From 8ad70238851c67dabe78c65e2942f22a7a5ace8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20BUISSON?= Date: Mon, 24 Feb 2025 09:12:06 +0100 Subject: [PATCH] feat: :sparkles: add missing consulCatalogEnterprise provider for Hub --- .github/workflows/test.yml | 4 +- traefik/VALUES.md | 27 +++++ traefik/templates/_podtemplate.tpl | 3 + traefik/templates/requirements.yaml | 4 + traefik/tests/requirements-config_test.yaml | 14 ++- traefik/tests/traefik-config_test.yaml | 117 ++++++++++++++++++++ traefik/values.schema.json | 101 +++++++++++++++++ traefik/values.yaml | 59 ++++++++++ 8 files changed, 326 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 18ae104e8..d1b91e9e8 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -31,7 +31,7 @@ jobs: id: "https://traefik.io/traefik-helm-chart.schema.json" title: "Traefik Proxy Helm Chart" description: "The Cloud Native Application Proxy" - additional-properties: true + additionalProperties: true fail-on-diff: true - name: Check traefik-crds if values schema is up-to-date @@ -42,7 +42,7 @@ jobs: id: "https://traefik.io/traefik-crds-helm-chart.schema.json" title: "Traefik CRDs Helm Chart" description: "The Cloud Native Application Proxy" - additional-properties: false + additionalProperties: false fail-on-diff: true - name: Lint Chart diff --git a/traefik/VALUES.md b/traefik/VALUES.md index cc106d85b..46c48b758 100644 --- a/traefik/VALUES.md +++ b/traefik/VALUES.md @@ -87,6 +87,33 @@ Kubernetes: `>=1.22.0-0` | hub.apimanagement.enabled | bool | `false` | Set to true in order to enable API Management. Requires a valid license token. | | hub.apimanagement.openApi.validateRequestMethodAndPath | bool | `false` | When set to true, it will only accept paths and methods that are explicitly defined in its OpenAPI specification | | hub.experimental.aigateway | bool | `false` | Set to true in order to enable AI Gateway. Requires a valid license token. | +| hub.providers.consulCatalogEnterprise.cache | bool | `false` | Use local agent caching for catalog reads. | +| hub.providers.consulCatalogEnterprise.connectAware | bool | `false` | Enable Consul Connect support. | +| hub.providers.consulCatalogEnterprise.connectByDefault | bool | `false` | Consider every service as Connect capable by default. | +| hub.providers.consulCatalogEnterprise.constraints | string | `""` | Constraints is an expression that Traefik matches against the container's labels | +| hub.providers.consulCatalogEnterprise.defaultRule | string | `"Host(`{{ normalize .Name }}`)"` | Default rule. | +| hub.providers.consulCatalogEnterprise.enabled | bool | `false` | Enable Consul Catalog Enterprise backend with default settings. | +| hub.providers.consulCatalogEnterprise.endpoint.address | string | `""` | The address of the Consul server | +| hub.providers.consulCatalogEnterprise.endpoint.datacenter | string | `""` | Data center to use. If not provided, the default agent data center is used | +| hub.providers.consulCatalogEnterprise.endpoint.endpointWaitTime | int | `0` | WaitTime limits how long a Watch will block. If not provided, the agent default | +| hub.providers.consulCatalogEnterprise.endpoint.httpauth.password | string | `""` | Basic Auth password | +| hub.providers.consulCatalogEnterprise.endpoint.httpauth.username | string | `""` | Basic Auth username | +| hub.providers.consulCatalogEnterprise.endpoint.scheme | string | `""` | The URI scheme for the Consul server | +| hub.providers.consulCatalogEnterprise.endpoint.tls.ca | string | `""` | TLS CA | +| hub.providers.consulCatalogEnterprise.endpoint.tls.cert | string | `""` | TLS cert | +| hub.providers.consulCatalogEnterprise.endpoint.tls.insecureSkipVerify | bool | `false` | TLS insecure skip verify | +| hub.providers.consulCatalogEnterprise.endpoint.tls.key | string | `""` | TLS key | +| hub.providers.consulCatalogEnterprise.endpoint.token | string | `""` | Token is used to provide a per-request ACL token which overrides the agent's | +| hub.providers.consulCatalogEnterprise.exposedByDefault | bool | `true` | Expose containers by default. | +| hub.providers.consulCatalogEnterprise.namespaces | string | `""` | Sets the namespaces used to discover services (Consul Enterprise only). | +| hub.providers.consulCatalogEnterprise.partition | string | `""` | Sets the partition used to discover services (Consul Enterprise only). | +| hub.providers.consulCatalogEnterprise.prefix | string | `"traefik"` | Prefix for consul service tags. | +| hub.providers.consulCatalogEnterprise.refreshInterval | int | `15` | Interval for check Consul API. | +| hub.providers.consulCatalogEnterprise.requireConsistent | bool | `false` | Forces the read to be fully consistent. | +| hub.providers.consulCatalogEnterprise.serviceName | string | `"traefik"` | Name of the Traefik service in Consul Catalog (needs to be registered via the | +| hub.providers.consulCatalogEnterprise.stale | bool | `false` | Use stale consistency for catalog reads. | +| hub.providers.consulCatalogEnterprise.strictChecks | string | `"passing, warning"` | A list of service health statuses to allow taking traffic. | +| hub.providers.consulCatalogEnterprise.watch | bool | `false` | Watch Consul API events. | | hub.providers.microcks.auth.clientId | string | `""` | Microcks API client ID. | | hub.providers.microcks.auth.clientSecret | string | `""` | Microcks API client secret. | | hub.providers.microcks.auth.endpoint | string | `""` | Microcks API endpoint. | diff --git a/traefik/templates/_podtemplate.tpl b/traefik/templates/_podtemplate.tpl index acff5b33a..8f376af7a 100644 --- a/traefik/templates/_podtemplate.tpl +++ b/traefik/templates/_podtemplate.tpl @@ -815,6 +815,9 @@ {{- if and $.Values.tracing.otlp.enabled .tracing.additionalTraceHeaders.enabled }} {{- include "traefik.yaml2CommandLineArgs" (dict "path" "hub.tracing.additionalTraceHeaders.traceContext" "content" $.Values.hub.tracing.additionalTraceHeaders.traceContext) | nindent 10 }} {{- end }} + {{- if .providers.consulCatalogEnterprise.enabled }} + {{- include "traefik.yaml2CommandLineArgs" (dict "path" "hub.providers.consulCatalogEnterprise" "content" (omit $.Values.hub.providers.consulCatalogEnterprise "enabled")) | nindent 10 }} + {{- end }} {{- if .providers.microcks.enabled }} {{- include "traefik.yaml2CommandLineArgs" (dict "path" "hub.providers.microcks" "content" (omit $.Values.hub.providers.microcks "enabled")) | nindent 10 }} {{- end }} diff --git a/traefik/templates/requirements.yaml b/traefik/templates/requirements.yaml index de37b6bae..cd099772e 100644 --- a/traefik/templates/requirements.yaml +++ b/traefik/templates/requirements.yaml @@ -71,6 +71,10 @@ {{ fail "ERROR: additionalTraceHeaders needs tracing.otlp to be enabled."}} {{- end }} + {{- if and (semverCompare "= v3.6.0."}} + {{- end }} + {{- if and (semverCompare "= v3.7.0."}} {{- end }} diff --git a/traefik/tests/requirements-config_test.yaml b/traefik/tests/requirements-config_test.yaml index 628422c62..5e70edbb8 100644 --- a/traefik/tests/requirements-config_test.yaml +++ b/traefik/tests/requirements-config_test.yaml @@ -223,4 +223,16 @@ tests: additionalTraceHeaders: enabled: true asserts: - - notFailedTemplate: {} + - notFailedTemplate: {} + - it: should fail when using consulCatalogEnterprise provider on hub < 3.6.0 + set: + image: + tag: v3.5.0 + hub: + token: "xxx" + providers: + consulCatalogEnterprise: + enabled: true + asserts: + - failedTemplate: + errorMessage: "ERROR: consulCatalogEnterprise provider is a feature only available for traefik-hub >= v3.6.0." diff --git a/traefik/tests/traefik-config_test.yaml b/traefik/tests/traefik-config_test.yaml index b727635a2..7374f207f 100644 --- a/traefik/tests/traefik-config_test.yaml +++ b/traefik/tests/traefik-config_test.yaml @@ -829,3 +829,120 @@ tests: - contains: path: spec.template.spec.containers[0].args content: "--hub.providers.microcks.endpoint=http://microcks.svc" + - it: should be possible to configure Traefik Hub consulCatalogEnterprise provider + set: + image: + tag: v3.9.0 + tracing: + otlp: + enabled: true + hub: + token: "xxx" + providers: + consulCatalogEnterprise: + enabled: true + cache: true + connectAware: true + connectByDefault: true + constraints: "constraints" + defaultRule: "defaultRule" + endpoint: + address: "address" + datacenter: "datacenter" + endpointWaitTime: 1 + httpauth: + password: "password" + username: "username" + scheme: "scheme" + tls: + ca: "ca" + cert: "cert" + insecureSkipVerify: true + key: "key" + token: "token" + exposedByDefault: false + namespaces: "namespaces" + partition: "partition" + prefix: "prefix" + refreshInterval: 2 + requireConsistent: true + serviceName: "serviceName" + stale: true + strictChecks: "strictChecks" + watch: true + asserts: + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.cache=true" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.connectAware=true" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.connectByDefault=true" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.constraints=constraints" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.defaultRule=defaultRule" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.endpoint.address=address" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.endpoint.datacenter=datacenter" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.endpoint.endpointWaitTime=1" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.endpoint.httpauth.password=password" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.endpoint.httpauth.username=username" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.endpoint.scheme=scheme" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.endpoint.tls.ca=ca" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.endpoint.tls.cert=cert" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.endpoint.tls.insecureSkipVerify=true" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.endpoint.tls.key=key" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.endpoint.token=token" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.namespaces=namespaces" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.partition=partition" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.prefix=prefix" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.refreshInterval=2" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.requireConsistent=true" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.serviceName=serviceName" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.stale=true" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.strictChecks=strictChecks" + - contains: + path: spec.template.spec.containers[0].args + content: "--hub.providers.consulCatalogEnterprise.watch=true" diff --git a/traefik/values.schema.json b/traefik/values.schema.json index cac8cf831..894a7764a 100644 --- a/traefik/values.schema.json +++ b/traefik/values.schema.json @@ -292,6 +292,107 @@ }, "providers": { "properties": { + "consulCatalogEnterprise": { + "properties": { + "cache": { + "type": "boolean" + }, + "connectAware": { + "type": "boolean" + }, + "connectByDefault": { + "type": "boolean" + }, + "constraints": { + "type": "string" + }, + "defaultRule": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "endpoint": { + "properties": { + "address": { + "type": "string" + }, + "datacenter": { + "type": "string" + }, + "endpointWaitTime": { + "type": "integer" + }, + "httpauth": { + "properties": { + "password": { + "type": "string" + }, + "username": { + "type": "string" + } + }, + "type": "object" + }, + "scheme": { + "type": "string" + }, + "tls": { + "properties": { + "ca": { + "type": "string" + }, + "cert": { + "type": "string" + }, + "insecureSkipVerify": { + "type": "boolean" + }, + "key": { + "type": "string" + } + }, + "type": "object" + }, + "token": { + "type": "string" + } + }, + "type": "object" + }, + "exposedByDefault": { + "type": "boolean" + }, + "namespaces": { + "type": "string" + }, + "partition": { + "type": "string" + }, + "prefix": { + "type": "string" + }, + "refreshInterval": { + "type": "integer" + }, + "requireConsistent": { + "type": "boolean" + }, + "serviceName": { + "type": "string" + }, + "stale": { + "type": "boolean" + }, + "strictChecks": { + "type": "string" + }, + "watch": { + "type": "boolean" + } + }, + "type": "object" + }, "microcks": { "properties": { "auth": { diff --git a/traefik/values.yaml b/traefik/values.yaml index 2d8ac738c..f881360d3 100644 --- a/traefik/values.yaml +++ b/traefik/values.yaml @@ -949,6 +949,64 @@ hub: # -- Set to true in order to enable AI Gateway. Requires a valid license token. aigateway: false providers: + consulCatalogEnterprise: + # -- Enable Consul Catalog Enterprise backend with default settings. + enabled: false + # -- Use local agent caching for catalog reads. + cache: false + # -- Enable Consul Connect support. + connectAware: false + # -- Consider every service as Connect capable by default. + connectByDefault: false + # -- Constraints is an expression that Traefik matches against the container's labels + constraints: "" + # -- Default rule. + defaultRule: "Host(`{{ normalize .Name }}`)" + endpoint: + # -- The address of the Consul server + address: "" + # -- Data center to use. If not provided, the default agent data center is used + datacenter: "" + # -- WaitTime limits how long a Watch will block. If not provided, the agent default + endpointWaitTime: 0 + httpauth: + # -- Basic Auth password + password: "" + # -- Basic Auth username + username: "" + # -- The URI scheme for the Consul server + scheme: "" + tls: + # -- TLS CA + ca: "" + # -- TLS cert + cert: "" + # -- TLS insecure skip verify + insecureSkipVerify: false + # -- TLS key + key: "" + # -- Token is used to provide a per-request ACL token which overrides the agent's + token: "" + # -- Expose containers by default. + exposedByDefault: true + # -- Sets the namespaces used to discover services (Consul Enterprise only). + namespaces: "" + # -- Sets the partition used to discover services (Consul Enterprise only). + partition: "" + # -- Prefix for consul service tags. + prefix: "traefik" + # -- Interval for check Consul API. + refreshInterval: 15 + # -- Forces the read to be fully consistent. + requireConsistent: false + # -- Name of the Traefik service in Consul Catalog (needs to be registered via the + serviceName: "traefik" + # -- Use stale consistency for catalog reads. + stale: false + # -- A list of service health statuses to allow taking traffic. + strictChecks: "passing, warning" + # -- Watch Consul API events. + watch: false microcks: # -- Enable Microcks provider. enabled: false @@ -1007,6 +1065,7 @@ hub: insecureSkipVerify: false # Enable export of errors logs to the platform. Default: true. sendlogs: # @schema type:[boolean, null] + tracing: # -- Tracing headers to duplicate. # To configure the following, tracing.otlp.enabled needs to be set to true.