Merge current v2.8 into master

2022-08-18 14:50:44 +02:00 · 2022-08-18 14:50:44 +02:00 · 626da4c0ae
commit 626da4c0ae
parent af749f1864 9c02612f65
90 changed files with 1019 additions and 707 deletions
--- a/pkg/provider/kubernetes/crd/fixtures/tcp/with_tls_options.yml
+++ b/pkg/provider/kubernetes/crd/fixtures/tcp/with_tls_options.yml
@ -35,7 +35,6 @@ spec:
      - secret-ca1
      - secret-ca2
    clientAuthType: VerifyClientCertIfGiven
-  preferServerCipherSuites: true
 ---
 apiVersion: v1
 kind: Secret
--- a/pkg/provider/kubernetes/crd/fixtures/with_default_tls_options.yml
+++ b/pkg/provider/kubernetes/crd/fixtures/with_default_tls_options.yml
@ -35,7 +35,6 @@ spec:
      - secret-ca-default1
      - secret-ca-default2
    clientAuthType: VerifyClientCertIfGiven
-  preferServerCipherSuites: true

 ---
 apiVersion: traefik.containo.us/v1alpha1
--- a/pkg/provider/kubernetes/crd/fixtures/with_default_tls_options_default_namespace.yml
+++ b/pkg/provider/kubernetes/crd/fixtures/with_default_tls_options_default_namespace.yml
@ -35,7 +35,6 @@ spec:
      - secret-ca1
      - secret-ca2
    clientAuthType: VerifyClientCertIfGiven
-  preferServerCipherSuites: true

 ---
 apiVersion: traefik.containo.us/v1alpha1
--- a/pkg/provider/kubernetes/crd/fixtures/with_tls_options.yml
+++ b/pkg/provider/kubernetes/crd/fixtures/with_tls_options.yml
@ -35,7 +35,6 @@ spec:
      - secret-ca1
      - secret-ca2
    clientAuthType: VerifyClientCertIfGiven
-  preferServerCipherSuites: true

 ---
 apiVersion: traefik.containo.us/v1alpha1
--- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/register.go
+++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/register.go
@ -45,14 +45,14 @@ var localSchemeBuilder = runtime.SchemeBuilder{
 // AddToScheme adds all types of this clientset into the given scheme. This allows composition
 // of clientsets, like in:
 //
-//   import (
-//     "k8s.io/client-go/kubernetes"
-//     clientsetscheme "k8s.io/client-go/kubernetes/scheme"
-//     aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
-//   )
+//	import (
+//	  "k8s.io/client-go/kubernetes"
+//	  clientsetscheme "k8s.io/client-go/kubernetes/scheme"
+//	  aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
+//	)
 //
-//   kclientset, _ := kubernetes.NewForConfig(c)
-//   _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
+//	kclientset, _ := kubernetes.NewForConfig(c)
+//	_ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
 //
 // After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
 // correctly.
--- a/pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme/register.go
+++ b/pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme/register.go
@ -45,14 +45,14 @@ var localSchemeBuilder = runtime.SchemeBuilder{
 // AddToScheme adds all types of this clientset into the given scheme. This allows composition
 // of clientsets, like in:
 //
-//   import (
-//     "k8s.io/client-go/kubernetes"
-//     clientsetscheme "k8s.io/client-go/kubernetes/scheme"
-//     aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
-//   )
+//	import (
+//	  "k8s.io/client-go/kubernetes"
+//	  clientsetscheme "k8s.io/client-go/kubernetes/scheme"
+//	  aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
+//	)
 //
-//   kclientset, _ := kubernetes.NewForConfig(c)
-//   _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
+//	kclientset, _ := kubernetes.NewForConfig(c)
+//	_ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
 //
 // After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
 // correctly.
--- a/pkg/provider/kubernetes/crd/kubernetes.go
+++ b/pkg/provider/kubernetes/crd/kubernetes.go
@ -881,9 +881,8 @@ func buildTLSOptions(ctx context.Context, client Client) map[string]tls.Options
 				CAFiles:        clientCAs,
 				ClientAuthType: tlsOption.Spec.ClientAuth.ClientAuthType,
 			},
-			SniStrict:                tlsOption.Spec.SniStrict,
-			PreferServerCipherSuites: tlsOption.Spec.PreferServerCipherSuites,
-			ALPNProtocols:            alpnProtocols,
+			SniStrict:     tlsOption.Spec.SniStrict,
+			ALPNProtocols: alpnProtocols,
 		}
 	}

--- a/pkg/provider/kubernetes/crd/kubernetes_test.go
+++ b/pkg/provider/kubernetes/crd/kubernetes_test.go
@ -666,8 +666,7 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
 								},
 								ClientAuthType: "VerifyClientCertIfGiven",
 							},
-							SniStrict:                true,
-							PreferServerCipherSuites: true,
+							SniStrict: true,
 							ALPNProtocols: []string{
 								"h2",
 								"http/1.1",
@ -2748,8 +2747,7 @@ func TestLoadIngressRoutes(t *testing.T) {
 								},
 								ClientAuthType: "VerifyClientCertIfGiven",
 							},
-							SniStrict:                true,
-							PreferServerCipherSuites: true,
+							SniStrict: true,
 							ALPNProtocols: []string{
 								"h2",
 								"http/1.1",
@ -2862,8 +2860,7 @@ func TestLoadIngressRoutes(t *testing.T) {
 								},
 								ClientAuthType: "VerifyClientCertIfGiven",
 							},
-							SniStrict:                true,
-							PreferServerCipherSuites: true,
+							SniStrict: true,
 							ALPNProtocols: []string{
 								"h2",
 								"http/1.1",
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go
@ -42,7 +42,8 @@ type TLSOptionSpec struct {
 	// SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
 	SniStrict bool `json:"sniStrict,omitempty"`
 	// PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
-	// It is enabled automatically when minVersion or maxVersion are set.
+	// It is enabled automatically when minVersion or maxVersion is set.
+	// Deprecated: https://github.com/golang/go/issues/45430
 	PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty"`
 	// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
 	// More info: https://doc.traefik.io/traefik/v2.8/https/tls/#alpn-protocols
--- a/pkg/provider/kubernetes/ingress/kubernetes.go
+++ b/pkg/provider/kubernetes/ingress/kubernetes.go
@ -304,7 +304,7 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl
 				serviceName := provider.Normalize(ingress.Namespace + "-" + pa.Backend.Service.Name + "-" + portString)
 				conf.HTTP.Services[serviceName] = service

-				routerKey := strings.TrimPrefix(provider.Normalize(ingress.Name+"-"+ingress.Namespace+"-"+rule.Host+pa.Path), "-")
+				routerKey := strings.TrimPrefix(provider.Normalize(ingress.Namespace+"-"+ingress.Name+"-"+rule.Host+pa.Path), "-")
 				routers[routerKey] = append(routers[routerKey], loadRouter(rule, pa, rtConfig, serviceName))
 			}
 		}
--- a/pkg/provider/kubernetes/ingress/kubernetes_test.go
+++ b/pkg/provider/kubernetes/ingress/kubernetes_test.go
@ -1696,7 +1696,7 @@ func TestLoadConfigurationFromIngressesWithExternalNameServices(t *testing.T) {
 				HTTP: &dynamic.HTTPConfiguration{
 					Middlewares: map[string]*dynamic.Middleware{},
 					Routers: map[string]*dynamic.Router{
-						"example-com-testing-bar": {
+						"testing-example-com-bar": {
 							Rule:    "PathPrefix(`/bar`)",
 							Service: "testing-service-bar-8080",
 						},
@ -1724,7 +1724,7 @@ func TestLoadConfigurationFromIngressesWithExternalNameServices(t *testing.T) {
 				HTTP: &dynamic.HTTPConfiguration{
 					Middlewares: map[string]*dynamic.Middleware{},
 					Routers: map[string]*dynamic.Router{
-						"example-com-testing-foo": {
+						"testing-example-com-foo": {
 							Rule:    "PathPrefix(`/foo`)",
 							Service: "testing-service-foo-8080",
 						},