Support SPIFFE mTLS between Traefik and Backend servers
This commit is contained in:
Julien Levesy
GitHub
parent
33f0aed5ea
commit
b39ce8cc58
30 changed files with 736 additions and 24 deletions
|
|
@ -250,6 +250,17 @@ type ServersTransport struct {
|
|||
ForwardingTimeouts *ForwardingTimeouts `description:"Timeouts for requests forwarded to the backend servers." json:"forwardingTimeouts,omitempty" toml:"forwardingTimeouts,omitempty" yaml:"forwardingTimeouts,omitempty" export:"true"`
|
||||
DisableHTTP2 bool `description:"Disable HTTP/2 for connections with backend servers." json:"disableHTTP2,omitempty" toml:"disableHTTP2,omitempty" yaml:"disableHTTP2,omitempty" export:"true"`
|
||||
PeerCertURI string `description:"URI used to match against SAN URI during the peer certificate verification." json:"peerCertURI,omitempty" toml:"peerCertURI,omitempty" yaml:"peerCertURI,omitempty" export:"true"`
|
||||
Spiffe *Spiffe `description:"Define the SPIFFE configuration." json:"spiffe,omitempty" toml:"spiffe,omitempty" yaml:"spiffe,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// Spiffe holds the SPIFFE configuration.
|
||||
type Spiffe struct {
|
||||
// IDs defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain).
|
||||
IDs []string `description:"Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain)." json:"ids,omitempty" toml:"ids,omitempty" yaml:"ids,omitempty"`
|
||||
// TrustDomain defines the allowed SPIFFE trust domain.
|
||||
TrustDomain string `description:"Defines the allowed SPIFFE trust domain." json:"trustDomain,omitempty" yaml:"trustDomain,omitempty" toml:"trustDomain,omitempty"`
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
|
|
|||
|
|
@ -1161,6 +1161,11 @@ func (in *ServersTransport) DeepCopyInto(out *ServersTransport) {
|
|||
*out = new(ForwardingTimeouts)
|
||||
**out = **in
|
||||
}
|
||||
if in.Spiffe != nil {
|
||||
in, out := &in.Spiffe, &out.Spiffe
|
||||
*out = new(Spiffe)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -1231,6 +1236,27 @@ func (in *SourceCriterion) DeepCopy() *SourceCriterion {
|
|||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *Spiffe) DeepCopyInto(out *Spiffe) {
|
||||
*out = *in
|
||||
if in.IDs != nil {
|
||||
in, out := &in.IDs, &out.IDs
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Spiffe.
|
||||
func (in *Spiffe) DeepCopy() *Spiffe {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(Spiffe)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *Sticky) DeepCopyInto(out *Sticky) {
|
||||
*out = *in
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue