traefik/pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsoption.go
2024-10-02 16:24:04 +02:00

76 lines
3.4 KiB
Go

package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:storageversion
// TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
type TLSOption struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata"`
Spec TLSOptionSpec `json:"spec"`
}
// +k8s:deepcopy-gen=true
// TLSOptionSpec defines the desired state of a TLSOption.
type TLSOptionSpec struct {
// MinVersion defines the minimum TLS version that Traefik will accept.
// Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
// Default: VersionTLS10.
MinVersion string `json:"minVersion,omitempty"`
// MaxVersion defines the maximum TLS version that Traefik will accept.
// Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
// Default: None.
MaxVersion string `json:"maxVersion,omitempty"`
// CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites
CipherSuites []string `json:"cipherSuites,omitempty"`
// CurvePreferences defines the preferred elliptic curves in a specific order.
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences
CurvePreferences []string `json:"curvePreferences,omitempty"`
// ClientAuth defines the server's policy for TLS Client Authentication.
ClientAuth ClientAuth `json:"clientAuth,omitempty"`
// SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
SniStrict bool `json:"sniStrict,omitempty"`
// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols
ALPNProtocols []string `json:"alpnProtocols,omitempty"`
// PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
// It is enabled automatically when minVersion or maxVersion is set.
// Deprecated: https://github.com/golang/go/issues/45430
PreferServerCipherSuites *bool `json:"preferServerCipherSuites,omitempty"`
}
// +k8s:deepcopy-gen=true
// ClientAuth holds the TLS client authentication configuration.
type ClientAuth struct {
// SecretNames defines the names of the referenced Kubernetes Secret storing certificate details.
SecretNames []string `json:"secretNames,omitempty"`
// ClientAuthType defines the client authentication type to apply.
// +kubebuilder:validation:Enum=NoClientCert;RequestClientCert;RequireAnyClientCert;VerifyClientCertIfGiven;RequireAndVerifyClientCert
ClientAuthType string `json:"clientAuthType,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// TLSOptionList is a collection of TLSOption resources.
type TLSOptionList struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
// Items is the list of TLSOption.
Items []TLSOption `json:"items"`
}