Handle cross-provider middleware in kubernetes CRD

Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2019-06-26 14:14:05 +02:00 · 2019-06-26 14:14:05 +02:00 · 96962dd21f
commit 96962dd21f
parent 36d48224b5
6 changed files with 273 additions and 146 deletions
--- a/docs/content/middlewares/overview.md
+++ b/docs/content/middlewares/overview.md
@ -79,32 +79,6 @@ labels:
  - "traefik.http.router.router1.Middlewares=foo-add-prefix@rancher"
 ```

-```yaml tab="Kubernetes"
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: tlsoptions.traefik.containo.us
-
-spec:
-  group: traefik.containo.us
-  version: v1alpha1
-  names:
-    kind: TLSOption
-    plural: tlsoptions
-    singular: tlsoption
-  scope: Namespaced
-
---
-apiVersion: traefik.containo.us/v1alpha1
-kind: TLSOption
-metadata:
-  name: mytlsoption
-  namespace: default
-
-spec:
-  minversion: VersionTLS12
-```
-
 ```toml tab="File"
 # As Toml Configuration File
 [providers]
@ -133,35 +107,66 @@ spec:
 When you declare a middleware, it lives in its provider namespace.
 For example, if you declare a middleware using a Docker label, under the hoods, it will reside in the docker provider namespace.

-If you use multiple providers and wish to reference a middleware declared in another provider,
-then you'll have to prefix the middleware name with the provider name.
+If you use multiple providers and wish to reference a middleware declared in another provider
+(aka referencing a cross-provider middleware),
+then you'll have to append to the middleware name, the `@` separator, followed by the provider name.

 ```text
 <resource-name>@<provider-name>
 ```

+!!! important "Kubernetes Namespace"
+
+	As Kubernetes also has its own notion of namespace, one should not confuse the "provider namespace"
+with the "kubernetes namespace" of a resource when in the context of a cross-provider usage.
+In this case, since the definition of the middleware is not in kubernetes,
+specifying a "kubernetes namespace" when referring to the resource does not make any sense,
+and therefore this specification would be ignored even if present.
+
 !!! abstract "Referencing a Middleware from Another Provider"

    Declaring the add-foo-prefix in the file provider.

    ```toml
    [providers]
-       [providers.file]
+      [providers.file]

    [http.middlewares]
-     [http.middlewares.add-foo-prefix.AddPrefix]
+      [http.middlewares.add-foo-prefix.AddPrefix]
        prefix = "/foo"
    ```

-    Using the add-foo-prefix middleware from docker.
+    Using the add-foo-prefix middleware from other providers:

-    ```yaml
+    ```yaml tab="Docker"
    your-container: #
-        image: your-docker-image
+      image: your-docker-image

-        labels:
-          # Attach add-foo-prefix@file middleware (declared in file)
-          - "traefik.http.routers.my-container.middlewares=add-foo-prefix@file"
+      labels:
+        # Attach add-foo-prefix@file middleware (declared in file)
+        - "traefik.http.routers.my-container.middlewares=add-foo-prefix@file"
+    ```
+
+    ```yaml tab="Kubernetes"
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: IngressRoute
+    metadata:
+      name: ingressroutestripprefix
+
+    spec:
+      entryPoints:
+        - web
+      routes:
+        - match: Host(`bar.com`)
+          kind: Rule
+        services:
+          - name: whoami
+            port: 80
+        middlewares:
+          - name: add-foo-prefix@file
+          # namespace: bar
+          # A namespace specification such as above is ignored
+          # when the cross-provider syntax is used.
    ```

 ## Available Middlewares
--- a/docs/content/providers/kubernetes-crd.md
+++ b/docs/content/providers/kubernetes-crd.md
@ -203,6 +203,7 @@ apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
  name: stripprefix
+  namespace: foo

 spec:
  stripPrefix:
@ -226,13 +227,21 @@ spec:
      port: 80
    middlewares:
    - name: stripprefix
+      namespace: foo
 ```

+!!! important "Cross-provider namespace"
+
+	As Kubernetes also has its own notion of namespace, one should not confuse the kubernetes namespace of a resource
+(in the reference to the middleware) with the [provider namespace](../middlewares/overview.md#provider-namespace),
+when the definition of the middleware is from another provider.
+In this context, specifying a namespace when referring to the resource does not make any sense, and will be ignored.
+
 More information about available middlewares in the dedicated [middlewares section](../middlewares/overview.md).

-### Traefik TLS Option Definition
+### TLS Option

-Additionally, to allow for the use of tls options in an IngressRoute, we defined the CRD below for the TLSOption kind.
+Additionally, to allow for the use of TLS options in an IngressRoute, we defined the CRD below for the TLSOption kind.
 More information about TLS Options is available in the dedicated [TLS Configuration Options](../../https/tls/#tls-options).

 ```yaml
@ -272,9 +281,15 @@ spec:
      namespace: default
 ```

-!!! note "TLS Option reference and namespace"
+!!! important "References and namespaces"
+
    If the optional `namespace` attribute is not set, the configuration will be applied with the namespace of the IngressRoute.

+	Additionally, when the definition of the TLS option is from another provider,
+the cross-provider syntax (`middlewarename@provider`) should be used to refer to the TLS option,
+just as in the [middleware case](../middlewares/overview.md#provider-namespace).
+Specifying a namespace attribute in this case would not make any sense, and will be ignored.
+
 ### TLS

 To allow for TLS, we made use of the `Secret` kind, as it was already defined, and it can be directly used in an `IngressRoute`: