Merge branch v3.4 into master

pkg/provider/kubernetes/crd/kubernetes_test.go

@@ -1,7 +1,6 @@
 package crd
 
 import (
-	"context"
 	"os"
 	"path/filepath"
 	"strings"
@@ -1677,7 +1676,7 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
 				AllowEmptyServices:        test.allowEmptyServices,
 			}
 
-			conf := p.loadConfigurationFromCRD(context.Background(), client)
+			conf := p.loadConfigurationFromCRD(t.Context(), client)
 			assert.Equal(t, test.expected, conf)
 		})
 	}
@@ -5313,7 +5312,7 @@ func TestLoadIngressRoutes(t *testing.T) {
 				AllowEmptyServices:        test.allowEmptyServices,
 			}
 
-			conf := p.loadConfigurationFromCRD(context.Background(), client)
+			conf := p.loadConfigurationFromCRD(t.Context(), client)
 			assert.Equal(t, test.expected, conf)
 		})
 	}
@@ -5389,7 +5388,7 @@ func TestLoadIngressRoutes_multipleEndpointAddresses(t *testing.T) {
 	}
 
 	p := Provider{}
-	conf := p.loadConfigurationFromCRD(context.Background(), client)
+	conf := p.loadConfigurationFromCRD(t.Context(), client)
 
 	service, ok := conf.HTTP.Services["default-test-route-6b204d94623b3df4370c"]
 	require.True(t, ok)
@@ -5904,7 +5903,7 @@ func TestLoadIngressRouteUDPs(t *testing.T) {
 				AllowEmptyServices:        test.allowEmptyServices,
 			}
 
-			conf := p.loadConfigurationFromCRD(context.Background(), client)
+			conf := p.loadConfigurationFromCRD(t.Context(), client)
 			assert.Equal(t, test.expected, conf)
 		})
 	}
@@ -7402,7 +7401,7 @@ func TestCrossNamespace(t *testing.T) {
 
 			p := Provider{AllowCrossNamespace: test.allowCrossNamespace}
 
-			conf := p.loadConfigurationFromCRD(context.Background(), client)
+			conf := p.loadConfigurationFromCRD(t.Context(), client)
 			assert.Equal(t, test.expected, conf)
 		})
 	}
@@ -7672,7 +7671,7 @@ func TestExternalNameService(t *testing.T) {
 
 			p := Provider{AllowExternalNameServices: test.allowExternalNameService}
 
-			conf := p.loadConfigurationFromCRD(context.Background(), client)
+			conf := p.loadConfigurationFromCRD(t.Context(), client)
 			assert.Equal(t, test.expected, conf)
 		})
 	}
@@ -7854,7 +7853,7 @@ func TestNativeLB(t *testing.T) {
 
 			p := Provider{}
 
-			conf := p.loadConfigurationFromCRD(context.Background(), client)
+			conf := p.loadConfigurationFromCRD(t.Context(), client)
 			assert.Equal(t, test.expected, conf)
 		})
 	}
@@ -8122,7 +8121,7 @@ func TestNodePortLB(t *testing.T) {
 				DisableClusterScopeResources: test.disableClusterScope,
 			}
 
-			conf := p.loadConfigurationFromCRD(context.Background(), client)
+			conf := p.loadConfigurationFromCRD(t.Context(), client)
 			assert.Equal(t, test.expected, conf)
 		})
 	}
@@ -8634,7 +8633,7 @@ func TestGlobalNativeLB(t *testing.T) {
 
 			p := Provider{NativeLBByDefault: test.NativeLBByDefault}
 
-			conf := p.loadConfigurationFromCRD(context.Background(), client)
+			conf := p.loadConfigurationFromCRD(t.Context(), client)
 			assert.Equal(t, test.expected, conf)
 		})
 	}

pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go

@@ -81,7 +81,7 @@ type ForwardingTimeouts struct {
 
 // RootCA defines a reference to a Secret or a ConfigMap that holds a CA certificate.
 // If both a Secret and a ConfigMap reference are defined, the Secret reference takes precedence.
-// +kubebuilder:validation:XValidation:rule="has(self.secret) && has(self.configMap)",message="RootCA cannot have both Secret and ConfigMap defined."
+// +kubebuilder:validation:XValidation:rule="!has(self.secret) || !has(self.configMap)",message="RootCA cannot have both Secret and ConfigMap defined."
 type RootCA struct {
 	// Secret defines the name of a Secret that holds a CA certificate.
 	// The referenced Secret must contain a certificate under either a tls.ca or a ca.crt key.