From 8a6b74906e7c94e577d78d7c9d89057f9ec75639 Mon Sep 17 00:00:00 2001
From: Adrien Reslinger <adrien@reslinger.net>
Date: Thu, 20 Jul 2023 13:15:16 +0200
Subject: [PATCH] Enable http/3

---
 templates/traefik-cm.yml.j2           | 12 ++++++++----
 templates/traefik-helm-value.yaml.j2  |  5 +++--
 templates/traefik-ingressroute.yml.j2 | 11 +++++++++++
 templates/traefik-svc.yml.j2          |  4 ++++
 4 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/templates/traefik-cm.yml.j2 b/templates/traefik-cm.yml.j2
index ec15dcc..289341c 100644
--- a/templates/traefik-cm.yml.j2
+++ b/templates/traefik-cm.yml.j2
@@ -28,7 +28,7 @@ data:
     #    http3:
     #      advertisedPort: 42
       websecure:
-        address: ":8443/tcp"
+        address: ":8443"
         http:
           tls:
             options: default
@@ -36,8 +36,8 @@ data:
     #        - auth@file
     #        - secure_headers@file
     #        - crowdsec-bouncer@file
-    #    http3:
-    #      advertisedPort: 443
+        http3:
+          advertisedPort: 443
       traefik:
         address: ":9000/tcp"
       metrics:
@@ -50,7 +50,11 @@ data:
 {% endif%}
 {% for traefik_entrypoint in traefik_entrypoints %}
       {{ traefik_entrypoint.name }}:
-        address: :{{ traefik_entrypoint.port }}
+{% if traefik_entrypoint.proto is defined %}
+        address: ":{{ traefik_entrypoint.port }}/{{ traefik_entrypoint.proto | lower }}"
+{% else %}
+        address: ":{{ traefik_entrypoint.port }}"
+{% endif %}
 {% if traefik_entrypoint.tls is defined or traefik_entrypoint.middlewares is defined %}
         http:
 {% if traefik_entrypoint.middlewares is defined %}
diff --git a/templates/traefik-helm-value.yaml.j2 b/templates/traefik-helm-value.yaml.j2
index ccf9f19..dff9287 100644
--- a/templates/traefik-helm-value.yaml.j2
+++ b/templates/traefik-helm-value.yaml.j2
@@ -58,6 +58,9 @@ ports:
 {% if traefik_service_type == "NodePort" %}
     nodePort: 443
 {% endif %}
+    http3:
+      enabled: true
+      advertisedPort: 443
 #    tls:
 #      enabled: true
 #      options: default
@@ -95,8 +98,6 @@ updateStrategy:
   type: OnDelete
 {% endif %}
 experimental:
-  http3:
-    enabled: true
   plugins:
     enabled: true
   kubernetesGateway:
diff --git a/templates/traefik-ingressroute.yml.j2 b/templates/traefik-ingressroute.yml.j2
index e35e618..22000cc 100644
--- a/templates/traefik-ingressroute.yml.j2
+++ b/templates/traefik-ingressroute.yml.j2
@@ -4,6 +4,17 @@ metadata:
   name: traefik
   labels:
     app: traefik
+  annotations:
+    kubernetes.io/ingress.class: traefik
+    external-dns.alpha.kubernetes.io/hostname: traefik.{{ cluster_domain }}
+    external-dns.alpha.kubernetes.io/endpoints-type: NodeExternalIP
+{% if false %}
+    # external-dns.alpha.kubernetes.io/endpoints-type: HostIP
+    # external-dns.alpha.kubernetes.io/target: "1.2.3.4"
+
+    # external-dns.alpha.kubernetes.io/ttl: "120"
+    # external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
+{% endif %}
 
 spec:
   entryPoints:
diff --git a/templates/traefik-svc.yml.j2 b/templates/traefik-svc.yml.j2
index 1397dd8..b206f0e 100644
--- a/templates/traefik-svc.yml.j2
+++ b/templates/traefik-svc.yml.j2
@@ -16,6 +16,10 @@ spec:
     port: 443
     protocol: TCP
     targetPort: websecure
+  - name: websecure-http3
+    port: 443
+    protocol: UDP
+    targetPort: websecure
 {% if traefik_external_ips is defined %}
   externalIPs:
 {% for traefik_external_ip in traefik_external_ips %}