152 lines
2.1 KiB
YAML
152 lines
2.1 KiB
YAML
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: root-ca0
|
|
namespace: foo
|
|
|
|
data:
|
|
foobar: VEVTVFJPT1RDQVMw
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: root-ca1
|
|
namespace: foo
|
|
|
|
data:
|
|
tls.ca: VEVTVFJPT1RDQVMx
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: root-ca2
|
|
namespace: foo
|
|
|
|
data:
|
|
tls.ca: VEVTVFJPT1RDQVMy
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: root-ca3
|
|
namespace: foo
|
|
|
|
data:
|
|
ca.crt: VEVTVFJPT1RDQVMz
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: root-ca4
|
|
namespace: foo
|
|
|
|
data:
|
|
ca.crt: VEVTVFJPT1RDQVM0
|
|
tls.ca: VEVTVFJPT1RDQVM1 # <-- This should be the preferred one.
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: mtls1
|
|
namespace: foo
|
|
|
|
data:
|
|
tls.crt: VEVTVENFUlQx
|
|
tls.key: VEVTVEtFWTE=
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: mtls2
|
|
namespace: foo
|
|
|
|
data:
|
|
tls.crt: VEVTVENFUlQy
|
|
tls.key: VEVTVEtFWTI=
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: allcerts
|
|
namespace: foo
|
|
|
|
data:
|
|
ca.crt: VEVTVEFMTENFUlRT
|
|
tls.crt: VEVTVENFUlQz
|
|
tls.key: VEVTVEtFWTM=
|
|
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: ServersTransport
|
|
metadata:
|
|
name: test
|
|
namespace: foo
|
|
|
|
spec:
|
|
serverName: "test"
|
|
insecureSkipVerify: true
|
|
maxIdleConnsPerHost: 42
|
|
disableHTTP2: true
|
|
peerCertURI: foo://bar
|
|
rootCAsSecrets:
|
|
- root-ca0
|
|
- root-ca1
|
|
- root-ca2
|
|
- root-ca3
|
|
- root-ca4
|
|
- allcerts
|
|
certificatesSecrets:
|
|
- mtls1
|
|
- mtls2
|
|
- allcerts
|
|
forwardingTimeouts:
|
|
dialTimeout: 42
|
|
responseHeaderTimeout: 42s
|
|
idleConnTimeout: 42ms
|
|
readIdleTimeout: 42s
|
|
pingTimeout: 42s
|
|
spiffe:
|
|
ids:
|
|
- spiffe://foo/buz
|
|
- spiffe://bar/biz
|
|
trustDomain: spiffe://lol
|
|
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: ServersTransport
|
|
metadata:
|
|
name: test
|
|
namespace: default
|
|
|
|
spec:
|
|
serverName: "test"
|
|
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: test.route
|
|
namespace: default
|
|
|
|
spec:
|
|
entryPoints:
|
|
- foo
|
|
|
|
routes:
|
|
- match: Host(`foo.com`)
|
|
kind: Rule
|
|
services:
|
|
- name: external-svc-with-https
|
|
port: 443
|
|
serversTransport: test
|
|
- name: whoamitls
|
|
port: 443
|
|
serversTransport: default-test
|