From 7dffa7878f0fe67448f5cd934f78d1381a297d8a Mon Sep 17 00:00:00 2001 From: Harjot Singh Date: Sat, 7 May 2022 03:07:23 +0100 Subject: [PATCH] fix: add traefik permissions fix to acme directory and enable tls --- cluster-applications/traefik.ts | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/cluster-applications/traefik.ts b/cluster-applications/traefik.ts index 5100915..7e7fb1c 100644 --- a/cluster-applications/traefik.ts +++ b/cluster-applications/traefik.ts @@ -7,27 +7,42 @@ type Options = { cluster: Awaited>, } +const CERT_RESOLVER = 'default' +const ACME_FOLDER = '/acme' +const ACME_VOLUME = 'acme' + const certificateResolvers = [ [ 'email', 'team@shabados.com' ], - [ 'storage', '/acme/acme.json' ], + [ 'storage', `${ACME_FOLDER}/acme.json` ], [ 'tlschallenge', 'true' ], ] - .map( ( [ key, value ] ) => [ `--certificatesresolvers.default.acme.${key}`, value ] ) + .map( ( [ key, value ] ) => [ `--certificatesresolvers.${CERT_RESOLVER}.acme.${key}`, value ] ) .map( ( option ) => option.join( '=' ) ) const config = new Config() + +export = ( { cluster: { provider } }: Options ) => { new helm.v3.Chart( 'traefik-ingress', { chart: 'traefik', version: '10.19.4', fetchOpts: { repo: 'https://helm.traefik.io/traefik' }, values: { - additionalArguments: [ - ...certificateResolvers, - ], + deployment: { + initContainers: [ + { + name: 'volume-permissions', + image: 'busybox:1.31.1', + command: [ 'sh', '-c', `chmod -Rv 600 ${ACME_FOLDER}/*` ], + volumeMounts: [ { name: ACME_VOLUME, mountPath: ACME_FOLDER } ], + }, + ], + }, + additionalArguments: [ ...certificateResolvers ], ports: { web: { redirectTo: 'websecure' }, + websecure: { tls: { enabled: true, certResolver: CERT_RESOLVER } }, }, - persistence: { enabled: true, path: acmeFolder, size: '128Mi' }, + persistence: { enabled: true, name: ACME_VOLUME, path: ACME_FOLDER, size: '128Mi' }, pilot: { enabled: true, token: config.requireSecret( 'traefikPilotToken' ),