diff --git a/traefik-hub/templates/deployment.yaml b/traefik-hub/templates/deployment.yaml index f24f24c..11c6239 100644 --- a/traefik-hub/templates/deployment.yaml +++ b/traefik-hub/templates/deployment.yaml @@ -80,6 +80,59 @@ spec: - --providers.kubernetesCRD.allowExternalNameServices=true - --providers.kubernetesIngress.allowEmptyServices=true - --providers.kubernetesIngress.allowExternalNameServices=true + {{- with .Values.providers }} + {{- with .kubernetesCRD.endpoint }} + - --providers.kubernetescrd.endpoint="{{ . }}" + {{- end }} + {{- with .kubernetesCRD.token }} + - --providers.kubernetescrd.token="{{ . }}" + {{- end }} + {{- with .kubernetesCRD.certAuthFilePath }} + - --providers.kubernetescrd.certauthfilepath="{{ . }}" + {{- end }} + {{- with .kubernetesCRD.namespaces }} + - --providers.kubernetescrd.namespaces="{{ . }}" + {{- end }} + {{- with .kubernetesCRD.labelSelector }} + - --providers.kubernetescrd.labelselector="{{ . }}" + {{- end }} + {{- if .ingressClass.enabled }} + - --providers.kubernetescrd.ingressclass="{{ .ingressClass.name | default (include "traefik-hub.name" $) }}" + {{- end }} + {{- with .kubernetesCRD.throttleDuration }} + - --providers.kubernetescrd.throttleduration="{{ . }}" + {{- end }} + {{- with .kubernetesIngress.endpoint }} + - --providers.kubernetesingress.endpoint="{{ . }}" + {{- end }} + {{- with .kubernetesIngress.token }} + - --providers.kubernetesingress.token="{{ . }}" + {{- end }} + {{- with .kubernetesIngress.certAuthFilePath }} + - --providers.kubernetesingress.certauthfilepath="{{ . }}" + {{- end }} + {{- with .kubernetesIngress.namespaces }} + - --providers.kubernetesingress.namespaces="{{ . }}" + {{- end }} + {{- with .kubernetesIngress.labelSelector }} + - --providers.kubernetesingress.labelselector="{{ . }}" + {{- end }} + {{- if .ingressClass.enabled }} + - --providers.kubernetesingress.ingressclass="{{ .ingressClass.name | default (include "traefik-hub.name" $) }}" + {{- end }} + {{- with .kubernetesIngress.ingressEndpoint.hostname }} + - --providers.kubernetesingress.ingressendpoint.hostname="{{ . }}" + {{- end }} + {{- with .kubernetesIngress.ingressEndpoint.ip }} + - --providers.kubernetesingress.ingressendpoint.ip="{{ . }}" + {{- end }} + {{- with .kubernetesIngress.ingressEndpoint.publishedService }} + - --providers.kubernetesingress.ingressendpoint.publishedservice="{{ . }}" + {{- end }} + {{- with .kubernetesIngress.throttleDuration }} + - --providers.kubernetesingress.throttleduration="{{ . }}" + {{- end }} + {{- end }} {{- with $additionnalArgs }} {{- toYaml . | nindent 12 }} {{- end }} diff --git a/traefik-hub/templates/ingress-class.yaml b/traefik-hub/templates/ingress-class.yaml new file mode 100644 index 0000000..91d249b --- /dev/null +++ b/traefik-hub/templates/ingress-class.yaml @@ -0,0 +1,11 @@ +{{- if .Values.providers.ingressClass.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + annotations: + ingressclass.kubernetes.io/is-default-class: {{ .Values.providers.ingressClass.isDefaultClass | quote }} + labels: {{- include "traefik-hub.labels" . | nindent 4 }} + name: {{ .Values.providers.ingressClass.name | default (include "traefik-hub.name" .) }} +spec: + controller: hub.traefik.io/ingress-controller +{{- end }} diff --git a/traefik-hub/tests/deployment_test.yaml b/traefik-hub/tests/deployment_test.yaml index bad5395..b448ca0 100644 --- a/traefik-hub/tests/deployment_test.yaml +++ b/traefik-hub/tests/deployment_test.yaml @@ -61,7 +61,7 @@ tests: asserts: - lengthEqual: path: spec.template.spec.containers[0].args - count: 15 + count: 17 - contains: path: spec.template.spec.containers[0].args content: ic @@ -160,6 +160,76 @@ tests: - equal: path: spec.template.spec.imagePullSecrets[0].name value: regcred + - it: should set providers settings + set: + providers: + kubernetesCRD: + endpoint: "local.tld" + token: "xxx" + certAuthFilePath: "/var/crds.pem" + namespaces: "ns1,ns2" + labelSelector: "foo=bar" + throttleDuration: "10s" + kubernetesIngress: + endpoint: "local2.tld" + token: "yyy" + certAuthFilePath: "/var/ings.pem" + namespaces: "ns3,ns4" + labelSelector: "bar=foo" + ingressEndpoint: + hostname: "ing.tld" + ip: "1.2.3.4" + publishedService: "ns/svc" + throttleDuration: "10h" + asserts: + - contains: + path: spec.template.spec.containers[0].args + content: --providers.kubernetescrd.endpoint="local.tld" + - contains: + path: spec.template.spec.containers[0].args + content: --providers.kubernetescrd.token="xxx" + - contains: + path: spec.template.spec.containers[0].args + content: --providers.kubernetescrd.certauthfilepath="/var/crds.pem" + - contains: + path: spec.template.spec.containers[0].args + content: --providers.kubernetescrd.namespaces="ns1,ns2" + - contains: + path: spec.template.spec.containers[0].args + content: --providers.kubernetescrd.labelselector="foo=bar" + - contains: + path: spec.template.spec.containers[0].args + content: --providers.kubernetescrd.throttleduration="10s" + - contains: + path: spec.template.spec.containers[0].args + content: --providers.kubernetesingress.endpoint="local2.tld" + - contains: + path: spec.template.spec.containers[0].args + content: --providers.kubernetesingress.token="yyy" + - contains: + path: spec.template.spec.containers[0].args + content: --providers.kubernetesingress.certauthfilepath="/var/ings.pem" + - contains: + path: spec.template.spec.containers[0].args + content: --providers.kubernetesingress.namespaces="ns3,ns4" + - contains: + path: spec.template.spec.containers[0].args + content: --providers.kubernetesingress.labelselector="bar=foo" + - contains: + path: spec.template.spec.containers[0].args + content: --providers.kubernetesingress.ingressclass="traefik-hub" + - contains: + path: spec.template.spec.containers[0].args + content: --providers.kubernetesingress.ingressendpoint.hostname="ing.tld" + - contains: + path: spec.template.spec.containers[0].args + content: --providers.kubernetesingress.ingressendpoint.ip="1.2.3.4" + - contains: + path: spec.template.spec.containers[0].args + content: --providers.kubernetesingress.ingressendpoint.publishedservice="ns/svc" + - contains: + path: spec.template.spec.containers[0].args + content: --providers.kubernetesingress.throttleduration="10h" - it: should add and mount an extraVolume when set set: extraVolumes: diff --git a/traefik-hub/tests/ingress-class_test.yaml b/traefik-hub/tests/ingress-class_test.yaml new file mode 100644 index 0000000..53b22dd --- /dev/null +++ b/traefik-hub/tests/ingress-class_test.yaml @@ -0,0 +1,43 @@ +suite: IngressClass tests +release: + name: traefik-hub + namespace: traefik +templates: + - ingress-class.yaml +tests: + - it: should render default IngressClass + asserts: + - isKind: + of: IngressClass + - equal: + path: metadata.name + value: "traefik-hub" + - isSubset: + path: metadata.annotations + content: + ingressclass.kubernetes.io/is-default-class: "true" + - equal: + path: spec.controller + value: hub.traefik.io/ingress-controller + - it: should be possible to customize ingressclass + set: + providers: + ingressClass: + isDefaultClass: false + name: "my-ing" + asserts: + - equal: + path: metadata.name + value: my-ing + - isSubset: + path: metadata.annotations + content: + ingressclass.kubernetes.io/is-default-class: "false" + - it: should be possible to disable ingressclass + set: + providers: + ingressClass: + enabled: false + asserts: + - hasDocuments: + count: 0 diff --git a/traefik-hub/values.yaml b/traefik-hub/values.yaml index bb67f26..fcbb909 100644 --- a/traefik-hub/values.yaml +++ b/traefik-hub/values.yaml @@ -51,7 +51,7 @@ service: ## Valid values: IPv4, IPv6 ipFamilies: [] - # Can be customized with, for instance, specific nodePort + ## Can be customized with, for instance, specific nodePort ports: - port: 80 name: web @@ -60,8 +60,38 @@ service: name: websecure targetPort: websecure -# use it to load plugins +## use it to load plugins plugins: [] # - name: crowdsec-bouncer-traefik-plugin # moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin # version: v1.1.15 + +## Customize Traefik Providers +## - https://doc.traefik.io/traefik/providers/kubernetes-crd +## - https://doc.traefik.io/traefik/providers/kubernetes-ingress +## On Traefik Hub, `allowCrossNamespace`, `allowEmptyServices` +## and `allowExternalNameServices` are set to true. +providers: + ## Create a default IngressClass and apply it on both providers + ingressClass: + enabled: true + isDefaultClass: true + name: + kubernetesCRD: + endpoint: + token: + certAuthFilePath: + namespaces: + labelSelector: + throttleDuration: + kubernetesIngress: + endpoint: + token: + certAuthFilePath: + namespaces: + labelSelector: + ingressEndpoint: + hostname: + ip: + publishedService: + throttleDuration: