From 3e76c25887129841ccb4ffe149b4b4cd36805db4 Mon Sep 17 00:00:00 2001 From: mpl Date: Tue, 26 Mar 2019 11:12:04 +0100 Subject: [PATCH] Document the TLS with ACME case Co-authored-by: Julien Salleyron --- pkg/provider/acme/provider.go | 6 +++ .../kubernetes/crd/fixtures/with_tls_acme.yml | 20 ++++++++++ .../kubernetes/crd/kubernetes_test.go | 37 +++++++++++++++++++ .../crd/traefik/v1alpha1/ingressroute.go | 5 ++- 4 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 pkg/provider/kubernetes/crd/fixtures/with_tls_acme.yml diff --git a/pkg/provider/acme/provider.go b/pkg/provider/acme/provider.go index 10e8ace5e..5450be014 100644 --- a/pkg/provider/acme/provider.go +++ b/pkg/provider/acme/provider.go @@ -383,6 +383,9 @@ func (p *Provider) watchNewDomains(ctx context.Context) { case config := <-p.configFromListenerChan: if config.TCP != nil { for routerName, route := range config.TCP.Routers { + if route.TLS == nil { + continue + } ctxRouter := log.With(ctx, log.Str(log.RouterName, routerName), log.Str(log.Rule, route.Rule)) domains, err := rules.ParseHostSNI(route.Rule) @@ -395,6 +398,9 @@ func (p *Provider) watchNewDomains(ctx context.Context) { } for routerName, route := range config.HTTP.Routers { + if route.TLS == nil { + continue + } ctxRouter := log.With(ctx, log.Str(log.RouterName, routerName), log.Str(log.Rule, route.Rule)) domains, err := rules.ParseDomains(route.Rule) diff --git a/pkg/provider/kubernetes/crd/fixtures/with_tls_acme.yml b/pkg/provider/kubernetes/crd/fixtures/with_tls_acme.yml new file mode 100644 index 000000000..dde9941b8 --- /dev/null +++ b/pkg/provider/kubernetes/crd/fixtures/with_tls_acme.yml @@ -0,0 +1,20 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: test.crd + namespace: default + +spec: + entryPoints: + - web + + routes: + - match: Host(`foo.com`) && PathPrefix(`/bar`) + kind: Rule + priority: 12 + services: + - name: whoami + port: 80 + + tls: + secretName: diff --git a/pkg/provider/kubernetes/crd/kubernetes_test.go b/pkg/provider/kubernetes/crd/kubernetes_test.go index c185ce6e1..689552501 100644 --- a/pkg/provider/kubernetes/crd/kubernetes_test.go +++ b/pkg/provider/kubernetes/crd/kubernetes_test.go @@ -310,6 +310,43 @@ func TestLoadIngressRoutes(t *testing.T) { }, }, }, + { + desc: "TLS with ACME", + paths: []string{"services.yml", "with_tls_acme.yml"}, + expected: &config.Configuration{ + TCP: &config.TCPConfiguration{}, + HTTP: &config.HTTPConfiguration{ + Routers: map[string]*config.Router{ + "default/test.crd-6b204d94623b3df4370c": { + EntryPoints: []string{"web"}, + Service: "default/test.crd-6b204d94623b3df4370c", + Rule: "Host(`foo.com`) && PathPrefix(`/bar`)", + Priority: 12, + TLS: &config.RouterTLSConfig{}, + }, + }, + Middlewares: map[string]*config.Middleware{}, + Services: map[string]*config.Service{ + "default/test.crd-6b204d94623b3df4370c": { + LoadBalancer: &config.LoadBalancerService{ + Servers: []config.Server{ + { + URL: "http://10.10.0.1:80", + Weight: 1, + }, + { + URL: "http://10.10.0.2:80", + Weight: 1, + }, + }, + Method: "wrr", + PassHostHeader: true, + }, + }, + }, + }, + }, + }, { desc: "Simple Ingress Route, defaulting to https for servers", paths: []string{"services.yml", "with_https_default.yml"}, diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroute.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroute.go index f4e4ded43..77e7b1534 100644 --- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroute.go +++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroute.go @@ -20,8 +20,11 @@ type Route struct { Middlewares []MiddlewareRef `json:"middlewares"` } -// TLS contains the TLS certificates configuration of the routes. +// TLS contains the TLS certificates configuration of the routes. To enable +// Let's Encrypt, set a SecretName with an empty value. type TLS struct { + // SecretName is the name of the referenced Kubernetes Secret to specify the + // certificate details. SecretName string `json:"secretName"` // TODO MinimumProtocolVersion string `json:"minimumProtocolVersion,omitempty"` }