ACME Default Certificate

Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com> Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2022-09-13 20:34:08 +02:00 · 2022-09-13 20:34:08 +02:00 · a002ccfce3
commit a002ccfce3
parent 693d5da1b9
22 changed files with 767 additions and 253 deletions
--- a/pkg/provider/kubernetes/crd/kubernetes.go
+++ b/pkg/provider/kubernetes/crd/kubernetes.go
@ -942,6 +942,13 @@ func buildTLSStores(ctx context.Context, client Client) (map[string]tls.Store, m
 			}
 		}

+		if t.Spec.DefaultGeneratedCert != nil {
+			tlsStore.DefaultGeneratedCert = &tls.GeneratedCert{
+				Resolver: t.Spec.DefaultGeneratedCert.Resolver,
+				Domain:   t.Spec.DefaultGeneratedCert.Domain,
+			}
+		}
+
 		if err := buildCertificates(client, id, t.Namespace, t.Spec.Certificates, tlsConfigs); err != nil {
 			logger.Errorf("Failed to load certificates: %v", err)
 			continue
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsstore.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsstore.go
@ -1,6 +1,7 @@
 package v1alpha1

 import (
+	"github.com/traefik/traefik/v2/pkg/tls"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

@ -27,6 +28,10 @@ type TLSStore struct {
 type TLSStoreSpec struct {
 	// DefaultCertificate defines the default certificate configuration.
 	DefaultCertificate *Certificate `json:"defaultCertificate,omitempty"`
+
+	// DefaultGeneratedCert defines the default generated certificate configuration.
+	DefaultGeneratedCert *tls.GeneratedCert `json:"defaultGeneratedCert,omitempty"`
+
 	// Certificates is a list of secret names, each secret holding a key/certificate pair to add to the store.
 	Certificates []Certificate `json:"certificates,omitempty"`
 }
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go
@ -31,6 +31,7 @@ package v1alpha1

 import (
 	dynamic "github.com/traefik/traefik/v2/pkg/config/dynamic"
+	tls "github.com/traefik/traefik/v2/pkg/tls"
 	types "github.com/traefik/traefik/v2/pkg/types"
 	v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
@ -1450,6 +1451,11 @@ func (in *TLSStoreSpec) DeepCopyInto(out *TLSStoreSpec) {
 		*out = new(Certificate)
 		**out = **in
 	}
+	if in.DefaultGeneratedCert != nil {
+		in, out := &in.DefaultGeneratedCert, &out.DefaultGeneratedCert
+		*out = new(tls.GeneratedCert)
+		(*in).DeepCopyInto(*out)
+	}
 	if in.Certificates != nil {
 		in, out := &in.Certificates, &out.Certificates
 		*out = make([]Certificate, len(*in))