search

traefik / traefik-helm-chart

Traefik Proxy Helm Chart
https://traefik.io
Apache License 2.0
1.07k stars 756 forks source link

Allow multiple Match rules for dashboard ingress route #1212

Open morotsgurka opened 3 days ago

morotsgurka commented 3 days ago

Welcome!

What did you expect to see?

Hi!

I'm using Authentik Proxy Provider for authentication on a k3s cluster. To define the authentication I need 2 Rules in the routes of the IngressRoute. Here is an example of my ingress for Longhorn's WebUI:

 apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: longhorn-frontend-ingress
  annotations:
    kubernetes.io/ingress.class: traefik-external
spec:
  entryPoints: 
    - websecure
  routes:
    - kind: Rule
      match: Host(`longhorn.domain.com`)
      middlewares:
        - name: authentik
          namespace: networking
      priority: 10
      services:
        - name: longhorn-frontend
          port: 8000
    - kind: Rule
      match: "Host(`longhorn.domain.com`) && PathPrefix(`/outpost.goauthentik.io/`)"
      priority: 15
      services:
        - kind: Service
          name: ak-outpost-traefik-proxy
          port: 9000
  tls:
    secretName: longhorn-prod-tls

From what I've read/understood, the values for the ingressRoute -> Dashboard uses this template file?

It then matches with "matchRule" from the values.yaml?

So my suggestion is having "routes: []" in values.yaml something like this:

ingressRoute:
  dashboard:
     enabled: true
     routes:
        - kind: Rule
          match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
          # -- The internal service used for the dashboard ingressRoute
          services:
              - name: api@internal
                kind: TraefikService
          # -- Additional ingressRoute middlewares (e.g. for authentication)
          middlewares: []
    # -- Specify the allowed entrypoints to use for the dashboard ingress route, (e.g. traefik, web, websecure).
    # By default, it's using traefik entrypoint, which is not exposed.
    # /!\ Do not expose your dashboard without any protection over the internet /!\
    entryPoints: ["traefik"]

And then update the ingressRoute template file to loop through(?) the routes specified. This would/should keep the default deployment the same but allow users to specify more than one match rule.

I'm no helm-chart expert so excuse me if I've simply misunderstood something about how helm charts/values work

mloiseleur commented 3 days ago

You're right, for simplicity, the template is using only 1 route. If we change this, it would be breaking for everyone.

We’re unsure about the use case and the traction it will receive. We are going to leave the status as kind/proposal to give the community time to let us know if they would like this idea.

We will reevaluate as people respond.