feat: upgrade AWS control room Traefik from v2 to v3#145
Closed
ian-flores wants to merge 3 commits intomainfrom
Closed
feat: upgrade AWS control room Traefik from v2 to v3#145ian-flores wants to merge 3 commits intomainfrom
ian-flores wants to merge 3 commits intomainfrom
Conversation
Update Traefik Helm chart from v24.0.0 to v33.2.1 for AWS control rooms. Changes: - Bump chart version to 33.2.1 - Update repository URL to https://traefik.github.io/charts - Migrate Helm values to v3 format: - ports.web.redirectTo → ports.web.redirections.entryPoint structure - ingressClass.default → ingressClass.isDefaultClass - Update default version in AWSControlRoomConfig AWS-specific configuration preserved: - NLB annotations and SSL certificate handling unchanged - TLS termination remains at NLB level (websecure.tls.enabled: False) - Service type, ports, and health check config unchanged Workload Traefik already uses v3 (version 37.1.2) and requires no changes.
Changes: - Add `version` parameter to `Traefik.__init__` (defaulting to `"33.2.1"` for backward compatibility) and store it as `self.version` - Use `self.version` instead of the hardcoded `"33.2.1"` in `_deploy` so the Helm chart version flows from config - Pass `version=self.control_room.cfg.traefik_version` at the `Traefik(...)` call site in `aws_control_room_cluster.py`, ensuring the single source of truth in `AWSControlRoomConfig.traefik_version` drives both places
--- Changes: - Remove default value from `Traefik.__init__` `version` parameter (now keyword-only after `*args`) to prevent silent divergence from `AWSControlRoomConfig.traefik_version` - Extract `_build_traefik_helm_values()` as a module-level pure function (matching existing `_build_nlb_tag_string` pattern) to make Helm values testable - Add 7 unit tests covering v3 redirect syntax (`redirections.entryPoint`), `isDefaultClass`, node selector, replica count, and cert ARN propagation - Add Traefik v3 CRD migration note to `docs/KNOWN_ISSUES.md` documenting the risk of existing v2-style CRD resources failing to reconcile after upgrade
Contributor
Author
|
Closing — Team Operator isn't deployed in control rooms. Workload clusters already use Traefik v37.1.2 (v3.x), so the Gateway API prerequisite is already satisfied. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
AWS-specific config preserved: NLB annotations, SSL cert handling, TLS termination at NLB.
Part of
Cloud-agnostic team-operator epic — prerequisite for Gateway API migration.
Test plan