autoconf - let's encrypt support for ingress controller
This commit is contained in:
parent
4e178b474c
commit
b6809266af
|
@ -8,10 +8,11 @@ from logger import log
|
|||
|
||||
class Config :
|
||||
|
||||
def __init__(self, type, api_uri, lock=None) :
|
||||
def __init__(self, type, api_uri, lock=None, http_port="8080") :
|
||||
self.__type = type
|
||||
self.__api_uri = api_uri
|
||||
self.__lock = lock
|
||||
self.__http_port = http_port
|
||||
|
||||
def __jobs(self) :
|
||||
log("config", "INFO", "starting jobs ...")
|
||||
|
@ -145,16 +146,16 @@ class Config :
|
|||
try :
|
||||
dns_result = dns.resolver.query("tasks." + name)
|
||||
for ip in dns_result :
|
||||
urls.append("http://" + ip.to_text() + ":8080" + self.__api_uri + path)
|
||||
urls.append("http://" + ip.to_text() + ":" + self.__http_port + self.__api_uri + path)
|
||||
except :
|
||||
ret = False
|
||||
elif self.__type == Controller.Type.KUBERNETES :
|
||||
for instance in instances :
|
||||
name = instance.metadata.name
|
||||
try :
|
||||
dns_result = dns.resolver.query(name + ".default.svc.cluster.local")
|
||||
dns_result = dns.resolver.query(name + "." + instance.metadata.namespace + ".svc.cluster.local")
|
||||
for ip in dns_result :
|
||||
urls.append("http://" + ip.to_text() + ":8080" + self.__api_uri + path)
|
||||
urls.append("http://" + ip.to_text() + ":" + self.__http_port + self.__api_uri + path)
|
||||
except :
|
||||
ret = False
|
||||
|
||||
|
|
|
@ -10,8 +10,8 @@ class Type(Enum) :
|
|||
|
||||
class Controller(ABC) :
|
||||
|
||||
def __init__(self, type, api_uri=None, lock=None) :
|
||||
self._config = Config(type, api_uri, lock)
|
||||
def __init__(self, type, api_uri=None, lock=None, http_port="8080") :
|
||||
self._config = Config(type, api_uri, lock=lock, http_port=http_port)
|
||||
self.lock = lock
|
||||
|
||||
@abstractmethod
|
||||
|
|
|
@ -8,8 +8,8 @@ from logger import log
|
|||
|
||||
class IngressController(Controller.Controller) :
|
||||
|
||||
def __init__(self, api_uri) :
|
||||
super().__init__(Controller.Type.KUBERNETES, api_uri=api_uri, lock=Lock())
|
||||
def __init__(self, api_uri, http_port) :
|
||||
super().__init__(Controller.Type.KUBERNETES, api_uri=api_uri, lock=Lock(), http_port=http_port)
|
||||
config.load_incluster_config()
|
||||
self.__api = client.CoreV1Api()
|
||||
self.__extensions_api = client.ExtensionsV1beta1Api()
|
||||
|
@ -78,6 +78,10 @@ class IngressController(Controller.Controller) :
|
|||
first_servers.extend(env["SERVER_NAME"].split(" "))
|
||||
for ingress in ingresses :
|
||||
env.update(self.__rules_to_env(ingress.spec.rules))
|
||||
if ingress.spec.tls :
|
||||
for tls_entry in ingress.spec.tls :
|
||||
for host in tls_entry.hosts :
|
||||
env[host + "_AUTO_LETS_ENCRYPT"] = "yes"
|
||||
if "SERVER_NAME" in env and env["SERVER_NAME"] != "" :
|
||||
first_servers.extend(env["SERVER_NAME"].split(" "))
|
||||
for service in services :
|
||||
|
|
|
@ -7,8 +7,8 @@ import Controller
|
|||
|
||||
class SwarmController(Controller.Controller) :
|
||||
|
||||
def __init__(self, docker_host, api_uri) :
|
||||
super().__init__(Controller.Type.SWARM, api_uri=api_uri, lock=Lock())
|
||||
def __init__(self, docker_host, api_uri, http_port) :
|
||||
super().__init__(Controller.Type.SWARM, api_uri=api_uri, lock=Lock(), http_port=http_port)
|
||||
self.__client = docker.DockerClient(base_url=docker_host)
|
||||
|
||||
def __get_instances(self) :
|
||||
|
|
|
@ -15,14 +15,15 @@ swarm = os.getenv("SWARM_MODE", "no") == "yes"
|
|||
kubernetes = os.getenv("KUBERNETES_MODE", "no") == "yes"
|
||||
api_uri = os.getenv("API_URI", "")
|
||||
docker_host = os.getenv("DOCKER_HOST", "unix:///var/run/docker.sock")
|
||||
http_port = os.getenv("HTTP_PORT", "8080")
|
||||
|
||||
# Instantiate the controller
|
||||
if swarm :
|
||||
log("autoconf", "INFO", "swarm mode detected")
|
||||
controller = SwarmController(docker_host, api_uri)
|
||||
controller = SwarmController(docker_host, api_uri, http_port)
|
||||
elif kubernetes :
|
||||
log("autoconf", "INFO", "kubernetes mode detected")
|
||||
controller = IngressController(api_uri)
|
||||
controller = IngressController(api_uri, http_port)
|
||||
else :
|
||||
log("autoconf", "INFO", "docker mode detected")
|
||||
controller = DockerController(docker_host)
|
||||
|
|
|
@ -10,4 +10,3 @@ ssl_session_cache shared:MozSSL:10m;
|
|||
ssl_dhparam /etc/nginx/dhparam;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
{% endif +%}
|
||||
include /etc/nginx/multisite-default-server-lets-encrypt-webroot.conf;
|
||||
|
|
|
@ -2,6 +2,7 @@ server {
|
|||
{% if LISTEN_HTTP == "yes" %}listen 0.0.0.0:{{ HTTP_PORT }} default_server{% endif +%};
|
||||
server_name _;
|
||||
{% if has_value("AUTO_LETS_ENCRYPT", "yes") %}include /etc/nginx/multisite-default-server-https.conf;{% endif +%}
|
||||
include /etc/nginx/multisite-default-server-lets-encrypt-webroot.conf;
|
||||
{% if USE_API == "yes" %}
|
||||
location ^~ {{ API_URI }} {
|
||||
include /etc/nginx/api.conf;
|
||||
|
|
|
@ -16,6 +16,9 @@ metadata:
|
|||
# add "static" routes here (see https://kubernetes.io/docs/concepts/services-networking/ingress/)
|
||||
# and/or add annotations to your services (see https://github.com/bunkerity/bunkerized-nginx/tree/master/examples/kubernetes)
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- app.example.com
|
||||
rules:
|
||||
- host: "app.example.com"
|
||||
http:
|
||||
|
|
|
@ -17,17 +17,13 @@ spec:
|
|||
serviceAccountName: bunkerized-nginx-ingress-controller
|
||||
containers:
|
||||
- name: bunkerized-nginx-autoconf
|
||||
image: bunkerity/bunkerized-nginx-autoconf:testing
|
||||
imagePullPolicy: Always
|
||||
image: bunkerity/bunkerized-nginx-autoconf
|
||||
#imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
- name: API_URI
|
||||
value: "/ChangeMeToSomethingHardToGuess"
|
||||
- name: SERVER_NAME
|
||||
value: ""
|
||||
- name: MULTISITE
|
||||
value: "yes"
|
||||
volumeMounts:
|
||||
- name: confs
|
||||
mountPath: /etc/nginx
|
||||
|
@ -85,12 +81,15 @@ spec:
|
|||
name: bunkerized-nginx
|
||||
bunkerized-nginx: "yes"
|
||||
spec:
|
||||
hostNetwork: true
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
containers:
|
||||
- name: bunkerized-nginx
|
||||
image: bunkerity/bunkerized-nginx:testing
|
||||
imagePullPolicy: Always
|
||||
image: bunkerity/bunkerized-nginx
|
||||
#imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
hostPort: 80
|
||||
- containerPort: 8443
|
||||
hostPort: 443
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
|
|
Loading…
Reference in New Issue