homelab/traefik
1
0
Fork 0
Code Activity

Custom resource definition

Browse source 
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
This commit is contained in:
Ludovic Fernandez 2019-03-14 15:56:06 +01:00 committed by Traefiker Bot
parent cfaf47c8a2
commit 4c060a78cc
1348 changed files with 92364 additions and 55766 deletions
Download patch file Download diff file Expand all files Collapse all files

63
provider/kubernetes/ingress/builder_ingress_test.go Normal file
View file

@ -0,0 +1,63 @@
package ingress
import (
extensionsv1beta1 "k8s.io/api/extensions/v1beta1"
)
func buildIngress(opts ...func(*extensionsv1beta1.Ingress)) *extensionsv1beta1.Ingress {
i := &extensionsv1beta1.Ingress{}
i.Kind = "Ingress"
for _, opt := range opts {
opt(i)
}
return i
}
func iNamespace(value string) func(*extensionsv1beta1.Ingress) {
return func(i *extensionsv1beta1.Ingress) {
i.Namespace = value
}
}
func iRules(opts ...func(*extensionsv1beta1.IngressSpec)) func(*extensionsv1beta1.Ingress) {
return func(i *extensionsv1beta1.Ingress) {
s := &extensionsv1beta1.IngressSpec{}
for _, opt := range opts {
opt(s)
}
i.Spec = *s
}
}
func iRule(opts ...func(*extensionsv1beta1.IngressRule)) func(*extensionsv1beta1.IngressSpec) {
return func(spec *extensionsv1beta1.IngressSpec) {
r := &extensionsv1beta1.IngressRule{}
for _, opt := range opts {
opt(r)
}
spec.Rules = append(spec.Rules, *r)
}
}
func iHost(name string) func(*extensionsv1beta1.IngressRule) {
return func(rule *extensionsv1beta1.IngressRule) {
rule.Host = name
}
}
func iTLSes(opts ...func(*extensionsv1beta1.IngressTLS)) func(*extensionsv1beta1.Ingress) {
return func(i *extensionsv1beta1.Ingress) {
for _, opt := range opts {
iTLS := extensionsv1beta1.IngressTLS{}
opt(&iTLS)
i.Spec.TLS = append(i.Spec.TLS, iTLS)
}
}
}
func iTLS(secret string, hosts ...string) func(*extensionsv1beta1.IngressTLS) {
return func(i *extensionsv1beta1.IngressTLS) {
i.SecretName = secret
i.Hosts = hosts
}
}

301
provider/kubernetes/ingress/client.go Normal file
View file

@ -0,0 +1,301 @@
package ingress
import (
"errors"
"fmt"
"io/ioutil"
"time"
"github.com/containous/traefik/old/log"
"github.com/containous/traefik/provider/kubernetes/k8s"
corev1 "k8s.io/api/core/v1"
extensionsv1beta1 "k8s.io/api/extensions/v1beta1"
kubeerror "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/informers"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/cache"
"k8s.io/client-go/tools/clientcmd"
)
const resyncPeriod = 10 * time.Minute
type resourceEventHandler struct {
ev chan<- interface{}
}
func (reh *resourceEventHandler) OnAdd(obj interface{}) {
eventHandlerFunc(reh.ev, obj)
}
func (reh *resourceEventHandler) OnUpdate(oldObj, newObj interface{}) {
eventHandlerFunc(reh.ev, newObj)
}
func (reh *resourceEventHandler) OnDelete(obj interface{}) {
eventHandlerFunc(reh.ev, obj)
}
// Client is a client for the Provider master.
// WatchAll starts the watch of the Provider resources and updates the stores.
// The stores can then be accessed via the Get* functions.
type Client interface {
WatchAll(namespaces k8s.Namespaces, stopCh <-chan struct{}) (<-chan interface{}, error)
GetIngresses() []*extensionsv1beta1.Ingress
GetService(namespace, name string) (*corev1.Service, bool, error)
GetSecret(namespace, name string) (*corev1.Secret, bool, error)
GetEndpoints(namespace, name string) (*corev1.Endpoints, bool, error)
UpdateIngressStatus(namespace, name, ip, hostname string) error
}
type clientWrapper struct {
clientset *kubernetes.Clientset
factories map[string]informers.SharedInformerFactory
ingressLabelSelector labels.Selector
isNamespaceAll bool
watchedNamespaces k8s.Namespaces
}
// newInClusterClient returns a new Provider client that is expected to run
// inside the cluster.
func newInClusterClient(endpoint string) (*clientWrapper, error) {
config, err := rest.InClusterConfig()
if err != nil {
return nil, fmt.Errorf("failed to create in-cluster configuration: %s", err)
}
if endpoint != "" {
config.Host = endpoint
}
return createClientFromConfig(config)
}
func newExternalClusterClientFromFile(file string) (*clientWrapper, error) {
configFromFlags, err := clientcmd.BuildConfigFromFlags("", file)
if err != nil {
return nil, err
}
return createClientFromConfig(configFromFlags)
}
// newExternalClusterClient returns a new Provider client that may run outside
// of the cluster.
// The endpoint parameter must not be empty.
func newExternalClusterClient(endpoint, token, caFilePath string) (*clientWrapper, error) {
if endpoint == "" {
return nil, errors.New("endpoint missing for external cluster client")
}
config := &rest.Config{
Host: endpoint,
BearerToken: token,
}
if caFilePath != "" {
caData, err := ioutil.ReadFile(caFilePath)
if err != nil {
return nil, fmt.Errorf("failed to read CA file %s: %s", caFilePath, err)
}
config.TLSClientConfig = rest.TLSClientConfig{CAData: caData}
}
return createClientFromConfig(config)
}
func createClientFromConfig(c *rest.Config) (*clientWrapper, error) {
clientset, err := kubernetes.NewForConfig(c)
if err != nil {
return nil, err
}
return newClientImpl(clientset), nil
}
func newClientImpl(clientset *kubernetes.Clientset) *clientWrapper {
return &clientWrapper{
clientset: clientset,
factories: make(map[string]informers.SharedInformerFactory),
}
}
// WatchAll starts namespace-specific controllers for all relevant kinds.
func (c *clientWrapper) WatchAll(namespaces k8s.Namespaces, stopCh <-chan struct{}) (<-chan interface{}, error) {
eventCh := make(chan interface{}, 1)
eventHandler := c.newResourceEventHandler(eventCh)
if len(namespaces) == 0 {
namespaces = k8s.Namespaces{metav1.NamespaceAll}
c.isNamespaceAll = true
}
c.watchedNamespaces = namespaces
for _, ns := range namespaces {
factory := informers.NewFilteredSharedInformerFactory(c.clientset, resyncPeriod, ns, nil)
factory.Extensions().V1beta1().Ingresses().Informer().AddEventHandler(eventHandler)
factory.Core().V1().Services().Informer().AddEventHandler(eventHandler)
factory.Core().V1().Endpoints().Informer().AddEventHandler(eventHandler)
c.factories[ns] = factory
}
for _, ns := range namespaces {
c.factories[ns].Start(stopCh)
}
for _, ns := range namespaces {
for t, ok := range c.factories[ns].WaitForCacheSync(stopCh) {
if !ok {
return nil, fmt.Errorf("timed out waiting for controller caches to sync %s in namespace %q", t.String(), ns)
}
}
}
// Do not wait for the Secrets store to get synced since we cannot rely on
// users having granted RBAC permissions for this object.
// https://github.com/containous/traefik/issues/1784 should improve the
// situation here in the future.
for _, ns := range namespaces {
c.factories[ns].Core().V1().Secrets().Informer().AddEventHandler(eventHandler)
c.factories[ns].Start(stopCh)
}
return eventCh, nil
}
// GetIngresses returns all Ingresses for observed namespaces in the cluster.
func (c *clientWrapper) GetIngresses() []*extensionsv1beta1.Ingress {
var result []*extensionsv1beta1.Ingress
for ns, factory := range c.factories {
ings, err := factory.Extensions().V1beta1().Ingresses().Lister().List(c.ingressLabelSelector)
if err != nil {
log.Errorf("Failed to list ingresses in namespace %s: %s", ns, err)
}
result = append(result, ings...)
}
return result
}
// UpdateIngressStatus updates an Ingress with a provided status.
func (c *clientWrapper) UpdateIngressStatus(namespace, name, ip, hostname string) error {
if !c.isWatchedNamespace(namespace) {
return fmt.Errorf("failed to get ingress %s/%s: namespace is not within watched namespaces", namespace, name)
}
ing, err := c.factories[c.lookupNamespace(namespace)].Extensions().V1beta1().Ingresses().Lister().Ingresses(namespace).Get(name)
if err != nil {
return fmt.Errorf("failed to get ingress %s/%s: %v", namespace, name, err)
}
if len(ing.Status.LoadBalancer.Ingress) > 0 {
if ing.Status.LoadBalancer.Ingress[0].Hostname == hostname && ing.Status.LoadBalancer.Ingress[0].IP == ip {
// If status is already set, skip update
log.Debugf("Skipping status update on ingress %s/%s", ing.Namespace, ing.Name)
return nil
}
}
ingCopy := ing.DeepCopy()
ingCopy.Status = extensionsv1beta1.IngressStatus{LoadBalancer: corev1.LoadBalancerStatus{Ingress: []corev1.LoadBalancerIngress{{IP: ip, Hostname: hostname}}}}
_, err = c.clientset.ExtensionsV1beta1().Ingresses(ingCopy.Namespace).UpdateStatus(ingCopy)
if err != nil {
return fmt.Errorf("failed to update ingress status %s/%s: %v", namespace, name, err)
}
log.Infof("Updated status on ingress %s/%s", namespace, name)
return nil
}
// GetService returns the named service from the given namespace.
func (c *clientWrapper) GetService(namespace, name string) (*corev1.Service, bool, error) {
if !c.isWatchedNamespace(namespace) {
return nil, false, fmt.Errorf("failed to get service %s/%s: namespace is not within watched namespaces", namespace, name)
}
service, err := c.factories[c.lookupNamespace(namespace)].Core().V1().Services().Lister().Services(namespace).Get(name)
exist, err := translateNotFoundError(err)
return service, exist, err
}
// GetEndpoints returns the named endpoints from the given namespace.
func (c *clientWrapper) GetEndpoints(namespace, name string) (*corev1.Endpoints, bool, error) {
if !c.isWatchedNamespace(namespace) {
return nil, false, fmt.Errorf("failed to get endpoints %s/%s: namespace is not within watched namespaces", namespace, name)
}
endpoint, err := c.factories[c.lookupNamespace(namespace)].Core().V1().Endpoints().Lister().Endpoints(namespace).Get(name)
exist, err := translateNotFoundError(err)
return endpoint, exist, err
}
// GetSecret returns the named secret from the given namespace.
func (c *clientWrapper) GetSecret(namespace, name string) (*corev1.Secret, bool, error) {
if !c.isWatchedNamespace(namespace) {
return nil, false, fmt.Errorf("failed to get secret %s/%s: namespace is not within watched namespaces", namespace, name)
}
secret, err := c.factories[c.lookupNamespace(namespace)].Core().V1().Secrets().Lister().Secrets(namespace).Get(name)
exist, err := translateNotFoundError(err)
return secret, exist, err
}
// lookupNamespace returns the lookup namespace key for the given namespace.
// When listening on all namespaces, it returns the client-go identifier ("")
// for all-namespaces. Otherwise, it returns the given namespace.
// The distinction is necessary because we index all informers on the special
// identifier iff all-namespaces are requested but receive specific namespace
// identifiers from the Kubernetes API, so we have to bridge this gap.
func (c *clientWrapper) lookupNamespace(ns string) string {
if c.isNamespaceAll {
return metav1.NamespaceAll
}
return ns
}
func (c *clientWrapper) newResourceEventHandler(events chan<- interface{}) cache.ResourceEventHandler {
return &cache.FilteringResourceEventHandler{
FilterFunc: func(obj interface{}) bool {
// Ignore Ingresses that do not match our custom label selector.
if ing, ok := obj.(*extensionsv1beta1.Ingress); ok {
lbls := labels.Set(ing.GetLabels())
return c.ingressLabelSelector.Matches(lbls)
}
return true
},
Handler: &resourceEventHandler{ev: events},
}
}
// eventHandlerFunc will pass the obj on to the events channel or drop it.
// This is so passing the events along won't block in the case of high volume.
// The events are only used for signaling anyway so dropping a few is ok.
func eventHandlerFunc(events chan<- interface{}, obj interface{}) {
select {
case events <- obj:
default:
}
}
// translateNotFoundError will translate a "not found" error to a boolean return
// value which indicates if the resource exists and a nil error.
func translateNotFoundError(err error) (bool, error) {
if kubeerror.IsNotFound(err) {
return false, nil
}
return err == nil, err
}
// isWatchedNamespace checks to ensure that the namespace is being watched before we request
// it to ensure we don't panic by requesting an out-of-watch object.
func (c *clientWrapper) isWatchedNamespace(ns string) bool {
if c.isNamespaceAll {
return true
}
for _, watchedNamespace := range c.watchedNamespaces {
if watchedNamespace == ns {
return true
}
}
return false
}

108
provider/kubernetes/ingress/client_mock_test.go Normal file
View file

@ -0,0 +1,108 @@
package ingress
import (
"fmt"
"io/ioutil"
"github.com/containous/traefik/provider/kubernetes/k8s"
corev1 "k8s.io/api/core/v1"
extensionsv1beta1 "k8s.io/api/extensions/v1beta1"
v1beta12 "k8s.io/api/extensions/v1beta1"
)
var _ Client = (*clientMock)(nil)
type clientMock struct {
ingresses []*extensionsv1beta1.Ingress
services []*corev1.Service
secrets []*corev1.Secret
endpoints []*corev1.Endpoints
apiServiceError error
apiSecretError error
apiEndpointsError error
apiIngressStatusError error
watchChan chan interface{}
}
func newClientMock(paths ...string) clientMock {
var c clientMock
for _, path := range paths {
yamlContent, err := ioutil.ReadFile(path)
if err != nil {
panic(err)
}
k8sObjects := k8s.MustParseYaml(yamlContent)
for _, obj := range k8sObjects {
switch o := obj.(type) {
case *corev1.Service:
c.services = append(c.services, o)
case *corev1.Secret:
c.secrets = append(c.secrets, o)
case *corev1.Endpoints:
c.endpoints = append(c.endpoints, o)
case *v1beta12.Ingress:
c.ingresses = append(c.ingresses, o)
default:
panic(fmt.Sprintf("Unknown runtime object %+v %T", o, o))
}
}
}
return c
}
func (c clientMock) GetIngresses() []*extensionsv1beta1.Ingress {
return c.ingresses
}
func (c clientMock) GetService(namespace, name string) (*corev1.Service, bool, error) {
if c.apiServiceError != nil {
return nil, false, c.apiServiceError
}
for _, service := range c.services {
if service.Namespace == namespace && service.Name == name {
return service, true, nil
}
}
return nil, false, c.apiServiceError
}
func (c clientMock) GetEndpoints(namespace, name string) (*corev1.Endpoints, bool, error) {
if c.apiEndpointsError != nil {
return nil, false, c.apiEndpointsError
}
for _, endpoints := range c.endpoints {
if endpoints.Namespace == namespace && endpoints.Name == name {
return endpoints, true, nil
}
}
return &corev1.Endpoints{}, false, nil
}
func (c clientMock) GetSecret(namespace, name string) (*corev1.Secret, bool, error) {
if c.apiSecretError != nil {
return nil, false, c.apiSecretError
}
for _, secret := range c.secrets {
if secret.Namespace == namespace && secret.Name == name {
return secret, true, nil
}
}
return nil, false, nil
}
func (c clientMock) WatchAll(namespaces k8s.Namespaces, stopCh <-chan struct{}) (<-chan interface{}, error) {
return c.watchChan, nil
}
func (c clientMock) UpdateIngressStatus(namespace, name, ip, hostname string) error {
return c.apiIngressStatusError
}

49
provider/kubernetes/ingress/client_test.go Normal file
View file

@ -0,0 +1,49 @@
package ingress
import (
"fmt"
"testing"
"github.com/stretchr/testify/assert"
kubeerror "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/runtime/schema"
)
func TestTranslateNotFoundError(t *testing.T) {
testCases := []struct {
desc string
err error
expectedExists bool
expectedError error
}{
{
desc: "kubernetes not found error",
err: kubeerror.NewNotFound(schema.GroupResource{}, "foo"),
expectedExists: false,
expectedError: nil,
},
{
desc: "nil error",
err: nil,
expectedExists: true,
expectedError: nil,
},
{
desc: "not a kubernetes not found error",
err: fmt.Errorf("bar error"),
expectedExists: false,
expectedError: fmt.Errorf("bar error"),
},
}
for _, test := range testCases {
test := test
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
exists, err := translateNotFoundError(test.err)
assert.Equal(t, test.expectedExists, exists)
assert.Equal(t, test.expectedError, err)
})
}
}

29
provider/kubernetes/ingress/fixtures/2-ingresses-in-different-namespace-with-same-service-name_endpoint.yml Normal file
View file

@ -0,0 +1,29 @@
---
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
- ip: 10.10.0.2
ports:
- name: tchouk
port: 8089
---
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: toto
subsets:
- addresses:
- ip: 10.11.0.1
- ip: 10.11.0.2
ports:
- name: tchouk
port: 8089

37
provider/kubernetes/ingress/fixtures/2-ingresses-in-different-namespace-with-same-service-name_ingress.yml Normal file
View file

@ -0,0 +1,37 @@
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: traefik.tchouk
http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: tchouk
- path: /foo
backend:
serviceName: service1
servicePort: carotte
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: toto
spec:
rules:
- host: toto.traefik.tchouk
http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: tchouk

24
provider/kubernetes/ingress/fixtures/2-ingresses-in-different-namespace-with-same-service-name_service.yml Normal file
View file

@ -0,0 +1,24 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- name: tchouk
port: 80
clusterIp: 10.0.0.1
---
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: toto
spec:
ports:
- name: tchouk
port: 80
clusterIp: 10.0.0.1

32
provider/kubernetes/ingress/fixtures/Double-Single-Service-Ingress_endpoint.yml Normal file
View file

@ -0,0 +1,32 @@
kind: Endpoints
apiversion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.30.0.1
ports:
- port: 8080
- addresses:
- ip: 10.41.0.1
ports:
- port: 8080
---
kind: Endpoints
apiversion: v1
metadata:
name: service2
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- port: 8080
- addresses:
- ip: 10.21.0.1
ports:
- port: 8080

22
provider/kubernetes/ingress/fixtures/Double-Single-Service-Ingress_ingress.yml Normal file
View file

@ -0,0 +1,22 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
backend:
serviceName: service1
servicePort: 80
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
backend:
serviceName: service2
servicePort: 80

22
provider/kubernetes/ingress/fixtures/Double-Single-Service-Ingress_service.yml Normal file
View file

@ -0,0 +1,22 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1
---
kind: Service
apiVersion: v1
metadata:
name: service2
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

15
provider/kubernetes/ingress/fixtures/Ingress-Two-rules-with-one-host-and-one-path_endpoint.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- port: 8080
- addresses:
- ip: 10.21.0.1
ports:
- port: 8080

22
provider/kubernetes/ingress/fixtures/Ingress-Two-rules-with-one-host-and-one-path_ingress.yml Normal file
View file

@ -0,0 +1,22 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: traefik.tchouk
http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 80
- host: traefik.courgette
http:
paths:
- path: /carotte
backend:
serviceName: service1
servicePort: 80

10
provider/kubernetes/ingress/fixtures/Ingress-Two-rules-with-one-host-and-one-path_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

15
provider/kubernetes/ingress/fixtures/Ingress-one-rule-with-one-host-and-two-paths_endpoint.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- port: 8080
- addresses:
- ip: 10.21.0.1
ports:
- port: 8080

19
provider/kubernetes/ingress/fixtures/Ingress-one-rule-with-one-host-and-two-paths_ingress.yml Normal file
View file

@ -0,0 +1,19 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: traefik.tchouk
http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 80
- path: /foo
backend:
serviceName: service1
servicePort: 80

10
provider/kubernetes/ingress/fixtures/Ingress-one-rule-with-one-host-and-two-paths_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

15
provider/kubernetes/ingress/fixtures/Ingress-one-rule-with-one-path-and-one-host_endpoint.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- port: 8080
- addresses:
- ip: 10.21.0.1
ports:
- port: 8080

15
provider/kubernetes/ingress/fixtures/Ingress-one-rule-with-one-path-and-one-host_ingress.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: traefik.tchouk
http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 80

10
provider/kubernetes/ingress/fixtures/Ingress-one-rule-with-one-path-and-one-host_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

15
provider/kubernetes/ingress/fixtures/Ingress-one-rule-with-two-paths_endpoint.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- port: 8080
- addresses:
- ip: 10.21.0.1
ports:
- port: 8080

18
provider/kubernetes/ingress/fixtures/Ingress-one-rule-with-two-paths_ingress.yml Normal file
View file

@ -0,0 +1,18 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 80
- path: /foo
backend:
serviceName: service1
servicePort: 80

10
provider/kubernetes/ingress/fixtures/Ingress-one-rule-with-two-paths_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

15
provider/kubernetes/ingress/fixtures/Ingress-with-a-bad-host-syntax_endpoint.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- port: 8080
- addresses:
- ip: 10.21.0.1
ports:
- port: 8080

22
provider/kubernetes/ingress/fixtures/Ingress-with-a-bad-host-syntax_ingress.yml Normal file
View file

@ -0,0 +1,22 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: traefik.tchouk"0"
http:
paths:
- path: /foo
backend:
serviceName: service1
servicePort: 80
- host: traefik.courgette
http:
paths:
- path: /carotte
backend:
serviceName: service1
servicePort: 80

10
provider/kubernetes/ingress/fixtures/Ingress-with-a-bad-host-syntax_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

15
provider/kubernetes/ingress/fixtures/Ingress-with-a-bad-path-syntax_endpoint.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- port: 8080
- addresses:
- ip: 10.21.0.1
ports:
- port: 8080

23
provider/kubernetes/ingress/fixtures/Ingress-with-a-bad-path-syntax_ingress.yml Normal file
View file

@ -0,0 +1,23 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: ""
http:
paths:
- path: /foo
backend:
serviceName: service1
servicePort: 80
- path: /bar-"0"
backend:
serviceName: service1
servicePort: 80
- path: /bar
backend:
serviceName: service1
servicePort: 80

10
provider/kubernetes/ingress/fixtures/Ingress-with-a-bad-path-syntax_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

15
provider/kubernetes/ingress/fixtures/Ingress-with-a-basic-rule-on-one-path-with-https-(port-==-443)_endpoint.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- port: 443
- addresses:
- ip: 10.21.0.1
ports:
- port: 443

14
provider/kubernetes/ingress/fixtures/Ingress-with-a-basic-rule-on-one-path-with-https-(port-==-443)_ingress.yml Normal file
View file

@ -0,0 +1,14 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 443

10
provider/kubernetes/ingress/fixtures/Ingress-with-a-basic-rule-on-one-path-with-https-(port-==-443)_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 443
clusterIp: 10.0.0.1

17
provider/kubernetes/ingress/fixtures/Ingress-with-a-basic-rule-on-one-path-with-https-(portname-==-https)_endpoint.yml Normal file
View file

@ -0,0 +1,17 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- name: https
port: 8443
- addresses:
- ip: 10.21.0.1
ports:
- name: https
port: 8443

14
provider/kubernetes/ingress/fixtures/Ingress-with-a-basic-rule-on-one-path-with-https-(portname-==-https)_ingress.yml Normal file
View file

@ -0,0 +1,14 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 8443

12
provider/kubernetes/ingress/fixtures/Ingress-with-a-basic-rule-on-one-path-with-https-(portname-==-https)_service.yml Normal file
View file

@ -0,0 +1,12 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- name: https
protocol: ""
port: 8443
clusterIp: 10.0.0.1

17
provider/kubernetes/ingress/fixtures/Ingress-with-a-basic-rule-on-one-path-with-https-(portname-starts-with-https)_endpoint.yml Normal file
View file

@ -0,0 +1,17 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- name: https-foo
port: 8443
- addresses:
- ip: 10.21.0.1
ports:
- name: https-foo
port: 8443

14
provider/kubernetes/ingress/fixtures/Ingress-with-a-basic-rule-on-one-path-with-https-(portname-starts-with-https)_ingress.yml Normal file
View file

@ -0,0 +1,14 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 8443

12
provider/kubernetes/ingress/fixtures/Ingress-with-a-basic-rule-on-one-path-with-https-(portname-starts-with-https)_service.yml Normal file
View file

@ -0,0 +1,12 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- name: https-foo
protocol: ""
port: 8443
clusterIp: 10.0.0.1

15
provider/kubernetes/ingress/fixtures/Ingress-with-a-basic-rule-on-one-path_endpoint.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- port: 8080
- addresses:
- ip: 10.21.0.1
ports:
- port: 8080

14
provider/kubernetes/ingress/fixtures/Ingress-with-a-basic-rule-on-one-path_ingress.yml Normal file
View file

@ -0,0 +1,14 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 80

11
provider/kubernetes/ingress/fixtures/Ingress-with-a-basic-rule-on-one-path_service.yml Normal file
View file

@ -0,0 +1,11 @@
---
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

11
provider/kubernetes/ingress/fixtures/Ingress-with-default-traefik-ingressClass_endpoint.yml Normal file
View file

@ -0,0 +1,11 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- port: 8080

16
provider/kubernetes/ingress/fixtures/Ingress-with-default-traefik-ingressClass_ingress.yml Normal file
View file

@ -0,0 +1,16 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 80

10
provider/kubernetes/ingress/fixtures/Ingress-with-default-traefik-ingressClass_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

11
provider/kubernetes/ingress/fixtures/Ingress-with-ingressClass-without-annotation_endpoint.yml Normal file
View file

@ -0,0 +1,11 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- port: 8080

16
provider/kubernetes/ingress/fixtures/Ingress-with-ingressClass-without-annotation_ingress.yml Normal file
View file

@ -0,0 +1,16 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 80

10
provider/kubernetes/ingress/fixtures/Ingress-with-ingressClass-without-annotation_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

11
provider/kubernetes/ingress/fixtures/Ingress-with-non-matching-provider-traefik-ingressClass-and-annotation_endpoint.yml Normal file
View file

@ -0,0 +1,11 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- port: 8080

16
provider/kubernetes/ingress/fixtures/Ingress-with-non-matching-provider-traefik-ingressClass-and-annotation_ingress.yml Normal file
View file

@ -0,0 +1,16 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
annotations:
kubernetes.io/ingress.class: toto
spec:
rules:
- http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 80

10
provider/kubernetes/ingress/fixtures/Ingress-with-non-matching-provider-traefik-ingressClass-and-annotation_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

12
provider/kubernetes/ingress/fixtures/Ingress-with-one-host-without-path_endpoint.yml Normal file
View file

@ -0,0 +1,12 @@
kind: Endpoints
apiVersion: v1
metadata:
name: example-com
namespace: testing
subsets:
- addresses:
- ip: 10.11.0.1
ports:
- name: http
port: 80

14
provider/kubernetes/ingress/fixtures/Ingress-with-one-host-without-path_ingress.yml Normal file
View file

@ -0,0 +1,14 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: example.com
http:
paths:
- backend:
serviceName: example-com
servicePort: 80

12
provider/kubernetes/ingress/fixtures/Ingress-with-one-host-without-path_service.yml Normal file
View file

@ -0,0 +1,12 @@
kind: Service
apiVersion: v1
metadata:
name: example-com
namespace: testing
spec:
ports:
- name: http
port: 80
clusterIp: 10.0.0.1
type: ClusterIP

15
provider/kubernetes/ingress/fixtures/Ingress-with-one-service-without-endpoint_ingress.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: traefik.tchouk
http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 80

10
provider/kubernetes/ingress/fixtures/Ingress-with-one-service-without-endpoint_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

5
provider/kubernetes/ingress/fixtures/Ingress-with-one-service-without-endpoints-subset_endpoint.yml Normal file
View file

@ -0,0 +1,5 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing

15
provider/kubernetes/ingress/fixtures/Ingress-with-one-service-without-endpoints-subset_ingress.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: traefik.tchouk
http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 80

10
provider/kubernetes/ingress/fixtures/Ingress-with-one-service-without-endpoints-subset_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

15
provider/kubernetes/ingress/fixtures/Ingress-with-only-a-bad-host-syntax_endpoint.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- port: 8080
- addresses:
- ip: 10.21.0.1
ports:
- port: 8080

15
provider/kubernetes/ingress/fixtures/Ingress-with-only-a-bad-host-syntax_ingress.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: traefik.tchouk"0"
http:
paths:
- path: /foo
backend:
serviceName: service1
servicePort: 80

10
provider/kubernetes/ingress/fixtures/Ingress-with-only-a-bad-host-syntax_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

15
provider/kubernetes/ingress/fixtures/Ingress-with-only-a-bad-path-syntax_endpoint.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- port: 8080
- addresses:
- ip: 10.21.0.1
ports:
- port: 8080

14
provider/kubernetes/ingress/fixtures/Ingress-with-only-a-bad-path-syntax_ingress.yml Normal file
View file

@ -0,0 +1,14 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- http:
paths:
- path: /bar-"0"
backend:
serviceName: service1
servicePort: 80

10
provider/kubernetes/ingress/fixtures/Ingress-with-only-a-bad-path-syntax_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

21
provider/kubernetes/ingress/fixtures/Ingress-with-port-name-in-backend-and-no-pod-replica_endpoint.yml Normal file
View file

@ -0,0 +1,21 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- name: carotte
port: 8090
- name: tchouk
port: 8089
- addresses:
- ip: 10.21.0.1
ports:
- name: carotte
port: 8090
- name: tchouk
port: 8089

15
provider/kubernetes/ingress/fixtures/Ingress-with-port-name-in-backend-and-no-pod-replica_ingress.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: traefik.tchouk
http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: tchouk

14
provider/kubernetes/ingress/fixtures/Ingress-with-port-name-in-backend-and-no-pod-replica_service.yml Normal file
View file

@ -0,0 +1,14 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- name: carotte
port: 8082
- name: tchouk
port: 80
clusterIp: 10.0.0.1

21
provider/kubernetes/ingress/fixtures/Ingress-with-port-value-in-backend-and-no-pod-replica_endpoint.yml Normal file
View file

@ -0,0 +1,21 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- name: carotte
port: 8090
- name: tchouk
port: 8089
- addresses:
- ip: 10.21.0.1
ports:
- name: carotte
port: 8090
- name: tchouk
port: 8089

15
provider/kubernetes/ingress/fixtures/Ingress-with-port-value-in-backend-and-no-pod-replica_ingress.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: traefik.tchouk
http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 80

14
provider/kubernetes/ingress/fixtures/Ingress-with-port-value-in-backend-and-no-pod-replica_service.yml Normal file
View file

@ -0,0 +1,14 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- name: carotte
port: 8082
- name: tchouk
port: 80
clusterIp: 10.0.0.1

15
provider/kubernetes/ingress/fixtures/Ingress-with-service-with-externalName_ingress.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: traefik.tchouk
http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 8080

13
provider/kubernetes/ingress/fixtures/Ingress-with-service-with-externalName_service.yml Normal file
View file

@ -0,0 +1,13 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 8080
clusterIp: 10.0.0.1
type: ExternalName
externalName: traefik.wtf

15
provider/kubernetes/ingress/fixtures/Ingress-with-two-different-rules-with-one-path_endpoint.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- port: 8080
- addresses:
- ip: 10.21.0.1
ports:
- port: 8080

20
provider/kubernetes/ingress/fixtures/Ingress-with-two-different-rules-with-one-path_ingress.yml Normal file
View file

@ -0,0 +1,20 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 80
- http:
paths:
- path: /foo
backend:
serviceName: service1
servicePort: 80

10
provider/kubernetes/ingress/fixtures/Ingress-with-two-different-rules-with-one-path_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

15
provider/kubernetes/ingress/fixtures/Ingress-with-two-paths-using-same-service-and-different-port-name_endpoint.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
- ip: 10.10.0.2
ports:
- name: carotte
port: 8090
- name: tchouk
port: 8089

19
provider/kubernetes/ingress/fixtures/Ingress-with-two-paths-using-same-service-and-different-port-name_ingress.yml Normal file
View file

@ -0,0 +1,19 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: traefik.tchouk
http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: tchouk
- path: /foo
backend:
serviceName: service1
servicePort: carotte

14
provider/kubernetes/ingress/fixtures/Ingress-with-two-paths-using-same-service-and-different-port-name_service.yml Normal file
View file

@ -0,0 +1,14 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- name: carotte
port: 8082
- name: tchouk
port: 80
clusterIp: 10.0.0.1

32
provider/kubernetes/ingress/fixtures/Ingress-with-two-services_endpoint.yml Normal file
View file

@ -0,0 +1,32 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- port: 8080
- addresses:
- ip: 10.21.0.1
ports:
- port: 8080
---
kind: Endpoints
apiVersion: v1
metadata:
name: service2
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.2
ports:
- port: 8080
- addresses:
- ip: 10.21.0.2
ports:
- port: 8080

22
provider/kubernetes/ingress/fixtures/Ingress-with-two-services_ingress.yml Normal file
View file

@ -0,0 +1,22 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: traefik.tchouk
http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 80
- host: traefik.courgette
http:
paths:
- path: /carotte
backend:
serviceName: service2
servicePort: 8082

22
provider/kubernetes/ingress/fixtures/Ingress-with-two-services_service.yml Normal file
View file

@ -0,0 +1,22 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1
---
kind: Service
apiVersion: v1
metadata:
name: service2
namespace: testing
spec:
ports:
- port: 8082
clusterIp: 10.1.0.1

12
provider/kubernetes/ingress/fixtures/Ingress-with-unknown-service-port-name_endpoint.yml Normal file
View file

@ -0,0 +1,12 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.11.0.1
- ip: 10.11.0.2
ports:
- port: 8089

15
provider/kubernetes/ingress/fixtures/Ingress-with-unknown-service-port-name_ingress.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: traefik.tchouk
http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: toto

10
provider/kubernetes/ingress/fixtures/Ingress-with-unknown-service-port-name_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

12
provider/kubernetes/ingress/fixtures/Ingress-with-unknown-service-port_endpoint.yml Normal file
View file

@ -0,0 +1,12 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.11.0.1
- ip: 10.11.0.2
ports:
- port: 8089

15
provider/kubernetes/ingress/fixtures/Ingress-with-unknown-service-port_ingress.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: traefik.tchouk
http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 21

10
provider/kubernetes/ingress/fixtures/Ingress-with-unknown-service-port_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

15
provider/kubernetes/ingress/fixtures/Ingress-with-with-port-name-in-backend-and-2-pod-replica_endpoint.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
- ip: 10.10.0.2
ports:
- name: carotte
port: 8090
- name: tchouk
port: 8089

15
provider/kubernetes/ingress/fixtures/Ingress-with-with-port-name-in-backend-and-2-pod-replica_ingress.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
rules:
- host: traefik.tchouk
http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: tchouk

14
provider/kubernetes/ingress/fixtures/Ingress-with-with-port-name-in-backend-and-2-pod-replica_service.yml Normal file
View file

@ -0,0 +1,14 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- name: carotte
port: 8082
- name: tchouk
port: 80
clusterIp: 10.0.0.1

11
provider/kubernetes/ingress/fixtures/Ingress-without-provider-traefik-ingressClass-and-unknown-annotation_endpoint.yml Normal file
View file

@ -0,0 +1,11 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- port: 8080

16
provider/kubernetes/ingress/fixtures/Ingress-without-provider-traefik-ingressClass-and-unknown-annotation_ingress.yml Normal file
View file

@ -0,0 +1,16 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
annotations:
kubernetes.io/ingress.class: tchouk
spec:
rules:
- http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 80

10
provider/kubernetes/ingress/fixtures/Ingress-without-provider-traefik-ingressClass-and-unknown-annotation_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

15
provider/kubernetes/ingress/fixtures/Single-Service-Ingress-(without-any-rules)_endpoint.yml Normal file
View file

@ -0,0 +1,15 @@
kind: Endpoints
apiVersion: v1
metadata:
name: service1
namespace: testing
subsets:
- addresses:
- ip: 10.10.0.1
ports:
- port: 8080
- addresses:
- ip: 10.21.0.1
ports:
- port: 8080

10
provider/kubernetes/ingress/fixtures/Single-Service-Ingress-(without-any-rules)_ingress.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
backend:
serviceName: service1
servicePort: 80

10
provider/kubernetes/ingress/fixtures/Single-Service-Ingress-(without-any-rules)_service.yml Normal file
View file

@ -0,0 +1,10 @@
kind: Service
apiVersion: v1
metadata:
name: service1
namespace: testing
spec:
ports:
- port: 80
clusterIp: 10.0.0.1

12
provider/kubernetes/ingress/fixtures/TLS-support_endpoint.yml Normal file
View file

@ -0,0 +1,12 @@
kind: Endpoints
apiVersion: v1
metadata:
name: example-com
namespace: testing
subsets:
- addresses:
- ip: 10.11.0.1
ports:
- name: http
port: 80

36
provider/kubernetes/ingress/fixtures/TLS-support_ingress.yml Normal file
View file

@ -0,0 +1,36 @@
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
tls:
- secretName: myTlsSecret
rules:
- host: example.com
http:
paths:
- path: ""
backend:
serviceName: example-com
servicePort: 80
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ""
namespace: testing
spec:
tls:
- secretName: myUndefinedSecret
rules:
- host: example.fail
http:
paths:
- path: ""
backend:
serviceName: example-fail
servicePort: 80

9
provider/kubernetes/ingress/fixtures/TLS-support_secret.yml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: myTlsSecret
namespace: testing
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=

26
provider/kubernetes/ingress/fixtures/TLS-support_service.yml Normal file
View file

@ -0,0 +1,26 @@
kind: Service
apiVersion: v1
metadata:
name: example-com
namespace: testing
spec:
ports:
- name: http
port: 80
clusterIp: 10.0.0.1
type: ClusterIP
---
kind: Service
apiVersion: v1
metadata:
name: example-org
namespace: testing
spec:
ports:
- name: http
port: 80
clusterIp: 10.0.0.2
type: ClusterIP

431
provider/kubernetes/ingress/kubernetes.go Normal file
View file

@ -0,0 +1,431 @@
package ingress
import (
"context"
"flag"
"fmt"
"math"
"os"
"reflect"
"sort"
"strconv"
"strings"
"time"
"github.com/cenkalti/backoff"
"github.com/containous/traefik/config"
"github.com/containous/traefik/job"
"github.com/containous/traefik/log"
"github.com/containous/traefik/provider"
"github.com/containous/traefik/provider/kubernetes/k8s"
"github.com/containous/traefik/safe"
"github.com/containous/traefik/tls"
"github.com/pkg/errors"
corev1 "k8s.io/api/core/v1"
"k8s.io/api/extensions/v1beta1"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/util/intstr"
)
const (
annotationKubernetesIngressClass = "kubernetes.io/ingress.class"
traefikDefaultIngressClass = "traefik"
)
// Provider holds configurations of the provider.
type Provider struct {
provider.BaseProvider `mapstructure:",squash" export:"true"`
Endpoint string `description:"Kubernetes server endpoint (required for external cluster client)"`
Token string `description:"Kubernetes bearer token (not needed for in-cluster client)"`
CertAuthFilePath string `description:"Kubernetes certificate authority file path (not needed for in-cluster client)"`
DisablePassHostHeaders bool `description:"Kubernetes disable PassHost Headers" export:"true"`
EnablePassTLSCert bool `description:"Kubernetes enable Pass TLS Client Certs" export:"true"` // Deprecated
Namespaces k8s.Namespaces `description:"Kubernetes namespaces" export:"true"`
LabelSelector string `description:"Kubernetes Ingress label selector to use" export:"true"`
IngressClass string `description:"Value of kubernetes.io/ingress.class annotation to watch for" export:"true"`
lastConfiguration safe.Safe
}
func (p *Provider) newK8sClient(ctx context.Context, ingressLabelSelector string) (*clientWrapper, error) {
ingLabelSel, err := labels.Parse(ingressLabelSelector)
if err != nil {
return nil, fmt.Errorf("invalid ingress label selector: %q", ingressLabelSelector)
}
logger := log.FromContext(ctx)
logger.Infof("ingress label selector is: %q", ingLabelSel)
withEndpoint := ""
if p.Endpoint != "" {
withEndpoint = fmt.Sprintf(" with endpoint %v", p.Endpoint)
}
var cl *clientWrapper
switch {
case os.Getenv("KUBERNETES_SERVICE_HOST") != "" && os.Getenv("KUBERNETES_SERVICE_PORT") != "":
logger.Infof("Creating in-cluster Provider client%s", withEndpoint)
cl, err = newInClusterClient(p.Endpoint)
case os.Getenv("KUBECONFIG") != "":
logger.Infof("Creating cluster-external Provider client from KUBECONFIG %s", os.Getenv("KUBECONFIG"))
cl, err = newExternalClusterClientFromFile(os.Getenv("KUBECONFIG"))
default:
logger.Infof("Creating cluster-external Provider client%s", withEndpoint)
cl, err = newExternalClusterClient(p.Endpoint, p.Token, p.CertAuthFilePath)
}
if err == nil {
cl.ingressLabelSelector = ingLabelSel
}
return cl, err
}
// Init the provider.
func (p *Provider) Init() error {
return p.BaseProvider.Init()
}
// Provide allows the k8s provider to provide configurations to traefik
// using the given configuration channel.
func (p *Provider) Provide(configurationChan chan<- config.Message, pool *safe.Pool) error {
ctxLog := log.With(context.Background(), log.Str(log.ProviderName, "kubernetes"))
logger := log.FromContext(ctxLog)
// Tell glog (used by client-go) to log into STDERR. Otherwise, we risk
// certain kinds of API errors getting logged into a directory not
// available in a `FROM scratch` Docker container, causing glog to abort
// hard with an exit code > 0.
err := flag.Set("logtostderr", "true")
if err != nil {
return err
}
logger.Debugf("Using Ingress label selector: %q", p.LabelSelector)
k8sClient, err := p.newK8sClient(ctxLog, p.LabelSelector)
if err != nil {
return err
}
pool.Go(func(stop chan bool) {
operation := func() error {
stopWatch := make(chan struct{}, 1)
defer close(stopWatch)
eventsChan, err := k8sClient.WatchAll(p.Namespaces, stopWatch)
if err != nil {
logger.Errorf("Error watching kubernetes events: %v", err)
timer := time.NewTimer(1 * time.Second)
select {
case <-timer.C:
return err
case <-stop:
return nil
}
}
for {
select {
case <-stop:
return nil
case event := <-eventsChan:
conf := p.loadConfigurationFromIngresses(ctxLog, k8sClient)
if reflect.DeepEqual(p.lastConfiguration.Get(), conf) {
logger.Debugf("Skipping Kubernetes event kind %T", event)
} else {
p.lastConfiguration.Set(conf)
configurationChan <- config.Message{
ProviderName: "kubernetes",
Configuration: conf,
}
}
}
}
}
notify := func(err error, time time.Duration) {
logger.Errorf("Provider connection error: %s; retrying in %s", err, time)
}
err := backoff.RetryNotify(safe.OperationWithRecover(operation), job.NewBackOff(backoff.NewExponentialBackOff()), notify)
if err != nil {
logger.Errorf("Cannot connect to Provider: %s", err)
}
})
return nil
}
func checkStringQuoteValidity(value string) error {
_, err := strconv.Unquote(`"` + value + `"`)
return err
}
func loadService(client Client, namespace string, backend v1beta1.IngressBackend) (*config.Service, error) {
service, exists, err := client.GetService(namespace, backend.ServiceName)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.New("service not found")
}
var servers []config.Server
var portName string
var portSpec corev1.ServicePort
var match bool
for _, p := range service.Spec.Ports {
if (backend.ServicePort.Type == intstr.Int && backend.ServicePort.IntVal == p.Port) ||
(backend.ServicePort.Type == intstr.String && backend.ServicePort.StrVal == p.Name) {
portName = p.Name
portSpec = p
match = true
break
}
}
if !match {
return nil, errors.New("service port not found")
}
if service.Spec.Type == corev1.ServiceTypeExternalName {
servers = append(servers, config.Server{
URL: fmt.Sprintf("http://%s:%d", service.Spec.ExternalName, portSpec.Port),
Weight: 1,
})
} else {
endpoints, endpointsExists, endpointsErr := client.GetEndpoints(namespace, backend.ServiceName)
if endpointsErr != nil {
return nil, endpointsErr
}
if !endpointsExists {
return nil, errors.New("endpoints not found")
}
if len(endpoints.Subsets) == 0 {
return nil, errors.New("subset not found")
}
var port int32
for _, subset := range endpoints.Subsets {
for _, p := range subset.Ports {
if portName == p.Name {
port = p.Port
break
}
}
if port == 0 {
return nil, errors.New("cannot define a port")
}
protocol := "http"
if port == 443 || strings.HasPrefix(portName, "https") {
protocol = "https"
}
for _, addr := range subset.Addresses {
servers = append(servers, config.Server{
URL: fmt.Sprintf("%s://%s:%d", protocol, addr.IP, port),
Weight: 1,
})
}
}
}
return &config.Service{
LoadBalancer: &config.LoadBalancerService{
Servers: servers,
Method: "wrr",
PassHostHeader: true,
},
}, nil
}
func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Client) *config.Configuration {
conf := &config.Configuration{
HTTP: &config.HTTPConfiguration{
Routers: map[string]*config.Router{},
Middlewares: map[string]*config.Middleware{},
Services: map[string]*config.Service{},
},
TCP: &config.TCPConfiguration{},
}
ingresses := client.GetIngresses()
tlsConfigs := make(map[string]*tls.Configuration)
for _, ingress := range ingresses {
ctx = log.With(ctx, log.Str("ingress", ingress.Name), log.Str("namespace", ingress.Namespace))
if !shouldProcessIngress(p.IngressClass, ingress.Annotations[annotationKubernetesIngressClass]) {
continue
}
err := getTLS(ctx, ingress, client, tlsConfigs)
if err != nil {
log.FromContext(ctx).Errorf("Error configuring TLS: %v", err)
}
if len(ingress.Spec.Rules) == 0 {
if ingress.Spec.Backend != nil {
if _, ok := conf.HTTP.Services["default-backend"]; ok {
log.FromContext(ctx).Error("The default backend already exists.")
continue
}
service, err := loadService(client, ingress.Namespace, *ingress.Spec.Backend)
if err != nil {
log.FromContext(ctx).
WithField("serviceName", ingress.Spec.Backend.ServiceName).
WithField("servicePort", ingress.Spec.Backend.ServicePort.String()).
Errorf("Cannot create service: %v", err)
continue
}
conf.HTTP.Routers["/"] = &config.Router{
Rule: "PathPrefix(`/`)",
Priority: math.MinInt32,
Service: "default-backend",
}
conf.HTTP.Services["default-backend"] = service
}
}
for _, rule := range ingress.Spec.Rules {
if err := checkStringQuoteValidity(rule.Host); err != nil {
log.FromContext(ctx).Errorf("Invalid syntax for host: %s", rule.Host)
continue
}
for _, p := range rule.HTTP.Paths {
service, err := loadService(client, ingress.Namespace, p.Backend)
if err != nil {
log.FromContext(ctx).
WithField("serviceName", p.Backend.ServiceName).
WithField("servicePort", p.Backend.ServicePort.String()).
Errorf("Cannot create service: %v", err)
continue
}
if err = checkStringQuoteValidity(p.Path); err != nil {
log.FromContext(ctx).Errorf("Invalid syntax for path: %s", p.Path)
continue
}
serviceName := ingress.Namespace + "/" + p.Backend.ServiceName + "/" + p.Backend.ServicePort.String()
var rules []string
if len(rule.Host) > 0 {
rules = []string{"Host(`" + rule.Host + "`)"}
}
if len(p.Path) > 0 {
rules = append(rules, "PathPrefix(`"+p.Path+"`)")
}
conf.HTTP.Routers[strings.Replace(rule.Host, ".", "-", -1)+p.Path] = &config.Router{
Rule: strings.Join(rules, " && "),
Service: serviceName,
}
conf.HTTP.Services[serviceName] = service
}
}
}
conf.TLS = getTLSConfig(tlsConfigs)
return conf
}
func shouldProcessIngress(ingressClass string, ingressClassAnnotation string) bool {
return ingressClass == ingressClassAnnotation ||
(len(ingressClass) == 0 && ingressClassAnnotation == traefikDefaultIngressClass)
}
func getTLS(ctx context.Context, ingress *v1beta1.Ingress, k8sClient Client, tlsConfigs map[string]*tls.Configuration) error {
for _, t := range ingress.Spec.TLS {
if t.SecretName == "" {
log.FromContext(ctx).Debugf("Skipping TLS sub-section: No secret name provided")
continue
}
configKey := ingress.Namespace + "/" + t.SecretName
if _, tlsExists := tlsConfigs[configKey]; !tlsExists {
secret, exists, err := k8sClient.GetSecret(ingress.Namespace, t.SecretName)
if err != nil {
return fmt.Errorf("failed to fetch secret %s/%s: %v", ingress.Namespace, t.SecretName, err)
}
if !exists {
return fmt.Errorf("secret %s/%s does not exist", ingress.Namespace, t.SecretName)
}
cert, key, err := getCertificateBlocks(secret, ingress.Namespace, t.SecretName)
if err != nil {
return err
}
tlsConfigs[configKey] = &tls.Configuration{
Certificate: &tls.Certificate{
CertFile: tls.FileOrContent(cert),
KeyFile: tls.FileOrContent(key),
},
}
}
}
return nil
}
func getTLSConfig(tlsConfigs map[string]*tls.Configuration) []*tls.Configuration {
var secretNames []string
for secretName := range tlsConfigs {
secretNames = append(secretNames, secretName)
}
sort.Strings(secretNames)
var configs []*tls.Configuration
for _, secretName := range secretNames {
configs = append(configs, tlsConfigs[secretName])
}
return configs
}
func getCertificateBlocks(secret *corev1.Secret, namespace, secretName string) (string, string, error) {
var missingEntries []string
tlsCrtData, tlsCrtExists := secret.Data["tls.crt"]
if !tlsCrtExists {
missingEntries = append(missingEntries, "tls.crt")
}
tlsKeyData, tlsKeyExists := secret.Data["tls.key"]
if !tlsKeyExists {
missingEntries = append(missingEntries, "tls.key")
}
if len(missingEntries) > 0 {
return "", "", fmt.Errorf("secret %s/%s is missing the following TLS data entries: %s",
namespace, secretName, strings.Join(missingEntries, ", "))
}
cert := string(tlsCrtData)
if cert == "" {
missingEntries = append(missingEntries, "tls.crt")
}
key := string(tlsKeyData)
if key == "" {
missingEntries = append(missingEntries, "tls.key")
}
if len(missingEntries) > 0 {
return "", "", fmt.Errorf("secret %s/%s contains the following empty TLS data entries: %s",
namespace, secretName, strings.Join(missingEntries, ", "))
}
return cert, key, nil
}

Some files were not shown because too many files have changed in this diff Show more