From dd233a5f5e8bc831a7c2d175a3cb9359727e4e47 Mon Sep 17 00:00:00 2001 From: Michel Loiseleur Date: Fri, 1 Dec 2023 15:23:01 +0100 Subject: [PATCH 1/3] feat: improve Service customization --- traefik-hub/Chart.yaml | 2 +- traefik-hub/templates/service.yaml | 47 +++++++++++++--- traefik-hub/tests/service_test.yaml | 85 +++++++++++++++++++---------- traefik-hub/values.yaml | 27 ++++++--- 4 files changed, 117 insertions(+), 44 deletions(-) diff --git a/traefik-hub/Chart.yaml b/traefik-hub/Chart.yaml index c223b03..3f681d1 100644 --- a/traefik-hub/Chart.yaml +++ b/traefik-hub/Chart.yaml @@ -5,7 +5,7 @@ type: application version: 2.7.0 # renovate: image=ghcr.io/traefik/traefik-hub appVersion: v2.6.0 -kubeVersion: ">=1.26.0-0" +kubeVersion: ">=1.24.0-0" keywords: - traefik - ingress diff --git a/traefik-hub/templates/service.yaml b/traefik-hub/templates/service.yaml index 192dc72..ab62b22 100644 --- a/traefik-hub/templates/service.yaml +++ b/traefik-hub/templates/service.yaml @@ -6,13 +6,46 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "traefik-hub.labels" . | nindent 4 }} +{{- with.Values.service }} + {{- with .extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} annotations: - {{- with .Values.service.annotations }} - {{ toYaml . | indent 2 }} + {{- with .annotations }} + {{ toYaml . | indent 4 }} {{- end }} spec: - type: {{ .Values.service.type }} - loadBalancerClass: {{ .Values.service.loadBalancerClass }} - selector: - {{- include "traefik-hub.labelselector" . | nindent 6 }} - ports: {{ toYaml .Values.service.ports | nindent 4 }} + type: {{ .type }} + {{- if hasKey . "allocateLoadBalancerNodePorts" }} + allocateLoadBalancerNodePorts: {{ .allocateLoadBalancerNodePorts }} + {{- end }} + {{- with .clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- with .externalTrafficPolicy }} + externalTrafficPolicy: {{ . }} + {{- end }} + {{- with .internalTrafficPolicy }} + internalTrafficPolicy: {{ . }} + {{- end }} + {{- with .loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} + {{- with .loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml . | nindent 4}} + {{- end }} + {{- with .externalIPs }} + externalIPs: {{ toYaml . | nindent 4}} + {{- end }} + {{- with .ipFamilyPolicy }} + ipFamilyPolicy: {{ . }} + {{- end }} + {{- with .ipFamilies}} + ipFamilies: {{ toYaml . | nindent 4}} + {{- end }} + selector: {{- include "traefik-hub.labelselector" $ | nindent 4 }} + ports: {{ toYaml .ports | nindent 4 }} +{{- end }} diff --git a/traefik-hub/tests/service_test.yaml b/traefik-hub/tests/service_test.yaml index b19c1c0..20015c6 100644 --- a/traefik-hub/tests/service_test.yaml +++ b/traefik-hub/tests/service_test.yaml @@ -5,16 +5,13 @@ release: templates: - service.yaml tests: - - it: should render a service + - it: should render a service without any values asserts: - isKind: of: Service - equal: path: spec.type value: ClusterIP - - equal: - path: spec.loadBalancerClass - value: null - equal: path: metadata.annotations value: null @@ -37,40 +34,22 @@ tests: - equal: path: metadata.namespace value: test - - it: should set service type - set: - service: - type: LoadBalancer - asserts: - - equal: - path: spec.type - value: LoadBalancer - - it: should set service type - set: - service: - type: LoadBalancer - asserts: - - equal: - path: spec.type - value: LoadBalancer - - it: should set service loadBalancerClass - set: - service: - loadBalancerClass: service.k8s.aws/nlb - asserts: - - equal: - path: spec.loadBalancerClass - value: service.k8s.aws/nlb - - it: should set service annotations + - it: should set service annotations and extraLabels set: service: annotations: key: value + extraLabels: + foo: bar asserts: - equal: path: metadata.annotations value: key: value + - isSubset: + path: metadata.labels + content: + foo: bar - it: should set custom nodePort set: service: @@ -98,3 +77,51 @@ tests: port: 443 targetPort: websecure nodePort: 30001 + - it: should render all spec parameters + set: + service: + type: LoadBalancer + externalTrafficPolicy: Local + internalTrafficPolicy: Cluster + loadBalancerClass: service.k8s.aws/nlb + loadBalancerIP: 1.2.3.4 + clusterIP: 4.3.2.1 + externalIPs: [ "1.1.1.1", "2.2.2.2" ] + loadBalancerSourceRanges: [ "3.3.3.3", "4.4.4.4" ] + allocateLoadBalancerNodePorts: false + ipFamilyPolicy: PreferDualStack + ipFamilies: [ "IPv6" ] + asserts: + - equal: + path: spec.type + value: LoadBalancer + - equal: + path: spec.externalTrafficPolicy + value: Local + - equal: + path: spec.internalTrafficPolicy + value: Cluster + - equal: + path: spec.loadBalancerClass + value: service.k8s.aws/nlb + - equal: + path: spec.loadBalancerIP + value: 1.2.3.4 + - equal: + path: spec.clusterIP + value: 4.3.2.1 + - equal: + path: spec.externalIPs + value: [ "1.1.1.1", "2.2.2.2" ] + - equal: + path: spec.loadBalancerSourceRanges + value: [ "3.3.3.3", "4.4.4.4" ] + - equal: + path: spec.allocateLoadBalancerNodePorts + value: false + - equal: + path: spec.ipFamilyPolicy + value: PreferDualStack + - equal: + path: spec.ipFamilies + value: [ "IPv6" ] diff --git a/traefik-hub/values.yaml b/traefik-hub/values.yaml index 7bae510..971d884 100644 --- a/traefik-hub/values.yaml +++ b/traefik-hub/values.yaml @@ -1,7 +1,7 @@ replicas: 1 maxSurge: 1 -# On production system, you may want to set it to "system-cluster-critical" +## On production system, you may want to set it to "system-cluster-critical" priorityClassName: "" imagePullSecrets: [] @@ -19,21 +19,34 @@ resources: {} # memory: 128Mi # cpu: 500m -# configure your hubToken with --set hubTokenSecretName=mySecret -# kubectl create secret generic mySecret --namespace traefik --from-literal=token=xxx +## configure your hubToken with --set hubTokenSecretName=mySecret +## kubectl create secret generic mySecret --namespace traefik --from-literal=token=xxx hubTokenSecretName: "hub-agent-token" additionalArguments: [] additionalEnvVars: [] additionalLabels: {} + +## Service used in front of Traefik Hub +## See https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/ service: - # common use: - # type: LoadBalancer - # loadBalancerClass: service.k8s.aws/nlb type: ClusterIP - # e.g. you can here define some external DNS or aws-load-balancer annotations annotations: {} + externalTrafficPolicy: + internalTrafficPolicy: + extraLabels: {} + loadBalancerClass: + loadBalancerIP: + clusterIP: + externalIPs: [] + loadBalancerSourceRanges: [] + allocateLoadBalancerNodePorts: + ## Valid values: SingleStack, PreferDualStack, RequireDualStack + ipFamilyPolicy: + ## Valid values: IPv4, IPv6 + ipFamilies: [] + # Can be customized with, for instance, specific nodePort ports: - port: 80 From bd21ef8d2a06d385b16cae3dc4c82eddedbdd50e Mon Sep 17 00:00:00 2001 From: Michel Loiseleur Date: Fri, 1 Dec 2023 17:02:29 +0100 Subject: [PATCH 2/3] fail gracefully on known invalid values --- traefik-hub/templates/service.yaml | 10 ++++++++++ traefik-hub/tests/service_test.yaml | 14 ++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/traefik-hub/templates/service.yaml b/traefik-hub/templates/service.yaml index ab62b22..e78e30b 100644 --- a/traefik-hub/templates/service.yaml +++ b/traefik-hub/templates/service.yaml @@ -41,9 +41,19 @@ spec: externalIPs: {{ toYaml . | nindent 4}} {{- end }} {{- with .ipFamilyPolicy }} + {{- $allowedValues := list "SingleStack" "PreferDualStack" "RequireDualStack" }} + {{- if not (has . $allowedValues) }} + {{- fail (cat "ERROR: Allowed values on service.ipFamilyPolicy are" $allowedValues) }} + {{- end }} ipFamilyPolicy: {{ . }} {{- end }} {{- with .ipFamilies}} + {{- $allowedValues := list "IPv4" "IPv6" }} + {{- range $key, $val := . }} + {{- if not (has $val $allowedValues) }} + {{- fail (cat "ERROR: Allowed values on service.ipFamilies are" $allowedValues) }} + {{- end }} + {{- end }} ipFamilies: {{ toYaml . | nindent 4}} {{- end }} selector: {{- include "traefik-hub.labelselector" $ | nindent 4 }} diff --git a/traefik-hub/tests/service_test.yaml b/traefik-hub/tests/service_test.yaml index 20015c6..60f5530 100644 --- a/traefik-hub/tests/service_test.yaml +++ b/traefik-hub/tests/service_test.yaml @@ -125,3 +125,17 @@ tests: - equal: path: spec.ipFamilies value: [ "IPv6" ] + - it: should fail with invalid values on ipFamilyPolicy + set: + service: + ipFamilyPolicy: InvalidValue + asserts: + - failedTemplate: + errorMessage: "ERROR: Allowed values on service.ipFamilyPolicy are [SingleStack PreferDualStack RequireDualStack]" + - it: should fail with invalid values on ipFamilies + set: + service: + ipFamilies: [ "IPv4", "IPv5" ] + asserts: + - failedTemplate: + errorMessage: "ERROR: Allowed values on service.ipFamilies are [IPv4 IPv6]" From 02883ada3399724677e1acbcfd2c1e48a0a163d6 Mon Sep 17 00:00:00 2001 From: Michel Loiseleur Date: Fri, 1 Dec 2023 17:09:06 +0100 Subject: [PATCH 3/3] doc: improve comment on section --- traefik-hub/values.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/traefik-hub/values.yaml b/traefik-hub/values.yaml index 2965c16..bb67f26 100644 --- a/traefik-hub/values.yaml +++ b/traefik-hub/values.yaml @@ -27,11 +27,13 @@ additionalArguments: [] additionalEnvVars: [] additionalLabels: {} -## Service used in front of Traefik Hub -## See https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/ +## extra Volume to add on Deployment. +## See https://kubernetes.io/docs/concepts/storage/volumes/ extraVolumes: [] extraVolumeMounts: [] +## Service used in front of Traefik Hub +## See https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/ service: type: ClusterIP annotations: {}