Migrate to traefik v2

BretFisher · Mar 9, 2020 · fcc48b0 · fcc48b0
1 parent f43ab69
commit fcc48b0
Show file tree

Hide file tree

Showing 11 changed files with 120 additions and 86 deletions.
diff --git a/ghost.dockerapp b/ghost.dockerapp
@@ -4,7 +4,7 @@ version: 0.1.0
 # Name of the application
 name: ghost
 # A short description of the application
-description: 
+description:
 # Namespace to use when pushing to a registry. This is typically your Hub username.
 namespace: dogvscat
 # List of application maintainers with name and email for each
@@ -37,8 +37,10 @@ services:
     deploy:
       replicas: 1
       labels:
-        - traefik.port=2368
-        - traefik.frontend.rule=Host:ghost.dogvs.cat
+        traefik.http.routers.ghost.rule: Host(`ghost.dogvs.cat`)
+        traefik.http.routers.ghost.entryPoints: websecure
+        traefik.http.routers.ghost.service: ghost
+        traefik.http.services.ghost.loadbalancer.server.port: 2368
     # logging:
     #   driver: "gelf"
     #   options:
@@ -57,7 +59,7 @@ volumes:
     driver: rexray/dobs
     driver_opts:
       size: 1
- 
+
 
 
 ---

diff --git a/menu.dockerapp b/menu.dockerapp
@@ -4,7 +4,7 @@ version: 0.1.0
 # Name of the application
 name: menu
 # A short description of the application
-description: 
+description:
 # Namespace to use when pushing to a registry. This is typically your Hub username.
 namespace: dogvscat
 # List of application maintainers with name and email for each
@@ -25,8 +25,10 @@ services:
     deploy:
       replicas: 3
       labels:
-        - traefik.port=80
-        - traefik.frontend.rule=Host:www.dogvs.cat,dogvs.cat
+        traefik.http.routers.dogvs.rule: Host(`www.dogvs.cat`) || Host(`dogvs.cat`)
+        traefik.http.routers.dogvs.entryPoints: websecure
+        traefik.http.routers.dogvs.service: dogvs
+        traefik.http.services.dogvs.loadbalancer.server.port: 80
     # logging:
     #   driver: "gelf"
     #   options:

diff --git a/stack-elk.yml b/stack-elk.yml
@@ -1,10 +1,10 @@
 version: '3.7'
 
-x-default-opts: 
+x-default-opts:
   &default-opts
   logging:
     options:
-      max-size: "1m" 
+      max-size: "1m"
   # driver: "gelf"
   # options:
   #   gelf-address: "udp://127.0.0.1:5000"
@@ -60,10 +60,13 @@ services:
       mode: replicated
       replicas: 1
       labels:
-        - traefik.port=5601
-        - traefik.frontend.rule=Host:kibana.dogvs.cat
-        - traefik.frontend.auth.basic=${KIBANA_USER:-admin}:${KIBANA_PASSWORD:-$2y$05$oZcj4FgdSFEYNCH0EH/3Vu7Hp72gkvEadHzMsDhGFkbvS/ZrKMKfK}
-      # TODO: make secrets secret
+        traefik.http.routers.kibana.rule: Host(`kibana.dogvs.cat`)
+        traefik.http.routers.kibana.entryPoints: websecure
+        traefik.http.routers.kibana.service: kibana
+        traefik.http.routers.kibana.middlewares: kibana-auth
+        traefik.http.services.kibana.loadbalancer.server.port: 5601
+        traefik.http.middlewares.kibana-auth.basicauth.users: ${KIBANA_USER:-admin}:${KIBANA_PASSWORD:-$2y$05$oZcj4FgdSFEYNCH0EH/3Vu7Hp72gkvEadHzMsDhGFkbvS/ZrKMKfK}
+        # TODO: make secrets secret
 
 configs:
 

diff --git a/stack-ghost.yml b/stack-ghost.yml
@@ -1,10 +1,10 @@
 version: '3.7'
 
-x-default-opts: 
+x-default-opts:
   &default-opts
   logging:
     options:
-      max-size: "1m" 
+      max-size: "1m"
   # driver: "gelf"
   # options:
   #   gelf-address: "udp://127.0.0.1:5000"
@@ -28,8 +28,10 @@ services:
     deploy:
       replicas: 1
       labels:
-        - traefik.port=2368
-        - traefik.frontend.rule=Host:ghost.dogvs.cat
+        traefik.http.routers.ghost.rule: Host(`ghost.dogvs.cat`)
+        traefik.http.routers.ghost.entryPoints: websecure
+        traefik.http.routers.ghost.service: ghost
+        traefik.http.services.ghost.loadbalancer.server.port: 2368
 
   db:
     <<: *default-opts

diff --git a/stack-menu.yml b/stack-menu.yml
@@ -1,10 +1,10 @@
 version: '3.7'
 
-x-default-opts: 
+x-default-opts:
   &default-opts
   logging:
     options:
-      max-size: "1m" 
+      max-size: "1m"
   # driver: "gelf"
   # options:
   #   gelf-address: "udp://127.0.0.1:5000"
@@ -19,8 +19,10 @@ services:
     deploy:
       replicas: 3
       labels:
-        - traefik.port=80
-        - traefik.frontend.rule=Host:www.dogvs.cat,dogvs.cat
+        traefik.http.routers.dogvs.rule: Host(`www.dogvs.cat`) || Host(`dogvs.cat`)
+        traefik.http.routers.dogvs.entryPoints: websecure
+        traefik.http.routers.dogvs.service: dogvs
+        traefik.http.services.dogvs.loadbalancer.server.port: 80
     networks:
       - proxy
 

diff --git a/stack-portainer.yml b/stack-portainer.yml
@@ -1,10 +1,10 @@
 version: "3.7"
 
-x-default-opts: 
+x-default-opts:
   &default-opts
   logging:
     options:
-      max-size: "1m" 
+      max-size: "1m"
   # driver: "gelf"
   # options:
   #   gelf-address: "udp://127.0.0.1:5000"
@@ -20,8 +20,10 @@ services:
         # constraints: [node.role == manager]
         # place on managers when not using agent, place on workers if using agent
       labels:
-        - traefik.port=9000
-        - traefik.frontend.rule=Host:portainer.dogvs.cat
+        traefik.http.routers.portainer.rule: Host(`portainer.dogvs.cat`)
+        traefik.http.routers.dogvs.entryPoints: websecure
+        traefik.http.routers.portainer.service: portainer
+        traefik.http.services.portainer.loadbalancer.server.port: 9000
     networks:
       - proxy
       - portainer

diff --git a/stack-proxy.yml b/stack-proxy.yml
@@ -4,11 +4,11 @@
 
 version: '3.7'
 
-x-default-opts: 
+x-default-opts:
   &default-opts
   logging:
     options:
-      max-size: "1m" 
+      max-size: "1m"
   # driver: "gelf"
   # options:
   #   gelf-address: "udp://127.0.0.1:5000"
@@ -17,7 +17,7 @@ services:
 
   traefik:
     <<: *default-opts
-    image: traefik:1.7-alpine
+    image: traefik:2.2
     networks:
       - proxy
     volumes:
@@ -26,38 +26,36 @@ services:
     ports:
       - "80:80"
       - "443:443"
-      - "8080:8080" # traefik dashboard
     command:
       # Use your favourite settings here, but add:
-      - --docker
-      - --docker.swarmMode
-      - --docker.domain=traefik
-      - --docker.network=proxy
-      - --docker.watch
+      - --providers.docker
+      - --providers.docker.swarmMode
+      - --providers.docker.network=proxy
+      - --providers.docker.watch
       - --api
-      - --defaultentrypoints=http,https
-      - --entryPoints=Name:https Address::443 TLS
-      - --entryPoints=Name:http Address::80 # don't force HTTPS
-      # - --entryPoints=Name:http Address::80 Redirect.EntryPoint:https  # force HTTPS
+      - --entryPoints.web.address=:80
+      - --entryPoints.websecure.address=:443
+      - --entrypoints.websecure.http.tls=true
+      # - --entrypoints.web.http.redirections.entryPoint.to=websecure # force HTTPS
+      # - --entrypoints.web.http.tls.certresolver=default
       ## optional LetsEncrypt settings
-      # - --acme
-      # - --acme.email=${TRAEFIK_ACME_EMAIL}
-      #   # TODO: envvar for email and default domain
-      # - --acme.httpchallenge
-      # - --acme.httpchallenge.entrypoint=http
-      # - --acme.onhostrule=true
-      # - --acme.entrypoint=https
-      # - --acme.storage=/etc/traefik/acme/acme.json
-      # - --acme.acmelogging
-      # - --acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
-      # - --acme.caserver=https://acme-v02.api.letsencrypt.org/directory
+      # - --certificatesResolvers.default.acme.email=${TRAEFIK_ACME_EMAIL}
+      # - --certificatesResolvers.default.acme.storage=/etc/traefik/acme/acme.json
+      # - --certificatesResolvers.default.acme.tlsChallenge=true
+      # - --certificatesResolvers.default.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
+      # - --certificatesResolvers.default.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
     deploy:
       placement:
         constraints: [node.role == manager]
+      # Dynamic Configuration
       labels:
-        - traefik.port=8080
-        - traefik.frontend.rule=Host:traefik.dogvs.cat
-
+        traefik.http.routers.api.rule: Host(`traefik.dogvs.cat`)
+        traefik.http.routers.api.entryPoints: websecure
+        traefik.http.routers.api.service: api@internal
+        traefik.http.routers.api.middlewares: auth
+        traefik.http.services.dummy.loadbalancer.server.port: 4242
+        traefik.http.middlewares.auth.basicauth.users: test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0
+
 volumes:
   acme:
     driver: rexray/dobs

diff --git a/stack-sqlite-ghost.yml b/stack-sqlite-ghost.yml
@@ -1,10 +1,10 @@
 version: '3.7'
 
-x-default-opts: 
+x-default-opts:
   &default-opts
   logging:
     options:
-      max-size: "1m" 
+      max-size: "1m"
   # driver: "gelf"
   # options:
   #   gelf-address: "udp://127.0.0.1:5000"
@@ -31,8 +31,10 @@ services:
     deploy:
       replicas: 1
       labels:
-        - traefik.port=2368
-        - traefik.frontend.rule=Host:ghost.dogvs.cat
+        traefik.http.routers.ghost.rule: Host(`ghost.dogvs.cat`)
+        traefik.http.routers.ghost.entryPoints: websecure
+        traefik.http.routers.ghost.service: ghost
+        traefik.http.services.ghost.loadbalancer.server.port: 2368
 
   # TODO: backup for static content
 
@@ -47,5 +49,5 @@ volumes:
     driver: rexray/dobs
     driver_opts:
       size: 1
- 
+
 
diff --git a/stack-swarmprom.yml b/stack-swarmprom.yml
@@ -1,10 +1,10 @@
 version: "3.7"
 
-x-default-opts: 
+x-default-opts:
   &default-opts
   logging:
     options:
-      max-size: "1m" 
+      max-size: "1m"
   # driver: "gelf"
   # options:
   #   gelf-address: "udp://127.0.0.1:5000"
@@ -100,8 +100,10 @@ services:
       mode: replicated
       replicas: 1
       labels:
-        - traefik.port=3000
-        - traefik.frontend.rule=Host:grafana.dogvs.cat
+        traefik.http.routers.grafana.rule: Host(`grafana.dogvs.cat`)
+        traefik.http.routers.grafana.entryPoints: websecure
+        traefik.http.routers.grafana.service: grafana
+        traefik.http.services.grafana.loadbalancer.server.port: 3000
       placement:
         constraints:
           - node.role == manager
@@ -131,9 +133,12 @@ services:
       mode: replicated
       replicas: 1
       labels:
-        - traefik.port=9093
-        - traefik.frontend.rule=Host:alertmanager.dogvs.cat
-        - traefik.frontend.auth.basic=${AM_USER:-admin}:${AM_PASSWORD:-$2y$05$oZcj4FgdSFEYNCH0EH/3Vu7Hp72gkvEadHzMsDhGFkbvS/ZrKMKfK}
+        traefik.http.routers.alertmanager.rule: Host(`alertmanager.dogvs.cat`)
+        traefik.http.routers.alertmanager.entryPoints: websecure
+        traefik.http.routers.alertmanager.service: alertmanager
+        traefik.http.routers.alertmanager.middlewares: alertmanager-auth
+        traefik.http.services.alertmanager.loadbalancer.server.port: 9093
+        traefik.http.middlewares.alertmanager-auth.basicauth.users: ${AM_USER:-admin}:${AM_PASSWORD:-$2y$05$oZcj4FgdSFEYNCH0EH/3Vu7Hp72gkvEadHzMsDhGFkbvS/ZrKMKfK}
       placement:
         constraints:
           - node.role == manager
@@ -156,9 +161,12 @@ services:
       mode: replicated
       replicas: 1
       labels:
-        - traefik.port=9094
-        - traefik.frontend.rule=Host:unsee.dogvs.cat
-        - traefik.frontend.auth.basic=${UNSEE_USER:-admin}:${UNSEE_PASSWORD:-$2y$05$oZcj4FgdSFEYNCH0EH/3Vu7Hp72gkvEadHzMsDhGFkbvS/ZrKMKfK}
+        traefik.http.routers.unsee.rule: Host(`unsee.dogvs.cat`)
+        traefik.http.routers.unsee.entryPoints: websecure
+        traefik.http.routers.unsee.service: unsee
+        traefik.http.routers.unsee.middlewares: unsee-auth
+        traefik.http.services.unsee.loadbalancer.server.port: 9094
+        traefik.http.middlewares.unsee-auth.basicauth.users: ${UNSEE_USER:-admin}:${UNSEE_PASSWORD:-$2y$05$oZcj4FgdSFEYNCH0EH/3Vu7Hp72gkvEadHzMsDhGFkbvS/ZrKMKfK}
         # - com.df.users=${ADMIN_USER:-admin}:${ADMIN_PASSWORD:-admin}
 
 
@@ -213,9 +221,12 @@ services:
       mode: replicated
       replicas: 1
       labels:
-        - traefik.port=9090
-        - traefik.frontend.rule=Host:prom.dogvs.cat
-        - traefik.frontend.auth.basic=${KIBANA_USER:-admin}:${KIBANA_PASSWORD:-$2y$05$oZcj4FgdSFEYNCH0EH/3Vu7Hp72gkvEadHzMsDhGFkbvS/ZrKMKfK} 
+        traefik.http.routers.prom.rule: Host(`prom.dogvs.cat`)
+        traefik.http.routers.prom.entryPoints: websecure
+        traefik.http.routers.prom.service: prom
+        traefik.http.routers.prom.middlewares: prom-auth
+        traefik.http.services.prom.loadbalancer.server.port: 9090
+        traefik.http.middlewares.prom-auth.basicauth.users: ${KIBANA_USER:-admin}:${KIBANA_PASSWORD:-$2y$05$oZcj4FgdSFEYNCH0EH/3Vu7Hp72gkvEadHzMsDhGFkbvS/ZrKMKfK}
       placement:
         constraints:
           - node.role == manager