From 2cf353c804ff88199ce08cea892528aa9905645d Mon Sep 17 00:00:00 2001 From: josep-tecnativa Date: Wed, 3 Jul 2024 07:01:51 +0200 Subject: [PATCH 1/3] [ADD] Feature to expose database --- _traefik3_paths_labels.yml.jinja | 30 ++++++++++++++++-------------- prod.yaml.jinja | 2 +- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/_traefik3_paths_labels.yml.jinja b/_traefik3_paths_labels.yml.jinja index a1cd8f3e..67a843cb 100644 --- a/_traefik3_paths_labels.yml.jinja +++ b/_traefik3_paths_labels.yml.jinja @@ -42,6 +42,16 @@ {%- endif %} {%- endmacro %} +{%- macro domains_rule_sni(domain_group) -%} + {%- for host in domain_group.hosts -%} + HostSNI(`{{ host }}`) + {%- if not loop.last -%} + || + {%- endif -%} + {%- endfor -%} +{%- endmacro %} + + {%- macro key(project_name, odoo_version, suffix) %} {{- '%s-%.1f-%s'|format(project_name, odoo_version, suffix)|replace('.', '-') }} {%- endmacro %} @@ -210,7 +220,10 @@ {%- macro database(domain_groups_list, cidr_whitelist, key, port, project_name) %} {#- Service #} + traefik.tcp.routers.{{ key }}-database.entrypoints: postgres-entrypoint traefik.tcp.services.{{ key }}-database.loadbalancer.server.port: 5432 + traefik.tcp.routers.{{ key }}-database.tls: "true" + traefik.tcp.routers.{{ key }}-database.tls.certResolver: letsencrypt {%- if cidr_whitelist %} {#- Declare whitelist middleware #} @@ -220,23 +233,12 @@ {%- endfor %} {%- endif %} - {%- call(domain_group) macros.domains_loop_grouped(domain_groups_list) %} + {#- Apply rule to the first element in domain_groups_list #} + {%- set first_domain_group = domain_groups_list[0] %} + traefik.tcp.routers.{{ key }}-database.rule: {{ domains_rule_sni(first_domain_group) }} {#- Remember basic middlewares for this domain group #} {%- set _ns = namespace(basic_middlewares=[]) -%} {%- if cidr_whitelist %} {%- set _ns.basic_middlewares = _ns.basic_middlewares + ["whitelist"] %} {%- endif %} - - {#- database router #} - {{- - router_tcp( - domain_group=domain_group, - key=key, - suffix="database", - service="database", - middlewares=_ns.basic_middlewares, - port=port, - ) - }} - {%- endcall %} {%- endmacro %} diff --git a/prod.yaml.jinja b/prod.yaml.jinja index 3f0bca49..ff90a9a7 100644 --- a/prod.yaml.jinja +++ b/prod.yaml.jinja @@ -94,7 +94,7 @@ services: labels: traefik.enable: "true" traefik.docker.network: "inverseproxy_shared" - {{- traefik2_labels.database( + {{- traefik3_labels_2.database( domains_prod, postgres_cidr_whitelist, _key, From b0e3c7aa5e907121656c8a2065942498c253cf38 Mon Sep 17 00:00:00 2001 From: josep-tecnativa Date: Fri, 26 Jul 2024 12:20:12 +0200 Subject: [PATCH 2/3] [IMP] Expose ports for traefik < 3 --- copier.yml | 2 +- prod.yaml.jinja | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/copier.yml b/copier.yml index 0448a5b3..0e45c531 100644 --- a/copier.yml +++ b/copier.yml @@ -414,7 +414,7 @@ postgres_exposed: postgres_exposed_port: default: 5432 type: int - when: &db_exposed "{{ postgres_exposed and true }}" + when: &db_exposed "{{ postgres_exposed and traefik_version != 3 }}" help: >- Indicate the port to connect to the database. diff --git a/prod.yaml.jinja b/prod.yaml.jinja index ff90a9a7..e5802a94 100644 --- a/prod.yaml.jinja +++ b/prod.yaml.jinja @@ -88,6 +88,7 @@ services: - .docker/db-creation.env restart: unless-stopped {%- if postgres_exposed %} + {%- if traefik_version == 3 %} networks: default: inverseproxy_shared: @@ -101,6 +102,10 @@ services: postgres_exposed_port, project_name, ) }} + {%- else %} + ports: + - "{{ postgres_exposed_port }}:5432" + {%- endif %} {%- endif %} {%- endif %} From ca7c4cf6b4b584a8add520f28caafaeabffcd03b Mon Sep 17 00:00:00 2001 From: josep-tecnativa Date: Thu, 8 Aug 2024 12:15:30 +0200 Subject: [PATCH 3/3] [UPD] Update traefik version to 3.1.2 to avoid 3.0 errors --- tests/conftest.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/conftest.py b/tests/conftest.py index 0e95aa46..f43e3448 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -155,7 +155,7 @@ def traefik_host(request): docker = DockerClient() if request.param == "3": traefik_container = docker.run( - "traefik:v3.0", + "traefik:v3.1.2", detach=True, privileged=True, networks=["inverseproxy_shared"],