Define TLS options on the Router configuration for Kubernetes

Co-authored-by: juliens <julien@containo.us>
2019-06-21 17:18:05 +02:00 · 2019-06-21 17:18:05 +02:00 · 80b35575df
commit 80b35575df
parent 69cf05df9a
48 changed files with 2374 additions and 53 deletions
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroute.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroute.go
@ -31,7 +31,14 @@ type TLS struct {
 	// SecretName is the name of the referenced Kubernetes Secret to specify the
 	// certificate details.
 	SecretName string `json:"secretName"`
-	// TODO MinimumProtocolVersion string `json:"minimumProtocolVersion,omitempty"`
+	// Options is a reference to a TLSOption, that specifies the parameters of the TLS connection.
+	Options *TLSOptionRef `json:"options"`
+}
+
+// TLSOptionRef is a ref to the TLSOption resources.
+type TLSOptionRef struct {
+	Name      string `json:"name"`
+	Namespace string `json:"namespace"`
 }

 // Service defines an upstream to proxy traffic.
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroutetcp.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroutetcp.go
@ -29,6 +29,14 @@ type TLSTCP struct {
 	// certificate details.
 	SecretName  string `json:"secretName"`
 	Passthrough bool   `json:"passthrough"`
+	// Options is a reference to a TLSOption, that specifies the parameters of the TLS connection.
+	Options *TLSOptionTCPRef `json:"options"`
+}
+
+// TLSOptionTCPRef is a ref to the TLSOption resources.
+type TLSOptionTCPRef struct {
+	Name      string `json:"name"`
+	Namespace string `json:"namespace"`
 }

 // ServiceTCP defines an upstream to proxy traffic.
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/register.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/register.go
@ -39,6 +39,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&IngressRouteTCPList{},
 		&Middleware{},
 		&MiddlewareList{},
+		&TLSOption{},
+		&TLSOptionList{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go
@ -0,0 +1,48 @@
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// TLSOption is a specification for a TLSOption resource.
+type TLSOption struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata"`
+
+	Spec TLSOptionSpec `json:"spec"`
+}
+
+// +k8s:deepcopy-gen=true
+
+// TLSOptionSpec configures TLS for an entry point
+type TLSOptionSpec struct {
+	MinVersion   string   `json:"minversion"`
+	CipherSuites []string `json:"ciphersuites"`
+	ClientCA     ClientCA `json:"clientca"`
+	SniStrict    bool     `json:"snistrict"`
+}
+
+// +k8s:deepcopy-gen=true
+
+// ClientCA defines traefik CA files for an entryPoint
+// and it indicates if they are mandatory or have just to be analyzed if provided
+type ClientCA struct {
+	// SecretName is the name of the referenced Kubernetes Secret to specify the
+	// certificate details.
+	SecretNames []string `json:"secretnames"`
+	// Optional indicates if ClientCA are mandatory or have just to be analyzed if provided
+	Optional bool `json:"optional"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// TLSOptionList is a list of TLSOption resources.
+type TLSOptionList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata"`
+
+	Items []TLSOption `json:"items"`
+}
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go
@ -32,6 +32,27 @@ import (
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClientCA) DeepCopyInto(out *ClientCA) {
+	*out = *in
+	if in.SecretNames != nil {
+		in, out := &in.SecretNames, &out.SecretNames
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientCA.
+func (in *ClientCA) DeepCopy() *ClientCA {
+	if in == nil {
+		return nil
+	}
+	out := new(ClientCA)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HealthCheck) DeepCopyInto(out *HealthCheck) {
 	*out = *in
@ -133,7 +154,7 @@ func (in *IngressRouteSpec) DeepCopyInto(out *IngressRouteSpec) {
 	if in.TLS != nil {
 		in, out := &in.TLS, &out.TLS
 		*out = new(TLS)
-		**out = **in
+		(*in).DeepCopyInto(*out)
 	}
 	return
 }
@ -226,7 +247,7 @@ func (in *IngressRouteTCPSpec) DeepCopyInto(out *IngressRouteTCPSpec) {
 	if in.TLS != nil {
 		in, out := &in.TLS, &out.TLS
 		*out = new(TLSTCP)
-		**out = **in
+		(*in).DeepCopyInto(*out)
 	}
 	return
 }
@ -406,6 +427,11 @@ func (in *ServiceTCP) DeepCopy() *ServiceTCP {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TLS) DeepCopyInto(out *TLS) {
 	*out = *in
+	if in.Options != nil {
+		in, out := &in.Options, &out.Options
+		*out = new(TLSOptionRef)
+		**out = **in
+	}
 	return
 }

@ -419,9 +445,128 @@ func (in *TLS) DeepCopy() *TLS {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TLSOption) DeepCopyInto(out *TLSOption) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSOption.
+func (in *TLSOption) DeepCopy() *TLSOption {
+	if in == nil {
+		return nil
+	}
+	out := new(TLSOption)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *TLSOption) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TLSOptionList) DeepCopyInto(out *TLSOptionList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	out.ListMeta = in.ListMeta
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]TLSOption, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSOptionList.
+func (in *TLSOptionList) DeepCopy() *TLSOptionList {
+	if in == nil {
+		return nil
+	}
+	out := new(TLSOptionList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *TLSOptionList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TLSOptionRef) DeepCopyInto(out *TLSOptionRef) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSOptionRef.
+func (in *TLSOptionRef) DeepCopy() *TLSOptionRef {
+	if in == nil {
+		return nil
+	}
+	out := new(TLSOptionRef)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TLSOptionSpec) DeepCopyInto(out *TLSOptionSpec) {
+	*out = *in
+	if in.CipherSuites != nil {
+		in, out := &in.CipherSuites, &out.CipherSuites
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	in.ClientCA.DeepCopyInto(&out.ClientCA)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSOptionSpec.
+func (in *TLSOptionSpec) DeepCopy() *TLSOptionSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(TLSOptionSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TLSOptionTCPRef) DeepCopyInto(out *TLSOptionTCPRef) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSOptionTCPRef.
+func (in *TLSOptionTCPRef) DeepCopy() *TLSOptionTCPRef {
+	if in == nil {
+		return nil
+	}
+	out := new(TLSOptionTCPRef)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TLSTCP) DeepCopyInto(out *TLSTCP) {
 	*out = *in
+	if in.Options != nil {
+		in, out := &in.Options, &out.Options
+		*out = new(TLSOptionTCPRef)
+		**out = **in
+	}
 	return
 }