From 6efc89c795882f74cc528409d0b839717c1bb4b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Wed, 20 Dec 2023 12:05:41 +0100 Subject: [PATCH] Proxy: add ingress routes and rules for traefik For now the proxy installation on kubernetes required disabling traefik and using metallb for the network part. This commit adds the IngressRouteTCP, IngressRouteUDP and Ingress resources to use with traefik. --- .../proxy-helm.changes.cbosdonnat.traefik | 1 + containers/proxy-helm/templates/ingress.yaml | 26 +++++++ .../templates/k3s-ingress-routes.yaml | 73 +++++++++++++++++++ containers/proxy-helm/values.yaml | 4 + 4 files changed, 104 insertions(+) create mode 100644 containers/proxy-helm/proxy-helm.changes.cbosdonnat.traefik create mode 100644 containers/proxy-helm/templates/ingress.yaml create mode 100644 containers/proxy-helm/templates/k3s-ingress-routes.yaml diff --git a/containers/proxy-helm/proxy-helm.changes.cbosdonnat.traefik b/containers/proxy-helm/proxy-helm.changes.cbosdonnat.traefik new file mode 100644 index 000000000000..e000439357cf --- /dev/null +++ b/containers/proxy-helm/proxy-helm.changes.cbosdonnat.traefik @@ -0,0 +1 @@ +- Add ingress and routes for traefik diff --git a/containers/proxy-helm/templates/ingress.yaml b/containers/proxy-helm/templates/ingress.yaml new file mode 100644 index 000000000000..fb5b4d26182b --- /dev/null +++ b/containers/proxy-helm/templates/ingress.yaml @@ -0,0 +1,26 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: uyuni-proxy-ingress-nossl + namespace: "{{ .Release.Namespace }}" + annotations: + {{- if eq .Values.ingress "nginx" }} + nginx.ingress.kubernetes.io/ssl-redirect: "false" + {{- else if eq .Values.ingress "traefik" }} + traefik.ingress.kubernetes.io/router.tls: "false" + traefik.ingress.kubernetes.io/router.entrypoints: "web" + {{- end }} + labels: + app: uyuni-proxy +spec: + rules: + - host: {{ .Values.fqdn }} + http: + paths: + - backend: + service: + name: uyuni-proxy-tcp + port: + number: 80 + path: / + pathType: Prefix diff --git a/containers/proxy-helm/templates/k3s-ingress-routes.yaml b/containers/proxy-helm/templates/k3s-ingress-routes.yaml new file mode 100644 index 000000000000..9d5bdec26945 --- /dev/null +++ b/containers/proxy-helm/templates/k3s-ingress-routes.yaml @@ -0,0 +1,73 @@ +{{- if eq .Values.ingress "traefik" }} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRouteTCP +metadata: + name: ssl-router + namespace: "{{ .Release.Namespace }}" +spec: + entryPoints: + - websecure + routes: + - match: HostSNI(`*`) + services: + - name: uyuni-proxy-tcp + port: 443 + tls: + passthrough: true +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRouteTCP +metadata: + name: ssh-router + namespace: "{{ .Release.Namespace }}" +spec: + entryPoints: + - ssh + routes: + - match: HostSNI(`*`) + services: + - name: uyuni-proxy-tcp + port: 8022 +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRouteTCP +metadata: + name: salt-publish-router + namespace: "{{ .Release.Namespace }}" +spec: + entryPoints: + - salt-publish + routes: + - match: HostSNI(`*`) + services: + - name: uyuni-proxy-tcp + port: 4505 +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRouteTCP +metadata: + name: salt-request-router + namespace: "{{ .Release.Namespace }}" +spec: + entryPoints: + - salt-request + routes: + - match: HostSNI(`*`) + services: + - name: uyuni-proxy-tcp + port: 4506 +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRouteUDP +metadata: + name: tftp-router + namespace: "{{ .Release.Namespace }}" +spec: + entryPoints: + - tftp + routes: + - services: + - name: uyuni-proxy-udp + port: 69 +{{- end }} + diff --git a/containers/proxy-helm/values.yaml b/containers/proxy-helm/values.yaml index 095709ebfa4e..13823001cd6b 100644 --- a/containers/proxy-helm/values.yaml +++ b/containers/proxy-helm/values.yaml @@ -17,6 +17,10 @@ images: ## pullPolicy: "Always" +## ingress defines the ingress that is used in the cluster. +## It can be either "nginx", "traefik" or any other value. +ingress: "traefik" + persistentVolume: ## uyuni proxy overall Persistent Volume access modes ## Must match those of existing PV or dynamic provisioner