OpenStaticFish/HetznerTerra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
HetznerTerra/infrastructure/charts/traefik/templates/NOTES.txt
T

117 lines
5.6 KiB
Plaintext
Raw Permalink Normal View History

fix: vendor critical bootstrap charts
2026-04-26 21:01:01 +00:00
{{/* Print release information */}}
{{- printf "\n\n" -}}
{{ .Release.Name }} with {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} has been deployed successfully on {{ template "traefik.namespace" . }} namespace!
{{- printf "\n" -}}
{{/* Warn about potential permission issue with persistence */}}
{{- if .Values.persistence -}}
{{- if and .Values.persistence.enabled (empty .Values.deployment.initContainers) -}}
{{- printf "\n" -}}
🚨 When enabling persistence for certificates, permissions on acme.json can be
lost when Traefik restarts. You can ensure correct permissions with an
initContainer. See https://github.com/traefik/traefik-helm-chart/blob/master/EXAMPLES.md#use-traefik-native-lets-encrypt-integration-without-cert-manager
for more info. 🚨
{{- printf "\n" -}}
{{- end -}}
{{- end -}}
{{/* Warn about non-matching potential labelSelector mismatch for CRD provider */}}
{{- with .Values.providers.kubernetesCRD.labelSelector -}}
{{- $labelsApplied := include "traefik.labels" $ -}}
{{- $labelSelectors := regexSplit "," . -1 }}
{{- range $labelSelectors -}}
{{- $labelSelectorRaw := regexSplit "=" . -1 -}}
{{- $labelSelector := printf "%s: %s" (first $labelSelectorRaw) (last $labelSelectorRaw) -}}
{{- if not (contains $labelSelector $labelsApplied) -}}
{{- printf "\n" -}}
🚨 Resources populated with this chart don't match with labelSelector `{{.}}` applied on kubernetesCRD provider. 🚨
{{- printf "\n" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Warn about non-matching potential labelSelector mismatch for Ingress provider */}}
{{- with .Values.providers.kubernetesIngress.labelSelector -}}
{{- $labelsApplied := include "traefik.labels" $ -}}
{{- $labelSelectors := regexSplit "," . -1 -}}
{{- range $labelSelectors -}}
{{- $labelSelectorRaw := regexSplit "=" . -1 -}}
{{- $labelSelector := printf "%s: %s" (first $labelSelectorRaw) (last $labelSelectorRaw) -}}
{{- if not (contains $labelSelector $labelsApplied) -}}
{{- printf "\n" -}}
🚨 Resources populated with this chart don't match with labelSelector `{{.}}` applied on kubernetesIngress provider. 🚨
{{- printf "\n" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Warn about renamed ports */}}
{{- range $name, $config := .Values.ports -}}
{{- $sanitizedPortName := include "traefik.portname" $name -}}
{{- if (ne $sanitizedPortName $name) -}}
{{- printf "\n" -}}
🚨 Port name `{{ $name }}` does not comply with Kubernetes standards and will be renamed to `{{ $sanitizedPortName }}` in services. 🚨
️ See the "traefik.portname" helper in this chart for additional details.
{{- printf "\n" -}}
{{- end -}}
{{- end -}}
{{/* Warn about hub not watching namespaces configured in providers */}}
{{- if and .Values.hub.token (and .Values.rbac.enabled .Values.rbac.namespaced) }}
{{- if .Values.hub.namespaces -}}
{{- range (list "kubernetesCRD" "kubernetesGateway" "kubernetesIngress") }}
{{- $provider := . -}}
{{- $providerNamespaces := get (get $.Values.providers .) "namespaces" -}}
{{- $providerEnabled := get (get $.Values.providers .) "enabled" -}}
{{- if $providerEnabled -}}
{{- if $providerNamespaces -}}
{{- $difference := (include "list.difference" (dict "a" $providerNamespaces "b" $.Values.hub.namespaces)) | fromYamlArray }}
{{- if $difference }}
{{- printf "WARNING: %s provider is configured to watch namespaces %s but those ones are not watched by Hub provider.\n" $provider $difference -}}
{{- end -}}
{{- else -}}
{{- printf "WARNING: %s provider is configured to watch all namespaces but Hub provider only watches %s.\n" $provider $.Values.hub.namespaces -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Warn about deprecated localPlugins */}}
{{- if include "traefik.hasDeprecatedLocalPlugins" . }}
{{- printf "\n" -}}
⚠️ DEPRECATION WARNING: You are using the deprecated legacy 'hostPath' configuration.
Please migrate to the new structured 'type.hostPathPlugin' configuration within localPlugins.
The legacy root-level hostPath configuration will be removed in the next major version.
Migration example:
experimental:
localPlugins:
your-plugin:
moduleName: github.com/example/yourplugin
mountPath: /plugins-local/src/github.com/example/yourplugin
# Choose one of the following types:
type: inlinePlugin # Recommended for small/medium plugins: secure ConfigMap-based
source: # Required for inlinePlugin
# your plugin files here
# type: hostPath # Use with caution for security reasons
# hostPath: /path/to/plugin
# type: localPath # Advanced: Uses additionalVolumes, can be used with PVC, CSI drivers (s3-csi-driver, FUSE), etc.
# volumeName: plugin-storage
{{- printf "\n" -}}
{{- end -}}
{{/* Warn about missing secret when enabling managed certificate with Hub admission controller */}}
{{- if and .Values.hub.token .Values.hub.apimanagement.enabled .Values.hub.apimanagement.admission.selfManagedCertificate }}
{{- $cert := lookup "v1" "Secret" (include "traefik.namespace" .) $.Values.hub.apimanagement.admission.secretName -}}
{{- if not $cert }}
{{- printf "\nWARNING: webhook secret %s for Traefik hub is self managed and was not found in %s namespace.\n" $.Values.hub.apimanagement.admission.secretName (include "traefik.namespace" .) -}}
{{- end -}}
{{- end -}}
Reference in New Issue Copy Permalink