traefik · traefiker · Dec 1, 2023 · Dec 1, 2023 · Dec 1, 2023 · Dec 1, 2023
diff --git a/traefik-hub/Chart.yaml b/traefik-hub/Chart.yaml
@@ -5,7 +5,7 @@ type: application
 version: 2.7.0
 # renovate: image=ghcr.io/traefik/traefik-hub
 appVersion: v2.6.0
-kubeVersion: ">=1.26.0-0"
+kubeVersion: ">=1.24.0-0"
 keywords:
   - traefik
   - ingress

diff --git a/traefik-hub/templates/service.yaml b/traefik-hub/templates/service.yaml
@@ -6,13 +6,56 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
   {{- include "traefik-hub.labels" . | nindent 4 }}
+{{- with.Values.service }}
+  {{- with .extraLabels }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
   annotations:
-  {{- with .Values.service.annotations }}
-  {{ toYaml . | indent 2 }}
+  {{- with .annotations }}
+  {{ toYaml . | indent 4 }}
   {{- end }}
 spec:
-  type: {{ .Values.service.type }}
-  loadBalancerClass: {{ .Values.service.loadBalancerClass }}
-  selector:
-     {{- include "traefik-hub.labelselector" . | nindent 6 }}
-  ports: {{ toYaml .Values.service.ports | nindent 4 }}
+  type: {{ .type }}
+  {{- if hasKey . "allocateLoadBalancerNodePorts" }}
+  allocateLoadBalancerNodePorts: {{ .allocateLoadBalancerNodePorts }}
+  {{- end }}
+  {{- with .clusterIP }}
+  clusterIP: {{ . }}
+  {{- end }}
+  {{- with .externalTrafficPolicy }}
+  externalTrafficPolicy: {{ . }}
+  {{- end }}
+  {{- with .internalTrafficPolicy }}
+  internalTrafficPolicy: {{ . }}
+  {{- end }}
+  {{- with .loadBalancerClass }}
+  loadBalancerClass: {{ . }}
+  {{- end }}
+  {{- with .loadBalancerIP }}
+  loadBalancerIP: {{ . }}
+  {{- end }}
+  {{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges: {{ toYaml . | nindent 4}}
+  {{- end }}
+  {{- with .externalIPs }}
+  externalIPs: {{ toYaml . | nindent 4}}
+  {{- end }}
+  {{- with .ipFamilyPolicy }}
+    {{- $allowedValues := list "SingleStack" "PreferDualStack" "RequireDualStack" }}
+    {{- if not (has . $allowedValues) }}
+      {{- fail (cat "ERROR: Allowed values on service.ipFamilyPolicy are" $allowedValues) }}
+    {{- end }}
+  ipFamilyPolicy: {{ . }}
+  {{- end }}
+  {{- with .ipFamilies}}
+    {{- $allowedValues := list "IPv4" "IPv6" }}
+    {{- range $key, $val := . }}
+      {{- if not (has $val $allowedValues) }}
+      {{- fail (cat "ERROR: Allowed values on service.ipFamilies are" $allowedValues) }}
+      {{- end }}
+    {{- end }}
+  ipFamilies: {{ toYaml . | nindent 4}}
+  {{- end }}
+  selector: {{- include "traefik-hub.labelselector" $ | nindent 4 }}
+  ports: {{ toYaml .ports | nindent 4 }}
+{{- end }}
diff --git a/traefik-hub/tests/service_test.yaml b/traefik-hub/tests/service_test.yaml
@@ -5,16 +5,13 @@ release:
 templates:
   - service.yaml
 tests:
-  - it: should render a service
+  - it: should render a service without any values
     asserts:
       - isKind:
           of: Service
       - equal:
           path: spec.type
           value: ClusterIP
-      - equal:
-          path: spec.loadBalancerClass
-          value: null
       - equal:
           path: metadata.annotations
           value: null
@@ -37,40 +34,22 @@ tests:
       - equal:
           path: metadata.namespace
           value: test
-  - it: should set service type
-    set:
-      service:
-        type: LoadBalancer
-    asserts:
-      - equal:
-          path: spec.type
-          value: LoadBalancer
-  - it: should set service type
-    set:
-      service:
-        type: LoadBalancer
-    asserts:
-      - equal:
-          path: spec.type
-          value: LoadBalancer
-  - it: should set service loadBalancerClass
-    set:
-      service:
-        loadBalancerClass: service.k8s.aws/nlb
-    asserts:
-      - equal:
-          path: spec.loadBalancerClass
-          value: service.k8s.aws/nlb
-  - it: should set service annotations
+  - it: should set service annotations and extraLabels
     set:
       service:
         annotations:
           key: value
+        extraLabels:
+          foo: bar
     asserts:
       - equal:
           path: metadata.annotations
           value:
             key: value
+      - isSubset:
+          path: metadata.labels
+          content:
+            foo: bar
   - it: should set custom nodePort
     set:
       service:
@@ -98,3 +77,65 @@ tests:
             port: 443
             targetPort: websecure
             nodePort: 30001
+  - it: should render all spec parameters
+    set:
+      service:
+        type: LoadBalancer
+        externalTrafficPolicy: Local
+        internalTrafficPolicy: Cluster
+        loadBalancerClass: service.k8s.aws/nlb
+        loadBalancerIP: 1.2.3.4
+        clusterIP: 4.3.2.1
+        externalIPs: [ "1.1.1.1", "2.2.2.2" ]
+        loadBalancerSourceRanges: [ "3.3.3.3", "4.4.4.4" ]
+        allocateLoadBalancerNodePorts: false
+        ipFamilyPolicy: PreferDualStack
+        ipFamilies: [ "IPv6" ]
+    asserts:
+      - equal:
+          path: spec.type
+          value: LoadBalancer
+      - equal:
+          path: spec.externalTrafficPolicy
+          value: Local
+      - equal:
+          path: spec.internalTrafficPolicy
+          value: Cluster
+      - equal:
+          path: spec.loadBalancerClass
+          value: service.k8s.aws/nlb
+      - equal:
+          path: spec.loadBalancerIP
+          value: 1.2.3.4
+      - equal:
+          path: spec.clusterIP
+          value: 4.3.2.1
+      - equal:
+          path: spec.externalIPs
+          value: [ "1.1.1.1", "2.2.2.2" ]
+      - equal:
+          path: spec.loadBalancerSourceRanges
+          value: [ "3.3.3.3", "4.4.4.4" ]
+      - equal:
+          path: spec.allocateLoadBalancerNodePorts
+          value: false
+      - equal:
+          path: spec.ipFamilyPolicy
+          value: PreferDualStack
+      - equal:
+          path: spec.ipFamilies
+          value: [ "IPv6" ]
+  - it: should fail with invalid values on ipFamilyPolicy
+    set:
+      service:
+        ipFamilyPolicy: InvalidValue
+    asserts:
+      - failedTemplate:
+          errorMessage: "ERROR: Allowed values on service.ipFamilyPolicy are [SingleStack PreferDualStack RequireDualStack]"
+  - it: should fail with invalid values on ipFamilies
+    set:
+      service:
+        ipFamilies: [ "IPv4", "IPv5" ]
+    asserts:
+      - failedTemplate:
+          errorMessage: "ERROR: Allowed values on service.ipFamilies are [IPv4 IPv6]"
diff --git a/traefik-hub/values.yaml b/traefik-hub/values.yaml
@@ -1,7 +1,7 @@
 replicas: 1
 maxSurge: 1
 
-# On production system, you may want to set it to "system-cluster-critical"
+## On production system, you may want to set it to "system-cluster-critical"
 priorityClassName: ""
 
 imagePullSecrets: []
@@ -19,24 +19,38 @@ resources: {}
 #    memory: 128Mi
 #    cpu: 500m
 
-# configure your hubToken with --set hubTokenSecretName=mySecret
-# kubectl create secret generic mySecret --namespace traefik --from-literal=token=xxx
+## configure your hubToken with --set hubTokenSecretName=mySecret
+## kubectl create secret generic mySecret --namespace traefik --from-literal=token=xxx
 hubTokenSecretName: "hub-agent-token"
 
 additionalArguments: []
 additionalEnvVars: []
 additionalLabels: {}
 
+## extra Volume to add on Deployment.
+## See https://kubernetes.io/docs/concepts/storage/volumes/
 extraVolumes: []
 extraVolumeMounts: []
 
+## Service used in front of Traefik Hub
+## See https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/
 service:
-  # common use:
-  # type: LoadBalancer
-  # loadBalancerClass: service.k8s.aws/nlb
   type: ClusterIP
-  # e.g. you can here define some external DNS or aws-load-balancer annotations
   annotations: {}
+  externalTrafficPolicy:
+  internalTrafficPolicy:
+  extraLabels: {}
+  loadBalancerClass:
+  loadBalancerIP:
+  clusterIP:
+  externalIPs: []
+  loadBalancerSourceRanges: []
+  allocateLoadBalancerNodePorts:
+  ## Valid values: SingleStack, PreferDualStack, RequireDualStack
+  ipFamilyPolicy:
+  ## Valid values: IPv4, IPv6
+  ipFamilies: []
+
   # Can be customized with, for instance, specific nodePort
   ports:
     - port: 80