TCP routes support (with TLS)

[shipperizer]

Enhancement Proposal

Traefik supports TCP routes off the shelf, it would be good to get support in the charm via a new relation or the existing one

Extended documentation is available here

Brief example below:

tcp:
  routers:
    glauth-router:
      rule: "HostSNI(`glauth.svc.cluster.local`)"
      service: glauth
      # will terminate the TLS request by default
      tls: {}

our use case is to support an application that natively doesn't do TCP over TLS, so we need something in front of it that allows that

this application is GLAuth, we are working on the charm but we are able to explain how to spin that up and use it for testing, GLAuth exposes an LDAP server (TCP protocol) and can be tested via ldap* cli tools

---

---

Requirements

• traefik should be able to deal with multiple TCP routes created
• traefik should be able to serve a TCP connection protected by a TLS certificate (using current traefik relations with CAs)

[sed-i]

You probably already know that the charm supports tcp, but we certainly need to look into the tls part.

[shipperizer]

other thing that would be useful (only for our glauth) would be having a TCP ingress per app, not only per unit

GLAuth offers LDAP (so TCP) backed by a dB, but it s technically stateless which would allow us to scale it nicely if only we could load balance it behind an ingress

separate, and unique, requirement as I'm not aware of other TCP applications that can be loadbalanced in the same way (or at least the one I know)