From 23e0c8a91ec1cc6b6c6a6813be74bc707975da9b Mon Sep 17 00:00:00 2001
From: Adrien Reslinger <adrien@reslinger.net>
Date: Fri, 23 Jun 2023 17:09:22 +0200
Subject: [PATCH] Fix hostport deployment

---
 defaults/main.yml                    |  2 +-
 templates/traefik-files.yml.j2       |  2 +-
 templates/traefik-helm-value.yaml.j2 | 25 +++++++++++++++++++++----
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 64f9d0a..868a754 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,5 +1,5 @@
 my_context: kubernetes
-traefik_version: "2.9.5"
+traefik_version: "2.10.1"
 cluster_domain: "local"
 traefik_namespace: "traefik"
 traefik_service_type: LoadBalancer
diff --git a/templates/traefik-files.yml.j2 b/templates/traefik-files.yml.j2
index 40f342f..07755e4 100644
--- a/templates/traefik-files.yml.j2
+++ b/templates/traefik-files.yml.j2
@@ -41,7 +41,7 @@ data:
             stsPreload: true
             customFrameOptionsValue: "SAMEORIGIN"
             referrerPolicy: "same-origin"
-            permissionsPolicy: "vibrate 'self'"
+    #        permissionsPolicy: "vibrate 'self'"
             permissionsPolicy: "camera 'none'; microphone 'none'; geolocation 'none'; payment 'none';"
             stsSeconds: 315360000
     #        contentSecurityPolicy: "default-src 'self' 'unsafe-inline'"
diff --git a/templates/traefik-helm-value.yaml.j2 b/templates/traefik-helm-value.yaml.j2
index 0abb7fd..ccf9f19 100644
--- a/templates/traefik-helm-value.yaml.j2
+++ b/templates/traefik-helm-value.yaml.j2
@@ -40,16 +40,24 @@ autoscaling:
         name: memory
         targetAverageUtilization: 60
 {% endif %}
-{% if traefik_service_type == "NodePort" or traefik_hub_token is defined %}
+{% if traefik_service_type == "NodePort" or (traefik_hostport is defined and traefik_hostport == true) or traefik_hub_token is defined %}
 ports:
-{% if traefik_service_type == "NodePort" and false %}
+{% if traefik_service_type == "NodePort" or (traefik_hostport is defined and traefik_hostport == true) %}
   web:
 #    redirectTo: websecure
-#    hostPort: 80
+{% if traefik_hostport is defined and traefik_hostport == true %}
+    hostPort: 80
+{% endif %}
+{% if traefik_service_type == "NodePort" %}
     nodePort: 80
+{% endif %}
   websecure:
-#    hostPort: 443
+{% if traefik_hostport is defined and traefik_hostport == true %}
+    hostPort: 443
+{% endif %}
+{% if traefik_service_type == "NodePort" %}
     nodePort: 443
+{% endif %}
 #    tls:
 #      enabled: true
 #      options: default
@@ -73,10 +81,19 @@ volumes:
     name: basic-auth
     type: secret
 deployment:
+{% if traefik_hostport is defined and traefik_hostport == true %}
+  kind: DaemonSet
+{% else %}
   replicas: 1
+{% endif %}
+  revisionHistoryLimit: 3
   podAnnotations: 
     prometheus.io/port: '9100'
     prometheus.io/scrape: 'true'
+{% if traefik_hostport is defined and traefik_hostport == true %}
+updateStrategy:
+  type: OnDelete
+{% endif %}
 experimental:
   http3:
     enabled: true