habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

root: upgrade to traefik 2.3

Browse Source
This commit is contained in:
Jens Langhammer
2020-10-18 18:46:13 +02:00
parent 0203d20759
commit 8b09cf55a2
5 changed files with 40 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
docker-compose.yml
View File

@ -12,16 +12,12 @@ services:
- POSTGRES_PASSWORD=${PG_PASS:-thisisnotagoodpassword} - POSTGRES_PASSWORD=${PG_PASS:-thisisnotagoodpassword}
- POSTGRES_USER=passbook - POSTGRES_USER=passbook
- POSTGRES_DB=passbook - POSTGRES_DB=passbook
labels:
- traefik.enable=false
env_file: env_file:
- .env - .env
redis: redis:
image: redis image: redis
networks: networks:
- internal - internal
labels:
- traefik.enable=false
server: server:
image: beryju/passbook:${PASSBOOK_TAG:-0.11.0-stable} image: beryju/passbook:${PASSBOOK_TAG:-0.11.0-stable}
command: server command: server
@ -34,9 +30,13 @@ services:
networks: networks:
- internal - internal
labels: labels:
- traefik.port=8000 traefik.enable: 'true'
- traefik.docker.network=internal traefik.docker.network: internal
- traefik.frontend.rule=PathPrefix:/ traefik.http.routers.app-router.rule: PathPrefix(`/`)
traefik.http.routers.app-router.service: app-service
traefik.http.routers.app-router.tls: 'true'
traefik.http.services.app-service.loadbalancer.healthcheck.hostname: passbook-healthcheck-host
traefik.http.services.app-service.loadbalancer.server.port: '8000'
env_file: env_file:
- .env - .env
worker: worker:
@ -44,8 +44,6 @@ services:
command: worker command: worker
networks: networks:
- internal - internal
labels:
- traefik.enable=false
environment: environment:
PASSBOOK_REDIS__HOST: redis PASSBOOK_REDIS__HOST: redis
PASSBOOK_POSTGRESQL__HOST: postgresql PASSBOOK_POSTGRESQL__HOST: postgresql
@ -60,12 +58,22 @@ services:
networks: networks:
- internal - internal
labels: labels:
- traefik.frontend.rule=PathPrefix:/static, /robots.txt, /favicon.ico traefik.enable: 'true'
- traefik.port=80 traefik.docker.network: internal
- traefik.docker.network=internal traefik.http.routers.static-router.rule: PathPrefix(`/static`, `/robots.txt`, `/favicon.ico`)
traefik.http.routers.static-router.tls: 'true'
traefik.http.routers.static-router.service: static-service
traefik.http.services.static-service.loadbalancer.healthcheck.path: /
traefik.http.services.static-service.loadbalancer.server.port: '80'
traefik: traefik:
image: traefik:1.7 image: traefik:2.3
command: --api --docker --defaultentrypoints=https --entryPoints='Name:http Address::80 Redirect.EntryPoint:https' --entryPoints='Name:https Address::443 TLS' command:
- "--accesslog=true"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.http.address=:80"
- "--entrypoints.https.address=:443"
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
ports: ports:

7
docs/upgrading/to-0.12.md
View File

@ -8,6 +8,7 @@ This update brings these headline features:
- Alerts now disappear automatically - Alerts now disappear automatically
- Audit Logs are now searchable - Audit Logs are now searchable
- Users can now create their own Tokens to access the API - Users can now create their own Tokens to access the API
- docker-compose deployment now uses traefik 2.3
Fixes: Fixes:
@ -15,7 +16,11 @@ Fixes:
## Upgrading ## Upgrading
Docker-compose users can upgrade just as usual. ### docker-compose
Docker-compose users should download the latest docker-compose file. This includes the new traefik 2.3.
### Kubernetes
For Kubernetes users, there are some changes to the helm values. For Kubernetes users, there are some changes to the helm values.

4
helm/templates/web-deployment.yaml
View File

@ -100,14 +100,14 @@ spec:
port: http port: http
httpHeaders: httpHeaders:
- name: Host - name: Host
value: kubernetes-healthcheck-host value: passbook-healthcheck-host
readinessProbe: readinessProbe:
httpGet: httpGet:
path: / path: /
port: http port: http
httpHeaders: httpHeaders:
- name: Host - name: Host
value: kubernetes-healthcheck-host value: passbook-healthcheck-host
resources: resources:
requests: requests:
cpu: 100m cpu: 100m

11
passbook/providers/proxy/controllers/docker.py
View File

@ -22,8 +22,13 @@ class ProxyDockerController(DockerController):
for proxy_provider in ProxyProvider.objects.filter(outpost__in=[self.outpost]): for proxy_provider in ProxyProvider.objects.filter(outpost__in=[self.outpost]):
proxy_provider: ProxyProvider proxy_provider: ProxyProvider
external_host_name = urlparse(proxy_provider.external_host) external_host_name = urlparse(proxy_provider.external_host)
hosts.append(external_host_name) hosts.append(f"`{external_host_name}`")
traefik_name = f"pb-outpost-{self.outpost.pk.hex}"
return { return {
"traefik.frontend.rule": f"Host:{','.join(hosts)}", "traefik.enable": "true",
"traefik.port": "4180", f"traefik.http.routers.{traefik_name}-router.rule": f"Host({','.join(hosts)})",
f"traefik.http.routers.{traefik_name}-router.tls": "true",
f"traefik.http.routers.{traefik_name}-router.service": f"{traefik_name}-service",
f"traefik.http.services.{traefik_name}-service.loadbalancer.healthcheck.path": "/",
f"traefik.http.services.{traefik_name}-service.loadbalancer.server.port": "4180",
} }

4
passbook/root/asgi.py
View File

@ -88,8 +88,8 @@ class ASGILogger:
self.log(runtime) self.log(runtime)
await send(message) await send(message)
if self.headers.get(b"host", b"") == b"kubernetes-healthcheck-host": if self.headers.get(b"host", b"") == b"passbook-healthcheck-host":
# Don't log kubernetes health/readiness requests # Don't log healthcheck/readiness requests
await send({"type": "http.response.start", "status": 204, "headers": []}) await send({"type": "http.response.start", "status": 204, "headers": []})
await send({"type": "http.response.body", "body": ""}) await send({"type": "http.response.body", "body": ""})
return return