Multiple HTTP/3 enabled endpoints in Helm chart

Traefik Traefik v2
1

Hi,

I'd like to use my k8s + traefik deployment to expose select ingresses to a loadbalancer which proxies requests from the Internet to my k8s box. I did this by introducing another endpoint, webs-ext, to my traefik config. I tag an ingress I want to expose with this annotation:

traefik.ingress.kubernetes.io/router.entrypoints: web,websecure,webs-ext

I've set up traefik with helm chart 23.0.1 + values.yaml like this:

ports:
  websecure:
    port: 8443
    expose: true
    hostPort: 443
    exposedPort: 443
    protocol: TCP
    tls: {} # omitted
### Marker
    http3:
      enabled: true
      advertisedPort: 443
### /Marker
  webs-ext:
    port: 8444
    expose: true
    hostPort: 8443
    exposedPort: 8443
    proxyProtocol:
      trustedIPs:
        - "192.168.1.0/24"
    protocol: TCP
    tls: {} # omitted
    http3:
      enabled: true
      advertisedPort: 443

This will yield an error, due to the block inside the "Marker" comments generating a duplicate port mapping.

I assume that's a bug, the port k8s serves this under doesn't have to be it is advertised under, especially considering a proxy scenario.

Am I correct in my reasoning? Am I doing something wrong here?

2

So I worked around the issue with a kustomization, like this:

  patches:
  - target:
      kind: Service
      name: "traefik"
    patch: |-
      - op: test
        path: /spec/ports/7/name
        value: webs-ext-http3
      - op: replace
        path: /spec/ports/7/port
        value: 8443
  - target:
      kind: DaemonSet
      name: "traefik"
    patch: |-
      - op: test
        path: /spec/template/spec/containers/0/ports/10/name
        value: webs-ext-http3
      - op: replace
        path: /spec/template/spec/containers/0/ports/10/hostPort
        value: 8443

Note that the indexes need adjusting.