Reintroduce dropped v2 dynamic config

Co-authored-by: Baptiste Mayelle <baptiste.mayelle@traefik.io>
2024-01-29 17:32:05 +01:00 · 2024-01-29 17:32:05 +01:00 · 40de310927
commit 40de310927
parent 18203f57d2
53 changed files with 880 additions and 392 deletions
--- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroutetcp.go
+++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroutetcp.go
@ -72,6 +72,13 @@ type ServiceTCP struct {
 	Port intstr.IntOrString `json:"port"`
 	// Weight defines the weight used when balancing requests between multiple Kubernetes Service.
 	Weight *int `json:"weight,omitempty"`
+	// TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates
+	// it has closed the writing capability of its connection, to close the reading capability as well,
+	// hence fully terminating the connection.
+	// It is a duration in milliseconds, defaulting to 100.
+	// A negative value means an infinite deadline (i.e. the reading capability is never closed).
+	// Deprecated: TerminationDelay is not supported APIVersion traefik.io/v1, please use ServersTransport to configure the TerminationDelay instead.
+	TerminationDelay *int `json:"terminationDelay,omitempty"`
 	// ProxyProtocol defines the PROXY protocol configuration.
 	// More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol
 	ProxyProtocol *dynamic.ProxyProtocol `json:"proxyProtocol,omitempty"`
--- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/middleware.go
+++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/middleware.go
@ -171,6 +171,9 @@ type ClientTLS struct {
 	CertSecret string `json:"certSecret,omitempty"`
 	// InsecureSkipVerify defines whether the server certificates should be validated.
 	InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`
+
+	// Deprecated: TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).
+	CAOptional *bool `json:"caOptional,omitempty"`
 }

 // +k8s:deepcopy-gen=true
--- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/middlewaretcp.go
+++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/middlewaretcp.go
@ -26,9 +26,13 @@ type MiddlewareTCPSpec struct {
 	// InFlightConn defines the InFlightConn middleware configuration.
 	InFlightConn *dynamic.TCPInFlightConn `json:"inFlightConn,omitempty"`
 	// IPWhiteList defines the IPWhiteList middleware configuration.
+	// This middleware accepts/refuses connections based on the client IP.
 	// Deprecated: please use IPAllowList instead.
+	// More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/
 	IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"`
 	// IPAllowList defines the IPAllowList middleware configuration.
+	// This middleware accepts/refuses connections based on the client IP.
+	// More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/
 	IPAllowList *dynamic.TCPIPAllowList `json:"ipAllowList,omitempty"`
 }

--- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsoption.go
+++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsoption.go
@ -44,6 +44,11 @@ type TLSOptionSpec struct {
 	// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
 	// More info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols
 	ALPNProtocols []string `json:"alpnProtocols,omitempty"`
+
+	// PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
+	// It is enabled automatically when minVersion or maxVersion is set.
+	// Deprecated: https://github.com/golang/go/issues/45430
+	PreferServerCipherSuites *bool `json:"preferServerCipherSuites,omitempty"`
 }

 // +k8s:deepcopy-gen=true
--- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/zz_generated.deepcopy.go
@ -146,6 +146,11 @@ func (in *ClientAuth) DeepCopy() *ClientAuth {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ClientTLS) DeepCopyInto(out *ClientTLS) {
 	*out = *in
+	if in.CAOptional != nil {
+		in, out := &in.CAOptional, &out.CAOptional
+		*out = new(bool)
+		**out = **in
+	}
 	return
 }

@ -213,7 +218,7 @@ func (in *ForwardAuth) DeepCopyInto(out *ForwardAuth) {
 	if in.TLS != nil {
 		in, out := &in.TLS, &out.TLS
 		*out = new(ClientTLS)
-		**out = **in
+		(*in).DeepCopyInto(*out)
 	}
 	if in.AddAuthCookiesToResponse != nil {
 		in, out := &in.AddAuthCookiesToResponse, &out.AddAuthCookiesToResponse
@ -777,7 +782,7 @@ func (in *MiddlewareSpec) DeepCopyInto(out *MiddlewareSpec) {
 	if in.ContentType != nil {
 		in, out := &in.ContentType, &out.ContentType
 		*out = new(dynamic.ContentType)
-		**out = **in
+		(*in).DeepCopyInto(*out)
 	}
 	if in.GrpcWeb != nil {
 		in, out := &in.GrpcWeb, &out.GrpcWeb
@ -1318,6 +1323,11 @@ func (in *ServiceTCP) DeepCopyInto(out *ServiceTCP) {
 		*out = new(int)
 		**out = **in
 	}
+	if in.TerminationDelay != nil {
+		in, out := &in.TerminationDelay, &out.TerminationDelay
+		*out = new(int)
+		**out = **in
+	}
 	if in.ProxyProtocol != nil {
 		in, out := &in.ProxyProtocol, &out.ProxyProtocol
 		*out = new(dynamic.ProxyProtocol)
@ -1517,6 +1527,11 @@ func (in *TLSOptionSpec) DeepCopyInto(out *TLSOptionSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.PreferServerCipherSuites != nil {
+		in, out := &in.PreferServerCipherSuites, &out.PreferServerCipherSuites
+		*out = new(bool)
+		**out = **in
+	}
 	return
 }