added letsencrypt configuration for traefik

This commit is contained in:
Olivier Wenger 2022-02-01 23:32:10 +01:00
parent 5384643866
commit 285e115475
4 changed files with 28 additions and 3 deletions

View File

@ -169,6 +169,8 @@ resource "local_file" "traefik_config" {
lb_disable_ipv6 = var.lb_disable_ipv6 lb_disable_ipv6 = var.lb_disable_ipv6
lb_server_type = var.lb_server_type lb_server_type = var.lb_server_type
location = var.location location = var.location
traefik_acme_tls = var.traefik_acme_tls
traefik_acme_email = var.traefik_acme_email
}) })
filename = "${path.module}/templates/rendered/traefik_config.yaml" filename = "${path.module}/templates/rendered/traefik_config.yaml"
file_permission = "0644" file_permission = "0644"

View File

@ -24,3 +24,9 @@ spec:
- "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8" - "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8" - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8" - "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
%{ if traefik_acme_tls ~}
- "--certificatesresolvers.le.acme.httpchallenge=true"
- "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.le.acme.email=${traefik_acme_email}"
- "--certificatesresolvers.le.acme.storage=/data/acme.json"
%{ endif ~}

View File

@ -25,3 +25,7 @@ agents_num = 2
# that is probably the more "vanilla" option to keep these components always updated. # that is probably the more "vanilla" option to keep these components always updated.
# hetzner_ccm_containers_latest = true # hetzner_ccm_containers_latest = true
# hetzner_csi_containers_latest = true # hetzner_csi_containers_latest = true
# If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
# traefik_acme_tls = true
# traefik_acme_email = "mail@example.com"

View File

@ -78,3 +78,16 @@ variable "hetzner_csi_containers_latest" {
default = false default = false
description = "Whether to kustomize the Hetzner CSI manifest with the latest or canary tags for containers" description = "Whether to kustomize the Hetzner CSI manifest with the latest or canary tags for containers"
} }
variable "traefik_acme_tls" {
type = bool
default = false
description = "Wheter to include the TLS configuration with the Traefik configuration"
}
variable "traefik_acme_email" {
type = string
default = false
description = "Email used to recieved expiration notice for certificate"
}