diff --git a/Chart.yaml b/Chart.yaml index e098222..faef712 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -8,7 +8,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.12.0 +version: 1.12.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -47,6 +47,4 @@ annotations: - name: Helm Chart url: https://github.com/IN-CORE/incore-helm artifacthub.io/changes: | - - Incore release 3.5.0 - - Upgrade postgresql to 11 (requires a dump/restore of the database) - - Upgrade keyclock to 17.0.1 + - add fix for traefik v2 middleware diff --git a/README.md b/README.md index 7e60c69..ad7c196 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,7 @@ The following table lists the configurable parameters of the IN-CORE chart and t | Parameter | Description | Default | | ------------------------------------ | ------------------------------------------------ | ------------------------------------------------------- | ingress.hosts[0].host | ingress rule for incore | incore.example.com +| ingress.traefik | Use Traefik V2 middleware | false Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. Or more convenient use a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, @@ -112,6 +113,9 @@ For an example of using existing PVC, see the file [incore-pvc.yaml](incore-pvc. ## ChangeLog +### 1.12.1 +- Enable traefik v2 middleware + ### 1.12.0 - Incore release 3.5.0 - Upgrade postgresql to 11 (requires a dump/restore of the database) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 8f815dd..188fdda 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -66,12 +66,16 @@ Create the name of the service account to use Ingress annotations traefik.ingress.kubernetes.io/whitelist-source-range: "141.142.0.0/16" */}} -{{- define "incore.authIngressAnnotation" -}} +{{- define "incore.authIngressAnnotation" }} +{{- if .Values.ingress.traefik -}} +traefik.ingress.kubernetes.io/router.middlewares: {{ .Release.Namespace }}-incore-auth@kubernetescrd +{{- else }} ingress.kubernetes.io/auth-type: forward -ingress.kubernetes.io/auth-url: http://{{ include "incore.fullname" . }}-auth.{{ .Release.Namespace }}.svc.cluster.local:5000/ +ingress.kubernetes.io/auth-url: http://{{ include "incore.fullname" . }}-auth.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.auth.service.port }}/ ingress.kubernetes.io/auth-trust-headers: "true" ingress.kubernetes.io/auth-response-headers: x-auth-userinfo, X-Auth-Userinfo, x-auth-usergroup, X-Auth-UserGroup {{- end }} +{{- end }} {{/* Create the mongodb uri to use diff --git a/templates/middleware.yaml b/templates/middleware.yaml new file mode 100644 index 0000000..b36a9ac --- /dev/null +++ b/templates/middleware.yaml @@ -0,0 +1,15 @@ +{{- if .Values.ingress.traefik -}} +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: auth +spec: + forwardAuth: + address: http://{{ include "incore.fullname" . }}-auth.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.auth.service.port }}/ + authResponseHeaders: + - x-auth-userinfo + - X-Auth-Userinfo + - x-auth-usergroup + - X-Auth-UserGroup + trustForwardHeader: true +{{- end }} diff --git a/values.yaml b/values.yaml index ea9fa4b..97fd644 100644 --- a/values.yaml +++ b/values.yaml @@ -58,6 +58,8 @@ ingress: # - secretName: chart-example-tls # hosts: # - chart-example.local + # should we add middleare annotations for traefik v2? + traefik: false # used by both data and hazard services persistence: