Enable http/3

defaults/main.yml

@@ -1,5 +1,5 @@
 my_context: kubernetes
-traefik_version: "2.10.1"
+traefik_version: "2.10.3"
 cluster_domain: "local"
 traefik_namespace: "traefik"
 traefik_service_type: LoadBalancer

tasks/main.yml

@@ -174,4 +174,47 @@
       when:
         - traefik_hub_token is defined
 
+#echo 'apiVersion: v1
+#kind: Service
+#metadata:
+#  annotations:
+##    external-dns.alpha.kubernetes.io/endpoints-type: HostIP
+#    external-dns.alpha.kubernetes.io/hostname: traefik.ibm.reslinger.net
+#    external-dns.alpha.kubernetes.io/endpoints-type: NodeExternalIP
+##    external-dns.alpha.kubernetes.io/target: "1.2.3.4"
+#  name: traefik-dns
+#  namespace: traefik
+#spec:
+#  clusterIP: None
+#  ports:
+#  - name: web
+#    port: 80
+#    protocol: TCP
+#    targetPort: web
+#  - name: websecure
+#    port: 443
+#    protocol: TCP
+#    targetPort: websecure
+#  selector:
+#    app.kubernetes.io/instance: traefik-traefik
+#    app.kubernetes.io/name: traefik' | kubectl --context kubeibm -n traefik apply -f -
+
+#    - name: Deploy latest version of Switchboard
+#      kubernetes.core.helm:
+#        context: "{{ my_context }}"
+#        name: switchboard
+#        chart_ref: oci://ghcr.io/borchero/charts/switchboard
+#        release_namespace: "{{ traefik_namespace }}"
+##        values: "{{ lookup('template', 'traefik-helm-value.yaml.j2') | from_yaml }}"
+#        values:
+#          integrations:
+##            certManager:
+##              enabled: true
+##              issuer: "letsencrypt-prod"
+#            externalDNS:
+#              enabled: true
+#              targetIPs: [10.144.217.172]
+
+
+
   tags: traefik

templates/traefik-cm.yml.j2

@@ -28,7 +28,7 @@ data:
     #    http3:
     #      advertisedPort: 42
       websecure:
-        address: ":8443/tcp"
+        address: ":8443"
         http:
           tls:
             options: default
@@ -36,8 +36,8 @@ data:
     #        - auth@file
     #        - secure_headers@file
     #        - crowdsec-bouncer@file
-    #    http3:
-    #      advertisedPort: 443
+        http3:
+          advertisedPort: 443
       traefik:
         address: ":9000/tcp"
       metrics:
@@ -50,7 +50,11 @@ data:
 {% endif%}
 {% for traefik_entrypoint in traefik_entrypoints %}
       {{ traefik_entrypoint.name }}:
-        address: :{{ traefik_entrypoint.port }}
+{% if traefik_entrypoint.proto is defined %}
+        address: ":{{ traefik_entrypoint.port }}/{{ traefik_entrypoint.proto | lower }}"
+{% else %}
+        address: ":{{ traefik_entrypoint.port }}"
+{% endif %}
 {% if traefik_entrypoint.tls is defined or traefik_entrypoint.middlewares is defined %}
         http:
 {% if traefik_entrypoint.middlewares is defined %}

templates/traefik-helm-value.yaml.j2

@@ -58,6 +58,9 @@ ports:
 {% if traefik_service_type == "NodePort" %}
     nodePort: 443
 {% endif %}
+    http3:
+      enabled: true
+      advertisedPort: 443
 #    tls:
 #      enabled: true
 #      options: default
@@ -95,8 +98,6 @@ updateStrategy:
   type: OnDelete
 {% endif %}
 experimental:
-  http3:
-    enabled: true
   plugins:
     enabled: true
   kubernetesGateway:

templates/traefik-ingressroute.yml.j2

@@ -4,6 +4,17 @@ metadata:
   name: traefik
   labels:
     app: traefik
+  annotations:
+    kubernetes.io/ingress.class: traefik
+    external-dns.alpha.kubernetes.io/hostname: traefik.{{ cluster_domain }}
+    external-dns.alpha.kubernetes.io/endpoints-type: NodeExternalIP
+{% if false %}
+    # external-dns.alpha.kubernetes.io/endpoints-type: HostIP
+    # external-dns.alpha.kubernetes.io/target: "1.2.3.4"
+
+    # external-dns.alpha.kubernetes.io/ttl: "120"
+    # external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
+{% endif %}
 
 spec:
   entryPoints:

templates/traefik-svc.yml.j2

@@ -16,6 +16,10 @@ spec:
     port: 443
     protocol: TCP
     targetPort: websecure
+  - name: websecure-http3
+    port: 443
+    protocol: UDP
+    targetPort: websecure
 {% if traefik_external_ips is defined %}
   externalIPs:
 {% for traefik_external_ip in traefik_external_ips %}