Merge pull request #31 from IN-CORE/traefik-v2

add traefik v2 support

Chart.yaml

@@ -8,7 +8,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.12.0
+version: 1.12.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -47,6 +47,4 @@ annotations:
     - name: Helm Chart
       url: https://github.com/IN-CORE/incore-helm
   artifacthub.io/changes: |
-    - Incore release 3.5.0
-    - Upgrade postgresql to 11 (requires a dump/restore of the database)
-    - Upgrade keyclock to 17.0.1
+    - add fix for traefik v2 middleware

README.md

@@ -59,6 +59,7 @@ The following table lists the configurable parameters of the IN-CORE chart and t
 | Parameter                            | Description                                      | Default                                                 |
 | ------------------------------------ | ------------------------------------------------ | -------------------------------------------------------
 | ingress.hosts[0].host | ingress rule for incore  | incore.example.com
+| ingress.traefik | Use Traefik V2 middleware | false
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. Or more convenient
 use a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
@@ -112,6 +113,9 @@ For an example of using existing PVC, see the file [incore-pvc.yaml](incore-pvc.
 
 ## ChangeLog
 
+### 1.12.1
+- Enable traefik v2 middleware
+
 ### 1.12.0
 - Incore release 3.5.0
 - Upgrade postgresql to 11 (requires a dump/restore of the database)

templates/_helpers.tpl

@@ -66,12 +66,16 @@ Create the name of the service account to use
 Ingress annotations
 traefik.ingress.kubernetes.io/whitelist-source-range: "141.142.0.0/16"
 */}}
-{{- define "incore.authIngressAnnotation" -}}
+{{- define "incore.authIngressAnnotation" }}
+{{- if .Values.ingress.traefik -}}
+traefik.ingress.kubernetes.io/router.middlewares: {{ .Release.Namespace }}-incore-auth@kubernetescrd
+{{- else }}
 ingress.kubernetes.io/auth-type: forward
-ingress.kubernetes.io/auth-url: http://{{ include "incore.fullname" . }}-auth.{{ .Release.Namespace }}.svc.cluster.local:5000/
+ingress.kubernetes.io/auth-url: http://{{ include "incore.fullname" . }}-auth.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.auth.service.port }}/
 ingress.kubernetes.io/auth-trust-headers: "true"
 ingress.kubernetes.io/auth-response-headers: x-auth-userinfo, X-Auth-Userinfo, x-auth-usergroup, X-Auth-UserGroup
 {{- end }}
+{{- end }}
 
 {{/*
 Create the mongodb uri to use

templates/middleware.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.ingress.traefik -}}
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: auth
+spec:
+  forwardAuth:
+    address: http://{{ include "incore.fullname" . }}-auth.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.auth.service.port }}/
+    authResponseHeaders:
+      - x-auth-userinfo
+      - X-Auth-Userinfo
+      - x-auth-usergroup
+      - X-Auth-UserGroup
+    trustForwardHeader: true
+{{- end }}

values.yaml

@@ -58,6 +58,8 @@ ingress:
   #  - secretName: chart-example-tls
   #    hosts:
   #      - chart-example.local
+  # should we add middleare annotations for traefik v2?
+  traefik: false
 
 # used by both data and hazard services
 persistence: