diff --git a/services/traefik/Makefile b/services/traefik/Makefile index c0f5ada1..95b20199 100644 --- a/services/traefik/Makefile +++ b/services/traefik/Makefile @@ -13,14 +13,6 @@ include ${REPO_BASE_DIR}/scripts/common.Makefile up-local: .init .create_secrets ${TEMP_COMPOSE}-local prune-docker-stack-configs ## Deploys the stack using provided certificates @docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE}-local ${STACK_NAME} -.PHONY: up-letsencrypt-http -up-letsencrypt-http: .init ${TEMP_COMPOSE}-letsencrypt-http prune-docker-stack-configs ## Deploys the stack with let's encrypt http challenge - @docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE}-letsencrypt-http ${STACK_NAME} - -.PHONY: up-letsencrypt-dns -up-letsencrypt-dns: .init ${TEMP_COMPOSE}-letsencrypt-dns prune-docker-stack-configs ## Deploys the stack with let's encrypt dns challenge - @docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE}-dns ${STACK_NAME} - .PHONY: up-dalco up-dalco: .init ${TEMP_COMPOSE}-dalco prune-docker-stack-configs ## Deploys the stack on dalco cluster @docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE}-dalco ${STACK_NAME} @@ -56,20 +48,6 @@ ${TEMP_COMPOSE}-local: docker-compose.yml docker-compose.local.yml .env set +o allexport; \ ${REPO_BASE_DIR}/scripts/docker-stack-config.bash -e .env $< docker-compose.local.yml > $@ -.PHONY: ${TEMP_COMPOSE}-letsencrypt-http -${TEMP_COMPOSE}-letsencrypt-http: docker-compose.yml docker-compose.letsencrypt.http.yml .env - @set -o allexport; \ - source .env; \ - set +o allexport; \ - ${REPO_BASE_DIR}/scripts/docker-stack-config.bash -e .env $< docker-compose.letsencrypt.http.yml > $@ - -.PHONY: ${TEMP_COMPOSE}-letsencrypt-dns -${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.dns.yml .env - @set -o allexport; \ - source .env; \ - set +o allexport; \ - ${REPO_BASE_DIR}/scripts/docker-stack-config.bash -e .env $< docker-compose.letsencrypt.dns.yml > $@ - .PHONY: ${TEMP_COMPOSE}-aws ${TEMP_COMPOSE}-aws: docker-compose.yml docker-compose.aws.yml .env @set -o allexport; \ diff --git a/services/traefik/docker-compose.aws.yml b/services/traefik/docker-compose.aws.yml index 7a2dd5b8..325419c5 100644 --- a/services/traefik/docker-compose.aws.yml +++ b/services/traefik/docker-compose.aws.yml @@ -1,4 +1,3 @@ -version: "3.7" services: traefik: command: diff --git a/services/traefik/docker-compose.dalco.yml b/services/traefik/docker-compose.dalco.yml index b1a5e159..a6a27fad 100644 --- a/services/traefik/docker-compose.dalco.yml +++ b/services/traefik/docker-compose.dalco.yml @@ -1,4 +1,3 @@ -version: "3.7" services: traefik: command: diff --git a/services/traefik/docker-compose.letsencrypt.dns.yml.j2 b/services/traefik/docker-compose.letsencrypt.dns.yml.j2 deleted file mode 100644 index ecf0d33d..00000000 --- a/services/traefik/docker-compose.letsencrypt.dns.yml.j2 +++ /dev/null @@ -1,19 +0,0 @@ -version: '3.7' -services: - traefik: - deploy: - labels: - - traefik.http.routers.www-catchall.tls.certresolver=myresolver - - traefik.http.routers.api.tls.certresolver=myresolver - - traefik.http.middlewares.ops_whitelist_ips.ipallowlist.sourcerange=${TRAEFIK_IPWHITELIST_SOURCERANGE} - # What follows is a tested workaround to ensure letsencrypt certificates for products' domains are generated -{% for j2item in DEPLOYMENT_FQDNS.split(",") + [MACHINE_FQDN] + CERTIFICATE_GENERATION_FQDNS.split(",") %} -{% if j2item and j2item.replace('@','').replace(' ','').replace('.','').replace('-','').replace('\'','') != "" %} - - traefik.http.routers.{{j2item.replace('@','').replace(' ','').replace('.','').replace('-','').replace('\'','')}}.tls.domains[0].main=service.{{j2item.replace(' ','').replace('\'','')}} - - traefik.http.routers.{{j2item.replace('@','').replace(' ','').replace('.','').replace('-','').replace('\'','')}}.tls.domains[0].sans=*.services.{{j2item.replace(' ','').replace('\'','')}} - - traefik.http.routers.{{j2item.replace('@','').replace(' ','').replace('.','').replace('-','').replace('\'','')}}testing.tls.domains[0].main=service.testing.{{j2item.replace(' ','').replace('\'','')}} - - traefik.http.routers.{{j2item.replace('@','').replace(' ','').replace('.','').replace('-','').replace('\'','')}}testing.tls.domains[0].sans=*.services.testing.{{j2item.replace(' ','').replace('\'','')}} - - traefik.http.routers.{{j2item.replace('@','').replace(' ','').replace('.','').replace('-','').replace('\'','')}}testing.tls.certresolver=myresolver - - traefik.http.routers.{{j2item.replace('@','').replace(' ','').replace('.','').replace('-','').replace('\'','')}}.tls.certresolver=myresolver -{% endif %} -{% endfor %} diff --git a/services/traefik/docker-compose.letsencrypt.http.yml b/services/traefik/docker-compose.letsencrypt.http.yml deleted file mode 100644 index 9d98779e..00000000 --- a/services/traefik/docker-compose.letsencrypt.http.yml +++ /dev/null @@ -1,49 +0,0 @@ -version: "3.7" -services: - traefik: - command: - - "--api=true" - - "--ping=true" - - "--entryPoints.ping.address=:9082" - - "--ping.entryPoint=ping" - - "--api.dashboard=true" - - "--log.level=${OPS_TRAEFIK_LOGLEVEL}" - - "--accesslog=false" - - "--metrics.prometheus=true" - - "--metrics.prometheus.addEntryPointsLabels=true" - - "--metrics.prometheus.addServicesLabels=true" - - "--entryPoints.metrics.address=:8082" - - "--metrics.prometheus.entryPoint=metrics" - - "--entryPoints.http.address=:80" - - "--entryPoints.http.transport.respondingTimeouts.idleTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805 - - "--entryPoints.http.transport.respondingTimeouts.writeTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805 - - "--entryPoints.http.transport.respondingTimeouts.readTimeout=21600s" #6h, for https://github.com/traefik/traefik/issues/10805 - - "--entryPoints.https.address=:443" - - "--providers.swarm.endpoint=unix:///var/run/docker.sock" - - "--providers.swarm.exposedByDefault=false" - - "--providers.swarm.constraints=!LabelRegex(`io.simcore.zone`, `.+`)" - - "--core.defaultRuleSyntax=v2" - - "--tracing=true" - - "--tracing.addinternals" - - "--tracing.otlp=true" - - "--tracing.otlp.http=true" - - "--certificatesresolvers.lehttpchallenge.acme.httpchallenge=true" - - "--certificatesresolvers.lehttpchallenge.acme.httpchallenge.entrypoint=http" - - "--certificatesresolvers.lehttpchallenge.acme.email=${OSPARC_DEVOPS_MAIL_ADRESS}" - - "--certificatesresolvers.lehttpchallenge.acme.storage=/letsencrypt/acme.json" - # uncomment the caserver when testing such that let's encrypt does not ban us - - '--certificatesresolvers.lehttpchallenge.acme.caserver=${OPS_TRAEFIK_LETSENCRYPT_ACME_CA_SERVER}' - volumes: - - "letsencrypt_certs:/letsencrypt" - deploy: - labels: - - traefik.http.routers.api.tls.certresolver=lehttpchallenge - whoami: - deploy: - labels: - - traefik.http.routers.whoami.tls.certresolver=lehttpchallenge - networks: - - public - -volumes: - letsencrypt_certs: diff --git a/services/traefik/docker-compose.local.yml b/services/traefik/docker-compose.local.yml index cc157037..418f37ef 100644 --- a/services/traefik/docker-compose.local.yml +++ b/services/traefik/docker-compose.local.yml @@ -1,5 +1,3 @@ -version: "3.7" - services: traefik: command: diff --git a/services/traefik/docker-compose.master.yml b/services/traefik/docker-compose.master.yml index 14d5af8a..fb1280bb 100644 --- a/services/traefik/docker-compose.master.yml +++ b/services/traefik/docker-compose.master.yml @@ -1,4 +1,3 @@ -version: "3.7" services: traefik: command: diff --git a/services/traefik/docker-compose.public.yml b/services/traefik/docker-compose.public.yml index adb3df3f..a1533362 100644 --- a/services/traefik/docker-compose.public.yml +++ b/services/traefik/docker-compose.public.yml @@ -1,4 +1,3 @@ -version: "3.7" services: traefik: dns: 8.8.8.8 # This is critical to make the ACME challange work diff --git a/services/traefik/docker-compose.yml.j2 b/services/traefik/docker-compose.yml.j2 index 2a606e5a..f3a00b99 100644 --- a/services/traefik/docker-compose.yml.j2 +++ b/services/traefik/docker-compose.yml.j2 @@ -1,5 +1,3 @@ -version: "3.7" - services: traefik: image: "traefik:v3.4.0"