1apiVersion: v1
2kind: Secret
3metadata:
4  name: root-ca0
5  namespace: foo
6
7data:
8  foobar: VEVTVFJPT1RDQVMw
9
10---
11apiVersion: v1
12kind: Secret
13metadata:
14  name: root-ca1
15  namespace: foo
16
17data:
18  tls.ca: VEVTVFJPT1RDQVMx
19
20---
21apiVersion: v1
22kind: Secret
23metadata:
24  name: root-ca2
25  namespace: foo
26
27data:
28  tls.ca: VEVTVFJPT1RDQVMy
29
30---
31apiVersion: v1
32kind: Secret
33metadata:
34  name: root-ca3
35  namespace: foo
36
37data:
38  ca.crt: VEVTVFJPT1RDQVMz
39
40---
41apiVersion: v1
42kind: Secret
43metadata:
44  name: root-ca4
45  namespace: foo
46
47data:
48  ca.crt: VEVTVFJPT1RDQVM0
49  tls.ca: VEVTVFJPT1RDQVM1 # <-- This should be the prefered one.
50
51---
52apiVersion: v1
53kind: Secret
54metadata:
55  name: mtls1
56  namespace: foo
57
58data:
59  tls.crt: VEVTVENFUlQx
60  tls.key: VEVTVEtFWTE=
61
62---
63apiVersion: v1
64kind: Secret
65metadata:
66  name: mtls2
67  namespace: foo
68
69data:
70  tls.crt: VEVTVENFUlQy
71  tls.key: VEVTVEtFWTI=
72
73---
74apiVersion: v1
75kind: Secret
76metadata:
77  name: allcerts
78  namespace: foo
79
80data:
81  ca.crt: VEVTVEFMTENFUlRT
82  tls.crt: VEVTVENFUlQz
83  tls.key: VEVTVEtFWTM=
84
85---
86apiVersion: traefik.containo.us/v1alpha1
87kind: ServersTransport
88metadata:
89  name: test
90  namespace: foo
91
92spec:
93  serverName: "test"
94  insecureSkipVerify: true
95  maxIdleConnsPerHost: 42
96  disableHTTP2: true
97  peerCertURI: foo://bar
98  rootCAsSecrets:
99    - root-ca0
100    - root-ca1
101    - root-ca2
102    - root-ca3
103    - root-ca4
104    - allcerts
105  certificatesSecrets:
106    - mtls1
107    - mtls2
108    - allcerts
109  forwardingTimeouts:
110    dialTimeout: 42
111    responseHeaderTimeout: 42s
112    idleConnTimeout: 42ms
113    readIdleTimeout: 42s
114    pingTimeout: 42s
115
116---
117apiVersion: traefik.containo.us/v1alpha1
118kind: ServersTransport
119metadata:
120  name: test
121  namespace: default
122
123spec:
124  serverName: "test"
125
126---
127apiVersion: traefik.containo.us/v1alpha1
128kind: IngressRoute
129metadata:
130  name: test.route
131  namespace: default
132
133spec:
134  entryPoints:
135    - foo
136
137  routes:
138    - match: Host(`foo.com`)
139      kind: Rule
140      services:
141        - name: external-svc-with-https
142          port: 443
143          serversTransport: test
144        - name: whoamitls
145          port: 443
146          serversTransport: default-test
147
148