Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update traefik group to v33 (major) #1902

Merged
merged 1 commit into from
Nov 10, 2024
Merged

chore(deps): update traefik group to v33 (major) #1902

merged 1 commit into from
Nov 10, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 30, 2024
edited
Loading

This PR contains the following updates:

Package Update Change
traefik (source) major 32.1.1 -> 33.0.0
traefik-crd-source major v32.1.1 -> v33.0.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

traefik/traefik-helm-chart (traefik)

v33.0.0

Compare Source

Upgrade Notes

There are multiple breaking changes in this release:

  1. The default port of traefik entrypoint has changed from 9000 to 8080, just like the Traefik Proxy default port
    • You may have to update probes accordingly (or set this port back to 9000)
  2. publishedService is enabled by default on Ingress provider
    • You can disable it, if needed
  3. The POD_NAME and POD_NAMESPACE environment variables are now set by default, without values.
    • It is no longer necessary to add them in values and so, it can be removed from user values.
  4. In values, certResolvers specific syntax has been reworked to align with Traefik Proxy syntax.
    • PR #​1214 contains a complete before / after example on how to update values
  5. Traefik Proxy 3.2 supports Gateway API v1.2 (standard channel)
    • It is recommended to check that other software using Gateway API on your cluster are compatible
    • The Gateway API CRD upgrade may fail even with Flux, Argo or other CD tool
    • See release notes of gateway API v1.2 on how to upgrade their CRDs and avoid issues about invalid values on v1alpha2 version

The CRDs needs to be updated, as documented in the README.

ℹ️ A separate helm chart, just for CRDs, is being considered for a future release. See PR #​1123

⚠ BREAKING CHANGES
  • Env Variables: allow extending env without overwrite
  • certificateResolvers: 💥 🐛 use same syntax in Chart and in Traefik
  • Kubernetes Ingress: 💥 ✨ enable publishedService by default
  • Traefik: 💥 set 8080 as default port for traefik entrypoint
Features
  • Gateway API: ✨ add infrastructure in the values (2b28f7b)
  • Gateway API: ✨ standard install CRD v1.2.0 (4432f3c)
  • Traefik Proxy: update traefik docker tag to v3.2.0 (323e139)
  • Traefik Proxy: ✨ support Gateway API statusAddress (e7dcac1)
  • Traefik Proxy: CRDs for v3.2+ (d3c6d4c)
Bug Fixes
  • certificateResolvers: 💥 🐛 use same syntax in Chart and in Traefik (016822d)
  • Env Variables: allow extending env without overwrite (20f54b6)
  • Gateway API: 🐛 add missing required RBAC for v3.2 with experimental Channel (b872549)
  • schema: 🐛 targetPort can also be a string (12fee7e)
  • use correct children indentation for logs.access.filters (59073ef)
  • Kubernetes Ingress: 💥 ✨ enable publishedService by default (f7a96da)
  • Traefik: 💥 set 8080 as default port for traefik entrypoint (2b32ce7)
  • Traefik Hub: RBAC for distributedAcme (74abfee)
  • 🐛 http3 with internal service (7558e63)

New Contributors

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@mrwulf-action-bot
Copy link 

--- cluster/apps Kustomization: flux-system/apps HelmRelease: networking/traefik

+++ cluster/apps Kustomization: flux-system/apps HelmRelease: networking/traefik

@@ -13,13 +13,13 @@

       chart: traefik
       interval: 5m
       sourceRef:
         kind: HelmRepository
         name: traefik-charts
         namespace: flux-system
-      version: 32.1.1
+      version: 33.0.0
   dependsOn:
   - name: cert-manager
     namespace: cert-manager
   install:
     createNamespace: true
     remediation:

@mrwulf-action-bot
Copy link 

--- HelmRelease: networking/traefik Service: networking/traefik

+++ HelmRelease: networking/traefik Service: networking/traefik

@@ -17,13 +17,13 @@

     app.kubernetes.io/instance: traefik-networking
   ports:
   - port: 9100
     name: metrics
     targetPort: metrics
     protocol: TCP
-  - port: 9000
+  - port: 8080
     name: traefik
     targetPort: traefik
     protocol: TCP
   - port: 80
     name: web
     targetPort: web
--- HelmRelease: networking/traefik Deployment: networking/traefik

+++ HelmRelease: networking/traefik Deployment: networking/traefik

@@ -33,48 +33,48 @@

     spec:
       serviceAccountName: traefik
       automountServiceAccountToken: true
       terminationGracePeriodSeconds: 60
       hostNetwork: false
       containers:
-      - image: docker.io/traefik:v3.1.6
+      - image: docker.io/traefik:v3.2.0
         imagePullPolicy: IfNotPresent
         name: traefik
         resources:
           limits:
             memory: 1500Mi
           requests:
             cpu: 500m
             memory: 110Mi
         readinessProbe:
           httpGet:
             path: /ping
-            port: 9000
+            port: 8080
             scheme: HTTP
           failureThreshold: 1
           initialDelaySeconds: 2
           periodSeconds: 10
           successThreshold: 1
           timeoutSeconds: 2
         livenessProbe:
           httpGet:
             path: /ping
-            port: 9000
+            port: 8080
             scheme: HTTP
           failureThreshold: 3
           initialDelaySeconds: 2
           periodSeconds: 10
           successThreshold: 1
           timeoutSeconds: 2
         lifecycle: null
         ports:
         - name: metrics
           containerPort: 8082
           protocol: TCP
         - name: traefik
-          containerPort: 9000
+          containerPort: 8080
           protocol: TCP
         - name: web
           containerPort: 8000
           protocol: TCP
         - name: websecure
           containerPort: 8443
@@ -99,25 +99,26 @@

         - --serverstransport.insecureskipverify=true
         - --providers.kubernetesingress.ingressclass=traefik
         - --metrics.prometheus=true
         - --metrics.prometheus.entryPoint=metrics
         - --entryPoints.websecure.forwardedHeaders.trustedIPs=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/13,104.24.0.0/14,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32
         - --entryPoints.metrics.address=:8082/tcp
-        - --entryPoints.traefik.address=:9000/tcp
+        - --entryPoints.traefik.address=:8080/tcp
         - --entryPoints.web.address=:8000/tcp
         - --entryPoints.websecure.address=:8443/tcp
         - --api.dashboard=true
         - --ping=true
         - --metrics.prometheus=true
         - --metrics.prometheus.entrypoint=metrics
         - --experimental.plugins.real-ip.moduleName=github.com/Paxxs/traefik-get-real-ip
         - --experimental.plugins.real-ip.version=v1.0.2
         - --providers.kubernetescrd
         - --providers.kubernetescrd.allowEmptyServices=true
         - --providers.kubernetesingress
         - --providers.kubernetesingress.allowEmptyServices=true
+        - --providers.kubernetesingress.ingressendpoint.publishedservice=networking/traefik
         - --entryPoints.web.http.redirections.entryPoint.to=:443
         - --entryPoints.web.http.redirections.entryPoint.scheme=https
         - --entryPoints.websecure.http.tls=true
         - --entryPoints.websecure.http.tls.options=default
         - --log.format=json
         - --log.level=INFO
@@ -127,12 +128,20 @@

         - --accesslog.fields.headers.defaultmode=drop
         - --providers.kubernetesingress.ingressendpoint.ip=10.0.10.20
         - --providers.kubernetesingress.allowexternalnameservices=true
         - --providers.kubernetescrd.allowexternalnameservices=true
         - --providers.kubernetescrd.allowCrossNamespace=true
         env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
         - name: GOMEMLIMIT
           valueFrom:
             resourceFieldRef:
               resource: limits.memory
               divisor: '1'
         - name: TZ

@renovate
chore(deps): update traefik group to v33
1a150f4 
| datasource  | package                    | from    | to      |
| ----------- | -------------------------- | ------- | ------- |
| helm        | traefik                    | 32.1.1  | 33.0.0  |
| github-tags | traefik/traefik-helm-chart | v32.1.1 | v33.0.0 |
@mrwulf mrwulf merged commit a6c975d into main Nov 10, 2024
7 checks passed
@mrwulf mrwulf deleted the renovate/major-traefik branch November 10, 2024 05:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dep/major renovate/helm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mrwulf