homelab/traefik
1
0
Fork 0
Code Activity

Upgrade Ingress Handling to work with networkingv1/Ingress

Browse source
This commit is contained in:
Manuel Zapf 2021-03-15 11:16:04 +01:00 committed by GitHub
parent 702e301990
commit 29908098e4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
40 changed files with 1141 additions and 113 deletions
Download patch file Download diff file Expand all files Collapse all files

10
docs/content/migration/v2.md
View file

@ -348,3 +348,13 @@ After deploying the new [Traefik CRDs](../reference/dynamic-configuration/kubern
Please note that the unknown fields will not be pruned when migrating from `apiextensions.k8s.io/v1beta1` to `apiextensions.k8s.io/v1` CRDs.
For more details check out the official [documentation](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#specifying-a-structural-schema).
### Kubernetes Ingress
Traefik v2.5 moves forward for the Ingress provider to support Kubernetes v1.22.
Traefik now supports only v1.14+ Kubernetes clusters, which means the support of `extensions/v1beta1` API Version ingresses has been dropped.
The `extensions/v1beta1` API Version should now be replaced either by `networking.k8s.io/v1beta1` or by `networking.k8s.io/v1` (as of Kubernetes v1.19+).
The support of the `networking.k8s.io/v1beta1` API Version will stop in Kubernetes v1.22.

69
docs/content/providers/kubernetes-ingress.md
View file

@ -6,6 +6,10 @@ The Kubernetes Ingress Controller.
The Traefik Kubernetes Ingress provider is a Kubernetes Ingress controller; that is to say,
it manages access to cluster services by supporting the [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) specification.
## Requirements
Traefik supports `1.14+` Kubernetes clusters.
## Routing Configuration
See the dedicated section in [routing](../routing/providers/kubernetes-ingress.md).
@ -31,9 +35,9 @@ The provider then watches for incoming ingresses events, such as the example bel
and derives the corresponding dynamic configuration from it,
which in turn creates the resulting routers, services, handlers, etc.
```yaml tab="File (YAML)"
```yaml tab="Ingress"
kind: Ingress
apiVersion: extensions/v1beta1
apiVersion: networking.k8s.io/v1beta1
metadata:
name: "foo"
namespace: production
@ -53,6 +57,32 @@ spec:
servicePort: 80
```
```yaml tab="Ingress Kubernetes v1.19+"
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: "foo"
namespace: production
spec:
rules:
- host: example.net
http:
paths:
- path: /bar
backend:
service:
name: service1
port:
number: 80
- path: /foo
backend:
service:
name: service1
port:
number: 80
```
## LetsEncrypt Support with the Ingress Provider
By design, Traefik is a stateless application,
@ -220,7 +250,7 @@ Value of `kubernetes.io/ingress.class` annotation that identifies Ingress object
If the parameter is set, only Ingresses containing an annotation with the same value are processed.
Otherwise, Ingresses missing the annotation, having an empty value, or the value `traefik` are processed.
!!! info "Kubernetes 1.18+"
??? info "Kubernetes 1.18+"
If the Kubernetes cluster version is 1.18+,
the new `IngressClass` resource can be leveraged to identify Ingress objects that should be processed.
@ -256,6 +286,39 @@ Otherwise, Ingresses missing the annotation, having an empty value, or the value
servicePort: 80
```
??? info "Kubernetes 1.19+"
If the Kubernetes cluster version is 1.19+,
prefer using the `networking.k8s.io/v1` [apiVersion](https://v1-19.docs.kubernetes.io/docs/setup/release/notes/#api-change) of `Ingress` and `IngressClass`.
```yaml tab="IngressClass"
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: traefik-lb
spec:
controller: traefik.io/ingress-controller
```
```yaml tab="Ingress"
apiVersion: "networking.k8s.io/v1"
kind: "Ingress"
metadata:
name: "example-ingress"
spec:
ingressClassName: "traefik-lb"
rules:
- host: "*.example.com"
http:
paths:
- path: "/example"
backend:
service:
name: "example-service"
port:
number: 80
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
ingressClass = "traefik-internal"

129
docs/content/routing/providers/kubernetes-ingress.md
View file

@ -85,6 +85,33 @@ which in turn will create the resulting routers, services, handlers, etc.
servicePort: 80
```
```yaml tab="Ingress Kubernetes v1.19+"
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: myingress
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
rules:
- host: example.com
http:
paths:
- path: /bar
backend:
service:
name: whoami
port:
number: 80
- path: /foo
backend:
service:
name: whoami
port:
number: 80
```
```yaml tab="Traefik"
apiVersion: v1
kind: ServiceAccount
@ -434,6 +461,33 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
servicePort: 80
```
```yaml tab="Ingress Kubernetes v1.19+"
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: myingress
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
rules:
- host: example.com
http:
paths:
- path: /bar
backend:
service:
name: whoami
port:
number: 80
- path: /foo
backend:
service:
name: whoami
port:
number: 80
```
```yaml tab="Traefik"
apiVersion: v1
kind: ServiceAccount
@ -613,6 +667,34 @@ For more options, please refer to the available [annotations](#on-ingress).
servicePort: 80
```
```yaml tab="Ingress Kubernetes v1.19+"
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: myingress
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: true
spec:
rules:
- host: example.com
http:
paths:
- path: /bar
backend:
service:
name: whoami
port:
number: 80
- path: /foo
backend:
service:
name: whoami
port:
number: 80
```
```yaml tab="Traefik"
apiVersion: v1
kind: ServiceAccount
@ -732,6 +814,31 @@ For more options, please refer to the available [annotations](#on-ingress).
tls:
- secretName: supersecret
```
```yaml tab="Ingress Kubernetes v1.19+"
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: foo
namespace: production
spec:
rules:
- host: example.net
http:
paths:
- path: /bar
backend:
service:
name: service1
port:
number: 80
# Only selects which certificate(s) should be loaded from the secret, in order to terminate TLS.
# Doesn't enable TLS for that ingress (hence for the underlying router).
# Please see the TLS annotations on ingress made for that purpose.
tls:
- secretName: supersecret
```
```yaml tab="Secret"
apiVersion: v1
@ -777,16 +884,30 @@ and will connect via TLS automatically.
Ingresses can be created that look like the following:
```yaml
```yaml tab="Ingress"
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: cheese
spec:
backend:
serviceName: stilton
servicePort: 80
defaultBackend:
serviceName: stilton
serverPort: 80
```
```yaml tab="Ingress Kubernetes v1.19+"
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cheese
spec:
defaultBackend:
service:
name: stilton
port:
number: 80
```
This ingress follows the Global Default Backend property of ingresses.