Add documentation to Traefik CRD properties
Co-authored-by: Romain <rtribotte@users.noreply.github.com> Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
This commit is contained in:
mloiseleur
GitHub
parent
ff17ac53df
commit
94141233f0
35 changed files with 4755 additions and 892 deletions
|
|
@ -8,9 +8,12 @@ import (
|
|||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
// +kubebuilder:storageversion
|
||||
|
||||
// TLSOption is a specification for a TLSOption resource.
|
||||
// TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
|
||||
// More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options
|
||||
type TLSOption struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
// Standard object's metadata.
|
||||
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||
metav1.ObjectMeta `json:"metadata"`
|
||||
|
||||
Spec TLSOptionSpec `json:"spec"`
|
||||
|
|
@ -18,35 +21,54 @@ type TLSOption struct {
|
|||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// TLSOptionSpec configures TLS for an entry point.
|
||||
// TLSOptionSpec defines the desired state of a TLSOption.
|
||||
type TLSOptionSpec struct {
|
||||
MinVersion string `json:"minVersion,omitempty"`
|
||||
MaxVersion string `json:"maxVersion,omitempty"`
|
||||
CipherSuites []string `json:"cipherSuites,omitempty"`
|
||||
CurvePreferences []string `json:"curvePreferences,omitempty"`
|
||||
ClientAuth ClientAuth `json:"clientAuth,omitempty"`
|
||||
SniStrict bool `json:"sniStrict,omitempty"`
|
||||
PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty"`
|
||||
ALPNProtocols []string `json:"alpnProtocols,omitempty"`
|
||||
// MinVersion defines the minimum TLS version that Traefik will accept.
|
||||
// Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
|
||||
// Default: VersionTLS10.
|
||||
MinVersion string `json:"minVersion,omitempty"`
|
||||
// MaxVersion defines the maximum TLS version that Traefik will accept.
|
||||
// Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
|
||||
// Default: None.
|
||||
MaxVersion string `json:"maxVersion,omitempty"`
|
||||
// CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
|
||||
// More info: https://doc.traefik.io/traefik/v2.7/https/tls/#cipher-suites
|
||||
CipherSuites []string `json:"cipherSuites,omitempty"`
|
||||
// CurvePreferences defines the preferred elliptic curves in a specific order.
|
||||
// More info: https://doc.traefik.io/traefik/v2.7/https/tls/#curve-preferences
|
||||
CurvePreferences []string `json:"curvePreferences,omitempty"`
|
||||
// ClientAuth defines the server's policy for TLS Client Authentication.
|
||||
ClientAuth ClientAuth `json:"clientAuth,omitempty"`
|
||||
// SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
|
||||
SniStrict bool `json:"sniStrict,omitempty"`
|
||||
// PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
|
||||
// It is enabled automatically when minVersion or maxVersion are set.
|
||||
PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty"`
|
||||
// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
|
||||
// More info: https://doc.traefik.io/traefik/v2.7/https/tls/#alpn-protocols
|
||||
ALPNProtocols []string `json:"alpnProtocols,omitempty"`
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// ClientAuth defines the parameters of the client authentication part of the TLS connection, if any.
|
||||
// ClientAuth holds the TLS client authentication configuration.
|
||||
type ClientAuth struct {
|
||||
// SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
|
||||
// SecretNames defines the names of the referenced Kubernetes Secret storing certificate details.
|
||||
SecretNames []string `json:"secretNames,omitempty"`
|
||||
// +kubebuilder:validation:Enum=NoClientCert;RequestClientCert;RequireAnyClientCert;VerifyClientCertIfGiven;RequireAndVerifyClientCert
|
||||
// ClientAuthType defines the client authentication type to apply.
|
||||
// +kubebuilder:validation:Enum=NoClientCert;RequestClientCert;RequireAnyClientCert;VerifyClientCertIfGiven;RequireAndVerifyClientCert
|
||||
ClientAuthType string `json:"clientAuthType,omitempty"`
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
|
||||
// TLSOptionList is a list of TLSOption resources.
|
||||
// TLSOptionList is a collection of TLSOption resources.
|
||||
type TLSOptionList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
// Standard object's metadata.
|
||||
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||
metav1.ListMeta `json:"metadata"`
|
||||
|
||||
// Items is the list of TLSOption.
|
||||
Items []TLSOption `json:"items"`
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue