fix(HTTP3): split udp and tcp Service when service.single is false

traefik · Aug 27, 2024 · 24acadf · 24acadf
1 parent aa18d47
commit 24acadf
Show file tree

Hide file tree

Showing 4 changed files with 91 additions and 26 deletions.
diff --git a/EXAMPLES.md b/EXAMPLES.md
@@ -416,6 +416,17 @@ ports:
       enabled: true
 ```
 
+You can also create two `Service`, one for TCP and one for UDP:
+
+```yaml
+ports:
+  websecure:
+    http3:
+      enabled: true
+service:
+  single: false
+```
+
 # Use PROXY protocol on Digital Ocean
 
 PROXY protocol is a protocol for sending client connection information, such as origin IP addresses and port numbers, to the final backend server, rather than discarding it at the load balancer.

diff --git a/traefik/templates/_service.tpl b/traefik/templates/_service.tpl
@@ -66,11 +66,11 @@
     {{- if $config.appProtocol }}
     appProtocol: {{ $config.appProtocol }}
     {{- end }}
-  {{- if ($config.http3).enabled }}
+  {{- if and ($config.http3).enabled ($config.single) }}
   {{- $http3Port := default $config.exposedPort $config.http3.advertisedPort }}
   - port: {{ $http3Port }}
     name: "{{ $name }}-http3"
-    targetPort: {{ $name }}-http3
+    targetPort: "{{ $name }}-http3"
     protocol: UDP
     {{- if $config.nodePort }}
     nodePort: {{ $config.nodePort }}

diff --git a/traefik/templates/service.yaml b/traefik/templates/service.yaml
@@ -15,6 +15,14 @@
       {{- if (not $config.tls.enabled) -}}
         {{- fail "ERROR: You cannot enable http3 without enabling tls" -}}
       {{- end -}}
+      {{ $udpConfig := deepCopy $config -}}
+      {{ $_ := set $udpConfig "protocol" "UDP" -}}
+      {{ $_ := set $udpConfig "exposedPort" (default $config.exposedPort $config.http3.advertisedPort) -}}
+      {{- if (not $service.single) }}
+        {{ $_ := set $udpPorts (printf "%s-http3" $portName) $udpConfig -}}
+      {{- else }}
+        {{ $_ := set $tcpPorts (printf "%s-http3" $portName) $udpConfig -}}
+      {{- end }}
     {{- end -}}
     {{- if eq (toString $config.protocol) "UDP" -}}
       {{ $_ := set $udpPorts $portName $config -}}

diff --git a/traefik/tests/service-config_test.yaml b/traefik/tests/service-config_test.yaml
@@ -238,18 +238,13 @@ tests:
             enabled: true
     documentIndex: 0
     asserts:
-    - equal:
-        path: spec.ports[2].name
-        value: "websecure-http3"
-    - equal:
-        path: spec.ports[2].port
-        value: 443
-    - equal:
-        path: spec.ports[2].targetPort
-        value: websecure-http3
-    - equal:
-        path: spec.ports[2].protocol
-        value: UDP
+    - contains:
+        path: spec.ports
+        content:
+          port: 443
+          name: "websecure-http3"
+          targetPort: websecure-http3
+          protocol: UDP
   - it: should be possible to advertise a different http3 UDP port
     set:
       ports:
@@ -261,18 +256,69 @@ tests:
             enabled: true
     documentIndex: 0
     asserts:
-    - equal:
-        path: spec.ports[2].name
-        value: "websecure-http3"
-    - equal:
-        path: spec.ports[2].port
-        value: 4443
-    - equal:
-        path: spec.ports[2].targetPort
-        value: websecure-http3
-    - equal:
-        path: spec.ports[2].protocol
-        value: UDP
+    - contains:
+        path: spec.ports
+        content:
+          port: 4443
+          name: "websecure-http3"
+          targetPort: websecure-http3
+          protocol: UDP
+  - it: should split TCP and UDP Service on http3 when single is false
+    set:
+      ports:
+        websecure:
+          http3:
+            enabled: true
+      service:
+        single: false
+    asserts:
+    - hasDocuments:
+        count: 2
+    - contains:
+        path: spec.ports
+        content:
+          port: 443
+          name: "websecure"
+          targetPort: websecure
+          protocol: TCP
+      documentIndex: 0
+    - contains:
+        path: spec.ports
+        content:
+          port: 443
+          name: "websecure-http3"
+          targetPort: websecure-http3
+          protocol: UDP
+      documentIndex: 1
+  - it: should use advertisedPort with splitted TCP and UDP Service on http3 when single is false
+    set:
+      ports:
+        websecure:
+          http3:
+            enabled: true
+            advertisedPort: 4443
+      service:
+        single: false
+    asserts:
+    - hasDocuments:
+        count: 2
+    - contains:
+        path: spec.ports
+        content:
+          port: 443
+          name: "websecure"
+          targetPort: websecure
+          protocol: TCP
+      documentIndex: 0
+    - contains:
+        path: spec.ports
+        content:
+          port: 4443
+          name: "websecure-http3"
+          targetPort: websecure-http3
+          protocol: UDP
+      documentIndex: 1
+
   - it: should not be possible to use http3 without enabling tls
     set:
       ports: