k8s_crds_traefik/

tlsoptions.rs

// WARNING: generated by kopium - manual changes will be overwritten
// kopium command: kopium -f tlsoptions.yml --schema=derived --docs -b --derive=Default --derive=PartialEq --smart-derive-elision
// kopium version: 0.21.2

#[allow(unused_imports)]
mod prelude {
    pub use kube_derive::CustomResource;
    #[cfg(feature = "schemars")]
    pub use schemars::JsonSchema;
    pub use serde::{Deserialize, Serialize};
    #[cfg(feature = "builder")]
    pub use typed_builder::TypedBuilder;
}
use self::prelude::*;

/// TLSOptionSpec defines the desired state of a TLSOption.
#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
#[cfg_attr(not(feature = "schemars"), kube(schema = "disabled"))]
#[kube(
    group = "traefik.io",
    version = "v1alpha1",
    kind = "TLSOption",
    plural = "tlsoptions"
)]
#[kube(namespaced)]
#[kube(derive = "Default")]
#[kube(derive = "PartialEq")]
pub struct TLSOptionSpec {
    /// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
    /// More info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#alpn-protocols
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "alpnProtocols"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub alpn_protocols: Option<Vec<String>>,
    /// CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
    /// More info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#cipher-suites
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "cipherSuites"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub cipher_suites: Option<Vec<String>>,
    /// ClientAuth defines the server's policy for TLS Client Authentication.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "clientAuth"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub client_auth: Option<TLSOptionClientAuth>,
    /// CurvePreferences defines the preferred elliptic curves.
    /// More info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#curve-preferences
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "curvePreferences"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub curve_preferences: Option<Vec<String>>,
    /// DisableSessionTickets disables TLS session resumption via session tickets.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "disableSessionTickets"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub disable_session_tickets: Option<bool>,
    /// MaxVersion defines the maximum TLS version that Traefik will accept.
    /// Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
    /// Default: None.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "maxVersion"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub max_version: Option<String>,
    /// MinVersion defines the minimum TLS version that Traefik will accept.
    /// Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
    /// Default: VersionTLS10.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "minVersion"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub min_version: Option<String>,
    /// PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
    /// It is enabled automatically when minVersion or maxVersion is set.
    /// Deprecated: https://github.com/golang/go/issues/45430
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "preferServerCipherSuites"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub prefer_server_cipher_suites: Option<bool>,
    /// SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "sniStrict")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub sni_strict: Option<bool>,
}

/// ClientAuth defines the server's policy for TLS Client Authentication.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct TLSOptionClientAuth {
    /// ClientAuthType defines the client authentication type to apply.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "clientAuthType"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub client_auth_type: Option<TLSOptionClientAuthClientAuthType>,
    /// SecretNames defines the names of the referenced Kubernetes Secret storing certificate details.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "secretNames"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub secret_names: Option<Vec<String>>,
}

/// ClientAuth defines the server's policy for TLS Client Authentication.
#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub enum TLSOptionClientAuthClientAuthType {
    NoClientCert,
    RequestClientCert,
    RequireAnyClientCert,
    VerifyClientCertIfGiven,
    RequireAndVerifyClientCert,
}