diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml index 7b3ed1bec..4a471058f 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml @@ -2273,7 +2273,7 @@ spec: type: object x-kubernetes-validations: - message: RootCA cannot have both Secret and ConfigMap defined. - rule: has(self.secret) && has(self.configMap) + rule: '!has(self.secret) || !has(self.configMap)' type: array rootCAsSecrets: description: |- @@ -2418,7 +2418,7 @@ spec: type: object x-kubernetes-validations: - message: RootCA cannot have both Secret and ConfigMap defined. - rule: has(self.secret) && has(self.configMap) + rule: '!has(self.secret) || !has(self.configMap)' type: array rootCAsSecrets: description: |- diff --git a/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml b/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml index 38a27840a..99d820da2 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml @@ -134,7 +134,7 @@ spec: type: object x-kubernetes-validations: - message: RootCA cannot have both Secret and ConfigMap defined. - rule: has(self.secret) && has(self.configMap) + rule: '!has(self.secret) || !has(self.configMap)' type: array rootCAsSecrets: description: |- diff --git a/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml b/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml index d2ffffed6..35f5dab93 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml @@ -110,7 +110,7 @@ spec: type: object x-kubernetes-validations: - message: RootCA cannot have both Secret and ConfigMap defined. - rule: has(self.secret) && has(self.configMap) + rule: '!has(self.secret) || !has(self.configMap)' type: array rootCAsSecrets: description: |- diff --git a/integration/fixtures/k8s/01-traefik-crd.yml b/integration/fixtures/k8s/01-traefik-crd.yml index 7b3ed1bec..4a471058f 100644 --- a/integration/fixtures/k8s/01-traefik-crd.yml +++ b/integration/fixtures/k8s/01-traefik-crd.yml @@ -2273,7 +2273,7 @@ spec: type: object x-kubernetes-validations: - message: RootCA cannot have both Secret and ConfigMap defined. - rule: has(self.secret) && has(self.configMap) + rule: '!has(self.secret) || !has(self.configMap)' type: array rootCAsSecrets: description: |- @@ -2418,7 +2418,7 @@ spec: type: object x-kubernetes-validations: - message: RootCA cannot have both Secret and ConfigMap defined. - rule: has(self.secret) && has(self.configMap) + rule: '!has(self.secret) || !has(self.configMap)' type: array rootCAsSecrets: description: |- diff --git a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go index 7f74c6397..5c7773895 100644 --- a/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go +++ b/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go @@ -81,7 +81,7 @@ type ForwardingTimeouts struct { // RootCA defines a reference to a Secret or a ConfigMap that holds a CA certificate. // If both a Secret and a ConfigMap reference are defined, the Secret reference takes precedence. -// +kubebuilder:validation:XValidation:rule="has(self.secret) && has(self.configMap)",message="RootCA cannot have both Secret and ConfigMap defined." +// +kubebuilder:validation:XValidation:rule="!has(self.secret) || !has(self.configMap)",message="RootCA cannot have both Secret and ConfigMap defined." type RootCA struct { // Secret defines the name of a Secret that holds a CA certificate. // The referenced Secret must contain a certificate under either a tls.ca or a ca.crt key.