Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Traefik appends a tls route even when tls routes are explicitly provided #450

Merged
merged 9 commits into from
Feb 21, 2025
Merged

Traefik appends a tls route even when tls routes are explicitly provided #450

merged 9 commits into from
Feb 21, 2025

Conversation

IbraAoad
Copy link
Contributor

@IbraAoad IbraAoad commented Feb 12, 2025
edited
Loading

Issue

Fixes #430

Context

For every route, traefik created a duplicate route ROUTENAME-tls for the same rule and service but with additional TLS configuration. Both applied to the same rule and thus conflict, and the new ROUTENAME-tls route takes precedence over the original ROUTENAME because its name is longer.

Solution

  • New Parameter: Introduce a new boolean argument raw in the interface.
  • Conditional Behavior:
    • When raw is set to True, Traefik will only append TLS routes to HTTP routes.
    • TLS routes for non-HTTP protocols will not be generated, preventing the duplicate ROUTENAME-tls routes.

Testing

Tandem PR: canonical/grafana-k8s-operator#391

@IbraAoad IbraAoad changed the title [WIP] Traefik appends a tls route even when tls routes are explicitly provided Traefik appends a tls route even when tls routes are explicitly provided Feb 13, 2025
@IbraAoad IbraAoad marked this pull request as ready for review February 13, 2025 12:29
@IbraAoad IbraAoad requested a review from a team as a code owner February 13, 2025 12:29
dstathis
dstathis approved these changes Feb 13, 2025
View reviewed changes
Copy link
Contributor

@dstathis dstathis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Love all the red in this diff!

@mmkay
Copy link
Contributor

mmkay commented Feb 13, 2025
edited
Loading

Are we expecting any charms to break due to

and rely on charm authors to provide the full traefik config when relating, including any TLS configs.

?

@IbraAoad IbraAoad changed the title Traefik appends a tls route even when tls routes are explicitly provided [DON'T MERGE] Traefik appends a tls route even when tls routes are explicitly provided Feb 13, 2025
@IbraAoad IbraAoad mentioned this pull request Feb 14, 2025
Open
@IbraAoad
Copy link
Contributor Author

IbraAoad commented Feb 14, 2025
edited
Loading

Are we expecting any charms to break due to

and rely on charm authors to provide the full traefik config when relating, including any TLS configs.

?

Unfortunately yes, it seems Tempo is relying on Traefik upgrading the connection, We'll have to keep the functionality and introduce a backward compatible way to allow charm authors to opt out of getting automated TLS routes and at the same time not breaking charms that depend on it.

@IbraAoad IbraAoad requested a review from a team as a code owner February 20, 2025 11:22
@IbraAoad IbraAoad changed the title [DON'T MERGE] Traefik appends a tls route even when tls routes are explicitly provided Traefik appends a tls route even when tls routes are explicitly provided Feb 20, 2025
dstathis
dstathis reviewed Feb 21, 2025
View reviewed changes
Copy link
Contributor

@dstathis dstathis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@IbraAoad IbraAoad merged commit 824a8c7 into main Feb 21, 2025
13 checks passed
@IbraAoad IbraAoad deleted the SMS-66 branch February 21, 2025 15:25
@weiiwang01 weiiwang01 mentioned this pull request Feb 24, 2025
Merged
6 tasks
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@dstathis dstathis dstathis approved these changes

@ca-scribner ca-scribner Awaiting requested review from ca-scribner

@simskij simskij Awaiting requested review from simskij

Assignees
No one assigned
Labels
Libraries: Out of sync
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Traefik appends a tls route even when tls routes are explicitly provided
3 participants
@IbraAoad @mmkay @dstathis