Document the TLS with ACME case

Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2019-03-26 11:12:04 +01:00 · 2019-03-26 11:12:04 +01:00 · 3e76c25887
parent a0e2f47679
commit 3e76c25887
4 changed files with 67 additions and 1 deletions
--- a/pkg/provider/acme/provider.go
+++ b/pkg/provider/acme/provider.go
@ -383,6 +383,9 @@ func (p *Provider) watchNewDomains(ctx context.Context) {
 			case config := <-p.configFromListenerChan:
 				if config.TCP != nil {
 					for routerName, route := range config.TCP.Routers {
+						if route.TLS == nil {
+							continue
+						}
 						ctxRouter := log.With(ctx, log.Str(log.RouterName, routerName), log.Str(log.Rule, route.Rule))

 						domains, err := rules.ParseHostSNI(route.Rule)
@ -395,6 +398,9 @@ func (p *Provider) watchNewDomains(ctx context.Context) {
 				}

 				for routerName, route := range config.HTTP.Routers {
+					if route.TLS == nil {
+						continue
+					}
 					ctxRouter := log.With(ctx, log.Str(log.RouterName, routerName), log.Str(log.Rule, route.Rule))

 					domains, err := rules.ParseDomains(route.Rule)
--- a/pkg/provider/kubernetes/crd/fixtures/with_tls_acme.yml
+++ b/pkg/provider/kubernetes/crd/fixtures/with_tls_acme.yml
@ -0,0 +1,20 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: test.crd
+  namespace: default
+
+spec:
+  entryPoints:
+    - web
+
+  routes:
+  - match: Host(`foo.com`) && PathPrefix(`/bar`)
+    kind: Rule
+    priority: 12
+    services:
+    - name: whoami
+      port: 80
+
+  tls:
+    secretName:
--- a/pkg/provider/kubernetes/crd/kubernetes_test.go
+++ b/pkg/provider/kubernetes/crd/kubernetes_test.go
@ -310,6 +310,43 @@ func TestLoadIngressRoutes(t *testing.T) {
 				},
 			},
 		},
+		{
+			desc:  "TLS with ACME",
+			paths: []string{"services.yml", "with_tls_acme.yml"},
+			expected: &config.Configuration{
+				TCP: &config.TCPConfiguration{},
+				HTTP: &config.HTTPConfiguration{
+					Routers: map[string]*config.Router{
+						"default/test.crd-6b204d94623b3df4370c": {
+							EntryPoints: []string{"web"},
+							Service:     "default/test.crd-6b204d94623b3df4370c",
+							Rule:        "Host(`foo.com`) && PathPrefix(`/bar`)",
+							Priority:    12,
+							TLS:         &config.RouterTLSConfig{},
+						},
+					},
+					Middlewares: map[string]*config.Middleware{},
+					Services: map[string]*config.Service{
+						"default/test.crd-6b204d94623b3df4370c": {
+							LoadBalancer: &config.LoadBalancerService{
+								Servers: []config.Server{
+									{
+										URL:    "http://10.10.0.1:80",
+										Weight: 1,
+									},
+									{
+										URL:    "http://10.10.0.2:80",
+										Weight: 1,
+									},
+								},
+								Method:         "wrr",
+								PassHostHeader: true,
+							},
+						},
+					},
+				},
+			},
+		},
 		{
 			desc:  "Simple Ingress Route, defaulting to https for servers",
 			paths: []string{"services.yml", "with_https_default.yml"},
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroute.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroute.go
@ -20,8 +20,11 @@ type Route struct {
 	Middlewares []MiddlewareRef `json:"middlewares"`
 }

-// TLS contains the TLS certificates configuration of the routes.
+// TLS contains the TLS certificates configuration of the routes. To enable
+// Let's Encrypt, set a SecretName with an empty value.
 type TLS struct {
+	// SecretName is the name of the referenced Kubernetes Secret to specify the
+	// certificate details.
 	SecretName string `json:"secretName"`
 	// TODO MinimumProtocolVersion string `json:"minimumProtocolVersion,omitempty"`
 }