Merge aeaccb9d14 into ccb1f91ed4

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:alpine
+FROM python:3.11-alpine
 
 ENV PYTHONUNBUFFERED=1 \
     ISSUER_NAME=letsencrypt \
@@ -8,4 +8,4 @@ ENV PYTHONUNBUFFERED=1 \
 
 RUN pip install kubernetes
 COPY main.py /
-CMD python /main.py
+CMD ["python", "/main.py"]

main.py

@@ -6,7 +6,6 @@ import signal
 import sys
 import threading
 
-from unicodedata import name
 from kubernetes import client, config, watch
 from kubernetes.client.rest import ApiException
 
@@ -19,6 +18,7 @@ CERT_ISSUER_NAME = os.getenv("ISSUER_NAME", "letsencrypt")
 CERT_ISSUER_KIND = os.getenv("ISSUER_KIND", "ClusterIssuer")
 CERT_CLEANUP = os.getenv("CERT_CLEANUP", "false").lower() in ("yes", "true", "t", "1")
 PATCH_SECRETNAME = os.getenv("PATCH_SECRETNAME", "false").lower() in ("yes", "true", "t", "1")
+SUPPORT_LEGACY_CRDS = os.getenv("SUPPORT_LEGACY_CRDS", "true").lower() in ("yes", "true", "t", "1")
 
 
 def safe_get(obj, keys, default=None):
@@ -38,10 +38,10 @@ def create_certificate(crds, namespace, secretname, routes):
     Create a certificate request for certmanager based on the IngressRoute
     """
     try:
-        secret = crds.get_namespaced_custom_object(CERT_GROUP, CERT_VERSION, namespace, CERT_PLURAL, secretname)
+        assert crds.get_namespaced_custom_object(CERT_GROUP, CERT_VERSION, namespace, CERT_PLURAL, secretname)
         logging.info(f"{secretname} : certificate request already exists.")
         return
-    except ApiException as e:
+    except ApiException:
         pass
 
     for route in routes:
@@ -87,7 +87,7 @@ def watch_crd(group, version, plural):
     """
     Watch Traefik IngressRoute CRD and create/delete certificates based on them
     """
-    #config.load_kube_config()
+    # config.load_kube_config()
     config.load_incluster_config()
     crds = client.CustomObjectsApi()
     resource_version = ""
@@ -116,7 +116,7 @@ def watch_crd(group, version, plural):
                 # if no secretName is set, add one to the IngressRoute
                 if not secretname and PATCH_SECRETNAME:
                     logging.info(f"{namespace}/{name} : no secretName found in IngressRoute, patch to add one")
-                    patch = { "spec": { "tls": { "secretName": name }}}
+                    patch = {"spec": {"tls": {"secretName": name}}}
                     crds.patch_namespaced_custom_object(group, version, namespace, plural, name, patch)
                     secretname = name
                 if secretname:
@@ -147,19 +147,25 @@ def main():
     signal.signal(signal.SIGINT, exit_gracefully)
     signal.signal(signal.SIGTERM, exit_gracefully)
 
-    # deprecated traefik CRD
-    th1 = threading.Thread(target=watch_crd, args=("traefik.containo.us", "v1alpha1", "ingressroutes"), daemon=True)
+    # new traefik CRD    
+    th1 = threading.Thread(target=watch_crd, args=("traefik.io", "v1alpha1", "ingressroutes"), daemon=True)
     th1.start()
 
-    # new traefik CRD    
-    th2 = threading.Thread(target=watch_crd, args=("traefik.io", "v1alpha1", "ingressroutes"), daemon=True)
+    if SUPPORT_LEGACY_CRDS:
+        # deprecated traefik CRD
+        th2 = threading.Thread(target=watch_crd, args=("traefik.containo.us", "v1alpha1", "ingressroutes"), daemon=True)
         th2.start()
 
         # wait for threads to finish
         while th1.is_alive() and th2.is_alive():
             th1.join(0.1)
             th2.join(0.1)
-    logging.info(f"One of the threads exited {th1.is_alive()}, {th2.is_alive()}")
+        logging.info(f"traefik.containo.us/v1alpha1/ingressroutes watcher exited {th2.is_alive()}")
+    else:
+        # wait for threads to finish
+        while th1.is_alive():
+            th1.join(0.1)
+    logging.info(f"traefik.io/v1alpha1/ingressroutes watcher exited {th1.is_alive()}")
 
 
 if __name__ == '__main__':

requirements.txt

@@ -1 +1 @@
-kubernetes
+kubernetes==31.x