From 38b0d74e9e8531fe8355c04a979539ccd54bc723 Mon Sep 17 00:00:00 2001 From: Maximilian Meister Date: Sat, 16 Nov 2024 08:30:33 +0100 Subject: [PATCH 1/3] fix(Traefik): Explicitly disallow empty services If we don't explicitly set the cmdline flags to false, they will default to true --- traefik/templates/_podtemplate.tpl | 4 ++++ traefik/tests/pod-config_test.yaml | 36 ++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/traefik/templates/_podtemplate.tpl b/traefik/templates/_podtemplate.tpl index 235e0e0ed5..50390ae8d 100644 --- a/traefik/templates/_podtemplate.tpl +++ b/traefik/templates/_podtemplate.tpl @@ -464,6 +464,8 @@ {{- end }} {{- if .Values.providers.kubernetesCRD.allowEmptyServices }} - "--providers.kubernetescrd.allowEmptyServices=true" + {{- else }} + - "--providers.kubernetescrd.allowEmptyServices=false" {{- end }} {{- if and .Values.rbac.namespaced (semverCompare ">=3.1.2-0" $version) }} - "--providers.kubernetescrd.disableClusterScopeResources=true" @@ -479,6 +481,8 @@ {{- end }} {{- if .Values.providers.kubernetesIngress.allowEmptyServices }} - "--providers.kubernetesingress.allowEmptyServices=true" + {{- else }} + - "--providers.kubernetesingress.allowEmptyServices=false" {{- end }} {{- if and .Values.service.enabled .Values.providers.kubernetesIngress.publishedService.enabled }} - "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}" diff --git a/traefik/tests/pod-config_test.yaml b/traefik/tests/pod-config_test.yaml index ede99c38c..b5dda8fd9 100644 --- a/traefik/tests/pod-config_test.yaml +++ b/traefik/tests/pod-config_test.yaml @@ -709,3 +709,39 @@ tests: asserts: - failedTemplate: errorPattern: "level" + - it: should set allowEmptyServices for kubernetesCRD + set: + providers: + kubernetesCRD: + allowEmptyServices: true + asserts: + - contains: + path: spec.template.spec.containers[0].args + content: "--providers.kubernetescrd.allowEmptyServices=true" + - it: should unset allowEmptyServices for kubernetesCRD + set: + providers: + kubernetesCRD: + allowEmptyServices: false + asserts: + - contains: + path: spec.template.spec.containers[0].args + content: "--providers.kubernetescrd.allowEmptyServices=false" + - it: should set allowEmptyServices for kubernetesIngress + set: + providers: + kubernetesIngress: + allowEmptyServices: true + asserts: + - contains: + path: spec.template.spec.containers[0].args + content: "--providers.kubernetesingress.allowEmptyServices=true" + - it: should unset allowEmptyServices for kubernetesIngress + set: + providers: + kubernetesIngress: + allowEmptyServices: false + asserts: + - contains: + path: spec.template.spec.containers[0].args + content: "--providers.kubernetesingress.allowEmptyServices=false" \ No newline at end of file From f4aefad67aec4c584cd4404c0d397b41499e0104 Mon Sep 17 00:00:00 2001 From: Maximilian Meister Date: Mon, 18 Nov 2024 08:17:37 +0100 Subject: [PATCH 2/3] chore(tests): Use correct assertion description --- traefik/tests/pod-config_test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/traefik/tests/pod-config_test.yaml b/traefik/tests/pod-config_test.yaml index b5dda8fd9..c077ea4cf 100644 --- a/traefik/tests/pod-config_test.yaml +++ b/traefik/tests/pod-config_test.yaml @@ -643,7 +643,7 @@ tests: asserts: - isNull: path: spec.template.spec.containers[0].runtimeClassName - - it: should set runtimeClassName when configured + - it: should set defaultRuleSyntax when configured set: core: defaultRuleSyntax: v2 From 34f01e8bf2895cbb3b4c5c2e0b972d96c04bb351 Mon Sep 17 00:00:00 2001 From: Maximilian Meister <5364817+MaximilianMeister@users.noreply.github.com> Date: Mon, 18 Nov 2024 08:47:00 +0100 Subject: [PATCH 3/3] fix(Traefik): Apply suggestions from code review Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com> --- traefik/templates/_podtemplate.tpl | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/traefik/templates/_podtemplate.tpl b/traefik/templates/_podtemplate.tpl index 50390ae8d..786a8b0d0 100644 --- a/traefik/templates/_podtemplate.tpl +++ b/traefik/templates/_podtemplate.tpl @@ -462,10 +462,10 @@ {{- if .Values.providers.kubernetesCRD.allowExternalNameServices }} - "--providers.kubernetescrd.allowExternalNameServices=true" {{- end }} - {{- if .Values.providers.kubernetesCRD.allowEmptyServices }} - - "--providers.kubernetescrd.allowEmptyServices=true" - {{- else }} - - "--providers.kubernetescrd.allowEmptyServices=false" + {{- if ne .Values.providers.kubernetesCRD.allowEmptyServices nil }} + {{- with .Values.providers.kubernetesCRD.allowEmptyServices | toString }} + - "--providers.kubernetescrd.allowEmptyServices={{ . }}" + {{- end }} {{- end }} {{- if and .Values.rbac.namespaced (semverCompare ">=3.1.2-0" $version) }} - "--providers.kubernetescrd.disableClusterScopeResources=true" @@ -479,10 +479,10 @@ {{- if .Values.providers.kubernetesIngress.allowExternalNameServices }} - "--providers.kubernetesingress.allowExternalNameServices=true" {{- end }} - {{- if .Values.providers.kubernetesIngress.allowEmptyServices }} - - "--providers.kubernetesingress.allowEmptyServices=true" - {{- else }} - - "--providers.kubernetesingress.allowEmptyServices=false" + {{- if ne .Values.providers.kubernetesIngress.allowEmptyServices nil }} + {{- with .Values.providers.kubernetesIngress.allowEmptyServices | toString }} + - "--providers.kubernetesingress.allowEmptyServices={{ . }}" + {{- end }} {{- end }} {{- if and .Values.service.enabled .Values.providers.kubernetesIngress.publishedService.enabled }} - "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}"