feat: replace ingress-nginx with Traefik v3 as the ingress controller#565
Open
squidboylan wants to merge 1 commit intocnoe-io:mainfrom
Open
feat: replace ingress-nginx with Traefik v3 as the ingress controller#565squidboylan wants to merge 1 commit intocnoe-io:mainfrom
squidboylan wants to merge 1 commit intocnoe-io:mainfrom
Conversation
squidboylan
force-pushed
the
traefik
branch
2 times, most recently
from
1b15590 to
f93765a
Compare
- Add TraefikPackageName constant, TraefikStatus type, and TraefikNamespace - Hand-craft Traefik v3 install manifests (CRDs, RBAC, Deployment with hostPorts, IngressClass, TLSStore) for KinD - Add ReconcileTraefik reconciler mirroring ReconcileNginx pattern - Wire Traefik into controller (installers map, bootStrapApps, GetEmbeddedRawInstallResources); comment out nginx codepaths (not deleted) - Update tls.go to create cert secret in traefik namespace instead of nginx - Update create/root.go corePkgs map to include traefik instead of nginx - Add TraefikPackageName to util.go SetPackageLabels switch case - Rewrite ArgoCD ingress to use Traefik (remove nginx annotations, add StripPrefix Middleware for path-routing, backend port http) - Make ArgoCD --insecure flag unconditional in install.yaml - Rewrite Gitea ingresses to use Traefik (remove nginx annotations, add Middleware CRDs for path-routing rewrites) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Caleb Boylan <calebboylan@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I decided to tackle this as a middle ground before tackling migrating to gateway api. Happy to toss this if we want to go straight to gateway API. Interested in hearing what others think
There shouldn't be anything surprising here but there are some implementation details due to traefik's quirks vs nginx including renaming traefik pod port names from web and websecure to http and https, and hardcoding the ingress loadbalancer IP to localhost which prevents the ArgoCD applications from getting stuck in the "Progressing" state.
Additionally in
pkg/k8s/deserialize.gowe add functionality to applying resources that arent part of our schema by representing them as unstructured manifests. This prevents the need to import all of the traefik CRDs into our code which isn't very convenient and these CRs are only applied by reading them off disk, we dont build any in go code.