baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Allow crossprovider service reference

Browse source 
Co-authored-by: Harold Ozouf <harold.ozouf@gmail.com>
This commit is contained in:
Jean-Baptiste Doumenjou 2021-02-02 19:36:04 +01:00 committed by GitHub
parent 2461e36ed4
commit 7996a42f76
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 293 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
docs/content/reference/dynamic-configuration/kubernetes-gateway-resource.yml
View file

@ -44,3 +44,14 @@ spec:
- serviceName: whoami - serviceName: whoami
port: 80 port: 80
weight: 1 weight: 1
- matches:
- path:
type: Prefix
value: /foo
forwardTo:
- backendRef:
group: traefik.containo.us
kind: TraefikService
name: myservice@file
weight: 1
port: 80

12
docs/content/routing/providers/kubernetes-gateway.md
View file

@ -141,10 +141,16 @@ Kubernetes cluster before creating `HTTPRoute` objects.
- serviceName: whoami # [12] - serviceName: whoami # [12]
weight: 1 # [13] weight: 1 # [13]
port: 80 # [14] port: 80 # [14]
- backendRef: # [15]
group: traefik.containo.us # [16]
kind: TraefikService # [17]
name: api@internal # [18]
port: 80
weight: 1
``` ```
| Ref | Attribute | Description | | Ref | Attribute | Description |
|------|---------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |------|---------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `labels` | Labels to match with the `Gateway` labelselector. | | [1] | `labels` | Labels to match with the `Gateway` labelselector. |
| [2] | `hostnames` | A set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request. | | [2] | `hostnames` | A set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request. |
| [3] | `rules` | A list of HTTP matchers, filters and actions. | | [3] | `rules` | A list of HTTP matchers, filters and actions. |
@ -159,3 +165,7 @@ Kubernetes cluster before creating `HTTPRoute` objects.
| [12] | `serviceName` | The name of the referent service. | | [12] | `serviceName` | The name of the referent service. |
| [13] | `weight` | The proportion of traffic forwarded to a targetRef, computed as weight/(sum of all weights in targetRefs). | | [13] | `weight` | The proportion of traffic forwarded to a targetRef, computed as weight/(sum of all weights in targetRefs). |
| [14] | `port` | The port of the referent service. | | [14] | `port` | The port of the referent service. |
| [15] | `backendRef` | The BackendRef is a reference to a backend (API object within a known namespace) to forward matched requests to. If both BackendRef and ServiceName are specified, ServiceName will be given precedence. Only `TraefikService` is supported. |
| [16] | `group` | Group is the group of the referent. Only `traefik.containo.us` value is supported. |
| [17] | `kind` | Kind is kind of the referent. Only `TraefikService` value is supported. |
| [18] | `name` | Name is the name of the referent. |

52
pkg/provider/kubernetes/gateway/fixtures/simple_cross_provider.yml Normal file
View file

@ -0,0 +1,52 @@
---
kind: GatewayClass
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
name: my-gateway-class
spec:
controller: traefik.io/gateway-controller
---
kind: Gateway
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
name: my-gateway
namespace: default
spec:
gatewayClassName: my-gateway-class
listeners: # Use GatewayClass defaults for listener definition.
- protocol: HTTP
port: 80
routes:
kind: HTTPRoute
namespaces:
from: Same
selector:
app: foo
---
kind: HTTPRoute
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
name: http-app-1
namespace: default
labels:
app: foo
spec:
hostnames:
- "foo.com"
rules:
- matches:
- path:
type: Exact
value: /bar
forwardTo:
- weight: 1
backendRef:
group: traefik.containo.us
kind: TraefikService
name: service@file
port: 80
- serviceName: whoami
port: 80
weight: 1

49
pkg/provider/kubernetes/gateway/fixtures/simple_to_api_internal.yml Normal file
View file

@ -0,0 +1,49 @@
---
kind: GatewayClass
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
name: my-gateway-class
spec:
controller: traefik.io/gateway-controller
---
kind: Gateway
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
name: my-gateway
namespace: default
spec:
gatewayClassName: my-gateway-class
listeners: # Use GatewayClass defaults for listener definition.
- protocol: HTTP
port: 80
routes:
kind: HTTPRoute
namespaces:
from: Same
selector:
app: foo
---
kind: HTTPRoute
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
name: http-app-1
namespace: default
labels:
app: foo
spec:
hostnames:
- "foo.com"
rules:
- matches:
- path:
type: Exact
value: /bar
forwardTo:
- weight: 1
backendRef:
group: traefik.containo.us
kind: TraefikService
name: api@internal
port: 80

39
pkg/provider/kubernetes/gateway/kubernetes.go
View file

@ -28,7 +28,11 @@ import (
"sigs.k8s.io/service-apis/apis/v1alpha1" "sigs.k8s.io/service-apis/apis/v1alpha1"
) )
const providerName = "kubernetesgateway" const (
providerName = "kubernetesgateway"
traefikServiceKind = "TraefikService"
traefikServiceGroupName = "traefik.containo.us"
)
// Provider holds configurations of the provider. // Provider holds configurations of the provider.
type Provider struct { type Provider struct {
@ -463,6 +467,10 @@ func (p *Provider) fillGatewayConf(client Client, gateway *v1alpha1.Gateway, con
} }
if routeRule.ForwardTo != nil { if routeRule.ForwardTo != nil {
// Traefik internal service can be used only if there is only one ForwardTo service reference.
if len(routeRule.ForwardTo) == 1 && isInternalService(routeRule.ForwardTo[0]) {
router.Service = routeRule.ForwardTo[0].BackendRef.Name
} else {
wrrService, subServices, err := loadServices(client, gateway.Namespace, routeRule.ForwardTo) wrrService, subServices, err := loadServices(client, gateway.Namespace, routeRule.ForwardTo)
if err != nil { if err != nil {
// update "ResolvedRefs" status true with "DroppedRoutes" reason // update "ResolvedRefs" status true with "DroppedRoutes" reason
@ -487,6 +495,7 @@ func (p *Provider) fillGatewayConf(client Client, gateway *v1alpha1.Gateway, con
router.Service = serviceName router.Service = serviceName
} }
}
if router.Service != "" { if router.Service != "" {
routerKey = provider.Normalize(routerKey) routerKey = provider.Normalize(routerKey)
@ -765,6 +774,21 @@ func loadServices(client Client, namespace string, targets []v1alpha1.HTTPRouteF
} }
for _, forwardTo := range targets { for _, forwardTo := range targets {
weight := int(forwardTo.Weight)
if forwardTo.ServiceName == nil && forwardTo.BackendRef != nil {
if !(forwardTo.BackendRef.Group == traefikServiceGroupName && forwardTo.BackendRef.Kind == traefikServiceKind) {
continue
}
if strings.HasSuffix(forwardTo.BackendRef.Name, "@internal") {
return nil, nil, fmt.Errorf("traefik internal service %s is not allowed in a WRR loadbalancer", forwardTo.BackendRef.Name)
}
wrrSvc.Weighted.Services = append(wrrSvc.Weighted.Services, dynamic.WRRService{Name: forwardTo.BackendRef.Name, Weight: &weight})
continue
}
if forwardTo.ServiceName == nil { if forwardTo.ServiceName == nil {
continue continue
} }
@ -775,8 +799,6 @@ func loadServices(client Client, namespace string, targets []v1alpha1.HTTPRouteF
}, },
} }
// TODO Handle BackendRefs
service, exists, err := client.GetService(namespace, *forwardTo.ServiceName) service, exists, err := client.GetService(namespace, *forwardTo.ServiceName)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
@ -855,11 +877,10 @@ func loadServices(client Client, namespace string, targets []v1alpha1.HTTPRouteF
serviceName := provider.Normalize(makeID(service.Namespace, service.Name) + "-" + portStr) serviceName := provider.Normalize(makeID(service.Namespace, service.Name) + "-" + portStr)
services[serviceName] = &svc services[serviceName] = &svc
weight := int(forwardTo.Weight)
wrrSvc.Weighted.Services = append(wrrSvc.Weighted.Services, dynamic.WRRService{Name: serviceName, Weight: &weight}) wrrSvc.Weighted.Services = append(wrrSvc.Weighted.Services, dynamic.WRRService{Name: serviceName, Weight: &weight})
} }
if len(services) == 0 { if len(wrrSvc.Weighted.Services) == 0 {
return nil, nil, errors.New("no service has been created") return nil, nil, errors.New("no service has been created")
} }
@ -904,3 +925,11 @@ func throttleEvents(ctx context.Context, throttleDuration time.Duration, pool *s
return eventsChanBuffered return eventsChanBuffered
} }
func isInternalService(forwardTo v1alpha1.HTTPRouteForwardTo) bool {
return forwardTo.ServiceName == nil &&
forwardTo.BackendRef != nil &&
forwardTo.BackendRef.Kind == traefikServiceKind &&
forwardTo.BackendRef.Group == traefikServiceGroupName &&
strings.HasSuffix(forwardTo.BackendRef.Name, "@internal")
}

86
pkg/provider/kubernetes/gateway/kubernetes_test.go
View file

@ -234,6 +234,92 @@ func TestLoadHTTPRoutes(t *testing.T) {
TLS: &dynamic.TLSConfiguration{}, TLS: &dynamic.TLSConfiguration{},
}, },
}, },
{
desc: "Simple HTTPRoute, with api@internal service",
paths: []string{"services.yml", "simple_to_api_internal.yml"},
entryPoints: map[string]Entrypoint{"web": {
Address: ":80",
}},
expected: &dynamic.Configuration{
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{},
Services: map[string]*dynamic.TCPService{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{
"default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06": {
EntryPoints: []string{"web"},
Service: "api@internal",
Rule: "Host(`foo.com`) && Path(`/bar`)",
},
},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{},
},
TLS: &dynamic.TLSConfiguration{},
},
},
{
desc: "Simple HTTPRoute, with myservice@file service",
paths: []string{"services.yml", "simple_cross_provider.yml"},
entryPoints: map[string]Entrypoint{"web": {
Address: ":80",
}},
expected: &dynamic.Configuration{
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{},
Services: map[string]*dynamic.TCPService{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{
"default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06": {
EntryPoints: []string{"web"},
Service: "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr",
Rule: "Host(`foo.com`) && Path(`/bar`)",
},
},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{
"default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr": {
Weighted: &dynamic.WeightedRoundRobin{
Services: []dynamic.WRRService{
{
Name: "service@file",
Weight: func(i int) *int { return &i }(1),
},
{
Name: "default-whoami-80",
Weight: func(i int) *int { return &i }(1),
},
},
},
},
"default-whoami-80": {
LoadBalancer: &dynamic.ServersLoadBalancer{
Servers: []dynamic.Server{
{
URL: "http://10.10.0.1:80",
},
{
URL: "http://10.10.0.2:80",
},
},
PassHostHeader: Bool(true),
},
},
},
},
TLS: &dynamic.TLSConfiguration{},
},
},
{ {
desc: "Simple HTTPRoute with protocol HTTPS", desc: "Simple HTTPRoute with protocol HTTPS",
paths: []string{"services.yml", "with_protocol_https.yml"}, paths: []string{"services.yml", "with_protocol_https.yml"},