76 lines
3.4 KiB
Go
76 lines
3.4 KiB
Go
package v1alpha1
|
|
|
|
import (
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
)
|
|
|
|
// +genclient
|
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
// +kubebuilder:storageversion
|
|
|
|
// TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
|
|
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
|
|
type TLSOption struct {
|
|
metav1.TypeMeta `json:",inline"`
|
|
// Standard object's metadata.
|
|
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
|
metav1.ObjectMeta `json:"metadata"`
|
|
|
|
Spec TLSOptionSpec `json:"spec"`
|
|
}
|
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
// TLSOptionSpec defines the desired state of a TLSOption.
|
|
type TLSOptionSpec struct {
|
|
// MinVersion defines the minimum TLS version that Traefik will accept.
|
|
// Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
|
|
// Default: VersionTLS10.
|
|
MinVersion string `json:"minVersion,omitempty"`
|
|
// MaxVersion defines the maximum TLS version that Traefik will accept.
|
|
// Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
|
|
// Default: None.
|
|
MaxVersion string `json:"maxVersion,omitempty"`
|
|
// CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
|
|
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites
|
|
CipherSuites []string `json:"cipherSuites,omitempty"`
|
|
// CurvePreferences defines the preferred elliptic curves in a specific order.
|
|
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences
|
|
CurvePreferences []string `json:"curvePreferences,omitempty"`
|
|
// ClientAuth defines the server's policy for TLS Client Authentication.
|
|
ClientAuth ClientAuth `json:"clientAuth,omitempty"`
|
|
// SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
|
|
SniStrict bool `json:"sniStrict,omitempty"`
|
|
// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
|
|
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols
|
|
ALPNProtocols []string `json:"alpnProtocols,omitempty"`
|
|
|
|
// PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
|
|
// It is enabled automatically when minVersion or maxVersion is set.
|
|
// Deprecated: https://github.com/golang/go/issues/45430
|
|
PreferServerCipherSuites *bool `json:"preferServerCipherSuites,omitempty"`
|
|
}
|
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
// ClientAuth holds the TLS client authentication configuration.
|
|
type ClientAuth struct {
|
|
// SecretNames defines the names of the referenced Kubernetes Secret storing certificate details.
|
|
SecretNames []string `json:"secretNames,omitempty"`
|
|
// ClientAuthType defines the client authentication type to apply.
|
|
// +kubebuilder:validation:Enum=NoClientCert;RequestClientCert;RequireAnyClientCert;VerifyClientCertIfGiven;RequireAndVerifyClientCert
|
|
ClientAuthType string `json:"clientAuthType,omitempty"`
|
|
}
|
|
|
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
|
|
// TLSOptionList is a collection of TLSOption resources.
|
|
type TLSOptionList struct {
|
|
metav1.TypeMeta `json:",inline"`
|
|
// Standard object's metadata.
|
|
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
|
metav1.ListMeta `json:"metadata"`
|
|
|
|
// Items is the list of TLSOption.
|
|
Items []TLSOption `json:"items"`
|
|
}
|