Skip to content

Commit

Permalink
fix: 🐛 set disableIngressClassLookup until 3.1.4
Browse files Browse the repository at this point in the history
  • Loading branch information
darkweaver87 authored Oct 4, 2024
1 parent 3b1860c commit 7c81ff5
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 4 deletions.
5 changes: 4 additions & 1 deletion traefik/templates/_podtemplate.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -490,8 +490,11 @@
- "--providers.kubernetesingress.ingressClass={{ .Values.providers.kubernetesIngress.ingressClass }}"
{{- end }}
{{- if .Values.rbac.namespaced }}
{{- if semverCompare "<3.1.2-0" $version }}
{{- if semverCompare "<3.1.5-0" $version }}
- "--providers.kubernetesingress.disableIngressClassLookup=true"
{{- if semverCompare ">=3.1.2-0" $version }}
- "--providers.kubernetesingress.disableClusterScopeResources=true"
{{- end }}
{{- else }}
- "--providers.kubernetesingress.disableClusterScopeResources=true"
{{- end }}
Expand Down
27 changes: 27 additions & 0 deletions traefik/tests/traefik-config_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -564,6 +564,33 @@ tests:
- contains:
path: spec.template.spec.containers[0].args
content: "--providers.kubernetesingress.disableIngressClassLookup=true"
- it: should not set disableIngressClassLookup if version is >= v3.1.5+ and rbac are namespaced
set:
rbac:
namespaced: true
image:
tag: v3.1.5
asserts:
- contains:
path: spec.template.spec.containers[0].args
content: "--providers.kubernetesingress.disableClusterScopeResources=true"

- notContains:
path: spec.template.spec.containers[0].args
content: "--providers.kubernetesingress.disableIngressClassLookup=true"
- it: should set disableIngressClassLookup if version is < v3.1.5+ and rbac are namespaced
set:
rbac:
namespaced: true
image:
tag: v3.1.4
asserts:
- contains:
path: spec.template.spec.containers[0].args
content: "--providers.kubernetesingress.disableClusterScopeResources=true"
- contains:
path: spec.template.spec.containers[0].args
content: "--providers.kubernetesingress.disableIngressClassLookup=true"
- it: should set disableClusterScopeResources when version > v3.1.2+ on both providers
set:
rbac:
Expand Down
6 changes: 3 additions & 3 deletions traefik/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -809,9 +809,9 @@ hostNetwork: false
rbac: # @schema additionalProperties: false
enabled: true
# When set to true:
# 1. Use `Role` and `RoleBinding` instead of `ClusterRole` and `ClusterRoleBinding`.
# 2. Set `disableIngressClassLookup` on Kubernetes Ingress providers with Traefik Proxy v3 until v3.1.1
# 3. Set `disableClusterScopeResources` on Kubernetes Ingress and CRD providers with Traefik Proxy v3.1.2+
# 1. It switches respectively the use of `ClusterRole` and `ClusterRoleBinding` to `Role` and `RoleBinding`.
# 2. It adds `disableIngressClassLookup` on Kubernetes Ingress with Traefik Proxy v3 until v3.1.4
# 3. It adds `disableClusterScopeResources` on Ingress and CRD (Kubernetes) providers with Traefik Proxy v3.1.2+
# **NOTE**: `IngressClass`, `NodePortLB` and **Gateway** provider cannot be used with namespaced RBAC.
# See [upstream documentation](https://doc.traefik.io/traefik/providers/kubernetes-ingress/#disableclusterscoperesources) for more details.
namespaced: false
Expand Down

0 comments on commit 7c81ff5

Please sign in to comment.