Add TCP Servers Transports support

Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2022-12-09 09:58:05 +01:00 · 2022-12-09 09:58:05 +01:00 · 3eeea2bb2b
commit 3eeea2bb2b
parent c2dac39da1
101 changed files with 5956 additions and 1669 deletions
--- a/pkg/provider/kubernetes/crd/fixtures/tcp/with_servers_transport.yml
+++ b/pkg/provider/kubernetes/crd/fixtures/tcp/with_servers_transport.yml
@ -0,0 +1,147 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: root-ca0
+  namespace: foo
+
+data:
+  foobar: VEVTVFJPT1RDQVMw
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: root-ca1
+  namespace: foo
+
+data:
+  tls.ca: VEVTVFJPT1RDQVMx
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: root-ca2
+  namespace: foo
+
+data:
+  tls.ca: VEVTVFJPT1RDQVMy
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: root-ca3
+  namespace: foo
+
+data:
+  ca.crt: VEVTVFJPT1RDQVMz
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: root-ca4
+  namespace: foo
+
+data:
+  ca.crt: VEVTVFJPT1RDQVM0
+  tls.ca: VEVTVFJPT1RDQVM1 # <-- This should be the preferred one.
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mtls1
+  namespace: foo
+
+data:
+  tls.crt: VEVTVENFUlQx
+  tls.key: VEVTVEtFWTE=
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mtls2
+  namespace: foo
+
+data:
+  tls.crt: VEVTVENFUlQy
+  tls.key: VEVTVEtFWTI=
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: allcerts
+  namespace: foo
+
+data:
+  ca.crt: VEVTVEFMTENFUlRT
+  tls.crt: VEVTVENFUlQz
+  tls.key: VEVTVEtFWTM=
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: ServersTransportTCP
+metadata:
+  name: test
+  namespace: foo
+
+spec:
+  tls:
+    serverName: "test"
+    insecureSkipVerify: true
+    peerCertURI: foo://bar
+    rootCAsSecrets:
+      - root-ca0
+      - root-ca1
+      - root-ca2
+      - root-ca3
+      - root-ca4
+      - allcerts
+    certificatesSecrets:
+      - mtls1
+      - mtls2
+      - allcerts
+    spiffe:
+      ids:
+        - spiffe://foo/buz
+        - spiffe://bar/biz
+      trustDomain: spiffe://lol
+  dialTimeout: 42
+  dialKeepAlive: 42
+  terminationDelay: 42
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: ServersTransportTCP
+metadata:
+  name: test
+  namespace: default
+
+spec:
+  tls:
+    serverName: "test"
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: test.route
+  namespace: default
+
+spec:
+  entryPoints:
+    - foo
+
+  routes:
+  - match: HostSNI(`foo.com`)
+    services:
+    - name: whoamitcp
+      port: 8000
+      serversTransport: test
+    - name: whoamitcp2
+      port: 8080
+      serversTransport: default-test
--- a/pkg/provider/kubernetes/crd/fixtures/tcp/with_servers_transport_cross_namespace.yml
+++ b/pkg/provider/kubernetes/crd/fixtures/tcp/with_servers_transport_cross_namespace.yml
@ -0,0 +1,27 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: test.route
+  namespace: default
+
+spec:
+  entryPoints:
+    - foo
+
+  routes:
+  - match: HostSNI(`foo.com`)
+    priority: 12
+    services:
+    - name: whoamitcp
+      port: 8000
+      serversTransport: cross-ns-st-cross-ns@kubernetescrd
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: ServersTransportTCP
+metadata:
+  name: st-cross-ns
+  namespace: cross-ns
+
+spec:
+  dialKeepAlive: 0