homelab/traefik
1
0
Fork 0
Code Activity

Support SPIFFE mTLS between Traefik and Backend servers

Browse source
This commit is contained in:
Julien Levesy 2022-10-14 17:16:08 +02:00 committed by GitHub
parent 33f0aed5ea
commit b39ce8cc58
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
30 changed files with 736 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

11
pkg/config/dynamic/http_config.go
View file

@ -250,6 +250,17 @@ type ServersTransport struct {
ForwardingTimeouts *ForwardingTimeouts `description:"Timeouts for requests forwarded to the backend servers." json:"forwardingTimeouts,omitempty" toml:"forwardingTimeouts,omitempty" yaml:"forwardingTimeouts,omitempty" export:"true"`
DisableHTTP2 bool `description:"Disable HTTP/2 for connections with backend servers." json:"disableHTTP2,omitempty" toml:"disableHTTP2,omitempty" yaml:"disableHTTP2,omitempty" export:"true"`
PeerCertURI string `description:"URI used to match against SAN URI during the peer certificate verification." json:"peerCertURI,omitempty" toml:"peerCertURI,omitempty" yaml:"peerCertURI,omitempty" export:"true"`
Spiffe *Spiffe `description:"Define the SPIFFE configuration." json:"spiffe,omitempty" toml:"spiffe,omitempty" yaml:"spiffe,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
}
// +k8s:deepcopy-gen=true
// Spiffe holds the SPIFFE configuration.
type Spiffe struct {
// IDs defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain).
IDs []string `description:"Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain)." json:"ids,omitempty" toml:"ids,omitempty" yaml:"ids,omitempty"`
// TrustDomain defines the allowed SPIFFE trust domain.
TrustDomain string `description:"Defines the allowed SPIFFE trust domain." json:"trustDomain,omitempty" yaml:"trustDomain,omitempty" toml:"trustDomain,omitempty"`
}
// +k8s:deepcopy-gen=true