baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Ensure disableHTTP2 works with k8s crd

Browse source
This commit is contained in:
Simon Stender Boisen 2021-09-16 12:18:08 +02:00 committed by GitHub
parent 8e7881094f
commit 6f8e8ea252
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
docs/content/routing/providers/kubernetes-crd.md
View file

@ -1709,13 +1709,14 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
responseHeaderTimeout: 42s # [8]
idleConnTimeout: 42s # [9]
peerCertURI: foobar # [10]
disableHTTP2: true # [11]
```
| Ref | Attribute | Purpose |
|------|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `serverName` | ServerName used to contact the server. |
| [2] | `insecureSkipVerify` | Disable SSL certificate verification. |
| [3] | `rootCAsSecrets` | Add cert file for self-signed certificate. The secret must contain a certificate under either a tls.ca or a ca.crt key. |
| [2] | `insecureSkipVerify` | Disables SSL certificate verification. |
| [3] | `rootCAsSecrets` | Adds cert file for self-signed certificate. The secret must contain a certificate under either a tls.ca or a ca.crt key. |
| [4] | `certificatesSecrets` | Certificates for mTLS. |
| [5] | `maxIdleConnsPerHost` | If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, `defaultMaxIdleConnsPerHost` is used. |
| [6] | `forwardingTimeouts` | Timeouts for requests forwarded to the backend servers. |
@ -1723,6 +1724,7 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
| [8] | `responseHeaderTimeout` | The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. |
| [9] | `idleConnTimeout` | The maximum period for which an idle HTTP keep-alive connection will remain open before closing itself. |
| [10] | `peerCertURI` | URI used to match with service certificate. |
| [11] | `disableHTTP2` | Disables HTTP/2 for connections with backend servers. |
!!! info "CA Secret"

1
pkg/provider/kubernetes/crd/fixtures/with_servers_transport.yml
View file

@ -93,6 +93,7 @@ spec:
serverName: "test"
insecureSkipVerify: true
maxIdleConnsPerHost: 42
disableHTTP2: true
rootCAsSecrets:
- root-ca0
- root-ca1

1
pkg/provider/kubernetes/crd/kubernetes.go
View file

@ -344,6 +344,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
InsecureSkipVerify: serversTransport.Spec.InsecureSkipVerify,
RootCAs: rootCAs,
Certificates: certs,
DisableHTTP2: serversTransport.Spec.DisableHTTP2,
MaxIdleConnsPerHost: serversTransport.Spec.MaxIdleConnsPerHost,
ForwardingTimeouts: forwardingTimeout,
}

1
pkg/provider/kubernetes/crd/kubernetes_test.go
View file

@ -3505,6 +3505,7 @@ func TestLoadIngressRoutes(t *testing.T) {
{CertFile: "TESTCERT3", KeyFile: "TESTKEY3"},
},
MaxIdleConnsPerHost: 42,
DisableHTTP2: true,
ForwardingTimeouts: &dynamic.ForwardingTimeouts{
DialTimeout: types.Duration(42 * time.Second),
ResponseHeaderTimeout: types.Duration(42 * time.Second),