homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: add peerCertURI config to k8s crd provider

Browse source 
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
This commit is contained in:
Kevin Pollet 2021-09-17 08:56:07 +02:00 committed by GitHub
parent 76867e39ea
commit bda0dba131
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 32 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

26
docs/content/routing/providers/kubernetes-crd.md
View file

@ -1713,19 +1713,19 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
disableHTTP2: true # [11]
```
| Ref | Attribute | Purpose |
|------|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `serverName` | ServerName used to contact the server. |
| [2] | `insecureSkipVerify` | Disables SSL certificate verification. |
| [3] | `rootCAsSecrets` | Adds cert file for self-signed certificate. The secret must contain a certificate under either a tls.ca or a ca.crt key. |
| [4] | `certificatesSecrets` | Certificates for mTLS. |
| [5] | `maxIdleConnsPerHost` | If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, `defaultMaxIdleConnsPerHost` is used. |
| [6] | `forwardingTimeouts` | Timeouts for requests forwarded to the backend servers. |
| [7] | `dialTimeout` | The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. |
| [8] | `responseHeaderTimeout` | The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. |
| [9] | `idleConnTimeout` | The maximum period for which an idle HTTP keep-alive connection will remain open before closing itself. |
| [10] | `peerCertURI` | URI used to match with service certificate. |
| [11] | `disableHTTP2` | Disables HTTP/2 for connections with backend servers. |
| Ref | Attribute | Purpose |
|------|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `serverName` | ServerName used to contact the server. |
| [2] | `insecureSkipVerify` | Controls whether the server's certificate chain and host name is verified. |
| [3] | `rootCAsSecrets` | Defines the set of root certificate authorities to use when verifying server certificates. The secret must contain a certificate under either a tls.ca or a ca.crt key. |
| [4] | `certificatesSecrets` | Certificates to present to the server for mTLS. |
| [5] | `maxIdleConnsPerHost` | Controls the maximum idle (keep-alive) connections to keep per-host. If zero, `defaultMaxIdleConnsPerHost` is used. |
| [6] | `forwardingTimeouts` | Timeouts for requests forwarded to the servers. |
| [7] | `dialTimeout` | The amount of time to wait until a connection to a server can be established. If zero, no timeout exists. |
| [8] | `responseHeaderTimeout` | The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. |
| [9] | `idleConnTimeout` | The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout exists. |
| [10] | `peerCertURI` | URI used to match against SAN URIs during the server's certificate verification. |
| [11] | `disableHTTP2` | Disables HTTP/2 for connections with servers. |
!!! info "CA Secret"