feat(traefik)!: Update helm-release ( 27.0.2 → 28.0.0 )

[tyriis-automation]

This PR contains the following updates:

Package	Update	Change	OpenSSF
traefik (source)	major	27.0.2 -> 28.0.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

traefik/traefik-helm-chart (traefik)

v28.0.0

Compare Source

⚠ BREAKING CHANGES

• 💥 initial support of Traefik Proxy v3
• See Migration guide from v2 to v3 and upgrading section of this chart on CRDs.

Features

• podtemplate: set GOMEMLIMIT, GOMAXPROCS when limits are defined (e4f2aa8)
• 💥 initial support of Traefik Proxy v3 (536059d)
• ✨ add support of experimental-v3.0 unstable version (579984c)
• ✨ fail gracefully when required port number is not set (f8be5e1)
• ports: add transport options (47e0f28)
• ability to override liveness and readiness probe paths (ea95df0)

Bug Fixes

• 🐛 logs filters on status codes (c204014)
• 🐛 only expose http3 port on service when TCP variant is exposed (2d6243d)

Styles

• 🎨 consistent capitalization on --entryPoints CLI flag (b1f6f96)

Documentation

• 📚️ improve EXAMPLES on acme resolver (2252aba)

New Contributors

• @​matkam made their first contribution in https://github.com/traefik/traefik-helm-chart/pull/1041

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[tyriis-automation]

--- kubernetes/talos-flux/apps/traefik-ingress/traefik/app Kustomization: flux-system/apps-traefik HelmRelease: traefik-ingress/traefik

+++ kubernetes/talos-flux/apps/traefik-ingress/traefik/app Kustomization: flux-system/apps-traefik HelmRelease: traefik-ingress/traefik

@@ -12,13 +12,13 @@

     spec:
       chart: traefik
       sourceRef:
         kind: HelmRepository
         name: traefik-charts
         namespace: flux-system
-      version: 27.0.2
+      version: 28.0.0
   dependsOn:
   - name: cert-manager
     namespace: cert-manager
   interval: 5m
   values:
     additionalArguments:

[tyriis-automation]

--- HelmRelease: traefik-ingress/traefik ClusterRole: traefik-ingress/traefik-traefik-ingress

+++ HelmRelease: traefik-ingress/traefik ClusterRole: traefik-ingress/traefik-traefik-ingress

@@ -41,22 +41,22 @@

   resources:
   - ingresses/status
   verbs:
   - update
 - apiGroups:
   - traefik.io
-  - traefik.containo.us
   resources:
   - ingressroutes
   - ingressroutetcps
   - ingressrouteudps
   - middlewares
   - middlewaretcps
   - tlsoptions
   - tlsstores
   - traefikservices
   - serverstransports
+  - serverstransporttcps
   verbs:
   - get
   - list
   - watch
 
--- HelmRelease: traefik-ingress/traefik Deployment: traefik-ingress/traefik

+++ HelmRelease: traefik-ingress/traefik Deployment: traefik-ingress/traefik

@@ -32,13 +32,13 @@

         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: traefik
       terminationGracePeriodSeconds: 60
       hostNetwork: false
       containers:
-      - image: docker.io/traefik:v2.11.2
+      - image: docker.io/traefik:v3.0.0
         imagePullPolicy: IfNotPresent
         name: traefik
         resources:
           limits:
             memory: 500Mi
           requests:
@@ -97,40 +97,44 @@

         - --serverstransport.insecureskipverify=true
         - --providers.kubernetesingress.ingressclass=traefik
         - --metrics.prometheus=true
         - --metrics.prometheus.entryPoint=metrics
         - --entryPoints.websecure.forwardedHeaders.trustedIPs=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/13,104.24.0.0/14,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32
         - --entryPoints.minecraft.address=:19132/udp
-        - --entrypoints.metrics.address=:8082/tcp
-        - --entrypoints.minecraft.address=:19132/udp
-        - --entrypoints.traefik.address=:9000/tcp
-        - --entrypoints.web.address=:8000/tcp
-        - --entrypoints.websecure.address=:8443/tcp
+        - --entryPoints.metrics.address=:8082/tcp
+        - --entryPoints.minecraft.address=:19132/udp
+        - --entryPoints.traefik.address=:9000/tcp
+        - --entryPoints.web.address=:8000/tcp
+        - --entryPoints.websecure.address=:8443/tcp
         - --api.dashboard=true
         - --ping=true
         - --metrics.prometheus=true
         - --metrics.prometheus.entrypoint=metrics
         - --providers.kubernetescrd
         - --providers.kubernetescrd.allowCrossNamespace=true
         - --providers.kubernetescrd.allowExternalNameServices=true
         - --providers.kubernetesingress
-        - --entrypoints.web.http.redirections.entryPoint.to=:443
-        - --entrypoints.web.http.redirections.entryPoint.scheme=https
-        - --entrypoints.websecure.http.tls=true
-        - --entrypoints.websecure.http.tls.options=default
-        - --entrypoints.websecure.http.tls.domains[0].sans=*.
+        - --entryPoints.web.http.redirections.entryPoint.to=:443
+        - --entryPoints.web.http.redirections.entryPoint.scheme=https
+        - --entryPoints.websecure.http.tls=true
+        - --entryPoints.websecure.http.tls.options=default
+        - --entryPoints.websecure.http.tls.domains[0].sans=*.
         - --log.format=json
         - --log.level=INFO
         - --accesslog=true
         - --accesslog.format=json
         - --accesslog.fields.defaultmode=keep
         - --accesslog.fields.headers.defaultmode=drop
         - --providers.kubernetesingress.ingressendpoint.ip=192.168.1.80
         - --providers.kubernetesingress.allowexternalnameservices=true
         - --providers.kubernetescrd.allowexternalnameservices=true
         env:
+        - name: GOMEMLIMIT
+          valueFrom:
+            resourceFieldRef:
+              resource: limits.memory
         - name: POD_NAME
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
         - name: POD_NAMESPACE
           valueFrom:

[tyriis-automation]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ EDITORCONFIG	editorconfig-checker	1		0	0.01s
✅ REPOSITORY	gitleaks	yes		no	2.21s
✅ YAML	prettier	1		0	0.66s
✅ YAML	yamllint	1		0	0.31s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud