Traefikee

安装和配置一个 TraefikEE 内部集群

角色变量

来自 默认配置（跳过无聊的内容，具体细节请见文件，例如安装路径、systemd 服务名称、启动命令行等）：

# 控制器和代理的组名
traefikee_controller_group: traefikee_controller
traefikee_proxy_group: traefikee_proxy

# 这些变量在集群安装时只会设置为 true。
traefikee_install: false  # 设置为 true 以安装 traefikee 二进制文件
traefikee_configure: false  # 设置为 true 以配置并启动 systemd 服务

# 动态配置
# 每个条目都是一个配置文件。如果配置返回 false
# 则删除该配置文件。
#
# 示例：

# traefikee_cluster_dynamic_config:
#   my_site:
#     http:
#       routers:
#         my-site-router:
#           rule: "Host('www.example.org')"
#           entryPoints:
#             - https
#           service: site
#       services:
#         site:
#           loadBalancer:
#             servers:
#               - url: "http://10.0.0.42:8000"
#   my_old_site: null

traefikee_cluster_dynamic_config: {}

# 获取许可证密钥请联系 Containous 销售团队
traefikee_license_key: ""

# 二进制文件下载信息
traefikee_version: 2.0.2
traefikee_arch: linux_amd64

# 启动时，traefikee 会进行许可证检查。这将作为
# systemd 服务环境变量添加。
traefikee_http_proxy: ""
traefikee_https_proxy: "{{ traefikee_http_proxy }}"

# 在此添加额外的环境变量。
# 例如，对于 Lego 配置 (https://docs.traefik.io/https/acme/) :
# traefikee_environment_extra: |
#   OVH_ENDPOINT=ovh-eu
#   OVH_APPLICATION_KEY=123456
#   OVH_APPLICATION_SECRET=123456
#   OVH_CONSUMER_KEY=abcdef1234
traefikee_environment_extra: ""

# 静态配置是该映射的逐字副本
traefikee_cluster_config:
  entryPoints:
    http:
      address: ":80"
    https:
      address: ":443"
  providers:
    # 如果希望使用 traefikee_cluster_dynamic_config，则需要此提供者
    file:
      directory: "{{ traefikee_cluster_dynamic_config_dir }}"
      watch: true

示例剧本

给定此库存：

all:
  children:
    traefikee:
      vars:
        # TODO: 目前这是硬编码的，我们必须从事实中获取这个
        traefikee_controller_listen_address: 10.108.0.18
        # 显然这应该被加密
        traefikee_license_key: !vault |
           **********
        traefikee_http_proxy: http://mysquid:3128
      children:
        traefikee_controller:
          hosts:
            traefik-ctl-01.example.net:
        traefikee_proxy:
          hosts:
            traefik-proxy-01.example.net:
            traefik-proxy-02.example.net:

安装和配置集群

- hosts: traefikee
  become: yes
  environment:
    # 这些是必需的，因为安装过程需要访问互联网
    http_proxy: http://mysquid:3128
    https_proxy: http://mysquid:3128
  vars:
    traefikee_install: yes
    traefikee_configure: yes
  roles:
    - traefikee

更新动态配置

注意，旧的 remove_me 配置被删除，而 my_site 被创建或更新。

- hosts: traefikee
  become: yes
  vars:
    traefikee_cluster_dynamic_config:
      remove_me: null
      my_site:
        http:
          routers:
            my-site-router:
              rule: "Host('www.example.org')"
              entryPoints:
                - http
              service: site
          services:
            site:
              loadBalancer:
                servers:
                  - url: "http://10.0.0.42:8000"

  roles:
    - traefikee

许可证

© 2020 – Kosc Telecom

根据 GPLV3 条款分发