Fix ServersTransport reference from IngressRoute service definition
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
This commit is contained in:
parent
6f8e8ea252
commit
76867e39ea
7 changed files with 323 additions and 66 deletions
|
@ -337,7 +337,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
|
||||||
responseForwarding:
|
responseForwarding:
|
||||||
flushInterval: 1ms
|
flushInterval: 1ms
|
||||||
scheme: https
|
scheme: https
|
||||||
serversTransport: transport
|
serversTransport: transport # [10]
|
||||||
sticky:
|
sticky:
|
||||||
cookie:
|
cookie:
|
||||||
httpOnly: true
|
httpOnly: true
|
||||||
|
@ -346,21 +346,21 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
|
||||||
sameSite: none
|
sameSite: none
|
||||||
strategy: RoundRobin
|
strategy: RoundRobin
|
||||||
weight: 10
|
weight: 10
|
||||||
tls: # [10]
|
tls: # [11]
|
||||||
secretName: supersecret # [11]
|
secretName: supersecret # [12]
|
||||||
options: # [12]
|
options: # [13]
|
||||||
name: opt # [13]
|
name: opt # [14]
|
||||||
namespace: default # [14]
|
namespace: default # [15]
|
||||||
certResolver: foo # [15]
|
certResolver: foo # [16]
|
||||||
domains: # [16]
|
domains: # [17]
|
||||||
- main: example.net # [17]
|
- main: example.net # [18]
|
||||||
sans: # [18]
|
sans: # [19]
|
||||||
- a.example.net
|
- a.example.net
|
||||||
- b.example.net
|
- b.example.net
|
||||||
```
|
```
|
||||||
|
|
||||||
| Ref | Attribute | Purpose |
|
| Ref | Attribute | Purpose |
|
||||||
|------|------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
|------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||||
| [1] | `entryPoints` | List of [entry points](../routers/index.md#entrypoints) names |
|
| [1] | `entryPoints` | List of [entry points](../routers/index.md#entrypoints) names |
|
||||||
| [2] | `routes` | List of routes |
|
| [2] | `routes` | List of routes |
|
||||||
| [3] | `routes[n].match` | Defines the [rule](../routers/index.md#rule) corresponding to an underlying router. |
|
| [3] | `routes[n].match` | Defines the [rule](../routers/index.md#rule) corresponding to an underlying router. |
|
||||||
|
@ -370,15 +370,16 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
|
||||||
| [7] | `middlewares[n].namespace` | Defines the [Middleware](#kind-middleware) namespace |
|
| [7] | `middlewares[n].namespace` | Defines the [Middleware](#kind-middleware) namespace |
|
||||||
| [8] | `routes[n].services` | List of any combination of [TraefikService](#kind-traefikservice) and reference to a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) (See below for `ExternalName Service` setup) |
|
| [8] | `routes[n].services` | List of any combination of [TraefikService](#kind-traefikservice) and reference to a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) (See below for `ExternalName Service` setup) |
|
||||||
| [9] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
|
| [9] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
|
||||||
| [10] | `tls` | Defines [TLS](../routers/index.md#tls) certificate configuration |
|
| [10] | `services[n].serversTransport` | Defines the reference to a [ServersTransport](#kind-serverstransport). The ServersTransport namespace is assumed to be the [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace (see [ServersTransport reference](#serverstransport-reference)). |
|
||||||
| [11] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
|
| [11] | `tls` | Defines [TLS](../routers/index.md#tls) certificate configuration |
|
||||||
| [12] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
|
| [12] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
|
||||||
| [13] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name |
|
| [13] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
|
||||||
| [14] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
|
| [14] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name |
|
||||||
| [15] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver) |
|
| [15] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
|
||||||
| [16] | `tls.domains` | List of [domains](../routers/index.md#domains) |
|
| [16] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver) |
|
||||||
| [17] | `domains[n].main` | Defines the main domain name |
|
| [17] | `tls.domains` | List of [domains](../routers/index.md#domains) |
|
||||||
| [18] | `domains[n].sans` | List of SANs (alternative domains) |
|
| [18] | `domains[n].main` | Defines the main domain name |
|
||||||
|
| [19] | `domains[n].sans` | List of SANs (alternative domains) |
|
||||||
|
|
||||||
??? example "Declaring an IngressRoute"
|
??? example "Declaring an IngressRoute"
|
||||||
|
|
||||||
|
@ -1687,7 +1688,7 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
|
||||||
|
|
||||||
!!! info "ServersTransport Attributes"
|
!!! info "ServersTransport Attributes"
|
||||||
|
|
||||||
```yaml tab="TLSStore"
|
```yaml tab="ServersTransport"
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
kind: ServersTransport
|
kind: ServersTransport
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -1763,6 +1764,16 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
|
||||||
serversTransport: mytransport
|
serversTransport: mytransport
|
||||||
```
|
```
|
||||||
|
|
||||||
|
#### ServersTransport reference
|
||||||
|
|
||||||
|
By default, the referenced ServersTransport CRD must be defined in the same [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace.
|
||||||
|
|
||||||
|
To reference a ServersTransport CRD from another namespace,
|
||||||
|
the value must be of form `namespace-name@kubernetescrd`,
|
||||||
|
and the [cross-namespace](../../../providers/kubernetes-crd/#allowcrossnamespace) option must be enabled.
|
||||||
|
|
||||||
|
If the ServersTransport CRD is defined in another provider the cross-provider format `name@provider` should be used.
|
||||||
|
|
||||||
## Further
|
## Further
|
||||||
|
|
||||||
Also see the [full example](../../user-guides/crd-acme/index.md) with Let's Encrypt.
|
Also see the [full example](../../user-guides/crd-acme/index.md) with Let's Encrypt.
|
||||||
|
|
2
integration/testdata/rawdata-crd.json
vendored
2
integration/testdata/rawdata-crd.json
vendored
|
@ -180,7 +180,7 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"passHostHeader": true,
|
"passHostHeader": true,
|
||||||
"serversTransport": "mytransport@kubernetescrd"
|
"serversTransport": "default-mytransport@kubernetescrd"
|
||||||
},
|
},
|
||||||
"status": "enabled",
|
"status": "enabled",
|
||||||
"usedBy": [
|
"usedBy": [
|
||||||
|
|
|
@ -27,6 +27,14 @@ spec:
|
||||||
namespace: cross-ns
|
namespace: cross-ns
|
||||||
kind: TraefikService
|
kind: TraefikService
|
||||||
|
|
||||||
|
- match: Host(`bar.com`) && PathPrefix(`/foo`)
|
||||||
|
kind: Rule
|
||||||
|
services:
|
||||||
|
- name: whoami-svc
|
||||||
|
namespace: cross-ns
|
||||||
|
port: 80
|
||||||
|
serversTransport: test
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
kind: TraefikService
|
kind: TraefikService
|
||||||
|
@ -89,3 +97,13 @@ spec:
|
||||||
namespace: cross-ns
|
namespace: cross-ns
|
||||||
percent: 20
|
percent: 20
|
||||||
port: 80
|
port: 80
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: ServersTransport
|
||||||
|
metadata:
|
||||||
|
name: test
|
||||||
|
namespace: foo
|
||||||
|
|
||||||
|
spec:
|
||||||
|
serverName: "test"
|
||||||
|
|
|
@ -109,3 +109,39 @@ spec:
|
||||||
dialTimeout: 42
|
dialTimeout: 42
|
||||||
responseHeaderTimeout: 42s
|
responseHeaderTimeout: 42s
|
||||||
idleConnTimeout: 42ms
|
idleConnTimeout: 42ms
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: ServersTransport
|
||||||
|
metadata:
|
||||||
|
name: test
|
||||||
|
namespace: default
|
||||||
|
|
||||||
|
spec:
|
||||||
|
serverName: "test"
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: IngressRoute
|
||||||
|
metadata:
|
||||||
|
name: test.route
|
||||||
|
namespace: default
|
||||||
|
|
||||||
|
spec:
|
||||||
|
entryPoints:
|
||||||
|
- foo
|
||||||
|
|
||||||
|
routes:
|
||||||
|
- match: Host(`foo.com`)
|
||||||
|
kind: Rule
|
||||||
|
services:
|
||||||
|
- name: external-svc-with-https
|
||||||
|
port: 443
|
||||||
|
serversTransport: test
|
||||||
|
- name: whoamitls
|
||||||
|
port: 443
|
||||||
|
serversTransport: default-test
|
||||||
|
- name: whoami3
|
||||||
|
port: 8443
|
||||||
|
serversTransport: foo-test@kubernetescrd
|
||||||
|
|
||||||
|
|
|
@ -339,7 +339,8 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
conf.HTTP.ServersTransports[serversTransport.Name] = &dynamic.ServersTransport{
|
id := provider.Normalize(makeID(serversTransport.Namespace, serversTransport.Name))
|
||||||
|
conf.HTTP.ServersTransports[id] = &dynamic.ServersTransport{
|
||||||
ServerName: serversTransport.Spec.ServerName,
|
ServerName: serversTransport.Spec.ServerName,
|
||||||
InsecureSkipVerify: serversTransport.Spec.InsecureSkipVerify,
|
InsecureSkipVerify: serversTransport.Spec.InsecureSkipVerify,
|
||||||
RootCAs: rootCAs,
|
RootCAs: rootCAs,
|
||||||
|
|
|
@ -297,11 +297,34 @@ func (c configBuilder) buildServersLB(namespace string, svc v1alpha1.LoadBalance
|
||||||
lb.ResponseForwarding = conf.ResponseForwarding
|
lb.ResponseForwarding = conf.ResponseForwarding
|
||||||
|
|
||||||
lb.Sticky = svc.Sticky
|
lb.Sticky = svc.Sticky
|
||||||
lb.ServersTransport = svc.ServersTransport
|
|
||||||
|
lb.ServersTransport, err = c.makeServersTransportKey(namespace, svc.ServersTransport)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
return &dynamic.Service{LoadBalancer: lb}, nil
|
return &dynamic.Service{LoadBalancer: lb}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *configBuilder) makeServersTransportKey(parentNamespace string, serversTransportName string) (string, error) {
|
||||||
|
if serversTransportName == "" {
|
||||||
|
return "", nil
|
||||||
|
}
|
||||||
|
|
||||||
|
if !c.allowCrossNamespace && strings.HasSuffix(serversTransportName, providerNamespaceSeparator+providerName) {
|
||||||
|
// Since we are not able to know if another namespace is in the name (namespace-name@kubernetescrd),
|
||||||
|
// if the provider namespace kubernetescrd is used,
|
||||||
|
// we don't allow this format to avoid cross namespace references.
|
||||||
|
return "", fmt.Errorf("invalid reference to serversTransport %s: namespace-name@kubernetescrd format is not allowed when crossnamespace is disallowed", serversTransportName)
|
||||||
|
}
|
||||||
|
|
||||||
|
if strings.Contains(serversTransportName, providerNamespaceSeparator) {
|
||||||
|
return serversTransportName, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return provider.Normalize(makeID(parentNamespace, serversTransportName)), nil
|
||||||
|
}
|
||||||
|
|
||||||
func (c configBuilder) loadServers(parentNamespace string, svc v1alpha1.LoadBalancerSpec) ([]dynamic.Server, error) {
|
func (c configBuilder) loadServers(parentNamespace string, svc v1alpha1.LoadBalancerSpec) ([]dynamic.Server, error) {
|
||||||
strategy := svc.Strategy
|
strategy := svc.Strategy
|
||||||
if strategy == "" {
|
if strategy == "" {
|
||||||
|
|
|
@ -1334,6 +1334,7 @@ func TestLoadIngressRoutes(t *testing.T) {
|
||||||
ingressClass string
|
ingressClass string
|
||||||
paths []string
|
paths []string
|
||||||
expected *dynamic.Configuration
|
expected *dynamic.Configuration
|
||||||
|
AllowCrossNamespace bool
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
desc: "Empty",
|
desc: "Empty",
|
||||||
|
@ -1401,6 +1402,7 @@ func TestLoadIngressRoutes(t *testing.T) {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
desc: "Simple Ingress Route with middleware",
|
desc: "Simple Ingress Route with middleware",
|
||||||
|
AllowCrossNamespace: true,
|
||||||
paths: []string{"services.yml", "with_middleware.yml"},
|
paths: []string{"services.yml", "with_middleware.yml"},
|
||||||
expected: &dynamic.Configuration{
|
expected: &dynamic.Configuration{
|
||||||
UDP: &dynamic.UDPConfiguration{
|
UDP: &dynamic.UDPConfiguration{
|
||||||
|
@ -1456,6 +1458,7 @@ func TestLoadIngressRoutes(t *testing.T) {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
desc: "Simple Ingress Route with middleware crossprovider",
|
desc: "Simple Ingress Route with middleware crossprovider",
|
||||||
|
AllowCrossNamespace: true,
|
||||||
paths: []string{"services.yml", "with_middleware_crossprovider.yml"},
|
paths: []string{"services.yml", "with_middleware_crossprovider.yml"},
|
||||||
expected: &dynamic.Configuration{
|
expected: &dynamic.Configuration{
|
||||||
UDP: &dynamic.UDPConfiguration{
|
UDP: &dynamic.UDPConfiguration{
|
||||||
|
@ -2025,6 +2028,7 @@ func TestLoadIngressRoutes(t *testing.T) {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
desc: "services lb, servers lb, and mirror service, all in a wrr with different namespaces",
|
desc: "services lb, servers lb, and mirror service, all in a wrr with different namespaces",
|
||||||
|
AllowCrossNamespace: true,
|
||||||
paths: []string{"with_namespaces.yml"},
|
paths: []string{"with_namespaces.yml"},
|
||||||
expected: &dynamic.Configuration{
|
expected: &dynamic.Configuration{
|
||||||
UDP: &dynamic.UDPConfiguration{
|
UDP: &dynamic.UDPConfiguration{
|
||||||
|
@ -3482,6 +3486,7 @@ func TestLoadIngressRoutes(t *testing.T) {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
desc: "ServersTransport",
|
desc: "ServersTransport",
|
||||||
|
AllowCrossNamespace: true,
|
||||||
paths: []string{"services.yml", "with_servers_transport.yml"},
|
paths: []string{"services.yml", "with_servers_transport.yml"},
|
||||||
expected: &dynamic.Configuration{
|
expected: &dynamic.Configuration{
|
||||||
UDP: &dynamic.UDPConfiguration{
|
UDP: &dynamic.UDPConfiguration{
|
||||||
|
@ -3495,7 +3500,7 @@ func TestLoadIngressRoutes(t *testing.T) {
|
||||||
},
|
},
|
||||||
HTTP: &dynamic.HTTPConfiguration{
|
HTTP: &dynamic.HTTPConfiguration{
|
||||||
ServersTransports: map[string]*dynamic.ServersTransport{
|
ServersTransports: map[string]*dynamic.ServersTransport{
|
||||||
"test": {
|
"foo-test": {
|
||||||
ServerName: "test",
|
ServerName: "test",
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
RootCAs: []tls.FileOrContent{"TESTROOTCAS0", "TESTROOTCAS1", "TESTROOTCAS2", "TESTROOTCAS3", "TESTROOTCAS5", "TESTALLCERTS"},
|
RootCAs: []tls.FileOrContent{"TESTROOTCAS0", "TESTROOTCAS1", "TESTROOTCAS2", "TESTROOTCAS3", "TESTROOTCAS5", "TESTALLCERTS"},
|
||||||
|
@ -3512,10 +3517,154 @@ func TestLoadIngressRoutes(t *testing.T) {
|
||||||
IdleConnTimeout: types.Duration(42 * time.Millisecond),
|
IdleConnTimeout: types.Duration(42 * time.Millisecond),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
"default-test": {
|
||||||
|
ServerName: "test",
|
||||||
|
ForwardingTimeouts: &dynamic.ForwardingTimeouts{
|
||||||
|
DialTimeout: types.Duration(30 * time.Second),
|
||||||
|
IdleConnTimeout: types.Duration(90 * time.Second),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Routers: map[string]*dynamic.Router{
|
||||||
|
"default-test-route-6f97418635c7e18853da": {
|
||||||
|
EntryPoints: []string{"foo"},
|
||||||
|
Service: "default-test-route-6f97418635c7e18853da",
|
||||||
|
Rule: "Host(`foo.com`)",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Middlewares: map[string]*dynamic.Middleware{},
|
||||||
|
Services: map[string]*dynamic.Service{
|
||||||
|
"default-external-svc-with-https-443": {
|
||||||
|
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||||
|
Servers: []dynamic.Server{
|
||||||
|
{
|
||||||
|
URL: "https://external.domain:443",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
PassHostHeader: Bool(true),
|
||||||
|
ServersTransport: "default-test",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"default-whoami3-8443": {
|
||||||
|
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||||
|
Servers: []dynamic.Server{
|
||||||
|
{
|
||||||
|
URL: "http://10.10.0.7:8443",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
URL: "http://10.10.0.8:8443",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
PassHostHeader: Bool(true),
|
||||||
|
ServersTransport: "foo-test@kubernetescrd",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"default-whoamitls-443": {
|
||||||
|
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||||
|
Servers: []dynamic.Server{
|
||||||
|
{
|
||||||
|
URL: "https://10.10.0.5:8443",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
URL: "https://10.10.0.6:8443",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
PassHostHeader: Bool(true),
|
||||||
|
ServersTransport: "default-default-test",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"default-test-route-6f97418635c7e18853da": {
|
||||||
|
Weighted: &dynamic.WeightedRoundRobin{
|
||||||
|
Services: []dynamic.WRRService{
|
||||||
|
{
|
||||||
|
Name: "default-external-svc-with-https-443",
|
||||||
|
Weight: Int(1),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: "default-whoamitls-443",
|
||||||
|
Weight: Int(1),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: "default-whoami3-8443",
|
||||||
|
Weight: Int(1),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
TLS: &dynamic.TLSConfiguration{},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "ServersTransport without crossnamespace",
|
||||||
|
paths: []string{"services.yml", "with_servers_transport.yml"},
|
||||||
|
expected: &dynamic.Configuration{
|
||||||
|
UDP: &dynamic.UDPConfiguration{
|
||||||
|
Routers: map[string]*dynamic.UDPRouter{},
|
||||||
|
Services: map[string]*dynamic.UDPService{},
|
||||||
|
},
|
||||||
|
TCP: &dynamic.TCPConfiguration{
|
||||||
|
Routers: map[string]*dynamic.TCPRouter{},
|
||||||
|
Middlewares: map[string]*dynamic.TCPMiddleware{},
|
||||||
|
Services: map[string]*dynamic.TCPService{},
|
||||||
|
},
|
||||||
|
HTTP: &dynamic.HTTPConfiguration{
|
||||||
|
ServersTransports: map[string]*dynamic.ServersTransport{
|
||||||
|
"foo-test": {
|
||||||
|
ServerName: "test",
|
||||||
|
InsecureSkipVerify: true,
|
||||||
|
RootCAs: []tls.FileOrContent{"TESTROOTCAS0", "TESTROOTCAS1", "TESTROOTCAS2", "TESTROOTCAS3", "TESTROOTCAS5", "TESTALLCERTS"},
|
||||||
|
Certificates: tls.Certificates{
|
||||||
|
{CertFile: "TESTCERT1", KeyFile: "TESTKEY1"},
|
||||||
|
{CertFile: "TESTCERT2", KeyFile: "TESTKEY2"},
|
||||||
|
{CertFile: "TESTCERT3", KeyFile: "TESTKEY3"},
|
||||||
|
},
|
||||||
|
MaxIdleConnsPerHost: 42,
|
||||||
|
ForwardingTimeouts: &dynamic.ForwardingTimeouts{
|
||||||
|
DialTimeout: types.Duration(42 * time.Second),
|
||||||
|
ResponseHeaderTimeout: types.Duration(42 * time.Second),
|
||||||
|
IdleConnTimeout: types.Duration(42 * time.Millisecond),
|
||||||
|
},
|
||||||
|
DisableHTTP2: true,
|
||||||
|
},
|
||||||
|
"default-test": {
|
||||||
|
ServerName: "test",
|
||||||
|
ForwardingTimeouts: &dynamic.ForwardingTimeouts{
|
||||||
|
DialTimeout: types.Duration(30 * time.Second),
|
||||||
|
IdleConnTimeout: types.Duration(90 * time.Second),
|
||||||
|
},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
Routers: map[string]*dynamic.Router{},
|
Routers: map[string]*dynamic.Router{},
|
||||||
Middlewares: map[string]*dynamic.Middleware{},
|
Middlewares: map[string]*dynamic.Middleware{},
|
||||||
Services: map[string]*dynamic.Service{},
|
Services: map[string]*dynamic.Service{
|
||||||
|
"default-external-svc-with-https-443": {
|
||||||
|
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||||
|
Servers: []dynamic.Server{
|
||||||
|
{
|
||||||
|
URL: "https://external.domain:443",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
PassHostHeader: Bool(true),
|
||||||
|
ServersTransport: "default-test",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"default-whoamitls-443": {
|
||||||
|
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||||
|
Servers: []dynamic.Server{
|
||||||
|
{
|
||||||
|
URL: "https://10.10.0.5:8443",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
URL: "https://10.10.0.6:8443",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
PassHostHeader: Bool(true),
|
||||||
|
ServersTransport: "default-default-test",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
TLS: &dynamic.TLSConfiguration{},
|
TLS: &dynamic.TLSConfiguration{},
|
||||||
},
|
},
|
||||||
|
@ -3531,7 +3680,7 @@ func TestLoadIngressRoutes(t *testing.T) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
p := Provider{IngressClass: test.ingressClass, AllowCrossNamespace: true, AllowExternalNameServices: true}
|
p := Provider{IngressClass: test.ingressClass, AllowCrossNamespace: test.AllowCrossNamespace, AllowExternalNameServices: true}
|
||||||
|
|
||||||
clientMock := newClientMock(test.paths...)
|
clientMock := newClientMock(test.paths...)
|
||||||
conf := p.loadConfigurationFromCRD(context.Background(), clientMock)
|
conf := p.loadConfigurationFromCRD(context.Background(), clientMock)
|
||||||
|
@ -4473,6 +4622,11 @@ func TestCrossNamespace(t *testing.T) {
|
||||||
Rule: "Host(`foo.com`) && PathPrefix(`/bar`)",
|
Rule: "Host(`foo.com`) && PathPrefix(`/bar`)",
|
||||||
Priority: 12,
|
Priority: 12,
|
||||||
},
|
},
|
||||||
|
"default-cross-ns-route-1bc3efa892379bb93c6e": {
|
||||||
|
EntryPoints: []string{"foo"},
|
||||||
|
Service: "default-cross-ns-route-1bc3efa892379bb93c6e",
|
||||||
|
Rule: "Host(`bar.com`) && PathPrefix(`/foo`)",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
Middlewares: map[string]*dynamic.Middleware{},
|
Middlewares: map[string]*dynamic.Middleware{},
|
||||||
Services: map[string]*dynamic.Service{
|
Services: map[string]*dynamic.Service{
|
||||||
|
@ -4502,6 +4656,20 @@ func TestCrossNamespace(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
"default-cross-ns-route-1bc3efa892379bb93c6e": {
|
||||||
|
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||||
|
Servers: []dynamic.Server{
|
||||||
|
{
|
||||||
|
URL: "http://10.10.0.1:80",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
URL: "http://10.10.0.2:80",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
PassHostHeader: Bool(true),
|
||||||
|
ServersTransport: "cross-ns-test",
|
||||||
|
},
|
||||||
|
},
|
||||||
"cross-ns-whoami-svc-80": {
|
"cross-ns-whoami-svc-80": {
|
||||||
LoadBalancer: &dynamic.ServersLoadBalancer{
|
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||||
Servers: []dynamic.Server{
|
Servers: []dynamic.Server{
|
||||||
|
|
Loading…
Reference in a new issue