def _add_route(config, domains, route, enable_ssl_redirect):
route_name = routes_manager.get_name(route)
logs.info(f'adding route to nginx config: {route_name}')
logs.debug_verbose(config=config,
domains=domains,
route=route,
enable_ssl_redirect=enable_ssl_redirect)
backend_url = routes_manager.get_backend_url(route)
frontend_hostname = routes_manager.get_frontend_hostname(route)
print(f'F/B = {frontend_hostname} {backend_url}')
root_domain, sub_domain = routes_manager.get_domain_parts(route)
domains.setdefault(root_domain, []).append(sub_domain)
# if route['spec'].get('extra-no-dns-subdomains'):
# extra_hostnames = ',' + ','.join([f'{s}.{root_domain}' for s in route['spec']['extra-no-dns-subdomains']])
# else:
extra_hostnames = ''
logs.debug_verbose(route_name=route_name,
backend_url=backend_url,
frontend_hostname=frontend_hostname,
root_domain=root_domain,
sub_domain=sub_domain,
domains=domains,
extra_hostnames=extra_hostnames)
if backend_url:
raise NotImplementedError()
def _add_route(config, domains, route, enable_ssl_redirect):
route_name = routes_manager.get_name(route)
logs.info(f'adding route to traefik config: {route_name}')
logs.debug_verbose(config=config,
domains=domains,
route=route,
enable_ssl_redirect=enable_ssl_redirect)
backend_url = routes_manager.get_backend_url(route)
frontend_hostname = routes_manager.get_frontend_hostname(route)
print(f'F/B = {frontend_hostname} {backend_url}')
root_domain, sub_domain = routes_manager.get_domain_parts(route)
domains.setdefault(root_domain, []).append(sub_domain)
if route['spec'].get('extra-no-dns-subdomains'):
extra_hostnames = ',' + ','.join([
f'{s}.{root_domain}'
for s in route['spec']['extra-no-dns-subdomains']
])
else:
extra_hostnames = ''
logs.debug_verbose(route_name=route_name,
backend_url=backend_url,
frontend_hostname=frontend_hostname,
root_domain=root_domain,
sub_domain=sub_domain,
domains=domains,
extra_hostnames=extra_hostnames)
if backend_url:
config['backends'][route_name] = {
'servers': {
'server1': {
'url': backend_url
}
}
}
config['frontends'][route_name] = {
'backend':
route_name,
'passHostHeader':
True,
'headers': {
'SSLRedirect': bool(enable_ssl_redirect)
},
'routes': {
'route1': {
'rule': f'Host:{frontend_hostname}{extra_hostnames}'
}
},
**({
'auth': {
'basic': {
'usersFile':
'/httpauth-' + route['spec']['httpauth-secret'] + '/.htpasswd'
}
}
} if route['spec'].get('httpauth-secret') else {}),
}
def _update(router_name, spec, annotations, routes):
dns_provider = spec.get('dns-provider')
assert dns_provider == 'cloudflare'
resource_name = _get_resource_name(router_name)
router_type = spec['type']
cloudflare_email, cloudflare_auth_key = get_cloudflare_credentials()
logs.info('updating nginx deployment',
resource_name=resource_name,
router_type=router_type,
cloudflare_email=cloudflare_email,
cloudflare_auth_key_len=len(cloudflare_auth_key)
if cloudflare_auth_key else 0,
dns_provider=dns_provider)
nginx_config = nginx_router_config.get(
routes,
cloudflare_email,
enable_access_log=bool(spec.get('enable-access-log')),
wildcard_ssl_domain=spec.get('wildcard-ssl-domain'),
external_domains=None,
dns_provider=dns_provider,
force=True)
kubectl.apply(
kubectl.get_configmap(resource_name,
get_labels(router_name, router_type),
{'nginx_config': nginx_config}))
domains = {}
for route in routes:
root_domain, sub_domain = routes_manager.get_domain_parts(route)
domains.setdefault(root_domain, []).append(sub_domain)
routes_manager.pre_deployment_hook(
route, get_labels(router_name, router_type))
load_balancer_ip = get_load_balancer_ip(router_name)
print(f'load balancer ip: {load_balancer_ip}')
from ckan_cloud_operator.providers.routers import manager as routers_manager
for root_domain, sub_domains in domains.items():
for sub_domain in sub_domains:
routers_manager.update_dns_record(dns_provider, sub_domain,
root_domain, load_balancer_ip,
cloudflare_email,
cloudflare_auth_key)
def _update(router_name, spec, annotations, routes):
resource_name = _get_resource_name(router_name)
router_type = spec['type']
cloudflare_email, cloudflare_auth_key = get_cloudflare_credentials()
external_domains = spec.get('external-domains')
dns_provider = spec.get('dns-provider', 'cloudflare')
logs.info('updating traefik deployment',
resource_name=resource_name,
router_type=router_type,
cloudflare_email=cloudflare_email,
cloudflare_auth_key_len=len(cloudflare_auth_key)
if cloudflare_auth_key else 0,
external_domains=external_domains,
dns_provider=dns_provider)
kubectl.apply(
kubectl.get_configmap(
resource_name, get_labels(router_name, router_type), {
'traefik.toml':
toml.dumps(
traefik_router_config.get(
routes,
cloudflare_email,
enable_access_log=bool(spec.get('enable-access-log')),
wildcard_ssl_domain=spec.get('wildcard-ssl-domain'),
external_domains=external_domains,
dns_provider=dns_provider,
force=True))
}))
domains = {}
httpauth_secrets = []
for route in routes:
root_domain, sub_domain = routes_manager.get_domain_parts(route)
domains.setdefault(root_domain, []).append(sub_domain)
routes_manager.pre_deployment_hook(
route, get_labels(router_name, router_type))
if route['spec'].get('httpauth-secret') and route['spec'][
'httpauth-secret'] not in httpauth_secrets:
httpauth_secrets.append(route['spec']['httpauth-secret'])
load_balancer = kubectl.get_resource('v1', 'Service',
f'loadbalancer-{resource_name}',
get_labels(router_name, router_type))
load_balancer['spec'] = {
'ports': [
{
'name': '80',
'port': 80
},
{
'name': '443',
'port': 443
},
],
'selector': {
'app': get_labels(router_name, router_type,
for_deployment=True)['app']
},
'type': 'LoadBalancer'
}
kubectl.apply(load_balancer)
load_balancer_ip = get_load_balancer_ip(router_name)
print(f'load balancer ip: {load_balancer_ip}')
from ckan_cloud_operator.providers.routers import manager as routers_manager
if external_domains:
from ckan_cloud_operator.providers.routers import manager as routers_manager
external_domains_router_root_domain = routers_manager.get_default_root_domain(
)
env_id = routers_manager.get_env_id()
assert router_name.startswith(
'prod-'), f'invalid external domains router name: {router_name}'
external_domains_router_sub_domain = f'cc-{env_id}-{router_name}'
routers_manager.update_dns_record(dns_provider,
external_domains_router_sub_domain,
external_domains_router_root_domain,
load_balancer_ip, cloudflare_email,
cloudflare_auth_key)
else:
for root_domain, sub_domains in domains.items():
for sub_domain in sub_domains:
routers_manager.update_dns_record(dns_provider, sub_domain,
root_domain,
load_balancer_ip,
cloudflare_email,
cloudflare_auth_key)
kubectl.apply(
kubectl.get_deployment(
resource_name,
get_labels(router_name, router_type, for_deployment=True),
_get_deployment_spec(
router_name,
router_type,
annotations,
image=('traefik:1.7' if
(external_domains
or len(httpauth_secrets) > 0) else None),
httpauth_secrets=httpauth_secrets,
dns_provider=dns_provider)))
def _update(router_name, spec, annotations, routes):
resource_name = _get_resource_name(router_name)
router_type = spec['type']
cloudflare_email, cloudflare_auth_key = get_cloudflare_credentials()
external_domains = spec.get('external-domains')
kubectl.apply(
kubectl.get_configmap(
resource_name, get_labels(router_name, router_type), {
'traefik.toml':
toml.dumps(
traefik_router_config.get(
routes,
cloudflare_email,
wildcard_ssl_domain=spec.get('wildcard-ssl-domain'),
external_domains=external_domains))
}))
domains = {}
for route in routes:
root_domain, sub_domain = routes_manager.get_domain_parts(route)
domains.setdefault(root_domain, []).append(sub_domain)
routes_manager.pre_deployment_hook(
route, get_labels(router_name, router_type))
load_balancer = kubectl.get_resource('v1', 'Service',
f'loadbalancer-{resource_name}',
get_labels(router_name, router_type))
load_balancer['spec'] = {
'ports': [
{
'name': '80',
'port': 80
},
{
'name': '443',
'port': 443
},
],
'selector': {
'app': get_labels(router_name, router_type,
for_deployment=True)['app']
},
'type': 'LoadBalancer'
}
kubectl.apply(load_balancer)
load_balancer_ip = get_load_balancer_ip(router_name)
print(f'load balancer ip: {load_balancer_ip}')
if external_domains:
from ckan_cloud_operator.providers.routers import manager as routers_manager
external_domains_router_root_domain = routers_manager.get_default_root_domain(
)
env_id = routers_manager.get_env_id()
assert router_name.startswith(
'prod-'), f'invalid external domains router name: {router_name}'
external_domains_router_sub_domain = f'cc-{env_id}-{router_name}'
cloudflare.update_a_record(
cloudflare_email, cloudflare_auth_key,
external_domains_router_root_domain,
f'{external_domains_router_sub_domain}.{external_domains_router_root_domain}',
load_balancer_ip)
else:
for root_domain, sub_domains in domains.items():
for sub_domain in sub_domains:
cloudflare.update_a_record(cloudflare_email,
cloudflare_auth_key, root_domain,
f'{sub_domain}.{root_domain}',
load_balancer_ip)
kubectl.apply(
kubectl.get_deployment(
resource_name,
get_labels(router_name, router_type, for_deployment=True),
_get_deployment_spec(
router_name,
router_type,
annotations,
image='traefik:1.7' if external_domains else None)))
def _add_route(dynamic_config, domains, route, enable_ssl_redirect,
external_domains, wildcard_ssl_domain):
route_name = routes_manager.get_name(route)
logs.info(f'adding route to traefik v2 dynamic config: {route_name}')
logs.debug_verbose(dynamic_config=dynamic_config,
domains=domains,
route=route,
enable_ssl_redirect=enable_ssl_redirect)
backend_url = routes_manager.get_backend_url(route)
frontend_hostname = routes_manager.get_frontend_hostname(route)
print(f'F/B = {frontend_hostname} {backend_url}')
root_domain, sub_domain = routes_manager.get_domain_parts(route)
domains.setdefault(root_domain, []).append(sub_domain)
if route['spec'].get('extra-no-dns-subdomains'):
extra_hostnames = ',' + ','.join([
f'{s}.{root_domain}'
for s in route['spec']['extra-no-dns-subdomains']
])
else:
extra_hostnames = ''
logs.debug_verbose(route_name=route_name,
backend_url=backend_url,
frontend_hostname=frontend_hostname,
root_domain=root_domain,
sub_domain=sub_domain,
domains=domains,
extra_hostnames=extra_hostnames)
if backend_url:
# config['backends'][route_name] = {
# 'servers': {
# 'server1': {
# 'url': backend_url
# }
# }
# }
dynamic_config['http']['services'][route_name] = {
'loadBalancer': {
'servers': [{
'url': backend_url
}]
}
}
# config['frontends'][route_name] = {
# 'backend': route_name,
# 'passHostHeader': True,
# 'headers': {
# 'SSLRedirect': bool(enable_ssl_redirect)
# },
# 'routes': {
# 'route1': {
# 'rule': f'Host:{frontend_hostname}{extra_hostnames}'
# }
# },
# **({
# 'auth': {
# 'basic': {
# 'usersFile': '/httpauth-' + route['spec']['httpauth-secret'] + '/.htpasswd'
# }
# }
# } if route['spec'].get('httpauth-secret') else {}),
# }
assert not extra_hostnames, "extra_hostnames not supported yet for traefik v2: %s" % extra_hostnames
assert not route['spec'].get(
'httpauth-secret'
), "httpauth-secret not supported yet for traefik v2: %s" % route[
'spec']['httpauth-secret']
# passHostHeader is true by default
dynamic_config['http']['routers']['http-%s' % route_name] = {
'rule': f'Host(`{frontend_hostname}`)',
'service': route_name,
'middlewares': ['SSLRedirect'],
'entrypoints': ['http'],
}
domain_confs = []
assert not external_domains, "external_domains not yet supported for traefik v2"
if root_domain == wildcard_ssl_domain:
domain_confs.append({"main": f'*.{root_domain}'})
else:
domain_confs.append({
"main": root_domain,
'sans': [f'{sub_domain}.{root_domain}']
})
dynamic_config['http']['routers']['https-%s' % route_name] = {
'rule': f'Host(`{frontend_hostname}`)',
'service': route_name,
'middlewares': [],
'entrypoints': ['https'],
'tls': {
'certResolver': 'myresolver',
'domains': domain_confs
}
}
for i, domain in enumerate(route['spec'].get('extra-external-domains',
[])):
dynamic_config['http']['routers']['http-%s-eed%s' %
(route_name, i)] = {
'rule': f'Host(`{domain}`)',
'service': route_name,
'middlewares':
['SSLRedirect'],
'entrypoints': ['http'],
}
dynamic_config['http']['routers']['https-%s-eed%s' %
(route_name, i)] = {
'rule': f'Host(`{domain}`)',
'service': route_name,
'middlewares': [],
'entrypoints': ['https'],
'tls': {
'certResolver':
'tlsresolver',
'domains': [{
"main":
domain
}]
}
}