diff --git a/traefik/Changelog.md b/traefik/Changelog.md index 62162c67e..1e4b09488 100644 --- a/traefik/Changelog.md +++ b/traefik/Changelog.md @@ -1,11 +1,110 @@ # Change Log +## 26.0.0 ![AppVersion: v2.10.6](https://img.shields.io/static/v1?label=AppVersion&message=v2.10.6&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) + +**Release date:** 2023-12-04 + +* fix: 🐛 improve confusing suggested value on openTelemetry.grpc +* fix: 🐛 declare http3 udp port, with or without hostport +* feat: 💥 deployment.podannotations support interpolation with tpl +* feat: allow update of namespace policy for websecure listener +* feat: allow defining startupProbe +* feat: add file provider +* feat: :boom: unify plugin import between traefik and this chart +* chore(release): 🚀 publish v26 +* chore(deps): update traefik docker tag to v2.10.6 +* Release namespace for Prometheus Operator resources + +### Default value changes + +```diff +diff --git a/traefik/values.yaml b/traefik/values.yaml +index 71e377e..f9dac91 100644 +--- a/traefik/values.yaml ++++ b/traefik/values.yaml +@@ -40,6 +40,7 @@ deployment: + # -- Additional deployment labels (e.g. for filtering deployment by custom labels) + labels: {} + # -- Additional pod annotations (e.g. for mesh injection or prometheus scraping) ++ # It supports templating. One can set it with values like traefik/name: '{{ template "traefik.name" . }}' + podAnnotations: {} + # -- Additional Pod labels (e.g. for filtering Pod by custom labels) + podLabels: {} +@@ -119,10 +120,12 @@ experimental: + # This value is no longer used, set the image.tag to a semver higher than 3.0, e.g. "v3.0.0-beta3" + # v3: + # -- Enable traefik version 3 +- # enabled: false +- plugins: +- # -- Enable traefik experimental plugins +- enabled: false ++ ++ # -- Enable traefik experimental plugins ++ plugins: {} ++ # demo: ++ # moduleName: github.com/traefik/plugindemo ++ # version: v0.2.1 + kubernetesGateway: + # -- Enable traefik experimental GatewayClass CRD + enabled: false +@@ -206,6 +209,17 @@ livenessProbe: + # -- The number of seconds to wait for a probe response before considering it as failed. + timeoutSeconds: 2 + ++# -- Define Startup Probe for container: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes ++# eg. ++# `startupProbe: ++# exec: ++# command: ++# - mycommand ++# - foo ++# initialDelaySeconds: 5 ++# periodSeconds: 5` ++startupProbe: ++ + providers: + kubernetesCRD: + # -- Load Kubernetes IngressRoute provider +@@ -241,6 +255,23 @@ providers: + # By default this Traefik service + # pathOverride: "" + ++ file: ++ # -- Create a file provider ++ enabled: false ++ # -- Allows Traefik to automatically watch for file changes ++ watch: true ++ # -- File content (YAML format, go template supported) (see https://doc.traefik.io/traefik/providers/file/) ++ content: "" ++ # http: ++ # routers: ++ # router0: ++ # entryPoints: ++ # - web ++ # middlewares: ++ # - my-basic-auth ++ # service: service-foo ++ # rule: Path(`/foo`) ++ + # + # -- Add volumes to the traefik pod. The volume name will be passed to tpl. + # This can be used to mount a cert pair or a configmap that holds a config.toml file. +@@ -487,7 +518,7 @@ metrics: + # -- https://doc.traefik.io/traefik/observability/tracing/overview/ + tracing: {} + # openTelemetry: # traefik v3+ only +-# grpc: {} ++# grpc: true + # insecure: true + # address: localhost:4317 + # instana: +``` + ## 25.0.0 ![AppVersion: v2.10.5](https://img.shields.io/static/v1?label=AppVersion&message=v2.10.5&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) -**Release date:** 2023-10-16 +**Release date:** 2023-10-23 * revert: "fix: 🐛 remove old CRDs using traefik.containo.us" -* fix: 🐛 warn user when he's using previous syntax on redirect * fix: 🐛 remove old CRDs using traefik.containo.us * fix: disable ClusterRole and ClusterRoleBinding when not needed * fix: detect correctly v3 version when using sha in `image.tag` @@ -17,7 +116,7 @@ * feat: :boom: rework and allow update of namespace policy for Gateway * docs: Fix typo in the default values file * chore: remove label whitespace at TLSOption -* chore(release): 🚀 publish v25.0.0 +* chore(release): publish v25.0.0 * chore(deps): update traefik docker tag to v2.10.5 * chore(deps): update docker.io/helmunittest/helm-unittest docker tag to v3.12.3 * chore(ci): 🔧 👷 add e2e test when releasing @@ -128,11 +227,11 @@ index aeec85c..71e377e 100644 + # port: 9000 + # host: localhost + # scheme: HTTP - + # -- Pod disruption budget podDisruptionBudget: @@ -116,9 +116,9 @@ ingressClass: - + # Traefik experimental features experimental: - #This value is no longer used, set the image.tag to a semver higher than 3.0, e.g. "v3.0.0-beta3" @@ -177,7 +276,7 @@ index aeec85c..71e377e 100644 + middlewares: [] + # -- TLS options (e.g. secret containing certificate) + tls: {} - + updateStrategy: # -- Customize updateStrategy: RollingUpdate or OnDelete @@ -204,10 +220,10 @@ providers: @@ -186,7 +285,7 @@ index aeec85c..71e377e 100644 namespaces: [] - # - "default" + # - "default" - + kubernetesIngress: - # -- Load Kubernetes IngressRoute provider + # -- Load Kubernetes Ingress provider @@ -203,7 +302,7 @@ index aeec85c..71e377e 100644 publishedService: enabled: false @@ -243,9 +259,9 @@ volumes: [] - + # -- Additional volumeMounts to add to the Traefik container additionalVolumeMounts: [] - # -- For instance when using a logshipper for access logs @@ -212,7 +311,7 @@ index aeec85c..71e377e 100644 +# -- For instance when using a logshipper for access logs +# - name: traefik-logs +# mountPath: /var/log/traefik - + logs: general: @@ -270,26 +286,26 @@ logs: @@ -248,7 +347,7 @@ index aeec85c..71e377e 100644 + # User-Agent: redact + # Authorization: drop + # Content-Type: keep - + metrics: ## -- Prometheus is enabled by default. @@ -308,118 +324,118 @@ metrics: @@ -574,18 +673,18 @@ index aeec85c..71e377e 100644 +# serverURL: http://localhost:8200 +# secretToken: "" +# serviceEnvironment: "" - + # -- Global command arguments to be passed to all traefik's pods globalArguments: - - "--global.checknewversion" - - "--global.sendanonymoususage" +- "--global.checknewversion" +- "--global.sendanonymoususage" - + # # Configure Traefik static configuration @@ -531,14 +547,14 @@ additionalArguments: [] - + # -- Environment variables to be passed to Traefik's binary env: - - name: POD_NAME @@ -673,7 +772,7 @@ index aeec85c..71e377e 100644 size: 128Mi # storageClass: "" @@ -852,12 +871,12 @@ serviceAccountAnnotations: {} - + # -- The resources parameter defines CPU and memory requirements and limits for Traefik's containers. resources: {} - # requests: @@ -688,7 +787,7 @@ index aeec85c..71e377e 100644 +# limits: +# cpu: "300m" +# memory: "150Mi" - + # -- This example pod anti-affinity forces the scheduler to put traefik pods # -- on nodes where no other traefik pods are scheduled. ``` @@ -730,7 +829,7 @@ index 947ba56..aeec85c 100644 #This value is no longer used, set the image.tag to a semver higher than 3.0, e.g. "v3.0.0-beta3" #v3: # -- Enable traefik version 3 -- # enabled: false +- # enabled: false + # enabled: false plugins: # -- Enable traefik experimental plugins @@ -738,7 +837,7 @@ index 947ba56..aeec85c 100644 @@ -564,15 +571,6 @@ ports: # only. # hostIP: 192.168.100.10 - + - # Override the liveness/readiness port. This is useful to integrate traefik - # with an external Load Balancer that performs healthchecks. - # Default: ports.traefik.port @@ -755,7 +854,7 @@ index 947ba56..aeec85c 100644 nodeSelector: {} # -- Tolerations allow the scheduler to schedule pods with matching taints. tolerations: [] --# -- You can use topology spread constraints to control +-# -- You can use topology spread constraints to control +# -- You can use topology spread constraints to control # how Pods are spread across your cluster among failure-domains. topologySpreadConstraints: [] @@ -790,7 +889,7 @@ index 345bbd8..947ba56 100644 enabled: true isDefaultClass: true + # name: my-custom-class - + # Traefik experimental features experimental: - v3: @@ -798,7 +897,7 @@ index 345bbd8..947ba56 100644 + #v3: # -- Enable traefik version 3 - enabled: false -+ # enabled: false ++ # enabled: false plugins: # -- Enable traefik experimental plugins enabled: false @@ -815,7 +914,7 @@ index 345bbd8..947ba56 100644 # localAgentPort: 42699 @@ -517,7 +523,15 @@ additionalArguments: [] # - "--log.level=DEBUG" - + # -- Environment variables to be passed to Traefik's binary -env: [] +env: @@ -868,7 +967,7 @@ index 345bbd8..947ba56 100644 # -- The exposed port for this service @@ -880,14 +894,15 @@ topologySpreadConstraints: [] priorityClassName: "" - + # -- Set the container security context -# -- To run the container with ports below 1024 this will need to be adjust to run as root +# -- To run the container with ports below 1024 this will need to be adjusted to run as root @@ -877,7 +976,7 @@ index 345bbd8..947ba56 100644 drop: [ALL] readOnlyRootFilesystem: true + allowPrivilegeEscalation: false - + podSecurityContext: - # /!\ When setting fsGroup, Kubernetes will recursively changes ownership and + # /!\ When setting fsGroup, Kubernetes will recursively change ownership and @@ -920,7 +1019,7 @@ index 71273cc..345bbd8 100644 tag: "" + # -- Traefik image pull policy pullPolicy: IfNotPresent - + -# -# Configure integration with Traefik Hub -# @@ -943,7 +1042,7 @@ index 71273cc..345bbd8 100644 - # key: "/path/to/key.pem" +# -- Add additional label to all resources +commonLabels: {} - + # # Configure the deployment # @@ -1031,7 +1130,7 @@ index 71273cc..345bbd8 100644 @@ -107,7 +93,7 @@ deployment: # host: localhost # scheme: HTTP - + -# Pod disruption budget +# -- Pod disruption budget podDisruptionBudget: @@ -1040,13 +1139,13 @@ index 71273cc..345bbd8 100644 @@ -115,93 +101,112 @@ podDisruptionBudget: # minAvailable: 0 # minAvailable: 25% - + -# Create a default IngressClass for Traefik +# -- Create a default IngressClass for Traefik ingressClass: enabled: true isDefaultClass: true - + -# Enable experimental features +# Traefik experimental features experimental: @@ -1073,7 +1172,7 @@ index 71273cc..345bbd8 100644 # Additional gateway annotations (e.g. for cert-manager.io/issuer) # annotations: # cert-manager.io/issuer: letsencrypt - + -# Create an IngressRoute for the dashboard +## Create an IngressRoute for the dashboard ingressRoute: @@ -1100,7 +1199,7 @@ index 71273cc..345bbd8 100644 - # TLS options (e.g. secret containing certificate) + # -- TLS options (e.g. secret containing certificate) tls: {} - + -# Customize updateStrategy of traefik pods updateStrategy: + # -- Customize updateStrategy: RollingUpdate or OnDelete @@ -1108,7 +1207,7 @@ index 71273cc..345bbd8 100644 rollingUpdate: maxUnavailable: 0 maxSurge: 1 - + -# Customize liveness and readiness probe values. readinessProbe: + # -- The number of consecutive failures allowed before considering the probe as failed. @@ -1133,7 +1232,7 @@ index 71273cc..345bbd8 100644 successThreshold: 1 + # -- The number of seconds to wait for a probe response before considering it as failed. timeoutSeconds: 2 - + -# -# Configure providers -# @@ -1152,7 +1251,7 @@ index 71273cc..345bbd8 100644 + # -- Array of namespaces to watch. If left empty, Traefik watches all namespaces. namespaces: [] # - "default" - + kubernetesIngress: + # -- Load Kubernetes IngressRoute provider enabled: true @@ -1168,7 +1267,7 @@ index 71273cc..345bbd8 100644 # IP used for Kubernetes Ingress endpoints @@ -212,13 +217,13 @@ providers: # pathOverride: "" - + # -# Add volumes to the traefik pod. The volume name will be passed to tpl. +# -- Add volumes to the traefik pod. The volume name will be passed to tpl. @@ -1186,7 +1285,7 @@ index 71273cc..345bbd8 100644 @@ -227,25 +232,22 @@ volumes: [] # mountPath: "/config" # type: configMap - + -# Additional volumeMounts to add to the Traefik container +# -- Additional volumeMounts to add to the Traefik container additionalVolumeMounts: [] @@ -1194,7 +1293,7 @@ index 71273cc..345bbd8 100644 + # -- For instance when using a logshipper for access logs # - name: traefik-logs # mountPath: /var/log/traefik - + -## Logs -## https://docs.traefik.io/observability/logs/ logs: @@ -1244,7 +1343,7 @@ index 71273cc..345bbd8 100644 # User-Agent: redact @@ -278,10 +283,10 @@ logs: # Content-Type: keep - + metrics: - ## Prometheus is enabled by default. - ## It can be disabled by setting "prometheus: null" @@ -1259,7 +1358,7 @@ index 71273cc..345bbd8 100644 @@ -404,11 +409,9 @@ metrics: # ## This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC. # grpc: true - + -## -## enable optional CRDs for Prometheus Operator +## -- enable optional CRDs for Prometheus Operator @@ -1272,7 +1371,7 @@ index 71273cc..345bbd8 100644 @@ -455,6 +458,8 @@ metrics: # summary: "Traefik Down" # description: "{{ $labels.pod }} on {{ $labels.nodename }} is down" - + +## Tracing +# -- https://doc.traefik.io/traefik/observability/tracing/overview/ tracing: {} @@ -1281,12 +1380,12 @@ index 71273cc..345bbd8 100644 @@ -497,20 +502,21 @@ tracing: {} # secretToken: "" # serviceEnvironment: "" - + +# -- Global command arguments to be passed to all traefik's pods globalArguments: - "--global.checknewversion" - "--global.sendanonymoususage" - + # # Configure Traefik static configuration -# Additional arguments to be passed at Traefik's binary @@ -1296,7 +1395,7 @@ index 71273cc..345bbd8 100644 additionalArguments: [] # - "--providers.kubernetesingress.ingressclass=traefik-internal" # - "--log.level=DEBUG" - + -# Environment variables to be passed to Traefik's binary +# -- Environment variables to be passed to Traefik's binary env: [] @@ -1305,14 +1404,14 @@ index 71273cc..345bbd8 100644 @@ -525,22 +531,20 @@ env: [] # name: secret-name # key: secret-key - + +# -- Environment variables to be passed to Traefik's binary from configMaps or secrets envFrom: [] # - configMapRef: # name: config-map-name # - secretRef: # name: secret-name - + -# Configure ports ports: - # The name of this one can't be changed as it is used for the readiness and @@ -1439,7 +1538,7 @@ index 71273cc..345bbd8 100644 - # The port protocol (TCP/UDP) + # -- The port protocol (TCP/UDP) protocol: TCP - + -# TLS Options are created as TLSOption CRDs +# -- TLS Options are created as TLSOption CRDs # https://doc.traefik.io/traefik/https/tls/#tls-options @@ -1448,7 +1547,7 @@ index 71273cc..345bbd8 100644 @@ -684,7 +690,7 @@ ports: # - CurveP384 tlsOptions: {} - + -# TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate +# -- TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate # https://doc.traefik.io/traefik/https/tls/#default-certificate @@ -1457,7 +1556,7 @@ index 71273cc..345bbd8 100644 @@ -693,24 +699,22 @@ tlsOptions: {} # secretName: tls-cert tlsStore: {} - + -# Options for the main traefik service, where the entrypoints traffic comes -# from. service: @@ -1508,7 +1607,7 @@ index 71273cc..345bbd8 100644 @@ -739,9 +745,8 @@ service: # # externalIPs: [] # # ipFamilies: [ "IPv4","IPv6" ] - + -## Create HorizontalPodAutoscaler object. -## autoscaling: @@ -1519,7 +1618,7 @@ index 71273cc..345bbd8 100644 @@ -766,10 +771,10 @@ autoscaling: # value: 1 # periodSeconds: 60 - + -# Enable persistence using Persistent Volume Claims -# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -# It can be used to store TLS certificates, see `storage` in certResolvers @@ -1537,7 +1636,7 @@ index 71273cc..345bbd8 100644 - # subPath: "" # only mount a subpath of the Volume into the pod + # -- Only mount a subpath of the Volume into the pod + # subPath: "" - + +# -- Certificates resolvers configuration certResolvers: {} # letsencrypt: @@ -1545,14 +1644,14 @@ index 71273cc..345bbd8 100644 @@ -802,13 +809,13 @@ certResolvers: {} # # It has to match the path with a persistent volume # storage: /data/acme.json - + -# If hostNetwork is true, runs traefik in the host network namespace +# -- If hostNetwork is true, runs traefik in the host network namespace # To prevent unschedulabel pods due to port collisions, if hostNetwork=true # and replicas>1, a pod anti-affinity is recommended and will be set if the # affinity is left as default. hostNetwork: false - + -# Whether Role Based Access Control objects like roles and rolebindings should be created +# -- Whether Role Based Access Control objects like roles and rolebindings should be created rbac: @@ -1561,23 +1660,23 @@ index 71273cc..345bbd8 100644 @@ -818,19 +825,20 @@ rbac: # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles # aggregateTo: [ "admin" ] - + -# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding +# -- Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding podSecurityPolicy: enabled: false - + -# The service account the pods will use to interact with the Kubernetes API +# -- The service account the pods will use to interact with the Kubernetes API serviceAccount: # If set, an existing service account is used # If not set, a service account is created automatically using the fullname template name: "" - + -# Additional serviceAccount annotations (e.g. for oidc authentication) +# -- Additional serviceAccount annotations (e.g. for oidc authentication) serviceAccountAnnotations: {} - + +# -- The resources parameter defines CPU and memory requirements and limits for Traefik's containers. resources: {} # requests: @@ -1585,7 +1684,7 @@ index 71273cc..345bbd8 100644 @@ -839,8 +847,8 @@ resources: {} # cpu: "300m" # memory: "150Mi" - + -# This example pod anti-affinity forces the scheduler to put traefik pods -# on nodes where no other traefik pods are scheduled. +# -- This example pod anti-affinity forces the scheduler to put traefik pods @@ -1596,12 +1695,12 @@ index 71273cc..345bbd8 100644 @@ -851,11 +859,15 @@ affinity: {} # app.kubernetes.io/instance: '{{ .Release.Name }}-{{ .Release.Namespace }}' # topologyKey: kubernetes.io/hostname - + +# -- nodeSelector is the simplest recommended form of node selection constraint. nodeSelector: {} +# -- Tolerations allow the scheduler to schedule pods with matching taints. tolerations: [] -+# -- You can use topology spread constraints to control ++# -- You can use topology spread constraints to control +# how Pods are spread across your cluster among failure-domains. topologySpreadConstraints: [] -# # This example topologySpreadConstraints forces the scheduler to put traefik pods @@ -1614,13 +1713,13 @@ index 71273cc..345bbd8 100644 @@ -863,29 +875,33 @@ topologySpreadConstraints: [] # topologyKey: kubernetes.io/hostname # whenUnsatisfiable: DoNotSchedule - + -# Pods can have priority. -# Priority indicates the importance of a Pod relative to other Pods. +# -- Pods can have priority. +# -- Priority indicates the importance of a Pod relative to other Pods. priorityClassName: "" - + -# Set the container security context -# To run the container with ports below 1024 this will need to be adjust to run as root +# -- Set the container security context @@ -1629,7 +1728,7 @@ index 71273cc..345bbd8 100644 capabilities: drop: [ALL] readOnlyRootFilesystem: true - + podSecurityContext: -# # /!\ When setting fsGroup, Kubernetes will recursively changes ownership and -# # permissions for the contents of each volume to match the fsGroup. This can @@ -1647,7 +1746,7 @@ index 71273cc..345bbd8 100644 runAsNonRoot: true + # -- The ID of the user for all containers in the pod to run as. runAsUser: 65532 - + # -# Extra objects to deploy (value evaluated as a template) +# -- Extra objects to deploy (value evaluated as a template) @@ -1763,7 +1862,7 @@ index 4762b77..9ece303 100644 --- a/traefik/values.yaml +++ b/traefik/values.yaml @@ -654,12 +654,15 @@ ports: - + # TLS Options are created as TLSOption CRDs # https://doc.traefik.io/traefik/https/tls/#tls-options +# When using `labelSelector`, you'll need to set labels on tlsOption accordingly. @@ -1842,7 +1941,7 @@ index cadc7a6..4762b77 100644 runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 - + -podSecurityContext: - fsGroup: 65532 - @@ -1884,7 +1983,7 @@ index 780b04b..cadc7a6 100644 middlewares: [] + # TLS options (e.g. secret containing certificate) + tls: {} - + # Customize updateStrategy of traefik pods updateStrategy: @@ -750,6 +752,7 @@ persistence: @@ -1997,7 +2096,7 @@ index b77539d..42a27f9 100644 --- a/traefik/values.yaml +++ b/traefik/values.yaml @@ -107,6 +107,8 @@ ingressClass: - + # Enable experimental features experimental: + v3: @@ -2047,7 +2146,7 @@ index b77539d..42a27f9 100644 +# insecureSkipVerify: true +# ## This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC. +# grpc: true - + ## ## enable optional CRDs for Prometheus Operator @@ -510,6 +548,8 @@ ports: @@ -2095,7 +2194,7 @@ index 4f2fb2a..b77539d 100644 + # Additional gateway annotations (e.g. for cert-manager.io/issuer) + # annotations: + # cert-manager.io/issuer: letsencrypt - + # Create an IngressRoute for the dashboard ingressRoute: @@ -219,7 +222,8 @@ logs: @@ -2128,7 +2227,7 @@ index 15f1682..4f2fb2a 100644 @@ -211,10 +211,10 @@ additionalVolumeMounts: [] # - name: traefik-logs # mountPath: /var/log/traefik - + -# Logs -# https://docs.traefik.io/observability/logs/ +## Logs @@ -2184,7 +2283,7 @@ index 15f1682..4f2fb2a 100644 # Authorization: drop # Content-Type: keep @@ -693,10 +694,7 @@ autoscaling: - + # Enable persistence using Persistent Volume Claims # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -# After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg: @@ -2202,7 +2301,7 @@ index 15f1682..4f2fb2a 100644 -# # match the path to persistence +# # It has to match the path with a persistent volume # storage: /data/acme.json - + # If hostNetwork is true, runs traefik in the host network namespace ``` @@ -2252,7 +2351,7 @@ index e49d02d..15f1682 100644 # * add an internal (ClusterIP) Service, dedicated for Traefik Hub @@ -254,16 +254,96 @@ logs: # Content-Type: keep - + metrics: - # datadog: - # address: 127.0.0.1:8125 @@ -2489,7 +2588,7 @@ index 2ec3736..97a1b71 100644 entryPoints: ["traefik"] + # Additional ingressRoute middlewares (e.g. for authentication) + middlewares: [] - + # Customize updateStrategy of traefik pods updateStrategy: ``` @@ -2512,7 +2611,7 @@ index 413aa88..2ec3736 100644 @@ -134,9 +134,12 @@ ingressRoute: # /!\ Do not expose your dashboard without any protection over the internet /!\ entryPoints: ["traefik"] - + -rollingUpdate: - maxUnavailable: 0 - maxSurge: 1 @@ -2522,7 +2621,7 @@ index 413aa88..2ec3736 100644 + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 - + # Customize liveness and readiness probe values. readinessProbe: ``` @@ -2610,7 +2709,7 @@ index 69190f1..b24c1cb 100644 @@ -100,11 +100,10 @@ podDisruptionBudget: # minAvailable: 0 # minAvailable: 25% - + -# Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x +# Create a default IngressClass for Traefik ingressClass: @@ -2619,7 +2718,7 @@ index 69190f1..b24c1cb 100644 - isDefaultClass: false + enabled: true + isDefaultClass: true - + # Enable experimental features experimental: ``` @@ -2678,7 +2777,7 @@ index 8033a87..69190f1 100644 + # # loadBalancerSourceRanges: [] + # # externalIPs: [] + # # ipFamilies: [ "IPv4","IPv6" ] - + ## Create HorizontalPodAutoscaler object. ## ``` @@ -2699,7 +2798,7 @@ index acce704..8033a87 100644 @@ -5,6 +5,27 @@ image: tag: "" pullPolicy: IfNotPresent - + +# +# Configure integration with Traefik Hub +# @@ -2749,7 +2848,7 @@ index 807bd09..acce704 100644 --- a/traefik/values.yaml +++ b/traefik/values.yaml @@ -87,8 +87,6 @@ ingressClass: - + # Enable experimental features experimental: - http3: @@ -2841,7 +2940,7 @@ index 6a90bc6..807bd09 100644 -# app.kubernetes.io/instance: '{{ .Release.Name }}' +# app.kubernetes.io/instance: '{{ .Release.Name }}-{{ .Release.Namespace }}' # topologyKey: kubernetes.io/hostname - + nodeSelector: {} ``` @@ -2960,7 +3059,7 @@ index 7e335b5..9b5afc4 100644 + # annotations: + # summary: "Traefik Down" + # description: "{{ $labels.pod }} on {{ $labels.nodename }} is down" - + tracing: {} # instana: ``` @@ -2991,7 +3090,7 @@ index 03fdaed..7e335b5 100644 - token: "" - # Toggle Pilot Dashboard - # dashboard: false - + # Enable experimental features experimental: ``` @@ -3027,7 +3126,7 @@ index 76aac93..03fdaed 100644 + # Enable user-facing roles + # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + # aggregateTo: [ "admin" ] - + # Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding podSecurityPolicy: ``` @@ -3061,12 +3160,12 @@ index 781ac15..76aac93 100644 +++ b/traefik/values.yaml @@ -555,7 +555,7 @@ rbac: enabled: true - + # If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces. - # If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace + # If set to true, installs Role and RoleBinding. Providers will only watch target namespace. namespaced: false - + # Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding ``` @@ -3091,7 +3190,7 @@ index fc2c371..781ac15 100644 --- a/traefik/values.yaml +++ b/traefik/values.yaml @@ -593,6 +593,15 @@ affinity: {} - + nodeSelector: {} tolerations: [] +topologySpreadConstraints: [] @@ -3103,7 +3202,7 @@ index fc2c371..781ac15 100644 +# maxSkew: 1 +# topologyKey: kubernetes.io/hostname +# whenUnsatisfiable: DoNotSchedule - + # Pods can have priority. # Priority indicates the importance of a Pod relative to other Pods. ``` @@ -3233,7 +3332,7 @@ index 4431c36..a4e4ff2 100644 + nodeSelector: {} tolerations: [] - + ``` ## 12.0.6 ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) @@ -3257,12 +3356,12 @@ index 3526729..4431c36 100644 --- a/traefik/values.yaml +++ b/traefik/values.yaml @@ -342,6 +342,7 @@ ports: - + # Override the liveness/readiness port. This is useful to integrate traefik # with an external Load Balancer that performs healthchecks. + # Default: ports.traefik.port # healthchecksPort: 9000 - + # Override the liveness/readiness scheme. Useful for getting ping to ``` @@ -3329,7 +3428,7 @@ index 2bd51f8..3526729 100644 +# - type: Pods +# value: 1 +# periodSeconds: 60 - + # Enable persistence using Persistent Volume Claims # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ``` @@ -3363,12 +3462,12 @@ index 844cadc..2bd51f8 100644 +++ b/traefik/values.yaml @@ -126,20 +126,20 @@ ingressRoute: entryPoints: ["traefik"] - + rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 0 maxSurge: 1 - + # Customize liveness and readiness probe values. readinessProbe: failureThreshold: 1 @@ -3377,7 +3476,7 @@ index 844cadc..2bd51f8 100644 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 - + livenessProbe: failureThreshold: 3 - initialDelaySeconds: 10 @@ -3401,7 +3500,7 @@ index c926bd9..844cadc 100644 --- a/traefik/values.yaml +++ b/traefik/values.yaml @@ -598,3 +598,10 @@ securityContext: - + podSecurityContext: fsGroup: 65532 + @@ -3466,7 +3565,7 @@ index c9feb76..3957448 100644 + # By default, it's using traefik entrypoint, which is not exposed. + # /!\ Do not expose your dashboard without any protection over the internet /!\ + entryPoints: ["traefik"] - + rollingUpdate: maxUnavailable: 1 ``` @@ -3501,7 +3600,7 @@ index fed4a8a..c9feb76 100644 @@ -340,6 +340,10 @@ ports: # with an external Load Balancer that performs healthchecks. # healthchecksPort: 9000 - + + # Override the liveness/readiness scheme. Useful for getting ping to + # respond on websecure entryPoint. + # healthchecksScheme: HTTPS @@ -3525,7 +3624,7 @@ index d1708cc..fed4a8a 100644 --- a/traefik/values.yaml +++ b/traefik/values.yaml @@ -247,12 +247,45 @@ metrics: - + tracing: {} # instana: - # enabled: true @@ -3568,7 +3667,7 @@ index d1708cc..fed4a8a 100644 + # serverURL: http://localhost:8200 + # secretToken: "" + # serviceEnvironment: "" - + globalArguments: - "--global.checknewversion" ``` @@ -3601,7 +3700,7 @@ index 19a133c..d1708cc 100644 + # port: 9000 + # host: localhost + # scheme: HTTP - + # Pod disruption budget podDisruptionBudget: ``` @@ -3667,7 +3766,7 @@ index d4011c3..d9c745e 100644 @@ -373,6 +373,15 @@ ports: # - CurveP384 tlsOptions: {} - + +# TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate +# https://doc.traefik.io/traefik/https/tls/#default-certificate +# Example: @@ -3818,7 +3917,7 @@ index a16b107..e141e29 100644 @@ -433,6 +433,27 @@ persistence: annotations: {} # subPath: "" # only mount a subpath of the Volume into the pod - + +certResolvers: {} +# letsencrypt: +# # for challenge options cf. https://doc.traefik.io/traefik/https/acme/ @@ -3926,7 +4025,7 @@ index 15f1103..02ab704 100644 @@ -110,6 +110,20 @@ rollingUpdate: maxUnavailable: 1 maxSurge: 1 - + +# Customize liveness and readiness probe values. +readinessProbe: + failureThreshold: 1 @@ -3941,7 +4040,7 @@ index 15f1103..02ab704 100644 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 - + # # Configure providers ``` @@ -3968,7 +4067,7 @@ index 4dccd1a..15f1103 100644 + # debug: false + # globalTag: "" + # prioritySampling: false - + globalArguments: - "--global.checknewversion" ``` @@ -4023,7 +4122,7 @@ index cd4d49b..1f9dbbe 100644 + # addRoutersLabels: true # statsd: # address: localhost:8125 - + ``` ## 10.14.2 ![AppVersion: 2.6.1](https://img.shields.io/static/v1?label=AppVersion&message=2.6.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) @@ -4054,7 +4153,7 @@ index d49122f..cd4d49b 100644 --- a/traefik/values.yaml +++ b/traefik/values.yaml @@ -83,6 +83,8 @@ pilot: - + # Enable experimental features experimental: + http3: @@ -4097,7 +4196,7 @@ index 32fce6f..d49122f 100644 + # ipFamilies: + # - IPv4 + # - IPv6 - + ## Create HorizontalPodAutoscaler object. ## ``` @@ -4159,7 +4258,7 @@ index 8c72905..ab25456 100644 +# topologyKey: kubernetes.io/hostname nodeSelector: {} tolerations: [] - + ``` ## 10.11.0 ![AppVersion: 2.6.0](https://img.shields.io/static/v1?label=AppVersion&message=2.6.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) @@ -4178,7 +4277,7 @@ index 7fe4a2c..8c72905 100644 @@ -208,6 +208,10 @@ metrics: # statsd: # address: localhost:8125 - + +tracing: {} + # instana: + # enabled: true @@ -4236,7 +4335,7 @@ index 79df205..8ae4bd8 100644 --- a/traefik/values.yaml +++ b/traefik/values.yaml @@ -123,6 +123,7 @@ providers: - + kubernetesIngress: enabled: true + allowExternalNameServices: false @@ -4288,7 +4387,7 @@ index e0655c8..7e9186b 100644 imagePullSecrets: [] - # - name: myRegistryKeySecretName + # - name: myRegistryKeySecretName - + # Pod disruption budget podDisruptionBudget: enabled: false @@ -4296,7 +4395,7 @@ index e0655c8..7e9186b 100644 + # maxUnavailable: 33% # minAvailable: 0 + # minAvailable: 25% - + # Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x ingressClass: ``` @@ -4331,7 +4430,7 @@ index 3ec7105..e0655c8 100644 # - 1.2.3.4 + # One of SingleStack, PreferDualStack, or RequireDualStack. + # ipFamilyPolicy: SingleStack - + ## Create HorizontalPodAutoscaler object. ## ``` @@ -4565,7 +4664,7 @@ index 04d336c..72a01ea 100644 # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1" - fallbackApiVersion: + fallbackApiVersion: "" - + # Activate Pilot integration pilot: ``` @@ -4607,7 +4706,7 @@ index f6e370a..04d336c 100644 @@ -186,6 +186,17 @@ logs: # Authorization: drop # Content-Type: keep - + +metrics: + # datadog: + # address: 127.0.0.1:8125 @@ -4640,7 +4739,7 @@ index f6e370a..04d336c 100644 + exposedPort: 9100 + # The port protocol (TCP/UDP) + protocol: TCP - + # TLS Options are created as TLSOption CRDs # https://doc.traefik.io/traefik/https/tls/#tls-options ``` @@ -4665,7 +4764,7 @@ index 9bf90ea..f6e370a 100644 + # By default, Gateway would be created to the Namespace you are deploying Traefik to. + # You may create that Gateway in another namespace, setting its name below: + # namespace: default - + # Create an IngressRoute for the dashboard ingressRoute: ``` @@ -4721,12 +4820,12 @@ index b30afac..9bf90ea 100644 @@ -363,7 +363,7 @@ rbac: # If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace namespaced: false - + -# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBindin or ClusterRoleBinding +# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding podSecurityPolicy: enabled: false - + ``` ## 9.19.0 ![AppVersion: 2.4.8](https://img.shields.io/static/v1?label=AppVersion&message=2.4.8&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) @@ -4748,7 +4847,7 @@ index 0aa2d6b..b30afac 100644 isDefaultClass: false + # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1" + fallbackApiVersion: - + # Activate Pilot integration pilot: ``` @@ -4793,7 +4892,7 @@ index 017f771..0aa2d6b 100644 token: "" + # Toggle Pilot Dashboard + # dashboard: false - + # Enable experimental features experimental: ``` @@ -4874,7 +4973,7 @@ index 56abb93..868a985 100644 @@ -225,6 +227,10 @@ ports: # only. # hostIP: 192.168.100.10 - + + # Override the liveness/readiness port. This is useful to integrate traefik + # with an external Load Balancer that performs healthchecks. + # healthchecksPort: 9000 @@ -5014,7 +5113,7 @@ index 50cab94..56485ad 100644 + # - group: "core" + # kind: "Secret" + # name: "mysecret" - + # Create an IngressRoute for the dashboard ingressRoute: ``` @@ -5155,7 +5254,7 @@ index 37dd151..e6b85ca 100644 @@ -111,6 +111,12 @@ volumes: [] # mountPath: "/config" # type: configMap - + +# Additional volumeMounts to add to the Traefik container +additionalVolumeMounts: [] + # For instance when using a logshipper for access logs @@ -5194,7 +5293,7 @@ index 87f60c0..37dd151 100644 + # Additional imagePullSecrets + imagePullSecrets: [] + # - name: myRegistryKeySecretName - + # Pod disruption budget podDisruptionBudget: ``` @@ -5227,7 +5326,7 @@ index 4ca1f8f..87f60c0 100644 + # defaults to appVersion + tag: "" pullPolicy: IfNotPresent - + # ``` @@ -5273,7 +5372,7 @@ index eee3622..4ca1f8f 100644 +# - CurveP521 +# - CurveP384 +tlsOptions: {} - + # Options for the main traefik service, where the entrypoints traffic comes # from. ``` @@ -5294,12 +5393,12 @@ index b7153a1..eee3622 100644 @@ -54,10 +54,16 @@ ingressClass: enabled: false isDefaultClass: false - + +# Activate Pilot integration pilot: enabled: false token: "" - + +# Enable experimental features +experimental: + plugins: @@ -5366,7 +5465,7 @@ index 5a8d8ea..9bac45e 100644 +++ b/traefik/values.yaml @@ -76,7 +76,7 @@ providers: # pathOverride: "" - + # -# Add volumes to the traefik pod. +# Add volumes to the traefik pod. The volume name will be passed to tpl. @@ -5381,7 +5480,7 @@ index 5a8d8ea..9bac45e 100644 +# - name: '{{ printf "%s-configs" .Release.Name }}' # mountPath: "/config" # type: configMap - + ``` ## 9.5.0 ![AppVersion: 2.3.1](https://img.shields.io/static/v1?label=AppVersion&message=2.3.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) @@ -5400,7 +5499,7 @@ index 8c4d866..5a8d8ea 100644 @@ -281,6 +281,10 @@ rbac: # If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace namespaced: false - + +# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBindin or ClusterRoleBinding +podSecurityPolicy: + enabled: false @@ -5430,7 +5529,7 @@ index 3df75a4..8c4d866 100644 - tag: 2.3.0 + tag: 2.3.1 pullPolicy: IfNotPresent - + # ``` @@ -5492,12 +5591,12 @@ index fba955d..a6175ff 100644 - tag: 2.2.8 + tag: 2.3.0 pullPolicy: IfNotPresent - + # @@ -36,6 +36,16 @@ podDisruptionBudget: # maxUnavailable: 1 # minAvailable: 0 - + +# Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x +ingressClass: + # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12 @@ -5591,7 +5690,7 @@ index e161a14..7b74a39 100644 + # Published Kubernetes Service to copy status from. Format: namespace/servicename + # By default this Traefik service + # pathOverride: "" - + # # Add volumes to the traefik pod. ``` @@ -5657,7 +5756,7 @@ index 6f79580..67276f7 100644 @@ -73,6 +73,48 @@ volumes: [] # mountPath: "/config" # type: configMap - + +# Logs +# https://docs.traefik.io/observability/logs/ +logs: @@ -5734,7 +5833,7 @@ index 10b3949..6f79580 100644 name: traefik tag: 2.2.8 + pullPolicy: IfNotPresent - + # # Configure the deployment ``` @@ -5758,7 +5857,7 @@ index 80ddaaa..10b3949 100644 # mountPath: /data + # Custom pod DNS policy. Apply if `hostNetwork: true` + # dnsPolicy: ClusterFirstWithHostNet - + # Pod disruption budget podDisruptionBudget: ``` @@ -5786,7 +5885,7 @@ index 936ab92..80ddaaa 100644 + # to set this value if you need traefik to listen on specific interface + # only. + # hostIP: 192.168.100.10 - + # Defines whether the port is exposed if service.type is LoadBalancer or # NodePort. ``` @@ -5810,7 +5909,7 @@ index 42ee893..936ab92 100644 name: traefik - tag: 2.2.5 + tag: 2.2.8 - + # # Configure the deployment ``` @@ -5834,7 +5933,7 @@ index a7fb668..42ee893 100644 name: traefik - tag: 2.2.1 + tag: 2.2.5 - + # # Configure the deployment ``` @@ -5866,7 +5965,7 @@ index 62e3a77..a7fb668 100644 + # volumeMounts: + # - name: data + # mountPath: /data - + # Pod disruption budget podDisruptionBudget: ``` @@ -5890,7 +5989,7 @@ index 85df29c..62e3a77 100644 # Additional containers (e.g. for metric offloading sidecars) - additionalContainers: {} + additionalContainers: [] - + # Pod disruption budget podDisruptionBudget: ``` @@ -5914,7 +6013,7 @@ index 6a9dfd8..85df29c 100644 podAnnotations: {} + # Additional containers (e.g. for metric offloading sidecars) + additionalContainers: {} - + # Pod disruption budget podDisruptionBudget: ``` @@ -5942,7 +6041,7 @@ index 05f9eab..6a9dfd8 100644 @@ -196,7 +196,7 @@ rbac: # If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace namespaced: false - + -# The service account the pods will use to interact with the Kubernates API +# The service account the pods will use to interact with the Kubernetes API serviceAccount: @@ -5966,7 +6065,7 @@ index 102ae00..05f9eab 100644 @@ -34,6 +34,16 @@ rollingUpdate: maxUnavailable: 1 maxSurge: 1 - + + +# +# Configure providers @@ -6048,7 +6147,7 @@ index 9a9b668..b2f4fc3 100644 + # The port protocol (TCP/UDP) + protocol: TCP # nodePort: 32443 - + # Options for the main traefik service, where the entrypoints traffic comes ``` @@ -6072,7 +6171,7 @@ index e812b98..9a9b668 100644 - maxUnavailable: 1 + # maxUnavailable: 1 # minAvailable: 0 - + # Create an IngressRoute for the dashboard ``` @@ -6092,7 +6191,7 @@ index 5f44e5c..e812b98 100644 @@ -15,6 +15,12 @@ deployment: # Additional pod annotations (e.g. for mesh injection or prometheus scraping) podAnnotations: {} - + +# Pod disruption budget +podDisruptionBudget: + enabled: false @@ -6120,7 +6219,7 @@ index 96bba18..5f44e5c 100644 @@ -165,6 +165,20 @@ persistence: # affinity is left as default. hostNetwork: false - + +# Whether Role Based Access Control objects like roles and rolebindings should be created +rbac: + enabled: true @@ -6137,7 +6236,7 @@ index 96bba18..5f44e5c 100644 + # Additional serviceAccount annotations (e.g. for oidc authentication) serviceAccountAnnotations: {} - + ``` ## 8.2.1 ![AppVersion: 2.2.1](https://img.shields.io/static/v1?label=AppVersion&message=2.2.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) @@ -6163,7 +6262,7 @@ index e35bdf9..96bba18 100644 -# - "--providers.kubernetesingress" +# - "--providers.kubernetesingress.ingressclass=traefik-internal" # - "--log.level=DEBUG" - + # Environment variables to be passed to Traefik's binary ``` @@ -6197,7 +6296,7 @@ index abe2334..e35bdf9 100644 # - "--providers.kubernetesingress" -# - "--logs.level=DEBUG" +# - "--log.level=DEBUG" - + # Environment variables to be passed to Traefik's binary env: [] ``` @@ -6221,7 +6320,7 @@ index 57cc7e1..abe2334 100644 name: traefik - tag: 2.2.0 + tag: 2.2.1 - + # # Configure the deployment ``` @@ -6248,7 +6347,7 @@ index d639f72..57cc7e1 100644 additionalArguments: [] # - "--providers.kubernetesingress" +# - "--logs.level=DEBUG" - + # Environment variables to be passed to Traefik's binary env: [] ``` @@ -6336,7 +6435,7 @@ index 7f8092e..d55a40a 100644 @@ -71,6 +71,12 @@ env: [] # name: secret-name # key: secret-key - + +envFrom: [] +# - configMapRef: +# name: config-map-name @@ -6366,7 +6465,7 @@ index 152339b..7f8092e 100644 path: /data annotations: {} + # subPath: "" # only mount a subpath of the Volume into the pod - + # If hostNetwork is true, runs traefik in the host network namespace # To prevent unschedulabel pods due to port collisions, if hostNetwork=true ``` @@ -6390,7 +6489,7 @@ index 5d294b7..152339b 100644 annotations: {} + # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) + labels: {} - + rollingUpdate: maxUnavailable: 1 ``` @@ -6431,7 +6530,7 @@ index e61a9fd..5d294b7 100644 - # Addtional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) + # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) annotations: {} - + rollingUpdate: ``` @@ -6454,7 +6553,7 @@ index 15d1c25..e61a9fd 100644 enabled: true + # Addtional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) + annotations: {} - + rollingUpdate: maxUnavailable: 1 ``` @@ -6485,7 +6584,7 @@ index 6d6d13f..15d1c25 100644 # - 172.16.0.0/16 + externalIPs: [] + # - 1.2.3.4 - + ## Create HorizontalPodAutoscaler object. ## ``` @@ -6506,7 +6605,7 @@ index 1ac720d..6d6d13f 100644 @@ -52,18 +52,20 @@ globalArguments: additionalArguments: [] # - "--providers.kubernetesingress" - + -# Secret to be set as environment variables to be passed to Traefik's binary -secretEnv: [] - # - name: SOME_VAR @@ -6531,7 +6630,7 @@ index 1ac720d..6d6d13f 100644 +# secretKeyRef: +# name: secret-name +# key: secret-key - + # Configure ports ports: ``` @@ -6552,7 +6651,7 @@ index 85abe42..1ac720d 100644 @@ -151,6 +151,9 @@ persistence: # affinity is left as default. hostNetwork: false - + +# Additional serviceAccount annotations (e.g. for oidc authentication) +serviceAccountAnnotations: {} + @@ -6577,7 +6676,7 @@ index 2f5d132..85abe42 100644 @@ -115,6 +115,22 @@ service: # - 192.168.0.1/32 # - 172.16.0.0/16 - + +## Create HorizontalPodAutoscaler object. +## +autoscaling: @@ -6618,7 +6717,7 @@ index ebd2fde..2f5d132 100644 name: traefik - tag: 2.1.8 + tag: 2.2.0 - + # # Configure the deployment ``` @@ -6642,7 +6741,7 @@ index 65c7665..ebd2fde 100644 name: traefik - tag: 2.1.4 + tag: 2.1.8 - + # # Configure the deployment ``` @@ -6666,7 +6765,7 @@ index 89c7ac1..65c7665 100644 name: traefik - tag: 2.1.3 + tag: 2.1.4 - + # # Configure the deployment ``` @@ -6692,7 +6791,7 @@ index 8d66111..89c7ac1 100644 + annotations: {} # Additional pod annotations (e.g. for mesh injection or prometheus scraping) podAnnotations: {} - + ``` ## 6.0.2 ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) @@ -6717,14 +6816,14 @@ index 490b2b6..8d66111 100644 +++ b/traefik/values.yaml @@ -51,13 +51,13 @@ additionalArguments: [] # - "--providers.kubernetesingress" - + # Secret to be set as environment variables to be passed to Traefik's binary -secretEnv: {} +secretEnv: [] # - name: SOME_VAR # secretName: my-secret-name # secretKey: my-secret-key - + # Environment variables to be passed to Traefik's binary -env: {} +env: [] @@ -6739,7 +6838,7 @@ index 490b2b6..8d66111 100644 + loadBalancerSourceRanges: [] # - 192.168.0.1/32 # - 172.16.0.0/16 - + ``` ## 6.0.0 ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) @@ -6758,7 +6857,7 @@ index 7aebefe..490b2b6 100644 @@ -18,15 +18,10 @@ ingressRoute: dashboard: enabled: true - + -additional: - checkNewVersion: true - sendAnonymousUsage: true @@ -6766,7 +6865,7 @@ index 7aebefe..490b2b6 100644 rollingUpdate: maxUnavailable: 1 maxSurge: 1 - + - # # Add volumes to the traefik pod. @@ -6774,7 +6873,7 @@ index 7aebefe..490b2b6 100644 @@ -43,9 +38,14 @@ volumes: [] # mountPath: "/config" # type: configMap - + +globalArguments: + - "--global.checknewversion" + - "--global.sendanonymoususage" @@ -6790,7 +6889,7 @@ index 7aebefe..490b2b6 100644 @@ -63,7 +63,7 @@ env: {} # - name: SOME_OTHER_VAR # value: some-other-var-value - + -# +# Configure ports ports: @@ -6802,13 +6901,13 @@ index 7aebefe..490b2b6 100644 exposedPort: 443 - # nodePort: 32443 + # nodePort: 32443 - + # Options for the main traefik service, where the entrypoints traffic comes # from. @@ -113,9 +113,6 @@ service: # - 192.168.0.1/32 # - 172.16.0.0/16 - + -logs: - loglevel: WARN - @@ -6839,7 +6938,7 @@ index 38bb263..7aebefe 100644 replicas: 1 # Additional pod annotations (e.g. for mesh injection or prometheus scraping) podAnnotations: {} - + +# Create an IngressRoute for the dashboard +ingressRoute: + dashboard: @@ -6874,7 +6973,7 @@ index ecb2833..38bb263 100644 @@ -123,6 +123,12 @@ persistence: path: /data annotations: {} - + +# If hostNetwork is true, runs traefik in the host network namespace +# To prevent unschedulabel pods due to port collisions, if hostNetwork=true +# and replicas>1, a pod anti-affinity is recommended and will be set if the @@ -6966,7 +7065,7 @@ index 7f31548..ec1d619 100644 +## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress,--global.checknewversion=true}"` additionalArguments: [] # - "--providers.kubernetesingress" - + ``` ## 5.3.2 ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) @@ -7013,7 +7112,7 @@ index ccea845..7f31548 100644 @@ -44,12 +44,18 @@ volumes: [] additionalArguments: [] # - "--providers.kubernetesingress" - + +# Secret to be set as environment variables to be passed to Traefik's binary +secretEnv: {} + # - name: SOME_VAR @@ -7030,7 +7129,7 @@ index ccea845..7f31548 100644 + # value: some-var-value + # - name: SOME_OTHER_VAR + # value: some-other-var-value - + # ports: ``` @@ -7055,7 +7154,7 @@ index 78bbee0..ccea845 100644 + loadBalancerSourceRanges: {} + # - 192.168.0.1/32 + # - 172.16.0.0/16 - + logs: loglevel: WARN ``` @@ -7076,7 +7175,7 @@ index a442fca..78bbee0 100644 @@ -92,15 +92,6 @@ service: # loadBalancerIP: "1.2.3.4" # clusterIP: "2.3.4.5" - + -dashboard: - # Enable the dashboard on Traefik - enable: true @@ -7088,7 +7187,7 @@ index a442fca..78bbee0 100644 - logs: loglevel: WARN - + ``` ## 4.1.3 ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) @@ -7109,7 +7208,7 @@ index 8b2f4db..a442fca 100644 # storageClass: "" path: /data + annotations: {} - + resources: {} # requests: ``` @@ -7128,7 +7227,7 @@ index 2a2554f..8b2f4db 100644 --- a/traefik/values.yaml +++ b/traefik/values.yaml @@ -103,7 +103,20 @@ dashboard: - + logs: loglevel: WARN -# @@ -7167,7 +7266,7 @@ index 5401832..2a2554f 100644 @@ -20,6 +20,23 @@ rollingUpdate: maxUnavailable: 1 maxSurge: 1 - + + +# +# Add volumes to the traefik pod. @@ -7209,7 +7308,7 @@ index 5eab74b..5401832 100644 replicas: 1 + # Additional pod annotations (e.g. for mesh injection or prometheus scraping) + podAnnotations: {} - + additional: checkNewVersion: true ``` @@ -7249,13 +7348,13 @@ index bcc42f8..5eab74b 100644 name: traefik - tag: 2.1.1 + tag: 2.1.3 - + # # Configure the deployment @@ -10,6 +10,10 @@ deployment: # Number of pods of the deployment replicas: 1 - + +additional: + checkNewVersion: true + sendAnonymousUsage: true @@ -7303,7 +7402,7 @@ index 4462359..bcc42f8 100644 @@ -21,6 +21,13 @@ rollingUpdate: additionalArguments: [] # - "--providers.kubernetesingress" - + +# Environment variables to be passed to Traefik's binary +env: {} +# - name: SOME_VAR @@ -7348,7 +7447,7 @@ index b1fe42a..4462359 100644 expose: true exposedPort: 443 + # nodePort: 32443 - + # Options for the main traefik service, where the entrypoints traffic comes # from. ``` diff --git a/traefik/Chart.yaml b/traefik/Chart.yaml index 312a7a963..8f6184cef 100644 --- a/traefik/Chart.yaml +++ b/traefik/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: traefik description: A Traefik based Kubernetes ingress controller type: application -version: 25.0.0 +version: 26.0.0 # renovate: image=traefik appVersion: v2.10.6 kubeVersion: ">=1.16.0-0" @@ -28,17 +28,13 @@ maintainers: icon: https://raw.githubusercontent.com/traefik/traefik/v2.3/docs/content/assets/img/traefik.logo.png annotations: artifacthub.io/changes: | - - "feat: ✨ add healthcheck ingressRoute" - - "feat: :boom: support http redirections and http challenges with cert-manager" - - "feat: :boom: rework and allow update of namespace policy for Gateway" - - "fix: disable ClusterRole and ClusterRoleBinding when not needed" - - "fix: detect correctly v3 version when using sha in `image.tag`" - - "fix: allow updateStrategy.rollingUpdate.maxUnavailable to be passed in as an int or string" - - "fix: add missing separator in crds" - - "fix: add Prometheus scraping annotations only if serviceMonitor not created" - - "docs: Fix typo in the default values file" - - "chore: remove label whitespace at TLSOption" - - "chore(release): 🚀 publish v25.0.0" - - "chore(deps): update traefik docker tag to v2.10.5" - - "chore(deps): update docker.io/helmunittest/helm-unittest docker tag to v3.12.3" - - "chore(ci): 🔧 👷 add e2e test when releasing" + - "fix: 🐛 improve confusing suggested value on openTelemetry.grpc" + - "fix: 🐛 declare http3 udp port, with or without hostport" + - "feat: 💥 deployment.podannotations support interpolation with tpl" + - "feat: allow update of namespace policy for websecure listener" + - "feat: allow defining startupProbe" + - "feat: add file provider" + - "feat: :boom: unify plugin import between traefik and this chart" + - "chore(release): 🚀 publish v26" + - "chore(deps): update traefik docker tag to v2.10.6" + - "Release namespace for Prometheus Operator resources" diff --git a/traefik/VALUES.md b/traefik/VALUES.md index ac9571b70..fb626ea9f 100644 --- a/traefik/VALUES.md +++ b/traefik/VALUES.md @@ -1,6 +1,6 @@ # traefik -![Version: 25.0.0](https://img.shields.io/badge/Version-25.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.10.6](https://img.shields.io/badge/AppVersion-v2.10.6-informational?style=flat-square) +![Version: 26.0.0](https://img.shields.io/badge/Version-26.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.10.6](https://img.shields.io/badge/AppVersion-v2.10.6-informational?style=flat-square) A Traefik based Kubernetes ingress controller