Add possibility to set a protocol
This commit is contained in:
parent
402f7011d4
commit
09b489a614
4 changed files with 110 additions and 1 deletions
|
@ -159,7 +159,8 @@ The following general annotations are applicable on the Ingress object:
|
||||||
| `traefik.ingress.kubernetes.io/whitelist-source-range: "1.2.3.0/24, fe80::/16"` | A comma-separated list of IP ranges permitted for access (6). |
|
| `traefik.ingress.kubernetes.io/whitelist-source-range: "1.2.3.0/24, fe80::/16"` | A comma-separated list of IP ranges permitted for access (6). |
|
||||||
| `ingress.kubernetes.io/whitelist-x-forwarded-for: "true"` | Use `X-Forwarded-For` header as valid source of IP for the white list. |
|
| `ingress.kubernetes.io/whitelist-x-forwarded-for: "true"` | Use `X-Forwarded-For` header as valid source of IP for the white list. |
|
||||||
| `traefik.ingress.kubernetes.io/app-root: "/index.html"` | Redirects all requests for `/` to the defined path. (4) |
|
| `traefik.ingress.kubernetes.io/app-root: "/index.html"` | Redirects all requests for `/` to the defined path. (4) |
|
||||||
| `traefik.ingress.kubernetes.io/service-weights: <YML>` | Set ingress backend weights specified as percentage or decimal numbers in YAML. (5) |
|
| `traefik.ingress.kubernetes.io/service-weights: <YML>` | Set ingress backend weights specified as percentage or decimal numbers in YAML. (5)
|
||||||
|
| `ingress.kubernetes.io/protocol: <NAME>` | Set the protocol Traefik will use to communicate with pods.
|
||||||
|
|
||||||
|
|
||||||
<1> `traefik.ingress.kubernetes.io/error-pages` example:
|
<1> `traefik.ingress.kubernetes.io/error-pages` example:
|
||||||
|
|
|
@ -63,6 +63,7 @@ const (
|
||||||
annotationKubernetesPublicKey = "ingress.kubernetes.io/public-key"
|
annotationKubernetesPublicKey = "ingress.kubernetes.io/public-key"
|
||||||
annotationKubernetesReferrerPolicy = "ingress.kubernetes.io/referrer-policy"
|
annotationKubernetesReferrerPolicy = "ingress.kubernetes.io/referrer-policy"
|
||||||
annotationKubernetesIsDevelopment = "ingress.kubernetes.io/is-development"
|
annotationKubernetesIsDevelopment = "ingress.kubernetes.io/is-development"
|
||||||
|
annotationKubernetesProtocol = "ingress.kubernetes.io/protocol"
|
||||||
)
|
)
|
||||||
|
|
||||||
// TODO [breaking] remove label support
|
// TODO [breaking] remove label support
|
||||||
|
|
|
@ -43,6 +43,8 @@ const (
|
||||||
traefikDefaultIngressClass = "traefik"
|
traefikDefaultIngressClass = "traefik"
|
||||||
defaultBackendName = "global-default-backend"
|
defaultBackendName = "global-default-backend"
|
||||||
defaultFrontendName = "global-default-frontend"
|
defaultFrontendName = "global-default-frontend"
|
||||||
|
allowedProtocolHTTPS = "https"
|
||||||
|
allowedProtocolH2C = "h2c"
|
||||||
)
|
)
|
||||||
|
|
||||||
// IngressEndpoint holds the endpoint information for the Kubernetes provider
|
// IngressEndpoint holds the endpoint information for the Kubernetes provider
|
||||||
|
@ -312,6 +314,16 @@ func (p *Provider) loadIngresses(k8sClient Client) (*types.Configuration, error)
|
||||||
protocol = "https"
|
protocol = "https"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protocol = getStringValue(i.Annotations, annotationKubernetesProtocol, protocol)
|
||||||
|
switch protocol {
|
||||||
|
case allowedProtocolHTTPS:
|
||||||
|
case allowedProtocolH2C:
|
||||||
|
case label.DefaultProtocol:
|
||||||
|
default:
|
||||||
|
log.Errorf("Invalid protocol %s/%s specified for Ingress %s - skipping", annotationKubernetesProtocol, i.Namespace, i.Name)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
if service.Spec.Type == "ExternalName" {
|
if service.Spec.Type == "ExternalName" {
|
||||||
url := protocol + "://" + service.Spec.ExternalName
|
url := protocol + "://" + service.Spec.ExternalName
|
||||||
if port.Port != 443 && port.Port != 80 {
|
if port.Port != 443 && port.Port != 80 {
|
||||||
|
|
|
@ -1224,6 +1224,41 @@ rateset:
|
||||||
iPaths(onePath(iPath("/customheaders"), iBackend("service1", intstr.FromInt(80))))),
|
iPaths(onePath(iPath("/customheaders"), iBackend("service1", intstr.FromInt(80))))),
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
|
buildIngress(
|
||||||
|
iNamespace("testing"),
|
||||||
|
iAnnotation(annotationKubernetesProtocol, "h2c"),
|
||||||
|
iRules(
|
||||||
|
iRule(
|
||||||
|
iHost("protocol"),
|
||||||
|
iPaths(onePath(iPath("/valid"), iBackend("service1", intstr.FromInt(80))))),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
buildIngress(
|
||||||
|
iNamespace("testing"),
|
||||||
|
iAnnotation(annotationKubernetesProtocol, "foobar"),
|
||||||
|
iRules(
|
||||||
|
iRule(
|
||||||
|
iHost("protocol"),
|
||||||
|
iPaths(onePath(iPath("/notvalid"), iBackend("service1", intstr.FromInt(80))))),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
buildIngress(
|
||||||
|
iNamespace("testing"),
|
||||||
|
iAnnotation(annotationKubernetesProtocol, "http"),
|
||||||
|
iRules(
|
||||||
|
iRule(
|
||||||
|
iHost("protocol"),
|
||||||
|
iPaths(onePath(iPath("/missmatch"), iBackend("serviceHTTPS", intstr.FromInt(443))))),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
buildIngress(
|
||||||
|
iNamespace("testing"),
|
||||||
|
iRules(
|
||||||
|
iRule(
|
||||||
|
iHost("protocol"),
|
||||||
|
iPaths(onePath(iPath("/noAnnotation"), iBackend("serviceHTTPS", intstr.FromInt(443))))),
|
||||||
|
),
|
||||||
|
),
|
||||||
}
|
}
|
||||||
|
|
||||||
services := []*corev1.Service{
|
services := []*corev1.Service{
|
||||||
|
@ -1245,6 +1280,16 @@ rateset:
|
||||||
clusterIP("10.0.0.2"),
|
clusterIP("10.0.0.2"),
|
||||||
sPorts(sPort(802, ""))),
|
sPorts(sPort(802, ""))),
|
||||||
),
|
),
|
||||||
|
buildService(
|
||||||
|
sName("serviceHTTPS"),
|
||||||
|
sNamespace("testing"),
|
||||||
|
sUID("2"),
|
||||||
|
sSpec(
|
||||||
|
clusterIP("10.0.0.3"),
|
||||||
|
sType("ExternalName"),
|
||||||
|
sExternalName("example.com"),
|
||||||
|
sPorts(sPort(443, "https"))),
|
||||||
|
),
|
||||||
}
|
}
|
||||||
|
|
||||||
secrets := []*corev1.Secret{
|
secrets := []*corev1.Secret{
|
||||||
|
@ -1352,6 +1397,28 @@ rateset:
|
||||||
servers(),
|
servers(),
|
||||||
lbMethod("wrr"),
|
lbMethod("wrr"),
|
||||||
),
|
),
|
||||||
|
backend("protocol/valid",
|
||||||
|
servers(
|
||||||
|
server("h2c://example.com", weight(1)),
|
||||||
|
server("h2c://example.com", weight(1))),
|
||||||
|
lbMethod("wrr"),
|
||||||
|
),
|
||||||
|
backend("protocol/notvalid",
|
||||||
|
servers(),
|
||||||
|
lbMethod("wrr"),
|
||||||
|
),
|
||||||
|
backend("protocol/missmatch",
|
||||||
|
servers(
|
||||||
|
server("http://example.com", weight(1)),
|
||||||
|
server("http://example.com", weight(1))),
|
||||||
|
lbMethod("wrr"),
|
||||||
|
),
|
||||||
|
backend("protocol/noAnnotation",
|
||||||
|
servers(
|
||||||
|
server("https://example.com", weight(1)),
|
||||||
|
server("https://example.com", weight(1))),
|
||||||
|
lbMethod("wrr"),
|
||||||
|
),
|
||||||
),
|
),
|
||||||
frontends(
|
frontends(
|
||||||
frontend("foo/bar",
|
frontend("foo/bar",
|
||||||
|
@ -1483,6 +1550,34 @@ rateset:
|
||||||
route("root", "Host:root"),
|
route("root", "Host:root"),
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
|
frontend("protocol/valid",
|
||||||
|
passHostHeader(),
|
||||||
|
routes(
|
||||||
|
route("/valid", "PathPrefix:/valid"),
|
||||||
|
route("protocol", "Host:protocol"),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
frontend("protocol/notvalid",
|
||||||
|
passHostHeader(),
|
||||||
|
routes(
|
||||||
|
route("/notvalid", "PathPrefix:/notvalid"),
|
||||||
|
route("protocol", "Host:protocol"),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
frontend("protocol/missmatch",
|
||||||
|
passHostHeader(),
|
||||||
|
routes(
|
||||||
|
route("/missmatch", "PathPrefix:/missmatch"),
|
||||||
|
route("protocol", "Host:protocol"),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
frontend("protocol/noAnnotation",
|
||||||
|
passHostHeader(),
|
||||||
|
routes(
|
||||||
|
route("/noAnnotation", "PathPrefix:/noAnnotation"),
|
||||||
|
route("protocol", "Host:protocol"),
|
||||||
|
),
|
||||||
|
),
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue