-
Notifications
You must be signed in to change notification settings - Fork 4.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
kubernetes: document the TLS with ACME case
When we did the kubernetes crd implementation, we forgot to test the case for when one wants TLS, but handled with Let's Encrypt, i.e. without having to provide a Kubernetes Secret. We assumed it would be enough to provide (in YAML) a tls object with no field set, which would get us a non-nil IngressRouteSpec.TLS, allowing us to use IngressRouteSpec.TLS as the sentinel for whether TLS should be enabled. However, as IngressRouteSpec.TLS is a pointer, a tls object with no fields set will actually result in IngressRouteSpec.TLS being nil. This means at least one of the fields of the YAML tls object must exist. Therefore, we now use the secretName field value (for now, as it is the only field anyway) as the sentinel for whether Let's Encrypt should be used. This PR documents the above behavior, and adds a unit test for it. In addition, this PR fixes a related bug in the ACME provider: when a router is not configured with TLS enabled, the ACME provider does not try anymore to generate a (useless) certificate for the corresponding domain.
- Loading branch information
Showing
4 changed files
with
67 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
apiVersion: traefik.containo.us/v1alpha1 | ||
kind: IngressRoute | ||
metadata: | ||
name: test.crd | ||
namespace: default | ||
|
||
spec: | ||
entryPoints: | ||
- web | ||
|
||
routes: | ||
- match: Host(`foo.com`) && PathPrefix(`/bar`) | ||
kind: Rule | ||
priority: 12 | ||
services: | ||
- name: whoami | ||
port: 80 | ||
|
||
tls: | ||
secretName: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters