Merge v3.0' into master

This commit is contained in:
mmatur 2024-02-08 16:14:39 +01:00
commit 4e831b920e
No known key found for this signature in database
GPG key ID: 2FFE42FC256CFF8E
301 changed files with 17759 additions and 7982 deletions

View file

@ -6,13 +6,13 @@ on:
- '*' - '*'
env: env:
GO_VERSION: '1.21' GO_VERSION: '1.22'
CGO_ENABLED: 0 CGO_ENABLED: 0
jobs: jobs:
build-webui: build-webui:
runs-on: ubuntu-20.04 runs-on: ubuntu-22.04
steps: steps:
- name: Check out code - name: Check out code
@ -26,7 +26,7 @@ jobs:
tar czvf webui.tar.gz ./webui/static/ tar czvf webui.tar.gz ./webui/static/
- name: Artifact webui - name: Artifact webui
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v4
with: with:
name: webui.tar.gz name: webui.tar.gz
path: webui.tar.gz path: webui.tar.gz
@ -35,7 +35,7 @@ jobs:
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
strategy: strategy:
matrix: matrix:
os: [ ubuntu-20.04, macos-latest, windows-latest ] os: [ ubuntu-22.04, macos-latest, windows-latest ]
needs: needs:
- build-webui - build-webui
@ -51,7 +51,7 @@ jobs:
go-version: ${{ env.GO_VERSION }} go-version: ${{ env.GO_VERSION }}
- name: Artifact webui - name: Artifact webui
uses: actions/download-artifact@v2 uses: actions/download-artifact@v4
with: with:
name: webui.tar.gz name: webui.tar.gz

View file

@ -9,7 +9,7 @@ jobs:
docs: docs:
name: Check, verify and build documentation name: Check, verify and build documentation
runs-on: ubuntu-20.04 runs-on: ubuntu-22.04
steps: steps:
- name: Check out code - name: Check out code

View file

@ -14,7 +14,7 @@ jobs:
docs: docs:
name: Doc Process name: Doc Process
runs-on: ubuntu-20.04 runs-on: ubuntu-22.04
if: github.repository == 'traefik/traefik' if: github.repository == 'traefik/traefik'
steps: steps:

View file

@ -7,7 +7,7 @@ on:
- v* - v*
env: env:
GO_VERSION: '1.21' GO_VERSION: '1.22'
CGO_ENABLED: 0 CGO_ENABLED: 0
jobs: jobs:
@ -15,7 +15,7 @@ jobs:
experimental: experimental:
if: github.repository == 'traefik/traefik' if: github.repository == 'traefik/traefik'
name: Build experimental image on branch name: Build experimental image on branch
runs-on: ubuntu-20.04 runs-on: ubuntu-22.04
steps: steps:

42
.github/workflows/test-conformance.yaml vendored Normal file
View file

@ -0,0 +1,42 @@
name: Test K8s Gateway API conformance
on:
pull_request:
branches:
- '*'
paths:
- 'pkg/provider/kubernetes/gateway/**'
- 'integration/k8s_conformance_test.go'
env:
GO_VERSION: '1.21'
CGO_ENABLED: 0
jobs:
test-conformance:
runs-on: ubuntu-20.04
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Avoid generating webui
run: touch webui/static/index.html
- name: Build binary
run: make binary
- name: Setcap
run: |
sudo setcap 'cap_net_bind_service=+ep' dist/linux/amd64/traefik
- name: K8s Gateway API conformance test
run: make test-gateway-api-conformance-ci

View file

@ -4,18 +4,15 @@ on:
pull_request: pull_request:
branches: branches:
- '*' - '*'
push:
branches:
- 'gh-actions'
env: env:
GO_VERSION: '1.21' GO_VERSION: '1.22'
CGO_ENABLED: 0 CGO_ENABLED: 0
jobs: jobs:
build: build:
runs-on: ubuntu-20.04 runs-on: ubuntu-22.04
steps: steps:
- name: Check out code - name: Check out code
@ -35,7 +32,7 @@ jobs:
run: make binary run: make binary
test-integration: test-integration:
runs-on: ubuntu-20.04 runs-on: ubuntu-22.04
needs: needs:
- build - build
strategy: strategy:

View file

@ -6,12 +6,12 @@ on:
- '*' - '*'
env: env:
GO_VERSION: '1.21' GO_VERSION: '1.22'
jobs: jobs:
test-unit: test-unit:
runs-on: ubuntu-20.04 runs-on: ubuntu-22.04
steps: steps:
- name: Check out code - name: Check out code

View file

@ -6,14 +6,14 @@ on:
- '*' - '*'
env: env:
GO_VERSION: '1.21' GO_VERSION: '1.22'
GOLANGCI_LINT_VERSION: v1.55.2 GOLANGCI_LINT_VERSION: v1.56.0
MISSSPELL_VERSION: v0.4.1 MISSSPELL_VERSION: v0.4.1
jobs: jobs:
validate: validate:
runs-on: ubuntu-20.04 runs-on: ubuntu-22.04
steps: steps:
- name: Check out code - name: Check out code
@ -39,7 +39,7 @@ jobs:
run: make validate run: make validate
validate-generate: validate-generate:
runs-on: ubuntu-20.04 runs-on: ubuntu-22.04
steps: steps:
- name: Check out code - name: Check out code

1
.gitignore vendored
View file

@ -19,3 +19,4 @@ plugins-storage/
plugins-local/ plugins-local/
traefik_changelog.md traefik_changelog.md
integration/tailscale.secret integration/tailscale.secret
integration/conformance-reports/

View file

@ -150,18 +150,14 @@ linters-settings:
- github.com/jaguilar/vt100 - github.com/jaguilar/vt100
- github.com/cucumber/godog - github.com/cucumber/godog
testifylint: testifylint:
enable: disable:
- bool-compare - suite-dont-use-pkg
- compares - require-error
- empty - go-require
- error-is-as staticcheck:
- error-nil checks:
- expected-actual - all
- float-compare - -SA1019
- len
- suite-extra-assert-call
- suite-thelper
linters: linters:
enable-all: true enable-all: true
disable: disable:
@ -216,11 +212,12 @@ linters:
issues: issues:
exclude-use-default: false exclude-use-default: false
max-per-linter: 0 max-issues-per-linter: 0
max-same-issues: 0 max-same-issues: 0
exclude: exclude:
- 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked' - 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked'
- "should have a package comment, unless it's in another file for this package" - "should have a package comment, unless it's in another file for this package"
- 'fmt.Sprintf can be replaced with string addition'
exclude-rules: exclude-rules:
- path: '(.+)_test.go' - path: '(.+)_test.go'
linters: linters:
@ -280,3 +277,9 @@ issues:
text: 'unusedwrite: unused write to field' text: 'unusedwrite: unused write to field'
linters: linters:
- govet - govet
- path: pkg/cli/deprecation.go
linters:
- goconst
- path: pkg/cli/loader_file.go
linters:
- goconst

View file

@ -19,13 +19,13 @@ global_job_config:
prologue: prologue:
commands: commands:
- curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin" - curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin"
- sudo semgo go1.21 - sudo semgo go1.22
- export "GOPATH=$(go env GOPATH)" - export "GOPATH=$(go env GOPATH)"
- export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}" - export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}"
- export "PATH=${GOPATH}/bin:${PATH}" - export "PATH=${GOPATH}/bin:${PATH}"
- mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin" - mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin"
- export GOPROXY=https://proxy.golang.org,direct - export GOPROXY=https://proxy.golang.org,direct
- curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.55.2 - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.56.0
- curl -sSfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin" - curl -sSfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin"
- checkout - checkout
- cache restore traefik-$(checksum go.sum) - cache restore traefik-$(checksum go.sum)

View file

@ -1,3 +1,13 @@
## [v2.11.0-rc2](https://github.com/traefik/traefik/tree/v2.11.0-rc2) (2024-01-24)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.0-rc1...v2.11.0-rc2)
**Bug fixes:**
- **[middleware,tcp]** Add missing TCP IPAllowList middleware constructor ([#10331](https://github.com/traefik/traefik/pull/10331) by [youkoulayley](https://github.com/youkoulayley))
- **[nomad]** Update the Nomad API dependency to v1.7.2 ([#10327](https://github.com/traefik/traefik/pull/10327) by [jrasell](https://github.com/jrasell))
**Documentation:**
- Improve Concepts documentation page ([#10315](https://github.com/traefik/traefik/pull/10315) by [oliver-dvorski](https://github.com/oliver-dvorski))
## [v2.11.0-rc1](https://github.com/traefik/traefik/tree/v2.11.0-rc1) (2024-01-02) ## [v2.11.0-rc1](https://github.com/traefik/traefik/tree/v2.11.0-rc1) (2024-01-02)
[All Commits](https://github.com/traefik/traefik/compare/0a7964300166d167f68d5502bc245b3b9c8842b4...v2.11.0-rc1) [All Commits](https://github.com/traefik/traefik/compare/0a7964300166d167f68d5502bc245b3b9c8842b4...v2.11.0-rc1)

View file

@ -22,40 +22,41 @@ LINT_EXECUTABLES = misspell shellcheck
DOCKER_BUILD_PLATFORMS ?= linux/amd64,linux/arm64 DOCKER_BUILD_PLATFORMS ?= linux/amd64,linux/arm64
.PHONY: default .PHONY: default
#? default: Run `make generate` and `make binary`
default: generate binary default: generate binary
## Create the "dist" directory #? dist: Create the "dist" directory
dist: dist:
mkdir -p dist mkdir -p dist
## Build WebUI Docker image
.PHONY: build-webui-image .PHONY: build-webui-image
#? build-webui-image: Build WebUI Docker image
build-webui-image: build-webui-image:
docker build -t traefik-webui -f webui/Dockerfile webui docker build -t traefik-webui -f webui/Dockerfile webui
## Clean WebUI static generated assets
.PHONY: clean-webui .PHONY: clean-webui
#? clean-webui: Clean WebUI static generated assets
clean-webui: clean-webui:
rm -r webui/static rm -r webui/static
mkdir -p webui/static mkdir -p webui/static
printf 'For more information see `webui/readme.md`' > webui/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md printf 'For more information see `webui/readme.md`' > webui/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md
## Generate WebUI
webui/static/index.html: webui/static/index.html:
$(MAKE) build-webui-image $(MAKE) build-webui-image
docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui npm run build:nc docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui npm run build:nc
docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ./static docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ./static
.PHONY: generate-webui .PHONY: generate-webui
#? generate-webui: Generate WebUI
generate-webui: webui/static/index.html generate-webui: webui/static/index.html
## Generate code
.PHONY: generate .PHONY: generate
#? generate: Generate code (Dynamic and Static configuration documentation reference files)
generate: generate:
go generate go generate
## Build the binary
.PHONY: binary .PHONY: binary
#? binary: Build the binary
binary: generate-webui dist binary: generate-webui dist
@echo SHA: $(VERSION) $(CODENAME) $(DATE) @echo SHA: $(VERSION) $(CODENAME) $(DATE)
CGO_ENABLED=0 GOGC=off GOOS=${GOOS} GOARCH=${GOARCH} go build ${FLAGS[*]} -ldflags "-s -w \ CGO_ENABLED=0 GOGC=off GOOS=${GOOS} GOARCH=${GOARCH} go build ${FLAGS[*]} -ldflags "-s -w \
@ -80,27 +81,39 @@ binary-windows-amd64: export BIN_NAME := traefik.exe
binary-windows-amd64: binary-windows-amd64:
@$(MAKE) binary @$(MAKE) binary
## Build the binary for the standard platforms (linux, darwin, windows)
.PHONY: crossbinary-default .PHONY: crossbinary-default
#? crossbinary-default: Build the binary for the standard platforms (linux, darwin, windows)
crossbinary-default: generate generate-webui crossbinary-default: generate generate-webui
$(CURDIR)/script/crossbinary-default.sh $(CURDIR)/script/crossbinary-default.sh
## Run the unit and integration tests
.PHONY: test .PHONY: test
#? test: Run the unit and integration tests
test: test-unit test-integration test: test-unit test-integration
## Run the unit tests
.PHONY: test-unit .PHONY: test-unit
#? test-unit: Run the unit tests
test-unit: test-unit:
GOOS=$(GOOS) GOARCH=$(GOARCH) go test -cover "-coverprofile=cover.out" -v $(TESTFLAGS) ./pkg/... ./cmd/... GOOS=$(GOOS) GOARCH=$(GOARCH) go test -cover "-coverprofile=cover.out" -v $(TESTFLAGS) ./pkg/... ./cmd/...
## Run the integration tests
.PHONY: test-integration .PHONY: test-integration
#? test-integration: Run the integration tests
test-integration: binary test-integration: binary
GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -test.timeout=20m -failfast -v $(TESTFLAGS) GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -test.timeout=20m -failfast -v $(TESTFLAGS)
## Pull all Docker images to avoid timeout during integration tests .PHONY: test-gateway-api-conformance
#? test-gateway-api-conformance: Run the conformance tests
test-gateway-api-conformance: binary
GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -v -test.run K8sConformanceSuite -k8sConformance=true $(TESTFLAGS)
## TODO: Need to be fixed to work in all situations.
.PHONY: test-gateway-api-conformance-ci
#? test-gateway-api-conformance-ci: Run the conformance tests
test-gateway-api-conformance-ci:
GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -v -test.run K8sConformanceSuite -k8sConformance=true $(TESTFLAGS)
.PHONY: pull-images .PHONY: pull-images
#? pull-images: Pull all Docker images to avoid timeout during integration tests
pull-images: pull-images:
grep --no-filename -E '^\s+image:' ./integration/resources/compose/*.yml \ grep --no-filename -E '^\s+image:' ./integration/resources/compose/*.yml \
| awk '{print $$2}' \ | awk '{print $$2}' \
@ -108,21 +121,21 @@ pull-images:
| uniq \ | uniq \
| xargs -P 6 -n 1 docker pull | xargs -P 6 -n 1 docker pull
## Lint run golangci-lint
.PHONY: lint .PHONY: lint
#? lint: Run golangci-lint
lint: lint:
golangci-lint run golangci-lint run
## Validate code and docs
.PHONY: validate-files .PHONY: validate-files
#? validate-files: Validate code and docs
validate-files: lint validate-files: lint
$(foreach exec,$(LINT_EXECUTABLES),\ $(foreach exec,$(LINT_EXECUTABLES),\
$(if $(shell which $(exec)),,$(error "No $(exec) in PATH"))) $(if $(shell which $(exec)),,$(error "No $(exec) in PATH")))
$(CURDIR)/script/validate-misspell.sh $(CURDIR)/script/validate-misspell.sh
$(CURDIR)/script/validate-shell-script.sh $(CURDIR)/script/validate-shell-script.sh
## Validate code, docs, and vendor
.PHONY: validate .PHONY: validate
#? validate: Validate code, docs, and vendor
validate: lint validate: lint
$(foreach exec,$(EXECUTABLES),\ $(foreach exec,$(EXECUTABLES),\
$(if $(shell which $(exec)),,$(error "No $(exec) in PATH"))) $(if $(shell which $(exec)),,$(error "No $(exec) in PATH")))
@ -136,51 +149,57 @@ multi-arch-image-%: binary-linux-amd64 binary-linux-arm64
docker buildx build $(DOCKER_BUILDX_ARGS) -t traefik/traefik:$* --platform=$(DOCKER_BUILD_PLATFORMS) -f Dockerfile . docker buildx build $(DOCKER_BUILDX_ARGS) -t traefik/traefik:$* --platform=$(DOCKER_BUILD_PLATFORMS) -f Dockerfile .
## Clean up static directory and build a Docker Traefik image
.PHONY: build-image .PHONY: build-image
#? build-image: Clean up static directory and build a Docker Traefik image
build-image: export DOCKER_BUILDX_ARGS := --load build-image: export DOCKER_BUILDX_ARGS := --load
build-image: export DOCKER_BUILD_PLATFORMS := linux/$(GOARCH) build-image: export DOCKER_BUILD_PLATFORMS := linux/$(GOARCH)
build-image: clean-webui build-image: clean-webui
@$(MAKE) multi-arch-image-latest @$(MAKE) multi-arch-image-latest
## Build a Docker Traefik image without re-building the webui when it's already built
.PHONY: build-image-dirty .PHONY: build-image-dirty
#? build-image-dirty: Build a Docker Traefik image without re-building the webui when it's already built
build-image-dirty: export DOCKER_BUILDX_ARGS := --load build-image-dirty: export DOCKER_BUILDX_ARGS := --load
build-image-dirty: export DOCKER_BUILD_PLATFORMS := linux/$(GOARCH) build-image-dirty: export DOCKER_BUILD_PLATFORMS := linux/$(GOARCH)
build-image-dirty: build-image-dirty:
@$(MAKE) multi-arch-image-latest @$(MAKE) multi-arch-image-latest
## Build documentation site
.PHONY: docs .PHONY: docs
#? docs: Build documentation site
docs: docs:
make -C ./docs docs make -C ./docs docs
## Serve the documentation site locally
.PHONY: docs-serve .PHONY: docs-serve
#? docs-serve: Serve the documentation site locally
docs-serve: docs-serve:
make -C ./docs docs-serve make -C ./docs docs-serve
## Pull image for doc building
.PHONY: docs-pull-images .PHONY: docs-pull-images
#? docs-pull-images: Pull image for doc building
docs-pull-images: docs-pull-images:
make -C ./docs docs-pull-images make -C ./docs docs-pull-images
## Generate CRD clientset and CRD manifests
.PHONY: generate-crd .PHONY: generate-crd
#? generate-crd: Generate CRD clientset and CRD manifests
generate-crd: generate-crd:
@$(CURDIR)/script/code-gen-docker.sh @$(CURDIR)/script/code-gen-docker.sh
## Generate code from dynamic configuration https://github.com/traefik/genconf
.PHONY: generate-genconf .PHONY: generate-genconf
#? generate-genconf: Generate code from dynamic configuration github.com/traefik/genconf
generate-genconf: generate-genconf:
go run ./cmd/internal/gen/ go run ./cmd/internal/gen/
## Create packages for the release
.PHONY: release-packages .PHONY: release-packages
#? release-packages: Create packages for the release
release-packages: generate-webui release-packages: generate-webui
$(CURDIR)/script/release-packages.sh $(CURDIR)/script/release-packages.sh
## Format the Code
.PHONY: fmt .PHONY: fmt
#? fmt: Format the Code
fmt: fmt:
gofmt -s -l -w $(SRCS) gofmt -s -l -w $(SRCS)
.PHONY: help
#? help: Get more info on make commands
help: Makefile
@echo " Choose a command run in traefik:"
@sed -n 's/^#?//p' $< | column -t -s ':' | sort | sed -e 's/^/ /'

View file

@ -72,6 +72,7 @@ _(But if you'd rather configure some of your routes manually, Traefik supports t
- [Docker](https://doc.traefik.io/traefik/providers/docker/) / [Swarm mode](https://doc.traefik.io/traefik/providers/docker/) - [Docker](https://doc.traefik.io/traefik/providers/docker/) / [Swarm mode](https://doc.traefik.io/traefik/providers/docker/)
- [Kubernetes](https://doc.traefik.io/traefik/providers/kubernetes-crd/) - [Kubernetes](https://doc.traefik.io/traefik/providers/kubernetes-crd/)
- [ECS](https://doc.traefik.io/traefik/providers/ecs/)
- [File](https://doc.traefik.io/traefik/providers/file/) - [File](https://doc.traefik.io/traefik/providers/file/)
## Quickstart ## Quickstart

View file

@ -53,7 +53,7 @@ func main() {
// traefik config inits // traefik config inits
tConfig := cmd.NewTraefikConfiguration() tConfig := cmd.NewTraefikConfiguration()
loaders := []cli.ResourceLoader{&tcli.FileLoader{}, &tcli.FlagLoader{}, &tcli.EnvLoader{}} loaders := []cli.ResourceLoader{&tcli.DeprecationLoader{}, &tcli.FileLoader{}, &tcli.FlagLoader{}, &tcli.EnvLoader{}}
cmdTraefik := &cli.Command{ cmdTraefik := &cli.Command{
Name: "traefik", Name: "traefik",
@ -193,10 +193,13 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
tsProviders := initTailscaleProviders(staticConfiguration, &providerAggregator) tsProviders := initTailscaleProviders(staticConfiguration, &providerAggregator)
// Metrics // Observability
metricRegistries := registerMetricClients(staticConfiguration.Metrics) metricRegistries := registerMetricClients(staticConfiguration.Metrics)
metricsRegistry := metrics.NewMultiRegistry(metricRegistries) metricsRegistry := metrics.NewMultiRegistry(metricRegistries)
accessLog := setupAccessLog(staticConfiguration.AccessLog)
tracer, tracerCloser := setupTracing(staticConfiguration.Tracing)
observabilityMgr := middleware.NewObservabilityMgr(*staticConfiguration, metricsRegistry, accessLog, tracer, tracerCloser)
// Entrypoints // Entrypoints
@ -263,14 +266,11 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
roundTripperManager := service.NewRoundTripperManager(spiffeX509Source) roundTripperManager := service.NewRoundTripperManager(spiffeX509Source)
dialerManager := tcp.NewDialerManager(spiffeX509Source) dialerManager := tcp.NewDialerManager(spiffeX509Source)
acmeHTTPHandler := getHTTPChallengeHandler(acmeProviders, httpChallengeProvider) acmeHTTPHandler := getHTTPChallengeHandler(acmeProviders, httpChallengeProvider)
managerFactory := service.NewManagerFactory(*staticConfiguration, routinesPool, metricsRegistry, roundTripperManager, acmeHTTPHandler) managerFactory := service.NewManagerFactory(*staticConfiguration, routinesPool, observabilityMgr, roundTripperManager, acmeHTTPHandler)
// Router factory // Router factory
accessLog := setupAccessLog(staticConfiguration.AccessLog)
tracer, tracerCloser := setupTracing(staticConfiguration.Tracing) routerFactory := server.NewRouterFactory(*staticConfiguration, managerFactory, tlsManager, observabilityMgr, pluginBuilder, dialerManager)
chainBuilder := middleware.NewChainBuilder(metricsRegistry, accessLog, tracer)
routerFactory := server.NewRouterFactory(*staticConfiguration, managerFactory, tlsManager, chainBuilder, pluginBuilder, metricsRegistry, dialerManager)
// Watcher // Watcher
@ -351,7 +351,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
} }
}) })
return server.NewServer(routinesPool, serverEntryPointsTCP, serverEntryPointsUDP, watcher, chainBuilder, accessLog, tracerCloser), nil return server.NewServer(routinesPool, serverEntryPointsTCP, serverEntryPointsUDP, watcher, observabilityMgr), nil
} }
func getHTTPChallengeHandler(acmeProviders []*acme.Provider, httpChallengeProvider http.Handler) http.Handler { func getHTTPChallengeHandler(acmeProviders []*acme.Provider, httpChallengeProvider http.Handler) http.Handler {
@ -520,15 +520,14 @@ func registerMetricClients(metricsConfig *types.Metrics) []metrics.Registry {
} }
} }
if metricsConfig.OpenTelemetry != nil { if metricsConfig.OTLP != nil {
logger := log.With().Str(logs.MetricsProviderName, "openTelemetry").Logger() logger := log.With().Str(logs.MetricsProviderName, "openTelemetry").Logger()
openTelemetryRegistry := metrics.RegisterOpenTelemetry(logger.WithContext(context.Background()), metricsConfig.OpenTelemetry) openTelemetryRegistry := metrics.RegisterOpenTelemetry(logger.WithContext(context.Background()), metricsConfig.OTLP)
if openTelemetryRegistry != nil { if openTelemetryRegistry != nil {
registries = append(registries, openTelemetryRegistry) registries = append(registries, openTelemetryRegistry)
logger.Debug(). logger.Debug().
Str("address", metricsConfig.OpenTelemetry.Address). Str("pushInterval", metricsConfig.OTLP.PushInterval.String()).
Str("pushInterval", metricsConfig.OpenTelemetry.PushInterval.String()).
Msg("Configured OpenTelemetry metrics") Msg("Configured OpenTelemetry metrics")
} }
} }

View file

@ -19,7 +19,7 @@ version: '3'
services: services:
reverse-proxy: reverse-proxy:
# The official v2 Traefik docker image # The official v3 Traefik docker image
image: traefik:v3.0 image: traefik:v3.0
# Enables the web UI and tells Traefik to listen to docker # Enables the web UI and tells Traefik to listen to docker
command: --api.insecure=true --providers.docker command: --api.insecure=true --providers.docker

View file

@ -361,6 +361,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [Hetzner](https://hetzner.com) | `hetzner` | `HETZNER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner) | | [Hetzner](https://hetzner.com) | `hetzner` | `HETZNER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner) |
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) | | [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) |
| [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) | | [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) |
| [http.net](https://www.http.net/) | `httpnet` | `HTTPNET_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/httpnet) |
| [Hurricane Electric](https://dns.he.net) | `hurricane` | `HURRICANE_TOKENS` [^6] | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane) | | [Hurricane Electric](https://dns.he.net) | `hurricane` | `HURRICANE_TOKENS` [^6] | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane) |
| [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) | | [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) |
| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/) | `ibmcloud` | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud) | | [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/) | `ibmcloud` | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud) |
@ -426,6 +427,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [VK Cloud](https://mcs.mail.ru/) | `vkcloud` | `VK_CLOUD_PASSWORD`, `VK_CLOUD_PROJECT_ID`, `VK_CLOUD_USERNAME` | [Additional configuration](https://go-acme.github.io/lego/dns/vkcloud) | | [VK Cloud](https://mcs.mail.ru/) | `vkcloud` | `VK_CLOUD_PASSWORD`, `VK_CLOUD_PROJECT_ID`, `VK_CLOUD_USERNAME` | [Additional configuration](https://go-acme.github.io/lego/dns/vkcloud) |
| [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) | | [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) |
| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) | | [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) |
| [Webnames](https://www.webnames.ru/) | `webnames` | `WEBNAMES_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/webnames) |
| [Websupport](https://websupport.sk) | `websupport` | `WEBSUPPORT_API_KEY`, `WEBSUPPORT_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/websupport) | | [Websupport](https://websupport.sk) | `websupport` | `WEBSUPPORT_API_KEY`, `WEBSUPPORT_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/websupport) |
| [WEDOS](https://www.wedos.com) | `wedos` | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/wedos) | | [WEDOS](https://www.wedos.com) | `wedos` | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/wedos) |
| [Yandex 360](https://360.yandex.ru) | `yandex360` | `YANDEX360_OAUTH_TOKEN`, `YANDEX360_ORG_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex360) | | [Yandex 360](https://360.yandex.ru) | `yandex360` | `YANDEX360_OAUTH_TOKEN`, `YANDEX360_ORG_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex360) |

View file

@ -85,6 +85,7 @@ At specified intervals (`checkPeriod`), the circuit breaker evaluates `expressio
### Open ### Open
While open, the fallback mechanism takes over the normal service calls for a duration of `FallbackDuration`. While open, the fallback mechanism takes over the normal service calls for a duration of `FallbackDuration`.
The fallback mechanism returns a `HTTP 503` (or `ResponseCode`) to the client.
After this duration, it enters the recovering state. After this duration, it enters the recovering state.
### Recovering ### Recovering
@ -179,3 +180,9 @@ The duration for which the circuit breaker will wait before trying to recover (f
_Optional, Default="10s"_ _Optional, Default="10s"_
The duration for which the circuit breaker will try to recover (as soon as it is in recovering state). The duration for which the circuit breaker will try to recover (as soon as it is in recovering state).
### `ResponseCode`
_Optional, Default="503"_
The status code that the circuit breaker will return while it is in the open state.

View file

@ -52,3 +52,16 @@ http:
[http.middlewares] [http.middlewares]
[http.middlewares.autodetect.contentType] [http.middlewares.autodetect.contentType]
``` ```
## Configuration Options
### `autoDetect`
!!! warning
`autoDetect` option is deprecated and should not be used.
Moreover, it is redundant with an empty ContentType middleware declaration.
`autoDetect` specifies whether to let the `Content-Type` header,
if it has not been set by the backend,
be automatically set to a value derived from the contents of the response.

View file

@ -314,11 +314,43 @@ The `allowedHosts` option lists fully qualified domain names that are allowed.
The `hostsProxyHeaders` option is a set of header keys that may hold a proxied hostname value for the request. The `hostsProxyHeaders` option is a set of header keys that may hold a proxied hostname value for the request.
### `sslRedirect`
!!! warning
Deprecated in favor of [EntryPoint redirection](../../routing/entrypoints.md#redirection) or the [RedirectScheme middleware](./redirectscheme.md).
The `sslRedirect` only allow HTTPS requests when set to `true`.
### `sslTemporaryRedirect`
!!! warning
Deprecated in favor of [EntryPoint redirection](../../routing/entrypoints.md#redirection) or the [RedirectScheme middleware](./redirectscheme.md).
Set `sslTemporaryRedirect` to `true` to force an SSL redirection using a 302 (instead of a 301).
### `sslHost`
!!! warning
Deprecated in favor of the [RedirectRegex middleware](./redirectregex.md).
The `sslHost` option is the host name that is used to redirect HTTP requests to HTTPS.
### `sslProxyHeaders` ### `sslProxyHeaders`
The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid HTTPS request. The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid HTTPS request.
It can be useful when using other proxies (example: `"X-Forwarded-Proto": "https"`). It can be useful when using other proxies (example: `"X-Forwarded-Proto": "https"`).
### `sslForceHost`
!!! warning
Deprecated in favor of the [RedirectRegex middleware](./redirectregex.md).
Set `sslForceHost` to `true` and set `sslHost` to force requests to use `SSLHost` regardless of whether they already use SSL.
### `stsSeconds` ### `stsSeconds`
The `stsSeconds` is the max-age of the `Strict-Transport-Security` header. The `stsSeconds` is the max-age of the `Strict-Transport-Security` header.
@ -370,6 +402,14 @@ The `publicKey` implements HPKP to prevent MITM attacks with forged certificates
The `referrerPolicy` allows sites to control whether browsers forward the `Referer` header to other sites. The `referrerPolicy` allows sites to control whether browsers forward the `Referer` header to other sites.
### `featurePolicy`
!!! warning
Deprecated in favor of [`permissionsPolicy`](#permissionsPolicy)
The `featurePolicy` allows sites to control browser features.
### `permissionsPolicy` ### `permissionsPolicy`
The `permissionsPolicy` allows sites to control browser features. The `permissionsPolicy` allows sites to control browser features.

View file

@ -76,3 +76,72 @@ For instance, `/products` also matches `/products/shoes` and `/products/shirts`.
If your backend is serving assets (e.g., images or JavaScript files), it can use the `X-Forwarded-Prefix` header to properly construct relative URLs. If your backend is serving assets (e.g., images or JavaScript files), it can use the `X-Forwarded-Prefix` header to properly construct relative URLs.
Using the previous example, the backend should return `/products/shoes/image.png` (and not `/image.png`, which Traefik would likely not be able to associate with the same backend). Using the previous example, the backend should return `/products/shoes/image.png` (and not `/image.png`, which Traefik would likely not be able to associate with the same backend).
### `forceSlash`
_Optional, Default=true_
!!! warning
`forceSlash` option is deprecated and should not be used.
The `forceSlash` option ensures the resulting stripped path is not the empty string, by replacing it with `/` when necessary.
??? info "Behavior examples"
- `forceSlash=true`
| Path | Prefix to strip | Result |
|------------|-----------------|--------|
| `/` | `/` | `/` |
| `/foo` | `/foo` | `/` |
| `/foo/` | `/foo` | `/` |
| `/foo/` | `/foo/` | `/` |
| `/bar` | `/foo` | `/bar` |
| `/foo/bar` | `/foo` | `/bar` |
- `forceSlash=false`
| Path | Prefix to strip | Result |
|------------|-----------------|--------|
| `/` | `/` | empty |
| `/foo` | `/foo` | empty |
| `/foo/` | `/foo` | `/` |
| `/foo/` | `/foo/` | empty |
| `/bar` | `/foo` | `/bar` |
| `/foo/bar` | `/foo` | `/bar` |
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.example.stripprefix.prefixes=/foobar"
- "traefik.http.middlewares.example.stripprefix.forceSlash=false"
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: example
spec:
stripPrefix:
prefixes:
- "/foobar"
forceSlash: false
```
```yaml tab="File (YAML)"
http:
middlewares:
example:
stripPrefix:
prefixes:
- "/foobar"
forceSlash: false
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.example.stripPrefix]
prefixes = ["/foobar"]
forceSlash = false
```

View file

@ -19,6 +19,8 @@ and how it now looks like in v3.
### Docker & Docker Swarm ### Docker & Docker Swarm
#### SwarmMode
In v3, the provider Docker has been split into 2 providers: In v3, the provider Docker has been split into 2 providers:
- Docker provider (without Swarm support) - Docker provider (without Swarm support)
@ -43,7 +45,7 @@ In v3, the provider Docker has been split into 2 providers:
This configuration is now unsupported and would prevent Traefik to start. This configuration is now unsupported and would prevent Traefik to start.
#### Remediation ##### Remediation
In v3, the `swarmMode` should not be used with the Docker provider, and, to use Swarm, the Swarm provider should be used instead. In v3, the `swarmMode` should not be used with the Docker provider, and, to use Swarm, the Swarm provider should be used instead.
@ -64,7 +66,35 @@ In v3, the `swarmMode` should not be used with the Docker provider, and, to use
--providers.swarm.endpoint=tcp://127.0.0.1:2377 --providers.swarm.endpoint=tcp://127.0.0.1:2377
``` ```
### HTTP3 Experimental Configuration #### TLS.CAOptional
Docker provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType).
??? example "An example usage of the TLS.CAOptional option"
```yaml tab="File (YAML)"
providers:
docker:
tls:
caOptional: true
```
```toml tab="File (TOML)"
[providers.docker.tls]
caOptional=true
```
```bash tab="CLI"
--providers.docker.tls.caOptional=true
```
##### Remediation
The `tls.caOptional` option should be removed from the Docker provider static configuration.
### Experimental Configuration
#### HTTP3
In v3, HTTP/3 is no longer an experimental feature. In v3, HTTP/3 is no longer an experimental feature.
It can be enabled on entry points without the associated `experimental.http3` option, which is now removed. It can be enabled on entry points without the associated `experimental.http3` option, which is now removed.
@ -86,12 +116,14 @@ It is now unsupported and would prevent Traefik to start.
--experimental.http3=true --experimental.http3=true
``` ```
#### Remediation ##### Remediation
The `http3` option should be removed from the static configuration experimental section. The `http3` option should be removed from the static configuration experimental section.
### Consul provider ### Consul provider
#### namespace
The Consul provider `namespace` option was deprecated in v2 and is now removed in v3. The Consul provider `namespace` option was deprecated in v2 and is now removed in v3.
It is now unsupported and would prevent Traefik to start. It is now unsupported and would prevent Traefik to start.
@ -111,7 +143,7 @@ It is now unsupported and would prevent Traefik to start.
--consul.namespace=foobar --consul.namespace=foobar
``` ```
#### Remediation ##### Remediation
In v3, the `namespaces` option should be used instead of the `namespace` option. In v3, the `namespaces` option should be used instead of the `namespace` option.
@ -132,8 +164,36 @@ In v3, the `namespaces` option should be used instead of the `namespace` option.
--consul.namespaces=foobar --consul.namespaces=foobar
``` ```
#### TLS.CAOptional
Consul provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType).
??? example "An example usage of the TLS.CAOptional option"
```yaml tab="File (YAML)"
providers:
consul:
tls:
caOptional: true
```
```toml tab="File (TOML)"
[providers.consul.tls]
caOptional=true
```
```bash tab="CLI"
--providers.consul.tls.caOptional=true
```
##### Remediation
The `tls.caOptional` option should be removed from the Consul provider static configuration.
### ConsulCatalog provider ### ConsulCatalog provider
#### namespace
The ConsulCatalog provider `namespace` option was deprecated in v2 and is now removed in v3. The ConsulCatalog provider `namespace` option was deprecated in v2 and is now removed in v3.
It is now unsupported and would prevent Traefik to start. It is now unsupported and would prevent Traefik to start.
@ -153,7 +213,7 @@ It is now unsupported and would prevent Traefik to start.
--consulCatalog.namespace=foobar --consulCatalog.namespace=foobar
``` ```
#### Remediation ##### Remediation
In v3, the `namespaces` option should be used instead of the `namespace` option. In v3, the `namespaces` option should be used instead of the `namespace` option.
@ -174,8 +234,37 @@ In v3, the `namespaces` option should be used instead of the `namespace` option.
--consulCatalog.namespaces=foobar --consulCatalog.namespaces=foobar
``` ```
#### Endpoint.TLS.CAOptional
ConsulCatalog provider `endpoint.tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType).
??? example "An example usage of the Endpoint.TLS.CAOptional option"
```yaml tab="File (YAML)"
providers:
consulCatalog:
endpoint:
tls:
caOptional: true
```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
caOptional=true
```
```bash tab="CLI"
--providers.consulCatalog.endpoint.tls.caOptional=true
```
##### Remediation
The `endpoint.tls.caOptional` option should be removed from the ConsulCatalog provider static configuration.
### Nomad provider ### Nomad provider
#### namespace
The Nomad provider `namespace` option was deprecated in v2 and is now removed in v3. The Nomad provider `namespace` option was deprecated in v2 and is now removed in v3.
It is now unsupported and would prevent Traefik to start. It is now unsupported and would prevent Traefik to start.
@ -195,7 +284,7 @@ It is now unsupported and would prevent Traefik to start.
--nomad.namespace=foobar --nomad.namespace=foobar
``` ```
#### Remediation ##### Remediation
In v3, the `namespaces` option should be used instead of the `namespace` option. In v3, the `namespaces` option should be used instead of the `namespace` option.
@ -216,6 +305,33 @@ In v3, the `namespaces` option should be used instead of the `namespace` option.
--nomad.namespaces=foobar --nomad.namespaces=foobar
``` ```
#### Endpoint.TLS.CAOptional
Nomad provider `endpoint.tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType).
??? example "An example usage of the Endpoint.TLS.CAOptional option"
```yaml tab="File (YAML)"
providers:
nomad:
endpoint:
tls:
caOptional: true
```
```toml tab="File (TOML)"
[providers.nomad.endpoint.tls]
caOptional=true
```
```bash tab="CLI"
--providers.nomad.endpoint.tls.caOptional=true
```
##### Remediation
The `endpoint.tls.caOptional` option should be removed from the Nomad provider static configuration.
### Rancher v1 Provider ### Rancher v1 Provider
In v3, the Rancher v1 provider has been removed because Rancher v1 is [no longer actively maintaned](https://rancher.com/docs/os/v1.x/en/support/), In v3, the Rancher v1 provider has been removed because Rancher v1 is [no longer actively maintaned](https://rancher.com/docs/os/v1.x/en/support/),
@ -271,6 +387,90 @@ This configuration is now unsupported and would prevent Traefik to start.
All Marathon provider related configuration should be removed from the static configuration. All Marathon provider related configuration should be removed from the static configuration.
### HTTP Provider
#### TLS.CAOptional
HTTP provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType).
??? example "An example usage of the TLS.CAOptional option"
```yaml tab="File (YAML)"
providers:
http:
tls:
caOptional: true
```
```toml tab="File (TOML)"
[providers.http.tls]
caOptional=true
```
```bash tab="CLI"
--providers.http.tls.caOptional=true
```
##### Remediation
The `tls.caOptional` option should be removed from the HTTP provider static configuration.
### ETCD Provider
#### TLS.CAOptional
ETCD provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType).
??? example "An example usage of the TLS.CAOptional option"
```yaml tab="File (YAML)"
providers:
etcd:
tls:
caOptional: true
```
```toml tab="File (TOML)"
[providers.etcd.tls]
caOptional=true
```
```bash tab="CLI"
--providers.etcd.tls.caOptional=true
```
##### Remediation
The `tls.caOptional` option should be removed from the ETCD provider static configuration.
### Redis Provider
#### TLS.CAOptional
Redis provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType).
??? example "An example usage of the TLS.CAOptional option"
```yaml tab="File (YAML)"
providers:
redis:
tls:
caOptional: true
```
```toml tab="File (TOML)"
[providers.redis.tls]
caOptional=true
```
```bash tab="CLI"
--providers.redis.tls.caOptional=true
```
##### Remediation
The `tls.caOptional` option should be removed from the Redis provider static configuration.
### InfluxDB v1 ### InfluxDB v1
InfluxDB v1.x maintenance [ended in 2021](https://www.influxdata.com/blog/influxdb-oss-and-enterprise-roadmap-update-from-influxdays-emea/). InfluxDB v1.x maintenance [ended in 2021](https://www.influxdata.com/blog/influxdb-oss-and-enterprise-roadmap-update-from-influxdays-emea/).
@ -326,21 +526,16 @@ All Pilot related configuration should be removed from the static configuration.
## Dynamic configuration ## Dynamic configuration
### IPWhiteList ### Router Rule Matchers
In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing anything to the configuration. In v3, a new rule matchers syntax has been introduced for HTTP and TCP routers.
The default rule matchers syntax is now the v3 one, but for backward compatibility this can be configured.
The v2 rule matchers syntax is deprecated and its support will be removed in the next major version.
For this reason, we encourage migrating to the new syntax.
### Deprecated Options Removal #### New V3 Syntax Notable Changes
- The `tracing.datadog.globaltag` option has been removed. The `Headers` and `HeadersRegexp` matchers have been renamed to `Header` and `HeaderRegexp` respectively.
- The `tls.caOptional` option has been removed from the ForwardAuth middleware, as well as from the HTTP, Consul, Etcd, Redis, ZooKeeper, Consul Catalog, and Docker providers.
- `sslRedirect`, `sslTemporaryRedirect`, `sslHost`, `sslForceHost` and `featurePolicy` options of the Headers middleware have been removed.
- The `forceSlash` option of the StripPrefix middleware has been removed.
- The `preferServerCipherSuites` option has been removed.
### Matchers
In v3, the `Headers` and `HeadersRegexp` matchers have been renamed to `Header` and `HeaderRegexp` respectively.
`PathPrefix` no longer uses regular expressions to match path prefixes. `PathPrefix` no longer uses regular expressions to match path prefixes.
@ -355,6 +550,87 @@ and should be explicitly combined using logical operators to mimic previous beha
`HostHeader` has been removed, use `Host` instead. `HostHeader` has been removed, use `Host` instead.
#### Remediation
##### Configure the Default Syntax In Static Configuration
The default rule matchers syntax is the expected syntax for any router that is not self opt-out from this default value.
It can be configured in the static configuration.
??? example "An example configuration for the default rule matchers syntax"
```yaml tab="File (YAML)"
# static configuration
core:
defaultRuleSyntax: v2
```
```toml tab="File (TOML)"
# static configuration
[core]
defaultRuleSyntax="v2"
```
```bash tab="CLI"
# static configuration
--core.defaultRuleSyntax=v2
```
##### Configure the Syntax Per Router
The rule syntax can also be configured on a per-router basis.
This allows to have heterogeneous router configurations and ease migration.
??? example "An example router with syntax configuration"
```yaml tab="Docker & Swarm"
labels:
- "traefik.http.routers.test.ruleSyntax=v2"
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: test.route
namespace: default
spec:
routes:
- match: PathPrefix(`/foo`, `/bar`)
syntax: v2
kind: Rule
```
```yaml tab="Consul Catalog"
- "traefik.http.routers.test.ruleSyntax=v2"
```
```yaml tab="File (YAML)"
http:
routers:
test:
ruleSyntax: v2
```
```toml tab="File (TOML)"
[http.routers]
[http.routers.test]
ruleSyntax = "v2"
```
### IPWhiteList
In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing anything to the configuration.
### Deprecated Options Removal
- The `tracing.datadog.globaltag` option has been removed.
- The `tls.caOptional` option has been removed from the ForwardAuth middleware, as well as from the HTTP, Consul, Etcd, Redis, ZooKeeper, Consul Catalog, and Docker providers.
- `sslRedirect`, `sslTemporaryRedirect`, `sslHost`, `sslForceHost` and `featurePolicy` options of the Headers middleware have been removed.
- The `forceSlash` option of the StripPrefix middleware has been removed.
- The `preferServerCipherSuites` option has been removed.
### TCP LoadBalancer `terminationDelay` option ### TCP LoadBalancer `terminationDelay` option
The TCP LoadBalancer `terminationDelay` option has been removed. The TCP LoadBalancer `terminationDelay` option has been removed.
@ -415,3 +691,15 @@ Here are two possible transition strategies:
For legacy stacks that cannot immediately upgrade to the latest vendor agents supporting OTLP ingestion, For legacy stacks that cannot immediately upgrade to the latest vendor agents supporting OTLP ingestion,
using OpenTelemetry (OTel) collectors with appropriate exporters configuration is a viable solution. using OpenTelemetry (OTel) collectors with appropriate exporters configuration is a viable solution.
This allows continued compatibility with the existing infrastructure. This allows continued compatibility with the existing infrastructure.
Please check the [OpenTelemetry Tracing provider documention](../observability/tracing/opentelemetry.md) for more information.
#### Internal Resources Observability (AccessLogs, Metrics and Tracing)
In v3, observability for internal routers or services (e.g.: `ping@internal`) is disabled by default.
To enable it one should use the new `addInternals` option for AccessLogs, Metrics or Tracing.
Please take a look at the observability documentation for more information:
- [AccessLogs](../observability/access-logs.md#addinternals)
- [Metrics](../observability/metrics/overview.md#addinternals)
- [AccessLogs](../observability/tracing/overview.md#addinternals)

View file

@ -536,3 +536,30 @@ In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowL
### IPWhiteList (TCP) ### IPWhiteList (TCP)
In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowList](../middlewares/tcp/ipallowlist.md) middleware instead. In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowList](../middlewares/tcp/ipallowlist.md) middleware instead.
### TLS CipherSuites
> By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes.
> This change can be reverted with the `tlsrsakex=1 GODEBUG` setting.
> (https://go.dev/doc/go1.22#crypto/tls)
The _RSA key exchange_ cipher suites are way less secure than the modern ECDHE cipher suites and exposes to potential vulnerabilities like [the Marvin Attack](https://people.redhat.com/~hkario/marvin).
Decision has been made to support ECDHE cipher suites only by default.
The following ciphers have been removed from the default list:
- `TLS_RSA_WITH_AES_128_CBC_SHA`
- `TLS_RSA_WITH_AES_256_CBC_SHA`
- `TLS_RSA_WITH_AES_128_GCM_SHA256`
- `TLS_RSA_WITH_AES_256_GCM_SHA384`
To enable these ciphers, please set the option `CipherSuites` in your [TLS configuration](https://doc.traefik.io/traefik/https/tls/#cipher-suites) or set the environment variable `GODEBUG=tlsrsakex=1`.
### Minimum TLS Version
> By default, the minimum version offered by `crypto/tls` servers is now TLS 1.2 if not specified with config.MinimumVersion,
> matching the behavior of crypto/tls clients.
> This change can be reverted with the `tls10server=1 GODEBUG` setting.
> (https://go.dev/doc/go1.22#crypto/tls)
To enable TLS 1.0, please set the option `MinVersion` to `VersionTLS10` in your [TLS configuration](https://doc.traefik.io/traefik/https/tls/#cipher-suites) or set the environment variable `GODEBUG=tls10server=1`.

View file

@ -26,6 +26,26 @@ accessLog: {}
--accesslog=true --accesslog=true
``` ```
### `addInternals`
_Optional, Default="false"_
Enables accessLogs for internal resources.
```yaml tab="File (YAML)"
accesslog:
addInternals: true
```
```toml tab="File (TOML)"
[accesslog]
addInternals = true
```
```bash tab="CLI"
--accesslog.addinternals
```
### `filePath` ### `filePath`
By default access logs are written to the standard output. By default access logs are written to the standard output.

View file

@ -27,6 +27,8 @@ _Required, Default="127.0.0.1:8125"_
Address instructs exporter to send metrics to datadog-agent at this address. Address instructs exporter to send metrics to datadog-agent at this address.
This address can be a Unix Domain Socket (UDS) address with the following form: `unix:///path/to/datadog.socket`.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
datadog: datadog:

View file

@ -5,45 +5,25 @@ description: "Traefik supports several metrics backends, including OpenTelemetry
# OpenTelemetry # OpenTelemetry
To enable the OpenTelemetry: To enable the OpenTelemetry metrics:
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
openTelemetry: {} otlp: {}
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[metrics] [metrics]
[metrics.openTelemetry] [metrics.otlp]
``` ```
```bash tab="CLI" ```bash tab="CLI"
--metrics.openTelemetry=true --metrics.otlp=true
``` ```
!!! info "The OpenTelemetry exporter will export metrics to the collector by using HTTP by default, see the [gRPC Section](#grpc-configuration) to use gRPC." !!! info "Default protocol"
#### `address` The OpenTelemetry exporter will export metrics to the collector using HTTP by default to https://localhost:4318/v1/metrics, see the [gRPC Section](#grpc-configuration) to use gRPC.
_Required, Default="localhost:4318", Format="`<host>:<port>`"_
Address of the OpenTelemetry Collector to send metrics to.
```yaml tab="File (YAML)"
metrics:
openTelemetry:
address: localhost:4318
```
```toml tab="File (TOML)"
[metrics]
[metrics.openTelemetry]
address = "localhost:4318"
```
```bash tab="CLI"
--metrics.openTelemetry.address=localhost:4318
```
#### `addEntryPointsLabels` #### `addEntryPointsLabels`
@ -53,18 +33,18 @@ Enable metrics on entry points.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
openTelemetry: otlp:
addEntryPointsLabels: true addEntryPointsLabels: true
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[metrics] [metrics]
[metrics.openTelemetry] [metrics.otlp]
addEntryPointsLabels = true addEntryPointsLabels = true
``` ```
```bash tab="CLI" ```bash tab="CLI"
--metrics.openTelemetry.addEntryPointsLabels=true --metrics.otlp.addEntryPointsLabels=true
``` ```
#### `addRoutersLabels` #### `addRoutersLabels`
@ -75,18 +55,18 @@ Enable metrics on routers.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
openTelemetry: otlp:
addRoutersLabels: true addRoutersLabels: true
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[metrics] [metrics]
[metrics.openTelemetry] [metrics.otlp]
addRoutersLabels = true addRoutersLabels = true
``` ```
```bash tab="CLI" ```bash tab="CLI"
--metrics.openTelemetry.addRoutersLabels=true --metrics.otlp.addRoutersLabels=true
``` ```
#### `addServicesLabels` #### `addServicesLabels`
@ -97,18 +77,18 @@ Enable metrics on services.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
openTelemetry: otlp:
addServicesLabels: true addServicesLabels: true
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[metrics] [metrics]
[metrics.openTelemetry] [metrics.otlp]
addServicesLabels = true addServicesLabels = true
``` ```
```bash tab="CLI" ```bash tab="CLI"
--metrics.openTelemetry.addServicesLabels=true --metrics.otlp.addServicesLabels=true
``` ```
#### `explicitBoundaries` #### `explicitBoundaries`
@ -119,7 +99,7 @@ Explicit boundaries for Histogram data points.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
openTelemetry: otlp:
explicitBoundaries: explicitBoundaries:
- 0.1 - 0.1
- 0.3 - 0.3
@ -129,59 +109,12 @@ metrics:
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[metrics] [metrics]
[metrics.openTelemetry] [metrics.otlp]
explicitBoundaries = [0.1,0.3,1.2,5.0] explicitBoundaries = [0.1,0.3,1.2,5.0]
``` ```
```bash tab="CLI" ```bash tab="CLI"
--metrics.openTelemetry.explicitBoundaries=0.1,0.3,1.2,5.0 --metrics.otlp.explicitBoundaries=0.1,0.3,1.2,5.0
```
#### `headers`
_Optional, Default={}_
Additional headers sent with metrics by the reporter to the OpenTelemetry Collector.
```yaml tab="File (YAML)"
metrics:
openTelemetry:
headers:
foo: bar
baz: buz
```
```toml tab="File (TOML)"
[metrics]
[metrics.openTelemetry.headers]
foo = "bar"
baz = "buz"
```
```bash tab="CLI"
--metrics.openTelemetry.headers.foo=bar --metrics.openTelemetry.headers.baz=buz
```
#### `insecure`
_Optional, Default=false_
Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol.
```yaml tab="File (YAML)"
metrics:
openTelemetry:
insecure: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.openTelemetry]
insecure = true
```
```bash tab="CLI"
--metrics.openTelemetry.insecure=true
``` ```
#### `pushInterval` #### `pushInterval`
@ -192,48 +125,95 @@ Interval at which metrics are sent to the OpenTelemetry Collector.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
openTelemetry: otlp:
pushInterval: 10s pushInterval: 10s
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[metrics] [metrics]
[metrics.openTelemetry] [metrics.otlp]
pushInterval = "10s" pushInterval = "10s"
``` ```
```bash tab="CLI" ```bash tab="CLI"
--metrics.openTelemetry.pushInterval=10s --metrics.otlp.pushInterval=10s
``` ```
#### `path` ### HTTP configuration
_Required, Default="/v1/metrics"_ _Optional_
Allows to override the default URL path used for sending metrics. This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.
This option has no effect when using gRPC transport.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
openTelemetry: otlp:
path: /foo/v1/metrics http: {}
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[metrics] [metrics]
[metrics.openTelemetry] [metrics.otlp.http]
path = "/foo/v1/metrics"
``` ```
```bash tab="CLI" ```bash tab="CLI"
--metrics.openTelemetry.path=/foo/v1/metrics --metrics.otlp.http=true
```
#### `endpoint`
_Required, Default="http://localhost:4318/v1/metrics", Format="`<scheme>://<host>:<port><path>`"_
URL of the OpenTelemetry Collector to send metrics to.
```yaml tab="File (YAML)"
metrics:
otlp:
http:
endpoint: http://localhost:4318/v1/metrics
```
```toml tab="File (TOML)"
[metrics]
[metrics.otlp.http]
endpoint = "http://localhost:4318/v1/metrics"
```
```bash tab="CLI"
--metrics.otlp.http.endpoint=http://localhost:4318/v1/metrics
```
#### `headers`
_Optional, Default={}_
Additional headers sent with metrics by the exporter to the OpenTelemetry Collector.
```yaml tab="File (YAML)"
metrics:
otlp:
http:
headers:
foo: bar
baz: buz
```
```toml tab="File (TOML)"
[metrics]
[metrics.otlp.http.headers]
foo = "bar"
baz = "buz"
```
```bash tab="CLI"
--metrics.otlp.http.headers.foo=bar --metrics.otlp.http.headers.baz=buz
``` ```
#### `tls` #### `tls`
_Optional_ _Optional_
Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector. Defines the Client TLS configuration used by the exporter to send metrics to the OpenTelemetry Collector.
##### `ca` ##### `ca`
@ -244,18 +224,19 @@ it defaults to the system bundle.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
openTelemetry: otlp:
http:
tls: tls:
ca: path/to/ca.crt ca: path/to/ca.crt
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[metrics.openTelemetry.tls] [metrics.otlp.http.tls]
ca = "path/to/ca.crt" ca = "path/to/ca.crt"
``` ```
```bash tab="CLI" ```bash tab="CLI"
--metrics.openTelemetry.tls.ca=path/to/ca.crt --metrics.otlp.http.tls.ca=path/to/ca.crt
``` ```
##### `cert` ##### `cert`
@ -267,21 +248,22 @@ When using this option, setting the `key` option is required.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
openTelemetry: otlp:
http:
tls: tls:
cert: path/to/foo.cert cert: path/to/foo.cert
key: path/to/foo.key key: path/to/foo.key
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[metrics.openTelemetry.tls] [metrics.otlp.http.tls]
cert = "path/to/foo.cert" cert = "path/to/foo.cert"
key = "path/to/foo.key" key = "path/to/foo.key"
``` ```
```bash tab="CLI" ```bash tab="CLI"
--metrics.openTelemetry.tls.cert=path/to/foo.cert --metrics.otlp.http.tls.cert=path/to/foo.cert
--metrics.openTelemetry.tls.key=path/to/foo.key --metrics.otlp.http.tls.key=path/to/foo.key
``` ```
##### `key` ##### `key`
@ -293,21 +275,22 @@ When using this option, setting the `cert` option is required.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
openTelemetry: otlp:
http:
tls: tls:
cert: path/to/foo.cert cert: path/to/foo.cert
key: path/to/foo.key key: path/to/foo.key
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[metrics.openTelemetry.tls] [metrics.otlp.http.tls]
cert = "path/to/foo.cert" cert = "path/to/foo.cert"
key = "path/to/foo.key" key = "path/to/foo.key"
``` ```
```bash tab="CLI" ```bash tab="CLI"
--metrics.openTelemetry.tls.cert=path/to/foo.cert --metrics.otlp.http.tls.cert=path/to/foo.cert
--metrics.openTelemetry.tls.key=path/to/foo.key --metrics.otlp.http.tls.key=path/to/foo.key
``` ```
##### `insecureSkipVerify` ##### `insecureSkipVerify`
@ -319,35 +302,218 @@ the TLS connection to the OpenTelemetry Collector accepts any certificate presen
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
openTelemetry: otlp:
http:
tls: tls:
insecureSkipVerify: true insecureSkipVerify: true
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[metrics.openTelemetry.tls] [metrics.otlp.http.tls]
insecureSkipVerify = true insecureSkipVerify = true
``` ```
```bash tab="CLI" ```bash tab="CLI"
--metrics.openTelemetry.tls.insecureSkipVerify=true --metrics.otlp.http.tls.insecureSkipVerify=true
``` ```
#### gRPC configuration ### gRPC configuration
This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC. _Optional_
This instructs the exporter to send metrics to the OpenTelemetry Collector using gRPC.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
openTelemetry: otlp:
grpc: {} grpc: {}
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[metrics] [metrics]
[metrics.openTelemetry.grpc] [metrics.otlp.grpc]
``` ```
```bash tab="CLI" ```bash tab="CLI"
--metrics.openTelemetry.grpc=true --metrics.otlp.grpc=true
```
#### `endpoint`
_Required, Default="localhost:4317", Format="`<host>:<port>`"_
Address of the OpenTelemetry Collector to send metrics to.
```yaml tab="File (YAML)"
metrics:
otlp:
grpc:
endpoint: localhost:4317
```
```toml tab="File (TOML)"
[metrics]
[metrics.otlp.grpc]
endpoint = "localhost:4317"
```
```bash tab="CLI"
--metrics.otlp.grpc.endpoint=localhost:4317
```
#### `insecure`
_Optional, Default=false_
Allows exporter to send metrics to the OpenTelemetry Collector without using a secured protocol.
```yaml tab="File (YAML)"
metrics:
otlp:
grpc:
insecure: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.otlp.grpc]
insecure = true
```
```bash tab="CLI"
--metrics.otlp.grpc.insecure=true
```
#### `headers`
_Optional, Default={}_
Additional headers sent with metrics by the exporter to the OpenTelemetry Collector.
```yaml tab="File (YAML)"
metrics:
otlp:
grpc:
headers:
foo: bar
baz: buz
```
```toml tab="File (TOML)"
[metrics]
[metrics.otlp.grpc.headers]
foo = "bar"
baz = "buz"
```
```bash tab="CLI"
--metrics.otlp.grpc.headers.foo=bar --metrics.otlp.grpc.headers.baz=buz
```
#### `tls`
_Optional_
Defines the Client TLS configuration used by the exporter to send metrics to the OpenTelemetry Collector.
##### `ca`
_Optional_
`ca` is the path to the certificate authority used for the secure connection to the OpenTelemetry Collector,
it defaults to the system bundle.
```yaml tab="File (YAML)"
metrics:
otlp:
grpc:
tls:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[metrics.otlp.grpc.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--metrics.otlp.grpc.tls.ca=path/to/ca.crt
```
##### `cert`
_Optional_
`cert` is the path to the public certificate used for the secure connection to the OpenTelemetry Collector.
When using this option, setting the `key` option is required.
```yaml tab="File (YAML)"
metrics:
otlp:
grpc:
tls:
cert: path/to/foo.cert
key: path/to/foo.key
```
```toml tab="File (TOML)"
[metrics.otlp.grpc.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--metrics.otlp.grpc.tls.cert=path/to/foo.cert
--metrics.otlp.grpc.tls.key=path/to/foo.key
```
##### `key`
_Optional_
`key` is the path to the private key used for the secure connection to the OpenTelemetry Collector.
When using this option, setting the `cert` option is required.
```yaml tab="File (YAML)"
metrics:
otlp:
grpc:
tls:
cert: path/to/foo.cert
key: path/to/foo.key
```
```toml tab="File (TOML)"
[metrics.otlp.grpc.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--metrics.otlp.grpc.tls.cert=path/to/foo.cert
--metrics.otlp.grpc.tls.key=path/to/foo.key
```
##### `insecureSkipVerify`
_Optional, Default=false_
If `insecureSkipVerify` is `true`,
the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers.
```yaml tab="File (YAML)"
metrics:
otlp:
grpc:
tls:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[metrics.otlp.grpc.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--metrics.otlp.grpc.tls.insecureSkipVerify=true
``` ```

View file

@ -14,6 +14,28 @@ Traefik supports these metrics backends:
Traefik Proxy hosts an official Grafana dashboard for both [on-premises](https://grafana.com/grafana/dashboards/17346) and [Kubernetes](https://grafana.com/grafana/dashboards/17347) deployments. Traefik Proxy hosts an official Grafana dashboard for both [on-premises](https://grafana.com/grafana/dashboards/17346) and [Kubernetes](https://grafana.com/grafana/dashboards/17347) deployments.
## Common Options
### `addInternals`
_Optional, Default="false"_
Enables metrics for internal resources.
```yaml tab="File (YAML)"
metrics:
addInternals: true
```
```toml tab="File (TOML)"
[metrics]
addInternals = true
```
```bash tab="CLI"
--metrics.addinternals
```
## Global Metrics ## Global Metrics
| Metric | Type | [Labels](#labels) | Description | | Metric | Type | [Labels](#labels) | Description |

View file

@ -0,0 +1,42 @@
---
title: "Traefik Observability Overview"
description: "Traefik provides Logs, Access Logs, Metrics and Tracing. Read the full documentation to get started."
---
# Overview
Traefik's Observability system
{: .subtitle }
## Logs
Traefik logs informs about everything that happens within Traefik (startup, configuration, events, shutdown, and so on).
Read the [Logs documentation](./logs.md) to learn how to configure it.
## Access Logs
Access logs are a key part of observability in Traefik.
They are providing valuable insights about incoming traffic, and allow to monitor it.
The access logs record detailed information about each request received by Traefik,
including the source IP address, requested URL, response status code, and more.
Read the [Access Logs documentation](./access-logs.md) to learn how to configure it.
## Metrics
Traefik offers a metrics feature that provides valuable insights about the performance and usage.
These metrics include the number of requests received, the requests duration, and more.
Traefik supports these metrics systems: Prometheus, Datadog, InfluxDB 2.X, and StatsD.
Read the [Metrics documentation](./metrics/overview.md) to learn how to configure it.
## Tracing
The Traefik tracing system allows developers to gain deep visibility into the flow of requests through their infrastructure.
Traefik supports these tracing with OpenTelemetry.
Read the [Tracing documentation](./tracing/overview.md) to learn how to configure it.

View file

@ -21,19 +21,20 @@ tracing:
--tracing.otlp=true --tracing.otlp=true
``` ```
!!! info "The OpenTelemetry trace reporter will export traces to the collector using HTTP by default (http://localhost:4318/v1/traces), !!! info "Default protocol"
see the [gRPC Section](#grpc-configuration) to use gRPC."
The OpenTelemetry trace exporter will export traces to the collector using HTTP by default to https://localhost:4318/v1/traces, see the [gRPC Section](#grpc-configuration) to use gRPC.
!!! info "Trace sampling" !!! info "Trace sampling"
By default, the OpenTelemetry trace reporter will sample 100% of traces. By default, the OpenTelemetry trace exporter will sample 100% of traces.
See [OpenTelemetry's SDK configuration](https://opentelemetry.io/docs/reference/specification/sdk-environment-variables/#general-sdk-configuration) to customize the sampling strategy. See [OpenTelemetry's SDK configuration](https://opentelemetry.io/docs/reference/specification/sdk-environment-variables/#general-sdk-configuration) to customize the sampling strategy.
### HTTP configuration ### HTTP configuration
_Optional_ _Optional_
This instructs the reporter to send spans to the OpenTelemetry Collector using HTTP. This instructs the exporter to send spans to the OpenTelemetry Collector using HTTP.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
@ -73,11 +74,37 @@ tracing:
--tracing.otlp.http.endpoint=http://localhost:4318/v1/traces --tracing.otlp.http.endpoint=http://localhost:4318/v1/traces
``` ```
#### `headers`
_Optional, Default={}_
Additional headers sent with traces by the exporter to the OpenTelemetry Collector.
```yaml tab="File (YAML)"
tracing:
otlp:
http:
headers:
foo: bar
baz: buz
```
```toml tab="File (TOML)"
[tracing]
[tracing.otlp.http.headers]
foo = "bar"
baz = "buz"
```
```bash tab="CLI"
--tracing.otlp.http.headers.foo=bar --tracing.otlp.http.headers.baz=buz
```
#### `tls` #### `tls`
_Optional_ _Optional_
Defines the Client TLS configuration used by the reporter to send spans to the OpenTelemetry Collector. Defines the Client TLS configuration used by the exporter to send spans to the OpenTelemetry Collector.
##### `ca` ##### `ca`
@ -181,11 +208,11 @@ tracing:
--tracing.otlp.http.tls.insecureSkipVerify=true --tracing.otlp.http.tls.insecureSkipVerify=true
``` ```
#### gRPC configuration ### gRPC configuration
_Optional_ _Optional_
This instructs the reporter to send spans to the OpenTelemetry Collector using gRPC. This instructs the exporter to send spans to the OpenTelemetry Collector using gRPC.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
@ -228,7 +255,7 @@ tracing:
_Optional, Default=false_ _Optional, Default=false_
Allows reporter to send spans to the OpenTelemetry Collector without using a secured protocol. Allows exporter to send spans to the OpenTelemetry Collector without using a secured protocol.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
@ -247,11 +274,37 @@ tracing:
--tracing.otlp.grpc.insecure=true --tracing.otlp.grpc.insecure=true
``` ```
#### `headers`
_Optional, Default={}_
Additional headers sent with traces by the exporter to the OpenTelemetry Collector.
```yaml tab="File (YAML)"
tracing:
otlp:
grpc:
headers:
foo: bar
baz: buz
```
```toml tab="File (TOML)"
[tracing]
[tracing.otlp.grpc.headers]
foo = "bar"
baz = "buz"
```
```bash tab="CLI"
--tracing.otlp.grpc.headers.foo=bar --tracing.otlp.grpc.headers.baz=buz
```
#### `tls` #### `tls`
_Optional_ _Optional_
Defines the Client TLS configuration used by the reporter to send spans to the OpenTelemetry Collector. Defines the Client TLS configuration used by the exporter to send spans to the OpenTelemetry Collector.
##### `ca` ##### `ca`

View file

@ -14,10 +14,8 @@ Traefik uses [OpenTelemetry](https://opentelemetry.io/ "Link to website of OTel"
Please check our dedicated [OTel docs](./opentelemetry.md) to learn more. Please check our dedicated [OTel docs](./opentelemetry.md) to learn more.
## Configuration ## Configuration
To enable the tracing: To enable the tracing:
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
@ -34,6 +32,26 @@ tracing: {}
### Common Options ### Common Options
#### `addInternals`
_Optional, Default="false"_
Enables tracing for internal resources.
```yaml tab="File (YAML)"
tracing:
addInternals: true
```
```toml tab="File (TOML)"
[tracing]
addInternals = true
```
```bash tab="CLI"
--tracing.addinternals
```
#### `serviceName` #### `serviceName`
_Required, Default="traefik"_ _Required, Default="traefik"_
@ -74,30 +92,6 @@ tracing:
--tracing.sampleRate=0.2 --tracing.sampleRate=0.2
``` ```
#### `headers`
_Optional, Default={}_
Defines additional headers to be sent with the span's payload.
```yaml tab="File (YAML)"
tracing:
headers:
foo: bar
baz: buz
```
```toml tab="File (TOML)"
[tracing]
[tracing.headers]
foo = "bar"
baz = "buz"
```
```bash tab="CLI"
--tracing.headers.foo=bar --tracing.headers.baz=buz
```
#### `globalAttributes` #### `globalAttributes`
_Optional, Default=empty_ _Optional, Default=empty_

View file

@ -16,11 +16,13 @@
- "traefik.http.middlewares.middleware05.circuitbreaker.expression=foobar" - "traefik.http.middlewares.middleware05.circuitbreaker.expression=foobar"
- "traefik.http.middlewares.middleware05.circuitbreaker.fallbackduration=42s" - "traefik.http.middlewares.middleware05.circuitbreaker.fallbackduration=42s"
- "traefik.http.middlewares.middleware05.circuitbreaker.recoveryduration=42s" - "traefik.http.middlewares.middleware05.circuitbreaker.recoveryduration=42s"
- "traefik.http.middlewares.middleware05.circuitbreaker.responsecode=42"
- "traefik.http.middlewares.middleware06.compress=true" - "traefik.http.middlewares.middleware06.compress=true"
- "traefik.http.middlewares.middleware06.compress.excludedcontenttypes=foobar, foobar" - "traefik.http.middlewares.middleware06.compress.excludedcontenttypes=foobar, foobar"
- "traefik.http.middlewares.middleware06.compress.includedcontenttypes=foobar, foobar" - "traefik.http.middlewares.middleware06.compress.includedcontenttypes=foobar, foobar"
- "traefik.http.middlewares.middleware06.compress.minresponsebodybytes=42" - "traefik.http.middlewares.middleware06.compress.minresponsebodybytes=42"
- "traefik.http.middlewares.middleware07.contenttype=true" - "traefik.http.middlewares.middleware07.contenttype=true"
- "traefik.http.middlewares.middleware07.contenttype.autodetect=true"
- "traefik.http.middlewares.middleware08.digestauth.headerfield=foobar" - "traefik.http.middlewares.middleware08.digestauth.headerfield=foobar"
- "traefik.http.middlewares.middleware08.digestauth.realm=foobar" - "traefik.http.middlewares.middleware08.digestauth.realm=foobar"
- "traefik.http.middlewares.middleware08.digestauth.removeheader=true" - "traefik.http.middlewares.middleware08.digestauth.removeheader=true"
@ -35,6 +37,7 @@
- "traefik.http.middlewares.middleware10.forwardauth.authresponseheaders=foobar, foobar" - "traefik.http.middlewares.middleware10.forwardauth.authresponseheaders=foobar, foobar"
- "traefik.http.middlewares.middleware10.forwardauth.authresponseheadersregex=foobar" - "traefik.http.middlewares.middleware10.forwardauth.authresponseheadersregex=foobar"
- "traefik.http.middlewares.middleware10.forwardauth.tls.ca=foobar" - "traefik.http.middlewares.middleware10.forwardauth.tls.ca=foobar"
- "traefik.http.middlewares.middleware10.forwardauth.tls.caoptional=true"
- "traefik.http.middlewares.middleware10.forwardauth.tls.cert=foobar" - "traefik.http.middlewares.middleware10.forwardauth.tls.cert=foobar"
- "traefik.http.middlewares.middleware10.forwardauth.tls.insecureskipverify=true" - "traefik.http.middlewares.middleware10.forwardauth.tls.insecureskipverify=true"
- "traefik.http.middlewares.middleware10.forwardauth.tls.key=foobar" - "traefik.http.middlewares.middleware10.forwardauth.tls.key=foobar"
@ -58,6 +61,7 @@
- "traefik.http.middlewares.middleware12.headers.customrequestheaders.name1=foobar" - "traefik.http.middlewares.middleware12.headers.customrequestheaders.name1=foobar"
- "traefik.http.middlewares.middleware12.headers.customresponseheaders.name0=foobar" - "traefik.http.middlewares.middleware12.headers.customresponseheaders.name0=foobar"
- "traefik.http.middlewares.middleware12.headers.customresponseheaders.name1=foobar" - "traefik.http.middlewares.middleware12.headers.customresponseheaders.name1=foobar"
- "traefik.http.middlewares.middleware12.headers.featurepolicy=foobar"
- "traefik.http.middlewares.middleware12.headers.forcestsheader=true" - "traefik.http.middlewares.middleware12.headers.forcestsheader=true"
- "traefik.http.middlewares.middleware12.headers.framedeny=true" - "traefik.http.middlewares.middleware12.headers.framedeny=true"
- "traefik.http.middlewares.middleware12.headers.hostsproxyheaders=foobar, foobar" - "traefik.http.middlewares.middleware12.headers.hostsproxyheaders=foobar, foobar"
@ -65,8 +69,12 @@
- "traefik.http.middlewares.middleware12.headers.permissionspolicy=foobar" - "traefik.http.middlewares.middleware12.headers.permissionspolicy=foobar"
- "traefik.http.middlewares.middleware12.headers.publickey=foobar" - "traefik.http.middlewares.middleware12.headers.publickey=foobar"
- "traefik.http.middlewares.middleware12.headers.referrerpolicy=foobar" - "traefik.http.middlewares.middleware12.headers.referrerpolicy=foobar"
- "traefik.http.middlewares.middleware12.headers.sslforcehost=true"
- "traefik.http.middlewares.middleware12.headers.sslhost=foobar"
- "traefik.http.middlewares.middleware12.headers.sslproxyheaders.name0=foobar" - "traefik.http.middlewares.middleware12.headers.sslproxyheaders.name0=foobar"
- "traefik.http.middlewares.middleware12.headers.sslproxyheaders.name1=foobar" - "traefik.http.middlewares.middleware12.headers.sslproxyheaders.name1=foobar"
- "traefik.http.middlewares.middleware12.headers.sslredirect=true"
- "traefik.http.middlewares.middleware12.headers.ssltemporaryredirect=true"
- "traefik.http.middlewares.middleware12.headers.stsincludesubdomains=true" - "traefik.http.middlewares.middleware12.headers.stsincludesubdomains=true"
- "traefik.http.middlewares.middleware12.headers.stspreload=true" - "traefik.http.middlewares.middleware12.headers.stspreload=true"
- "traefik.http.middlewares.middleware12.headers.stsseconds=42" - "traefik.http.middlewares.middleware12.headers.stsseconds=42"
@ -126,12 +134,14 @@
- "traefik.http.middlewares.middleware22.replacepathregex.replacement=foobar" - "traefik.http.middlewares.middleware22.replacepathregex.replacement=foobar"
- "traefik.http.middlewares.middleware23.retry.attempts=42" - "traefik.http.middlewares.middleware23.retry.attempts=42"
- "traefik.http.middlewares.middleware23.retry.initialinterval=42s" - "traefik.http.middlewares.middleware23.retry.initialinterval=42s"
- "traefik.http.middlewares.middleware24.stripprefix.forceslash=true"
- "traefik.http.middlewares.middleware24.stripprefix.prefixes=foobar, foobar" - "traefik.http.middlewares.middleware24.stripprefix.prefixes=foobar, foobar"
- "traefik.http.middlewares.middleware25.stripprefixregex.regex=foobar, foobar" - "traefik.http.middlewares.middleware25.stripprefixregex.regex=foobar, foobar"
- "traefik.http.routers.router0.entrypoints=foobar, foobar" - "traefik.http.routers.router0.entrypoints=foobar, foobar"
- "traefik.http.routers.router0.middlewares=foobar, foobar" - "traefik.http.routers.router0.middlewares=foobar, foobar"
- "traefik.http.routers.router0.priority=42" - "traefik.http.routers.router0.priority=42"
- "traefik.http.routers.router0.rule=foobar" - "traefik.http.routers.router0.rule=foobar"
- "traefik.http.routers.router0.rulesyntax=foobar"
- "traefik.http.routers.router0.service=foobar" - "traefik.http.routers.router0.service=foobar"
- "traefik.http.routers.router0.tls=true" - "traefik.http.routers.router0.tls=true"
- "traefik.http.routers.router0.tls.certresolver=foobar" - "traefik.http.routers.router0.tls.certresolver=foobar"
@ -144,6 +154,7 @@
- "traefik.http.routers.router1.middlewares=foobar, foobar" - "traefik.http.routers.router1.middlewares=foobar, foobar"
- "traefik.http.routers.router1.priority=42" - "traefik.http.routers.router1.priority=42"
- "traefik.http.routers.router1.rule=foobar" - "traefik.http.routers.router1.rule=foobar"
- "traefik.http.routers.router1.rulesyntax=foobar"
- "traefik.http.routers.router1.service=foobar" - "traefik.http.routers.router1.service=foobar"
- "traefik.http.routers.router1.tls=true" - "traefik.http.routers.router1.tls=true"
- "traefik.http.routers.router1.tls.certresolver=foobar" - "traefik.http.routers.router1.tls.certresolver=foobar"
@ -176,6 +187,7 @@
- "traefik.http.services.service02.loadbalancer.sticky.cookie.secure=true" - "traefik.http.services.service02.loadbalancer.sticky.cookie.secure=true"
- "traefik.http.services.service02.loadbalancer.server.port=foobar" - "traefik.http.services.service02.loadbalancer.server.port=foobar"
- "traefik.http.services.service02.loadbalancer.server.scheme=foobar" - "traefik.http.services.service02.loadbalancer.server.scheme=foobar"
- "traefik.http.services.service02.loadbalancer.server.weight=42"
- "traefik.tcp.middlewares.tcpmiddleware01.ipallowlist.sourcerange=foobar, foobar" - "traefik.tcp.middlewares.tcpmiddleware01.ipallowlist.sourcerange=foobar, foobar"
- "traefik.tcp.middlewares.tcpmiddleware02.ipwhitelist.sourcerange=foobar, foobar" - "traefik.tcp.middlewares.tcpmiddleware02.ipwhitelist.sourcerange=foobar, foobar"
- "traefik.tcp.middlewares.tcpmiddleware03.inflightconn.amount=42" - "traefik.tcp.middlewares.tcpmiddleware03.inflightconn.amount=42"
@ -183,6 +195,7 @@
- "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar" - "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar"
- "traefik.tcp.routers.tcprouter0.priority=42" - "traefik.tcp.routers.tcprouter0.priority=42"
- "traefik.tcp.routers.tcprouter0.rule=foobar" - "traefik.tcp.routers.tcprouter0.rule=foobar"
- "traefik.tcp.routers.tcprouter0.rulesyntax=foobar"
- "traefik.tcp.routers.tcprouter0.service=foobar" - "traefik.tcp.routers.tcprouter0.service=foobar"
- "traefik.tcp.routers.tcprouter0.tls=true" - "traefik.tcp.routers.tcprouter0.tls=true"
- "traefik.tcp.routers.tcprouter0.tls.certresolver=foobar" - "traefik.tcp.routers.tcprouter0.tls.certresolver=foobar"
@ -196,6 +209,7 @@
- "traefik.tcp.routers.tcprouter1.middlewares=foobar, foobar" - "traefik.tcp.routers.tcprouter1.middlewares=foobar, foobar"
- "traefik.tcp.routers.tcprouter1.priority=42" - "traefik.tcp.routers.tcprouter1.priority=42"
- "traefik.tcp.routers.tcprouter1.rule=foobar" - "traefik.tcp.routers.tcprouter1.rule=foobar"
- "traefik.tcp.routers.tcprouter1.rulesyntax=foobar"
- "traefik.tcp.routers.tcprouter1.service=foobar" - "traefik.tcp.routers.tcprouter1.service=foobar"
- "traefik.tcp.routers.tcprouter1.tls=true" - "traefik.tcp.routers.tcprouter1.tls=true"
- "traefik.tcp.routers.tcprouter1.tls.certresolver=foobar" - "traefik.tcp.routers.tcprouter1.tls.certresolver=foobar"
@ -208,6 +222,7 @@
- "traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol=true" - "traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol=true"
- "traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol.version=42" - "traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol.version=42"
- "traefik.tcp.services.tcpservice01.loadbalancer.serverstransport=foobar" - "traefik.tcp.services.tcpservice01.loadbalancer.serverstransport=foobar"
- "traefik.tcp.services.tcpservice01.loadbalancer.terminationdelay=42"
- "traefik.tcp.services.tcpservice01.loadbalancer.server.port=foobar" - "traefik.tcp.services.tcpservice01.loadbalancer.server.port=foobar"
- "traefik.tcp.services.tcpservice01.loadbalancer.server.tls=true" - "traefik.tcp.services.tcpservice01.loadbalancer.server.tls=true"
- "traefik.udp.routers.udprouter0.entrypoints=foobar, foobar" - "traefik.udp.routers.udprouter0.entrypoints=foobar, foobar"

View file

@ -7,6 +7,7 @@
middlewares = ["foobar", "foobar"] middlewares = ["foobar", "foobar"]
service = "foobar" service = "foobar"
rule = "foobar" rule = "foobar"
ruleSyntax = "foobar"
priority = 42 priority = 42
[http.routers.Router0.tls] [http.routers.Router0.tls]
options = "foobar" options = "foobar"
@ -24,6 +25,7 @@
middlewares = ["foobar", "foobar"] middlewares = ["foobar", "foobar"]
service = "foobar" service = "foobar"
rule = "foobar" rule = "foobar"
ruleSyntax = "foobar"
priority = 42 priority = 42
[http.routers.Router1.tls] [http.routers.Router1.tls]
options = "foobar" options = "foobar"
@ -56,9 +58,11 @@
[[http.services.Service02.loadBalancer.servers]] [[http.services.Service02.loadBalancer.servers]]
url = "foobar" url = "foobar"
weight = 42
[[http.services.Service02.loadBalancer.servers]] [[http.services.Service02.loadBalancer.servers]]
url = "foobar" url = "foobar"
weight = 42
[http.services.Service02.loadBalancer.healthCheck] [http.services.Service02.loadBalancer.healthCheck]
scheme = "foobar" scheme = "foobar"
mode = "foobar" mode = "foobar"
@ -133,6 +137,7 @@
checkPeriod = "42s" checkPeriod = "42s"
fallbackDuration = "42s" fallbackDuration = "42s"
recoveryDuration = "42s" recoveryDuration = "42s"
responseCode = 42
[http.middlewares.Middleware06] [http.middlewares.Middleware06]
[http.middlewares.Middleware06.compress] [http.middlewares.Middleware06.compress]
excludedContentTypes = ["foobar", "foobar"] excludedContentTypes = ["foobar", "foobar"]
@ -140,6 +145,7 @@
minResponseBodyBytes = 42 minResponseBodyBytes = 42
[http.middlewares.Middleware07] [http.middlewares.Middleware07]
[http.middlewares.Middleware07.contentType] [http.middlewares.Middleware07.contentType]
autoDetect = true
[http.middlewares.Middleware08] [http.middlewares.Middleware08]
[http.middlewares.Middleware08.digestAuth] [http.middlewares.Middleware08.digestAuth]
users = ["foobar", "foobar"] users = ["foobar", "foobar"]
@ -165,6 +171,7 @@
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
caOptional = true
[http.middlewares.Middleware11] [http.middlewares.Middleware11]
[http.middlewares.Middleware11.grpcWeb] [http.middlewares.Middleware11.grpcWeb]
allowOrigins = ["foobar", "foobar"] allowOrigins = ["foobar", "foobar"]
@ -194,6 +201,11 @@
referrerPolicy = "foobar" referrerPolicy = "foobar"
permissionsPolicy = "foobar" permissionsPolicy = "foobar"
isDevelopment = true isDevelopment = true
featurePolicy = "foobar"
sslRedirect = true
sslTemporaryRedirect = true
sslHost = "foobar"
sslForceHost = true
[http.middlewares.Middleware12.headers.customRequestHeaders] [http.middlewares.Middleware12.headers.customRequestHeaders]
name0 = "foobar" name0 = "foobar"
name1 = "foobar" name1 = "foobar"
@ -293,6 +305,7 @@
[http.middlewares.Middleware24] [http.middlewares.Middleware24]
[http.middlewares.Middleware24.stripPrefix] [http.middlewares.Middleware24.stripPrefix]
prefixes = ["foobar", "foobar"] prefixes = ["foobar", "foobar"]
forceSlash = true
[http.middlewares.Middleware25] [http.middlewares.Middleware25]
[http.middlewares.Middleware25.stripPrefixRegex] [http.middlewares.Middleware25.stripPrefixRegex]
regex = ["foobar", "foobar"] regex = ["foobar", "foobar"]
@ -353,6 +366,7 @@
middlewares = ["foobar", "foobar"] middlewares = ["foobar", "foobar"]
service = "foobar" service = "foobar"
rule = "foobar" rule = "foobar"
ruleSyntax = "foobar"
priority = 42 priority = 42
[tcp.routers.TCPRouter0.tls] [tcp.routers.TCPRouter0.tls]
passthrough = true passthrough = true
@ -371,6 +385,7 @@
middlewares = ["foobar", "foobar"] middlewares = ["foobar", "foobar"]
service = "foobar" service = "foobar"
rule = "foobar" rule = "foobar"
ruleSyntax = "foobar"
priority = 42 priority = 42
[tcp.routers.TCPRouter1.tls] [tcp.routers.TCPRouter1.tls]
passthrough = true passthrough = true
@ -388,6 +403,7 @@
[tcp.services.TCPService01] [tcp.services.TCPService01]
[tcp.services.TCPService01.loadBalancer] [tcp.services.TCPService01.loadBalancer]
serversTransport = "foobar" serversTransport = "foobar"
terminationDelay = 42
[tcp.services.TCPService01.loadBalancer.proxyProtocol] [tcp.services.TCPService01.loadBalancer.proxyProtocol]
version = 42 version = 42
@ -507,6 +523,7 @@
curvePreferences = ["foobar", "foobar"] curvePreferences = ["foobar", "foobar"]
sniStrict = true sniStrict = true
alpnProtocols = ["foobar", "foobar"] alpnProtocols = ["foobar", "foobar"]
preferServerCipherSuites = true
[tls.options.Options0.clientAuth] [tls.options.Options0.clientAuth]
caFiles = ["foobar", "foobar"] caFiles = ["foobar", "foobar"]
clientAuthType = "foobar" clientAuthType = "foobar"
@ -517,6 +534,7 @@
curvePreferences = ["foobar", "foobar"] curvePreferences = ["foobar", "foobar"]
sniStrict = true sniStrict = true
alpnProtocols = ["foobar", "foobar"] alpnProtocols = ["foobar", "foobar"]
preferServerCipherSuites = true
[tls.options.Options1.clientAuth] [tls.options.Options1.clientAuth]
caFiles = ["foobar", "foobar"] caFiles = ["foobar", "foobar"]
clientAuthType = "foobar" clientAuthType = "foobar"

View file

@ -11,6 +11,7 @@ http:
- foobar - foobar
service: foobar service: foobar
rule: foobar rule: foobar
ruleSyntax: foobar
priority: 42 priority: 42
tls: tls:
options: foobar options: foobar
@ -33,6 +34,7 @@ http:
- foobar - foobar
service: foobar service: foobar
rule: foobar rule: foobar
ruleSyntax: foobar
priority: 42 priority: 42
tls: tls:
options: foobar options: foobar
@ -63,7 +65,9 @@ http:
maxAge: 42 maxAge: 42
servers: servers:
- url: foobar - url: foobar
weight: 42
- url: foobar - url: foobar
weight: 42
healthCheck: healthCheck:
scheme: foobar scheme: foobar
mode: foobar mode: foobar
@ -138,6 +142,7 @@ http:
checkPeriod: 42s checkPeriod: 42s
fallbackDuration: 42s fallbackDuration: 42s
recoveryDuration: 42s recoveryDuration: 42s
responseCode: 42
Middleware06: Middleware06:
compress: compress:
excludedContentTypes: excludedContentTypes:
@ -148,7 +153,8 @@ http:
- foobar - foobar
minResponseBodyBytes: 42 minResponseBodyBytes: 42
Middleware07: Middleware07:
contentType: {} contentType:
autoDetect: true
Middleware08: Middleware08:
digestAuth: digestAuth:
users: users:
@ -173,6 +179,7 @@ http:
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
caOptional: true
trustForwardHeader: true trustForwardHeader: true
authResponseHeaders: authResponseHeaders:
- foobar - foobar
@ -238,6 +245,11 @@ http:
referrerPolicy: foobar referrerPolicy: foobar
permissionsPolicy: foobar permissionsPolicy: foobar
isDevelopment: true isDevelopment: true
featurePolicy: foobar
sslRedirect: true
sslTemporaryRedirect: true
sslHost: foobar
sslForceHost: true
Middleware13: Middleware13:
ipAllowList: ipAllowList:
sourceRange: sourceRange:
@ -342,6 +354,7 @@ http:
prefixes: prefixes:
- foobar - foobar
- foobar - foobar
forceSlash: true
Middleware25: Middleware25:
stripPrefixRegex: stripPrefixRegex:
regex: regex:
@ -409,6 +422,7 @@ tcp:
- foobar - foobar
service: foobar service: foobar
rule: foobar rule: foobar
ruleSyntax: foobar
priority: 42 priority: 42
tls: tls:
passthrough: true passthrough: true
@ -432,6 +446,7 @@ tcp:
- foobar - foobar
service: foobar service: foobar
rule: foobar rule: foobar
ruleSyntax: foobar
priority: 42 priority: 42
tls: tls:
passthrough: true passthrough: true
@ -457,6 +472,7 @@ tcp:
- address: foobar - address: foobar
tls: true tls: true
serversTransport: foobar serversTransport: foobar
terminationDelay: 42
TCPService02: TCPService02:
weighted: weighted:
services: services:
@ -577,6 +593,7 @@ tls:
alpnProtocols: alpnProtocols:
- foobar - foobar
- foobar - foobar
preferServerCipherSuites: true
Options1: Options1:
minVersion: foobar minVersion: foobar
maxVersion: foobar maxVersion: foobar
@ -595,6 +612,7 @@ tls:
alpnProtocols: alpnProtocols:
- foobar - foobar
- foobar - foobar
preferServerCipherSuites: true
stores: stores:
Store0: Store0:
defaultCertificate: defaultCertificate:

View file

@ -20,12 +20,13 @@ THIS FILE MUST NOT BE EDITED BY HAND
| `traefik/http/middlewares/Middleware05/circuitBreaker/expression` | `foobar` | | `traefik/http/middlewares/Middleware05/circuitBreaker/expression` | `foobar` |
| `traefik/http/middlewares/Middleware05/circuitBreaker/fallbackDuration` | `42s` | | `traefik/http/middlewares/Middleware05/circuitBreaker/fallbackDuration` | `42s` |
| `traefik/http/middlewares/Middleware05/circuitBreaker/recoveryDuration` | `42s` | | `traefik/http/middlewares/Middleware05/circuitBreaker/recoveryDuration` | `42s` |
| `traefik/http/middlewares/Middleware05/circuitBreaker/responseCode` | `42` |
| `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/0` | `foobar` | | `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/0` | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/1` | `foobar` | | `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/1` | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/includedContentTypes/0` | `foobar` | | `traefik/http/middlewares/Middleware06/compress/includedContentTypes/0` | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/includedContentTypes/1` | `foobar` | | `traefik/http/middlewares/Middleware06/compress/includedContentTypes/1` | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/minResponseBodyBytes` | `42` | | `traefik/http/middlewares/Middleware06/compress/minResponseBodyBytes` | `42` |
| `traefik/http/middlewares/Middleware07/contentType` | `` | | `traefik/http/middlewares/Middleware07/contentType/autoDetect` | `true` |
| `traefik/http/middlewares/Middleware08/digestAuth/headerField` | `foobar` | | `traefik/http/middlewares/Middleware08/digestAuth/headerField` | `foobar` |
| `traefik/http/middlewares/Middleware08/digestAuth/realm` | `foobar` | | `traefik/http/middlewares/Middleware08/digestAuth/realm` | `foobar` |
| `traefik/http/middlewares/Middleware08/digestAuth/removeHeader` | `true` | | `traefik/http/middlewares/Middleware08/digestAuth/removeHeader` | `true` |
@ -45,6 +46,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/1` | `foobar` | | `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/1` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeadersRegex` | `foobar` | | `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeadersRegex` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/ca` | `foobar` | | `traefik/http/middlewares/Middleware10/forwardAuth/tls/ca` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/caOptional` | `true` |
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/cert` | `foobar` | | `traefik/http/middlewares/Middleware10/forwardAuth/tls/cert` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/insecureSkipVerify` | `true` | | `traefik/http/middlewares/Middleware10/forwardAuth/tls/insecureSkipVerify` | `true` |
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/key` | `foobar` | | `traefik/http/middlewares/Middleware10/forwardAuth/tls/key` | `foobar` |
@ -75,6 +77,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
| `traefik/http/middlewares/Middleware12/headers/customRequestHeaders/name1` | `foobar` | | `traefik/http/middlewares/Middleware12/headers/customRequestHeaders/name1` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/customResponseHeaders/name0` | `foobar` | | `traefik/http/middlewares/Middleware12/headers/customResponseHeaders/name0` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/customResponseHeaders/name1` | `foobar` | | `traefik/http/middlewares/Middleware12/headers/customResponseHeaders/name1` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/featurePolicy` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/forceSTSHeader` | `true` | | `traefik/http/middlewares/Middleware12/headers/forceSTSHeader` | `true` |
| `traefik/http/middlewares/Middleware12/headers/frameDeny` | `true` | | `traefik/http/middlewares/Middleware12/headers/frameDeny` | `true` |
| `traefik/http/middlewares/Middleware12/headers/hostsProxyHeaders/0` | `foobar` | | `traefik/http/middlewares/Middleware12/headers/hostsProxyHeaders/0` | `foobar` |
@ -83,8 +86,12 @@ THIS FILE MUST NOT BE EDITED BY HAND
| `traefik/http/middlewares/Middleware12/headers/permissionsPolicy` | `foobar` | | `traefik/http/middlewares/Middleware12/headers/permissionsPolicy` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/publicKey` | `foobar` | | `traefik/http/middlewares/Middleware12/headers/publicKey` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/referrerPolicy` | `foobar` | | `traefik/http/middlewares/Middleware12/headers/referrerPolicy` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/sslForceHost` | `true` |
| `traefik/http/middlewares/Middleware12/headers/sslHost` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/sslProxyHeaders/name0` | `foobar` | | `traefik/http/middlewares/Middleware12/headers/sslProxyHeaders/name0` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/sslProxyHeaders/name1` | `foobar` | | `traefik/http/middlewares/Middleware12/headers/sslProxyHeaders/name1` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/sslRedirect` | `true` |
| `traefik/http/middlewares/Middleware12/headers/sslTemporaryRedirect` | `true` |
| `traefik/http/middlewares/Middleware12/headers/stsIncludeSubdomains` | `true` | | `traefik/http/middlewares/Middleware12/headers/stsIncludeSubdomains` | `true` |
| `traefik/http/middlewares/Middleware12/headers/stsPreload` | `true` | | `traefik/http/middlewares/Middleware12/headers/stsPreload` | `true` |
| `traefik/http/middlewares/Middleware12/headers/stsSeconds` | `42` | | `traefik/http/middlewares/Middleware12/headers/stsSeconds` | `42` |
@ -148,6 +155,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
| `traefik/http/middlewares/Middleware22/replacePathRegex/replacement` | `foobar` | | `traefik/http/middlewares/Middleware22/replacePathRegex/replacement` | `foobar` |
| `traefik/http/middlewares/Middleware23/retry/attempts` | `42` | | `traefik/http/middlewares/Middleware23/retry/attempts` | `42` |
| `traefik/http/middlewares/Middleware23/retry/initialInterval` | `42s` | | `traefik/http/middlewares/Middleware23/retry/initialInterval` | `42s` |
| `traefik/http/middlewares/Middleware24/stripPrefix/forceSlash` | `true` |
| `traefik/http/middlewares/Middleware24/stripPrefix/prefixes/0` | `foobar` | | `traefik/http/middlewares/Middleware24/stripPrefix/prefixes/0` | `foobar` |
| `traefik/http/middlewares/Middleware24/stripPrefix/prefixes/1` | `foobar` | | `traefik/http/middlewares/Middleware24/stripPrefix/prefixes/1` | `foobar` |
| `traefik/http/middlewares/Middleware25/stripPrefixRegex/regex/0` | `foobar` | | `traefik/http/middlewares/Middleware25/stripPrefixRegex/regex/0` | `foobar` |
@ -158,6 +166,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
| `traefik/http/routers/Router0/middlewares/1` | `foobar` | | `traefik/http/routers/Router0/middlewares/1` | `foobar` |
| `traefik/http/routers/Router0/priority` | `42` | | `traefik/http/routers/Router0/priority` | `42` |
| `traefik/http/routers/Router0/rule` | `foobar` | | `traefik/http/routers/Router0/rule` | `foobar` |
| `traefik/http/routers/Router0/ruleSyntax` | `foobar` |
| `traefik/http/routers/Router0/service` | `foobar` | | `traefik/http/routers/Router0/service` | `foobar` |
| `traefik/http/routers/Router0/tls/certResolver` | `foobar` | | `traefik/http/routers/Router0/tls/certResolver` | `foobar` |
| `traefik/http/routers/Router0/tls/domains/0/main` | `foobar` | | `traefik/http/routers/Router0/tls/domains/0/main` | `foobar` |
@ -173,6 +182,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
| `traefik/http/routers/Router1/middlewares/1` | `foobar` | | `traefik/http/routers/Router1/middlewares/1` | `foobar` |
| `traefik/http/routers/Router1/priority` | `42` | | `traefik/http/routers/Router1/priority` | `42` |
| `traefik/http/routers/Router1/rule` | `foobar` | | `traefik/http/routers/Router1/rule` | `foobar` |
| `traefik/http/routers/Router1/ruleSyntax` | `foobar` |
| `traefik/http/routers/Router1/service` | `foobar` | | `traefik/http/routers/Router1/service` | `foobar` |
| `traefik/http/routers/Router1/tls/certResolver` | `foobar` | | `traefik/http/routers/Router1/tls/certResolver` | `foobar` |
| `traefik/http/routers/Router1/tls/domains/0/main` | `foobar` | | `traefik/http/routers/Router1/tls/domains/0/main` | `foobar` |
@ -238,7 +248,9 @@ THIS FILE MUST NOT BE EDITED BY HAND
| `traefik/http/services/Service02/loadBalancer/passHostHeader` | `true` | | `traefik/http/services/Service02/loadBalancer/passHostHeader` | `true` |
| `traefik/http/services/Service02/loadBalancer/responseForwarding/flushInterval` | `42s` | | `traefik/http/services/Service02/loadBalancer/responseForwarding/flushInterval` | `42s` |
| `traefik/http/services/Service02/loadBalancer/servers/0/url` | `foobar` | | `traefik/http/services/Service02/loadBalancer/servers/0/url` | `foobar` |
| `traefik/http/services/Service02/loadBalancer/servers/0/weight` | `42` |
| `traefik/http/services/Service02/loadBalancer/servers/1/url` | `foobar` | | `traefik/http/services/Service02/loadBalancer/servers/1/url` | `foobar` |
| `traefik/http/services/Service02/loadBalancer/servers/1/weight` | `42` |
| `traefik/http/services/Service02/loadBalancer/serversTransport` | `foobar` | | `traefik/http/services/Service02/loadBalancer/serversTransport` | `foobar` |
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/httpOnly` | `true` | | `traefik/http/services/Service02/loadBalancer/sticky/cookie/httpOnly` | `true` |
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/maxAge` | `42` | | `traefik/http/services/Service02/loadBalancer/sticky/cookie/maxAge` | `42` |
@ -273,6 +285,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
| `traefik/tcp/routers/TCPRouter0/middlewares/1` | `foobar` | | `traefik/tcp/routers/TCPRouter0/middlewares/1` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/priority` | `42` | | `traefik/tcp/routers/TCPRouter0/priority` | `42` |
| `traefik/tcp/routers/TCPRouter0/rule` | `foobar` | | `traefik/tcp/routers/TCPRouter0/rule` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/ruleSyntax` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/service` | `foobar` | | `traefik/tcp/routers/TCPRouter0/service` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/certResolver` | `foobar` | | `traefik/tcp/routers/TCPRouter0/tls/certResolver` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/domains/0/main` | `foobar` | | `traefik/tcp/routers/TCPRouter0/tls/domains/0/main` | `foobar` |
@ -289,6 +302,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
| `traefik/tcp/routers/TCPRouter1/middlewares/1` | `foobar` | | `traefik/tcp/routers/TCPRouter1/middlewares/1` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/priority` | `42` | | `traefik/tcp/routers/TCPRouter1/priority` | `42` |
| `traefik/tcp/routers/TCPRouter1/rule` | `foobar` | | `traefik/tcp/routers/TCPRouter1/rule` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/ruleSyntax` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/service` | `foobar` | | `traefik/tcp/routers/TCPRouter1/service` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/certResolver` | `foobar` | | `traefik/tcp/routers/TCPRouter1/tls/certResolver` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/domains/0/main` | `foobar` | | `traefik/tcp/routers/TCPRouter1/tls/domains/0/main` | `foobar` |
@ -335,6 +349,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
| `traefik/tcp/services/TCPService01/loadBalancer/servers/1/address` | `foobar` | | `traefik/tcp/services/TCPService01/loadBalancer/servers/1/address` | `foobar` |
| `traefik/tcp/services/TCPService01/loadBalancer/servers/1/tls` | `true` | | `traefik/tcp/services/TCPService01/loadBalancer/servers/1/tls` | `true` |
| `traefik/tcp/services/TCPService01/loadBalancer/serversTransport` | `foobar` | | `traefik/tcp/services/TCPService01/loadBalancer/serversTransport` | `foobar` |
| `traefik/tcp/services/TCPService01/loadBalancer/terminationDelay` | `42` |
| `traefik/tcp/services/TCPService02/weighted/services/0/name` | `foobar` | | `traefik/tcp/services/TCPService02/weighted/services/0/name` | `foobar` |
| `traefik/tcp/services/TCPService02/weighted/services/0/weight` | `42` | | `traefik/tcp/services/TCPService02/weighted/services/0/weight` | `42` |
| `traefik/tcp/services/TCPService02/weighted/services/1/name` | `foobar` | | `traefik/tcp/services/TCPService02/weighted/services/1/name` | `foobar` |
@ -358,6 +373,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
| `traefik/tls/options/Options0/curvePreferences/1` | `foobar` | | `traefik/tls/options/Options0/curvePreferences/1` | `foobar` |
| `traefik/tls/options/Options0/maxVersion` | `foobar` | | `traefik/tls/options/Options0/maxVersion` | `foobar` |
| `traefik/tls/options/Options0/minVersion` | `foobar` | | `traefik/tls/options/Options0/minVersion` | `foobar` |
| `traefik/tls/options/Options0/preferServerCipherSuites` | `true` |
| `traefik/tls/options/Options0/sniStrict` | `true` | | `traefik/tls/options/Options0/sniStrict` | `true` |
| `traefik/tls/options/Options1/alpnProtocols/0` | `foobar` | | `traefik/tls/options/Options1/alpnProtocols/0` | `foobar` |
| `traefik/tls/options/Options1/alpnProtocols/1` | `foobar` | | `traefik/tls/options/Options1/alpnProtocols/1` | `foobar` |
@ -370,6 +386,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
| `traefik/tls/options/Options1/curvePreferences/1` | `foobar` | | `traefik/tls/options/Options1/curvePreferences/1` | `foobar` |
| `traefik/tls/options/Options1/maxVersion` | `foobar` | | `traefik/tls/options/Options1/maxVersion` | `foobar` |
| `traefik/tls/options/Options1/minVersion` | `foobar` | | `traefik/tls/options/Options1/minVersion` | `foobar` |
| `traefik/tls/options/Options1/preferServerCipherSuites` | `true` |
| `traefik/tls/options/Options1/sniStrict` | `true` | | `traefik/tls/options/Options1/sniStrict` | `true` |
| `traefik/tls/stores/Store0/defaultCertificate/certFile` | `foobar` | | `traefik/tls/stores/Store0/defaultCertificate/certFile` | `foobar` |
| `traefik/tls/stores/Store0/defaultCertificate/keyFile` | `foobar` | | `traefik/tls/stores/Store0/defaultCertificate/keyFile` | `foobar` |

View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: ingressroutes.traefik.io name: ingressroutes.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -20,14 +20,19 @@ spec:
description: IngressRoute is the CRD implementation of a Traefik HTTP Router. description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -35,10 +40,11 @@ spec:
description: IngressRouteSpec defines the desired state of IngressRoute. description: IngressRouteSpec defines the desired state of IngressRoute.
properties: properties:
entryPoints: entryPoints:
description: 'EntryPoints defines the list of entry point names to description: |-
bind to. Entry points have to be configured in the static configuration. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
Default: all.' Default: all.
items: items:
type: string type: string
type: array type: array
@ -48,17 +54,21 @@ spec:
description: Route holds the HTTP route configuration. description: Route holds the HTTP route configuration.
properties: properties:
kind: kind:
description: Kind defines the kind of the route. Rule is the description: |-
only supported kind. Kind defines the kind of the route.
Rule is the only supported kind.
enum: enum:
- Rule - Rule
type: string type: string
match: match:
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule' description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule
type: string type: string
middlewares: middlewares:
description: 'Middlewares defines the list of references to description: |-
Middleware resources. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware' Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware
items: items:
description: MiddlewareRef is a reference to a Middleware description: MiddlewareRef is a reference to a Middleware
resource. resource.
@ -76,13 +86,14 @@ spec:
type: object type: object
type: array type: array
priority: priority:
description: 'Priority defines the router''s priority. More description: |-
info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority' Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority
type: integer type: integer
services: services:
description: Services defines the list of Service. It can contain description: |-
any combination of TraefikService and/or reference to a Kubernetes Services defines the list of Service.
Service. It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
items: items:
description: Service defines an upstream HTTP service to proxy description: Service defines an upstream HTTP service to proxy
traffic to. traffic to.
@ -94,31 +105,32 @@ spec:
- TraefikService - TraefikService
type: string type: string
name: name:
description: Name defines the name of the referenced Kubernetes description: |-
Service or TraefikService. The differentiation between Name defines the name of the referenced Kubernetes Service or TraefikService.
the two is specified in the Kind field. The differentiation between the two is specified in the Kind field.
type: string type: string
namespace: namespace:
description: Namespace defines the namespace of the referenced description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService. Kubernetes Service or TraefikService.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs NativeLB controls, when creating the load-balancer,
or if the only child is the Kubernetes Service clusterIP. whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the The Kubernetes Service itself does load-balance to the pods.
pods. By default, NativeLB is false. By default, NativeLB is false.
type: boolean type: boolean
passHostHeader: passHostHeader:
description: PassHostHeader defines whether the client description: |-
Host header is forwarded to the upstream Kubernetes PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
Service. By default, passHostHeader is true. By default, passHostHeader is true.
type: boolean type: boolean
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port. This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseForwarding: responseForwarding:
@ -127,30 +139,29 @@ spec:
the client. the client.
properties: properties:
flushInterval: flushInterval:
description: 'FlushInterval defines the interval, description: |-
in milliseconds, in between flushes to the client FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
while copying the response body. A negative value A negative value means to flush immediately after each write to the client.
means to flush immediately after each write to the This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
client. This configuration is ignored when ReverseProxy for such responses, writes are flushed to the client immediately.
recognizes a response as a streaming response; for Default: 100ms
such responses, writes are flushed to the client
immediately. Default: 100ms'
type: string type: string
type: object type: object
scheme: scheme:
description: Scheme defines the scheme to use for the description: |-
request to the upstream Kubernetes Service. It defaults Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
to https when Kubernetes Service port is 443, http otherwise. It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string type: string
serversTransport: serversTransport:
description: ServersTransport defines the name of ServersTransport description: |-
resource to use. It allows to configure the transport ServersTransport defines the name of ServersTransport resource to use.
between Traefik and your servers. Can only be used on It allows to configure the transport between Traefik and your servers.
a Kubernetes Service. Can only be used on a Kubernetes Service.
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: |-
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -161,17 +172,18 @@ spec:
JavaScript. JavaScript.
type: boolean type: boolean
maxAge: maxAge:
description: MaxAge indicates the number of seconds description: |-
until the cookie expires. When set to a negative MaxAge indicates the number of seconds until the cookie expires.
number, the cookie expires immediately. When When set to a negative number, the cookie expires immediately.
set to zero, the cookie never expires. When set to zero, the cookie never expires.
type: integer type: integer
name: name:
description: Name defines the Cookie name. description: Name defines the Cookie name.
type: string type: string
sameSite: sameSite:
description: 'SameSite defines the same site policy. description: |-
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string type: string
secure: secure:
description: Secure defines whether the cookie description: Secure defines whether the cookie
@ -181,36 +193,44 @@ spec:
type: object type: object
type: object type: object
strategy: strategy:
description: Strategy defines the load balancing strategy description: |-
between the servers. RoundRobin is the only supported Strategy defines the load balancing strategy between the servers.
value at the moment. RoundRobin is the only supported value at the moment.
type: string type: string
weight: weight:
description: Weight defines the weight and should only description: |-
be specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round (and to be precise, one that embeds a Weighted Round Robin).
Robin).
type: integer type: integer
required: required:
- name - name
type: object type: object
type: array type: array
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax
type: string
required: required:
- kind - kind
- match - match
type: object type: object
type: array type: array
tls: tls:
description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls' description: |-
TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls
properties: properties:
certResolver: certResolver:
description: 'CertResolver defines the name of the certificate description: |-
resolver to use. Cert resolvers have to be configured in the CertResolver defines the name of the certificate resolver to use.
static configuration. More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers' Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers
type: string type: string
domains: domains:
description: 'Domains defines the list of domains that will be description: |-
used to issue certificates. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains' Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@ -226,17 +246,20 @@ spec:
type: object type: object
type: array type: array
options: options:
description: 'Options defines the reference to a TLSOption, that description: |-
specifies the parameters of the TLS connection. If not defined, Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options' If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
properties: properties:
name: name:
description: 'Name defines the name of the referenced TLSOption. description: |-
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption' Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption
type: string type: string
namespace: namespace:
description: 'Namespace defines the namespace of the referenced description: |-
TLSOption. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption' Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption
type: string type: string
required: required:
- name - name
@ -246,17 +269,19 @@ spec:
Secret to specify the certificate details. Secret to specify the certificate details.
type: string type: string
store: store:
description: Store defines the reference to the TLSStore, that description: |-
will be used to store certificates. Please note that only `default` Store defines the reference to the TLSStore, that will be used to store certificates.
TLSStore can be used. Please note that only `default` TLSStore can be used.
properties: properties:
name: name:
description: 'Name defines the name of the referenced TLSStore. description: |-
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore' Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore
type: string type: string
namespace: namespace:
description: 'Namespace defines the namespace of the referenced description: |-
TLSStore. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore' Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore
type: string type: string
required: required:
- name - name

View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: ingressroutetcps.traefik.io name: ingressroutetcps.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -20,14 +20,19 @@ spec:
description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -35,10 +40,11 @@ spec:
description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
properties: properties:
entryPoints: entryPoints:
description: 'EntryPoints defines the list of entry point names to description: |-
bind to. Entry points have to be configured in the static configuration. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
Default: all.' Default: all.
items: items:
type: string type: string
type: array type: array
@ -48,7 +54,9 @@ spec:
description: RouteTCP holds the TCP route configuration. description: RouteTCP holds the TCP route configuration.
properties: properties:
match: match:
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1' description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1
type: string type: string
middlewares: middlewares:
description: Middlewares defines the list of references to MiddlewareTCP description: Middlewares defines the list of references to MiddlewareTCP
@ -70,8 +78,9 @@ spec:
type: object type: object
type: array type: array
priority: priority:
description: 'Priority defines the router''s priority. More description: |-
info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1' Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1
type: integer type: integer
services: services:
description: Services defines the list of TCP services. description: Services defines the list of TCP services.
@ -88,22 +97,24 @@ spec:
Kubernetes Service. Kubernetes Service.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs NativeLB controls, when creating the load-balancer,
or if the only child is the Kubernetes Service clusterIP. whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the The Kubernetes Service itself does load-balance to the pods.
pods. By default, NativeLB is false. By default, NativeLB is false.
type: boolean type: boolean
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port. This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
proxyProtocol: proxyProtocol:
description: 'ProxyProtocol defines the PROXY protocol description: |-
configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol' ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol
properties: properties:
version: version:
description: Version defines the PROXY Protocol version description: Version defines the PROXY Protocol version
@ -111,11 +122,20 @@ spec:
type: integer type: integer
type: object type: object
serversTransport: serversTransport:
description: ServersTransport defines the name of ServersTransportTCP description: |-
resource to use. It allows to configure the transport ServersTransport defines the name of ServersTransportTCP resource to use.
between Traefik and your servers. Can only be used on It allows to configure the transport between Traefik and your servers.
a Kubernetes Service. Can only be used on a Kubernetes Service.
type: string type: string
terminationDelay:
description: |-
TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates
it has closed the writing capability of its connection, to close the reading capability as well,
hence fully terminating the connection.
It is a duration in milliseconds, defaulting to 100.
A negative value means an infinite deadline (i.e. the reading capability is never closed).
Deprecated: TerminationDelay is not supported APIVersion traefik.io/v1, please use ServersTransport to configure the TerminationDelay instead.
type: integer
tls: tls:
description: TLS determines whether to use TLS when dialing description: TLS determines whether to use TLS when dialing
with the backend. with the backend.
@ -129,22 +149,30 @@ spec:
- port - port
type: object type: object
type: array type: array
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1
type: string
required: required:
- match - match
type: object type: object
type: array type: array
tls: tls:
description: 'TLS defines the TLS configuration on a layer 4 / TCP description: |-
Route. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1' TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1
properties: properties:
certResolver: certResolver:
description: 'CertResolver defines the name of the certificate description: |-
resolver to use. Cert resolvers have to be configured in the CertResolver defines the name of the certificate resolver to use.
static configuration. More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers' Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers
type: string type: string
domains: domains:
description: 'Domains defines the list of domains that will be description: |-
used to issue certificates. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains' Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@ -160,9 +188,10 @@ spec:
type: object type: object
type: array type: array
options: options:
description: 'Options defines the reference to a TLSOption, that description: |-
specifies the parameters of the TLS connection. If not defined, Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options' If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
properties: properties:
name: name:
description: Name defines the name of the referenced Traefik description: Name defines the name of the referenced Traefik
@ -184,9 +213,9 @@ spec:
Secret to specify the certificate details. Secret to specify the certificate details.
type: string type: string
store: store:
description: Store defines the reference to the TLSStore, that description: |-
will be used to store certificates. Please note that only `default` Store defines the reference to the TLSStore, that will be used to store certificates.
TLSStore can be used. Please note that only `default` TLSStore can be used.
properties: properties:
name: name:
description: Name defines the name of the referenced Traefik description: Name defines the name of the referenced Traefik

View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: ingressrouteudps.traefik.io name: ingressrouteudps.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -20,14 +20,19 @@ spec:
description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -35,10 +40,11 @@ spec:
description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
properties: properties:
entryPoints: entryPoints:
description: 'EntryPoints defines the list of entry point names to description: |-
bind to. Entry points have to be configured in the static configuration. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
Default: all.' Default: all.
items: items:
type: string type: string
type: array type: array
@ -62,17 +68,18 @@ spec:
Kubernetes Service. Kubernetes Service.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs NativeLB controls, when creating the load-balancer,
or if the only child is the Kubernetes Service clusterIP. whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the The Kubernetes Service itself does load-balance to the pods.
pods. By default, NativeLB is false. By default, NativeLB is false.
type: boolean type: boolean
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port. This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
weight: weight:

View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: middlewares.traefik.io name: middlewares.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -17,18 +17,24 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'Middleware is the CRD implementation of a Traefik Middleware. description: |-
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/' Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -36,33 +42,37 @@ spec:
description: MiddlewareSpec defines the desired state of a Middleware. description: MiddlewareSpec defines the desired state of a Middleware.
properties: properties:
addPrefix: addPrefix:
description: 'AddPrefix holds the add prefix middleware configuration. description: |-
This middleware updates the path of a request before forwarding AddPrefix holds the add prefix middleware configuration.
it. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/' This middleware updates the path of a request before forwarding it.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/
properties: properties:
prefix: prefix:
description: Prefix is the string to add before the current path description: |-
in the requested URL. It should include a leading slash (/). Prefix is the string to add before the current path in the requested URL.
It should include a leading slash (/).
type: string type: string
type: object type: object
basicAuth: basicAuth:
description: 'BasicAuth holds the basic auth middleware configuration. description: |-
BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/
properties: properties:
headerField: headerField:
description: 'HeaderField defines a header field to store the description: |-
authenticated user. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield' HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
type: string type: string
realm: realm:
description: 'Realm allows the protected resources on a server description: |-
to be partitioned into a set of protection spaces, each with Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
its own authentication scheme. Default: traefik.' Default: traefik.
type: string type: string
removeHeader: removeHeader:
description: 'RemoveHeader sets the removeHeader option to true description: |-
to remove the authorization header before forwarding the request RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.
to your service. Default: false.' Default: false.
type: boolean type: boolean
secret: secret:
description: Secret is the name of the referenced Kubernetes Secret description: Secret is the name of the referenced Kubernetes Secret
@ -70,48 +80,49 @@ spec:
type: string type: string
type: object type: object
buffering: buffering:
description: 'Buffering holds the buffering middleware configuration. description: |-
This middleware retries or limits the size of requests that can Buffering holds the buffering middleware configuration.
be forwarded to backends. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes' This middleware retries or limits the size of requests that can be forwarded to backends.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes
properties: properties:
maxRequestBodyBytes: maxRequestBodyBytes:
description: 'MaxRequestBodyBytes defines the maximum allowed description: |-
body size for the request (in bytes). If the request exceeds MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
the allowed size, it is not forwarded to the service, and the If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
client gets a 413 (Request Entity Too Large) response. Default: Default: 0 (no maximum).
0 (no maximum).'
format: int64 format: int64
type: integer type: integer
maxResponseBodyBytes: maxResponseBodyBytes:
description: 'MaxResponseBodyBytes defines the maximum allowed description: |-
response size from the service (in bytes). If the response exceeds MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes).
the allowed size, it is not forwarded to the client. The client If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead.
gets a 500 (Internal Server Error) response instead. Default: Default: 0 (no maximum).
0 (no maximum).'
format: int64 format: int64
type: integer type: integer
memRequestBodyBytes: memRequestBodyBytes:
description: 'MemRequestBodyBytes defines the threshold (in bytes) description: |-
from which the request will be buffered on disk instead of in MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory.
memory. Default: 1048576 (1Mi).' Default: 1048576 (1Mi).
format: int64 format: int64
type: integer type: integer
memResponseBodyBytes: memResponseBodyBytes:
description: 'MemResponseBodyBytes defines the threshold (in bytes) description: |-
from which the response will be buffered on disk instead of MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory.
in memory. Default: 1048576 (1Mi).' Default: 1048576 (1Mi).
format: int64 format: int64
type: integer type: integer
retryExpression: retryExpression:
description: 'RetryExpression defines the retry conditions. It description: |-
is a logical combination of functions with operators AND (&&) RetryExpression defines the retry conditions.
and OR (||). More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression' It is a logical combination of functions with operators AND (&&) and OR (||).
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression
type: string type: string
type: object type: object
chain: chain:
description: 'Chain holds the configuration of the chain middleware. description: |-
This middleware enables to define reusable combinations of other Chain holds the configuration of the chain middleware.
pieces of middleware. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/' This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/
properties: properties:
middlewares: middlewares:
description: Middlewares is the list of MiddlewareRef which composes description: Middlewares is the list of MiddlewareRef which composes
@ -163,15 +174,15 @@ spec:
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
type: object type: object
compress: compress:
description: 'Compress holds the compress middleware configuration. description: |-
This middleware compresses responses before sending them to the Compress holds the compress middleware configuration.
client, using gzip compression. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/' This middleware compresses responses before sending them to the client, using gzip compression.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/
properties: properties:
excludedContentTypes: excludedContentTypes:
description: ExcludedContentTypes defines the list of content description: |-
types to compare the Content-Type header of the incoming requests ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
and responses before compressing. `application/grpc` is always `application/grpc` is always excluded.
excluded.
items: items:
type: string type: string
type: array type: array
@ -183,30 +194,38 @@ spec:
type: string type: string
type: array type: array
minResponseBodyBytes: minResponseBodyBytes:
description: 'MinResponseBodyBytes defines the minimum amount description: |-
of bytes a response body must have to be compressed. Default: MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
1024.' Default: 1024.
type: integer type: integer
type: object type: object
contentType: contentType:
description: ContentType holds the content-type middleware configuration. description: |-
This middleware sets the `Content-Type` header value to the media ContentType holds the content-type middleware configuration.
type detected from the response content, when it is not set by the This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
backend. properties:
autoDetect:
description: |-
AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
be automatically set to a value derived from the contents of the response.
Deprecated: AutoDetect option is deprecated, Content-Type middleware is only meant to be used to enable the content-type detection, please remove any usage of this option.
type: boolean
type: object type: object
digestAuth: digestAuth:
description: 'DigestAuth holds the digest auth middleware configuration. description: |-
DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/
properties: properties:
headerField: headerField:
description: 'HeaderField defines a header field to store the description: |-
authenticated user. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield' HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
type: string type: string
realm: realm:
description: 'Realm allows the protected resources on a server description: |-
to be partitioned into a set of protection spaces, each with Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
its own authentication scheme. Default: traefik.' Default: traefik.
type: string type: string
removeHeader: removeHeader:
description: RemoveHeader defines whether to remove the authorization description: RemoveHeader defines whether to remove the authorization
@ -218,18 +237,20 @@ spec:
type: string type: string
type: object type: object
errors: errors:
description: 'ErrorPage holds the custom error middleware configuration. description: |-
This middleware returns a custom page in lieu of the default, according ErrorPage holds the custom error middleware configuration.
to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/' This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/
properties: properties:
query: query:
description: Query defines the URL for the error page (hosted description: |-
by service). The {status} variable can be used in order to insert Query defines the URL for the error page (hosted by service).
the status code in the URL. The {status} variable can be used in order to insert the status code in the URL.
type: string type: string
service: service:
description: 'Service defines the reference to a Kubernetes Service description: |-
that will serve the error page. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service' Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service
properties: properties:
kind: kind:
description: Kind defines the kind of the Service. description: Kind defines the kind of the Service.
@ -238,31 +259,32 @@ spec:
- TraefikService - TraefikService
type: string type: string
name: name:
description: Name defines the name of the referenced Kubernetes description: |-
Service or TraefikService. The differentiation between the Name defines the name of the referenced Kubernetes Service or TraefikService.
two is specified in the Kind field. The differentiation between the two is specified in the Kind field.
type: string type: string
namespace: namespace:
description: Namespace defines the namespace of the referenced description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService. Kubernetes Service or TraefikService.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs or if NativeLB controls, when creating the load-balancer,
the only child is the Kubernetes Service clusterIP. The whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
Kubernetes Service itself does load-balance to the pods. The Kubernetes Service itself does load-balance to the pods.
By default, NativeLB is false. By default, NativeLB is false.
type: boolean type: boolean
passHostHeader: passHostHeader:
description: PassHostHeader defines whether the client Host description: |-
header is forwarded to the upstream Kubernetes Service. PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true. By default, passHostHeader is true.
type: boolean type: boolean
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port. This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseForwarding: responseForwarding:
@ -271,29 +293,29 @@ spec:
client. client.
properties: properties:
flushInterval: flushInterval:
description: 'FlushInterval defines the interval, in milliseconds, description: |-
in between flushes to the client while copying the response FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
body. A negative value means to flush immediately after A negative value means to flush immediately after each write to the client.
each write to the client. This configuration is ignored This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
when ReverseProxy recognizes a response as a streaming for such responses, writes are flushed to the client immediately.
response; for such responses, writes are flushed to Default: 100ms
the client immediately. Default: 100ms'
type: string type: string
type: object type: object
scheme: scheme:
description: Scheme defines the scheme to use for the request description: |-
to the upstream Kubernetes Service. It defaults to https Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
when Kubernetes Service port is 443, http otherwise. It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string type: string
serversTransport: serversTransport:
description: ServersTransport defines the name of ServersTransport description: |-
resource to use. It allows to configure the transport between ServersTransport defines the name of ServersTransport resource to use.
Traefik and your servers. Can only be used on a Kubernetes It allows to configure the transport between Traefik and your servers.
Service. Can only be used on a Kubernetes Service.
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: |-
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -303,17 +325,18 @@ spec:
be accessed by client-side APIs, such as JavaScript. be accessed by client-side APIs, such as JavaScript.
type: boolean type: boolean
maxAge: maxAge:
description: MaxAge indicates the number of seconds description: |-
until the cookie expires. When set to a negative MaxAge indicates the number of seconds until the cookie expires.
number, the cookie expires immediately. When set When set to a negative number, the cookie expires immediately.
to zero, the cookie never expires. When set to zero, the cookie never expires.
type: integer type: integer
name: name:
description: Name defines the Cookie name. description: Name defines the Cookie name.
type: string type: string
sameSite: sameSite:
description: 'SameSite defines the same site policy. description: |-
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string type: string
secure: secure:
description: Secure defines whether the cookie can description: Secure defines whether the cookie can
@ -323,32 +346,34 @@ spec:
type: object type: object
type: object type: object
strategy: strategy:
description: Strategy defines the load balancing strategy description: |-
between the servers. RoundRobin is the only supported value Strategy defines the load balancing strategy between the servers.
at the moment. RoundRobin is the only supported value at the moment.
type: string type: string
weight: weight:
description: Weight defines the weight and should only be description: |-
specified when Name references a TraefikService object (and Weight defines the weight and should only be specified when Name references a TraefikService object
to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
type: integer type: integer
required: required:
- name - name
type: object type: object
status: status:
description: Status defines which status or range of statuses description: |-
should result in an error page. It can be either a status code Status defines which status or range of statuses should result in an error page.
as a number (500), as multiple comma-separated numbers (500,502), It can be either a status code as a number (500),
as ranges by separating two codes with a dash (500-599), or as multiple comma-separated numbers (500,502),
a combination of the two (404,418,500-599). as ranges by separating two codes with a dash (500-599),
or a combination of the two (404,418,500-599).
items: items:
type: string type: string
type: array type: array
type: object type: object
forwardAuth: forwardAuth:
description: 'ForwardAuth holds the forward auth middleware configuration. description: |-
ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service. This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/
properties: properties:
addAuthCookiesToResponse: addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies description: AddAuthCookiesToResponse defines the list of cookies
@ -360,9 +385,9 @@ spec:
description: Address defines the authentication server address. description: Address defines the authentication server address.
type: string type: string
authRequestHeaders: authRequestHeaders:
description: AuthRequestHeaders defines the list of the headers description: |-
to copy from the request to the authentication server. If not AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
set or empty then all request headers are passed. If not set or empty then all request headers are passed.
items: items:
type: string type: string
type: array type: array
@ -374,24 +399,27 @@ spec:
type: string type: string
type: array type: array
authResponseHeadersRegex: authResponseHeadersRegex:
description: 'AuthResponseHeadersRegex defines the regex to match description: |-
headers to copy from the authentication server response and AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
set on forwarded request, after stripping all headers that match More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex
the regex. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex'
type: string type: string
tls: tls:
description: TLS defines the configuration used to secure the description: TLS defines the configuration used to secure the
connection to the authentication server. connection to the authentication server.
properties: properties:
caOptional:
description: 'Deprecated: TLS client authentication is a server
side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).'
type: boolean
caSecret: caSecret:
description: CASecret is the name of the referenced Kubernetes description: |-
Secret containing the CA to validate the server certificate. CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate.
The CA certificate is extracted from key `tls.ca` or `ca.crt`. The CA certificate is extracted from key `tls.ca` or `ca.crt`.
type: string type: string
certSecret: certSecret:
description: CertSecret is the name of the referenced Kubernetes description: |-
Secret containing the client certificate. The client certificate CertSecret is the name of the referenced Kubernetes Secret containing the client certificate.
is extracted from the keys `tls.crt` and `tls.key`. The client certificate is extracted from the keys `tls.crt` and `tls.key`.
type: string type: string
insecureSkipVerify: insecureSkipVerify:
description: InsecureSkipVerify defines whether the server description: InsecureSkipVerify defines whether the server
@ -404,20 +432,23 @@ spec:
type: boolean type: boolean
type: object type: object
grpcWeb: grpcWeb:
description: GrpcWeb holds the gRPC web middleware configuration. description: |-
GrpcWeb holds the gRPC web middleware configuration.
This middleware converts a gRPC web request to an HTTP/2 gRPC request. This middleware converts a gRPC web request to an HTTP/2 gRPC request.
properties: properties:
allowOrigins: allowOrigins:
description: AllowOrigins is a list of allowable origins. Can description: |-
also be a wildcard origin "*". AllowOrigins is a list of allowable origins.
Can also be a wildcard origin "*".
items: items:
type: string type: string
type: array type: array
type: object type: object
headers: headers:
description: 'Headers holds the headers middleware configuration. description: |-
This middleware manages the requests and responses headers. More Headers holds the headers middleware configuration.
info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders' This middleware manages the requests and responses headers.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders
properties: properties:
accessControlAllowCredentials: accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the description: AccessControlAllowCredentials defines whether the
@ -482,12 +513,14 @@ spec:
header with the nosniff value. header with the nosniff value.
type: boolean type: boolean
customBrowserXSSValue: customBrowserXSSValue:
description: CustomBrowserXSSValue defines the X-XSS-Protection description: |-
header value. This overrides the BrowserXssFilter option. CustomBrowserXSSValue defines the X-XSS-Protection header value.
This overrides the BrowserXssFilter option.
type: string type: string
customFrameOptionsValue: customFrameOptionsValue:
description: CustomFrameOptionsValue defines the X-Frame-Options description: |-
header value. This overrides the FrameDeny option. CustomFrameOptionsValue defines the X-Frame-Options header value.
This overrides the FrameDeny option.
type: string type: string
customRequestHeaders: customRequestHeaders:
additionalProperties: additionalProperties:
@ -501,6 +534,10 @@ spec:
description: CustomResponseHeaders defines the header names and description: CustomResponseHeaders defines the header names and
values to apply to the response. values to apply to the response.
type: object type: object
featurePolicy:
description: 'Deprecated: FeaturePolicy option is deprecated,
please use PermissionsPolicy instead.'
type: string
forceSTSHeader: forceSTSHeader:
description: ForceSTSHeader defines whether to add the STS header description: ForceSTSHeader defines whether to add the STS header
even when the connection is HTTP. even when the connection is HTTP.
@ -516,34 +553,49 @@ spec:
type: string type: string
type: array type: array
isDevelopment: isDevelopment:
description: IsDevelopment defines whether to mitigate the unwanted description: |-
effects of the AllowedHosts, SSL, and STS options when developing. IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing.
Usually testing takes place using HTTP, not HTTPS, and on localhost, Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain.
not your production domain. If you would like your development If you would like your development environment to mimic production with complete Host blocking, SSL redirects,
environment to mimic production with complete Host blocking, and STS headers, leave this as false.
SSL redirects, and STS headers, leave this as false.
type: boolean type: boolean
permissionsPolicy: permissionsPolicy:
description: PermissionsPolicy defines the Permissions-Policy description: |-
header value. This allows sites to control browser features. PermissionsPolicy defines the Permissions-Policy header value.
This allows sites to control browser features.
type: string type: string
publicKey: publicKey:
description: PublicKey is the public key that implements HPKP description: PublicKey is the public key that implements HPKP
to prevent MITM attacks with forged certificates. to prevent MITM attacks with forged certificates.
type: string type: string
referrerPolicy: referrerPolicy:
description: ReferrerPolicy defines the Referrer-Policy header description: |-
value. This allows sites to control whether browsers forward ReferrerPolicy defines the Referrer-Policy header value.
the Referer header to other sites. This allows sites to control whether browsers forward the Referer header to other sites.
type: string
sslForceHost:
description: 'Deprecated: SSLForceHost option is deprecated, please
use RedirectRegex instead.'
type: boolean
sslHost:
description: 'Deprecated: SSLHost option is deprecated, please
use RedirectRegex instead.'
type: string type: string
sslProxyHeaders: sslProxyHeaders:
additionalProperties: additionalProperties:
type: string type: string
description: 'SSLProxyHeaders defines the header keys with associated description: |-
values that would indicate a valid HTTPS request. It can be SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
useful when using other proxies (example: "X-Forwarded-Proto": It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
"https").'
type: object type: object
sslRedirect:
description: 'Deprecated: SSLRedirect option is deprecated, please
use EntryPoint redirection or RedirectScheme instead.'
type: boolean
sslTemporaryRedirect:
description: 'Deprecated: SSLTemporaryRedirect option is deprecated,
please use EntryPoint redirection or RedirectScheme instead.'
type: boolean
stsIncludeSubdomains: stsIncludeSubdomains:
description: STSIncludeSubdomains defines whether the includeSubDomains description: STSIncludeSubdomains defines whether the includeSubDomains
directive is appended to the Strict-Transport-Security header. directive is appended to the Strict-Transport-Security header.
@ -553,33 +605,35 @@ spec:
to the Strict-Transport-Security header. to the Strict-Transport-Security header.
type: boolean type: boolean
stsSeconds: stsSeconds:
description: STSSeconds defines the max-age of the Strict-Transport-Security description: |-
header. If set to 0, the header is not set. STSSeconds defines the max-age of the Strict-Transport-Security header.
If set to 0, the header is not set.
format: int64 format: int64
type: integer type: integer
type: object type: object
inFlightReq: inFlightReq:
description: 'InFlightReq holds the in-flight request middleware configuration. description: |-
This middleware limits the number of requests being processed and InFlightReq holds the in-flight request middleware configuration.
served concurrently. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/' This middleware limits the number of requests being processed and served concurrently.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/
properties: properties:
amount: amount:
description: Amount defines the maximum amount of allowed simultaneous description: |-
in-flight request. The middleware responds with HTTP 429 Too Amount defines the maximum amount of allowed simultaneous in-flight request.
Many Requests if there are already amount requests in progress The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
(based on the same sourceCriterion strategy).
format: int64 format: int64
type: integer type: integer
sourceCriterion: sourceCriterion:
description: 'SourceCriterion defines what criterion is used to description: |-
group requests as originating from a common source. If several SourceCriterion defines what criterion is used to group requests as originating from a common source.
strategies are defined at the same time, an error will be raised. If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost. More If none are set, the default is to use the requestHost.
info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: |-
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy' IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -605,13 +659,15 @@ spec:
type: object type: object
type: object type: object
ipAllowList: ipAllowList:
description: 'IPAllowList holds the IP allowlist middleware configuration. description: |-
IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration used description: |-
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy' IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -626,8 +682,9 @@ spec:
type: array type: array
type: object type: object
rejectStatusCode: rejectStatusCode:
description: RejectStatusCode defines the HTTP status code used description: |-
for refused requests. If not set, the default is 403 (Forbidden). RejectStatusCode defines the HTTP status code used for refused requests.
If not set, the default is 403 (Forbidden).
type: integer type: integer
sourceRange: sourceRange:
description: SourceRange defines the set of allowed IPs (or ranges description: SourceRange defines the set of allowed IPs (or ranges
@ -640,8 +697,9 @@ spec:
description: 'Deprecated: please use IPAllowList instead.' description: 'Deprecated: please use IPAllowList instead.'
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration used description: |-
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy' IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -663,9 +721,10 @@ spec:
type: array type: array
type: object type: object
passTLSClientCert: passTLSClientCert:
description: 'PassTLSClientCert holds the pass TLS client cert middleware description: |-
configuration. This middleware adds the selected data from the passed PassTLSClientCert holds the pass TLS client cert middleware configuration.
client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/' This middleware adds the selected data from the passed client TLS certificate to a header.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/
properties: properties:
info: info:
description: Info selects the specific client certificate details description: Info selects the specific client certificate details
@ -766,46 +825,48 @@ spec:
plugin: plugin:
additionalProperties: additionalProperties:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
description: 'Plugin defines the middleware plugin configuration. description: |-
More info: https://doc.traefik.io/traefik/plugins/' Plugin defines the middleware plugin configuration.
More info: https://doc.traefik.io/traefik/plugins/
type: object type: object
rateLimit: rateLimit:
description: 'RateLimit holds the rate limit configuration. This middleware description: |-
ensures that services will receive a fair amount of requests, and RateLimit holds the rate limit configuration.
allows one to define what fair is. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/' This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/
properties: properties:
average: average:
description: Average is the maximum rate, by default in requests/s, description: |-
allowed for the given source. It defaults to 0, which means Average is the maximum rate, by default in requests/s, allowed for the given source.
no rate limiting. The rate is actually defined by dividing Average It defaults to 0, which means no rate limiting.
by Period. So for a rate below 1req/s, one needs to define a The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
Period larger than a second. one needs to define a Period larger than a second.
format: int64 format: int64
type: integer type: integer
burst: burst:
description: Burst is the maximum number of requests allowed to description: |-
arrive in the same arbitrarily small period of time. It defaults Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
to 1. It defaults to 1.
format: int64 format: int64
type: integer type: integer
period: period:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: 'Period, in combination with Average, defines the description: |-
actual maximum rate, such as: r = Average / Period. It defaults Period, in combination with Average, defines the actual maximum rate, such as:
to a second.' r = Average / Period. It defaults to a second.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
sourceCriterion: sourceCriterion:
description: SourceCriterion defines what criterion is used to description: |-
group requests as originating from a common source. If several SourceCriterion defines what criterion is used to group requests as originating from a common source.
strategies are defined at the same time, an error will be raised. If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the request's remote If none are set, the default is to use the request's remote address field (as an ipStrategy).
address field (as an ipStrategy).
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: |-
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy' IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -831,9 +892,10 @@ spec:
type: object type: object
type: object type: object
redirectRegex: redirectRegex:
description: 'RedirectRegex holds the redirect regex middleware configuration. description: |-
RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement. This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@ -849,9 +911,10 @@ spec:
type: string type: string
type: object type: object
redirectScheme: redirectScheme:
description: 'RedirectScheme holds the redirect scheme middleware description: |-
configuration. This middleware redirects requests from a scheme/port RedirectScheme holds the redirect scheme middleware configuration.
to another. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/' This middleware redirects requests from a scheme/port to another.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@ -865,9 +928,10 @@ spec:
type: string type: string
type: object type: object
replacePath: replacePath:
description: 'ReplacePath holds the replace path middleware configuration. description: |-
This middleware replaces the path of the request URL and store the ReplacePath holds the replace path middleware configuration.
original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/' This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/
properties: properties:
path: path:
description: Path defines the path to use as replacement in the description: Path defines the path to use as replacement in the
@ -875,9 +939,10 @@ spec:
type: string type: string
type: object type: object
replacePathRegex: replacePathRegex:
description: 'ReplacePathRegex holds the replace path regex middleware description: |-
configuration. This middleware replaces the path of a URL using ReplacePathRegex holds the replace path regex middleware configuration.
regex matching and replacement. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/' This middleware replaces the path of a URL using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/
properties: properties:
regex: regex:
description: Regex defines the regular expression used to match description: Regex defines the regular expression used to match
@ -889,11 +954,11 @@ spec:
type: string type: string
type: object type: object
retry: retry:
description: 'Retry holds the retry middleware configuration. This description: |-
middleware reissues requests a given number of times to a backend Retry holds the retry middleware configuration.
server if that server does not reply. As soon as the server answers, This middleware reissues requests a given number of times to a backend server if that server does not reply.
the middleware stops retrying, regardless of the response status. As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/
properties: properties:
attempts: attempts:
description: Attempts defines how many times the request should description: Attempts defines how many times the request should
@ -903,18 +968,26 @@ spec:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: InitialInterval defines the first wait time in the description: |-
exponential backoff series. The maximum interval is calculated InitialInterval defines the first wait time in the exponential backoff series.
as twice the initialInterval. If unspecified, requests will The maximum interval is calculated as twice the initialInterval.
be retried immediately. The value of initialInterval should If unspecified, requests will be retried immediately.
be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. The value of initialInterval should be provided in seconds or as a valid duration format,
see https://pkg.go.dev/time#ParseDuration.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
type: object type: object
stripPrefix: stripPrefix:
description: 'StripPrefix holds the strip prefix middleware configuration. description: |-
StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path. This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/
properties: properties:
forceSlash:
description: |-
Deprecated: ForceSlash option is deprecated, please remove any usage of this option.
ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
Default: true.
type: boolean
prefixes: prefixes:
description: Prefixes defines the prefixes to strip from the request description: Prefixes defines the prefixes to strip from the request
URL. URL.
@ -923,9 +996,10 @@ spec:
type: array type: array
type: object type: object
stripPrefixRegex: stripPrefixRegex:
description: 'StripPrefixRegex holds the strip prefix regex middleware description: |-
configuration. This middleware removes the matching prefixes from StripPrefixRegex holds the strip prefix regex middleware configuration.
the URL path. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/' This middleware removes the matching prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/
properties: properties:
regex: regex:
description: Regex defines the regular expression to match the description: Regex defines the regular expression to match the

View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: middlewaretcps.traefik.io name: middlewaretcps.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -17,18 +17,24 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. description: |-
More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/' MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -39,14 +45,17 @@ spec:
description: InFlightConn defines the InFlightConn middleware configuration. description: InFlightConn defines the InFlightConn middleware configuration.
properties: properties:
amount: amount:
description: Amount defines the maximum amount of allowed simultaneous description: |-
connections. The middleware closes the connection if there are Amount defines the maximum amount of allowed simultaneous connections.
already amount connections opened. The middleware closes the connection if there are already amount connections opened.
format: int64 format: int64
type: integer type: integer
type: object type: object
ipAllowList: ipAllowList:
description: IPAllowList defines the IPAllowList middleware configuration. description: |-
IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of
@ -56,8 +65,11 @@ spec:
type: array type: array
type: object type: object
ipWhiteList: ipWhiteList:
description: 'IPWhiteList defines the IPWhiteList middleware configuration. description: |-
Deprecated: please use IPAllowList instead.' IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of

View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: serverstransports.traefik.io name: serverstransports.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -17,20 +17,26 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'ServersTransport is the CRD implementation of a ServersTransport. description: |-
ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used. If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration. The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1' More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object

View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: serverstransporttcps.traefik.io name: serverstransporttcps.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -17,20 +17,26 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'ServersTransportTCP is the CRD implementation of a TCPServersTransport. description: |-
If no tcpServersTransport is specified, a default one named default@internal ServersTransportTCP is the CRD implementation of a TCPServersTransport.
will be used. The default@internal tcpServersTransport can be configured If no tcpServersTransport is specified, a default one named default@internal will be used.
in the static configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3' The default@internal tcpServersTransport can be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -76,9 +82,9 @@ spec:
description: InsecureSkipVerify disables TLS certificate verification. description: InsecureSkipVerify disables TLS certificate verification.
type: boolean type: boolean
peerCertURI: peerCertURI:
description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) description: |-
to keep per-host. PeerCertURI defines the peer cert URI used MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host.
to match against SAN URI during the peer certificate verification. PeerCertURI defines the peer cert URI used to match against SAN URI during the peer certificate verification.
type: string type: string
rootCAsSecrets: rootCAsSecrets:
description: RootCAsSecrets defines a list of CA secret used to description: RootCAsSecrets defines a list of CA secret used to

View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: tlsoptions.traefik.io name: tlsoptions.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -17,19 +17,24 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'TLSOption is the CRD implementation of a Traefik TLS Option, description: |-
allowing to configure some parameters of the TLS connection. More info: TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options' More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -37,15 +42,16 @@ spec:
description: TLSOptionSpec defines the desired state of a TLSOption. description: TLSOptionSpec defines the desired state of a TLSOption.
properties: properties:
alpnProtocols: alpnProtocols:
description: 'ALPNProtocols defines the list of supported application description: |-
level protocols for the TLS handshake, in order of preference. More ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols' More info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols
items: items:
type: string type: string
type: array type: array
cipherSuites: cipherSuites:
description: 'CipherSuites defines the list of supported cipher suites description: |-
for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites' CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites
items: items:
type: string type: string
type: array type: array
@ -71,21 +77,30 @@ spec:
type: array type: array
type: object type: object
curvePreferences: curvePreferences:
description: 'CurvePreferences defines the preferred elliptic curves description: |-
in a specific order. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences' CurvePreferences defines the preferred elliptic curves in a specific order.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences
items: items:
type: string type: string
type: array type: array
maxVersion: maxVersion:
description: 'MaxVersion defines the maximum TLS version that Traefik description: |-
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, MaxVersion defines the maximum TLS version that Traefik will accept.
VersionTLS13. Default: None.' Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
Default: None.
type: string type: string
minVersion: minVersion:
description: 'MinVersion defines the minimum TLS version that Traefik description: |-
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, MinVersion defines the minimum TLS version that Traefik will accept.
VersionTLS13. Default: VersionTLS10.' Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
Default: VersionTLS10.
type: string type: string
preferServerCipherSuites:
description: |-
PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
It is enabled automatically when minVersion or maxVersion is set.
Deprecated: https://github.com/golang/go/issues/45430
type: boolean
sniStrict: sniStrict:
description: SniStrict defines whether Traefik allows connections description: SniStrict defines whether Traefik allows connections
from clients connections that do not specify a server_name extension. from clients connections that do not specify a server_name extension.

View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: tlsstores.traefik.io name: tlsstores.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -17,20 +17,26 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For description: |-
the time being, only the TLSStore named default is supported. This means TLSStore is the CRD implementation of a Traefik TLS Store.
that you cannot have two stores that are named default in different Kubernetes For the time being, only the TLSStore named default is supported.
namespaces. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores' This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object

View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: traefikservices.traefik.io name: traefikservices.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -17,19 +17,27 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'TraefikService is the CRD implementation of a Traefik Service. description: |-
TraefikService object allows to: - Apply weight to Services on load-balancing TraefikService is the CRD implementation of a Traefik Service.
- Mirror traffic on services More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice' TraefikService object allows to:
- Apply weight to Services on load-balancing
- Mirror traffic on services
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -46,10 +54,10 @@ spec:
- TraefikService - TraefikService
type: string type: string
maxBodySize: maxBodySize:
description: MaxBodySize defines the maximum size allowed for description: |-
the body of the request. If the body is larger, the request MaxBodySize defines the maximum size allowed for the body of the request.
is not mirrored. Default value is -1, which means unlimited If the body is larger, the request is not mirrored.
size. Default value is -1, which means unlimited size.
format: int64 format: int64
type: integer type: integer
mirrors: mirrors:
@ -65,35 +73,37 @@ spec:
- TraefikService - TraefikService
type: string type: string
name: name:
description: Name defines the name of the referenced Kubernetes description: |-
Service or TraefikService. The differentiation between Name defines the name of the referenced Kubernetes Service or TraefikService.
the two is specified in the Kind field. The differentiation between the two is specified in the Kind field.
type: string type: string
namespace: namespace:
description: Namespace defines the namespace of the referenced description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService. Kubernetes Service or TraefikService.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs or NativeLB controls, when creating the load-balancer,
if the only child is the Kubernetes Service clusterIP. whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the The Kubernetes Service itself does load-balance to the pods.
pods. By default, NativeLB is false. By default, NativeLB is false.
type: boolean type: boolean
passHostHeader: passHostHeader:
description: PassHostHeader defines whether the client Host description: |-
header is forwarded to the upstream Kubernetes Service. PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true. By default, passHostHeader is true.
type: boolean type: boolean
percent: percent:
description: 'Percent defines the part of the traffic to description: |-
mirror. Supported values: 0 to 100.' Percent defines the part of the traffic to mirror.
Supported values: 0 to 100.
type: integer type: integer
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port. This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseForwarding: responseForwarding:
@ -102,30 +112,29 @@ spec:
client. client.
properties: properties:
flushInterval: flushInterval:
description: 'FlushInterval defines the interval, in description: |-
milliseconds, in between flushes to the client while FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
copying the response body. A negative value means A negative value means to flush immediately after each write to the client.
to flush immediately after each write to the client. This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
This configuration is ignored when ReverseProxy recognizes for such responses, writes are flushed to the client immediately.
a response as a streaming response; for such responses, Default: 100ms
writes are flushed to the client immediately. Default:
100ms'
type: string type: string
type: object type: object
scheme: scheme:
description: Scheme defines the scheme to use for the request description: |-
to the upstream Kubernetes Service. It defaults to https Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
when Kubernetes Service port is 443, http otherwise. It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string type: string
serversTransport: serversTransport:
description: ServersTransport defines the name of ServersTransport description: |-
resource to use. It allows to configure the transport ServersTransport defines the name of ServersTransport resource to use.
between Traefik and your servers. Can only be used on It allows to configure the transport between Traefik and your servers.
a Kubernetes Service. Can only be used on a Kubernetes Service.
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: |-
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -135,17 +144,18 @@ spec:
can be accessed by client-side APIs, such as JavaScript. can be accessed by client-side APIs, such as JavaScript.
type: boolean type: boolean
maxAge: maxAge:
description: MaxAge indicates the number of seconds description: |-
until the cookie expires. When set to a negative MaxAge indicates the number of seconds until the cookie expires.
number, the cookie expires immediately. When set When set to a negative number, the cookie expires immediately.
to zero, the cookie never expires. When set to zero, the cookie never expires.
type: integer type: integer
name: name:
description: Name defines the Cookie name. description: Name defines the Cookie name.
type: string type: string
sameSite: sameSite:
description: 'SameSite defines the same site policy. description: |-
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string type: string
secure: secure:
description: Secure defines whether the cookie can description: Secure defines whether the cookie can
@ -155,13 +165,13 @@ spec:
type: object type: object
type: object type: object
strategy: strategy:
description: Strategy defines the load balancing strategy description: |-
between the servers. RoundRobin is the only supported Strategy defines the load balancing strategy between the servers.
value at the moment. RoundRobin is the only supported value at the moment.
type: string type: string
weight: weight:
description: Weight defines the weight and should only be description: |-
specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
type: integer type: integer
required: required:
@ -169,60 +179,62 @@ spec:
type: object type: object
type: array type: array
name: name:
description: Name defines the name of the referenced Kubernetes description: |-
Service or TraefikService. The differentiation between the two Name defines the name of the referenced Kubernetes Service or TraefikService.
is specified in the Kind field. The differentiation between the two is specified in the Kind field.
type: string type: string
namespace: namespace:
description: Namespace defines the namespace of the referenced description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService. Kubernetes Service or TraefikService.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs or if the NativeLB controls, when creating the load-balancer,
only child is the Kubernetes Service clusterIP. The Kubernetes whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
Service itself does load-balance to the pods. By default, NativeLB The Kubernetes Service itself does load-balance to the pods.
is false. By default, NativeLB is false.
type: boolean type: boolean
passHostHeader: passHostHeader:
description: PassHostHeader defines whether the client Host header description: |-
is forwarded to the upstream Kubernetes Service. By default, PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
passHostHeader is true. By default, passHostHeader is true.
type: boolean type: boolean
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. This description: |-
can be a reference to a named port. Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseForwarding: responseForwarding:
description: ResponseForwarding defines how Traefik forwards the description: ResponseForwarding defines how Traefik forwards the
response from the upstream Kubernetes Service to the client. response from the upstream Kubernetes Service to the client.
properties: properties:
flushInterval: flushInterval:
description: 'FlushInterval defines the interval, in milliseconds, description: |-
in between flushes to the client while copying the response FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
body. A negative value means to flush immediately after A negative value means to flush immediately after each write to the client.
each write to the client. This configuration is ignored This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
when ReverseProxy recognizes a response as a streaming response;
for such responses, writes are flushed to the client immediately. for such responses, writes are flushed to the client immediately.
Default: 100ms' Default: 100ms
type: string type: string
type: object type: object
scheme: scheme:
description: Scheme defines the scheme to use for the request description: |-
to the upstream Kubernetes Service. It defaults to https when Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
Kubernetes Service port is 443, http otherwise. It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string type: string
serversTransport: serversTransport:
description: ServersTransport defines the name of ServersTransport description: |-
resource to use. It allows to configure the transport between ServersTransport defines the name of ServersTransport resource to use.
Traefik and your servers. Can only be used on a Kubernetes Service. It allows to configure the transport between Traefik and your servers.
Can only be used on a Kubernetes Service.
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: |-
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -232,17 +244,18 @@ spec:
accessed by client-side APIs, such as JavaScript. accessed by client-side APIs, such as JavaScript.
type: boolean type: boolean
maxAge: maxAge:
description: MaxAge indicates the number of seconds until description: |-
the cookie expires. When set to a negative number, the MaxAge indicates the number of seconds until the cookie expires.
cookie expires immediately. When set to zero, the cookie When set to a negative number, the cookie expires immediately.
never expires. When set to zero, the cookie never expires.
type: integer type: integer
name: name:
description: Name defines the Cookie name. description: Name defines the Cookie name.
type: string type: string
sameSite: sameSite:
description: 'SameSite defines the same site policy. More description: |-
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string type: string
secure: secure:
description: Secure defines whether the cookie can only description: Secure defines whether the cookie can only
@ -251,13 +264,14 @@ spec:
type: object type: object
type: object type: object
strategy: strategy:
description: Strategy defines the load balancing strategy between description: |-
the servers. RoundRobin is the only supported value at the moment. Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
type: string type: string
weight: weight:
description: Weight defines the weight and should only be specified description: |-
when Name references a TraefikService object (and to be precise, Weight defines the weight and should only be specified when Name references a TraefikService object
one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
type: integer type: integer
required: required:
- name - name
@ -279,31 +293,32 @@ spec:
- TraefikService - TraefikService
type: string type: string
name: name:
description: Name defines the name of the referenced Kubernetes description: |-
Service or TraefikService. The differentiation between Name defines the name of the referenced Kubernetes Service or TraefikService.
the two is specified in the Kind field. The differentiation between the two is specified in the Kind field.
type: string type: string
namespace: namespace:
description: Namespace defines the namespace of the referenced description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService. Kubernetes Service or TraefikService.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs or NativeLB controls, when creating the load-balancer,
if the only child is the Kubernetes Service clusterIP. whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the The Kubernetes Service itself does load-balance to the pods.
pods. By default, NativeLB is false. By default, NativeLB is false.
type: boolean type: boolean
passHostHeader: passHostHeader:
description: PassHostHeader defines whether the client Host description: |-
header is forwarded to the upstream Kubernetes Service. PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true. By default, passHostHeader is true.
type: boolean type: boolean
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port. This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseForwarding: responseForwarding:
@ -312,30 +327,29 @@ spec:
client. client.
properties: properties:
flushInterval: flushInterval:
description: 'FlushInterval defines the interval, in description: |-
milliseconds, in between flushes to the client while FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
copying the response body. A negative value means A negative value means to flush immediately after each write to the client.
to flush immediately after each write to the client. This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
This configuration is ignored when ReverseProxy recognizes for such responses, writes are flushed to the client immediately.
a response as a streaming response; for such responses, Default: 100ms
writes are flushed to the client immediately. Default:
100ms'
type: string type: string
type: object type: object
scheme: scheme:
description: Scheme defines the scheme to use for the request description: |-
to the upstream Kubernetes Service. It defaults to https Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
when Kubernetes Service port is 443, http otherwise. It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string type: string
serversTransport: serversTransport:
description: ServersTransport defines the name of ServersTransport description: |-
resource to use. It allows to configure the transport ServersTransport defines the name of ServersTransport resource to use.
between Traefik and your servers. Can only be used on It allows to configure the transport between Traefik and your servers.
a Kubernetes Service. Can only be used on a Kubernetes Service.
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: |-
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -345,17 +359,18 @@ spec:
can be accessed by client-side APIs, such as JavaScript. can be accessed by client-side APIs, such as JavaScript.
type: boolean type: boolean
maxAge: maxAge:
description: MaxAge indicates the number of seconds description: |-
until the cookie expires. When set to a negative MaxAge indicates the number of seconds until the cookie expires.
number, the cookie expires immediately. When set When set to a negative number, the cookie expires immediately.
to zero, the cookie never expires. When set to zero, the cookie never expires.
type: integer type: integer
name: name:
description: Name defines the Cookie name. description: Name defines the Cookie name.
type: string type: string
sameSite: sameSite:
description: 'SameSite defines the same site policy. description: |-
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string type: string
secure: secure:
description: Secure defines whether the cookie can description: Secure defines whether the cookie can
@ -365,13 +380,13 @@ spec:
type: object type: object
type: object type: object
strategy: strategy:
description: Strategy defines the load balancing strategy description: |-
between the servers. RoundRobin is the only supported Strategy defines the load balancing strategy between the servers.
value at the moment. RoundRobin is the only supported value at the moment.
type: string type: string
weight: weight:
description: Weight defines the weight and should only be description: |-
specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
type: integer type: integer
required: required:
@ -379,8 +394,9 @@ spec:
type: object type: object
type: array type: array
sticky: sticky:
description: 'Sticky defines whether sticky sessions are enabled. description: |-
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -390,17 +406,18 @@ spec:
accessed by client-side APIs, such as JavaScript. accessed by client-side APIs, such as JavaScript.
type: boolean type: boolean
maxAge: maxAge:
description: MaxAge indicates the number of seconds until description: |-
the cookie expires. When set to a negative number, the MaxAge indicates the number of seconds until the cookie expires.
cookie expires immediately. When set to zero, the cookie When set to a negative number, the cookie expires immediately.
never expires. When set to zero, the cookie never expires.
type: integer type: integer
name: name:
description: Name defines the Cookie name. description: Name defines the Cookie name.
type: string type: string
sameSite: sameSite:
description: 'SameSite defines the same site policy. More description: |-
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string type: string
secure: secure:
description: Secure defines whether the cookie can only description: Secure defines whether the cookie can only

View file

@ -6,6 +6,9 @@ THIS FILE MUST NOT BE EDITED BY HAND
`--accesslog`: `--accesslog`:
Access log settings. (Default: ```false```) Access log settings. (Default: ```false```)
`--accesslog.addinternals`:
Enables access log for internal services (ping, dashboard, etc...). (Default: ```false```)
`--accesslog.bufferingsize`: `--accesslog.bufferingsize`:
Number of access log lines to process in a buffered way. (Default: ```0```) Number of access log lines to process in a buffered way. (Default: ```0```)
@ -105,6 +108,9 @@ Activate TLS-ALPN-01 Challenge. (Default: ```true```)
`--certificatesresolvers.<name>.tailscale`: `--certificatesresolvers.<name>.tailscale`:
Enables Tailscale certificate resolution. (Default: ```true```) Enables Tailscale certificate resolution. (Default: ```true```)
`--core.defaultrulesyntax`:
Defines the rule parser default syntax (v2 or v3) (Default: ```v3```)
`--entrypoints.<name>`: `--entrypoints.<name>`:
Entry points definition. (Default: ```false```) Entry points definition. (Default: ```false```)
@ -177,6 +183,9 @@ Trust all. (Default: ```false```)
`--entrypoints.<name>.proxyprotocol.trustedips`: `--entrypoints.<name>.proxyprotocol.trustedips`:
Trust only selected IPs. Trust only selected IPs.
`--entrypoints.<name>.reuseport`:
Enables EntryPoints from the same or different processes listening on the same TCP/UDP port. (Default: ```false```)
`--entrypoints.<name>.transport.keepalivemaxrequests`: `--entrypoints.<name>.transport.keepalivemaxrequests`:
Maximum number of requests before closing a keep-alive connection. (Default: ```0```) Maximum number of requests before closing a keep-alive connection. (Default: ```0```)
@ -261,6 +270,9 @@ Maximum size in megabytes of the log file before it gets rotated. (Default: ```0
`--log.nocolor`: `--log.nocolor`:
When using the 'common' format, disables the colorized output. (Default: ```false```) When using the 'common' format, disables the colorized output. (Default: ```false```)
`--metrics.addinternals`:
Enables metrics for internal services (ping, dashboard, etc...). (Default: ```false```)
`--metrics.datadog`: `--metrics.datadog`:
Datadog metrics exporter type. (Default: ```false```) Datadog metrics exporter type. (Default: ```false```)
@ -312,51 +324,63 @@ InfluxDB v2 push interval. (Default: ```10```)
`--metrics.influxdb2.token`: `--metrics.influxdb2.token`:
InfluxDB v2 access token. InfluxDB v2 access token.
`--metrics.opentelemetry`: `--metrics.otlp`:
OpenTelemetry metrics exporter type. (Default: ```false```) OpenTelemetry metrics exporter type. (Default: ```false```)
`--metrics.opentelemetry.addentrypointslabels`: `--metrics.otlp.addentrypointslabels`:
Enable metrics on entry points. (Default: ```true```) Enable metrics on entry points. (Default: ```true```)
`--metrics.opentelemetry.address`: `--metrics.otlp.addrouterslabels`:
Address (host:port) of the collector endpoint. (Default: ```localhost:4318```)
`--metrics.opentelemetry.addrouterslabels`:
Enable metrics on routers. (Default: ```false```) Enable metrics on routers. (Default: ```false```)
`--metrics.opentelemetry.addserviceslabels`: `--metrics.otlp.addserviceslabels`:
Enable metrics on services. (Default: ```true```) Enable metrics on services. (Default: ```true```)
`--metrics.opentelemetry.explicitboundaries`: `--metrics.otlp.explicitboundaries`:
Boundaries for latency metrics. (Default: ```0.005000, 0.010000, 0.025000, 0.050000, 0.100000, 0.250000, 0.500000, 1.000000, 2.500000, 5.000000, 10.000000```) Boundaries for latency metrics. (Default: ```0.005000, 0.010000, 0.025000, 0.050000, 0.100000, 0.250000, 0.500000, 1.000000, 2.500000, 5.000000, 10.000000```)
`--metrics.opentelemetry.grpc`: `--metrics.otlp.grpc.endpoint`:
gRPC specific configuration for the OpenTelemetry collector. (Default: ```true```) Sets the gRPC endpoint (host:port) of the collector. (Default: ```localhost:4317```)
`--metrics.opentelemetry.headers.<name>`: `--metrics.otlp.grpc.headers.<name>`:
Headers sent with payload. Headers sent with payload.
`--metrics.opentelemetry.insecure`: `--metrics.otlp.grpc.insecure`:
Disables client transport security for the exporter. (Default: ```false```) Disables client transport security for the exporter. (Default: ```false```)
`--metrics.opentelemetry.path`: `--metrics.otlp.grpc.tls.ca`:
Set the URL path of the collector endpoint.
`--metrics.opentelemetry.pushinterval`:
Period between calls to collect a checkpoint. (Default: ```10```)
`--metrics.opentelemetry.tls.ca`:
TLS CA TLS CA
`--metrics.opentelemetry.tls.cert`: `--metrics.otlp.grpc.tls.cert`:
TLS cert TLS cert
`--metrics.opentelemetry.tls.insecureskipverify`: `--metrics.otlp.grpc.tls.insecureskipverify`:
TLS insecure skip verify (Default: ```false```) TLS insecure skip verify (Default: ```false```)
`--metrics.opentelemetry.tls.key`: `--metrics.otlp.grpc.tls.key`:
TLS key TLS key
`--metrics.otlp.http.endpoint`:
Sets the HTTP endpoint (scheme://host:port/path) of the collector. (Default: ```https://localhost:4318```)
`--metrics.otlp.http.headers.<name>`:
Headers sent with payload.
`--metrics.otlp.http.tls.ca`:
TLS CA
`--metrics.otlp.http.tls.cert`:
TLS cert
`--metrics.otlp.http.tls.insecureskipverify`:
TLS insecure skip verify (Default: ```false```)
`--metrics.otlp.http.tls.key`:
TLS key
`--metrics.otlp.pushinterval`:
Period between calls to collect a checkpoint. (Default: ```10```)
`--metrics.prometheus`: `--metrics.prometheus`:
Prometheus metrics exporter type. (Default: ```false```) Prometheus metrics exporter type. (Default: ```false```)
@ -987,18 +1011,21 @@ Defines the allowed SPIFFE trust domain.
`--tracing`: `--tracing`:
OpenTracing configuration. (Default: ```false```) OpenTracing configuration. (Default: ```false```)
`--tracing.addinternals`:
Enables tracing for internal services (ping, dashboard, etc...). (Default: ```false```)
`--tracing.globalattributes.<name>`: `--tracing.globalattributes.<name>`:
Defines additional attributes (key:value) on all spans. Defines additional attributes (key:value) on all spans.
`--tracing.headers.<name>`:
Defines additional headers to be sent with the payloads.
`--tracing.otlp`: `--tracing.otlp`:
Settings for OpenTelemetry. (Default: ```false```) Settings for OpenTelemetry. (Default: ```false```)
`--tracing.otlp.grpc.endpoint`: `--tracing.otlp.grpc.endpoint`:
Sets the gRPC endpoint (host:port) of the collector. (Default: ```localhost:4317```) Sets the gRPC endpoint (host:port) of the collector. (Default: ```localhost:4317```)
`--tracing.otlp.grpc.headers.<name>`:
Headers sent with payload.
`--tracing.otlp.grpc.insecure`: `--tracing.otlp.grpc.insecure`:
Disables client transport security for the exporter. (Default: ```false```) Disables client transport security for the exporter. (Default: ```false```)
@ -1015,7 +1042,10 @@ TLS insecure skip verify (Default: ```false```)
TLS key TLS key
`--tracing.otlp.http.endpoint`: `--tracing.otlp.http.endpoint`:
Sets the HTTP endpoint (scheme://host:port/v1/traces) of the collector. (Default: ```localhost:4318```) Sets the HTTP endpoint (scheme://host:port/path) of the collector. (Default: ```https://localhost:4318```)
`--tracing.otlp.http.headers.<name>`:
Headers sent with payload.
`--tracing.otlp.http.tls.ca`: `--tracing.otlp.http.tls.ca`:
TLS CA TLS CA

View file

@ -6,6 +6,9 @@ THIS FILE MUST NOT BE EDITED BY HAND
`TRAEFIK_ACCESSLOG`: `TRAEFIK_ACCESSLOG`:
Access log settings. (Default: ```false```) Access log settings. (Default: ```false```)
`TRAEFIK_ACCESSLOG_ADDINTERNALS`:
Enables access log for internal services (ping, dashboard, etc...). (Default: ```false```)
`TRAEFIK_ACCESSLOG_BUFFERINGSIZE`: `TRAEFIK_ACCESSLOG_BUFFERINGSIZE`:
Number of access log lines to process in a buffered way. (Default: ```0```) Number of access log lines to process in a buffered way. (Default: ```0```)
@ -105,6 +108,9 @@ Activate TLS-ALPN-01 Challenge. (Default: ```true```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_TAILSCALE`: `TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_TAILSCALE`:
Enables Tailscale certificate resolution. (Default: ```true```) Enables Tailscale certificate resolution. (Default: ```true```)
`TRAEFIK_CORE_DEFAULTRULESYNTAX`:
Defines the rule parser default syntax (v2 or v3) (Default: ```v3```)
`TRAEFIK_ENTRYPOINTS_<NAME>`: `TRAEFIK_ENTRYPOINTS_<NAME>`:
Entry points definition. (Default: ```false```) Entry points definition. (Default: ```false```)
@ -177,6 +183,9 @@ Trust all. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_PROXYPROTOCOL_TRUSTEDIPS`: `TRAEFIK_ENTRYPOINTS_<NAME>_PROXYPROTOCOL_TRUSTEDIPS`:
Trust only selected IPs. Trust only selected IPs.
`TRAEFIK_ENTRYPOINTS_<NAME>_REUSEPORT`:
Enables EntryPoints from the same or different processes listening on the same TCP/UDP port. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_KEEPALIVEMAXREQUESTS`: `TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_KEEPALIVEMAXREQUESTS`:
Maximum number of requests before closing a keep-alive connection. (Default: ```0```) Maximum number of requests before closing a keep-alive connection. (Default: ```0```)
@ -261,6 +270,9 @@ Maximum size in megabytes of the log file before it gets rotated. (Default: ```0
`TRAEFIK_LOG_NOCOLOR`: `TRAEFIK_LOG_NOCOLOR`:
When using the 'common' format, disables the colorized output. (Default: ```false```) When using the 'common' format, disables the colorized output. (Default: ```false```)
`TRAEFIK_METRICS_ADDINTERNALS`:
Enables metrics for internal services (ping, dashboard, etc...). (Default: ```false```)
`TRAEFIK_METRICS_DATADOG`: `TRAEFIK_METRICS_DATADOG`:
Datadog metrics exporter type. (Default: ```false```) Datadog metrics exporter type. (Default: ```false```)
@ -312,51 +324,63 @@ InfluxDB v2 push interval. (Default: ```10```)
`TRAEFIK_METRICS_INFLUXDB2_TOKEN`: `TRAEFIK_METRICS_INFLUXDB2_TOKEN`:
InfluxDB v2 access token. InfluxDB v2 access token.
`TRAEFIK_METRICS_OPENTELEMETRY`: `TRAEFIK_METRICS_OTLP`:
OpenTelemetry metrics exporter type. (Default: ```false```) OpenTelemetry metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_OPENTELEMETRY_ADDENTRYPOINTSLABELS`: `TRAEFIK_METRICS_OTLP_ADDENTRYPOINTSLABELS`:
Enable metrics on entry points. (Default: ```true```) Enable metrics on entry points. (Default: ```true```)
`TRAEFIK_METRICS_OPENTELEMETRY_ADDRESS`: `TRAEFIK_METRICS_OTLP_ADDROUTERSLABELS`:
Address (host:port) of the collector endpoint. (Default: ```localhost:4318```)
`TRAEFIK_METRICS_OPENTELEMETRY_ADDROUTERSLABELS`:
Enable metrics on routers. (Default: ```false```) Enable metrics on routers. (Default: ```false```)
`TRAEFIK_METRICS_OPENTELEMETRY_ADDSERVICESLABELS`: `TRAEFIK_METRICS_OTLP_ADDSERVICESLABELS`:
Enable metrics on services. (Default: ```true```) Enable metrics on services. (Default: ```true```)
`TRAEFIK_METRICS_OPENTELEMETRY_EXPLICITBOUNDARIES`: `TRAEFIK_METRICS_OTLP_EXPLICITBOUNDARIES`:
Boundaries for latency metrics. (Default: ```0.005000, 0.010000, 0.025000, 0.050000, 0.100000, 0.250000, 0.500000, 1.000000, 2.500000, 5.000000, 10.000000```) Boundaries for latency metrics. (Default: ```0.005000, 0.010000, 0.025000, 0.050000, 0.100000, 0.250000, 0.500000, 1.000000, 2.500000, 5.000000, 10.000000```)
`TRAEFIK_METRICS_OPENTELEMETRY_GRPC`: `TRAEFIK_METRICS_OTLP_GRPC_ENDPOINT`:
gRPC specific configuration for the OpenTelemetry collector. (Default: ```true```) Sets the gRPC endpoint (host:port) of the collector. (Default: ```localhost:4317```)
`TRAEFIK_METRICS_OPENTELEMETRY_HEADERS_<NAME>`: `TRAEFIK_METRICS_OTLP_GRPC_HEADERS_<NAME>`:
Headers sent with payload. Headers sent with payload.
`TRAEFIK_METRICS_OPENTELEMETRY_INSECURE`: `TRAEFIK_METRICS_OTLP_GRPC_INSECURE`:
Disables client transport security for the exporter. (Default: ```false```) Disables client transport security for the exporter. (Default: ```false```)
`TRAEFIK_METRICS_OPENTELEMETRY_PATH`: `TRAEFIK_METRICS_OTLP_GRPC_TLS_CA`:
Set the URL path of the collector endpoint.
`TRAEFIK_METRICS_OPENTELEMETRY_PUSHINTERVAL`:
Period between calls to collect a checkpoint. (Default: ```10```)
`TRAEFIK_METRICS_OPENTELEMETRY_TLS_CA`:
TLS CA TLS CA
`TRAEFIK_METRICS_OPENTELEMETRY_TLS_CERT`: `TRAEFIK_METRICS_OTLP_GRPC_TLS_CERT`:
TLS cert TLS cert
`TRAEFIK_METRICS_OPENTELEMETRY_TLS_INSECURESKIPVERIFY`: `TRAEFIK_METRICS_OTLP_GRPC_TLS_INSECURESKIPVERIFY`:
TLS insecure skip verify (Default: ```false```) TLS insecure skip verify (Default: ```false```)
`TRAEFIK_METRICS_OPENTELEMETRY_TLS_KEY`: `TRAEFIK_METRICS_OTLP_GRPC_TLS_KEY`:
TLS key TLS key
`TRAEFIK_METRICS_OTLP_HTTP_ENDPOINT`:
Sets the HTTP endpoint (scheme://host:port/path) of the collector. (Default: ```https://localhost:4318```)
`TRAEFIK_METRICS_OTLP_HTTP_HEADERS_<NAME>`:
Headers sent with payload.
`TRAEFIK_METRICS_OTLP_HTTP_TLS_CA`:
TLS CA
`TRAEFIK_METRICS_OTLP_HTTP_TLS_CERT`:
TLS cert
`TRAEFIK_METRICS_OTLP_HTTP_TLS_INSECURESKIPVERIFY`:
TLS insecure skip verify (Default: ```false```)
`TRAEFIK_METRICS_OTLP_HTTP_TLS_KEY`:
TLS key
`TRAEFIK_METRICS_OTLP_PUSHINTERVAL`:
Period between calls to collect a checkpoint. (Default: ```10```)
`TRAEFIK_METRICS_PROMETHEUS`: `TRAEFIK_METRICS_PROMETHEUS`:
Prometheus metrics exporter type. (Default: ```false```) Prometheus metrics exporter type. (Default: ```false```)
@ -987,18 +1011,21 @@ Defines the allowed SPIFFE trust domain.
`TRAEFIK_TRACING`: `TRAEFIK_TRACING`:
OpenTracing configuration. (Default: ```false```) OpenTracing configuration. (Default: ```false```)
`TRAEFIK_TRACING_ADDINTERNALS`:
Enables tracing for internal services (ping, dashboard, etc...). (Default: ```false```)
`TRAEFIK_TRACING_GLOBALATTRIBUTES_<NAME>`: `TRAEFIK_TRACING_GLOBALATTRIBUTES_<NAME>`:
Defines additional attributes (key:value) on all spans. Defines additional attributes (key:value) on all spans.
`TRAEFIK_TRACING_HEADERS_<NAME>`:
Defines additional headers to be sent with the payloads.
`TRAEFIK_TRACING_OTLP`: `TRAEFIK_TRACING_OTLP`:
Settings for OpenTelemetry. (Default: ```false```) Settings for OpenTelemetry. (Default: ```false```)
`TRAEFIK_TRACING_OTLP_GRPC_ENDPOINT`: `TRAEFIK_TRACING_OTLP_GRPC_ENDPOINT`:
Sets the gRPC endpoint (host:port) of the collector. (Default: ```localhost:4317```) Sets the gRPC endpoint (host:port) of the collector. (Default: ```localhost:4317```)
`TRAEFIK_TRACING_OTLP_GRPC_HEADERS_<NAME>`:
Headers sent with payload.
`TRAEFIK_TRACING_OTLP_GRPC_INSECURE`: `TRAEFIK_TRACING_OTLP_GRPC_INSECURE`:
Disables client transport security for the exporter. (Default: ```false```) Disables client transport security for the exporter. (Default: ```false```)
@ -1015,7 +1042,10 @@ TLS insecure skip verify (Default: ```false```)
TLS key TLS key
`TRAEFIK_TRACING_OTLP_HTTP_ENDPOINT`: `TRAEFIK_TRACING_OTLP_HTTP_ENDPOINT`:
Sets the HTTP endpoint (scheme://host:port/v1/traces) of the collector. (Default: ```localhost:4318```) Sets the HTTP endpoint (scheme://host:port/path) of the collector. (Default: ```https://localhost:4318```)
`TRAEFIK_TRACING_OTLP_HTTP_HEADERS_<NAME>`:
Headers sent with payload.
`TRAEFIK_TRACING_OTLP_HTTP_TLS_CA`: `TRAEFIK_TRACING_OTLP_HTTP_TLS_CA`:
TLS CA TLS CA

View file

@ -30,6 +30,7 @@
[entryPoints] [entryPoints]
[entryPoints.EntryPoint0] [entryPoints.EntryPoint0]
address = "foobar" address = "foobar"
reusePort = true
asDefault = true asDefault = true
[entryPoints.EntryPoint0.transport] [entryPoints.EntryPoint0.transport]
keepAliveMaxTime = "42s" keepAliveMaxTime = "42s"
@ -276,6 +277,7 @@
disableDashboardAd = true disableDashboardAd = true
[metrics] [metrics]
addInternals = true
[metrics.prometheus] [metrics.prometheus]
buckets = [42.0, 42.0] buckets = [42.0, 42.0]
addEntryPointsLabels = true addEntryPointsLabels = true
@ -312,24 +314,33 @@
[metrics.influxDB2.additionalLabels] [metrics.influxDB2.additionalLabels]
name0 = "foobar" name0 = "foobar"
name1 = "foobar" name1 = "foobar"
[metrics.openTelemetry] [metrics.otlp]
address = "foobar"
addEntryPointsLabels = true addEntryPointsLabels = true
addRoutersLabels = true addRoutersLabels = true
addServicesLabels = true addServicesLabels = true
explicitBoundaries = [42.0, 42.0] explicitBoundaries = [42.0, 42.0]
insecure = true
path = "foobar"
pushInterval = "42s" pushInterval = "42s"
[metrics.openTelemetry.grpc] [metrics.otlp.grpc]
[metrics.openTelemetry.headers] endpoint = "foobar"
name0 = "foobar" insecure = true
name1 = "foobar" [metrics.otlp.grpc.tls]
[metrics.openTelemetry.tls]
ca = "foobar" ca = "foobar"
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
[metrics.otlp.grpc.headers]
name0 = "foobar"
name1 = "foobar"
[metrics.otlp.http]
endpoint = "foobar"
[metrics.otlp.http.tls]
ca = "foobar"
cert = "foobar"
key = "foobar"
insecureSkipVerify = true
[metrics.otlp.http.headers]
name0 = "foobar"
name1 = "foobar"
[ping] [ping]
entryPoint = "foobar" entryPoint = "foobar"
@ -350,6 +361,7 @@
filePath = "foobar" filePath = "foobar"
format = "foobar" format = "foobar"
bufferingSize = 42 bufferingSize = 42
addInternals = true
[accessLog.filters] [accessLog.filters]
statusCodes = ["foobar", "foobar"] statusCodes = ["foobar", "foobar"]
retryAttempts = true retryAttempts = true
@ -368,9 +380,7 @@
[tracing] [tracing]
serviceName = "foobar" serviceName = "foobar"
sampleRate = 42.0 sampleRate = 42.0
[tracing.headers] addInternals = true
name0 = "foobar"
name1 = "foobar"
[tracing.globalAttributes] [tracing.globalAttributes]
name0 = "foobar" name0 = "foobar"
name1 = "foobar" name1 = "foobar"
@ -383,6 +393,9 @@
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
[tracing.otlp.grpc.headers]
name0 = "foobar"
name1 = "foobar"
[tracing.otlp.http] [tracing.otlp.http]
endpoint = "foobar" endpoint = "foobar"
[tracing.otlp.http.tls] [tracing.otlp.http.tls]
@ -390,6 +403,9 @@
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
[tracing.otlp.http.headers]
name0 = "foobar"
name1 = "foobar"
[hostResolver] [hostResolver]
cnameFlattening = true cnameFlattening = true
@ -453,5 +469,8 @@
[experimental.localPlugins.LocalDescriptor1] [experimental.localPlugins.LocalDescriptor1]
moduleName = "foobar" moduleName = "foobar"
[core]
defaultRuleSyntax = "foobar"
[spiffe] [spiffe]
workloadAPIAddr = "foobar" workloadAPIAddr = "foobar"

View file

@ -35,6 +35,7 @@ tcpServersTransport:
entryPoints: entryPoints:
EntryPoint0: EntryPoint0:
address: foobar address: foobar
reusePort: true
asDefault: true asDefault: true
transport: transport:
lifeCycle: lifeCycle:
@ -307,6 +308,7 @@ api:
debug: true debug: true
disableDashboardAd: true disableDashboardAd: true
metrics: metrics:
addInternals: true
prometheus: prometheus:
buckets: buckets:
- 42 - 42
@ -345,26 +347,35 @@ metrics:
additionalLabels: additionalLabels:
name0: foobar name0: foobar
name1: foobar name1: foobar
openTelemetry: otlp:
grpc: {} grpc:
address: foobar endpoint: foobar
insecure: true
tls:
ca: foobar
cert: foobar
key: foobar
insecureSkipVerify: true
headers:
name0: foobar
name1: foobar
http:
endpoint: foobar
tls:
ca: foobar
cert: foobar
key: foobar
insecureSkipVerify: true
headers:
name0: foobar
name1: foobar
addEntryPointsLabels: true addEntryPointsLabels: true
addRoutersLabels: true addRoutersLabels: true
addServicesLabels: true addServicesLabels: true
explicitBoundaries: explicitBoundaries:
- 42 - 42
- 42 - 42
headers:
name0: foobar
name1: foobar
insecure: true
path: foobar
pushInterval: 42s pushInterval: 42s
tls:
ca: foobar
cert: foobar
key: foobar
insecureSkipVerify: true
ping: ping:
entryPoint: foobar entryPoint: foobar
manualRouting: true manualRouting: true
@ -398,15 +409,14 @@ accessLog:
name0: foobar name0: foobar
name1: foobar name1: foobar
bufferingSize: 42 bufferingSize: 42
addInternals: true
tracing: tracing:
serviceName: foobar serviceName: foobar
headers:
name0: foobar
name1: foobar
globalAttributes: globalAttributes:
name0: foobar name0: foobar
name1: foobar name1: foobar
sampleRate: 42 sampleRate: 42
addInternals: true
otlp: otlp:
grpc: grpc:
endpoint: foobar endpoint: foobar
@ -416,6 +426,9 @@ tracing:
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
headers:
name0: foobar
name1: foobar
http: http:
endpoint: foobar endpoint: foobar
tls: tls:
@ -423,6 +436,9 @@ tracing:
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
headers:
name0: foobar
name1: foobar
hostResolver: hostResolver:
cnameFlattening: true cnameFlattening: true
resolvConfig: foobar resolvConfig: foobar
@ -486,5 +502,7 @@ experimental:
LocalDescriptor1: LocalDescriptor1:
moduleName: foobar moduleName: foobar
kubernetesGateway: true kubernetesGateway: true
core:
defaultRuleSyntax: foobar
spiffe: spiffe:
workloadAPIAddr: foobar workloadAPIAddr: foobar

View file

@ -233,6 +233,79 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
Full details for how to specify `address` can be found in [net.Listen](https://golang.org/pkg/net/#Listen) (and [net.Dial](https://golang.org/pkg/net/#Dial)) of the doc for go. Full details for how to specify `address` can be found in [net.Listen](https://golang.org/pkg/net/#Listen) (and [net.Dial](https://golang.org/pkg/net/#Dial)) of the doc for go.
### ReusePort
_Optional, Default=false_
The `ReusePort` option enables EntryPoints from the same or different processes
listening on the same TCP/UDP port by utilizing the `SO_REUSEPORT` socket option.
It also allows the kernel to act like a load balancer to distribute incoming
connections between entry points.
For example, you can use it with the [transport.lifeCycle](#lifecycle) to do
canary deployments against Traefik itself. Like upgrading Traefik version or
reloading the static configuration without any service downtime.
!!! warning "Supported platforms"
The `ReusePort` option currently works only on Linux, FreeBSD, OpenBSD and Darwin.
It will be ignored on other platforms.
There is a known bug in the Linux kernel that may cause unintended TCP connection failures when using the `ReusePort` option.
For more details, see https://lwn.net/Articles/853637/.
??? example "Listen on the same port"
```yaml tab="File (yaml)"
entryPoints:
web:
address: ":80"
reusePort: true
```
```toml tab="File (TOML)"
[entryPoints.web]
address = ":80"
reusePort = true
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.web.reusePort=true
```
Now it is possible to run multiple Traefik processes with the same EntryPoint configuration.
??? example "Listen on the same port but bind to a different host"
```yaml tab="File (yaml)"
entryPoints:
web:
address: ":80"
reusePort: true
privateWeb:
address: "192.168.1.2:80"
reusePort: true
```
```toml tab="File (TOML)"
[entryPoints.web]
address = ":80"
reusePort = true
[entryPoints.privateWeb]
address = "192.168.1.2:80"
reusePort = true
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.web.reusePort=true
--entrypoints.privateWeb.address=192.168.1.2:80
--entrypoints.privateWeb.reusePort=true
```
Requests to `192.168.1.2:80` will only be handled by routers that have `privateWeb` as the entry point.
### AsDefault ### AsDefault
_Optional, Default=false_ _Optional, Default=false_
@ -650,7 +723,7 @@ The maximum number of requests Traefik can handle before sending a `Connection:
```bash tab="CLI" ```bash tab="CLI"
## Static configuration ## Static configuration
--entryPoints.name.address=:8888 --entryPoints.name.address=:8888
--entryPoints.name.transport.keepAliveRequests=42 --entryPoints.name.transport.keepAliveMaxRequests=42
``` ```
#### `keepAliveMaxTime` #### `keepAliveMaxTime`
@ -680,7 +753,7 @@ The maximum duration Traefik can handle requests before sending a `Connection: C
```bash tab="CLI" ```bash tab="CLI"
## Static configuration ## Static configuration
--entryPoints.name.address=:8888 --entryPoints.name.address=:8888
--entryPoints.name.transport.keepAliveTime=42s --entryPoints.name.transport.keepAliveMaxTime=42s
``` ```
### ProxyProtocol ### ProxyProtocol

View file

@ -515,6 +515,60 @@ A value of `0` for the priority is ignored: `priority = 0` means that the defaul
In this configuration, the priority is configured to allow `Router-2` to handle requests with the `foobar.traefik.com` host. In this configuration, the priority is configured to allow `Router-2` to handle requests with the `foobar.traefik.com` host.
### RuleSyntax
In Traefik v3 a new rule syntax has been introduced ([migration guide](../../migration/v2-to-v3.md#router-rule-matchers)).
`ruleSyntax` option allows to configure the rule syntax to be used for parsing the rule on a per-router basis.
This allows to have heterogeneous router configurations and ease migration.
??? example "Set rule syntax -- using the [File Provider](../../providers/file.md)"
```yaml tab="File (YAML)"
## Dynamic configuration
http:
routers:
Router-v3:
rule: HostRegexp(`[a-z]+\\.traefik\\.com`)
ruleSyntax: v3
Router-v2:
rule: HostRegexp(`{subdomain:[a-z]+}.traefik.com`)
ruleSyntax: v2
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.Router-v3]
rule = "HostRegexp(`[a-z]+\\.traefik\\.com`)"
ruleSyntax = v3
[http.routers.Router-v2]
rule = "HostRegexp(`{subdomain:[a-z]+}.traefik.com`)"
ruleSyntax = v2
```
```yaml tab="Kubernetes traefik.io/v1alpha1"
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: test.route
namespace: default
spec:
routes:
# route v3
- match: HostRegexp(`[a-z]+\\.traefik\\.com`)
syntax: v3
kind: Rule
# route v2
- match: HostRegexp(`{subdomain:[a-z]+}.traefik.com`)
syntax: v2
kind: Rule
```
In this configuration, the ruleSyntax is configured to allow `Router-v2` to use v2 syntax,
while for `Router-v3` it is configured to use v3 syntax.
### Middlewares ### Middlewares
You can attach a list of [middlewares](../../middlewares/overview.md) to each HTTP router. You can attach a list of [middlewares](../../middlewares/overview.md) to each HTTP router.
@ -1161,6 +1215,60 @@ A value of `0` for the priority is ignored: `priority = 0` means that the defaul
In this configuration, the priority is configured so that `Router-1` will handle requests from `192.168.0.12`. In this configuration, the priority is configured so that `Router-1` will handle requests from `192.168.0.12`.
### RuleSyntax
In Traefik v3 a new rule syntax has been introduced ([migration guide](../../migration/v2-to-v3.md#router-rule-matchers)).
`ruleSyntax` option allows to configure the rule syntax to be used for parsing the rule on a per-router basis.
This allows to have heterogeneous router configurations and ease migration.
??? example "Set rule syntax -- using the [File Provider](../../providers/file.md)"
```yaml tab="File (YAML)"
## Dynamic configuration
tcp:
routers:
Router-v3:
rule: ClientIP(`192.168.0.11`) || ClientIP(`192.168.0.12`)
ruleSyntax: v3
Router-v2:
rule: ClientIP(`192.168.0.11`, `192.168.0.12`)
ruleSyntax: v2
```
```toml tab="File (TOML)"
## Dynamic configuration
[tcp.routers]
[tcp.routers.Router-v3]
rule = "ClientIP(`192.168.0.11`) || ClientIP(`192.168.0.12`)"
ruleSyntax = v3
[tcp.routers.Router-v2]
rule = "ClientIP(`192.168.0.11`, `192.168.0.12`)"
ruleSyntax = v2
```
```yaml tab="Kubernetes traefik.io/v1alpha1"
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: test.route
namespace: default
spec:
routes:
# route v3
- match: ClientIP(`192.168.0.11`) || ClientIP(`192.168.0.12`)
syntax: v3
kind: Rule
# route v2
- match: ClientIP(`192.168.0.11`, `192.168.0.12`)
syntax: v2
kind: Rule
```
In this configuration, the ruleSyntax is configured to allow `Router-v2` to use v2 syntax,
while for `Router-v3` it is configured to use v3 syntax.
### Middlewares ### Middlewares
You can attach a list of [middlewares](../../middlewares/overview.md) to each TCP router. You can attach a list of [middlewares](../../middlewares/overview.md) to each TCP router.

View file

@ -143,6 +143,36 @@ The `url` option point to a specific instance.
url = "http://private-ip-server-1/" url = "http://private-ip-server-1/"
``` ```
The `weight` option allows for weighted load balancing on the servers.
??? example "A Service with Two Servers with Weight -- Using the [File Provider](../../providers/file.md)"
```yaml tab="YAML"
## Dynamic configuration
http:
services:
my-service:
loadBalancer:
servers:
- url: "http://private-ip-server-1/"
weight: 2
- url: "http://private-ip-server-2/"
weight: 1
```
```toml tab="TOML"
## Dynamic configuration
[http.services]
[http.services.my-service.loadBalancer]
[[http.services.my-service.loadBalancer.servers]]
url = "http://private-ip-server-1/"
weight = 2
[[http.services.my-service.loadBalancer.servers]]
url = "http://private-ip-server-2/"
weight = 1
```
#### Load-balancing #### Load-balancing
For now, only round robin load balancing is supported: For now, only round robin load balancing is supported:
@ -1587,6 +1617,46 @@ Below are the available options for the PROXY protocol:
version = 1 version = 1
``` ```
#### Termination Delay
!!! warning
Deprecated in favor of [`serversTransport.terminationDelay`](#terminationdelay).
Please note that if any `serversTransport` configuration on the servers load balancer is found,
it will take precedence over the servers load balancer `terminationDelay` value,
even if the `serversTransport.terminationDelay` is undefined.
As a proxy between a client and a server, it can happen that either side (e.g. client side) decides to terminate its writing capability on the connection (i.e. issuance of a FIN packet).
The proxy needs to propagate that intent to the other side, and so when that happens, it also does the same on its connection with the other side (e.g. backend side).
However, if for some reason (bad implementation, or malicious intent) the other side does not eventually do the same as well,
the connection would stay half-open, which would lock resources for however long.
To that end, as soon as the proxy enters this termination sequence, it sets a deadline on fully terminating the connections on both sides.
The termination delay controls that deadline.
It is a duration in milliseconds, defaulting to 100.
A negative value means an infinite deadline (i.e. the connection is never fully terminated by the proxy itself).
??? example "A Service with a termination delay -- Using the [File Provider](../../providers/file.md)"
```yaml tab="YAML"
## Dynamic configuration
tcp:
services:
my-service:
loadBalancer:
terminationDelay: 200
```
```toml tab="TOML"
## Dynamic configuration
[tcp.services]
[tcp.services.my-service.loadBalancer]
[[tcp.services.my-service.loadBalancer]]
terminationDelay = 200
```
### Weighted Round Robin ### Weighted Round Robin
The Weighted Round Robin (alias `WRR`) load-balancer of services is in charge of balancing the requests between multiple services based on provided weights. The Weighted Round Robin (alias `WRR`) load-balancer of services is in charge of balancing the requests between multiple services based on provided weights.

View file

@ -149,11 +149,16 @@ nav:
- 'API': 'operations/api.md' - 'API': 'operations/api.md'
- 'Ping': 'operations/ping.md' - 'Ping': 'operations/ping.md'
- 'Observability': - 'Observability':
- 'Overview': 'observability/overview.md'
- 'Logs': 'observability/logs.md' - 'Logs': 'observability/logs.md'
- 'Access Logs': 'observability/access-logs.md' - 'Access Logs': 'observability/access-logs.md'
- 'Metrics': - 'Metrics':
- 'Overview': 'observability/metrics/overview.md' - 'Overview': 'observability/metrics/overview.md'
- 'Datadog': 'observability/metrics/datadog.md'
- 'InfluxDB2': 'observability/metrics/influxdb2.md'
- 'OpenTelemetry': 'observability/metrics/opentelemetry.md' - 'OpenTelemetry': 'observability/metrics/opentelemetry.md'
- 'Prometheus': 'observability/metrics/prometheus.md'
- 'StatsD': 'observability/metrics/statsd.md'
- 'Tracing': - 'Tracing':
- 'Overview': 'observability/tracing/overview.md' - 'Overview': 'observability/tracing/overview.md'
- 'OpenTelemetry': 'observability/tracing/opentelemetry.md' - 'OpenTelemetry': 'observability/tracing/opentelemetry.md'

103
go.mod
View file

@ -1,6 +1,6 @@
module github.com/traefik/traefik/v3 module github.com/traefik/traefik/v3
go 1.21 go 1.22
require ( require (
github.com/BurntSushi/toml v1.3.2 github.com/BurntSushi/toml v1.3.2
@ -17,7 +17,7 @@ require (
github.com/docker/go-connections v0.4.0 github.com/docker/go-connections v0.4.0
github.com/fatih/structs v1.1.0 github.com/fatih/structs v1.1.0
github.com/fsnotify/fsnotify v1.7.0 github.com/fsnotify/fsnotify v1.7.0
github.com/go-acme/lego/v4 v4.14.0 github.com/go-acme/lego/v4 v4.15.0
github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea
github.com/golang/protobuf v1.5.3 github.com/golang/protobuf v1.5.3
github.com/google/go-github/v28 v28.1.1 github.com/google/go-github/v28 v28.1.1
@ -26,9 +26,9 @@ require (
github.com/hashicorp/consul/api v1.26.1 github.com/hashicorp/consul/api v1.26.1
github.com/hashicorp/go-hclog v1.5.0 github.com/hashicorp/go-hclog v1.5.0
github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-multierror v1.1.1
github.com/hashicorp/go-retryablehttp v0.7.4 github.com/hashicorp/go-retryablehttp v0.7.5
github.com/hashicorp/go-version v1.6.0 github.com/hashicorp/go-version v1.6.0
github.com/hashicorp/nomad/api v0.0.0-20231213195942-64e3dca9274b github.com/hashicorp/nomad/api v0.0.0-20240122103822-8a4bd61caf74
github.com/http-wasm/http-wasm-host-go v0.5.2 github.com/http-wasm/http-wasm-host-go v0.5.2
github.com/influxdata/influxdb-client-go/v2 v2.7.0 github.com/influxdata/influxdb-client-go/v2 v2.7.0
github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d
@ -39,7 +39,7 @@ require (
github.com/kvtools/valkeyrie v1.0.0 github.com/kvtools/valkeyrie v1.0.0
github.com/kvtools/zookeeper v1.0.2 github.com/kvtools/zookeeper v1.0.2
github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f
github.com/miekg/dns v1.1.55 github.com/miekg/dns v1.1.58
github.com/mitchellh/copystructure v1.2.0 github.com/mitchellh/copystructure v1.2.0
github.com/mitchellh/hashstructure v1.0.0 github.com/mitchellh/hashstructure v1.0.0
github.com/mitchellh/mapstructure v1.5.0 github.com/mitchellh/mapstructure v1.5.0
@ -78,19 +78,21 @@ require (
go.opentelemetry.io/otel/sdk/metric v1.21.0 go.opentelemetry.io/otel/sdk/metric v1.21.0
go.opentelemetry.io/otel/trace v1.21.0 go.opentelemetry.io/otel/trace v1.21.0
golang.org/x/exp v0.0.0-20231006140011-7918f672742d golang.org/x/exp v0.0.0-20231006140011-7918f672742d
golang.org/x/mod v0.13.0 golang.org/x/mod v0.14.0
golang.org/x/net v0.17.0 golang.org/x/net v0.20.0
golang.org/x/text v0.13.0 golang.org/x/sys v0.16.0
golang.org/x/time v0.3.0 golang.org/x/text v0.14.0
golang.org/x/tools v0.14.0 golang.org/x/time v0.5.0
golang.org/x/tools v0.17.0
google.golang.org/grpc v1.59.0 google.golang.org/grpc v1.59.0
gopkg.in/yaml.v3 v3.0.1 gopkg.in/yaml.v3 v3.0.1
k8s.io/api v0.28.3 k8s.io/api v0.28.4
k8s.io/apiextensions-apiserver v0.28.3 k8s.io/apiextensions-apiserver v0.28.3
k8s.io/apimachinery v0.28.3 k8s.io/apimachinery v0.28.4
k8s.io/client-go v0.28.3 k8s.io/client-go v0.28.4
k8s.io/utils v0.0.0-20230726121419-3b25d923346b k8s.io/utils v0.0.0-20230726121419-3b25d923346b
mvdan.cc/xurls/v2 v2.5.0 mvdan.cc/xurls/v2 v2.5.0
sigs.k8s.io/controller-runtime v0.16.3
sigs.k8s.io/gateway-api v1.0.0 sigs.k8s.io/gateway-api v1.0.0
) )
@ -107,8 +109,8 @@ require (
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.1.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.1.0 // indirect
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect
github.com/Azure/go-autorest/autorest v0.11.27 // indirect github.com/Azure/go-autorest/autorest v0.11.29 // indirect
github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect github.com/Azure/go-autorest/autorest/adal v0.9.22 // indirect
github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
@ -127,26 +129,27 @@ require (
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 // indirect github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 // indirect
github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 // indirect github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 // indirect
github.com/armon/go-metrics v0.4.1 // indirect github.com/armon/go-metrics v0.4.1 // indirect
github.com/aws/aws-sdk-go-v2 v1.20.3 // indirect github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect
github.com/aws/aws-sdk-go-v2/config v1.18.28 // indirect github.com/aws/aws-sdk-go-v2/config v1.26.6 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.13.27 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.40 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.34 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.34 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
github.com/aws/aws-sdk-go-v2/service/lightsail v1.27.2 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
github.com/aws/aws-sdk-go-v2/service/route53 v1.28.4 // indirect github.com/aws/aws-sdk-go-v2/service/lightsail v1.34.0 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 // indirect github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.19.3 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
github.com/aws/smithy-go v1.14.2 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect
github.com/aws/smithy-go v1.19.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect github.com/beorn7/perks v1.0.1 // indirect
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
github.com/bytedance/sonic v1.10.0 // indirect github.com/bytedance/sonic v1.10.0 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/civo/civogo v0.3.11 // indirect github.com/civo/civogo v0.3.11 // indirect
github.com/cloudflare/cloudflare-go v0.70.0 // indirect github.com/cloudflare/cloudflare-go v0.86.0 // indirect
github.com/containerd/containerd v1.7.11 // indirect github.com/containerd/containerd v1.7.11 // indirect
github.com/containerd/log v0.1.0 // indirect github.com/containerd/log v0.1.0 // indirect
github.com/coreos/go-semver v0.3.1 // indirect github.com/coreos/go-semver v0.3.1 // indirect
@ -162,12 +165,13 @@ require (
github.com/docker/go-units v0.5.0 // indirect github.com/docker/go-units v0.5.0 // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/evanphx/json-patch v5.7.0+incompatible // indirect github.com/evanphx/json-patch v5.7.0+incompatible // indirect
github.com/exoscale/egoscale v0.100.1 // indirect github.com/evanphx/json-patch/v5 v5.7.0 // indirect
github.com/exoscale/egoscale v0.102.3 // indirect
github.com/fatih/color v1.15.0 // indirect github.com/fatih/color v1.15.0 // indirect
github.com/ghodss/yaml v1.0.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect
github.com/gin-gonic/gin v1.9.1 // indirect github.com/gin-gonic/gin v1.9.1 // indirect
github.com/go-errors/errors v1.0.1 // indirect github.com/go-errors/errors v1.0.1 // indirect
github.com/go-jose/go-jose/v3 v3.0.0 // indirect github.com/go-jose/go-jose/v3 v3.0.1 // indirect
github.com/go-logfmt/logfmt v0.5.1 // indirect github.com/go-logfmt/logfmt v0.5.1 // indirect
github.com/go-logr/logr v1.3.0 // indirect github.com/go-logr/logr v1.3.0 // indirect
github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect
@ -176,9 +180,10 @@ require (
github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.22.4 // indirect github.com/go-openapi/swag v0.22.4 // indirect
github.com/go-playground/validator/v10 v10.15.1 // indirect github.com/go-playground/validator/v10 v10.15.1 // indirect
github.com/go-resty/resty/v2 v2.7.0 // indirect github.com/go-resty/resty/v2 v2.11.0 // indirect
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
github.com/go-zookeeper/zk v1.0.3 // indirect github.com/go-zookeeper/zk v1.0.3 // indirect
github.com/goccy/go-json v0.10.2 // indirect
github.com/gofrs/uuid v4.4.0+incompatible // indirect github.com/gofrs/uuid v4.4.0+incompatible // indirect
github.com/gogo/protobuf v1.3.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
@ -218,10 +223,9 @@ require (
github.com/kylelemons/godebug v1.1.0 // indirect github.com/kylelemons/godebug v1.1.0 // indirect
github.com/labbsr0x/bindman-dns-webhook v1.0.2 // indirect github.com/labbsr0x/bindman-dns-webhook v1.0.2 // indirect
github.com/labbsr0x/goh v1.0.1 // indirect github.com/labbsr0x/goh v1.0.1 // indirect
github.com/linode/linodego v1.17.2 // indirect github.com/linode/linodego v1.28.0 // indirect
github.com/liquidweb/go-lwApi v0.0.5 // indirect
github.com/liquidweb/liquidweb-cli v0.6.9 // indirect github.com/liquidweb/liquidweb-cli v0.6.9 // indirect
github.com/liquidweb/liquidweb-go v1.6.3 // indirect github.com/liquidweb/liquidweb-go v1.6.4 // indirect
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
github.com/magiconair/properties v1.8.7 // indirect github.com/magiconair/properties v1.8.7 // indirect
github.com/mailgun/minheap v0.0.0-20170619185613-3dbe6c6bf55f // indirect github.com/mailgun/minheap v0.0.0-20170619185613-3dbe6c6bf55f // indirect
@ -236,6 +240,7 @@ require (
github.com/mitchellh/go-ps v1.0.0 // indirect github.com/mitchellh/go-ps v1.0.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/moby/patternmatcher v0.6.0 // indirect github.com/moby/patternmatcher v0.6.0 // indirect
github.com/moby/spdystream v0.2.0 // indirect
github.com/moby/sys/sequential v0.5.0 // indirect github.com/moby/sys/sequential v0.5.0 // indirect
github.com/moby/term v0.5.0 // indirect github.com/moby/term v0.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@ -244,22 +249,22 @@ require (
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 // indirect github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 // indirect
github.com/nrdcg/auroradns v1.1.0 // indirect github.com/nrdcg/auroradns v1.1.0 // indirect
github.com/nrdcg/bunny-go v0.0.0-20230728143221-c9dda82568d9 // indirect
github.com/nrdcg/desec v0.7.0 // indirect github.com/nrdcg/desec v0.7.0 // indirect
github.com/nrdcg/dnspod-go v0.4.0 // indirect github.com/nrdcg/dnspod-go v0.4.0 // indirect
github.com/nrdcg/freemyip v0.2.0 // indirect github.com/nrdcg/freemyip v0.2.0 // indirect
github.com/nrdcg/goinwx v0.8.2 // indirect github.com/nrdcg/goinwx v0.10.0 // indirect
github.com/nrdcg/namesilo v0.2.1 // indirect github.com/nrdcg/namesilo v0.2.1 // indirect
github.com/nrdcg/nodion v0.1.0 // indirect github.com/nrdcg/nodion v0.1.0 // indirect
github.com/nrdcg/porkbun v0.2.0 // indirect github.com/nrdcg/porkbun v0.3.0 // indirect
github.com/nzdjb/go-metaname v1.0.0 // indirect github.com/nzdjb/go-metaname v1.0.0 // indirect
github.com/onsi/ginkgo v1.16.5 // indirect github.com/onsi/ginkgo v1.16.5 // indirect
github.com/onsi/ginkgo/v2 v2.11.0 // indirect github.com/onsi/ginkgo/v2 v2.11.0 // indirect
github.com/onsi/gomega v1.27.10 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0-rc5 // indirect github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
github.com/opencontainers/runc v1.1.5 // indirect github.com/opencontainers/runc v1.1.5 // indirect
github.com/oracle/oci-go-sdk v24.3.0+incompatible // indirect github.com/oracle/oci-go-sdk v24.3.0+incompatible // indirect
github.com/ovh/go-ovh v1.4.1 // indirect github.com/ovh/go-ovh v1.4.3 // indirect
github.com/pelletier/go-toml/v2 v2.0.9 // indirect github.com/pelletier/go-toml/v2 v2.0.9 // indirect
github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
github.com/pkg/errors v0.9.1 // indirect github.com/pkg/errors v0.9.1 // indirect
@ -275,13 +280,12 @@ require (
github.com/sacloud/go-http v0.1.6 // indirect github.com/sacloud/go-http v0.1.6 // indirect
github.com/sacloud/iaas-api-go v1.11.1 // indirect github.com/sacloud/iaas-api-go v1.11.1 // indirect
github.com/sacloud/packages-go v0.0.9 // indirect github.com/sacloud/packages-go v0.0.9 // indirect
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.17 // indirect github.com/scaleway/scaleway-sdk-go v1.0.0-beta.22 // indirect
github.com/shirou/gopsutil/v3 v3.23.11 // indirect github.com/shirou/gopsutil/v3 v3.23.11 // indirect
github.com/shoenig/go-m1cpu v0.1.6 // indirect github.com/shoenig/go-m1cpu v0.1.6 // indirect
github.com/shopspring/decimal v1.2.0 // indirect github.com/shopspring/decimal v1.2.0 // indirect
github.com/simplesurance/bunny-go v0.0.0-20221115111006-e11d9dc91f04 // indirect
github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9 // indirect github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9 // indirect
github.com/softlayer/softlayer-go v1.1.2 // indirect github.com/softlayer/softlayer-go v1.1.3 // indirect
github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e // indirect github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e // indirect
github.com/spf13/cast v1.3.1 // indirect github.com/spf13/cast v1.3.1 // indirect
github.com/spf13/pflag v1.0.5 // indirect github.com/spf13/pflag v1.0.5 // indirect
@ -292,8 +296,8 @@ require (
github.com/tidwall/pretty v1.2.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect
github.com/tklauser/go-sysconf v0.3.12 // indirect github.com/tklauser/go-sysconf v0.3.12 // indirect
github.com/tklauser/numcpus v0.6.1 // indirect github.com/tklauser/numcpus v0.6.1 // indirect
github.com/transip/gotransip/v6 v6.20.0 // indirect github.com/transip/gotransip/v6 v6.23.0 // indirect
github.com/ultradns/ultradns-go-sdk v1.5.0-20230427130837-23c9b0c // indirect github.com/ultradns/ultradns-go-sdk v1.6.1-20231103022937-8589b6a // indirect
github.com/vinyldns/go-vinyldns v0.9.16 // indirect github.com/vinyldns/go-vinyldns v0.9.16 // indirect
github.com/vultr/govultr/v2 v2.17.2 // indirect github.com/vultr/govultr/v2 v2.17.2 // indirect
github.com/yandex-cloud/go-genproto v0.0.0-20220805142335-27b56ddae16f // indirect github.com/yandex-cloud/go-genproto v0.0.0-20220805142335-27b56ddae16f // indirect
@ -311,10 +315,9 @@ require (
go.uber.org/ratelimit v0.2.0 // indirect go.uber.org/ratelimit v0.2.0 // indirect
go.uber.org/zap v1.26.0 // indirect go.uber.org/zap v1.26.0 // indirect
golang.org/x/arch v0.4.0 // indirect golang.org/x/arch v0.4.0 // indirect
golang.org/x/crypto v0.14.0 // indirect golang.org/x/crypto v0.18.0 // indirect
golang.org/x/oauth2 v0.13.0 // indirect golang.org/x/oauth2 v0.16.0 // indirect
golang.org/x/sys v0.15.0 // indirect golang.org/x/term v0.16.0 // indirect
golang.org/x/term v0.13.0 // indirect
google.golang.org/api v0.128.0 // indirect google.golang.org/api v0.128.0 // indirect
google.golang.org/appengine v1.6.8 // indirect google.golang.org/appengine v1.6.8 // indirect
google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect
@ -324,7 +327,7 @@ require (
gopkg.in/h2non/gock.v1 v1.0.16 // indirect gopkg.in/h2non/gock.v1 v1.0.16 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/ns1/ns1-go.v2 v2.7.6 // indirect gopkg.in/ns1/ns1-go.v2 v2.7.13 // indirect
gopkg.in/square/go-jose.v2 v2.5.1 // indirect gopkg.in/square/go-jose.v2 v2.5.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect
k8s.io/klog/v2 v2.100.1 // indirect k8s.io/klog/v2 v2.100.1 // indirect

221
go.sum
View file

@ -42,11 +42,11 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg6
github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc=
github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A= github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw=
github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs=
github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg= github.com/Azure/go-autorest/autorest/adal v0.9.22 h1:/GblQdIudfEM3AWWZ0mrYJQSd7JS4S/Mbzh6F0ov0Xc=
github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk=
github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 h1:wkAZRgT/pn8HhFyzfe9UnqOjJYqlembgCTi72Bm/xKk= github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 h1:wkAZRgT/pn8HhFyzfe9UnqOjJYqlembgCTi72Bm/xKk=
github.com/Azure/go-autorest/autorest/azure/auth v0.5.12/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg= github.com/Azure/go-autorest/autorest/azure/auth v0.5.12/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg=
github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 h1:0W/yGmFdTIT77fvdlGZ0LMISoLHFJ7Tx4U0yeB+uFs4= github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 h1:0W/yGmFdTIT77fvdlGZ0LMISoLHFJ7Tx4U0yeB+uFs4=
@ -114,45 +114,44 @@ github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJ
github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4= github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A=
github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU=
github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.44.327 h1:ZS8oO4+7MOBLhkdwIhgtVeDzCeWOlTfKJS7EgggbIEY= github.com/aws/aws-sdk-go v1.44.327 h1:ZS8oO4+7MOBLhkdwIhgtVeDzCeWOlTfKJS7EgggbIEY=
github.com/aws/aws-sdk-go v1.44.327/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go v1.44.327/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
github.com/aws/aws-sdk-go-v2 v1.19.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU=
github.com/aws/aws-sdk-go-v2 v1.20.3 h1:lgeKmAZhlj1JqN43bogrM75spIvYnRxqTAh1iupu1yE= github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
github.com/aws/aws-sdk-go-v2 v1.20.3/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M= github.com/aws/aws-sdk-go-v2/config v1.26.6 h1:Z/7w9bUqlRI0FFQpetVuFYEsjzE3h7fpU6HuGmfPL/o=
github.com/aws/aws-sdk-go-v2/config v1.18.28 h1:TINEaKyh1Td64tqFvn09iYpKiWjmHYrG1fa91q2gnqw= github.com/aws/aws-sdk-go-v2/config v1.26.6/go.mod h1:uKU6cnDmYCvJ+pxO9S4cWDb2yWWIH5hra+32hVh1MI4=
github.com/aws/aws-sdk-go-v2/config v1.18.28/go.mod h1:nIL+4/8JdAuNHEjn/gPEXqtnS02Q3NXB/9Z7o5xE4+A= github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8=
github.com/aws/aws-sdk-go-v2/credentials v1.13.27 h1:dz0yr/yR1jweAnsCx+BmjerUILVPQ6FS5AwF/OyG1kA= github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0=
github.com/aws/aws-sdk-go-v2/credentials v1.13.27/go.mod h1:syOqAek45ZXZp29HlnRS/BNgMIW6uiRmeuQsz4Qh2UE= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 h1:kP3Me6Fy3vdi+9uHd7YLr6ewPxRL+PU6y15urfTaamU= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5/go.mod h1:Gj7tm95r+QsDoN2Fhuz/3npQvcZbkEf5mL70n3Xfluc= github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35/go.mod h1:ipR5PvpSPqIqL5Mi82BxLnfMkHVbmco8kUwO2xrCi0M= github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.40 h1:CXceCS9BrDInRc74GDCQ8Qyk/Gp9VLdK+Rlve+zELSE= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.40/go.mod h1:5kKmFhLeOVy6pwPDpDNA6/hK/d6URC98pqDDqHgdBx4= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29/go.mod h1:M/eUABlDbw2uVrdAn+UsI6M727qp2fxkp8K0ejcBDUY= github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 h1:n3GDfwqF2tzEkXlv5cuy4iy7LpKDtqDMcNLfZDu9rls=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.34 h1:B+nZtd22cbko5+793hg7LEaTeLMiZwlgCLUrN5Y0uzg= github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.34/go.mod h1:RZP0scceAyhMIQ9JvFp7HvkpcgqjL4l/4C+7RAeGbuM= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 h1:8r5m1BoAWkn0TDC34lUculryf7nUF25EgIMdjvGCkgo= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36/go.mod h1:Rmw2M1hMVTwiUhjwMoIBFWFJMhvJbct06sSidxInkhY= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29/go.mod h1:fDbkK4o7fpPXWn8YAPmTieAMuB9mk/VgvW64uaUqxd4= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.34 h1:JwvXk+1ePAD9xkFHprhHYqwsxLDcbNFsPI1IAT2sPS0= github.com/aws/aws-sdk-go-v2/service/lightsail v1.34.0 h1:LvWkxBi/bsWHqj3bFTUuDLl4OAlbaM1HDZ9YPhj5+jg=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.34/go.mod h1:ytsF+t+FApY2lFnN51fJKPhH6ICKOPXKEcwwgmJEdWI= github.com/aws/aws-sdk-go-v2/service/lightsail v1.34.0/go.mod h1:35MKNS46RX7Lb9EIFP2bPy3WrJu+bxU6QgLis8K1aa4=
github.com/aws/aws-sdk-go-v2/service/lightsail v1.27.2 h1:PwNeYoonBzmTdCztKiiutws3U24KrnDBuabzRfIlZY4= github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0 h1:f3hBZWtpn9clZGXJoqahQeec9ZPZnu22g8pg+zNyif0=
github.com/aws/aws-sdk-go-v2/service/lightsail v1.27.2/go.mod h1:gQhLZrTEath4zik5ixIe6axvgY5jJrgSBDJ360Fxnco= github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0/go.mod h1:8qqfpG4mug2JLlEyWPSFhEGvJiaZ9iPmMDDMYc5Xtas=
github.com/aws/aws-sdk-go-v2/service/route53 v1.28.4 h1:p4mTxJfCAyiTT4Wp6p/mOPa6j5MqCSRGot8qZwFs+Z0= github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow=
github.com/aws/aws-sdk-go-v2/service/route53 v1.28.4/go.mod h1:VBLWpaHvhQNeu7N9rMEf00SWeOONb/HvaDUxe/7b44k= github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM=
github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 h1:sWDv7cMITPcZ21QdreULwxOOAmE05JjEsT6fCDtDA9k= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA=
github.com/aws/aws-sdk-go-v2/service/sso v1.12.13/go.mod h1:DfX0sWuT46KpcqbMhJ9QWtxAIP1VozkDWf8VAkByjYY= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 h1:BFubHS/xN5bjl818QaroN6mQdjneYQ+AOx44KNXlyH4= github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13/go.mod h1:BzqsVVFduubEmzrVtUFQQIQdFqvUItF8XUq2EnS8Wog= github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U=
github.com/aws/aws-sdk-go-v2/service/sts v1.19.3 h1:e5mnydVdCVWxP+5rPAGi2PYxC7u2OZgH1ypC114H04U= github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
github.com/aws/aws-sdk-go-v2/service/sts v1.19.3/go.mod h1:yVGZA1CPkmUhBdA039jXNJJG7/6t+G+EBWmFq23xqnY= github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ=
github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@ -197,8 +196,8 @@ github.com/civo/civogo v0.3.11 h1:mON/fyrV946Sbk6paRtOSGsN+asCgCmHCgArf5xmGxM=
github.com/civo/civogo v0.3.11/go.mod h1:7+GeeFwc4AYTULaEshpT2vIcl3Qq8HPoxA17viX3l6g= github.com/civo/civogo v0.3.11/go.mod h1:7+GeeFwc4AYTULaEshpT2vIcl3Qq8HPoxA17viX3l6g=
github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cloudflare/cloudflare-go v0.70.0 h1:4opGbUygM8DjirUuaz23jn3akuAcnOCEx+0nQtQEcFo= github.com/cloudflare/cloudflare-go v0.86.0 h1:jEKN5VHNYNYtfDL2lUFLTRo+nOVNPFxpXTstVx0rqHI=
github.com/cloudflare/cloudflare-go v0.70.0/go.mod h1:VW6GuazkaZ4xEDkFt24lkXQUsE8q7BiGqDniC2s8WEM= github.com/cloudflare/cloudflare-go v0.86.0/go.mod h1:wYW/5UP02TUfBToa/yKbQHV+r6h1NnJ1Je7XjuGM4Jw=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
@ -302,8 +301,10 @@ github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/exoscale/egoscale v0.100.1 h1:iXsV1Ei7daqe/6FYSCSDyrFs1iUG1l1X9qNh2uMw6z0= github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc=
github.com/exoscale/egoscale v0.100.1/go.mod h1:BAb9p4rmyU+Wl400CJZO5270H2sXtdsZjLcm5xMKkz4= github.com/evanphx/json-patch/v5 v5.7.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
github.com/exoscale/egoscale v0.102.3 h1:DYqN2ipoLKpiFoprRGQkp2av/Ze7sUYYlGhi1N62tfY=
github.com/exoscale/egoscale v0.102.3/go.mod h1:RPf2Gah6up+6kAEayHTQwqapzXlm93f0VQas/UEGU5c=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
@ -334,15 +335,15 @@ github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwv
github.com/gin-gonic/gin v1.7.4/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY= github.com/gin-gonic/gin v1.7.4/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg= github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU= github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
github.com/go-acme/lego/v4 v4.14.0 h1:/skZoRHgVh0d2RK7l1g3Ch8HqeqP9LB8ZEjLdGEpcDE= github.com/go-acme/lego/v4 v4.15.0 h1:A7MHEU3b+TDFqhC/HmzMJnzPbyeaYvMZQBbqgvbThhU=
github.com/go-acme/lego/v4 v4.14.0/go.mod h1:zjmvNCDLGz7GrC1OqdVpVmZFKSRabEDtWbdzmcpBsGo= github.com/go-acme/lego/v4 v4.15.0/go.mod h1:eeGhjW4zWT7Ccqa3sY7ayEqFLCAICx+mXgkMHKIkLxg=
github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs= github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs=
github.com/go-cmd/cmd v1.0.5/go.mod h1:y8q8qlK5wQibcw63djSl/ntiHUHXHGdCkPk0j4QeW4s= github.com/go-cmd/cmd v1.0.5/go.mod h1:y8q8qlK5wQibcw63djSl/ntiHUHXHGdCkPk0j4QeW4s=
github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w=
github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo= github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA=
github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea h1:CnEQOUv4ilElSwFB9g/lVmz206oLE4aNZDYngIY1Gvg= github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea h1:CnEQOUv4ilElSwFB9g/lVmz206oLE4aNZDYngIY1Gvg=
@ -358,6 +359,8 @@ github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA=
github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
@ -384,8 +387,8 @@ github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn
github.com/go-playground/validator/v10 v10.9.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos= github.com/go-playground/validator/v10 v10.9.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos=
github.com/go-playground/validator/v10 v10.15.1 h1:BSe8uhN+xQ4r5guV/ywQI4gO59C2raYcGffYWZEjZzM= github.com/go-playground/validator/v10 v10.15.1 h1:BSe8uhN+xQ4r5guV/ywQI4gO59C2raYcGffYWZEjZzM=
github.com/go-playground/validator/v10 v10.15.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= github.com/go-playground/validator/v10 v10.15.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY= github.com/go-resty/resty/v2 v2.11.0 h1:i7jMfNOJYMp69lq7qozJP+bjgzfAzeOhuGlyDrqxT/8=
github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I= github.com/go-resty/resty/v2 v2.11.0/go.mod h1:iiP/OpA0CkcL3IGt1O0+/SIItFUbkkyw5BGXiVdTu+A=
github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk= github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
@ -474,7 +477,6 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
@ -563,8 +565,8 @@ github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+
github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA= github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=
github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
@ -592,8 +594,8 @@ github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/
github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
github.com/hashicorp/memberlist v0.5.0 h1:EtYPN8DpAURiapus508I4n9CzHs2W+8NZGbmmR/prTM= github.com/hashicorp/memberlist v0.5.0 h1:EtYPN8DpAURiapus508I4n9CzHs2W+8NZGbmmR/prTM=
github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0= github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0=
github.com/hashicorp/nomad/api v0.0.0-20231213195942-64e3dca9274b h1:R1UDhkwGltpSPY9bCBBxIMQd+NY9BkN0vFHnJo/8o8w= github.com/hashicorp/nomad/api v0.0.0-20240122103822-8a4bd61caf74 h1:Q+WuGTnZkL2cJ7yNsg4Go4GNnRkcahGLiQP/WD41TTA=
github.com/hashicorp/nomad/api v0.0.0-20231213195942-64e3dca9274b/go.mod h1:ijDwa6o1uG1jFSq6kERiX2PamKGpZzTmo0XOFNeFZgw= github.com/hashicorp/nomad/api v0.0.0-20240122103822-8a4bd61caf74/go.mod h1:ijDwa6o1uG1jFSq6kERiX2PamKGpZzTmo0XOFNeFZgw=
github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY= github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY=
github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4= github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4=
@ -703,15 +705,13 @@ github.com/lestrrat-go/jwx v1.2.7/go.mod h1:bw24IXWbavc0R2RsOtpXL7RtMyP589yZ1+L7
github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
github.com/linode/linodego v1.17.2 h1:b32dj4662PGG5P9qVa6nBezccWdqgukndlMIuPGq1CQ= github.com/linode/linodego v1.28.0 h1:lzxxJebsYg5cCWRNDLyL2StW3sfMyAwf/FYfxFjFrlk=
github.com/linode/linodego v1.17.2/go.mod h1:C2iyT3Vg2O2sPxkWka4XAQ5WSUtm5LmTZ3Adw43Ra7Q= github.com/linode/linodego v1.28.0/go.mod h1:5oAsx+uinHtVo6U77nXXXtox7MWzUW6aEkTOKXxA9uo=
github.com/liquidweb/go-lwApi v0.0.0-20190605172801-52a4864d2738/go.mod h1:0sYF9rMXb0vlG+4SzdiGMXHheCZxjguMq+Zb4S2BfBs= github.com/liquidweb/go-lwApi v0.0.0-20190605172801-52a4864d2738/go.mod h1:0sYF9rMXb0vlG+4SzdiGMXHheCZxjguMq+Zb4S2BfBs=
github.com/liquidweb/go-lwApi v0.0.5 h1:CT4cdXzJXmo0bon298kS7NeSk+Gt8/UHpWBBol1NGCA=
github.com/liquidweb/go-lwApi v0.0.5/go.mod h1:0sYF9rMXb0vlG+4SzdiGMXHheCZxjguMq+Zb4S2BfBs=
github.com/liquidweb/liquidweb-cli v0.6.9 h1:acbIvdRauiwbxIsOCEMXGwF75aSJDbDiyAWPjVnwoYM= github.com/liquidweb/liquidweb-cli v0.6.9 h1:acbIvdRauiwbxIsOCEMXGwF75aSJDbDiyAWPjVnwoYM=
github.com/liquidweb/liquidweb-cli v0.6.9/go.mod h1:cE1uvQ+x24NGUL75D0QagOFCG8Wdvmwu8aL9TLmA/eQ= github.com/liquidweb/liquidweb-cli v0.6.9/go.mod h1:cE1uvQ+x24NGUL75D0QagOFCG8Wdvmwu8aL9TLmA/eQ=
github.com/liquidweb/liquidweb-go v1.6.3 h1:NVHvcnX3eb3BltiIoA+gLYn15nOpkYkdizOEYGSKrk4= github.com/liquidweb/liquidweb-go v1.6.4 h1:6S0m3hHSpiLqGD7AFSb7lH/W/qr1wx+tKil9fgIbjMc=
github.com/liquidweb/liquidweb-go v1.6.3/go.mod h1:SuXXp+thr28LnjEw18AYtWwIbWMHSUiajPQs8T9c/Rc= github.com/liquidweb/liquidweb-go v1.6.4/go.mod h1:B934JPIIcdA+uTq2Nz5PgOtG6CuCaEvQKe/Ge/5GgZ4=
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4= github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4=
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I= github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
@ -765,8 +765,8 @@ github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3N
github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
github.com/miekg/dns v1.1.47/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= github.com/miekg/dns v1.1.47/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo= github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4=
github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY=
github.com/mimuret/golang-iij-dpf v0.9.1 h1:Gj6EhHJkOhr+q2RnvRPJsPMcjuVnWPSccEHyoEehU34= github.com/mimuret/golang-iij-dpf v0.9.1 h1:Gj6EhHJkOhr+q2RnvRPJsPMcjuVnWPSccEHyoEehU34=
github.com/mimuret/golang-iij-dpf v0.9.1/go.mod h1:sl9KyOkESib9+KRD3HaGpgi1xk7eoN2+d96LCLsME2M= github.com/mimuret/golang-iij-dpf v0.9.1/go.mod h1:sl9KyOkESib9+KRD3HaGpgi1xk7eoN2+d96LCLsME2M=
github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
@ -796,6 +796,8 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx
github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk= github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk=
github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc= github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc= github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=
github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo= github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo=
@ -831,20 +833,22 @@ github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uY
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
github.com/nrdcg/auroradns v1.1.0 h1:KekGh8kmf2MNwqZVVYo/fw/ZONt8QMEmbMFOeljteWo= github.com/nrdcg/auroradns v1.1.0 h1:KekGh8kmf2MNwqZVVYo/fw/ZONt8QMEmbMFOeljteWo=
github.com/nrdcg/auroradns v1.1.0/go.mod h1:O7tViUZbAcnykVnrGkXzIJTHoQCHcgalgAe6X1mzHfk= github.com/nrdcg/auroradns v1.1.0/go.mod h1:O7tViUZbAcnykVnrGkXzIJTHoQCHcgalgAe6X1mzHfk=
github.com/nrdcg/bunny-go v0.0.0-20230728143221-c9dda82568d9 h1:qpB3wZR4+MPK92cTC9zZPnndkJgDgPvQqPUAgVc1NXU=
github.com/nrdcg/bunny-go v0.0.0-20230728143221-c9dda82568d9/go.mod h1:HUoHXDrFvidN1NK9Wb/mZKNOfDNutKkzF2Pg71M9hHA=
github.com/nrdcg/desec v0.7.0 h1:iuGhi4pstF3+vJWwt292Oqe2+AsSPKDynQna/eu1fDs= github.com/nrdcg/desec v0.7.0 h1:iuGhi4pstF3+vJWwt292Oqe2+AsSPKDynQna/eu1fDs=
github.com/nrdcg/desec v0.7.0/go.mod h1:e1uRqqKv1mJdd5+SQROAhmy75lKMphLzWIuASLkpeFY= github.com/nrdcg/desec v0.7.0/go.mod h1:e1uRqqKv1mJdd5+SQROAhmy75lKMphLzWIuASLkpeFY=
github.com/nrdcg/dnspod-go v0.4.0 h1:c/jn1mLZNKF3/osJ6mz3QPxTudvPArXTjpkmYj0uK6U= github.com/nrdcg/dnspod-go v0.4.0 h1:c/jn1mLZNKF3/osJ6mz3QPxTudvPArXTjpkmYj0uK6U=
github.com/nrdcg/dnspod-go v0.4.0/go.mod h1:vZSoFSFeQVm2gWLMkyX61LZ8HI3BaqtHZWgPTGKr6KQ= github.com/nrdcg/dnspod-go v0.4.0/go.mod h1:vZSoFSFeQVm2gWLMkyX61LZ8HI3BaqtHZWgPTGKr6KQ=
github.com/nrdcg/freemyip v0.2.0 h1:/GscavT4GVqAY13HExl5UyoB4wlchv6Cg5NYDGsUoJ8= github.com/nrdcg/freemyip v0.2.0 h1:/GscavT4GVqAY13HExl5UyoB4wlchv6Cg5NYDGsUoJ8=
github.com/nrdcg/freemyip v0.2.0/go.mod h1:HjF0Yz0lSb37HD2ihIyGz9esyGcxbCrrGFLPpKevbx4= github.com/nrdcg/freemyip v0.2.0/go.mod h1:HjF0Yz0lSb37HD2ihIyGz9esyGcxbCrrGFLPpKevbx4=
github.com/nrdcg/goinwx v0.8.2 h1:RmjiHlEA+lzi3toXyPSaE6hWnBQ0+G+1u7w8C6Fpp4g= github.com/nrdcg/goinwx v0.10.0 h1:6W630bjDxQD6OuXKqrFRYVpTt0G/9GXXm3CeOrN0zJM=
github.com/nrdcg/goinwx v0.8.2/go.mod h1:mnMSTi7CXBu2io4DzdOBoGFA1XclD0sEPWJaDhNgkA4= github.com/nrdcg/goinwx v0.10.0/go.mod h1:mnMSTi7CXBu2io4DzdOBoGFA1XclD0sEPWJaDhNgkA4=
github.com/nrdcg/namesilo v0.2.1 h1:kLjCjsufdW/IlC+iSfAqj0iQGgKjlbUUeDJio5Y6eMg= github.com/nrdcg/namesilo v0.2.1 h1:kLjCjsufdW/IlC+iSfAqj0iQGgKjlbUUeDJio5Y6eMg=
github.com/nrdcg/namesilo v0.2.1/go.mod h1:lwMvfQTyYq+BbjJd30ylEG4GPSS6PII0Tia4rRpRiyw= github.com/nrdcg/namesilo v0.2.1/go.mod h1:lwMvfQTyYq+BbjJd30ylEG4GPSS6PII0Tia4rRpRiyw=
github.com/nrdcg/nodion v0.1.0 h1:zLKaqTn2X0aDuBHHfyA1zFgeZfiCpmu/O9DM73okavw= github.com/nrdcg/nodion v0.1.0 h1:zLKaqTn2X0aDuBHHfyA1zFgeZfiCpmu/O9DM73okavw=
github.com/nrdcg/nodion v0.1.0/go.mod h1:inbuh3neCtIWlMPZHtEpe43TmRXxHV6+hk97iCZicms= github.com/nrdcg/nodion v0.1.0/go.mod h1:inbuh3neCtIWlMPZHtEpe43TmRXxHV6+hk97iCZicms=
github.com/nrdcg/porkbun v0.2.0 h1:ghaqPtIKcffba99epWFkK3VWf6TKJT9WMXMgaTqv95Y= github.com/nrdcg/porkbun v0.3.0 h1:jnRV7j2zd3hmh+tSDOGetJyy3+WklaMxbs7HtTTmWMs=
github.com/nrdcg/porkbun v0.2.0/go.mod h1:i0uLMn9ItFsLsSQIAeEu1wQ9/+6EvX1eQw15hulMMRw= github.com/nrdcg/porkbun v0.3.0/go.mod h1:jh1DKz96jGHW+NCdG3AmTbbnQeBlNUz1KeSgeN/cBVw=
github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
@ -891,8 +895,8 @@ github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnh
github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
github.com/oracle/oci-go-sdk v24.3.0+incompatible h1:x4mcfb4agelf1O4/1/auGlZ1lr97jXRSSN5MxTgG/zU= github.com/oracle/oci-go-sdk v24.3.0+incompatible h1:x4mcfb4agelf1O4/1/auGlZ1lr97jXRSSN5MxTgG/zU=
github.com/oracle/oci-go-sdk v24.3.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888= github.com/oracle/oci-go-sdk v24.3.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888=
github.com/ovh/go-ovh v1.4.1 h1:VBGa5wMyQtTP7Zb+w97zRCh9sLtM/2YKRyy+MEJmWaM= github.com/ovh/go-ovh v1.4.3 h1:Gs3V823zwTFpzgGLZNI6ILS4rmxZgJwJCz54Er9LwD0=
github.com/ovh/go-ovh v1.4.1/go.mod h1:6bL6pPyUT7tBfI0pqOegJgRjgjuO+mOo+MyXd1EEC0M= github.com/ovh/go-ovh v1.4.3/go.mod h1:AkPXVtgwB6xlKblMjRKJJmjRp+ogrE7fz2lVgcQY8SY=
github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
@ -995,8 +999,8 @@ github.com/sacloud/iaas-api-go v1.11.1/go.mod h1:uBDSa06F/V0OnoR66jGdbH0PVnCJw+N
github.com/sacloud/packages-go v0.0.9 h1:GbinkBLC/eirFhHpLjoDW6JV7+95Rnd2d8RWj7Afeks= github.com/sacloud/packages-go v0.0.9 h1:GbinkBLC/eirFhHpLjoDW6JV7+95Rnd2d8RWj7Afeks=
github.com/sacloud/packages-go v0.0.9/go.mod h1:k+EEUMF2LlncjbNIJNOqLyZ9wjTESPIWIk1OA7x9j2Q= github.com/sacloud/packages-go v0.0.9/go.mod h1:k+EEUMF2LlncjbNIJNOqLyZ9wjTESPIWIk1OA7x9j2Q=
github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E=
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.17 h1:1WuWJu7/e8SqK+uQl7lfk/N/oMZTL2NE/TJsNKRNMc4= github.com/scaleway/scaleway-sdk-go v1.0.0-beta.22 h1:wJrcTdddKOI8TFxs8cemnhKP2EmKy3yfUKHj3ZdfzYo=
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.17/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= github.com/scaleway/scaleway-sdk-go v1.0.0-beta.22/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg=
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
@ -1012,8 +1016,6 @@ github.com/shoenig/test v1.7.0/go.mod h1:UxJ6u/x2v/TNs/LoLxBNJRV9DiwBBKYxXSyczsB
github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
github.com/simplesurance/bunny-go v0.0.0-20221115111006-e11d9dc91f04 h1:ZTzdx88+AcnjqUfJwnz89UBrMSBQ1NEysg9u5d+dU9c=
github.com/simplesurance/bunny-go v0.0.0-20221115111006-e11d9dc91f04/go.mod h1:5KS21fpch8TIMyAUv/qQqTa3GZfBDYgjaZbd2KXKYfg=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
@ -1028,8 +1030,8 @@ github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/smartystreets/gunit v1.0.4 h1:tpTjnuH7MLlqhoD21vRoMZbMIi5GmBsAJDFyF67GhZA= github.com/smartystreets/gunit v1.0.4 h1:tpTjnuH7MLlqhoD21vRoMZbMIi5GmBsAJDFyF67GhZA=
github.com/smartystreets/gunit v1.0.4/go.mod h1:EH5qMBab2UclzXUcpR8b93eHsIlp9u+pDQIRp5DZNzQ= github.com/smartystreets/gunit v1.0.4/go.mod h1:EH5qMBab2UclzXUcpR8b93eHsIlp9u+pDQIRp5DZNzQ=
github.com/softlayer/softlayer-go v1.1.2 h1:rUSSGCyaxymvTOsaFjwr+cGxA8muw3xg2LSrIMNcN/c= github.com/softlayer/softlayer-go v1.1.3 h1:dfFzt5eOKIAyB/b78fHMyDu5ICx0ZtxL9NRhBlf831A=
github.com/softlayer/softlayer-go v1.1.2/go.mod h1:hvAbzGH4LRXA6yXY8BNx99yoqZ7urfDdtl9mvBf0G+g= github.com/softlayer/softlayer-go v1.1.3/go.mod h1:Pc7F57OgUKaAam7TtpqkUeqL7QyKknfiUI4R49h41/U=
github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e h1:3OgWYFw7jxCZPcvAg+4R8A50GZ+CCkARF10lxu2qDsQ= github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e h1:3OgWYFw7jxCZPcvAg+4R8A50GZ+CCkARF10lxu2qDsQ=
github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e/go.mod h1:fKZCUVdirrxrBpwd9wb+lSoVixvpwAu8eHzbQB2tums= github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e/go.mod h1:fKZCUVdirrxrBpwd9wb+lSoVixvpwAu8eHzbQB2tums=
github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
@ -1107,8 +1109,8 @@ github.com/traefik/paerser v0.2.0 h1:zqCLGSXoNlcBd+mzqSCLjon/I6phqIjeJL2xFB2ysgQ
github.com/traefik/paerser v0.2.0/go.mod h1:afzaVcgF8A+MpTnPG4wBr4whjanCSYA6vK5RwaYVtRc= github.com/traefik/paerser v0.2.0/go.mod h1:afzaVcgF8A+MpTnPG4wBr4whjanCSYA6vK5RwaYVtRc=
github.com/traefik/yaegi v0.15.1 h1:YA5SbaL6HZA0Exh9T/oArRHqGN2HQ+zgmCY7dkoTXu4= github.com/traefik/yaegi v0.15.1 h1:YA5SbaL6HZA0Exh9T/oArRHqGN2HQ+zgmCY7dkoTXu4=
github.com/traefik/yaegi v0.15.1/go.mod h1:AVRxhaI2G+nUsaM1zyktzwXn69G3t/AuTDrCiTds9p0= github.com/traefik/yaegi v0.15.1/go.mod h1:AVRxhaI2G+nUsaM1zyktzwXn69G3t/AuTDrCiTds9p0=
github.com/transip/gotransip/v6 v6.20.0 h1:AuvwyOZ51f2brzMbTqlRy/wmaM3kF7Vx5Wds8xcDflY= github.com/transip/gotransip/v6 v6.23.0 h1:PsTdjortrEZ8IFFifEryzjVjOy9SgK4ahlnhKBBIQgA=
github.com/transip/gotransip/v6 v6.20.0/go.mod h1:nzv9eN2tdsUrm5nG5ZX6AugYIU4qgsMwIn2c0EZLk8c= github.com/transip/gotransip/v6 v6.23.0/go.mod h1:nzv9eN2tdsUrm5nG5ZX6AugYIU4qgsMwIn2c0EZLk8c=
github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI= github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08= github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
@ -1119,8 +1121,8 @@ github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLY
github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw= github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw=
github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU= github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg= github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
github.com/ultradns/ultradns-go-sdk v1.5.0-20230427130837-23c9b0c h1:mKnW6IGLw7uXu6DL6RitufZWcXS6hCnauXRUFof7rKM= github.com/ultradns/ultradns-go-sdk v1.6.1-20231103022937-8589b6a h1:w4PK5/N9kq8PfNxBv8a5t1bqlYRrVT7XzT7iTPTtiPk=
github.com/ultradns/ultradns-go-sdk v1.5.0-20230427130837-23c9b0c/go.mod h1:F4UyVEmq4/m5lAmx+GccrxyRCXmnBjzUL09JLTQFp94= github.com/ultradns/ultradns-go-sdk v1.6.1-20231103022937-8589b6a/go.mod h1:Xwz7o+ExFtxR/i0aJDnTXuiccQJlOxDgNe6FsZC4TzQ=
github.com/unrolled/render v1.0.2 h1:dGS3EmChQP3yOi1YeFNO/Dx+MbWZhdvhQJTXochM5bs= github.com/unrolled/render v1.0.2 h1:dGS3EmChQP3yOi1YeFNO/Dx+MbWZhdvhQJTXochM5bs=
github.com/unrolled/render v1.0.2/go.mod h1:gN9T0NhL4Bfbwu8ann7Ry/TGHYfosul+J0obPf6NBdM= github.com/unrolled/render v1.0.2/go.mod h1:gN9T0NhL4Bfbwu8ann7Ry/TGHYfosul+J0obPf6NBdM=
github.com/unrolled/secure v1.0.9 h1:BWRuEb1vDrBFFDdbCnKkof3gZ35I/bnHGyt0LB0TNyQ= github.com/unrolled/secure v1.0.9 h1:BWRuEb1vDrBFFDdbCnKkof3gZ35I/bnHGyt0LB0TNyQ=
@ -1245,9 +1247,12 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@ -1278,8 +1283,9 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -1314,20 +1320,22 @@ golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy
golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY= golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ=
golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -1338,8 +1346,9 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@ -1416,15 +1425,20 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
@ -1435,16 +1449,20 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@ -1479,12 +1497,15 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f
golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc=
golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo= gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo=
gonum.org/v1/gonum v0.8.2 h1:CCXrcPKiGGotvnN6jfUsKk4rRqm7q09/YbKb5xCEvtM= gonum.org/v1/gonum v0.8.2 h1:CCXrcPKiGGotvnN6jfUsKk4rRqm7q09/YbKb5xCEvtM=
gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0= gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0=
@ -1588,8 +1609,8 @@ gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ns1/ns1-go.v2 v2.7.6 h1:mCPl7q0jbIGACXvGBljAuuApmKZo3rRi4tlRIEbMvjA= gopkg.in/ns1/ns1-go.v2 v2.7.13 h1:r07CLALg18f/L1KIK1ZJdbirBV349UtYT1rDWGjnaTk=
gopkg.in/ns1/ns1-go.v2 v2.7.6/go.mod h1:GMnKY+ZuoJ+lVLL+78uSTjwTz2jMazq6AfGKQOYhsPk= gopkg.in/ns1/ns1-go.v2 v2.7.13/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
gopkg.in/square/go-jose.v2 v2.4.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.4.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w= gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
@ -1619,14 +1640,14 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
k8s.io/api v0.28.3 h1:Gj1HtbSdB4P08C8rs9AR94MfSGpRhJgsS+GF9V26xMM= k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY=
k8s.io/api v0.28.3/go.mod h1:MRCV/jr1dW87/qJnZ57U5Pak65LGmQVkKTzf3AtKFHc= k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0=
k8s.io/apiextensions-apiserver v0.28.3 h1:Od7DEnhXHnHPZG+W9I97/fSQkVpVPQx2diy+2EtmY08= k8s.io/apiextensions-apiserver v0.28.3 h1:Od7DEnhXHnHPZG+W9I97/fSQkVpVPQx2diy+2EtmY08=
k8s.io/apiextensions-apiserver v0.28.3/go.mod h1:NE1XJZ4On0hS11aWWJUTNkmVB03j9LM7gJSisbRt8Lc= k8s.io/apiextensions-apiserver v0.28.3/go.mod h1:NE1XJZ4On0hS11aWWJUTNkmVB03j9LM7gJSisbRt8Lc=
k8s.io/apimachinery v0.28.3 h1:B1wYx8txOaCQG0HmYF6nbpU8dg6HvA06x5tEffvOe7A= k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8=
k8s.io/apimachinery v0.28.3/go.mod h1:uQTKmIqs+rAYaq+DFaoD2X7pcjLOqbQX2AOiO0nIpb8= k8s.io/apimachinery v0.28.4/go.mod h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg=
k8s.io/client-go v0.28.3 h1:2OqNb72ZuTZPKCl+4gTKvqao0AMOl9f3o2ijbAj3LI4= k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY=
k8s.io/client-go v0.28.3/go.mod h1:LTykbBp9gsA7SwqirlCXBWtK0guzfhpoW4qSm7i9dxo= k8s.io/client-go v0.28.4/go.mod h1:0VDZFpgoZfelyP5Wqu0/r/TRYcLYuJ2U1KEeoaPa1N4=
k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780=
@ -1640,6 +1661,8 @@ nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0
nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50= nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4=
sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0=
sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs=
sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=

View file

@ -61,7 +61,7 @@ func (s *AccessLogSuite) TestAccessLog() {
ensureWorkingDirectoryIsClean() ensureWorkingDirectoryIsClean()
// Start Traefik // Start Traefik
s.traefikCmd(withConfigFile("fixtures/access_log_config.toml")) s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))
defer func() { defer func() {
traefikLog, err := os.ReadFile(traefikTestLogFile) traefikLog, err := os.ReadFile(traefikTestLogFile)
@ -130,7 +130,7 @@ func (s *AccessLogSuite) TestAccessLogAuthFrontend() {
} }
// Start Traefik // Start Traefik
s.traefikCmd(withConfigFile("fixtures/access_log_config.toml")) s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))
s.checkStatsForLogFile() s.checkStatsForLogFile()
@ -194,7 +194,7 @@ func (s *AccessLogSuite) TestAccessLogDigestAuthMiddleware() {
} }
// Start Traefik // Start Traefik
s.traefikCmd(withConfigFile("fixtures/access_log_config.toml")) s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))
s.checkStatsForLogFile() s.checkStatsForLogFile()
@ -304,7 +304,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendRedirect() {
} }
// Start Traefik // Start Traefik
s.traefikCmd(withConfigFile("fixtures/access_log_config.toml")) s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))
s.checkStatsForLogFile() s.checkStatsForLogFile()
@ -410,7 +410,7 @@ func (s *AccessLogSuite) TestAccessLogRateLimit() {
} }
// Start Traefik // Start Traefik
s.traefikCmd(withConfigFile("fixtures/access_log_config.toml")) s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))
s.checkStatsForLogFile() s.checkStatsForLogFile()
@ -454,7 +454,7 @@ func (s *AccessLogSuite) TestAccessLogBackendNotFound() {
} }
// Start Traefik // Start Traefik
s.traefikCmd(withConfigFile("fixtures/access_log_config.toml")) s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))
s.waitForTraefik("server1") s.waitForTraefik("server1")
@ -494,7 +494,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendAllowlist() {
} }
// Start Traefik // Start Traefik
s.traefikCmd(withConfigFile("fixtures/access_log_config.toml")) s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))
s.checkStatsForLogFile() s.checkStatsForLogFile()
@ -534,7 +534,7 @@ func (s *AccessLogSuite) TestAccessLogAuthFrontendSuccess() {
} }
// Start Traefik // Start Traefik
s.traefikCmd(withConfigFile("fixtures/access_log_config.toml")) s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))
s.checkStatsForLogFile() s.checkStatsForLogFile()
@ -575,7 +575,7 @@ func (s *AccessLogSuite) TestAccessLogPreflightHeadersMiddleware() {
} }
// Start Traefik // Start Traefik
s.traefikCmd(withConfigFile("fixtures/access_log_config.toml")) s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))
s.checkStatsForLogFile() s.checkStatsForLogFile()
@ -603,6 +603,56 @@ func (s *AccessLogSuite) TestAccessLogPreflightHeadersMiddleware() {
s.checkNoOtherTraefikProblems() s.checkNoOtherTraefikProblems()
} }
func (s *AccessLogSuite) TestAccessLogDisabledForInternals() {
ensureWorkingDirectoryIsClean()
file := s.adaptFile("fixtures/access_log/access_log_ping.toml", struct{}{})
// Start Traefik.
s.traefikCmd(withConfigFile(file))
defer func() {
traefikLog, err := os.ReadFile(traefikTestLogFile)
require.NoError(s.T(), err)
log.Info().Msg(string(traefikLog))
}()
// waitForTraefik makes at least one call to the rawdata api endpoint,
// but the logs for this endpoint are ignored in checkAccessLogOutput.
s.waitForTraefik("customPing")
s.checkStatsForLogFile()
// Verify Traefik started OK.
s.checkTraefikStarted()
// Make some requests on the internal ping router.
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8080/ping", nil)
require.NoError(s.T(), err)
err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.HasBody())
require.NoError(s.T(), err)
err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.HasBody())
require.NoError(s.T(), err)
// Make some requests on the custom ping router.
req, err = http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/ping", nil)
require.NoError(s.T(), err)
err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.HasBody())
require.NoError(s.T(), err)
err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.HasBody())
require.NoError(s.T(), err)
// Verify access.log output as expected.
count := s.checkAccessLogOutput()
require.Equal(s.T(), 0, count)
// Verify no other Traefik problems.
s.checkNoOtherTraefikProblems()
}
func (s *AccessLogSuite) checkNoOtherTraefikProblems() { func (s *AccessLogSuite) checkNoOtherTraefikProblems() {
traefikLog, err := os.ReadFile(traefikTestLogFile) traefikLog, err := os.ReadFile(traefikTestLogFile)
require.NoError(s.T(), err) require.NoError(s.T(), err)
@ -612,6 +662,8 @@ func (s *AccessLogSuite) checkNoOtherTraefikProblems() {
} }
func (s *AccessLogSuite) checkAccessLogOutput() int { func (s *AccessLogSuite) checkAccessLogOutput() int {
s.T().Helper()
lines := s.extractLines() lines := s.extractLines()
count := 0 count := 0
for i, line := range lines { for i, line := range lines {
@ -624,6 +676,8 @@ func (s *AccessLogSuite) checkAccessLogOutput() int {
} }
func (s *AccessLogSuite) checkAccessLogExactValuesOutput(values []accessLogValue) int { func (s *AccessLogSuite) checkAccessLogExactValuesOutput(values []accessLogValue) int {
s.T().Helper()
lines := s.extractLines() lines := s.extractLines()
count := 0 count := 0
for i, line := range lines { for i, line := range lines {
@ -641,6 +695,8 @@ func (s *AccessLogSuite) checkAccessLogExactValuesOutput(values []accessLogValue
} }
func (s *AccessLogSuite) extractLines() []string { func (s *AccessLogSuite) extractLines() []string {
s.T().Helper()
accessLog, err := os.ReadFile(traefikTestAccessLogFile) accessLog, err := os.ReadFile(traefikTestAccessLogFile)
require.NoError(s.T(), err) require.NoError(s.T(), err)
@ -656,6 +712,8 @@ func (s *AccessLogSuite) extractLines() []string {
} }
func (s *AccessLogSuite) checkStatsForLogFile() { func (s *AccessLogSuite) checkStatsForLogFile() {
s.T().Helper()
err := try.Do(1*time.Second, func() error { err := try.Do(1*time.Second, func() error {
if _, errStat := os.Stat(traefikTestLogFile); errStat != nil { if _, errStat := os.Stat(traefikTestLogFile); errStat != nil {
return fmt.Errorf("could not get stats for log file: %w", errStat) return fmt.Errorf("could not get stats for log file: %w", errStat)
@ -671,6 +729,8 @@ func ensureWorkingDirectoryIsClean() {
} }
func (s *AccessLogSuite) checkTraefikStarted() []byte { func (s *AccessLogSuite) checkTraefikStarted() []byte {
s.T().Helper()
traefikLog, err := os.ReadFile(traefikTestLogFile) traefikLog, err := os.ReadFile(traefikTestLogFile)
require.NoError(s.T(), err) require.NoError(s.T(), err)
if len(traefikLog) > 0 { if len(traefikLog) > 0 {
@ -680,6 +740,8 @@ func (s *AccessLogSuite) checkTraefikStarted() []byte {
} }
func (s *BaseSuite) CheckAccessLogFormat(line string, i int) { func (s *BaseSuite) CheckAccessLogFormat(line string, i int) {
s.T().Helper()
results, err := accesslog.ParseAccessLog(line) results, err := accesslog.ParseAccessLog(line)
require.NoError(s.T(), err) require.NoError(s.T(), err)
assert.Len(s.T(), results, 14) assert.Len(s.T(), results, 14)
@ -692,6 +754,8 @@ func (s *BaseSuite) CheckAccessLogFormat(line string, i int) {
} }
func (s *AccessLogSuite) checkAccessLogExactValues(line string, i int, v accessLogValue) { func (s *AccessLogSuite) checkAccessLogExactValues(line string, i int, v accessLogValue) {
s.T().Helper()
results, err := accesslog.ParseAccessLog(line) results, err := accesslog.ParseAccessLog(line)
require.NoError(s.T(), err) require.NoError(s.T(), err)
assert.Len(s.T(), results, 14) assert.Len(s.T(), results, 14)

View file

@ -4,6 +4,7 @@ import (
"encoding/json" "encoding/json"
"io" "io"
"net/http" "net/http"
"strings"
"testing" "testing"
"time" "time"
@ -55,6 +56,56 @@ func (s *DockerSuite) TestSimpleConfiguration() {
require.NoError(s.T(), err) require.NoError(s.T(), err)
} }
func (s *DockerSuite) TestWRRServer() {
tempObjects := struct {
DockerHost string
DefaultRule string
}{
DockerHost: s.getDockerHost(),
DefaultRule: "Host(`{{ normalize .Name }}.docker.localhost`)",
}
file := s.adaptFile("fixtures/docker/simple.toml", tempObjects)
s.composeUp()
s.traefikCmd(withConfigFile(file))
whoami1IP := s.getComposeServiceIP("wrr-server")
whoami2IP := s.getComposeServiceIP("wrr-server2")
// Expected a 404 as we did not configure anything
err := try.GetRequest("http://127.0.0.1:8000/", 500*time.Millisecond, try.StatusCodeIs(http.StatusNotFound))
require.NoError(s.T(), err)
err = try.GetRequest("http://127.0.0.1:8080/api/http/services", 1000*time.Millisecond, try.BodyContains("wrr-server"))
require.NoError(s.T(), err)
repartition := map[string]int{}
for i := 0; i < 4; i++ {
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/whoami", nil)
req.Host = "my.wrr.host"
require.NoError(s.T(), err)
response, err := http.DefaultClient.Do(req)
require.NoError(s.T(), err)
assert.Equal(s.T(), http.StatusOK, response.StatusCode)
body, err := io.ReadAll(response.Body)
require.NoError(s.T(), err)
if strings.Contains(string(body), whoami1IP) {
repartition[whoami1IP]++
}
if strings.Contains(string(body), whoami2IP) {
repartition[whoami2IP]++
}
}
assert.Equal(s.T(), 3, repartition[whoami1IP])
assert.Equal(s.T(), 1, repartition[whoami2IP])
}
func (s *DockerSuite) TestDefaultDockerContainers() { func (s *DockerSuite) TestDefaultDockerContainers() {
tempObjects := struct { tempObjects := struct {
DockerHost string DockerHost string

View file

@ -0,0 +1,30 @@
[global]
checkNewVersion = false
sendAnonymousUsage = false
[log]
level = "ERROR"
filePath = "traefik.log"
[accessLog]
filePath = "access.log"
[entryPoints]
[entryPoints.web]
address = ":8000"
[api]
insecure = true
[ping]
[providers]
[providers.file]
filename = "{{ .SelfFilename }}"
## dynamic configuration ##
[http.routers]
[http.routers.customPing]
entryPoints = ["web"]
rule = "PathPrefix(`/ping`)"
service = "ping@internal"

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,21 @@
[global]
checkNewVersion = false
sendAnonymousUsage = false
[log]
level = "DEBUG"
noColor = true
[api]
insecure = true
[experimental]
kubernetesGateway = true
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[providers.kubernetesGateway]

View file

@ -19,5 +19,6 @@
insecure = true insecure = true
[metrics] [metrics]
addInternals = true
[metrics.prometheus] [metrics.prometheus]
buckets = [0.1,0.3,1.2,5.0] buckets = [0.1,0.3,1.2,5.0]

View file

@ -9,6 +9,8 @@
[api] [api]
insecure = true insecure = true
[ping]
[entryPoints] [entryPoints]
[entryPoints.web] [entryPoints.web]
address = ":8000" address = ":8000"
@ -47,6 +49,10 @@
Service = "service3" Service = "service3"
Middlewares = ["retry", "basic-auth"] Middlewares = ["retry", "basic-auth"]
Rule = "Path(`/auth`)" Rule = "Path(`/auth`)"
[http.routers.customPing]
entryPoints = ["web"]
rule = "PathPrefix(`/ping`)"
service = "ping@internal"
[http.middlewares] [http.middlewares]
[http.middlewares.retry.retry] [http.middlewares.retry.retry]

View file

@ -0,0 +1,41 @@
[global]
checkNewVersion = false
sendAnonymousUsage = false
[core]
defaultRuleSyntax = "v2"
[log]
level = "DEBUG"
noColor = true
[entryPoints]
[entryPoints.web]
address = ":8000"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"
## dynamic configuration ##
[http.routers]
[http.routers.router1]
service = "service1"
rule = "PathPrefix(`/foo`, `/bar`)"
[http.routers.router2]
service = "service1"
rule = "QueryRegexp(`foo`, `bar`)"
[http.routers.router3]
service = "service1"
rule = "PathPrefix(`/foo`, `/bar`)"
ruleSyntax = "v3"
[http.services]
[http.services.service1]
[http.services.service1.loadBalancer]
[http.services.service1.loadBalancer.servers]

View file

@ -0,0 +1,38 @@
[global]
checkNewVersion = false
sendAnonymousUsage = false
[log]
level = "DEBUG"
noColor = true
[entryPoints]
[entryPoints.web]
address = ":8000"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"
## dynamic configuration ##
[http.routers]
[http.routers.router1]
service = "service1"
rule = "PathPrefix(`/foo`) || PathPrefix(`/bar`)"
[http.routers.router2]
service = "service1"
rule = "PathPrefix(`/foo`, `/bar`)"
[http.routers.router3]
service = "service1"
rule = "QueryRegexp(`foo`, `bar`)"
ruleSyntax = "v2"
[http.services]
[http.services.service1]
[http.services.service1.loadBalancer]
[http.services.service1.loadBalancer.servers]

View file

@ -0,0 +1,35 @@
[global]
checkNewVersion = false
sendAnonymousUsage = false
[api]
insecure = true
[log]
level = "DEBUG"
noColor = true
[entryPoints]
[entryPoints.web]
address = ":8000"
[providers.file]
filename = "{{ .SelfFilename }}"
## dynamic configuration ##
[http.routers]
[http.routers.router]
service = "service1"
rule = "Path(`/whoami`)"
[http.services]
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]
url = "{{ .Server1 }}"
weight = 3
[[http.services.service1.loadBalancer.servers]]
url = "{{ .Server2 }}"

View file

@ -35,7 +35,13 @@ import (
"gopkg.in/yaml.v3" "gopkg.in/yaml.v3"
) )
var showLog = flag.Bool("tlog", false, "always show Traefik logs") var (
showLog = flag.Bool("tlog", false, "always show Traefik logs")
k8sConformance = flag.Bool("k8sConformance", false, "run K8s Gateway API conformance test")
k8sConformanceRunTest = flag.String("k8sConformanceRunTest", "", "run a specific K8s Gateway API conformance test")
)
const tailscaleSecretFilePath = "tailscale.secret"
type composeConfig struct { type composeConfig struct {
Services map[string]composeService `yaml:"services"` Services map[string]composeService `yaml:"services"`
@ -99,6 +105,11 @@ func (s *BaseSuite) displayTraefikLogFile(path string) {
} }
func (s *BaseSuite) SetupSuite() { func (s *BaseSuite) SetupSuite() {
if isDockerDesktop(context.Background(), s.T()) {
_, err := os.Stat(tailscaleSecretFilePath)
require.NoError(s.T(), err, "Tailscale need to be configured when running integration tests with Docker Desktop: (https://doc.traefik.io/traefik/v2.11/contributing/building-testing/#testing)")
}
// configure default standard log. // configure default standard log.
stdlog.SetFlags(stdlog.Lshortfile | stdlog.LstdFlags) stdlog.SetFlags(stdlog.Lshortfile | stdlog.LstdFlags)
// TODO // TODO
@ -124,7 +135,7 @@ func (s *BaseSuite) SetupSuite() {
s.hostIP = "172.31.42.1" s.hostIP = "172.31.42.1"
if isDockerDesktop(ctx, s.T()) { if isDockerDesktop(ctx, s.T()) {
s.hostIP = getDockerDesktopHostIP(ctx, s.T()) s.hostIP = getDockerDesktopHostIP(ctx, s.T())
s.setupVPN("tailscale.secret") s.setupVPN(tailscaleSecretFilePath)
} }
} }

View file

@ -0,0 +1,225 @@
package integration
import (
"context"
"fmt"
"net"
"os"
"path/filepath"
"strings"
"testing"
"time"
"github.com/rs/zerolog/log"
"github.com/stretchr/testify/require"
"github.com/stretchr/testify/suite"
"github.com/traefik/traefik/v3/integration/try"
"github.com/traefik/traefik/v3/pkg/version"
"gopkg.in/yaml.v3"
ktypes "k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/sets"
kclientset "k8s.io/client-go/kubernetes"
"k8s.io/client-go/tools/clientcmd"
"sigs.k8s.io/controller-runtime/pkg/client"
gatev1 "sigs.k8s.io/gateway-api/apis/v1"
gatev1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
gatev1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1"
conformanceV1alpha1 "sigs.k8s.io/gateway-api/conformance/apis/v1alpha1"
"sigs.k8s.io/gateway-api/conformance/tests"
"sigs.k8s.io/gateway-api/conformance/utils/config"
ksuite "sigs.k8s.io/gateway-api/conformance/utils/suite"
)
// K8sConformanceSuite tests suite.
type K8sConformanceSuite struct{ BaseSuite }
func TestK8sConformanceSuite(t *testing.T) {
suite.Run(t, new(K8sConformanceSuite))
}
func (s *K8sConformanceSuite) SetupSuite() {
s.BaseSuite.SetupSuite()
s.createComposeProject("k8s")
s.composeUp()
abs, err := filepath.Abs("./fixtures/k8s/config.skip/kubeconfig.yaml")
require.NoError(s.T(), err)
err = try.Do(60*time.Second, func() error {
_, err := os.Stat(abs)
return err
})
require.NoError(s.T(), err)
data, err := os.ReadFile(abs)
require.NoError(s.T(), err)
content := strings.ReplaceAll(string(data), "https://server:6443", fmt.Sprintf("https://%s", net.JoinHostPort(s.getComposeServiceIP("server"), "6443")))
err = os.WriteFile(abs, []byte(content), 0o644)
require.NoError(s.T(), err)
err = os.Setenv("KUBECONFIG", abs)
require.NoError(s.T(), err)
}
func (s *K8sConformanceSuite) TearDownSuite() {
s.BaseSuite.TearDownSuite()
generatedFiles := []string{
"./fixtures/k8s/config.skip/kubeconfig.yaml",
"./fixtures/k8s/config.skip/k3s.log",
"./fixtures/k8s/rolebindings.yaml",
"./fixtures/k8s/ccm.yaml",
}
for _, filename := range generatedFiles {
if err := os.Remove(filename); err != nil {
log.Warn().Err(err).Send()
}
}
}
func (s *K8sConformanceSuite) TestK8sGatewayAPIConformance() {
if !*k8sConformance {
s.T().Skip("Skip because it can take a long time to execute. To enable pass the `k8sConformance` flag.")
}
configFromFlags, err := clientcmd.BuildConfigFromFlags("", os.Getenv("KUBECONFIG"))
if err != nil {
s.T().Fatal(err)
}
kClient, err := client.New(configFromFlags, client.Options{})
if err != nil {
s.T().Fatalf("Error initializing Kubernetes client: %v", err)
}
kClientSet, err := kclientset.NewForConfig(configFromFlags)
if err != nil {
s.T().Fatal(err)
}
err = gatev1alpha2.AddToScheme(kClient.Scheme())
require.NoError(s.T(), err)
err = gatev1beta1.AddToScheme(kClient.Scheme())
require.NoError(s.T(), err)
err = gatev1.AddToScheme(kClient.Scheme())
require.NoError(s.T(), err)
s.traefikCmd(withConfigFile("fixtures/k8s_gateway_conformance.toml"))
// Wait for traefik to start
err = try.GetRequest("http://127.0.0.1:8080/api/entrypoints", 10*time.Second, try.BodyContains(`"name":"web"`))
require.NoError(s.T(), err)
err = try.Do(10*time.Second, func() error {
gwc := &gatev1.GatewayClass{}
err := kClient.Get(context.Background(), ktypes.NamespacedName{Name: "my-gateway-class"}, gwc)
if err != nil {
return fmt.Errorf("error fetching GatewayClass: %w", err)
}
return nil
})
require.NoError(s.T(), err)
opts := ksuite.Options{
Client: kClient,
RestConfig: configFromFlags,
Clientset: kClientSet,
GatewayClassName: "my-gateway-class",
Debug: true,
CleanupBaseResources: true,
TimeoutConfig: config.TimeoutConfig{
CreateTimeout: 5 * time.Second,
DeleteTimeout: 5 * time.Second,
GetTimeout: 5 * time.Second,
GatewayMustHaveAddress: 5 * time.Second,
GatewayMustHaveCondition: 5 * time.Second,
GatewayStatusMustHaveListeners: 10 * time.Second,
GatewayListenersMustHaveCondition: 5 * time.Second,
GWCMustBeAccepted: 60 * time.Second, // Pod creation in k3s cluster can be long.
HTTPRouteMustNotHaveParents: 5 * time.Second,
HTTPRouteMustHaveCondition: 5 * time.Second,
TLSRouteMustHaveCondition: 5 * time.Second,
RouteMustHaveParents: 5 * time.Second,
ManifestFetchTimeout: 5 * time.Second,
MaxTimeToConsistency: 5 * time.Second,
NamespacesMustBeReady: 60 * time.Second, // Pod creation in k3s cluster can be long.
RequestTimeout: 5 * time.Second,
LatestObservedGenerationSet: 5 * time.Second,
RequiredConsecutiveSuccesses: 0,
},
SupportedFeatures: sets.New[ksuite.SupportedFeature]().
Insert(ksuite.GatewayCoreFeatures.UnsortedList()...).
Insert(ksuite.ReferenceGrantCoreFeatures.UnsortedList()...),
EnableAllSupportedFeatures: false,
RunTest: *k8sConformanceRunTest,
// Until the feature are all supported, following tests are skipped.
SkipTests: []string{
"HTTPExactPathMatching",
"HTTPRouteHostnameIntersection",
"HTTPRouteListenerHostnameMatching",
"HTTPRouteRequestHeaderModifier",
"GatewayClassObservedGenerationBump",
"HTTPRouteInvalidNonExistentBackendRef",
"GatewayWithAttachedRoutes",
"HTTPRouteCrossNamespace",
"HTTPRouteDisallowedKind",
"HTTPRouteInvalidReferenceGrant",
"HTTPRouteObservedGenerationBump",
"TLSRouteSimpleSameNamespace",
"TLSRouteInvalidReferenceGrant",
"HTTPRouteInvalidCrossNamespaceParentRef",
"HTTPRouteInvalidParentRefNotMatchingSectionName",
"GatewayModifyListeners",
"GatewayInvalidTLSConfiguration",
"HTTPRouteInvalidCrossNamespaceBackendRef",
"HTTPRouteMatchingAcrossRoutes",
"HTTPRoutePartiallyInvalidViaInvalidReferenceGrant",
"HTTPRouteRedirectHostAndStatus",
"HTTPRouteInvalidBackendRefUnknownKind",
"HTTPRoutePathMatchOrder",
"HTTPRouteSimpleSameNamespace",
"HTTPRouteMatching",
"HTTPRouteHeaderMatching",
"HTTPRouteReferenceGrant",
},
}
cSuite, err := ksuite.NewExperimentalConformanceTestSuite(ksuite.ExperimentalConformanceOptions{
Options: opts,
Implementation: conformanceV1alpha1.Implementation{
Organization: "traefik",
Project: "traefik",
URL: "https://traefik.io/",
Version: version.Version,
Contact: []string{"@traefik/maintainers"},
},
ConformanceProfiles: sets.New[ksuite.ConformanceProfileName](
ksuite.HTTPConformanceProfileName,
ksuite.TLSConformanceProfileName,
),
})
require.NoError(s.T(), err)
cSuite.Setup(s.T())
err = cSuite.Run(s.T(), tests.ConformanceTests)
require.NoError(s.T(), err)
report, err := cSuite.Report()
require.NoError(s.T(), err, "failed generating conformance report")
report.GatewayAPIVersion = "1.0.0"
rawReport, err := yaml.Marshal(report)
require.NoError(s.T(), err)
s.T().Logf("Conformance report:\n%s", string(rawReport))
require.NoError(s.T(), os.MkdirAll("./conformance-reports", 0o755))
outFile := filepath.Join("conformance-reports", fmt.Sprintf("traefik-traefik-%d.yaml", time.Now().UnixNano()))
require.NoError(s.T(), os.WriteFile(outFile, rawReport, 0o600))
s.T().Logf("Report written to: %s", outFile)
}

View file

@ -57,7 +57,7 @@ func (s *LogRotationSuite) TearDownSuite() {
func (s *LogRotationSuite) TestAccessLogRotation() { func (s *LogRotationSuite) TestAccessLogRotation() {
// Start Traefik // Start Traefik
cmd, _ := s.cmdTraefik(withConfigFile("fixtures/access_log_config.toml")) cmd, _ := s.cmdTraefik(withConfigFile("fixtures/access_log/access_log_base.toml"))
defer s.displayTraefikLogFile(traefikTestLogFile) defer s.displayTraefikLogFile(traefikTestLogFile)
// Verify Traefik started ok // Verify Traefik started ok

View file

@ -36,3 +36,14 @@ services:
labels: labels:
traefik.http.Routers.Super.Rule: Host(`my.super.host`) traefik.http.Routers.Super.Rule: Host(`my.super.host`)
traefik.http.Services.powpow.LoadBalancer.server.Port: 2375 traefik.http.Services.powpow.LoadBalancer.server.Port: 2375
wrr-server:
image: traefik/whoami
labels:
traefik.http.Routers.wrr-server.Rule: Host(`my.wrr.host`)
traefik.http.Services.wrr-server.LoadBalancer.server.Weight: 4
wrr-server2:
image: traefik/whoami
labels:
traefik.http.Routers.wrr-server.Rule: Host(`my.wrr.host`)
traefik.http.Services.wrr-server.LoadBalancer.server.Weight: 1

View file

@ -287,6 +287,10 @@ func (s *SimpleSuite) TestMetricsPrometheusDefaultEntryPoint() {
err = try.GetRequest("http://127.0.0.1:8080/metrics", 1*time.Second, try.BodyContains("_service_")) err = try.GetRequest("http://127.0.0.1:8080/metrics", 1*time.Second, try.BodyContains("_service_"))
require.NoError(s.T(), err) require.NoError(s.T(), err)
// No metrics for internals.
err = try.GetRequest("http://127.0.0.1:8080/metrics", 1*time.Second, try.BodyNotContains("router=\"api@internal\"", "service=\"api@internal\""))
require.NoError(s.T(), err)
} }
func (s *SimpleSuite) TestMetricsPrometheusTwoRoutersOneService() { func (s *SimpleSuite) TestMetricsPrometheusTwoRoutersOneService() {
@ -659,6 +663,66 @@ func (s *SimpleSuite) TestSimpleConfigurationHostRequestTrailingPeriod() {
} }
} }
func (s *SimpleSuite) TestWithDefaultRuleSyntax() {
file := s.adaptFile("fixtures/with_default_rule_syntax.toml", struct{}{})
s.traefikCmd(withConfigFile(file))
err := try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("PathPrefix"))
require.NoError(s.T(), err)
// router1 has no error
err = try.GetRequest("http://127.0.0.1:8080/api/http/routers/router1@file", 1*time.Second, try.BodyContains(`"status":"enabled"`))
require.NoError(s.T(), err)
err = try.GetRequest("http://127.0.0.1:8000/notfound", 1*time.Second, try.StatusCodeIs(http.StatusNotFound))
require.NoError(s.T(), err)
err = try.GetRequest("http://127.0.0.1:8000/foo", 1*time.Second, try.StatusCodeIs(http.StatusServiceUnavailable))
require.NoError(s.T(), err)
err = try.GetRequest("http://127.0.0.1:8000/bar", 1*time.Second, try.StatusCodeIs(http.StatusServiceUnavailable))
require.NoError(s.T(), err)
// router2 has an error because it uses the wrong rule syntax (v3 instead of v2)
err = try.GetRequest("http://127.0.0.1:8080/api/http/routers/router2@file", 1*time.Second, try.BodyContains("error while parsing rule QueryRegexp(`foo`, `bar`): unsupported function: QueryRegexp"))
require.NoError(s.T(), err)
// router3 has an error because it uses the wrong rule syntax (v2 instead of v3)
err = try.GetRequest("http://127.0.0.1:8080/api/http/routers/router3@file", 1*time.Second, try.BodyContains("error while adding rule PathPrefix: unexpected number of parameters; got 2, expected one of [1]"))
require.NoError(s.T(), err)
}
func (s *SimpleSuite) TestWithoutDefaultRuleSyntax() {
file := s.adaptFile("fixtures/without_default_rule_syntax.toml", struct{}{})
s.traefikCmd(withConfigFile(file))
err := try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("PathPrefix"))
require.NoError(s.T(), err)
// router1 has no error
err = try.GetRequest("http://127.0.0.1:8080/api/http/routers/router1@file", 1*time.Second, try.BodyContains(`"status":"enabled"`))
require.NoError(s.T(), err)
err = try.GetRequest("http://127.0.0.1:8000/notfound", 1*time.Second, try.StatusCodeIs(http.StatusNotFound))
require.NoError(s.T(), err)
err = try.GetRequest("http://127.0.0.1:8000/foo", 1*time.Second, try.StatusCodeIs(http.StatusServiceUnavailable))
require.NoError(s.T(), err)
err = try.GetRequest("http://127.0.0.1:8000/bar", 1*time.Second, try.StatusCodeIs(http.StatusServiceUnavailable))
require.NoError(s.T(), err)
// router2 has an error because it uses the wrong rule syntax (v3 instead of v2)
err = try.GetRequest("http://127.0.0.1:8080/api/http/routers/router2@file", 1*time.Second, try.BodyContains("error while adding rule PathPrefix: unexpected number of parameters; got 2, expected one of [1]"))
require.NoError(s.T(), err)
// router2 has an error because it uses the wrong rule syntax (v2 instead of v3)
err = try.GetRequest("http://127.0.0.1:8080/api/http/routers/router3@file", 1*time.Second, try.BodyContains("error while parsing rule QueryRegexp(`foo`, `bar`): unsupported function: QueryRegexp"))
require.NoError(s.T(), err)
}
func (s *SimpleSuite) TestRouterConfigErrors() { func (s *SimpleSuite) TestRouterConfigErrors() {
file := s.adaptFile("fixtures/router_errors.toml", struct{}{}) file := s.adaptFile("fixtures/router_errors.toml", struct{}{})
@ -749,6 +813,49 @@ func (s *SimpleSuite) TestUDPServiceConfigErrors() {
require.NoError(s.T(), err) require.NoError(s.T(), err)
} }
func (s *SimpleSuite) TestWRRServer() {
s.createComposeProject("base")
s.composeUp()
defer s.composeDown()
whoami1IP := s.getComposeServiceIP("whoami1")
whoami2IP := s.getComposeServiceIP("whoami2")
file := s.adaptFile("fixtures/wrr_server.toml", struct {
Server1 string
Server2 string
}{Server1: "http://" + whoami1IP, Server2: "http://" + whoami2IP})
s.traefikCmd(withConfigFile(file))
err := try.GetRequest("http://127.0.0.1:8080/api/http/services", 1000*time.Millisecond, try.BodyContains("service1"))
require.NoError(s.T(), err)
repartition := map[string]int{}
for i := 0; i < 4; i++ {
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/whoami", nil)
require.NoError(s.T(), err)
response, err := http.DefaultClient.Do(req)
require.NoError(s.T(), err)
assert.Equal(s.T(), http.StatusOK, response.StatusCode)
body, err := io.ReadAll(response.Body)
require.NoError(s.T(), err)
if strings.Contains(string(body), whoami1IP) {
repartition[whoami1IP]++
}
if strings.Contains(string(body), whoami2IP) {
repartition[whoami2IP]++
}
}
assert.Equal(s.T(), 3, repartition[whoami1IP])
assert.Equal(s.T(), 1, repartition[whoami2IP])
}
func (s *SimpleSuite) TestWRR() { func (s *SimpleSuite) TestWRR() {
s.createComposeProject("base") s.createComposeProject("base")

View file

@ -302,7 +302,7 @@ func (s *TCPSuite) TestWRR() {
time.Sleep(time.Second) time.Sleep(time.Second)
} }
assert.EqualValues(s.T(), call, map[string]int{"whoami-b": 3, "whoami-ab": 1}) assert.EqualValues(s.T(), map[string]int{"whoami-b": 3, "whoami-ab": 1}, call)
} }
func welcome(addr string) (string, error) { func welcome(addr string) (string, error) {
@ -404,7 +404,6 @@ func guessWhoTLSPassthrough(addr, serverName string) (string, error) {
return fmt.Errorf("tls: no valid certificate for serverName %s", serverName) return fmt.Errorf("tls: no valid certificate for serverName %s", serverName)
}, },
}) })
if err != nil { if err != nil {
return "", err return "", err
} }

View file

@ -34,6 +34,7 @@
], ],
"service": "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr", "service": "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr",
"rule": "Host(`foo.com`) \u0026\u0026 Path(`/bar`)", "rule": "Host(`foo.com`) \u0026\u0026 Path(`/bar`)",
"ruleSyntax": "v3",
"priority": 31, "priority": 31,
"status": "enabled", "status": "enabled",
"using": [ "using": [
@ -46,6 +47,7 @@
], ],
"service": "default-http-app-1-my-https-gateway-websecure-1c0cf64bde37d9d0df06-wrr", "service": "default-http-app-1-my-https-gateway-websecure-1c0cf64bde37d9d0df06-wrr",
"rule": "Host(`foo.com`) \u0026\u0026 Path(`/bar`)", "rule": "Host(`foo.com`) \u0026\u0026 Path(`/bar`)",
"ruleSyntax": "v3",
"priority": 31, "priority": 31,
"tls": {}, "tls": {},
"status": "enabled", "status": "enabled",
@ -152,6 +154,7 @@
], ],
"service": "default-tcp-app-1-my-tcp-gateway-footcp-e3b0c44298fc1c149afb-wrr-0", "service": "default-tcp-app-1-my-tcp-gateway-footcp-e3b0c44298fc1c149afb-wrr-0",
"rule": "HostSNI(`*`)", "rule": "HostSNI(`*`)",
"ruleSyntax": "v3",
"priority": -1, "priority": -1,
"status": "enabled", "status": "enabled",
"using": [ "using": [
@ -164,6 +167,7 @@
], ],
"service": "default-tcp-app-1-my-tls-gateway-footlsterminate-e3b0c44298fc1c149afb-wrr-0", "service": "default-tcp-app-1-my-tls-gateway-footlsterminate-e3b0c44298fc1c149afb-wrr-0",
"rule": "HostSNI(`*`)", "rule": "HostSNI(`*`)",
"ruleSyntax": "v3",
"priority": -1, "priority": -1,
"tls": { "tls": {
"passthrough": false "passthrough": false
@ -179,6 +183,7 @@
], ],
"service": "default-tls-app-1-my-tls-gateway-footlspassthrough-2279fe75c5156dc5eb26-wrr-0", "service": "default-tls-app-1-my-tls-gateway-footlspassthrough-2279fe75c5156dc5eb26-wrr-0",
"rule": "HostSNI(`foo.bar`)", "rule": "HostSNI(`foo.bar`)",
"ruleSyntax": "v3",
"priority": 18, "priority": 18,
"tls": { "tls": {
"passthrough": true "passthrough": true

View file

@ -414,6 +414,67 @@ func (s *TracingSuite) TestOpentelemetryAuth() {
s.checkTraceContent(contains) s.checkTraceContent(contains)
} }
func (s *TracingSuite) TestNoInternals() {
file := s.adaptFile("fixtures/tracing/simple-opentelemetry.toml", TracingTemplate{
WhoamiIP: s.whoamiIP,
WhoamiPort: s.whoamiPort,
IP: s.otelCollectorIP,
IsHTTP: true,
})
s.traefikCmd(withConfigFile(file))
// wait for traefik
err := try.GetRequest("http://127.0.0.1:8080/api/rawdata", time.Second, try.BodyContains("basic-auth"))
require.NoError(s.T(), err)
err = try.GetRequest("http://127.0.0.1:8000/ratelimit", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK))
require.NoError(s.T(), err)
err = try.GetRequest("http://127.0.0.1:8000/ping", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK))
require.NoError(s.T(), err)
err = try.GetRequest("http://127.0.0.1:8080/ping", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK))
require.NoError(s.T(), err)
baseURL, err := url.Parse("http://" + s.tempoIP + ":3200/api/search")
require.NoError(s.T(), err)
req := &http.Request{
Method: http.MethodGet,
URL: baseURL,
}
// Wait for traces to be available.
time.Sleep(10 * time.Second)
resp, err := try.Response(req, 5*time.Second)
require.NoError(s.T(), err)
out := &TraceResponse{}
content, err := io.ReadAll(resp.Body)
require.NoError(s.T(), err)
err = json.Unmarshal(content, &out)
require.NoError(s.T(), err)
s.NotEmptyf(len(out.Traces), "expected at least one trace")
for _, t := range out.Traces {
baseURL, err := url.Parse("http://" + s.tempoIP + ":3200/api/traces/" + t.TraceID)
require.NoError(s.T(), err)
req := &http.Request{
Method: http.MethodGet,
URL: baseURL,
}
resp, err := try.Response(req, 5*time.Second)
require.NoError(s.T(), err)
content, err := io.ReadAll(resp.Body)
require.NoError(s.T(), err)
require.NotContains(s.T(), content, "@internal")
}
}
func (s *TracingSuite) checkTraceContent(expectedJSON []map[string]string) { func (s *TracingSuite) checkTraceContent(expectedJSON []map[string]string) {
s.T().Helper() s.T().Helper()

View file

@ -96,7 +96,7 @@ func (s *UDPSuite) TestWRR() {
call["unknown"]++ call["unknown"]++
} }
} }
assert.EqualValues(s.T(), call, map[string]int{"whoami-a": 3, "whoami-b": 2, "whoami-c": 3}) assert.EqualValues(s.T(), map[string]int{"whoami-a": 3, "whoami-b": 2, "whoami-c": 3}, call)
close(stop) close(stop)
}() }()

View file

@ -76,7 +76,7 @@ func New(staticConfig static.Configuration, runtimeConfig *runtime.Configuration
// createRouter creates API routes and router. // createRouter creates API routes and router.
func (h Handler) createRouter() *mux.Router { func (h Handler) createRouter() *mux.Router {
router := mux.NewRouter() router := mux.NewRouter().UseEncodedPath()
if h.staticConfig.API.Debug { if h.staticConfig.API.Debug {
DebugHandler{}.Append(router) DebugHandler{}.Append(router)

View file

@ -4,6 +4,7 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"net/http" "net/http"
"net/url"
"sort" "sort"
"strconv" "strconv"
@ -49,7 +50,13 @@ func (h Handler) getEntryPoints(rw http.ResponseWriter, request *http.Request) {
} }
func (h Handler) getEntryPoint(rw http.ResponseWriter, request *http.Request) { func (h Handler) getEntryPoint(rw http.ResponseWriter, request *http.Request) {
entryPointID := mux.Vars(request)["entryPointID"] scapedEntryPointID := mux.Vars(request)["entryPointID"]
entryPointID, err := url.PathUnescape(scapedEntryPointID)
if err != nil {
writeError(rw, fmt.Sprintf("unable to decode entryPointID %q: %s", scapedEntryPointID, err), http.StatusBadRequest)
return
}
rw.Header().Set("Content-Type", "application/json") rw.Header().Set("Content-Type", "application/json")
@ -64,7 +71,7 @@ func (h Handler) getEntryPoint(rw http.ResponseWriter, request *http.Request) {
Name: entryPointID, Name: entryPointID,
} }
err := json.NewEncoder(rw).Encode(result) err = json.NewEncoder(rw).Encode(result)
if err != nil { if err != nil {
log.Ctx(request.Context()).Error().Err(err).Send() log.Ctx(request.Context()).Error().Err(err).Send()
writeError(rw, err.Error(), http.StatusInternalServerError) writeError(rw, err.Error(), http.StatusInternalServerError)

View file

@ -6,6 +6,7 @@ import (
"io" "io"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"net/url"
"os" "os"
"strconv" "strconv"
"testing" "testing"
@ -169,6 +170,21 @@ func TestHandler_EntryPoints(t *testing.T) {
jsonFile: "testdata/entrypoint-bar.json", jsonFile: "testdata/entrypoint-bar.json",
}, },
}, },
{
desc: "one entry point by id containing slash",
path: "/api/entrypoints/" + url.PathEscape("foo / bar"),
conf: static.Configuration{
Global: &static.Global{},
API: &static.API{},
EntryPoints: map[string]*static.EntryPoint{
"foo / bar": {Address: ":81"},
},
},
expected: expected{
statusCode: http.StatusOK,
jsonFile: "testdata/entrypoint-foo-slash-bar.json",
},
},
{ {
desc: "one entry point by id, that does not exist", desc: "one entry point by id, that does not exist",
path: "/api/entrypoints/foo", path: "/api/entrypoints/foo",

View file

@ -4,6 +4,7 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"net/http" "net/http"
"net/url"
"strconv" "strconv"
"strings" "strings"
@ -97,7 +98,13 @@ func (h Handler) getRouters(rw http.ResponseWriter, request *http.Request) {
} }
func (h Handler) getRouter(rw http.ResponseWriter, request *http.Request) { func (h Handler) getRouter(rw http.ResponseWriter, request *http.Request) {
routerID := mux.Vars(request)["routerID"] scapedRouterID := mux.Vars(request)["routerID"]
routerID, err := url.PathUnescape(scapedRouterID)
if err != nil {
writeError(rw, fmt.Sprintf("unable to decode routerID %q: %s", scapedRouterID, err), http.StatusBadRequest)
return
}
rw.Header().Set("Content-Type", "application/json") rw.Header().Set("Content-Type", "application/json")
@ -109,7 +116,7 @@ func (h Handler) getRouter(rw http.ResponseWriter, request *http.Request) {
result := newRouterRepresentation(routerID, router) result := newRouterRepresentation(routerID, router)
err := json.NewEncoder(rw).Encode(result) err = json.NewEncoder(rw).Encode(result)
if err != nil { if err != nil {
log.Ctx(request.Context()).Error().Err(err).Send() log.Ctx(request.Context()).Error().Err(err).Send()
writeError(rw, err.Error(), http.StatusInternalServerError) writeError(rw, err.Error(), http.StatusInternalServerError)
@ -148,7 +155,13 @@ func (h Handler) getServices(rw http.ResponseWriter, request *http.Request) {
} }
func (h Handler) getService(rw http.ResponseWriter, request *http.Request) { func (h Handler) getService(rw http.ResponseWriter, request *http.Request) {
serviceID := mux.Vars(request)["serviceID"] scapedServiceID := mux.Vars(request)["serviceID"]
serviceID, err := url.PathUnescape(scapedServiceID)
if err != nil {
writeError(rw, fmt.Sprintf("unable to decode serviceID %q: %s", scapedServiceID, err), http.StatusBadRequest)
return
}
rw.Header().Add("Content-Type", "application/json") rw.Header().Add("Content-Type", "application/json")
@ -160,7 +173,7 @@ func (h Handler) getService(rw http.ResponseWriter, request *http.Request) {
result := newServiceRepresentation(serviceID, service) result := newServiceRepresentation(serviceID, service)
err := json.NewEncoder(rw).Encode(result) err = json.NewEncoder(rw).Encode(result)
if err != nil { if err != nil {
log.Ctx(request.Context()).Error().Err(err).Send() log.Ctx(request.Context()).Error().Err(err).Send()
writeError(rw, err.Error(), http.StatusInternalServerError) writeError(rw, err.Error(), http.StatusInternalServerError)
@ -199,7 +212,13 @@ func (h Handler) getMiddlewares(rw http.ResponseWriter, request *http.Request) {
} }
func (h Handler) getMiddleware(rw http.ResponseWriter, request *http.Request) { func (h Handler) getMiddleware(rw http.ResponseWriter, request *http.Request) {
middlewareID := mux.Vars(request)["middlewareID"] scapedMiddlewareID := mux.Vars(request)["middlewareID"]
middlewareID, err := url.PathUnescape(scapedMiddlewareID)
if err != nil {
writeError(rw, fmt.Sprintf("unable to decode middlewareID %q: %s", scapedMiddlewareID, err), http.StatusBadRequest)
return
}
rw.Header().Set("Content-Type", "application/json") rw.Header().Set("Content-Type", "application/json")
@ -211,7 +230,7 @@ func (h Handler) getMiddleware(rw http.ResponseWriter, request *http.Request) {
result := newMiddlewareRepresentation(middlewareID, middleware) result := newMiddlewareRepresentation(middlewareID, middleware)
err := json.NewEncoder(rw).Encode(result) err = json.NewEncoder(rw).Encode(result)
if err != nil { if err != nil {
log.Ctx(request.Context()).Error().Err(err).Send() log.Ctx(request.Context()).Error().Err(err).Send()
writeError(rw, err.Error(), http.StatusInternalServerError) writeError(rw, err.Error(), http.StatusInternalServerError)

View file

@ -7,6 +7,7 @@ import (
"io" "io"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"net/url"
"os" "os"
"strconv" "strconv"
"testing" "testing"
@ -301,6 +302,27 @@ func TestHandler_HTTP(t *testing.T) {
jsonFile: "testdata/router-bar.json", jsonFile: "testdata/router-bar.json",
}, },
}, },
{
desc: "one router by id containing slash",
path: "/api/http/routers/" + url.PathEscape("foo / bar@myprovider"),
conf: runtime.Configuration{
Routers: map[string]*runtime.RouterInfo{
"foo / bar@myprovider": {
Router: &dynamic.Router{
EntryPoints: []string{"web"},
Service: "foo-service@myprovider",
Rule: "Host(`foo.bar`)",
Middlewares: []string{"auth", "addPrefixTest@anotherprovider"},
},
Status: "enabled",
},
},
},
expected: expected{
statusCode: http.StatusOK,
jsonFile: "testdata/router-foo-slash-bar.json",
},
},
{ {
desc: "one router by id, implicitly using default TLS options", desc: "one router by id, implicitly using default TLS options",
path: "/api/http/routers/baz@myprovider", path: "/api/http/routers/baz@myprovider",
@ -661,6 +683,35 @@ func TestHandler_HTTP(t *testing.T) {
jsonFile: "testdata/service-bar.json", jsonFile: "testdata/service-bar.json",
}, },
}, },
{
desc: "one service by id containing slash",
path: "/api/http/services/" + url.PathEscape("foo / bar@myprovider"),
conf: runtime.Configuration{
Services: map[string]*runtime.ServiceInfo{
"foo / bar@myprovider": func() *runtime.ServiceInfo {
si := &runtime.ServiceInfo{
Service: &dynamic.Service{
LoadBalancer: &dynamic.ServersLoadBalancer{
PassHostHeader: Bool(true),
Servers: []dynamic.Server{
{
URL: "http://127.0.0.1",
},
},
},
},
UsedBy: []string{"foo@myprovider", "test@myprovider"},
}
si.UpdateServerStatus("http://127.0.0.1", "UP")
return si
}(),
},
},
expected: expected{
statusCode: http.StatusOK,
jsonFile: "testdata/service-foo-slash-bar.json",
},
},
{ {
desc: "one service by id, that does not exist", desc: "one service by id, that does not exist",
path: "/api/http/services/nono@myprovider", path: "/api/http/services/nono@myprovider",
@ -897,6 +948,26 @@ func TestHandler_HTTP(t *testing.T) {
jsonFile: "testdata/middleware-auth.json", jsonFile: "testdata/middleware-auth.json",
}, },
}, },
{
desc: "one middleware by id containing slash",
path: "/api/http/middlewares/" + url.PathEscape("foo / bar@myprovider"),
conf: runtime.Configuration{
Middlewares: map[string]*runtime.MiddlewareInfo{
"foo / bar@myprovider": {
Middleware: &dynamic.Middleware{
AddPrefix: &dynamic.AddPrefix{
Prefix: "/titi",
},
},
UsedBy: []string{"test@myprovider"},
},
},
},
expected: expected{
statusCode: http.StatusOK,
jsonFile: "testdata/middleware-foo-slash-bar.json",
},
},
{ {
desc: "one middleware by id, that does not exist", desc: "one middleware by id, that does not exist",
path: "/api/http/middlewares/foo@myprovider", path: "/api/http/middlewares/foo@myprovider",

View file

@ -4,6 +4,7 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"net/http" "net/http"
"net/url"
"strconv" "strconv"
"strings" "strings"
@ -90,7 +91,13 @@ func (h Handler) getTCPRouters(rw http.ResponseWriter, request *http.Request) {
} }
func (h Handler) getTCPRouter(rw http.ResponseWriter, request *http.Request) { func (h Handler) getTCPRouter(rw http.ResponseWriter, request *http.Request) {
routerID := mux.Vars(request)["routerID"] scapedRouterID := mux.Vars(request)["routerID"]
routerID, err := url.PathUnescape(scapedRouterID)
if err != nil {
writeError(rw, fmt.Sprintf("unable to decode routerID %q: %s", scapedRouterID, err), http.StatusBadRequest)
return
}
rw.Header().Set("Content-Type", "application/json") rw.Header().Set("Content-Type", "application/json")
@ -102,7 +109,7 @@ func (h Handler) getTCPRouter(rw http.ResponseWriter, request *http.Request) {
result := newTCPRouterRepresentation(routerID, router) result := newTCPRouterRepresentation(routerID, router)
err := json.NewEncoder(rw).Encode(result) err = json.NewEncoder(rw).Encode(result)
if err != nil { if err != nil {
log.Ctx(request.Context()).Error().Err(err).Send() log.Ctx(request.Context()).Error().Err(err).Send()
writeError(rw, err.Error(), http.StatusInternalServerError) writeError(rw, err.Error(), http.StatusInternalServerError)
@ -141,7 +148,13 @@ func (h Handler) getTCPServices(rw http.ResponseWriter, request *http.Request) {
} }
func (h Handler) getTCPService(rw http.ResponseWriter, request *http.Request) { func (h Handler) getTCPService(rw http.ResponseWriter, request *http.Request) {
serviceID := mux.Vars(request)["serviceID"] scapedServiceID := mux.Vars(request)["serviceID"]
serviceID, err := url.PathUnescape(scapedServiceID)
if err != nil {
writeError(rw, fmt.Sprintf("unable to decode serviceID %q: %s", scapedServiceID, err), http.StatusBadRequest)
return
}
rw.Header().Set("Content-Type", "application/json") rw.Header().Set("Content-Type", "application/json")
@ -153,7 +166,7 @@ func (h Handler) getTCPService(rw http.ResponseWriter, request *http.Request) {
result := newTCPServiceRepresentation(serviceID, service) result := newTCPServiceRepresentation(serviceID, service)
err := json.NewEncoder(rw).Encode(result) err = json.NewEncoder(rw).Encode(result)
if err != nil { if err != nil {
log.Ctx(request.Context()).Error().Err(err).Send() log.Ctx(request.Context()).Error().Err(err).Send()
writeError(rw, err.Error(), http.StatusInternalServerError) writeError(rw, err.Error(), http.StatusInternalServerError)
@ -192,7 +205,13 @@ func (h Handler) getTCPMiddlewares(rw http.ResponseWriter, request *http.Request
} }
func (h Handler) getTCPMiddleware(rw http.ResponseWriter, request *http.Request) { func (h Handler) getTCPMiddleware(rw http.ResponseWriter, request *http.Request) {
middlewareID := mux.Vars(request)["middlewareID"] scapedMiddlewareID := mux.Vars(request)["middlewareID"]
middlewareID, err := url.PathUnescape(scapedMiddlewareID)
if err != nil {
writeError(rw, fmt.Sprintf("unable to decode middlewareID %q: %s", scapedMiddlewareID, err), http.StatusBadRequest)
return
}
rw.Header().Set("Content-Type", "application/json") rw.Header().Set("Content-Type", "application/json")
@ -204,7 +223,7 @@ func (h Handler) getTCPMiddleware(rw http.ResponseWriter, request *http.Request)
result := newTCPMiddlewareRepresentation(middlewareID, middleware) result := newTCPMiddlewareRepresentation(middlewareID, middleware)
err := json.NewEncoder(rw).Encode(result) err = json.NewEncoder(rw).Encode(result)
if err != nil { if err != nil {
log.Ctx(request.Context()).Error().Err(err).Send() log.Ctx(request.Context()).Error().Err(err).Send()
writeError(rw, err.Error(), http.StatusInternalServerError) writeError(rw, err.Error(), http.StatusInternalServerError)

View file

@ -6,6 +6,7 @@ import (
"io" "io"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"net/url"
"os" "os"
"testing" "testing"
@ -295,6 +296,25 @@ func TestHandler_TCP(t *testing.T) {
jsonFile: "testdata/tcprouter-bar.json", jsonFile: "testdata/tcprouter-bar.json",
}, },
}, },
{
desc: "one TCP router by id containing slash",
path: "/api/tcp/routers/" + url.PathEscape("foo / bar@myprovider"),
conf: runtime.Configuration{
TCPRouters: map[string]*runtime.TCPRouterInfo{
"foo / bar@myprovider": {
TCPRouter: &dynamic.TCPRouter{
EntryPoints: []string{"web"},
Service: "foo-service@myprovider",
Rule: "Host(`foo.bar`)",
},
},
},
},
expected: expected{
statusCode: http.StatusOK,
jsonFile: "testdata/tcprouter-foo-slash-bar.json",
},
},
{ {
desc: "one TCP router by id, that does not exist", desc: "one TCP router by id, that does not exist",
path: "/api/tcp/routers/foo@myprovider", path: "/api/tcp/routers/foo@myprovider",
@ -559,6 +579,30 @@ func TestHandler_TCP(t *testing.T) {
jsonFile: "testdata/tcpservice-bar.json", jsonFile: "testdata/tcpservice-bar.json",
}, },
}, },
{
desc: "one tcp service by id containing slash",
path: "/api/tcp/services/" + url.PathEscape("foo / bar@myprovider"),
conf: runtime.Configuration{
TCPServices: map[string]*runtime.TCPServiceInfo{
"foo / bar@myprovider": {
TCPService: &dynamic.TCPService{
LoadBalancer: &dynamic.TCPServersLoadBalancer{
Servers: []dynamic.TCPServer{
{
Address: "127.0.0.1:2345",
},
},
},
},
UsedBy: []string{"foo@myprovider", "test@myprovider"},
},
},
},
expected: expected{
statusCode: http.StatusOK,
jsonFile: "testdata/tcpservice-foo-slash-bar.json",
},
},
{ {
desc: "one tcp service by id, that does not exist", desc: "one tcp service by id, that does not exist",
path: "/api/tcp/services/nono@myprovider", path: "/api/tcp/services/nono@myprovider",
@ -780,6 +824,26 @@ func TestHandler_TCP(t *testing.T) {
jsonFile: "testdata/tcpmiddleware-ipallowlist.json", jsonFile: "testdata/tcpmiddleware-ipallowlist.json",
}, },
}, },
{
desc: "one middleware by id containing slash",
path: "/api/tcp/middlewares/" + url.PathEscape("foo / bar@myprovider"),
conf: runtime.Configuration{
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
"foo / bar@myprovider": {
TCPMiddleware: &dynamic.TCPMiddleware{
IPWhiteList: &dynamic.TCPIPWhiteList{
SourceRange: []string{"127.0.0.1/32"},
},
},
UsedBy: []string{"bar@myprovider", "test@myprovider"},
},
},
},
expected: expected{
statusCode: http.StatusOK,
jsonFile: "testdata/tcpmiddleware-foo-slash-bar.json",
},
},
{ {
desc: "one middleware by id, that does not exist", desc: "one middleware by id, that does not exist",
path: "/api/tcp/middlewares/foo@myprovider", path: "/api/tcp/middlewares/foo@myprovider",

View file

@ -4,6 +4,7 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"net/http" "net/http"
"net/url"
"strconv" "strconv"
"strings" "strings"
@ -74,7 +75,13 @@ func (h Handler) getUDPRouters(rw http.ResponseWriter, request *http.Request) {
} }
func (h Handler) getUDPRouter(rw http.ResponseWriter, request *http.Request) { func (h Handler) getUDPRouter(rw http.ResponseWriter, request *http.Request) {
routerID := mux.Vars(request)["routerID"] scapedRouterID := mux.Vars(request)["routerID"]
routerID, err := url.PathUnescape(scapedRouterID)
if err != nil {
writeError(rw, fmt.Sprintf("unable to decode routerID %q: %s", scapedRouterID, err), http.StatusBadRequest)
return
}
rw.Header().Set("Content-Type", "application/json") rw.Header().Set("Content-Type", "application/json")
@ -86,7 +93,7 @@ func (h Handler) getUDPRouter(rw http.ResponseWriter, request *http.Request) {
result := newUDPRouterRepresentation(routerID, router) result := newUDPRouterRepresentation(routerID, router)
err := json.NewEncoder(rw).Encode(result) err = json.NewEncoder(rw).Encode(result)
if err != nil { if err != nil {
log.Ctx(request.Context()).Error().Err(err).Send() log.Ctx(request.Context()).Error().Err(err).Send()
writeError(rw, err.Error(), http.StatusInternalServerError) writeError(rw, err.Error(), http.StatusInternalServerError)
@ -125,7 +132,13 @@ func (h Handler) getUDPServices(rw http.ResponseWriter, request *http.Request) {
} }
func (h Handler) getUDPService(rw http.ResponseWriter, request *http.Request) { func (h Handler) getUDPService(rw http.ResponseWriter, request *http.Request) {
serviceID := mux.Vars(request)["serviceID"] scapedServiceID := mux.Vars(request)["serviceID"]
serviceID, err := url.PathUnescape(scapedServiceID)
if err != nil {
writeError(rw, fmt.Sprintf("unable to decode serviceID %q: %s", scapedServiceID, err), http.StatusBadRequest)
return
}
rw.Header().Set("Content-Type", "application/json") rw.Header().Set("Content-Type", "application/json")
@ -137,7 +150,7 @@ func (h Handler) getUDPService(rw http.ResponseWriter, request *http.Request) {
result := newUDPServiceRepresentation(serviceID, service) result := newUDPServiceRepresentation(serviceID, service)
err := json.NewEncoder(rw).Encode(result) err = json.NewEncoder(rw).Encode(result)
if err != nil { if err != nil {
log.Ctx(request.Context()).Error().Err(err).Send() log.Ctx(request.Context()).Error().Err(err).Send()
writeError(rw, err.Error(), http.StatusInternalServerError) writeError(rw, err.Error(), http.StatusInternalServerError)

View file

@ -6,6 +6,7 @@ import (
"io" "io"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"net/url"
"os" "os"
"testing" "testing"
@ -224,6 +225,24 @@ func TestHandler_UDP(t *testing.T) {
jsonFile: "testdata/udprouter-bar.json", jsonFile: "testdata/udprouter-bar.json",
}, },
}, },
{
desc: "one UDP router by id containing slash",
path: "/api/udp/routers/" + url.PathEscape("foo / bar@myprovider"),
conf: runtime.Configuration{
UDPRouters: map[string]*runtime.UDPRouterInfo{
"foo / bar@myprovider": {
UDPRouter: &dynamic.UDPRouter{
EntryPoints: []string{"web"},
Service: "foo-service@myprovider",
},
},
},
},
expected: expected{
statusCode: http.StatusOK,
jsonFile: "testdata/udprouter-foo-slash-bar.json",
},
},
{ {
desc: "one UDP router by id, that does not exist", desc: "one UDP router by id, that does not exist",
path: "/api/udp/routers/foo@myprovider", path: "/api/udp/routers/foo@myprovider",
@ -487,6 +506,30 @@ func TestHandler_UDP(t *testing.T) {
jsonFile: "testdata/udpservice-bar.json", jsonFile: "testdata/udpservice-bar.json",
}, },
}, },
{
desc: "one udp service by id containing slash",
path: "/api/udp/services/" + url.PathEscape("foo / bar@myprovider"),
conf: runtime.Configuration{
UDPServices: map[string]*runtime.UDPServiceInfo{
"foo / bar@myprovider": {
UDPService: &dynamic.UDPService{
LoadBalancer: &dynamic.UDPServersLoadBalancer{
Servers: []dynamic.UDPServer{
{
Address: "127.0.0.1:2345",
},
},
},
},
UsedBy: []string{"foo@myprovider", "test@myprovider"},
},
},
},
expected: expected{
statusCode: http.StatusOK,
jsonFile: "testdata/udpservice-foo-slash-bar.json",
},
},
{ {
desc: "one udp service by id, that does not exist", desc: "one udp service by id, that does not exist",
path: "/api/udp/services/nono@myprovider", path: "/api/udp/services/nono@myprovider",

View file

@ -0,0 +1,5 @@
{
"address": ":81",
"http": {},
"name": "foo / bar"
}

View file

@ -0,0 +1,12 @@
{
"addPrefix": {
"prefix": "/titi"
},
"name": "foo / bar@myprovider",
"provider": "myprovider",
"status": "enabled",
"type": "addprefix",
"usedBy": [
"test@myprovider"
]
}

View file

@ -0,0 +1,17 @@
{
"entryPoints": [
"web"
],
"middlewares": [
"auth",
"addPrefixTest@anotherprovider"
],
"name": "foo / bar@myprovider",
"provider": "myprovider",
"rule": "Host(`foo.bar`)",
"service": "foo-service@myprovider",
"status": "enabled",
"using": [
"web"
]
}

View file

@ -0,0 +1,21 @@
{
"loadBalancer": {
"passHostHeader": true,
"servers": [
{
"url": "http://127.0.0.1"
}
]
},
"name": "foo / bar@myprovider",
"provider": "myprovider",
"serverStatus": {
"http://127.0.0.1": "UP"
},
"status": "enabled",
"type": "loadbalancer",
"usedBy": [
"foo@myprovider",
"test@myprovider"
]
}

View file

@ -0,0 +1,13 @@
{
"ipWhiteList": {
"sourceRange": ["127.0.0.1/32"]
},
"name": "foo / bar@myprovider",
"provider": "myprovider",
"status": "enabled",
"type": "ipwhitelist",
"usedBy": [
"bar@myprovider",
"test@myprovider"
]
}

View file

@ -0,0 +1,13 @@
{
"entryPoints": [
"web"
],
"name": "foo / bar@myprovider",
"provider": "myprovider",
"rule": "Host(`foo.bar`)",
"service": "foo-service@myprovider",
"status": "enabled",
"using": [
"web"
]
}

View file

@ -0,0 +1,17 @@
{
"loadBalancer": {
"servers": [
{
"address": "127.0.0.1:2345"
}
]
},
"name": "foo / bar@myprovider",
"provider": "myprovider",
"status": "enabled",
"type": "loadbalancer",
"usedBy": [
"foo@myprovider",
"test@myprovider"
]
}

View file

@ -0,0 +1,12 @@
{
"entryPoints": [
"web"
],
"name": "foo / bar@myprovider",
"provider": "myprovider",
"service": "foo-service@myprovider",
"status": "enabled",
"using": [
"web"
]
}

View file

@ -0,0 +1,17 @@
{
"loadBalancer": {
"servers": [
{
"address": "127.0.0.1:2345"
}
]
},
"name": "foo / bar@myprovider",
"provider": "myprovider",
"status": "enabled",
"type": "loadbalancer",
"usedBy": [
"foo@myprovider",
"test@myprovider"
]
}

541
pkg/cli/deprecation.go Normal file
View file

@ -0,0 +1,541 @@
package cli
import (
"errors"
"os"
"reflect"
"strings"
"github.com/rs/zerolog"
"github.com/rs/zerolog/log"
"github.com/traefik/paerser/cli"
"github.com/traefik/paerser/flag"
"github.com/traefik/paerser/parser"
)
type DeprecationLoader struct{}
func (d DeprecationLoader) Load(args []string, cmd *cli.Command) (bool, error) {
if logDeprecation(cmd.Configuration, args) {
return true, errors.New("incompatible deprecated static option found")
}
return false, nil
}
// logDeprecation prints deprecation hints and returns whether incompatible deprecated options need to be removed.
func logDeprecation(traefikConfiguration interface{}, args []string) bool {
// This part doesn't handle properly a flag defined like this:
// --accesslog true
// where `true` could be considered as a new argument.
// This is not really an issue with the deprecation loader since it will filter the unknown nodes later in this
// function.
for i, arg := range args {
if !strings.Contains(arg, "=") {
args[i] = arg + "=true"
}
}
labels, err := flag.Parse(args, nil)
if err != nil {
log.Error().Err(err).Msg("deprecated static options analysis failed")
return false
}
node, err := parser.DecodeToNode(labels, "traefik")
if err != nil {
log.Error().Err(err).Msg("deprecated static options analysis failed")
return false
}
if node != nil && len(node.Children) > 0 {
config := &configuration{}
filterUnknownNodes(reflect.TypeOf(config), node)
if len(node.Children) > 0 {
// Telling parser to look for the label struct tag to allow empty values.
err = parser.AddMetadata(config, node, parser.MetadataOpts{TagName: "label"})
if err != nil {
log.Error().Err(err).Msg("deprecated static options analysis failed")
return false
}
err = parser.Fill(config, node, parser.FillerOpts{})
if err != nil {
log.Error().Err(err).Msg("deprecated static options analysis failed")
return false
}
if config.deprecationNotice(log.With().Str("loader", "FLAG").Logger()) {
return true
}
// No further deprecation parsing and logging,
// as args configuration contains at least one deprecated option.
return false
}
}
// FILE
ref, err := flag.Parse(args, traefikConfiguration)
if err != nil {
log.Error().Err(err).Msg("deprecated static options analysis failed")
return false
}
configFileFlag := "traefik.configfile"
if _, ok := ref["traefik.configFile"]; ok {
configFileFlag = "traefik.configFile"
}
config := &configuration{}
_, err = loadConfigFiles(ref[configFileFlag], config)
if err == nil {
if config.deprecationNotice(log.With().Str("loader", "FILE").Logger()) {
return true
}
}
config = &configuration{}
l := EnvLoader{}
_, err = l.Load(os.Args, &cli.Command{
Configuration: config,
})
if err == nil {
if config.deprecationNotice(log.With().Str("loader", "ENV").Logger()) {
return true
}
}
return false
}
func filterUnknownNodes(fType reflect.Type, node *parser.Node) bool {
var children []*parser.Node
for _, child := range node.Children {
if hasKnownNodes(fType, child) {
children = append(children, child)
}
}
node.Children = children
return len(node.Children) > 0
}
func hasKnownNodes(rootType reflect.Type, node *parser.Node) bool {
rType := rootType
if rootType.Kind() == reflect.Pointer {
rType = rootType.Elem()
}
// unstructured type fitting anything, considering the current node as known.
if rType.Kind() == reflect.Map && rType.Elem().Kind() == reflect.Interface {
return true
}
// unstructured type fitting anything, considering the current node as known.
if rType.Kind() == reflect.Interface {
return true
}
// find matching field in struct type.
field, b := findTypedField(rType, node)
if !b {
return b
}
if len(node.Children) > 0 {
return filterUnknownNodes(field.Type, node)
}
return true
}
func findTypedField(rType reflect.Type, node *parser.Node) (reflect.StructField, bool) {
// avoid panicking.
if rType.Kind() != reflect.Struct {
return reflect.StructField{}, false
}
for i := 0; i < rType.NumField(); i++ {
cField := rType.Field(i)
// ignore unexported fields.
if cField.PkgPath == "" {
if strings.EqualFold(cField.Name, node.Name) {
node.FieldName = cField.Name
return cField, true
}
}
}
return reflect.StructField{}, false
}
// configuration holds the static configuration removed/deprecated options.
type configuration struct {
Experimental *experimental `json:"experimental,omitempty" toml:"experimental,omitempty" yaml:"experimental,omitempty" label:"allowEmpty" file:"allowEmpty"`
Pilot map[string]any `json:"pilot,omitempty" toml:"pilot,omitempty" yaml:"pilot,omitempty" label:"allowEmpty" file:"allowEmpty"`
Providers *providers `json:"providers,omitempty" toml:"providers,omitempty" yaml:"providers,omitempty" label:"allowEmpty" file:"allowEmpty"`
Tracing *tracing `json:"tracing,omitempty" toml:"tracing,omitempty" yaml:"tracing,omitempty" label:"allowEmpty" file:"allowEmpty"`
}
func (c *configuration) deprecationNotice(logger zerolog.Logger) bool {
if c == nil {
return false
}
var incompatible bool
if c.Pilot != nil {
incompatible = true
logger.Error().Msg("Pilot configuration has been removed in v3, please remove all Pilot-related static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#pilot")
}
incompatibleExperimental := c.Experimental.deprecationNotice(logger)
incompatibleProviders := c.Providers.deprecationNotice(logger)
incompatibleTracing := c.Tracing.deprecationNotice(logger)
return incompatible || incompatibleExperimental || incompatibleProviders || incompatibleTracing
}
type providers struct {
Docker *docker `json:"docker,omitempty" toml:"docker,omitempty" yaml:"docker,omitempty" label:"allowEmpty" file:"allowEmpty"`
Swarm *swarm `json:"swarm,omitempty" toml:"swarm,omitempty" yaml:"swarm,omitempty" label:"allowEmpty" file:"allowEmpty"`
Consul *consul `json:"consul,omitempty" toml:"consul,omitempty" yaml:"consul,omitempty" label:"allowEmpty" file:"allowEmpty"`
ConsulCatalog *consulCatalog `json:"consulCatalog,omitempty" toml:"consulCatalog,omitempty" yaml:"consulCatalog,omitempty" label:"allowEmpty" file:"allowEmpty"`
Nomad *nomad `json:"nomad,omitempty" toml:"nomad,omitempty" yaml:"nomad,omitempty" label:"allowEmpty" file:"allowEmpty"`
Marathon map[string]any `json:"marathon,omitempty" toml:"marathon,omitempty" yaml:"marathon,omitempty" label:"allowEmpty" file:"allowEmpty"`
Rancher map[string]any `json:"rancher,omitempty" toml:"rancher,omitempty" yaml:"rancher,omitempty" label:"allowEmpty" file:"allowEmpty"`
ETCD *etcd `json:"etcd,omitempty" toml:"etcd,omitempty" yaml:"etcd,omitempty" label:"allowEmpty" file:"allowEmpty"`
Redis *redis `json:"redis,omitempty" toml:"redis,omitempty" yaml:"redis,omitempty" label:"allowEmpty" file:"allowEmpty"`
HTTP *http `json:"http,omitempty" toml:"http,omitempty" yaml:"http,omitempty" label:"allowEmpty" file:"allowEmpty"`
}
func (p *providers) deprecationNotice(logger zerolog.Logger) bool {
if p == nil {
return false
}
var incompatible bool
if p.Marathon != nil {
incompatible = true
logger.Error().Msg("Marathon provider has been removed in v3, please remove all Marathon-related static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#marathon-provider")
}
if p.Rancher != nil {
incompatible = true
logger.Error().Msg("Rancher provider has been removed in v3, please remove all Rancher-related static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#rancher-v1-provider")
}
dockerIncompatible := p.Docker.deprecationNotice(logger)
consulIncompatible := p.Consul.deprecationNotice(logger)
consulCatalogIncompatible := p.ConsulCatalog.deprecationNotice(logger)
nomadIncompatible := p.Nomad.deprecationNotice(logger)
swarmIncompatible := p.Swarm.deprecationNotice(logger)
etcdIncompatible := p.ETCD.deprecationNotice(logger)
redisIncompatible := p.Redis.deprecationNotice(logger)
httpIncompatible := p.HTTP.deprecationNotice(logger)
return incompatible ||
dockerIncompatible ||
consulIncompatible ||
consulCatalogIncompatible ||
nomadIncompatible ||
swarmIncompatible ||
etcdIncompatible ||
redisIncompatible ||
httpIncompatible
}
type tls struct {
CAOptional *bool `json:"caOptional,omitempty" toml:"caOptional,omitempty" yaml:"caOptional,omitempty"`
}
type docker struct {
SwarmMode *bool `json:"swarmMode,omitempty" toml:"swarmMode,omitempty" yaml:"swarmMode,omitempty"`
TLS *tls `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty"`
}
func (d *docker) deprecationNotice(logger zerolog.Logger) bool {
if d == nil {
return false
}
var incompatible bool
if d.SwarmMode != nil {
incompatible = true
logger.Error().Msg("Docker provider `swarmMode` option has been removed in v3, please use the Swarm Provider instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#docker-docker-swarm")
}
if d.TLS != nil && d.TLS.CAOptional != nil {
incompatible = true
logger.Error().Msg("Docker provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional")
}
return incompatible
}
type swarm struct {
TLS *tls `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty"`
}
func (s *swarm) deprecationNotice(logger zerolog.Logger) bool {
if s == nil {
return false
}
var incompatible bool
if s.TLS != nil && s.TLS.CAOptional != nil {
incompatible = true
logger.Error().Msg("Swarm provider `tls.CAOptional` option does not exist, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start.")
}
return incompatible
}
type etcd struct {
TLS *tls `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty"`
}
func (e *etcd) deprecationNotice(logger zerolog.Logger) bool {
if e == nil {
return false
}
var incompatible bool
if e.TLS != nil && e.TLS.CAOptional != nil {
incompatible = true
logger.Error().Msg("ETCD provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional_3")
}
return incompatible
}
type redis struct {
TLS *tls `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty"`
}
func (r *redis) deprecationNotice(logger zerolog.Logger) bool {
if r == nil {
return false
}
var incompatible bool
if r.TLS != nil && r.TLS.CAOptional != nil {
incompatible = true
logger.Error().Msg("Redis provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional_4")
}
return incompatible
}
type consul struct {
Namespace *string `json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
TLS *tls `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty"`
}
func (c *consul) deprecationNotice(logger zerolog.Logger) bool {
if c == nil {
return false
}
var incompatible bool
if c.Namespace != nil {
incompatible = true
logger.Error().Msg("Consul provider `namespace` option has been removed, please use the `namespaces` option instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#consul-provider")
}
if c.TLS != nil && c.TLS.CAOptional != nil {
incompatible = true
logger.Error().Msg("Consul provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional_1")
}
return incompatible
}
type consulCatalog struct {
Namespace *string `json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
Endpoint *endpointConfig `json:"endpoint,omitempty" toml:"endpoint,omitempty" yaml:"endpoint,omitempty" label:"allowEmpty" file:"allowEmpty"`
}
type endpointConfig struct {
TLS *tls `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty"`
}
func (c *consulCatalog) deprecationNotice(logger zerolog.Logger) bool {
if c == nil {
return false
}
var incompatible bool
if c.Namespace != nil {
incompatible = true
logger.Error().Msg("ConsulCatalog provider `namespace` option has been removed, please use the `namespaces` option instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#consulcatalog-provider")
}
if c.Endpoint != nil && c.Endpoint.TLS != nil && c.Endpoint.TLS.CAOptional != nil {
incompatible = true
logger.Error().Msg("ConsulCatalog provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#endpointtlscaoptional")
}
return incompatible
}
type nomad struct {
Namespace *string `json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
Endpoint *endpointConfig `json:"endpoint,omitempty" toml:"endpoint,omitempty" yaml:"endpoint,omitempty" label:"allowEmpty" file:"allowEmpty"`
}
func (n *nomad) deprecationNotice(logger zerolog.Logger) bool {
if n == nil {
return false
}
var incompatible bool
if n.Namespace != nil {
incompatible = true
logger.Error().Msg("Nomad provider `namespace` option has been removed, please use the `namespaces` option instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#nomad-provider")
}
if n.Endpoint != nil && n.Endpoint.TLS != nil && n.Endpoint.TLS.CAOptional != nil {
incompatible = true
logger.Error().Msg("Nomad provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#endpointtlscaoptional_1")
}
return incompatible
}
type http struct {
TLS *tls `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty"`
}
func (h *http) deprecationNotice(logger zerolog.Logger) bool {
if h == nil {
return false
}
var incompatible bool
if h.TLS != nil && h.TLS.CAOptional != nil {
incompatible = true
logger.Error().Msg("HTTP provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional_2")
}
return incompatible
}
type experimental struct {
HTTP3 *bool `json:"http3,omitempty" toml:"http3,omitempty" yaml:"http3,omitempty"`
}
func (e *experimental) deprecationNotice(logger zerolog.Logger) bool {
if e == nil {
return false
}
if e.HTTP3 != nil {
logger.Error().Msg("HTTP3 is not an experimental feature in v3 and the associated enablement has been removed." +
"Please remove its usage from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#http3-experimental-configuration")
return true
}
return false
}
type tracing struct {
SpanNameLimit *int `json:"spanNameLimit,omitempty" toml:"spanNameLimit,omitempty" yaml:"spanNameLimit,omitempty"`
Jaeger map[string]any `json:"jaeger,omitempty" toml:"jaeger,omitempty" yaml:"jaeger,omitempty" label:"allowEmpty" file:"allowEmpty"`
Zipkin map[string]any `json:"zipkin,omitempty" toml:"zipkin,omitempty" yaml:"zipkin,omitempty" label:"allowEmpty" file:"allowEmpty"`
Datadog map[string]any `json:"datadog,omitempty" toml:"datadog,omitempty" yaml:"datadog,omitempty" label:"allowEmpty" file:"allowEmpty"`
Instana map[string]any `json:"instana,omitempty" toml:"instana,omitempty" yaml:"instana,omitempty" label:"allowEmpty" file:"allowEmpty"`
Haystack map[string]any `json:"haystack,omitempty" toml:"haystack,omitempty" yaml:"haystack,omitempty" label:"allowEmpty" file:"allowEmpty"`
Elastic map[string]any `json:"elastic,omitempty" toml:"elastic,omitempty" yaml:"elastic,omitempty" label:"allowEmpty" file:"allowEmpty"`
}
func (t *tracing) deprecationNotice(logger zerolog.Logger) bool {
if t == nil {
return false
}
var incompatible bool
if t.SpanNameLimit != nil {
incompatible = true
logger.Error().Msg("SpanNameLimit option for Tracing has been removed in v3, as Span names are now of a fixed length." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
}
if t.Jaeger != nil {
incompatible = true
logger.Error().Msg("Jaeger Tracing backend has been removed in v3, please remove all Jaeger-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
}
if t.Zipkin != nil {
incompatible = true
logger.Error().Msg("Zipkin Tracing backend has been removed in v3, please remove all Zipkin-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
}
if t.Datadog != nil {
incompatible = true
logger.Error().Msg("Datadog Tracing backend has been removed in v3, please remove all Datadog-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
}
if t.Instana != nil {
incompatible = true
logger.Error().Msg("Instana Tracing backend has been removed in v3, please remove all Instana-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
}
if t.Haystack != nil {
incompatible = true
logger.Error().Msg("Haystack Tracing backend has been removed in v3, please remove all Haystack-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
}
if t.Elastic != nil {
incompatible = true
logger.Error().Msg("Elastic Tracing backend has been removed in v3, please remove all Elastic-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
}
return incompatible
}

404
pkg/cli/deprecation_test.go Normal file
View file

@ -0,0 +1,404 @@
package cli
import (
"testing"
"github.com/rs/zerolog"
"github.com/rs/zerolog/log"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/traefik/paerser/cli"
"github.com/traefik/traefik/v3/cmd"
)
func ptr[T any](t T) *T {
return &t
}
func TestDeprecationNotice(t *testing.T) {
tests := []struct {
desc string
config configuration
}{
{
desc: "Docker provider swarmMode option is incompatible",
config: configuration{
Providers: &providers{
Docker: &docker{
SwarmMode: ptr(true),
},
},
},
},
{
desc: "Docker provider tls.CAOptional option is incompatible",
config: configuration{
Providers: &providers{
Docker: &docker{
TLS: &tls{
CAOptional: ptr(true),
},
},
},
},
},
{
desc: "Swarm provider tls.CAOptional option is incompatible",
config: configuration{
Providers: &providers{
Swarm: &swarm{
TLS: &tls{
CAOptional: ptr(true),
},
},
},
},
},
{
desc: "Consul provider namespace option is incompatible",
config: configuration{
Providers: &providers{
Consul: &consul{
Namespace: ptr("foobar"),
},
},
},
},
{
desc: "Consul provider tls.CAOptional option is incompatible",
config: configuration{
Providers: &providers{
Consul: &consul{
TLS: &tls{
CAOptional: ptr(true),
},
},
},
},
},
{
desc: "ConsulCatalog provider namespace option is incompatible",
config: configuration{
Providers: &providers{
ConsulCatalog: &consulCatalog{
Namespace: ptr("foobar"),
},
},
},
},
{
desc: "ConsulCatalog provider tls.CAOptional option is incompatible",
config: configuration{
Providers: &providers{
ConsulCatalog: &consulCatalog{
Endpoint: &endpointConfig{
TLS: &tls{
CAOptional: ptr(true),
},
},
},
},
},
},
{
desc: "Nomad provider namespace option is incompatible",
config: configuration{
Providers: &providers{
Nomad: &nomad{
Namespace: ptr("foobar"),
},
},
},
},
{
desc: "Nomad provider tls.CAOptional option is incompatible",
config: configuration{
Providers: &providers{
Nomad: &nomad{
Endpoint: &endpointConfig{
TLS: &tls{
CAOptional: ptr(true),
},
},
},
},
},
},
{
desc: "Marathon configuration is incompatible",
config: configuration{
Providers: &providers{
Marathon: map[string]any{
"foo": "bar",
},
},
},
},
{
desc: "Rancher configuration is incompatible",
config: configuration{
Providers: &providers{
Rancher: map[string]any{
"foo": "bar",
},
},
},
},
{
desc: "ETCD provider tls.CAOptional option is incompatible",
config: configuration{
Providers: &providers{
ETCD: &etcd{
TLS: &tls{
CAOptional: ptr(true),
},
},
},
},
},
{
desc: "Redis provider tls.CAOptional option is incompatible",
config: configuration{
Providers: &providers{
Redis: &redis{
TLS: &tls{
CAOptional: ptr(true),
},
},
},
},
},
{
desc: "HTTP provider tls.CAOptional option is incompatible",
config: configuration{
Providers: &providers{
HTTP: &http{
TLS: &tls{
CAOptional: ptr(true),
},
},
},
},
},
{
desc: "Pilot configuration is incompatible",
config: configuration{
Pilot: map[string]any{
"foo": "bar",
},
},
},
{
desc: "Experimental HTTP3 enablement configuration is incompatible",
config: configuration{
Experimental: &experimental{
HTTP3: ptr(true),
},
},
},
{
desc: "Tracing SpanNameLimit option is incompatible",
config: configuration{
Tracing: &tracing{
SpanNameLimit: ptr(42),
},
},
},
{
desc: "Tracing Jaeger configuration is incompatible",
config: configuration{
Tracing: &tracing{
Jaeger: map[string]any{
"foo": "bar",
},
},
},
},
{
desc: "Tracing Zipkin configuration is incompatible",
config: configuration{
Tracing: &tracing{
Zipkin: map[string]any{
"foo": "bar",
},
},
},
},
{
desc: "Tracing Datadog configuration is incompatible",
config: configuration{
Tracing: &tracing{
Datadog: map[string]any{
"foo": "bar",
},
},
},
},
{
desc: "Tracing Instana configuration is incompatible",
config: configuration{
Tracing: &tracing{
Instana: map[string]any{
"foo": "bar",
},
},
},
},
{
desc: "Tracing Haystack configuration is incompatible",
config: configuration{
Tracing: &tracing{
Haystack: map[string]any{
"foo": "bar",
},
},
},
},
{
desc: "Tracing Elastic configuration is incompatible",
config: configuration{
Tracing: &tracing{
Elastic: map[string]any{
"foo": "bar",
},
},
},
},
}
for _, test := range tests {
test := test
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
var gotLog bool
var gotLevel zerolog.Level
testHook := zerolog.HookFunc(func(e *zerolog.Event, level zerolog.Level, message string) {
gotLog = true
gotLevel = level
})
logger := log.With().Logger().Hook(testHook)
assert.True(t, test.config.deprecationNotice(logger))
assert.True(t, gotLog)
assert.Equal(t, zerolog.ErrorLevel, gotLevel)
})
}
}
func TestLoad(t *testing.T) {
testCases := []struct {
desc string
args []string
env map[string]string
wantDeprecated bool
}{
{
desc: "Empty",
args: []string{},
wantDeprecated: false,
},
{
desc: "[FLAG] providers.marathon is deprecated",
args: []string{
"--access-log",
"--log.level=DEBUG",
"--entrypoints.test.http.tls",
"--providers.nomad.endpoint.tls.insecureskipverify=true",
"--providers.marathon",
},
wantDeprecated: true,
},
{
desc: "[FLAG] multiple deprecated",
args: []string{
"--access-log",
"--log.level=DEBUG",
"--entrypoints.test.http.tls",
"--providers.marathon",
"--pilot.token=XXX",
},
wantDeprecated: true,
},
{
desc: "[FLAG] no deprecated",
args: []string{
"--access-log",
"--log.level=DEBUG",
"--entrypoints.test.http.tls",
"--providers.docker",
},
wantDeprecated: false,
},
{
desc: "[ENV] providers.marathon is deprecated",
env: map[string]string{
"TRAEFIK_ACCESS_LOG": "",
"TRAEFIK_LOG_LEVEL": "DEBUG",
"TRAEFIK_ENTRYPOINT_TEST_HTTP_TLS": "true",
"TRAEFIK_PROVIDERS_MARATHON": "true",
},
wantDeprecated: true,
},
{
desc: "[ENV] multiple deprecated",
env: map[string]string{
"TRAEFIK_ACCESS_LOG": "true",
"TRAEFIK_LOG_LEVEL": "DEBUG",
"TRAEFIK_ENTRYPOINT_TEST_HTTP_TLS": "true",
"TRAEFIK_PROVIDERS_MARATHON": "true",
"TRAEFIK_PILOT_TOKEN": "xxx",
},
wantDeprecated: true,
},
{
desc: "[ENV] no deprecated",
env: map[string]string{
"TRAEFIK_ACCESS_LOG": "true",
"TRAEFIK_LOG_LEVEL": "DEBUG",
"TRAEFIK_ENTRYPOINT_TEST_HTTP_TLS": "true",
},
wantDeprecated: false,
},
{
desc: "[FILE] providers.marathon is deprecated",
args: []string{
"--configfile=./fixtures/traefik_deprecated.toml",
},
wantDeprecated: true,
},
{
desc: "[FILE] multiple deprecated",
args: []string{
"--configfile=./fixtures/traefik_multiple_deprecated.toml",
},
wantDeprecated: true,
},
{
desc: "[FILE] no deprecated",
args: []string{
"--configfile=./fixtures/traefik_no_deprecated.toml",
},
wantDeprecated: false,
},
}
for _, test := range testCases {
test := test
t.Run(test.desc, func(t *testing.T) {
tconfig := cmd.NewTraefikConfiguration()
c := &cli.Command{Configuration: tconfig}
l := DeprecationLoader{}
for name, val := range test.env {
t.Setenv(name, val)
}
deprecated, err := l.Load(test.args, c)
assert.Equal(t, test.wantDeprecated, deprecated)
if !test.wantDeprecated {
require.NoError(t, err)
}
})
}
}

View file

@ -0,0 +1,5 @@
[accesslog]
[entrypoints.test.http.tls]
[providers.marathon]

View file

@ -0,0 +1,8 @@
[accesslog]
[entrypoints.test.http.tls]
[providers.marathon]
[pilot]
token="xxx"

View file

@ -0,0 +1,3 @@
[accesslog]
[entrypoints.test.http.tls]

View file

@ -20,8 +20,6 @@ import (
const collectorURL = "https://collect.traefik.io/yYaUej3P42cziRVzv6T5w2aYy9po2Mrn" const collectorURL = "https://collect.traefik.io/yYaUej3P42cziRVzv6T5w2aYy9po2Mrn"
// Collected data. // Collected data.
//
//nolint:musttag // cannot be changed for historical reasons.
type data struct { type data struct {
Version string Version string
Codename string Codename string
@ -67,7 +65,7 @@ func createBody(staticConfiguration *static.Configuration) (*bytes.Buffer, error
} }
buf := new(bytes.Buffer) buf := new(bytes.Buffer)
err = json.NewEncoder(buf).Encode(data) err = json.NewEncoder(buf).Encode(data) //nolint:musttag // cannot be changed for historical reasons.
if err != nil { if err != nil {
return nil, err return nil, err
} }

View file

@ -39,6 +39,7 @@ type HTTPConfiguration struct {
type Model struct { type Model struct {
Middlewares []string `json:"middlewares,omitempty" toml:"middlewares,omitempty" yaml:"middlewares,omitempty" export:"true"` Middlewares []string `json:"middlewares,omitempty" toml:"middlewares,omitempty" yaml:"middlewares,omitempty" export:"true"`
TLS *RouterTLSConfig `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"` TLS *RouterTLSConfig `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"`
DefaultRuleSyntax string `json:"-" toml:"-" yaml:"-" label:"-" file:"-" kv:"-" export:"true"`
} }
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
@ -59,6 +60,7 @@ type Router struct {
Middlewares []string `json:"middlewares,omitempty" toml:"middlewares,omitempty" yaml:"middlewares,omitempty" export:"true"` Middlewares []string `json:"middlewares,omitempty" toml:"middlewares,omitempty" yaml:"middlewares,omitempty" export:"true"`
Service string `json:"service,omitempty" toml:"service,omitempty" yaml:"service,omitempty" export:"true"` Service string `json:"service,omitempty" toml:"service,omitempty" yaml:"service,omitempty" export:"true"`
Rule string `json:"rule,omitempty" toml:"rule,omitempty" yaml:"rule,omitempty"` Rule string `json:"rule,omitempty" toml:"rule,omitempty" yaml:"rule,omitempty"`
RuleSyntax string `json:"ruleSyntax,omitempty" toml:"ruleSyntax,omitempty" yaml:"ruleSyntax,omitempty" export:"true"`
Priority int `json:"priority,omitempty" toml:"priority,omitempty,omitzero" yaml:"priority,omitempty" export:"true"` Priority int `json:"priority,omitempty" toml:"priority,omitempty,omitzero" yaml:"priority,omitempty" export:"true"`
TLS *RouterTLSConfig `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"` TLS *RouterTLSConfig `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"`
DefaultRule bool `json:"-" toml:"-" yaml:"-" label:"-" file:"-"` DefaultRule bool `json:"-" toml:"-" yaml:"-" label:"-" file:"-"`
@ -225,6 +227,7 @@ func (r *ResponseForwarding) SetDefaults() {
// Server holds the server configuration. // Server holds the server configuration.
type Server struct { type Server struct {
URL string `json:"url,omitempty" toml:"url,omitempty" yaml:"url,omitempty" label:"-"` URL string `json:"url,omitempty" toml:"url,omitempty" yaml:"url,omitempty" label:"-"`
Weight *int `json:"weight,omitempty" toml:"weight,omitempty" yaml:"weight,omitempty" label:"weight"`
Scheme string `json:"-" toml:"-" yaml:"-" file:"-"` Scheme string `json:"-" toml:"-" yaml:"-" file:"-"`
Port string `json:"-" toml:"-" yaml:"-" file:"-"` Port string `json:"-" toml:"-" yaml:"-" file:"-"`
} }

Some files were not shown because too many files have changed in this diff Show more