Add TCP Servers Transports support

Co-authored-by: Romain <rtribotte@users.noreply.github.com>
This commit is contained in:
Simon Delicata 2022-12-09 09:58:05 +01:00 committed by GitHub
parent c2dac39da1
commit 3eeea2bb2b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
101 changed files with 5956 additions and 1669 deletions

View file

@ -1020,6 +1020,33 @@ Defines the allowed SPIFFE trust domain.
`--spiffe.workloadapiaddr`:
Defines the workload API address.
`--tcpserverstransport.dialkeepalive`:
Defines the interval between keep-alive probes for an active network connection. If zero, keep-alive probes are sent with a default value (currently 15 seconds), if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field. If negative, keep-alive probes are disabled (Default: ```15```)
`--tcpserverstransport.dialtimeout`:
Defines the amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. (Default: ```30```)
`--tcpserverstransport.terminationdelay`:
Defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability. (Default: ```0```)
`--tcpserverstransport.tls`:
Defines the TLS configuration. (Default: ```false```)
`--tcpserverstransport.tls.insecureskipverify`:
Disables SSL certificate verification. (Default: ```false```)
`--tcpserverstransport.tls.rootcas`:
Defines a list of CA secret used to validate self-signed certificate
`--tcpserverstransport.tls.spiffe`:
Defines the SPIFFE TLS configuration. (Default: ```false```)
`--tcpserverstransport.tls.spiffe.ids`:
Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain).
`--tcpserverstransport.tls.spiffe.trustdomain`:
Defines the allowed SPIFFE trust domain.
`--tracing`:
OpenTracing configuration. (Default: ```false```)

View file

@ -1020,6 +1020,33 @@ Defines the allowed SPIFFE trust domain.
`TRAEFIK_SPIFFE_WORKLOADAPIADDR`:
Defines the workload API address.
`TRAEFIK_TCPSERVERSTRANSPORT_DIALKEEPALIVE`:
Defines the interval between keep-alive probes for an active network connection. If zero, keep-alive probes are sent with a default value (currently 15 seconds), if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field. If negative, keep-alive probes are disabled (Default: ```15```)
`TRAEFIK_TCPSERVERSTRANSPORT_DIALTIMEOUT`:
Defines the amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. (Default: ```30```)
`TRAEFIK_TCPSERVERSTRANSPORT_TERMINATIONDELAY`:
Defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability. (Default: ```0```)
`TRAEFIK_TCPSERVERSTRANSPORT_TLS`:
Defines the TLS configuration. (Default: ```false```)
`TRAEFIK_TCPSERVERSTRANSPORT_TLS_INSECURESKIPVERIFY`:
Disables SSL certificate verification. (Default: ```false```)
`TRAEFIK_TCPSERVERSTRANSPORT_TLS_ROOTCAS`:
Defines a list of CA secret used to validate self-signed certificate
`TRAEFIK_TCPSERVERSTRANSPORT_TLS_SPIFFE`:
Defines the SPIFFE TLS configuration. (Default: ```false```)
`TRAEFIK_TCPSERVERSTRANSPORT_TLS_SPIFFE_IDS`:
Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain).
`TRAEFIK_TCPSERVERSTRANSPORT_TLS_SPIFFE_TRUSTDOMAIN`:
Defines the allowed SPIFFE trust domain.
`TRAEFIK_TRACING`:
OpenTracing configuration. (Default: ```false```)

View file

@ -6,10 +6,29 @@
insecureSkipVerify = true
rootCAs = ["foobar", "foobar"]
maxIdleConnsPerHost = 42
[serversTransport.forwardingTimeouts]
dialTimeout = "42s"
responseHeaderTimeout = "42s"
idleConnTimeout = "42s"
readIdleTimeout = "42s"
pingTimeout = "42s"
[serversTransport.spiffe]
ids = ["foobar", "foobar"]
trustDomain = "foobar"
[tcpServersTransport]
dialTimeout = "42s"
dialKeepAlive = "42s"
[tcpServersTransport.tls]
insecureSkipVerify = true
rootCAs = ["foobar", "foobar"]
[tcpServersTransport.tls.spiffe]
ids = ["foobar", "foobar"]
trustDomain = "foobar"
[entryPoints]
[entryPoints.EntryPoint0]

View file

@ -1,7 +1,7 @@
global:
checkNewVersion: true
sendAnonymousUsage: true
serversTransport:
serversTransports:
insecureSkipVerify: true
rootCAs:
- foobar
@ -11,6 +11,26 @@ serversTransport:
dialTimeout: 42s
responseHeaderTimeout: 42s
idleConnTimeout: 42s
readIdleTimeout: 42s
pingTimeout: 42s
spiffe:
ids:
- foobar
- foobar
trustDomain: foobar
tcpServersTransport:
dialTimeout: 42s
dialKeepAlive: 42s
tls:
insecureSkipVerify: true
rootCAs:
- foobar
- foobar
spiffe:
ids:
- foobar
- foobar
trustDomain: foobar
entryPoints:
EntryPoint0:
address: foobar