feat: k8s providers customization

traefik-hub/templates/deployment.yaml

@@ -80,6 +80,59 @@ spec:
             - --providers.kubernetesCRD.allowExternalNameServices=true
             - --providers.kubernetesIngress.allowEmptyServices=true
             - --providers.kubernetesIngress.allowExternalNameServices=true
+            {{- with .Values.providers }}
+            {{- with .kubernetesCRD.endpoint }}
+            - --providers.kubernetescrd.endpoint="{{ . }}"
+            {{- end }}
+            {{- with .kubernetesCRD.token }}
+            - --providers.kubernetescrd.token="{{ . }}"
+            {{- end }}
+            {{- with .kubernetesCRD.certAuthFilePath }}
+            - --providers.kubernetescrd.certauthfilepath="{{ . }}"
+            {{- end }}
+            {{- with .kubernetesCRD.namespaces }}
+            - --providers.kubernetescrd.namespaces="{{ . }}"
+            {{- end }}
+            {{- with .kubernetesCRD.labelSelector }}
+            - --providers.kubernetescrd.labelselector="{{ . }}"
+            {{- end }}
+            {{- if .ingressClass.enabled }}
+            - --providers.kubernetescrd.ingressclass="{{ .ingressClass.name | default (include "traefik-hub.name" $) }}"
+            {{- end }}
+            {{- with .kubernetesCRD.throttleDuration }}
+            - --providers.kubernetescrd.throttleduration="{{ . }}"
+            {{- end }}
+            {{- with .kubernetesIngress.endpoint }}
+            - --providers.kubernetesingress.endpoint="{{ . }}"
+            {{- end }}
+            {{- with .kubernetesIngress.token }}
+            - --providers.kubernetesingress.token="{{ . }}"
+            {{- end }}
+            {{- with .kubernetesIngress.certAuthFilePath }}
+            - --providers.kubernetesingress.certauthfilepath="{{ . }}"
+            {{- end }}
+            {{- with .kubernetesIngress.namespaces }}
+            - --providers.kubernetesingress.namespaces="{{ . }}"
+            {{- end }}
+            {{- with .kubernetesIngress.labelSelector }}
+            - --providers.kubernetesingress.labelselector="{{ . }}"
+            {{- end }}
+            {{- if .ingressClass.enabled }}
+            - --providers.kubernetesingress.ingressclass="{{ .ingressClass.name | default (include "traefik-hub.name" $) }}"
+            {{- end }}
+            {{- with .kubernetesIngress.ingressEndpoint.hostname }}
+            - --providers.kubernetesingress.ingressendpoint.hostname="{{ . }}"
+            {{- end }}
+            {{- with .kubernetesIngress.ingressEndpoint.ip }}
+            - --providers.kubernetesingress.ingressendpoint.ip="{{ . }}"
+            {{- end }}
+            {{- with .kubernetesIngress.ingressEndpoint.publishedService }}
+            - --providers.kubernetesingress.ingressendpoint.publishedservice="{{ . }}"
+            {{- end }}
+            {{- with .kubernetesIngress.throttleDuration }}
+            - --providers.kubernetesingress.throttleduration="{{ . }}"
+            {{- end }}
+            {{- end }}
             {{- with $additionnalArgs }}
               {{- toYaml . | nindent 12 }}
             {{- end }}

traefik-hub/templates/ingress-class.yaml

@@ -0,0 +1,11 @@
+{{- if .Values.providers.ingressClass.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: IngressClass
+metadata:
+  annotations:
+    ingressclass.kubernetes.io/is-default-class: {{ .Values.providers.ingressClass.isDefaultClass | quote }}
+  labels: {{- include "traefik-hub.labels" . | nindent 4 }}
+  name: {{ .Values.providers.ingressClass.name | default (include "traefik-hub.name" .) }}
+spec:
+  controller: hub.traefik.io/ingress-controller
+{{- end }}

traefik-hub/tests/deployment_test.yaml

@@ -61,7 +61,7 @@ tests:
     asserts:
       - lengthEqual:
           path: spec.template.spec.containers[0].args
-          count: 15
+          count: 17
       - contains:
           path: spec.template.spec.containers[0].args
           content: ic
@@ -160,6 +160,76 @@ tests:
       - equal:
           path: spec.template.spec.imagePullSecrets[0].name
           value: regcred
+  - it: should set providers settings
+    set:
+      providers:
+        kubernetesCRD:
+          endpoint: "local.tld"
+          token: "xxx"
+          certAuthFilePath: "/var/crds.pem"
+          namespaces: "ns1,ns2"
+          labelSelector: "foo=bar"
+          throttleDuration: "10s"
+        kubernetesIngress:
+          endpoint: "local2.tld"
+          token: "yyy"
+          certAuthFilePath: "/var/ings.pem"
+          namespaces: "ns3,ns4"
+          labelSelector: "bar=foo"
+          ingressEndpoint:
+            hostname: "ing.tld"
+            ip: "1.2.3.4"
+            publishedService: "ns/svc"
+          throttleDuration: "10h"
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].args
+          content: --providers.kubernetescrd.endpoint="local.tld"
+      - contains:
+          path: spec.template.spec.containers[0].args
+          content: --providers.kubernetescrd.token="xxx"
+      - contains:
+          path: spec.template.spec.containers[0].args
+          content: --providers.kubernetescrd.certauthfilepath="/var/crds.pem"
+      - contains:
+          path: spec.template.spec.containers[0].args
+          content: --providers.kubernetescrd.namespaces="ns1,ns2"
+      - contains:
+          path: spec.template.spec.containers[0].args
+          content: --providers.kubernetescrd.labelselector="foo=bar"
+      - contains:
+          path: spec.template.spec.containers[0].args
+          content: --providers.kubernetescrd.throttleduration="10s"
+      - contains:
+          path: spec.template.spec.containers[0].args
+          content: --providers.kubernetesingress.endpoint="local2.tld"
+      - contains:
+          path: spec.template.spec.containers[0].args
+          content: --providers.kubernetesingress.token="yyy"
+      - contains:
+          path: spec.template.spec.containers[0].args
+          content: --providers.kubernetesingress.certauthfilepath="/var/ings.pem"
+      - contains:
+          path: spec.template.spec.containers[0].args
+          content: --providers.kubernetesingress.namespaces="ns3,ns4"
+      - contains:
+          path: spec.template.spec.containers[0].args
+          content: --providers.kubernetesingress.labelselector="bar=foo"
+      - contains:
+          path: spec.template.spec.containers[0].args
+          content: --providers.kubernetesingress.ingressclass="traefik-hub"
+      - contains:
+          path: spec.template.spec.containers[0].args
+          content: --providers.kubernetesingress.ingressendpoint.hostname="ing.tld"
+      - contains:
+          path: spec.template.spec.containers[0].args
+          content: --providers.kubernetesingress.ingressendpoint.ip="1.2.3.4"
+      - contains:
+          path: spec.template.spec.containers[0].args
+          content: --providers.kubernetesingress.ingressendpoint.publishedservice="ns/svc"
+      - contains:
+          path: spec.template.spec.containers[0].args
+          content: --providers.kubernetesingress.throttleduration="10h"
   - it: should add and mount an extraVolume when set
     set:
       extraVolumes:

traefik-hub/tests/ingress-class_test.yaml

@@ -0,0 +1,43 @@
+suite: IngressClass tests
+release:
+  name: traefik-hub
+  namespace: traefik
+templates:
+  - ingress-class.yaml
+tests:
+  - it: should render default IngressClass
+    asserts:
+      - isKind:
+          of: IngressClass
+      - equal:
+          path: metadata.name
+          value: "traefik-hub"
+      - isSubset:
+          path: metadata.annotations
+          content:
+            ingressclass.kubernetes.io/is-default-class: "true"
+      - equal:
+          path: spec.controller
+          value: hub.traefik.io/ingress-controller
+  - it: should be possible to customize ingressclass
+    set:
+      providers:
+        ingressClass:
+          isDefaultClass: false
+          name: "my-ing"
+    asserts:
+      - equal:
+          path: metadata.name
+          value: my-ing
+      - isSubset:
+          path: metadata.annotations
+          content:
+            ingressclass.kubernetes.io/is-default-class: "false"
+  - it: should be possible to disable ingressclass
+    set:
+      providers:
+        ingressClass:
+          enabled: false
+    asserts:
+      - hasDocuments:
+          count: 0

traefik-hub/values.yaml

@@ -51,7 +51,7 @@ service:
   ## Valid values: IPv4, IPv6
   ipFamilies: []
 
-  # Can be customized with, for instance, specific nodePort
+  ## Can be customized with, for instance, specific nodePort
   ports:
     - port: 80
       name: web
@@ -60,8 +60,38 @@ service:
       name: websecure
       targetPort: websecure
 
-# use it to load plugins
+## use it to load plugins
 plugins: []
 # - name: crowdsec-bouncer-traefik-plugin
 #   moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
 #   version: v1.1.15
+
+## Customize Traefik Providers
+##  - https://doc.traefik.io/traefik/providers/kubernetes-crd
+##  - https://doc.traefik.io/traefik/providers/kubernetes-ingress
+## On Traefik Hub, `allowCrossNamespace`, `allowEmptyServices`
+## and `allowExternalNameServices` are set to true.
+providers:
+  ## Create a default IngressClass and apply it on both providers
+  ingressClass:
+    enabled: true
+    isDefaultClass: true
+    name:
+  kubernetesCRD:
+    endpoint:
+    token:
+    certAuthFilePath:
+    namespaces:
+    labelSelector:
+    throttleDuration:
+  kubernetesIngress:
+    endpoint:
+    token:
+    certAuthFilePath:
+    namespaces:
+    labelSelector:
+    ingressEndpoint:
+      hostname:
+      ip:
+      publishedService:
+    throttleDuration: