feat: added traefik ingress support

deploy/as-k8s/service.schema.yml

@@ -28,19 +28,26 @@
 #@ def defaultIngress():
   enable: false
   name: svc
-  type: nginx
+  type: traefik
 
-  domain:
+  tls:
     enable: true
-    name: acme.io
+    domain: acme.io
     email: security@acme.io
     removeEnvironmentPrefix: false
+
+    letsencrypt:
+      enable: false
+      type: cluster-issuer
 
   #! types specifics
   alb:
     certificateArn: secret
   nginx:
     certmanager: true
+  traefik:
+    x: true
+
 #@ end
 
 #@data/values-schema

deploy/as-k8s/service.yml

@@ -184,78 +184,57 @@ spec:
   ports: #@ servicePorts
 #@ end
 
-#@ if data.values.ingress.type == "nginx":
-#@ if data.values.ingress.nginx.certmanager:
----
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: letsencrypt
-  namespace: #@ namespace
-spec:
-  acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
-    email: #@ data.values.ingress.domain.email
-    privateKeySecretRef:
-      name: letsencrypt
-    solvers:
-      - http01:
-          ingress:
-            class: nginx
-#@ end
-#@ end
-
 #@ if data.values.ingress.enable:
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: #@ data.values.ingress.name
+  name: #@ data.values.service.name
   namespace: #@ namespace
-  annotations:
-    #@ if data.values.ingress.type == "nginx":
-    #@ if data.values.ingress.nginx.certmanager:
-    cert-manager.io/issuer: "letsencrypt"
-    #@ end
-    #@ end
 
-    #@ if data.values.ingress.type == "alb":
-    kubernetes.io/ingress.class: alb
-    alb.ingress.kubernetes.io/target-type: instance
-    alb.ingress.kubernetes.io/scheme: internet-facing
-    alb.ingress.kubernetes.io/success-codes: 200-399
-    alb.ingress.kubernetes.io/ssl-redirect: "443"
-    alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-2016-08
-    alb.ingress.kubernetes.io/group.name: #@ data.values.ecosystem
-    alb.ingress.kubernetes.io/load-balancer-name: #@ data.values.ecosystem
-    alb.ingress.kubernetes.io/certificate-arn: #@ data.values.ingress.alb.certificateArn
-    alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=1200
-    alb.ingress.kubernetes.io/healthcheck-interval-seconds: '300'
-    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
-    #@ end
+  #@  ingressAnnotations = {}
+  #@  ingressAnnotations.update(globalAnnotations)
+  #@  if data.values.ingress.tls.enable:
+  #@    ingressAnnotations.update({
+  #@      "kubernetes.io/ingress.class": data.values.ingress.type,
+  #@    })
+  #@
+  #@    if data.values.ingress.tls.letsencrypt.enable:
+  #@      ingressAnnotations.update({ "cert-manager.io/" + data.values.ingress.tls.letsencrypt.type: "letsencrypt-" + data.values.environment })
+  #@    end
+  #@
+  #@    if data.values.ingress.type == "alb":
+  #@      ingressAnnotations.update({
+  #@        "alb.ingress.kubernetes.io/target-type": "instance",
+  #@        "alb.ingress.kubernetes.io/scheme": "internet-facing",
+  #@        "alb.ingress.kubernetes.io/success-codes": "200-399",
+  #@        "alb.ingress.kubernetes.io/ssl-redirect": "443",
+  #@        "alb.ingress.kubernetes.io/ssl-policy": "ELBSecurityPolicy-2016-08",
+  #@        "alb.ingress.kubernetes.io/group.name": data.values.ecosystem,
+  #@        "alb.ingress.kubernetes.io/load-balancer-name": data.values.ecosystem,
+  #@        "alb.ingress.kubernetes.io/certificate-arn": data.values.ingress.alb.certificateArn,
+  #@        "alb.ingress.kubernetes.io/load-balancer-attributes": "idle_timeout.timeout_seconds=1200",
+  #@        "alb.ingress.kubernetes.io/healthcheck-interval-seconds": "300",
+  #@        "alb.ingress.kubernetes.io/listen-ports": '[{"HTTPS": 443}]',
+  #@      })
+  #@    end
+  #@  end
+  annotations: #@ ingressAnnotations
 
 spec:
-  #@ if data.values.ingress.type == "nginx":
-  ingressClassName: nginx
-  #@ if data.values.ingress.domain.enable:
+
+  #@ if data.values.ingress.tls.enable:
   tls:
     - secretName: #@ "cert-" + data.values.repository
-      #@ if data.values.ingress.domain.removeEnvironmentPrefix:
+      #@ if data.values.ingress.tls.removeEnvironmentPrefix:
       hosts:
-       - #@ "{}.{}".format(data.values.repository, data.values.ingress.domain.name)
+       - #@ "{}.{}".format(data.values.repository, data.values.ingress.tls.domain)
       #@ else:
       hosts:
-       - #@ "{}.{}.{}".format(data.values.repository, data.values.environment, data.values.ingress.domain.name)
+       - #@ "{}.{}.{}".format(data.values.repository, data.values.environment, data.values.ingress.tls.domain)
       #@ end
   #@ end
-  #@ end
 
-  defaultBackend:
-    service:
-      name: #@ data.values.deployment.name
-      port:
-        number: #@ data.values.port
-
   rules:
     - http:
         paths:
@@ -266,11 +245,30 @@ spec:
                 name: #@ data.values.deployment.name
                 port:
                   number: #@ data.values.port
-      #@ if data.values.ingress.domain.enable:
-      #@ if data.values.ingress.domain.removeEnvironmentPrefix:
-      host: #@ "{}.{}".format(data.values.repository, data.values.ingress.domain.name)
-      #@ else:
-      host: #@ "{}.{}.{}".format(data.values.repository, data.values.environment, data.values.ingress.domain.name)
-      #@ end
-      #@ end
+      #@  if data.values.ingress.tls.enable:
+        #@  if data.values.ingress.tls.removeEnvironmentPrefix:
+      host: #@ "{}.{}".format(data.values.repository, data.values.ingress.tls.domain)
+        #@  else:
+      host: #@ "{}.{}.{}".format(data.values.repository, data.values.environment, data.values.ingress.tls.domain)
+        #@  end
+      #@  end
 #@ end
+
+
+#@  if data.values.ingress.type == "traefik":
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: #@ data.values.service.name
+  namespace: #@ namespace
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: #@ "Host(`{}.{}.{}`)".format(data.values.repository, data.values.environment, data.values.ingress.tls.domain)
+      kind: Rule
+      services:
+        - name: #@ data.values.service.name
+          port:  #@ data.values.port
+#@ end

makefile

@@ -19,7 +19,7 @@ test:
 		sh generate-kubefile-ingress.sh;
 
 K8S_NAMESPACE ?= ff-svc-moleculerjs-dev
-K8S_LABELS ?= "--kubeconfig $(HOME)/.kube/ff-mini.yml"
+K8S_LABELS ?= ""
 DEPENDENCY_FILE ?= "$(PWD)/test/tmp/k8s-dependencies-full.yml"
 DEPENDENCY_FILE_EMPTY ?= "$(PWD)/test/tmp/k8s-dependencies-empty.yml"
 

test/concerns/k8s-values-ingress-alb.yml

@@ -2,17 +2,17 @@
 ---
 port: 1234
 
-features:
-  enableLinkerd: true
-
 env:
   - name: TZ
     value: America/Sao_Paulo
 
 ingress:
   enable: true
   type: alb
-  domain:
+
+  tls:
     enable: true
-    name: forattini.app
-    removeEnvironmentPrefix: true
+    domain: forattini.app
+    removeEnvironmentPrefix: true
+    letsencrypt:
+      enable: true

test/concerns/k8s-values-ingress-nginx.yml

@@ -2,17 +2,17 @@
 ---
 port: 1234
 
-features:
-  enableLinkerd: true
-
 env:
   - name: TZ
     value: America/Sao_Paulo
 
 ingress:
   enable: true
   type: nginx
-  domain:
+
+  tls:
     enable: true
-    name: forattini.app
+    domain: forattini.app
     removeEnvironmentPrefix: true
+    letsencrypt:
+      enable: true

test/concerns/k8s-values-ingress-traefik.yml

@@ -0,0 +1,18 @@
+#@data/values
+---
+port: 1234
+
+env:
+  - name: TZ
+    value: America/Sao_Paulo
+
+ingress:
+  enable: true
+  type: traefik
+
+  tls:
+    enable: true
+    domain: forattini.app
+    removeEnvironmentPrefix: true
+    letsencrypt:
+      enable: true

test/concerns/k8s-values.yml

@@ -11,7 +11,10 @@ env:
 
 ingress:
   enable: true
-  type: nginx
-  domain:
+  type: traefik
+
+  tls:
     enable: true
-    name: forattini.app
+    domain: forattini.app
+    letsencrypt:
+      enable: true

test/generate-kubefile-ingress.sh

@@ -6,10 +6,15 @@ ytt \
   -f ./concerns/k8s-values-ingress-nginx.yml \
     > ./tmp/k8s-to-apply-ingress-nginx.yml
 
-
 ytt \
   -f ../deploy/as-k8s/service.schema.yml \
   -f ../deploy/as-k8s/service.yml \
   -f ./concerns/k8s-values-ingress-alb.yml \
     > ./tmp/k8s-to-apply-ingress-alb.yml
 
+ytt \
+  -f ../deploy/as-k8s/service.schema.yml \
+  -f ../deploy/as-k8s/service.yml \
+  -f ./concerns/k8s-values-ingress-traefik.yml \
+    > ./tmp/k8s-to-apply-ingress-traefik.yml
+