search

borchero / switchboard

Kubernetes Operator for Automatically Issuing DNS Records and TLS Certificates for Traefik Ingress Routes.
MIT License
155 stars 15 forks source link

Support for new API #111

Closed Elegant996 closed 6 months ago

Elegant996 commented 1 year ago

With the release of traefik v2.10, traefik.containo.us API has been deprecated. Could we build with the latest version of traefik to obtain support for the new traefik.io API? Thanks!

borchero commented 1 year ago

Makes sense, care to take a stab at it in a PR? :smile:

Elegant996 commented 1 year ago

Got it working on my end but it may take more work to make this a real PR. It looks like we'd have to add both crds to switchboard. The quick and dirty I made only converts everything to the new one. The issue is importing traefik:

traefik "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/traefik/v1alpha1"

To support both, we would have to introduce another one like so:

traefikio "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/traefikio/v1alpha1"

Afterwards, we could observe both. May get around to this but it would take more testing than just the quick renaming I did on top of the PR to support traefik v2.10.1.

borchero commented 1 year ago

I've never worked with an operator supporting two versions of a CRD so I need to investigate this a little. Will work on it soonish 😬

AlexGodbehere commented 1 year ago

@borchero, to confirm, this is still not implemented? Would explain why none of my IngressRoutes are being picked up 😅

borchero commented 1 year ago

Not implemented yet! Feel free to open a PR, I still didn't have time for it, unfortunately

mya-crabnebula commented 1 year ago

@borchero I've pushed up a patch that I believe addresses this. I haven't ever seen an operator or controller that works with multiple CRD definitions (unless it's fully self contained). For those wanting to test this out with the new version, I've pushed a copy of the container to ghcr under my user, and you'll need to grant switchboard permissions on the new version of the resources:

Container:

image:
  name: ghcr.io/mya-crabnebula/switchboard
  tag: latest@sha256:a3cb91a896529e134f4f7677c23cca3e1d275a398f7ba87c823bebd2a6cbf824

Additional permissions:

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: switchboard-extra
rules:
  - apiGroups: ["traefik.io"]
    resources: ["ingressroutes"]
    verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: switchboard-extra
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: switchboard-extra
subjects:
  - kind: ServiceAccount
    name: switchboard
    namespace: ingress
cuseinovic commented 7 months ago

Hello guys, I encountered the same problem here. Do you have some news about this PR or this topic ?

Thanks