Handle cross-provider middleware in kubernetes CRD
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
This commit is contained in:
parent
36d48224b5
commit
96962dd21f
6 changed files with 273 additions and 146 deletions
|
@ -79,32 +79,6 @@ labels:
|
|||
- "traefik.http.router.router1.Middlewares=foo-add-prefix@rancher"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: tlsoptions.traefik.containo.us
|
||||
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
version: v1alpha1
|
||||
names:
|
||||
kind: TLSOption
|
||||
plural: tlsoptions
|
||||
singular: tlsoption
|
||||
scope: Namespaced
|
||||
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: TLSOption
|
||||
metadata:
|
||||
name: mytlsoption
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
minversion: VersionTLS12
|
||||
```
|
||||
|
||||
```toml tab="File"
|
||||
# As Toml Configuration File
|
||||
[providers]
|
||||
|
@ -133,35 +107,66 @@ spec:
|
|||
When you declare a middleware, it lives in its provider namespace.
|
||||
For example, if you declare a middleware using a Docker label, under the hoods, it will reside in the docker provider namespace.
|
||||
|
||||
If you use multiple providers and wish to reference a middleware declared in another provider,
|
||||
then you'll have to prefix the middleware name with the provider name.
|
||||
If you use multiple providers and wish to reference a middleware declared in another provider
|
||||
(aka referencing a cross-provider middleware),
|
||||
then you'll have to append to the middleware name, the `@` separator, followed by the provider name.
|
||||
|
||||
```text
|
||||
<resource-name>@<provider-name>
|
||||
```
|
||||
|
||||
!!! important "Kubernetes Namespace"
|
||||
|
||||
As Kubernetes also has its own notion of namespace, one should not confuse the "provider namespace"
|
||||
with the "kubernetes namespace" of a resource when in the context of a cross-provider usage.
|
||||
In this case, since the definition of the middleware is not in kubernetes,
|
||||
specifying a "kubernetes namespace" when referring to the resource does not make any sense,
|
||||
and therefore this specification would be ignored even if present.
|
||||
|
||||
!!! abstract "Referencing a Middleware from Another Provider"
|
||||
|
||||
Declaring the add-foo-prefix in the file provider.
|
||||
|
||||
```toml
|
||||
[providers]
|
||||
[providers.file]
|
||||
[providers.file]
|
||||
|
||||
[http.middlewares]
|
||||
[http.middlewares.add-foo-prefix.AddPrefix]
|
||||
[http.middlewares.add-foo-prefix.AddPrefix]
|
||||
prefix = "/foo"
|
||||
```
|
||||
|
||||
Using the add-foo-prefix middleware from docker.
|
||||
Using the add-foo-prefix middleware from other providers:
|
||||
|
||||
```yaml
|
||||
```yaml tab="Docker"
|
||||
your-container: #
|
||||
image: your-docker-image
|
||||
image: your-docker-image
|
||||
|
||||
labels:
|
||||
# Attach add-foo-prefix@file middleware (declared in file)
|
||||
- "traefik.http.routers.my-container.middlewares=add-foo-prefix@file"
|
||||
labels:
|
||||
# Attach add-foo-prefix@file middleware (declared in file)
|
||||
- "traefik.http.routers.my-container.middlewares=add-foo-prefix@file"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: ingressroutestripprefix
|
||||
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
routes:
|
||||
- match: Host(`bar.com`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: whoami
|
||||
port: 80
|
||||
middlewares:
|
||||
- name: add-foo-prefix@file
|
||||
# namespace: bar
|
||||
# A namespace specification such as above is ignored
|
||||
# when the cross-provider syntax is used.
|
||||
```
|
||||
|
||||
## Available Middlewares
|
||||
|
|
|
@ -203,6 +203,7 @@ apiVersion: traefik.containo.us/v1alpha1
|
|||
kind: Middleware
|
||||
metadata:
|
||||
name: stripprefix
|
||||
namespace: foo
|
||||
|
||||
spec:
|
||||
stripPrefix:
|
||||
|
@ -226,13 +227,21 @@ spec:
|
|||
port: 80
|
||||
middlewares:
|
||||
- name: stripprefix
|
||||
namespace: foo
|
||||
```
|
||||
|
||||
!!! important "Cross-provider namespace"
|
||||
|
||||
As Kubernetes also has its own notion of namespace, one should not confuse the kubernetes namespace of a resource
|
||||
(in the reference to the middleware) with the [provider namespace](../middlewares/overview.md#provider-namespace),
|
||||
when the definition of the middleware is from another provider.
|
||||
In this context, specifying a namespace when referring to the resource does not make any sense, and will be ignored.
|
||||
|
||||
More information about available middlewares in the dedicated [middlewares section](../middlewares/overview.md).
|
||||
|
||||
### Traefik TLS Option Definition
|
||||
### TLS Option
|
||||
|
||||
Additionally, to allow for the use of tls options in an IngressRoute, we defined the CRD below for the TLSOption kind.
|
||||
Additionally, to allow for the use of TLS options in an IngressRoute, we defined the CRD below for the TLSOption kind.
|
||||
More information about TLS Options is available in the dedicated [TLS Configuration Options](../../https/tls/#tls-options).
|
||||
|
||||
```yaml
|
||||
|
@ -272,9 +281,15 @@ spec:
|
|||
namespace: default
|
||||
```
|
||||
|
||||
!!! note "TLS Option reference and namespace"
|
||||
!!! important "References and namespaces"
|
||||
|
||||
If the optional `namespace` attribute is not set, the configuration will be applied with the namespace of the IngressRoute.
|
||||
|
||||
Additionally, when the definition of the TLS option is from another provider,
|
||||
the cross-provider syntax (`middlewarename@provider`) should be used to refer to the TLS option,
|
||||
just as in the [middleware case](../middlewares/overview.md#provider-namespace).
|
||||
Specifying a namespace attribute in this case would not make any sense, and will be ignored.
|
||||
|
||||
### TLS
|
||||
|
||||
To allow for TLS, we made use of the `Secret` kind, as it was already defined, and it can be directly used in an `IngressRoute`:
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue