Add TLSStores to Kubernetes CRD
This commit is contained in:
parent
101aefbfe8
commit
a474e196ea
34 changed files with 1560 additions and 6 deletions
|
@ -57,6 +57,21 @@ spec:
|
|||
singular: tlsoption
|
||||
scope: Namespaced
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: tlsstores.traefik.containo.us
|
||||
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
version: v1alpha1
|
||||
names:
|
||||
kind: TLSStore
|
||||
plural: tlsstores
|
||||
singular: tlsstore
|
||||
scope: Namespaced
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
|
|
|
@ -41,6 +41,21 @@ spec:
|
|||
singular: tlsoption
|
||||
scope: Namespaced
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: tlsstores.traefik.containo.us
|
||||
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
version: v1alpha1
|
||||
names:
|
||||
kind: TLSStore
|
||||
plural: tlsstores
|
||||
singular: tlsstore
|
||||
scope: Namespaced
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
|
|
|
@ -890,6 +890,82 @@ or referencing TLS options in the [`IngressRoute`](#kind-ingressroute) / [`Ingre
|
|||
just as in the [middleware case](../../middlewares/overview.md#provider-namespace).
|
||||
Specifying a namespace attribute in this case would not make any sense, and will be ignored.
|
||||
|
||||
### Kind: `TLSStore`
|
||||
|
||||
`TLSStore` is the CRD implementation of a [Traefik "TLS Store"](../../https/tls.md#certificates-stores).
|
||||
|
||||
Register the `TLSStore` kind in the Kubernetes cluster before creating `TLSStore` objects
|
||||
or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`IngressRouteTCP`](#kind-ingressroutetcp) objects.
|
||||
|
||||
!!! important "Default TLS Store"
|
||||
|
||||
Traefik currently only uses the [TLS Store named "default"](../../https/tls.md#certificates-stores).
|
||||
This means that if you have two stores that are named default in different kubernetes namespaces,
|
||||
they may be randomly chosen.
|
||||
For the time being, please only configure one TLSSTore named default.
|
||||
|
||||
!!! info "TLSStore Attributes"
|
||||
|
||||
```yaml tab="TLSStore"
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: TLSStore
|
||||
metadata:
|
||||
name: default
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
defaultCertificate:
|
||||
secretName: mySecret # [1]
|
||||
```
|
||||
|
||||
| Ref | Attribute | Purpose |
|
||||
|-----|-----------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| [1] | `secretName` | The name of the referenced Kubernetes [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) that holds the default certificate for the store. |
|
||||
|
||||
??? example "Declaring and referencing a TLSStore"
|
||||
|
||||
```yaml tab="TLSStore"
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: TLSStore
|
||||
metadata:
|
||||
name: default
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
defaultCertificate:
|
||||
secretName: supersecret
|
||||
```
|
||||
|
||||
```yaml tab="IngressRoute"
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: ingressroutebar
|
||||
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
routes:
|
||||
- match: Host(`bar.com`) && PathPrefix(`/stripit`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: whoami
|
||||
port: 80
|
||||
tls:
|
||||
store:
|
||||
name: default
|
||||
```
|
||||
|
||||
```yaml tab="Secret"
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: supersecret
|
||||
|
||||
data:
|
||||
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
|
||||
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
|
||||
```
|
||||
## Further
|
||||
|
||||
Also see the [full example](../../user-guides/crd-acme/index.md) with Let's Encrypt.
|
||||
|
|
|
@ -57,6 +57,22 @@ spec:
|
|||
singular: tlsoption
|
||||
scope: Namespaced
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: tlsstores.traefik.containo.us
|
||||
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
version: v1alpha1
|
||||
names:
|
||||
kind: TLSStore
|
||||
plural: tlsstores
|
||||
singular: tlsstore
|
||||
scope: Namespaced
|
||||
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
|
|
|
@ -19,3 +19,5 @@ spec:
|
|||
tls:
|
||||
options:
|
||||
name: mytlsoption
|
||||
store:
|
||||
name: mytlsstore
|
||||
|
|
9
integration/fixtures/k8s/03-tlsstore.yml
Normal file
9
integration/fixtures/k8s/03-tlsstore.yml
Normal file
|
@ -0,0 +1,9 @@
|
|||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: TLSStore
|
||||
metadata:
|
||||
name: mytlsstore
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
defaultCertificate:
|
||||
secretName: tls-cert
|
|
@ -16,3 +16,5 @@ spec:
|
|||
tls:
|
||||
options:
|
||||
name: mytlsoption
|
||||
store:
|
||||
name: mytlsstore
|
||||
|
|
|
@ -51,6 +51,7 @@ type Client interface {
|
|||
GetTraefikService(namespace, name string) (*v1alpha1.TraefikService, bool, error)
|
||||
GetTraefikServices() []*v1alpha1.TraefikService
|
||||
GetTLSOptions() []*v1alpha1.TLSOption
|
||||
GetTLSStores() []*v1alpha1.TLSStore
|
||||
|
||||
GetService(namespace, name string) (*corev1.Service, bool, error)
|
||||
GetSecret(namespace, name string) (*corev1.Secret, bool, error)
|
||||
|
@ -159,6 +160,7 @@ func (c *clientWrapper) WatchAll(namespaces []string, stopCh <-chan struct{}) (<
|
|||
factoryCrd.Traefik().V1alpha1().Middlewares().Informer().AddEventHandler(eventHandler)
|
||||
factoryCrd.Traefik().V1alpha1().IngressRouteTCPs().Informer().AddEventHandler(eventHandler)
|
||||
factoryCrd.Traefik().V1alpha1().TLSOptions().Informer().AddEventHandler(eventHandler)
|
||||
factoryCrd.Traefik().V1alpha1().TLSStores().Informer().AddEventHandler(eventHandler)
|
||||
factoryCrd.Traefik().V1alpha1().TraefikServices().Informer().AddEventHandler(eventHandler)
|
||||
|
||||
factoryKube := informers.NewSharedInformerFactoryWithOptions(c.csKube, resyncPeriod, informers.WithNamespace(ns))
|
||||
|
@ -284,6 +286,21 @@ func (c *clientWrapper) GetTLSOptions() []*v1alpha1.TLSOption {
|
|||
return result
|
||||
}
|
||||
|
||||
// GetTLSStores returns all TLS stores.
|
||||
func (c *clientWrapper) GetTLSStores() []*v1alpha1.TLSStore {
|
||||
var result []*v1alpha1.TLSStore
|
||||
|
||||
for ns, factory := range c.factoriesCrd {
|
||||
stores, err := factory.Traefik().V1alpha1().TLSStores().Lister().List(c.labelSelector)
|
||||
if err != nil {
|
||||
log.Errorf("Failed to list tls stores in namespace %s: %v", ns, err)
|
||||
}
|
||||
result = append(result, stores...)
|
||||
}
|
||||
|
||||
return result
|
||||
}
|
||||
|
||||
// GetService returns the named service from the given namespace.
|
||||
func (c *clientWrapper) GetService(namespace, name string) (*corev1.Service, bool, error) {
|
||||
if !c.isWatchedNamespace(namespace) {
|
||||
|
@ -343,6 +360,8 @@ func (c *clientWrapper) newResourceEventHandler(events chan<- interface{}) cache
|
|||
return c.labelSelector.Matches(labels.Set(v.GetLabels()))
|
||||
case *v1alpha1.TLSOption:
|
||||
return c.labelSelector.Matches(labels.Set(v.GetLabels()))
|
||||
case *v1alpha1.TLSStore:
|
||||
return c.labelSelector.Matches(labels.Set(v.GetLabels()))
|
||||
case *v1alpha1.Middleware:
|
||||
return c.labelSelector.Matches(labels.Set(v.GetLabels()))
|
||||
default:
|
||||
|
|
|
@ -34,6 +34,7 @@ type clientMock struct {
|
|||
ingressRouteTCPs []*v1alpha1.IngressRouteTCP
|
||||
middlewares []*v1alpha1.Middleware
|
||||
tlsOptions []*v1alpha1.TLSOption
|
||||
tlsStores []*v1alpha1.TLSStore
|
||||
traefikServices []*v1alpha1.TraefikService
|
||||
|
||||
watchChan chan interface{}
|
||||
|
@ -65,6 +66,8 @@ func newClientMock(paths ...string) clientMock {
|
|||
c.traefikServices = append(c.traefikServices, o)
|
||||
case *v1alpha1.TLSOption:
|
||||
c.tlsOptions = append(c.tlsOptions, o)
|
||||
case *v1alpha1.TLSStore:
|
||||
c.tlsStores = append(c.tlsStores, o)
|
||||
case *corev1.Secret:
|
||||
c.secrets = append(c.secrets, o)
|
||||
default:
|
||||
|
@ -106,6 +109,10 @@ func (c clientMock) GetTLSOptions() []*v1alpha1.TLSOption {
|
|||
return c.tlsOptions
|
||||
}
|
||||
|
||||
func (c clientMock) GetTLSStores() []*v1alpha1.TLSStore {
|
||||
return c.tlsStores
|
||||
}
|
||||
|
||||
func (c clientMock) GetTLSOption(namespace, name string) (*v1alpha1.TLSOption, bool, error) {
|
||||
for _, option := range c.tlsOptions {
|
||||
if option.Namespace == namespace && option.Name == name {
|
||||
|
|
40
pkg/provider/kubernetes/crd/fixtures/tcp/with_tls_store.yml
Normal file
40
pkg/provider/kubernetes/crd/fixtures/tcp/with_tls_store.yml
Normal file
|
@ -0,0 +1,40 @@
|
|||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: TLSStore
|
||||
metadata:
|
||||
name: default
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
defaultCertificate:
|
||||
secretName: supersecret
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: supersecret
|
||||
namespace: default
|
||||
|
||||
data:
|
||||
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
|
||||
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
|
||||
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: test.route
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
entryPoints:
|
||||
- foo
|
||||
routes:
|
||||
- match: HostSNI(`foo.com`)
|
||||
services:
|
||||
- name: whoamitcp
|
||||
port: 8000
|
||||
|
||||
tls:
|
||||
store:
|
||||
name: default
|
|
@ -0,0 +1,61 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: secretCAdefault1
|
||||
namespace: foo
|
||||
|
||||
data:
|
||||
tls.ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: secretCAdefault2
|
||||
namespace: foo
|
||||
|
||||
data:
|
||||
tls.ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
|
||||
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: TLSOption
|
||||
metadata:
|
||||
name: default
|
||||
namespace: foo
|
||||
|
||||
spec:
|
||||
minVersion: VersionTLS12
|
||||
sniStrict: true
|
||||
cipherSuites:
|
||||
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||
clientAuth:
|
||||
secretNames:
|
||||
- secretCAdefault1
|
||||
- secretCAdefault2
|
||||
clientAuthType: VerifyClientCertIfGiven
|
||||
preferServerCipherSuites: true
|
||||
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: test.route
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
|
||||
routes:
|
||||
- match: Host(`foo.com`) && PathPrefix(`/bar`)
|
||||
kind: Rule
|
||||
priority: 12
|
||||
services:
|
||||
- name: whoami
|
||||
port: 80
|
||||
|
||||
tls:
|
||||
options:
|
||||
name: foo
|
|
@ -0,0 +1,61 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: secretCA1
|
||||
namespace: default
|
||||
|
||||
data:
|
||||
tls.ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: secretCA2
|
||||
namespace: default
|
||||
|
||||
data:
|
||||
tls.ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
|
||||
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: TLSOption
|
||||
metadata:
|
||||
name: default
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
minVersion: VersionTLS12
|
||||
sniStrict: true
|
||||
cipherSuites:
|
||||
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||
clientAuth:
|
||||
secretNames:
|
||||
- secretCA1
|
||||
- secretCA2
|
||||
clientAuthType: VerifyClientCertIfGiven
|
||||
preferServerCipherSuites: true
|
||||
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: test.route
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
|
||||
routes:
|
||||
- match: Host(`foo.com`) && PathPrefix(`/bar`)
|
||||
kind: Rule
|
||||
priority: 12
|
||||
services:
|
||||
- name: whoami
|
||||
port: 80
|
||||
|
||||
tls:
|
||||
options:
|
||||
name: foo
|
|
@ -0,0 +1,43 @@
|
|||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: TLSStore
|
||||
metadata:
|
||||
name: default
|
||||
namespace: foo
|
||||
|
||||
spec:
|
||||
defaultCertificate:
|
||||
secretName: supersecret
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: supersecret
|
||||
namespace: foo
|
||||
|
||||
data:
|
||||
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
|
||||
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
|
||||
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: test.route
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
|
||||
routes:
|
||||
- match: Host(`foo.com`) && PathPrefix(`/bar`)
|
||||
kind: Rule
|
||||
priority: 12
|
||||
services:
|
||||
- name: whoami
|
||||
port: 80
|
||||
|
||||
tls:
|
||||
store:
|
||||
name: default
|
43
pkg/provider/kubernetes/crd/fixtures/with_tls_store.yml
Normal file
43
pkg/provider/kubernetes/crd/fixtures/with_tls_store.yml
Normal file
|
@ -0,0 +1,43 @@
|
|||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: TLSStore
|
||||
metadata:
|
||||
name: default
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
defaultCertificate:
|
||||
secretName: supersecret
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: supersecret
|
||||
namespace: default
|
||||
|
||||
data:
|
||||
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
|
||||
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
|
||||
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: test.route
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
|
||||
routes:
|
||||
- match: Host(`foo.com`) && PathPrefix(`/bar`)
|
||||
kind: Rule
|
||||
priority: 12
|
||||
services:
|
||||
- name: whoami
|
||||
port: 80
|
||||
|
||||
tls:
|
||||
store:
|
||||
name: default
|
|
@ -0,0 +1,136 @@
|
|||
/*
|
||||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2016-2020 Containous SAS
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
||||
*/
|
||||
|
||||
// Code generated by client-gen. DO NOT EDIT.
|
||||
|
||||
package fake
|
||||
|
||||
import (
|
||||
v1alpha1 "github.com/containous/traefik/v2/pkg/provider/kubernetes/crd/traefik/v1alpha1"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
labels "k8s.io/apimachinery/pkg/labels"
|
||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
||||
types "k8s.io/apimachinery/pkg/types"
|
||||
watch "k8s.io/apimachinery/pkg/watch"
|
||||
testing "k8s.io/client-go/testing"
|
||||
)
|
||||
|
||||
// FakeTLSStores implements TLSStoreInterface
|
||||
type FakeTLSStores struct {
|
||||
Fake *FakeTraefikV1alpha1
|
||||
ns string
|
||||
}
|
||||
|
||||
var tlsstoresResource = schema.GroupVersionResource{Group: "traefik.containo.us", Version: "v1alpha1", Resource: "tlsstores"}
|
||||
|
||||
var tlsstoresKind = schema.GroupVersionKind{Group: "traefik.containo.us", Version: "v1alpha1", Kind: "TLSStore"}
|
||||
|
||||
// Get takes name of the tLSStore, and returns the corresponding tLSStore object, and an error if there is any.
|
||||
func (c *FakeTLSStores) Get(name string, options v1.GetOptions) (result *v1alpha1.TLSStore, err error) {
|
||||
obj, err := c.Fake.
|
||||
Invokes(testing.NewGetAction(tlsstoresResource, c.ns, name), &v1alpha1.TLSStore{})
|
||||
|
||||
if obj == nil {
|
||||
return nil, err
|
||||
}
|
||||
return obj.(*v1alpha1.TLSStore), err
|
||||
}
|
||||
|
||||
// List takes label and field selectors, and returns the list of TLSStores that match those selectors.
|
||||
func (c *FakeTLSStores) List(opts v1.ListOptions) (result *v1alpha1.TLSStoreList, err error) {
|
||||
obj, err := c.Fake.
|
||||
Invokes(testing.NewListAction(tlsstoresResource, tlsstoresKind, c.ns, opts), &v1alpha1.TLSStoreList{})
|
||||
|
||||
if obj == nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
label, _, _ := testing.ExtractFromListOptions(opts)
|
||||
if label == nil {
|
||||
label = labels.Everything()
|
||||
}
|
||||
list := &v1alpha1.TLSStoreList{ListMeta: obj.(*v1alpha1.TLSStoreList).ListMeta}
|
||||
for _, item := range obj.(*v1alpha1.TLSStoreList).Items {
|
||||
if label.Matches(labels.Set(item.Labels)) {
|
||||
list.Items = append(list.Items, item)
|
||||
}
|
||||
}
|
||||
return list, err
|
||||
}
|
||||
|
||||
// Watch returns a watch.Interface that watches the requested tLSStores.
|
||||
func (c *FakeTLSStores) Watch(opts v1.ListOptions) (watch.Interface, error) {
|
||||
return c.Fake.
|
||||
InvokesWatch(testing.NewWatchAction(tlsstoresResource, c.ns, opts))
|
||||
|
||||
}
|
||||
|
||||
// Create takes the representation of a tLSStore and creates it. Returns the server's representation of the tLSStore, and an error, if there is any.
|
||||
func (c *FakeTLSStores) Create(tLSStore *v1alpha1.TLSStore) (result *v1alpha1.TLSStore, err error) {
|
||||
obj, err := c.Fake.
|
||||
Invokes(testing.NewCreateAction(tlsstoresResource, c.ns, tLSStore), &v1alpha1.TLSStore{})
|
||||
|
||||
if obj == nil {
|
||||
return nil, err
|
||||
}
|
||||
return obj.(*v1alpha1.TLSStore), err
|
||||
}
|
||||
|
||||
// Update takes the representation of a tLSStore and updates it. Returns the server's representation of the tLSStore, and an error, if there is any.
|
||||
func (c *FakeTLSStores) Update(tLSStore *v1alpha1.TLSStore) (result *v1alpha1.TLSStore, err error) {
|
||||
obj, err := c.Fake.
|
||||
Invokes(testing.NewUpdateAction(tlsstoresResource, c.ns, tLSStore), &v1alpha1.TLSStore{})
|
||||
|
||||
if obj == nil {
|
||||
return nil, err
|
||||
}
|
||||
return obj.(*v1alpha1.TLSStore), err
|
||||
}
|
||||
|
||||
// Delete takes name of the tLSStore and deletes it. Returns an error if one occurs.
|
||||
func (c *FakeTLSStores) Delete(name string, options *v1.DeleteOptions) error {
|
||||
_, err := c.Fake.
|
||||
Invokes(testing.NewDeleteAction(tlsstoresResource, c.ns, name), &v1alpha1.TLSStore{})
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
// DeleteCollection deletes a collection of objects.
|
||||
func (c *FakeTLSStores) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
|
||||
action := testing.NewDeleteCollectionAction(tlsstoresResource, c.ns, listOptions)
|
||||
|
||||
_, err := c.Fake.Invokes(action, &v1alpha1.TLSStoreList{})
|
||||
return err
|
||||
}
|
||||
|
||||
// Patch applies the patch and returns the patched tLSStore.
|
||||
func (c *FakeTLSStores) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.TLSStore, err error) {
|
||||
obj, err := c.Fake.
|
||||
Invokes(testing.NewPatchSubresourceAction(tlsstoresResource, c.ns, name, pt, data, subresources...), &v1alpha1.TLSStore{})
|
||||
|
||||
if obj == nil {
|
||||
return nil, err
|
||||
}
|
||||
return obj.(*v1alpha1.TLSStore), err
|
||||
}
|
|
@ -52,6 +52,10 @@ func (c *FakeTraefikV1alpha1) TLSOptions(namespace string) v1alpha1.TLSOptionInt
|
|||
return &FakeTLSOptions{c, namespace}
|
||||
}
|
||||
|
||||
func (c *FakeTraefikV1alpha1) TLSStores(namespace string) v1alpha1.TLSStoreInterface {
|
||||
return &FakeTLSStores{c, namespace}
|
||||
}
|
||||
|
||||
func (c *FakeTraefikV1alpha1) TraefikServices(namespace string) v1alpha1.TraefikServiceInterface {
|
||||
return &FakeTraefikServices{c, namespace}
|
||||
}
|
||||
|
|
|
@ -34,4 +34,6 @@ type MiddlewareExpansion interface{}
|
|||
|
||||
type TLSOptionExpansion interface{}
|
||||
|
||||
type TLSStoreExpansion interface{}
|
||||
|
||||
type TraefikServiceExpansion interface{}
|
||||
|
|
|
@ -0,0 +1,182 @@
|
|||
/*
|
||||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2016-2020 Containous SAS
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
||||
*/
|
||||
|
||||
// Code generated by client-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
"time"
|
||||
|
||||
scheme "github.com/containous/traefik/v2/pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme"
|
||||
v1alpha1 "github.com/containous/traefik/v2/pkg/provider/kubernetes/crd/traefik/v1alpha1"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
types "k8s.io/apimachinery/pkg/types"
|
||||
watch "k8s.io/apimachinery/pkg/watch"
|
||||
rest "k8s.io/client-go/rest"
|
||||
)
|
||||
|
||||
// TLSStoresGetter has a method to return a TLSStoreInterface.
|
||||
// A group's client should implement this interface.
|
||||
type TLSStoresGetter interface {
|
||||
TLSStores(namespace string) TLSStoreInterface
|
||||
}
|
||||
|
||||
// TLSStoreInterface has methods to work with TLSStore resources.
|
||||
type TLSStoreInterface interface {
|
||||
Create(*v1alpha1.TLSStore) (*v1alpha1.TLSStore, error)
|
||||
Update(*v1alpha1.TLSStore) (*v1alpha1.TLSStore, error)
|
||||
Delete(name string, options *v1.DeleteOptions) error
|
||||
DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
|
||||
Get(name string, options v1.GetOptions) (*v1alpha1.TLSStore, error)
|
||||
List(opts v1.ListOptions) (*v1alpha1.TLSStoreList, error)
|
||||
Watch(opts v1.ListOptions) (watch.Interface, error)
|
||||
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.TLSStore, err error)
|
||||
TLSStoreExpansion
|
||||
}
|
||||
|
||||
// tLSStores implements TLSStoreInterface
|
||||
type tLSStores struct {
|
||||
client rest.Interface
|
||||
ns string
|
||||
}
|
||||
|
||||
// newTLSStores returns a TLSStores
|
||||
func newTLSStores(c *TraefikV1alpha1Client, namespace string) *tLSStores {
|
||||
return &tLSStores{
|
||||
client: c.RESTClient(),
|
||||
ns: namespace,
|
||||
}
|
||||
}
|
||||
|
||||
// Get takes name of the tLSStore, and returns the corresponding tLSStore object, and an error if there is any.
|
||||
func (c *tLSStores) Get(name string, options v1.GetOptions) (result *v1alpha1.TLSStore, err error) {
|
||||
result = &v1alpha1.TLSStore{}
|
||||
err = c.client.Get().
|
||||
Namespace(c.ns).
|
||||
Resource("tlsstores").
|
||||
Name(name).
|
||||
VersionedParams(&options, scheme.ParameterCodec).
|
||||
Do().
|
||||
Into(result)
|
||||
return
|
||||
}
|
||||
|
||||
// List takes label and field selectors, and returns the list of TLSStores that match those selectors.
|
||||
func (c *tLSStores) List(opts v1.ListOptions) (result *v1alpha1.TLSStoreList, err error) {
|
||||
var timeout time.Duration
|
||||
if opts.TimeoutSeconds != nil {
|
||||
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
|
||||
}
|
||||
result = &v1alpha1.TLSStoreList{}
|
||||
err = c.client.Get().
|
||||
Namespace(c.ns).
|
||||
Resource("tlsstores").
|
||||
VersionedParams(&opts, scheme.ParameterCodec).
|
||||
Timeout(timeout).
|
||||
Do().
|
||||
Into(result)
|
||||
return
|
||||
}
|
||||
|
||||
// Watch returns a watch.Interface that watches the requested tLSStores.
|
||||
func (c *tLSStores) Watch(opts v1.ListOptions) (watch.Interface, error) {
|
||||
var timeout time.Duration
|
||||
if opts.TimeoutSeconds != nil {
|
||||
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
|
||||
}
|
||||
opts.Watch = true
|
||||
return c.client.Get().
|
||||
Namespace(c.ns).
|
||||
Resource("tlsstores").
|
||||
VersionedParams(&opts, scheme.ParameterCodec).
|
||||
Timeout(timeout).
|
||||
Watch()
|
||||
}
|
||||
|
||||
// Create takes the representation of a tLSStore and creates it. Returns the server's representation of the tLSStore, and an error, if there is any.
|
||||
func (c *tLSStores) Create(tLSStore *v1alpha1.TLSStore) (result *v1alpha1.TLSStore, err error) {
|
||||
result = &v1alpha1.TLSStore{}
|
||||
err = c.client.Post().
|
||||
Namespace(c.ns).
|
||||
Resource("tlsstores").
|
||||
Body(tLSStore).
|
||||
Do().
|
||||
Into(result)
|
||||
return
|
||||
}
|
||||
|
||||
// Update takes the representation of a tLSStore and updates it. Returns the server's representation of the tLSStore, and an error, if there is any.
|
||||
func (c *tLSStores) Update(tLSStore *v1alpha1.TLSStore) (result *v1alpha1.TLSStore, err error) {
|
||||
result = &v1alpha1.TLSStore{}
|
||||
err = c.client.Put().
|
||||
Namespace(c.ns).
|
||||
Resource("tlsstores").
|
||||
Name(tLSStore.Name).
|
||||
Body(tLSStore).
|
||||
Do().
|
||||
Into(result)
|
||||
return
|
||||
}
|
||||
|
||||
// Delete takes name of the tLSStore and deletes it. Returns an error if one occurs.
|
||||
func (c *tLSStores) Delete(name string, options *v1.DeleteOptions) error {
|
||||
return c.client.Delete().
|
||||
Namespace(c.ns).
|
||||
Resource("tlsstores").
|
||||
Name(name).
|
||||
Body(options).
|
||||
Do().
|
||||
Error()
|
||||
}
|
||||
|
||||
// DeleteCollection deletes a collection of objects.
|
||||
func (c *tLSStores) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
|
||||
var timeout time.Duration
|
||||
if listOptions.TimeoutSeconds != nil {
|
||||
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
|
||||
}
|
||||
return c.client.Delete().
|
||||
Namespace(c.ns).
|
||||
Resource("tlsstores").
|
||||
VersionedParams(&listOptions, scheme.ParameterCodec).
|
||||
Timeout(timeout).
|
||||
Body(options).
|
||||
Do().
|
||||
Error()
|
||||
}
|
||||
|
||||
// Patch applies the patch and returns the patched tLSStore.
|
||||
func (c *tLSStores) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.TLSStore, err error) {
|
||||
result = &v1alpha1.TLSStore{}
|
||||
err = c.client.Patch(pt).
|
||||
Namespace(c.ns).
|
||||
Resource("tlsstores").
|
||||
SubResource(subresources...).
|
||||
Name(name).
|
||||
Body(data).
|
||||
Do().
|
||||
Into(result)
|
||||
return
|
||||
}
|
|
@ -38,6 +38,7 @@ type TraefikV1alpha1Interface interface {
|
|||
IngressRouteTCPsGetter
|
||||
MiddlewaresGetter
|
||||
TLSOptionsGetter
|
||||
TLSStoresGetter
|
||||
TraefikServicesGetter
|
||||
}
|
||||
|
||||
|
@ -62,6 +63,10 @@ func (c *TraefikV1alpha1Client) TLSOptions(namespace string) TLSOptionInterface
|
|||
return newTLSOptions(c, namespace)
|
||||
}
|
||||
|
||||
func (c *TraefikV1alpha1Client) TLSStores(namespace string) TLSStoreInterface {
|
||||
return newTLSStores(c, namespace)
|
||||
}
|
||||
|
||||
func (c *TraefikV1alpha1Client) TraefikServices(namespace string) TraefikServiceInterface {
|
||||
return newTraefikServices(c, namespace)
|
||||
}
|
||||
|
|
|
@ -69,6 +69,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
|
|||
return &genericInformer{resource: resource.GroupResource(), informer: f.Traefik().V1alpha1().Middlewares().Informer()}, nil
|
||||
case v1alpha1.SchemeGroupVersion.WithResource("tlsoptions"):
|
||||
return &genericInformer{resource: resource.GroupResource(), informer: f.Traefik().V1alpha1().TLSOptions().Informer()}, nil
|
||||
case v1alpha1.SchemeGroupVersion.WithResource("tlsstores"):
|
||||
return &genericInformer{resource: resource.GroupResource(), informer: f.Traefik().V1alpha1().TLSStores().Informer()}, nil
|
||||
case v1alpha1.SchemeGroupVersion.WithResource("traefikservices"):
|
||||
return &genericInformer{resource: resource.GroupResource(), informer: f.Traefik().V1alpha1().TraefikServices().Informer()}, nil
|
||||
|
||||
|
|
|
@ -40,6 +40,8 @@ type Interface interface {
|
|||
Middlewares() MiddlewareInformer
|
||||
// TLSOptions returns a TLSOptionInformer.
|
||||
TLSOptions() TLSOptionInformer
|
||||
// TLSStores returns a TLSStoreInformer.
|
||||
TLSStores() TLSStoreInformer
|
||||
// TraefikServices returns a TraefikServiceInformer.
|
||||
TraefikServices() TraefikServiceInformer
|
||||
}
|
||||
|
@ -75,6 +77,11 @@ func (v *version) TLSOptions() TLSOptionInformer {
|
|||
return &tLSOptionInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
|
||||
}
|
||||
|
||||
// TLSStores returns a TLSStoreInformer.
|
||||
func (v *version) TLSStores() TLSStoreInformer {
|
||||
return &tLSStoreInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
|
||||
}
|
||||
|
||||
// TraefikServices returns a TraefikServiceInformer.
|
||||
func (v *version) TraefikServices() TraefikServiceInformer {
|
||||
return &traefikServiceInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
|
||||
|
|
|
@ -0,0 +1,97 @@
|
|||
/*
|
||||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2016-2020 Containous SAS
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
||||
*/
|
||||
|
||||
// Code generated by informer-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
time "time"
|
||||
|
||||
versioned "github.com/containous/traefik/v2/pkg/provider/kubernetes/crd/generated/clientset/versioned"
|
||||
internalinterfaces "github.com/containous/traefik/v2/pkg/provider/kubernetes/crd/generated/informers/externalversions/internalinterfaces"
|
||||
v1alpha1 "github.com/containous/traefik/v2/pkg/provider/kubernetes/crd/generated/listers/traefik/v1alpha1"
|
||||
traefikv1alpha1 "github.com/containous/traefik/v2/pkg/provider/kubernetes/crd/traefik/v1alpha1"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
watch "k8s.io/apimachinery/pkg/watch"
|
||||
cache "k8s.io/client-go/tools/cache"
|
||||
)
|
||||
|
||||
// TLSStoreInformer provides access to a shared informer and lister for
|
||||
// TLSStores.
|
||||
type TLSStoreInformer interface {
|
||||
Informer() cache.SharedIndexInformer
|
||||
Lister() v1alpha1.TLSStoreLister
|
||||
}
|
||||
|
||||
type tLSStoreInformer struct {
|
||||
factory internalinterfaces.SharedInformerFactory
|
||||
tweakListOptions internalinterfaces.TweakListOptionsFunc
|
||||
namespace string
|
||||
}
|
||||
|
||||
// NewTLSStoreInformer constructs a new informer for TLSStore type.
|
||||
// Always prefer using an informer factory to get a shared informer instead of getting an independent
|
||||
// one. This reduces memory footprint and number of connections to the server.
|
||||
func NewTLSStoreInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
|
||||
return NewFilteredTLSStoreInformer(client, namespace, resyncPeriod, indexers, nil)
|
||||
}
|
||||
|
||||
// NewFilteredTLSStoreInformer constructs a new informer for TLSStore type.
|
||||
// Always prefer using an informer factory to get a shared informer instead of getting an independent
|
||||
// one. This reduces memory footprint and number of connections to the server.
|
||||
func NewFilteredTLSStoreInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
|
||||
return cache.NewSharedIndexInformer(
|
||||
&cache.ListWatch{
|
||||
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
|
||||
if tweakListOptions != nil {
|
||||
tweakListOptions(&options)
|
||||
}
|
||||
return client.TraefikV1alpha1().TLSStores(namespace).List(options)
|
||||
},
|
||||
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
|
||||
if tweakListOptions != nil {
|
||||
tweakListOptions(&options)
|
||||
}
|
||||
return client.TraefikV1alpha1().TLSStores(namespace).Watch(options)
|
||||
},
|
||||
},
|
||||
&traefikv1alpha1.TLSStore{},
|
||||
resyncPeriod,
|
||||
indexers,
|
||||
)
|
||||
}
|
||||
|
||||
func (f *tLSStoreInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
|
||||
return NewFilteredTLSStoreInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
|
||||
}
|
||||
|
||||
func (f *tLSStoreInformer) Informer() cache.SharedIndexInformer {
|
||||
return f.factory.InformerFor(&traefikv1alpha1.TLSStore{}, f.defaultInformer)
|
||||
}
|
||||
|
||||
func (f *tLSStoreInformer) Lister() v1alpha1.TLSStoreLister {
|
||||
return v1alpha1.NewTLSStoreLister(f.Informer().GetIndexer())
|
||||
}
|
|
@ -58,6 +58,14 @@ type TLSOptionListerExpansion interface{}
|
|||
// TLSOptionNamespaceLister.
|
||||
type TLSOptionNamespaceListerExpansion interface{}
|
||||
|
||||
// TLSStoreListerExpansion allows custom methods to be added to
|
||||
// TLSStoreLister.
|
||||
type TLSStoreListerExpansion interface{}
|
||||
|
||||
// TLSStoreNamespaceListerExpansion allows custom methods to be added to
|
||||
// TLSStoreNamespaceLister.
|
||||
type TLSStoreNamespaceListerExpansion interface{}
|
||||
|
||||
// TraefikServiceListerExpansion allows custom methods to be added to
|
||||
// TraefikServiceLister.
|
||||
type TraefikServiceListerExpansion interface{}
|
||||
|
|
|
@ -0,0 +1,102 @@
|
|||
/*
|
||||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2016-2020 Containous SAS
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
||||
*/
|
||||
|
||||
// Code generated by lister-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
v1alpha1 "github.com/containous/traefik/v2/pkg/provider/kubernetes/crd/traefik/v1alpha1"
|
||||
"k8s.io/apimachinery/pkg/api/errors"
|
||||
"k8s.io/apimachinery/pkg/labels"
|
||||
"k8s.io/client-go/tools/cache"
|
||||
)
|
||||
|
||||
// TLSStoreLister helps list TLSStores.
|
||||
type TLSStoreLister interface {
|
||||
// List lists all TLSStores in the indexer.
|
||||
List(selector labels.Selector) (ret []*v1alpha1.TLSStore, err error)
|
||||
// TLSStores returns an object that can list and get TLSStores.
|
||||
TLSStores(namespace string) TLSStoreNamespaceLister
|
||||
TLSStoreListerExpansion
|
||||
}
|
||||
|
||||
// tLSStoreLister implements the TLSStoreLister interface.
|
||||
type tLSStoreLister struct {
|
||||
indexer cache.Indexer
|
||||
}
|
||||
|
||||
// NewTLSStoreLister returns a new TLSStoreLister.
|
||||
func NewTLSStoreLister(indexer cache.Indexer) TLSStoreLister {
|
||||
return &tLSStoreLister{indexer: indexer}
|
||||
}
|
||||
|
||||
// List lists all TLSStores in the indexer.
|
||||
func (s *tLSStoreLister) List(selector labels.Selector) (ret []*v1alpha1.TLSStore, err error) {
|
||||
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
|
||||
ret = append(ret, m.(*v1alpha1.TLSStore))
|
||||
})
|
||||
return ret, err
|
||||
}
|
||||
|
||||
// TLSStores returns an object that can list and get TLSStores.
|
||||
func (s *tLSStoreLister) TLSStores(namespace string) TLSStoreNamespaceLister {
|
||||
return tLSStoreNamespaceLister{indexer: s.indexer, namespace: namespace}
|
||||
}
|
||||
|
||||
// TLSStoreNamespaceLister helps list and get TLSStores.
|
||||
type TLSStoreNamespaceLister interface {
|
||||
// List lists all TLSStores in the indexer for a given namespace.
|
||||
List(selector labels.Selector) (ret []*v1alpha1.TLSStore, err error)
|
||||
// Get retrieves the TLSStore from the indexer for a given namespace and name.
|
||||
Get(name string) (*v1alpha1.TLSStore, error)
|
||||
TLSStoreNamespaceListerExpansion
|
||||
}
|
||||
|
||||
// tLSStoreNamespaceLister implements the TLSStoreNamespaceLister
|
||||
// interface.
|
||||
type tLSStoreNamespaceLister struct {
|
||||
indexer cache.Indexer
|
||||
namespace string
|
||||
}
|
||||
|
||||
// List lists all TLSStores in the indexer for a given namespace.
|
||||
func (s tLSStoreNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.TLSStore, err error) {
|
||||
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
|
||||
ret = append(ret, m.(*v1alpha1.TLSStore))
|
||||
})
|
||||
return ret, err
|
||||
}
|
||||
|
||||
// Get retrieves the TLSStore from the indexer for a given namespace and name.
|
||||
func (s tLSStoreNamespaceLister) Get(name string) (*v1alpha1.TLSStore, error) {
|
||||
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if !exists {
|
||||
return nil, errors.NewNotFound(v1alpha1.Resource("tlsstore"), name)
|
||||
}
|
||||
return obj.(*v1alpha1.TLSStore), nil
|
||||
}
|
|
@ -171,6 +171,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
|
|||
TLS: &dynamic.TLSConfiguration{
|
||||
Certificates: getTLSConfig(tlsConfigs),
|
||||
Options: buildTLSOptions(ctx, client),
|
||||
Stores: buildTLSStores(ctx, client),
|
||||
},
|
||||
}
|
||||
|
||||
|
@ -466,6 +467,7 @@ func buildTLSOptions(ctx context.Context, client Client) map[string]tls.Options
|
|||
return tlsOptions
|
||||
}
|
||||
tlsOptions = make(map[string]tls.Options)
|
||||
var nsDefault []string
|
||||
|
||||
for _, tlsOption := range tlsOptionsCRD {
|
||||
logger := log.FromContext(log.With(ctx, log.Str("tlsOption", tlsOption.Name), log.Str("namespace", tlsOption.Namespace)))
|
||||
|
@ -492,7 +494,13 @@ func buildTLSOptions(ctx context.Context, client Client) map[string]tls.Options
|
|||
clientCAs = append(clientCAs, tls.FileOrContent(cert))
|
||||
}
|
||||
|
||||
tlsOptions[makeID(tlsOption.Namespace, tlsOption.Name)] = tls.Options{
|
||||
id := makeID(tlsOption.Namespace, tlsOption.Name)
|
||||
// If the name is default, we override the default config.
|
||||
if tlsOption.Name == "default" {
|
||||
id = tlsOption.Name
|
||||
nsDefault = append(nsDefault, tlsOption.Namespace)
|
||||
}
|
||||
tlsOptions[id] = tls.Options{
|
||||
MinVersion: tlsOption.Spec.MinVersion,
|
||||
MaxVersion: tlsOption.Spec.MaxVersion,
|
||||
CipherSuites: tlsOption.Spec.CipherSuites,
|
||||
|
@ -505,9 +513,68 @@ func buildTLSOptions(ctx context.Context, client Client) map[string]tls.Options
|
|||
PreferServerCipherSuites: tlsOption.Spec.PreferServerCipherSuites,
|
||||
}
|
||||
}
|
||||
|
||||
if len(nsDefault) > 1 {
|
||||
delete(tlsOptions, "default")
|
||||
log.FromContext(ctx).Errorf("Default TLS Options defined in multiple namespaces: %v", nsDefault)
|
||||
}
|
||||
|
||||
return tlsOptions
|
||||
}
|
||||
|
||||
func buildTLSStores(ctx context.Context, client Client) map[string]tls.Store {
|
||||
tlsStoreCRD := client.GetTLSStores()
|
||||
var tlsStores map[string]tls.Store
|
||||
|
||||
if len(tlsStoreCRD) == 0 {
|
||||
return tlsStores
|
||||
}
|
||||
tlsStores = make(map[string]tls.Store)
|
||||
var nsDefault []string
|
||||
|
||||
for _, tlsStore := range tlsStoreCRD {
|
||||
namespace := tlsStore.Namespace
|
||||
secretName := tlsStore.Spec.DefaultCertificate.SecretName
|
||||
logger := log.FromContext(log.With(ctx, log.Str("tlsStore", tlsStore.Name), log.Str("namespace", namespace), log.Str("secretName", secretName)))
|
||||
|
||||
secret, exists, err := client.GetSecret(namespace, secretName)
|
||||
if err != nil {
|
||||
logger.Errorf("Failed to fetch secret %s/%s: %v", namespace, secretName, err)
|
||||
continue
|
||||
}
|
||||
if !exists {
|
||||
logger.Errorf("Secret %s/%s does not exist", namespace, secretName)
|
||||
continue
|
||||
}
|
||||
|
||||
cert, key, err := getCertificateBlocks(secret, namespace, secretName)
|
||||
if err != nil {
|
||||
logger.Errorf("Could not get certificate blocks: %v", err)
|
||||
continue
|
||||
}
|
||||
|
||||
id := makeID(tlsStore.Namespace, tlsStore.Name)
|
||||
// If the name is default, we override the default config.
|
||||
if tlsStore.Name == "default" {
|
||||
id = tlsStore.Name
|
||||
nsDefault = append(nsDefault, tlsStore.Namespace)
|
||||
}
|
||||
tlsStores[id] = tls.Store{
|
||||
DefaultCertificate: &tls.Certificate{
|
||||
CertFile: tls.FileOrContent(cert),
|
||||
KeyFile: tls.FileOrContent(key),
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
if len(nsDefault) > 1 {
|
||||
delete(tlsStores, "default")
|
||||
log.FromContext(ctx).Errorf("Default TLS Stores defined in multiple namespaces: %v", nsDefault)
|
||||
}
|
||||
|
||||
return tlsStores
|
||||
}
|
||||
|
||||
func checkStringQuoteValidity(value string) error {
|
||||
_, err := strconv.Unquote(`"` + value + `"`)
|
||||
return err
|
||||
|
|
|
@ -746,6 +746,53 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
|
|||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "TLS with tls Store",
|
||||
paths: []string{"tcp/services.yml", "tcp/with_tls_store.yml"},
|
||||
expected: &dynamic.Configuration{
|
||||
TLS: &dynamic.TLSConfiguration{
|
||||
Stores: map[string]tls.Store{
|
||||
"default": {
|
||||
DefaultCertificate: &tls.Certificate{
|
||||
CertFile: tls.FileOrContent("-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----"),
|
||||
KeyFile: tls.FileOrContent("-----BEGIN PRIVATE KEY-----\n-----END PRIVATE KEY-----"),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
TCP: &dynamic.TCPConfiguration{
|
||||
Routers: map[string]*dynamic.TCPRouter{
|
||||
"default-test.route-fdd3e9338e47a45efefc": {
|
||||
EntryPoints: []string{"foo"},
|
||||
Service: "default-test.route-fdd3e9338e47a45efefc",
|
||||
Rule: "HostSNI(`foo.com`)",
|
||||
TLS: &dynamic.RouterTCPTLSConfig{},
|
||||
},
|
||||
},
|
||||
Services: map[string]*dynamic.TCPService{
|
||||
"default-test.route-fdd3e9338e47a45efefc": {
|
||||
LoadBalancer: &dynamic.TCPServersLoadBalancer{
|
||||
Servers: []dynamic.TCPServer{
|
||||
{
|
||||
Address: "10.10.0.1:8000",
|
||||
Port: "",
|
||||
},
|
||||
{
|
||||
Address: "10.10.0.2:8000",
|
||||
Port: "",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
HTTP: &dynamic.HTTPConfiguration{
|
||||
Routers: map[string]*dynamic.Router{},
|
||||
Middlewares: map[string]*dynamic.Middleware{},
|
||||
Services: map[string]*dynamic.Service{},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
|
@ -1937,6 +1984,107 @@ func TestLoadIngressRoutes(t *testing.T) {
|
|||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "TLS with two default tls options",
|
||||
paths: []string{"services.yml", "with_default_tls_options.yml", "with_default_tls_options_default_namespace.yml"},
|
||||
expected: &dynamic.Configuration{
|
||||
TLS: &dynamic.TLSConfiguration{
|
||||
Options: map[string]tls.Options{},
|
||||
},
|
||||
TCP: &dynamic.TCPConfiguration{
|
||||
Routers: map[string]*dynamic.TCPRouter{},
|
||||
Services: map[string]*dynamic.TCPService{},
|
||||
},
|
||||
HTTP: &dynamic.HTTPConfiguration{
|
||||
Routers: map[string]*dynamic.Router{
|
||||
"default-test-route-6b204d94623b3df4370c": {
|
||||
EntryPoints: []string{"web"},
|
||||
Service: "default-test-route-6b204d94623b3df4370c",
|
||||
Rule: "Host(`foo.com`) && PathPrefix(`/bar`)",
|
||||
Priority: 12,
|
||||
TLS: &dynamic.RouterTLSConfig{
|
||||
Options: "default-foo",
|
||||
},
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.Middleware{},
|
||||
Services: map[string]*dynamic.Service{
|
||||
"default-test-route-6b204d94623b3df4370c": {
|
||||
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||
Servers: []dynamic.Server{
|
||||
{
|
||||
URL: "http://10.10.0.1:80",
|
||||
},
|
||||
{
|
||||
URL: "http://10.10.0.2:80",
|
||||
},
|
||||
},
|
||||
PassHostHeader: Bool(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "TLS with default tls options",
|
||||
paths: []string{"services.yml", "with_default_tls_options.yml"},
|
||||
expected: &dynamic.Configuration{
|
||||
TLS: &dynamic.TLSConfiguration{
|
||||
Options: map[string]tls.Options{
|
||||
"default": {
|
||||
MinVersion: "VersionTLS12",
|
||||
CipherSuites: []string{
|
||||
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
"TLS_RSA_WITH_AES_256_GCM_SHA384",
|
||||
},
|
||||
ClientAuth: tls.ClientAuth{
|
||||
CAFiles: []tls.FileOrContent{
|
||||
tls.FileOrContent("-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----"),
|
||||
tls.FileOrContent("-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----"),
|
||||
},
|
||||
ClientAuthType: "VerifyClientCertIfGiven",
|
||||
},
|
||||
SniStrict: true,
|
||||
PreferServerCipherSuites: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
TCP: &dynamic.TCPConfiguration{
|
||||
Routers: map[string]*dynamic.TCPRouter{},
|
||||
Services: map[string]*dynamic.TCPService{},
|
||||
},
|
||||
HTTP: &dynamic.HTTPConfiguration{
|
||||
Routers: map[string]*dynamic.Router{
|
||||
"default-test-route-6b204d94623b3df4370c": {
|
||||
EntryPoints: []string{"web"},
|
||||
Service: "default-test-route-6b204d94623b3df4370c",
|
||||
Rule: "Host(`foo.com`) && PathPrefix(`/bar`)",
|
||||
Priority: 12,
|
||||
TLS: &dynamic.RouterTLSConfig{
|
||||
Options: "default-foo",
|
||||
},
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.Middleware{},
|
||||
Services: map[string]*dynamic.Service{
|
||||
"default-test-route-6b204d94623b3df4370c": {
|
||||
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||
Servers: []dynamic.Server{
|
||||
{
|
||||
URL: "http://10.10.0.1:80",
|
||||
},
|
||||
{
|
||||
URL: "http://10.10.0.2:80",
|
||||
},
|
||||
},
|
||||
PassHostHeader: Bool(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "TLS with tls options and specific namespace",
|
||||
paths: []string{"services.yml", "with_tls_options_and_specific_namespace.yml"},
|
||||
|
@ -2369,6 +2517,93 @@ func TestLoadIngressRoutes(t *testing.T) {
|
|||
TLS: &dynamic.TLSConfiguration{},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "TLS with tls store",
|
||||
paths: []string{"services.yml", "with_tls_store.yml"},
|
||||
expected: &dynamic.Configuration{
|
||||
TLS: &dynamic.TLSConfiguration{
|
||||
Stores: map[string]tls.Store{
|
||||
"default": {
|
||||
DefaultCertificate: &tls.Certificate{
|
||||
CertFile: tls.FileOrContent("-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----"),
|
||||
KeyFile: tls.FileOrContent("-----BEGIN PRIVATE KEY-----\n-----END PRIVATE KEY-----"),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
TCP: &dynamic.TCPConfiguration{
|
||||
Routers: map[string]*dynamic.TCPRouter{},
|
||||
Services: map[string]*dynamic.TCPService{},
|
||||
},
|
||||
HTTP: &dynamic.HTTPConfiguration{
|
||||
Routers: map[string]*dynamic.Router{
|
||||
"default-test-route-6b204d94623b3df4370c": {
|
||||
EntryPoints: []string{"web"},
|
||||
Service: "default-test-route-6b204d94623b3df4370c",
|
||||
Rule: "Host(`foo.com`) && PathPrefix(`/bar`)",
|
||||
Priority: 12,
|
||||
TLS: &dynamic.RouterTLSConfig{},
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.Middleware{},
|
||||
Services: map[string]*dynamic.Service{
|
||||
"default-test-route-6b204d94623b3df4370c": {
|
||||
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||
Servers: []dynamic.Server{
|
||||
{
|
||||
URL: "http://10.10.0.1:80",
|
||||
},
|
||||
{
|
||||
URL: "http://10.10.0.2:80",
|
||||
},
|
||||
},
|
||||
PassHostHeader: Bool(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "TLS with tls store default two times",
|
||||
paths: []string{"services.yml", "with_tls_store.yml", "with_default_tls_store.yml"},
|
||||
expected: &dynamic.Configuration{
|
||||
TLS: &dynamic.TLSConfiguration{
|
||||
Stores: map[string]tls.Store{},
|
||||
},
|
||||
TCP: &dynamic.TCPConfiguration{
|
||||
Routers: map[string]*dynamic.TCPRouter{},
|
||||
Services: map[string]*dynamic.TCPService{},
|
||||
},
|
||||
HTTP: &dynamic.HTTPConfiguration{
|
||||
Routers: map[string]*dynamic.Router{
|
||||
"default-test-route-6b204d94623b3df4370c": {
|
||||
EntryPoints: []string{"web"},
|
||||
Service: "default-test-route-6b204d94623b3df4370c",
|
||||
Rule: "Host(`foo.com`) && PathPrefix(`/bar`)",
|
||||
Priority: 12,
|
||||
TLS: &dynamic.RouterTLSConfig{},
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.Middleware{},
|
||||
Services: map[string]*dynamic.Service{
|
||||
"default-test-route-6b204d94623b3df4370c": {
|
||||
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||
Servers: []dynamic.Server{
|
||||
{
|
||||
URL: "http://10.10.0.1:80",
|
||||
},
|
||||
{
|
||||
URL: "http://10.10.0.2:80",
|
||||
},
|
||||
},
|
||||
PassHostHeader: Bool(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "port selected by name (TODO)",
|
||||
},
|
||||
|
|
|
@ -38,7 +38,9 @@ type TLS struct {
|
|||
// certificate details.
|
||||
SecretName string `json:"secretName"`
|
||||
// Options is a reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
Options *TLSOptionRef `json:"options,omitempty"`
|
||||
Options *TLSOptionRef `json:"options,omitempty"`
|
||||
// Store is a reference to a TLSStore, that specifies the parameters of the TLS store.
|
||||
Store *TLSStoreRef `json:"store,omitempty"`
|
||||
CertResolver string `json:"certResolver,omitempty"`
|
||||
Domains []types.Domain `json:"domains,omitempty"`
|
||||
}
|
||||
|
@ -49,6 +51,12 @@ type TLSOptionRef struct {
|
|||
Namespace string `json:"namespace"`
|
||||
}
|
||||
|
||||
// TLSStoreRef is a ref to the TLSStore resource.
|
||||
type TLSStoreRef struct {
|
||||
Name string `json:"name"`
|
||||
Namespace string `json:"namespace"`
|
||||
}
|
||||
|
||||
// LoadBalancerSpec can reference either a Kubernetes Service object (a load-balancer of servers),
|
||||
// or a TraefikService object (a traefik load-balancer of services).
|
||||
type LoadBalancerSpec struct {
|
||||
|
|
|
@ -32,9 +32,11 @@ type TLSTCP struct {
|
|||
SecretName string `json:"secretName"`
|
||||
Passthrough bool `json:"passthrough"`
|
||||
// Options is a reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
Options *TLSOptionTCPRef `json:"options"`
|
||||
CertResolver string `json:"certResolver"`
|
||||
Domains []types.Domain `json:"domains,omitempty"`
|
||||
Options *TLSOptionTCPRef `json:"options"`
|
||||
// Store is a reference to a TLSStore, that specifies the parameters of the TLS store.
|
||||
Store *TLSStoreTCPRef `json:"store"`
|
||||
CertResolver string `json:"certResolver"`
|
||||
Domains []types.Domain `json:"domains,omitempty"`
|
||||
}
|
||||
|
||||
// TLSOptionTCPRef is a ref to the TLSOption resources.
|
||||
|
@ -43,6 +45,12 @@ type TLSOptionTCPRef struct {
|
|||
Namespace string `json:"namespace"`
|
||||
}
|
||||
|
||||
// TLSStoreTCPRef is a ref to the TLSStore resources.
|
||||
type TLSStoreTCPRef struct {
|
||||
Name string `json:"name"`
|
||||
Namespace string `json:"namespace"`
|
||||
}
|
||||
|
||||
// ServiceTCP defines an upstream to proxy traffic.
|
||||
type ServiceTCP struct {
|
||||
Name string `json:"name"`
|
||||
|
|
|
@ -41,6 +41,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
|
|||
&MiddlewareList{},
|
||||
&TLSOption{},
|
||||
&TLSOptionList{},
|
||||
&TLSStore{},
|
||||
&TLSStoreList{},
|
||||
&TraefikService{},
|
||||
&TraefikServiceList{},
|
||||
)
|
||||
|
|
42
pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsstore.go
Normal file
42
pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsstore.go
Normal file
|
@ -0,0 +1,42 @@
|
|||
package v1alpha1
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// +genclient
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
|
||||
// TLSStore is a specification for a TLSStore resource.
|
||||
type TLSStore struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata"`
|
||||
|
||||
Spec TLSStoreSpec `json:"spec"`
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// TLSStoreSpec configures a TLSStore resource.
|
||||
type TLSStoreSpec struct {
|
||||
DefaultCertificate DefaultCertificate `json:"defaultCertificate"`
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// DefaultCertificate holds a secret name for the TLSOption resource.
|
||||
type DefaultCertificate struct {
|
||||
// SecretName is the name of the referenced Kubernetes Secret to specify the
|
||||
// certificate details.
|
||||
SecretName string `json:"secretName,omitempty"`
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
|
||||
// TLSStoreList is a list of TLSStore resources.
|
||||
type TLSStoreList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata"`
|
||||
|
||||
Items []TLSStore `json:"items"`
|
||||
}
|
|
@ -108,6 +108,22 @@ func (in *ClientTLS) DeepCopy() *ClientTLS {
|
|||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *DefaultCertificate) DeepCopyInto(out *DefaultCertificate) {
|
||||
*out = *in
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultCertificate.
|
||||
func (in *DefaultCertificate) DeepCopy() *DefaultCertificate {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(DefaultCertificate)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *DigestAuth) DeepCopyInto(out *DigestAuth) {
|
||||
*out = *in
|
||||
|
@ -793,6 +809,11 @@ func (in *TLS) DeepCopyInto(out *TLS) {
|
|||
*out = new(TLSOptionRef)
|
||||
**out = **in
|
||||
}
|
||||
if in.Store != nil {
|
||||
in, out := &in.Store, &out.Store
|
||||
*out = new(TLSStoreRef)
|
||||
**out = **in
|
||||
}
|
||||
if in.Domains != nil {
|
||||
in, out := &in.Domains, &out.Domains
|
||||
*out = make([]types.Domain, len(*in))
|
||||
|
@ -932,6 +953,115 @@ func (in *TLSOptionTCPRef) DeepCopy() *TLSOptionTCPRef {
|
|||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *TLSStore) DeepCopyInto(out *TLSStore) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
||||
out.Spec = in.Spec
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSStore.
|
||||
func (in *TLSStore) DeepCopy() *TLSStore {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(TLSStore)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *TLSStore) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *TLSStoreList) DeepCopyInto(out *TLSStoreList) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
||||
if in.Items != nil {
|
||||
in, out := &in.Items, &out.Items
|
||||
*out = make([]TLSStore, len(*in))
|
||||
for i := range *in {
|
||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSStoreList.
|
||||
func (in *TLSStoreList) DeepCopy() *TLSStoreList {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(TLSStoreList)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *TLSStoreList) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *TLSStoreRef) DeepCopyInto(out *TLSStoreRef) {
|
||||
*out = *in
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSStoreRef.
|
||||
func (in *TLSStoreRef) DeepCopy() *TLSStoreRef {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(TLSStoreRef)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *TLSStoreSpec) DeepCopyInto(out *TLSStoreSpec) {
|
||||
*out = *in
|
||||
out.DefaultCertificate = in.DefaultCertificate
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSStoreSpec.
|
||||
func (in *TLSStoreSpec) DeepCopy() *TLSStoreSpec {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(TLSStoreSpec)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *TLSStoreTCPRef) DeepCopyInto(out *TLSStoreTCPRef) {
|
||||
*out = *in
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSStoreTCPRef.
|
||||
func (in *TLSStoreTCPRef) DeepCopy() *TLSStoreTCPRef {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(TLSStoreTCPRef)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *TLSTCP) DeepCopyInto(out *TLSTCP) {
|
||||
*out = *in
|
||||
|
@ -940,6 +1070,11 @@ func (in *TLSTCP) DeepCopyInto(out *TLSTCP) {
|
|||
*out = new(TLSOptionTCPRef)
|
||||
**out = **in
|
||||
}
|
||||
if in.Store != nil {
|
||||
in, out := &in.Store, &out.Store
|
||||
*out = new(TLSStoreTCPRef)
|
||||
**out = **in
|
||||
}
|
||||
if in.Domains != nil {
|
||||
in, out := &in.Domains, &out.Domains
|
||||
*out = make([]types.Domain, len(*in))
|
||||
|
|
|
@ -12,7 +12,7 @@ import (
|
|||
|
||||
// MustParseYaml parses a YAML to objects.
|
||||
func MustParseYaml(content []byte) []runtime.Object {
|
||||
acceptedK8sTypes := regexp.MustCompile(`^(Deployment|Endpoints|Service|Ingress|IngressRoute|IngressRouteTCP|Middleware|Secret|TLSOption|TraefikService)$`)
|
||||
acceptedK8sTypes := regexp.MustCompile(`^(Deployment|Endpoints|Service|Ingress|IngressRoute|IngressRouteTCP|Middleware|Secret|TLSOption|TLSStore|TraefikService)$`)
|
||||
|
||||
files := strings.Split(string(content), "---")
|
||||
retVal := make([]runtime.Object, 0, len(files))
|
||||
|
|
|
@ -29,6 +29,7 @@ func mergeConfiguration(configurations dynamic.Configurations) dynamic.Configura
|
|||
}
|
||||
|
||||
var defaultTLSOptionProviders []string
|
||||
var defaultTLSStoreProviders []string
|
||||
for pvd, configuration := range configurations {
|
||||
if configuration.HTTP != nil {
|
||||
for routerName, router := range configuration.HTTP.Routers {
|
||||
|
@ -64,6 +65,11 @@ func mergeConfiguration(configurations dynamic.Configurations) dynamic.Configura
|
|||
conf.TLS.Certificates = append(conf.TLS.Certificates, configuration.TLS.Certificates...)
|
||||
|
||||
for key, store := range configuration.TLS.Stores {
|
||||
if key != "default" {
|
||||
key = provider.MakeQualifiedName(pvd, key)
|
||||
} else {
|
||||
defaultTLSStoreProviders = append(defaultTLSStoreProviders, pvd)
|
||||
}
|
||||
conf.TLS.Stores[key] = store
|
||||
}
|
||||
|
||||
|
@ -79,6 +85,11 @@ func mergeConfiguration(configurations dynamic.Configurations) dynamic.Configura
|
|||
}
|
||||
}
|
||||
|
||||
if len(defaultTLSStoreProviders) > 1 {
|
||||
log.WithoutContext().Errorf("Default TLS Stores defined multiple times in %v", defaultTLSOptionProviders)
|
||||
delete(conf.TLS.Stores, "default")
|
||||
}
|
||||
|
||||
if len(defaultTLSOptionProviders) == 0 {
|
||||
conf.TLS.Options["default"] = tls.DefaultTLSOptions
|
||||
} else if len(defaultTLSOptionProviders) > 1 {
|
||||
|
|
|
@ -294,3 +294,95 @@ func TestAggregator_tlsoptions(t *testing.T) {
|
|||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestAggregator_tlsStore(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
given dynamic.Configurations
|
||||
expected map[string]tls.Store
|
||||
}{
|
||||
{
|
||||
desc: "Create a valid default tls store when appears only in one provider",
|
||||
given: dynamic.Configurations{
|
||||
"provider-1": &dynamic.Configuration{
|
||||
TLS: &dynamic.TLSConfiguration{
|
||||
Stores: map[string]tls.Store{
|
||||
"default": {
|
||||
DefaultCertificate: &tls.Certificate{
|
||||
CertFile: "foo",
|
||||
KeyFile: "bar",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"provider-2": &dynamic.Configuration{
|
||||
TLS: &dynamic.TLSConfiguration{
|
||||
Stores: map[string]tls.Store{
|
||||
"foo": {
|
||||
DefaultCertificate: &tls.Certificate{
|
||||
CertFile: "foo",
|
||||
KeyFile: "bar",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expected: map[string]tls.Store{
|
||||
"default": {
|
||||
DefaultCertificate: &tls.Certificate{
|
||||
CertFile: "foo",
|
||||
KeyFile: "bar",
|
||||
},
|
||||
},
|
||||
"foo@provider-2": {
|
||||
DefaultCertificate: &tls.Certificate{
|
||||
CertFile: "foo",
|
||||
KeyFile: "bar",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Don't default tls store when appears two times",
|
||||
given: dynamic.Configurations{
|
||||
"provider-1": &dynamic.Configuration{
|
||||
TLS: &dynamic.TLSConfiguration{
|
||||
Stores: map[string]tls.Store{
|
||||
"default": {
|
||||
DefaultCertificate: &tls.Certificate{
|
||||
CertFile: "foo",
|
||||
KeyFile: "bar",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"provider-2": &dynamic.Configuration{
|
||||
TLS: &dynamic.TLSConfiguration{
|
||||
Stores: map[string]tls.Store{
|
||||
"default": {
|
||||
DefaultCertificate: &tls.Certificate{
|
||||
CertFile: "foo",
|
||||
KeyFile: "bar",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expected: map[string]tls.Store{},
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
test := test
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
actual := mergeConfiguration(test.given)
|
||||
assert.Equal(t, test.expected, actual.TLS.Stores)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue