feat: update CrowdSec and Traefik manifests; remove installation scripts and add secret management
This commit is contained in:
@@ -118,6 +118,7 @@ spec:
|
||||
- "--accesslog=true"
|
||||
- "--accesslog.format=json"
|
||||
- "--log.level=INFO"
|
||||
- "--entryPoints.websecure.http.middlewares=crowdsec-security-chain@kubernetescrd"
|
||||
|
||||
env:
|
||||
- name: POD_NAME
|
||||
|
||||
@@ -1,63 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
set -o pipefail
|
||||
|
||||
if [ -z "${WILD_INSTANCE}" ]; then
|
||||
echo "ERROR: WILD_INSTANCE is not set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "${WILD_API_DATA_DIR}" ]; then
|
||||
echo "ERROR: WILD_API_DATA_DIR is not set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "${KUBECONFIG}" ]; then
|
||||
echo "ERROR: KUBECONFIG is not set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
INSTANCE_DIR="${WILD_API_DATA_DIR}/instances/${WILD_INSTANCE}"
|
||||
TRAEFIK_DIR="${INSTANCE_DIR}/apps/traefik"
|
||||
|
||||
echo "=== Setting up Traefik Ingress Controller ==="
|
||||
echo ""
|
||||
|
||||
echo "Verifying MetalLB is ready (required for Traefik LoadBalancer service)..."
|
||||
kubectl wait --for=condition=Ready pod -l component=controller -n metallb-system --timeout=60s 2>/dev/null || {
|
||||
echo "MetalLB controller not ready, but continuing with Traefik installation"
|
||||
echo "Note: Traefik LoadBalancer service may not get external IP without MetalLB"
|
||||
}
|
||||
|
||||
echo "Installing Gateway API CRDs..."
|
||||
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml
|
||||
|
||||
echo "Installing Traefik CRDs..."
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.4/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
|
||||
|
||||
echo "Waiting for CRDs to be established..."
|
||||
kubectl wait --for condition=established crd/gateways.gateway.networking.k8s.io --timeout=60s
|
||||
kubectl wait --for condition=established crd/gatewayclasses.gateway.networking.k8s.io --timeout=60s
|
||||
kubectl wait --for condition=established crd/ingressroutes.traefik.io --timeout=60s
|
||||
kubectl wait --for condition=established crd/middlewares.traefik.io --timeout=60s
|
||||
|
||||
echo "Using pre-compiled Traefik templates..."
|
||||
if [ ! -f "${TRAEFIK_DIR}/kustomization.yaml" ]; then
|
||||
echo "ERROR: Compiled templates not found at ${TRAEFIK_DIR}"
|
||||
echo "Templates should be compiled before deployment."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Deploying Traefik..."
|
||||
kubectl apply -k ${TRAEFIK_DIR}/
|
||||
|
||||
echo "Waiting for Traefik to be ready..."
|
||||
kubectl wait --for=condition=Available deployment/traefik -n traefik --timeout=120s
|
||||
|
||||
echo ""
|
||||
echo "Traefik installed successfully"
|
||||
echo ""
|
||||
echo "To verify the installation:"
|
||||
echo " kubectl get pods -n traefik"
|
||||
echo " kubectl get svc -n traefik"
|
||||
echo ""
|
||||
@@ -8,3 +8,16 @@ requires:
|
||||
defaultConfig:
|
||||
namespace: traefik
|
||||
loadBalancerIp: "{{ .apps.metallb.loadBalancerIp }}"
|
||||
deploy:
|
||||
crds:
|
||||
- url: https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml
|
||||
waitFor:
|
||||
- gateways.gateway.networking.k8s.io
|
||||
- gatewayclasses.gateway.networking.k8s.io
|
||||
- url: https://raw.githubusercontent.com/traefik/traefik/v3.4/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
|
||||
waitFor:
|
||||
- ingressroutes.traefik.io
|
||||
- middlewares.traefik.io
|
||||
waitForRollout:
|
||||
name: traefik
|
||||
timeout: "120s"
|
||||
|
||||
Reference in New Issue
Block a user