2019-03-14 14:56:06 +00:00
package v1alpha1
import (
2023-02-03 14:24:05 +00:00
"github.com/traefik/traefik/v3/pkg/config/dynamic"
2021-03-03 14:32:04 +00:00
apiextensionv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
2019-03-14 14:56:06 +00:00
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
2021-03-03 14:32:04 +00:00
"k8s.io/apimachinery/pkg/util/intstr"
2019-03-14 14:56:06 +00:00
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
2021-03-03 14:32:04 +00:00
// +kubebuilder:storageversion
2019-03-14 14:56:06 +00:00
2022-06-24 10:40:08 +00:00
// Middleware is the CRD implementation of a Traefik Middleware.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/
2019-03-14 14:56:06 +00:00
type Middleware struct {
2022-06-24 10:40:08 +00:00
metav1 . TypeMeta ` json:",inline" `
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
2019-03-14 14:56:06 +00:00
metav1 . ObjectMeta ` json:"metadata" `
2019-09-03 17:20:04 +00:00
Spec MiddlewareSpec ` json:"spec" `
}
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// MiddlewareSpec defines the desired state of a Middleware.
2019-09-03 17:20:04 +00:00
type MiddlewareSpec struct {
2024-01-11 09:40:06 +00:00
AddPrefix * dynamic . AddPrefix ` json:"addPrefix,omitempty" `
StripPrefix * dynamic . StripPrefix ` json:"stripPrefix,omitempty" `
StripPrefixRegex * dynamic . StripPrefixRegex ` json:"stripPrefixRegex,omitempty" `
ReplacePath * dynamic . ReplacePath ` json:"replacePath,omitempty" `
ReplacePathRegex * dynamic . ReplacePathRegex ` json:"replacePathRegex,omitempty" `
Chain * Chain ` json:"chain,omitempty" `
// Deprecated: please use IPAllowList instead.
IPWhiteList * dynamic . IPWhiteList ` json:"ipWhiteList,omitempty" `
2022-10-26 15:16:05 +00:00
IPAllowList * dynamic . IPAllowList ` json:"ipAllowList,omitempty" `
2022-06-29 09:04:09 +00:00
Headers * dynamic . Headers ` json:"headers,omitempty" `
Errors * ErrorPage ` json:"errors,omitempty" `
RateLimit * RateLimit ` json:"rateLimit,omitempty" `
RedirectRegex * dynamic . RedirectRegex ` json:"redirectRegex,omitempty" `
RedirectScheme * dynamic . RedirectScheme ` json:"redirectScheme,omitempty" `
BasicAuth * BasicAuth ` json:"basicAuth,omitempty" `
DigestAuth * DigestAuth ` json:"digestAuth,omitempty" `
ForwardAuth * ForwardAuth ` json:"forwardAuth,omitempty" `
InFlightReq * dynamic . InFlightReq ` json:"inFlightReq,omitempty" `
Buffering * dynamic . Buffering ` json:"buffering,omitempty" `
2022-06-29 13:57:57 +00:00
CircuitBreaker * CircuitBreaker ` json:"circuitBreaker,omitempty" `
2024-08-07 14:20:04 +00:00
Compress * Compress ` json:"compress,omitempty" `
2022-06-29 09:04:09 +00:00
PassTLSClientCert * dynamic . PassTLSClientCert ` json:"passTLSClientCert,omitempty" `
Retry * Retry ` json:"retry,omitempty" `
ContentType * dynamic . ContentType ` json:"contentType,omitempty" `
2022-10-27 15:34:06 +00:00
GrpcWeb * dynamic . GrpcWeb ` json:"grpcWeb,omitempty" `
2022-06-29 09:04:09 +00:00
// Plugin defines the middleware plugin configuration.
// More info: https://doc.traefik.io/traefik/plugins/
Plugin map [ string ] apiextensionv1 . JSON ` json:"plugin,omitempty" `
2019-09-03 17:20:04 +00:00
}
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// ErrorPage holds the custom error middleware configuration.
// This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/
2019-09-10 15:24:03 +00:00
type ErrorPage struct {
2022-06-24 10:40:08 +00:00
// Status defines which status or range of statuses should result in an error page.
// It can be either a status code as a number (500),
// as multiple comma-separated numbers (500,502),
// as ranges by separating two codes with a dash (500-599),
// or a combination of the two (404,418,500-599).
Status [ ] string ` json:"status,omitempty" `
// Service defines the reference to a Kubernetes Service that will serve the error page.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service
2022-06-24 10:40:08 +00:00
Service Service ` json:"service,omitempty" `
// Query defines the URL for the error page (hosted by service).
// The {status} variable can be used in order to insert the status code in the URL.
Query string ` json:"query,omitempty" `
2019-09-10 15:24:03 +00:00
}
// +k8s:deepcopy-gen=true
2022-04-05 10:30:08 +00:00
// CircuitBreaker holds the circuit breaker configuration.
type CircuitBreaker struct {
// Expression is the condition that triggers the tripped state.
Expression string ` json:"expression,omitempty" toml:"expression,omitempty" yaml:"expression,omitempty" export:"true" `
// CheckPeriod is the interval between successive checks of the circuit breaker condition (when in standby state).
CheckPeriod * intstr . IntOrString ` json:"checkPeriod,omitempty" toml:"checkPeriod,omitempty" yaml:"checkPeriod,omitempty" export:"true" `
// FallbackDuration is the duration for which the circuit breaker will wait before trying to recover (from a tripped state).
FallbackDuration * intstr . IntOrString ` json:"fallbackDuration,omitempty" toml:"fallbackDuration,omitempty" yaml:"fallbackDuration,omitempty" export:"true" `
// RecoveryDuration is the duration for which the circuit breaker will try to recover (as soon as it is in recovering state).
RecoveryDuration * intstr . IntOrString ` json:"recoveryDuration,omitempty" toml:"recoveryDuration,omitempty" yaml:"recoveryDuration,omitempty" export:"true" `
2024-04-19 09:26:05 +00:00
// ResponseCode is the status code that the circuit breaker will return while it is in the open state.
ResponseCode int ` json:"responseCode,omitempty" toml:"responseCode,omitempty" yaml:"responseCode,omitempty" export:"true" `
2022-04-05 10:30:08 +00:00
}
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// Chain holds the configuration of the chain middleware.
// This middleware enables to define reusable combinations of other pieces of middleware.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/
2019-09-03 17:20:04 +00:00
type Chain struct {
2022-06-24 10:40:08 +00:00
// Middlewares is the list of MiddlewareRef which composes the chain.
2019-09-03 17:20:04 +00:00
Middlewares [ ] MiddlewareRef ` json:"middlewares,omitempty" `
2019-03-14 14:56:06 +00:00
}
2019-09-05 11:42:04 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// BasicAuth holds the basic auth middleware configuration.
// This middleware restricts access to your services to known users.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
2019-09-05 11:42:04 +00:00
type BasicAuth struct {
2022-06-24 10:40:08 +00:00
// Secret is the name of the referenced Kubernetes Secret containing user credentials.
Secret string ` json:"secret,omitempty" `
// Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
// Default: traefik.
Realm string ` json:"realm,omitempty" `
// RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.
// Default: false.
RemoveHeader bool ` json:"removeHeader,omitempty" `
// HeaderField defines a header field to store the authenticated user.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
2022-06-24 10:40:08 +00:00
HeaderField string ` json:"headerField,omitempty" `
2019-09-05 11:42:04 +00:00
}
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// DigestAuth holds the digest auth middleware configuration.
// This middleware restricts access to your services to known users.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
2019-09-05 11:42:04 +00:00
type DigestAuth struct {
2022-06-24 10:40:08 +00:00
// Secret is the name of the referenced Kubernetes Secret containing user credentials.
Secret string ` json:"secret,omitempty" `
// RemoveHeader defines whether to remove the authorization header before forwarding the request to the backend.
RemoveHeader bool ` json:"removeHeader,omitempty" `
// Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
// Default: traefik.
Realm string ` json:"realm,omitempty" `
// HeaderField defines a header field to store the authenticated user.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
2022-06-24 10:40:08 +00:00
HeaderField string ` json:"headerField,omitempty" `
2019-09-05 11:42:04 +00:00
}
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// ForwardAuth holds the forward auth middleware configuration.
// This middleware delegates the request authentication to a Service.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
2019-09-05 11:42:04 +00:00
type ForwardAuth struct {
2022-06-24 10:40:08 +00:00
// Address defines the authentication server address.
Address string ` json:"address,omitempty" `
// TrustForwardHeader defines whether to trust (ie: forward) all X-Forwarded-* headers.
TrustForwardHeader bool ` json:"trustForwardHeader,omitempty" `
// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
AuthResponseHeaders [ ] string ` json:"authResponseHeaders,omitempty" `
// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
2022-06-24 10:40:08 +00:00
AuthResponseHeadersRegex string ` json:"authResponseHeadersRegex,omitempty" `
// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
// If not set or empty then all request headers are passed.
AuthRequestHeaders [ ] string ` json:"authRequestHeaders,omitempty" `
// TLS defines the configuration used to secure the connection to the authentication server.
TLS * ClientTLS ` json:"tls,omitempty" `
2024-01-15 15:14:05 +00:00
// AddAuthCookiesToResponse defines the list of cookies to copy from the authentication server response to the response.
AddAuthCookiesToResponse [ ] string ` json:"addAuthCookiesToResponse,omitempty" `
2019-09-05 11:42:04 +00:00
}
2022-06-24 10:40:08 +00:00
// ClientTLS holds the client TLS configuration.
2019-09-05 11:42:04 +00:00
type ClientTLS struct {
2022-06-24 10:40:08 +00:00
// CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate.
// The CA certificate is extracted from key `tls.ca` or `ca.crt`.
CASecret string ` json:"caSecret,omitempty" `
// CertSecret is the name of the referenced Kubernetes Secret containing the client certificate.
// The client certificate is extracted from the keys `tls.crt` and `tls.key`.
CertSecret string ` json:"certSecret,omitempty" `
// InsecureSkipVerify defines whether the server certificates should be validated.
InsecureSkipVerify bool ` json:"insecureSkipVerify,omitempty" `
2024-01-29 16:32:05 +00:00
// Deprecated: TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).
CAOptional * bool ` json:"caOptional,omitempty" `
2019-03-14 14:56:06 +00:00
}
2021-03-03 14:32:04 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// RateLimit holds the rate limit configuration.
// This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/
2021-03-03 14:32:04 +00:00
type RateLimit struct {
2022-06-24 10:40:08 +00:00
// Average is the maximum rate, by default in requests/s, allowed for the given source.
// It defaults to 0, which means no rate limiting.
// The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
// one needs to define a Period larger than a second.
2024-08-07 14:20:04 +00:00
Average * int64 ` json:"average,omitempty" `
2022-06-24 10:40:08 +00:00
// Period, in combination with Average, defines the actual maximum rate, such as:
// r = Average / Period. It defaults to a second.
Period * intstr . IntOrString ` json:"period,omitempty" `
// Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
// It defaults to 1.
Burst * int64 ` json:"burst,omitempty" `
// SourceCriterion defines what criterion is used to group requests as originating from a common source.
// If several strategies are defined at the same time, an error will be raised.
// If none are set, the default is to use the request's remote address field (as an ipStrategy).
2021-03-03 14:32:04 +00:00
SourceCriterion * dynamic . SourceCriterion ` json:"sourceCriterion,omitempty" `
}
// +k8s:deepcopy-gen=true
2024-08-07 14:20:04 +00:00
// Compress holds the compress middleware configuration.
// This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/
2024-08-07 14:20:04 +00:00
type Compress struct {
// ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
// `application/grpc` is always excluded.
ExcludedContentTypes [ ] string ` json:"excludedContentTypes,omitempty" `
// IncludedContentTypes defines the list of content types to compare the Content-Type header of the responses before compressing.
IncludedContentTypes [ ] string ` json:"includedContentTypes,omitempty" `
// MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
// Default: 1024.
MinResponseBodyBytes * int ` json:"minResponseBodyBytes,omitempty" `
// Encodings defines the list of supported compression algorithms.
Encodings [ ] string ` json:"encodings,omitempty" `
// DefaultEncoding specifies the default encoding if the `Accept-Encoding` header is not in the request or contains a wildcard (`*`).
DefaultEncoding * string ` json:"defaultEncoding,omitempty" `
}
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// Retry holds the retry middleware configuration.
// This middleware reissues requests a given number of times to a backend server if that server does not reply.
// As soon as the server answers, the middleware stops retrying, regardless of the response status.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
2021-03-03 14:32:04 +00:00
type Retry struct {
2022-06-24 10:40:08 +00:00
// Attempts defines how many times the request should be retried.
Attempts int ` json:"attempts,omitempty" `
// InitialInterval defines the first wait time in the exponential backoff series.
// The maximum interval is calculated as twice the initialInterval.
// If unspecified, requests will be retried immediately.
// The value of initialInterval should be provided in seconds or as a valid duration format,
// see https://pkg.go.dev/time#ParseDuration.
2021-03-03 14:32:04 +00:00
InitialInterval intstr . IntOrString ` json:"initialInterval,omitempty" `
}
2022-06-24 10:40:08 +00:00
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// MiddlewareList is a collection of Middleware resources.
type MiddlewareList struct {
metav1 . TypeMeta ` json:",inline" `
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1 . ListMeta ` json:"metadata" `
// Items is the list of Middleware.
Items [ ] Middleware ` json:"items" `
}