Skip to content

Commit

Permalink
Merge pull request 'Add procedure for Traefik chart upgrade' (#40) fr…
Browse files Browse the repository at this point in the history
…om traefik-upgrade into master

Reviewed-on: https://gitea.obmondo.com/EnableIT/KubeAid/pulls/40
  • Loading branch information
Ahmad-Faizan committed Aug 30, 2024
2 parents 837bbb2 + ca8e8c8 commit 562d053
Showing 1 changed file with 41 additions and 4 deletions.
45 changes: 41 additions & 4 deletions argocd-helm-charts/traefik/Readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
## Traefik dashboard

you can access it by doing ```kubectl -n traefik port-forward <podname> 9000:9000```
and openinghttp://localhost:9000/dashboard/ in your browser
and opening http://localhost:9000/dashboard/ in your browser

## Setup for Internal use

Expand All @@ -19,8 +19,7 @@ service:
### AKS
```yamltraefik-zs6m9 0/1 Evicted 0 60m

```yaml
service:
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
Expand Down Expand Up @@ -76,4 +75,42 @@ using a middleware, [see this example.](./examples/request-body-middleware.yaml)
- If you want to run multiple traefik instances, ensure that each traefik deployment has the additional argument
which binds it to a specific ingress class `--providers.kubernetesingress.ingressclass=<ingress-class>`.
This ensures that multiple instances of Traefik don't try to update ingress resources at the same time leading
to the hostname of the ingress switching from one ingress class to another.
to the hostname of the ingress switching from one ingress class to another.
## Upgrading Traefik

While upgrading to Traefik Helm chart v25.0.0 and Traefik v2.10.5, the Traefik deployment needs
to be deleted, or else ArgoCD throws a Sync error like this:

```text
Deployment.apps "traefik" is invalid: spec.selector: Invalid value:
v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/instance":"traefik-traefik",
"app.kubernetes.io/name":"traefik"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}:
field is immutable
```

This happens due to new label selectors in the new version of the Traefik Helm chart
and hence a rolling upgrade is not possible.
[Link to Upstream k8s issue](https://github.com/kubernetes/client-go/issues/508)

The procedure for the upgrade is:

* **[Pre-Requisite]** Use `kubectl port forward` to _argocd-server_ pod and open the UI on localhost.
This is recommended as Traefik will go down and ArgoCD's Ingress will not be able to handle requests.
* **[Pre-Requisite]** If you don't have access to port forward the argocd service, then use `helm template`
command to keep a copy of the _Deployment_ and _Service_ YAML of Traefik.
* Refresh the **Traefik** ArgoCD app on the cluster
* Verify the diff once the ArgoCD app is in _OutOfSync_ state
* Click on _Sync_ in the ArgoCD app, and select all the CRD (Custom Resource Definition) resources
which are _OutOfSync_.
* Click on _Sync_ in the ArgoCD app, and select all the resources which are _OutOfSync_ except
the **Deployment**, **Service**, and **Service Account**.
* Once the sync is completed successfully, there will be only the Traefik Deployment, Service and
Service Account will be shown as _OutOfSync_.
* Sync the _Service_ and _Service Account_.
* Delete the Traefik deployment from ArgoCD or using _kubectl_ cli.
* Once the pods are deleted successfully, sync the Traefik Deployment from ArgoCD.
* If you did not create a port forward to argocd, the ArgoCD UI will stop responding
as the Traefik Ingress will not be able to respond to the requests due to the Traefik
pod being deleted. Use `kubectl apply -f traefik-deployment.yaml` to create the
deployment from the **[Step 2]** above.
* Traefik pods should come up with the latest version.

0 comments on commit 562d053

Please sign in to comment.