def _add_route(config, domains, route, enable_ssl_redirect): route_name = routes_manager.get_name(route) logs.info(f'adding route to nginx config: {route_name}') logs.debug_verbose(config=config, domains=domains, route=route, enable_ssl_redirect=enable_ssl_redirect) backend_url = routes_manager.get_backend_url(route) frontend_hostname = routes_manager.get_frontend_hostname(route) print(f'F/B = {frontend_hostname} {backend_url}') root_domain, sub_domain = routes_manager.get_domain_parts(route) domains.setdefault(root_domain, []).append(sub_domain) # if route['spec'].get('extra-no-dns-subdomains'): # extra_hostnames = ',' + ','.join([f'{s}.{root_domain}' for s in route['spec']['extra-no-dns-subdomains']]) # else: extra_hostnames = '' logs.debug_verbose(route_name=route_name, backend_url=backend_url, frontend_hostname=frontend_hostname, root_domain=root_domain, sub_domain=sub_domain, domains=domains, extra_hostnames=extra_hostnames) if backend_url: raise NotImplementedError()
def _add_route(config, domains, route, enable_ssl_redirect): route_name = routes_manager.get_name(route) logs.info(f'adding route to traefik config: {route_name}') logs.debug_verbose(config=config, domains=domains, route=route, enable_ssl_redirect=enable_ssl_redirect) backend_url = routes_manager.get_backend_url(route) frontend_hostname = routes_manager.get_frontend_hostname(route) print(f'F/B = {frontend_hostname} {backend_url}') root_domain, sub_domain = routes_manager.get_domain_parts(route) domains.setdefault(root_domain, []).append(sub_domain) if route['spec'].get('extra-no-dns-subdomains'): extra_hostnames = ',' + ','.join([ f'{s}.{root_domain}' for s in route['spec']['extra-no-dns-subdomains'] ]) else: extra_hostnames = '' logs.debug_verbose(route_name=route_name, backend_url=backend_url, frontend_hostname=frontend_hostname, root_domain=root_domain, sub_domain=sub_domain, domains=domains, extra_hostnames=extra_hostnames) if backend_url: config['backends'][route_name] = { 'servers': { 'server1': { 'url': backend_url } } } config['frontends'][route_name] = { 'backend': route_name, 'passHostHeader': True, 'headers': { 'SSLRedirect': bool(enable_ssl_redirect) }, 'routes': { 'route1': { 'rule': f'Host:{frontend_hostname}{extra_hostnames}' } }, **({ 'auth': { 'basic': { 'usersFile': '/httpauth-' + route['spec']['httpauth-secret'] + '/.htpasswd' } } } if route['spec'].get('httpauth-secret') else {}), }
def _update(router_name, spec, annotations, routes): dns_provider = spec.get('dns-provider') assert dns_provider == 'cloudflare' resource_name = _get_resource_name(router_name) router_type = spec['type'] cloudflare_email, cloudflare_auth_key = get_cloudflare_credentials() logs.info('updating nginx deployment', resource_name=resource_name, router_type=router_type, cloudflare_email=cloudflare_email, cloudflare_auth_key_len=len(cloudflare_auth_key) if cloudflare_auth_key else 0, dns_provider=dns_provider) nginx_config = nginx_router_config.get( routes, cloudflare_email, enable_access_log=bool(spec.get('enable-access-log')), wildcard_ssl_domain=spec.get('wildcard-ssl-domain'), external_domains=None, dns_provider=dns_provider, force=True) kubectl.apply( kubectl.get_configmap(resource_name, get_labels(router_name, router_type), {'nginx_config': nginx_config})) domains = {} for route in routes: root_domain, sub_domain = routes_manager.get_domain_parts(route) domains.setdefault(root_domain, []).append(sub_domain) routes_manager.pre_deployment_hook( route, get_labels(router_name, router_type)) load_balancer_ip = get_load_balancer_ip(router_name) print(f'load balancer ip: {load_balancer_ip}') from ckan_cloud_operator.providers.routers import manager as routers_manager for root_domain, sub_domains in domains.items(): for sub_domain in sub_domains: routers_manager.update_dns_record(dns_provider, sub_domain, root_domain, load_balancer_ip, cloudflare_email, cloudflare_auth_key)
def _update(router_name, spec, annotations, routes): resource_name = _get_resource_name(router_name) router_type = spec['type'] cloudflare_email, cloudflare_auth_key = get_cloudflare_credentials() external_domains = spec.get('external-domains') dns_provider = spec.get('dns-provider', 'cloudflare') logs.info('updating traefik deployment', resource_name=resource_name, router_type=router_type, cloudflare_email=cloudflare_email, cloudflare_auth_key_len=len(cloudflare_auth_key) if cloudflare_auth_key else 0, external_domains=external_domains, dns_provider=dns_provider) kubectl.apply( kubectl.get_configmap( resource_name, get_labels(router_name, router_type), { 'traefik.toml': toml.dumps( traefik_router_config.get( routes, cloudflare_email, enable_access_log=bool(spec.get('enable-access-log')), wildcard_ssl_domain=spec.get('wildcard-ssl-domain'), external_domains=external_domains, dns_provider=dns_provider, force=True)) })) domains = {} httpauth_secrets = [] for route in routes: root_domain, sub_domain = routes_manager.get_domain_parts(route) domains.setdefault(root_domain, []).append(sub_domain) routes_manager.pre_deployment_hook( route, get_labels(router_name, router_type)) if route['spec'].get('httpauth-secret') and route['spec'][ 'httpauth-secret'] not in httpauth_secrets: httpauth_secrets.append(route['spec']['httpauth-secret']) load_balancer = kubectl.get_resource('v1', 'Service', f'loadbalancer-{resource_name}', get_labels(router_name, router_type)) load_balancer['spec'] = { 'ports': [ { 'name': '80', 'port': 80 }, { 'name': '443', 'port': 443 }, ], 'selector': { 'app': get_labels(router_name, router_type, for_deployment=True)['app'] }, 'type': 'LoadBalancer' } kubectl.apply(load_balancer) load_balancer_ip = get_load_balancer_ip(router_name) print(f'load balancer ip: {load_balancer_ip}') from ckan_cloud_operator.providers.routers import manager as routers_manager if external_domains: from ckan_cloud_operator.providers.routers import manager as routers_manager external_domains_router_root_domain = routers_manager.get_default_root_domain( ) env_id = routers_manager.get_env_id() assert router_name.startswith( 'prod-'), f'invalid external domains router name: {router_name}' external_domains_router_sub_domain = f'cc-{env_id}-{router_name}' routers_manager.update_dns_record(dns_provider, external_domains_router_sub_domain, external_domains_router_root_domain, load_balancer_ip, cloudflare_email, cloudflare_auth_key) else: for root_domain, sub_domains in domains.items(): for sub_domain in sub_domains: routers_manager.update_dns_record(dns_provider, sub_domain, root_domain, load_balancer_ip, cloudflare_email, cloudflare_auth_key) kubectl.apply( kubectl.get_deployment( resource_name, get_labels(router_name, router_type, for_deployment=True), _get_deployment_spec( router_name, router_type, annotations, image=('traefik:1.7' if (external_domains or len(httpauth_secrets) > 0) else None), httpauth_secrets=httpauth_secrets, dns_provider=dns_provider)))
def _update(router_name, spec, annotations, routes): resource_name = _get_resource_name(router_name) router_type = spec['type'] cloudflare_email, cloudflare_auth_key = get_cloudflare_credentials() external_domains = spec.get('external-domains') kubectl.apply( kubectl.get_configmap( resource_name, get_labels(router_name, router_type), { 'traefik.toml': toml.dumps( traefik_router_config.get( routes, cloudflare_email, wildcard_ssl_domain=spec.get('wildcard-ssl-domain'), external_domains=external_domains)) })) domains = {} for route in routes: root_domain, sub_domain = routes_manager.get_domain_parts(route) domains.setdefault(root_domain, []).append(sub_domain) routes_manager.pre_deployment_hook( route, get_labels(router_name, router_type)) load_balancer = kubectl.get_resource('v1', 'Service', f'loadbalancer-{resource_name}', get_labels(router_name, router_type)) load_balancer['spec'] = { 'ports': [ { 'name': '80', 'port': 80 }, { 'name': '443', 'port': 443 }, ], 'selector': { 'app': get_labels(router_name, router_type, for_deployment=True)['app'] }, 'type': 'LoadBalancer' } kubectl.apply(load_balancer) load_balancer_ip = get_load_balancer_ip(router_name) print(f'load balancer ip: {load_balancer_ip}') if external_domains: from ckan_cloud_operator.providers.routers import manager as routers_manager external_domains_router_root_domain = routers_manager.get_default_root_domain( ) env_id = routers_manager.get_env_id() assert router_name.startswith( 'prod-'), f'invalid external domains router name: {router_name}' external_domains_router_sub_domain = f'cc-{env_id}-{router_name}' cloudflare.update_a_record( cloudflare_email, cloudflare_auth_key, external_domains_router_root_domain, f'{external_domains_router_sub_domain}.{external_domains_router_root_domain}', load_balancer_ip) else: for root_domain, sub_domains in domains.items(): for sub_domain in sub_domains: cloudflare.update_a_record(cloudflare_email, cloudflare_auth_key, root_domain, f'{sub_domain}.{root_domain}', load_balancer_ip) kubectl.apply( kubectl.get_deployment( resource_name, get_labels(router_name, router_type, for_deployment=True), _get_deployment_spec( router_name, router_type, annotations, image='traefik:1.7' if external_domains else None)))
def _add_route(dynamic_config, domains, route, enable_ssl_redirect, external_domains, wildcard_ssl_domain): route_name = routes_manager.get_name(route) logs.info(f'adding route to traefik v2 dynamic config: {route_name}') logs.debug_verbose(dynamic_config=dynamic_config, domains=domains, route=route, enable_ssl_redirect=enable_ssl_redirect) backend_url = routes_manager.get_backend_url(route) frontend_hostname = routes_manager.get_frontend_hostname(route) print(f'F/B = {frontend_hostname} {backend_url}') root_domain, sub_domain = routes_manager.get_domain_parts(route) domains.setdefault(root_domain, []).append(sub_domain) if route['spec'].get('extra-no-dns-subdomains'): extra_hostnames = ',' + ','.join([ f'{s}.{root_domain}' for s in route['spec']['extra-no-dns-subdomains'] ]) else: extra_hostnames = '' logs.debug_verbose(route_name=route_name, backend_url=backend_url, frontend_hostname=frontend_hostname, root_domain=root_domain, sub_domain=sub_domain, domains=domains, extra_hostnames=extra_hostnames) if backend_url: # config['backends'][route_name] = { # 'servers': { # 'server1': { # 'url': backend_url # } # } # } dynamic_config['http']['services'][route_name] = { 'loadBalancer': { 'servers': [{ 'url': backend_url }] } } # config['frontends'][route_name] = { # 'backend': route_name, # 'passHostHeader': True, # 'headers': { # 'SSLRedirect': bool(enable_ssl_redirect) # }, # 'routes': { # 'route1': { # 'rule': f'Host:{frontend_hostname}{extra_hostnames}' # } # }, # **({ # 'auth': { # 'basic': { # 'usersFile': '/httpauth-' + route['spec']['httpauth-secret'] + '/.htpasswd' # } # } # } if route['spec'].get('httpauth-secret') else {}), # } assert not extra_hostnames, "extra_hostnames not supported yet for traefik v2: %s" % extra_hostnames assert not route['spec'].get( 'httpauth-secret' ), "httpauth-secret not supported yet for traefik v2: %s" % route[ 'spec']['httpauth-secret'] # passHostHeader is true by default dynamic_config['http']['routers']['http-%s' % route_name] = { 'rule': f'Host(`{frontend_hostname}`)', 'service': route_name, 'middlewares': ['SSLRedirect'], 'entrypoints': ['http'], } domain_confs = [] assert not external_domains, "external_domains not yet supported for traefik v2" if root_domain == wildcard_ssl_domain: domain_confs.append({"main": f'*.{root_domain}'}) else: domain_confs.append({ "main": root_domain, 'sans': [f'{sub_domain}.{root_domain}'] }) dynamic_config['http']['routers']['https-%s' % route_name] = { 'rule': f'Host(`{frontend_hostname}`)', 'service': route_name, 'middlewares': [], 'entrypoints': ['https'], 'tls': { 'certResolver': 'myresolver', 'domains': domain_confs } } for i, domain in enumerate(route['spec'].get('extra-external-domains', [])): dynamic_config['http']['routers']['http-%s-eed%s' % (route_name, i)] = { 'rule': f'Host(`{domain}`)', 'service': route_name, 'middlewares': ['SSLRedirect'], 'entrypoints': ['http'], } dynamic_config['http']['routers']['https-%s-eed%s' % (route_name, i)] = { 'rule': f'Host(`{domain}`)', 'service': route_name, 'middlewares': [], 'entrypoints': ['https'], 'tls': { 'certResolver': 'tlsresolver', 'domains': [{ "main": domain }] } }