From 2abe98ee2823851c79bf4189c4712e3321305a0f Mon Sep 17 00:00:00 2001
From: Sergey Lukjanov <slukjanov@mirantis.com>
Date: Sat, 19 Nov 2016 21:33:52 -0800
Subject: [PATCH] Deploy Traefik webui in read-only mode with the same SSL conf

It could be very usable as showing endpoints information and
provider information as well (K8s Ingress Controller info) as
well as health info. https://traefik.io/web.frontend.png

Change-Id: Ieec0e4182d2c4bf9e941ed0382f6fc206edee94c
---
 tools/ingress/controller.yaml              |  2 ++
 tools/ingress/deploy-ingress-controller.sh | 11 ++++++++---
 tools/ingress/traefik-conf.yaml            |  5 +++++
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/tools/ingress/controller.yaml b/tools/ingress/controller.yaml
index 950981d7..17635551 100644
--- a/tools/ingress/controller.yaml
+++ b/tools/ingress/controller.yaml
@@ -39,6 +39,8 @@ spec:
   externalIPs:
     - EXTERNAL_IP
   ports:
+    - name: webui
+      port: WEBUI_PORT
     - name: http
       port: HTTP_PORT
     - name: https
diff --git a/tools/ingress/deploy-ingress-controller.sh b/tools/ingress/deploy-ingress-controller.sh
index cdded6b4..eff10535 100755
--- a/tools/ingress/deploy-ingress-controller.sh
+++ b/tools/ingress/deploy-ingress-controller.sh
@@ -8,6 +8,7 @@ function usage {
     echo "  $base_name -i <external IP>"
     echo "  $base_name -p <http port (default: 80)>"
     echo "  $base_name -s <https port (default: 8443)>"
+    echo "  $base_name -w <webui port (default: 8088)>"
     echo "  $base_name -n <namespace>"
     echo "  $base_name -k <path to tls key>"
     echo "  $base_name -c <path to tls cert>"
@@ -17,10 +18,11 @@ function usage {
 
 NAMESPACE=" --namespace kube-system"
 DOMAIN="ccp.external"
+WEBUI_PORT=8088
 HTTP_PORT=80
 HTTPS_PORT=8443
 
-while getopts "p:s:k:c:d:n:i:h" opt; do
+while getopts "p:s:w:k:c:d:n:i:h" opt; do
     case $opt in
         "p" )
             HTTP_PORT="$OPTARG"
@@ -28,6 +30,9 @@ while getopts "p:s:k:c:d:n:i:h" opt; do
         "s" )
             HTTPS_PORT="$OPTARG"
             ;;
+        "w" )
+            WEBUI_PORT="$OPTARG"
+            ;;
         "k" )
             TLS_KEY="$OPTARG"
             ;;
@@ -76,9 +81,9 @@ if [ -z $TLS_KEY ] || [ -z $TLS_CERT ]; then
 fi
 
 kube_cmd create secret generic traefik-cert --from-file=$TLS_CERT --from-file=$TLS_KEY
-sed -e "s/HTTP_PORT/$HTTP_PORT/g" -e "s/HTTPS_PORT/$HTTPS_PORT/g" $workdir/traefik-conf.yaml | kube_cmd create -f -
+sed -e "s/HTTP_PORT/$HTTP_PORT/g" -e "s/HTTPS_PORT/$HTTPS_PORT/g" -e "s/WEBUI_PORT/$WEBUI_PORT/g" $workdir/traefik-conf.yaml | kube_cmd create -f -
 sleep 1
-sed -e "s/HTTP_PORT/$HTTP_PORT/g" -e "s/HTTPS_PORT/$HTTPS_PORT/g" -e "s/EXTERNAL_IP/$EXTERNAL_IP/g" $workdir/controller.yaml | kube_cmd create -f -
+sed -e "s/HTTP_PORT/$HTTP_PORT/g" -e "s/HTTPS_PORT/$HTTPS_PORT/g" -e "s/WEBUI_PORT/$WEBUI_PORT/g" -e "s/EXTERNAL_IP/$EXTERNAL_IP/g" $workdir/controller.yaml | kube_cmd create -f -
 
 if [ -n $CLEANUP ]; then
     rm $TLS_KEY $TLS_CERT
diff --git a/tools/ingress/traefik-conf.yaml b/tools/ingress/traefik-conf.yaml
index ee10b6bc..bdceca74 100644
--- a/tools/ingress/traefik-conf.yaml
+++ b/tools/ingress/traefik-conf.yaml
@@ -5,6 +5,11 @@ metadata:
 data:
   traefik.toml: |
     defaultEntryPoints = ["http","https"]
+    [web]
+    address = ":WEBUI_PORT"
+    ReadOnly = true
+    CertFile = "/ssl/tls.crt"
+    KeyFile = "/ssl/tls.key"
     [entryPoints]
       [entryPoints.http]
       address = ":HTTP_PORT"