baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

doc: Improve TLSStore CRD documentation

Browse source
This commit is contained in:
mloiseleur 2022-12-15 14:32:06 +01:00 committed by GitHub
parent 74ef79ea23
commit e7baf44a2e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
docs/content/routing/providers/kubernetes-crd.md
View file

@ -1609,14 +1609,14 @@ or referencing TLS options in the [`IngressRoute`](#kind-ingressroute) / [`Ingre
`TLSStore` is the CRD implementation of a [Traefik "TLS Store"](../../https/tls.md#certificates-stores). `TLSStore` is the CRD implementation of a [Traefik "TLS Store"](../../https/tls.md#certificates-stores).
Register the `TLSStore` kind in the Kubernetes cluster before creating `TLSStore` objects Register the `TLSStore` kind in the Kubernetes cluster before creating `TLSStore` objects.
or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`IngressRouteTCP`](#kind-ingressroutetcp) objects.
!!! important "Default TLS Store" !!! important "Default TLS Store"
Traefik currently only uses the [TLS Store named "default"](../../https/tls.md#certificates-stores). Traefik currently only uses the [TLS Store named "default"](../../https/tls.md#certificates-stores).
This _default_ `TLSStore` should be in a namespace discoverable by Traefik. Since it is used by default on [`IngressRoute`](#kind-ingressroute) and [`IngressRouteTCP`](#kind-ingressroutetcp) objects, there never is a need to actually reference it.
This means that you cannot have two stores that are named default in different Kubernetes namespaces. This means that you cannot have two stores that are named default in different Kubernetes namespaces.
For the time being, please only configure one TLSStore named default. As a consequence, with respect to TLS stores, the only change that makes sense (and only if needed) is to configure the default TLSStore.
!!! info "TLSStore Attributes" !!! info "TLSStore Attributes"
```yaml tab="TLSStore" ```yaml tab="TLSStore"
@ -1624,7 +1624,7 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
kind: TLSStore kind: TLSStore
metadata: metadata:
name: default name: default
namespace: default
spec: spec:
certificates: # [1] certificates: # [1]
- secretName: foo - secretName: foo
@ -1645,8 +1645,7 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
kind: TLSStore kind: TLSStore
metadata: metadata:
name: default name: default
namespace: default
spec: spec:
defaultCertificate: defaultCertificate:
secretName: supersecret secretName: supersecret
@ -1660,16 +1659,14 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
spec: spec:
entryPoints: entryPoints:
- web - websecure
routes: routes:
- match: Host(`example.com`) && PathPrefix(`/stripit`) - match: Host(`example.com`) && PathPrefix(`/stripit`)
kind: Rule kind: Rule
services: services:
- name: whoami - name: whoami
port: 80 port: 80
tls: tls: {}
store:
name: default
``` ```
```yaml tab="Secret" ```yaml tab="Secret"