diff --git a/library/common-test/Chart.yaml b/library/common-test/Chart.yaml index 3b1b3583..dd961968 100644 --- a/library/common-test/Chart.yaml +++ b/library/common-test/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "" dependencies: - name: common repository: file://../common - version: ~17.1.0 + version: ~17.2.0 deprecated: false description: Helper chart to test different use cases of the common library home: https://github.com/truecharts/apps/tree/master/charts/library/common-test diff --git a/library/common-test/tests/ingress/traefik_test.yaml b/library/common-test/tests/ingress/traefik_test.yaml index 40a0d777..10d1fc5e 100644 --- a/library/common-test/tests/ingress/traefik_test.yaml +++ b/library/common-test/tests/ingress/traefik_test.yaml @@ -46,6 +46,7 @@ tests: equal: path: metadata.annotations value: + traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: test-release-namespace-chain-basic@kubernetescrd - documentIndex: *ingressDoc @@ -113,6 +114,7 @@ tests: equal: path: metadata.annotations value: + traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: test-release-namespace-tc-opencors-chain@kubernetescrd @@ -149,6 +151,7 @@ tests: equal: path: metadata.annotations value: + traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: test-release-namespace-tc-opencors-chain@kubernetescrd @@ -180,6 +183,7 @@ tests: equal: path: metadata.annotations value: + traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: test-release-namespace-some-fixed-middleware@kubernetescrd @@ -211,6 +215,7 @@ tests: equal: path: metadata.annotations value: + traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.entrypoints: web,websecure traefik.ingress.kubernetes.io/router.middlewares: test-release-namespace-chain-basic@kubernetescrd @@ -237,6 +242,7 @@ tests: equal: path: metadata.annotations value: + traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.entrypoints: websecure - it: should not contain fixed middlewares when local is disabled @@ -263,6 +269,7 @@ tests: equal: path: metadata.annotations value: + traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.entrypoints: websecure - it: should add the defined middlewares to the ingress @@ -298,9 +305,79 @@ tests: equal: path: metadata.annotations value: + traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: test-release-namespace-chain-basic@kubernetescrd,test-release-namespace-some-middleware@kubernetescrd,test-release-namespace-some-other-middleware@kubernetescrd + - it: should add the the tls annotation + set: + operator: *operator + service: *service + global: *global + ingress: + my-ingress: + enabled: true + primary: true + integrations: + traefik: + enabled: true + forceTLS: true + entrypoints: + - web + hosts: *hosts + asserts: + - documentIndex: *ingressDoc + isKind: + of: Ingress + - documentIndex: *ingressDoc + isKind: + of: Ingress + - documentIndex: *ingressDoc + equal: + path: metadata.name + value: test-release-name-common-test + - documentIndex: *ingressDoc + equal: + path: metadata.annotations + value: + traefik.ingress.kubernetes.io/router.tls: "true" + traefik.ingress.kubernetes.io/router.entrypoints: web + traefik.ingress.kubernetes.io/router.middlewares: test-release-namespace-chain-basic@kubernetescrd + + - it: should not add the the tls annotation + set: + operator: *operator + service: *service + global: *global + ingress: + my-ingress: + enabled: true + primary: true + integrations: + traefik: + enabled: true + forceTLS: false + entrypoints: + - web + hosts: *hosts + asserts: + - documentIndex: *ingressDoc + isKind: + of: Ingress + - documentIndex: *ingressDoc + isKind: + of: Ingress + - documentIndex: *ingressDoc + equal: + path: metadata.name + value: test-release-name-common-test + - documentIndex: *ingressDoc + equal: + path: metadata.annotations + value: + traefik.ingress.kubernetes.io/router.entrypoints: web + traefik.ingress.kubernetes.io/router.middlewares: test-release-namespace-chain-basic@kubernetescrd + # Failures - it: should fail with entrypoint not a slice set: diff --git a/library/common/Chart.yaml b/library/common/Chart.yaml index 37beedac..17c6d960 100644 --- a/library/common/Chart.yaml +++ b/library/common/Chart.yaml @@ -15,4 +15,4 @@ maintainers: name: common sources: null type: library -version: 17.1.5 +version: 17.2.0 diff --git a/library/common/templates/lib/ingress/integrations/_traefik.tpl b/library/common/templates/lib/ingress/integrations/_traefik.tpl index b20fc044..ffacfcba 100644 --- a/library/common/templates/lib/ingress/integrations/_traefik.tpl +++ b/library/common/templates/lib/ingress/integrations/_traefik.tpl @@ -119,8 +119,8 @@ {{- $_ := set $objectData.annotations "traefik.ingress.kubernetes.io/router.middlewares" (join "," $formattedMiddlewares) -}} {{- end -}} - {{- if or $traefik.forceTLS ( has websecure $entrypoints ) -}} - {{- $_ := set $objectData.annotations "traefik.ingress.kubernetes.io/router.tls" 'true' -}} + {{- if or $traefik.forceTLS (mustHas "websecure" $entrypoints) -}} + {{- $_ := set $objectData.annotations "traefik.ingress.kubernetes.io/router.tls" "true" -}} {{- end -}} {{- end -}} diff --git a/library/common/values.yaml b/library/common/values.yaml index ec66cd4f..8ecec239 100644 --- a/library/common/values.yaml +++ b/library/common/values.yaml @@ -593,6 +593,8 @@ ingress: entrypoints: - websecure enableFixedMiddlewares: true + # Ensures tls annotation is set + forceTLS: true # Drops both global and local fixedMiddlewares when enabled allowCors: false # fixedMiddlewares: