homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Define TLS options on the Router configuration for Kubernetes

Browse source 
Co-authored-by: juliens <julien@containo.us>
This commit is contained in:
Jean-Baptiste Doumenjou 2019-06-21 17:18:05 +02:00 committed by Traefiker Bot
parent 69cf05df9a
commit 80b35575df
48 changed files with 2374 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

1
integration/fixtures/https/https_tls_options.toml
View file

@ -44,7 +44,6 @@ level = "DEBUG"
[[http.services.service2.LoadBalancer.Servers]]
URL = "http://127.0.0.1:9020"
[[tls]]
[tls.certificate]
certFile = "fixtures/https/snitest.com.cert"

15
integration/fixtures/k8s/01-crd.yml
View file

@ -41,3 +41,18 @@ spec:
plural: ingressroutetcps
singular: ingressroutetcp
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tlsoptions.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TLSOption
plural: tlsoptions
singular: tlsoption
scope: Namespaced

4
integration/fixtures/k8s/03-ingressroute.yml
View file

@ -15,3 +15,7 @@ spec:
services:
- name: whoami
port: 80
tls:
options:
name: mytlsoption

12
integration/fixtures/k8s/03-tlsoption.yml Normal file
View file

@ -0,0 +1,12 @@
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: mytlsoption
namespace: default
spec:
minversion: VersionTLS12
snistrict: true
ciphersuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384

3
integration/fixtures/k8s/05-ingressroutetcp.yml
View file

@ -12,3 +12,6 @@ spec:
services:
- name: whoamitcp
port: 8080
tls:
options:
name: mytlsoption

2
integration/https_test.go
View file

@ -191,7 +191,7 @@ func (s *HTTPSSuite) TestWithTLSOptions(c *check.C) {
c.Assert(err.Error(), checker.Contains, "protocol version not supported")
// with unknown tls option
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("unknown TLS options: unknown"))
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("unknown TLS options: unknown@file"))
c.Assert(err, checker.IsNil)
}

31
integration/testdata/rawdata-crd.json vendored
View file

@ -6,7 +6,10 @@
],
"service": "default/test-crd-6b204d94623b3df4370c",
"rule": "Host(`foo.com`) \u0026\u0026 PathPrefix(`/bar`)",
"priority": 12
"priority": 12,
"tls": {
"options": "default/mytlsoption"
}
},
"default/test2-crd-23c7f4c450289ee29016@kubernetescrd": {
"entryPoints": [
@ -36,10 +39,10 @@
"loadbalancer": {
"servers": [
{
"url": "http://10.42.0.4:80"
"url": "http://10.42.0.2:80"
},
{
"url": "http://10.42.0.5:80"
"url": "http://10.42.0.6:80"
}
],
"passHostHeader": true
@ -48,18 +51,18 @@
"default/test-crd-6b204d94623b3df4370c@kubernetescrd"
],
"serverStatus": {
"http://10.42.0.4:80": "UP",
"http://10.42.0.5:80": "UP"
"http://10.42.0.2:80": "UP",
"http://10.42.0.6:80": "UP"
}
},
"default/test2-crd-23c7f4c450289ee29016@kubernetescrd": {
"loadbalancer": {
"servers": [
{
"url": "http://10.42.0.4:80"
"url": "http://10.42.0.2:80"
},
{
"url": "http://10.42.0.5:80"
"url": "http://10.42.0.6:80"
}
],
"passHostHeader": true
@ -68,8 +71,8 @@
"default/test2-crd-23c7f4c450289ee29016@kubernetescrd"
],
"serverStatus": {
"http://10.42.0.4:80": "UP",
"http://10.42.0.5:80": "UP"
"http://10.42.0.2:80": "UP",
"http://10.42.0.6:80": "UP"
}
}
},
@ -79,7 +82,11 @@
"footcp"
],
"service": "default/test3-crd-673acf455cb2dab0b43a",
"rule": "HostSNI(`*`)"
"rule": "HostSNI(`*`)",
"tls": {
"passthrough": false,
"options": "default/mytlsoption"
}
}
},
"tcpServices": {
@ -87,10 +94,10 @@
"loadbalancer": {
"servers": [
{
"address": "10.42.0.2:8080"
"address": "10.42.0.3:8080"
},
{
"address": "10.42.0.3:8080"
"address": "10.42.0.4:8080"
}
]
},