def create(router_name, router_spec):
from ckan_cloud_operator.providers.cluster.manager import get_or_create_multi_user_volume_claim
from ckan_cloud_operator.routers.traefik.deployment import get_label_suffixes
router_type = router_spec.get('type')
default_root_domain = router_spec.get('default-root-domain')
assert router_type in ROUTER_TYPES and default_root_domain, f'Invalid router spec: {router_spec}'
get(router_name, only_dns=True, failfast=True)
print(f'Creating CkanCloudRouter {router_name} {router_spec}')
labels = _get_labels(router_name, router_type)
router = kubectl.get_resource('stable.viderum.com/v1', 'CkanCloudRouter', router_name, labels,
spec=dict(router_spec, **{'type': router_type}))
router_manager = ROUTER_TYPES[router_type]['manager']
router = router_manager.create(router)
get_or_create_multi_user_volume_claim(get_label_suffixes(router_name, router_type))
annotations = CkanRoutersAnnotations(router_name, router)
annotations.json_annotate('default-root-domain', default_root_domain)
def _get_deployment_spec(router_name, router_type, annotations, image=None):
volume_spec = cluster_manager.get_or_create_multi_user_volume_claim(
get_label_suffixes(router_name, router_type))
deployment_spec = {
'replicas': 1,
'revisionHistoryLimit': 5,
'template': {
'metadata': {
'labels': get_labels(router_name,
router_type,
for_deployment=True)
},
'spec': {
'containers': [{
'name':
'traefik',
'image':
image or 'traefik:1.6-alpine',
'ports': [{
'containerPort': 80
}],
'volumeMounts': [{
'name': 'etc-traefik',
'mountPath': '/etc-traefik'
}, {
'name': 'traefik-acme',
'mountPath': '/traefik-acme',
'subPath': f'router-traefik-{router_name}'
}],
'args': ['--configFile=/etc-traefik/traefik.toml']
}],
'volumes': [{
'name': 'etc-traefik',
'configMap': {
'name': f'router-traefik-{router_name}'
}
},
dict(volume_spec, name='traefik-acme')]
}
}
}
if annotations.get_flag('letsencryptCloudflareEnabled'):
container = deployment_spec['template']['spec']['containers'][0]
container['ports'].append({'containerPort': 443})
cloudflare_email, cloudflare_api_key = get_cloudflare_credentials()
secret_name = f'ckancloudrouter-{router_name}-cloudflare'
kubectl.update_secret(secret_name, {
'CLOUDFLARE_EMAIL': cloudflare_email,
'CLOUDFLARE_API_KEY': cloudflare_api_key,
},
labels=get_labels(router_name, router_type))
container['envFrom'] = [{'secretRef': {'name': secret_name}}]
return deployment_spec
def _get_deployment_spec(router_name,
router_type,
annotations,
image=None,
httpauth_secrets=None,
dns_provider=None):
volume_spec = cluster_manager.get_or_create_multi_user_volume_claim(
get_label_suffixes(router_name, router_type))
httpauth_secrets_volume_mounts, httpauth_secrets_volumes = [], []
if httpauth_secrets:
added_secrets = []
for httpauth_secret in httpauth_secrets:
if httpauth_secret in added_secrets: continue
added_secrets.append(httpauth_secret)
httpauth_secrets_volumes.append({
'name': httpauth_secret,
'secret': {
'secretName': httpauth_secret
}
})
httpauth_secrets_volume_mounts.append({
'name':
httpauth_secret,
'mountPath':
f'/httpauth-{httpauth_secret}'
})
container_spec_overrides = config_manager.get(
'container-spec-overrides',
configmap_name=f'traefik-router-{router_name}-deployment',
required=False,
default=None)
deployment_spec = {
'replicas': 1,
'revisionHistoryLimit': 5,
'template': {
'metadata': {
'labels': get_labels(router_name, router_type, for_deployment=True)
},
'spec': {
'containers': [
{
'name': 'traefik',
'image': image or 'traefik:1.6-alpine',
'ports': [{'containerPort': 80}],
'volumeMounts': [
{'name': 'etc-traefik', 'mountPath': '/etc-traefik'},
{'name': 'traefik-acme', 'mountPath': '/traefik-acme', 'subPath': f'router-traefik-{router_name}'},
*httpauth_secrets_volume_mounts,
],
'args': ['--configFile=/etc-traefik/traefik.toml'],
**(json.loads(container_spec_overrides) if container_spec_overrides else {})
}
],
'volumes': [
{'name': 'etc-traefik', 'configMap': {'name': f'router-traefik-{router_name}'}},
dict(volume_spec, name='traefik-acme'),
*httpauth_secrets_volumes,
]
}
}
}
if dns_provider == 'route53':
logs.info('Traefik deployment: adding SSL support using AWS Route53')
container = deployment_spec['template']['spec']['containers'][0]
container['ports'].append({'containerPort': 443})
aws_credentials = cluster_manager.get_provider().get_aws_credentials()
secret_name = f'ckancloudrouter-{router_name}-route53'
kubectl.update_secret(
secret_name, {
'AWS_ACCESS_KEY_ID': aws_credentials['access'],
'AWS_SECRET_ACCESS_KEY': aws_credentials['secret'],
'AWS_REGION': aws_credentials['region']
},
labels=get_labels(router_name, router_type))
container['envFrom'] = [{'secretRef': {'name': secret_name}}]
elif annotations.get_flag('letsencryptCloudflareEnabled'):
logs.info('Traefik deployment: adding SSL support using Cloudflare')
container = deployment_spec['template']['spec']['containers'][0]
container['ports'].append({'containerPort': 443})
cloudflare_email, cloudflare_api_key = get_cloudflare_credentials()
secret_name = f'ckancloudrouter-{router_name}-cloudflare'
kubectl.update_secret(secret_name, {
'CLOUDFLARE_EMAIL': cloudflare_email,
'CLOUDFLARE_API_KEY': cloudflare_api_key,
},
labels=get_labels(router_name, router_type))
container['envFrom'] = [{'secretRef': {'name': secret_name}}]
else:
logs.info('Not configuring SSL support for Traefik deployment')
return deployment_spec
