{{- range .Values.envs }}
{{ $version := index $.Values.traefikAPI .name "version" }}
{{ $replicas := index $.Values.traefikAPI .name "replicas" }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: traefik-api-ingress-controller
namespace: {{ .namespace }}
labels:
k8s-app: traefik-api-ingress-lb
chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}"
app: traefik-api-ingress-controller
spec:
replicas: {{ $replicas }}
selector:
matchLabels:
k8s-app: traefik-api-ingress-lb
revisionHistoryLimit: 10
strategy:
rollingUpdate:
maxSurge: 2
maxUnavailable: 1
template:
metadata:
labels:
k8s-app: traefik-api-ingress-lb
name: traefik-api-ingress-lb
version: {{ $version }}
app: traefik-api-ingress-controller
spec:
terminationGracePeriodSeconds: 120
containers:
- name: traefik-api-ingress-lb
image: traefik:{{ $version }}
resources:
limits:
cpu: 500m
memory: 1024Mi
requests:
cpu: 100m
memory: 100Mi
readinessProbe:
tcpSocket:
port: 80
failureThreshold: 1
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
livenessProbe:
tcpSocket:
port: 80
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
volumeMounts:
- mountPath: /config
name: config
{{- if (index $.Values.traefikAPI .name "ssl" "enabled") }}
- mountPath: /ssl
name: ssl
{{- end }}
ports:
- containerPort: 80
{{- if not $.Values.prodMode }}
hostPort: 80
{{- end }}
{{- if (index $.Values.traefikAPI .name "ssl" "enabled") }}
- name: "https"
containerPort: 80
hostPort: 443
{{- end }}
- name: admin
containerPort: 8080
env:
- name: UPDATE_CONFIG
value: {{ $.Release.Time }}
args:
- --configfile=/config/traefik.toml
volumes:
- name: config
configMap:
name: traefik-api-files
{{- if (index $.Values.traefikAPI .name "ssl" "enabled") }}
- name: ssl
secret:
secretName: traefik-default-cert
{{- end }}
---
{{- end }}
{{- range .Values.envs }}
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik-api-files
namespace: {{ .namespace }}
labels:
k8s-app: traefik-api-ingress-lb
chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}"
data:
traefik.toml: |
{{ include "traefik" (index $.Values.traefikAPI .name) | trim | indent 4 }}
---
{{- end }}{{- range .Values.envs }}
apiVersion: v1
kind: Service
metadata:
name: traefik-api-ingress-lb
namespace: {{ .namespace }}
labels:
k8s-app: traefik-api-ingress-lb
chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}"
annotations:
{{- if $.Values.prodMode }}
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:sa-east-1:XXXXXXXX:certificate/XXXXXX-XXXXX-XXXXX-XXXX-XXXXXXX
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
{{- end }}
spec:
selector:
k8s-app: traefik-api-ingress-lb
ports:
- name: "http"
port: 80
- name: "https"
port: 443
targetPort: 80
type: "LoadBalancer"
---
{{- end }}
{{- define "traefik" }}
{{- $logLevel := .logLevel | default "DEBUG" }}
logLevel = "{{ $logLevel }}"
{{- if (eq $logLevel "DEBUG") }}
debug = true
{{- else }}
debug = false
{{- end }}
traefikLogsStdout = true
accessLogsFile = "/dev/stdout"
{{- if .ssl.enabled }}
defaultEntryPoints = ["http","https"]
{{- else }}
defaultEntryPoints = ["http"]
{{- end }}
[entryPoints]
[entryPoints.http]
address = ":80"
compress = {{ .gzip.enabled }}
{{- if and .ssl.enabled .ssl.enforced }}
[entryPoints.http.redirect]
entryPoint = "https"
{{- end }}
{{- if .ssl.enabled }}
[entryPoints.https]
address = ":443"
compress = {{ .gzip.enabled }}
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "/ssl/tls.crt"
KeyFile = "/ssl/tls.key"
{{- end }}
[web]
address = ":8080"
[kubernetes]
[file]
watch = true
# Enable retry sending request if network error
#
# Optional
#
[retry]
# Number of attempts
#
# Optional
# Default: (number servers in backend) -1
#
attempts = 3
# Sets the maximum request body to be stored in memory in Mo
#
# Optional
# Default: 2
#
maxMem = 3
[backends]
{{- range $name, $backends := .backends }}
[backends."{{ $name }}"]
{{- range $server := $backends }}
[backends."{{ $name }}".servers."{{index $server "name"}}"]
{{- if (index $server "url") }}
url = {{ index $server "url" | quote }}
{{- end }}
{{- if (index $server "values") }}
{{- range $l := (index $server "values") }}
{{ $l | trim }}
{{- end -}}
{{- end -}}
{{- end }}
{{- end }}
[frontends]
{{- range $name, $frontend := .frontends }}
[frontends."{{ $name }}"]
backend = {{ or (index $frontend "backend" ) $name | quote }}
passHostHeader = true
{{- range $rule := $frontend.rules }}
[frontends."{{ $name }}".routes."{{ $rule }}"]
rule = "{{ $rule }}"
{{- end }}
{{- end }}
{{- end }}
envs:
- name: staging
namespace: default
prodMode: false
traefikAPI:
staging:
version: v1.3.0
replicas: 1
gzip:
enabled: false
ssl:
enabled: false
backends:
api_v1:
- name: k8s
url: "http://agendor-api.default.svc.cluster.local"
api_v1_legacy:
- name: legacy-1
url: "http://ec2-XX-XX-XXX-XXX.sa-east-1.compute.amazonaws.com"
frontends:
api_v1:
rules:
- "Host:stg-api.agendor.com.br;PathPrefixStrip:/v1"
api_v1_legacy:
rules:
- "Host:stg-api.agendor.com.br;PathPrefixStrip:/v1"
- "HeadersRegexp:Cookie,_AUSER_TYPE=legacy"