diff --git a/docs/content/https/tls.md b/docs/content/https/tls.md index 789a46937..a0f667d48 100644 --- a/docs/content/https/tls.md +++ b/docs/content/https/tls.md @@ -134,6 +134,16 @@ If no default certificate is provided, Traefik generates and uses a self-signed The TLS options allow one to configure some parameters of the TLS connection. +!!! important "TLSOptions in Kubernetes" + + When using the TLSOptions-CRD in Kubernetes, one might setup a default set of options that, + if not explicitly overwritten, should apply to all ingresses. To achieve that, you'll have to + create a TLSOptions CR with the name `default`. There may exist only one TLSOption with the + name `default` (across all namespaces) - otherwise they will be dropped. + To explicitly use a different TLSOption (and using the Kubernetes Ingress resources) you'll + have to add an annotation to the Ingress in the following form: + `traefik.ingress.kubernetes.io/router.tls.options: -@kubernetescrd` + ### Minimum TLS Version ```toml tab="File (TOML)" diff --git a/docs/content/middlewares/overview.md b/docs/content/middlewares/overview.md index 68862ec8f..622db7e86 100644 --- a/docs/content/middlewares/overview.md +++ b/docs/content/middlewares/overview.md @@ -25,7 +25,7 @@ whoami: - "traefik.http.routers.router1.middlewares=foo-add-prefix@docker" ``` -```yaml tab="Kubernetes" +```yaml tab="Kubernetes IngressRoute" # As a Kubernetes Traefik IngressRoute apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -148,6 +148,9 @@ then you'll have to append to the middleware name, the `@` separator, followed b In this case, since the definition of the middleware is not in kubernetes, specifying a "kubernetes namespace" when referring to the resource does not make any sense, and therefore this specification would be ignored even if present. + On the other hand, if you declare the middleware as a Custom Resource in Kubernetes and use the + non-crd Ingress objects, you'll have to add the kubernetes namespace of the middleware to the + annotation like this `-@kubernetescrd`. !!! abstract "Referencing a Middleware from Another Provider" @@ -178,7 +181,7 @@ then you'll have to append to the middleware name, the `@` separator, followed b - "traefik.http.routers.my-container.middlewares=add-foo-prefix@file" ``` - ```yaml tab="Kubernetes" + ```yaml tab="Kubernetes Ingress Route" apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: @@ -199,6 +202,31 @@ then you'll have to append to the middleware name, the `@` separator, followed b # A namespace specification such as above is ignored # when the cross-provider syntax is used. ``` + + ```yaml tab="Kubernetes Ingress" + apiVersion: traefik.containo.us/v1alpha1 + kind: Middleware + metadata: + name: stripprefix + namespace: appspace + spec: + stripPrefix: + prefixes: + - /stripit + + --- + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: ingress + namespace: appspace + annotations: + # referencing a middleware from Kubernetes CRD provider: + # -@kubernetescrd + "traefik.ingress.kubernetes.io/router.middlewares": appspace-stripprefix@kubernetescrd + spec: + # ... regular ingress definition + ``` ## Available Middlewares