cybercyst/traefik
1
0
Fork 0
mirror of https://github.com/traefik/traefik.git synced 2025-05-05 15:33:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
traefik/pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go
Kevin Pollet 405be420c9
Prepare release v3.4.0-rc1
2025-03-31 15:42:05 +02:00

106 lines
5.4 KiB
Go
Raw Blame History

package v1alpha1
import (
"github.com/traefik/traefik/v3/pkg/config/dynamic"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:storageversion
// ServersTransport is the CRD implementation of a ServersTransport.
// If no serversTransport is specified, the default@internal will be used.
// The default@internal serversTransport is created from the static configuration.
// More info: https://doc.traefik.io/traefik/v3.4/routing/services/#serverstransport_1
type ServersTransport struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata"`
Spec ServersTransportSpec `json:"spec"`
}
// +k8s:deepcopy-gen=true
// ServersTransportSpec defines the desired state of a ServersTransport.
type ServersTransportSpec struct {
// ServerName defines the server name used to contact the server.
ServerName string `json:"serverName,omitempty"`
// InsecureSkipVerify disables SSL certificate verification.
InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`
// RootCAs defines a list of CA certificate Secrets or ConfigMaps used to validate server certificates.
RootCAs []RootCA `json:"rootCAs,omitempty"`
// RootCAsSecrets defines a list of CA secret used to validate self-signed certificate.
// Deprecated: RootCAsSecrets is deprecated, please use the RootCAs option instead.
RootCAsSecrets []string `json:"rootCAsSecrets,omitempty"`
// CertificatesSecrets defines a list of secret storing client certificates for mTLS.
CertificatesSecrets []string `json:"certificatesSecrets,omitempty"`
// MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host.
// +kubebuilder:validation:Minimum=0
MaxIdleConnsPerHost int `json:"maxIdleConnsPerHost,omitempty"`
// ForwardingTimeouts defines the timeouts for requests forwarded to the backend servers.
ForwardingTimeouts *ForwardingTimeouts `json:"forwardingTimeouts,omitempty"`
// DisableHTTP2 disables HTTP/2 for connections with backend servers.
DisableHTTP2 bool `json:"disableHTTP2,omitempty"`
// PeerCertURI defines the peer cert URI used to match against SAN URI during the peer certificate verification.
PeerCertURI string `json:"peerCertURI,omitempty"`
// Spiffe defines the SPIFFE configuration.
Spiffe *dynamic.Spiffe `json:"spiffe,omitempty"`
}
// +k8s:deepcopy-gen=true
// ForwardingTimeouts holds the timeout configurations for forwarding requests to the backend servers.
type ForwardingTimeouts struct {
// DialTimeout is the amount of time to wait until a connection to a backend server can be established.
// +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$"
// +kubebuilder:validation:XIntOrString
DialTimeout *intstr.IntOrString `json:"dialTimeout,omitempty"`
// ResponseHeaderTimeout is the amount of time to wait for a server's response headers after fully writing the request (including its body, if any).
// +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$"
// +kubebuilder:validation:XIntOrString
ResponseHeaderTimeout *intstr.IntOrString `json:"responseHeaderTimeout,omitempty"`
// IdleConnTimeout is the maximum period for which an idle HTTP keep-alive connection will remain open before closing itself.
// +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$"
// +kubebuilder:validation:XIntOrString
IdleConnTimeout *intstr.IntOrString `json:"idleConnTimeout,omitempty"`
// ReadIdleTimeout is the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection.
// +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$"
// +kubebuilder:validation:XIntOrString
ReadIdleTimeout *intstr.IntOrString `json:"readIdleTimeout,omitempty"`
// PingTimeout is the timeout after which the HTTP/2 connection will be closed if a response to ping is not received.
// +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$"
// +kubebuilder:validation:XIntOrString
PingTimeout *intstr.IntOrString `json:"pingTimeout,omitempty"`
}
// +k8s:deepcopy-gen=true
// RootCA defines a reference to a Secret or a ConfigMap that holds a CA certificate.
// If both a Secret and a ConfigMap reference are defined, the Secret reference takes precedence.
// +kubebuilder:validation:XValidation:rule="has(self.secret) && has(self.configMap)",message="RootCA cannot have both Secret and ConfigMap defined."
type RootCA struct {
// Secret defines the name of a Secret that holds a CA certificate.
// The referenced Secret must contain a certificate under either a tls.ca or a ca.crt key.
Secret *string `json:"secret,omitempty"`
// ConfigMap defines the name of a ConfigMap that holds a CA certificate.
// The referenced ConfigMap must contain a certificate under either a tls.ca or a ca.crt key.
ConfigMap *string `json:"configMap,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ServersTransportList is a collection of ServersTransport resources.
type ServersTransportList struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
// Items is the list of ServersTransport.
Items []ServersTransport `json:"items"`
}
Reference in New Issue View Git Blame Copy Permalink