Refactor traefik expose labels via variables
- no need to pass explicit traefik labels now
Diff
miniflux.tf | 8 +++-----
monicahq.tf | 8 +++-----
requestbin.tf | 8 +++-----
modules/container/locals.tf | 17 +++++++++++++++++
modules/container/main.tf | 26 ++++++++++++++++++++------
modules/container/vars.tf | 26 ++++++++++++++++++++++++++
6 files changed, 68 insertions(+), 25 deletions(-)
@@ -1,13 +1,11 @@
module "miniflux-container" {
name = "miniflux"
source = "modules/container"
image = "miniflux/miniflux:2.0.10"
labels = "${merge(
var.traefik-common-labels, map(
"traefik.port", 8080,
"traefik.frontend.rule","Host:rss.captnemo.in"
))}"
expose-web = true
web-port = 8080
web-domain = "rss.captnemo.in"
networks = "${list(module.docker.traefik-network-id,module.db.postgres-network-id)}"
@@ -1,13 +1,11 @@
module "monicahq-container" {
name = "monica"
source = "modules/container"
image = "monicahq/monicahq:latest"
labels = "${merge(
var.traefik-common-labels, map(
"traefik.port", 80,
"traefik.frontend.rule","Host:monica.${var.root-domain}"
))}"
expose-web = true
web-domain = "monica.${var.root-domain}"
networks = "${list(module.docker.traefik-network-id,module.db.postgres-network-id)}"
@@ -1,13 +1,11 @@
module "requestbin" {
name = "requestbin"
source = "./modules/container"
image = "jankysolutions/requestbin:latest"
labels = "${merge(
var.traefik-common-labels, map(
"traefik.port", 8000,
"traefik.frontend.rule","Host:requestbin.${var.root-domain}"
))}"
expose-web = true
web-domain = "requestbin.${var.root-domain}"
networks = "${list(module.docker.traefik-network-id)}"
@@ -1,0 +1,17 @@
locals {
traefik-common-labels {
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.docker.network" = "traefik"
}
}
@@ -8,16 +8,22 @@
}
resource "docker_container" "container" {
name = "${var.name}"
image = "${docker_image.image.latest}"
ports = "${var.ports}"
restart = "${var.restart}"
env = "${var.env}"
command = "${var.command}"
entrypoint = "${var.entrypoint}"
user = "${var.user}"
networks = ["${var.networks}"]
labels = "${var.labels}"
name = "${var.name}"
image = "${docker_image.image.latest}"
ports = "${var.ports}"
restart = "${var.restart}"
env = "${var.env}"
command = "${var.command}"
entrypoint = "${var.entrypoint}"
user = "${var.user}"
networks = ["${var.networks}"]
labels = "${merge(var.labels, var.expose-web ?
merge(local.traefik-common-labels, map(
"traefik.port", var.web-port,
"traefik.frontend.rule", "Host:${var.web-domain}",
)) : map())}"
destroy_grace_seconds = "${var.destroy_grace_seconds}"
must_run = "${var.must_run}"
}
@@ -59,3 +59,29 @@
description = "labels"
default = {}
}
variable "xpoweredby" {
default = "X-Powered-By:Allomancy||X-Server:Blackbox"
}
variable "expose-web" {
description = "Whether to expose the application on the web"
default = "false"
}
variable "web-port" {
description = "Port to expose using traefik"
default = "80"
type = "string"
}
variable "web-domain" {
description = "Domain to use while exposing the application"
default = ""
type = "string"
}
variable "web-basicauth" {
description = "Whether to add basic auth check on the application"
default = "false"
}