#!/bin/bash # Traefik v2 IngressRoute Deployment Script for Artifactory # Deploys the complete artifactory stack with Traefik-based access control set -e echo "🚀 Deploying Artifactory with Traefik v2 IngressRoute..." echo "==================================================" echo "" # Colors for output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' # No Color # Configuration NAMESPACE="artifactory" TRAEFIK_VERSION="simple" # Change to "full" for full-featured version echo "📋 Configuration:" echo " Namespace: $NAMESPACE" echo " Internal Network: 192.168.100.0/24" echo " Traefik Version: $TRAEFIK_VERSION" echo "" # Check prerequisites echo "🔍 Checking prerequisites..." if ! command -v kubectl &> /dev/null; then echo -e "❌ ${RED}kubectl not found. Please install kubectl first.${NC}" exit 1 fi # Check if Traefik is running TRAEFIK_PODS=$(kubectl get pods -A -l app.kubernetes.io/name=traefik --no-headers 2>/dev/null | wc -l) if [ "$TRAEFIK_PODS" -eq 0 ]; then echo -e "⚠️ ${YELLOW}Warning: No Traefik pods found. Make sure Traefik v2 is installed.${NC}" echo " You can install Traefik with:" echo " helm repo add traefik https://helm.traefik.io/traefik" echo " helm install traefik traefik/traefik" echo "" fi # Create namespace if it doesn't exist echo "📦 Creating namespace..." kubectl create namespace $NAMESPACE --dry-run=client -o yaml | kubectl apply -f - # Deploy the base services (without ingress) echo "🏗️ Deploying base services..." kubectl apply -f kubernetes.yaml -n $NAMESPACE 2>/dev/null || echo " Note: Base services might already exist" # Wait for services to be ready echo "⏳ Waiting for services to be ready..." kubectl wait --for=condition=available --timeout=120s deployment/arti-api -n $NAMESPACE 2>/dev/null || echo " Arti-API deployment not found, continuing..." # Deploy Traefik IngressRoute echo "🌐 Deploying Traefik IngressRoute..." if [ "$TRAEFIK_VERSION" = "full" ]; then kubectl apply -f traefik-ingressroute.yaml echo -e " ✅ ${GREEN}Full-featured Traefik configuration deployed${NC}" else kubectl apply -f traefik-simple.yaml echo -e " ✅ ${GREEN}Simplified Traefik configuration deployed${NC}" fi # Check deployment status echo "" echo "📊 Deployment Status:" echo " Deployments:" kubectl get deployments -n $NAMESPACE 2>/dev/null | grep -E "(NAME|arti-api|chartmuseum|docker-registry|error-service)" || echo " No deployments found" echo " Services:" kubectl get services -n $NAMESPACE 2>/dev/null | grep -E "(NAME|arti-api|chartmuseum|docker-registry|error-service)" || echo " No services found" echo " IngressRoutes:" kubectl get ingressroute -n $NAMESPACE 2>/dev/null | grep -E "(NAME|arti|chart|registry)" || echo " No IngressRoutes found" echo " Middlewares:" kubectl get middleware -n $NAMESPACE 2>/dev/null | grep -E "(NAME|internal|external|block)" || echo " No middlewares found" echo "" # Get Traefik external IP/URL TRAEFIK_SERVICE=$(kubectl get svc -A -l app.kubernetes.io/name=traefik --no-headers 2>/dev/null | head -1) if [ -n "$TRAEFIK_SERVICE" ]; then TRAEFIK_IP=$(echo $TRAEFIK_SERVICE | awk '{print $5}') echo -e "🌐 ${BLUE}Traefik Service Info:${NC}" echo " $TRAEFIK_SERVICE" echo "" fi # Display access information echo "🎯 Access Information:" echo "" echo -e "📱 ${GREEN}Service URLs:${NC}" echo " 🔧 Arti-API: http://api.artifactory.local" echo " 📚 API Docs: http://api.artifactory.local/docs" echo " ⛵ Chart Museum: http://charts.artifactory.local" echo " 🐳 Docker Registry: http://registry.artifactory.local" echo "" echo -e "🔐 ${YELLOW}Access Control:${NC}" echo " 🏠 Internal Network (192.168.100.0/24): Full access to all endpoints" echo " 🌐 External Network: Limited to health endpoints only" echo "" echo -e "✅ ${GREEN}Health Endpoints (External Access):${NC}" echo " curl http://api.artifactory.local/health" echo " curl http://charts.artifactory.local/health" echo " curl http://registry.artifactory.local/v2/" echo "" echo -e "🚫 ${RED}Blocked Endpoints (External Access):${NC}" echo " curl http://api.artifactory.local/users # Returns 403" echo " curl http://charts.artifactory.local/api/charts # Returns 403" echo " curl http://registry.artifactory.local/v2/myapp/ # Returns 403" echo "" echo -e "🏠 ${GREEN}Internal Network Examples (192.168.100.x):${NC}" echo " curl http://api.artifactory.local/users # Full access" echo " curl http://charts.artifactory.local/api/charts # Full access" echo " docker login registry.artifactory.local # Full access" echo "" echo -e "🔧 ${BLUE}DNS Configuration:${NC}" echo " Add these entries to your /etc/hosts or DNS server:" echo " $TRAEFIK_IP api.artifactory.local" echo " $TRAEFIK_IP charts.artifactory.local" echo " $TRAEFIK_IP registry.artifactory.local" echo "" echo -e "📋 ${BLUE}Management Commands:${NC}" echo " # View IngressRoute details:" echo " kubectl describe ingressroute -n $NAMESPACE" echo "" echo " # Check middleware configuration:" echo " kubectl get middleware -n $NAMESPACE -o yaml" echo "" echo " # View Traefik dashboard (if enabled):" echo " kubectl port-forward -n traefik service/traefik 9000:9000" echo " # Then access: http://localhost:9000/dashboard/" echo "" echo " # Test from internal network:" echo " kubectl run test-internal --rm -i --tty --image=curlimages/curl -- sh" echo "" echo " # Clean up:" echo " kubectl delete ingressroute,middleware,configmap,deployment,service -n $NAMESPACE -l app=error-service" echo " kubectl delete -f traefik-${TRAEFIK_VERSION}.yaml" echo "" echo -e "🎉 ${GREEN}Traefik IngressRoute deployment completed!${NC}" echo "" echo -e "📖 ${BLUE}Next Steps:${NC}" echo " 1. Configure DNS entries for the artifactory domains" echo " 2. Test access from internal network (192.168.100.x)" echo " 3. Verify external access is properly restricted" echo " 4. Set up TLS certificates for production use" echo " 5. Configure Traefik dashboard access if needed"