From 7790a05565964da4c885921fbe49cb0b36c171e5 Mon Sep 17 00:00:00 2001 From: Felix Delattre Date: Thu, 11 Dec 2025 23:42:19 +0100 Subject: [PATCH 1/3] Moved to traefik for default ingress. --- CHANGELOG.md | 4 + charts/eoapi/README.md | 4 +- charts/eoapi/profiles/core.yaml | 2 +- charts/eoapi/profiles/experimental.yaml | 2 +- charts/eoapi/profiles/production.yaml | 2 +- .../templates/networking/ingress-browser.yaml | 4 +- .../eoapi/templates/networking/ingress.yaml | 40 +++--- charts/eoapi/tests/ingress_tests.yaml | 11 +- charts/eoapi/values.yaml | 3 +- docs/argocd.md | 2 +- docs/autoscaling.md | 6 +- docs/configuration.md | 2 +- docs/unified-ingress.md | 121 +++++++++++++----- scripts/deployment.sh | 7 + 14 files changed, 136 insertions(+), 74 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ead4454..426c4564 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Added support for annotations on the PgSTAC bootstrap job via `pgstacBootstrap.jobAnnotations` in values.yaml [#381](https://github.com/developmentseed/eoapi-k8s/pull/381) +### Changed + +- Moved to traefik for the default ingress solution [#384](https://github.com/developmentseed/eoapi-k8s/pull/384) + ### Fixed - Fixed Helm template to check queryables `file` field with schema validation [#380](https://github.com/developmentseed/eoapi-k8s/pull/380) diff --git a/charts/eoapi/README.md b/charts/eoapi/README.md index f7ea9f21..7e2fe50e 100644 --- a/charts/eoapi/README.md +++ b/charts/eoapi/README.md @@ -98,7 +98,7 @@ apiServices: # Configure ingress ingress: enabled: true - className: "nginx" # or "traefik" + className: "traefik" # Or "nginx" for legacy setups host: "your-domain.com" # Optional # Database options @@ -130,7 +130,7 @@ pgstacBootstrap: | `postgresql.type` | Database deployment type | `postgrescluster` | | `postgrescluster.enabled` | Enable PostgreSQL cluster. Must be set to `false` when using external databases | `true` | | `ingress.enabled` | Enable ingress | `true` | -| `ingress.className` | Ingress controller class | `nginx` | +| `ingress.className` | Ingress controller class | `traefik` | | `browser.enabled` | Enable STAC Browser interface | `true` | | `pgstacBootstrap.enabled` | Enable database initialization | `true` | | `notifications.sources.pgstac` | Enable PostgreSQL notification triggers for STAC item changes | `false` | diff --git a/charts/eoapi/profiles/core.yaml b/charts/eoapi/profiles/core.yaml index c401ed92..5798ab29 100644 --- a/charts/eoapi/profiles/core.yaml +++ b/charts/eoapi/profiles/core.yaml @@ -167,7 +167,7 @@ observability: ###################### ingress: enabled: true - className: "nginx" + className: "traefik" pathType: "Prefix" host: "" tls: diff --git a/charts/eoapi/profiles/experimental.yaml b/charts/eoapi/profiles/experimental.yaml index 943843d5..ef68ea2d 100644 --- a/charts/eoapi/profiles/experimental.yaml +++ b/charts/eoapi/profiles/experimental.yaml @@ -358,7 +358,7 @@ autoscaling: ###################### ingress: enabled: true - className: "nginx" + className: "traefik" pathType: "Prefix" host: "localhost" tls: diff --git a/charts/eoapi/profiles/production.yaml b/charts/eoapi/profiles/production.yaml index 042ae4a6..ec5fa95a 100644 --- a/charts/eoapi/profiles/production.yaml +++ b/charts/eoapi/profiles/production.yaml @@ -343,7 +343,7 @@ knative: ###################### ingress: enabled: true - className: "nginx" + className: "traefik" pathType: "Prefix" host: "eoapi.example.com" # CHANGE THIS to your domain tls: diff --git a/charts/eoapi/templates/networking/ingress-browser.yaml b/charts/eoapi/templates/networking/ingress-browser.yaml index 35eccc23..7c0ff2cf 100644 --- a/charts/eoapi/templates/networking/ingress-browser.yaml +++ b/charts/eoapi/templates/networking/ingress-browser.yaml @@ -19,9 +19,7 @@ metadata: {{- if eq .Values.ingress.className "nginx" }} nginx.ingress.kubernetes.io/rewrite-target: /browser/$2 nginx.ingress.kubernetes.io/use-regex: "true" - {{- end }} - # Temporary annotations for Traefik until uvicorn support real prefix in ASGI: https://github.com/encode/uvicorn/discussions/2490 - {{- if eq .Values.ingress.className "traefik" }} + {{- else if eq .Values.ingress.className "traefik" }} traefik.ingress.kubernetes.io/router.entrypoints: web traefik.ingress.kubernetes.io/router.middlewares: {{ $.Release.Namespace }}-{{ $.Release.Name }}-strip-prefix-middleware@kubernetescrd {{- end }} diff --git a/charts/eoapi/templates/networking/ingress.yaml b/charts/eoapi/templates/networking/ingress.yaml index dc49bb70..02c11369 100644 --- a/charts/eoapi/templates/networking/ingress.yaml +++ b/charts/eoapi/templates/networking/ingress.yaml @@ -15,15 +15,13 @@ metadata: {{- if eq .Values.ingress.className "nginx" }} nginx.ingress.kubernetes.io/rewrite-target: /$2 nginx.ingress.kubernetes.io/use-regex: "true" + {{- else if eq .Values.ingress.className "traefik" }} + traefik.ingress.kubernetes.io/router.entrypoints: web + traefik.ingress.kubernetes.io/router.middlewares: {{ $.Release.Namespace }}-{{ $.Release.Name }}-strip-prefix-middleware@kubernetescrd {{- end }} {{- if .Values.ingress.annotations }} {{ toYaml .Values.ingress.annotations | indent 4 }} {{- end }} - # Temporary annotations for Traefik until uvicorn support real prefix in ASGI: https://github.com/encode/uvicorn/discussions/2490 - {{- if eq .Values.ingress.className "traefik" }} - traefik.ingress.kubernetes.io/router.entrypoints: web - traefik.ingress.kubernetes.io/router.middlewares: {{ $.Release.Namespace }}-{{ $.Release.Name }}-strip-prefix-middleware@kubernetescrd - {{- end }} spec: {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} ingressClassName: {{ .Values.ingress.className }} @@ -45,8 +43,8 @@ spec: {{- end }} {{- if and $.Values.stac.enabled (or (not (hasKey $.Values.stac "ingress")) $.Values.stac.ingress.enabled) }} - - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ $.Values.stac.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }} + - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ $.Values.stac.ingress.path }}{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }} backend: service: {{- if index $.Values "stac-auth-proxy" "enabled" }} @@ -59,8 +57,8 @@ spec: {{- end }} {{- if and $.Values.vector.enabled (or (not (hasKey $.Values.vector "ingress")) $.Values.vector.ingress.enabled) }} - - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ $.Values.vector.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }} + - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ $.Values.vector.ingress.path }}{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }} backend: service: name: {{ $.Release.Name }}-vector @@ -69,8 +67,8 @@ spec: {{- end }} {{- if and $.Values.multidim.enabled (or (not (hasKey $.Values.multidim "ingress")) $.Values.multidim.ingress.enabled) }} - - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ $.Values.multidim.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }} + - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ $.Values.multidim.ingress.path }}{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }} backend: service: name: {{ $.Release.Name }}-multidim @@ -79,8 +77,8 @@ spec: {{- end }} {{- if and $.Values.mockOidcServer.enabled $.Values.mockOidcServer.ingress.enabled }} - - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ $.Values.mockOidcServer.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }} + - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ $.Values.mockOidcServer.ingress.path }}{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }} backend: service: name: {{ $.Release.Name }}-mock-oidc-server @@ -115,8 +113,8 @@ spec: {{- end }} {{- if and .Values.stac.enabled (or (not (hasKey .Values.stac "ingress")) .Values.stac.ingress.enabled) }} - - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ .Values.stac.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }} + - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ .Values.stac.ingress.path }}{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }} backend: service: {{- if index .Values "stac-auth-proxy" "enabled" }} @@ -129,8 +127,8 @@ spec: {{- end }} {{- if and .Values.vector.enabled (or (not (hasKey .Values.vector "ingress")) .Values.vector.ingress.enabled) }} - - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ .Values.vector.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }} + - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ .Values.vector.ingress.path }}{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }} backend: service: name: {{ .Release.Name }}-vector @@ -139,8 +137,8 @@ spec: {{- end }} {{- if and .Values.multidim.enabled (or (not (hasKey .Values.multidim "ingress")) .Values.multidim.ingress.enabled) }} - - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ .Values.multidim.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }} + - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ .Values.multidim.ingress.path }}{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }} backend: service: name: {{ .Release.Name }}-multidim @@ -149,8 +147,8 @@ spec: {{- end }} {{- if and .Values.mockOidcServer.enabled .Values.mockOidcServer.ingress.enabled }} - - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ .Values.mockOidcServer.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }} + - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ .Values.mockOidcServer.ingress.path }}{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }} backend: service: name: {{ .Release.Name }}-mock-oidc-server diff --git a/charts/eoapi/tests/ingress_tests.yaml b/charts/eoapi/tests/ingress_tests.yaml index 11363982..3b0f95e7 100644 --- a/charts/eoapi/tests/ingress_tests.yaml +++ b/charts/eoapi/tests/ingress_tests.yaml @@ -33,10 +33,9 @@ tests: path: spec.ingressClassName value: "nginx" - - it: "stac ingress with traefik controller" + - it: "stac ingress with traefik controller (using nginx provider)" set: ingress.className: "traefik" - ingress.pathType: "Prefix" ingress.host: "eoapi.local" raster.enabled: false stac.enabled: true @@ -48,15 +47,15 @@ tests: of: Ingress - equal: path: spec.rules[0].http.paths[0].path - value: "/stac" + value: "/stac(/|$)(.*)" - equal: path: spec.rules[0].http.paths[0].pathType - value: "Prefix" + value: "ImplementationSpecific" - equal: path: metadata.annotations value: - traefik.ingress.kubernetes.io/router.entrypoints: web - traefik.ingress.kubernetes.io/router.middlewares: NAMESPACE-RELEASE-NAME-strip-prefix-middleware@kubernetescrd + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/use-regex: "true" - equal: path: spec.ingressClassName value: "traefik" diff --git a/charts/eoapi/values.yaml b/charts/eoapi/values.yaml index c936cc5c..e04a7339 100644 --- a/charts/eoapi/values.yaml +++ b/charts/eoapi/values.yaml @@ -32,9 +32,10 @@ service: ingress: # Unified ingress configuration for both nginx and traefik + # Traefik 3.5+ supports nginx annotations via the nginx provider enabled: true # ingressClassName: "nginx" or "traefik" - className: "nginx" + className: "traefik" rootPath: "" # Root path for doc server # Single host domain configuration (default) host: "" diff --git a/docs/argocd.md b/docs/argocd.md index 0cf662a9..0efea414 100644 --- a/docs/argocd.md +++ b/docs/argocd.md @@ -136,7 +136,7 @@ spec: # Ingress setup ingress: enabled: true - className: "nginx" + className: "traefik" host: "eoapi.example.com" destination: diff --git a/docs/autoscaling.md b/docs/autoscaling.md index 1bcf6be4..64c6f503 100644 --- a/docs/autoscaling.md +++ b/docs/autoscaling.md @@ -408,19 +408,19 @@ metadata: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing spec: - ingressClassName: nginx + ingressClassName: traefik rules: - host: your-domain.com http: paths: [...] -# For nginx ingress +# For traefik ingress apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: eoapi-ingress spec: - ingressClassName: nginx + ingressClassName: traefik rules: - host: abc5929f88f8c45c38f6cbab2faad43c-776419634.us-west-2.elb.amazonaws.com http: diff --git a/docs/configuration.md b/docs/configuration.md index a0362589..72eb7031 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -269,7 +269,7 @@ Unified ingress configuration supporting both NGINX and Traefik: | **Values Key** | **Description** | **Default** | **Choices** | |:--------------|:----------------|:------------|:------------| | `ingress.enabled` | Enable ingress | true | true/false | -| `ingress.className` | Ingress controller | "nginx" | "nginx", "traefik" | +| `ingress.className` | Ingress controller | "traefik" | "traefik", "nginx" | | `ingress.host` | Ingress hostname | "" | valid hostname | | `ingress.rootPath` | Doc server root path | "" | valid path | diff --git a/docs/unified-ingress.md b/docs/unified-ingress.md index 6a41b78e..6d4bfd48 100644 --- a/docs/unified-ingress.md +++ b/docs/unified-ingress.md @@ -1,13 +1,15 @@ --- title: "Unified Ingress Configuration" -description: "NGINX and Traefik ingress setup with TLS and cert-manager integration" +description: "Traefik ingress setup with NGINX compatibility, TLS and cert-manager integration" external_links: - name: "eoapi-k8s Repository" url: "https://github.com/developmentseed/eoapi-k8s" - - name: "NGINX Ingress Controller" - url: "https://kubernetes.github.io/ingress-nginx/" - name: "Traefik Documentation" url: "https://doc.traefik.io/traefik/" + - name: "Traefik NGINX Provider" + url: "https://doc.traefik.io/traefik/routing/providers/kubernetes-ingress-nginx/" + - name: "NGINX Ingress Controller" + url: "https://kubernetes.github.io/ingress-nginx/" - name: "cert-manager" url: "https://cert-manager.io/" --- @@ -18,23 +20,26 @@ This document describes the unified ingress approach implemented in the eoAPI He ## Overview -eoAPI includes a streamlined ingress configuration with smart defaults for different controllers. This approach: +eoAPI defaults to **Traefik** as the ingress controller, leveraging Traefik's NGINX provider for seamless compatibility with NGINX ingress annotations. This approach: +- Uses Traefik 3.5+ with NGINX provider support for zero-drama migration from ingress-nginx +- Maintains compatibility with existing NGINX ingress annotations - Eliminates manual pathType and suffix configurations -- Uses controller-specific optimizations for NGINX and Traefik - Provides separate configuration for STAC browser -- Maintains backward compatibility while improving usability +- Maintains backward compatibility with NGINX ingress controller ## Configuration -The ingress configuration has been simplified in the `values.yaml` file: +The ingress configuration defaults to Traefik with NGINX provider support: ```yaml ingress: # Unified ingress configuration for both nginx and traefik + # Traefik 3.5+ supports nginx annotations via the nginx provider + # Set --experimental.kubernetesIngressNGINX and --providers.kubernetesIngressNGINX when deploying Traefik enabled: true - # ingressClassName: "nginx" or "traefik" - className: "nginx" + # ingressClassName: "traefik" (default) or "nginx" + className: "traefik" # Root path for doc server rootPath: "" # Host configuration @@ -47,44 +52,64 @@ ingress: secretName: eoapi-tls ``` +## Deploying Traefik with NGINX Provider + +To use Traefik as a drop-in replacement for ingress-nginx, deploy Traefik with the NGINX provider enabled: + +```bash +helm repo add traefik https://traefik.github.io/charts +helm repo update + +helm upgrade --install traefik traefik/traefik \ + --namespace traefik \ + --create-namespace \ + --version ~v37.3.0 \ + --set providers.kubernetesGateway.enabled=true \ + --set 'additionalArguments[0]=--providers.kubernetesIngressNGINX' \ + --set 'additionalArguments[1]=--experimental.kubernetesIngressNGINX=true' \ + --wait +``` + +This enables Traefik to understand and process NGINX ingress annotations, allowing you to migrate from ingress-nginx with minimal changes. + ## Controller-Specific Behavior -### NGINX Ingress Controller +### Traefik Ingress Controller (Default) -For NGINX, the system automatically: -- Uses `ImplementationSpecific` pathType -- Adds regex-based path matching -- Sets up proper rewrite rules +Traefik is now the default ingress controller. When using Traefik with the NGINX provider: +- Uses `ImplementationSpecific` pathType (same as NGINX) +- Supports NGINX ingress annotations natively +- Handles regex-based path matching via NGINX annotations +- Automatically processes rewrite rules from NGINX annotations + +The eoAPI chart automatically applies NGINX annotations when using Traefik, which are understood by Traefik's NGINX provider: -Basic NGINX configuration: ```yaml ingress: enabled: true - className: "nginx" + className: "traefik" # Default + host: "example.domain.com" annotations: - # Additional custom annotations if needed + # NGINX annotations work with Traefik's NGINX provider nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/enable-access-log: "true" ``` -### Traefik Ingress Controller +### NGINX Ingress Controller (Legacy) -For Traefik, the system: -- Uses `Prefix` pathType by default -- Automatically configures strip-prefix middleware -- Handles path-based routing appropriately +For backward compatibility, NGINX ingress controller is still supported: -Basic Traefik configuration: ```yaml ingress: enabled: true - className: "traefik" - # When using TLS, setting host is required - host: "example.domain.com" + className: "nginx" annotations: - traefik.ingress.kubernetes.io/router.entrypoints: web + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/enable-access-log: "true" ``` +**Note:** With ingress-nginx entering maintenance mode (EoL March 2026), migrating to Traefik is recommended. + ## STAC Browser Configuration The STAC browser now uses a separate ingress configuration to handle its unique requirements: @@ -131,7 +156,7 @@ spec: solvers: - http01: ingress: - class: nginx # or traefik, depending on your setup + class: traefik # or nginx for legacy setups ``` 3. After testing with staging, create the production issuer: @@ -149,14 +174,14 @@ spec: solvers: - http01: ingress: - class: nginx # or traefik, depending on your setup + class: traefik # or nginx for legacy setups ``` 4. Configure your eoAPI ingress to use cert-manager: ```yaml ingress: enabled: true - className: "nginx" # or "traefik" + className: "traefik" # Default, or "nginx" for legacy setups host: "eoapi.example.com" annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" @@ -165,14 +190,44 @@ ingress: secretName: eoapi-tls # cert-manager will create this secret ``` -## Migration from 0.7.0 +## Migration from ingress-nginx to Traefik + +### Why Migrate? + +With ingress-nginx entering maintenance mode (EoL March 2026), migrating to Traefik provides: +- **Security**: Traefik's secure-by-design architecture eliminates template injection vulnerabilities +- **Future-proof**: Gateway API leadership and modern cloud-native design +- **Zero-drama migration**: NGINX provider allows using existing annotations without changes +- **Production-ready**: Battle-tested at scale with 3.4+ billion downloads + +### Migration Steps + +1. **Deploy Traefik with NGINX provider** (see [Deploying Traefik](#deploying-traefik-with-nginx-provider) above) + +2. **Update your values.yaml**: + ```yaml + ingress: + className: "traefik" # Changed from "nginx" + ``` + +3. **No annotation changes needed**: Your existing NGINX annotations will work with Traefik's NGINX provider + +4. **Verify the migration**: + ```bash + kubectl get ingress + kubectl get pods -n traefik + ``` + +5. **Test your endpoints** to ensure everything works as expected + +### Migration from 0.7.0 If you're upgrading from version 0.7.0: 1. Remove any `pathType` and `pathSuffix` configurations from your values 2. The system will automatically use the appropriate settings for your chosen controller -3. For NGINX users, regex path matching is now enabled by default -4. For Traefik users, strip-prefix middleware is automatically configured +3. NGINX annotations work with both NGINX and Traefik (via NGINX provider) +4. Regex path matching is enabled by default for both controllers ## Path Structure diff --git a/scripts/deployment.sh b/scripts/deployment.sh index d9e769a2..1310bd00 100755 --- a/scripts/deployment.sh +++ b/scripts/deployment.sh @@ -115,6 +115,13 @@ EOF testing_mode=true fi + # Allow overriding ingress className via environment variable (optional, for special cases) + # Default is traefik, which works with Traefik's NGINX provider + if [[ -n "${INGRESS_CLASS_NAME:-}" ]]; then + log_info "Overriding ingress className to: ${INGRESS_CLASS_NAME}" + helm_cmd="$helm_cmd --set ingress.className=${INGRESS_CLASS_NAME}" + fi + helm_cmd="$helm_cmd --timeout $TIMEOUT" log_info "Deploying eoAPI..." From ea321ad92ad14b69f20e6e2d789cc5caef587c47 Mon Sep 17 00:00:00 2001 From: Felix Delattre Date: Fri, 12 Dec 2025 00:37:49 +0100 Subject: [PATCH 2/3] foo --- .../templates/networking/ingress-browser.yaml | 1 - .../eoapi/templates/networking/ingress.yaml | 33 +++++++++---------- .../networking/traefik-middleware.yaml | 25 -------------- 3 files changed, 16 insertions(+), 43 deletions(-) delete mode 100644 charts/eoapi/templates/networking/traefik-middleware.yaml diff --git a/charts/eoapi/templates/networking/ingress-browser.yaml b/charts/eoapi/templates/networking/ingress-browser.yaml index 7c0ff2cf..e1dc0e53 100644 --- a/charts/eoapi/templates/networking/ingress-browser.yaml +++ b/charts/eoapi/templates/networking/ingress-browser.yaml @@ -21,7 +21,6 @@ metadata: nginx.ingress.kubernetes.io/use-regex: "true" {{- else if eq .Values.ingress.className "traefik" }} traefik.ingress.kubernetes.io/router.entrypoints: web - traefik.ingress.kubernetes.io/router.middlewares: {{ $.Release.Namespace }}-{{ $.Release.Name }}-strip-prefix-middleware@kubernetescrd {{- end }} spec: {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} diff --git a/charts/eoapi/templates/networking/ingress.yaml b/charts/eoapi/templates/networking/ingress.yaml index 02c11369..3b4924be 100644 --- a/charts/eoapi/templates/networking/ingress.yaml +++ b/charts/eoapi/templates/networking/ingress.yaml @@ -17,7 +17,6 @@ metadata: nginx.ingress.kubernetes.io/use-regex: "true" {{- else if eq .Values.ingress.className "traefik" }} traefik.ingress.kubernetes.io/router.entrypoints: web - traefik.ingress.kubernetes.io/router.middlewares: {{ $.Release.Namespace }}-{{ $.Release.Name }}-strip-prefix-middleware@kubernetescrd {{- end }} {{- if .Values.ingress.annotations }} {{ toYaml .Values.ingress.annotations | indent 4 }} @@ -43,8 +42,8 @@ spec: {{- end }} {{- if and $.Values.stac.enabled (or (not (hasKey $.Values.stac "ingress")) $.Values.stac.ingress.enabled) }} - - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ $.Values.stac.ingress.path }}{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }} + - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ $.Values.stac.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }} backend: service: {{- if index $.Values "stac-auth-proxy" "enabled" }} @@ -57,8 +56,8 @@ spec: {{- end }} {{- if and $.Values.vector.enabled (or (not (hasKey $.Values.vector "ingress")) $.Values.vector.ingress.enabled) }} - - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ $.Values.vector.ingress.path }}{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }} + - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ $.Values.vector.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }} backend: service: name: {{ $.Release.Name }}-vector @@ -67,8 +66,8 @@ spec: {{- end }} {{- if and $.Values.multidim.enabled (or (not (hasKey $.Values.multidim "ingress")) $.Values.multidim.ingress.enabled) }} - - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ $.Values.multidim.ingress.path }}{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }} + - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ $.Values.multidim.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }} backend: service: name: {{ $.Release.Name }}-multidim @@ -77,8 +76,8 @@ spec: {{- end }} {{- if and $.Values.mockOidcServer.enabled $.Values.mockOidcServer.ingress.enabled }} - - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ $.Values.mockOidcServer.ingress.path }}{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }} + - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ $.Values.mockOidcServer.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }} backend: service: name: {{ $.Release.Name }}-mock-oidc-server @@ -113,8 +112,8 @@ spec: {{- end }} {{- if and .Values.stac.enabled (or (not (hasKey .Values.stac "ingress")) .Values.stac.ingress.enabled) }} - - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ .Values.stac.ingress.path }}{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }} + - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ .Values.stac.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }} backend: service: {{- if index .Values "stac-auth-proxy" "enabled" }} @@ -127,8 +126,8 @@ spec: {{- end }} {{- if and .Values.vector.enabled (or (not (hasKey .Values.vector "ingress")) .Values.vector.ingress.enabled) }} - - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ .Values.vector.ingress.path }}{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }} + - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ .Values.vector.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }} backend: service: name: {{ .Release.Name }}-vector @@ -137,8 +136,8 @@ spec: {{- end }} {{- if and .Values.multidim.enabled (or (not (hasKey .Values.multidim "ingress")) .Values.multidim.ingress.enabled) }} - - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ .Values.multidim.ingress.path }}{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }} + - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ .Values.multidim.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }} backend: service: name: {{ .Release.Name }}-multidim @@ -147,8 +146,8 @@ spec: {{- end }} {{- if and .Values.mockOidcServer.enabled .Values.mockOidcServer.ingress.enabled }} - - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ .Values.mockOidcServer.ingress.path }}{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }} + - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ .Values.mockOidcServer.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }} backend: service: name: {{ .Release.Name }}-mock-oidc-server diff --git a/charts/eoapi/templates/networking/traefik-middleware.yaml b/charts/eoapi/templates/networking/traefik-middleware.yaml deleted file mode 100644 index 82bc926c..00000000 --- a/charts/eoapi/templates/networking/traefik-middleware.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.ingress.enabled (eq .Values.ingress.className "traefik") }} -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: {{ .Release.Name }}-strip-prefix-middleware - namespace: {{ .Release.Namespace }} -spec: - stripPrefix: - prefixes: - {{- if .Values.raster.enabled }} - - {{ .Values.raster.ingress.path }} - {{- end }} - {{- if .Values.stac.enabled }} - - {{ .Values.stac.ingress.path }} - {{- end }} - {{- if .Values.vector.enabled }} - - {{ .Values.vector.ingress.path }} - {{- end }} - {{- if .Values.multidim.enabled }} - - {{ .Values.multidim.ingress.path }} - {{- end }} - {{- if and .Values.mockOidcServer.enabled .Values.mockOidcServer.ingress.enabled }} - - {{ .Values.mockOidcServer.ingress.path }} - {{- end }} -{{- end }} From c05a76545b9601d3bf8da977a904977a51efd76f Mon Sep 17 00:00:00 2001 From: Felix Delattre Date: Fri, 12 Dec 2025 00:43:51 +0100 Subject: [PATCH 3/3] bar --- .../templates/networking/ingress-browser.yaml | 17 +++++--- .../eoapi/templates/networking/ingress.yaml | 43 ++++++++++--------- .../networking/traefik-middleware.yaml | 25 +++++++++++ charts/eoapi/tests/ingress_tests.yaml | 11 ++--- 4 files changed, 64 insertions(+), 32 deletions(-) create mode 100644 charts/eoapi/templates/networking/traefik-middleware.yaml diff --git a/charts/eoapi/templates/networking/ingress-browser.yaml b/charts/eoapi/templates/networking/ingress-browser.yaml index e1dc0e53..f57f5737 100644 --- a/charts/eoapi/templates/networking/ingress-browser.yaml +++ b/charts/eoapi/templates/networking/ingress-browser.yaml @@ -13,15 +13,18 @@ metadata: labels: app: {{ .Release.Name }}-ingress-browser annotations: - {{- if .Values.ingress.annotations }} -{{ toYaml .Values.ingress.annotations | indent 4 }} - {{- end }} {{- if eq .Values.ingress.className "nginx" }} nginx.ingress.kubernetes.io/rewrite-target: /browser/$2 nginx.ingress.kubernetes.io/use-regex: "true" {{- else if eq .Values.ingress.className "traefik" }} + # Traefik with NGINX provider supports nginx annotations + nginx.ingress.kubernetes.io/rewrite-target: /browser/$2 + nginx.ingress.kubernetes.io/use-regex: "true" traefik.ingress.kubernetes.io/router.entrypoints: web {{- end }} + {{- if .Values.ingress.annotations }} +{{ toYaml .Values.ingress.annotations | indent 4 }} + {{- end }} spec: {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} ingressClassName: {{ .Values.ingress.className }} @@ -33,8 +36,8 @@ spec: http: paths: {{- if and $.Values.browser.enabled (or (not (hasKey $.Values.browser "ingress")) $.Values.browser.ingress.enabled) }} - - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: "/browser{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }}" + - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: "/browser{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }}" backend: service: name: {{ .Release.Name }}-browser @@ -49,8 +52,8 @@ spec: http: paths: {{- if and .Values.browser.enabled (or (not (hasKey .Values.browser "ingress")) .Values.browser.ingress.enabled) }} - - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: "/browser{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }}" + - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: "/browser{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }}" backend: service: name: {{ .Release.Name }}-browser diff --git a/charts/eoapi/templates/networking/ingress.yaml b/charts/eoapi/templates/networking/ingress.yaml index 3b4924be..b8ff3fdb 100644 --- a/charts/eoapi/templates/networking/ingress.yaml +++ b/charts/eoapi/templates/networking/ingress.yaml @@ -16,6 +16,9 @@ metadata: nginx.ingress.kubernetes.io/rewrite-target: /$2 nginx.ingress.kubernetes.io/use-regex: "true" {{- else if eq .Values.ingress.className "traefik" }} + # Traefik with NGINX provider supports nginx annotations + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/use-regex: "true" traefik.ingress.kubernetes.io/router.entrypoints: web {{- end }} {{- if .Values.ingress.annotations }} @@ -32,8 +35,8 @@ spec: http: paths: {{- if and $.Values.raster.enabled (or (not (hasKey $.Values.raster "ingress")) $.Values.raster.ingress.enabled) }} - - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ $.Values.raster.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }} + - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ $.Values.raster.ingress.path }}{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }} backend: service: name: {{ $.Release.Name }}-raster @@ -42,8 +45,8 @@ spec: {{- end }} {{- if and $.Values.stac.enabled (or (not (hasKey $.Values.stac "ingress")) $.Values.stac.ingress.enabled) }} - - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ $.Values.stac.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }} + - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ $.Values.stac.ingress.path }}{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }} backend: service: {{- if index $.Values "stac-auth-proxy" "enabled" }} @@ -56,8 +59,8 @@ spec: {{- end }} {{- if and $.Values.vector.enabled (or (not (hasKey $.Values.vector "ingress")) $.Values.vector.ingress.enabled) }} - - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ $.Values.vector.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }} + - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ $.Values.vector.ingress.path }}{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }} backend: service: name: {{ $.Release.Name }}-vector @@ -66,8 +69,8 @@ spec: {{- end }} {{- if and $.Values.multidim.enabled (or (not (hasKey $.Values.multidim "ingress")) $.Values.multidim.ingress.enabled) }} - - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ $.Values.multidim.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }} + - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ $.Values.multidim.ingress.path }}{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }} backend: service: name: {{ $.Release.Name }}-multidim @@ -76,8 +79,8 @@ spec: {{- end }} {{- if and $.Values.mockOidcServer.enabled $.Values.mockOidcServer.ingress.enabled }} - - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ $.Values.mockOidcServer.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }} + - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ $.Values.mockOidcServer.ingress.path }}{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }} backend: service: name: {{ $.Release.Name }}-mock-oidc-server @@ -102,8 +105,8 @@ spec: http: paths: {{- if and .Values.raster.enabled (or (not (hasKey .Values.raster "ingress")) .Values.raster.ingress.enabled) }} - - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ .Values.raster.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }} + - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ .Values.raster.ingress.path }}{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }} backend: service: name: {{ .Release.Name }}-raster @@ -112,8 +115,8 @@ spec: {{- end }} {{- if and .Values.stac.enabled (or (not (hasKey .Values.stac "ingress")) .Values.stac.ingress.enabled) }} - - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ .Values.stac.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }} + - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ .Values.stac.ingress.path }}{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }} backend: service: {{- if index .Values "stac-auth-proxy" "enabled" }} @@ -126,8 +129,8 @@ spec: {{- end }} {{- if and .Values.vector.enabled (or (not (hasKey .Values.vector "ingress")) .Values.vector.ingress.enabled) }} - - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ .Values.vector.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }} + - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ .Values.vector.ingress.path }}{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }} backend: service: name: {{ .Release.Name }}-vector @@ -136,8 +139,8 @@ spec: {{- end }} {{- if and .Values.multidim.enabled (or (not (hasKey .Values.multidim "ingress")) .Values.multidim.ingress.enabled) }} - - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ .Values.multidim.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }} + - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ .Values.multidim.ingress.path }}{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }} backend: service: name: {{ .Release.Name }}-multidim @@ -146,8 +149,8 @@ spec: {{- end }} {{- if and .Values.mockOidcServer.enabled .Values.mockOidcServer.ingress.enabled }} - - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }} - path: {{ .Values.mockOidcServer.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }} + - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }} + path: {{ .Values.mockOidcServer.ingress.path }}{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }} backend: service: name: {{ .Release.Name }}-mock-oidc-server diff --git a/charts/eoapi/templates/networking/traefik-middleware.yaml b/charts/eoapi/templates/networking/traefik-middleware.yaml new file mode 100644 index 00000000..82bc926c --- /dev/null +++ b/charts/eoapi/templates/networking/traefik-middleware.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.ingress.enabled (eq .Values.ingress.className "traefik") }} +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ .Release.Name }}-strip-prefix-middleware + namespace: {{ .Release.Namespace }} +spec: + stripPrefix: + prefixes: + {{- if .Values.raster.enabled }} + - {{ .Values.raster.ingress.path }} + {{- end }} + {{- if .Values.stac.enabled }} + - {{ .Values.stac.ingress.path }} + {{- end }} + {{- if .Values.vector.enabled }} + - {{ .Values.vector.ingress.path }} + {{- end }} + {{- if .Values.multidim.enabled }} + - {{ .Values.multidim.ingress.path }} + {{- end }} + {{- if and .Values.mockOidcServer.enabled .Values.mockOidcServer.ingress.enabled }} + - {{ .Values.mockOidcServer.ingress.path }} + {{- end }} +{{- end }} diff --git a/charts/eoapi/tests/ingress_tests.yaml b/charts/eoapi/tests/ingress_tests.yaml index 3b0f95e7..11363982 100644 --- a/charts/eoapi/tests/ingress_tests.yaml +++ b/charts/eoapi/tests/ingress_tests.yaml @@ -33,9 +33,10 @@ tests: path: spec.ingressClassName value: "nginx" - - it: "stac ingress with traefik controller (using nginx provider)" + - it: "stac ingress with traefik controller" set: ingress.className: "traefik" + ingress.pathType: "Prefix" ingress.host: "eoapi.local" raster.enabled: false stac.enabled: true @@ -47,15 +48,15 @@ tests: of: Ingress - equal: path: spec.rules[0].http.paths[0].path - value: "/stac(/|$)(.*)" + value: "/stac" - equal: path: spec.rules[0].http.paths[0].pathType - value: "ImplementationSpecific" + value: "Prefix" - equal: path: metadata.annotations value: - nginx.ingress.kubernetes.io/rewrite-target: /$2 - nginx.ingress.kubernetes.io/use-regex: "true" + traefik.ingress.kubernetes.io/router.entrypoints: web + traefik.ingress.kubernetes.io/router.middlewares: NAMESPACE-RELEASE-NAME-strip-prefix-middleware@kubernetescrd - equal: path: spec.ingressClassName value: "traefik"