fix: 🐛 refine Traefik Hub support

traefik · May 2, 2024 · 60d210d · 60d210d
1 parent 1f4f52d
commit 60d210d
Show file tree

Hide file tree

Showing 7 changed files with 135 additions and 30 deletions.
diff --git a/traefik/crds/hub.traefik.io_apis.yaml b/traefik/crds/hub.traefik.io_apis.yaml
@@ -108,6 +108,26 @@ spec:
                       type: object
                     maxItems: 100
                     type: array
+                  override:
+                    description: Override holds data used to override OpenAPI specification.
+                    properties:
+                      servers:
+                        items:
+                          properties:
+                            url:
+                              type: string
+                              x-kubernetes-validations:
+                              - message: must be a valid URL
+                                rule: isURL(self)
+                          required:
+                          - url
+                          type: object
+                        maxItems: 100
+                        minItems: 1
+                        type: array
+                    required:
+                    - servers
+                    type: object
                   path:
                     description: Path specifies the endpoint path within the Kubernetes
                       Service where the OpenAPI specification can be obtained. The

diff --git a/traefik/crds/hub.traefik.io_apiversions.yaml b/traefik/crds/hub.traefik.io_apiversions.yaml
@@ -114,6 +114,26 @@ spec:
                       type: object
                     maxItems: 100
                     type: array
+                  override:
+                    description: Override holds data used to override OpenAPI specification.
+                    properties:
+                      servers:
+                        items:
+                          properties:
+                            url:
+                              type: string
+                              x-kubernetes-validations:
+                              - message: must be a valid URL
+                                rule: isURL(self)
+                          required:
+                          - url
+                          type: object
+                        maxItems: 100
+                        minItems: 1
+                        type: array
+                    required:
+                    - servers
+                    type: object
                   path:
                     description: Path specifies the endpoint path within the Kubernetes
                       Service where the OpenAPI specification can be obtained. The

diff --git a/traefik/templates/_podtemplate.tpl b/traefik/templates/_podtemplate.tpl
@@ -123,10 +123,15 @@
          {{- end }}
         {{- end }}
         {{- if .Values.hub.token }}
-         {{- $listenAddr := default ":9943" .Values.hub.admission.listenAddr }}
+          {{- $listenAddr := default ":9943" .Values.hub.apimanagement.admission.listenAddr }}
         - name: admission
           containerPort: {{ last (mustRegexSplit ":" $listenAddr 2) }}
           protocol: TCP
+          {{- if .Values.hub.apimanagement.enabled }}
+        - name: apiportal
+          containerPort: 9903
+          protocol: TCP
+          {{- end }}
         {{- end }}
         {{- with .Values.securityContext }}
         securityContext:
@@ -650,17 +655,19 @@
           {{- with .Values.hub }}
            {{- if .token }}
           - "--hub.token=$(HUB_TOKEN)"
-            {{- if and (not .apimanagement) ($.Values.hub.admission.listenAddr) }}
-               {{- fail "ERROR: Cannot configure admission without hub.apimanagement" }}
+            {{- if and (not .apimanagement.enabled) ($.Values.hub.apimanagement.admission.listenAddr) }}
+               {{- fail "ERROR: Cannot configure admission without enabling hub.apimanagement" }}
             {{- end }}
-            {{- if .apimanagement }}
-              {{- $listenAddr := default ":9943" $.Values.hub.admission.listenAddr }}
+            {{- with .apimanagement }}
+             {{- if .enabled }}
+              {{- $listenAddr := default ":9943" .admission.listenAddr }}
           - "--hub.apimanagement"
-          - "--hub.admission.listenAddr={{ $listenAddr }}"
+          - "--hub.apimanagement.admission.listenAddr={{ $listenAddr }}"
               {{- with .admission.secretName }}
-          - "--hub.admission.secretName={{ . }}"
+          - "--hub.apimanagement.admission.secretName={{ . }}"
               {{- end }}
-            {{- end -}}
+             {{- end }}
+            {{- end }}
             {{- if .metrics.opentelemetry.enabled }}
           - "--hub.metrics.opentelemetry"
              {{- range $field, $value := .metrics.opentelemetry }}

diff --git a/traefik/templates/hub-apiportal.yaml b/traefik/templates/hub-apiportal.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.hub.apimanagement.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: apiportal
+  namespace: {{ template "traefik.namespace" . }}
+  labels:
+  {{- include "traefik.labels" . | nindent 4 }}
+spec:
+  ports:
+    - name: apiportal
+      port: 9903
+      protocol: TCP
+      targetPort: apiportal
+  selector:
+  {{- include "traefik.labelselector" . | nindent 4 }}
+{{- end -}}
+
diff --git a/traefik/tests/deployment-hub-config_test.yaml b/traefik/tests/deployment-hub-config_test.yaml
@@ -21,7 +21,8 @@ tests:
   - it: should set minimal required parameters when enabling Traefik Hub API Management
     set:
       hub:
-        apimanagement: true
+        apimanagement:
+          enabled: true
     asserts:
       - contains:
           path: spec.template.spec.containers[0].env
@@ -36,40 +37,44 @@ tests:
           content: "--hub.apimanagement"
       - contains:
           path: spec.template.spec.containers[0].args
-          content: "--hub.admission.listenAddr=:9943"
+          content: "--hub.apimanagement.admission.listenAddr=:9943"
       - contains:
           path: spec.template.spec.containers[0].ports
           content:
             name: "admission"
             containerPort: 9943
             protocol: "TCP"
+      - contains:
+          path: spec.template.spec.containers[0].ports
+          content:
+            name: "apiportal"
+            containerPort: 9903
+            protocol: "TCP"
   - it: should fail when trying to set admission parameters without apimanagement
     set:
       hub:
-        admission:
-          listenAddr: "10.0.0.1:7500"
-          secretName: "secret"
+        apimanagement:
+          admission:
+            listenAddr: "10.0.0.1:7500"
+            secretName: "secret"
     asserts:
       - failedTemplate:
-          errorMessage: "ERROR: Cannot configure admission without hub.apimanagement"
+          errorMessage: "ERROR: Cannot configure admission without enabling hub.apimanagement"
   - it: should be possible to set admission parameters (and ignore extra)
     set:
       hub:
-        apimanagement: true
-        admission:
-          listenAddr: "10.0.0.1:7500"
-          secretName: "secret"
-          test: "test"
+        apimanagement:
+          enabled: true
+          admission:
+            listenAddr: "10.0.0.1:7500"
+            secretName: "secret"
     asserts:
       - contains:
           path: spec.template.spec.containers[0].args
-          content: "--hub.admission.listenAddr=10.0.0.1:7500"
+          content: "--hub.apimanagement.admission.listenAddr=10.0.0.1:7500"
       - contains:
           path: spec.template.spec.containers[0].args
-          content: "--hub.admission.secretName=secret"
-      - notContains:
-          path: spec.template.spec.containers[0].args
-          content: "--hub.admission.test=test"
+          content: "--hub.apimanagement.admission.secretName=secret"
   - it: api management should not be enabled by default
     asserts:
       - notContains:

diff --git a/traefik/tests/hub-apiportal_test.yaml b/traefik/tests/hub-apiportal_test.yaml
@@ -0,0 +1,32 @@
+suite: API Portal configuration with Traefik Hub enabled
+templates:
+  - hub-apiportal.yaml
+set:
+  hub:
+    token: "xxx"
+    apimanagement:
+      enabled: true
+tests:
+  - it: should provide a single service by default
+    asserts:
+      - hasDocuments:
+          count: 1
+  - it: should not provide api portal service when apimanagement is not enabled
+    set:
+      hub:
+        apimanagement:
+          enabled: false
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: should expose the required apiportal port on a ClusterIP service
+    asserts:
+      - notExists:
+          path: spec.type
+      - contains:
+          path: spec.ports
+          content:
+            name: apiportal
+            port: 9903
+            protocol: TCP
+            targetPort: apiportal
diff --git a/traefik/values.yaml b/traefik/values.yaml
@@ -1015,13 +1015,15 @@ hub:
   # Name of Secret with key 'token' set to a valid license token.
   # It enables API Gateway.
   token:
-  admission:
-    # -- WebHook admission server listen address. Default: "0.0.0.0:9943".
-    listenAddr:
-    # -- Certificate of the WebHook admission server. Default: "hub-agent-cert".
-    secretName:
-  # -- Set to true in order to enable API Management. Requires a valid license token.
   apimanagement:
+    # -- Set to true in order to enable API Management. Requires a valid license token.
+    enabled:
+    admission:
+      # -- WebHook admission server listen address. Default: "0.0.0.0:9943".
+      listenAddr:
+      # -- Certificate of the WebHook admission server. Default: "hub-agent-cert".
+      secretName:
+
   metrics:
     opentelemetry:
       # -- Set to true to enable OpenTelemetry metrics exporter of Traefik Hub.