diff --git a/traefik/Chart.yaml b/traefik/Chart.yaml index 6248a2cf1..86a6c2a9e 100644 --- a/traefik/Chart.yaml +++ b/traefik/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: traefik description: A Traefik based Kubernetes ingress controller type: application -version: 10.20.0 +version: 10.20.1 appVersion: 2.7.0 keywords: - traefik diff --git a/traefik/templates/_podtemplate.tpl b/traefik/templates/_podtemplate.tpl index 66c82a2bc..22e5a281a 100644 --- a/traefik/templates/_podtemplate.tpl +++ b/traefik/templates/_podtemplate.tpl @@ -274,6 +274,17 @@ {{- if hasKey .Values.pilot "dashboard" }} - "--pilot.dashboard={{ .Values.pilot.dashboard }}" {{- end }} + {{- range $resolver, $config := $.Values.certResolvers }} + {{- range $option, $setting := $config }} + {{- if kindIs "map" $setting }} + {{- range $field, $value := $setting }} + - "--certificatesresolvers.{{ $resolver }}.acme.{{ $option }}.{{ $field }}={{ if kindIs "slice" $value }}{{ join "," $value }}{{ else }}{{ $value }}{{ end }}" + {{- end }} + {{- else }} + - "--certificatesresolvers.{{ $resolver }}.acme.{{ $option }}={{ $setting }}" + {{- end }} + {{- end }} + {{- end }} {{- with .Values.additionalArguments }} {{- range . }} - {{ . | quote }} diff --git a/traefik/tests/pod-config_test.yaml b/traefik/tests/pod-config_test.yaml index 74f9afc61..f700a07ff 100644 --- a/traefik/tests/pod-config_test.yaml +++ b/traefik/tests/pod-config_test.yaml @@ -232,6 +232,34 @@ tests: - contains: path: spec.template.spec.containers[0].args content: "--providers.kubernetesgateway" + - it: should have the certificate resolver options applied + set: + certResolvers: + myAcmeResolver: + email: email@example.com + dnsChallenge: + provider: myProvider + resolvers: + - 1.1.1.1 + - 8.8.8.8 + tlsChallenge: true + asserts: + - contains: + path: spec.template.spec.containers[0].args + content: + "--certificatesresolvers.myAcmeResolver.acme.email=email@example.com" + - contains: + path: spec.template.spec.containers[0].args + content: + "--certificatesresolvers.myAcmeResolver.acme.dnsChallenge.provider=myProvider" + - contains: + path: spec.template.spec.containers[0].args + content: + "--certificatesresolvers.myAcmeResolver.acme.dnsChallenge.resolvers=1.1.1.1,8.8.8.8" + - contains: + path: spec.template.spec.containers[0].args + content: + "--certificatesresolvers.myAcmeResolver.acme.tlsChallenge=true" - it: should have the pilot dashboard enabled by default asserts: - notContains: diff --git a/traefik/values.yaml b/traefik/values.yaml index a16b10710..e141e29f2 100644 --- a/traefik/values.yaml +++ b/traefik/values.yaml @@ -433,6 +433,27 @@ persistence: annotations: {} # subPath: "" # only mount a subpath of the Volume into the pod +certResolvers: {} +# letsencrypt: +# # for challenge options cf. https://doc.traefik.io/traefik/https/acme/ +# email: email@example.com +# dnsChallenge: +# # also add the provider's required configuration under env +# # or expand then from secrets/configmaps with envfrom +# # cf. https://doc.traefik.io/traefik/https/acme/#providers +# provider: digitalocean +# # add futher options for the dns challenge as needed +# # cf. https://doc.traefik.io/traefik/https/acme/#dnschallenge +# delayBeforeCheck: 30 +# resolvers: +# - 1.1.1.1 +# - 8.8.8.8 +# tlsChallenge: true +# httpChallenge: +# entryPoint: "web" +# # match the path to persistence +# storage: /data/acme.json + # If hostNetwork is true, runs traefik in the host network namespace # To prevent unschedulabel pods due to port collisions, if hostNetwork=true # and replicas>1, a pod anti-affinity is recommended and will be set if the