Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(helm-chart)!: Update Helm release traefik to 33.0.0 #1979

Merged
merged 1 commit into from
Oct 30, 2024

Conversation

bendo-bot[bot]
Copy link
Contributor

@bendo-bot bendo-bot bot commented Oct 30, 2024

This PR contains the following updates:

Package Update Change
traefik (source) major 32.1.1 -> 33.0.0

Release Notes

traefik/traefik-helm-chart (traefik)

v33.0.0

Compare Source

Upgrade Notes

There are multiple breaking changes in this release:

  1. The default port of traefik entrypoint has changed from 9000 to 8080, just like the Traefik Proxy default port
    • You may have to update probes accordingly (or set this port back to 9000)
  2. publishedService is enabled by default on Ingress provider
    • You can disable it, if needed
  3. The POD_NAME and POD_NAMESPACE environment variables are now set by default, without values.
    • It is no longer necessary to add them in values and so, it can be removed from user values.
  4. In values, certResolvers specific syntax has been reworked to align with Traefik Proxy syntax.
    • PR #​1214 contains a complete before / after example on how to update values
  5. Traefik Proxy 3.2 supports Gateway API v1.2
    • The CRDs of this version comes with Gateway API CRD v1.2 of standard channel.
    • The CRDs needs to be updated
    • It is recommended to check that other software using Gateway API on your cluster are compatible

ℹ️ A separate helm chart, just for CRDs, is being considered for a future release. See PR #​1123

⚠ BREAKING CHANGES
  • Env Variables: allow extending env without overwrite
  • certificateResolvers: 💥 🐛 use same syntax in Chart and in Traefik
  • Kubernetes Ingress: 💥 ✨ enable publishedService by default
  • Traefik: 💥 set 8080 as default port for traefik entrypoint
Features
  • Gateway API: ✨ add infrastructure in the values (2b28f7b)
  • Gateway API: ✨ standard install CRD v1.2.0 (4432f3c)
  • Traefik Proxy: update traefik docker tag to v3.2.0 (323e139)
  • Traefik Proxy: ✨ support Gateway API statusAddress (e7dcac1)
  • Traefik Proxy: CRDs for v3.2+ (d3c6d4c)
Bug Fixes
  • certificateResolvers: 💥 🐛 use same syntax in Chart and in Traefik (016822d)
  • Env Variables: allow extending env without overwrite (20f54b6)
  • Gateway API: 🐛 add missing required RBAC for v3.2 with experimental Channel (b872549)
  • schema: 🐛 targetPort can also be a string (12fee7e)
  • use correct children indentation for logs.access.filters (59073ef)
  • Kubernetes Ingress: 💥 ✨ enable publishedService by default (f7a96da)
  • Traefik: 💥 set 8080 as default port for traefik entrypoint (2b32ce7)
  • Traefik Hub: RBAC for distributedAcme (74abfee)
  • 🐛 http3 with internal service (7558e63)

New Contributors


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

| datasource | package | from   | to     |
| ---------- | ------- | ------ | ------ |
| helm       | traefik | 32.1.1 | 33.0.0 |
@bendo-bot bendo-bot bot requested a review from mmalyska October 30, 2024 14:02
@bendo-bot bendo-bot bot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. area/cluster Changes made in the cluster directory labels Oct 30, 2024
Copy link

Path: cluster/system/traefik

@@ -1,333 +1 @@
 Getting updates for unmanaged Helm repositories... ...Successfully got an update from the "https://traefik.github.io/charts" chart repository Saving 1 charts Downloading traefik from repo https://traefik.github.io/charts Deleting outdated charts
----
-# Source: external-traefik-subchart/charts/traefik/templates/rbac/serviceaccount.yaml
-kind: ServiceAccount
-apiVersion: v1
-metadata:
-  name: release-name-traefik
-  namespace: default
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: release-name-default
-    app.kubernetes.io/managed-by: Helm
-  annotations:
-automountServiceAccountToken: false
----
-# Source: external-traefik-subchart/charts/traefik/templates/rbac/clusterrole.yaml
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: release-name-traefik-default
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: release-name-default
-    app.kubernetes.io/managed-by: Helm
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - nodes
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - ""
-    resources:
-      - services
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - discovery.k8s.io
-    resources:
-      - endpointslices
-    verbs:
-      - list
-      - watch
-  - apiGroups:
-      - ""
-    resources:
-      - secrets
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - extensions
-      - networking.k8s.io
-    resources:
-      - ingressclasses
-      - ingresses
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - extensions
-      - networking.k8s.io
-    resources:
-      - ingresses/status
-    verbs:
-      - update
-  - apiGroups:
-      - traefik.io
-    resources:
-      - ingressroutes
-      - ingressroutetcps
-      - ingressrouteudps
-      - middlewares
-      - middlewaretcps
-      - serverstransports
-      - serverstransporttcps
-      - tlsoptions
-      - tlsstores
-      - traefikservices
-    verbs:
-      - get
-      - list
-      - watch
----
-# Source: external-traefik-subchart/charts/traefik/templates/rbac/clusterrolebinding.yaml
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: release-name-traefik-default
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: release-name-default
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: release-name-traefik-default
-subjects:
-  - kind: ServiceAccount
-    name: release-name-traefik
-    namespace: default
----
-# Source: external-traefik-subchart/charts/traefik/templates/service.yaml
-apiVersion: v1
-kind: Service
-metadata:
-  name: release-name-traefik
-  namespace: default
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: release-name-default
-    app.kubernetes.io/managed-by: Helm
-  annotations:
-    io.cilium/lb-ipam-ips: 192.168.48.21
-spec:
-  type: LoadBalancer
-  selector:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: release-name-default
-  ports:
-    - port: 80
-      name: "web"
-      targetPort: web
-      protocol: TCP
-    - port: 443
-      name: "websecure"
-      targetPort: websecure
-      protocol: TCP
----
-# Source: external-traefik-subchart/charts/traefik/templates/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: release-name-traefik
-  namespace: default
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: release-name-default
-    app.kubernetes.io/managed-by: Helm
-  annotations:
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: traefik
-      app.kubernetes.io/instance: release-name-default
-  strategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxUnavailable: 0
-      maxSurge: 1
-  minReadySeconds: 0
-  template:
-    metadata:
-      annotations:
-        prometheus.io/scrape: "true"
-        prometheus.io/path: "/metrics"
-        prometheus.io/port: "9100"
-      labels:
-        app.kubernetes.io/name: traefik
-        app.kubernetes.io/instance: release-name-default
-        app.kubernetes.io/managed-by: Helm
-    spec:
-      serviceAccountName: release-name-traefik
-      automountServiceAccountToken: true
-      terminationGracePeriodSeconds: 60
-      hostNetwork: false
-      containers:
-        - image: docker.io/traefik:v3.1.6
-          imagePullPolicy: IfNotPresent
-          name: release-name-traefik
-          resources:
-          readinessProbe:
-            httpGet:
-              path: /ping
-              port: 9000
-              scheme: HTTP
-            failureThreshold: 1
-            initialDelaySeconds: 2
-            periodSeconds: 10
-            successThreshold: 1
-            timeoutSeconds: 2
-          livenessProbe:
-            httpGet:
-              path: /ping
-              port: 9000
-              scheme: HTTP
-            failureThreshold: 3
-            initialDelaySeconds: 2
-            periodSeconds: 10
-            successThreshold: 1
-            timeoutSeconds: 2
-          lifecycle:
-          ports:
-            - name: "metrics"
-              containerPort: 9100
-              protocol: "TCP"
-            - name: "traefik"
-              containerPort: 9000
-              protocol: "TCP"
-            - name: "web"
-              containerPort: 8000
-              protocol: "TCP"
-            - name: "websecure"
-              containerPort: 8443
-              protocol: "TCP"
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-                - ALL
-            readOnlyRootFilesystem: true
-          volumeMounts:
-            - name: data
-              mountPath: /data
-            - name: tmp
-              mountPath: /tmp
-          args:
-            - "--global.checknewversion"
-            - "--global.sendanonymoususage"
-            - "--entryPoints.metrics.address=:9100/tcp"
-            - "--entryPoints.traefik.address=:9000/tcp"
-            - "--entryPoints.web.address=:8000/tcp"
-            - "--entryPoints.websecure.address=:8443/tcp"
-            - "--api.dashboard=true"
-            - "--ping=true"
-            - "--metrics.prometheus=true"
-            - "--metrics.prometheus.entrypoint=metrics"
-            - "--providers.kubernetescrd"
-            - "--providers.kubernetescrd.ingressClass=traefik"
-            - "--providers.kubernetescrd.allowCrossNamespace=true"
-            - "--providers.kubernetescrd.allowExternalNameServices=true"
-            - "--providers.kubernetescrd.allowEmptyServices=true"
-            - "--providers.kubernetesingress"
-            - "--providers.kubernetesingress.allowExternalNameServices=true"
-            - "--providers.kubernetesingress.allowEmptyServices=true"
-            - "--providers.kubernetesingress.ingressendpoint.publishedservice=default/release-name-traefik"
-            - "--providers.kubernetesingress.ingressClass=traefik"
-            - "--entryPoints.web.http.redirections.entryPoint.to=:443"
-            - "--entryPoints.web.http.redirections.entryPoint.scheme=https"
-            - "--entryPoints.websecure.http.tls=true"
-            - "--log.level=INFO"
-            - "--accesslog=true"
-            - "--accesslog.filters.statuscodes=400-405,500"
-            - "--accesslog.fields.defaultmode=keep"
-            - "--accesslog.fields.headers.defaultmode=drop"
-          env:
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: POD_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-      volumes:
-        - name: data
-          emptyDir: {}
-        - name: tmp
-          emptyDir: {}
-      securityContext:
-        runAsGroup: 65532
-        runAsNonRoot: true
-        runAsUser: 65532
----
-# Source: external-traefik-subchart/charts/traefik/templates/ingressclass.yaml
-apiVersion: networking.k8s.io/v1
-kind: IngressClass
-metadata:
-  annotations:
-    ingressclass.kubernetes.io/is-default-class: "true"
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: release-name-default
-    app.kubernetes.io/managed-by: Helm
-  name: release-name-traefik
-spec:
-  controller: traefik.io/ingress-controller
----
-# Source: external-traefik-subchart/templates/cert.yaml
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: tls-cert
-  namespace: traefik
-spec:
-  secretName: tls-cert
-  issuerRef:
-    name: lets-encrypt-dns01-production-cf
-    kind: ClusterIssuer
-  commonName: '<secret:private-domain>'
-  dnsNames:
-    - '<secret:private-domain>'
-    - '*.<secret:private-domain>'
----
-# Source: external-traefik-subchart/templates/dashboard.yaml
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: dashboard
-  namespace: traefik
-  annotations:
-    kubernetes.io/ingress.class: traefik
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`traefik.<secret:private-domain>`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
-      kind: Rule
-      services:
-        - name: api@internal
-          kind: TraefikService
----
-# Source: external-traefik-subchart/charts/traefik/templates/tlsstore.yaml
-apiVersion: traefik.io/v1alpha1
-kind: TLSStore
-metadata:
-  name: default
-  namespace: default
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/instance: release-name-default
-    app.kubernetes.io/managed-by: Helm
-spec:
-  defaultCertificate:
-    secretName: tls-cert

@bendo-bot
Copy link
Contributor Author

bendo-bot bot commented Oct 30, 2024

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time
✅ ANSIBLE ansible-lint yes no 8.9s
✅ REPOSITORY git_diff yes no 0.06s
✅ REPOSITORY secretlint yes no 1.54s
✅ YAML prettier 1 0 0.37s
✅ YAML yamllint 1 0 0.3s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

@mmalyska mmalyska merged commit fbe50db into main Oct 30, 2024
12 checks passed
@mmalyska mmalyska deleted the renovate/traefik-33.x branch October 30, 2024 14:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/cluster Changes made in the cluster directory dep/major renovate/helm size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant