homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Support for Consul Connect

Browse source 
Co-authored-by: Florian Apolloner <apollo13@users.noreply.github.com>
This commit is contained in:
Mohammad Gufran 2021-07-15 17:32:11 +05:30 committed by GitHub
parent 3a180e2afc
commit 7e43e5615e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
36 changed files with 2118 additions and 644 deletions
Download patch file Download diff file Expand all files Collapse all files

10
docs/content/routing/providers/consul-catalog.md
View file

@ -454,6 +454,16 @@ You can tell Traefik to consider (or not) the service by setting `traefik.enable
This option overrides the value of `exposedByDefault`.
#### `traefik.consulcatalog.connect`
```yaml
traefik.consulcatalog.connect=true
```
You can tell Traefik to consider (or not) the service as a Connect capable one by setting `traefik.consulcatalog.connect` to true or false.
This option overrides the value of `connectByDefault`.
#### Port Lookup
Traefik is capable of detecting the port to use, by following the default consul Catalog flow.

24
docs/content/routing/providers/kubernetes-crd.md
View file

@ -1648,19 +1648,21 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
dialTimeout: 42s # [7]
responseHeaderTimeout: 42s # [8]
idleConnTimeout: 42s # [9]
peerCertURI: foobar # [10]
```
| Ref | Attribute | Purpose |
|-----|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `serverName` | ServerName used to contact the server. |
| [2] | `insecureSkipVerify` | Disable SSL certificate verification. |
| [3] | `rootCAsSecrets` | Add cert file for self-signed certificate. The secret must contain a certificate under either a tls.ca or a ca.crt key. |
| [4] | `certificatesSecrets` | Certificates for mTLS. |
| [5] | `maxIdleConnsPerHost` | If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, `defaultMaxIdleConnsPerHost` is used. |
| [6] | `forwardingTimeouts` | Timeouts for requests forwarded to the backend servers. |
| [7] | `dialTimeout` | The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. |
| [8] | `responseHeaderTimeout` | The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. |
| [9] | `idleConnTimeout` | The maximum period for which an idle HTTP keep-alive connection will remain open before closing itself. |
| Ref | Attribute | Purpose |
|------|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `serverName` | ServerName used to contact the server. |
| [2] | `insecureSkipVerify` | Disable SSL certificate verification. |
| [3] | `rootCAsSecrets` | Add cert file for self-signed certificate. The secret must contain a certificate under either a tls.ca or a ca.crt key. |
| [4] | `certificatesSecrets` | Certificates for mTLS. |
| [5] | `maxIdleConnsPerHost` | If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, `defaultMaxIdleConnsPerHost` is used. |
| [6] | `forwardingTimeouts` | Timeouts for requests forwarded to the backend servers. |
| [7] | `dialTimeout` | The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. |
| [8] | `responseHeaderTimeout` | The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. |
| [9] | `idleConnTimeout` | The maximum period for which an idle HTTP keep-alive connection will remain open before closing itself. |
| [10] | `peerCertURI` | URI used to match with service certificate. |
!!! info "CA Secret"

31
docs/content/routing/services/index.md
View file

@ -738,6 +738,37 @@ spec:
disableHTTP2: true
```
#### `peerCertURI`
_Optional, Default=false_
`peerCertURI` defines the URI used to match against SAN URI during the peer certificate verification.
```toml tab="File (TOML)"
## Dynamic configuration
[http.serversTransports.mytransport]
peerCertURI = "foobar"
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
serversTransports:
mytransport:
peerCertURI: foobar
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
namespace: default
spec:
peerCertURI: foobar
```
#### `forwardingTimeouts`
`forwardingTimeouts` is about a number of timeouts relevant to when forwarding requests to the backend servers.