}
|
||||
{{range $instance := filterFrontends $instances }}
|
||||
|
||||
{{ $frontendName := getFrontendName $instance }}
|
||||
|
||||
[frontends."frontend-{{ $frontendName }}"]
|
||||
backend = "backend-{{ $serviceName }}"
|
||||
priority = {{ getPriority $instance.SegmentLabels }}
|
||||
passHostHeader = {{ getPassHostHeader $instance.SegmentLabels }}
|
||||
passTLSCert = {{ getPassTLSCert $instance.SegmentLabels }}
|
||||
|
||||
entryPoints = [{{range getEntryPoints $instance.SegmentLabels }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
|
||||
{{ $tlsClientCert := getPassTLSClientCert $instance.SegmentLabels }}
|
||||
{{if $tlsClientCert }}
|
||||
[frontends."frontend-{{ $frontendName }}".passTLSClientCert]
|
||||
pem = {{ $tlsClientCert.PEM }}
|
||||
{{ $infos := $tlsClientCert.Infos }}
|
||||
{{if $infos }}
|
||||
[frontends."frontend-{{ $frontendName }}".passTLSClientCert.infos]
|
||||
notAfter = {{ $infos.NotAfter }}
|
||||
notBefore = {{ $infos.NotBefore }}
|
||||
sans = {{ $infos.Sans }}
|
||||
{{ $subject := $infos.Subject }}
|
||||
{{if $subject }}
|
||||
[frontends."frontend-{{ $frontendName }}".passTLSClientCert.infos.subject]
|
||||
country = {{ $subject.Country }}
|
||||
province = {{ $subject.Province }}
|
||||
locality = {{ $subject.Locality }}
|
||||
organization = {{ $subject.Organization }}
|
||||
commonName = {{ $subject.CommonName }}
|
||||
serialNumber = {{ $subject.SerialNumber }}
|
||||
domainComponent = {{ $subject.DomainComponent }}
|
||||
{{end}}
|
||||
{{ $issuer := $infos.Issuer }}
|
||||
{{if $issuer }}
|
||||
[frontends."frontend-{{ $frontendName }}".passTLSClientCert.infos.issuer]
|
||||
country = {{ $issuer.Country }}
|
||||
province = {{ $issuer.Province }}
|
||||
locality = {{ $issuer.Locality }}
|
||||
organization = {{ $issuer.Organization }}
|
||||
commonName = {{ $issuer.CommonName }}
|
||||
serialNumber = {{ $issuer.SerialNumber }}
|
||||
domainComponent = {{ $issuer.DomainComponent }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $auth := getAuth $instance.SegmentLabels }}
|
||||
{{if $auth }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth]
|
||||
headerField = "{{ $auth.HeaderField }}"
|
||||
|
||||
{{if $auth.Forward }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth.forward]
|
||||
address = "{{ $auth.Forward.Address }}"
|
||||
trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }}
|
||||
{{if $auth.Forward.AuthResponseHeaders }}
|
||||
authResponseHeaders = [{{range $auth.Forward.AuthResponseHeaders }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Forward.TLS }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth.forward.tls]
|
||||
ca = "{{ $auth.Forward.TLS.CA }}"
|
||||
caOptional = {{ $auth.Forward.TLS.CAOptional }}
|
||||
cert = """{{ $auth.Forward.TLS.Cert }}"""
|
||||
key = """{{ $auth.Forward.TLS.Key }}"""
|
||||
insecureSkipVerify = {{ $auth.Forward.TLS.InsecureSkipVerify }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Basic }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth.basic]
|
||||
removeHeader = {{ $auth.Basic.RemoveHeader }}
|
||||
{{if $auth.Basic.Users }}
|
||||
users = [{{range $auth.Basic.Users }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
usersFile = "{{ $auth.Basic.UsersFile }}"
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Digest }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth.digest]
|
||||
removeHeader = {{ $auth.Digest.RemoveHeader }}
|
||||
{{if $auth.Digest.Users }}
|
||||
users = [{{range $auth.Digest.Users }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
usersFile = "{{ $auth.Digest.UsersFile }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $whitelist := getWhiteList $instance.SegmentLabels }}
|
||||
{{if $whitelist }}
|
||||
[frontends."frontend-{{ $frontendName }}".whiteList]
|
||||
sourceRange = [{{range $whitelist.SourceRange }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{if $whitelist.IPStrategy }}
|
||||
[frontends."frontend-{{ $frontendName }}".whiteList.IPStrategy]
|
||||
depth = {{ $whitelist.IPStrategy.Depth }}
|
||||
excludedIPs = [{{range $whitelist.IPStrategy.ExcludedIPs }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $redirect := getRedirect $instance.SegmentLabels }}
|
||||
{{if $redirect }}
|
||||
[frontends."frontend-{{ $frontendName }}".redirect]
|
||||
entryPoint = "{{ $redirect.EntryPoint }}"
|
||||
regex = "{{ $redirect.Regex }}"
|
||||
replacement = "{{ $redirect.Replacement }}"
|
||||
permanent = {{ $redirect.Permanent }}
|
||||
{{end}}
|
||||
|
||||
{{ $errorPages := getErrorPages $instance.SegmentLabels }}
|
||||
{{if $errorPages }}
|
||||
[frontends."frontend-{{ $frontendName }}".errors]
|
||||
{{range $pageName, $page := $errorPages }}
|
||||
[frontends."frontend-{{ $frontendName }}".errors."{{ $pageName }}"]
|
||||
status = [{{range $page.Status }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
backend = "backend-{{ $page.Backend }}"
|
||||
query = "{{ $page.Query }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $rateLimit := getRateLimit $instance.SegmentLabels }}
|
||||
{{if $rateLimit }}
|
||||
[frontends."frontend-{{ $frontendName }}".rateLimit]
|
||||
extractorFunc = "{{ $rateLimit.ExtractorFunc }}"
|
||||
[frontends."frontend-{{ $frontendName }}".rateLimit.rateSet]
|
||||
{{ range $limitName, $limit := $rateLimit.RateSet }}
|
||||
[frontends."frontend-{{ $frontendName }}".rateLimit.rateSet."{{ $limitName }}"]
|
||||
period = "{{ $limit.Period }}"
|
||||
average = {{ $limit.Average }}
|
||||
burst = {{ $limit.Burst }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $headers := getHeaders $instance.SegmentLabels }}
|
||||
{{if $headers }}
|
||||
[frontends."frontend-{{ $frontendName }}".headers]
|
||||
SSLRedirect = {{ $headers.SSLRedirect }}
|
||||
SSLTemporaryRedirect = {{ $headers.SSLTemporaryRedirect }}
|
||||
SSLHost = "{{ $headers.SSLHost }}"
|
||||
SSLForceHost = {{ $headers.SSLForceHost }}
|
||||
STSSeconds = {{ $headers.STSSeconds }}
|
||||
STSIncludeSubdomains = {{ $headers.STSIncludeSubdomains }}
|
||||
STSPreload = {{ $headers.STSPreload }}
|
||||
ForceSTSHeader = {{ $headers.ForceSTSHeader }}
|
||||
FrameDeny = {{ $headers.FrameDeny }}
|
||||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
IsDevelopment = {{ $headers.IsDevelopment }}
|
||||
|
||||
{{if $headers.AllowedHosts }}
|
||||
AllowedHosts = [{{range $headers.AllowedHosts }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $headers.HostsProxyHeaders }}
|
||||
HostsProxyHeaders = [{{range $headers.HostsProxyHeaders }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $headers.CustomRequestHeaders }}
|
||||
[frontends."frontend-{{ $frontendName }}".headers.customRequestHeaders]
|
||||
{{range $k, $v := $headers.CustomRequestHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $headers.CustomResponseHeaders }}
|
||||
[frontends."frontend-{{ $frontendName }}".headers.customResponseHeaders]
|
||||
{{range $k, $v := $headers.CustomResponseHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $headers.SSLProxyHeaders }}
|
||||
[frontends."frontend-{{ $frontendName }}".headers.SSLProxyHeaders]
|
||||
{{range $k, $v := $headers.SSLProxyHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
[frontends."frontend-{{ $frontendName }}".routes."route-frontend-{{ $frontendName }}"]
|
||||
rule = "{{ getFrontendRule $instance }}"
|
||||
|
||||
{{end}}
|
||||
{{end}}
|
@ -1,24 +0,0 @@
|
||||
[backends]
|
||||
{{range $app := .Applications }}
|
||||
|
||||
[backends.backend-{{ $app.Name }}]
|
||||
|
||||
{{range $instance := .Instances }}
|
||||
[backends."backend-{{ $app.Name }}".servers."server-{{ getInstanceID $instance }}"]
|
||||
url = "{{ getProtocol $instance }}://{{ .IpAddr }}:{{ getPort $instance }}"
|
||||
weight = {{ getWeight $instance }}
|
||||
{{end}}
|
||||
|
||||
{{end}}
|
||||
|
||||
[frontends]
|
||||
{{range $app := .Applications }}
|
||||
|
||||
[frontends."frontend-{{ $app.Name }}"]
|
||||
backend = "backend-{{ $app.Name }}"
|
||||
entryPoints = ["http"]
|
||||
|
||||
[frontends."frontend-{{ $app.Name }}".routes."route-host{{ $app.Name }}"]
|
||||
rule = "Host:{{ $app.Name | tolower }}"
|
||||
|
||||
{{end}}
|
@ -1,240 +0,0 @@
|
||||
[backends]
|
||||
{{range $backendName, $backend := .Backends }}
|
||||
|
||||
[backends."{{ $backendName }}"]
|
||||
|
||||
{{if $backend.CircuitBreaker }}
|
||||
[backends."{{ $backendName }}".circuitBreaker]
|
||||
expression = "{{ $backend.CircuitBreaker.Expression }}"
|
||||
{{end}}
|
||||
|
||||
{{if $backend.ResponseForwarding }}
|
||||
[backends."{{ $backendName }}".responseForwarding]
|
||||
flushInterval = "{{ $backend.responseForwarding.FlushInterval }}"
|
||||
{{end}}
|
||||
|
||||
[backends."{{ $backendName }}".loadBalancer]
|
||||
method = "{{ $backend.LoadBalancer.Method }}"
|
||||
{{if $backend.LoadBalancer.Stickiness }}
|
||||
[backends."{{ $backendName }}".loadBalancer.stickiness]
|
||||
cookieName = "{{ $backend.LoadBalancer.Stickiness.CookieName }}"
|
||||
{{end}}
|
||||
|
||||
{{if $backend.MaxConn }}
|
||||
[backends."{{ $backendName }}".maxConn]
|
||||
amount = {{ $backend.MaxConn.Amount }}
|
||||
extractorFunc = "{{ $backend.MaxConn.ExtractorFunc }}"
|
||||
{{end}}
|
||||
|
||||
{{if $backend.Buffering }}
|
||||
[backends."{{ $backendName }}".buffering]
|
||||
maxRequestBodyBytes = {{ $backend.Buffering.MaxRequestBodyBytes }}
|
||||
memRequestBodyBytes = {{ $backend.Buffering.MemRequestBodyBytes }}
|
||||
maxResponseBodyBytes = {{ $backend.Buffering.MaxResponseBodyBytes }}
|
||||
memResponseBodyBytes = {{ $backend.Buffering.MemResponseBodyBytes }}
|
||||
retryExpression = "{{ $backend.Buffering.RetryExpression }}"
|
||||
{{end}}
|
||||
|
||||
{{range $serverName, $server := $backend.Servers }}
|
||||
[backends."{{ $backendName }}".servers."{{ $serverName }}"]
|
||||
url = "{{ $server.URL }}"
|
||||
weight = {{ $server.Weight }}
|
||||
{{end}}
|
||||
|
||||
{{end}}
|
||||
|
||||
[frontends]
|
||||
{{range $frontendName, $frontend := .Frontends }}
|
||||
|
||||
[frontends."{{ $frontendName }}"]
|
||||
backend = "{{ $frontend.Backend }}"
|
||||
priority = {{ $frontend.Priority }}
|
||||
passHostHeader = {{ $frontend.PassHostHeader }}
|
||||
passTLSCert = {{ $frontend.PassTLSCert }}
|
||||
|
||||
entryPoints = [{{range $frontend.EntryPoints }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
|
||||
{{if $frontend.Auth }}
|
||||
[frontends."{{ $frontendName }}".auth]
|
||||
headerField = "X-WebAuth-User"
|
||||
|
||||
{{if $frontend.Auth.Basic }}
|
||||
[frontends."{{ $frontendName }}".auth.basic]
|
||||
removeHeader = {{$frontend.Auth.Basic.RemoveHeader}}
|
||||
users = [{{range $frontend.Auth.Basic.Users }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $frontend.Auth.Digest }}
|
||||
[frontends."{{ $frontendName }}".auth.digest]
|
||||
removeHeader = {{$frontend.Auth.Digest.RemoveHeader}}
|
||||
users = [{{range $frontend.Auth.Digest.Users }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $frontend.Auth.Forward }}
|
||||
[frontends."{{ $frontendName }}".auth.forward]
|
||||
address = "{{ $frontend.Auth.Forward.Address }}"
|
||||
authResponseHeaders = [{{range $frontend.Auth.Forward.AuthResponseHeaders }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
trustForwardHeader = {{ $frontend.Auth.Forward.TrustForwardHeader }}
|
||||
{{if $frontend.Auth.Forward.TLS }}
|
||||
[frontends."{{ $frontendName }}".auth.forward.tls]
|
||||
cert = """{{ $frontend.Auth.Forward.TLS.Cert }}"""
|
||||
key = """{{ $frontend.Auth.Forward.TLS.Key }}"""
|
||||
insecureSkipVerify = {{ $frontend.Auth.Forward.TLS.InsecureSkipVerify }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{end}}
|
||||
|
||||
{{if $frontend.WhiteList }}
|
||||
[frontends."{{ $frontendName }}".whiteList]
|
||||
sourceRange = [{{range $frontend.Whitelist.SourceRange }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{if $frontend.Whitelist.IPStrategy }}
|
||||
[frontends."{{ $frontendName }}".whiteList.IPStrategy]
|
||||
depth = {{ $frontend.Whitelist.IPStrategy.Depth }}
|
||||
excludedIPs = [{{range $frontend.Whitelist.IPStrategy.ExcludedIPs }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $frontend.Redirect }}
|
||||
[frontends."{{ $frontendName }}".redirect]
|
||||
entryPoint = "{{ $frontend.Redirect.EntryPoint }}"
|
||||
regex = "{{ $frontend.Redirect.Regex }}"
|
||||
replacement = "{{ $frontend.Redirect.Replacement }}"
|
||||
permanent = {{ $frontend.Redirect.Permanent }}
|
||||
{{end}}
|
||||
|
||||
{{if $frontend.Errors }}
|
||||
[frontends."{{ $frontendName }}".errors]
|
||||
{{range $pageName, $page := $frontend.Errors }}
|
||||
[frontends."{{ $frontendName }}".errors."{{ $pageName }}"]
|
||||
status = [{{range $page.Status }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
backend = "{{ $page.Backend }}"
|
||||
query = "{{ $page.Query }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $frontend.RateLimit }}
|
||||
[frontends."{{ $frontendName }}".rateLimit]
|
||||
extractorFunc = "{{ $frontend.RateLimit.ExtractorFunc }}"
|
||||
[frontends."{{ $frontendName }}".rateLimit.rateSet]
|
||||
{{range $limitName, $limit := $frontend.RateLimit.RateSet }}
|
||||
[frontends."{{ $frontendName }}".rateLimit.rateSet."{{ $limitName }}"]
|
||||
period = "{{ $limit.Period }}"
|
||||
average = {{ $limit.Average }}
|
||||
burst = {{ $limit.Burst }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $frontend.PassTLSClientCert }}
|
||||
[frontends."{{ $frontendName }}".passTLSClientCert]
|
||||
pem = {{ $frontend.PassTLSClientCert.PEM }}
|
||||
{{ $infos := $frontend.PassTLSClientCert.Infos }}
|
||||
{{if $infos }}
|
||||
[frontends."{{ $frontendName }}".passTLSClientCert.infos]
|
||||
notAfter = {{ $infos.NotAfter }}
|
||||
notBefore = {{ $infos.NotBefore }}
|
||||
sans = {{ $infos.Sans }}
|
||||
{{ $subject := $infos.Subject }}
|
||||
{{if $subject }}
|
||||
[frontends."{{ $frontendName }}".passTLSClientCert.infos.subject]
|
||||
country = {{ $subject.Country }}
|
||||
province = {{ $subject.Province }}
|
||||
locality = {{ $subject.Locality }}
|
||||
organization = {{ $subject.Organization }}
|
||||
commonName = {{ $subject.CommonName }}
|
||||
serialNumber = {{ $subject.SerialNumber }}
|
||||
domainComponent = {{ $subject.DomainComponent }}
|
||||
{{end}}
|
||||
{{ $issuer := $infos.Subject }}
|
||||
{{if $issuer }}
|
||||
[frontends."{{ $frontendName }}".passTLSClientCert.infos.issuer]
|
||||
country = {{ $issuer.Country }}
|
||||
province = {{ $issuer.Province }}
|
||||
locality = {{ $issuer.Locality }}
|
||||
organization = {{ $issuer.Organization }}
|
||||
commonName = {{ $issuer.CommonName }}
|
||||
serialNumber = {{ $issuer.SerialNumber }}
|
||||
domainComponent = {{ $issuer.DomainComponent }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $frontend.Headers }}
|
||||
[frontends."{{ $frontendName }}".headers]
|
||||
SSLRedirect = {{ $frontend.Headers.SSLRedirect }}
|
||||
SSLTemporaryRedirect = {{ $frontend.Headers.SSLTemporaryRedirect }}
|
||||
SSLHost = "{{ $frontend.Headers.SSLHost }}"
|
||||
SSLForceHost = {{ $frontend.Headers.SSLForceHost }}
|
||||
STSSeconds = {{ $frontend.Headers.STSSeconds }}
|
||||
STSIncludeSubdomains = {{ $frontend.Headers.STSIncludeSubdomains }}
|
||||
STSPreload = {{ $frontend.Headers.STSPreload }}
|
||||
ForceSTSHeader = {{ $frontend.Headers.ForceSTSHeader }}
|
||||
FrameDeny = {{ $frontend.Headers.FrameDeny }}
|
||||
CustomFrameOptionsValue = "{{ $frontend.Headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $frontend.Headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $frontend.Headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $frontend.Headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $frontend.Headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $frontend.Headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $frontend.Headers.ReferrerPolicy }}"
|
||||
IsDevelopment = {{ $frontend.Headers.IsDevelopment }}
|
||||
{{if $frontend.Headers.AllowedHosts }}
|
||||
AllowedHosts = [{{range $frontend.Headers.AllowedHosts }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
{{if $frontend.Headers.HostsProxyHeaders }}
|
||||
HostsProxyHeaders = [{{range $frontend.Headers.HostsProxyHeaders }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
{{if $frontend.Headers.CustomRequestHeaders }}
|
||||
[frontends."{{ $frontendName }}".headers.customRequestHeaders]
|
||||
{{range $k, $v := $frontend.Headers.CustomRequestHeaders }}
|
||||
{{ $k }} = "{{ $v }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{if $frontend.Headers.CustomResponseHeaders }}
|
||||
[frontends."{{ $frontendName }}".headers.customResponseHeaders]
|
||||
{{range $k, $v := $frontend.Headers.CustomResponseHeaders }}
|
||||
{{ $k }} = "{{ $v }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{if $frontend.Headers.SSLProxyHeaders }}
|
||||
[frontends."{{ $frontendName }}".headers.SSLProxyHeaders]
|
||||
{{range $k, $v := $frontend.Headers.SSLProxyHeaders }}
|
||||
{{ $k }} = "{{ $v }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{range $routeName, $route := $frontend.Routes }}
|
||||
[frontends."{{ $frontendName }}".routes."{{ $routeName }}"]
|
||||
rule = "{{ $route.Rule }}"
|
||||
{{end}}
|
||||
|
||||
{{end}}
|
||||
|
||||
{{range $tls := .TLS }}
|
||||
[[tls]]
|
||||
entryPoints = [{{range $tls.EntryPoints }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
[tls.certificate]
|
||||
certFile = """{{ $tls.Certificate.CertFile }}"""
|
||||
keyFile = """{{ $tls.Certificate.KeyFile }}"""
|
||||
{{end}}
|
@ -1,289 +0,0 @@
|
||||
[backends]
|
||||
{{range $backend := List .Prefix "/backends/" }}
|
||||
{{ $backendName := Last $backend }}
|
||||
|
||||
{{ $circuitBreaker := getCircuitBreaker $backend }}
|
||||
{{if $circuitBreaker }}
|
||||
[backends."{{ $backendName }}".circuitBreaker]
|
||||
expression = "{{ $circuitBreaker.Expression }}"
|
||||
{{end}}
|
||||
|
||||
{{ $responseForwarding := getResponseForwarding $backend }}
|
||||
{{if $responseForwarding }}
|
||||
[backends."{{ $backendName }}".responseForwarding]
|
||||
flushInterval = "{{ $responseForwarding.flushInterval }}"
|
||||
{{end}}
|
||||
|
||||
{{ $loadBalancer := getLoadBalancer $backend }}
|
||||
{{if $loadBalancer }}
|
||||
[backends."{{ $backendName }}".loadBalancer]
|
||||
method = "{{ $loadBalancer.Method }}"
|
||||
{{if $loadBalancer.Stickiness }}
|
||||
[backends."{{ $backendName }}".loadBalancer.stickiness]
|
||||
cookieName = "{{ $loadBalancer.Stickiness.CookieName }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $maxConn := getMaxConn $backend }}
|
||||
{{if $maxConn }}
|
||||
[backends."{{ $backendName }}".maxConn]
|
||||
extractorFunc = "{{ $maxConn.ExtractorFunc }}"
|
||||
amount = {{ $maxConn.Amount }}
|
||||
{{end}}
|
||||
|
||||
{{ $healthCheck := getHealthCheck $backend }}
|
||||
{{if $healthCheck }}
|
||||
[backends."{{ $backendName }}".healthCheck]
|
||||
scheme = "{{ $healthCheck.Scheme }}"
|
||||
path = "{{ $healthCheck.Path }}"
|
||||
port = {{ $healthCheck.Port }}
|
||||
interval = "{{ $healthCheck.Interval }}"
|
||||
timeout = "{{ $healthCheck.Timeout }}"
|
||||
hostname = "{{ $healthCheck.Hostname }}"
|
||||
{{if $healthCheck.Headers }}
|
||||
[backends."{{ $backendName }}".healthCheck.headers]
|
||||
{{range $k, $v := $healthCheck.Headers }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $buffering := getBuffering $backend }}
|
||||
{{if $buffering }}
|
||||
[backends."{{ $backendName }}".buffering]
|
||||
maxRequestBodyBytes = {{ $buffering.MaxRequestBodyBytes }}
|
||||
memRequestBodyBytes = {{ $buffering.MemRequestBodyBytes }}
|
||||
maxResponseBodyBytes = {{ $buffering.MaxResponseBodyBytes }}
|
||||
memResponseBodyBytes = {{ $buffering.MemResponseBodyBytes }}
|
||||
retryExpression = "{{ $buffering.RetryExpression }}"
|
||||
{{end}}
|
||||
|
||||
{{range $serverName, $server := getServers $backend}}
|
||||
[backends."{{ $backendName }}".servers."{{ $serverName }}"]
|
||||
url = "{{ $server.URL }}"
|
||||
weight = {{ $server.Weight }}
|
||||
{{end}}
|
||||
|
||||
{{end}}
|
||||
|
||||
[frontends]
|
||||
{{range $frontend := List .Prefix "/frontends/" }}
|
||||
{{ $frontendName := Last $frontend }}
|
||||
|
||||
[frontends."{{ $frontendName }}"]
|
||||
backend = "{{ getBackendName $frontend }}"
|
||||
priority = {{ getPriority $frontend }}
|
||||
passHostHeader = {{ getPassHostHeader $frontend }}
|
||||
passTLSCert = {{ getPassTLSCert $frontend }}
|
||||
|
||||
entryPoints = [{{range getEntryPoints $frontend }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
|
||||
{{ $tlsClientCert := getPassTLSClientCert $frontend }}
|
||||
{{if $tlsClientCert }}
|
||||
[frontends."{{ $frontendName }}".passTLSClientCert]
|
||||
pem = {{ $tlsClientCert.PEM }}
|
||||
{{ $infos := $tlsClientCert.Infos }}
|
||||
{{if $infos }}
|
||||
[frontends."{{ $frontendName }}".passTLSClientCert.infos]
|
||||
notAfter = {{ $infos.NotAfter }}
|
||||
notBefore = {{ $infos.NotBefore }}
|
||||
sans = {{ $infos.Sans }}
|
||||
{{ $subject := $infos.Subject }}
|
||||
{{if $subject }}
|
||||
[frontends."{{ $frontendName }}".passTLSClientCert.infos.subject]
|
||||
country = {{ $subject.Country }}
|
||||
province = {{ $subject.Province }}
|
||||
locality = {{ $subject.Locality }}
|
||||
organization = {{ $subject.Organization }}
|
||||
commonName = {{ $subject.CommonName }}
|
||||
serialNumber = {{ $subject.SerialNumber }}
|
||||
domainComponent = {{ $subject.DomainComponent }}
|
||||
{{end}}
|
||||
{{ $issuer := $infos.Subject }}
|
||||
{{if $issuer }}
|
||||
[frontends."{{ $frontendName }}".passTLSClientCert.infos.issuer]
|
||||
country = {{ $issuer.Country }}
|
||||
province = {{ $issuer.Province }}
|
||||
locality = {{ $issuer.Locality }}
|
||||
organization = {{ $issuer.Organization }}
|
||||
commonName = {{ $issuer.CommonName }}
|
||||
serialNumber = {{ $issuer.SerialNumber }}
|
||||
domainComponent = {{ $issuer.DomainComponent }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $auth := getAuth $frontend }}
|
||||
{{if $auth }}
|
||||
[frontends."{{ $frontendName }}".auth]
|
||||
headerField = "{{ $auth.HeaderField }}"
|
||||
|
||||
{{if $auth.Forward }}
|
||||
[frontends."{{ $frontendName }}".auth.forward]
|
||||
address = "{{ $auth.Forward.Address }}"
|
||||
trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }}
|
||||
{{if $auth.Forward.AuthResponseHeaders }}
|
||||
authResponseHeaders = [{{range $auth.Forward.AuthResponseHeaders }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Forward.TLS }}
|
||||
[frontends."{{ $frontendName }}".auth.forward.tls]
|
||||
ca = "{{ $auth.Forward.TLS.CA }}"
|
||||
caOptional = {{ $auth.Forward.TLS.CAOptional }}
|
||||
cert = """{{ $auth.Forward.TLS.Cert }}"""
|
||||
key = """{{ $auth.Forward.TLS.Key }}"""
|
||||
insecureSkipVerify = {{ $auth.Forward.TLS.InsecureSkipVerify }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Basic }}
|
||||
[frontends."{{ $frontendName }}".auth.basic]
|
||||
removeHeader = {{ $auth.Basic.RemoveHeader }}
|
||||
{{if $auth.Basic.Users }}
|
||||
users = [{{range $auth.Basic.Users }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
usersFile = "{{ $auth.Basic.UsersFile }}"
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Digest }}
|
||||
[frontends."{{ $frontendName }}".auth.digest]
|
||||
removeHeader = {{ $auth.Digest.RemoveHeader }}
|
||||
{{if $auth.Digest.Users }}
|
||||
users = [{{range $auth.Digest.Users }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
usersFile = "{{ $auth.Digest.UsersFile }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $whitelist := getWhiteList $frontend }}
|
||||
{{if $whitelist }}
|
||||
[frontends."{{ $frontendName }}".whiteList]
|
||||
sourceRange = [{{range $whitelist.SourceRange }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{if $whitelist.IPStrategy }}
|
||||
[frontends."{{ $frontendName }}".whiteList.IPStrategy]
|
||||
depth = {{ $whitelist.IPStrategy.Depth }}
|
||||
excludedIPs = [{{range $whitelist.IPStrategy.ExcludedIPs }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $redirect := getRedirect $frontend }}
|
||||
{{if $redirect }}
|
||||
[frontends."{{ $frontendName }}".redirect]
|
||||
entryPoint = "{{ $redirect.EntryPoint }}"
|
||||
regex = "{{ $redirect.Regex }}"
|
||||
replacement = "{{ $redirect.Replacement }}"
|
||||
permanent = {{ $redirect.Permanent }}
|
||||
{{end}}
|
||||
|
||||
{{ $errorPages := getErrorPages $frontend }}
|
||||
{{if $errorPages }}
|
||||
[frontends."{{ $frontendName }}".errors]
|
||||
{{range $pageName, $page := $errorPages }}
|
||||
[frontends."{{$frontendName}}".errors."{{ $pageName }}"]
|
||||
status = [{{range $page.Status }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
backend = "{{$page.Backend}}"
|
||||
query = "{{$page.Query}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $rateLimit := getRateLimit $frontend }}
|
||||
{{if $rateLimit }}
|
||||
[frontends."{{ $frontendName }}".rateLimit]
|
||||
extractorFunc = "{{ $rateLimit.ExtractorFunc }}"
|
||||
[frontends."{{ $frontendName }}".rateLimit.rateSet]
|
||||
{{range $limitName, $rateLimit := $rateLimit.RateSet }}
|
||||
[frontends."{{ $frontendName }}".rateLimit.rateSet."{{ $limitName }}"]
|
||||
period = "{{ $rateLimit.Period }}"
|
||||
average = {{ $rateLimit.Average }}
|
||||
burst = {{ $rateLimit.Burst }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $headers := getHeaders $frontend }}
|
||||
{{if $headers }}
|
||||
[frontends."{{ $frontendName }}".headers]
|
||||
SSLRedirect = {{ $headers.SSLRedirect }}
|
||||
SSLTemporaryRedirect = {{ $headers.SSLTemporaryRedirect }}
|
||||
SSLHost = "{{ $headers.SSLHost }}"
|
||||
SSLForceHost = {{ $headers.SSLForceHost }}
|
||||
STSSeconds = {{ $headers.STSSeconds }}
|
||||
STSIncludeSubdomains = {{ $headers.STSIncludeSubdomains }}
|
||||
STSPreload = {{ $headers.STSPreload }}
|
||||
ForceSTSHeader = {{ $headers.ForceSTSHeader }}
|
||||
FrameDeny = {{ $headers.FrameDeny }}
|
||||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
IsDevelopment = {{ $headers.IsDevelopment }}
|
||||
|
||||
{{if $headers.AllowedHosts }}
|
||||
AllowedHosts = [{{range $headers.AllowedHosts }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $headers.HostsProxyHeaders }}
|
||||
HostsProxyHeaders = [{{range $headers.HostsProxyHeaders }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $headers.CustomRequestHeaders }}
|
||||
[frontends."{{ $frontendName }}".headers.customRequestHeaders]
|
||||
{{range $k, $v := $headers.CustomRequestHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $headers.CustomResponseHeaders }}
|
||||
[frontends."{{ $frontendName }}".headers.customResponseHeaders]
|
||||
{{range $k, $v := $headers.CustomResponseHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $headers.SSLProxyHeaders }}
|
||||
[frontends."{{ $frontendName }}".headers.SSLProxyHeaders]
|
||||
{{range $k, $v := $headers.SSLProxyHeaders}}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{range $routeName, $route := getRoutes $frontend }}
|
||||
[frontends."{{ $frontendName }}".routes."{{ $routeName }}"]
|
||||
rule = "{{ $route.Rule }}"
|
||||
{{end}}
|
||||
|
||||
{{end}}
|
||||
|
||||
{{range $tls := getTLSSection .Prefix }}
|
||||
[[tls]]
|
||||
|
||||
entryPoints = [{{range $tls.EntryPoints }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
|
||||
[tls.certificate]
|
||||
certFile = """{{ $tls.Certificate.CertFile }}"""
|
||||
keyFile = """{{ $tls.Certificate.KeyFile }}"""
|
||||
|
||||
{{end}}
|
@ -1,277 +0,0 @@
|
||||
{{ $apps := .Applications }}
|
||||
|
||||
[backends]
|
||||
{{range $backendName, $app := $apps }}
|
||||
|
||||
[backends."{{ $backendName }}"]
|
||||
|
||||
{{ $circuitBreaker := getCircuitBreaker $app.SegmentLabels }}
|
||||
{{if $circuitBreaker }}
|
||||
[backends."{{ $backendName }}".circuitBreaker]
|
||||
expression = "{{ $circuitBreaker.Expression }}"
|
||||
{{end}}
|
||||
|
||||
{{ $responseForwarding := getResponseForwarding $app.SegmentLabels }}
|
||||
{{if $responseForwarding }}
|
||||
[backends."{{ $backendName }}".responseForwarding]
|
||||
flushInterval = "{{ $responseForwarding.FlushInterval }}"
|
||||
{{end}}
|
||||
|
||||
{{ $loadBalancer := getLoadBalancer $app.SegmentLabels }}
|
||||
{{if $loadBalancer }}
|
||||
[backends."{{ $backendName }}".loadBalancer]
|
||||
method = "{{ $loadBalancer.Method }}"
|
||||
{{if $loadBalancer.Stickiness }}
|
||||
[backends."{{ $backendName }}".loadBalancer.stickiness]
|
||||
cookieName = "{{ $loadBalancer.Stickiness.CookieName }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $maxConn := getMaxConn $app.SegmentLabels }}
|
||||
{{if $maxConn }}
|
||||
[backends."{{ $backendName }}".maxConn]
|
||||
extractorFunc = "{{ $maxConn.ExtractorFunc }}"
|
||||
amount = {{ $maxConn.Amount }}
|
||||
{{end}}
|
||||
|
||||
{{ $healthCheck := getHealthCheck $app.SegmentLabels }}
|
||||
{{if $healthCheck }}
|
||||
[backends."{{ $backendName }}".healthCheck]
|
||||
scheme = "{{ $healthCheck.Scheme }}"
|
||||
path = "{{ $healthCheck.Path }}"
|
||||
port = {{ $healthCheck.Port }}
|
||||
interval = "{{ $healthCheck.Interval }}"
|
||||
timeout = "{{ $healthCheck.Timeout }}"
|
||||
hostname = "{{ $healthCheck.Hostname }}"
|
||||
{{if $healthCheck.Headers }}
|
||||
[backends.{{ $backendName }}.healthCheck.headers]
|
||||
{{range $k, $v := $healthCheck.Headers }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $buffering := getBuffering $app.SegmentLabels }}
|
||||
{{if $buffering }}
|
||||
[backends."{{ $backendName }}".buffering]
|
||||
maxRequestBodyBytes = {{ $buffering.MaxRequestBodyBytes }}
|
||||
memRequestBodyBytes = {{ $buffering.MemRequestBodyBytes }}
|
||||
maxResponseBodyBytes = {{ $buffering.MaxResponseBodyBytes }}
|
||||
memResponseBodyBytes = {{ $buffering.MemResponseBodyBytes }}
|
||||
retryExpression = "{{ $buffering.RetryExpression }}"
|
||||
{{end}}
|
||||
|
||||
{{range $serverName, $server := getServers $app }}
|
||||
[backends."{{ $backendName }}".servers."{{ $serverName }}"]
|
||||
url = "{{ $server.URL }}"
|
||||
weight = {{ $server.Weight }}
|
||||
{{end}}
|
||||
|
||||
{{end}}
|
||||
|
||||
[frontends]
|
||||
{{range $backendName, $app := $apps }}
|
||||
{{ $frontendName := getFrontendName $app }}
|
||||
|
||||
[frontends."{{ $frontendName }}"]
|
||||
backend = "{{ $backendName }}"
|
||||
priority = {{ getPriority $app.SegmentLabels }}
|
||||
passHostHeader = {{ getPassHostHeader $app.SegmentLabels }}
|
||||
passTLSCert = {{ getPassTLSCert $app.SegmentLabels }}
|
||||
|
||||
entryPoints = [{{range getEntryPoints $app.SegmentLabels }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
|
||||
{{ $tlsClientCert := getPassTLSClientCert $app.SegmentLabels }}
|
||||
{{if $tlsClientCert }}
|
||||
[frontends."{{ $frontendName }}".passTLSClientCert]
|
||||
pem = {{ $tlsClientCert.PEM }}
|
||||
{{ $infos := $tlsClientCert.Infos }}
|
||||
{{if $infos }}
|
||||
[frontends."{{ $frontendName }}".passTLSClientCert.infos]
|
||||
notAfter = {{ $infos.NotAfter }}
|
||||
notBefore = {{ $infos.NotBefore }}
|
||||
sans = {{ $infos.Sans }}
|
||||
{{ $subject := $infos.Subject }}
|
||||
{{if $subject }}
|
||||
[frontends."{{ $frontendName }}".passTLSClientCert.infos.subject]
|
||||
country = {{ $subject.Country }}
|
||||
province = {{ $subject.Province }}
|
||||
locality = {{ $subject.Locality }}
|
||||
organization = {{ $subject.Organization }}
|
||||
commonName = {{ $subject.CommonName }}
|
||||
serialNumber = {{ $subject.SerialNumber }}
|
||||
domainComponent = {{ $subject.DomainComponent }}
|
||||
{{end}}
|
||||
{{ $issuer := $infos.Subject }}
|
||||
{{if $issuer }}
|
||||
[frontends."{{ $frontendName }}".passTLSClientCert.infos.issuer]
|
||||
country = {{ $issuer.Country }}
|
||||
province = {{ $issuer.Province }}
|
||||
locality = {{ $issuer.Locality }}
|
||||
organization = {{ $issuer.Organization }}
|
||||
commonName = {{ $issuer.CommonName }}
|
||||
serialNumber = {{ $issuer.SerialNumber }}
|
||||
domainComponent = {{ $issuer.DomainComponent }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $auth := getAuth $app.SegmentLabels }}
|
||||
{{if $auth }}
|
||||
[frontends."{{ $frontendName }}".auth]
|
||||
headerField = "{{ $auth.HeaderField }}"
|
||||
|
||||
{{if $auth.Forward }}
|
||||
[frontends."{{ $frontendName }}".auth.forward]
|
||||
address = "{{ $auth.Forward.Address }}"
|
||||
trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }}
|
||||
{{if $auth.Forward.AuthResponseHeaders }}
|
||||
authResponseHeaders = [{{range $auth.Forward.AuthResponseHeaders }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Forward.TLS }}
|
||||
[frontends."{{ $frontendName }}".auth.forward.tls]
|
||||
ca = "{{ $auth.Forward.TLS.CA }}"
|
||||
caOptional = {{ $auth.Forward.TLS.CAOptional }}
|
||||
cert = """{{ $auth.Forward.TLS.Cert }}"""
|
||||
key = """{{ $auth.Forward.TLS.Key }}"""
|
||||
insecureSkipVerify = {{ $auth.Forward.TLS.InsecureSkipVerify }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Basic }}
|
||||
[frontends."{{ $frontendName }}".auth.basic]
|
||||
removeHeader = {{ $auth.Basic.RemoveHeader }}
|
||||
{{if $auth.Basic.Users }}
|
||||
users = [{{range $auth.Basic.Users }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
usersFile = "{{ $auth.Basic.UsersFile }}"
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Digest }}
|
||||
[frontends."{{ $frontendName }}".auth.digest]
|
||||
removeHeader = {{ $auth.Digest.RemoveHeader }}
|
||||
{{if $auth.Digest.Users }}
|
||||
users = [{{range $auth.Digest.Users }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
usersFile = "{{ $auth.Digest.UsersFile }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $whitelist := getWhiteList $app.SegmentLabels }}
|
||||
{{if $whitelist }}
|
||||
[frontends."{{ $frontendName }}".whiteList]
|
||||
sourceRange = [{{range $whitelist.SourceRange }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{if $whitelist.IPStrategy }}
|
||||
[frontends."{{ $frontendName }}".whiteList.IPStrategy]
|
||||
depth = {{ $whitelist.IPStrategy.Depth }}
|
||||
excludedIPs = [{{range $whitelist.IPStrategy.ExcludedIPs }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $redirect := getRedirect $app.SegmentLabels }}
|
||||
{{if $redirect }}
|
||||
[frontends."{{ $frontendName }}".redirect]
|
||||
entryPoint = "{{ $redirect.EntryPoint }}"
|
||||
regex = "{{ $redirect.Regex }}"
|
||||
replacement = "{{ $redirect.Replacement }}"
|
||||
permanent = {{ $redirect.Permanent }}
|
||||
{{end}}
|
||||
|
||||
{{ $errorPages := getErrorPages $app.SegmentLabels }}
|
||||
{{if $errorPages }}
|
||||
[frontends."{{ $frontendName }}".errors]
|
||||
{{range $pageName, $page := $errorPages }}
|
||||
[frontends."{{ $frontendName }}".errors."{{ $pageName }}"]
|
||||
status = [{{range $page.Status }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
backend = "backend{{ $page.Backend }}"
|
||||
query = "{{ $page.Query }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $rateLimit := getRateLimit $app.SegmentLabels }}
|
||||
{{if $rateLimit }}
|
||||
[frontends."{{ $frontendName }}".rateLimit]
|
||||
extractorFunc = "{{ $rateLimit.ExtractorFunc }}"
|
||||
[frontends."{{ $frontendName }}".rateLimit.rateSet]
|
||||
{{ range $limitName, $limit := $rateLimit.RateSet }}
|
||||
[frontends."{{ $frontendName }}".rateLimit.rateSet."{{ $limitName }}"]
|
||||
period = "{{ $limit.Period }}"
|
||||
average = {{ $limit.Average }}
|
||||
burst = {{ $limit.Burst }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $headers := getHeaders $app.SegmentLabels }}
|
||||
{{if $headers }}
|
||||
[frontends."{{ $frontendName }}".headers]
|
||||
SSLRedirect = {{ $headers.SSLRedirect }}
|
||||
SSLTemporaryRedirect = {{ $headers.SSLTemporaryRedirect }}
|
||||
SSLHost = "{{ $headers.SSLHost }}"
|
||||
SSLForceHost = {{ $headers.SSLForceHost }}
|
||||
STSSeconds = {{ $headers.STSSeconds }}
|
||||
STSIncludeSubdomains = {{ $headers.STSIncludeSubdomains }}
|
||||
STSPreload = {{ $headers.STSPreload }}
|
||||
ForceSTSHeader = {{ $headers.ForceSTSHeader }}
|
||||
FrameDeny = {{ $headers.FrameDeny }}
|
||||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
IsDevelopment = {{ $headers.IsDevelopment }}
|
||||
|
||||
{{if $headers.AllowedHosts }}
|
||||
AllowedHosts = [{{range $headers.AllowedHosts }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $headers.HostsProxyHeaders }}
|
||||
HostsProxyHeaders = [{{range $headers.HostsProxyHeaders }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $headers.CustomRequestHeaders }}
|
||||
[frontends."{{ $frontendName }}".headers.customRequestHeaders]
|
||||
{{range $k, $v := $headers.CustomRequestHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $headers.CustomResponseHeaders }}
|
||||
[frontends."{{ $frontendName }}".headers.customResponseHeaders]
|
||||
{{range $k, $v := $headers.CustomResponseHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $headers.SSLProxyHeaders }}
|
||||
[frontends."{{ $frontendName }}".headers.SSLProxyHeaders]
|
||||
{{range $k, $v := $headers.SSLProxyHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
[frontends."{{ $frontendName }}".routes."route-host{{ $app.ID | replace "/" "-" }}{{ getSegmentNameSuffix $app.SegmentName }}"]
|
||||
rule = "{{ getFrontendRule $app }}"
|
||||
|
||||
{{end}}
|
@ -1,277 +0,0 @@
|
||||
[backends]
|
||||
{{range $applicationName, $tasks := .ApplicationsTasks }}
|
||||
{{ $app := index $tasks 0 }}
|
||||
{{ $backendName := getBackendName $app }}
|
||||
|
||||
[backends."backend-{{ $backendName }}"]
|
||||
|
||||
{{ $circuitBreaker := getCircuitBreaker $app.TraefikLabels }}
|
||||
{{if $circuitBreaker }}
|
||||
[backends."backend-{{ $backendName }}".circuitBreaker]
|
||||
expression = "{{ $circuitBreaker.Expression }}"
|
||||
{{end}}
|
||||
|
||||
{{ $responseForwarding := getResponseForwarding $app.TraefikLabels }}
|
||||
{{if $responseForwarding }}
|
||||
[backends."backend-{{ $backendName }}".responseForwarding]
|
||||
flushInterval = "{{ $responseForwarding.FlushInterval }}"
|
||||
{{end}}
|
||||
|
||||
{{ $loadBalancer := getLoadBalancer $app.TraefikLabels }}
|
||||
{{if $loadBalancer }}
|
||||
[backends."backend-{{ $backendName }}".loadBalancer]
|
||||
method = "{{ $loadBalancer.Method }}"
|
||||
{{if $loadBalancer.Stickiness }}
|
||||
[backends."backend-{{ $backendName }}".loadBalancer.stickiness]
|
||||
cookieName = "{{ $loadBalancer.Stickiness.CookieName }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $maxConn := getMaxConn $app.TraefikLabels }}
|
||||
{{if $maxConn }}
|
||||
[backends."backend-{{ $backendName }}".maxConn]
|
||||
extractorFunc = "{{ $maxConn.ExtractorFunc }}"
|
||||
amount = {{ $maxConn.Amount }}
|
||||
{{end}}
|
||||
|
||||
{{ $healthCheck := getHealthCheck $app.TraefikLabels }}
|
||||
{{if $healthCheck }}
|
||||
[backends."backend-{{ $backendName }}".healthCheck]
|
||||
scheme = "{{ $healthCheck.Scheme }}"
|
||||
path = "{{ $healthCheck.Path }}"
|
||||
port = {{ $healthCheck.Port }}
|
||||
interval = "{{ $healthCheck.Interval }}"
|
||||
timeout = "{{ $healthCheck.Timeout }}"
|
||||
hostname = "{{ $healthCheck.Hostname }}"
|
||||
{{if $healthCheck.Headers }}
|
||||
[backends."backend-{{ $backendName }}".healthCheck.headers]
|
||||
{{range $k, $v := $healthCheck.Headers }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $buffering := getBuffering $app.TraefikLabels }}
|
||||
{{if $buffering }}
|
||||
[backends."backend-{{ $backendName }}".buffering]
|
||||
maxRequestBodyBytes = {{ $buffering.MaxRequestBodyBytes }}
|
||||
memRequestBodyBytes = {{ $buffering.MemRequestBodyBytes }}
|
||||
maxResponseBodyBytes = {{ $buffering.MaxResponseBodyBytes }}
|
||||
memResponseBodyBytes = {{ $buffering.MemResponseBodyBytes }}
|
||||
retryExpression = "{{ $buffering.RetryExpression }}"
|
||||
{{end}}
|
||||
|
||||
{{range $serverName, $server := getServers $tasks }}
|
||||
[backends."backend-{{ $backendName }}".servers."{{ $serverName }}"]
|
||||
url = "{{ $server.URL }}"
|
||||
weight = {{ $server.Weight }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
[frontends]
|
||||
{{range $applicationName, $tasks := .ApplicationsTasks }}
|
||||
{{ $app := index $tasks 0 }}
|
||||
{{ $frontendName := getFrontEndName $app }}
|
||||
|
||||
[frontends."frontend-{{ $frontendName }}"]
|
||||
backend = "backend-{{ getBackendName $app }}"
|
||||
priority = {{ getPriority $app.TraefikLabels }}
|
||||
passHostHeader = {{ getPassHostHeader $app.TraefikLabels }}
|
||||
passTLSCert = {{ getPassTLSCert $app.TraefikLabels }}
|
||||
|
||||
entryPoints = [{{range getEntryPoints $app.TraefikLabels }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
|
||||
{{ $tlsClientCert := getPassTLSClientCert $app.TraefikLabels }}
|
||||
{{if $tlsClientCert }}
|
||||
[frontends."frontend-{{ $frontendName }}".passTLSClientCert]
|
||||
pem = {{ $tlsClientCert.PEM }}
|
||||
{{ $infos := $tlsClientCert.Infos }}
|
||||
{{if $infos }}
|
||||
[frontends."frontend-{{ $frontendName }}".passTLSClientCert.infos]
|
||||
notAfter = {{ $infos.NotAfter }}
|
||||
notBefore = {{ $infos.NotBefore }}
|
||||
sans = {{ $infos.Sans }}
|
||||
{{ $subject := $infos.Subject }}
|
||||
{{if $subject }}
|
||||
[frontends."frontend-{{ $frontendName }}".passTLSClientCert.infos.subject]
|
||||
country = {{ $subject.Country }}
|
||||
province = {{ $subject.Province }}
|
||||
locality = {{ $subject.Locality }}
|
||||
organization = {{ $subject.Organization }}
|
||||
commonName = {{ $subject.CommonName }}
|
||||
serialNumber = {{ $subject.SerialNumber }}
|
||||
domainComponent = {{ $subject.DomainComponent }}
|
||||
{{end}}
|
||||
{{ $issuer := $infos.Subject }}
|
||||
{{if $issuer }}
|
||||
[frontends."frontend-{{ $frontendName }}".passTLSClientCert.infos.issuer]
|
||||
country = {{ $issuer.Country }}
|
||||
province = {{ $issuer.Province }}
|
||||
locality = {{ $issuer.Locality }}
|
||||
organization = {{ $issuer.Organization }}
|
||||
commonName = {{ $issuer.CommonName }}
|
||||
serialNumber = {{ $issuer.SerialNumber }}
|
||||
domainComponent = {{ $issuer.DomainComponent }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $auth := getAuth $app.TraefikLabels }}
|
||||
{{if $auth }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth]
|
||||
headerField = "{{ $auth.HeaderField }}"
|
||||
|
||||
{{if $auth.Forward }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth.forward]
|
||||
address = "{{ $auth.Forward.Address }}"
|
||||
trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }}
|
||||
{{if $auth.Forward.AuthResponseHeaders }}
|
||||
authResponseHeaders = [{{range $auth.Forward.AuthResponseHeaders }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Forward.TLS }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth.forward.tls]
|
||||
ca = "{{ $auth.Forward.TLS.CA }}"
|
||||
caOptional = {{ $auth.Forward.TLS.CAOptional }}
|
||||
cert = """{{ $auth.Forward.TLS.Cert }}"""
|
||||
key = """{{ $auth.Forward.TLS.Key }}"""
|
||||
insecureSkipVerify = {{ $auth.Forward.TLS.InsecureSkipVerify }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Basic }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth.basic]
|
||||
removeHeader = {{ $auth.Basic.RemoveHeader}}
|
||||
{{if $auth.Basic.Users }}
|
||||
users = [{{range $auth.Basic.Users }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
usersFile = "{{ $auth.Basic.UsersFile }}"
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Digest }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth.digest]
|
||||
removeHeader = {{ $auth.Digest.RemoveHeader}}
|
||||
{{if $auth.Digest.Users }}
|
||||
users = [{{range $auth.Digest.Users }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
usersFile = "{{ $auth.Digest.UsersFile }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $whitelist := getWhiteList $app.TraefikLabels }}
|
||||
{{if $whitelist }}
|
||||
[frontends."frontend-{{ $frontendName }}".whiteList]
|
||||
sourceRange = [{{range $whitelist.SourceRange }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{if $whitelist.IPStrategy }}
|
||||
[frontends."frontend-{{ $frontendName }}".whiteList.IPStrategy]
|
||||
depth = {{ $whitelist.IPStrategy.Depth }}
|
||||
excludedIPs = [{{range $whitelist.IPStrategy.ExcludedIPs }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $redirect := getRedirect $app.TraefikLabels }}
|
||||
{{if $redirect }}
|
||||
[frontends."frontend-{{ $frontendName }}".redirect]
|
||||
entryPoint = "{{ $redirect.EntryPoint }}"
|
||||
regex = "{{ $redirect.Regex }}"
|
||||
replacement = "{{ $redirect.Replacement }}"
|
||||
permanent = {{ $redirect.Permanent }}
|
||||
{{end}}
|
||||
|
||||
{{ $errorPages := getErrorPages $app.TraefikLabels }}
|
||||
{{if $errorPages }}
|
||||
[frontends."frontend-{{ $frontendName }}".errors]
|
||||
{{range $pageName, $page := $errorPages }}
|
||||
[frontends."frontend-{{ $frontendName }}".errors."{{ $pageName }}"]
|
||||
status = [{{range $page.Status }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
backend = "backend-{{ $page.Backend }}"
|
||||
query = "{{ $page.Query }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $rateLimit := getRateLimit $app.TraefikLabels }}
|
||||
{{if $rateLimit }}
|
||||
[frontends."frontend-{{ $frontendName }}".rateLimit]
|
||||
extractorFunc = "{{ $rateLimit.ExtractorFunc }}"
|
||||
[frontends."frontend-{{ $frontendName }}".rateLimit.rateSet]
|
||||
{{ range $limitName, $limit := $rateLimit.RateSet }}
|
||||
[frontends."frontend-{{ $frontendName }}".rateLimit.rateSet."{{ $limitName }}"]
|
||||
period = "{{ $limit.Period }}"
|
||||
average = {{ $limit.Average }}
|
||||
burst = {{ $limit.Burst }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $headers := getHeaders $app.TraefikLabels }}
|
||||
{{if $headers }}
|
||||
[frontends."frontend-{{ $frontendName }}".headers]
|
||||
SSLRedirect = {{ $headers.SSLRedirect }}
|
||||
SSLTemporaryRedirect = {{ $headers.SSLTemporaryRedirect }}
|
||||
SSLHost = "{{ $headers.SSLHost }}"
|
||||
SSLForceHost = {{ $headers.SSLForceHost }}
|
||||
STSSeconds = {{ $headers.STSSeconds }}
|
||||
STSIncludeSubdomains = {{ $headers.STSIncludeSubdomains }}
|
||||
STSPreload = {{ $headers.STSPreload }}
|
||||
ForceSTSHeader = {{ $headers.ForceSTSHeader }}
|
||||
FrameDeny = {{ $headers.FrameDeny }}
|
||||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
IsDevelopment = {{ $headers.IsDevelopment }}
|
||||
|
||||
{{if $headers.AllowedHosts }}
|
||||
AllowedHosts = [{{range $headers.AllowedHosts }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $headers.HostsProxyHeaders }}
|
||||
HostsProxyHeaders = [{{range $headers.HostsProxyHeaders }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $headers.CustomRequestHeaders }}
|
||||
[frontends."frontend-{{ $frontendName }}".headers.customRequestHeaders]
|
||||
{{range $k, $v := $headers.CustomRequestHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $headers.CustomResponseHeaders }}
|
||||
[frontends."frontend-{{ $frontendName }}".headers.customResponseHeaders]
|
||||
{{range $k, $v := $headers.CustomResponseHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $headers.SSLProxyHeaders }}
|
||||
[frontends."frontend-{{ $frontendName }}".headers.SSLProxyHeaders]
|
||||
{{range $k, $v := $headers.SSLProxyHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
[frontends."frontend-{{ $frontendName }}".routes."route-host-{{ $frontendName }}"]
|
||||
rule = "{{ getFrontendRule $app }}"
|
||||
|
||||
{{end}}
|
@ -1,9 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>Traefik</title>
|
||||
</head>
|
||||
<body>
|
||||
Ohhhh man, this is bad...
|
||||
</body>
|
||||
</html>
|
@ -1,275 +0,0 @@
|
||||
{{ $backendServers := .Backends }}
|
||||
[backends]
|
||||
{{range $backendName, $backend := .Backends }}
|
||||
|
||||
[backends."backend-{{ $backendName }}"]
|
||||
|
||||
{{ $circuitBreaker := getCircuitBreaker $backend.SegmentLabels }}
|
||||
{{if $circuitBreaker }}
|
||||
[backends."backend-{{ $backendName }}".circuitBreaker]
|
||||
expression = "{{ $circuitBreaker.Expression }}"
|
||||
{{end}}
|
||||
|
||||
{{ $responseForwarding := getResponseForwarding $backend.SegmentLabels }}
|
||||
{{if $responseForwarding }}
|
||||
[backends."backend-{{ $backendName }}".responseForwarding]
|
||||
flushInterval = "{{ $responseForwarding.FlushInterval }}"
|
||||
{{end}}
|
||||
|
||||
{{ $loadBalancer := getLoadBalancer $backend.SegmentLabels }}
|
||||
{{if $loadBalancer }}
|
||||
[backends."backend-{{ $backendName }}".loadBalancer]
|
||||
method = "{{ $loadBalancer.Method }}"
|
||||
{{if $loadBalancer.Stickiness }}
|
||||
[backends."backend-{{ $backendName }}".loadBalancer.stickiness]
|
||||
cookieName = "{{ $loadBalancer.Stickiness.CookieName }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $maxConn := getMaxConn $backend.SegmentLabels }}
|
||||
{{if $maxConn }}
|
||||
[backends."backend-{{ $backendName }}".maxConn]
|
||||
extractorFunc = "{{ $maxConn.ExtractorFunc }}"
|
||||
amount = {{ $maxConn.Amount }}
|
||||
{{end}}
|
||||
|
||||
{{ $healthCheck := getHealthCheck $backend.SegmentLabels }}
|
||||
{{if $healthCheck }}
|
||||
[backends."backend-{{ $backendName }}".healthCheck]
|
||||
scheme = "{{ $healthCheck.Scheme }}"
|
||||
path = "{{ $healthCheck.Path }}"
|
||||
port = {{ $healthCheck.Port }}
|
||||
interval = "{{ $healthCheck.Interval }}"
|
||||
timeout = "{{ $healthCheck.Timeout }}"
|
||||
hostname = "{{ $healthCheck.Hostname }}"
|
||||
{{if $healthCheck.Headers }}
|
||||
[backends."backend-{{ $backendName }}".healthCheck.headers]
|
||||
{{range $k, $v := $healthCheck.Headers }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $buffering := getBuffering $backend.SegmentLabels }}
|
||||
{{if $buffering }}
|
||||
[backends."backend-{{ $backendName }}".buffering]
|
||||
maxRequestBodyBytes = {{ $buffering.MaxRequestBodyBytes }}
|
||||
memRequestBodyBytes = {{ $buffering.MemRequestBodyBytes }}
|
||||
maxResponseBodyBytes = {{ $buffering.MaxResponseBodyBytes }}
|
||||
memResponseBodyBytes = {{ $buffering.MemResponseBodyBytes }}
|
||||
retryExpression = "{{ $buffering.RetryExpression }}"
|
||||
{{end}}
|
||||
|
||||
{{range $serverName, $server := getServers $backend}}
|
||||
[backends."backend-{{ $backendName }}".servers."{{ $serverName }}"]
|
||||
url = "{{ $server.URL }}"
|
||||
weight = {{ $server.Weight }}
|
||||
{{end}}
|
||||
|
||||
{{end}}
|
||||
|
||||
[frontends]
|
||||
{{range $frontendName, $service := .Frontends }}
|
||||
|
||||
[frontends."frontend-{{ $frontendName }}"]
|
||||
backend = "backend-{{ getBackendName $service }}"
|
||||
priority = {{ getPriority $service.SegmentLabels }}
|
||||
passHostHeader = {{ getPassHostHeader $service.SegmentLabels }}
|
||||
passTLSCert = {{ getPassTLSCert $service.SegmentLabels }}
|
||||
|
||||
entryPoints = [{{range getEntryPoints $service.SegmentLabels }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
|
||||
{{ $tlsClientCert := getPassTLSClientCert $service.SegmentLabels }}
|
||||
{{if $tlsClientCert }}
|
||||
[frontends."frontend-{{ $frontendName }}".passTLSClientCert]
|
||||
pem = {{ $tlsClientCert.PEM }}
|
||||
{{ $infos := $tlsClientCert.Infos }}
|
||||
{{if $infos }}
|
||||
[frontends."frontend-{{ $frontendName }}".passTLSClientCert.infos]
|
||||
notAfter = {{ $infos.NotAfter }}
|
||||
notBefore = {{ $infos.NotBefore }}
|
||||
sans = {{ $infos.Sans }}
|
||||
{{ $subject := $infos.Subject }}
|
||||
{{if $subject }}
|
||||
[frontends."frontend-{{ $frontendName }}".passTLSClientCert.infos.subject]
|
||||
country = {{ $subject.Country }}
|
||||
province = {{ $subject.Province }}
|
||||
locality = {{ $subject.Locality }}
|
||||
organization = {{ $subject.Organization }}
|
||||
commonName = {{ $subject.CommonName }}
|
||||
serialNumber = {{ $subject.SerialNumber }}
|
||||
domainComponent = {{ $subject.DomainComponent }}
|
||||
{{end}}
|
||||
{{ $issuer := $infos.Subject }}
|
||||
{{if $issuer }}
|
||||
[frontends."frontend-{{ $frontendName }}".passTLSClientCert.infos.issuer]
|
||||
country = {{ $issuer.Country }}
|
||||
province = {{ $issuer.Province }}
|
||||
locality = {{ $issuer.Locality }}
|
||||
organization = {{ $issuer.Organization }}
|
||||
commonName = {{ $issuer.CommonName }}
|
||||
serialNumber = {{ $issuer.SerialNumber }}
|
||||
domainComponent = {{ $issuer.DomainComponent }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $auth := getAuth $service.SegmentLabels }}
|
||||
{{if $auth }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth]
|
||||
headerField = "{{ $auth.HeaderField }}"
|
||||
|
||||
{{if $auth.Forward }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth.forward]
|
||||
address = "{{ $auth.Forward.Address }}"
|
||||
trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }}
|
||||
{{if $auth.Forward.AuthResponseHeaders }}
|
||||
authResponseHeaders = [{{range $auth.Forward.AuthResponseHeaders }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Forward.TLS }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth.forward.tls]
|
||||
ca = "{{ $auth.Forward.TLS.CA }}"
|
||||
caOptional = {{ $auth.Forward.TLS.CAOptional }}
|
||||
cert = """{{ $auth.Forward.TLS.Cert }}"""
|
||||
key = """{{ $auth.Forward.TLS.Key }}"""
|
||||
insecureSkipVerify = {{ $auth.Forward.TLS.InsecureSkipVerify }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Basic }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth.basic]
|
||||
removeHeader = {{ $auth.Basic.RemoveHeader }}
|
||||
{{if $auth.Basic.Users }}
|
||||
users = [{{range $auth.Basic.Users }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
usersFile = "{{ $auth.Basic.UsersFile }}"
|
||||
{{end}}
|
||||
|
||||
{{if $auth.Digest }}
|
||||
[frontends."frontend-{{ $frontendName }}".auth.digest]
|
||||
removeHeader = {{ $auth.Digest.RemoveHeader }}
|
||||
{{if $auth.Digest.Users }}
|
||||
users = [{{range $auth.Digest.Users }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
usersFile = "{{ $auth.Digest.UsersFile }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $whitelist := getWhiteList $service.SegmentLabels }}
|
||||
{{if $whitelist }}
|
||||
[frontends."frontend-{{ $frontendName }}".whiteList]
|
||||
sourceRange = [{{range $whitelist.SourceRange }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{if $whitelist.IPStrategy }}
|
||||
[frontends."frontend-{{ $frontendName }}".whiteList.IPStrategy]
|
||||
depth = {{ $whitelist.IPStrategy.Depth }}
|
||||
excludedIPs = [{{range $whitelist.IPStrategy.ExcludedIPs }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $redirect := getRedirect $service.SegmentLabels }}
|
||||
{{if $redirect }}
|
||||
[frontends."frontend-{{ $frontendName }}".redirect]
|
||||
entryPoint = "{{ $redirect.EntryPoint }}"
|
||||
regex = "{{ $redirect.Regex }}"
|
||||
replacement = "{{ $redirect.Replacement }}"
|
||||
permanent = {{ $redirect.Permanent }}
|
||||
{{end}}
|
||||
|
||||
{{ $errorPages := getErrorPages $service.SegmentLabels }}
|
||||
{{if $errorPages }}
|
||||
[frontends."frontend-{{ $frontendName }}".errors]
|
||||
{{range $pageName, $page := $errorPages }}
|
||||
[frontends."frontend-{{ $frontendName }}".errors."{{ $pageName }}"]
|
||||
status = [{{range $page.Status }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
backend = "backend-{{ $page.Backend }}"
|
||||
query = "{{ $page.Query }}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $rateLimit := getRateLimit $service.SegmentLabels }}
|
||||
{{if $rateLimit }}
|
||||
[frontends."frontend-{{ $frontendName }}".rateLimit]
|
||||
extractorFunc = "{{ $rateLimit.ExtractorFunc }}"
|
||||
[frontends."frontend-{{ $frontendName }}".rateLimit.rateSet]
|
||||
{{ range $limitName, $limit := $rateLimit.RateSet }}
|
||||
[frontends."frontend-{{ $frontendName }}".rateLimit.rateSet."{{ $limitName }}"]
|
||||
period = "{{ $limit.Period }}"
|
||||
average = {{ $limit.Average }}
|
||||
burst = {{ $limit.Burst }}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{ $headers := getHeaders $service.SegmentLabels }}
|
||||
{{if $headers }}
|
||||
[frontends."frontend-{{ $frontendName }}".headers]
|
||||
SSLRedirect = {{ $headers.SSLRedirect }}
|
||||
SSLTemporaryRedirect = {{ $headers.SSLTemporaryRedirect }}
|
||||
SSLHost = "{{ $headers.SSLHost }}"
|
||||
SSLForceHost = {{ $headers.SSLForceHost }}
|
||||
STSSeconds = {{ $headers.STSSeconds }}
|
||||
STSIncludeSubdomains = {{ $headers.STSIncludeSubdomains }}
|
||||
STSPreload = {{ $headers.STSPreload }}
|
||||
ForceSTSHeader = {{ $headers.ForceSTSHeader }}
|
||||
FrameDeny = {{ $headers.FrameDeny }}
|
||||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
IsDevelopment = {{ $headers.IsDevelopment }}
|
||||
|
||||
{{if $headers.AllowedHosts }}
|
||||
AllowedHosts = [{{range $headers.AllowedHosts }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $headers.HostsProxyHeaders }}
|
||||
HostsProxyHeaders = [{{range $headers.HostsProxyHeaders }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
{{if $headers.CustomRequestHeaders }}
|
||||
[frontends."frontend-{{ $frontendName }}".headers.customRequestHeaders]
|
||||
{{range $k, $v := $headers.CustomRequestHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $headers.CustomResponseHeaders }}
|
||||
[frontends."frontend-{{ $frontendName }}".headers.customResponseHeaders]
|
||||
{{range $k, $v := $headers.CustomResponseHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
{{if $headers.SSLProxyHeaders }}
|
||||
[frontends."frontend-{{ $frontendName }}".headers.SSLProxyHeaders]
|
||||
{{range $k, $v := $headers.SSLProxyHeaders }}
|
||||
{{$k}} = "{{$v}}"
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
[frontends."frontend-{{ $frontendName }}".routes."route-frontend-{{ $frontendName }}"]
|
||||
rule = "{{ getFrontendRule $service.Name $service.SegmentLabels }}"
|
||||
|
||||
{{end}}
|
Loading…
Reference in New Issue
Block a user