From fcc48b018dc33bc6ef3f240fb77aeef5557dd475 Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 9 Mar 2020 11:13:21 +0100 Subject: [PATCH] Migrate to traefik v2 --- ghost.dockerapp | 10 ++++---- menu.dockerapp | 8 ++++--- stack-elk.yml | 15 +++++++----- stack-ghost.yml | 10 ++++---- stack-menu.yml | 10 ++++---- stack-portainer.yml | 10 ++++---- stack-proxy.yml | 52 ++++++++++++++++++++---------------------- stack-sqlite-ghost.yml | 12 ++++++---- stack-swarmprom.yml | 37 +++++++++++++++++++----------- stack-voting.yml | 24 +++++++++++-------- voting.dockerapp | 18 +++++++++------ 11 files changed, 120 insertions(+), 86 deletions(-) diff --git a/ghost.dockerapp b/ghost.dockerapp index e63ab37..f4b857e 100644 --- a/ghost.dockerapp +++ b/ghost.dockerapp @@ -4,7 +4,7 @@ version: 0.1.0 # Name of the application name: ghost # A short description of the application -description: +description: # Namespace to use when pushing to a registry. This is typically your Hub username. namespace: dogvscat # List of application maintainers with name and email for each @@ -37,8 +37,10 @@ services: deploy: replicas: 1 labels: - - traefik.port=2368 - - traefik.frontend.rule=Host:ghost.dogvs.cat + traefik.http.routers.ghost.rule: Host(`ghost.dogvs.cat`) + traefik.http.routers.ghost.entryPoints: websecure + traefik.http.routers.ghost.service: ghost + traefik.http.services.ghost.loadbalancer.server.port: 2368 # logging: # driver: "gelf" # options: @@ -57,7 +59,7 @@ volumes: driver: rexray/dobs driver_opts: size: 1 - + --- diff --git a/menu.dockerapp b/menu.dockerapp index ea71262..cedaa71 100644 --- a/menu.dockerapp +++ b/menu.dockerapp @@ -4,7 +4,7 @@ version: 0.1.0 # Name of the application name: menu # A short description of the application -description: +description: # Namespace to use when pushing to a registry. This is typically your Hub username. namespace: dogvscat # List of application maintainers with name and email for each @@ -25,8 +25,10 @@ services: deploy: replicas: 3 labels: - - traefik.port=80 - - traefik.frontend.rule=Host:www.dogvs.cat,dogvs.cat + traefik.http.routers.dogvs.rule: Host(`www.dogvs.cat`) || Host(`dogvs.cat`) + traefik.http.routers.dogvs.entryPoints: websecure + traefik.http.routers.dogvs.service: dogvs + traefik.http.services.dogvs.loadbalancer.server.port: 80 # logging: # driver: "gelf" # options: diff --git a/stack-elk.yml b/stack-elk.yml index 607f2c6..18f94cc 100644 --- a/stack-elk.yml +++ b/stack-elk.yml @@ -1,10 +1,10 @@ version: '3.7' -x-default-opts: +x-default-opts: &default-opts logging: options: - max-size: "1m" + max-size: "1m" # driver: "gelf" # options: # gelf-address: "udp://127.0.0.1:5000" @@ -60,10 +60,13 @@ services: mode: replicated replicas: 1 labels: - - traefik.port=5601 - - traefik.frontend.rule=Host:kibana.dogvs.cat - - traefik.frontend.auth.basic=${KIBANA_USER:-admin}:${KIBANA_PASSWORD:-$2y$05$oZcj4FgdSFEYNCH0EH/3Vu7Hp72gkvEadHzMsDhGFkbvS/ZrKMKfK} - # TODO: make secrets secret + traefik.http.routers.kibana.rule: Host(`kibana.dogvs.cat`) + traefik.http.routers.kibana.entryPoints: websecure + traefik.http.routers.kibana.service: kibana + traefik.http.routers.kibana.middlewares: kibana-auth + traefik.http.services.kibana.loadbalancer.server.port: 5601 + traefik.http.middlewares.kibana-auth.basicauth.users: ${KIBANA_USER:-admin}:${KIBANA_PASSWORD:-$2y$05$oZcj4FgdSFEYNCH0EH/3Vu7Hp72gkvEadHzMsDhGFkbvS/ZrKMKfK} + # TODO: make secrets secret configs: diff --git a/stack-ghost.yml b/stack-ghost.yml index e45d242..38f86c9 100644 --- a/stack-ghost.yml +++ b/stack-ghost.yml @@ -1,10 +1,10 @@ version: '3.7' -x-default-opts: +x-default-opts: &default-opts logging: options: - max-size: "1m" + max-size: "1m" # driver: "gelf" # options: # gelf-address: "udp://127.0.0.1:5000" @@ -28,8 +28,10 @@ services: deploy: replicas: 1 labels: - - traefik.port=2368 - - traefik.frontend.rule=Host:ghost.dogvs.cat + traefik.http.routers.ghost.rule: Host(`ghost.dogvs.cat`) + traefik.http.routers.ghost.entryPoints: websecure + traefik.http.routers.ghost.service: ghost + traefik.http.services.ghost.loadbalancer.server.port: 2368 db: <<: *default-opts diff --git a/stack-menu.yml b/stack-menu.yml index c8c983b..11c58ce 100644 --- a/stack-menu.yml +++ b/stack-menu.yml @@ -1,10 +1,10 @@ version: '3.7' -x-default-opts: +x-default-opts: &default-opts logging: options: - max-size: "1m" + max-size: "1m" # driver: "gelf" # options: # gelf-address: "udp://127.0.0.1:5000" @@ -19,8 +19,10 @@ services: deploy: replicas: 3 labels: - - traefik.port=80 - - traefik.frontend.rule=Host:www.dogvs.cat,dogvs.cat + traefik.http.routers.dogvs.rule: Host(`www.dogvs.cat`) || Host(`dogvs.cat`) + traefik.http.routers.dogvs.entryPoints: websecure + traefik.http.routers.dogvs.service: dogvs + traefik.http.services.dogvs.loadbalancer.server.port: 80 networks: - proxy diff --git a/stack-portainer.yml b/stack-portainer.yml index 63bb889..c15d713 100644 --- a/stack-portainer.yml +++ b/stack-portainer.yml @@ -1,10 +1,10 @@ version: "3.7" -x-default-opts: +x-default-opts: &default-opts logging: options: - max-size: "1m" + max-size: "1m" # driver: "gelf" # options: # gelf-address: "udp://127.0.0.1:5000" @@ -20,8 +20,10 @@ services: # constraints: [node.role == manager] # place on managers when not using agent, place on workers if using agent labels: - - traefik.port=9000 - - traefik.frontend.rule=Host:portainer.dogvs.cat + traefik.http.routers.portainer.rule: Host(`portainer.dogvs.cat`) + traefik.http.routers.dogvs.entryPoints: websecure + traefik.http.routers.portainer.service: portainer + traefik.http.services.portainer.loadbalancer.server.port: 9000 networks: - proxy - portainer diff --git a/stack-proxy.yml b/stack-proxy.yml index e6e3714..a735473 100644 --- a/stack-proxy.yml +++ b/stack-proxy.yml @@ -4,11 +4,11 @@ version: '3.7' -x-default-opts: +x-default-opts: &default-opts logging: options: - max-size: "1m" + max-size: "1m" # driver: "gelf" # options: # gelf-address: "udp://127.0.0.1:5000" @@ -17,7 +17,7 @@ services: traefik: <<: *default-opts - image: traefik:1.7-alpine + image: traefik:2.2 networks: - proxy volumes: @@ -26,38 +26,36 @@ services: ports: - "80:80" - "443:443" - - "8080:8080" # traefik dashboard command: # Use your favourite settings here, but add: - - --docker - - --docker.swarmMode - - --docker.domain=traefik - - --docker.network=proxy - - --docker.watch + - --providers.docker + - --providers.docker.swarmMode + - --providers.docker.network=proxy + - --providers.docker.watch - --api - - --defaultentrypoints=http,https - - --entryPoints=Name:https Address::443 TLS - - --entryPoints=Name:http Address::80 # don't force HTTPS - # - --entryPoints=Name:http Address::80 Redirect.EntryPoint:https # force HTTPS + - --entryPoints.web.address=:80 + - --entryPoints.websecure.address=:443 + - --entrypoints.websecure.http.tls=true + # - --entrypoints.web.http.redirections.entryPoint.to=websecure # force HTTPS + # - --entrypoints.web.http.tls.certresolver=default ## optional LetsEncrypt settings - # - --acme - # - --acme.email=${TRAEFIK_ACME_EMAIL} - # # TODO: envvar for email and default domain - # - --acme.httpchallenge - # - --acme.httpchallenge.entrypoint=http - # - --acme.onhostrule=true - # - --acme.entrypoint=https - # - --acme.storage=/etc/traefik/acme/acme.json - # - --acme.acmelogging - # - --acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory - # - --acme.caserver=https://acme-v02.api.letsencrypt.org/directory + # - --certificatesResolvers.default.acme.email=${TRAEFIK_ACME_EMAIL} + # - --certificatesResolvers.default.acme.storage=/etc/traefik/acme/acme.json + # - --certificatesResolvers.default.acme.tlsChallenge=true + # - --certificatesResolvers.default.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory + # - --certificatesResolvers.default.acme.caServer=https://acme-v02.api.letsencrypt.org/directory deploy: placement: constraints: [node.role == manager] + # Dynamic Configuration labels: - - traefik.port=8080 - - traefik.frontend.rule=Host:traefik.dogvs.cat - + traefik.http.routers.api.rule: Host(`traefik.dogvs.cat`) + traefik.http.routers.api.entryPoints: websecure + traefik.http.routers.api.service: api@internal + traefik.http.routers.api.middlewares: auth + traefik.http.services.dummy.loadbalancer.server.port: 4242 + traefik.http.middlewares.auth.basicauth.users: test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0 + volumes: acme: driver: rexray/dobs diff --git a/stack-sqlite-ghost.yml b/stack-sqlite-ghost.yml index b995ce0..bc8d31f 100644 --- a/stack-sqlite-ghost.yml +++ b/stack-sqlite-ghost.yml @@ -1,10 +1,10 @@ version: '3.7' -x-default-opts: +x-default-opts: &default-opts logging: options: - max-size: "1m" + max-size: "1m" # driver: "gelf" # options: # gelf-address: "udp://127.0.0.1:5000" @@ -31,8 +31,10 @@ services: deploy: replicas: 1 labels: - - traefik.port=2368 - - traefik.frontend.rule=Host:ghost.dogvs.cat + traefik.http.routers.ghost.rule: Host(`ghost.dogvs.cat`) + traefik.http.routers.ghost.entryPoints: websecure + traefik.http.routers.ghost.service: ghost + traefik.http.services.ghost.loadbalancer.server.port: 2368 # TODO: backup for static content @@ -47,5 +49,5 @@ volumes: driver: rexray/dobs driver_opts: size: 1 - + diff --git a/stack-swarmprom.yml b/stack-swarmprom.yml index 3b39e4f..bee42d3 100644 --- a/stack-swarmprom.yml +++ b/stack-swarmprom.yml @@ -1,10 +1,10 @@ version: "3.7" -x-default-opts: +x-default-opts: &default-opts logging: options: - max-size: "1m" + max-size: "1m" # driver: "gelf" # options: # gelf-address: "udp://127.0.0.1:5000" @@ -100,8 +100,10 @@ services: mode: replicated replicas: 1 labels: - - traefik.port=3000 - - traefik.frontend.rule=Host:grafana.dogvs.cat + traefik.http.routers.grafana.rule: Host(`grafana.dogvs.cat`) + traefik.http.routers.grafana.entryPoints: websecure + traefik.http.routers.grafana.service: grafana + traefik.http.services.grafana.loadbalancer.server.port: 3000 placement: constraints: - node.role == manager @@ -131,9 +133,12 @@ services: mode: replicated replicas: 1 labels: - - traefik.port=9093 - - traefik.frontend.rule=Host:alertmanager.dogvs.cat - - traefik.frontend.auth.basic=${AM_USER:-admin}:${AM_PASSWORD:-$2y$05$oZcj4FgdSFEYNCH0EH/3Vu7Hp72gkvEadHzMsDhGFkbvS/ZrKMKfK} + traefik.http.routers.alertmanager.rule: Host(`alertmanager.dogvs.cat`) + traefik.http.routers.alertmanager.entryPoints: websecure + traefik.http.routers.alertmanager.service: alertmanager + traefik.http.routers.alertmanager.middlewares: alertmanager-auth + traefik.http.services.alertmanager.loadbalancer.server.port: 9093 + traefik.http.middlewares.alertmanager-auth.basicauth.users: ${AM_USER:-admin}:${AM_PASSWORD:-$2y$05$oZcj4FgdSFEYNCH0EH/3Vu7Hp72gkvEadHzMsDhGFkbvS/ZrKMKfK} placement: constraints: - node.role == manager @@ -156,9 +161,12 @@ services: mode: replicated replicas: 1 labels: - - traefik.port=9094 - - traefik.frontend.rule=Host:unsee.dogvs.cat - - traefik.frontend.auth.basic=${UNSEE_USER:-admin}:${UNSEE_PASSWORD:-$2y$05$oZcj4FgdSFEYNCH0EH/3Vu7Hp72gkvEadHzMsDhGFkbvS/ZrKMKfK} + traefik.http.routers.unsee.rule: Host(`unsee.dogvs.cat`) + traefik.http.routers.unsee.entryPoints: websecure + traefik.http.routers.unsee.service: unsee + traefik.http.routers.unsee.middlewares: unsee-auth + traefik.http.services.unsee.loadbalancer.server.port: 9094 + traefik.http.middlewares.unsee-auth.basicauth.users: ${UNSEE_USER:-admin}:${UNSEE_PASSWORD:-$2y$05$oZcj4FgdSFEYNCH0EH/3Vu7Hp72gkvEadHzMsDhGFkbvS/ZrKMKfK} # - com.df.users=${ADMIN_USER:-admin}:${ADMIN_PASSWORD:-admin} @@ -213,9 +221,12 @@ services: mode: replicated replicas: 1 labels: - - traefik.port=9090 - - traefik.frontend.rule=Host:prom.dogvs.cat - - traefik.frontend.auth.basic=${KIBANA_USER:-admin}:${KIBANA_PASSWORD:-$2y$05$oZcj4FgdSFEYNCH0EH/3Vu7Hp72gkvEadHzMsDhGFkbvS/ZrKMKfK} + traefik.http.routers.prom.rule: Host(`prom.dogvs.cat`) + traefik.http.routers.prom.entryPoints: websecure + traefik.http.routers.prom.service: prom + traefik.http.routers.prom.middlewares: prom-auth + traefik.http.services.prom.loadbalancer.server.port: 9090 + traefik.http.middlewares.prom-auth.basicauth.users: ${KIBANA_USER:-admin}:${KIBANA_PASSWORD:-$2y$05$oZcj4FgdSFEYNCH0EH/3Vu7Hp72gkvEadHzMsDhGFkbvS/ZrKMKfK} placement: constraints: - node.role == manager diff --git a/stack-voting.yml b/stack-voting.yml index d3e731c..8d8def3 100644 --- a/stack-voting.yml +++ b/stack-voting.yml @@ -1,10 +1,10 @@ version: '3.7' -x-default-opts: +x-default-opts: &default-opts logging: options: - max-size: "1m" + max-size: "1m" # driver: "gelf" # options: # gelf-address: "udp://127.0.0.1:5000" @@ -21,7 +21,7 @@ services: - frontend deploy: endpoint_mode: dnsrr - + db: <<: *default-opts image: postgres:9.6 @@ -41,8 +41,10 @@ services: deploy: replicas: 2 labels: - - traefik.port=80 - - traefik.frontend.rule=Host:vote.dogvs.cat + traefik.http.routers.vote.rule: Host(`vote.dogvs.cat`) + traefik.http.routers.vote.entryPoints: websecure + traefik.http.routers.vote.service: vote + traefik.http.services.vote.loadbalancer.server.port: 80 result: <<: *default-opts @@ -53,9 +55,11 @@ services: deploy: replicas: 2 labels: - - traefik.port=80 - - traefik.frontend.rule=Host:result.dogvs.cat - - traefik.backend.loadbalancer.stickiness=true + traefik.http.routers.result.rule: Host(`result.dogvs.cat`) + traefik.http.routers.result.entryPoints: websecure + traefik.http.routers.result.service: result + traefik.http.services.result.loadbalancer.server.port: 80 + traefik.http.services.result.loadbalancer.sticky: "true" worker: <<: *default-opts @@ -65,7 +69,9 @@ services: - backend deploy: replicas: 2 - + labels: + traefik.enable: "true" + networks: frontend: {} backend: {} diff --git a/voting.dockerapp b/voting.dockerapp index 16c4803..d665b0f 100644 --- a/voting.dockerapp +++ b/voting.dockerapp @@ -4,7 +4,7 @@ version: 0.1.0 # Name of the application name: voting # A short description of the application -description: +description: # Namespace to use when pushing to a registry. This is typically your Hub username. namespace: dogvscat # List of application maintainers with name and email for each @@ -53,8 +53,10 @@ services: deploy: replicas: 2 labels: - - traefik.port=80 - - traefik.frontend.rule=Host:vote.dogvs.cat + traefik.http.routers.vote.rule: Host(`vote.dogvs.cat`) + traefik.http.routers.vote.entryPoints: websecure + traefik.http.routers.vote.service: vote + traefik.http.services.vote.loadbalancer.server.port: 80 # logging: # driver: "gelf" # options: @@ -68,9 +70,11 @@ services: deploy: replicas: 2 labels: - - traefik.port=80 - - traefik.frontend.rule=Host:result.dogvs.cat - - traefik.backend.loadbalancer.stickiness=true + traefik.http.routers.result.rule: Host(`result.dogvs.cat`) + traefik.http.routers.result.entryPoints: websecure + traefik.http.routers.result.service: result + traefik.http.services.result.loadbalancer.server.port: 80 + traefik.http.services.result.loadbalancer.sticky: "true" # logging: # driver: "gelf" # options: @@ -87,7 +91,7 @@ services: # driver: "gelf" # options: # gelf-address: "udp://127.0.0.1:5000" - + networks: frontend: {} backend: {}