admin/k3s-gitops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: deploy nginx-weighted traffic layer (TraefikService 90/10, TLS, HTTP redirect) #4

Merged
admin merged 6 commits from feat/nginx-weighted into main 2026-03-04 18:43:13 +00:00
Conversation 0 Commits 6 Files Changed 6 +122
admin commented 2026-03-04 18:41:55 +00:00
Owner
Copy Link

Summary

Deploys the weighted traffic layer — a single domain nginx.thedevops.dev that silently routes 90% of requests to stable (v1) and 10% to canary (v2).

Files Changed

File Description
canary-proxy-svc.yaml ExternalName service in nginx-mcp namespace proxying to nginx-canary namespace. Required because Traefik v3 blocks cross-namespace TraefikService references.
traefikservice.yaml THE ONLY FILE TO EDIT for traffic shifting. Weighted router: stable 90 / canary 10
certificate.yaml cert-manager Certificate for nginx.thedevops.dev → secret nginx-weighted-tls
middleware.yaml Traefik Middleware: HTTP → HTTPS permanent redirect
ingressroute.yaml Two IngressRoutes: websecure (TraefikService weighted) + web (redirect)
application.yaml ArgoCD app, destination namespace: nginx-mcp, automated sync, prune, selfHeal

Architecture after merge

https://nginx.thedevops.dev
           ↓
    Traefik IngressRoute (websecure)
           ↓
   TraefikService: nginx-weighted
     ┌─────┴──────┐
    90%           10%
     ↓             ↓
 nginx-mcp    nginx-canary-proxy
 (stable v1)  (ExternalName → nginx-canary ns)

Key things to verify before merging

  • traefikservice.yaml — weights sum does not need to equal 100, but 90+10 is correct for initial test
  • canary-proxy-svc.yaml — externalName points to nginx-canary.nginx-canary.svc.cluster.local
  • certificate.yaml — dnsNames contains nginx.thedevops.dev, issuerRef is letsencrypt-http
  • ingressroute.yaml — websecure route uses kind: TraefikService, not kind: Service
  • application.yaml — destination namespace is nginx-mcp (not nginx-weighted)

To change traffic weights after merge

Edit traefikservice.yaml, commit to main, ArgoCD applies in ~30 seconds. No pod restarts needed.

## Summary Deploys the weighted traffic layer — a single domain `nginx.thedevops.dev` that silently routes 90% of requests to stable (v1) and 10% to canary (v2). ## Files Changed | File | Description | |------|-------------| | `canary-proxy-svc.yaml` | ExternalName service in nginx-mcp namespace proxying to nginx-canary namespace. Required because Traefik v3 blocks cross-namespace TraefikService references. | | `traefikservice.yaml` | **THE ONLY FILE TO EDIT for traffic shifting.** Weighted router: stable 90 / canary 10 | | `certificate.yaml` | cert-manager Certificate for nginx.thedevops.dev → secret nginx-weighted-tls | | `middleware.yaml` | Traefik Middleware: HTTP → HTTPS permanent redirect | | `ingressroute.yaml` | Two IngressRoutes: websecure (TraefikService weighted) + web (redirect) | | `application.yaml` | ArgoCD app, destination namespace: nginx-mcp, automated sync, prune, selfHeal | ## Architecture after merge ``` https://nginx.thedevops.dev ↓ Traefik IngressRoute (websecure) ↓ TraefikService: nginx-weighted ┌─────┴──────┐ 90% 10% ↓ ↓ nginx-mcp nginx-canary-proxy (stable v1) (ExternalName → nginx-canary ns) ``` ## Key things to verify before merging - [ ] `traefikservice.yaml` — weights sum does not need to equal 100, but 90+10 is correct for initial test - [ ] `canary-proxy-svc.yaml` — externalName points to `nginx-canary.nginx-canary.svc.cluster.local` - [ ] `certificate.yaml` — dnsNames contains `nginx.thedevops.dev`, issuerRef is `letsencrypt-http` - [ ] `ingressroute.yaml` — websecure route uses `kind: TraefikService`, not `kind: Service` - [ ] `application.yaml` — destination namespace is `nginx-mcp` (not nginx-weighted) ## To change traffic weights after merge Edit `traefikservice.yaml`, commit to main, ArgoCD applies in ~30 seconds. No pod restarts needed.
admin added 6 commits 2026-03-04 18:41:56 +00:00
feat: canary ExternalName proxy service (namespace bridge) 539483b4b5
feat: TraefikService weighted routing 90/10 stable/canary 9447fe8b01
feat: cert-manager Certificate for nginx.thedevops.dev ebef2bf36e
feat: Traefik Middleware HTTP→HTTPS permanent redirect d906dd2d25
feat: IngressRoutes — websecure (weighted) + web (redirect) e9823e56ad
feat: nginx-weighted ArgoCD application — destination nginx-mcp namespace cdb736d5b2
admin merged commit a09690feba into main 2026-03-04 18:43:13 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
admin
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: admin/k3s-gitops#4
No description provided.
Delete Branch "feat/nginx-weighted"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?