├── traefik
    ├── .helmignore
    ├── crds
    │   ├── tlsoptions.yaml
    │   ├── tlsstores.yaml
    │   ├── middlewares.yaml
    │   ├── ingressroute.yaml
    │   ├── traefikservices.yaml
    │   ├── ingressroutetcp.yaml
    │   └── ingressrouteudp.yaml
    ├── templates
    │   ├── rbac
    │   │   ├── serviceaccount.yaml
    │   │   ├── clusterrolebinding.yaml
    │   │   └── clusterrole.yaml
    │   ├── hpa.yaml
    │   ├── pvc.yaml
    │   ├── dashboard-hook-ingressroute.yaml
    │   ├── _helpers.tpl
    │   ├── service.yaml
    │   └── deployment.yaml
    ├── Chart.yaml
    ├── tests
    │   ├── traefik-config_test.yaml
    │   ├── default-install_test.yaml
    │   ├── pod-config_test.yaml
    │   ├── service-config_test.yaml
    │   ├── container-config_test.yaml
    │   ├── deployment-config_test.yaml
    │   └── ports-config_test.yaml
    ├── README.md
    ├── Guidelines.md
    ├── values.yaml
    └── LICENSE
├── lint
    ├── ct.yaml
    ├── chart_schema.yaml
    └── lintconf.yaml
├── .gitignore
├── .travis.yml
├── CONTRIBUTING.md
├── TESTING.md
├── README.md
├── Makefile
└── LICENSE


/traefik/.helmignore:
--------------------------------------------------------------------------------
1 | tests/
2 | 


--------------------------------------------------------------------------------
/lint/ct.yaml:
--------------------------------------------------------------------------------
1 | chart-dirs:
2 |   - ./
3 | remote: traefik
4 | target-branch: master
5 | debug: true
6 | check-version-increment: true
7 | 


--------------------------------------------------------------------------------
/traefik/crds/tlsoptions.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apiextensions.k8s.io/v1beta1
 2 | kind: CustomResourceDefinition
 3 | metadata:
 4 |   name: tlsoptions.traefik.containo.us
 5 | spec:
 6 |   group: traefik.containo.us
 7 |   version: v1alpha1
 8 |   names:
 9 |     kind: TLSOption
10 |     plural: tlsoptions
11 |     singular: tlsoption
12 |   scope: Namespaced
13 | 


--------------------------------------------------------------------------------
/traefik/crds/tlsstores.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apiextensions.k8s.io/v1beta1
 2 | kind: CustomResourceDefinition
 3 | metadata:
 4 |   name: tlsstores.traefik.containo.us
 5 | 
 6 | spec:
 7 |   group: traefik.containo.us
 8 |   version: v1alpha1
 9 |   names:
10 |     kind: TLSStore
11 |     plural: tlsstores
12 |     singular: tlsstore
13 |   scope: Namespaced
14 | 


--------------------------------------------------------------------------------
/traefik/crds/middlewares.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apiextensions.k8s.io/v1beta1
 2 | kind: CustomResourceDefinition
 3 | metadata:
 4 |   name: middlewares.traefik.containo.us
 5 | spec:
 6 |   group: traefik.containo.us
 7 |   version: v1alpha1
 8 |   names:
 9 |     kind: Middleware
10 |     plural: middlewares
11 |     singular: middleware
12 |   scope: Namespaced
13 | 


--------------------------------------------------------------------------------
/traefik/crds/ingressroute.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apiextensions.k8s.io/v1beta1
 2 | kind: CustomResourceDefinition
 3 | metadata:
 4 |   name: ingressroutes.traefik.containo.us
 5 | spec:
 6 |   group: traefik.containo.us
 7 |   version: v1alpha1
 8 |   names:
 9 |     kind: IngressRoute
10 |     plural: ingressroutes
11 |     singular: ingressroute
12 |   scope: Namespaced
13 | 


--------------------------------------------------------------------------------
/traefik/crds/traefikservices.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apiextensions.k8s.io/v1beta1
 2 | kind: CustomResourceDefinition
 3 | metadata:
 4 |   name: traefikservices.traefik.containo.us
 5 | spec:
 6 |   group: traefik.containo.us
 7 |   version: v1alpha1
 8 |   names:
 9 |     kind: TraefikService
10 |     plural: traefikservices
11 |     singular: traefikservice
12 |   scope: Namespaced
13 | 


--------------------------------------------------------------------------------
/traefik/crds/ingressroutetcp.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apiextensions.k8s.io/v1beta1
 2 | kind: CustomResourceDefinition
 3 | metadata:
 4 |   name: ingressroutetcps.traefik.containo.us
 5 | spec:
 6 |   group: traefik.containo.us
 7 |   version: v1alpha1
 8 |   names:
 9 |     kind: IngressRouteTCP
10 |     plural: ingressroutetcps
11 |     singular: ingressroutetcp
12 |   scope: Namespaced
13 | 


--------------------------------------------------------------------------------
/traefik/crds/ingressrouteudp.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apiextensions.k8s.io/v1beta1
 2 | kind: CustomResourceDefinition
 3 | metadata:
 4 |   name: ingressrouteudps.traefik.containo.us
 5 | 
 6 | spec:
 7 |   group: traefik.containo.us
 8 |   version: v1alpha1
 9 |   names:
10 |     kind: IngressRouteUDP
11 |     plural: ingressrouteudps
12 |     singular: ingressrouteudp
13 |   scope: Namespaced
14 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Binaries for programs and plugins
 2 | *.exe
 3 | *.exe~
 4 | *.dll
 5 | *.so
 6 | *.dylib
 7 | gh-pages.zip
 8 | 
 9 | # Test binary, build with `go test -c`
10 | *.test
11 | 
12 | # Output of the go coverage tool, specifically when used with LiteIDE
13 | *.out
14 | 
15 | # Outputs directories
16 | dist/
17 | repo/
18 | 
19 | # Unit test for helm
20 | __snapshot__
21 | 
22 | .idea
23 | 


--------------------------------------------------------------------------------
/traefik/templates/rbac/serviceaccount.yaml:
--------------------------------------------------------------------------------
 1 | kind: ServiceAccount
 2 | apiVersion: v1
 3 | metadata:
 4 |   name: {{ template "traefik.fullname" . }}
 5 |   labels:
 6 |     app.kubernetes.io/name: {{ template "traefik.name" . }}
 7 |     helm.sh/chart: {{ template "traefik.chart" . }}
 8 |     app.kubernetes.io/managed-by: {{ .Release.Service }}
 9 |     app.kubernetes.io/instance: {{ .Release.Name }}
10 |   annotations:
11 |   {{- with .Values.serviceAccountAnnotations }}
12 |   {{- toYaml . | nindent 4 }}
13 |   {{- end }}
14 | 


--------------------------------------------------------------------------------
/traefik/Chart.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | name: traefik
 3 | version: 8.1.2
 4 | appVersion: 2.2.0
 5 | description: A Traefik based Kubernetes ingress controller
 6 | keywords:
 7 |   - traefik
 8 |   - ingress
 9 | home: https://traefik.io/
10 | sources:
11 |   - https://github.com/containous/traefik
12 | maintainers:
13 |   - name: emilevauge
14 |     email: emile@vauge.com
15 |   - name: dtomcej
16 |     email: daniel.tomcej@gmail.com
17 |   - name: ldez
18 |     email: ludovic@containo.us
19 | engine: gotpl
20 | icon: http://traefik.io/traefik.logo.png
21 | 


--------------------------------------------------------------------------------
/lint/chart_schema.yaml:
--------------------------------------------------------------------------------
 1 | name: str()
 2 | home: str()
 3 | version: str()
 4 | appVersion: any(str(), num())
 5 | description: str()
 6 | keywords: list(str(), required=False)
 7 | sources: list(str(), required=False)
 8 | maintainers: list(include('maintainer'), required=False)
 9 | icon: str(required=False)
10 | engine: str(required=False)
11 | condition: str(required=False)
12 | tags: str(required=False)
13 | deprecated: bool(required=False)
14 | kubeVersion: str(required=False)
15 | annotations: map(str(), str(), required=False)
16 | ---
17 | maintainer:
18 |   name: str()
19 |   email: str(required=False)
20 |   url: str(required=False)
21 | 


--------------------------------------------------------------------------------
/traefik/templates/rbac/clusterrolebinding.yaml:
--------------------------------------------------------------------------------
 1 | kind: ClusterRoleBinding
 2 | apiVersion: rbac.authorization.k8s.io/v1
 3 | metadata:
 4 |   name: {{ template "traefik.fullname" . }}
 5 |   labels:
 6 |     app.kubernetes.io/name: {{ template "traefik.name" . }}
 7 |     helm.sh/chart: {{ template "traefik.chart" . }}
 8 |     app.kubernetes.io/managed-by: {{ .Release.Service }}
 9 |     app.kubernetes.io/instance: {{ .Release.Name }}
10 | roleRef:
11 |   apiGroup: rbac.authorization.k8s.io
12 |   kind: ClusterRole
13 |   name: {{ template "traefik.fullname" . }}
14 | subjects:
15 |   - kind: ServiceAccount
16 |     name: {{ template "traefik.fullname" . }}
17 |     namespace: {{ .Release.Namespace }}
18 | 


--------------------------------------------------------------------------------
/traefik/templates/hpa.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.autoscaling.enabled }}
 2 | apiVersion: autoscaling/v2beta1
 3 | kind: HorizontalPodAutoscaler
 4 | metadata:
 5 |   name: {{ template "traefik.fullname" . }}
 6 |   labels:
 7 |     app.kubernetes.io/name: {{ template "traefik.name" . }}
 8 |     helm.sh/chart: {{ template "traefik.chart" . }}
 9 |     app.kubernetes.io/managed-by: {{ .Release.Service }}
10 |     app.kubernetes.io/instance: {{ .Release.Name }}
11 | spec:
12 |   scaleTargetRef:
13 |     apiVersion: apps/v1
14 |     kind: Deployment
15 |     name: {{ template "traefik.fullname" . }}
16 |   minReplicas: {{ .Values.autoscaling.minReplicas }}
17 |   maxReplicas: {{ .Values.autoscaling.maxReplicas }}
18 |   metrics:
19 | {{ toYaml .Values.autoscaling.metrics | indent 4 }}
20 | {{- end }}
21 | 


--------------------------------------------------------------------------------
/traefik/templates/pvc.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.persistence.enabled -}}
 2 | apiVersion: v1
 3 | kind: PersistentVolumeClaim
 4 | metadata:
 5 |   name: {{ template "traefik.fullname" . }}
 6 |   annotations:
 7 |   {{- with .Values.persistence.annotations  }}
 8 |   {{ toYaml . | indent 4 }}
 9 |   {{- end }}
10 |   labels:
11 |     app.kubernetes.io/name: {{ template "traefik.name" . }}
12 |     helm.sh/chart: {{ template "traefik.chart" . }}
13 |     app.kubernetes.io/managed-by: {{ .Release.Service }}
14 |     app.kubernetes.io/instance: {{ .Release.Name }}
15 | spec:
16 |   accessModes:
17 |     - {{ .Values.persistence.accessMode | quote }}
18 |   resources:
19 |     requests:
20 |       storage: {{ .Values.persistence.size | quote }}
21 |   {{- if .Values.persistence.storageClass }}
22 |   storageClassName: {{ .Values.persistence.storageClass | quote }}
23 |   {{- end }}
24 | {{- end -}}
25 | 
26 | 


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
 1 | dist: xenial
 2 | 
 3 | # blocklist
 4 | branches:
 5 |   except:
 6 |   - gh-pages
 7 | 
 8 | notifications:
 9 |   email:
10 |     on_success: never
11 |     on_failure: change
12 | 
13 | services:
14 |   - docker
15 | 
16 | env:
17 |   global:
18 |     - TMPDIR=/tmp
19 |     - ARCH=amd64
20 |     - CATTLE_HELM_UNITTEST_VERSION=v0.1.6-rancher1
21 | 
22 | install:
23 |   - curl -L https://git.io/get_helm.sh | bash -s -- -v v3.1.2
24 |   - curl -sSL -o /tmp/ct.tgz https://github.com/helm/chart-testing/releases/download/v3.0.0-beta.2/chart-testing_3.0.0-beta.2_linux_amd64.tar.gz
25 |   - tar xzf /tmp/ct.tgz -C /tmp && sudo cp /tmp/ct /usr/local/bin/ct && command -v ct
26 | 
27 | script:
28 |   - make
29 | 
30 | deploy:
31 |   - provider: pages
32 |     token: ${GITHUB_TOKEN}
33 |     target_branch: gh-pages
34 |     local_dir: repo
35 |     skip_cleanup: true
36 |     keep_history: true
37 | 


--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
 1 | # Contributing Guide
 2 | 
 3 | This Helm Chart accepts contributions from GitHub pull requests.
 4 | You can find help in this document to get your contribution accepted.
 5 | 
 6 | ## Helm Chart Guidelines
 7 | 
 8 | Please read the [Helm Chart Guidelines](./traefik/Guidelines.md) before editing this chart.
 9 | 
10 | ## Testing
11 | 
12 | Please read the [testing guidelines](./TESTING.md) to learn how testing is done with this chart.
13 | 
14 | ## Guidelines
15 | 
16 | According to the Traefik HelmChart [philosophy](./README.md#philosophy), 
17 | the guidelines for future evolutions are:
18 | 
19 | * fix bugs
20 | * improve security
21 | * improve HelmChart support
22 | * improve Kubernetes features support
23 | * improve Traefik default configuration
24 | 
25 | While encouraging contributions, the philosophy leads to avoid introducing:
26 | 
27 | * specific use cases
28 | * third party CRD
29 | * dashboard exposition tuning
30 | * helm chart variables that shortcuts/expose static or dynamic Traefik configuration


--------------------------------------------------------------------------------
/traefik/templates/dashboard-hook-ingressroute.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.ingressRoute.dashboard.enabled -}}
 2 | apiVersion: traefik.containo.us/v1alpha1
 3 | kind: IngressRoute
 4 | metadata:
 5 |   name: {{ template "traefik.fullname" . }}-dashboard
 6 |   annotations:
 7 |     helm.sh/hook: "post-install,post-upgrade"
 8 |     {{- with .Values.ingressRoute.dashboard.annotations }}
 9 |     {{- toYaml . | nindent 4 }}
10 |     {{- end }}
11 |   labels:
12 |     app.kubernetes.io/name: {{ template "traefik.name" . }}
13 |     helm.sh/chart: {{ template "traefik.chart" . }}
14 |     app.kubernetes.io/managed-by: {{ .Release.Service }}
15 |     app.kubernetes.io/instance: {{ .Release.Name }}
16 |     {{- with .Values.ingressRoute.dashboard.labels }}
17 |     {{- toYaml . | nindent 4 }}
18 |     {{- end }}
19 | spec:
20 |   entryPoints:
21 |     - traefik
22 |   routes:
23 |   - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
24 |     kind: Rule
25 |     services:
26 |     - name: api@internal
27 |       kind: TraefikService
28 | {{- end -}}
29 | 


--------------------------------------------------------------------------------
/traefik/tests/traefik-config_test.yaml:
--------------------------------------------------------------------------------
 1 | suite: Traefik configuration
 2 | templates:
 3 |   - deployment.yaml
 4 | tests:
 5 |   - it: should have no additional arguments by default (testing with providers.kubernetesingress)
 6 |     asserts:
 7 |       - notContains:
 8 |           path: spec.template.spec.containers[0].args
 9 |           content: "--providers.kubernetesingress"
10 |       - notContains:
11 |           path: spec.template.spec.containers[0].args
12 |           content: "--providers.kubernetesingress=true"
13 |       - notContains:
14 |           path: spec.template.spec.containers[0].args
15 |           content: "--providers.kubernetesingress=false"
16 |   - it: should have no custom arguments when specified by default
17 |     set:
18 |       additionalArguments:
19 |         - --providers.kubernetesingress=true
20 |         - --the.force.is.with.me=true
21 |     asserts:
22 |       - contains:
23 |           path: spec.template.spec.containers[0].args
24 |           content: "--providers.kubernetesingress=true"
25 |       - contains:
26 |           path: spec.template.spec.containers[0].args
27 |           content: "--the.force.is.with.me=true"
28 | 


--------------------------------------------------------------------------------
/traefik/templates/_helpers.tpl:
--------------------------------------------------------------------------------
 1 | {{/* vim: set filetype=mustache: */}}
 2 | 
 3 | {{/*
 4 | Expand the name of the chart.
 5 | */}}
 6 | {{- define "traefik.name" -}}
 7 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 8 | {{- end -}}
 9 | 
10 | {{/*
11 | Create chart name and version as used by the chart label.
12 | */}}
13 | {{- define "traefik.chart" -}}
14 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
15 | {{- end -}}
16 | 
17 | {{/*
18 | Create a default fully qualified app name.
19 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
20 | If release name contains chart name it will be used as a full name.
21 | */}}
22 | {{- define "traefik.fullname" -}}
23 | {{- if .Values.fullnameOverride -}}
24 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
25 | {{- else -}}
26 | {{- $name := default .Chart.Name .Values.nameOverride -}}
27 | {{- if contains $name .Release.Name -}}
28 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
29 | {{- else -}}
30 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
31 | {{- end -}}
32 | {{- end -}}
33 | {{- end -}}
34 | 


--------------------------------------------------------------------------------
/traefik/templates/rbac/clusterrole.yaml:
--------------------------------------------------------------------------------
 1 | kind: ClusterRole
 2 | apiVersion: rbac.authorization.k8s.io/v1
 3 | metadata:
 4 |   name: {{ template "traefik.fullname" . }}
 5 |   labels:
 6 |     app.kubernetes.io/name: {{ template "traefik.name" . }}
 7 |     helm.sh/chart: {{ template "traefik.chart" . }}
 8 |     app.kubernetes.io/managed-by: {{ .Release.Service }}
 9 |     app.kubernetes.io/instance: {{ .Release.Name }}
10 | rules:
11 |   - apiGroups:
12 |       - ""
13 |     resources:
14 |       - services
15 |       - endpoints
16 |       - secrets
17 |     verbs:
18 |       - get
19 |       - list
20 |       - watch
21 |   - apiGroups:
22 |       - extensions
23 |     resources:
24 |       - ingresses
25 |     verbs:
26 |       - get
27 |       - list
28 |       - watch
29 |   - apiGroups:
30 |       - extensions
31 |     resources:
32 |       - ingresses/status
33 |     verbs:
34 |       - update
35 |   - apiGroups:
36 |       - traefik.containo.us
37 |     resources:
38 |       - ingressroutes
39 |       - ingressroutetcps
40 |       - ingressrouteudps
41 |       - middlewares
42 |       - tlsoptions
43 |       - tlsstores
44 |       - traefikservices
45 |     verbs:
46 |       - get
47 |       - list
48 |       - watch
49 | 


--------------------------------------------------------------------------------
/lint/lintconf.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | rules:
 3 |   braces:
 4 |     min-spaces-inside: 0
 5 |     max-spaces-inside: 0
 6 |     min-spaces-inside-empty: -1
 7 |     max-spaces-inside-empty: -1
 8 |   brackets:
 9 |     min-spaces-inside: 0
10 |     max-spaces-inside: 0
11 |     min-spaces-inside-empty: -1
12 |     max-spaces-inside-empty: -1
13 |   colons:
14 |     max-spaces-before: 0
15 |     max-spaces-after: 1
16 |   commas:
17 |     max-spaces-before: 0
18 |     min-spaces-after: 1
19 |     max-spaces-after: 1
20 |   comments:
21 |     require-starting-space: true
22 |     min-spaces-from-content: 2
23 |   document-end: disable
24 |   document-start: disable           # No --- to start a file
25 |   empty-lines:
26 |     max: 2
27 |     max-start: 0
28 |     max-end: 0
29 |   hyphens:
30 |     max-spaces-after: 1
31 |   indentation:
32 |     spaces: consistent
33 |     indent-sequences: whatever      # - list indentation will handle both indentation and without
34 |     check-multi-line-strings: false
35 |   key-duplicates: enable
36 |   line-length: disable              # Lines can be any length
37 |   new-line-at-end-of-file: enable
38 |   new-lines:
39 |     type: unix
40 |   trailing-spaces: enable
41 |   truthy:
42 |     level: warning
43 | 


--------------------------------------------------------------------------------
/traefik/tests/default-install_test.yaml:
--------------------------------------------------------------------------------
 1 | suite: default install
 2 | tests:
 3 |   - it: should generate the default objects for Traefik Ingress Controller
 4 |     asserts:
 5 |       - isKind:
 6 |           of: Deployment
 7 |         template: deployment.yaml
 8 |       - isKind:
 9 |           of: Service
10 |         template: service.yaml
11 |       - isKind:
12 |           of: ClusterRole
13 |         template: rbac/clusterrole.yaml
14 |       - isKind:
15 |           of: ClusterRoleBinding
16 |         template: rbac/clusterrolebinding.yaml
17 |       - isKind:
18 |           of: ServiceAccount
19 |         template: rbac/serviceaccount.yaml
20 |   - it: should have the correct naming for each object
21 |     asserts:
22 |       - equal:
23 |           path: metadata.name
24 |           value: RELEASE-NAME-traefik
25 |         template: deployment.yaml
26 |       - equal:
27 |           path: metadata.name
28 |           value: RELEASE-NAME-traefik
29 |         template: service.yaml
30 |       - equal:
31 |           path: metadata.name
32 |           value: RELEASE-NAME-traefik
33 |         template: rbac/clusterrole.yaml
34 |       - equal:
35 |           path: metadata.name
36 |           value: RELEASE-NAME-traefik
37 |         template: rbac/clusterrolebinding.yaml
38 |       - equal:
39 |           path: metadata.name
40 |           value: RELEASE-NAME-traefik
41 |         template: rbac/serviceaccount.yaml
42 | 


--------------------------------------------------------------------------------
/traefik/tests/pod-config_test.yaml:
--------------------------------------------------------------------------------
 1 | suite: Pod configuration
 2 | templates:
 3 |   - deployment.yaml
 4 | tests:
 5 |   - it: should have no nodeSelector by default
 6 |     asserts:
 7 |       - isNull:
 8 |           path: spec.template.spec.nodeSelector
 9 |   - it: should have a custom nodeSelector when specified
10 |     set:
11 |       nodeSelector:
12 |         planet: earth
13 |         disktype: ssd
14 |     asserts:
15 |       - equal:
16 |           path: spec.template.spec.nodeSelector.planet
17 |           value: earth
18 |       - equal:
19 |           path: spec.template.spec.nodeSelector.disktype
20 |           value: ssd
21 | 
22 |   - it: should have no tolerations by default
23 |     asserts:
24 |       - isNull:
25 |           path: spec.template.spec.tolerations
26 |   - it: should have a custom toleration when specified
27 |     set:
28 |       tolerations:
29 |         - key: "key"
30 |           operator: "Equal"
31 |           value: "value"
32 |           effect: "NoSchedule"
33 |         - key: "RSA"
34 |           operator: "Destructor"
35 |     asserts:
36 |       - contains:
37 |           path: spec.template.spec.tolerations
38 |           content:
39 |             key: "key"
40 |             operator: "Equal"
41 |             value: "value"
42 |             effect: "NoSchedule"
43 |       - contains:
44 |           path: spec.template.spec.tolerations
45 |           content:
46 |             key: "RSA"
47 |             operator: "Destructor"
48 | 


--------------------------------------------------------------------------------
/traefik/templates/service.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.service.enabled -}}
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: {{ template "traefik.fullname" . }}
 6 |   labels:
 7 |     app.kubernetes.io/name: {{ template "traefik.name" . }}
 8 |     helm.sh/chart: {{ template "traefik.chart" . }}
 9 |     app.kubernetes.io/managed-by: {{ .Release.Service }}
10 |     app.kubernetes.io/instance: {{ .Release.Name }}
11 |   annotations:
12 |   {{- with .Values.service.annotations }}
13 |   {{- toYaml . | nindent 4 }}
14 |   {{- end }}
15 | spec:
16 |   {{- $type := default "LoadBalancer" .Values.service.type }}
17 |   type: {{ $type }}
18 |   {{- with .Values.service.spec }}
19 |   {{- toYaml . | nindent 2 }}
20 |   {{- end }}
21 |   selector:
22 |     app.kubernetes.io/name: {{ template "traefik.name" . }}
23 |     app.kubernetes.io/instance: {{ .Release.Name }}
24 |   ports:
25 |   {{- range $name, $config := .Values.ports }}
26 |   {{- if $config.expose }}
27 |   - port: {{ default $config.port $config.exposedPort }}
28 |     name: {{ $name }}
29 |     targetPort: {{ $name | quote }}
30 |     {{- if $config.nodePort }}
31 |     nodePort: {{ $config.nodePort }}
32 |     {{- end }}
33 |   {{- end }}
34 |   {{- end }}
35 |   {{- if eq $type "LoadBalancer" }}
36 |   {{- with .Values.service.loadBalancerSourceRanges }}
37 |   loadBalancerSourceRanges:
38 |   {{- toYaml . | nindent 2 }}
39 |   {{- end -}}
40 |   {{- end -}}
41 |   {{- with .Values.service.externalIPs }}
42 |   externalIPs:
43 |   {{- toYaml . | nindent 2 }}
44 |   {{- end -}}
45 | {{- end -}}
46 | 


--------------------------------------------------------------------------------
/traefik/tests/service-config_test.yaml:
--------------------------------------------------------------------------------
 1 | suite: Service configuration
 2 | templates:
 3 |   - service.yaml
 4 | tests:
 5 |   - it: should be a type LoadBalancer by default
 6 |     asserts:
 7 |       - equal:
 8 |           path: spec.type
 9 |           value: LoadBalancer
10 |   - it: should be a custom type when specified via values
11 |     set:
12 |       service:
13 |         type: NodePort
14 |     asserts:
15 |       - equal:
16 |           path: spec.type
17 |           value: NodePort
18 |   - it: should have no annotations by default
19 |     asserts:
20 |       - isNull:
21 |           path: metadata.annotations
22 |   - it: should have customized annotations when specified via values
23 |     set:
24 |       service:
25 |         annotations:
26 |           azure-load-balancer-internal: true
27 |     asserts:
28 |       - equal:
29 |           path: metadata.annotations.azure-load-balancer-internal
30 |           value: true
31 |   - it: should have custom spec elements when specified via values
32 |     set:
33 |       service:
34 |         spec:
35 |           externalTrafficPolicy: Cluster
36 |           loadBalancerIP: "1.2.3.4"
37 |           clusterIP: "2.3.4.5"
38 |           loadBalancerSourceRanges:
39 |             - 192.168.0.1/32
40 |             - 172.16.0.0/16
41 |           externalIPs:
42 |             - "1.2.3.4"
43 |     asserts:
44 |       - equal:
45 |           path: spec.externalTrafficPolicy
46 |           value: Cluster
47 |       - equal:
48 |           path: spec.loadBalancerIP
49 |           value: "1.2.3.4"
50 |       - equal:
51 |           path: spec.clusterIP
52 |           value: "2.3.4.5"
53 |       - equal:
54 |           path: spec.loadBalancerSourceRanges[0]
55 |           value: 192.168.0.1/32
56 |       - equal:
57 |           path: spec.loadBalancerSourceRanges[1]
58 |           value: 172.16.0.0/16
59 |       - equal:
60 |           path: spec.externalIPs[0]
61 |           value: "1.2.3.4"
62 | 


--------------------------------------------------------------------------------
/TESTING.md:
--------------------------------------------------------------------------------
 1 | # Testing Guide
 2 | 
 3 | This Helm Chart requires extensive testing to ensure expected behavior are met for everyone.
 4 | 
 5 | ## Test Driven Development
 6 | 
 7 | "TDD" practise (Test Driven Development) should be followed when adding a new feature or fixing a bug.
 8 | 
 9 | It means that you are expected to:
10 | 
11 | 1. Start by adding a test describing the expected behaviour, that should fails (either because the bug exists in initial state, or because the new feature had not been implemented),
12 | 2. Then, change the code according to your intent (fixing a bug, adding a feature or refactoring),
13 | 3. Finally, the test suite (including the new test you added earlier) must pass.
14 | 
15 | ## Test Kinds
16 | 
17 | Please note that this chart has the following kind of tests (see respective sections below for description):
18 | 
19 | - [Static Testing](#static-testing)
20 | 
21 | <!-- TODO: Add Unit testing -->
22 | 
23 | <!-- TODO: Add E2E testing -->
24 | 
25 | ### Static Testing
26 | 
27 | The static test suite has the following properties:
28 | 
29 | - Static tests are about linting the YAML files, shell scripts and Helm elements. It is also a set of verifications around versions, names, etc.
30 | - Static tests are fast to run, hence it must be run for each commit and pull requests and are considered blocking when failing.
31 | - Static test suite is run by inovking the make target `lint`: `make lint`. It is run by default on the CI.
32 | 
33 | The static test suite is implemented with the tool [`ct` (Chart Testing)](https://github.com/helm/chart-testing):
34 | 
35 | - The Docker image of `ct` is used to ensure all sub-dependencies (helm, kubectl, yamale, etc.) are met for an easier experience for contributor.
36 | - All configuration of `ct` and linters are stored in the directory `lint/`. In particular, the file `lint/ct.yaml` contains
37 | the `ct` configuration.
38 | - Version Increment Check is done against the against the original repository, with the branch `master`. This repository is added as an additional git remote named `traefik` by the make target `lint`. If you wish to temporarly change this behavior, please edit the files `Makefile` and `lint/ct.yaml`.
39 | 


--------------------------------------------------------------------------------
/traefik/tests/container-config_test.yaml:
--------------------------------------------------------------------------------
 1 | suite: Main Container configuration
 2 | templates:
 3 |   - deployment.yaml
 4 | tests:
 5 |   - it: should have the default Docker image when no value is specified
 6 |     asserts:
 7 |       - equal:
 8 |           path: spec.template.spec.containers[0].image
 9 |           value: traefik:2.2.0
10 |   - it: should change image when image.tag value is specified
11 |     set:
12 |       image:
13 |         tag: v2.0.0-beta1
14 |     asserts:
15 |       - equal:
16 |           path: spec.template.spec.containers[0].image
17 |           value: traefik:v2.0.0-beta1
18 |   - it: should change image when image.name value is specified
19 |     set:
20 |       image:
21 |         name: containous/traefik
22 |     asserts:
23 |       - equal:
24 |           path: spec.template.spec.containers[0].image
25 |           value: containous/traefik:2.2.0
26 | 
27 |   - it: should have no resource limit by default
28 |     asserts:
29 |       - isNull:
30 |           path: spec.template.spec.containers[0].resources
31 |   - it: should have a custom resource limit when specified
32 |     set:
33 |       resources:
34 |         requests:
35 |           cpu: "100m"
36 |           memory: "50Mi"
37 |         limits:
38 |           cpu: "300m"
39 |           memory: "150Mi"
40 |     asserts:
41 |       - equal:
42 |           path: spec.template.spec.containers[0].resources.requests.cpu
43 |           value: "100m"
44 |       - equal:
45 |           path: spec.template.spec.containers[0].resources.requests.memory
46 |           value: "50Mi"
47 |       - equal:
48 |           path: spec.template.spec.containers[0].resources.limits.cpu
49 |           value: "300m"
50 |       - equal:
51 |           path: spec.template.spec.containers[0].resources.limits.memory
52 |           value: "150Mi"
53 |   - it: should not have data volumeMount subPath by default
54 |     asserts:
55 |       - isNull:
56 |           path: spec.template.spec.containers[0].volumeMounts[0].subPath
57 |   - it: should have data volumeMount subPath when specified in config
58 |     set:
59 |       persistence:
60 |         subPath: "subdir/traefik"
61 |     asserts:
62 |       - equal:
63 |           path: spec.template.spec.containers[0].volumeMounts[0].subPath
64 |           value: "subdir/traefik"
65 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Traefik
 2 | 
 3 | [Traefik](https://traefik.io/) is a modern HTTP reverse proxy and load balancer made to deploy
 4 | microservices with ease.
 5 | 
 6 | ## Introduction
 7 | 
 8 | This chart bootstraps Traefik version 2 as a Kubernetes ingress controller,
 9 | using Custom Resources `IngressRoute`: <https://docs.traefik.io/providers/kubernetes-crd/>.
10 | 
11 | ### Philosophy
12 | 
13 | The Traefik HelmChart is focused on Traefik deployment configuration.
14 | 
15 | To keep this HelmChart as generic as possible we tend
16 | to avoid integrating any third party solutions nor any specific use cases.
17 | 
18 | Accordingly, the encouraged approach to fulfill your needs:
19 | 1. override the default Traefik configuration values ([yaml file or cli](https://helm.sh/docs/chart_template_guide/values_files/))
20 | 2. append your own configurations (`kubectl apply -f myconf.yaml`)
21 | 3. extend this HelmChart ([as a Subchart](https://helm.sh/docs/chart_template_guide/subcharts_and_globals/))
22 | 
23 | ## Installing
24 | 
25 | ### Prerequisites
26 | 
27 | With the command `helm version`, make sure that you have:
28 | - Helm v3 [installed](https://helm.sh/docs/using_helm/#installing-helm)
29 | 
30 | Add Traefik's chart repository to Helm:
31 | 
32 | ```bash
33 | helm repo add traefik https://containous.github.io/traefik-helm-chart
34 | ```
35 | 
36 | You can update the chart repository by running:
37 | 
38 | ```bash
39 | helm repo update
40 | ```
41 | 
42 | ### Deploying Traefik
43 | 
44 | ```bash
45 | helm install traefik traefik/traefik
46 | ```
47 | 
48 | #### Warning
49 | 
50 | If you are using Helm v2
51 | 
52 | You have to deploy CRDs manually with the following command:
53 | 
54 | ```
55 | kubectl apply -f traefik/crds
56 | ```
57 | 
58 | ### Exposing the Traefik dashboard
59 | 
60 | This HelmChart does not expose the Traefik dashboard by default, for security concerns.
61 | Thus, there are multiple ways to expose the dashboard.
62 | For instance, the dashboard access could be achieved through a port-forward :
63 | 
64 | ```
65 | kubectl port-forward $(kubectl get pods --selector "app.kubernetes.io/name=traefik" --output=name) 9000:9000
66 | ```
67 | 
68 | Another way would be to apply your own configuration, for instance,
69 | by defining and applying an IngressRoute CRD (`kubectl apply -f dashboard.yaml`):
70 | 
71 | ```yaml
72 | # dashboard.yaml
73 | apiVersion: traefik.containo.us/v1alpha1
74 | kind: IngressRoute
75 | metadata:
76 |   name: dashboard
77 | spec:
78 |   entryPoints:
79 |     - web
80 |   routes:
81 |     - match: Host(`traefik.localhost`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
82 |       kind: Rule
83 |       services:
84 |         - name: api@internal
85 |           kind: TraefikService
86 | ```
87 | 
88 | ## Contributing
89 | 
90 | If you want to contribute to this chart, please read the [Contributing Guide](./CONTRIBUTING.md).
91 | 


--------------------------------------------------------------------------------
/traefik/README.md:
--------------------------------------------------------------------------------
 1 | # Traefik
 2 | 
 3 | [Traefik](https://traefik.io/) is a modern HTTP reverse proxy and load balancer made to deploy
 4 | microservices with ease.
 5 | 
 6 | ## Introduction
 7 | 
 8 | This chart bootstraps Traefik version 2 as a Kubernetes ingress controller,
 9 | using Custom Resources `IngressRoute`: <https://docs.traefik.io/providers/kubernetes-crd/>.
10 | 
11 | ### Philosophy
12 | 
13 | The Traefik HelmChart is focused on Traefik deployment configuration.
14 | 
15 | To keep this HelmChart as generic as possible we tend 
16 | to avoid integrating any third party solutions nor any specific use cases. 
17 | 
18 | Accordingly, the encouraged approach to fulfill your needs:
19 | 1. override the default Traefik configuration values ([yaml file or cli](https://helm.sh/docs/chart_template_guide/values_files/))
20 | 2. append your own configurations (`kubectl apply -f myconf.yaml`)
21 | 3. extend this HelmChart ([as a Subchart](https://helm.sh/docs/chart_template_guide/subcharts_and_globals/))
22 | 
23 | ## Installing
24 | 
25 | ### Prerequisites
26 | 
27 | With the command `helm version`, make sure that you have:
28 | - Helm v3 [installed](https://helm.sh/docs/using_helm/#installing-helm)
29 | 
30 | Add Traefik's chart repository to Helm:
31 | 
32 | ```bash
33 | helm repo add traefik https://containous.github.io/traefik-helm-chart
34 | ```
35 | 
36 | You can update the chart repository by running:
37 | 
38 | ```bash
39 | helm repo update
40 | ```
41 | 
42 | ### Deploying Traefik
43 | 
44 | ```bash
45 | helm install traefik traefik/traefik
46 | ```
47 | 
48 | #### Warning
49 | 
50 | If you are using Helm v2
51 | 
52 | You have to deploy CRDs manually with the following command:
53 | 
54 | ```
55 | kubectl apply -f traefik/crds
56 | ```
57 | 
58 | ### Exposing the Traefik dashboard
59 | 
60 | This HelmChart does not expose the Traefik dashboard by default, for security concerns.
61 | Thus, there are multiple ways to expose the dashboard. 
62 | For instance, the dashboard access could be achieved through a port-forward :
63 | 
64 | ```
65 | kubectl port-forward $(kubectl get pods --selector "app.kubernetes.io/name=traefik" --output=name) 9000:9000
66 | ```
67 | 
68 | Another way would be to apply your own configuration, for instance,
69 | by defining and applying an IngressRoute CRD (`kubectl apply -f dashboard.yaml`):
70 | 
71 | ```yaml
72 | # dashboard.yaml
73 | apiVersion: traefik.containo.us/v1alpha1
74 | kind: IngressRoute
75 | metadata:
76 |   name: dashboard
77 | spec:
78 |   entryPoints:
79 |     - web
80 |   routes:
81 |     - match: Host(`traefik.localhost`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
82 |       kind: Rule
83 |       services:
84 |         - name: api@internal
85 |           kind: TraefikService
86 | ```
87 | 
88 | ## Contributing
89 | 
90 | If you want to contribute to this chart, please read the [Contributing Guide](../CONTRIBUTING.md).
91 | 


--------------------------------------------------------------------------------
/traefik/Guidelines.md:
--------------------------------------------------------------------------------
 1 | # Traefik Helm Chart Guidelines
 2 | 
 3 | This document outlines the guidelines for developing, managing and extending the Traefik helm chart.
 4 | 
 5 | Optionallity
 6 | All non-critical features (Features not mandatory to starting Traefik) in the helm chart must be optional. All non-critical features should be disabled (commented out) in the values.yaml file. All optional non-critical features should be disabled (commented out) in the values.yaml file, and have a comment # (Optional) in the line above. This allows minimal configuration, and ease of extension.
 7 | 
 8 | ## Critical Feature Example
 9 | 
10 | ```yaml
11 | image:
12 |   name: traefik
13 | ```
14 | 
15 | This feature is critical, and therefore is defined clearly in the values.yaml file.
16 | 
17 | ## Non-Critical Feature Example
18 | 
19 | ```yaml
20 | # storage:
21 | #   controlNode:
22 | #     type: emptyDir
23 | ```
24 | 
25 | This feature is non-critical, and therefore is commented out by default in the values.yaml file.
26 | 
27 | To allow this, template blocks that use this need to recursively test for existence of values before using them:
28 | 
29 | ```yaml
30 | {{- if .Values.storage}}
31 |   {{- if .Values.storage.controlNode }}
32 |     //code
33 |     {{ .Values.storage.controlNode.type }}
34 |   {{- end }}
35 | {{- end }}
36 | ```
37 | 
38 | The non-critical feature defaults should be populated so that they can be enabled by simply uncommenting the section in the values.yaml file.
39 | 
40 | ## Optional Non-Critical Feature Example
41 | 
42 | ```yaml
43 | # storage:
44 | #   controlNode:
45 | #     type: emptyDir
46 | #     # (Optional)
47 | #     # volume: 1Gi
48 | ```
49 | 
50 | The volume option is clearly optional, and non-critical. It is commented out (apart from the storage section comment block), and is also preceeded by a comment of # (Optional) in the preceeding line. This facilitates configuration, when the storage section is uncommented, the optional features are still disabled by default.
51 | 
52 | Similar to non-critical feaures, these options need to be tested for existance before use in the template.
53 | 
54 | Note
55 | There can be optional values in critical features. These should just be added as an uncommented non-critical feature:
56 | 
57 | ```yaml
58 | image:
59 |   name: traefik
60 |   tag: 2.0.0
61 |   # (Optional)
62 |   # pullPolicy: IfNotPresent
63 | ```
64 | 
65 | Also, the first value under the primary value key does not require an optional comment:
66 | 
67 | ```yaml
68 | # ports:
69 | #   http: 80
70 | #   # (Optional)
71 | #   # https: 443
72 | ```
73 | 
74 | This is because if the main subkey is not defined, the entirety of the feature is optional.
75 | 
76 | ## Whitespace
77 | 
78 | Extra whitespace is to be avoided in templating. Conditionals should chomp whitespace:
79 | 
80 | ```yaml
81 | {{- if .Values }}
82 | {{- end }}
83 | ```
84 | 
85 | There should be an empty commented line between each primary key in the values.yaml file to separate features from each other.
86 | 
87 | ## Values YAML Design
88 | 
89 | The values.yaml file is designed to be user-friendly. It does not have to resemble the templated configuration if it is not conducive. Similarly, value names to not have to correspond to fields in the tempate if it is not condusive.
90 | 
91 | ## Comments
92 | 
93 | The values.yaml file should not contain comments or explainations of what options are, or what values are available. The values table in the README file is for this purpose.
94 | 


--------------------------------------------------------------------------------
/traefik/tests/deployment-config_test.yaml:
--------------------------------------------------------------------------------
  1 | suite: Deployment configuration
  2 | templates:
  3 |   - deployment.yaml
  4 | tests:
  5 |   - it: should have 1 replica by default
  6 |     asserts:
  7 |       - equal:
  8 |           path: spec.replicas
  9 |           value: 1
 10 |   - it: should have the sepcified amount of replicas when specified via values
 11 |     set:
 12 |       deployment:
 13 |         replicas: 3
 14 |     asserts:
 15 |       - equal:
 16 |           path: spec.replicas
 17 |           value: 3
 18 |   - it: should have a rollingUpdate strategy with default values
 19 |     asserts:
 20 |       - equal:
 21 |           path: spec.strategy.type
 22 |           value: RollingUpdate
 23 |       - equal:
 24 |           path: spec.strategy.rollingUpdate.maxUnavailable
 25 |           value: 1
 26 |       - equal:
 27 |           path: spec.strategy.rollingUpdate.maxSurge
 28 |           value: 1
 29 |   - it: should have a custom merged rollingUpdate strategy with specified values
 30 |     set:
 31 |       rollingUpdate:
 32 |         maxUnavailable: 4
 33 |         vegetaForce: 9000
 34 |     asserts:
 35 |       - equal:
 36 |           path: spec.strategy.type
 37 |           value: RollingUpdate
 38 |       - equal:
 39 |           path: spec.strategy.rollingUpdate.maxUnavailable
 40 |           value: 4
 41 |       - equal:
 42 |           path: spec.strategy.rollingUpdate.maxSurge
 43 |           value: 1
 44 |       - equal:
 45 |           path: spec.strategy.rollingUpdate.vegetaForce
 46 |           value: 9000
 47 |   - it: should have annotations with specified values
 48 |     set:
 49 |       deployment:
 50 |         annotations:
 51 |           containous/powpow: annotations
 52 |         podAnnotations:
 53 |           containous/powpow: podAnnotations
 54 |     asserts:
 55 |       - equal:
 56 |           path: metadata.annotations.containous/powpow
 57 |           value: annotations
 58 |       - equal:
 59 |           path: spec.template.metadata.annotations.containous/powpow
 60 |           value: podAnnotations
 61 |   - it: should have envFrom with specified values
 62 |     set:
 63 |       envFrom:
 64 |         - configMapRef:
 65 |             name: config-map-name
 66 |         - secretRef:
 67 |             name: secret-name
 68 |     asserts:
 69 |       - equal:
 70 |           path: spec.template.spec.containers[0].envFrom[0].configMapRef.name
 71 |           value: config-map-name
 72 |       - equal:
 73 |           path: spec.template.spec.containers[0].envFrom[1].secretRef.name
 74 |           value: secret-name
 75 |   - it: should have priorityClassName
 76 |     set:
 77 |       priorityClassName: important
 78 |     asserts:
 79 |       - equal:
 80 |           path: spec.template.spec.priorityClassName
 81 |           value: important
 82 |   - it: should have merged securityContext
 83 |     set:
 84 |       podSecurityContext:
 85 |         readOnlyRootFilesystem: false
 86 |       securityContext:
 87 |         runAsUser: 1000
 88 |     asserts:
 89 |       - equal:
 90 |           path: spec.template.spec.securityContext.fsGroup
 91 |           value: 65532
 92 |       - equal:
 93 |           path: spec.template.spec.securityContext.readOnlyRootFilesystem
 94 |           value: false
 95 |       - equal:
 96 |           path: spec.template.spec.containers[0].securityContext.runAsNonRoot
 97 |           value: true
 98 |       - equal:
 99 |           path: spec.template.spec.containers[0].securityContext.runAsUser
100 |           value: 1000
101 | 


--------------------------------------------------------------------------------
/traefik/tests/ports-config_test.yaml:
--------------------------------------------------------------------------------
  1 | suite: Traefik configuration
  2 | tests:
  3 |   - it: should have port 8000 of pod published to 80 of service by default, and defined as entrypoint "web"
  4 |     asserts:
  5 |       - contains:
  6 |           path: spec.template.spec.containers[0].ports
  7 |           content:
  8 |             name: web
  9 |             containerPort: 8000
 10 |             protocol: TCP
 11 |         template: deployment.yaml
 12 |       - contains:
 13 |           path: spec.ports
 14 |           content:
 15 |             name: web
 16 |             port: 80
 17 |             targetPort: web
 18 |         template: service.yaml
 19 |       - contains:
 20 |           path: spec.template.spec.containers[0].args
 21 |           content: "--entryPoints.web.address=:8000"
 22 |         template: deployment.yaml
 23 |   - it: should have port 8443 of pod published to 443 of service by default, and defined as entrypoint "websecure"
 24 |     asserts:
 25 |       - contains:
 26 |           path: spec.template.spec.containers[0].ports
 27 |           content:
 28 |             name: websecure
 29 |             containerPort: 8443
 30 |             protocol: TCP
 31 |         template: deployment.yaml
 32 |       - contains:
 33 |           path: spec.ports
 34 |           content:
 35 |             name: websecure
 36 |             port: 443
 37 |             targetPort: websecure
 38 |         template: service.yaml
 39 |       - contains:
 40 |           path: spec.template.spec.containers[0].args
 41 |           content: "--entryPoints.websecure.address=:8443"
 42 |         template: deployment.yaml
 43 |   - it: should have port 9000 of pod exposed for probes but NOT published to the service by default
 44 |     asserts:
 45 |       - contains:
 46 |           path: spec.template.spec.containers[0].ports
 47 |           content:
 48 |             name: traefik
 49 |             containerPort: 9000
 50 |             protocol: TCP
 51 |         template: deployment.yaml
 52 |       - notContains:
 53 |           path: spec.ports
 54 |           content:
 55 |             name: traefik
 56 |             port: 9000
 57 |             targetPort: traefik
 58 |         template: service.yaml
 59 |       - contains:
 60 |           path: spec.template.spec.containers[0].args
 61 |           content: "--entryPoints.traefik.address=:9000"
 62 |         template: deployment.yaml
 63 |   - it: should have a custom port when specified via values
 64 |     set:
 65 |       ports:
 66 |         ssh:
 67 |           port: 22
 68 |           expose: true
 69 |     asserts:
 70 |       - contains:
 71 |           path: spec.template.spec.containers[0].ports
 72 |           content:
 73 |             name: ssh
 74 |             containerPort: 22
 75 |             protocol: TCP
 76 |         template: deployment.yaml
 77 |       - contains:
 78 |           path: spec.ports
 79 |           content:
 80 |             name: ssh
 81 |             port: 22
 82 |             targetPort: ssh
 83 |         template: service.yaml
 84 |       - contains:
 85 |           path: spec.template.spec.containers[0].args
 86 |           content: "--entryPoints.ssh.address=:22"
 87 |         template: deployment.yaml
 88 |   - it: should have a hostPort when specified via values
 89 |     set:
 90 |       ports:
 91 |         ssh:
 92 |           port: 22
 93 |           expose: true
 94 |           hostPort: 22
 95 |     asserts:
 96 |       - contains:
 97 |           path: spec.template.spec.containers[0].ports
 98 |           content:
 99 |             name: ssh
100 |             containerPort: 22
101 |             hostPort: 22
102 |             protocol: TCP
103 |         template: deployment.yaml
104 |       - contains:
105 |           path: spec.ports
106 |           content:
107 |             name: ssh
108 |             port: 22
109 |             targetPort: ssh
110 |         template: service.yaml
111 |       - contains:
112 |           path: spec.template.spec.containers[0].args
113 |           content: "--entryPoints.ssh.address=:22"
114 |         template: deployment.yaml
115 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | 
 2 | DIST_DIR ?= $(CURDIR)/dist
 3 | CHART_DIR ?= $(CURDIR)/traefik
 4 | TMPDIR ?= /tmp
 5 | HELM_REPO ?= $(CURDIR)/repo
 6 | LINT_USE_DOCKER ?= true
 7 | LINT_CMD ?= ct lint --config=lint/ct.yaml
 8 | PROJECT ?= github.com/containous/traefik-helm-chart
 9 | ################################## Functionnal targets
10 | 
11 | # Default Target: run all
12 | all: clean test build deploy
13 | 
14 | test: lint unit-test
15 | 
16 | # Execute Static Testing
17 | lint: lint-requirements
18 | 	@echo "== Linting Chart..."
19 | 	@git remote add traefik https://github.com/containous/traefik-helm-chart >/dev/null 2>&1 || true
20 | 	@git fetch traefik master >/dev/null 2>&1 || true
21 | ifeq ($(LINT_USE_DOCKER),true)
22 | 	@docker run --rm -t -v $(CURDIR):/charts -w /charts quay.io/helmpack/chart-testing:v3.0.0-beta.2 $(LINT_CMD)
23 | else
24 | 	cd $(CHART_DIR)/tests && $(LINT_CMD)
25 | endif
26 | 	@echo "== Linting Finished"
27 | 
28 | # Execute Unit Testing
29 | unit-test: helm-unittest
30 | 	@echo "== Unit Testing Chart..."
31 | 	@helm unittest --color --update-snapshot ./traefik
32 | 	@echo "== Unit Tests Finished..."
33 | 
34 | 
35 | # Generates an artefact containing the Helm Chart in the distribution directory
36 | build: global-requirements $(DIST_DIR)
37 | 	@echo "== Building Chart..."
38 | 	@helm package $(CHART_DIR) --destination=$(DIST_DIR)
39 | 	@echo "== Building Finished"
40 | 
41 | # Prepare the Helm repository with the latest packaged charts
42 | deploy: global-requirements $(DIST_DIR) $(HELM_REPO)
43 | 	@echo "== Deploying Chart..."
44 | 	@rm -rf $(CURDIR)/gh-pages.zip
45 | 	@curl -sSLO https://$(PROJECT)/archive/gh-pages.zip
46 | 	@unzip -oj $(CURDIR)/gh-pages.zip -d $(HELM_REPO)/
47 | 	@cp $(DIST_DIR)/*tgz $(HELM_REPO)/
48 | 	@helm repo index --merge $(HELM_REPO)/index.yaml --url https://containous.github.io/traefik-helm-chart/ $(HELM_REPO)
49 | 	@echo "== Deploying Finished"
50 | 
51 | # Cleanup leftovers and distribution dir
52 | clean:
53 | 	@echo "== Cleaning..."
54 | 	@rm -rf $(DIST_DIR)
55 | 	@rm -rf $(HELM_REPO)
56 | 	@echo "== Cleaning Finished"
57 | 
58 | ################################## Technical targets
59 | 
60 | $(DIST_DIR):
61 | 	@mkdir -p $(DIST_DIR)
62 | 
63 | ## This directory is git-ignored for now,
64 | ## and should become a worktree on the branch gh-pages in the future
65 | $(HELM_REPO):
66 | 	@mkdir -p $(HELM_REPO)
67 | 
68 | global-requirements:
69 | 	@echo "== Checking global requirements..."
70 | ifeq ($(LINT_USE_DOCKER),true)
71 | 	@command -v docker >/dev/null || ( echo "ERROR: Docker binary not found. Exiting." && exit 1)
72 | 	@docker info >/dev/null || ( echo "ERROR: command "docker info" is in error. Exiting." && exit 1)
73 | else
74 | 	@command -v helm >/dev/null || ( echo "ERROR: Helm binary not found. Exiting." && exit 1)
75 | 	@command -v git >/dev/null || ( echo "ERROR: git binary not found. Exiting." && exit 1)
76 | 	@echo "== Global requirements are met."
77 | endif
78 | 
79 | lint-requirements: global-requirements
80 | 	@echo "== Checking requirements for linting..."
81 | ifeq ($(LINT_USE_DOCKER),true)
82 | 	@command -v docker >/dev/null || ( echo "ERROR: Docker binary not found. Exiting." && exit 1)
83 | 	@docker info >/dev/null || ( echo "ERROR: command "docker info" is in error. Exiting." && exit 1)
84 | else
85 | 	@command -v ct >/dev/null || ( echo "ERROR: ct binary not found. Exiting." && exit 1)
86 | 	@command -v yamale >/dev/null || ( echo "ERROR: yamale binary not found. Exiting." && exit 1)
87 | 	@command -v yamllint >/dev/null || ( echo "ERROR: yamllint binary not found. Exiting." && exit 1)
88 | 	@command -v kubectl >/dev/null || ( echo "ERROR: kubectl binary not found. Exiting." && exit 1)
89 | endif
90 | 	@echo "== Requirements for linting are met."
91 | 
92 | helm-unittest: global-requirements
93 | 	@echo "== Checking that plugin helm-unittest is available..."
94 | 	@helm plugin list 2>/dev/null | grep unittest >/dev/null || helm plugin install https://github.com/rancher/helm-unittest --debug
95 | 	@echo "== plugin helm-unittest is ready"
96 | 
97 | .PHONY: all global-requirements lint-requirements helm-unittest lint build deploy clean
98 | 


--------------------------------------------------------------------------------
/traefik/templates/deployment.yaml:
--------------------------------------------------------------------------------
  1 | {{- if .Values.deployment.enabled -}}
  2 |   {{- if gt (int .Values.deployment.replicas) 1 -}}
  3 |     {{- with .Values.additionalArguments -}}
  4 |       {{- range . -}}
  5 |         {{- if contains ".acme." . -}}
  6 |           {{- fail (printf "You can not enabled acme if you set more than one traefik replica") -}}
  7 |         {{- end -}}
  8 |       {{- end -}}
  9 |     {{- end -}}
 10 |   {{- end -}}
 11 | 
 12 | ---
 13 | apiVersion: apps/v1
 14 | kind: Deployment
 15 | metadata:
 16 |   name: {{ template "traefik.fullname" . }}
 17 |   labels:
 18 |     app.kubernetes.io/name: {{ template "traefik.name" . }}
 19 |     helm.sh/chart: {{ template "traefik.chart" . }}
 20 |     app.kubernetes.io/managed-by: {{ .Release.Service }}
 21 |     app.kubernetes.io/instance: {{ .Release.Name }}
 22 |   annotations:
 23 |   {{- with .Values.deployment.annotations }}
 24 |   {{- toYaml . | nindent 4 }}
 25 |   {{- end }}
 26 | spec:
 27 |   {{- if not .Values.autoscaling.enabled }}
 28 |   replicas: {{ default 1 .Values.deployment.replicas }}
 29 |   {{- end }}
 30 |   selector:
 31 |     matchLabels:
 32 |       app.kubernetes.io/name: {{ template "traefik.name" . }}
 33 |       app.kubernetes.io/instance: {{ .Release.Name }}
 34 |   strategy:
 35 |     type: RollingUpdate
 36 |     rollingUpdate:
 37 |       {{- with .Values.rollingUpdate }}
 38 |         {{- toYaml . | nindent 6 }}
 39 |       {{- end }}
 40 |   template:
 41 |     metadata:
 42 |       annotations:
 43 |       {{- with .Values.deployment.podAnnotations }}
 44 |       {{- toYaml . | nindent 8 }}
 45 |       {{- end }}
 46 |       labels:
 47 |         app.kubernetes.io/name: {{ template "traefik.name" . }}
 48 |         helm.sh/chart: {{ template "traefik.chart" . }}
 49 |         app.kubernetes.io/managed-by: {{ .Release.Service }}
 50 |         app.kubernetes.io/instance: {{ .Release.Name }}
 51 |     spec:
 52 |       serviceAccountName: {{ template "traefik.fullname" . }}
 53 |       terminationGracePeriodSeconds: 60
 54 |       hostNetwork: {{ .Values.hostNetwork }}
 55 |       containers:
 56 |       - image: {{ .Values.image.name }}:{{ .Values.image.tag }}
 57 |         name: {{ template "traefik.fullname" . }}
 58 |         resources:
 59 |           {{- with .Values.resources }}
 60 |           {{- toYaml . | nindent 10 }}
 61 |           {{- end }}
 62 |         readinessProbe:
 63 |           httpGet:
 64 |             path: /ping
 65 |             port: {{ .Values.ports.traefik.port }}
 66 |           failureThreshold: 1
 67 |           initialDelaySeconds: 10
 68 |           periodSeconds: 10
 69 |           successThreshold: 1
 70 |           timeoutSeconds: 2
 71 |         livenessProbe:
 72 |           httpGet:
 73 |             path: /ping
 74 |             port: {{ .Values.ports.traefik.port }}
 75 |           failureThreshold: 3
 76 |           initialDelaySeconds: 10
 77 |           periodSeconds: 10
 78 |           successThreshold: 1
 79 |           timeoutSeconds: 2
 80 |         ports:
 81 |         {{- range $name, $config := .Values.ports }}
 82 |         - name: {{ $name | quote }}
 83 |           containerPort: {{ $config.port }}
 84 |           {{- if $config.hostPort }}
 85 |           hostPort: {{ $config.hostPort }}
 86 |           {{- end }}
 87 |           protocol: TCP
 88 |         {{- end }}
 89 |         {{- with .Values.securityContext }}
 90 |         securityContext:
 91 |           {{- toYaml . | nindent 10 }}
 92 |         {{- end }}
 93 |         volumeMounts:
 94 |           - name: data
 95 |             mountPath: {{ .Values.persistence.path }}
 96 |             {{- if .Values.persistence.subPath }}
 97 |             subPath: {{ .Values.persistence.subPath }}
 98 |             {{- end }}
 99 |           {{- range .Values.volumes }}
100 |           - name: {{ .name }}
101 |             mountPath: {{ .mountPath }}
102 |             readOnly: true
103 |           {{- end }}
104 |         args:
105 |           {{- with .Values.globalArguments }}
106 |           {{- range . }}
107 |           - {{ . | quote }}
108 |           {{- end }}
109 |           {{- end }}
110 |           {{- range $name, $config := .Values.ports }}
111 |           - "--entryPoints.{{$name}}.address=:{{ $config.port }}"
112 |           {{- end }}
113 |           - "--api.dashboard=true"
114 |           - "--ping=true"
115 |           - "--providers.kubernetescrd"
116 |           {{- with .Values.additionalArguments }}
117 |           {{- range . }}
118 |           - {{ . | quote }}
119 |           {{- end }}
120 |           {{- end }}
121 |         {{- with .Values.env }}
122 |         env:
123 |           {{- toYaml . | nindent 10 }}
124 |         {{- end }}
125 |         {{- with .Values.envFrom }}
126 |         envFrom:
127 |           {{- toYaml . | nindent 10 }}
128 |         {{- end }}
129 |       volumes:
130 |         - name: data
131 |           {{- if .Values.persistence.enabled }}
132 |           persistentVolumeClaim:
133 |             claimName: {{ template "traefik.fullname" . }}
134 |           {{- else }}
135 |           emptyDir: {}
136 |           {{- end }}
137 |         {{- range .Values.volumes }}
138 |         - name: {{ .name }}
139 |           {{- if eq .type "secret" }}
140 |           secret:
141 |             secretName: {{ .name }}
142 |           {{- else if eq .type "configMap" }}
143 |           configMap:
144 |             name: {{ .name }}
145 |           {{- end }}
146 |         {{- end }}
147 |       {{- with .Values.affinity }}
148 |       affinity:
149 |         {{- toYaml . | nindent 8 }}
150 |       {{- end }}
151 |       {{- with .Values.tolerations }}
152 |       tolerations:
153 |         {{- toYaml . | nindent 8 }}
154 |       {{- end }}
155 |       {{- with .Values.nodeSelector }}
156 |       nodeSelector:
157 |         {{- toYaml . | nindent 8 }}
158 |       {{- end }}
159 |       {{- if .Values.priorityClassName }}
160 |       priorityClassName: {{ .Values.priorityClassName }}
161 |       {{- end }}
162 |       {{- with .Values.podSecurityContext }}
163 |       securityContext:
164 |         {{- toYaml . | nindent 8 }}
165 |       {{- end }}
166 | {{- end -}}
167 | 


--------------------------------------------------------------------------------
/traefik/values.yaml:
--------------------------------------------------------------------------------
  1 | # Default values for Traefik
  2 | image:
  3 |   name: traefik
  4 |   tag: 2.2.0
  5 | 
  6 | #
  7 | # Configure the deployment
  8 | #
  9 | deployment:
 10 |   enabled: true
 11 |   # Number of pods of the deployment
 12 |   replicas: 1
 13 |   # Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
 14 |   annotations: {}
 15 |   # Additional pod annotations (e.g. for mesh injection or prometheus scraping)
 16 |   podAnnotations: {}
 17 | 
 18 | # Create an IngressRoute for the dashboard
 19 | ingressRoute:
 20 |   dashboard:
 21 |     enabled: true
 22 |     # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
 23 |     annotations: {}
 24 |     # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
 25 |     labels: {}
 26 | 
 27 | rollingUpdate:
 28 |   maxUnavailable: 1
 29 |   maxSurge: 1
 30 | 
 31 | #
 32 | # Add volumes to the traefik pod.
 33 | # This can be used to mount a cert pair or a configmap that holds a config.toml file.
 34 | # After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
 35 | # additionalArguments:
 36 | # - "--providers.file.filename=/config/dynamic.toml"
 37 | volumes: []
 38 | # - name: public-cert
 39 | #   mountPath: "/certs"
 40 | #   type: secret
 41 | # - name: configs
 42 | #   mountPath: "/config"
 43 | #   type: configMap
 44 | 
 45 | globalArguments:
 46 |   - "--global.checknewversion"
 47 |   - "--global.sendanonymoususage"
 48 | 
 49 | #
 50 | # Configure Traefik static configuration
 51 | # Additional arguments to be passed at Traefik's binary
 52 | # All available options available on https://docs.traefik.io/reference/static-configuration/cli/
 53 | ## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress,--global.checknewversion=true}"`
 54 | additionalArguments: []
 55 | #  - "--providers.kubernetesingress"
 56 | 
 57 | # Environment variables to be passed to Traefik's binary
 58 | env: []
 59 | # - name: SOME_VAR
 60 | #   value: some-var-value
 61 | # - name: SOME_VAR_FROM_CONFIG_MAP
 62 | #   valueFrom:
 63 | #     configMapRef:
 64 | #       name: configmap-name
 65 | #       key: config-key
 66 | # - name: SOME_SECRET
 67 | #   valueFrom:
 68 | #     secretKeyRef:
 69 | #       name: secret-name
 70 | #       key: secret-key
 71 | 
 72 | envFrom: []
 73 | # - configMapRef:
 74 | #     name: config-map-name
 75 | # - secretRef:
 76 | #     name: secret-name
 77 | 
 78 | # Configure ports
 79 | ports:
 80 |   # The name of this one can't be changed as it is used for the readiness and
 81 |   # liveness probes, but you can adjust its config to your liking
 82 |   traefik:
 83 |     port: 9000
 84 |     # Use hostPort if set.
 85 |     # hostPort: 9000
 86 | 
 87 |     # Defines whether the port is exposed if service.type is LoadBalancer or
 88 |     # NodePort.
 89 |     #
 90 |     # You SHOULD NOT expose the traefik port on production deployments.
 91 |     # If you want to access it from outside of your cluster,
 92 |     # use `kubectl proxy` or create a secure ingress
 93 |     expose: false
 94 |     # The exposed port for this service
 95 |     exposedPort: 9000
 96 |   web:
 97 |     port: 8000
 98 |     # hostPort: 8000
 99 |     expose: true
100 |     exposedPort: 80
101 |     # Use nodeport if set. This is useful if you have configured Traefik in a
102 |     # LoadBalancer
103 |     # nodePort: 32080
104 |   websecure:
105 |     port: 8443
106 |     # hostPort: 8443
107 |     expose: true
108 |     exposedPort: 443
109 |     # nodePort: 32443
110 | 
111 | # Options for the main traefik service, where the entrypoints traffic comes
112 | # from.
113 | service:
114 |   enabled: true
115 |   type: LoadBalancer
116 |   # Additional annotations (e.g. for cloud provider specific config)
117 |   annotations: {}
118 |   # Additional entries here will be added to the service spec. Cannot contains
119 |   # type, selector or ports entries.
120 |   spec: {}
121 |     # externalTrafficPolicy: Cluster
122 |     # loadBalancerIP: "1.2.3.4"
123 |     # clusterIP: "2.3.4.5"
124 |   loadBalancerSourceRanges: []
125 |     # - 192.168.0.1/32
126 |     # - 172.16.0.0/16
127 |   externalIPs: []
128 |     # - 1.2.3.4
129 | 
130 | ## Create HorizontalPodAutoscaler object.
131 | ##
132 | autoscaling:
133 |   enabled: false
134 | #   minReplicas: 1
135 | #   maxReplicas: 10
136 | #   metrics:
137 | #   - type: Resource
138 | #     resource:
139 | #       name: cpu
140 | #       targetAverageUtilization: 60
141 | #   - type: Resource
142 | #     resource:
143 | #       name: memory
144 | #       targetAverageUtilization: 60
145 | 
146 | # Enable persistence using Persistent Volume Claims
147 | # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
148 | # After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
149 | # additionalArguments:
150 | # - "--certificatesresolvers.le.acme.storage=/data/acme.json"
151 | # It will persist TLS certificates.
152 | persistence:
153 |   enabled: false
154 |   accessMode: ReadWriteOnce
155 |   size: 128Mi
156 |   # storageClass: ""
157 |   path: /data
158 |   annotations: {}
159 |   # subPath: "" # only mount a subpath of the Volume into the pod
160 | 
161 | # If hostNetwork is true, runs traefik in the host network namespace
162 | # To prevent unschedulabel pods due to port collisions, if hostNetwork=true
163 | # and replicas>1, a pod anti-affinity is recommended and will be set if the
164 | # affinity is left as default.
165 | hostNetwork: false
166 | 
167 | # Additional serviceAccount annotations (e.g. for oidc authentication)
168 | serviceAccountAnnotations: {}
169 | 
170 | resources: {}
171 |   # requests:
172 |   #   cpu: "100m"
173 |   #   memory: "50Mi"
174 |   # limits:
175 |   #   cpu: "300m"
176 |   #   memory: "150Mi"
177 | affinity: {}
178 | # # This example pod anti-affinity forces the scheduler to put traefik pods
179 | # # on nodes where no other traefik pods are scheduled.
180 | # # It should be used when hostNetwork: true to prevent port conflicts
181 | #   podAntiAffinity:
182 | #     requiredDuringSchedulingIgnoredDuringExecution:
183 | #     - labelSelector:
184 | #         matchExpressions:
185 | #         - key: app
186 | #           operator: In
187 | #           values:
188 | #           - {{ template "traefik.name" . }}
189 | #       topologyKey: failure-domain.beta.kubernetes.io/zone
190 | nodeSelector: {}
191 | tolerations: []
192 | 
193 | # Pods can have priority.
194 | # Priority indicates the importance of a Pod relative to other Pods.
195 | priorityClassName: ""
196 | 
197 | # Set the container security context
198 | # To run the container with ports below 1024 this will need to be adjust to run as root
199 | securityContext:
200 |   capabilities:
201 |     drop: [ALL]
202 |   readOnlyRootFilesystem: true
203 |   runAsGroup: 65532
204 |   runAsNonRoot: true
205 |   runAsUser: 65532
206 | 
207 | podSecurityContext:
208 |   fsGroup: 65532
209 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                                  Apache License
  2 |                            Version 2.0, January 2004
  3 |                         http://www.apache.org/licenses/
  4 | 
  5 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  6 | 
  7 |    1. Definitions.
  8 | 
  9 |       "License" shall mean the terms and conditions for use, reproduction,
 10 |       and distribution as defined by Sections 1 through 9 of this document.
 11 | 
 12 |       "Licensor" shall mean the copyright owner or entity authorized by
 13 |       the copyright owner that is granting the License.
 14 | 
 15 |       "Legal Entity" shall mean the union of the acting entity and all
 16 |       other entities that control, are controlled by, or are under common
 17 |       control with that entity. For the purposes of this definition,
 18 |       "control" means (i) the power, direct or indirect, to cause the
 19 |       direction or management of such entity, whether by contract or
 20 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 21 |       outstanding shares, or (iii) beneficial ownership of such entity.
 22 | 
 23 |       "You" (or "Your") shall mean an individual or Legal Entity
 24 |       exercising permissions granted by this License.
 25 | 
 26 |       "Source" form shall mean the preferred form for making modifications,
 27 |       including but not limited to software source code, documentation
 28 |       source, and configuration files.
 29 | 
 30 |       "Object" form shall mean any form resulting from mechanical
 31 |       transformation or translation of a Source form, including but
 32 |       not limited to compiled object code, generated documentation,
 33 |       and conversions to other media types.
 34 | 
 35 |       "Work" shall mean the work of authorship, whether in Source or
 36 |       Object form, made available under the License, as indicated by a
 37 |       copyright notice that is included in or attached to the work
 38 |       (an example is provided in the Appendix below).
 39 | 
 40 |       "Derivative Works" shall mean any work, whether in Source or Object
 41 |       form, that is based on (or derived from) the Work and for which the
 42 |       editorial revisions, annotations, elaborations, or other modifications
 43 |       represent, as a whole, an original work of authorship. For the purposes
 44 |       of this License, Derivative Works shall not include works that remain
 45 |       separable from, or merely link (or bind by name) to the interfaces of,
 46 |       the Work and Derivative Works thereof.
 47 | 
 48 |       "Contribution" shall mean any work of authorship, including
 49 |       the original version of the Work and any modifications or additions
 50 |       to that Work or Derivative Works thereof, that is intentionally
 51 |       submitted to Licensor for inclusion in the Work by the copyright owner
 52 |       or by an individual or Legal Entity authorized to submit on behalf of
 53 |       the copyright owner. For the purposes of this definition, "submitted"
 54 |       means any form of electronic, verbal, or written communication sent
 55 |       to the Licensor or its representatives, including but not limited to
 56 |       communication on electronic mailing lists, source code control systems,
 57 |       and issue tracking systems that are managed by, or on behalf of, the
 58 |       Licensor for the purpose of discussing and improving the Work, but
 59 |       excluding communication that is conspicuously marked or otherwise
 60 |       designated in writing by the copyright owner as "Not a Contribution."
 61 | 
 62 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 63 |       on behalf of whom a Contribution has been received by Licensor and
 64 |       subsequently incorporated within the Work.
 65 | 
 66 |    2. Grant of Copyright License. Subject to the terms and conditions of
 67 |       this License, each Contributor hereby grants to You a perpetual,
 68 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 69 |       copyright license to reproduce, prepare Derivative Works of,
 70 |       publicly display, publicly perform, sublicense, and distribute the
 71 |       Work and such Derivative Works in Source or Object form.
 72 | 
 73 |    3. Grant of Patent License. Subject to the terms and conditions of
 74 |       this License, each Contributor hereby grants to You a perpetual,
 75 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 76 |       (except as stated in this section) patent license to make, have made,
 77 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 78 |       where such license applies only to those patent claims licensable
 79 |       by such Contributor that are necessarily infringed by their
 80 |       Contribution(s) alone or by combination of their Contribution(s)
 81 |       with the Work to which such Contribution(s) was submitted. If You
 82 |       institute patent litigation against any entity (including a
 83 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 84 |       or a Contribution incorporated within the Work constitutes direct
 85 |       or contributory patent infringement, then any patent licenses
 86 |       granted to You under this License for that Work shall terminate
 87 |       as of the date such litigation is filed.
 88 | 
 89 |    4. Redistribution. You may reproduce and distribute copies of the
 90 |       Work or Derivative Works thereof in any medium, with or without
 91 |       modifications, and in Source or Object form, provided that You
 92 |       meet the following conditions:
 93 | 
 94 |       (a) You must give any other recipients of the Work or
 95 |           Derivative Works a copy of this License; and
 96 | 
 97 |       (b) You must cause any modified files to carry prominent notices
 98 |           stating that You changed the files; and
 99 | 
100 |       (c) You must retain, in the Source form of any Derivative Works
101 |           that You distribute, all copyright, patent, trademark, and
102 |           attribution notices from the Source form of the Work,
103 |           excluding those notices that do not pertain to any part of
104 |           the Derivative Works; and
105 | 
106 |       (d) If the Work includes a "NOTICE" text file as part of its
107 |           distribution, then any Derivative Works that You distribute must
108 |           include a readable copy of the attribution notices contained
109 |           within such NOTICE file, excluding those notices that do not
110 |           pertain to any part of the Derivative Works, in at least one
111 |           of the following places: within a NOTICE text file distributed
112 |           as part of the Derivative Works; within the Source form or
113 |           documentation, if provided along with the Derivative Works; or,
114 |           within a display generated by the Derivative Works, if and
115 |           wherever such third-party notices normally appear. The contents
116 |           of the NOTICE file are for informational purposes only and
117 |           do not modify the License. You may add Your own attribution
118 |           notices within Derivative Works that You distribute, alongside
119 |           or as an addendum to the NOTICE text from the Work, provided
120 |           that such additional attribution notices cannot be construed
121 |           as modifying the License.
122 | 
123 |       You may add Your own copyright statement to Your modifications and
124 |       may provide additional or different license terms and conditions
125 |       for use, reproduction, or distribution of Your modifications, or
126 |       for any such Derivative Works as a whole, provided Your use,
127 |       reproduction, and distribution of the Work otherwise complies with
128 |       the conditions stated in this License.
129 | 
130 |    5. Submission of Contributions. Unless You explicitly state otherwise,
131 |       any Contribution intentionally submitted for inclusion in the Work
132 |       by You to the Licensor shall be under the terms and conditions of
133 |       this License, without any additional terms or conditions.
134 |       Notwithstanding the above, nothing herein shall supersede or modify
135 |       the terms of any separate license agreement you may have executed
136 |       with Licensor regarding such Contributions.
137 | 
138 |    6. Trademarks. This License does not grant permission to use the trade
139 |       names, trademarks, service marks, or product names of the Licensor,
140 |       except as required for reasonable and customary use in describing the
141 |       origin of the Work and reproducing the content of the NOTICE file.
142 | 
143 |    7. Disclaimer of Warranty. Unless required by applicable law or
144 |       agreed to in writing, Licensor provides the Work (and each
145 |       Contributor provides its Contributions) on an "AS IS" BASIS,
146 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 |       implied, including, without limitation, any warranties or conditions
148 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 |       PARTICULAR PURPOSE. You are solely responsible for determining the
150 |       appropriateness of using or redistributing the Work and assume any
151 |       risks associated with Your exercise of permissions under this License.
152 | 
153 |    8. Limitation of Liability. In no event and under no legal theory,
154 |       whether in tort (including negligence), contract, or otherwise,
155 |       unless required by applicable law (such as deliberate and grossly
156 |       negligent acts) or agreed to in writing, shall any Contributor be
157 |       liable to You for damages, including any direct, indirect, special,
158 |       incidental, or consequential damages of any character arising as a
159 |       result of this License or out of the use or inability to use the
160 |       Work (including but not limited to damages for loss of goodwill,
161 |       work stoppage, computer failure or malfunction, or any and all
162 |       other commercial damages or losses), even if such Contributor
163 |       has been advised of the possibility of such damages.
164 | 
165 |    9. Accepting Warranty or Additional Liability. While redistributing
166 |       the Work or Derivative Works thereof, You may choose to offer,
167 |       and charge a fee for, acceptance of support, warranty, indemnity,
168 |       or other liability obligations and/or rights consistent with this
169 |       License. However, in accepting such obligations, You may act only
170 |       on Your own behalf and on Your sole responsibility, not on behalf
171 |       of any other Contributor, and only if You agree to indemnify,
172 |       defend, and hold each Contributor harmless for any liability
173 |       incurred by, or claims asserted against, such Contributor by reason
174 |       of your accepting any such warranty or additional liability.
175 | 
176 |    END OF TERMS AND CONDITIONS
177 | 
178 |    APPENDIX: How to apply the Apache License to your work.
179 | 
180 |       To apply the Apache License to your work, attach the following
181 |       boilerplate notice, with the fields enclosed by brackets "[]"
182 |       replaced with your own identifying information. (Don't include
183 |       the brackets!)  The text should be enclosed in the appropriate
184 |       comment syntax for the file format. We also recommend that a
185 |       file or class name and description of purpose be included on the
186 |       same "printed page" as the copyright notice for easier
187 |       identification within third-party archives.
188 | 
189 |    Copyright 2020 Containous SAS
190 | 
191 |    Licensed under the Apache License, Version 2.0 (the "License");
192 |    you may not use this file except in compliance with the License.
193 |    You may obtain a copy of the License at
194 | 
195 |        http://www.apache.org/licenses/LICENSE-2.0
196 | 
197 |    Unless required by applicable law or agreed to in writing, software
198 |    distributed under the License is distributed on an "AS IS" BASIS,
199 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 |    See the License for the specific language governing permissions and
201 |    limitations under the License.
202 | 


--------------------------------------------------------------------------------
/traefik/LICENSE:
--------------------------------------------------------------------------------
  1 |                                  Apache License
  2 |                            Version 2.0, January 2004
  3 |                         http://www.apache.org/licenses/
  4 | 
  5 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  6 | 
  7 |    1. Definitions.
  8 | 
  9 |       "License" shall mean the terms and conditions for use, reproduction,
 10 |       and distribution as defined by Sections 1 through 9 of this document.
 11 | 
 12 |       "Licensor" shall mean the copyright owner or entity authorized by
 13 |       the copyright owner that is granting the License.
 14 | 
 15 |       "Legal Entity" shall mean the union of the acting entity and all
 16 |       other entities that control, are controlled by, or are under common
 17 |       control with that entity. For the purposes of this definition,
 18 |       "control" means (i) the power, direct or indirect, to cause the
 19 |       direction or management of such entity, whether by contract or
 20 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 21 |       outstanding shares, or (iii) beneficial ownership of such entity.
 22 | 
 23 |       "You" (or "Your") shall mean an individual or Legal Entity
 24 |       exercising permissions granted by this License.
 25 | 
 26 |       "Source" form shall mean the preferred form for making modifications,
 27 |       including but not limited to software source code, documentation
 28 |       source, and configuration files.
 29 | 
 30 |       "Object" form shall mean any form resulting from mechanical
 31 |       transformation or translation of a Source form, including but
 32 |       not limited to compiled object code, generated documentation,
 33 |       and conversions to other media types.
 34 | 
 35 |       "Work" shall mean the work of authorship, whether in Source or
 36 |       Object form, made available under the License, as indicated by a
 37 |       copyright notice that is included in or attached to the work
 38 |       (an example is provided in the Appendix below).
 39 | 
 40 |       "Derivative Works" shall mean any work, whether in Source or Object
 41 |       form, that is based on (or derived from) the Work and for which the
 42 |       editorial revisions, annotations, elaborations, or other modifications
 43 |       represent, as a whole, an original work of authorship. For the purposes
 44 |       of this License, Derivative Works shall not include works that remain
 45 |       separable from, or merely link (or bind by name) to the interfaces of,
 46 |       the Work and Derivative Works thereof.
 47 | 
 48 |       "Contribution" shall mean any work of authorship, including
 49 |       the original version of the Work and any modifications or additions
 50 |       to that Work or Derivative Works thereof, that is intentionally
 51 |       submitted to Licensor for inclusion in the Work by the copyright owner
 52 |       or by an individual or Legal Entity authorized to submit on behalf of
 53 |       the copyright owner. For the purposes of this definition, "submitted"
 54 |       means any form of electronic, verbal, or written communication sent
 55 |       to the Licensor or its representatives, including but not limited to
 56 |       communication on electronic mailing lists, source code control systems,
 57 |       and issue tracking systems that are managed by, or on behalf of, the
 58 |       Licensor for the purpose of discussing and improving the Work, but
 59 |       excluding communication that is conspicuously marked or otherwise
 60 |       designated in writing by the copyright owner as "Not a Contribution."
 61 | 
 62 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 63 |       on behalf of whom a Contribution has been received by Licensor and
 64 |       subsequently incorporated within the Work.
 65 | 
 66 |    2. Grant of Copyright License. Subject to the terms and conditions of
 67 |       this License, each Contributor hereby grants to You a perpetual,
 68 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 69 |       copyright license to reproduce, prepare Derivative Works of,
 70 |       publicly display, publicly perform, sublicense, and distribute the
 71 |       Work and such Derivative Works in Source or Object form.
 72 | 
 73 |    3. Grant of Patent License. Subject to the terms and conditions of
 74 |       this License, each Contributor hereby grants to You a perpetual,
 75 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 76 |       (except as stated in this section) patent license to make, have made,
 77 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 78 |       where such license applies only to those patent claims licensable
 79 |       by such Contributor that are necessarily infringed by their
 80 |       Contribution(s) alone or by combination of their Contribution(s)
 81 |       with the Work to which such Contribution(s) was submitted. If You
 82 |       institute patent litigation against any entity (including a
 83 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 84 |       or a Contribution incorporated within the Work constitutes direct
 85 |       or contributory patent infringement, then any patent licenses
 86 |       granted to You under this License for that Work shall terminate
 87 |       as of the date such litigation is filed.
 88 | 
 89 |    4. Redistribution. You may reproduce and distribute copies of the
 90 |       Work or Derivative Works thereof in any medium, with or without
 91 |       modifications, and in Source or Object form, provided that You
 92 |       meet the following conditions:
 93 | 
 94 |       (a) You must give any other recipients of the Work or
 95 |           Derivative Works a copy of this License; and
 96 | 
 97 |       (b) You must cause any modified files to carry prominent notices
 98 |           stating that You changed the files; and
 99 | 
100 |       (c) You must retain, in the Source form of any Derivative Works
101 |           that You distribute, all copyright, patent, trademark, and
102 |           attribution notices from the Source form of the Work,
103 |           excluding those notices that do not pertain to any part of
104 |           the Derivative Works; and
105 | 
106 |       (d) If the Work includes a "NOTICE" text file as part of its
107 |           distribution, then any Derivative Works that You distribute must
108 |           include a readable copy of the attribution notices contained
109 |           within such NOTICE file, excluding those notices that do not
110 |           pertain to any part of the Derivative Works, in at least one
111 |           of the following places: within a NOTICE text file distributed
112 |           as part of the Derivative Works; within the Source form or
113 |           documentation, if provided along with the Derivative Works; or,
114 |           within a display generated by the Derivative Works, if and
115 |           wherever such third-party notices normally appear. The contents
116 |           of the NOTICE file are for informational purposes only and
117 |           do not modify the License. You may add Your own attribution
118 |           notices within Derivative Works that You distribute, alongside
119 |           or as an addendum to the NOTICE text from the Work, provided
120 |           that such additional attribution notices cannot be construed
121 |           as modifying the License.
122 | 
123 |       You may add Your own copyright statement to Your modifications and
124 |       may provide additional or different license terms and conditions
125 |       for use, reproduction, or distribution of Your modifications, or
126 |       for any such Derivative Works as a whole, provided Your use,
127 |       reproduction, and distribution of the Work otherwise complies with
128 |       the conditions stated in this License.
129 | 
130 |    5. Submission of Contributions. Unless You explicitly state otherwise,
131 |       any Contribution intentionally submitted for inclusion in the Work
132 |       by You to the Licensor shall be under the terms and conditions of
133 |       this License, without any additional terms or conditions.
134 |       Notwithstanding the above, nothing herein shall supersede or modify
135 |       the terms of any separate license agreement you may have executed
136 |       with Licensor regarding such Contributions.
137 | 
138 |    6. Trademarks. This License does not grant permission to use the trade
139 |       names, trademarks, service marks, or product names of the Licensor,
140 |       except as required for reasonable and customary use in describing the
141 |       origin of the Work and reproducing the content of the NOTICE file.
142 | 
143 |    7. Disclaimer of Warranty. Unless required by applicable law or
144 |       agreed to in writing, Licensor provides the Work (and each
145 |       Contributor provides its Contributions) on an "AS IS" BASIS,
146 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 |       implied, including, without limitation, any warranties or conditions
148 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 |       PARTICULAR PURPOSE. You are solely responsible for determining the
150 |       appropriateness of using or redistributing the Work and assume any
151 |       risks associated with Your exercise of permissions under this License.
152 | 
153 |    8. Limitation of Liability. In no event and under no legal theory,
154 |       whether in tort (including negligence), contract, or otherwise,
155 |       unless required by applicable law (such as deliberate and grossly
156 |       negligent acts) or agreed to in writing, shall any Contributor be
157 |       liable to You for damages, including any direct, indirect, special,
158 |       incidental, or consequential damages of any character arising as a
159 |       result of this License or out of the use or inability to use the
160 |       Work (including but not limited to damages for loss of goodwill,
161 |       work stoppage, computer failure or malfunction, or any and all
162 |       other commercial damages or losses), even if such Contributor
163 |       has been advised of the possibility of such damages.
164 | 
165 |    9. Accepting Warranty or Additional Liability. While redistributing
166 |       the Work or Derivative Works thereof, You may choose to offer,
167 |       and charge a fee for, acceptance of support, warranty, indemnity,
168 |       or other liability obligations and/or rights consistent with this
169 |       License. However, in accepting such obligations, You may act only
170 |       on Your own behalf and on Your sole responsibility, not on behalf
171 |       of any other Contributor, and only if You agree to indemnify,
172 |       defend, and hold each Contributor harmless for any liability
173 |       incurred by, or claims asserted against, such Contributor by reason
174 |       of your accepting any such warranty or additional liability.
175 | 
176 |    END OF TERMS AND CONDITIONS
177 | 
178 |    APPENDIX: How to apply the Apache License to your work.
179 | 
180 |       To apply the Apache License to your work, attach the following
181 |       boilerplate notice, with the fields enclosed by brackets "[]"
182 |       replaced with your own identifying information. (Don't include
183 |       the brackets!)  The text should be enclosed in the appropriate
184 |       comment syntax for the file format. We also recommend that a
185 |       file or class name and description of purpose be included on the
186 |       same "printed page" as the copyright notice for easier
187 |       identification within third-party archives.
188 | 
189 |    Copyright 2020 Containous SAS
190 | 
191 |    Licensed under the Apache License, Version 2.0 (the "License");
192 |    you may not use this file except in compliance with the License.
193 |    You may obtain a copy of the License at
194 | 
195 |        http://www.apache.org/licenses/LICENSE-2.0
196 | 
197 |    Unless required by applicable law or agreed to in writing, software
198 |    distributed under the License is distributed on an "AS IS" BASIS,
199 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 |    See the License for the specific language governing permissions and
201 |    limitations under the License.
202 | 


--------------------------------------------------------------------------------