diff --git a/tools/ingress/controller.yaml b/tools/ingress/controller.yaml new file mode 100644 index 00000000..950981d7 --- /dev/null +++ b/tools/ingress/controller.yaml @@ -0,0 +1,47 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: traefik + name: traefik +spec: + replicas: 1 + template: + metadata: + labels: + app: traefik + spec: + volumes: + - name: ssl + secret: + secretName: traefik-cert + - name: config + configMap: + name: traefik-conf + containers: + - image: traefik:latest + name: traefik + volumeMounts: + - mountPath: "/ssl" + name: "ssl" + - mountPath: "/config" + name: "config" + args: + - --configfile=/config/traefik.toml + - --kubernetes + - --logLevel=DEBUG +--- +apiVersion: v1 +kind: Service +metadata: + name: traefik +spec: + externalIPs: + - EXTERNAL_IP + ports: + - name: http + port: HTTP_PORT + - name: https + port: HTTPS_PORT + selector: + app: traefik diff --git a/tools/ingress/deploy-ingress-controller.sh b/tools/ingress/deploy-ingress-controller.sh new file mode 100755 index 00000000..00794f07 --- /dev/null +++ b/tools/ingress/deploy-ingress-controller.sh @@ -0,0 +1,85 @@ +#!/bin/bash + +set -e + +function usage { + local base_name=$(basename $0) + echo "Usage:" + echo " $base_name -i " + echo " $base_name -p " + echo " $base_name -s " + echo " $base_name -n " + echo " $base_name -k " + echo " $base_name -c " + echo " $base_name -d " + echo " $base_name -i " +} + +NAMESPACE=" --namespace kube-system" +DOMAIN="ccp.external" +HTTP_PORT=80 +HTTPS_PORT=8443 + +while getopts "p:s:k:c:d:n:i:h" opt; do + case $opt in + "p" ) + HTTP_PORT="$OPTARG" + ;; + "s" ) + HTTPS_PORT="$OPTARG" + ;; + "k" ) + TLS_KEY="$OPTARG" + ;; + "c" ) + TLS_CERT="$OPTARG" + ;; + "d" ) + DOMAIN="$OPTARG" + ;; + "n" ) + NAMESPACE=" --namespace $OPTARG" + ;; + "i" ) + EXTERNAL_IP="$OPTARG" + ;; + "h" ) + usage + exit 0 + ;; + * ) + usage + exit 1 + ;; + esac +done + +which kubectl 1>/dev/null + +function kube_cmd { + kubectl $NAMESPACE "$@" +} + +workdir=$(dirname $0) + +if [ -z $EXTERNAL_IP ]; then + echo "External IP should be provided via -i param" + usage + exit 1 +fi + +if [ -z $TLS_KEY ] || [ -z $TLS_CERT ]; then + TLS_KEY="tls.key" + TLS_CERT="tls.crt" + CLEANUP="True" + openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $TLS_KEY -out $TLS_CERT -subj "/CN=*.$DOMAIN" +fi + +kube_cmd create secret generic traefik-cert --from-file=$TLS_CERT --from-file=$TLS_KEY +sed -e "s/HTTP_PORT/$HTTP_PORT/g" -e "s/HTTPS_PORT/$HTTPS_PORT/g" $workdir/traefik-conf.yaml | kube_cmd create -f - +sleep 1 +sed -e "s/HTTP_PORT/$HTTP_PORT/g" -e "s/HTTPS_PORT/$HTTPS_PORT/g" -e "s/EXTERNAL_IP/$EXTERNAL_IP/g" $workdir/controller.yaml | kube_cmd create -f - + +if [ -n $CLEANUP ]; then + rm $TLS_KEY $TLS_CERT +fi diff --git a/tools/ingress/traefik-conf.yaml b/tools/ingress/traefik-conf.yaml new file mode 100644 index 00000000..ee10b6bc --- /dev/null +++ b/tools/ingress/traefik-conf.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: traefik-conf +data: + traefik.toml: | + defaultEntryPoints = ["http","https"] + [entryPoints] + [entryPoints.http] + address = ":HTTP_PORT" + [entryPoints.http.redirect] + entryPoint = "https" + [entryPoints.https] + address = ":HTTPS_PORT" + [entryPoints.https.tls] + [[entryPoints.https.tls.certificates]] + CertFile = "/ssl/tls.crt" + KeyFile = "/ssl/tls.key"