Support for all services kinds (and sticky) in CRD

Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com> Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2019-11-14 19:28:04 +01:00 · 2019-11-14 19:28:04 +01:00 · f30a52c2dc
commit f30a52c2dc
parent 424e2a9439
42 changed files with 3344 additions and 354 deletions
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd.yml
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd.yml
@ -56,6 +56,94 @@ spec:
    singular: ingressroutetcp
  scope: Namespaced

+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: traefikservices.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TraefikService
+    plural: traefikservices
+    singular: traefikservice
+  scope: Namespaced
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TraefikService
+metadata:
+  name: wrr2
+  namespace: default
+
+spec:
+  weighted:
+    services:
+      - name: s1
+        weight: 1
+        port: 80
+        # Optional, as it is the default value
+        kind: Service
+      - name: s3
+        weight: 1
+        port: 80
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TraefikService
+metadata:
+  name: wrr1
+  namespace: default
+
+spec:
+  weighted:
+    services:
+      - name: wrr2
+        kind: TraefikService
+        weight: 1
+      - name: s3
+        weight: 1
+        port: 80
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TraefikService
+metadata:
+  name: mirror1
+  namespace: default
+
+spec:
+  mirroring:
+    name: s1
+    port: 80
+    mirrors:
+      - name: s3
+        percent: 20
+        port: 80
+      - name: mirror2
+        kind: TraefikService
+        percent: 20
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TraefikService
+metadata:
+  name: mirror2
+  namespace: default
+
+spec:
+  mirroring:
+    name: wrr2
+    kind: TraefikService
+    mirrors:
+      - name: s2
+        # Optional, as it is the default value
+        kind: Service
+        percent: 20
+        port: 80
+
 ---
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
@ -100,9 +188,19 @@ spec:
    - match: PathPrefix(`/misc`)
      services:
        - name: s3
+          # Optional, as it is the default value
+          kind: Service
          port: 8443
          # scheme allow to override the scheme for the service. (ex: https or h2c)
          scheme: https
+    - match: PathPrefix(`/lb`)
+      services:
+        - name: wrr1
+          kind: TraefikService
+    - match: PathPrefix(`/mirrored`)
+      services:
+        - name: mirror1
+          kind: TraefikService
  # use an empty tls object for TLS with Let's Encrypt
  tls:
    secretName: supersecret
--- a/docs/content/routing/providers/crd_traefikservice.yml
+++ b/docs/content/routing/providers/crd_traefikservice.yml
@ -0,0 +1,13 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: traefikservices.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TraefikService
+    plural: traefikservices
+    singular: traefikservice
+  scope: Namespaced
--- a/docs/content/routing/providers/kubernetes-crd.md
+++ b/docs/content/routing/providers/kubernetes-crd.md
@ -116,6 +116,84 @@ spec:

 More information about available middlewares in the dedicated [middlewares section](../../middlewares/overview.md).

+### Services
+
+If one needs a setup more sophisticated than a load-balancer of servers (which is a Kubernetes Service kind behind the scenes),
+one can define and use additional service objects specific to Traefik, based on the `TraefikService` kind defined in the CRD below.
+
+```yaml
+--8<-- "content/routing/providers/crd_traefikservice.yml"
+```
+
+Once the `TraefikService` kind has been registered with the Kubernetes cluster, it can then be used in `IngressRoute` definitions
+(as well as recursively in other Traefik Services), such as below.
+Note how the `name` field in the IngressRoute definition now refers to a TraefikService instead of a (Kubernetes) Service.
+The reason this is allowed, and why a `name` can refer either to a TraefikService or a Service,
+is because the `kind` field is used to break the ambiguity. The allowed values for this field are `TraefikService`, or `Service`
+(which is the default value).
+
+```yaml
+apiVersion: traefik.containo.us/v1alpha1
+kind: TraefikService
+metadata:
+  name: wrr1
+  namespace: default
+
+spec:
+  weighted:
+    services:
+      - name: s2
+        kind: Service
+        port: 80
+        weight: 1
+      - name: s3
+        weight: 1
+        port: 80
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TraefikService
+metadata:
+  name: mirror1
+  namespace: default
+
+spec:
+  mirroring:
+    name: wrr1
+    kind: TraefikService
+    mirrors:
+      - name: s1
+        percent: 20
+        port: 80
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: ingressroutebar
+  namespace: default
+
+
+spec:
+  entryPoints:
+    - web
+  routes:
+  - match: Host(`bar.com`) && PathPrefix(`/foo`)
+    kind: Rule
+    services:
+    - name: mirror1
+      namespace: default
+      kind: TraefikService
+```
+
+!!! important "References and namespaces"
+
+    If the optional `namespace` attribute is not set, the configuration will be applied with the namespace of the current resource.
+    
+    Additionally, when the definition of the `TraefikService` is from another provider,
+    the cross-provider syntax (service@provider) should be used to refer to the `TraefikService`, just as in the middleware case.
+    Specifying a namespace attribute in this case would not make any sense, and will be ignored (except if the provider is `kubernetescrd`).
+
 ### TLS Option

 Additionally, to allow for the use of TLS options in an IngressRoute, we defined the CRD below for the TLSOption kind.
--- a/docs/content/user-guides/crd-acme/01-crd.yml
+++ b/docs/content/user-guides/crd-acme/01-crd.yml
@ -57,6 +57,21 @@ spec:
    singular: tlsoption
  scope: Namespaced

+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: traefikservices.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TraefikService
+    plural: traefikservices
+    singular: traefikservice
+  scope: Namespaced
+
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1beta1
@ -120,6 +135,14 @@ rules:
      - get
      - list
      - watch
+  - apiGroups:
+      - traefik.containo.us
+    resources:
+      - traefikservices
+    verbs:
+      - get
+      - list
+      - watch

 ---
 kind: ClusterRoleBinding