def create(router_name, router_spec): from ckan_cloud_operator.providers.cluster.manager import get_or_create_multi_user_volume_claim from ckan_cloud_operator.routers.traefik.deployment import get_label_suffixes router_type = router_spec.get('type') default_root_domain = router_spec.get('default-root-domain') assert router_type in ROUTER_TYPES and default_root_domain, f'Invalid router spec: {router_spec}' get(router_name, only_dns=True, failfast=True) print(f'Creating CkanCloudRouter {router_name} {router_spec}') labels = _get_labels(router_name, router_type) router = kubectl.get_resource('stable.viderum.com/v1', 'CkanCloudRouter', router_name, labels, spec=dict(router_spec, **{'type': router_type})) router_manager = ROUTER_TYPES[router_type]['manager'] router = router_manager.create(router) get_or_create_multi_user_volume_claim(get_label_suffixes(router_name, router_type)) annotations = CkanRoutersAnnotations(router_name, router) annotations.json_annotate('default-root-domain', default_root_domain)
def _get_deployment_spec(router_name, router_type, annotations, image=None): volume_spec = cluster_manager.get_or_create_multi_user_volume_claim( get_label_suffixes(router_name, router_type)) deployment_spec = { 'replicas': 1, 'revisionHistoryLimit': 5, 'template': { 'metadata': { 'labels': get_labels(router_name, router_type, for_deployment=True) }, 'spec': { 'containers': [{ 'name': 'traefik', 'image': image or 'traefik:1.6-alpine', 'ports': [{ 'containerPort': 80 }], 'volumeMounts': [{ 'name': 'etc-traefik', 'mountPath': '/etc-traefik' }, { 'name': 'traefik-acme', 'mountPath': '/traefik-acme', 'subPath': f'router-traefik-{router_name}' }], 'args': ['--configFile=/etc-traefik/traefik.toml'] }], 'volumes': [{ 'name': 'etc-traefik', 'configMap': { 'name': f'router-traefik-{router_name}' } }, dict(volume_spec, name='traefik-acme')] } } } if annotations.get_flag('letsencryptCloudflareEnabled'): container = deployment_spec['template']['spec']['containers'][0] container['ports'].append({'containerPort': 443}) cloudflare_email, cloudflare_api_key = get_cloudflare_credentials() secret_name = f'ckancloudrouter-{router_name}-cloudflare' kubectl.update_secret(secret_name, { 'CLOUDFLARE_EMAIL': cloudflare_email, 'CLOUDFLARE_API_KEY': cloudflare_api_key, }, labels=get_labels(router_name, router_type)) container['envFrom'] = [{'secretRef': {'name': secret_name}}] return deployment_spec
def _get_deployment_spec(router_name, router_type, annotations, image=None, httpauth_secrets=None, dns_provider=None): volume_spec = cluster_manager.get_or_create_multi_user_volume_claim( get_label_suffixes(router_name, router_type)) httpauth_secrets_volume_mounts, httpauth_secrets_volumes = [], [] if httpauth_secrets: added_secrets = [] for httpauth_secret in httpauth_secrets: if httpauth_secret in added_secrets: continue added_secrets.append(httpauth_secret) httpauth_secrets_volumes.append({ 'name': httpauth_secret, 'secret': { 'secretName': httpauth_secret } }) httpauth_secrets_volume_mounts.append({ 'name': httpauth_secret, 'mountPath': f'/httpauth-{httpauth_secret}' }) container_spec_overrides = config_manager.get( 'container-spec-overrides', configmap_name=f'traefik-router-{router_name}-deployment', required=False, default=None) deployment_spec = { 'replicas': 1, 'revisionHistoryLimit': 5, 'template': { 'metadata': { 'labels': get_labels(router_name, router_type, for_deployment=True) }, 'spec': { 'containers': [ { 'name': 'traefik', 'image': image or 'traefik:1.6-alpine', 'ports': [{'containerPort': 80}], 'volumeMounts': [ {'name': 'etc-traefik', 'mountPath': '/etc-traefik'}, {'name': 'traefik-acme', 'mountPath': '/traefik-acme', 'subPath': f'router-traefik-{router_name}'}, *httpauth_secrets_volume_mounts, ], 'args': ['--configFile=/etc-traefik/traefik.toml'], **(json.loads(container_spec_overrides) if container_spec_overrides else {}) } ], 'volumes': [ {'name': 'etc-traefik', 'configMap': {'name': f'router-traefik-{router_name}'}}, dict(volume_spec, name='traefik-acme'), *httpauth_secrets_volumes, ] } } } if dns_provider == 'route53': logs.info('Traefik deployment: adding SSL support using AWS Route53') container = deployment_spec['template']['spec']['containers'][0] container['ports'].append({'containerPort': 443}) aws_credentials = cluster_manager.get_provider().get_aws_credentials() secret_name = f'ckancloudrouter-{router_name}-route53' kubectl.update_secret( secret_name, { 'AWS_ACCESS_KEY_ID': aws_credentials['access'], 'AWS_SECRET_ACCESS_KEY': aws_credentials['secret'], 'AWS_REGION': aws_credentials['region'] }, labels=get_labels(router_name, router_type)) container['envFrom'] = [{'secretRef': {'name': secret_name}}] elif annotations.get_flag('letsencryptCloudflareEnabled'): logs.info('Traefik deployment: adding SSL support using Cloudflare') container = deployment_spec['template']['spec']['containers'][0] container['ports'].append({'containerPort': 443}) cloudflare_email, cloudflare_api_key = get_cloudflare_credentials() secret_name = f'ckancloudrouter-{router_name}-cloudflare' kubectl.update_secret(secret_name, { 'CLOUDFLARE_EMAIL': cloudflare_email, 'CLOUDFLARE_API_KEY': cloudflare_api_key, }, labels=get_labels(router_name, router_type)) container['envFrom'] = [{'secretRef': {'name': secret_name}}] else: logs.info('Not configuring SSL support for Traefik deployment') return deployment_spec