From a55030d6aeeab87d054b98e7d68a6acaca637a35 Mon Sep 17 00:00:00 2001 From: Manuel Buil Date: Mon, 1 Jun 2026 14:18:38 +0200 Subject: [PATCH] Bump Traefik image and chart Signed-off-by: Manuel Buil --- charts/chart_versions.yaml | 4 +-- scripts/build-images | 2 +- tests/docker/basics/basics_test.go | 2 +- .../ing_migration/ing_migration_test.go | 25 +++++++++---------- tests/docker/resources/ingress_with_ann.yaml | 6 ++--- 5 files changed, 19 insertions(+), 20 deletions(-) diff --git a/charts/chart_versions.yaml b/charts/chart_versions.yaml index 104411e05e..03b8bb43bf 100644 --- a/charts/chart_versions.yaml +++ b/charts/chart_versions.yaml @@ -18,10 +18,10 @@ charts: - version: 4.14.509 filename: /charts/rke2-ingress-nginx.yaml bootstrap: false - - version: 39.0.703 + - version: 40.1.003 filename: /charts/rke2-traefik.yaml bootstrap: false - - version: 39.0.702 + - version: 40.1.003 filename: /charts/rke2-traefik-crd.yaml bootstrap: false - version: 3.13.011 diff --git a/scripts/build-images b/scripts/build-images index 89137885cf..f6a5e9356f 100755 --- a/scripts/build-images +++ b/scripts/build-images @@ -56,7 +56,7 @@ xargs -n1 -t $PULL_CMD_CORE << EOF >> $BUILD_DIR/images-core.txt ${REGISTRY}/rancher/mirrored-pause:${PAUSE_VERSION} ${REGISTRY}/rancher/rke2-cloud-provider:${CCM_VERSION} ${REGISTRY}/rancher/hardened-snapshot-controller:v8.5.0-build20260513 - ${REGISTRY}/rancher/hardened-traefik:v3.6.16-build20260512 + ${REGISTRY}/rancher/hardened-traefik:v3.7.4-build20260608 EOF xargs -n1 -t $PULL_CMD << EOF > $BUILD_DIR/images-ingress-nginx.txt diff --git a/tests/docker/basics/basics_test.go b/tests/docker/basics/basics_test.go index 1f4dcb7141..a3a9e1e606 100644 --- a/tests/docker/basics/basics_test.go +++ b/tests/docker/basics/basics_test.go @@ -94,7 +94,7 @@ var _ = Describe("Basic Tests", Ordered, func() { It("should validate local storage volume", func() { Eventually(func() (bool, error) { return tests.PodReady("volume-test", "kube-system", tc.KubeconfigFile) - }, "20s", "5s").Should(BeTrue()) + }, "50s", "5s").Should(BeTrue()) }) }) }) diff --git a/tests/docker/ing_migration/ing_migration_test.go b/tests/docker/ing_migration/ing_migration_test.go index bd6b4410f1..8643ee7af9 100644 --- a/tests/docker/ing_migration/ing_migration_test.go +++ b/tests/docker/ing_migration/ing_migration_test.go @@ -110,7 +110,7 @@ var _ = Describe("Traefik Tests", Ordered, func() { }, "30s", "5s").Should(Equal("200"), "failed to curl auth.example.com with credentials") }) It("should rewrite paths correctly", func() { - cmd := "curl -s -o /dev/null --max-time 10 -w '%{http_code}' -H 'Host: nonworking.rewrite.example.com' http://" + tc.Servers[0].IP + "/app/test" + cmd := "curl -s -o /dev/null --max-time 10 -w '%{http_code}' -H 'Host: nowworking.rewrite.example.com' http://" + tc.Servers[0].IP + "/app/test" Eventually(func() (string, error) { return docker.RunCommand(cmd) }, "30s", "5s").Should(Equal("200"), "failed to curl rewrite endpoin") @@ -141,7 +141,7 @@ var _ = Describe("Traefik Tests", Ordered, func() { }, "30s", "5s").Should(Equal("308"), "failed to curl ssl.redirect.example.com") }) It("should handle upstream vhost annotations", func() { - cmd := "curl -s -H 'Host: nonworking.upstreamvhost.example.com' http://" + tc.Servers[0].IP + "/" + cmd := "curl -s -H 'Host: nowworking.upstreamvhost.example.com' http://" + tc.Servers[0].IP + "/" Expect(docker.RunCommand(cmd)).To(ContainSubstring("Host: isitworking")) }) }) @@ -178,7 +178,7 @@ spec: websecure: hostPort: 8443 providers: - kubernetesIngressNginx: + kubernetesIngressNGINX: enabled: true ingressClass: "rke2-ingress-nginx-migration" controllerClass: 'rke2.cattle.io/ingress-nginx-migration' @@ -203,7 +203,7 @@ spec: Context("Test sample ingress workload via Traefik ports", func() { It("should duplicate the ingresses for migration", func() { - ingresses := []string{"simple", "auth", "cookie", "nonworking-rewrite", "ssl-redirect", "upstream-vhost"} + ingresses := []string{"simple", "auth", "cookie", "nowworking-rewrite", "ssl-redirect", "upstream-vhost"} for _, ingressName := range ingresses { cmd := "kubectl get ingress " + ingressName + " -n test-migration --kubeconfig=" + tc.KubeconfigFile + " -o json | jq 'del(.metadata.resourceVersion, .metadata.uid, .metadata.creationTimestamp, .metadata.generation, .status)' > ingress-" + ingressName + ".json" @@ -233,11 +233,11 @@ spec: return docker.RunCommand(cmd) }, "30s", "5s").Should(Equal("200"), "failed to curl auth.example.com with credentials") }) - It("should not rewrite paths correctly", func() { - cmd := "curl -s -o /dev/null --max-time 10 -w '%{http_code}' -H 'Host: nonworking.rewrite.example.com' http://" + tc.Servers[0].IP + ":8000/app/test" + It("should rewrite paths correctly", func() { + cmd := "curl -s -o /dev/null --max-time 10 -w '%{http_code}' -H 'Host: nowworking.rewrite.example.com' http://" + tc.Servers[0].IP + ":8000/app/test" Eventually(func() (string, error) { return docker.RunCommand(cmd) - }, "30s", "5s").Should(Equal("404"), "curl rewrite endpoint sucedded when it should not have") + }, "30s", "5s").Should(Equal("200"), "curl rewrite endpoint failed") }) It("should maintain session affinity with cookies", func() { By("getting initial response and extracting hostname") @@ -264,12 +264,11 @@ spec: return docker.RunCommand(cmd) }, "30s", "5s").Should(Equal("308"), "failed to curl ssl.redirect.example.com") }) - It("should not handle upstream vhost annotations", func() { - cmd := "curl -s -H 'Host: nonworking.upstreamvhost.example.com' http://" + tc.Servers[0].IP + ":8000/" + It("should handle upstream vhost annotations", func() { + cmd := "curl -s -H 'Host: nowworking.upstreamvhost.example.com' http://" + tc.Servers[0].IP + ":8000/" res, err := docker.RunCommand(cmd) Expect(err).NotTo(HaveOccurred(), "failed to curl upstreamvhost endpoint:"+res) - Expect(res).NotTo(ContainSubstring("Host: isitworking")) - Expect(res).To(ContainSubstring("Host: nonworking.upstreamvhost")) + Expect(res).To(ContainSubstring("Host: isitworking")) }) }) Context("Switch to traefik as the default ingress controller", func() { @@ -287,7 +286,7 @@ metadata: spec: valuesContent: |- providers: - kubernetesIngressNginx: + kubernetesIngressNGINX: enabled: true ingressClass: "nginx" controllerClass: 'rke2.cattle.io/ingress-nginx-migration' @@ -330,7 +329,7 @@ spec: }) Context("Cleanup migration ingress resources", func() { It("should remove all XXXX-traefik objects", func() { - ingresses := []string{"simple", "auth", "cookie", "nonworking-rewrite", "ssl-redirect", "upstream-vhost"} + ingresses := []string{"simple", "auth", "cookie", "nowworking-rewrite", "ssl-redirect", "upstream-vhost"} for _, ing := range ingresses { cmd := "kubectl delete ingress " + ing + "-traefik -n test-migration --kubeconfig=" + tc.KubeconfigFile _, err := docker.RunCommand(cmd) diff --git a/tests/docker/resources/ingress_with_ann.yaml b/tests/docker/resources/ingress_with_ann.yaml index 9468ca11f7..97ee22dab0 100644 --- a/tests/docker/resources/ingress_with_ann.yaml +++ b/tests/docker/resources/ingress_with_ann.yaml @@ -109,7 +109,7 @@ spec: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: nonworking-rewrite + name: nowworking-rewrite namespace: test-migration annotations: # Defines a new path for the service to never see "/app" @@ -117,7 +117,7 @@ metadata: spec: ingressClassName: nginx rules: - - host: nonworking.rewrite.example.com + - host: nowworking.rewrite.example.com http: paths: - path: /app(/|$)(.*) @@ -167,7 +167,7 @@ metadata: spec: ingressClassName: nginx rules: - - host: nonworking.upstreamvhost.example.com + - host: nowworking.upstreamvhost.example.com http: paths: - path: /