refactor: Move to traefik for default ingress

CHANGELOG.md

@@ -11,6 +11,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Added support for annotations on the PgSTAC bootstrap job via `pgstacBootstrap.jobAnnotations` in values.yaml [#381](https://github.com/developmentseed/eoapi-k8s/pull/381)
 
+### Changed
+
+- Moved to traefik for the default ingress solution [#384](https://github.com/developmentseed/eoapi-k8s/pull/384)
+
 ### Fixed
 
 - Fixed Helm template to check queryables `file` field with schema validation [#380](https://github.com/developmentseed/eoapi-k8s/pull/380)

charts/eoapi/README.md

@@ -98,7 +98,7 @@ apiServices:
 # Configure ingress
 ingress:
   enabled: true
-  className: "nginx"  # or "traefik"
+  className: "traefik"  # Or "nginx" for legacy setups
   host: "your-domain.com"  # Optional
 
 # Database options
@@ -130,7 +130,7 @@ pgstacBootstrap:
 | `postgresql.type` | Database deployment type | `postgrescluster` |
 | `postgrescluster.enabled` | Enable PostgreSQL cluster. Must be set to `false` when using external databases | `true` |
 | `ingress.enabled` | Enable ingress | `true` |
-| `ingress.className` | Ingress controller class | `nginx` |
+| `ingress.className` | Ingress controller class | `traefik` |
 | `browser.enabled` | Enable STAC Browser interface | `true` |
 | `pgstacBootstrap.enabled` | Enable database initialization | `true` |
 | `notifications.sources.pgstac` | Enable PostgreSQL notification triggers for STAC item changes | `false` |

charts/eoapi/profiles/core.yaml

@@ -167,7 +167,7 @@ observability:
 ######################
 ingress:
   enabled: true
-  className: "nginx"
+  className: "traefik"
   pathType: "Prefix"
   host: ""
   tls:

charts/eoapi/profiles/experimental.yaml

@@ -358,7 +358,7 @@ autoscaling:
 ######################
 ingress:
   enabled: true
-  className: "nginx"
+  className: "traefik"
   pathType: "Prefix"
   host: "localhost"
   tls:

charts/eoapi/profiles/production.yaml

@@ -343,7 +343,7 @@ knative:
 ######################
 ingress:
   enabled: true
-  className: "nginx"
+  className: "traefik"
   pathType: "Prefix"
   host: "eoapi.example.com"  # CHANGE THIS to your domain
   tls:

charts/eoapi/templates/networking/ingress-browser.yaml

@@ -13,17 +13,17 @@ metadata:
   labels:
     app: {{ .Release.Name }}-ingress-browser
   annotations:
-    {{- if .Values.ingress.annotations }}
-{{ toYaml .Values.ingress.annotations | indent 4 }}
-    {{- end }}
     {{- if eq .Values.ingress.className "nginx" }}
     nginx.ingress.kubernetes.io/rewrite-target: /browser/$2
     nginx.ingress.kubernetes.io/use-regex: "true"
-    {{- end }}
-    # Temporary annotations for Traefik until uvicorn support real prefix in ASGI: https://github.com/encode/uvicorn/discussions/2490
-    {{- if eq .Values.ingress.className "traefik" }}
+    {{- else if eq .Values.ingress.className "traefik" }}
+    # Traefik with NGINX provider supports nginx annotations
+    nginx.ingress.kubernetes.io/rewrite-target: /browser/$2
+    nginx.ingress.kubernetes.io/use-regex: "true"
     traefik.ingress.kubernetes.io/router.entrypoints: web
-    traefik.ingress.kubernetes.io/router.middlewares: {{ $.Release.Namespace }}-{{ $.Release.Name }}-strip-prefix-middleware@kubernetescrd
+    {{- end }}
+    {{- if .Values.ingress.annotations }}
+{{ toYaml .Values.ingress.annotations | indent 4 }}
     {{- end }}
 spec:
   {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
@@ -36,8 +36,8 @@ spec:
       http:
         paths:
           {{- if and $.Values.browser.enabled (or (not (hasKey $.Values.browser "ingress")) $.Values.browser.ingress.enabled) }}
-          - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }}
-            path: "/browser{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }}"
+          - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }}
+            path: "/browser{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }}"
             backend:
               service:
                 name: {{ .Release.Name }}-browser
@@ -52,8 +52,8 @@ spec:
       http:
         paths:
           {{- if and .Values.browser.enabled (or (not (hasKey .Values.browser "ingress")) .Values.browser.ingress.enabled) }}
-          - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }}
-            path: "/browser{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }}"
+          - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }}
+            path: "/browser{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }}"
             backend:
               service:
                 name: {{ .Release.Name }}-browser

charts/eoapi/templates/networking/ingress.yaml

@@ -15,15 +15,15 @@ metadata:
     {{- if eq .Values.ingress.className "nginx" }}
     nginx.ingress.kubernetes.io/rewrite-target: /$2
     nginx.ingress.kubernetes.io/use-regex: "true"
+    {{- else if eq .Values.ingress.className "traefik" }}
+    # Traefik with NGINX provider supports nginx annotations
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+    nginx.ingress.kubernetes.io/use-regex: "true"
+    traefik.ingress.kubernetes.io/router.entrypoints: web
     {{- end }}
     {{- if .Values.ingress.annotations }}
 {{ toYaml .Values.ingress.annotations | indent 4 }}
     {{- end }}
-    # Temporary annotations for Traefik until uvicorn support real prefix in ASGI: https://github.com/encode/uvicorn/discussions/2490
-    {{- if eq .Values.ingress.className "traefik" }}
-    traefik.ingress.kubernetes.io/router.entrypoints: web
-    traefik.ingress.kubernetes.io/router.middlewares: {{ $.Release.Namespace }}-{{ $.Release.Name }}-strip-prefix-middleware@kubernetescrd
-    {{- end }}
 spec:
   {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
   ingressClassName: {{ .Values.ingress.className }}
@@ -35,8 +35,8 @@ spec:
       http:
         paths:
           {{- if and $.Values.raster.enabled (or (not (hasKey $.Values.raster "ingress")) $.Values.raster.ingress.enabled) }}
-          - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }}
-            path: {{ $.Values.raster.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }}
+          - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }}
+            path: {{ $.Values.raster.ingress.path }}{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }}
             backend:
               service:
                 name: {{ $.Release.Name }}-raster
@@ -45,8 +45,8 @@ spec:
           {{- end }}
 
           {{- if and $.Values.stac.enabled (or (not (hasKey $.Values.stac "ingress")) $.Values.stac.ingress.enabled) }}
-          - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }}
-            path: {{ $.Values.stac.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }}
+          - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }}
+            path: {{ $.Values.stac.ingress.path }}{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }}
             backend:
               service:
                 {{- if index $.Values "stac-auth-proxy" "enabled" }}
@@ -59,8 +59,8 @@ spec:
           {{- end }}
 
           {{- if and $.Values.vector.enabled (or (not (hasKey $.Values.vector "ingress")) $.Values.vector.ingress.enabled) }}
-          - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }}
-            path: {{ $.Values.vector.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }}
+          - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }}
+            path: {{ $.Values.vector.ingress.path }}{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }}
             backend:
               service:
                 name: {{ $.Release.Name }}-vector
@@ -69,8 +69,8 @@ spec:
           {{- end }}
 
           {{- if and $.Values.multidim.enabled (or (not (hasKey $.Values.multidim "ingress")) $.Values.multidim.ingress.enabled) }}
-          - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }}
-            path: {{ $.Values.multidim.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }}
+          - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }}
+            path: {{ $.Values.multidim.ingress.path }}{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }}
             backend:
               service:
                 name: {{ $.Release.Name }}-multidim
@@ -79,8 +79,8 @@ spec:
           {{- end }}
 
           {{- if and $.Values.mockOidcServer.enabled $.Values.mockOidcServer.ingress.enabled }}
-          - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }}
-            path: {{ $.Values.mockOidcServer.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }}
+          - pathType: {{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }}
+            path: {{ $.Values.mockOidcServer.ingress.path }}{{ if or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik") }}(/|$)(.*){{ end }}
             backend:
               service:
                 name: {{ $.Release.Name }}-mock-oidc-server
@@ -105,8 +105,8 @@ spec:
       http:
         paths:
           {{- if and .Values.raster.enabled (or (not (hasKey .Values.raster "ingress")) .Values.raster.ingress.enabled) }}
-          - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }}
-            path: {{ .Values.raster.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }}
+          - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }}
+            path: {{ .Values.raster.ingress.path }}{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }}
             backend:
               service:
                 name: {{ .Release.Name }}-raster
@@ -115,8 +115,8 @@ spec:
           {{- end }}
 
           {{- if and .Values.stac.enabled (or (not (hasKey .Values.stac "ingress")) .Values.stac.ingress.enabled) }}
-          - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }}
-            path: {{ .Values.stac.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }}
+          - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }}
+            path: {{ .Values.stac.ingress.path }}{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }}
             backend:
               service:
                 {{- if index .Values "stac-auth-proxy" "enabled" }}
@@ -129,8 +129,8 @@ spec:
           {{- end }}
 
           {{- if and .Values.vector.enabled (or (not (hasKey .Values.vector "ingress")) .Values.vector.ingress.enabled) }}
-          - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }}
-            path: {{ .Values.vector.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }}
+          - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }}
+            path: {{ .Values.vector.ingress.path }}{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }}
             backend:
               service:
                 name: {{ .Release.Name }}-vector
@@ -139,8 +139,8 @@ spec:
           {{- end }}
 
           {{- if and .Values.multidim.enabled (or (not (hasKey .Values.multidim "ingress")) .Values.multidim.ingress.enabled) }}
-          - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }}
-            path: {{ .Values.multidim.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }}
+          - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }}
+            path: {{ .Values.multidim.ingress.path }}{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }}
             backend:
               service:
                 name: {{ .Release.Name }}-multidim
@@ -149,8 +149,8 @@ spec:
           {{- end }}
 
           {{- if and .Values.mockOidcServer.enabled .Values.mockOidcServer.ingress.enabled }}
-          - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }}
-            path: {{ .Values.mockOidcServer.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }}
+          - pathType: {{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}ImplementationSpecific{{ else }}Prefix{{ end }}
+            path: {{ .Values.mockOidcServer.ingress.path }}{{ if or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik") }}(/|$)(.*){{ end }}
             backend:
               service:
                 name: {{ .Release.Name }}-mock-oidc-server

charts/eoapi/values.yaml

@@ -32,9 +32,10 @@ service:
 
 ingress:
   # Unified ingress configuration for both nginx and traefik
+  # Traefik 3.5+ supports nginx annotations via the nginx provider
   enabled: true
   # ingressClassName: "nginx" or "traefik"
-  className: "nginx"
+  className: "traefik"
   rootPath: ""        # Root path for doc server
   # Single host domain configuration (default)
   host: ""

docs/argocd.md

@@ -136,7 +136,7 @@ spec:
         # Ingress setup
         ingress:
           enabled: true
-          className: "nginx"
+          className: "traefik"
           host: "eoapi.example.com"
 
   destination:

docs/autoscaling.md

@@ -408,19 +408,19 @@ metadata:
     kubernetes.io/ingress.class: alb
     alb.ingress.kubernetes.io/scheme: internet-facing
 spec:
-  ingressClassName: nginx
+  ingressClassName: traefik
   rules:
   - host: your-domain.com
     http:
       paths: [...]
 
-# For nginx ingress
+# For traefik ingress
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: eoapi-ingress
 spec:
-  ingressClassName: nginx
+  ingressClassName: traefik
   rules:
   - host: abc5929f88f8c45c38f6cbab2faad43c-776419634.us-west-2.elb.amazonaws.com
     http:

docs/configuration.md

@@ -269,7 +269,7 @@ Unified ingress configuration supporting both NGINX and Traefik:
 | **Values Key** | **Description** | **Default** | **Choices** |
 |:--------------|:----------------|:------------|:------------|
 | `ingress.enabled` | Enable ingress | true | true/false |
-| `ingress.className` | Ingress controller | "nginx" | "nginx", "traefik" |
+| `ingress.className` | Ingress controller | "traefik" | "traefik", "nginx" |
 | `ingress.host` | Ingress hostname | "" | valid hostname |
 | `ingress.rootPath` | Doc server root path | "" | valid path |