Proxy: add ingress routes and rules for traefik

For now the proxy installation on kubernetes required disabling traefik and using metallb for the network part. This commit adds the IngressRouteTCP, IngressRouteUDP and Ingress resources to use with traefik.
uyuni-project · Dec 21, 2023 · 6efc89c · 6efc89c
1 parent 455530f
commit 6efc89c
Show file tree

Hide file tree

Showing 4 changed files with 104 additions and 0 deletions.
diff --git a/containers/proxy-helm/proxy-helm.changes.cbosdonnat.traefik b/containers/proxy-helm/proxy-helm.changes.cbosdonnat.traefik
@@ -0,0 +1 @@
+- Add ingress and routes for traefik
diff --git a/containers/proxy-helm/templates/ingress.yaml b/containers/proxy-helm/templates/ingress.yaml
@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: uyuni-proxy-ingress-nossl
+  namespace: "{{ .Release.Namespace }}"
+  annotations:
+  {{- if eq .Values.ingress "nginx" }}
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+  {{- else if eq .Values.ingress "traefik" }}
+    traefik.ingress.kubernetes.io/router.tls: "false"
+    traefik.ingress.kubernetes.io/router.entrypoints: "web"
+  {{- end }}
+  labels:
+    app: uyuni-proxy
+spec:
+  rules:
+  - host: {{ .Values.fqdn }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: uyuni-proxy-tcp
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
diff --git a/containers/proxy-helm/templates/k3s-ingress-routes.yaml b/containers/proxy-helm/templates/k3s-ingress-routes.yaml
@@ -0,0 +1,73 @@
+{{- if eq .Values.ingress "traefik" }}
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: ssl-router
+  namespace: "{{ .Release.Namespace }}"
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: HostSNI(`*`)
+      services:
+      - name: uyuni-proxy-tcp
+        port: 443
+  tls:
+    passthrough: true
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: ssh-router
+  namespace: "{{ .Release.Namespace }}"
+spec:
+  entryPoints:
+    - ssh 
+  routes:
+    - match: HostSNI(`*`)
+      services:
+      - name: uyuni-proxy-tcp
+        port: 8022
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: salt-publish-router
+  namespace: "{{ .Release.Namespace }}"
+spec:
+  entryPoints:
+    - salt-publish
+  routes:
+    - match: HostSNI(`*`)
+      services:
+      - name: uyuni-proxy-tcp
+        port: 4505
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: salt-request-router
+  namespace: "{{ .Release.Namespace }}"
+spec:
+  entryPoints:
+    - salt-request
+  routes:
+    - match: HostSNI(`*`)
+      services:
+      - name: uyuni-proxy-tcp
+        port: 4506
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteUDP
+metadata:
+  name: tftp-router
+  namespace: "{{ .Release.Namespace }}"
+spec:
+  entryPoints:
+    - tftp
+  routes:
+    - services:
+      - name: uyuni-proxy-udp
+        port: 69
+{{- end }}
+
diff --git a/containers/proxy-helm/values.yaml b/containers/proxy-helm/values.yaml
@@ -17,6 +17,10 @@ images:
 ##
 pullPolicy: "Always"
 
+## ingress defines the ingress that is used in the cluster.
+## It can be either "nginx", "traefik" or any other value.
+ingress: "traefik"
+
 persistentVolume:
     ## uyuni proxy overall Persistent Volume access modes
     ## Must match those of existing PV or dynamic provisioner