diff --git a/traefik/VALUES.md b/traefik/VALUES.md index ba320fec0..0d7aa4758 100644 --- a/traefik/VALUES.md +++ b/traefik/VALUES.md @@ -98,6 +98,7 @@ Kubernetes: `>=1.22.0-0` | ingressRoute.dashboard.labels | object | `{}` | Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) | | ingressRoute.dashboard.matchRule | string | `"PathPrefix(`/dashboard`) || PathPrefix(`/api`)"` | The router match rule used for the dashboard ingressRoute | | ingressRoute.dashboard.middlewares | list | `[]` | Additional ingressRoute middlewares (e.g. for authentication) | +| ingressRoute.dashboard.services | list | `[{"kind":"TraefikService","name":"api@internal"}]` | The internal service used for the dashboard ingressRoute | | ingressRoute.dashboard.tls | object | `{}` | TLS options (e.g. secret containing certificate) | | ingressRoute.healthcheck.annotations | object | `{}` | Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) | | ingressRoute.healthcheck.enabled | bool | `false` | Create an IngressRoute for the healthcheck probe | @@ -105,6 +106,7 @@ Kubernetes: `>=1.22.0-0` | ingressRoute.healthcheck.labels | object | `{}` | Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) | | ingressRoute.healthcheck.matchRule | string | `"PathPrefix(`/ping`)"` | The router match rule used for the healthcheck ingressRoute | | ingressRoute.healthcheck.middlewares | list | `[]` | Additional ingressRoute middlewares (e.g. for authentication) | +| ingressRoute.healthcheck.services | list | `[{"kind":"TraefikService","name":"ping@internal"}]` | The internal service used for the healthcheck ingressRoute | | ingressRoute.healthcheck.tls | object | `{}` | TLS options (e.g. secret containing certificate) | | instanceLabelOverride | string | `nil` | | | livenessProbe.failureThreshold | int | `3` | The number of consecutive failures allowed before considering the probe as failed. | diff --git a/traefik/templates/dashboard-ingressroute.yaml b/traefik/templates/dashboard-ingressroute.yaml deleted file mode 100644 index c797143c5..000000000 --- a/traefik/templates/dashboard-ingressroute.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.ingressRoute.dashboard.enabled -}} -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: {{ template "traefik.fullname" . }}-dashboard - namespace: {{ template "traefik.namespace" . }} - annotations: - {{- if and .Values.ingressClass.enabled .Values.providers.kubernetesCRD.enabled .Values.providers.kubernetesCRD.ingressClass }} - kubernetes.io/ingress.class: {{ .Values.providers.kubernetesCRD.ingressClass }} - {{- end }} - {{- with .Values.ingressRoute.dashboard.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "traefik.labels" . | nindent 4 }} - {{- with .Values.ingressRoute.dashboard.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - entryPoints: - {{- range .Values.ingressRoute.dashboard.entryPoints }} - - {{ . }} - {{- end }} - routes: - - match: {{ .Values.ingressRoute.dashboard.matchRule }} - kind: Rule - services: - - name: api@internal - kind: TraefikService - {{- with .Values.ingressRoute.dashboard.middlewares }} - middlewares: - {{- toYaml . | nindent 6 }} - {{- end -}} - - {{- with .Values.ingressRoute.dashboard.tls }} - tls: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end -}} diff --git a/traefik/templates/healthcheck-ingressroute.yaml b/traefik/templates/healthcheck-ingressroute.yaml deleted file mode 100644 index 3f3a0e6b5..000000000 --- a/traefik/templates/healthcheck-ingressroute.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.ingressRoute.healthcheck.enabled -}} -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: {{ template "traefik.fullname" . }}-healthcheck - namespace: {{ template "traefik.namespace" . }} - annotations: - {{- if and .Values.ingressClass.enabled .Values.providers.kubernetesCRD.enabled .Values.providers.kubernetesCRD.ingressClass }} - kubernetes.io/ingress.class: {{ .Values.providers.kubernetesCRD.ingressClass }} - {{- end }} - {{- with .Values.ingressRoute.healthcheck.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "traefik.labels" . | nindent 4 }} - {{- with .Values.ingressRoute.healthcheck.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - entryPoints: - {{- range .Values.ingressRoute.healthcheck.entryPoints }} - - {{ . }} - {{- end }} - routes: - - match: {{ .Values.ingressRoute.healthcheck.matchRule }} - kind: Rule - services: - - name: ping@internal - kind: TraefikService - {{- with .Values.ingressRoute.healthcheck.middlewares }} - middlewares: - {{- toYaml . | nindent 6 }} - {{- end -}} - - {{- with .Values.ingressRoute.healthcheck.tls }} - tls: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end -}} diff --git a/traefik/templates/ingressroute.yaml b/traefik/templates/ingressroute.yaml new file mode 100644 index 000000000..805da8eeb --- /dev/null +++ b/traefik/templates/ingressroute.yaml @@ -0,0 +1,43 @@ +{{ range $name, $config := .Values.ingressRoute }} +{{ if $config.enabled }} +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: {{ template "traefik.fullname" $ }}-$name + namespace: {{ template "traefik.namespace" $ }} + annotations: + {{- if and $.Values.ingressClass.enabled $.Values.providers.kubernetesCRD.enabled $.Values.providers.kubernetesCRD.ingressClass }} + kubernetes.io/ingress.class: {{ $.Values.providers.kubernetesCRD.ingressClass }} + {{- end }} + {{- with $config.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "traefik.labels" $ | nindent 4 }} + {{- with $config.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + entryPoints: + {{- range $config.entryPoints }} + - {{ . }} + {{- end }} + routes: + - match: {{ $config.matchRule }} + kind: Rule + {{- with $config.services }} + services: + {{- toYaml . | nindent 6 }} + {{- end -}} + {{- with $config.middlewares }} + middlewares: + {{- toYaml . | nindent 6 }} + {{- end -}} + + {{- with $config.tls }} + tls: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} +{{ end }} diff --git a/traefik/tests/common-metadata_test.yaml b/traefik/tests/common-metadata_test.yaml index bab5aa71a..a0450a1a4 100644 --- a/traefik/tests/common-metadata_test.yaml +++ b/traefik/tests/common-metadata_test.yaml @@ -1,6 +1,6 @@ suite: Resources contains metadata templates: - - dashboard-ingressroute.yaml + - ingressroute.yaml - deployment.yaml - gatewayclass.yaml - gateway.yaml diff --git a/traefik/tests/dashboard-ingressroute_test.yaml b/traefik/tests/dashboard-ingressroute_test.yaml index e9333428f..a4542ccea 100644 --- a/traefik/tests/dashboard-ingressroute_test.yaml +++ b/traefik/tests/dashboard-ingressroute_test.yaml @@ -1,6 +1,6 @@ suite: Dashboard IngressRoute configuration templates: -- dashboard-ingressroute.yaml +- ingressroute.yaml set: ingressRoute: dashboard: diff --git a/traefik/tests/healthcheck-ingressroute_test.yaml b/traefik/tests/healthcheck-ingressroute_test.yaml index f208f4ee4..1b6a0c87d 100644 --- a/traefik/tests/healthcheck-ingressroute_test.yaml +++ b/traefik/tests/healthcheck-ingressroute_test.yaml @@ -1,6 +1,6 @@ suite: healthcheck IngressRoute configuration templates: -- healthcheck-ingressroute.yaml +- ingressroute.yaml tests: - it: should allow enabling healthcheck exposure using ingressRoute set: diff --git a/traefik/values.yaml b/traefik/values.yaml index f1352799d..591f8383c 100644 --- a/traefik/values.yaml +++ b/traefik/values.yaml @@ -161,6 +161,10 @@ ingressRoute: labels: {} # -- The router match rule used for the dashboard ingressRoute matchRule: PathPrefix(`/dashboard`) || PathPrefix(`/api`) + # -- The internal service used for the dashboard ingressRoute + services: + - name: api@internal + kind: TraefikService # -- Specify the allowed entrypoints to use for the dashboard ingress route, (e.g. traefik, web, websecure). # By default, it's using traefik entrypoint, which is not exposed. # /!\ Do not expose your dashboard without any protection over the internet /!\ @@ -178,6 +182,10 @@ ingressRoute: labels: {} # -- The router match rule used for the healthcheck ingressRoute matchRule: PathPrefix(`/ping`) + # -- The internal service used for the healthcheck ingressRoute + services: + - name: ping@internal + kind: TraefikService # -- Specify the allowed entrypoints to use for the healthcheck ingress route, (e.g. traefik, web, websecure). # By default, it's using traefik entrypoint, which is not exposed. entryPoints: ["traefik"]