Initialisation depot
This commit is contained in:
Serge NOEL
161
arti-api/deploy-traefik.sh
Executable file
161
arti-api/deploy-traefik.sh
Executable file
@@ -0,0 +1,161 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Traefik v2 IngressRoute Deployment Script for Artifactory
|
||||
# Deploys the complete artifactory stack with Traefik-based access control
|
||||
|
||||
set -e
|
||||
|
||||
echo "🚀 Deploying Artifactory with Traefik v2 IngressRoute..."
|
||||
echo "=================================================="
|
||||
echo ""
|
||||
|
||||
# Colors for output
|
||||
RED='\033[0;31m'
|
||||
GREEN='\033[0;32m'
|
||||
YELLOW='\033[1;33m'
|
||||
BLUE='\033[0;34m'
|
||||
NC='\033[0m' # No Color
|
||||
|
||||
# Configuration
|
||||
NAMESPACE="artifactory"
|
||||
TRAEFIK_VERSION="simple" # Change to "full" for full-featured version
|
||||
|
||||
echo "📋 Configuration:"
|
||||
echo " Namespace: $NAMESPACE"
|
||||
echo " Internal Network: 192.168.100.0/24"
|
||||
echo " Traefik Version: $TRAEFIK_VERSION"
|
||||
echo ""
|
||||
|
||||
# Check prerequisites
|
||||
echo "🔍 Checking prerequisites..."
|
||||
|
||||
if ! command -v kubectl &> /dev/null; then
|
||||
echo -e "❌ ${RED}kubectl not found. Please install kubectl first.${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Check if Traefik is running
|
||||
TRAEFIK_PODS=$(kubectl get pods -A -l app.kubernetes.io/name=traefik --no-headers 2>/dev/null | wc -l)
|
||||
if [ "$TRAEFIK_PODS" -eq 0 ]; then
|
||||
echo -e "⚠️ ${YELLOW}Warning: No Traefik pods found. Make sure Traefik v2 is installed.${NC}"
|
||||
echo " You can install Traefik with:"
|
||||
echo " helm repo add traefik https://helm.traefik.io/traefik"
|
||||
echo " helm install traefik traefik/traefik"
|
||||
echo ""
|
||||
fi
|
||||
|
||||
# Create namespace if it doesn't exist
|
||||
echo "📦 Creating namespace..."
|
||||
kubectl create namespace $NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
|
||||
|
||||
# Deploy the base services (without ingress)
|
||||
echo "🏗️ Deploying base services..."
|
||||
kubectl apply -f kubernetes.yaml -n $NAMESPACE 2>/dev/null || echo " Note: Base services might already exist"
|
||||
|
||||
# Wait for services to be ready
|
||||
echo "⏳ Waiting for services to be ready..."
|
||||
kubectl wait --for=condition=available --timeout=120s deployment/arti-api -n $NAMESPACE 2>/dev/null || echo " Arti-API deployment not found, continuing..."
|
||||
|
||||
# Deploy Traefik IngressRoute
|
||||
echo "🌐 Deploying Traefik IngressRoute..."
|
||||
if [ "$TRAEFIK_VERSION" = "full" ]; then
|
||||
kubectl apply -f traefik-ingressroute.yaml
|
||||
echo -e " ✅ ${GREEN}Full-featured Traefik configuration deployed${NC}"
|
||||
else
|
||||
kubectl apply -f traefik-simple.yaml
|
||||
echo -e " ✅ ${GREEN}Simplified Traefik configuration deployed${NC}"
|
||||
fi
|
||||
|
||||
# Check deployment status
|
||||
echo ""
|
||||
echo "📊 Deployment Status:"
|
||||
echo " Deployments:"
|
||||
kubectl get deployments -n $NAMESPACE 2>/dev/null | grep -E "(NAME|arti-api|chartmuseum|docker-registry|error-service)" || echo " No deployments found"
|
||||
|
||||
echo " Services:"
|
||||
kubectl get services -n $NAMESPACE 2>/dev/null | grep -E "(NAME|arti-api|chartmuseum|docker-registry|error-service)" || echo " No services found"
|
||||
|
||||
echo " IngressRoutes:"
|
||||
kubectl get ingressroute -n $NAMESPACE 2>/dev/null | grep -E "(NAME|arti|chart|registry)" || echo " No IngressRoutes found"
|
||||
|
||||
echo " Middlewares:"
|
||||
kubectl get middleware -n $NAMESPACE 2>/dev/null | grep -E "(NAME|internal|external|block)" || echo " No middlewares found"
|
||||
|
||||
echo ""
|
||||
|
||||
# Get Traefik external IP/URL
|
||||
TRAEFIK_SERVICE=$(kubectl get svc -A -l app.kubernetes.io/name=traefik --no-headers 2>/dev/null | head -1)
|
||||
if [ -n "$TRAEFIK_SERVICE" ]; then
|
||||
TRAEFIK_IP=$(echo $TRAEFIK_SERVICE | awk '{print $5}')
|
||||
echo -e "🌐 ${BLUE}Traefik Service Info:${NC}"
|
||||
echo " $TRAEFIK_SERVICE"
|
||||
echo ""
|
||||
fi
|
||||
|
||||
# Display access information
|
||||
echo "🎯 Access Information:"
|
||||
echo ""
|
||||
echo -e "📱 ${GREEN}Service URLs:${NC}"
|
||||
echo " 🔧 Arti-API: http://api.artifactory.local"
|
||||
echo " 📚 API Docs: http://api.artifactory.local/docs"
|
||||
echo " ⛵ Chart Museum: http://charts.artifactory.local"
|
||||
echo " 🐳 Docker Registry: http://registry.artifactory.local"
|
||||
echo ""
|
||||
|
||||
echo -e "🔐 ${YELLOW}Access Control:${NC}"
|
||||
echo " 🏠 Internal Network (192.168.100.0/24): Full access to all endpoints"
|
||||
echo " 🌐 External Network: Limited to health endpoints only"
|
||||
echo ""
|
||||
|
||||
echo -e "✅ ${GREEN}Health Endpoints (External Access):${NC}"
|
||||
echo " curl http://api.artifactory.local/health"
|
||||
echo " curl http://charts.artifactory.local/health"
|
||||
echo " curl http://registry.artifactory.local/v2/"
|
||||
echo ""
|
||||
|
||||
echo -e "🚫 ${RED}Blocked Endpoints (External Access):${NC}"
|
||||
echo " curl http://api.artifactory.local/users # Returns 403"
|
||||
echo " curl http://charts.artifactory.local/api/charts # Returns 403"
|
||||
echo " curl http://registry.artifactory.local/v2/myapp/ # Returns 403"
|
||||
echo ""
|
||||
|
||||
echo -e "🏠 ${GREEN}Internal Network Examples (192.168.100.x):${NC}"
|
||||
echo " curl http://api.artifactory.local/users # Full access"
|
||||
echo " curl http://charts.artifactory.local/api/charts # Full access"
|
||||
echo " docker login registry.artifactory.local # Full access"
|
||||
echo ""
|
||||
|
||||
echo -e "🔧 ${BLUE}DNS Configuration:${NC}"
|
||||
echo " Add these entries to your /etc/hosts or DNS server:"
|
||||
echo " $TRAEFIK_IP api.artifactory.local"
|
||||
echo " $TRAEFIK_IP charts.artifactory.local"
|
||||
echo " $TRAEFIK_IP registry.artifactory.local"
|
||||
echo ""
|
||||
|
||||
echo -e "📋 ${BLUE}Management Commands:${NC}"
|
||||
echo " # View IngressRoute details:"
|
||||
echo " kubectl describe ingressroute -n $NAMESPACE"
|
||||
echo ""
|
||||
echo " # Check middleware configuration:"
|
||||
echo " kubectl get middleware -n $NAMESPACE -o yaml"
|
||||
echo ""
|
||||
echo " # View Traefik dashboard (if enabled):"
|
||||
echo " kubectl port-forward -n traefik service/traefik 9000:9000"
|
||||
echo " # Then access: http://localhost:9000/dashboard/"
|
||||
echo ""
|
||||
echo " # Test from internal network:"
|
||||
echo " kubectl run test-internal --rm -i --tty --image=curlimages/curl -- sh"
|
||||
echo ""
|
||||
echo " # Clean up:"
|
||||
echo " kubectl delete ingressroute,middleware,configmap,deployment,service -n $NAMESPACE -l app=error-service"
|
||||
echo " kubectl delete -f traefik-${TRAEFIK_VERSION}.yaml"
|
||||
echo ""
|
||||
|
||||
echo -e "🎉 ${GREEN}Traefik IngressRoute deployment completed!${NC}"
|
||||
echo ""
|
||||
echo -e "📖 ${BLUE}Next Steps:${NC}"
|
||||
echo " 1. Configure DNS entries for the artifactory domains"
|
||||
echo " 2. Test access from internal network (192.168.100.x)"
|
||||
echo " 3. Verify external access is properly restricted"
|
||||
echo " 4. Set up TLS certificates for production use"
|
||||
echo " 5. Configure Traefik dashboard access if needed"
|
||||
Reference in New Issue
Block a user