homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow to use internal node IPs for NodePort services

Browse source
This commit is contained in:
Joris Vergeer 2024-02-27 10:54:04 +01:00 committed by GitHub
parent 73769af0fe
commit c1ef742977
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
31 changed files with 813 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

101
docs/content/routing/providers/kubernetes-crd.md
View file

@ -352,15 +352,16 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
strategy: RoundRobin
weight: 10
nativeLB: true # [11]
tls: # [12]
secretName: supersecret # [13]
options: # [14]
name: opt # [15]
namespace: default # [16]
certResolver: foo # [17]
domains: # [18]
- main: example.net # [19]
sans: # [20]
nodePortLB: true # [12]
tls: # [13]
secretName: supersecret # [14]
options: # [15]
name: opt # [16]
namespace: default # [17]
certResolver: foo # [18]
domains: # [19]
- main: example.net # [20]
sans: # [21]
- a.example.net
- b.example.net
```
@ -378,15 +379,16 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
| [9] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
| [10] | `services[n].serversTransport` | Defines the reference to a [ServersTransport](#kind-serverstransport). The ServersTransport namespace is assumed to be the [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace (see [ServersTransport reference](#serverstransport-reference)). |
| [11] | `services[n].nativeLB` | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. |
| [12] | `tls` | Defines [TLS](../routers/index.md#tls) certificate configuration |
| [13] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
| [14] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
| [15] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name |
| [16] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
| [17] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver) |
| [18] | `tls.domains` | List of [domains](../routers/index.md#domains) |
| [19] | `domains[n].main` | Defines the main domain name |
| [20] | `domains[n].sans` | List of SANs (alternative domains) |
| [12] | `services[n].nodePortLB` | Controls, when creating the load-balancer, whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort. |
| [13] | `tls` | Defines [TLS](../routers/index.md#tls) certificate configuration |
| [14] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
| [15] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
| [16] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name |
| [17] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
| [18] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver) |
| [19] | `tls.domains` | List of [domains](../routers/index.md#domains) |
| [20] | `domains[n].main` | Defines the main domain name |
| [21] | `domains[n].sans` | List of SANs (alternative domains) |
??? example "Declaring an IngressRoute"
@ -1149,18 +1151,20 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
version: 1 # [12]
serversTransport: transport # [13]
nativeLB: true # [14]
tls: # [15]
secretName: supersecret # [16]
options: # [17]
name: opt # [18]
namespace: default # [19]
certResolver: foo # [20]
domains: # [21]
- main: example.net # [22]
sans: # [23]
nodePortLB: true # [15]
tls: # [16]
secretName: supersecret # [17]
options: # [18]
name: opt # [19]
namespace: default # [20]
certResolver: foo # [21]
domains: # [22]
- main: example.net # [23]
sans: # [24]
- a.example.net
- b.example.net
passthrough: false # [24]
passthrough: false # [25]
```
| Ref | Attribute | Purpose |
@ -1179,16 +1183,17 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
| [12] | `services[n].proxyProtocol.version` | Defines the [PROXY protocol](../services/index.md#proxy-protocol) version |
| [13] | `services[n].serversTransport` | Defines the reference to a [ServersTransportTCP](#kind-serverstransporttcp). The ServersTransport namespace is assumed to be the [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace (see [ServersTransport reference](#serverstransport-reference)). |
| [14] | `services[n].nativeLB` | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. |
| [15] | `tls` | Defines [TLS](../routers/index.md#tls_1) certificate configuration |
| [16] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
| [17] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
| [18] | `tls.options.name` | Defines the [TLSOption](#kind-tlsoption) name |
| [19] | `tls.options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
| [20] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver_1) |
| [21] | `tls.domains` | List of [domains](../routers/index.md#domains_1) |
| [22] | `tls.domains[n].main` | Defines the main domain name |
| [23] | `tls.domains[n].sans` | List of SANs (alternative domains) |
| [24] | `tls.passthrough` | If `true`, delegates the TLS termination to the backend |
| [15] | `services[n].nodePortLB` | Controls, when creating the load-balancer, whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is |
| [16] | `tls` | Defines [TLS](../routers/index.md#tls_1) certificate configuration |
| [17] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
| [18] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
| [19] | `tls.options.name` | Defines the [TLSOption](#kind-tlsoption) name |
| [20] | `tls.options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
| [21] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver_1) |
| [22] | `tls.domains` | List of [domains](../routers/index.md#domains_1) |
| [23] | `tls.domains[n].main` | Defines the main domain name |
| [24] | `tls.domains[n].sans` | List of SANs (alternative domains) |
| [25] | `tls.passthrough` | If `true`, delegates the TLS termination to the backend |
??? example "Declaring an IngressRouteTCP"
@ -1433,17 +1438,19 @@ Register the `IngressRouteUDP` [kind](../../reference/dynamic-configuration/kube
port: 8080 # [5]
weight: 10 # [6]
nativeLB: true # [7]
nodePortLB: true # [8]
```
| Ref | Attribute | Purpose |
|-----|-------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `entryPoints` | List of [entrypoints](../routers/index.md#entrypoints_1) names |
| [2] | `routes` | List of routes |
| [3] | `routes[n].services` | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions (See below for `ExternalName Service` setup) |
| [4] | `services[n].name` | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) |
| [5] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
| [6] | `services[n].weight` | Defines the weight to apply to the server load balancing |
| [7] | `services[n].nativeLB` | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. |
| Ref | Attribute | Purpose |
|-----|-------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `entryPoints` | List of [entrypoints](../routers/index.md#entrypoints_1) names |
| [2] | `routes` | List of routes |
| [3] | `routes[n].services` | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions (See below for `ExternalName Service` setup) |
| [4] | `services[n].name` | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) |
| [5] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
| [6] | `services[n].weight` | Defines the weight to apply to the server load balancing |
| [7] | `services[n].nativeLB` | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. |
| [8] | `services[n].nodePortLB` | Controls, when creating the load-balancer, whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort. |
??? example "Declaring an IngressRouteUDP"

10
docs/content/routing/providers/kubernetes-ingress.md
View file

@ -287,6 +287,16 @@ which in turn will create the resulting routers, services, handlers, etc.
traefik.ingress.kubernetes.io/service.nativelb: "true"
```
??? info "`traefik.ingress.kubernetes.io/service.nodeportlb`"
Controls, when creating the load-balancer, whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort.
It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.
By default, NodePortLB is false.
```yaml
traefik.ingress.kubernetes.io/service.nodeportlb: "true"
```
??? info "`traefik.ingress.kubernetes.io/service.serversscheme`"
Overrides the default scheme.