feat(traefik): basic traefik setup
This commit is contained in:
parent
2d718c401c
commit
27605518e8
9 changed files with 353 additions and 0 deletions
55
files/compose/docker-compose.yaml
Normal file
55
files/compose/docker-compose.yaml
Normal file
|
@ -0,0 +1,55 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
forge:
|
||||
name: "forge-flow"
|
||||
ipam:
|
||||
driver: "default"
|
||||
config:
|
||||
- subnet: "${NETWORK_FORGE_FLOW_SUBNET}"
|
||||
|
||||
volumes:
|
||||
traefik-shared:
|
||||
name: "traefik-config-shared-volume"
|
||||
|
||||
services:
|
||||
traefik:
|
||||
container_name: "traefik-flow"
|
||||
build:
|
||||
args:
|
||||
TRAEFIK_VERSION: "${TRAEFIK_VERSION}"
|
||||
context: "./traefik"
|
||||
networks:
|
||||
forge:
|
||||
ipv4_address: "${TRAEFIK_CONTAINER_IPV4_ADDRESS}"
|
||||
ports:
|
||||
- target: 80
|
||||
published: 80
|
||||
protocol: "tcp"
|
||||
mode: "host"
|
||||
- target: 443
|
||||
published: 443
|
||||
protocol: "tcp"
|
||||
mode: "host"
|
||||
- target: 22
|
||||
published: ${TRAEFIK_EXTERNAL_SSH_PORT}
|
||||
protocol: "tcp"
|
||||
mode: "host"
|
||||
restart: "always"
|
||||
volumes:
|
||||
- type: "volume"
|
||||
source: "traefik-shared"
|
||||
target: "${TRAEFIK_SHARED_MOUNT_POINT}"
|
||||
- type: "bind"
|
||||
source: "/etc/timezone"
|
||||
target: "/etc/timezone"
|
||||
read_only: true
|
||||
- type: "bind"
|
||||
source: "/etc/localtime"
|
||||
target: "/etc/localtime"
|
||||
read_only: true
|
||||
# For TLS certificate
|
||||
#- type: "bind"
|
||||
# source: ""
|
||||
# target: ""
|
103
files/scripts/bootstrap.sh
Normal file
103
files/scripts/bootstrap.sh
Normal file
|
@ -0,0 +1,103 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -o errexit
|
||||
set -o nounset
|
||||
set -o pipefail
|
||||
|
||||
function usage() {
|
||||
echo "usage: $0 [options]"
|
||||
echo "Bootstraps the flow instance"
|
||||
echo ""
|
||||
echo "-h,--help: print this help message"
|
||||
echo "--network-forge-flow-subnet: The subnet for the forge flow docker network. (default: 172.20.0.0/24)"
|
||||
echo "--traefik-container-ipv4-address: The IPv4 address of the traefik container. (default: 172.20.0.2)"
|
||||
echo "--traefik-check-new-version: Set to true to enable automatic checks for new Traefik versions. (default: true)"
|
||||
echo "--traefik-domain: The root domain of the traefik. (default: localhost)"
|
||||
echo "--traefik-external-ssh-port: The external SSH port to expose for Gitea. (default: 22)"
|
||||
}
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
arg="$1"
|
||||
case $arg in
|
||||
-h|--help)
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
--network-forge-flow-subnet)
|
||||
NETWORK_FORGE_FLOW_SUBNET=$2
|
||||
shift
|
||||
shift
|
||||
;;
|
||||
--traefik-container-ipv4-address)
|
||||
TRAEFIK_CONTAINER_IPV4_ADDRESS=$2
|
||||
shift
|
||||
shift
|
||||
;;
|
||||
--traefik-check-new-version)
|
||||
TRAEFIK_CHECK_NEW_VERSION=$2
|
||||
shift
|
||||
shift
|
||||
;;
|
||||
--traefik-domain)
|
||||
TRAEFIK_DOMAIN=$2
|
||||
shift
|
||||
shift
|
||||
;;
|
||||
--traefik-external-ssh-port)
|
||||
TRAEFIK_EXTERNAL_SSH_PORT=$2
|
||||
shift
|
||||
shift
|
||||
;;
|
||||
--traefik-log-level)
|
||||
TRAEFIK_LOG_LEVEL=$2
|
||||
shift
|
||||
shift
|
||||
;;
|
||||
--traefik-send-anonymous-usage)
|
||||
TRAEFIK_SEND_ANONYMOUS_USAGE=$2
|
||||
shift
|
||||
shift
|
||||
;;
|
||||
--traefik-version)
|
||||
TRAEFIK_VERSION=$2
|
||||
shift
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
# unknown argument
|
||||
shift
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
source /etc/flow/setup/env
|
||||
DOCKER_ROOT="/home/${FLOW_USERNAME}/Docker/flow"
|
||||
|
||||
export NETWORK_FORGE_FLOW_SUBNET="${NETWORK_FORGE_FLOW_SUBNET:-172.20.0.0/24}"
|
||||
|
||||
export TRAEFIK_DOCKER_DIR="${DOCKER_ROOT}/traefik"
|
||||
export TRAEFIK_CHECK_NEW_VERSION="${TRAEFIK_CHECK_NEW_VERSION:-true}"
|
||||
export TRAEFIK_DOMAIN="${TRAEFIK_DOMAIN:-localhost}"
|
||||
export TRAEFIK_EXTERNAL_SSH_PORT="${TRAEFIK_EXTERNAL_SSH_PORT:-22}"
|
||||
export TRAEFIK_LOG_LEVEL="${TRAEFIK_LOG_LEVEL:-info}"
|
||||
export TRAEFIK_SEND_ANONYMOUS_USAGE="${TRAEFIK_SEND_ANONYMOUS_USAGE:-false}"
|
||||
export TRAEFIK_VERSION="${TRAEFIK_VERSION:-latest}"
|
||||
export TRAEFIK_CONTAINER_IPV4_ADDRESS="${TRAEFIK_CONTAINER_IPV4_ADDRESS:-172.20.0.2}"
|
||||
export TRAEFIK_SHARED_MOUNT_POINT="/flow/shared/traefik"
|
||||
|
||||
mkdir -p "${DOCKER_ROOT}"
|
||||
envsubst < "${ROOT_SETUP_DIRECTORY}/template/compose/docker-compose.yaml" > "${DOCKER_ROOT}/docker-compose.yaml"
|
||||
|
||||
# Traefik setup section
|
||||
mkdir -p "${TRAEFIK_DOCKER_DIR}"
|
||||
cp "${ROOT_SETUP_DIRECTORY}/template/traefik/Dockerfile" "${TRAEFIK_DOCKER_DIR}/Dockerfile"
|
||||
|
||||
for i in $(find "${ROOT_SETUP_DIRECTORY}/template/traefik" -type f -mindepth 1 -not -name *Dockerfile); do
|
||||
file=$(basename ${i})
|
||||
envsubst < "${ROOT_SETUP_DIRECTORY}/template/traefik/${file}" > "${TRAEFIK_DOCKER_DIR}/${file}"
|
||||
done
|
||||
|
||||
chown -R ${FLOW_USERNAME}:${FLOW_USERNAME} /home/${FLOW_USERNAME}/Docker
|
||||
chmod -R a-rwx,u+rwX /home/${FLOW_USERNAME}/Docker
|
||||
|
||||
rc-service docker start
|
15
files/traefik/Dockerfile
Normal file
15
files/traefik/Dockerfile
Normal file
|
@ -0,0 +1,15 @@
|
|||
ARG TRAEFIK_VERSION
|
||||
|
||||
FROM traefik:${TRAEFIK_VERSION}
|
||||
|
||||
ADD traefik.yaml /flow/traefik/
|
||||
|
||||
ADD entrypoint.sh /
|
||||
|
||||
ADD dynamic_dashboard.yaml /tmp/
|
||||
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
EXPOSE 22 80 443
|
||||
|
||||
CMD ["--configfile=/flow/traefik/traefik.yaml"]
|
9
files/traefik/dynamic_dashboard.yaml
Normal file
9
files/traefik/dynamic_dashboard.yaml
Normal file
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
http:
|
||||
routers:
|
||||
dashboard:
|
||||
entryPoints:
|
||||
- "https"
|
||||
rule: "Host(`${TRAEFIK_DOMAIN}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
||||
service: "api@internal"
|
||||
tls: {}
|
28
files/traefik/entrypoint.sh
Normal file
28
files/traefik/entrypoint.sh
Normal file
|
@ -0,0 +1,28 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
# Create the dynamic config directory in the shared volume.
|
||||
mkdir -p ${TRAEFIK_SHARED_MOUNT_POINT}/dynamic
|
||||
chgrp ${FLOW_GID} ${TRAEFIK_SHARED_MOUNT_POINT}/dynamic
|
||||
chmod a-rwx,u+rwx,g+rwx ${TRAEFIK_SHARED_MOUNT_POINT}/dynamic
|
||||
|
||||
# Move the dashboard config to the new directory.
|
||||
if [ -f /tmp/dynamic_dashboard.yaml ]; then
|
||||
mv /tmp/dynamic_dashboard.yaml ${TRAEFIK_SHARED_MOUNT_POINT}/dynamic/dynamic_dashboard.yaml
|
||||
fi
|
||||
|
||||
# first arg is `-f` or `--some-option`
|
||||
if [ "${1#-}" != "$1" ]; then
|
||||
set -- traefik "$@"
|
||||
fi
|
||||
|
||||
# if our command is a valid Traefik subcommand, let's invoke it through Traefik instead
|
||||
# (this allows for "docker run traefik version", etc)
|
||||
if traefik "$1" --help >/dev/null 2>&1
|
||||
then
|
||||
set -- traefik "$@"
|
||||
else
|
||||
echo "= '$1' is not a Traefik command: assuming shell execution." 1>&2
|
||||
fi
|
||||
|
||||
exec "$@"
|
27
files/traefik/traefik.yaml
Normal file
27
files/traefik/traefik.yaml
Normal file
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
global:
|
||||
checkNewVersion: ${TRAEFIK_CHECK_NEW_VERSION}
|
||||
sendAnonymousUsage: ${TRAEFIK_SEND_ANONYMOUS_USAGE}
|
||||
api:
|
||||
insecure: false
|
||||
dashboard: true
|
||||
debug: false
|
||||
entryPoints:
|
||||
http:
|
||||
address: "${TRAEFIK_CONTAINER_IP}:80"
|
||||
http:
|
||||
redirections:
|
||||
entryPoint:
|
||||
to: "https"
|
||||
scheme: "https"
|
||||
permanent: true
|
||||
https:
|
||||
address: "${TRAEFIK_CONTAINER_IP}:443"
|
||||
ssh:
|
||||
address: "${TRAEFIK_CONTAINER_IP}:22"
|
||||
providers:
|
||||
file:
|
||||
watch: true
|
||||
directory: "${TRAEFIK_SHARED_MOUNT_POINT}/dynamic"
|
||||
log:
|
||||
level: "${TRAEFIK_LOG_LEVEL}"
|
58
images/lxd/image.pkr.json
Normal file
58
images/lxd/image.pkr.json
Normal file
|
@ -0,0 +1,58 @@
|
|||
{
|
||||
"source": {
|
||||
"lxd": {
|
||||
"flow_infra": {
|
||||
"container_name": "${var.lxd_container_name}",
|
||||
"image": "${var.lxd_base_image}",
|
||||
"publish_properties": {
|
||||
"description": "LXD image for Flow Infra Dev"
|
||||
},
|
||||
"virtual_machine": false
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
"build": {
|
||||
"source": {
|
||||
"lxd.flow_infra": {
|
||||
"name": "flow-infra",
|
||||
"output_image": "${var.lxd_output_image_name}"
|
||||
}
|
||||
},
|
||||
"provisioner": {
|
||||
"shell": {
|
||||
"inline": ["apk add bash"]
|
||||
}
|
||||
},
|
||||
"provisioner": {
|
||||
"shell": {
|
||||
"environment_vars": [
|
||||
"FLOW_USERNAME=${var.flow_username}",
|
||||
"FLOW_GID=${var.flow_gid}",
|
||||
"FLOW_UID=${var.flow_uid}",
|
||||
"ROOT_SETUP_DIRECTORY=${var.root_setup_directory}"
|
||||
],
|
||||
"script": "${path.root}/../../provisioners/shell/setup.sh"
|
||||
}
|
||||
},
|
||||
"provisioner": {
|
||||
"file": {
|
||||
"sources": [
|
||||
"${path.root}/../../files/traefik/Dockerfile",
|
||||
"${path.root}/../../files/traefik/dynamic_dashboard.yaml",
|
||||
"${path.root}/../../files/traefik/entrypoint.sh",
|
||||
"${path.root}/../../files/traefik/traefik.yaml"
|
||||
],
|
||||
"destination": "${var.root_setup_directory}/template/traefik/"
|
||||
},
|
||||
"file": {
|
||||
"source": "${path.root}/../../files/compose/docker-compose.yaml",
|
||||
"destination": "${var.root_setup_directory}/template/compose/"
|
||||
},
|
||||
"file": {
|
||||
"source": "${path.root}/../../files/scripts/bootstrap.sh",
|
||||
"destination": "${var.root_setup_directory}/bootstrap.sh"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
13
images/lxd/variables.auto.pkr.json
Normal file
13
images/lxd/variables.auto.pkr.json
Normal file
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
"variables": {
|
||||
"lxd_base_image": "images:alpine/3.15",
|
||||
"lxd_container_name": "flow-infra-lxd-packer-builder",
|
||||
"lxd_output_image_name": "flow-infra",
|
||||
|
||||
"flow_username": "flow",
|
||||
"flow_gid": 22379,
|
||||
"flow_uid": 22379,
|
||||
|
||||
"root_setup_directory": "/etc/flow/setup"
|
||||
}
|
||||
}
|
45
provisioners/shell/setup.sh
Normal file
45
provisioners/shell/setup.sh
Normal file
|
@ -0,0 +1,45 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
DOCKER_COMPOSE_VERSION="v2.2.3"
|
||||
DOCKER_COMPOSE_SOURCE="https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-linux-x86_64"
|
||||
DOCKER_COMPOSE_DESTINATION="/home/${FLOW_USERNAME}/.docker/cli-plugins/docker-compose"
|
||||
|
||||
# Upgrade system and install required packages
|
||||
apk update
|
||||
apk upgrade
|
||||
|
||||
apk add curl \
|
||||
docker \
|
||||
gettext \
|
||||
shadow \
|
||||
tzdata
|
||||
|
||||
groupadd -g "${FLOW_GID}" "${FLOW_USERNAME}"
|
||||
useradd -s /bin/bash -g "${FLOW_GID}" -u "${FLOW_UID}" -m -G docker "${FLOW_USERNAME}"
|
||||
|
||||
# Set the timezone and local time
|
||||
mkdir -p /etc/zoneinfo/Europe
|
||||
chmod -R 0755 /etc/zoneinfo
|
||||
cp /usr/share/zoneinfo/Europe/London /etc/zoneinfo/Europe/
|
||||
ln -fs /etc/zoneinfo/Europe/London /etc/localtime
|
||||
echo "Europe/London" > /etc/timezone
|
||||
apk del tzdata
|
||||
|
||||
mkdir -p \
|
||||
"/home/${FLOW_USERNAME}/.docker/cli-plugins" \
|
||||
"${ROOT_SETUP_DIRECTORY}/template/compose" \
|
||||
"${ROOT_SETUP_DIRECTORY}/template/traefik" \
|
||||
"${ROOT_SETUP_DIRECTORY}/template/gitea"
|
||||
|
||||
curl -SL "${DOCKER_COMPOSE_SOURCE}" -o "${DOCKER_COMPOSE_DESTINATION}"
|
||||
|
||||
chown "${FLOW_USERNAME}":"${FLOW_USERNAME}" "${DOCKER_COMPOSE_DESTINATION}"
|
||||
chmod u+x "${DOCKER_COMPOSE_DESTINATION}"
|
||||
|
||||
cat <<EOF > ${ROOT_SETUP_DIRECTORY}/env
|
||||
export FLOW_USERNAME=${FLOW_USERNAME}
|
||||
export FLOW_GID=${FLOW_GID}
|
||||
export ROOT_SETUP_DIRECTORY=${ROOT_SETUP_DIRECTORY}
|
||||
EOF
|
Reference in a new issue