Upgrade to traefik v3 by deleting traefik provided by k3s and using t…

…raefik's helm chart k3s-io/k3s#10526
arch-anes · Dec 28, 2024 · c5d7d56 · c5d7d56
1 parent d4311b3
commit c5d7d56
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 26 deletions.
diff --git a/kubernetes/core/templates/traefik.yml b/kubernetes/core/templates/traefik.yml
@@ -8,38 +8,39 @@ type: Opaque
 # stringData:
 #   credentials: "admin:$2y$12$8KtQ4SQb6QpebcgYvMPjwOv3Jz9ojkNq8FVWZmk5q1BW9BoEX2aAy" # admin:admin by default, bcrypted password: https://bcrypt-generator.com/
 
----
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: cluster-admin-authentication
-  namespace: kube-system
-spec:
-  basicAuth:
-    secret: "cluster-admin-credentials"
-
----
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: traefik-websecure
-  namespace: kube-system
-spec:
-  headers:
-    browserXssFilter: true
-    stsPreload: true
-    stsIncludeSubdomains: true
-    forceSTSHeader: true
-    stsSeconds: 15552000
-
 ---
 apiVersion: helm.cattle.io/v1
-kind: HelmChartConfig
+kind: HelmChart
 metadata:
   name: traefik
   namespace: kube-system
 spec:
+  chart: traefik
+  repo: https://traefik.github.io/charts
+  version: v33.2.1
+  targetNamespace: kube-system
   valuesContent: |-
+    extraObjects:
+      - apiVersion: traefik.io/v1alpha1
+        kind: Middleware
+        metadata:
+          name: cluster-admin-authentication
+          namespace: kube-system
+        spec:
+          basicAuth:
+            secret: "cluster-admin-credentials"
+      - apiVersion: traefik.io/v1alpha1
+        kind: Middleware
+        metadata:
+          name: traefik-websecure
+          namespace: kube-system
+        spec:
+          headers:
+            browserXssFilter: true
+            stsPreload: true
+            stsIncludeSubdomains: true
+            forceSTSHeader: true
+            stsSeconds: 15552000
     logs:
       access:
         enabled: true
@@ -56,7 +57,6 @@ spec:
                     - "true"
     globalArguments:
       - "--global.sendanonymoususage=false"
-      - "--entryPoints.websecure.transport.respondingTimeouts.readTimeout=0"
     ingressRoute:
       dashboard:
         enabled: true
@@ -80,6 +80,9 @@ spec:
         redirectTo:
           port: websecure
       websecure:
+        transport:
+          respondingTimeouts:
+            readTimeout: 0
         middlewares:
           - kube-system-traefik-websecure@kubernetescrd
         tls:

diff --git a/roles/kubernetes_cluster/tasks/main.yml b/roles/kubernetes_cluster/tasks/main.yml
@@ -28,6 +28,7 @@
       etcd-s3: true
       etcd-s3-config-secret: k3s-etcd-snapshot-s3-config
       etcd-snapshot-retention: 20
+      disable: traefik
       secrets-encryption: true
       with-node-id: true
       node-ip: "{{ advertised_ip }}"