Define TLS options on the Router configuration for Kubernetes

Co-authored-by: juliens <julien@containo.us>

pkg/provider/kubernetes/crd/fixtures/tcp/with_bad_tls_options.yml

@@ -0,0 +1,70 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secretCA1
+  namespace: default
+
+data:
+  tls.ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secretCA2
+  namespace: default
+
+data:
+  tls.ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TLSOption
+metadata:
+  name: foo
+  namespace: default
+
+spec:
+  minversion: VersionTLS12
+  snistrict: true
+  ciphersuites:
+    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+    - TLS_RSA_WITH_AES_256_GCM_SHA384
+  clientca:
+    secretnames:
+      - secretCA1
+      - secretUnknown
+      - emptySecret
+    optional: true
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: supersecret
+  namespace: default
+
+data:
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: test.crd
+  namespace: default
+
+spec:
+  entryPoints:
+    - foo
+
+  routes:
+  - match: HostSNI(`foo.com`)
+    services:
+    - name: whoamitcp
+      port: 8000
+
+  tls:
+    options:
+      name: foo

pkg/provider/kubernetes/crd/fixtures/tcp/with_tls_options.yml

@@ -0,0 +1,69 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secretCA1
+  namespace: default
+
+data:
+  tls.ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secretCA2
+  namespace: default
+
+data:
+  tls.ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TLSOption
+metadata:
+  name: foo
+  namespace: default
+
+spec:
+  minversion: VersionTLS12
+  snistrict: true
+  ciphersuites:
+    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+    - TLS_RSA_WITH_AES_256_GCM_SHA384
+  clientca:
+    secretnames:
+      - secretCA1
+      - secretCA2
+    optional: true
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: supersecret
+  namespace: default
+
+data:
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: test.crd
+  namespace: default
+
+spec:
+  entryPoints:
+    - foo
+
+  routes:
+  - match: HostSNI(`foo.com`)
+    services:
+    - name: whoamitcp
+      port: 8000
+
+  tls:
+    options:
+      name: foo

pkg/provider/kubernetes/crd/fixtures/tcp/with_tls_options_and_specific_namespace.yml

@@ -0,0 +1,70 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secretCA1
+  namespace: myns
+
+data:
+  tls.ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secretCA2
+  namespace: myns
+
+data:
+  tls.ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TLSOption
+metadata:
+  name: foo
+  namespace: myns
+
+spec:
+  minversion: VersionTLS12
+  snistrict: true
+  ciphersuites:
+    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+    - TLS_RSA_WITH_AES_256_GCM_SHA384
+  clientca:
+    secretnames:
+      - secretCA1
+      - secretCA2
+    optional: true
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: supersecret
+  namespace: default
+
+data:
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: test.crd
+  namespace: default
+
+spec:
+  entryPoints:
+    - foo
+
+  routes:
+  - match: HostSNI(`foo.com`)
+    services:
+    - name: whoamitcp
+      port: 8000
+
+  tls:
+    options:
+      name: foo
+      namespace: myns

pkg/provider/kubernetes/crd/fixtures/tcp/with_unknown_tls_options.yml

@@ -0,0 +1,30 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TLSOption
+metadata:
+  name: foo
+  namespace: default
+
+spec:
+  minversion: VersionTLS12
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: test.crd
+  namespace: default
+
+spec:
+  entryPoints:
+    - foo
+
+  routes:
+  - match: HostSNI(`foo.com`)
+    services:
+    - name: whoamitcp
+      port: 8000
+
+  tls:
+    options:
+      name: unknown

pkg/provider/kubernetes/crd/fixtures/tcp/with_unknown_tls_options_namespace.yml

@@ -0,0 +1,31 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TLSOption
+metadata:
+  name: foo
+  namespace: default
+
+spec:
+  minversion: VersionTLS12
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: test.crd
+  namespace: default
+
+spec:
+  entryPoints:
+    - foo
+
+  routes:
+  - match: HostSNI(`foo.com`)
+    services:
+    - name: whoamitcp
+      port: 8000
+
+  tls:
+    options:
+      name: foo
+      namespace: unknown