diff --git a/deploy/Dockerfile b/deploy/Dockerfile index 1fe80c6..aeccd5c 100644 --- a/deploy/Dockerfile +++ b/deploy/Dockerfile @@ -1,5 +1,17 @@ -FROM alpine@sha256:48d9183eb12a05c99bcc0bf44a003607b8e941e1d4f41f9ad12bdcc4b5672f86 +FROM busybox@sha256:023917ec6a886d0e8e15f28fb543515a5fcd8d938edb091e8147db4efed388ee -COPY . /dist +LABEL org.opencontainers.image.source https://github.com/tkhq/traefik-plugin-geoblock -ENTRYPOINT ["/dist/deploy/install.sh"] +RUN mkdir /dist + +COPY go.mod /dist/ +COPY go.sum /dist/ +COPY .traefik.yml /dist/ +COPY LICENSE /dist/ +COPY plugin.go /dist/ +COPY plugin.go /dist/ +COPY vendor /dist/ + +COPY deploy/install.sh / + +ENTRYPOINT ["/install.sh"] diff --git a/deploy/geoblock.yaml b/deploy/geoblock.yaml deleted file mode 100644 index 4de275a..0000000 --- a/deploy/geoblock.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: geoblock -spec: - plugin: - geoblock: - enabled: true - databaseFilePath: IP2LOCATION-LITE-DB1.IPV6.BIN - blockedCountries: [ "RU" ] - defaultAllow: true - allowPrivate: false - disallowedStatusCode: 403 - allowedIPBlocks: ["135.84.167.43/32"] - blockedIPBlocks: ["107.170.29.142/32"] diff --git a/deploy/install.sh b/deploy/install.sh index d60dd32..30922b8 100755 --- a/deploy/install.sh +++ b/deploy/install.sh @@ -5,6 +5,3 @@ set -e mkdir -p /plugins-local/src/github.com/nscuro/traefik-plugin-geoblock cp -R /dist/* /plugins-local/src/github.com/nscuro/traefik-plugin-geoblock/ cp /dist/.traefik.yml /plugins-local/src/github.com/nscuro/traefik-plugin-geoblock/ - -# Deploy directory is neither needed nor wanted -rm -Rf /plugins-local/src/github.com/nscuro/traefik-plugin-geoblock/deploy diff --git a/deploy/traefik-deploy.yaml b/deploy/traefik-deploy.yaml deleted file mode 100644 index 1bdc08e..0000000 --- a/deploy/traefik-deploy.yaml +++ /dev/null @@ -1,160 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - labels: - app.kubernetes.io/instance: traefik - app.kubernetes.io/name: traefik - name: traefik - namespace: traefik -spec: - progressDeadlineSeconds: 600 - replicas: 2 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/name: traefik - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/name: traefik - spec: - initContainers: - - name: geoblock-install - image: ghcr.io/ulexus/traefik-plugin-geoblock:latest - volumeMounts: - - name: plugins - mountPath: /plugins-local - containers: - - args: - - --entrypoints.metrics.address=:9100/tcp - - --entrypoints.traefik.address=:9000/tcp - - --entrypoints.web.address=:8000/tcp - - --entrypoints.websecure.address=:8443/tcp - - --entrypoints.websecure.http.tls=true - - --experimental.localplugins.geoblock.modulename=github.com/nscuro/traefik-plugin-geoblock - - --api.dashboard=true - - --ping=true - - --metrics.prometheus=true - - --metrics.prometheus.entrypoint=metrics - - --tracing=$(TRACING) - - --tracing.jaeger=true - - --tracing.jaeger.propagation=b3 - - --providers.kubernetescrd - - --providers.kubernetescrd.allowCrossNamespace=true - - --providers.kubernetesingress - - --providers.kubernetesingress.ingressendpoint.publishedservice=$(POD_NAMESPACE)/traefik - - --entrypoints.web.http.middlewares=$(DEFAULT_MIDDLEWARES) - - --entrypoints.websecure.http.middlewares=$(DEFAULT_MIDDLEWARES) - - --entryPoints.web.proxyProtocol.trustedIPs=$(PROXY_PROTOCOL_TRUSTED_IPS) - - --entryPoints.websecure.proxyProtocol.trustedIPs=$(PROXY_PROTOCOL_TRUSTED_IPS) - env: - - name: JAEGER_ENDPOINT - value: http://grafana-agent-traces.grafana-agent-operator.svc:14268/api/traces - - name: TRACING - value: "true" - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: DEFAULT_MIDDLEWARES - value: $(POD_NAMESPACE)-report-uri@kubernetescrd - - name: JAEGER_SAMPLER_TYPE - value: const - - name: PROXY_PROTOCOL_TRUSTED_IPS - value: 10.225.0.0/18 - image: traefik:v2.10.4@sha256:429f3398a3cd1aa7436aa4f59d809040d3903506a9d83bee61688bb1429c7693 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /ping - port: 9000 - scheme: HTTP - initialDelaySeconds: 2 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - name: traefik - ports: - - containerPort: 9100 - name: metrics - protocol: TCP - - containerPort: 9000 - name: traefik - protocol: TCP - - containerPort: 8000 - name: web - protocol: TCP - - containerPort: 8443 - name: websecure - protocol: TCP - readinessProbe: - failureThreshold: 1 - httpGet: - path: /ping - port: 9000 - scheme: HTTP - initialDelaySeconds: 2 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - resources: - requests: - cpu: 5m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /plugins-local - name: plugins - - mountPath: /data - name: data - - mountPath: /tmp - name: tmp - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 65532 - terminationGracePeriodSeconds: 30 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/name: traefik - matchLabelKeys: - - pod-template-hash - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - - labelSelector: - matchLabels: - app.kubernetes.io/name: traefik - matchLabelKeys: - - pod-template-hash - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - volumes: - - emptyDir: {} - name: plugins - - emptyDir: {} - name: data - - emptyDir: {} - name: tmp