Merge v3.0' into master
This commit is contained in:
commit
4e831b920e
301 changed files with 17759 additions and 7982 deletions
10
.github/workflows/build.yaml
vendored
10
.github/workflows/build.yaml
vendored
|
@ -6,13 +6,13 @@ on:
|
|||
- '*'
|
||||
|
||||
env:
|
||||
GO_VERSION: '1.21'
|
||||
GO_VERSION: '1.22'
|
||||
CGO_ENABLED: 0
|
||||
|
||||
jobs:
|
||||
|
||||
build-webui:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
|
@ -26,7 +26,7 @@ jobs:
|
|||
tar czvf webui.tar.gz ./webui/static/
|
||||
|
||||
- name: Artifact webui
|
||||
uses: actions/upload-artifact@v2
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: webui.tar.gz
|
||||
path: webui.tar.gz
|
||||
|
@ -35,7 +35,7 @@ jobs:
|
|||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ ubuntu-20.04, macos-latest, windows-latest ]
|
||||
os: [ ubuntu-22.04, macos-latest, windows-latest ]
|
||||
needs:
|
||||
- build-webui
|
||||
|
||||
|
@ -51,7 +51,7 @@ jobs:
|
|||
go-version: ${{ env.GO_VERSION }}
|
||||
|
||||
- name: Artifact webui
|
||||
uses: actions/download-artifact@v2
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
name: webui.tar.gz
|
||||
|
||||
|
|
2
.github/workflows/check_doc.yml
vendored
2
.github/workflows/check_doc.yml
vendored
|
@ -9,7 +9,7 @@ jobs:
|
|||
|
||||
docs:
|
||||
name: Check, verify and build documentation
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
|
|
2
.github/workflows/documentation.yml
vendored
2
.github/workflows/documentation.yml
vendored
|
@ -14,7 +14,7 @@ jobs:
|
|||
|
||||
docs:
|
||||
name: Doc Process
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
if: github.repository == 'traefik/traefik'
|
||||
|
||||
steps:
|
||||
|
|
4
.github/workflows/experimental.yaml
vendored
4
.github/workflows/experimental.yaml
vendored
|
@ -7,7 +7,7 @@ on:
|
|||
- v*
|
||||
|
||||
env:
|
||||
GO_VERSION: '1.21'
|
||||
GO_VERSION: '1.22'
|
||||
CGO_ENABLED: 0
|
||||
|
||||
jobs:
|
||||
|
@ -15,7 +15,7 @@ jobs:
|
|||
experimental:
|
||||
if: github.repository == 'traefik/traefik'
|
||||
name: Build experimental image on branch
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
|
||||
steps:
|
||||
|
||||
|
|
42
.github/workflows/test-conformance.yaml
vendored
Normal file
42
.github/workflows/test-conformance.yaml
vendored
Normal file
|
@ -0,0 +1,42 @@
|
|||
name: Test K8s Gateway API conformance
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches:
|
||||
- '*'
|
||||
paths:
|
||||
- 'pkg/provider/kubernetes/gateway/**'
|
||||
- 'integration/k8s_conformance_test.go'
|
||||
|
||||
env:
|
||||
GO_VERSION: '1.21'
|
||||
CGO_ENABLED: 0
|
||||
|
||||
jobs:
|
||||
|
||||
test-conformance:
|
||||
runs-on: ubuntu-20.04
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go ${{ env.GO_VERSION }}
|
||||
uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
|
||||
- name: Avoid generating webui
|
||||
run: touch webui/static/index.html
|
||||
|
||||
- name: Build binary
|
||||
run: make binary
|
||||
|
||||
- name: Setcap
|
||||
run: |
|
||||
sudo setcap 'cap_net_bind_service=+ep' dist/linux/amd64/traefik
|
||||
|
||||
- name: K8s Gateway API conformance test
|
||||
run: make test-gateway-api-conformance-ci
|
9
.github/workflows/test-integration.yaml
vendored
9
.github/workflows/test-integration.yaml
vendored
|
@ -4,18 +4,15 @@ on:
|
|||
pull_request:
|
||||
branches:
|
||||
- '*'
|
||||
push:
|
||||
branches:
|
||||
- 'gh-actions'
|
||||
|
||||
env:
|
||||
GO_VERSION: '1.21'
|
||||
GO_VERSION: '1.22'
|
||||
CGO_ENABLED: 0
|
||||
|
||||
jobs:
|
||||
|
||||
build:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
|
@ -35,7 +32,7 @@ jobs:
|
|||
run: make binary
|
||||
|
||||
test-integration:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
needs:
|
||||
- build
|
||||
strategy:
|
||||
|
|
4
.github/workflows/test-unit.yaml
vendored
4
.github/workflows/test-unit.yaml
vendored
|
@ -6,12 +6,12 @@ on:
|
|||
- '*'
|
||||
|
||||
env:
|
||||
GO_VERSION: '1.21'
|
||||
GO_VERSION: '1.22'
|
||||
|
||||
jobs:
|
||||
|
||||
test-unit:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
|
|
8
.github/workflows/validate.yaml
vendored
8
.github/workflows/validate.yaml
vendored
|
@ -6,14 +6,14 @@ on:
|
|||
- '*'
|
||||
|
||||
env:
|
||||
GO_VERSION: '1.21'
|
||||
GOLANGCI_LINT_VERSION: v1.55.2
|
||||
GO_VERSION: '1.22'
|
||||
GOLANGCI_LINT_VERSION: v1.56.0
|
||||
MISSSPELL_VERSION: v0.4.1
|
||||
|
||||
jobs:
|
||||
|
||||
validate:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
|
@ -39,7 +39,7 @@ jobs:
|
|||
run: make validate
|
||||
|
||||
validate-generate:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
|
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -19,3 +19,4 @@ plugins-storage/
|
|||
plugins-local/
|
||||
traefik_changelog.md
|
||||
integration/tailscale.secret
|
||||
integration/conformance-reports/
|
||||
|
|
|
@ -150,18 +150,14 @@ linters-settings:
|
|||
- github.com/jaguilar/vt100
|
||||
- github.com/cucumber/godog
|
||||
testifylint:
|
||||
enable:
|
||||
- bool-compare
|
||||
- compares
|
||||
- empty
|
||||
- error-is-as
|
||||
- error-nil
|
||||
- expected-actual
|
||||
- float-compare
|
||||
- len
|
||||
- suite-extra-assert-call
|
||||
- suite-thelper
|
||||
|
||||
disable:
|
||||
- suite-dont-use-pkg
|
||||
- require-error
|
||||
- go-require
|
||||
staticcheck:
|
||||
checks:
|
||||
- all
|
||||
- -SA1019
|
||||
linters:
|
||||
enable-all: true
|
||||
disable:
|
||||
|
@ -216,11 +212,12 @@ linters:
|
|||
|
||||
issues:
|
||||
exclude-use-default: false
|
||||
max-per-linter: 0
|
||||
max-issues-per-linter: 0
|
||||
max-same-issues: 0
|
||||
exclude:
|
||||
- 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked'
|
||||
- "should have a package comment, unless it's in another file for this package"
|
||||
- 'fmt.Sprintf can be replaced with string addition'
|
||||
exclude-rules:
|
||||
- path: '(.+)_test.go'
|
||||
linters:
|
||||
|
@ -280,3 +277,9 @@ issues:
|
|||
text: 'unusedwrite: unused write to field'
|
||||
linters:
|
||||
- govet
|
||||
- path: pkg/cli/deprecation.go
|
||||
linters:
|
||||
- goconst
|
||||
- path: pkg/cli/loader_file.go
|
||||
linters:
|
||||
- goconst
|
||||
|
|
|
@ -19,13 +19,13 @@ global_job_config:
|
|||
prologue:
|
||||
commands:
|
||||
- curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin"
|
||||
- sudo semgo go1.21
|
||||
- sudo semgo go1.22
|
||||
- export "GOPATH=$(go env GOPATH)"
|
||||
- export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}"
|
||||
- export "PATH=${GOPATH}/bin:${PATH}"
|
||||
- mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin"
|
||||
- export GOPROXY=https://proxy.golang.org,direct
|
||||
- curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.55.2
|
||||
- curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.56.0
|
||||
- curl -sSfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin"
|
||||
- checkout
|
||||
- cache restore traefik-$(checksum go.sum)
|
||||
|
|
10
CHANGELOG.md
10
CHANGELOG.md
|
@ -1,3 +1,13 @@
|
|||
## [v2.11.0-rc2](https://github.com/traefik/traefik/tree/v2.11.0-rc2) (2024-01-24)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v2.11.0-rc1...v2.11.0-rc2)
|
||||
|
||||
**Bug fixes:**
|
||||
- **[middleware,tcp]** Add missing TCP IPAllowList middleware constructor ([#10331](https://github.com/traefik/traefik/pull/10331) by [youkoulayley](https://github.com/youkoulayley))
|
||||
- **[nomad]** Update the Nomad API dependency to v1.7.2 ([#10327](https://github.com/traefik/traefik/pull/10327) by [jrasell](https://github.com/jrasell))
|
||||
|
||||
**Documentation:**
|
||||
- Improve Concepts documentation page ([#10315](https://github.com/traefik/traefik/pull/10315) by [oliver-dvorski](https://github.com/oliver-dvorski))
|
||||
|
||||
## [v2.11.0-rc1](https://github.com/traefik/traefik/tree/v2.11.0-rc1) (2024-01-02)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/0a7964300166d167f68d5502bc245b3b9c8842b4...v2.11.0-rc1)
|
||||
|
||||
|
|
65
Makefile
65
Makefile
|
@ -22,40 +22,41 @@ LINT_EXECUTABLES = misspell shellcheck
|
|||
DOCKER_BUILD_PLATFORMS ?= linux/amd64,linux/arm64
|
||||
|
||||
.PHONY: default
|
||||
#? default: Run `make generate` and `make binary`
|
||||
default: generate binary
|
||||
|
||||
## Create the "dist" directory
|
||||
#? dist: Create the "dist" directory
|
||||
dist:
|
||||
mkdir -p dist
|
||||
|
||||
## Build WebUI Docker image
|
||||
.PHONY: build-webui-image
|
||||
#? build-webui-image: Build WebUI Docker image
|
||||
build-webui-image:
|
||||
docker build -t traefik-webui -f webui/Dockerfile webui
|
||||
|
||||
## Clean WebUI static generated assets
|
||||
.PHONY: clean-webui
|
||||
#? clean-webui: Clean WebUI static generated assets
|
||||
clean-webui:
|
||||
rm -r webui/static
|
||||
mkdir -p webui/static
|
||||
printf 'For more information see `webui/readme.md`' > webui/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md
|
||||
|
||||
## Generate WebUI
|
||||
webui/static/index.html:
|
||||
$(MAKE) build-webui-image
|
||||
docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui npm run build:nc
|
||||
docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ./static
|
||||
|
||||
.PHONY: generate-webui
|
||||
#? generate-webui: Generate WebUI
|
||||
generate-webui: webui/static/index.html
|
||||
|
||||
## Generate code
|
||||
.PHONY: generate
|
||||
#? generate: Generate code (Dynamic and Static configuration documentation reference files)
|
||||
generate:
|
||||
go generate
|
||||
|
||||
## Build the binary
|
||||
.PHONY: binary
|
||||
#? binary: Build the binary
|
||||
binary: generate-webui dist
|
||||
@echo SHA: $(VERSION) $(CODENAME) $(DATE)
|
||||
CGO_ENABLED=0 GOGC=off GOOS=${GOOS} GOARCH=${GOARCH} go build ${FLAGS[*]} -ldflags "-s -w \
|
||||
|
@ -80,27 +81,39 @@ binary-windows-amd64: export BIN_NAME := traefik.exe
|
|||
binary-windows-amd64:
|
||||
@$(MAKE) binary
|
||||
|
||||
## Build the binary for the standard platforms (linux, darwin, windows)
|
||||
.PHONY: crossbinary-default
|
||||
#? crossbinary-default: Build the binary for the standard platforms (linux, darwin, windows)
|
||||
crossbinary-default: generate generate-webui
|
||||
$(CURDIR)/script/crossbinary-default.sh
|
||||
|
||||
## Run the unit and integration tests
|
||||
.PHONY: test
|
||||
#? test: Run the unit and integration tests
|
||||
test: test-unit test-integration
|
||||
|
||||
## Run the unit tests
|
||||
.PHONY: test-unit
|
||||
#? test-unit: Run the unit tests
|
||||
test-unit:
|
||||
GOOS=$(GOOS) GOARCH=$(GOARCH) go test -cover "-coverprofile=cover.out" -v $(TESTFLAGS) ./pkg/... ./cmd/...
|
||||
|
||||
## Run the integration tests
|
||||
.PHONY: test-integration
|
||||
#? test-integration: Run the integration tests
|
||||
test-integration: binary
|
||||
GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -test.timeout=20m -failfast -v $(TESTFLAGS)
|
||||
|
||||
## Pull all Docker images to avoid timeout during integration tests
|
||||
.PHONY: test-gateway-api-conformance
|
||||
#? test-gateway-api-conformance: Run the conformance tests
|
||||
test-gateway-api-conformance: binary
|
||||
GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -v -test.run K8sConformanceSuite -k8sConformance=true $(TESTFLAGS)
|
||||
|
||||
## TODO: Need to be fixed to work in all situations.
|
||||
.PHONY: test-gateway-api-conformance-ci
|
||||
#? test-gateway-api-conformance-ci: Run the conformance tests
|
||||
test-gateway-api-conformance-ci:
|
||||
GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -v -test.run K8sConformanceSuite -k8sConformance=true $(TESTFLAGS)
|
||||
|
||||
|
||||
.PHONY: pull-images
|
||||
#? pull-images: Pull all Docker images to avoid timeout during integration tests
|
||||
pull-images:
|
||||
grep --no-filename -E '^\s+image:' ./integration/resources/compose/*.yml \
|
||||
| awk '{print $$2}' \
|
||||
|
@ -108,21 +121,21 @@ pull-images:
|
|||
| uniq \
|
||||
| xargs -P 6 -n 1 docker pull
|
||||
|
||||
## Lint run golangci-lint
|
||||
.PHONY: lint
|
||||
#? lint: Run golangci-lint
|
||||
lint:
|
||||
golangci-lint run
|
||||
|
||||
## Validate code and docs
|
||||
.PHONY: validate-files
|
||||
#? validate-files: Validate code and docs
|
||||
validate-files: lint
|
||||
$(foreach exec,$(LINT_EXECUTABLES),\
|
||||
$(if $(shell which $(exec)),,$(error "No $(exec) in PATH")))
|
||||
$(CURDIR)/script/validate-misspell.sh
|
||||
$(CURDIR)/script/validate-shell-script.sh
|
||||
|
||||
## Validate code, docs, and vendor
|
||||
.PHONY: validate
|
||||
#? validate: Validate code, docs, and vendor
|
||||
validate: lint
|
||||
$(foreach exec,$(EXECUTABLES),\
|
||||
$(if $(shell which $(exec)),,$(error "No $(exec) in PATH")))
|
||||
|
@ -136,51 +149,57 @@ multi-arch-image-%: binary-linux-amd64 binary-linux-arm64
|
|||
docker buildx build $(DOCKER_BUILDX_ARGS) -t traefik/traefik:$* --platform=$(DOCKER_BUILD_PLATFORMS) -f Dockerfile .
|
||||
|
||||
|
||||
## Clean up static directory and build a Docker Traefik image
|
||||
.PHONY: build-image
|
||||
#? build-image: Clean up static directory and build a Docker Traefik image
|
||||
build-image: export DOCKER_BUILDX_ARGS := --load
|
||||
build-image: export DOCKER_BUILD_PLATFORMS := linux/$(GOARCH)
|
||||
build-image: clean-webui
|
||||
@$(MAKE) multi-arch-image-latest
|
||||
|
||||
## Build a Docker Traefik image without re-building the webui when it's already built
|
||||
.PHONY: build-image-dirty
|
||||
#? build-image-dirty: Build a Docker Traefik image without re-building the webui when it's already built
|
||||
build-image-dirty: export DOCKER_BUILDX_ARGS := --load
|
||||
build-image-dirty: export DOCKER_BUILD_PLATFORMS := linux/$(GOARCH)
|
||||
build-image-dirty:
|
||||
@$(MAKE) multi-arch-image-latest
|
||||
|
||||
## Build documentation site
|
||||
.PHONY: docs
|
||||
#? docs: Build documentation site
|
||||
docs:
|
||||
make -C ./docs docs
|
||||
|
||||
## Serve the documentation site locally
|
||||
.PHONY: docs-serve
|
||||
#? docs-serve: Serve the documentation site locally
|
||||
docs-serve:
|
||||
make -C ./docs docs-serve
|
||||
|
||||
## Pull image for doc building
|
||||
.PHONY: docs-pull-images
|
||||
#? docs-pull-images: Pull image for doc building
|
||||
docs-pull-images:
|
||||
make -C ./docs docs-pull-images
|
||||
|
||||
## Generate CRD clientset and CRD manifests
|
||||
.PHONY: generate-crd
|
||||
#? generate-crd: Generate CRD clientset and CRD manifests
|
||||
generate-crd:
|
||||
@$(CURDIR)/script/code-gen-docker.sh
|
||||
|
||||
## Generate code from dynamic configuration https://github.com/traefik/genconf
|
||||
.PHONY: generate-genconf
|
||||
#? generate-genconf: Generate code from dynamic configuration github.com/traefik/genconf
|
||||
generate-genconf:
|
||||
go run ./cmd/internal/gen/
|
||||
|
||||
## Create packages for the release
|
||||
.PHONY: release-packages
|
||||
#? release-packages: Create packages for the release
|
||||
release-packages: generate-webui
|
||||
$(CURDIR)/script/release-packages.sh
|
||||
|
||||
## Format the Code
|
||||
.PHONY: fmt
|
||||
#? fmt: Format the Code
|
||||
fmt:
|
||||
gofmt -s -l -w $(SRCS)
|
||||
|
||||
.PHONY: help
|
||||
#? help: Get more info on make commands
|
||||
help: Makefile
|
||||
@echo " Choose a command run in traefik:"
|
||||
@sed -n 's/^#?//p' $< | column -t -s ':' | sort | sed -e 's/^/ /'
|
||||
|
|
|
@ -72,6 +72,7 @@ _(But if you'd rather configure some of your routes manually, Traefik supports t
|
|||
|
||||
- [Docker](https://doc.traefik.io/traefik/providers/docker/) / [Swarm mode](https://doc.traefik.io/traefik/providers/docker/)
|
||||
- [Kubernetes](https://doc.traefik.io/traefik/providers/kubernetes-crd/)
|
||||
- [ECS](https://doc.traefik.io/traefik/providers/ecs/)
|
||||
- [File](https://doc.traefik.io/traefik/providers/file/)
|
||||
|
||||
## Quickstart
|
||||
|
|
|
@ -53,7 +53,7 @@ func main() {
|
|||
// traefik config inits
|
||||
tConfig := cmd.NewTraefikConfiguration()
|
||||
|
||||
loaders := []cli.ResourceLoader{&tcli.FileLoader{}, &tcli.FlagLoader{}, &tcli.EnvLoader{}}
|
||||
loaders := []cli.ResourceLoader{&tcli.DeprecationLoader{}, &tcli.FileLoader{}, &tcli.FlagLoader{}, &tcli.EnvLoader{}}
|
||||
|
||||
cmdTraefik := &cli.Command{
|
||||
Name: "traefik",
|
||||
|
@ -193,10 +193,13 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
|
|||
|
||||
tsProviders := initTailscaleProviders(staticConfiguration, &providerAggregator)
|
||||
|
||||
// Metrics
|
||||
// Observability
|
||||
|
||||
metricRegistries := registerMetricClients(staticConfiguration.Metrics)
|
||||
metricsRegistry := metrics.NewMultiRegistry(metricRegistries)
|
||||
accessLog := setupAccessLog(staticConfiguration.AccessLog)
|
||||
tracer, tracerCloser := setupTracing(staticConfiguration.Tracing)
|
||||
observabilityMgr := middleware.NewObservabilityMgr(*staticConfiguration, metricsRegistry, accessLog, tracer, tracerCloser)
|
||||
|
||||
// Entrypoints
|
||||
|
||||
|
@ -263,14 +266,11 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
|
|||
roundTripperManager := service.NewRoundTripperManager(spiffeX509Source)
|
||||
dialerManager := tcp.NewDialerManager(spiffeX509Source)
|
||||
acmeHTTPHandler := getHTTPChallengeHandler(acmeProviders, httpChallengeProvider)
|
||||
managerFactory := service.NewManagerFactory(*staticConfiguration, routinesPool, metricsRegistry, roundTripperManager, acmeHTTPHandler)
|
||||
managerFactory := service.NewManagerFactory(*staticConfiguration, routinesPool, observabilityMgr, roundTripperManager, acmeHTTPHandler)
|
||||
|
||||
// Router factory
|
||||
accessLog := setupAccessLog(staticConfiguration.AccessLog)
|
||||
|
||||
tracer, tracerCloser := setupTracing(staticConfiguration.Tracing)
|
||||
chainBuilder := middleware.NewChainBuilder(metricsRegistry, accessLog, tracer)
|
||||
routerFactory := server.NewRouterFactory(*staticConfiguration, managerFactory, tlsManager, chainBuilder, pluginBuilder, metricsRegistry, dialerManager)
|
||||
routerFactory := server.NewRouterFactory(*staticConfiguration, managerFactory, tlsManager, observabilityMgr, pluginBuilder, dialerManager)
|
||||
|
||||
// Watcher
|
||||
|
||||
|
@ -351,7 +351,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
|
|||
}
|
||||
})
|
||||
|
||||
return server.NewServer(routinesPool, serverEntryPointsTCP, serverEntryPointsUDP, watcher, chainBuilder, accessLog, tracerCloser), nil
|
||||
return server.NewServer(routinesPool, serverEntryPointsTCP, serverEntryPointsUDP, watcher, observabilityMgr), nil
|
||||
}
|
||||
|
||||
func getHTTPChallengeHandler(acmeProviders []*acme.Provider, httpChallengeProvider http.Handler) http.Handler {
|
||||
|
@ -520,15 +520,14 @@ func registerMetricClients(metricsConfig *types.Metrics) []metrics.Registry {
|
|||
}
|
||||
}
|
||||
|
||||
if metricsConfig.OpenTelemetry != nil {
|
||||
if metricsConfig.OTLP != nil {
|
||||
logger := log.With().Str(logs.MetricsProviderName, "openTelemetry").Logger()
|
||||
|
||||
openTelemetryRegistry := metrics.RegisterOpenTelemetry(logger.WithContext(context.Background()), metricsConfig.OpenTelemetry)
|
||||
openTelemetryRegistry := metrics.RegisterOpenTelemetry(logger.WithContext(context.Background()), metricsConfig.OTLP)
|
||||
if openTelemetryRegistry != nil {
|
||||
registries = append(registries, openTelemetryRegistry)
|
||||
logger.Debug().
|
||||
Str("address", metricsConfig.OpenTelemetry.Address).
|
||||
Str("pushInterval", metricsConfig.OpenTelemetry.PushInterval.String()).
|
||||
Str("pushInterval", metricsConfig.OTLP.PushInterval.String()).
|
||||
Msg("Configured OpenTelemetry metrics")
|
||||
}
|
||||
}
|
||||
|
|
|
@ -19,7 +19,7 @@ version: '3'
|
|||
|
||||
services:
|
||||
reverse-proxy:
|
||||
# The official v2 Traefik docker image
|
||||
# The official v3 Traefik docker image
|
||||
image: traefik:v3.0
|
||||
# Enables the web UI and tells Traefik to listen to docker
|
||||
command: --api.insecure=true --providers.docker
|
||||
|
|
|
@ -361,6 +361,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
|
|||
| [Hetzner](https://hetzner.com) | `hetzner` | `HETZNER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner) |
|
||||
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) |
|
||||
| [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) |
|
||||
| [http.net](https://www.http.net/) | `httpnet` | `HTTPNET_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/httpnet) |
|
||||
| [Hurricane Electric](https://dns.he.net) | `hurricane` | `HURRICANE_TOKENS` [^6] | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane) |
|
||||
| [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) |
|
||||
| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/) | `ibmcloud` | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud) |
|
||||
|
@ -426,6 +427,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
|
|||
| [VK Cloud](https://mcs.mail.ru/) | `vkcloud` | `VK_CLOUD_PASSWORD`, `VK_CLOUD_PROJECT_ID`, `VK_CLOUD_USERNAME` | [Additional configuration](https://go-acme.github.io/lego/dns/vkcloud) |
|
||||
| [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) |
|
||||
| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) |
|
||||
| [Webnames](https://www.webnames.ru/) | `webnames` | `WEBNAMES_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/webnames) |
|
||||
| [Websupport](https://websupport.sk) | `websupport` | `WEBSUPPORT_API_KEY`, `WEBSUPPORT_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/websupport) |
|
||||
| [WEDOS](https://www.wedos.com) | `wedos` | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/wedos) |
|
||||
| [Yandex 360](https://360.yandex.ru) | `yandex360` | `YANDEX360_OAUTH_TOKEN`, `YANDEX360_ORG_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex360) |
|
||||
|
|
|
@ -85,6 +85,7 @@ At specified intervals (`checkPeriod`), the circuit breaker evaluates `expressio
|
|||
### Open
|
||||
|
||||
While open, the fallback mechanism takes over the normal service calls for a duration of `FallbackDuration`.
|
||||
The fallback mechanism returns a `HTTP 503` (or `ResponseCode`) to the client.
|
||||
After this duration, it enters the recovering state.
|
||||
|
||||
### Recovering
|
||||
|
@ -179,3 +180,9 @@ The duration for which the circuit breaker will wait before trying to recover (f
|
|||
_Optional, Default="10s"_
|
||||
|
||||
The duration for which the circuit breaker will try to recover (as soon as it is in recovering state).
|
||||
|
||||
### `ResponseCode`
|
||||
|
||||
_Optional, Default="503"_
|
||||
|
||||
The status code that the circuit breaker will return while it is in the open state.
|
||||
|
|
|
@ -52,3 +52,16 @@ http:
|
|||
[http.middlewares]
|
||||
[http.middlewares.autodetect.contentType]
|
||||
```
|
||||
|
||||
## Configuration Options
|
||||
|
||||
### `autoDetect`
|
||||
|
||||
!!! warning
|
||||
|
||||
`autoDetect` option is deprecated and should not be used.
|
||||
Moreover, it is redundant with an empty ContentType middleware declaration.
|
||||
|
||||
`autoDetect` specifies whether to let the `Content-Type` header,
|
||||
if it has not been set by the backend,
|
||||
be automatically set to a value derived from the contents of the response.
|
||||
|
|
|
@ -314,11 +314,43 @@ The `allowedHosts` option lists fully qualified domain names that are allowed.
|
|||
|
||||
The `hostsProxyHeaders` option is a set of header keys that may hold a proxied hostname value for the request.
|
||||
|
||||
### `sslRedirect`
|
||||
|
||||
!!! warning
|
||||
|
||||
Deprecated in favor of [EntryPoint redirection](../../routing/entrypoints.md#redirection) or the [RedirectScheme middleware](./redirectscheme.md).
|
||||
|
||||
The `sslRedirect` only allow HTTPS requests when set to `true`.
|
||||
|
||||
### `sslTemporaryRedirect`
|
||||
|
||||
!!! warning
|
||||
|
||||
Deprecated in favor of [EntryPoint redirection](../../routing/entrypoints.md#redirection) or the [RedirectScheme middleware](./redirectscheme.md).
|
||||
|
||||
Set `sslTemporaryRedirect` to `true` to force an SSL redirection using a 302 (instead of a 301).
|
||||
|
||||
### `sslHost`
|
||||
|
||||
!!! warning
|
||||
|
||||
Deprecated in favor of the [RedirectRegex middleware](./redirectregex.md).
|
||||
|
||||
The `sslHost` option is the host name that is used to redirect HTTP requests to HTTPS.
|
||||
|
||||
### `sslProxyHeaders`
|
||||
|
||||
The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid HTTPS request.
|
||||
It can be useful when using other proxies (example: `"X-Forwarded-Proto": "https"`).
|
||||
|
||||
### `sslForceHost`
|
||||
|
||||
!!! warning
|
||||
|
||||
Deprecated in favor of the [RedirectRegex middleware](./redirectregex.md).
|
||||
|
||||
Set `sslForceHost` to `true` and set `sslHost` to force requests to use `SSLHost` regardless of whether they already use SSL.
|
||||
|
||||
### `stsSeconds`
|
||||
|
||||
The `stsSeconds` is the max-age of the `Strict-Transport-Security` header.
|
||||
|
@ -370,6 +402,14 @@ The `publicKey` implements HPKP to prevent MITM attacks with forged certificates
|
|||
|
||||
The `referrerPolicy` allows sites to control whether browsers forward the `Referer` header to other sites.
|
||||
|
||||
### `featurePolicy`
|
||||
|
||||
!!! warning
|
||||
|
||||
Deprecated in favor of [`permissionsPolicy`](#permissionsPolicy)
|
||||
|
||||
The `featurePolicy` allows sites to control browser features.
|
||||
|
||||
### `permissionsPolicy`
|
||||
|
||||
The `permissionsPolicy` allows sites to control browser features.
|
||||
|
|
|
@ -76,3 +76,72 @@ For instance, `/products` also matches `/products/shoes` and `/products/shirts`.
|
|||
|
||||
If your backend is serving assets (e.g., images or JavaScript files), it can use the `X-Forwarded-Prefix` header to properly construct relative URLs.
|
||||
Using the previous example, the backend should return `/products/shoes/image.png` (and not `/image.png`, which Traefik would likely not be able to associate with the same backend).
|
||||
|
||||
### `forceSlash`
|
||||
|
||||
_Optional, Default=true_
|
||||
|
||||
!!! warning
|
||||
|
||||
`forceSlash` option is deprecated and should not be used.
|
||||
|
||||
The `forceSlash` option ensures the resulting stripped path is not the empty string, by replacing it with `/` when necessary.
|
||||
|
||||
??? info "Behavior examples"
|
||||
|
||||
- `forceSlash=true`
|
||||
|
||||
| Path | Prefix to strip | Result |
|
||||
|------------|-----------------|--------|
|
||||
| `/` | `/` | `/` |
|
||||
| `/foo` | `/foo` | `/` |
|
||||
| `/foo/` | `/foo` | `/` |
|
||||
| `/foo/` | `/foo/` | `/` |
|
||||
| `/bar` | `/foo` | `/bar` |
|
||||
| `/foo/bar` | `/foo` | `/bar` |
|
||||
|
||||
- `forceSlash=false`
|
||||
|
||||
| Path | Prefix to strip | Result |
|
||||
|------------|-----------------|--------|
|
||||
| `/` | `/` | empty |
|
||||
| `/foo` | `/foo` | empty |
|
||||
| `/foo/` | `/foo` | `/` |
|
||||
| `/foo/` | `/foo/` | empty |
|
||||
| `/bar` | `/foo` | `/bar` |
|
||||
| `/foo/bar` | `/foo` | `/bar` |
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.example.stripprefix.prefixes=/foobar"
|
||||
- "traefik.http.middlewares.example.stripprefix.forceSlash=false"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: example
|
||||
spec:
|
||||
stripPrefix:
|
||||
prefixes:
|
||||
- "/foobar"
|
||||
forceSlash: false
|
||||
```
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
http:
|
||||
middlewares:
|
||||
example:
|
||||
stripPrefix:
|
||||
prefixes:
|
||||
- "/foobar"
|
||||
forceSlash: false
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[http.middlewares]
|
||||
[http.middlewares.example.stripPrefix]
|
||||
prefixes = ["/foobar"]
|
||||
forceSlash = false
|
||||
```
|
||||
|
|
|
@ -19,6 +19,8 @@ and how it now looks like in v3.
|
|||
|
||||
### Docker & Docker Swarm
|
||||
|
||||
#### SwarmMode
|
||||
|
||||
In v3, the provider Docker has been split into 2 providers:
|
||||
|
||||
- Docker provider (without Swarm support)
|
||||
|
@ -43,7 +45,7 @@ In v3, the provider Docker has been split into 2 providers:
|
|||
|
||||
This configuration is now unsupported and would prevent Traefik to start.
|
||||
|
||||
#### Remediation
|
||||
##### Remediation
|
||||
|
||||
In v3, the `swarmMode` should not be used with the Docker provider, and, to use Swarm, the Swarm provider should be used instead.
|
||||
|
||||
|
@ -64,7 +66,35 @@ In v3, the `swarmMode` should not be used with the Docker provider, and, to use
|
|||
--providers.swarm.endpoint=tcp://127.0.0.1:2377
|
||||
```
|
||||
|
||||
### HTTP3 Experimental Configuration
|
||||
#### TLS.CAOptional
|
||||
|
||||
Docker provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType).
|
||||
|
||||
??? example "An example usage of the TLS.CAOptional option"
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
docker:
|
||||
tls:
|
||||
caOptional: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[providers.docker.tls]
|
||||
caOptional=true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--providers.docker.tls.caOptional=true
|
||||
```
|
||||
|
||||
##### Remediation
|
||||
|
||||
The `tls.caOptional` option should be removed from the Docker provider static configuration.
|
||||
|
||||
### Experimental Configuration
|
||||
|
||||
#### HTTP3
|
||||
|
||||
In v3, HTTP/3 is no longer an experimental feature.
|
||||
It can be enabled on entry points without the associated `experimental.http3` option, which is now removed.
|
||||
|
@ -86,12 +116,14 @@ It is now unsupported and would prevent Traefik to start.
|
|||
--experimental.http3=true
|
||||
```
|
||||
|
||||
#### Remediation
|
||||
##### Remediation
|
||||
|
||||
The `http3` option should be removed from the static configuration experimental section.
|
||||
|
||||
### Consul provider
|
||||
|
||||
#### namespace
|
||||
|
||||
The Consul provider `namespace` option was deprecated in v2 and is now removed in v3.
|
||||
It is now unsupported and would prevent Traefik to start.
|
||||
|
||||
|
@ -111,7 +143,7 @@ It is now unsupported and would prevent Traefik to start.
|
|||
--consul.namespace=foobar
|
||||
```
|
||||
|
||||
#### Remediation
|
||||
##### Remediation
|
||||
|
||||
In v3, the `namespaces` option should be used instead of the `namespace` option.
|
||||
|
||||
|
@ -132,8 +164,36 @@ In v3, the `namespaces` option should be used instead of the `namespace` option.
|
|||
--consul.namespaces=foobar
|
||||
```
|
||||
|
||||
#### TLS.CAOptional
|
||||
|
||||
Consul provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType).
|
||||
|
||||
??? example "An example usage of the TLS.CAOptional option"
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
consul:
|
||||
tls:
|
||||
caOptional: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[providers.consul.tls]
|
||||
caOptional=true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--providers.consul.tls.caOptional=true
|
||||
```
|
||||
|
||||
##### Remediation
|
||||
|
||||
The `tls.caOptional` option should be removed from the Consul provider static configuration.
|
||||
|
||||
### ConsulCatalog provider
|
||||
|
||||
#### namespace
|
||||
|
||||
The ConsulCatalog provider `namespace` option was deprecated in v2 and is now removed in v3.
|
||||
It is now unsupported and would prevent Traefik to start.
|
||||
|
||||
|
@ -153,7 +213,7 @@ It is now unsupported and would prevent Traefik to start.
|
|||
--consulCatalog.namespace=foobar
|
||||
```
|
||||
|
||||
#### Remediation
|
||||
##### Remediation
|
||||
|
||||
In v3, the `namespaces` option should be used instead of the `namespace` option.
|
||||
|
||||
|
@ -174,8 +234,37 @@ In v3, the `namespaces` option should be used instead of the `namespace` option.
|
|||
--consulCatalog.namespaces=foobar
|
||||
```
|
||||
|
||||
#### Endpoint.TLS.CAOptional
|
||||
|
||||
ConsulCatalog provider `endpoint.tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType).
|
||||
|
||||
??? example "An example usage of the Endpoint.TLS.CAOptional option"
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
consulCatalog:
|
||||
endpoint:
|
||||
tls:
|
||||
caOptional: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[providers.consulCatalog.endpoint.tls]
|
||||
caOptional=true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--providers.consulCatalog.endpoint.tls.caOptional=true
|
||||
```
|
||||
|
||||
##### Remediation
|
||||
|
||||
The `endpoint.tls.caOptional` option should be removed from the ConsulCatalog provider static configuration.
|
||||
|
||||
### Nomad provider
|
||||
|
||||
#### namespace
|
||||
|
||||
The Nomad provider `namespace` option was deprecated in v2 and is now removed in v3.
|
||||
It is now unsupported and would prevent Traefik to start.
|
||||
|
||||
|
@ -195,7 +284,7 @@ It is now unsupported and would prevent Traefik to start.
|
|||
--nomad.namespace=foobar
|
||||
```
|
||||
|
||||
#### Remediation
|
||||
##### Remediation
|
||||
|
||||
In v3, the `namespaces` option should be used instead of the `namespace` option.
|
||||
|
||||
|
@ -216,6 +305,33 @@ In v3, the `namespaces` option should be used instead of the `namespace` option.
|
|||
--nomad.namespaces=foobar
|
||||
```
|
||||
|
||||
#### Endpoint.TLS.CAOptional
|
||||
|
||||
Nomad provider `endpoint.tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType).
|
||||
|
||||
??? example "An example usage of the Endpoint.TLS.CAOptional option"
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
nomad:
|
||||
endpoint:
|
||||
tls:
|
||||
caOptional: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[providers.nomad.endpoint.tls]
|
||||
caOptional=true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--providers.nomad.endpoint.tls.caOptional=true
|
||||
```
|
||||
|
||||
##### Remediation
|
||||
|
||||
The `endpoint.tls.caOptional` option should be removed from the Nomad provider static configuration.
|
||||
|
||||
### Rancher v1 Provider
|
||||
|
||||
In v3, the Rancher v1 provider has been removed because Rancher v1 is [no longer actively maintaned](https://rancher.com/docs/os/v1.x/en/support/),
|
||||
|
@ -271,6 +387,90 @@ This configuration is now unsupported and would prevent Traefik to start.
|
|||
|
||||
All Marathon provider related configuration should be removed from the static configuration.
|
||||
|
||||
### HTTP Provider
|
||||
|
||||
#### TLS.CAOptional
|
||||
|
||||
HTTP provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType).
|
||||
|
||||
??? example "An example usage of the TLS.CAOptional option"
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
http:
|
||||
tls:
|
||||
caOptional: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[providers.http.tls]
|
||||
caOptional=true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--providers.http.tls.caOptional=true
|
||||
```
|
||||
|
||||
##### Remediation
|
||||
|
||||
The `tls.caOptional` option should be removed from the HTTP provider static configuration.
|
||||
|
||||
### ETCD Provider
|
||||
|
||||
#### TLS.CAOptional
|
||||
|
||||
ETCD provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType).
|
||||
|
||||
??? example "An example usage of the TLS.CAOptional option"
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
etcd:
|
||||
tls:
|
||||
caOptional: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[providers.etcd.tls]
|
||||
caOptional=true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--providers.etcd.tls.caOptional=true
|
||||
```
|
||||
|
||||
##### Remediation
|
||||
|
||||
The `tls.caOptional` option should be removed from the ETCD provider static configuration.
|
||||
|
||||
### Redis Provider
|
||||
|
||||
#### TLS.CAOptional
|
||||
|
||||
Redis provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://pkg.go.dev/crypto/tls#ClientAuthType).
|
||||
|
||||
??? example "An example usage of the TLS.CAOptional option"
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
redis:
|
||||
tls:
|
||||
caOptional: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[providers.redis.tls]
|
||||
caOptional=true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--providers.redis.tls.caOptional=true
|
||||
```
|
||||
|
||||
##### Remediation
|
||||
|
||||
The `tls.caOptional` option should be removed from the Redis provider static configuration.
|
||||
|
||||
### InfluxDB v1
|
||||
|
||||
InfluxDB v1.x maintenance [ended in 2021](https://www.influxdata.com/blog/influxdb-oss-and-enterprise-roadmap-update-from-influxdays-emea/).
|
||||
|
@ -326,21 +526,16 @@ All Pilot related configuration should be removed from the static configuration.
|
|||
|
||||
## Dynamic configuration
|
||||
|
||||
### IPWhiteList
|
||||
### Router Rule Matchers
|
||||
|
||||
In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing anything to the configuration.
|
||||
In v3, a new rule matchers syntax has been introduced for HTTP and TCP routers.
|
||||
The default rule matchers syntax is now the v3 one, but for backward compatibility this can be configured.
|
||||
The v2 rule matchers syntax is deprecated and its support will be removed in the next major version.
|
||||
For this reason, we encourage migrating to the new syntax.
|
||||
|
||||
### Deprecated Options Removal
|
||||
#### New V3 Syntax Notable Changes
|
||||
|
||||
- The `tracing.datadog.globaltag` option has been removed.
|
||||
- The `tls.caOptional` option has been removed from the ForwardAuth middleware, as well as from the HTTP, Consul, Etcd, Redis, ZooKeeper, Consul Catalog, and Docker providers.
|
||||
- `sslRedirect`, `sslTemporaryRedirect`, `sslHost`, `sslForceHost` and `featurePolicy` options of the Headers middleware have been removed.
|
||||
- The `forceSlash` option of the StripPrefix middleware has been removed.
|
||||
- The `preferServerCipherSuites` option has been removed.
|
||||
|
||||
### Matchers
|
||||
|
||||
In v3, the `Headers` and `HeadersRegexp` matchers have been renamed to `Header` and `HeaderRegexp` respectively.
|
||||
The `Headers` and `HeadersRegexp` matchers have been renamed to `Header` and `HeaderRegexp` respectively.
|
||||
|
||||
`PathPrefix` no longer uses regular expressions to match path prefixes.
|
||||
|
||||
|
@ -355,6 +550,87 @@ and should be explicitly combined using logical operators to mimic previous beha
|
|||
|
||||
`HostHeader` has been removed, use `Host` instead.
|
||||
|
||||
#### Remediation
|
||||
|
||||
##### Configure the Default Syntax In Static Configuration
|
||||
|
||||
The default rule matchers syntax is the expected syntax for any router that is not self opt-out from this default value.
|
||||
It can be configured in the static configuration.
|
||||
|
||||
??? example "An example configuration for the default rule matchers syntax"
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
# static configuration
|
||||
core:
|
||||
defaultRuleSyntax: v2
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
# static configuration
|
||||
[core]
|
||||
defaultRuleSyntax="v2"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
# static configuration
|
||||
--core.defaultRuleSyntax=v2
|
||||
```
|
||||
|
||||
##### Configure the Syntax Per Router
|
||||
|
||||
The rule syntax can also be configured on a per-router basis.
|
||||
This allows to have heterogeneous router configurations and ease migration.
|
||||
|
||||
??? example "An example router with syntax configuration"
|
||||
|
||||
```yaml tab="Docker & Swarm"
|
||||
labels:
|
||||
- "traefik.http.routers.test.ruleSyntax=v2"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: test.route
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
routes:
|
||||
- match: PathPrefix(`/foo`, `/bar`)
|
||||
syntax: v2
|
||||
kind: Rule
|
||||
```
|
||||
|
||||
```yaml tab="Consul Catalog"
|
||||
- "traefik.http.routers.test.ruleSyntax=v2"
|
||||
```
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
http:
|
||||
routers:
|
||||
test:
|
||||
ruleSyntax: v2
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[http.routers]
|
||||
[http.routers.test]
|
||||
ruleSyntax = "v2"
|
||||
```
|
||||
|
||||
### IPWhiteList
|
||||
|
||||
In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing anything to the configuration.
|
||||
|
||||
### Deprecated Options Removal
|
||||
|
||||
- The `tracing.datadog.globaltag` option has been removed.
|
||||
- The `tls.caOptional` option has been removed from the ForwardAuth middleware, as well as from the HTTP, Consul, Etcd, Redis, ZooKeeper, Consul Catalog, and Docker providers.
|
||||
- `sslRedirect`, `sslTemporaryRedirect`, `sslHost`, `sslForceHost` and `featurePolicy` options of the Headers middleware have been removed.
|
||||
- The `forceSlash` option of the StripPrefix middleware has been removed.
|
||||
- The `preferServerCipherSuites` option has been removed.
|
||||
|
||||
### TCP LoadBalancer `terminationDelay` option
|
||||
|
||||
The TCP LoadBalancer `terminationDelay` option has been removed.
|
||||
|
@ -415,3 +691,15 @@ Here are two possible transition strategies:
|
|||
For legacy stacks that cannot immediately upgrade to the latest vendor agents supporting OTLP ingestion,
|
||||
using OpenTelemetry (OTel) collectors with appropriate exporters configuration is a viable solution.
|
||||
This allows continued compatibility with the existing infrastructure.
|
||||
|
||||
Please check the [OpenTelemetry Tracing provider documention](../observability/tracing/opentelemetry.md) for more information.
|
||||
|
||||
#### Internal Resources Observability (AccessLogs, Metrics and Tracing)
|
||||
|
||||
In v3, observability for internal routers or services (e.g.: `ping@internal`) is disabled by default.
|
||||
To enable it one should use the new `addInternals` option for AccessLogs, Metrics or Tracing.
|
||||
Please take a look at the observability documentation for more information:
|
||||
|
||||
- [AccessLogs](../observability/access-logs.md#addinternals)
|
||||
- [Metrics](../observability/metrics/overview.md#addinternals)
|
||||
- [AccessLogs](../observability/tracing/overview.md#addinternals)
|
||||
|
|
|
@ -536,3 +536,30 @@ In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowL
|
|||
### IPWhiteList (TCP)
|
||||
|
||||
In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowList](../middlewares/tcp/ipallowlist.md) middleware instead.
|
||||
|
||||
### TLS CipherSuites
|
||||
|
||||
> By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes.
|
||||
> This change can be reverted with the `tlsrsakex=1 GODEBUG` setting.
|
||||
> (https://go.dev/doc/go1.22#crypto/tls)
|
||||
|
||||
The _RSA key exchange_ cipher suites are way less secure than the modern ECDHE cipher suites and exposes to potential vulnerabilities like [the Marvin Attack](https://people.redhat.com/~hkario/marvin).
|
||||
Decision has been made to support ECDHE cipher suites only by default.
|
||||
|
||||
The following ciphers have been removed from the default list:
|
||||
|
||||
- `TLS_RSA_WITH_AES_128_CBC_SHA`
|
||||
- `TLS_RSA_WITH_AES_256_CBC_SHA`
|
||||
- `TLS_RSA_WITH_AES_128_GCM_SHA256`
|
||||
- `TLS_RSA_WITH_AES_256_GCM_SHA384`
|
||||
|
||||
To enable these ciphers, please set the option `CipherSuites` in your [TLS configuration](https://doc.traefik.io/traefik/https/tls/#cipher-suites) or set the environment variable `GODEBUG=tlsrsakex=1`.
|
||||
|
||||
### Minimum TLS Version
|
||||
|
||||
> By default, the minimum version offered by `crypto/tls` servers is now TLS 1.2 if not specified with config.MinimumVersion,
|
||||
> matching the behavior of crypto/tls clients.
|
||||
> This change can be reverted with the `tls10server=1 GODEBUG` setting.
|
||||
> (https://go.dev/doc/go1.22#crypto/tls)
|
||||
|
||||
To enable TLS 1.0, please set the option `MinVersion` to `VersionTLS10` in your [TLS configuration](https://doc.traefik.io/traefik/https/tls/#cipher-suites) or set the environment variable `GODEBUG=tls10server=1`.
|
||||
|
|
|
@ -26,6 +26,26 @@ accessLog: {}
|
|||
--accesslog=true
|
||||
```
|
||||
|
||||
### `addInternals`
|
||||
|
||||
_Optional, Default="false"_
|
||||
|
||||
Enables accessLogs for internal resources.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
accesslog:
|
||||
addInternals: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[accesslog]
|
||||
addInternals = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--accesslog.addinternals
|
||||
```
|
||||
|
||||
### `filePath`
|
||||
|
||||
By default access logs are written to the standard output.
|
||||
|
|
|
@ -27,6 +27,8 @@ _Required, Default="127.0.0.1:8125"_
|
|||
|
||||
Address instructs exporter to send metrics to datadog-agent at this address.
|
||||
|
||||
This address can be a Unix Domain Socket (UDS) address with the following form: `unix:///path/to/datadog.socket`.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
datadog:
|
||||
|
|
|
@ -5,45 +5,25 @@ description: "Traefik supports several metrics backends, including OpenTelemetry
|
|||
|
||||
# OpenTelemetry
|
||||
|
||||
To enable the OpenTelemetry:
|
||||
To enable the OpenTelemetry metrics:
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
openTelemetry: {}
|
||||
otlp: {}
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics]
|
||||
[metrics.openTelemetry]
|
||||
[metrics.otlp]
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.openTelemetry=true
|
||||
--metrics.otlp=true
|
||||
```
|
||||
|
||||
!!! info "The OpenTelemetry exporter will export metrics to the collector by using HTTP by default, see the [gRPC Section](#grpc-configuration) to use gRPC."
|
||||
!!! info "Default protocol"
|
||||
|
||||
#### `address`
|
||||
|
||||
_Required, Default="localhost:4318", Format="`<host>:<port>`"_
|
||||
|
||||
Address of the OpenTelemetry Collector to send metrics to.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
openTelemetry:
|
||||
address: localhost:4318
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics]
|
||||
[metrics.openTelemetry]
|
||||
address = "localhost:4318"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.openTelemetry.address=localhost:4318
|
||||
```
|
||||
The OpenTelemetry exporter will export metrics to the collector using HTTP by default to https://localhost:4318/v1/metrics, see the [gRPC Section](#grpc-configuration) to use gRPC.
|
||||
|
||||
#### `addEntryPointsLabels`
|
||||
|
||||
|
@ -53,18 +33,18 @@ Enable metrics on entry points.
|
|||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
openTelemetry:
|
||||
otlp:
|
||||
addEntryPointsLabels: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics]
|
||||
[metrics.openTelemetry]
|
||||
[metrics.otlp]
|
||||
addEntryPointsLabels = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.openTelemetry.addEntryPointsLabels=true
|
||||
--metrics.otlp.addEntryPointsLabels=true
|
||||
```
|
||||
|
||||
#### `addRoutersLabels`
|
||||
|
@ -75,18 +55,18 @@ Enable metrics on routers.
|
|||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
openTelemetry:
|
||||
otlp:
|
||||
addRoutersLabels: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics]
|
||||
[metrics.openTelemetry]
|
||||
[metrics.otlp]
|
||||
addRoutersLabels = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.openTelemetry.addRoutersLabels=true
|
||||
--metrics.otlp.addRoutersLabels=true
|
||||
```
|
||||
|
||||
#### `addServicesLabels`
|
||||
|
@ -97,18 +77,18 @@ Enable metrics on services.
|
|||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
openTelemetry:
|
||||
otlp:
|
||||
addServicesLabels: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics]
|
||||
[metrics.openTelemetry]
|
||||
[metrics.otlp]
|
||||
addServicesLabels = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.openTelemetry.addServicesLabels=true
|
||||
--metrics.otlp.addServicesLabels=true
|
||||
```
|
||||
|
||||
#### `explicitBoundaries`
|
||||
|
@ -119,7 +99,7 @@ Explicit boundaries for Histogram data points.
|
|||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
openTelemetry:
|
||||
otlp:
|
||||
explicitBoundaries:
|
||||
- 0.1
|
||||
- 0.3
|
||||
|
@ -129,59 +109,12 @@ metrics:
|
|||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics]
|
||||
[metrics.openTelemetry]
|
||||
[metrics.otlp]
|
||||
explicitBoundaries = [0.1,0.3,1.2,5.0]
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.openTelemetry.explicitBoundaries=0.1,0.3,1.2,5.0
|
||||
```
|
||||
|
||||
#### `headers`
|
||||
|
||||
_Optional, Default={}_
|
||||
|
||||
Additional headers sent with metrics by the reporter to the OpenTelemetry Collector.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
openTelemetry:
|
||||
headers:
|
||||
foo: bar
|
||||
baz: buz
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics]
|
||||
[metrics.openTelemetry.headers]
|
||||
foo = "bar"
|
||||
baz = "buz"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.openTelemetry.headers.foo=bar --metrics.openTelemetry.headers.baz=buz
|
||||
```
|
||||
|
||||
#### `insecure`
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
openTelemetry:
|
||||
insecure: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics]
|
||||
[metrics.openTelemetry]
|
||||
insecure = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.openTelemetry.insecure=true
|
||||
--metrics.otlp.explicitBoundaries=0.1,0.3,1.2,5.0
|
||||
```
|
||||
|
||||
#### `pushInterval`
|
||||
|
@ -192,48 +125,95 @@ Interval at which metrics are sent to the OpenTelemetry Collector.
|
|||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
openTelemetry:
|
||||
otlp:
|
||||
pushInterval: 10s
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics]
|
||||
[metrics.openTelemetry]
|
||||
[metrics.otlp]
|
||||
pushInterval = "10s"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.openTelemetry.pushInterval=10s
|
||||
--metrics.otlp.pushInterval=10s
|
||||
```
|
||||
|
||||
#### `path`
|
||||
### HTTP configuration
|
||||
|
||||
_Required, Default="/v1/metrics"_
|
||||
_Optional_
|
||||
|
||||
Allows to override the default URL path used for sending metrics.
|
||||
This option has no effect when using gRPC transport.
|
||||
This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
openTelemetry:
|
||||
path: /foo/v1/metrics
|
||||
otlp:
|
||||
http: {}
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics]
|
||||
[metrics.openTelemetry]
|
||||
path = "/foo/v1/metrics"
|
||||
[metrics.otlp.http]
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.openTelemetry.path=/foo/v1/metrics
|
||||
--metrics.otlp.http=true
|
||||
```
|
||||
|
||||
#### `endpoint`
|
||||
|
||||
_Required, Default="http://localhost:4318/v1/metrics", Format="`<scheme>://<host>:<port><path>`"_
|
||||
|
||||
URL of the OpenTelemetry Collector to send metrics to.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
otlp:
|
||||
http:
|
||||
endpoint: http://localhost:4318/v1/metrics
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics]
|
||||
[metrics.otlp.http]
|
||||
endpoint = "http://localhost:4318/v1/metrics"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.otlp.http.endpoint=http://localhost:4318/v1/metrics
|
||||
```
|
||||
|
||||
#### `headers`
|
||||
|
||||
_Optional, Default={}_
|
||||
|
||||
Additional headers sent with metrics by the exporter to the OpenTelemetry Collector.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
otlp:
|
||||
http:
|
||||
headers:
|
||||
foo: bar
|
||||
baz: buz
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics]
|
||||
[metrics.otlp.http.headers]
|
||||
foo = "bar"
|
||||
baz = "buz"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.otlp.http.headers.foo=bar --metrics.otlp.http.headers.baz=buz
|
||||
```
|
||||
|
||||
#### `tls`
|
||||
|
||||
_Optional_
|
||||
|
||||
Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
|
||||
Defines the Client TLS configuration used by the exporter to send metrics to the OpenTelemetry Collector.
|
||||
|
||||
##### `ca`
|
||||
|
||||
|
@ -244,18 +224,19 @@ it defaults to the system bundle.
|
|||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
openTelemetry:
|
||||
otlp:
|
||||
http:
|
||||
tls:
|
||||
ca: path/to/ca.crt
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics.openTelemetry.tls]
|
||||
[metrics.otlp.http.tls]
|
||||
ca = "path/to/ca.crt"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.openTelemetry.tls.ca=path/to/ca.crt
|
||||
--metrics.otlp.http.tls.ca=path/to/ca.crt
|
||||
```
|
||||
|
||||
##### `cert`
|
||||
|
@ -267,21 +248,22 @@ When using this option, setting the `key` option is required.
|
|||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
openTelemetry:
|
||||
otlp:
|
||||
http:
|
||||
tls:
|
||||
cert: path/to/foo.cert
|
||||
key: path/to/foo.key
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics.openTelemetry.tls]
|
||||
[metrics.otlp.http.tls]
|
||||
cert = "path/to/foo.cert"
|
||||
key = "path/to/foo.key"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.openTelemetry.tls.cert=path/to/foo.cert
|
||||
--metrics.openTelemetry.tls.key=path/to/foo.key
|
||||
--metrics.otlp.http.tls.cert=path/to/foo.cert
|
||||
--metrics.otlp.http.tls.key=path/to/foo.key
|
||||
```
|
||||
|
||||
##### `key`
|
||||
|
@ -293,21 +275,22 @@ When using this option, setting the `cert` option is required.
|
|||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
openTelemetry:
|
||||
otlp:
|
||||
http:
|
||||
tls:
|
||||
cert: path/to/foo.cert
|
||||
key: path/to/foo.key
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics.openTelemetry.tls]
|
||||
[metrics.otlp.http.tls]
|
||||
cert = "path/to/foo.cert"
|
||||
key = "path/to/foo.key"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.openTelemetry.tls.cert=path/to/foo.cert
|
||||
--metrics.openTelemetry.tls.key=path/to/foo.key
|
||||
--metrics.otlp.http.tls.cert=path/to/foo.cert
|
||||
--metrics.otlp.http.tls.key=path/to/foo.key
|
||||
```
|
||||
|
||||
##### `insecureSkipVerify`
|
||||
|
@ -319,35 +302,218 @@ the TLS connection to the OpenTelemetry Collector accepts any certificate presen
|
|||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
openTelemetry:
|
||||
otlp:
|
||||
http:
|
||||
tls:
|
||||
insecureSkipVerify: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics.openTelemetry.tls]
|
||||
[metrics.otlp.http.tls]
|
||||
insecureSkipVerify = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.openTelemetry.tls.insecureSkipVerify=true
|
||||
--metrics.otlp.http.tls.insecureSkipVerify=true
|
||||
```
|
||||
|
||||
#### gRPC configuration
|
||||
### gRPC configuration
|
||||
|
||||
This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC.
|
||||
_Optional_
|
||||
|
||||
This instructs the exporter to send metrics to the OpenTelemetry Collector using gRPC.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
openTelemetry:
|
||||
otlp:
|
||||
grpc: {}
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics]
|
||||
[metrics.openTelemetry.grpc]
|
||||
[metrics.otlp.grpc]
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.openTelemetry.grpc=true
|
||||
--metrics.otlp.grpc=true
|
||||
```
|
||||
|
||||
#### `endpoint`
|
||||
|
||||
_Required, Default="localhost:4317", Format="`<host>:<port>`"_
|
||||
|
||||
Address of the OpenTelemetry Collector to send metrics to.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
otlp:
|
||||
grpc:
|
||||
endpoint: localhost:4317
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics]
|
||||
[metrics.otlp.grpc]
|
||||
endpoint = "localhost:4317"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.otlp.grpc.endpoint=localhost:4317
|
||||
```
|
||||
|
||||
#### `insecure`
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
Allows exporter to send metrics to the OpenTelemetry Collector without using a secured protocol.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
otlp:
|
||||
grpc:
|
||||
insecure: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics]
|
||||
[metrics.otlp.grpc]
|
||||
insecure = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.otlp.grpc.insecure=true
|
||||
```
|
||||
|
||||
#### `headers`
|
||||
|
||||
_Optional, Default={}_
|
||||
|
||||
Additional headers sent with metrics by the exporter to the OpenTelemetry Collector.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
otlp:
|
||||
grpc:
|
||||
headers:
|
||||
foo: bar
|
||||
baz: buz
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics]
|
||||
[metrics.otlp.grpc.headers]
|
||||
foo = "bar"
|
||||
baz = "buz"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.otlp.grpc.headers.foo=bar --metrics.otlp.grpc.headers.baz=buz
|
||||
```
|
||||
|
||||
#### `tls`
|
||||
|
||||
_Optional_
|
||||
|
||||
Defines the Client TLS configuration used by the exporter to send metrics to the OpenTelemetry Collector.
|
||||
|
||||
##### `ca`
|
||||
|
||||
_Optional_
|
||||
|
||||
`ca` is the path to the certificate authority used for the secure connection to the OpenTelemetry Collector,
|
||||
it defaults to the system bundle.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
otlp:
|
||||
grpc:
|
||||
tls:
|
||||
ca: path/to/ca.crt
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics.otlp.grpc.tls]
|
||||
ca = "path/to/ca.crt"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.otlp.grpc.tls.ca=path/to/ca.crt
|
||||
```
|
||||
|
||||
##### `cert`
|
||||
|
||||
_Optional_
|
||||
|
||||
`cert` is the path to the public certificate used for the secure connection to the OpenTelemetry Collector.
|
||||
When using this option, setting the `key` option is required.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
otlp:
|
||||
grpc:
|
||||
tls:
|
||||
cert: path/to/foo.cert
|
||||
key: path/to/foo.key
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics.otlp.grpc.tls]
|
||||
cert = "path/to/foo.cert"
|
||||
key = "path/to/foo.key"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.otlp.grpc.tls.cert=path/to/foo.cert
|
||||
--metrics.otlp.grpc.tls.key=path/to/foo.key
|
||||
```
|
||||
|
||||
##### `key`
|
||||
|
||||
_Optional_
|
||||
|
||||
`key` is the path to the private key used for the secure connection to the OpenTelemetry Collector.
|
||||
When using this option, setting the `cert` option is required.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
otlp:
|
||||
grpc:
|
||||
tls:
|
||||
cert: path/to/foo.cert
|
||||
key: path/to/foo.key
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics.otlp.grpc.tls]
|
||||
cert = "path/to/foo.cert"
|
||||
key = "path/to/foo.key"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.otlp.grpc.tls.cert=path/to/foo.cert
|
||||
--metrics.otlp.grpc.tls.key=path/to/foo.key
|
||||
```
|
||||
|
||||
##### `insecureSkipVerify`
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
If `insecureSkipVerify` is `true`,
|
||||
the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
otlp:
|
||||
grpc:
|
||||
tls:
|
||||
insecureSkipVerify: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics.otlp.grpc.tls]
|
||||
insecureSkipVerify = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.otlp.grpc.tls.insecureSkipVerify=true
|
||||
```
|
||||
|
|
|
@ -14,6 +14,28 @@ Traefik supports these metrics backends:
|
|||
|
||||
Traefik Proxy hosts an official Grafana dashboard for both [on-premises](https://grafana.com/grafana/dashboards/17346) and [Kubernetes](https://grafana.com/grafana/dashboards/17347) deployments.
|
||||
|
||||
## Common Options
|
||||
|
||||
### `addInternals`
|
||||
|
||||
_Optional, Default="false"_
|
||||
|
||||
Enables metrics for internal resources.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
metrics:
|
||||
addInternals: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[metrics]
|
||||
addInternals = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--metrics.addinternals
|
||||
```
|
||||
|
||||
## Global Metrics
|
||||
|
||||
| Metric | Type | [Labels](#labels) | Description |
|
||||
|
|
42
docs/content/observability/overview.md
Normal file
42
docs/content/observability/overview.md
Normal file
|
@ -0,0 +1,42 @@
|
|||
---
|
||||
title: "Traefik Observability Overview"
|
||||
description: "Traefik provides Logs, Access Logs, Metrics and Tracing. Read the full documentation to get started."
|
||||
---
|
||||
|
||||
# Overview
|
||||
|
||||
Traefik's Observability system
|
||||
{: .subtitle }
|
||||
|
||||
## Logs
|
||||
|
||||
Traefik logs informs about everything that happens within Traefik (startup, configuration, events, shutdown, and so on).
|
||||
|
||||
Read the [Logs documentation](./logs.md) to learn how to configure it.
|
||||
|
||||
## Access Logs
|
||||
|
||||
Access logs are a key part of observability in Traefik.
|
||||
|
||||
They are providing valuable insights about incoming traffic, and allow to monitor it.
|
||||
The access logs record detailed information about each request received by Traefik,
|
||||
including the source IP address, requested URL, response status code, and more.
|
||||
|
||||
Read the [Access Logs documentation](./access-logs.md) to learn how to configure it.
|
||||
|
||||
## Metrics
|
||||
|
||||
Traefik offers a metrics feature that provides valuable insights about the performance and usage.
|
||||
These metrics include the number of requests received, the requests duration, and more.
|
||||
|
||||
Traefik supports these metrics systems: Prometheus, Datadog, InfluxDB 2.X, and StatsD.
|
||||
|
||||
Read the [Metrics documentation](./metrics/overview.md) to learn how to configure it.
|
||||
|
||||
## Tracing
|
||||
|
||||
The Traefik tracing system allows developers to gain deep visibility into the flow of requests through their infrastructure.
|
||||
|
||||
Traefik supports these tracing with OpenTelemetry.
|
||||
|
||||
Read the [Tracing documentation](./tracing/overview.md) to learn how to configure it.
|
|
@ -21,19 +21,20 @@ tracing:
|
|||
--tracing.otlp=true
|
||||
```
|
||||
|
||||
!!! info "The OpenTelemetry trace reporter will export traces to the collector using HTTP by default (http://localhost:4318/v1/traces),
|
||||
see the [gRPC Section](#grpc-configuration) to use gRPC."
|
||||
!!! info "Default protocol"
|
||||
|
||||
The OpenTelemetry trace exporter will export traces to the collector using HTTP by default to https://localhost:4318/v1/traces, see the [gRPC Section](#grpc-configuration) to use gRPC.
|
||||
|
||||
!!! info "Trace sampling"
|
||||
|
||||
By default, the OpenTelemetry trace reporter will sample 100% of traces.
|
||||
By default, the OpenTelemetry trace exporter will sample 100% of traces.
|
||||
See [OpenTelemetry's SDK configuration](https://opentelemetry.io/docs/reference/specification/sdk-environment-variables/#general-sdk-configuration) to customize the sampling strategy.
|
||||
|
||||
### HTTP configuration
|
||||
|
||||
_Optional_
|
||||
|
||||
This instructs the reporter to send spans to the OpenTelemetry Collector using HTTP.
|
||||
This instructs the exporter to send spans to the OpenTelemetry Collector using HTTP.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
|
@ -73,11 +74,37 @@ tracing:
|
|||
--tracing.otlp.http.endpoint=http://localhost:4318/v1/traces
|
||||
```
|
||||
|
||||
#### `headers`
|
||||
|
||||
_Optional, Default={}_
|
||||
|
||||
Additional headers sent with traces by the exporter to the OpenTelemetry Collector.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
otlp:
|
||||
http:
|
||||
headers:
|
||||
foo: bar
|
||||
baz: buz
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[tracing]
|
||||
[tracing.otlp.http.headers]
|
||||
foo = "bar"
|
||||
baz = "buz"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--tracing.otlp.http.headers.foo=bar --tracing.otlp.http.headers.baz=buz
|
||||
```
|
||||
|
||||
#### `tls`
|
||||
|
||||
_Optional_
|
||||
|
||||
Defines the Client TLS configuration used by the reporter to send spans to the OpenTelemetry Collector.
|
||||
Defines the Client TLS configuration used by the exporter to send spans to the OpenTelemetry Collector.
|
||||
|
||||
##### `ca`
|
||||
|
||||
|
@ -181,11 +208,11 @@ tracing:
|
|||
--tracing.otlp.http.tls.insecureSkipVerify=true
|
||||
```
|
||||
|
||||
#### gRPC configuration
|
||||
### gRPC configuration
|
||||
|
||||
_Optional_
|
||||
|
||||
This instructs the reporter to send spans to the OpenTelemetry Collector using gRPC.
|
||||
This instructs the exporter to send spans to the OpenTelemetry Collector using gRPC.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
|
@ -228,7 +255,7 @@ tracing:
|
|||
|
||||
_Optional, Default=false_
|
||||
|
||||
Allows reporter to send spans to the OpenTelemetry Collector without using a secured protocol.
|
||||
Allows exporter to send spans to the OpenTelemetry Collector without using a secured protocol.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
|
@ -247,11 +274,37 @@ tracing:
|
|||
--tracing.otlp.grpc.insecure=true
|
||||
```
|
||||
|
||||
#### `headers`
|
||||
|
||||
_Optional, Default={}_
|
||||
|
||||
Additional headers sent with traces by the exporter to the OpenTelemetry Collector.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
otlp:
|
||||
grpc:
|
||||
headers:
|
||||
foo: bar
|
||||
baz: buz
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[tracing]
|
||||
[tracing.otlp.grpc.headers]
|
||||
foo = "bar"
|
||||
baz = "buz"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--tracing.otlp.grpc.headers.foo=bar --tracing.otlp.grpc.headers.baz=buz
|
||||
```
|
||||
|
||||
#### `tls`
|
||||
|
||||
_Optional_
|
||||
|
||||
Defines the Client TLS configuration used by the reporter to send spans to the OpenTelemetry Collector.
|
||||
Defines the Client TLS configuration used by the exporter to send spans to the OpenTelemetry Collector.
|
||||
|
||||
##### `ca`
|
||||
|
||||
|
|
|
@ -14,10 +14,8 @@ Traefik uses [OpenTelemetry](https://opentelemetry.io/ "Link to website of OTel"
|
|||
|
||||
Please check our dedicated [OTel docs](./opentelemetry.md) to learn more.
|
||||
|
||||
|
||||
## Configuration
|
||||
|
||||
|
||||
To enable the tracing:
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
|
@ -34,6 +32,26 @@ tracing: {}
|
|||
|
||||
### Common Options
|
||||
|
||||
#### `addInternals`
|
||||
|
||||
_Optional, Default="false"_
|
||||
|
||||
Enables tracing for internal resources.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
addInternals: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[tracing]
|
||||
addInternals = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--tracing.addinternals
|
||||
```
|
||||
|
||||
#### `serviceName`
|
||||
|
||||
_Required, Default="traefik"_
|
||||
|
@ -74,30 +92,6 @@ tracing:
|
|||
--tracing.sampleRate=0.2
|
||||
```
|
||||
|
||||
#### `headers`
|
||||
|
||||
_Optional, Default={}_
|
||||
|
||||
Defines additional headers to be sent with the span's payload.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
headers:
|
||||
foo: bar
|
||||
baz: buz
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[tracing]
|
||||
[tracing.headers]
|
||||
foo = "bar"
|
||||
baz = "buz"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--tracing.headers.foo=bar --tracing.headers.baz=buz
|
||||
```
|
||||
|
||||
#### `globalAttributes`
|
||||
|
||||
_Optional, Default=empty_
|
||||
|
|
|
@ -16,11 +16,13 @@
|
|||
- "traefik.http.middlewares.middleware05.circuitbreaker.expression=foobar"
|
||||
- "traefik.http.middlewares.middleware05.circuitbreaker.fallbackduration=42s"
|
||||
- "traefik.http.middlewares.middleware05.circuitbreaker.recoveryduration=42s"
|
||||
- "traefik.http.middlewares.middleware05.circuitbreaker.responsecode=42"
|
||||
- "traefik.http.middlewares.middleware06.compress=true"
|
||||
- "traefik.http.middlewares.middleware06.compress.excludedcontenttypes=foobar, foobar"
|
||||
- "traefik.http.middlewares.middleware06.compress.includedcontenttypes=foobar, foobar"
|
||||
- "traefik.http.middlewares.middleware06.compress.minresponsebodybytes=42"
|
||||
- "traefik.http.middlewares.middleware07.contenttype=true"
|
||||
- "traefik.http.middlewares.middleware07.contenttype.autodetect=true"
|
||||
- "traefik.http.middlewares.middleware08.digestauth.headerfield=foobar"
|
||||
- "traefik.http.middlewares.middleware08.digestauth.realm=foobar"
|
||||
- "traefik.http.middlewares.middleware08.digestauth.removeheader=true"
|
||||
|
@ -35,6 +37,7 @@
|
|||
- "traefik.http.middlewares.middleware10.forwardauth.authresponseheaders=foobar, foobar"
|
||||
- "traefik.http.middlewares.middleware10.forwardauth.authresponseheadersregex=foobar"
|
||||
- "traefik.http.middlewares.middleware10.forwardauth.tls.ca=foobar"
|
||||
- "traefik.http.middlewares.middleware10.forwardauth.tls.caoptional=true"
|
||||
- "traefik.http.middlewares.middleware10.forwardauth.tls.cert=foobar"
|
||||
- "traefik.http.middlewares.middleware10.forwardauth.tls.insecureskipverify=true"
|
||||
- "traefik.http.middlewares.middleware10.forwardauth.tls.key=foobar"
|
||||
|
@ -58,6 +61,7 @@
|
|||
- "traefik.http.middlewares.middleware12.headers.customrequestheaders.name1=foobar"
|
||||
- "traefik.http.middlewares.middleware12.headers.customresponseheaders.name0=foobar"
|
||||
- "traefik.http.middlewares.middleware12.headers.customresponseheaders.name1=foobar"
|
||||
- "traefik.http.middlewares.middleware12.headers.featurepolicy=foobar"
|
||||
- "traefik.http.middlewares.middleware12.headers.forcestsheader=true"
|
||||
- "traefik.http.middlewares.middleware12.headers.framedeny=true"
|
||||
- "traefik.http.middlewares.middleware12.headers.hostsproxyheaders=foobar, foobar"
|
||||
|
@ -65,8 +69,12 @@
|
|||
- "traefik.http.middlewares.middleware12.headers.permissionspolicy=foobar"
|
||||
- "traefik.http.middlewares.middleware12.headers.publickey=foobar"
|
||||
- "traefik.http.middlewares.middleware12.headers.referrerpolicy=foobar"
|
||||
- "traefik.http.middlewares.middleware12.headers.sslforcehost=true"
|
||||
- "traefik.http.middlewares.middleware12.headers.sslhost=foobar"
|
||||
- "traefik.http.middlewares.middleware12.headers.sslproxyheaders.name0=foobar"
|
||||
- "traefik.http.middlewares.middleware12.headers.sslproxyheaders.name1=foobar"
|
||||
- "traefik.http.middlewares.middleware12.headers.sslredirect=true"
|
||||
- "traefik.http.middlewares.middleware12.headers.ssltemporaryredirect=true"
|
||||
- "traefik.http.middlewares.middleware12.headers.stsincludesubdomains=true"
|
||||
- "traefik.http.middlewares.middleware12.headers.stspreload=true"
|
||||
- "traefik.http.middlewares.middleware12.headers.stsseconds=42"
|
||||
|
@ -126,12 +134,14 @@
|
|||
- "traefik.http.middlewares.middleware22.replacepathregex.replacement=foobar"
|
||||
- "traefik.http.middlewares.middleware23.retry.attempts=42"
|
||||
- "traefik.http.middlewares.middleware23.retry.initialinterval=42s"
|
||||
- "traefik.http.middlewares.middleware24.stripprefix.forceslash=true"
|
||||
- "traefik.http.middlewares.middleware24.stripprefix.prefixes=foobar, foobar"
|
||||
- "traefik.http.middlewares.middleware25.stripprefixregex.regex=foobar, foobar"
|
||||
- "traefik.http.routers.router0.entrypoints=foobar, foobar"
|
||||
- "traefik.http.routers.router0.middlewares=foobar, foobar"
|
||||
- "traefik.http.routers.router0.priority=42"
|
||||
- "traefik.http.routers.router0.rule=foobar"
|
||||
- "traefik.http.routers.router0.rulesyntax=foobar"
|
||||
- "traefik.http.routers.router0.service=foobar"
|
||||
- "traefik.http.routers.router0.tls=true"
|
||||
- "traefik.http.routers.router0.tls.certresolver=foobar"
|
||||
|
@ -144,6 +154,7 @@
|
|||
- "traefik.http.routers.router1.middlewares=foobar, foobar"
|
||||
- "traefik.http.routers.router1.priority=42"
|
||||
- "traefik.http.routers.router1.rule=foobar"
|
||||
- "traefik.http.routers.router1.rulesyntax=foobar"
|
||||
- "traefik.http.routers.router1.service=foobar"
|
||||
- "traefik.http.routers.router1.tls=true"
|
||||
- "traefik.http.routers.router1.tls.certresolver=foobar"
|
||||
|
@ -176,6 +187,7 @@
|
|||
- "traefik.http.services.service02.loadbalancer.sticky.cookie.secure=true"
|
||||
- "traefik.http.services.service02.loadbalancer.server.port=foobar"
|
||||
- "traefik.http.services.service02.loadbalancer.server.scheme=foobar"
|
||||
- "traefik.http.services.service02.loadbalancer.server.weight=42"
|
||||
- "traefik.tcp.middlewares.tcpmiddleware01.ipallowlist.sourcerange=foobar, foobar"
|
||||
- "traefik.tcp.middlewares.tcpmiddleware02.ipwhitelist.sourcerange=foobar, foobar"
|
||||
- "traefik.tcp.middlewares.tcpmiddleware03.inflightconn.amount=42"
|
||||
|
@ -183,6 +195,7 @@
|
|||
- "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar"
|
||||
- "traefik.tcp.routers.tcprouter0.priority=42"
|
||||
- "traefik.tcp.routers.tcprouter0.rule=foobar"
|
||||
- "traefik.tcp.routers.tcprouter0.rulesyntax=foobar"
|
||||
- "traefik.tcp.routers.tcprouter0.service=foobar"
|
||||
- "traefik.tcp.routers.tcprouter0.tls=true"
|
||||
- "traefik.tcp.routers.tcprouter0.tls.certresolver=foobar"
|
||||
|
@ -196,6 +209,7 @@
|
|||
- "traefik.tcp.routers.tcprouter1.middlewares=foobar, foobar"
|
||||
- "traefik.tcp.routers.tcprouter1.priority=42"
|
||||
- "traefik.tcp.routers.tcprouter1.rule=foobar"
|
||||
- "traefik.tcp.routers.tcprouter1.rulesyntax=foobar"
|
||||
- "traefik.tcp.routers.tcprouter1.service=foobar"
|
||||
- "traefik.tcp.routers.tcprouter1.tls=true"
|
||||
- "traefik.tcp.routers.tcprouter1.tls.certresolver=foobar"
|
||||
|
@ -208,6 +222,7 @@
|
|||
- "traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol=true"
|
||||
- "traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol.version=42"
|
||||
- "traefik.tcp.services.tcpservice01.loadbalancer.serverstransport=foobar"
|
||||
- "traefik.tcp.services.tcpservice01.loadbalancer.terminationdelay=42"
|
||||
- "traefik.tcp.services.tcpservice01.loadbalancer.server.port=foobar"
|
||||
- "traefik.tcp.services.tcpservice01.loadbalancer.server.tls=true"
|
||||
- "traefik.udp.routers.udprouter0.entrypoints=foobar, foobar"
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
middlewares = ["foobar", "foobar"]
|
||||
service = "foobar"
|
||||
rule = "foobar"
|
||||
ruleSyntax = "foobar"
|
||||
priority = 42
|
||||
[http.routers.Router0.tls]
|
||||
options = "foobar"
|
||||
|
@ -24,6 +25,7 @@
|
|||
middlewares = ["foobar", "foobar"]
|
||||
service = "foobar"
|
||||
rule = "foobar"
|
||||
ruleSyntax = "foobar"
|
||||
priority = 42
|
||||
[http.routers.Router1.tls]
|
||||
options = "foobar"
|
||||
|
@ -56,9 +58,11 @@
|
|||
|
||||
[[http.services.Service02.loadBalancer.servers]]
|
||||
url = "foobar"
|
||||
weight = 42
|
||||
|
||||
[[http.services.Service02.loadBalancer.servers]]
|
||||
url = "foobar"
|
||||
weight = 42
|
||||
[http.services.Service02.loadBalancer.healthCheck]
|
||||
scheme = "foobar"
|
||||
mode = "foobar"
|
||||
|
@ -133,6 +137,7 @@
|
|||
checkPeriod = "42s"
|
||||
fallbackDuration = "42s"
|
||||
recoveryDuration = "42s"
|
||||
responseCode = 42
|
||||
[http.middlewares.Middleware06]
|
||||
[http.middlewares.Middleware06.compress]
|
||||
excludedContentTypes = ["foobar", "foobar"]
|
||||
|
@ -140,6 +145,7 @@
|
|||
minResponseBodyBytes = 42
|
||||
[http.middlewares.Middleware07]
|
||||
[http.middlewares.Middleware07.contentType]
|
||||
autoDetect = true
|
||||
[http.middlewares.Middleware08]
|
||||
[http.middlewares.Middleware08.digestAuth]
|
||||
users = ["foobar", "foobar"]
|
||||
|
@ -165,6 +171,7 @@
|
|||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
caOptional = true
|
||||
[http.middlewares.Middleware11]
|
||||
[http.middlewares.Middleware11.grpcWeb]
|
||||
allowOrigins = ["foobar", "foobar"]
|
||||
|
@ -194,6 +201,11 @@
|
|||
referrerPolicy = "foobar"
|
||||
permissionsPolicy = "foobar"
|
||||
isDevelopment = true
|
||||
featurePolicy = "foobar"
|
||||
sslRedirect = true
|
||||
sslTemporaryRedirect = true
|
||||
sslHost = "foobar"
|
||||
sslForceHost = true
|
||||
[http.middlewares.Middleware12.headers.customRequestHeaders]
|
||||
name0 = "foobar"
|
||||
name1 = "foobar"
|
||||
|
@ -293,6 +305,7 @@
|
|||
[http.middlewares.Middleware24]
|
||||
[http.middlewares.Middleware24.stripPrefix]
|
||||
prefixes = ["foobar", "foobar"]
|
||||
forceSlash = true
|
||||
[http.middlewares.Middleware25]
|
||||
[http.middlewares.Middleware25.stripPrefixRegex]
|
||||
regex = ["foobar", "foobar"]
|
||||
|
@ -353,6 +366,7 @@
|
|||
middlewares = ["foobar", "foobar"]
|
||||
service = "foobar"
|
||||
rule = "foobar"
|
||||
ruleSyntax = "foobar"
|
||||
priority = 42
|
||||
[tcp.routers.TCPRouter0.tls]
|
||||
passthrough = true
|
||||
|
@ -371,6 +385,7 @@
|
|||
middlewares = ["foobar", "foobar"]
|
||||
service = "foobar"
|
||||
rule = "foobar"
|
||||
ruleSyntax = "foobar"
|
||||
priority = 42
|
||||
[tcp.routers.TCPRouter1.tls]
|
||||
passthrough = true
|
||||
|
@ -388,6 +403,7 @@
|
|||
[tcp.services.TCPService01]
|
||||
[tcp.services.TCPService01.loadBalancer]
|
||||
serversTransport = "foobar"
|
||||
terminationDelay = 42
|
||||
[tcp.services.TCPService01.loadBalancer.proxyProtocol]
|
||||
version = 42
|
||||
|
||||
|
@ -507,6 +523,7 @@
|
|||
curvePreferences = ["foobar", "foobar"]
|
||||
sniStrict = true
|
||||
alpnProtocols = ["foobar", "foobar"]
|
||||
preferServerCipherSuites = true
|
||||
[tls.options.Options0.clientAuth]
|
||||
caFiles = ["foobar", "foobar"]
|
||||
clientAuthType = "foobar"
|
||||
|
@ -517,6 +534,7 @@
|
|||
curvePreferences = ["foobar", "foobar"]
|
||||
sniStrict = true
|
||||
alpnProtocols = ["foobar", "foobar"]
|
||||
preferServerCipherSuites = true
|
||||
[tls.options.Options1.clientAuth]
|
||||
caFiles = ["foobar", "foobar"]
|
||||
clientAuthType = "foobar"
|
||||
|
|
|
@ -11,6 +11,7 @@ http:
|
|||
- foobar
|
||||
service: foobar
|
||||
rule: foobar
|
||||
ruleSyntax: foobar
|
||||
priority: 42
|
||||
tls:
|
||||
options: foobar
|
||||
|
@ -33,6 +34,7 @@ http:
|
|||
- foobar
|
||||
service: foobar
|
||||
rule: foobar
|
||||
ruleSyntax: foobar
|
||||
priority: 42
|
||||
tls:
|
||||
options: foobar
|
||||
|
@ -63,7 +65,9 @@ http:
|
|||
maxAge: 42
|
||||
servers:
|
||||
- url: foobar
|
||||
weight: 42
|
||||
- url: foobar
|
||||
weight: 42
|
||||
healthCheck:
|
||||
scheme: foobar
|
||||
mode: foobar
|
||||
|
@ -138,6 +142,7 @@ http:
|
|||
checkPeriod: 42s
|
||||
fallbackDuration: 42s
|
||||
recoveryDuration: 42s
|
||||
responseCode: 42
|
||||
Middleware06:
|
||||
compress:
|
||||
excludedContentTypes:
|
||||
|
@ -148,7 +153,8 @@ http:
|
|||
- foobar
|
||||
minResponseBodyBytes: 42
|
||||
Middleware07:
|
||||
contentType: {}
|
||||
contentType:
|
||||
autoDetect: true
|
||||
Middleware08:
|
||||
digestAuth:
|
||||
users:
|
||||
|
@ -173,6 +179,7 @@ http:
|
|||
cert: foobar
|
||||
key: foobar
|
||||
insecureSkipVerify: true
|
||||
caOptional: true
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- foobar
|
||||
|
@ -238,6 +245,11 @@ http:
|
|||
referrerPolicy: foobar
|
||||
permissionsPolicy: foobar
|
||||
isDevelopment: true
|
||||
featurePolicy: foobar
|
||||
sslRedirect: true
|
||||
sslTemporaryRedirect: true
|
||||
sslHost: foobar
|
||||
sslForceHost: true
|
||||
Middleware13:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
|
@ -342,6 +354,7 @@ http:
|
|||
prefixes:
|
||||
- foobar
|
||||
- foobar
|
||||
forceSlash: true
|
||||
Middleware25:
|
||||
stripPrefixRegex:
|
||||
regex:
|
||||
|
@ -409,6 +422,7 @@ tcp:
|
|||
- foobar
|
||||
service: foobar
|
||||
rule: foobar
|
||||
ruleSyntax: foobar
|
||||
priority: 42
|
||||
tls:
|
||||
passthrough: true
|
||||
|
@ -432,6 +446,7 @@ tcp:
|
|||
- foobar
|
||||
service: foobar
|
||||
rule: foobar
|
||||
ruleSyntax: foobar
|
||||
priority: 42
|
||||
tls:
|
||||
passthrough: true
|
||||
|
@ -457,6 +472,7 @@ tcp:
|
|||
- address: foobar
|
||||
tls: true
|
||||
serversTransport: foobar
|
||||
terminationDelay: 42
|
||||
TCPService02:
|
||||
weighted:
|
||||
services:
|
||||
|
@ -577,6 +593,7 @@ tls:
|
|||
alpnProtocols:
|
||||
- foobar
|
||||
- foobar
|
||||
preferServerCipherSuites: true
|
||||
Options1:
|
||||
minVersion: foobar
|
||||
maxVersion: foobar
|
||||
|
@ -595,6 +612,7 @@ tls:
|
|||
alpnProtocols:
|
||||
- foobar
|
||||
- foobar
|
||||
preferServerCipherSuites: true
|
||||
stores:
|
||||
Store0:
|
||||
defaultCertificate:
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -20,12 +20,13 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
|||
| `traefik/http/middlewares/Middleware05/circuitBreaker/expression` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware05/circuitBreaker/fallbackDuration` | `42s` |
|
||||
| `traefik/http/middlewares/Middleware05/circuitBreaker/recoveryDuration` | `42s` |
|
||||
| `traefik/http/middlewares/Middleware05/circuitBreaker/responseCode` | `42` |
|
||||
| `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/0` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/1` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware06/compress/includedContentTypes/0` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware06/compress/includedContentTypes/1` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware06/compress/minResponseBodyBytes` | `42` |
|
||||
| `traefik/http/middlewares/Middleware07/contentType` | `` |
|
||||
| `traefik/http/middlewares/Middleware07/contentType/autoDetect` | `true` |
|
||||
| `traefik/http/middlewares/Middleware08/digestAuth/headerField` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware08/digestAuth/realm` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware08/digestAuth/removeHeader` | `true` |
|
||||
|
@ -45,6 +46,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
|||
| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/1` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeadersRegex` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/ca` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/caOptional` | `true` |
|
||||
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/cert` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/insecureSkipVerify` | `true` |
|
||||
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/key` | `foobar` |
|
||||
|
@ -75,6 +77,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
|||
| `traefik/http/middlewares/Middleware12/headers/customRequestHeaders/name1` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware12/headers/customResponseHeaders/name0` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware12/headers/customResponseHeaders/name1` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware12/headers/featurePolicy` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware12/headers/forceSTSHeader` | `true` |
|
||||
| `traefik/http/middlewares/Middleware12/headers/frameDeny` | `true` |
|
||||
| `traefik/http/middlewares/Middleware12/headers/hostsProxyHeaders/0` | `foobar` |
|
||||
|
@ -83,8 +86,12 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
|||
| `traefik/http/middlewares/Middleware12/headers/permissionsPolicy` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware12/headers/publicKey` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware12/headers/referrerPolicy` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware12/headers/sslForceHost` | `true` |
|
||||
| `traefik/http/middlewares/Middleware12/headers/sslHost` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware12/headers/sslProxyHeaders/name0` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware12/headers/sslProxyHeaders/name1` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware12/headers/sslRedirect` | `true` |
|
||||
| `traefik/http/middlewares/Middleware12/headers/sslTemporaryRedirect` | `true` |
|
||||
| `traefik/http/middlewares/Middleware12/headers/stsIncludeSubdomains` | `true` |
|
||||
| `traefik/http/middlewares/Middleware12/headers/stsPreload` | `true` |
|
||||
| `traefik/http/middlewares/Middleware12/headers/stsSeconds` | `42` |
|
||||
|
@ -148,6 +155,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
|||
| `traefik/http/middlewares/Middleware22/replacePathRegex/replacement` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware23/retry/attempts` | `42` |
|
||||
| `traefik/http/middlewares/Middleware23/retry/initialInterval` | `42s` |
|
||||
| `traefik/http/middlewares/Middleware24/stripPrefix/forceSlash` | `true` |
|
||||
| `traefik/http/middlewares/Middleware24/stripPrefix/prefixes/0` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware24/stripPrefix/prefixes/1` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware25/stripPrefixRegex/regex/0` | `foobar` |
|
||||
|
@ -158,6 +166,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
|||
| `traefik/http/routers/Router0/middlewares/1` | `foobar` |
|
||||
| `traefik/http/routers/Router0/priority` | `42` |
|
||||
| `traefik/http/routers/Router0/rule` | `foobar` |
|
||||
| `traefik/http/routers/Router0/ruleSyntax` | `foobar` |
|
||||
| `traefik/http/routers/Router0/service` | `foobar` |
|
||||
| `traefik/http/routers/Router0/tls/certResolver` | `foobar` |
|
||||
| `traefik/http/routers/Router0/tls/domains/0/main` | `foobar` |
|
||||
|
@ -173,6 +182,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
|||
| `traefik/http/routers/Router1/middlewares/1` | `foobar` |
|
||||
| `traefik/http/routers/Router1/priority` | `42` |
|
||||
| `traefik/http/routers/Router1/rule` | `foobar` |
|
||||
| `traefik/http/routers/Router1/ruleSyntax` | `foobar` |
|
||||
| `traefik/http/routers/Router1/service` | `foobar` |
|
||||
| `traefik/http/routers/Router1/tls/certResolver` | `foobar` |
|
||||
| `traefik/http/routers/Router1/tls/domains/0/main` | `foobar` |
|
||||
|
@ -238,7 +248,9 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
|||
| `traefik/http/services/Service02/loadBalancer/passHostHeader` | `true` |
|
||||
| `traefik/http/services/Service02/loadBalancer/responseForwarding/flushInterval` | `42s` |
|
||||
| `traefik/http/services/Service02/loadBalancer/servers/0/url` | `foobar` |
|
||||
| `traefik/http/services/Service02/loadBalancer/servers/0/weight` | `42` |
|
||||
| `traefik/http/services/Service02/loadBalancer/servers/1/url` | `foobar` |
|
||||
| `traefik/http/services/Service02/loadBalancer/servers/1/weight` | `42` |
|
||||
| `traefik/http/services/Service02/loadBalancer/serversTransport` | `foobar` |
|
||||
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/httpOnly` | `true` |
|
||||
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/maxAge` | `42` |
|
||||
|
@ -273,6 +285,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
|||
| `traefik/tcp/routers/TCPRouter0/middlewares/1` | `foobar` |
|
||||
| `traefik/tcp/routers/TCPRouter0/priority` | `42` |
|
||||
| `traefik/tcp/routers/TCPRouter0/rule` | `foobar` |
|
||||
| `traefik/tcp/routers/TCPRouter0/ruleSyntax` | `foobar` |
|
||||
| `traefik/tcp/routers/TCPRouter0/service` | `foobar` |
|
||||
| `traefik/tcp/routers/TCPRouter0/tls/certResolver` | `foobar` |
|
||||
| `traefik/tcp/routers/TCPRouter0/tls/domains/0/main` | `foobar` |
|
||||
|
@ -289,6 +302,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
|||
| `traefik/tcp/routers/TCPRouter1/middlewares/1` | `foobar` |
|
||||
| `traefik/tcp/routers/TCPRouter1/priority` | `42` |
|
||||
| `traefik/tcp/routers/TCPRouter1/rule` | `foobar` |
|
||||
| `traefik/tcp/routers/TCPRouter1/ruleSyntax` | `foobar` |
|
||||
| `traefik/tcp/routers/TCPRouter1/service` | `foobar` |
|
||||
| `traefik/tcp/routers/TCPRouter1/tls/certResolver` | `foobar` |
|
||||
| `traefik/tcp/routers/TCPRouter1/tls/domains/0/main` | `foobar` |
|
||||
|
@ -335,6 +349,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
|||
| `traefik/tcp/services/TCPService01/loadBalancer/servers/1/address` | `foobar` |
|
||||
| `traefik/tcp/services/TCPService01/loadBalancer/servers/1/tls` | `true` |
|
||||
| `traefik/tcp/services/TCPService01/loadBalancer/serversTransport` | `foobar` |
|
||||
| `traefik/tcp/services/TCPService01/loadBalancer/terminationDelay` | `42` |
|
||||
| `traefik/tcp/services/TCPService02/weighted/services/0/name` | `foobar` |
|
||||
| `traefik/tcp/services/TCPService02/weighted/services/0/weight` | `42` |
|
||||
| `traefik/tcp/services/TCPService02/weighted/services/1/name` | `foobar` |
|
||||
|
@ -358,6 +373,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
|||
| `traefik/tls/options/Options0/curvePreferences/1` | `foobar` |
|
||||
| `traefik/tls/options/Options0/maxVersion` | `foobar` |
|
||||
| `traefik/tls/options/Options0/minVersion` | `foobar` |
|
||||
| `traefik/tls/options/Options0/preferServerCipherSuites` | `true` |
|
||||
| `traefik/tls/options/Options0/sniStrict` | `true` |
|
||||
| `traefik/tls/options/Options1/alpnProtocols/0` | `foobar` |
|
||||
| `traefik/tls/options/Options1/alpnProtocols/1` | `foobar` |
|
||||
|
@ -370,6 +386,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
|||
| `traefik/tls/options/Options1/curvePreferences/1` | `foobar` |
|
||||
| `traefik/tls/options/Options1/maxVersion` | `foobar` |
|
||||
| `traefik/tls/options/Options1/minVersion` | `foobar` |
|
||||
| `traefik/tls/options/Options1/preferServerCipherSuites` | `true` |
|
||||
| `traefik/tls/options/Options1/sniStrict` | `true` |
|
||||
| `traefik/tls/stores/Store0/defaultCertificate/certFile` | `foobar` |
|
||||
| `traefik/tls/stores/Store0/defaultCertificate/keyFile` | `foobar` |
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
controller-gen.kubebuilder.io/version: v0.14.0
|
||||
name: ingressroutes.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
|
@ -20,14 +20,19 @@ spec:
|
|||
description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
|
@ -35,10 +40,11 @@ spec:
|
|||
description: IngressRouteSpec defines the desired state of IngressRoute.
|
||||
properties:
|
||||
entryPoints:
|
||||
description: 'EntryPoints defines the list of entry point names to
|
||||
bind to. Entry points have to be configured in the static configuration.
|
||||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
|
||||
Default: all.'
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
|
@ -48,17 +54,21 @@ spec:
|
|||
description: Route holds the HTTP route configuration.
|
||||
properties:
|
||||
kind:
|
||||
description: Kind defines the kind of the route. Rule is the
|
||||
only supported kind.
|
||||
description: |-
|
||||
Kind defines the kind of the route.
|
||||
Rule is the only supported kind.
|
||||
enum:
|
||||
- Rule
|
||||
type: string
|
||||
match:
|
||||
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule'
|
||||
description: |-
|
||||
Match defines the router's rule.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule
|
||||
type: string
|
||||
middlewares:
|
||||
description: 'Middlewares defines the list of references to
|
||||
Middleware resources. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware'
|
||||
description: |-
|
||||
Middlewares defines the list of references to Middleware resources.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware
|
||||
items:
|
||||
description: MiddlewareRef is a reference to a Middleware
|
||||
resource.
|
||||
|
@ -76,13 +86,14 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
priority:
|
||||
description: 'Priority defines the router''s priority. More
|
||||
info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority'
|
||||
description: |-
|
||||
Priority defines the router's priority.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority
|
||||
type: integer
|
||||
services:
|
||||
description: Services defines the list of Service. It can contain
|
||||
any combination of TraefikService and/or reference to a Kubernetes
|
||||
Service.
|
||||
description: |-
|
||||
Services defines the list of Service.
|
||||
It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
|
||||
items:
|
||||
description: Service defines an upstream HTTP service to proxy
|
||||
traffic to.
|
||||
|
@ -94,31 +105,32 @@ spec:
|
|||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service or TraefikService. The differentiation between
|
||||
the two is specified in the Kind field.
|
||||
description: |-
|
||||
Name defines the name of the referenced Kubernetes Service or TraefikService.
|
||||
The differentiation between the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service or TraefikService.
|
||||
type: string
|
||||
nativeLB:
|
||||
description: NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs
|
||||
or if the only child is the Kubernetes Service clusterIP.
|
||||
The Kubernetes Service itself does load-balance to the
|
||||
pods. By default, NativeLB is false.
|
||||
description: |-
|
||||
NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
|
||||
The Kubernetes Service itself does load-balance to the pods.
|
||||
By default, NativeLB is false.
|
||||
type: boolean
|
||||
passHostHeader:
|
||||
description: PassHostHeader defines whether the client
|
||||
Host header is forwarded to the upstream Kubernetes
|
||||
Service. By default, passHostHeader is true.
|
||||
description: |-
|
||||
PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
|
||||
By default, passHostHeader is true.
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service.
|
||||
description: |-
|
||||
Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
|
@ -127,30 +139,29 @@ spec:
|
|||
the client.
|
||||
properties:
|
||||
flushInterval:
|
||||
description: 'FlushInterval defines the interval,
|
||||
in milliseconds, in between flushes to the client
|
||||
while copying the response body. A negative value
|
||||
means to flush immediately after each write to the
|
||||
client. This configuration is ignored when ReverseProxy
|
||||
recognizes a response as a streaming response; for
|
||||
such responses, writes are flushed to the client
|
||||
immediately. Default: 100ms'
|
||||
description: |-
|
||||
FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
|
||||
A negative value means to flush immediately after each write to the client.
|
||||
This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
|
||||
for such responses, writes are flushed to the client immediately.
|
||||
Default: 100ms
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
description: Scheme defines the scheme to use for the
|
||||
request to the upstream Kubernetes Service. It defaults
|
||||
to https when Kubernetes Service port is 443, http otherwise.
|
||||
description: |-
|
||||
Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
|
||||
It defaults to https when Kubernetes Service port is 443, http otherwise.
|
||||
type: string
|
||||
serversTransport:
|
||||
description: ServersTransport defines the name of ServersTransport
|
||||
resource to use. It allows to configure the transport
|
||||
between Traefik and your servers. Can only be used on
|
||||
a Kubernetes Service.
|
||||
description: |-
|
||||
ServersTransport defines the name of ServersTransport resource to use.
|
||||
It allows to configure the transport between Traefik and your servers.
|
||||
Can only be used on a Kubernetes Service.
|
||||
type: string
|
||||
sticky:
|
||||
description: 'Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions'
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -161,17 +172,18 @@ spec:
|
|||
JavaScript.
|
||||
type: boolean
|
||||
maxAge:
|
||||
description: MaxAge indicates the number of seconds
|
||||
until the cookie expires. When set to a negative
|
||||
number, the cookie expires immediately. When
|
||||
set to zero, the cookie never expires.
|
||||
description: |-
|
||||
MaxAge indicates the number of seconds until the cookie expires.
|
||||
When set to a negative number, the cookie expires immediately.
|
||||
When set to zero, the cookie never expires.
|
||||
type: integer
|
||||
name:
|
||||
description: Name defines the Cookie name.
|
||||
type: string
|
||||
sameSite:
|
||||
description: 'SameSite defines the same site policy.
|
||||
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||
description: |-
|
||||
SameSite defines the same site policy.
|
||||
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
|
||||
type: string
|
||||
secure:
|
||||
description: Secure defines whether the cookie
|
||||
|
@ -181,36 +193,44 @@ spec:
|
|||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
description: Strategy defines the load balancing strategy
|
||||
between the servers. RoundRobin is the only supported
|
||||
value at the moment.
|
||||
description: |-
|
||||
Strategy defines the load balancing strategy between the servers.
|
||||
RoundRobin is the only supported value at the moment.
|
||||
type: string
|
||||
weight:
|
||||
description: Weight defines the weight and should only
|
||||
be specified when Name references a TraefikService object
|
||||
(and to be precise, one that embeds a Weighted Round
|
||||
Robin).
|
||||
description: |-
|
||||
Weight defines the weight and should only be specified when Name references a TraefikService object
|
||||
(and to be precise, one that embeds a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
syntax:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax
|
||||
type: string
|
||||
required:
|
||||
- kind
|
||||
- match
|
||||
type: object
|
||||
type: array
|
||||
tls:
|
||||
description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls'
|
||||
description: |-
|
||||
TLS defines the TLS configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls
|
||||
properties:
|
||||
certResolver:
|
||||
description: 'CertResolver defines the name of the certificate
|
||||
resolver to use. Cert resolvers have to be configured in the
|
||||
static configuration. More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers'
|
||||
description: |-
|
||||
CertResolver defines the name of the certificate resolver to use.
|
||||
Cert resolvers have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers
|
||||
type: string
|
||||
domains:
|
||||
description: 'Domains defines the list of domains that will be
|
||||
used to issue certificates. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains'
|
||||
description: |-
|
||||
Domains defines the list of domains that will be used to issue certificates.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
|
@ -226,17 +246,20 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
options:
|
||||
description: 'Options defines the reference to a TLSOption, that
|
||||
specifies the parameters of the TLS connection. If not defined,
|
||||
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options'
|
||||
description: |-
|
||||
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
If not defined, the `default` TLSOption is used.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
|
||||
properties:
|
||||
name:
|
||||
description: 'Name defines the name of the referenced TLSOption.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption'
|
||||
description: |-
|
||||
Name defines the name of the referenced TLSOption.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
type: string
|
||||
namespace:
|
||||
description: 'Namespace defines the namespace of the referenced
|
||||
TLSOption. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption'
|
||||
description: |-
|
||||
Namespace defines the namespace of the referenced TLSOption.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
|
@ -246,17 +269,19 @@ spec:
|
|||
Secret to specify the certificate details.
|
||||
type: string
|
||||
store:
|
||||
description: Store defines the reference to the TLSStore, that
|
||||
will be used to store certificates. Please note that only `default`
|
||||
TLSStore can be used.
|
||||
description: |-
|
||||
Store defines the reference to the TLSStore, that will be used to store certificates.
|
||||
Please note that only `default` TLSStore can be used.
|
||||
properties:
|
||||
name:
|
||||
description: 'Name defines the name of the referenced TLSStore.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore'
|
||||
description: |-
|
||||
Name defines the name of the referenced TLSStore.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
type: string
|
||||
namespace:
|
||||
description: 'Namespace defines the namespace of the referenced
|
||||
TLSStore. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore'
|
||||
description: |-
|
||||
Namespace defines the namespace of the referenced TLSStore.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
controller-gen.kubebuilder.io/version: v0.14.0
|
||||
name: ingressroutetcps.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
|
@ -20,14 +20,19 @@ spec:
|
|||
description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
|
@ -35,10 +40,11 @@ spec:
|
|||
description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
|
||||
properties:
|
||||
entryPoints:
|
||||
description: 'EntryPoints defines the list of entry point names to
|
||||
bind to. Entry points have to be configured in the static configuration.
|
||||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
|
||||
Default: all.'
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
|
@ -48,7 +54,9 @@ spec:
|
|||
description: RouteTCP holds the TCP route configuration.
|
||||
properties:
|
||||
match:
|
||||
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1'
|
||||
description: |-
|
||||
Match defines the router's rule.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1
|
||||
type: string
|
||||
middlewares:
|
||||
description: Middlewares defines the list of references to MiddlewareTCP
|
||||
|
@ -70,8 +78,9 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
priority:
|
||||
description: 'Priority defines the router''s priority. More
|
||||
info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1'
|
||||
description: |-
|
||||
Priority defines the router's priority.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1
|
||||
type: integer
|
||||
services:
|
||||
description: Services defines the list of TCP services.
|
||||
|
@ -88,22 +97,24 @@ spec:
|
|||
Kubernetes Service.
|
||||
type: string
|
||||
nativeLB:
|
||||
description: NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs
|
||||
or if the only child is the Kubernetes Service clusterIP.
|
||||
The Kubernetes Service itself does load-balance to the
|
||||
pods. By default, NativeLB is false.
|
||||
description: |-
|
||||
NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
|
||||
The Kubernetes Service itself does load-balance to the pods.
|
||||
By default, NativeLB is false.
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service.
|
||||
description: |-
|
||||
Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
proxyProtocol:
|
||||
description: 'ProxyProtocol defines the PROXY protocol
|
||||
configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol'
|
||||
description: |-
|
||||
ProxyProtocol defines the PROXY protocol configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol
|
||||
properties:
|
||||
version:
|
||||
description: Version defines the PROXY Protocol version
|
||||
|
@ -111,11 +122,20 @@ spec:
|
|||
type: integer
|
||||
type: object
|
||||
serversTransport:
|
||||
description: ServersTransport defines the name of ServersTransportTCP
|
||||
resource to use. It allows to configure the transport
|
||||
between Traefik and your servers. Can only be used on
|
||||
a Kubernetes Service.
|
||||
description: |-
|
||||
ServersTransport defines the name of ServersTransportTCP resource to use.
|
||||
It allows to configure the transport between Traefik and your servers.
|
||||
Can only be used on a Kubernetes Service.
|
||||
type: string
|
||||
terminationDelay:
|
||||
description: |-
|
||||
TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates
|
||||
it has closed the writing capability of its connection, to close the reading capability as well,
|
||||
hence fully terminating the connection.
|
||||
It is a duration in milliseconds, defaulting to 100.
|
||||
A negative value means an infinite deadline (i.e. the reading capability is never closed).
|
||||
Deprecated: TerminationDelay is not supported APIVersion traefik.io/v1, please use ServersTransport to configure the TerminationDelay instead.
|
||||
type: integer
|
||||
tls:
|
||||
description: TLS determines whether to use TLS when dialing
|
||||
with the backend.
|
||||
|
@ -129,22 +149,30 @@ spec:
|
|||
- port
|
||||
type: object
|
||||
type: array
|
||||
syntax:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1
|
||||
type: string
|
||||
required:
|
||||
- match
|
||||
type: object
|
||||
type: array
|
||||
tls:
|
||||
description: 'TLS defines the TLS configuration on a layer 4 / TCP
|
||||
Route. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1'
|
||||
description: |-
|
||||
TLS defines the TLS configuration on a layer 4 / TCP Route.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1
|
||||
properties:
|
||||
certResolver:
|
||||
description: 'CertResolver defines the name of the certificate
|
||||
resolver to use. Cert resolvers have to be configured in the
|
||||
static configuration. More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers'
|
||||
description: |-
|
||||
CertResolver defines the name of the certificate resolver to use.
|
||||
Cert resolvers have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers
|
||||
type: string
|
||||
domains:
|
||||
description: 'Domains defines the list of domains that will be
|
||||
used to issue certificates. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains'
|
||||
description: |-
|
||||
Domains defines the list of domains that will be used to issue certificates.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
|
@ -160,9 +188,10 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
options:
|
||||
description: 'Options defines the reference to a TLSOption, that
|
||||
specifies the parameters of the TLS connection. If not defined,
|
||||
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options'
|
||||
description: |-
|
||||
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
If not defined, the `default` TLSOption is used.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Traefik
|
||||
|
@ -184,9 +213,9 @@ spec:
|
|||
Secret to specify the certificate details.
|
||||
type: string
|
||||
store:
|
||||
description: Store defines the reference to the TLSStore, that
|
||||
will be used to store certificates. Please note that only `default`
|
||||
TLSStore can be used.
|
||||
description: |-
|
||||
Store defines the reference to the TLSStore, that will be used to store certificates.
|
||||
Please note that only `default` TLSStore can be used.
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Traefik
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
controller-gen.kubebuilder.io/version: v0.14.0
|
||||
name: ingressrouteudps.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
|
@ -20,14 +20,19 @@ spec:
|
|||
description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
|
@ -35,10 +40,11 @@ spec:
|
|||
description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
|
||||
properties:
|
||||
entryPoints:
|
||||
description: 'EntryPoints defines the list of entry point names to
|
||||
bind to. Entry points have to be configured in the static configuration.
|
||||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
|
||||
Default: all.'
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
|
@ -62,17 +68,18 @@ spec:
|
|||
Kubernetes Service.
|
||||
type: string
|
||||
nativeLB:
|
||||
description: NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs
|
||||
or if the only child is the Kubernetes Service clusterIP.
|
||||
The Kubernetes Service itself does load-balance to the
|
||||
pods. By default, NativeLB is false.
|
||||
description: |-
|
||||
NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
|
||||
The Kubernetes Service itself does load-balance to the pods.
|
||||
By default, NativeLB is false.
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service.
|
||||
description: |-
|
||||
Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
weight:
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
controller-gen.kubebuilder.io/version: v0.14.0
|
||||
name: middlewares.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
|
@ -17,18 +17,24 @@ spec:
|
|||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'Middleware is the CRD implementation of a Traefik Middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/'
|
||||
description: |-
|
||||
Middleware is the CRD implementation of a Traefik Middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
|
@ -36,33 +42,37 @@ spec:
|
|||
description: MiddlewareSpec defines the desired state of a Middleware.
|
||||
properties:
|
||||
addPrefix:
|
||||
description: 'AddPrefix holds the add prefix middleware configuration.
|
||||
This middleware updates the path of a request before forwarding
|
||||
it. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/'
|
||||
description: |-
|
||||
AddPrefix holds the add prefix middleware configuration.
|
||||
This middleware updates the path of a request before forwarding it.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/
|
||||
properties:
|
||||
prefix:
|
||||
description: Prefix is the string to add before the current path
|
||||
in the requested URL. It should include a leading slash (/).
|
||||
description: |-
|
||||
Prefix is the string to add before the current path in the requested URL.
|
||||
It should include a leading slash (/).
|
||||
type: string
|
||||
type: object
|
||||
basicAuth:
|
||||
description: 'BasicAuth holds the basic auth middleware configuration.
|
||||
description: |-
|
||||
BasicAuth holds the basic auth middleware configuration.
|
||||
This middleware restricts access to your services to known users.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/'
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/
|
||||
properties:
|
||||
headerField:
|
||||
description: 'HeaderField defines a header field to store the
|
||||
authenticated user. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield'
|
||||
description: |-
|
||||
HeaderField defines a header field to store the authenticated user.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
|
||||
type: string
|
||||
realm:
|
||||
description: 'Realm allows the protected resources on a server
|
||||
to be partitioned into a set of protection spaces, each with
|
||||
its own authentication scheme. Default: traefik.'
|
||||
description: |-
|
||||
Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
|
||||
Default: traefik.
|
||||
type: string
|
||||
removeHeader:
|
||||
description: 'RemoveHeader sets the removeHeader option to true
|
||||
to remove the authorization header before forwarding the request
|
||||
to your service. Default: false.'
|
||||
description: |-
|
||||
RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.
|
||||
Default: false.
|
||||
type: boolean
|
||||
secret:
|
||||
description: Secret is the name of the referenced Kubernetes Secret
|
||||
|
@ -70,48 +80,49 @@ spec:
|
|||
type: string
|
||||
type: object
|
||||
buffering:
|
||||
description: 'Buffering holds the buffering middleware configuration.
|
||||
This middleware retries or limits the size of requests that can
|
||||
be forwarded to backends. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes'
|
||||
description: |-
|
||||
Buffering holds the buffering middleware configuration.
|
||||
This middleware retries or limits the size of requests that can be forwarded to backends.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes
|
||||
properties:
|
||||
maxRequestBodyBytes:
|
||||
description: 'MaxRequestBodyBytes defines the maximum allowed
|
||||
body size for the request (in bytes). If the request exceeds
|
||||
the allowed size, it is not forwarded to the service, and the
|
||||
client gets a 413 (Request Entity Too Large) response. Default:
|
||||
0 (no maximum).'
|
||||
description: |-
|
||||
MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
|
||||
If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
|
||||
Default: 0 (no maximum).
|
||||
format: int64
|
||||
type: integer
|
||||
maxResponseBodyBytes:
|
||||
description: 'MaxResponseBodyBytes defines the maximum allowed
|
||||
response size from the service (in bytes). If the response exceeds
|
||||
the allowed size, it is not forwarded to the client. The client
|
||||
gets a 500 (Internal Server Error) response instead. Default:
|
||||
0 (no maximum).'
|
||||
description: |-
|
||||
MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes).
|
||||
If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead.
|
||||
Default: 0 (no maximum).
|
||||
format: int64
|
||||
type: integer
|
||||
memRequestBodyBytes:
|
||||
description: 'MemRequestBodyBytes defines the threshold (in bytes)
|
||||
from which the request will be buffered on disk instead of in
|
||||
memory. Default: 1048576 (1Mi).'
|
||||
description: |-
|
||||
MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory.
|
||||
Default: 1048576 (1Mi).
|
||||
format: int64
|
||||
type: integer
|
||||
memResponseBodyBytes:
|
||||
description: 'MemResponseBodyBytes defines the threshold (in bytes)
|
||||
from which the response will be buffered on disk instead of
|
||||
in memory. Default: 1048576 (1Mi).'
|
||||
description: |-
|
||||
MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory.
|
||||
Default: 1048576 (1Mi).
|
||||
format: int64
|
||||
type: integer
|
||||
retryExpression:
|
||||
description: 'RetryExpression defines the retry conditions. It
|
||||
is a logical combination of functions with operators AND (&&)
|
||||
and OR (||). More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression'
|
||||
description: |-
|
||||
RetryExpression defines the retry conditions.
|
||||
It is a logical combination of functions with operators AND (&&) and OR (||).
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression
|
||||
type: string
|
||||
type: object
|
||||
chain:
|
||||
description: 'Chain holds the configuration of the chain middleware.
|
||||
This middleware enables to define reusable combinations of other
|
||||
pieces of middleware. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/'
|
||||
description: |-
|
||||
Chain holds the configuration of the chain middleware.
|
||||
This middleware enables to define reusable combinations of other pieces of middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/
|
||||
properties:
|
||||
middlewares:
|
||||
description: Middlewares is the list of MiddlewareRef which composes
|
||||
|
@ -163,15 +174,15 @@ spec:
|
|||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
compress:
|
||||
description: 'Compress holds the compress middleware configuration.
|
||||
This middleware compresses responses before sending them to the
|
||||
client, using gzip compression. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/'
|
||||
description: |-
|
||||
Compress holds the compress middleware configuration.
|
||||
This middleware compresses responses before sending them to the client, using gzip compression.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/
|
||||
properties:
|
||||
excludedContentTypes:
|
||||
description: ExcludedContentTypes defines the list of content
|
||||
types to compare the Content-Type header of the incoming requests
|
||||
and responses before compressing. `application/grpc` is always
|
||||
excluded.
|
||||
description: |-
|
||||
ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
|
||||
`application/grpc` is always excluded.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
|
@ -183,30 +194,38 @@ spec:
|
|||
type: string
|
||||
type: array
|
||||
minResponseBodyBytes:
|
||||
description: 'MinResponseBodyBytes defines the minimum amount
|
||||
of bytes a response body must have to be compressed. Default:
|
||||
1024.'
|
||||
description: |-
|
||||
MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
|
||||
Default: 1024.
|
||||
type: integer
|
||||
type: object
|
||||
contentType:
|
||||
description: ContentType holds the content-type middleware configuration.
|
||||
This middleware sets the `Content-Type` header value to the media
|
||||
type detected from the response content, when it is not set by the
|
||||
backend.
|
||||
description: |-
|
||||
ContentType holds the content-type middleware configuration.
|
||||
This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
|
||||
properties:
|
||||
autoDetect:
|
||||
description: |-
|
||||
AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
|
||||
be automatically set to a value derived from the contents of the response.
|
||||
Deprecated: AutoDetect option is deprecated, Content-Type middleware is only meant to be used to enable the content-type detection, please remove any usage of this option.
|
||||
type: boolean
|
||||
type: object
|
||||
digestAuth:
|
||||
description: 'DigestAuth holds the digest auth middleware configuration.
|
||||
description: |-
|
||||
DigestAuth holds the digest auth middleware configuration.
|
||||
This middleware restricts access to your services to known users.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/'
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/
|
||||
properties:
|
||||
headerField:
|
||||
description: 'HeaderField defines a header field to store the
|
||||
authenticated user. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield'
|
||||
description: |-
|
||||
HeaderField defines a header field to store the authenticated user.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
|
||||
type: string
|
||||
realm:
|
||||
description: 'Realm allows the protected resources on a server
|
||||
to be partitioned into a set of protection spaces, each with
|
||||
its own authentication scheme. Default: traefik.'
|
||||
description: |-
|
||||
Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
|
||||
Default: traefik.
|
||||
type: string
|
||||
removeHeader:
|
||||
description: RemoveHeader defines whether to remove the authorization
|
||||
|
@ -218,18 +237,20 @@ spec:
|
|||
type: string
|
||||
type: object
|
||||
errors:
|
||||
description: 'ErrorPage holds the custom error middleware configuration.
|
||||
This middleware returns a custom page in lieu of the default, according
|
||||
to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/'
|
||||
description: |-
|
||||
ErrorPage holds the custom error middleware configuration.
|
||||
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/
|
||||
properties:
|
||||
query:
|
||||
description: Query defines the URL for the error page (hosted
|
||||
by service). The {status} variable can be used in order to insert
|
||||
the status code in the URL.
|
||||
description: |-
|
||||
Query defines the URL for the error page (hosted by service).
|
||||
The {status} variable can be used in order to insert the status code in the URL.
|
||||
type: string
|
||||
service:
|
||||
description: 'Service defines the reference to a Kubernetes Service
|
||||
that will serve the error page. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service'
|
||||
description: |-
|
||||
Service defines the reference to a Kubernetes Service that will serve the error page.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service
|
||||
properties:
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
|
@ -238,31 +259,32 @@ spec:
|
|||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service or TraefikService. The differentiation between the
|
||||
two is specified in the Kind field.
|
||||
description: |-
|
||||
Name defines the name of the referenced Kubernetes Service or TraefikService.
|
||||
The differentiation between the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service or TraefikService.
|
||||
type: string
|
||||
nativeLB:
|
||||
description: NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs or if
|
||||
the only child is the Kubernetes Service clusterIP. The
|
||||
Kubernetes Service itself does load-balance to the pods.
|
||||
description: |-
|
||||
NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
|
||||
The Kubernetes Service itself does load-balance to the pods.
|
||||
By default, NativeLB is false.
|
||||
type: boolean
|
||||
passHostHeader:
|
||||
description: PassHostHeader defines whether the client Host
|
||||
header is forwarded to the upstream Kubernetes Service.
|
||||
description: |-
|
||||
PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
|
||||
By default, passHostHeader is true.
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service.
|
||||
description: |-
|
||||
Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
|
@ -271,29 +293,29 @@ spec:
|
|||
client.
|
||||
properties:
|
||||
flushInterval:
|
||||
description: 'FlushInterval defines the interval, in milliseconds,
|
||||
in between flushes to the client while copying the response
|
||||
body. A negative value means to flush immediately after
|
||||
each write to the client. This configuration is ignored
|
||||
when ReverseProxy recognizes a response as a streaming
|
||||
response; for such responses, writes are flushed to
|
||||
the client immediately. Default: 100ms'
|
||||
description: |-
|
||||
FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
|
||||
A negative value means to flush immediately after each write to the client.
|
||||
This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
|
||||
for such responses, writes are flushed to the client immediately.
|
||||
Default: 100ms
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
description: Scheme defines the scheme to use for the request
|
||||
to the upstream Kubernetes Service. It defaults to https
|
||||
when Kubernetes Service port is 443, http otherwise.
|
||||
description: |-
|
||||
Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
|
||||
It defaults to https when Kubernetes Service port is 443, http otherwise.
|
||||
type: string
|
||||
serversTransport:
|
||||
description: ServersTransport defines the name of ServersTransport
|
||||
resource to use. It allows to configure the transport between
|
||||
Traefik and your servers. Can only be used on a Kubernetes
|
||||
Service.
|
||||
description: |-
|
||||
ServersTransport defines the name of ServersTransport resource to use.
|
||||
It allows to configure the transport between Traefik and your servers.
|
||||
Can only be used on a Kubernetes Service.
|
||||
type: string
|
||||
sticky:
|
||||
description: 'Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions'
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -303,17 +325,18 @@ spec:
|
|||
be accessed by client-side APIs, such as JavaScript.
|
||||
type: boolean
|
||||
maxAge:
|
||||
description: MaxAge indicates the number of seconds
|
||||
until the cookie expires. When set to a negative
|
||||
number, the cookie expires immediately. When set
|
||||
to zero, the cookie never expires.
|
||||
description: |-
|
||||
MaxAge indicates the number of seconds until the cookie expires.
|
||||
When set to a negative number, the cookie expires immediately.
|
||||
When set to zero, the cookie never expires.
|
||||
type: integer
|
||||
name:
|
||||
description: Name defines the Cookie name.
|
||||
type: string
|
||||
sameSite:
|
||||
description: 'SameSite defines the same site policy.
|
||||
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||
description: |-
|
||||
SameSite defines the same site policy.
|
||||
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
|
||||
type: string
|
||||
secure:
|
||||
description: Secure defines whether the cookie can
|
||||
|
@ -323,32 +346,34 @@ spec:
|
|||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
description: Strategy defines the load balancing strategy
|
||||
between the servers. RoundRobin is the only supported value
|
||||
at the moment.
|
||||
description: |-
|
||||
Strategy defines the load balancing strategy between the servers.
|
||||
RoundRobin is the only supported value at the moment.
|
||||
type: string
|
||||
weight:
|
||||
description: Weight defines the weight and should only be
|
||||
specified when Name references a TraefikService object (and
|
||||
to be precise, one that embeds a Weighted Round Robin).
|
||||
description: |-
|
||||
Weight defines the weight and should only be specified when Name references a TraefikService object
|
||||
(and to be precise, one that embeds a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
status:
|
||||
description: Status defines which status or range of statuses
|
||||
should result in an error page. It can be either a status code
|
||||
as a number (500), as multiple comma-separated numbers (500,502),
|
||||
as ranges by separating two codes with a dash (500-599), or
|
||||
a combination of the two (404,418,500-599).
|
||||
description: |-
|
||||
Status defines which status or range of statuses should result in an error page.
|
||||
It can be either a status code as a number (500),
|
||||
as multiple comma-separated numbers (500,502),
|
||||
as ranges by separating two codes with a dash (500-599),
|
||||
or a combination of the two (404,418,500-599).
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
forwardAuth:
|
||||
description: 'ForwardAuth holds the forward auth middleware configuration.
|
||||
description: |-
|
||||
ForwardAuth holds the forward auth middleware configuration.
|
||||
This middleware delegates the request authentication to a Service.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/'
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/
|
||||
properties:
|
||||
addAuthCookiesToResponse:
|
||||
description: AddAuthCookiesToResponse defines the list of cookies
|
||||
|
@ -360,9 +385,9 @@ spec:
|
|||
description: Address defines the authentication server address.
|
||||
type: string
|
||||
authRequestHeaders:
|
||||
description: AuthRequestHeaders defines the list of the headers
|
||||
to copy from the request to the authentication server. If not
|
||||
set or empty then all request headers are passed.
|
||||
description: |-
|
||||
AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
|
||||
If not set or empty then all request headers are passed.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
|
@ -374,24 +399,27 @@ spec:
|
|||
type: string
|
||||
type: array
|
||||
authResponseHeadersRegex:
|
||||
description: 'AuthResponseHeadersRegex defines the regex to match
|
||||
headers to copy from the authentication server response and
|
||||
set on forwarded request, after stripping all headers that match
|
||||
the regex. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex'
|
||||
description: |-
|
||||
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
type: string
|
||||
tls:
|
||||
description: TLS defines the configuration used to secure the
|
||||
connection to the authentication server.
|
||||
properties:
|
||||
caOptional:
|
||||
description: 'Deprecated: TLS client authentication is a server
|
||||
side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).'
|
||||
type: boolean
|
||||
caSecret:
|
||||
description: CASecret is the name of the referenced Kubernetes
|
||||
Secret containing the CA to validate the server certificate.
|
||||
description: |-
|
||||
CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate.
|
||||
The CA certificate is extracted from key `tls.ca` or `ca.crt`.
|
||||
type: string
|
||||
certSecret:
|
||||
description: CertSecret is the name of the referenced Kubernetes
|
||||
Secret containing the client certificate. The client certificate
|
||||
is extracted from the keys `tls.crt` and `tls.key`.
|
||||
description: |-
|
||||
CertSecret is the name of the referenced Kubernetes Secret containing the client certificate.
|
||||
The client certificate is extracted from the keys `tls.crt` and `tls.key`.
|
||||
type: string
|
||||
insecureSkipVerify:
|
||||
description: InsecureSkipVerify defines whether the server
|
||||
|
@ -404,20 +432,23 @@ spec:
|
|||
type: boolean
|
||||
type: object
|
||||
grpcWeb:
|
||||
description: GrpcWeb holds the gRPC web middleware configuration.
|
||||
description: |-
|
||||
GrpcWeb holds the gRPC web middleware configuration.
|
||||
This middleware converts a gRPC web request to an HTTP/2 gRPC request.
|
||||
properties:
|
||||
allowOrigins:
|
||||
description: AllowOrigins is a list of allowable origins. Can
|
||||
also be a wildcard origin "*".
|
||||
description: |-
|
||||
AllowOrigins is a list of allowable origins.
|
||||
Can also be a wildcard origin "*".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
headers:
|
||||
description: 'Headers holds the headers middleware configuration.
|
||||
This middleware manages the requests and responses headers. More
|
||||
info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders'
|
||||
description: |-
|
||||
Headers holds the headers middleware configuration.
|
||||
This middleware manages the requests and responses headers.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders
|
||||
properties:
|
||||
accessControlAllowCredentials:
|
||||
description: AccessControlAllowCredentials defines whether the
|
||||
|
@ -482,12 +513,14 @@ spec:
|
|||
header with the nosniff value.
|
||||
type: boolean
|
||||
customBrowserXSSValue:
|
||||
description: CustomBrowserXSSValue defines the X-XSS-Protection
|
||||
header value. This overrides the BrowserXssFilter option.
|
||||
description: |-
|
||||
CustomBrowserXSSValue defines the X-XSS-Protection header value.
|
||||
This overrides the BrowserXssFilter option.
|
||||
type: string
|
||||
customFrameOptionsValue:
|
||||
description: CustomFrameOptionsValue defines the X-Frame-Options
|
||||
header value. This overrides the FrameDeny option.
|
||||
description: |-
|
||||
CustomFrameOptionsValue defines the X-Frame-Options header value.
|
||||
This overrides the FrameDeny option.
|
||||
type: string
|
||||
customRequestHeaders:
|
||||
additionalProperties:
|
||||
|
@ -501,6 +534,10 @@ spec:
|
|||
description: CustomResponseHeaders defines the header names and
|
||||
values to apply to the response.
|
||||
type: object
|
||||
featurePolicy:
|
||||
description: 'Deprecated: FeaturePolicy option is deprecated,
|
||||
please use PermissionsPolicy instead.'
|
||||
type: string
|
||||
forceSTSHeader:
|
||||
description: ForceSTSHeader defines whether to add the STS header
|
||||
even when the connection is HTTP.
|
||||
|
@ -516,34 +553,49 @@ spec:
|
|||
type: string
|
||||
type: array
|
||||
isDevelopment:
|
||||
description: IsDevelopment defines whether to mitigate the unwanted
|
||||
effects of the AllowedHosts, SSL, and STS options when developing.
|
||||
Usually testing takes place using HTTP, not HTTPS, and on localhost,
|
||||
not your production domain. If you would like your development
|
||||
environment to mimic production with complete Host blocking,
|
||||
SSL redirects, and STS headers, leave this as false.
|
||||
description: |-
|
||||
IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing.
|
||||
Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain.
|
||||
If you would like your development environment to mimic production with complete Host blocking, SSL redirects,
|
||||
and STS headers, leave this as false.
|
||||
type: boolean
|
||||
permissionsPolicy:
|
||||
description: PermissionsPolicy defines the Permissions-Policy
|
||||
header value. This allows sites to control browser features.
|
||||
description: |-
|
||||
PermissionsPolicy defines the Permissions-Policy header value.
|
||||
This allows sites to control browser features.
|
||||
type: string
|
||||
publicKey:
|
||||
description: PublicKey is the public key that implements HPKP
|
||||
to prevent MITM attacks with forged certificates.
|
||||
type: string
|
||||
referrerPolicy:
|
||||
description: ReferrerPolicy defines the Referrer-Policy header
|
||||
value. This allows sites to control whether browsers forward
|
||||
the Referer header to other sites.
|
||||
description: |-
|
||||
ReferrerPolicy defines the Referrer-Policy header value.
|
||||
This allows sites to control whether browsers forward the Referer header to other sites.
|
||||
type: string
|
||||
sslForceHost:
|
||||
description: 'Deprecated: SSLForceHost option is deprecated, please
|
||||
use RedirectRegex instead.'
|
||||
type: boolean
|
||||
sslHost:
|
||||
description: 'Deprecated: SSLHost option is deprecated, please
|
||||
use RedirectRegex instead.'
|
||||
type: string
|
||||
sslProxyHeaders:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: 'SSLProxyHeaders defines the header keys with associated
|
||||
values that would indicate a valid HTTPS request. It can be
|
||||
useful when using other proxies (example: "X-Forwarded-Proto":
|
||||
"https").'
|
||||
description: |-
|
||||
SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
|
||||
It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
|
||||
type: object
|
||||
sslRedirect:
|
||||
description: 'Deprecated: SSLRedirect option is deprecated, please
|
||||
use EntryPoint redirection or RedirectScheme instead.'
|
||||
type: boolean
|
||||
sslTemporaryRedirect:
|
||||
description: 'Deprecated: SSLTemporaryRedirect option is deprecated,
|
||||
please use EntryPoint redirection or RedirectScheme instead.'
|
||||
type: boolean
|
||||
stsIncludeSubdomains:
|
||||
description: STSIncludeSubdomains defines whether the includeSubDomains
|
||||
directive is appended to the Strict-Transport-Security header.
|
||||
|
@ -553,33 +605,35 @@ spec:
|
|||
to the Strict-Transport-Security header.
|
||||
type: boolean
|
||||
stsSeconds:
|
||||
description: STSSeconds defines the max-age of the Strict-Transport-Security
|
||||
header. If set to 0, the header is not set.
|
||||
description: |-
|
||||
STSSeconds defines the max-age of the Strict-Transport-Security header.
|
||||
If set to 0, the header is not set.
|
||||
format: int64
|
||||
type: integer
|
||||
type: object
|
||||
inFlightReq:
|
||||
description: 'InFlightReq holds the in-flight request middleware configuration.
|
||||
This middleware limits the number of requests being processed and
|
||||
served concurrently. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/'
|
||||
description: |-
|
||||
InFlightReq holds the in-flight request middleware configuration.
|
||||
This middleware limits the number of requests being processed and served concurrently.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/
|
||||
properties:
|
||||
amount:
|
||||
description: Amount defines the maximum amount of allowed simultaneous
|
||||
in-flight request. The middleware responds with HTTP 429 Too
|
||||
Many Requests if there are already amount requests in progress
|
||||
(based on the same sourceCriterion strategy).
|
||||
description: |-
|
||||
Amount defines the maximum amount of allowed simultaneous in-flight request.
|
||||
The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
|
||||
format: int64
|
||||
type: integer
|
||||
sourceCriterion:
|
||||
description: 'SourceCriterion defines what criterion is used to
|
||||
group requests as originating from a common source. If several
|
||||
strategies are defined at the same time, an error will be raised.
|
||||
If none are set, the default is to use the requestHost. More
|
||||
info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion'
|
||||
description: |-
|
||||
SourceCriterion defines what criterion is used to group requests as originating from a common source.
|
||||
If several strategies are defined at the same time, an error will be raised.
|
||||
If none are set, the default is to use the requestHost.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration
|
||||
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy'
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -605,13 +659,15 @@ spec:
|
|||
type: object
|
||||
type: object
|
||||
ipAllowList:
|
||||
description: 'IPAllowList holds the IP allowlist middleware configuration.
|
||||
description: |-
|
||||
IPAllowList holds the IP allowlist middleware configuration.
|
||||
This middleware accepts / refuses requests based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/'
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration used
|
||||
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy'
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -626,8 +682,9 @@ spec:
|
|||
type: array
|
||||
type: object
|
||||
rejectStatusCode:
|
||||
description: RejectStatusCode defines the HTTP status code used
|
||||
for refused requests. If not set, the default is 403 (Forbidden).
|
||||
description: |-
|
||||
RejectStatusCode defines the HTTP status code used for refused requests.
|
||||
If not set, the default is 403 (Forbidden).
|
||||
type: integer
|
||||
sourceRange:
|
||||
description: SourceRange defines the set of allowed IPs (or ranges
|
||||
|
@ -640,8 +697,9 @@ spec:
|
|||
description: 'Deprecated: please use IPAllowList instead.'
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration used
|
||||
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy'
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -663,9 +721,10 @@ spec:
|
|||
type: array
|
||||
type: object
|
||||
passTLSClientCert:
|
||||
description: 'PassTLSClientCert holds the pass TLS client cert middleware
|
||||
configuration. This middleware adds the selected data from the passed
|
||||
client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/'
|
||||
description: |-
|
||||
PassTLSClientCert holds the pass TLS client cert middleware configuration.
|
||||
This middleware adds the selected data from the passed client TLS certificate to a header.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/
|
||||
properties:
|
||||
info:
|
||||
description: Info selects the specific client certificate details
|
||||
|
@ -766,46 +825,48 @@ spec:
|
|||
plugin:
|
||||
additionalProperties:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
description: 'Plugin defines the middleware plugin configuration.
|
||||
More info: https://doc.traefik.io/traefik/plugins/'
|
||||
description: |-
|
||||
Plugin defines the middleware plugin configuration.
|
||||
More info: https://doc.traefik.io/traefik/plugins/
|
||||
type: object
|
||||
rateLimit:
|
||||
description: 'RateLimit holds the rate limit configuration. This middleware
|
||||
ensures that services will receive a fair amount of requests, and
|
||||
allows one to define what fair is. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/'
|
||||
description: |-
|
||||
RateLimit holds the rate limit configuration.
|
||||
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/
|
||||
properties:
|
||||
average:
|
||||
description: Average is the maximum rate, by default in requests/s,
|
||||
allowed for the given source. It defaults to 0, which means
|
||||
no rate limiting. The rate is actually defined by dividing Average
|
||||
by Period. So for a rate below 1req/s, one needs to define a
|
||||
Period larger than a second.
|
||||
description: |-
|
||||
Average is the maximum rate, by default in requests/s, allowed for the given source.
|
||||
It defaults to 0, which means no rate limiting.
|
||||
The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
|
||||
one needs to define a Period larger than a second.
|
||||
format: int64
|
||||
type: integer
|
||||
burst:
|
||||
description: Burst is the maximum number of requests allowed to
|
||||
arrive in the same arbitrarily small period of time. It defaults
|
||||
to 1.
|
||||
description: |-
|
||||
Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
|
||||
It defaults to 1.
|
||||
format: int64
|
||||
type: integer
|
||||
period:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: 'Period, in combination with Average, defines the
|
||||
actual maximum rate, such as: r = Average / Period. It defaults
|
||||
to a second.'
|
||||
description: |-
|
||||
Period, in combination with Average, defines the actual maximum rate, such as:
|
||||
r = Average / Period. It defaults to a second.
|
||||
x-kubernetes-int-or-string: true
|
||||
sourceCriterion:
|
||||
description: SourceCriterion defines what criterion is used to
|
||||
group requests as originating from a common source. If several
|
||||
strategies are defined at the same time, an error will be raised.
|
||||
If none are set, the default is to use the request's remote
|
||||
address field (as an ipStrategy).
|
||||
description: |-
|
||||
SourceCriterion defines what criterion is used to group requests as originating from a common source.
|
||||
If several strategies are defined at the same time, an error will be raised.
|
||||
If none are set, the default is to use the request's remote address field (as an ipStrategy).
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration
|
||||
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy'
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -831,9 +892,10 @@ spec:
|
|||
type: object
|
||||
type: object
|
||||
redirectRegex:
|
||||
description: 'RedirectRegex holds the redirect regex middleware configuration.
|
||||
description: |-
|
||||
RedirectRegex holds the redirect regex middleware configuration.
|
||||
This middleware redirects a request using regex matching and replacement.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex'
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex
|
||||
properties:
|
||||
permanent:
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
|
@ -849,9 +911,10 @@ spec:
|
|||
type: string
|
||||
type: object
|
||||
redirectScheme:
|
||||
description: 'RedirectScheme holds the redirect scheme middleware
|
||||
configuration. This middleware redirects requests from a scheme/port
|
||||
to another. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/'
|
||||
description: |-
|
||||
RedirectScheme holds the redirect scheme middleware configuration.
|
||||
This middleware redirects requests from a scheme/port to another.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/
|
||||
properties:
|
||||
permanent:
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
|
@ -865,9 +928,10 @@ spec:
|
|||
type: string
|
||||
type: object
|
||||
replacePath:
|
||||
description: 'ReplacePath holds the replace path middleware configuration.
|
||||
This middleware replaces the path of the request URL and store the
|
||||
original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/'
|
||||
description: |-
|
||||
ReplacePath holds the replace path middleware configuration.
|
||||
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/
|
||||
properties:
|
||||
path:
|
||||
description: Path defines the path to use as replacement in the
|
||||
|
@ -875,9 +939,10 @@ spec:
|
|||
type: string
|
||||
type: object
|
||||
replacePathRegex:
|
||||
description: 'ReplacePathRegex holds the replace path regex middleware
|
||||
configuration. This middleware replaces the path of a URL using
|
||||
regex matching and replacement. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/'
|
||||
description: |-
|
||||
ReplacePathRegex holds the replace path regex middleware configuration.
|
||||
This middleware replaces the path of a URL using regex matching and replacement.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/
|
||||
properties:
|
||||
regex:
|
||||
description: Regex defines the regular expression used to match
|
||||
|
@ -889,11 +954,11 @@ spec:
|
|||
type: string
|
||||
type: object
|
||||
retry:
|
||||
description: 'Retry holds the retry middleware configuration. This
|
||||
middleware reissues requests a given number of times to a backend
|
||||
server if that server does not reply. As soon as the server answers,
|
||||
the middleware stops retrying, regardless of the response status.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/'
|
||||
description: |-
|
||||
Retry holds the retry middleware configuration.
|
||||
This middleware reissues requests a given number of times to a backend server if that server does not reply.
|
||||
As soon as the server answers, the middleware stops retrying, regardless of the response status.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/
|
||||
properties:
|
||||
attempts:
|
||||
description: Attempts defines how many times the request should
|
||||
|
@ -903,18 +968,26 @@ spec:
|
|||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: InitialInterval defines the first wait time in the
|
||||
exponential backoff series. The maximum interval is calculated
|
||||
as twice the initialInterval. If unspecified, requests will
|
||||
be retried immediately. The value of initialInterval should
|
||||
be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
|
||||
description: |-
|
||||
InitialInterval defines the first wait time in the exponential backoff series.
|
||||
The maximum interval is calculated as twice the initialInterval.
|
||||
If unspecified, requests will be retried immediately.
|
||||
The value of initialInterval should be provided in seconds or as a valid duration format,
|
||||
see https://pkg.go.dev/time#ParseDuration.
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
stripPrefix:
|
||||
description: 'StripPrefix holds the strip prefix middleware configuration.
|
||||
description: |-
|
||||
StripPrefix holds the strip prefix middleware configuration.
|
||||
This middleware removes the specified prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/'
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/
|
||||
properties:
|
||||
forceSlash:
|
||||
description: |-
|
||||
Deprecated: ForceSlash option is deprecated, please remove any usage of this option.
|
||||
ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
|
||||
Default: true.
|
||||
type: boolean
|
||||
prefixes:
|
||||
description: Prefixes defines the prefixes to strip from the request
|
||||
URL.
|
||||
|
@ -923,9 +996,10 @@ spec:
|
|||
type: array
|
||||
type: object
|
||||
stripPrefixRegex:
|
||||
description: 'StripPrefixRegex holds the strip prefix regex middleware
|
||||
configuration. This middleware removes the matching prefixes from
|
||||
the URL path. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/'
|
||||
description: |-
|
||||
StripPrefixRegex holds the strip prefix regex middleware configuration.
|
||||
This middleware removes the matching prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/
|
||||
properties:
|
||||
regex:
|
||||
description: Regex defines the regular expression to match the
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
controller-gen.kubebuilder.io/version: v0.14.0
|
||||
name: middlewaretcps.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
|
@ -17,18 +17,24 @@ spec:
|
|||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/'
|
||||
description: |-
|
||||
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
|
@ -39,14 +45,17 @@ spec:
|
|||
description: InFlightConn defines the InFlightConn middleware configuration.
|
||||
properties:
|
||||
amount:
|
||||
description: Amount defines the maximum amount of allowed simultaneous
|
||||
connections. The middleware closes the connection if there are
|
||||
already amount connections opened.
|
||||
description: |-
|
||||
Amount defines the maximum amount of allowed simultaneous connections.
|
||||
The middleware closes the connection if there are already amount connections opened.
|
||||
format: int64
|
||||
type: integer
|
||||
type: object
|
||||
ipAllowList:
|
||||
description: IPAllowList defines the IPAllowList middleware configuration.
|
||||
description: |-
|
||||
IPAllowList defines the IPAllowList middleware configuration.
|
||||
This middleware accepts/refuses connections based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
|
@ -56,8 +65,11 @@ spec:
|
|||
type: array
|
||||
type: object
|
||||
ipWhiteList:
|
||||
description: 'IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
Deprecated: please use IPAllowList instead.'
|
||||
description: |-
|
||||
IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
This middleware accepts/refuses connections based on the client IP.
|
||||
Deprecated: please use IPAllowList instead.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
controller-gen.kubebuilder.io/version: v0.14.0
|
||||
name: serverstransports.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
|
@ -17,20 +17,26 @@ spec:
|
|||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'ServersTransport is the CRD implementation of a ServersTransport.
|
||||
description: |-
|
||||
ServersTransport is the CRD implementation of a ServersTransport.
|
||||
If no serversTransport is specified, the default@internal will be used.
|
||||
The default@internal serversTransport is created from the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1'
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
controller-gen.kubebuilder.io/version: v0.14.0
|
||||
name: serverstransporttcps.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
|
@ -17,20 +17,26 @@ spec:
|
|||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'ServersTransportTCP is the CRD implementation of a TCPServersTransport.
|
||||
If no tcpServersTransport is specified, a default one named default@internal
|
||||
will be used. The default@internal tcpServersTransport can be configured
|
||||
in the static configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3'
|
||||
description: |-
|
||||
ServersTransportTCP is the CRD implementation of a TCPServersTransport.
|
||||
If no tcpServersTransport is specified, a default one named default@internal will be used.
|
||||
The default@internal tcpServersTransport can be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
|
@ -76,9 +82,9 @@ spec:
|
|||
description: InsecureSkipVerify disables TLS certificate verification.
|
||||
type: boolean
|
||||
peerCertURI:
|
||||
description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
|
||||
to keep per-host. PeerCertURI defines the peer cert URI used
|
||||
to match against SAN URI during the peer certificate verification.
|
||||
description: |-
|
||||
MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host.
|
||||
PeerCertURI defines the peer cert URI used to match against SAN URI during the peer certificate verification.
|
||||
type: string
|
||||
rootCAsSecrets:
|
||||
description: RootCAsSecrets defines a list of CA secret used to
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
controller-gen.kubebuilder.io/version: v0.14.0
|
||||
name: tlsoptions.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
|
@ -17,19 +17,24 @@ spec:
|
|||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
|
||||
allowing to configure some parameters of the TLS connection. More info:
|
||||
https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options'
|
||||
description: |-
|
||||
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
|
@ -37,15 +42,16 @@ spec:
|
|||
description: TLSOptionSpec defines the desired state of a TLSOption.
|
||||
properties:
|
||||
alpnProtocols:
|
||||
description: 'ALPNProtocols defines the list of supported application
|
||||
level protocols for the TLS handshake, in order of preference. More
|
||||
info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols'
|
||||
description: |-
|
||||
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
cipherSuites:
|
||||
description: 'CipherSuites defines the list of supported cipher suites
|
||||
for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites'
|
||||
description: |-
|
||||
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
|
@ -71,21 +77,30 @@ spec:
|
|||
type: array
|
||||
type: object
|
||||
curvePreferences:
|
||||
description: 'CurvePreferences defines the preferred elliptic curves
|
||||
in a specific order. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences'
|
||||
description: |-
|
||||
CurvePreferences defines the preferred elliptic curves in a specific order.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
maxVersion:
|
||||
description: 'MaxVersion defines the maximum TLS version that Traefik
|
||||
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
|
||||
VersionTLS13. Default: None.'
|
||||
description: |-
|
||||
MaxVersion defines the maximum TLS version that Traefik will accept.
|
||||
Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
|
||||
Default: None.
|
||||
type: string
|
||||
minVersion:
|
||||
description: 'MinVersion defines the minimum TLS version that Traefik
|
||||
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
|
||||
VersionTLS13. Default: VersionTLS10.'
|
||||
description: |-
|
||||
MinVersion defines the minimum TLS version that Traefik will accept.
|
||||
Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
|
||||
Default: VersionTLS10.
|
||||
type: string
|
||||
preferServerCipherSuites:
|
||||
description: |-
|
||||
PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
|
||||
It is enabled automatically when minVersion or maxVersion is set.
|
||||
Deprecated: https://github.com/golang/go/issues/45430
|
||||
type: boolean
|
||||
sniStrict:
|
||||
description: SniStrict defines whether Traefik allows connections
|
||||
from clients connections that do not specify a server_name extension.
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
controller-gen.kubebuilder.io/version: v0.14.0
|
||||
name: tlsstores.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
|
@ -17,20 +17,26 @@ spec:
|
|||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
|
||||
the time being, only the TLSStore named default is supported. This means
|
||||
that you cannot have two stores that are named default in different Kubernetes
|
||||
namespaces. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores'
|
||||
description: |-
|
||||
TLSStore is the CRD implementation of a Traefik TLS Store.
|
||||
For the time being, only the TLSStore named default is supported.
|
||||
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
controller-gen.kubebuilder.io/version: v0.14.0
|
||||
name: traefikservices.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
|
@ -17,19 +17,27 @@ spec:
|
|||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'TraefikService is the CRD implementation of a Traefik Service.
|
||||
TraefikService object allows to: - Apply weight to Services on load-balancing
|
||||
- Mirror traffic on services More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice'
|
||||
description: |-
|
||||
TraefikService is the CRD implementation of a Traefik Service.
|
||||
TraefikService object allows to:
|
||||
- Apply weight to Services on load-balancing
|
||||
- Mirror traffic on services
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
|
@ -46,10 +54,10 @@ spec:
|
|||
- TraefikService
|
||||
type: string
|
||||
maxBodySize:
|
||||
description: MaxBodySize defines the maximum size allowed for
|
||||
the body of the request. If the body is larger, the request
|
||||
is not mirrored. Default value is -1, which means unlimited
|
||||
size.
|
||||
description: |-
|
||||
MaxBodySize defines the maximum size allowed for the body of the request.
|
||||
If the body is larger, the request is not mirrored.
|
||||
Default value is -1, which means unlimited size.
|
||||
format: int64
|
||||
type: integer
|
||||
mirrors:
|
||||
|
@ -65,35 +73,37 @@ spec:
|
|||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service or TraefikService. The differentiation between
|
||||
the two is specified in the Kind field.
|
||||
description: |-
|
||||
Name defines the name of the referenced Kubernetes Service or TraefikService.
|
||||
The differentiation between the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service or TraefikService.
|
||||
type: string
|
||||
nativeLB:
|
||||
description: NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs or
|
||||
if the only child is the Kubernetes Service clusterIP.
|
||||
The Kubernetes Service itself does load-balance to the
|
||||
pods. By default, NativeLB is false.
|
||||
description: |-
|
||||
NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
|
||||
The Kubernetes Service itself does load-balance to the pods.
|
||||
By default, NativeLB is false.
|
||||
type: boolean
|
||||
passHostHeader:
|
||||
description: PassHostHeader defines whether the client Host
|
||||
header is forwarded to the upstream Kubernetes Service.
|
||||
description: |-
|
||||
PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
|
||||
By default, passHostHeader is true.
|
||||
type: boolean
|
||||
percent:
|
||||
description: 'Percent defines the part of the traffic to
|
||||
mirror. Supported values: 0 to 100.'
|
||||
description: |-
|
||||
Percent defines the part of the traffic to mirror.
|
||||
Supported values: 0 to 100.
|
||||
type: integer
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service.
|
||||
description: |-
|
||||
Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
|
@ -102,30 +112,29 @@ spec:
|
|||
client.
|
||||
properties:
|
||||
flushInterval:
|
||||
description: 'FlushInterval defines the interval, in
|
||||
milliseconds, in between flushes to the client while
|
||||
copying the response body. A negative value means
|
||||
to flush immediately after each write to the client.
|
||||
This configuration is ignored when ReverseProxy recognizes
|
||||
a response as a streaming response; for such responses,
|
||||
writes are flushed to the client immediately. Default:
|
||||
100ms'
|
||||
description: |-
|
||||
FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
|
||||
A negative value means to flush immediately after each write to the client.
|
||||
This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
|
||||
for such responses, writes are flushed to the client immediately.
|
||||
Default: 100ms
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
description: Scheme defines the scheme to use for the request
|
||||
to the upstream Kubernetes Service. It defaults to https
|
||||
when Kubernetes Service port is 443, http otherwise.
|
||||
description: |-
|
||||
Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
|
||||
It defaults to https when Kubernetes Service port is 443, http otherwise.
|
||||
type: string
|
||||
serversTransport:
|
||||
description: ServersTransport defines the name of ServersTransport
|
||||
resource to use. It allows to configure the transport
|
||||
between Traefik and your servers. Can only be used on
|
||||
a Kubernetes Service.
|
||||
description: |-
|
||||
ServersTransport defines the name of ServersTransport resource to use.
|
||||
It allows to configure the transport between Traefik and your servers.
|
||||
Can only be used on a Kubernetes Service.
|
||||
type: string
|
||||
sticky:
|
||||
description: 'Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions'
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -135,17 +144,18 @@ spec:
|
|||
can be accessed by client-side APIs, such as JavaScript.
|
||||
type: boolean
|
||||
maxAge:
|
||||
description: MaxAge indicates the number of seconds
|
||||
until the cookie expires. When set to a negative
|
||||
number, the cookie expires immediately. When set
|
||||
to zero, the cookie never expires.
|
||||
description: |-
|
||||
MaxAge indicates the number of seconds until the cookie expires.
|
||||
When set to a negative number, the cookie expires immediately.
|
||||
When set to zero, the cookie never expires.
|
||||
type: integer
|
||||
name:
|
||||
description: Name defines the Cookie name.
|
||||
type: string
|
||||
sameSite:
|
||||
description: 'SameSite defines the same site policy.
|
||||
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||
description: |-
|
||||
SameSite defines the same site policy.
|
||||
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
|
||||
type: string
|
||||
secure:
|
||||
description: Secure defines whether the cookie can
|
||||
|
@ -155,13 +165,13 @@ spec:
|
|||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
description: Strategy defines the load balancing strategy
|
||||
between the servers. RoundRobin is the only supported
|
||||
value at the moment.
|
||||
description: |-
|
||||
Strategy defines the load balancing strategy between the servers.
|
||||
RoundRobin is the only supported value at the moment.
|
||||
type: string
|
||||
weight:
|
||||
description: Weight defines the weight and should only be
|
||||
specified when Name references a TraefikService object
|
||||
description: |-
|
||||
Weight defines the weight and should only be specified when Name references a TraefikService object
|
||||
(and to be precise, one that embeds a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
|
@ -169,60 +179,62 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service or TraefikService. The differentiation between the two
|
||||
is specified in the Kind field.
|
||||
description: |-
|
||||
Name defines the name of the referenced Kubernetes Service or TraefikService.
|
||||
The differentiation between the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service or TraefikService.
|
||||
type: string
|
||||
nativeLB:
|
||||
description: NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs or if the
|
||||
only child is the Kubernetes Service clusterIP. The Kubernetes
|
||||
Service itself does load-balance to the pods. By default, NativeLB
|
||||
is false.
|
||||
description: |-
|
||||
NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
|
||||
The Kubernetes Service itself does load-balance to the pods.
|
||||
By default, NativeLB is false.
|
||||
type: boolean
|
||||
passHostHeader:
|
||||
description: PassHostHeader defines whether the client Host header
|
||||
is forwarded to the upstream Kubernetes Service. By default,
|
||||
passHostHeader is true.
|
||||
description: |-
|
||||
PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
|
||||
By default, passHostHeader is true.
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service. This
|
||||
can be a reference to a named port.
|
||||
description: |-
|
||||
Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding defines how Traefik forwards the
|
||||
response from the upstream Kubernetes Service to the client.
|
||||
properties:
|
||||
flushInterval:
|
||||
description: 'FlushInterval defines the interval, in milliseconds,
|
||||
in between flushes to the client while copying the response
|
||||
body. A negative value means to flush immediately after
|
||||
each write to the client. This configuration is ignored
|
||||
when ReverseProxy recognizes a response as a streaming response;
|
||||
description: |-
|
||||
FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
|
||||
A negative value means to flush immediately after each write to the client.
|
||||
This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
|
||||
for such responses, writes are flushed to the client immediately.
|
||||
Default: 100ms'
|
||||
Default: 100ms
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
description: Scheme defines the scheme to use for the request
|
||||
to the upstream Kubernetes Service. It defaults to https when
|
||||
Kubernetes Service port is 443, http otherwise.
|
||||
description: |-
|
||||
Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
|
||||
It defaults to https when Kubernetes Service port is 443, http otherwise.
|
||||
type: string
|
||||
serversTransport:
|
||||
description: ServersTransport defines the name of ServersTransport
|
||||
resource to use. It allows to configure the transport between
|
||||
Traefik and your servers. Can only be used on a Kubernetes Service.
|
||||
description: |-
|
||||
ServersTransport defines the name of ServersTransport resource to use.
|
||||
It allows to configure the transport between Traefik and your servers.
|
||||
Can only be used on a Kubernetes Service.
|
||||
type: string
|
||||
sticky:
|
||||
description: 'Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions'
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -232,17 +244,18 @@ spec:
|
|||
accessed by client-side APIs, such as JavaScript.
|
||||
type: boolean
|
||||
maxAge:
|
||||
description: MaxAge indicates the number of seconds until
|
||||
the cookie expires. When set to a negative number, the
|
||||
cookie expires immediately. When set to zero, the cookie
|
||||
never expires.
|
||||
description: |-
|
||||
MaxAge indicates the number of seconds until the cookie expires.
|
||||
When set to a negative number, the cookie expires immediately.
|
||||
When set to zero, the cookie never expires.
|
||||
type: integer
|
||||
name:
|
||||
description: Name defines the Cookie name.
|
||||
type: string
|
||||
sameSite:
|
||||
description: 'SameSite defines the same site policy. More
|
||||
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||
description: |-
|
||||
SameSite defines the same site policy.
|
||||
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
|
||||
type: string
|
||||
secure:
|
||||
description: Secure defines whether the cookie can only
|
||||
|
@ -251,13 +264,14 @@ spec:
|
|||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
description: Strategy defines the load balancing strategy between
|
||||
the servers. RoundRobin is the only supported value at the moment.
|
||||
description: |-
|
||||
Strategy defines the load balancing strategy between the servers.
|
||||
RoundRobin is the only supported value at the moment.
|
||||
type: string
|
||||
weight:
|
||||
description: Weight defines the weight and should only be specified
|
||||
when Name references a TraefikService object (and to be precise,
|
||||
one that embeds a Weighted Round Robin).
|
||||
description: |-
|
||||
Weight defines the weight and should only be specified when Name references a TraefikService object
|
||||
(and to be precise, one that embeds a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
|
@ -279,31 +293,32 @@ spec:
|
|||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service or TraefikService. The differentiation between
|
||||
the two is specified in the Kind field.
|
||||
description: |-
|
||||
Name defines the name of the referenced Kubernetes Service or TraefikService.
|
||||
The differentiation between the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service or TraefikService.
|
||||
type: string
|
||||
nativeLB:
|
||||
description: NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs or
|
||||
if the only child is the Kubernetes Service clusterIP.
|
||||
The Kubernetes Service itself does load-balance to the
|
||||
pods. By default, NativeLB is false.
|
||||
description: |-
|
||||
NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
|
||||
The Kubernetes Service itself does load-balance to the pods.
|
||||
By default, NativeLB is false.
|
||||
type: boolean
|
||||
passHostHeader:
|
||||
description: PassHostHeader defines whether the client Host
|
||||
header is forwarded to the upstream Kubernetes Service.
|
||||
description: |-
|
||||
PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
|
||||
By default, passHostHeader is true.
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service.
|
||||
description: |-
|
||||
Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
|
@ -312,30 +327,29 @@ spec:
|
|||
client.
|
||||
properties:
|
||||
flushInterval:
|
||||
description: 'FlushInterval defines the interval, in
|
||||
milliseconds, in between flushes to the client while
|
||||
copying the response body. A negative value means
|
||||
to flush immediately after each write to the client.
|
||||
This configuration is ignored when ReverseProxy recognizes
|
||||
a response as a streaming response; for such responses,
|
||||
writes are flushed to the client immediately. Default:
|
||||
100ms'
|
||||
description: |-
|
||||
FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
|
||||
A negative value means to flush immediately after each write to the client.
|
||||
This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
|
||||
for such responses, writes are flushed to the client immediately.
|
||||
Default: 100ms
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
description: Scheme defines the scheme to use for the request
|
||||
to the upstream Kubernetes Service. It defaults to https
|
||||
when Kubernetes Service port is 443, http otherwise.
|
||||
description: |-
|
||||
Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
|
||||
It defaults to https when Kubernetes Service port is 443, http otherwise.
|
||||
type: string
|
||||
serversTransport:
|
||||
description: ServersTransport defines the name of ServersTransport
|
||||
resource to use. It allows to configure the transport
|
||||
between Traefik and your servers. Can only be used on
|
||||
a Kubernetes Service.
|
||||
description: |-
|
||||
ServersTransport defines the name of ServersTransport resource to use.
|
||||
It allows to configure the transport between Traefik and your servers.
|
||||
Can only be used on a Kubernetes Service.
|
||||
type: string
|
||||
sticky:
|
||||
description: 'Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions'
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -345,17 +359,18 @@ spec:
|
|||
can be accessed by client-side APIs, such as JavaScript.
|
||||
type: boolean
|
||||
maxAge:
|
||||
description: MaxAge indicates the number of seconds
|
||||
until the cookie expires. When set to a negative
|
||||
number, the cookie expires immediately. When set
|
||||
to zero, the cookie never expires.
|
||||
description: |-
|
||||
MaxAge indicates the number of seconds until the cookie expires.
|
||||
When set to a negative number, the cookie expires immediately.
|
||||
When set to zero, the cookie never expires.
|
||||
type: integer
|
||||
name:
|
||||
description: Name defines the Cookie name.
|
||||
type: string
|
||||
sameSite:
|
||||
description: 'SameSite defines the same site policy.
|
||||
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||
description: |-
|
||||
SameSite defines the same site policy.
|
||||
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
|
||||
type: string
|
||||
secure:
|
||||
description: Secure defines whether the cookie can
|
||||
|
@ -365,13 +380,13 @@ spec:
|
|||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
description: Strategy defines the load balancing strategy
|
||||
between the servers. RoundRobin is the only supported
|
||||
value at the moment.
|
||||
description: |-
|
||||
Strategy defines the load balancing strategy between the servers.
|
||||
RoundRobin is the only supported value at the moment.
|
||||
type: string
|
||||
weight:
|
||||
description: Weight defines the weight and should only be
|
||||
specified when Name references a TraefikService object
|
||||
description: |-
|
||||
Weight defines the weight and should only be specified when Name references a TraefikService object
|
||||
(and to be precise, one that embeds a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
|
@ -379,8 +394,9 @@ spec:
|
|||
type: object
|
||||
type: array
|
||||
sticky:
|
||||
description: 'Sticky defines whether sticky sessions are enabled.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
|
||||
description: |-
|
||||
Sticky defines whether sticky sessions are enabled.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -390,17 +406,18 @@ spec:
|
|||
accessed by client-side APIs, such as JavaScript.
|
||||
type: boolean
|
||||
maxAge:
|
||||
description: MaxAge indicates the number of seconds until
|
||||
the cookie expires. When set to a negative number, the
|
||||
cookie expires immediately. When set to zero, the cookie
|
||||
never expires.
|
||||
description: |-
|
||||
MaxAge indicates the number of seconds until the cookie expires.
|
||||
When set to a negative number, the cookie expires immediately.
|
||||
When set to zero, the cookie never expires.
|
||||
type: integer
|
||||
name:
|
||||
description: Name defines the Cookie name.
|
||||
type: string
|
||||
sameSite:
|
||||
description: 'SameSite defines the same site policy. More
|
||||
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||
description: |-
|
||||
SameSite defines the same site policy.
|
||||
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
|
||||
type: string
|
||||
secure:
|
||||
description: Secure defines whether the cookie can only
|
||||
|
|
|
@ -6,6 +6,9 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
|||
`--accesslog`:
|
||||
Access log settings. (Default: ```false```)
|
||||
|
||||
`--accesslog.addinternals`:
|
||||
Enables access log for internal services (ping, dashboard, etc...). (Default: ```false```)
|
||||
|
||||
`--accesslog.bufferingsize`:
|
||||
Number of access log lines to process in a buffered way. (Default: ```0```)
|
||||
|
||||
|
@ -105,6 +108,9 @@ Activate TLS-ALPN-01 Challenge. (Default: ```true```)
|
|||
`--certificatesresolvers.<name>.tailscale`:
|
||||
Enables Tailscale certificate resolution. (Default: ```true```)
|
||||
|
||||
`--core.defaultrulesyntax`:
|
||||
Defines the rule parser default syntax (v2 or v3) (Default: ```v3```)
|
||||
|
||||
`--entrypoints.<name>`:
|
||||
Entry points definition. (Default: ```false```)
|
||||
|
||||
|
@ -177,6 +183,9 @@ Trust all. (Default: ```false```)
|
|||
`--entrypoints.<name>.proxyprotocol.trustedips`:
|
||||
Trust only selected IPs.
|
||||
|
||||
`--entrypoints.<name>.reuseport`:
|
||||
Enables EntryPoints from the same or different processes listening on the same TCP/UDP port. (Default: ```false```)
|
||||
|
||||
`--entrypoints.<name>.transport.keepalivemaxrequests`:
|
||||
Maximum number of requests before closing a keep-alive connection. (Default: ```0```)
|
||||
|
||||
|
@ -261,6 +270,9 @@ Maximum size in megabytes of the log file before it gets rotated. (Default: ```0
|
|||
`--log.nocolor`:
|
||||
When using the 'common' format, disables the colorized output. (Default: ```false```)
|
||||
|
||||
`--metrics.addinternals`:
|
||||
Enables metrics for internal services (ping, dashboard, etc...). (Default: ```false```)
|
||||
|
||||
`--metrics.datadog`:
|
||||
Datadog metrics exporter type. (Default: ```false```)
|
||||
|
||||
|
@ -312,51 +324,63 @@ InfluxDB v2 push interval. (Default: ```10```)
|
|||
`--metrics.influxdb2.token`:
|
||||
InfluxDB v2 access token.
|
||||
|
||||
`--metrics.opentelemetry`:
|
||||
`--metrics.otlp`:
|
||||
OpenTelemetry metrics exporter type. (Default: ```false```)
|
||||
|
||||
`--metrics.opentelemetry.addentrypointslabels`:
|
||||
`--metrics.otlp.addentrypointslabels`:
|
||||
Enable metrics on entry points. (Default: ```true```)
|
||||
|
||||
`--metrics.opentelemetry.address`:
|
||||
Address (host:port) of the collector endpoint. (Default: ```localhost:4318```)
|
||||
|
||||
`--metrics.opentelemetry.addrouterslabels`:
|
||||
`--metrics.otlp.addrouterslabels`:
|
||||
Enable metrics on routers. (Default: ```false```)
|
||||
|
||||
`--metrics.opentelemetry.addserviceslabels`:
|
||||
`--metrics.otlp.addserviceslabels`:
|
||||
Enable metrics on services. (Default: ```true```)
|
||||
|
||||
`--metrics.opentelemetry.explicitboundaries`:
|
||||
`--metrics.otlp.explicitboundaries`:
|
||||
Boundaries for latency metrics. (Default: ```0.005000, 0.010000, 0.025000, 0.050000, 0.100000, 0.250000, 0.500000, 1.000000, 2.500000, 5.000000, 10.000000```)
|
||||
|
||||
`--metrics.opentelemetry.grpc`:
|
||||
gRPC specific configuration for the OpenTelemetry collector. (Default: ```true```)
|
||||
`--metrics.otlp.grpc.endpoint`:
|
||||
Sets the gRPC endpoint (host:port) of the collector. (Default: ```localhost:4317```)
|
||||
|
||||
`--metrics.opentelemetry.headers.<name>`:
|
||||
`--metrics.otlp.grpc.headers.<name>`:
|
||||
Headers sent with payload.
|
||||
|
||||
`--metrics.opentelemetry.insecure`:
|
||||
`--metrics.otlp.grpc.insecure`:
|
||||
Disables client transport security for the exporter. (Default: ```false```)
|
||||
|
||||
`--metrics.opentelemetry.path`:
|
||||
Set the URL path of the collector endpoint.
|
||||
|
||||
`--metrics.opentelemetry.pushinterval`:
|
||||
Period between calls to collect a checkpoint. (Default: ```10```)
|
||||
|
||||
`--metrics.opentelemetry.tls.ca`:
|
||||
`--metrics.otlp.grpc.tls.ca`:
|
||||
TLS CA
|
||||
|
||||
`--metrics.opentelemetry.tls.cert`:
|
||||
`--metrics.otlp.grpc.tls.cert`:
|
||||
TLS cert
|
||||
|
||||
`--metrics.opentelemetry.tls.insecureskipverify`:
|
||||
`--metrics.otlp.grpc.tls.insecureskipverify`:
|
||||
TLS insecure skip verify (Default: ```false```)
|
||||
|
||||
`--metrics.opentelemetry.tls.key`:
|
||||
`--metrics.otlp.grpc.tls.key`:
|
||||
TLS key
|
||||
|
||||
`--metrics.otlp.http.endpoint`:
|
||||
Sets the HTTP endpoint (scheme://host:port/path) of the collector. (Default: ```https://localhost:4318```)
|
||||
|
||||
`--metrics.otlp.http.headers.<name>`:
|
||||
Headers sent with payload.
|
||||
|
||||
`--metrics.otlp.http.tls.ca`:
|
||||
TLS CA
|
||||
|
||||
`--metrics.otlp.http.tls.cert`:
|
||||
TLS cert
|
||||
|
||||
`--metrics.otlp.http.tls.insecureskipverify`:
|
||||
TLS insecure skip verify (Default: ```false```)
|
||||
|
||||
`--metrics.otlp.http.tls.key`:
|
||||
TLS key
|
||||
|
||||
`--metrics.otlp.pushinterval`:
|
||||
Period between calls to collect a checkpoint. (Default: ```10```)
|
||||
|
||||
`--metrics.prometheus`:
|
||||
Prometheus metrics exporter type. (Default: ```false```)
|
||||
|
||||
|
@ -987,18 +1011,21 @@ Defines the allowed SPIFFE trust domain.
|
|||
`--tracing`:
|
||||
OpenTracing configuration. (Default: ```false```)
|
||||
|
||||
`--tracing.addinternals`:
|
||||
Enables tracing for internal services (ping, dashboard, etc...). (Default: ```false```)
|
||||
|
||||
`--tracing.globalattributes.<name>`:
|
||||
Defines additional attributes (key:value) on all spans.
|
||||
|
||||
`--tracing.headers.<name>`:
|
||||
Defines additional headers to be sent with the payloads.
|
||||
|
||||
`--tracing.otlp`:
|
||||
Settings for OpenTelemetry. (Default: ```false```)
|
||||
|
||||
`--tracing.otlp.grpc.endpoint`:
|
||||
Sets the gRPC endpoint (host:port) of the collector. (Default: ```localhost:4317```)
|
||||
|
||||
`--tracing.otlp.grpc.headers.<name>`:
|
||||
Headers sent with payload.
|
||||
|
||||
`--tracing.otlp.grpc.insecure`:
|
||||
Disables client transport security for the exporter. (Default: ```false```)
|
||||
|
||||
|
@ -1015,7 +1042,10 @@ TLS insecure skip verify (Default: ```false```)
|
|||
TLS key
|
||||
|
||||
`--tracing.otlp.http.endpoint`:
|
||||
Sets the HTTP endpoint (scheme://host:port/v1/traces) of the collector. (Default: ```localhost:4318```)
|
||||
Sets the HTTP endpoint (scheme://host:port/path) of the collector. (Default: ```https://localhost:4318```)
|
||||
|
||||
`--tracing.otlp.http.headers.<name>`:
|
||||
Headers sent with payload.
|
||||
|
||||
`--tracing.otlp.http.tls.ca`:
|
||||
TLS CA
|
||||
|
|
|
@ -6,6 +6,9 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
|||
`TRAEFIK_ACCESSLOG`:
|
||||
Access log settings. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_ACCESSLOG_ADDINTERNALS`:
|
||||
Enables access log for internal services (ping, dashboard, etc...). (Default: ```false```)
|
||||
|
||||
`TRAEFIK_ACCESSLOG_BUFFERINGSIZE`:
|
||||
Number of access log lines to process in a buffered way. (Default: ```0```)
|
||||
|
||||
|
@ -105,6 +108,9 @@ Activate TLS-ALPN-01 Challenge. (Default: ```true```)
|
|||
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_TAILSCALE`:
|
||||
Enables Tailscale certificate resolution. (Default: ```true```)
|
||||
|
||||
`TRAEFIK_CORE_DEFAULTRULESYNTAX`:
|
||||
Defines the rule parser default syntax (v2 or v3) (Default: ```v3```)
|
||||
|
||||
`TRAEFIK_ENTRYPOINTS_<NAME>`:
|
||||
Entry points definition. (Default: ```false```)
|
||||
|
||||
|
@ -177,6 +183,9 @@ Trust all. (Default: ```false```)
|
|||
`TRAEFIK_ENTRYPOINTS_<NAME>_PROXYPROTOCOL_TRUSTEDIPS`:
|
||||
Trust only selected IPs.
|
||||
|
||||
`TRAEFIK_ENTRYPOINTS_<NAME>_REUSEPORT`:
|
||||
Enables EntryPoints from the same or different processes listening on the same TCP/UDP port. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_KEEPALIVEMAXREQUESTS`:
|
||||
Maximum number of requests before closing a keep-alive connection. (Default: ```0```)
|
||||
|
||||
|
@ -261,6 +270,9 @@ Maximum size in megabytes of the log file before it gets rotated. (Default: ```0
|
|||
`TRAEFIK_LOG_NOCOLOR`:
|
||||
When using the 'common' format, disables the colorized output. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_METRICS_ADDINTERNALS`:
|
||||
Enables metrics for internal services (ping, dashboard, etc...). (Default: ```false```)
|
||||
|
||||
`TRAEFIK_METRICS_DATADOG`:
|
||||
Datadog metrics exporter type. (Default: ```false```)
|
||||
|
||||
|
@ -312,51 +324,63 @@ InfluxDB v2 push interval. (Default: ```10```)
|
|||
`TRAEFIK_METRICS_INFLUXDB2_TOKEN`:
|
||||
InfluxDB v2 access token.
|
||||
|
||||
`TRAEFIK_METRICS_OPENTELEMETRY`:
|
||||
`TRAEFIK_METRICS_OTLP`:
|
||||
OpenTelemetry metrics exporter type. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_METRICS_OPENTELEMETRY_ADDENTRYPOINTSLABELS`:
|
||||
`TRAEFIK_METRICS_OTLP_ADDENTRYPOINTSLABELS`:
|
||||
Enable metrics on entry points. (Default: ```true```)
|
||||
|
||||
`TRAEFIK_METRICS_OPENTELEMETRY_ADDRESS`:
|
||||
Address (host:port) of the collector endpoint. (Default: ```localhost:4318```)
|
||||
|
||||
`TRAEFIK_METRICS_OPENTELEMETRY_ADDROUTERSLABELS`:
|
||||
`TRAEFIK_METRICS_OTLP_ADDROUTERSLABELS`:
|
||||
Enable metrics on routers. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_METRICS_OPENTELEMETRY_ADDSERVICESLABELS`:
|
||||
`TRAEFIK_METRICS_OTLP_ADDSERVICESLABELS`:
|
||||
Enable metrics on services. (Default: ```true```)
|
||||
|
||||
`TRAEFIK_METRICS_OPENTELEMETRY_EXPLICITBOUNDARIES`:
|
||||
`TRAEFIK_METRICS_OTLP_EXPLICITBOUNDARIES`:
|
||||
Boundaries for latency metrics. (Default: ```0.005000, 0.010000, 0.025000, 0.050000, 0.100000, 0.250000, 0.500000, 1.000000, 2.500000, 5.000000, 10.000000```)
|
||||
|
||||
`TRAEFIK_METRICS_OPENTELEMETRY_GRPC`:
|
||||
gRPC specific configuration for the OpenTelemetry collector. (Default: ```true```)
|
||||
`TRAEFIK_METRICS_OTLP_GRPC_ENDPOINT`:
|
||||
Sets the gRPC endpoint (host:port) of the collector. (Default: ```localhost:4317```)
|
||||
|
||||
`TRAEFIK_METRICS_OPENTELEMETRY_HEADERS_<NAME>`:
|
||||
`TRAEFIK_METRICS_OTLP_GRPC_HEADERS_<NAME>`:
|
||||
Headers sent with payload.
|
||||
|
||||
`TRAEFIK_METRICS_OPENTELEMETRY_INSECURE`:
|
||||
`TRAEFIK_METRICS_OTLP_GRPC_INSECURE`:
|
||||
Disables client transport security for the exporter. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_METRICS_OPENTELEMETRY_PATH`:
|
||||
Set the URL path of the collector endpoint.
|
||||
|
||||
`TRAEFIK_METRICS_OPENTELEMETRY_PUSHINTERVAL`:
|
||||
Period between calls to collect a checkpoint. (Default: ```10```)
|
||||
|
||||
`TRAEFIK_METRICS_OPENTELEMETRY_TLS_CA`:
|
||||
`TRAEFIK_METRICS_OTLP_GRPC_TLS_CA`:
|
||||
TLS CA
|
||||
|
||||
`TRAEFIK_METRICS_OPENTELEMETRY_TLS_CERT`:
|
||||
`TRAEFIK_METRICS_OTLP_GRPC_TLS_CERT`:
|
||||
TLS cert
|
||||
|
||||
`TRAEFIK_METRICS_OPENTELEMETRY_TLS_INSECURESKIPVERIFY`:
|
||||
`TRAEFIK_METRICS_OTLP_GRPC_TLS_INSECURESKIPVERIFY`:
|
||||
TLS insecure skip verify (Default: ```false```)
|
||||
|
||||
`TRAEFIK_METRICS_OPENTELEMETRY_TLS_KEY`:
|
||||
`TRAEFIK_METRICS_OTLP_GRPC_TLS_KEY`:
|
||||
TLS key
|
||||
|
||||
`TRAEFIK_METRICS_OTLP_HTTP_ENDPOINT`:
|
||||
Sets the HTTP endpoint (scheme://host:port/path) of the collector. (Default: ```https://localhost:4318```)
|
||||
|
||||
`TRAEFIK_METRICS_OTLP_HTTP_HEADERS_<NAME>`:
|
||||
Headers sent with payload.
|
||||
|
||||
`TRAEFIK_METRICS_OTLP_HTTP_TLS_CA`:
|
||||
TLS CA
|
||||
|
||||
`TRAEFIK_METRICS_OTLP_HTTP_TLS_CERT`:
|
||||
TLS cert
|
||||
|
||||
`TRAEFIK_METRICS_OTLP_HTTP_TLS_INSECURESKIPVERIFY`:
|
||||
TLS insecure skip verify (Default: ```false```)
|
||||
|
||||
`TRAEFIK_METRICS_OTLP_HTTP_TLS_KEY`:
|
||||
TLS key
|
||||
|
||||
`TRAEFIK_METRICS_OTLP_PUSHINTERVAL`:
|
||||
Period between calls to collect a checkpoint. (Default: ```10```)
|
||||
|
||||
`TRAEFIK_METRICS_PROMETHEUS`:
|
||||
Prometheus metrics exporter type. (Default: ```false```)
|
||||
|
||||
|
@ -987,18 +1011,21 @@ Defines the allowed SPIFFE trust domain.
|
|||
`TRAEFIK_TRACING`:
|
||||
OpenTracing configuration. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_TRACING_ADDINTERNALS`:
|
||||
Enables tracing for internal services (ping, dashboard, etc...). (Default: ```false```)
|
||||
|
||||
`TRAEFIK_TRACING_GLOBALATTRIBUTES_<NAME>`:
|
||||
Defines additional attributes (key:value) on all spans.
|
||||
|
||||
`TRAEFIK_TRACING_HEADERS_<NAME>`:
|
||||
Defines additional headers to be sent with the payloads.
|
||||
|
||||
`TRAEFIK_TRACING_OTLP`:
|
||||
Settings for OpenTelemetry. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_TRACING_OTLP_GRPC_ENDPOINT`:
|
||||
Sets the gRPC endpoint (host:port) of the collector. (Default: ```localhost:4317```)
|
||||
|
||||
`TRAEFIK_TRACING_OTLP_GRPC_HEADERS_<NAME>`:
|
||||
Headers sent with payload.
|
||||
|
||||
`TRAEFIK_TRACING_OTLP_GRPC_INSECURE`:
|
||||
Disables client transport security for the exporter. (Default: ```false```)
|
||||
|
||||
|
@ -1015,7 +1042,10 @@ TLS insecure skip verify (Default: ```false```)
|
|||
TLS key
|
||||
|
||||
`TRAEFIK_TRACING_OTLP_HTTP_ENDPOINT`:
|
||||
Sets the HTTP endpoint (scheme://host:port/v1/traces) of the collector. (Default: ```localhost:4318```)
|
||||
Sets the HTTP endpoint (scheme://host:port/path) of the collector. (Default: ```https://localhost:4318```)
|
||||
|
||||
`TRAEFIK_TRACING_OTLP_HTTP_HEADERS_<NAME>`:
|
||||
Headers sent with payload.
|
||||
|
||||
`TRAEFIK_TRACING_OTLP_HTTP_TLS_CA`:
|
||||
TLS CA
|
||||
|
|
|
@ -30,6 +30,7 @@
|
|||
[entryPoints]
|
||||
[entryPoints.EntryPoint0]
|
||||
address = "foobar"
|
||||
reusePort = true
|
||||
asDefault = true
|
||||
[entryPoints.EntryPoint0.transport]
|
||||
keepAliveMaxTime = "42s"
|
||||
|
@ -276,6 +277,7 @@
|
|||
disableDashboardAd = true
|
||||
|
||||
[metrics]
|
||||
addInternals = true
|
||||
[metrics.prometheus]
|
||||
buckets = [42.0, 42.0]
|
||||
addEntryPointsLabels = true
|
||||
|
@ -312,24 +314,33 @@
|
|||
[metrics.influxDB2.additionalLabels]
|
||||
name0 = "foobar"
|
||||
name1 = "foobar"
|
||||
[metrics.openTelemetry]
|
||||
address = "foobar"
|
||||
[metrics.otlp]
|
||||
addEntryPointsLabels = true
|
||||
addRoutersLabels = true
|
||||
addServicesLabels = true
|
||||
explicitBoundaries = [42.0, 42.0]
|
||||
insecure = true
|
||||
path = "foobar"
|
||||
pushInterval = "42s"
|
||||
[metrics.openTelemetry.grpc]
|
||||
[metrics.openTelemetry.headers]
|
||||
name0 = "foobar"
|
||||
name1 = "foobar"
|
||||
[metrics.openTelemetry.tls]
|
||||
[metrics.otlp.grpc]
|
||||
endpoint = "foobar"
|
||||
insecure = true
|
||||
[metrics.otlp.grpc.tls]
|
||||
ca = "foobar"
|
||||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
[metrics.otlp.grpc.headers]
|
||||
name0 = "foobar"
|
||||
name1 = "foobar"
|
||||
[metrics.otlp.http]
|
||||
endpoint = "foobar"
|
||||
[metrics.otlp.http.tls]
|
||||
ca = "foobar"
|
||||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
[metrics.otlp.http.headers]
|
||||
name0 = "foobar"
|
||||
name1 = "foobar"
|
||||
|
||||
[ping]
|
||||
entryPoint = "foobar"
|
||||
|
@ -350,6 +361,7 @@
|
|||
filePath = "foobar"
|
||||
format = "foobar"
|
||||
bufferingSize = 42
|
||||
addInternals = true
|
||||
[accessLog.filters]
|
||||
statusCodes = ["foobar", "foobar"]
|
||||
retryAttempts = true
|
||||
|
@ -368,9 +380,7 @@
|
|||
[tracing]
|
||||
serviceName = "foobar"
|
||||
sampleRate = 42.0
|
||||
[tracing.headers]
|
||||
name0 = "foobar"
|
||||
name1 = "foobar"
|
||||
addInternals = true
|
||||
[tracing.globalAttributes]
|
||||
name0 = "foobar"
|
||||
name1 = "foobar"
|
||||
|
@ -383,6 +393,9 @@
|
|||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
[tracing.otlp.grpc.headers]
|
||||
name0 = "foobar"
|
||||
name1 = "foobar"
|
||||
[tracing.otlp.http]
|
||||
endpoint = "foobar"
|
||||
[tracing.otlp.http.tls]
|
||||
|
@ -390,6 +403,9 @@
|
|||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
[tracing.otlp.http.headers]
|
||||
name0 = "foobar"
|
||||
name1 = "foobar"
|
||||
|
||||
[hostResolver]
|
||||
cnameFlattening = true
|
||||
|
@ -453,5 +469,8 @@
|
|||
[experimental.localPlugins.LocalDescriptor1]
|
||||
moduleName = "foobar"
|
||||
|
||||
[core]
|
||||
defaultRuleSyntax = "foobar"
|
||||
|
||||
[spiffe]
|
||||
workloadAPIAddr = "foobar"
|
||||
|
|
|
@ -35,6 +35,7 @@ tcpServersTransport:
|
|||
entryPoints:
|
||||
EntryPoint0:
|
||||
address: foobar
|
||||
reusePort: true
|
||||
asDefault: true
|
||||
transport:
|
||||
lifeCycle:
|
||||
|
@ -307,6 +308,7 @@ api:
|
|||
debug: true
|
||||
disableDashboardAd: true
|
||||
metrics:
|
||||
addInternals: true
|
||||
prometheus:
|
||||
buckets:
|
||||
- 42
|
||||
|
@ -345,26 +347,35 @@ metrics:
|
|||
additionalLabels:
|
||||
name0: foobar
|
||||
name1: foobar
|
||||
openTelemetry:
|
||||
grpc: {}
|
||||
address: foobar
|
||||
otlp:
|
||||
grpc:
|
||||
endpoint: foobar
|
||||
insecure: true
|
||||
tls:
|
||||
ca: foobar
|
||||
cert: foobar
|
||||
key: foobar
|
||||
insecureSkipVerify: true
|
||||
headers:
|
||||
name0: foobar
|
||||
name1: foobar
|
||||
http:
|
||||
endpoint: foobar
|
||||
tls:
|
||||
ca: foobar
|
||||
cert: foobar
|
||||
key: foobar
|
||||
insecureSkipVerify: true
|
||||
headers:
|
||||
name0: foobar
|
||||
name1: foobar
|
||||
addEntryPointsLabels: true
|
||||
addRoutersLabels: true
|
||||
addServicesLabels: true
|
||||
explicitBoundaries:
|
||||
- 42
|
||||
- 42
|
||||
headers:
|
||||
name0: foobar
|
||||
name1: foobar
|
||||
insecure: true
|
||||
path: foobar
|
||||
pushInterval: 42s
|
||||
tls:
|
||||
ca: foobar
|
||||
cert: foobar
|
||||
key: foobar
|
||||
insecureSkipVerify: true
|
||||
ping:
|
||||
entryPoint: foobar
|
||||
manualRouting: true
|
||||
|
@ -398,15 +409,14 @@ accessLog:
|
|||
name0: foobar
|
||||
name1: foobar
|
||||
bufferingSize: 42
|
||||
addInternals: true
|
||||
tracing:
|
||||
serviceName: foobar
|
||||
headers:
|
||||
name0: foobar
|
||||
name1: foobar
|
||||
globalAttributes:
|
||||
name0: foobar
|
||||
name1: foobar
|
||||
sampleRate: 42
|
||||
addInternals: true
|
||||
otlp:
|
||||
grpc:
|
||||
endpoint: foobar
|
||||
|
@ -416,6 +426,9 @@ tracing:
|
|||
cert: foobar
|
||||
key: foobar
|
||||
insecureSkipVerify: true
|
||||
headers:
|
||||
name0: foobar
|
||||
name1: foobar
|
||||
http:
|
||||
endpoint: foobar
|
||||
tls:
|
||||
|
@ -423,6 +436,9 @@ tracing:
|
|||
cert: foobar
|
||||
key: foobar
|
||||
insecureSkipVerify: true
|
||||
headers:
|
||||
name0: foobar
|
||||
name1: foobar
|
||||
hostResolver:
|
||||
cnameFlattening: true
|
||||
resolvConfig: foobar
|
||||
|
@ -486,5 +502,7 @@ experimental:
|
|||
LocalDescriptor1:
|
||||
moduleName: foobar
|
||||
kubernetesGateway: true
|
||||
core:
|
||||
defaultRuleSyntax: foobar
|
||||
spiffe:
|
||||
workloadAPIAddr: foobar
|
||||
|
|
|
@ -233,6 +233,79 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
|
|||
|
||||
Full details for how to specify `address` can be found in [net.Listen](https://golang.org/pkg/net/#Listen) (and [net.Dial](https://golang.org/pkg/net/#Dial)) of the doc for go.
|
||||
|
||||
### ReusePort
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
The `ReusePort` option enables EntryPoints from the same or different processes
|
||||
listening on the same TCP/UDP port by utilizing the `SO_REUSEPORT` socket option.
|
||||
It also allows the kernel to act like a load balancer to distribute incoming
|
||||
connections between entry points.
|
||||
|
||||
For example, you can use it with the [transport.lifeCycle](#lifecycle) to do
|
||||
canary deployments against Traefik itself. Like upgrading Traefik version or
|
||||
reloading the static configuration without any service downtime.
|
||||
|
||||
!!! warning "Supported platforms"
|
||||
|
||||
The `ReusePort` option currently works only on Linux, FreeBSD, OpenBSD and Darwin.
|
||||
It will be ignored on other platforms.
|
||||
|
||||
There is a known bug in the Linux kernel that may cause unintended TCP connection failures when using the `ReusePort` option.
|
||||
For more details, see https://lwn.net/Articles/853637/.
|
||||
|
||||
??? example "Listen on the same port"
|
||||
|
||||
```yaml tab="File (yaml)"
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
reusePort: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[entryPoints.web]
|
||||
address = ":80"
|
||||
reusePort = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--entrypoints.web.address=:80
|
||||
--entrypoints.web.reusePort=true
|
||||
```
|
||||
|
||||
Now it is possible to run multiple Traefik processes with the same EntryPoint configuration.
|
||||
|
||||
??? example "Listen on the same port but bind to a different host"
|
||||
|
||||
```yaml tab="File (yaml)"
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
reusePort: true
|
||||
privateWeb:
|
||||
address: "192.168.1.2:80"
|
||||
reusePort: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[entryPoints.web]
|
||||
address = ":80"
|
||||
reusePort = true
|
||||
[entryPoints.privateWeb]
|
||||
address = "192.168.1.2:80"
|
||||
reusePort = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--entrypoints.web.address=:80
|
||||
--entrypoints.web.reusePort=true
|
||||
--entrypoints.privateWeb.address=192.168.1.2:80
|
||||
--entrypoints.privateWeb.reusePort=true
|
||||
```
|
||||
|
||||
Requests to `192.168.1.2:80` will only be handled by routers that have `privateWeb` as the entry point.
|
||||
|
||||
### AsDefault
|
||||
|
||||
_Optional, Default=false_
|
||||
|
@ -650,7 +723,7 @@ The maximum number of requests Traefik can handle before sending a `Connection:
|
|||
```bash tab="CLI"
|
||||
## Static configuration
|
||||
--entryPoints.name.address=:8888
|
||||
--entryPoints.name.transport.keepAliveRequests=42
|
||||
--entryPoints.name.transport.keepAliveMaxRequests=42
|
||||
```
|
||||
|
||||
#### `keepAliveMaxTime`
|
||||
|
@ -680,7 +753,7 @@ The maximum duration Traefik can handle requests before sending a `Connection: C
|
|||
```bash tab="CLI"
|
||||
## Static configuration
|
||||
--entryPoints.name.address=:8888
|
||||
--entryPoints.name.transport.keepAliveTime=42s
|
||||
--entryPoints.name.transport.keepAliveMaxTime=42s
|
||||
```
|
||||
|
||||
### ProxyProtocol
|
||||
|
|
|
@ -515,6 +515,60 @@ A value of `0` for the priority is ignored: `priority = 0` means that the defaul
|
|||
|
||||
In this configuration, the priority is configured to allow `Router-2` to handle requests with the `foobar.traefik.com` host.
|
||||
|
||||
### RuleSyntax
|
||||
|
||||
In Traefik v3 a new rule syntax has been introduced ([migration guide](../../migration/v2-to-v3.md#router-rule-matchers)).
|
||||
`ruleSyntax` option allows to configure the rule syntax to be used for parsing the rule on a per-router basis.
|
||||
This allows to have heterogeneous router configurations and ease migration.
|
||||
|
||||
??? example "Set rule syntax -- using the [File Provider](../../providers/file.md)"
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
## Dynamic configuration
|
||||
http:
|
||||
routers:
|
||||
Router-v3:
|
||||
rule: HostRegexp(`[a-z]+\\.traefik\\.com`)
|
||||
ruleSyntax: v3
|
||||
Router-v2:
|
||||
rule: HostRegexp(`{subdomain:[a-z]+}.traefik.com`)
|
||||
ruleSyntax: v2
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
## Dynamic configuration
|
||||
[http.routers]
|
||||
[http.routers.Router-v3]
|
||||
rule = "HostRegexp(`[a-z]+\\.traefik\\.com`)"
|
||||
ruleSyntax = v3
|
||||
[http.routers.Router-v2]
|
||||
rule = "HostRegexp(`{subdomain:[a-z]+}.traefik.com`)"
|
||||
ruleSyntax = v2
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes traefik.io/v1alpha1"
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: test.route
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
routes:
|
||||
# route v3
|
||||
- match: HostRegexp(`[a-z]+\\.traefik\\.com`)
|
||||
syntax: v3
|
||||
kind: Rule
|
||||
|
||||
# route v2
|
||||
- match: HostRegexp(`{subdomain:[a-z]+}.traefik.com`)
|
||||
syntax: v2
|
||||
kind: Rule
|
||||
```
|
||||
|
||||
In this configuration, the ruleSyntax is configured to allow `Router-v2` to use v2 syntax,
|
||||
while for `Router-v3` it is configured to use v3 syntax.
|
||||
|
||||
### Middlewares
|
||||
|
||||
You can attach a list of [middlewares](../../middlewares/overview.md) to each HTTP router.
|
||||
|
@ -1161,6 +1215,60 @@ A value of `0` for the priority is ignored: `priority = 0` means that the defaul
|
|||
|
||||
In this configuration, the priority is configured so that `Router-1` will handle requests from `192.168.0.12`.
|
||||
|
||||
### RuleSyntax
|
||||
|
||||
In Traefik v3 a new rule syntax has been introduced ([migration guide](../../migration/v2-to-v3.md#router-rule-matchers)).
|
||||
`ruleSyntax` option allows to configure the rule syntax to be used for parsing the rule on a per-router basis.
|
||||
This allows to have heterogeneous router configurations and ease migration.
|
||||
|
||||
??? example "Set rule syntax -- using the [File Provider](../../providers/file.md)"
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
## Dynamic configuration
|
||||
tcp:
|
||||
routers:
|
||||
Router-v3:
|
||||
rule: ClientIP(`192.168.0.11`) || ClientIP(`192.168.0.12`)
|
||||
ruleSyntax: v3
|
||||
Router-v2:
|
||||
rule: ClientIP(`192.168.0.11`, `192.168.0.12`)
|
||||
ruleSyntax: v2
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
## Dynamic configuration
|
||||
[tcp.routers]
|
||||
[tcp.routers.Router-v3]
|
||||
rule = "ClientIP(`192.168.0.11`) || ClientIP(`192.168.0.12`)"
|
||||
ruleSyntax = v3
|
||||
[tcp.routers.Router-v2]
|
||||
rule = "ClientIP(`192.168.0.11`, `192.168.0.12`)"
|
||||
ruleSyntax = v2
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes traefik.io/v1alpha1"
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: test.route
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
routes:
|
||||
# route v3
|
||||
- match: ClientIP(`192.168.0.11`) || ClientIP(`192.168.0.12`)
|
||||
syntax: v3
|
||||
kind: Rule
|
||||
|
||||
# route v2
|
||||
- match: ClientIP(`192.168.0.11`, `192.168.0.12`)
|
||||
syntax: v2
|
||||
kind: Rule
|
||||
```
|
||||
|
||||
In this configuration, the ruleSyntax is configured to allow `Router-v2` to use v2 syntax,
|
||||
while for `Router-v3` it is configured to use v3 syntax.
|
||||
|
||||
### Middlewares
|
||||
|
||||
You can attach a list of [middlewares](../../middlewares/overview.md) to each TCP router.
|
||||
|
|
|
@ -143,6 +143,36 @@ The `url` option point to a specific instance.
|
|||
url = "http://private-ip-server-1/"
|
||||
```
|
||||
|
||||
The `weight` option allows for weighted load balancing on the servers.
|
||||
|
||||
??? example "A Service with Two Servers with Weight -- Using the [File Provider](../../providers/file.md)"
|
||||
|
||||
```yaml tab="YAML"
|
||||
## Dynamic configuration
|
||||
http:
|
||||
services:
|
||||
my-service:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "http://private-ip-server-1/"
|
||||
weight: 2
|
||||
- url: "http://private-ip-server-2/"
|
||||
weight: 1
|
||||
|
||||
```
|
||||
|
||||
```toml tab="TOML"
|
||||
## Dynamic configuration
|
||||
[http.services]
|
||||
[http.services.my-service.loadBalancer]
|
||||
[[http.services.my-service.loadBalancer.servers]]
|
||||
url = "http://private-ip-server-1/"
|
||||
weight = 2
|
||||
[[http.services.my-service.loadBalancer.servers]]
|
||||
url = "http://private-ip-server-2/"
|
||||
weight = 1
|
||||
```
|
||||
|
||||
#### Load-balancing
|
||||
|
||||
For now, only round robin load balancing is supported:
|
||||
|
@ -1587,6 +1617,46 @@ Below are the available options for the PROXY protocol:
|
|||
version = 1
|
||||
```
|
||||
|
||||
#### Termination Delay
|
||||
|
||||
!!! warning
|
||||
|
||||
Deprecated in favor of [`serversTransport.terminationDelay`](#terminationdelay).
|
||||
Please note that if any `serversTransport` configuration on the servers load balancer is found,
|
||||
it will take precedence over the servers load balancer `terminationDelay` value,
|
||||
even if the `serversTransport.terminationDelay` is undefined.
|
||||
|
||||
As a proxy between a client and a server, it can happen that either side (e.g. client side) decides to terminate its writing capability on the connection (i.e. issuance of a FIN packet).
|
||||
The proxy needs to propagate that intent to the other side, and so when that happens, it also does the same on its connection with the other side (e.g. backend side).
|
||||
|
||||
However, if for some reason (bad implementation, or malicious intent) the other side does not eventually do the same as well,
|
||||
the connection would stay half-open, which would lock resources for however long.
|
||||
|
||||
To that end, as soon as the proxy enters this termination sequence, it sets a deadline on fully terminating the connections on both sides.
|
||||
|
||||
The termination delay controls that deadline.
|
||||
It is a duration in milliseconds, defaulting to 100.
|
||||
A negative value means an infinite deadline (i.e. the connection is never fully terminated by the proxy itself).
|
||||
|
||||
??? example "A Service with a termination delay -- Using the [File Provider](../../providers/file.md)"
|
||||
|
||||
```yaml tab="YAML"
|
||||
## Dynamic configuration
|
||||
tcp:
|
||||
services:
|
||||
my-service:
|
||||
loadBalancer:
|
||||
terminationDelay: 200
|
||||
```
|
||||
|
||||
```toml tab="TOML"
|
||||
## Dynamic configuration
|
||||
[tcp.services]
|
||||
[tcp.services.my-service.loadBalancer]
|
||||
[[tcp.services.my-service.loadBalancer]]
|
||||
terminationDelay = 200
|
||||
```
|
||||
|
||||
### Weighted Round Robin
|
||||
|
||||
The Weighted Round Robin (alias `WRR`) load-balancer of services is in charge of balancing the requests between multiple services based on provided weights.
|
||||
|
|
|
@ -149,11 +149,16 @@ nav:
|
|||
- 'API': 'operations/api.md'
|
||||
- 'Ping': 'operations/ping.md'
|
||||
- 'Observability':
|
||||
- 'Overview': 'observability/overview.md'
|
||||
- 'Logs': 'observability/logs.md'
|
||||
- 'Access Logs': 'observability/access-logs.md'
|
||||
- 'Metrics':
|
||||
- 'Overview': 'observability/metrics/overview.md'
|
||||
- 'Datadog': 'observability/metrics/datadog.md'
|
||||
- 'InfluxDB2': 'observability/metrics/influxdb2.md'
|
||||
- 'OpenTelemetry': 'observability/metrics/opentelemetry.md'
|
||||
- 'Prometheus': 'observability/metrics/prometheus.md'
|
||||
- 'StatsD': 'observability/metrics/statsd.md'
|
||||
- 'Tracing':
|
||||
- 'Overview': 'observability/tracing/overview.md'
|
||||
- 'OpenTelemetry': 'observability/tracing/opentelemetry.md'
|
||||
|
|
103
go.mod
103
go.mod
|
@ -1,6 +1,6 @@
|
|||
module github.com/traefik/traefik/v3
|
||||
|
||||
go 1.21
|
||||
go 1.22
|
||||
|
||||
require (
|
||||
github.com/BurntSushi/toml v1.3.2
|
||||
|
@ -17,7 +17,7 @@ require (
|
|||
github.com/docker/go-connections v0.4.0
|
||||
github.com/fatih/structs v1.1.0
|
||||
github.com/fsnotify/fsnotify v1.7.0
|
||||
github.com/go-acme/lego/v4 v4.14.0
|
||||
github.com/go-acme/lego/v4 v4.15.0
|
||||
github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea
|
||||
github.com/golang/protobuf v1.5.3
|
||||
github.com/google/go-github/v28 v28.1.1
|
||||
|
@ -26,9 +26,9 @@ require (
|
|||
github.com/hashicorp/consul/api v1.26.1
|
||||
github.com/hashicorp/go-hclog v1.5.0
|
||||
github.com/hashicorp/go-multierror v1.1.1
|
||||
github.com/hashicorp/go-retryablehttp v0.7.4
|
||||
github.com/hashicorp/go-retryablehttp v0.7.5
|
||||
github.com/hashicorp/go-version v1.6.0
|
||||
github.com/hashicorp/nomad/api v0.0.0-20231213195942-64e3dca9274b
|
||||
github.com/hashicorp/nomad/api v0.0.0-20240122103822-8a4bd61caf74
|
||||
github.com/http-wasm/http-wasm-host-go v0.5.2
|
||||
github.com/influxdata/influxdb-client-go/v2 v2.7.0
|
||||
github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d
|
||||
|
@ -39,7 +39,7 @@ require (
|
|||
github.com/kvtools/valkeyrie v1.0.0
|
||||
github.com/kvtools/zookeeper v1.0.2
|
||||
github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f
|
||||
github.com/miekg/dns v1.1.55
|
||||
github.com/miekg/dns v1.1.58
|
||||
github.com/mitchellh/copystructure v1.2.0
|
||||
github.com/mitchellh/hashstructure v1.0.0
|
||||
github.com/mitchellh/mapstructure v1.5.0
|
||||
|
@ -78,19 +78,21 @@ require (
|
|||
go.opentelemetry.io/otel/sdk/metric v1.21.0
|
||||
go.opentelemetry.io/otel/trace v1.21.0
|
||||
golang.org/x/exp v0.0.0-20231006140011-7918f672742d
|
||||
golang.org/x/mod v0.13.0
|
||||
golang.org/x/net v0.17.0
|
||||
golang.org/x/text v0.13.0
|
||||
golang.org/x/time v0.3.0
|
||||
golang.org/x/tools v0.14.0
|
||||
golang.org/x/mod v0.14.0
|
||||
golang.org/x/net v0.20.0
|
||||
golang.org/x/sys v0.16.0
|
||||
golang.org/x/text v0.14.0
|
||||
golang.org/x/time v0.5.0
|
||||
golang.org/x/tools v0.17.0
|
||||
google.golang.org/grpc v1.59.0
|
||||
gopkg.in/yaml.v3 v3.0.1
|
||||
k8s.io/api v0.28.3
|
||||
k8s.io/api v0.28.4
|
||||
k8s.io/apiextensions-apiserver v0.28.3
|
||||
k8s.io/apimachinery v0.28.3
|
||||
k8s.io/client-go v0.28.3
|
||||
k8s.io/apimachinery v0.28.4
|
||||
k8s.io/client-go v0.28.4
|
||||
k8s.io/utils v0.0.0-20230726121419-3b25d923346b
|
||||
mvdan.cc/xurls/v2 v2.5.0
|
||||
sigs.k8s.io/controller-runtime v0.16.3
|
||||
sigs.k8s.io/gateway-api v1.0.0
|
||||
)
|
||||
|
||||
|
@ -107,8 +109,8 @@ require (
|
|||
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.1.0 // indirect
|
||||
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
|
||||
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
|
||||
github.com/Azure/go-autorest/autorest v0.11.27 // indirect
|
||||
github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect
|
||||
github.com/Azure/go-autorest/autorest v0.11.29 // indirect
|
||||
github.com/Azure/go-autorest/autorest/adal v0.9.22 // indirect
|
||||
github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
|
||||
github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect
|
||||
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
|
||||
|
@ -127,26 +129,27 @@ require (
|
|||
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 // indirect
|
||||
github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 // indirect
|
||||
github.com/armon/go-metrics v0.4.1 // indirect
|
||||
github.com/aws/aws-sdk-go-v2 v1.20.3 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/config v1.18.28 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.13.27 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.40 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.34 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.34 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/lightsail v1.27.2 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/route53 v1.28.4 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.19.3 // indirect
|
||||
github.com/aws/smithy-go v1.14.2 // indirect
|
||||
github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/config v1.26.6 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/lightsail v1.34.0 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect
|
||||
github.com/aws/smithy-go v1.19.0 // indirect
|
||||
github.com/beorn7/perks v1.0.1 // indirect
|
||||
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
|
||||
github.com/bytedance/sonic v1.10.0 // indirect
|
||||
github.com/cespare/xxhash/v2 v2.2.0 // indirect
|
||||
github.com/civo/civogo v0.3.11 // indirect
|
||||
github.com/cloudflare/cloudflare-go v0.70.0 // indirect
|
||||
github.com/cloudflare/cloudflare-go v0.86.0 // indirect
|
||||
github.com/containerd/containerd v1.7.11 // indirect
|
||||
github.com/containerd/log v0.1.0 // indirect
|
||||
github.com/coreos/go-semver v0.3.1 // indirect
|
||||
|
@ -162,12 +165,13 @@ require (
|
|||
github.com/docker/go-units v0.5.0 // indirect
|
||||
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
|
||||
github.com/evanphx/json-patch v5.7.0+incompatible // indirect
|
||||
github.com/exoscale/egoscale v0.100.1 // indirect
|
||||
github.com/evanphx/json-patch/v5 v5.7.0 // indirect
|
||||
github.com/exoscale/egoscale v0.102.3 // indirect
|
||||
github.com/fatih/color v1.15.0 // indirect
|
||||
github.com/ghodss/yaml v1.0.0 // indirect
|
||||
github.com/gin-gonic/gin v1.9.1 // indirect
|
||||
github.com/go-errors/errors v1.0.1 // indirect
|
||||
github.com/go-jose/go-jose/v3 v3.0.0 // indirect
|
||||
github.com/go-jose/go-jose/v3 v3.0.1 // indirect
|
||||
github.com/go-logfmt/logfmt v0.5.1 // indirect
|
||||
github.com/go-logr/logr v1.3.0 // indirect
|
||||
github.com/go-logr/stdr v1.2.2 // indirect
|
||||
|
@ -176,9 +180,10 @@ require (
|
|||
github.com/go-openapi/jsonreference v0.20.2 // indirect
|
||||
github.com/go-openapi/swag v0.22.4 // indirect
|
||||
github.com/go-playground/validator/v10 v10.15.1 // indirect
|
||||
github.com/go-resty/resty/v2 v2.7.0 // indirect
|
||||
github.com/go-resty/resty/v2 v2.11.0 // indirect
|
||||
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
|
||||
github.com/go-zookeeper/zk v1.0.3 // indirect
|
||||
github.com/goccy/go-json v0.10.2 // indirect
|
||||
github.com/gofrs/uuid v4.4.0+incompatible // indirect
|
||||
github.com/gogo/protobuf v1.3.2 // indirect
|
||||
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
|
||||
|
@ -218,10 +223,9 @@ require (
|
|||
github.com/kylelemons/godebug v1.1.0 // indirect
|
||||
github.com/labbsr0x/bindman-dns-webhook v1.0.2 // indirect
|
||||
github.com/labbsr0x/goh v1.0.1 // indirect
|
||||
github.com/linode/linodego v1.17.2 // indirect
|
||||
github.com/liquidweb/go-lwApi v0.0.5 // indirect
|
||||
github.com/linode/linodego v1.28.0 // indirect
|
||||
github.com/liquidweb/liquidweb-cli v0.6.9 // indirect
|
||||
github.com/liquidweb/liquidweb-go v1.6.3 // indirect
|
||||
github.com/liquidweb/liquidweb-go v1.6.4 // indirect
|
||||
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
|
||||
github.com/magiconair/properties v1.8.7 // indirect
|
||||
github.com/mailgun/minheap v0.0.0-20170619185613-3dbe6c6bf55f // indirect
|
||||
|
@ -236,6 +240,7 @@ require (
|
|||
github.com/mitchellh/go-ps v1.0.0 // indirect
|
||||
github.com/mitchellh/reflectwalk v1.0.2 // indirect
|
||||
github.com/moby/patternmatcher v0.6.0 // indirect
|
||||
github.com/moby/spdystream v0.2.0 // indirect
|
||||
github.com/moby/sys/sequential v0.5.0 // indirect
|
||||
github.com/moby/term v0.5.0 // indirect
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
|
||||
|
@ -244,22 +249,22 @@ require (
|
|||
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
|
||||
github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 // indirect
|
||||
github.com/nrdcg/auroradns v1.1.0 // indirect
|
||||
github.com/nrdcg/bunny-go v0.0.0-20230728143221-c9dda82568d9 // indirect
|
||||
github.com/nrdcg/desec v0.7.0 // indirect
|
||||
github.com/nrdcg/dnspod-go v0.4.0 // indirect
|
||||
github.com/nrdcg/freemyip v0.2.0 // indirect
|
||||
github.com/nrdcg/goinwx v0.8.2 // indirect
|
||||
github.com/nrdcg/goinwx v0.10.0 // indirect
|
||||
github.com/nrdcg/namesilo v0.2.1 // indirect
|
||||
github.com/nrdcg/nodion v0.1.0 // indirect
|
||||
github.com/nrdcg/porkbun v0.2.0 // indirect
|
||||
github.com/nrdcg/porkbun v0.3.0 // indirect
|
||||
github.com/nzdjb/go-metaname v1.0.0 // indirect
|
||||
github.com/onsi/ginkgo v1.16.5 // indirect
|
||||
github.com/onsi/ginkgo/v2 v2.11.0 // indirect
|
||||
github.com/onsi/gomega v1.27.10 // indirect
|
||||
github.com/opencontainers/go-digest v1.0.0 // indirect
|
||||
github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
|
||||
github.com/opencontainers/runc v1.1.5 // indirect
|
||||
github.com/oracle/oci-go-sdk v24.3.0+incompatible // indirect
|
||||
github.com/ovh/go-ovh v1.4.1 // indirect
|
||||
github.com/ovh/go-ovh v1.4.3 // indirect
|
||||
github.com/pelletier/go-toml/v2 v2.0.9 // indirect
|
||||
github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
|
||||
github.com/pkg/errors v0.9.1 // indirect
|
||||
|
@ -275,13 +280,12 @@ require (
|
|||
github.com/sacloud/go-http v0.1.6 // indirect
|
||||
github.com/sacloud/iaas-api-go v1.11.1 // indirect
|
||||
github.com/sacloud/packages-go v0.0.9 // indirect
|
||||
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.17 // indirect
|
||||
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.22 // indirect
|
||||
github.com/shirou/gopsutil/v3 v3.23.11 // indirect
|
||||
github.com/shoenig/go-m1cpu v0.1.6 // indirect
|
||||
github.com/shopspring/decimal v1.2.0 // indirect
|
||||
github.com/simplesurance/bunny-go v0.0.0-20221115111006-e11d9dc91f04 // indirect
|
||||
github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9 // indirect
|
||||
github.com/softlayer/softlayer-go v1.1.2 // indirect
|
||||
github.com/softlayer/softlayer-go v1.1.3 // indirect
|
||||
github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e // indirect
|
||||
github.com/spf13/cast v1.3.1 // indirect
|
||||
github.com/spf13/pflag v1.0.5 // indirect
|
||||
|
@ -292,8 +296,8 @@ require (
|
|||
github.com/tidwall/pretty v1.2.1 // indirect
|
||||
github.com/tklauser/go-sysconf v0.3.12 // indirect
|
||||
github.com/tklauser/numcpus v0.6.1 // indirect
|
||||
github.com/transip/gotransip/v6 v6.20.0 // indirect
|
||||
github.com/ultradns/ultradns-go-sdk v1.5.0-20230427130837-23c9b0c // indirect
|
||||
github.com/transip/gotransip/v6 v6.23.0 // indirect
|
||||
github.com/ultradns/ultradns-go-sdk v1.6.1-20231103022937-8589b6a // indirect
|
||||
github.com/vinyldns/go-vinyldns v0.9.16 // indirect
|
||||
github.com/vultr/govultr/v2 v2.17.2 // indirect
|
||||
github.com/yandex-cloud/go-genproto v0.0.0-20220805142335-27b56ddae16f // indirect
|
||||
|
@ -311,10 +315,9 @@ require (
|
|||
go.uber.org/ratelimit v0.2.0 // indirect
|
||||
go.uber.org/zap v1.26.0 // indirect
|
||||
golang.org/x/arch v0.4.0 // indirect
|
||||
golang.org/x/crypto v0.14.0 // indirect
|
||||
golang.org/x/oauth2 v0.13.0 // indirect
|
||||
golang.org/x/sys v0.15.0 // indirect
|
||||
golang.org/x/term v0.13.0 // indirect
|
||||
golang.org/x/crypto v0.18.0 // indirect
|
||||
golang.org/x/oauth2 v0.16.0 // indirect
|
||||
golang.org/x/term v0.16.0 // indirect
|
||||
google.golang.org/api v0.128.0 // indirect
|
||||
google.golang.org/appengine v1.6.8 // indirect
|
||||
google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect
|
||||
|
@ -324,7 +327,7 @@ require (
|
|||
gopkg.in/h2non/gock.v1 v1.0.16 // indirect
|
||||
gopkg.in/inf.v0 v0.9.1 // indirect
|
||||
gopkg.in/ini.v1 v1.67.0 // indirect
|
||||
gopkg.in/ns1/ns1-go.v2 v2.7.6 // indirect
|
||||
gopkg.in/ns1/ns1-go.v2 v2.7.13 // indirect
|
||||
gopkg.in/square/go-jose.v2 v2.5.1 // indirect
|
||||
gopkg.in/yaml.v2 v2.4.0 // indirect
|
||||
k8s.io/klog/v2 v2.100.1 // indirect
|
||||
|
|
221
go.sum
221
go.sum
|
@ -42,11 +42,11 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg6
|
|||
github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
|
||||
github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
|
||||
github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc=
|
||||
github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A=
|
||||
github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U=
|
||||
github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw=
|
||||
github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs=
|
||||
github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
|
||||
github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg=
|
||||
github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
|
||||
github.com/Azure/go-autorest/autorest/adal v0.9.22 h1:/GblQdIudfEM3AWWZ0mrYJQSd7JS4S/Mbzh6F0ov0Xc=
|
||||
github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk=
|
||||
github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 h1:wkAZRgT/pn8HhFyzfe9UnqOjJYqlembgCTi72Bm/xKk=
|
||||
github.com/Azure/go-autorest/autorest/azure/auth v0.5.12/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg=
|
||||
github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 h1:0W/yGmFdTIT77fvdlGZ0LMISoLHFJ7Tx4U0yeB+uFs4=
|
||||
|
@ -114,45 +114,44 @@ github.com/armon/go-metrics v0.4.1 h1:hR91U9KYmb6bLBYLQjyM+3j+rcd/UhE+G78SFnF8gJ
|
|||
github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4=
|
||||
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
|
||||
github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
|
||||
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
|
||||
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
|
||||
github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A=
|
||||
github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU=
|
||||
github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
|
||||
github.com/aws/aws-sdk-go v1.44.327 h1:ZS8oO4+7MOBLhkdwIhgtVeDzCeWOlTfKJS7EgggbIEY=
|
||||
github.com/aws/aws-sdk-go v1.44.327/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
|
||||
github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
|
||||
github.com/aws/aws-sdk-go-v2 v1.19.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
|
||||
github.com/aws/aws-sdk-go-v2 v1.20.3 h1:lgeKmAZhlj1JqN43bogrM75spIvYnRxqTAh1iupu1yE=
|
||||
github.com/aws/aws-sdk-go-v2 v1.20.3/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
|
||||
github.com/aws/aws-sdk-go-v2/config v1.18.28 h1:TINEaKyh1Td64tqFvn09iYpKiWjmHYrG1fa91q2gnqw=
|
||||
github.com/aws/aws-sdk-go-v2/config v1.18.28/go.mod h1:nIL+4/8JdAuNHEjn/gPEXqtnS02Q3NXB/9Z7o5xE4+A=
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.13.27 h1:dz0yr/yR1jweAnsCx+BmjerUILVPQ6FS5AwF/OyG1kA=
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.13.27/go.mod h1:syOqAek45ZXZp29HlnRS/BNgMIW6uiRmeuQsz4Qh2UE=
|
||||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 h1:kP3Me6Fy3vdi+9uHd7YLr6ewPxRL+PU6y15urfTaamU=
|
||||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5/go.mod h1:Gj7tm95r+QsDoN2Fhuz/3npQvcZbkEf5mL70n3Xfluc=
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35/go.mod h1:ipR5PvpSPqIqL5Mi82BxLnfMkHVbmco8kUwO2xrCi0M=
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.40 h1:CXceCS9BrDInRc74GDCQ8Qyk/Gp9VLdK+Rlve+zELSE=
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.40/go.mod h1:5kKmFhLeOVy6pwPDpDNA6/hK/d6URC98pqDDqHgdBx4=
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29/go.mod h1:M/eUABlDbw2uVrdAn+UsI6M727qp2fxkp8K0ejcBDUY=
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.34 h1:B+nZtd22cbko5+793hg7LEaTeLMiZwlgCLUrN5Y0uzg=
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.34/go.mod h1:RZP0scceAyhMIQ9JvFp7HvkpcgqjL4l/4C+7RAeGbuM=
|
||||
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 h1:8r5m1BoAWkn0TDC34lUculryf7nUF25EgIMdjvGCkgo=
|
||||
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36/go.mod h1:Rmw2M1hMVTwiUhjwMoIBFWFJMhvJbct06sSidxInkhY=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29/go.mod h1:fDbkK4o7fpPXWn8YAPmTieAMuB9mk/VgvW64uaUqxd4=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.34 h1:JwvXk+1ePAD9xkFHprhHYqwsxLDcbNFsPI1IAT2sPS0=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.34/go.mod h1:ytsF+t+FApY2lFnN51fJKPhH6ICKOPXKEcwwgmJEdWI=
|
||||
github.com/aws/aws-sdk-go-v2/service/lightsail v1.27.2 h1:PwNeYoonBzmTdCztKiiutws3U24KrnDBuabzRfIlZY4=
|
||||
github.com/aws/aws-sdk-go-v2/service/lightsail v1.27.2/go.mod h1:gQhLZrTEath4zik5ixIe6axvgY5jJrgSBDJ360Fxnco=
|
||||
github.com/aws/aws-sdk-go-v2/service/route53 v1.28.4 h1:p4mTxJfCAyiTT4Wp6p/mOPa6j5MqCSRGot8qZwFs+Z0=
|
||||
github.com/aws/aws-sdk-go-v2/service/route53 v1.28.4/go.mod h1:VBLWpaHvhQNeu7N9rMEf00SWeOONb/HvaDUxe/7b44k=
|
||||
github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 h1:sWDv7cMITPcZ21QdreULwxOOAmE05JjEsT6fCDtDA9k=
|
||||
github.com/aws/aws-sdk-go-v2/service/sso v1.12.13/go.mod h1:DfX0sWuT46KpcqbMhJ9QWtxAIP1VozkDWf8VAkByjYY=
|
||||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 h1:BFubHS/xN5bjl818QaroN6mQdjneYQ+AOx44KNXlyH4=
|
||||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13/go.mod h1:BzqsVVFduubEmzrVtUFQQIQdFqvUItF8XUq2EnS8Wog=
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.19.3 h1:e5mnydVdCVWxP+5rPAGi2PYxC7u2OZgH1ypC114H04U=
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.19.3/go.mod h1:yVGZA1CPkmUhBdA039jXNJJG7/6t+G+EBWmFq23xqnY=
|
||||
github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
|
||||
github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ=
|
||||
github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
|
||||
github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU=
|
||||
github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
|
||||
github.com/aws/aws-sdk-go-v2/config v1.26.6 h1:Z/7w9bUqlRI0FFQpetVuFYEsjzE3h7fpU6HuGmfPL/o=
|
||||
github.com/aws/aws-sdk-go-v2/config v1.26.6/go.mod h1:uKU6cnDmYCvJ+pxO9S4cWDb2yWWIH5hra+32hVh1MI4=
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8=
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0=
|
||||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8=
|
||||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y=
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4=
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4=
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw=
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw=
|
||||
github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 h1:n3GDfwqF2tzEkXlv5cuy4iy7LpKDtqDMcNLfZDu9rls=
|
||||
github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino=
|
||||
github.com/aws/aws-sdk-go-v2/service/lightsail v1.34.0 h1:LvWkxBi/bsWHqj3bFTUuDLl4OAlbaM1HDZ9YPhj5+jg=
|
||||
github.com/aws/aws-sdk-go-v2/service/lightsail v1.34.0/go.mod h1:35MKNS46RX7Lb9EIFP2bPy3WrJu+bxU6QgLis8K1aa4=
|
||||
github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0 h1:f3hBZWtpn9clZGXJoqahQeec9ZPZnu22g8pg+zNyif0=
|
||||
github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0/go.mod h1:8qqfpG4mug2JLlEyWPSFhEGvJiaZ9iPmMDDMYc5Xtas=
|
||||
github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow=
|
||||
github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM=
|
||||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA=
|
||||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8=
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0=
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U=
|
||||
github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
|
||||
github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
|
||||
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
|
||||
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
|
||||
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
|
||||
|
@ -197,8 +196,8 @@ github.com/civo/civogo v0.3.11 h1:mON/fyrV946Sbk6paRtOSGsN+asCgCmHCgArf5xmGxM=
|
|||
github.com/civo/civogo v0.3.11/go.mod h1:7+GeeFwc4AYTULaEshpT2vIcl3Qq8HPoxA17viX3l6g=
|
||||
github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE=
|
||||
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
|
||||
github.com/cloudflare/cloudflare-go v0.70.0 h1:4opGbUygM8DjirUuaz23jn3akuAcnOCEx+0nQtQEcFo=
|
||||
github.com/cloudflare/cloudflare-go v0.70.0/go.mod h1:VW6GuazkaZ4xEDkFt24lkXQUsE8q7BiGqDniC2s8WEM=
|
||||
github.com/cloudflare/cloudflare-go v0.86.0 h1:jEKN5VHNYNYtfDL2lUFLTRo+nOVNPFxpXTstVx0rqHI=
|
||||
github.com/cloudflare/cloudflare-go v0.86.0/go.mod h1:wYW/5UP02TUfBToa/yKbQHV+r6h1NnJ1Je7XjuGM4Jw=
|
||||
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
|
||||
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
|
||||
github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
|
||||
|
@ -302,8 +301,10 @@ github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.
|
|||
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
|
||||
github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
|
||||
github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
|
||||
github.com/exoscale/egoscale v0.100.1 h1:iXsV1Ei7daqe/6FYSCSDyrFs1iUG1l1X9qNh2uMw6z0=
|
||||
github.com/exoscale/egoscale v0.100.1/go.mod h1:BAb9p4rmyU+Wl400CJZO5270H2sXtdsZjLcm5xMKkz4=
|
||||
github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc=
|
||||
github.com/evanphx/json-patch/v5 v5.7.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
|
||||
github.com/exoscale/egoscale v0.102.3 h1:DYqN2ipoLKpiFoprRGQkp2av/Ze7sUYYlGhi1N62tfY=
|
||||
github.com/exoscale/egoscale v0.102.3/go.mod h1:RPf2Gah6up+6kAEayHTQwqapzXlm93f0VQas/UEGU5c=
|
||||
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
|
||||
github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
|
||||
github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
|
||||
|
@ -334,15 +335,15 @@ github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwv
|
|||
github.com/gin-gonic/gin v1.7.4/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
|
||||
github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
|
||||
github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
|
||||
github.com/go-acme/lego/v4 v4.14.0 h1:/skZoRHgVh0d2RK7l1g3Ch8HqeqP9LB8ZEjLdGEpcDE=
|
||||
github.com/go-acme/lego/v4 v4.14.0/go.mod h1:zjmvNCDLGz7GrC1OqdVpVmZFKSRabEDtWbdzmcpBsGo=
|
||||
github.com/go-acme/lego/v4 v4.15.0 h1:A7MHEU3b+TDFqhC/HmzMJnzPbyeaYvMZQBbqgvbThhU=
|
||||
github.com/go-acme/lego/v4 v4.15.0/go.mod h1:eeGhjW4zWT7Ccqa3sY7ayEqFLCAICx+mXgkMHKIkLxg=
|
||||
github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs=
|
||||
github.com/go-cmd/cmd v1.0.5/go.mod h1:y8q8qlK5wQibcw63djSl/ntiHUHXHGdCkPk0j4QeW4s=
|
||||
github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w=
|
||||
github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
|
||||
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
|
||||
github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
|
||||
github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
|
||||
github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA=
|
||||
github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
|
||||
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
||||
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
||||
github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea h1:CnEQOUv4ilElSwFB9g/lVmz206oLE4aNZDYngIY1Gvg=
|
||||
|
@ -358,6 +359,8 @@ github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
|
|||
github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
|
||||
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
|
||||
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
|
||||
github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
|
||||
github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA=
|
||||
github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
|
||||
github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
|
||||
github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
|
||||
|
@ -384,8 +387,8 @@ github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn
|
|||
github.com/go-playground/validator/v10 v10.9.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos=
|
||||
github.com/go-playground/validator/v10 v10.15.1 h1:BSe8uhN+xQ4r5guV/ywQI4gO59C2raYcGffYWZEjZzM=
|
||||
github.com/go-playground/validator/v10 v10.15.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
|
||||
github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY=
|
||||
github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I=
|
||||
github.com/go-resty/resty/v2 v2.11.0 h1:i7jMfNOJYMp69lq7qozJP+bjgzfAzeOhuGlyDrqxT/8=
|
||||
github.com/go-resty/resty/v2 v2.11.0/go.mod h1:iiP/OpA0CkcL3IGt1O0+/SIItFUbkkyw5BGXiVdTu+A=
|
||||
github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
|
||||
github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
|
||||
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
|
||||
|
@ -474,7 +477,6 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
|
|||
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
|
||||
github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
|
||||
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
|
@ -563,8 +565,8 @@ github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+
|
|||
github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
|
||||
github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
|
||||
github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
|
||||
github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA=
|
||||
github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
|
||||
github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=
|
||||
github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
|
||||
github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
|
||||
github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
|
||||
github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
|
||||
|
@ -592,8 +594,8 @@ github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/
|
|||
github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
|
||||
github.com/hashicorp/memberlist v0.5.0 h1:EtYPN8DpAURiapus508I4n9CzHs2W+8NZGbmmR/prTM=
|
||||
github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0=
|
||||
github.com/hashicorp/nomad/api v0.0.0-20231213195942-64e3dca9274b h1:R1UDhkwGltpSPY9bCBBxIMQd+NY9BkN0vFHnJo/8o8w=
|
||||
github.com/hashicorp/nomad/api v0.0.0-20231213195942-64e3dca9274b/go.mod h1:ijDwa6o1uG1jFSq6kERiX2PamKGpZzTmo0XOFNeFZgw=
|
||||
github.com/hashicorp/nomad/api v0.0.0-20240122103822-8a4bd61caf74 h1:Q+WuGTnZkL2cJ7yNsg4Go4GNnRkcahGLiQP/WD41TTA=
|
||||
github.com/hashicorp/nomad/api v0.0.0-20240122103822-8a4bd61caf74/go.mod h1:ijDwa6o1uG1jFSq6kERiX2PamKGpZzTmo0XOFNeFZgw=
|
||||
github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
|
||||
github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY=
|
||||
github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4=
|
||||
|
@ -703,15 +705,13 @@ github.com/lestrrat-go/jwx v1.2.7/go.mod h1:bw24IXWbavc0R2RsOtpXL7RtMyP589yZ1+L7
|
|||
github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
|
||||
github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
|
||||
github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
|
||||
github.com/linode/linodego v1.17.2 h1:b32dj4662PGG5P9qVa6nBezccWdqgukndlMIuPGq1CQ=
|
||||
github.com/linode/linodego v1.17.2/go.mod h1:C2iyT3Vg2O2sPxkWka4XAQ5WSUtm5LmTZ3Adw43Ra7Q=
|
||||
github.com/linode/linodego v1.28.0 h1:lzxxJebsYg5cCWRNDLyL2StW3sfMyAwf/FYfxFjFrlk=
|
||||
github.com/linode/linodego v1.28.0/go.mod h1:5oAsx+uinHtVo6U77nXXXtox7MWzUW6aEkTOKXxA9uo=
|
||||
github.com/liquidweb/go-lwApi v0.0.0-20190605172801-52a4864d2738/go.mod h1:0sYF9rMXb0vlG+4SzdiGMXHheCZxjguMq+Zb4S2BfBs=
|
||||
github.com/liquidweb/go-lwApi v0.0.5 h1:CT4cdXzJXmo0bon298kS7NeSk+Gt8/UHpWBBol1NGCA=
|
||||
github.com/liquidweb/go-lwApi v0.0.5/go.mod h1:0sYF9rMXb0vlG+4SzdiGMXHheCZxjguMq+Zb4S2BfBs=
|
||||
github.com/liquidweb/liquidweb-cli v0.6.9 h1:acbIvdRauiwbxIsOCEMXGwF75aSJDbDiyAWPjVnwoYM=
|
||||
github.com/liquidweb/liquidweb-cli v0.6.9/go.mod h1:cE1uvQ+x24NGUL75D0QagOFCG8Wdvmwu8aL9TLmA/eQ=
|
||||
github.com/liquidweb/liquidweb-go v1.6.3 h1:NVHvcnX3eb3BltiIoA+gLYn15nOpkYkdizOEYGSKrk4=
|
||||
github.com/liquidweb/liquidweb-go v1.6.3/go.mod h1:SuXXp+thr28LnjEw18AYtWwIbWMHSUiajPQs8T9c/Rc=
|
||||
github.com/liquidweb/liquidweb-go v1.6.4 h1:6S0m3hHSpiLqGD7AFSb7lH/W/qr1wx+tKil9fgIbjMc=
|
||||
github.com/liquidweb/liquidweb-go v1.6.4/go.mod h1:B934JPIIcdA+uTq2Nz5PgOtG6CuCaEvQKe/Ge/5GgZ4=
|
||||
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4=
|
||||
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
|
||||
github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
|
||||
|
@ -765,8 +765,8 @@ github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3N
|
|||
github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
|
||||
github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
|
||||
github.com/miekg/dns v1.1.47/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
|
||||
github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
|
||||
github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
|
||||
github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4=
|
||||
github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY=
|
||||
github.com/mimuret/golang-iij-dpf v0.9.1 h1:Gj6EhHJkOhr+q2RnvRPJsPMcjuVnWPSccEHyoEehU34=
|
||||
github.com/mimuret/golang-iij-dpf v0.9.1/go.mod h1:sl9KyOkESib9+KRD3HaGpgi1xk7eoN2+d96LCLsME2M=
|
||||
github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
|
||||
|
@ -796,6 +796,8 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx
|
|||
github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
|
||||
github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk=
|
||||
github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
|
||||
github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
|
||||
github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
|
||||
github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
|
||||
github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=
|
||||
github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo=
|
||||
|
@ -831,20 +833,22 @@ github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uY
|
|||
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
|
||||
github.com/nrdcg/auroradns v1.1.0 h1:KekGh8kmf2MNwqZVVYo/fw/ZONt8QMEmbMFOeljteWo=
|
||||
github.com/nrdcg/auroradns v1.1.0/go.mod h1:O7tViUZbAcnykVnrGkXzIJTHoQCHcgalgAe6X1mzHfk=
|
||||
github.com/nrdcg/bunny-go v0.0.0-20230728143221-c9dda82568d9 h1:qpB3wZR4+MPK92cTC9zZPnndkJgDgPvQqPUAgVc1NXU=
|
||||
github.com/nrdcg/bunny-go v0.0.0-20230728143221-c9dda82568d9/go.mod h1:HUoHXDrFvidN1NK9Wb/mZKNOfDNutKkzF2Pg71M9hHA=
|
||||
github.com/nrdcg/desec v0.7.0 h1:iuGhi4pstF3+vJWwt292Oqe2+AsSPKDynQna/eu1fDs=
|
||||
github.com/nrdcg/desec v0.7.0/go.mod h1:e1uRqqKv1mJdd5+SQROAhmy75lKMphLzWIuASLkpeFY=
|
||||
github.com/nrdcg/dnspod-go v0.4.0 h1:c/jn1mLZNKF3/osJ6mz3QPxTudvPArXTjpkmYj0uK6U=
|
||||
github.com/nrdcg/dnspod-go v0.4.0/go.mod h1:vZSoFSFeQVm2gWLMkyX61LZ8HI3BaqtHZWgPTGKr6KQ=
|
||||
github.com/nrdcg/freemyip v0.2.0 h1:/GscavT4GVqAY13HExl5UyoB4wlchv6Cg5NYDGsUoJ8=
|
||||
github.com/nrdcg/freemyip v0.2.0/go.mod h1:HjF0Yz0lSb37HD2ihIyGz9esyGcxbCrrGFLPpKevbx4=
|
||||
github.com/nrdcg/goinwx v0.8.2 h1:RmjiHlEA+lzi3toXyPSaE6hWnBQ0+G+1u7w8C6Fpp4g=
|
||||
github.com/nrdcg/goinwx v0.8.2/go.mod h1:mnMSTi7CXBu2io4DzdOBoGFA1XclD0sEPWJaDhNgkA4=
|
||||
github.com/nrdcg/goinwx v0.10.0 h1:6W630bjDxQD6OuXKqrFRYVpTt0G/9GXXm3CeOrN0zJM=
|
||||
github.com/nrdcg/goinwx v0.10.0/go.mod h1:mnMSTi7CXBu2io4DzdOBoGFA1XclD0sEPWJaDhNgkA4=
|
||||
github.com/nrdcg/namesilo v0.2.1 h1:kLjCjsufdW/IlC+iSfAqj0iQGgKjlbUUeDJio5Y6eMg=
|
||||
github.com/nrdcg/namesilo v0.2.1/go.mod h1:lwMvfQTyYq+BbjJd30ylEG4GPSS6PII0Tia4rRpRiyw=
|
||||
github.com/nrdcg/nodion v0.1.0 h1:zLKaqTn2X0aDuBHHfyA1zFgeZfiCpmu/O9DM73okavw=
|
||||
github.com/nrdcg/nodion v0.1.0/go.mod h1:inbuh3neCtIWlMPZHtEpe43TmRXxHV6+hk97iCZicms=
|
||||
github.com/nrdcg/porkbun v0.2.0 h1:ghaqPtIKcffba99epWFkK3VWf6TKJT9WMXMgaTqv95Y=
|
||||
github.com/nrdcg/porkbun v0.2.0/go.mod h1:i0uLMn9ItFsLsSQIAeEu1wQ9/+6EvX1eQw15hulMMRw=
|
||||
github.com/nrdcg/porkbun v0.3.0 h1:jnRV7j2zd3hmh+tSDOGetJyy3+WklaMxbs7HtTTmWMs=
|
||||
github.com/nrdcg/porkbun v0.3.0/go.mod h1:jh1DKz96jGHW+NCdG3AmTbbnQeBlNUz1KeSgeN/cBVw=
|
||||
github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
|
||||
github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
|
||||
github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
|
||||
|
@ -891,8 +895,8 @@ github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnh
|
|||
github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
|
||||
github.com/oracle/oci-go-sdk v24.3.0+incompatible h1:x4mcfb4agelf1O4/1/auGlZ1lr97jXRSSN5MxTgG/zU=
|
||||
github.com/oracle/oci-go-sdk v24.3.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888=
|
||||
github.com/ovh/go-ovh v1.4.1 h1:VBGa5wMyQtTP7Zb+w97zRCh9sLtM/2YKRyy+MEJmWaM=
|
||||
github.com/ovh/go-ovh v1.4.1/go.mod h1:6bL6pPyUT7tBfI0pqOegJgRjgjuO+mOo+MyXd1EEC0M=
|
||||
github.com/ovh/go-ovh v1.4.3 h1:Gs3V823zwTFpzgGLZNI6ILS4rmxZgJwJCz54Er9LwD0=
|
||||
github.com/ovh/go-ovh v1.4.3/go.mod h1:AkPXVtgwB6xlKblMjRKJJmjRp+ogrE7fz2lVgcQY8SY=
|
||||
github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
|
||||
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
|
||||
github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
|
||||
|
@ -995,8 +999,8 @@ github.com/sacloud/iaas-api-go v1.11.1/go.mod h1:uBDSa06F/V0OnoR66jGdbH0PVnCJw+N
|
|||
github.com/sacloud/packages-go v0.0.9 h1:GbinkBLC/eirFhHpLjoDW6JV7+95Rnd2d8RWj7Afeks=
|
||||
github.com/sacloud/packages-go v0.0.9/go.mod h1:k+EEUMF2LlncjbNIJNOqLyZ9wjTESPIWIk1OA7x9j2Q=
|
||||
github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E=
|
||||
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.17 h1:1WuWJu7/e8SqK+uQl7lfk/N/oMZTL2NE/TJsNKRNMc4=
|
||||
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.17/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg=
|
||||
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.22 h1:wJrcTdddKOI8TFxs8cemnhKP2EmKy3yfUKHj3ZdfzYo=
|
||||
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.22/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg=
|
||||
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
|
||||
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
|
||||
github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
|
||||
|
@ -1012,8 +1016,6 @@ github.com/shoenig/test v1.7.0/go.mod h1:UxJ6u/x2v/TNs/LoLxBNJRV9DiwBBKYxXSyczsB
|
|||
github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
|
||||
github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
|
||||
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
|
||||
github.com/simplesurance/bunny-go v0.0.0-20221115111006-e11d9dc91f04 h1:ZTzdx88+AcnjqUfJwnz89UBrMSBQ1NEysg9u5d+dU9c=
|
||||
github.com/simplesurance/bunny-go v0.0.0-20221115111006-e11d9dc91f04/go.mod h1:5KS21fpch8TIMyAUv/qQqTa3GZfBDYgjaZbd2KXKYfg=
|
||||
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
|
||||
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
|
||||
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
|
||||
|
@ -1028,8 +1030,8 @@ github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h
|
|||
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
|
||||
github.com/smartystreets/gunit v1.0.4 h1:tpTjnuH7MLlqhoD21vRoMZbMIi5GmBsAJDFyF67GhZA=
|
||||
github.com/smartystreets/gunit v1.0.4/go.mod h1:EH5qMBab2UclzXUcpR8b93eHsIlp9u+pDQIRp5DZNzQ=
|
||||
github.com/softlayer/softlayer-go v1.1.2 h1:rUSSGCyaxymvTOsaFjwr+cGxA8muw3xg2LSrIMNcN/c=
|
||||
github.com/softlayer/softlayer-go v1.1.2/go.mod h1:hvAbzGH4LRXA6yXY8BNx99yoqZ7urfDdtl9mvBf0G+g=
|
||||
github.com/softlayer/softlayer-go v1.1.3 h1:dfFzt5eOKIAyB/b78fHMyDu5ICx0ZtxL9NRhBlf831A=
|
||||
github.com/softlayer/softlayer-go v1.1.3/go.mod h1:Pc7F57OgUKaAam7TtpqkUeqL7QyKknfiUI4R49h41/U=
|
||||
github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e h1:3OgWYFw7jxCZPcvAg+4R8A50GZ+CCkARF10lxu2qDsQ=
|
||||
github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e/go.mod h1:fKZCUVdirrxrBpwd9wb+lSoVixvpwAu8eHzbQB2tums=
|
||||
github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
|
||||
|
@ -1107,8 +1109,8 @@ github.com/traefik/paerser v0.2.0 h1:zqCLGSXoNlcBd+mzqSCLjon/I6phqIjeJL2xFB2ysgQ
|
|||
github.com/traefik/paerser v0.2.0/go.mod h1:afzaVcgF8A+MpTnPG4wBr4whjanCSYA6vK5RwaYVtRc=
|
||||
github.com/traefik/yaegi v0.15.1 h1:YA5SbaL6HZA0Exh9T/oArRHqGN2HQ+zgmCY7dkoTXu4=
|
||||
github.com/traefik/yaegi v0.15.1/go.mod h1:AVRxhaI2G+nUsaM1zyktzwXn69G3t/AuTDrCiTds9p0=
|
||||
github.com/transip/gotransip/v6 v6.20.0 h1:AuvwyOZ51f2brzMbTqlRy/wmaM3kF7Vx5Wds8xcDflY=
|
||||
github.com/transip/gotransip/v6 v6.20.0/go.mod h1:nzv9eN2tdsUrm5nG5ZX6AugYIU4qgsMwIn2c0EZLk8c=
|
||||
github.com/transip/gotransip/v6 v6.23.0 h1:PsTdjortrEZ8IFFifEryzjVjOy9SgK4ahlnhKBBIQgA=
|
||||
github.com/transip/gotransip/v6 v6.23.0/go.mod h1:nzv9eN2tdsUrm5nG5ZX6AugYIU4qgsMwIn2c0EZLk8c=
|
||||
github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
|
||||
github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
|
||||
github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
|
||||
|
@ -1119,8 +1121,8 @@ github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLY
|
|||
github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw=
|
||||
github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
|
||||
github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
|
||||
github.com/ultradns/ultradns-go-sdk v1.5.0-20230427130837-23c9b0c h1:mKnW6IGLw7uXu6DL6RitufZWcXS6hCnauXRUFof7rKM=
|
||||
github.com/ultradns/ultradns-go-sdk v1.5.0-20230427130837-23c9b0c/go.mod h1:F4UyVEmq4/m5lAmx+GccrxyRCXmnBjzUL09JLTQFp94=
|
||||
github.com/ultradns/ultradns-go-sdk v1.6.1-20231103022937-8589b6a h1:w4PK5/N9kq8PfNxBv8a5t1bqlYRrVT7XzT7iTPTtiPk=
|
||||
github.com/ultradns/ultradns-go-sdk v1.6.1-20231103022937-8589b6a/go.mod h1:Xwz7o+ExFtxR/i0aJDnTXuiccQJlOxDgNe6FsZC4TzQ=
|
||||
github.com/unrolled/render v1.0.2 h1:dGS3EmChQP3yOi1YeFNO/Dx+MbWZhdvhQJTXochM5bs=
|
||||
github.com/unrolled/render v1.0.2/go.mod h1:gN9T0NhL4Bfbwu8ann7Ry/TGHYfosul+J0obPf6NBdM=
|
||||
github.com/unrolled/secure v1.0.9 h1:BWRuEb1vDrBFFDdbCnKkof3gZ35I/bnHGyt0LB0TNyQ=
|
||||
|
@ -1245,9 +1247,12 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
|
|||
golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
|
||||
golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
|
||||
golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
|
||||
golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
|
||||
golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
|
||||
golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
|
||||
golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
|
@ -1278,8 +1283,9 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
|||
golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
|
||||
golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
|
||||
golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
|
||||
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
|
||||
golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
|
||||
golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
|
||||
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
|
@ -1314,20 +1320,22 @@ golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy
|
|||
golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
|
||||
golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
|
||||
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
|
||||
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
|
||||
golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
|
||||
golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
|
||||
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
|
||||
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
|
||||
golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
|
||||
golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
|
||||
golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
|
||||
golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
|
||||
golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ=
|
||||
golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
|
@ -1338,8 +1346,9 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
|
|||
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
|
||||
golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
|
||||
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
|
||||
golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
|
||||
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
|
@ -1416,15 +1425,20 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
|||
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
|
||||
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
|
||||
golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
|
||||
golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
|
||||
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
|
||||
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
|
||||
golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
|
||||
golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
|
||||
golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||
|
@ -1435,16 +1449,20 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
|||
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
|
||||
golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
|
||||
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||
golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
|
||||
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
|
||||
golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
|
||||
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
|
||||
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
|
||||
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
|
||||
golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
|
||||
golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
|
||||
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
|
@ -1479,12 +1497,15 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f
|
|||
golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
||||
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
|
||||
golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
|
||||
golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
|
||||
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
|
||||
golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc=
|
||||
golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
|
||||
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
|
||||
gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
|
||||
gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo=
|
||||
gonum.org/v1/gonum v0.8.2 h1:CCXrcPKiGGotvnN6jfUsKk4rRqm7q09/YbKb5xCEvtM=
|
||||
gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0=
|
||||
|
@ -1588,8 +1609,8 @@ gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
|
|||
gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
|
||||
gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
|
||||
gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
|
||||
gopkg.in/ns1/ns1-go.v2 v2.7.6 h1:mCPl7q0jbIGACXvGBljAuuApmKZo3rRi4tlRIEbMvjA=
|
||||
gopkg.in/ns1/ns1-go.v2 v2.7.6/go.mod h1:GMnKY+ZuoJ+lVLL+78uSTjwTz2jMazq6AfGKQOYhsPk=
|
||||
gopkg.in/ns1/ns1-go.v2 v2.7.13 h1:r07CLALg18f/L1KIK1ZJdbirBV349UtYT1rDWGjnaTk=
|
||||
gopkg.in/ns1/ns1-go.v2 v2.7.13/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
|
||||
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
|
||||
gopkg.in/square/go-jose.v2 v2.4.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
|
||||
gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
|
||||
|
@ -1619,14 +1640,14 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh
|
|||
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
|
||||
k8s.io/api v0.28.3 h1:Gj1HtbSdB4P08C8rs9AR94MfSGpRhJgsS+GF9V26xMM=
|
||||
k8s.io/api v0.28.3/go.mod h1:MRCV/jr1dW87/qJnZ57U5Pak65LGmQVkKTzf3AtKFHc=
|
||||
k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY=
|
||||
k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0=
|
||||
k8s.io/apiextensions-apiserver v0.28.3 h1:Od7DEnhXHnHPZG+W9I97/fSQkVpVPQx2diy+2EtmY08=
|
||||
k8s.io/apiextensions-apiserver v0.28.3/go.mod h1:NE1XJZ4On0hS11aWWJUTNkmVB03j9LM7gJSisbRt8Lc=
|
||||
k8s.io/apimachinery v0.28.3 h1:B1wYx8txOaCQG0HmYF6nbpU8dg6HvA06x5tEffvOe7A=
|
||||
k8s.io/apimachinery v0.28.3/go.mod h1:uQTKmIqs+rAYaq+DFaoD2X7pcjLOqbQX2AOiO0nIpb8=
|
||||
k8s.io/client-go v0.28.3 h1:2OqNb72ZuTZPKCl+4gTKvqao0AMOl9f3o2ijbAj3LI4=
|
||||
k8s.io/client-go v0.28.3/go.mod h1:LTykbBp9gsA7SwqirlCXBWtK0guzfhpoW4qSm7i9dxo=
|
||||
k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8=
|
||||
k8s.io/apimachinery v0.28.4/go.mod h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg=
|
||||
k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY=
|
||||
k8s.io/client-go v0.28.4/go.mod h1:0VDZFpgoZfelyP5Wqu0/r/TRYcLYuJ2U1KEeoaPa1N4=
|
||||
k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
|
||||
k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
|
||||
k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780=
|
||||
|
@ -1640,6 +1661,8 @@ nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0
|
|||
nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
|
||||
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
|
||||
rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
|
||||
sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4=
|
||||
sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0=
|
||||
sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs=
|
||||
sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c=
|
||||
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
|
||||
|
|
|
@ -61,7 +61,7 @@ func (s *AccessLogSuite) TestAccessLog() {
|
|||
ensureWorkingDirectoryIsClean()
|
||||
|
||||
// Start Traefik
|
||||
s.traefikCmd(withConfigFile("fixtures/access_log_config.toml"))
|
||||
s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))
|
||||
|
||||
defer func() {
|
||||
traefikLog, err := os.ReadFile(traefikTestLogFile)
|
||||
|
@ -130,7 +130,7 @@ func (s *AccessLogSuite) TestAccessLogAuthFrontend() {
|
|||
}
|
||||
|
||||
// Start Traefik
|
||||
s.traefikCmd(withConfigFile("fixtures/access_log_config.toml"))
|
||||
s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))
|
||||
|
||||
s.checkStatsForLogFile()
|
||||
|
||||
|
@ -194,7 +194,7 @@ func (s *AccessLogSuite) TestAccessLogDigestAuthMiddleware() {
|
|||
}
|
||||
|
||||
// Start Traefik
|
||||
s.traefikCmd(withConfigFile("fixtures/access_log_config.toml"))
|
||||
s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))
|
||||
|
||||
s.checkStatsForLogFile()
|
||||
|
||||
|
@ -304,7 +304,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendRedirect() {
|
|||
}
|
||||
|
||||
// Start Traefik
|
||||
s.traefikCmd(withConfigFile("fixtures/access_log_config.toml"))
|
||||
s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))
|
||||
|
||||
s.checkStatsForLogFile()
|
||||
|
||||
|
@ -410,7 +410,7 @@ func (s *AccessLogSuite) TestAccessLogRateLimit() {
|
|||
}
|
||||
|
||||
// Start Traefik
|
||||
s.traefikCmd(withConfigFile("fixtures/access_log_config.toml"))
|
||||
s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))
|
||||
|
||||
s.checkStatsForLogFile()
|
||||
|
||||
|
@ -454,7 +454,7 @@ func (s *AccessLogSuite) TestAccessLogBackendNotFound() {
|
|||
}
|
||||
|
||||
// Start Traefik
|
||||
s.traefikCmd(withConfigFile("fixtures/access_log_config.toml"))
|
||||
s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))
|
||||
|
||||
s.waitForTraefik("server1")
|
||||
|
||||
|
@ -494,7 +494,7 @@ func (s *AccessLogSuite) TestAccessLogFrontendAllowlist() {
|
|||
}
|
||||
|
||||
// Start Traefik
|
||||
s.traefikCmd(withConfigFile("fixtures/access_log_config.toml"))
|
||||
s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))
|
||||
|
||||
s.checkStatsForLogFile()
|
||||
|
||||
|
@ -534,7 +534,7 @@ func (s *AccessLogSuite) TestAccessLogAuthFrontendSuccess() {
|
|||
}
|
||||
|
||||
// Start Traefik
|
||||
s.traefikCmd(withConfigFile("fixtures/access_log_config.toml"))
|
||||
s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))
|
||||
|
||||
s.checkStatsForLogFile()
|
||||
|
||||
|
@ -575,7 +575,7 @@ func (s *AccessLogSuite) TestAccessLogPreflightHeadersMiddleware() {
|
|||
}
|
||||
|
||||
// Start Traefik
|
||||
s.traefikCmd(withConfigFile("fixtures/access_log_config.toml"))
|
||||
s.traefikCmd(withConfigFile("fixtures/access_log/access_log_base.toml"))
|
||||
|
||||
s.checkStatsForLogFile()
|
||||
|
||||
|
@ -603,6 +603,56 @@ func (s *AccessLogSuite) TestAccessLogPreflightHeadersMiddleware() {
|
|||
s.checkNoOtherTraefikProblems()
|
||||
}
|
||||
|
||||
func (s *AccessLogSuite) TestAccessLogDisabledForInternals() {
|
||||
ensureWorkingDirectoryIsClean()
|
||||
|
||||
file := s.adaptFile("fixtures/access_log/access_log_ping.toml", struct{}{})
|
||||
|
||||
// Start Traefik.
|
||||
s.traefikCmd(withConfigFile(file))
|
||||
|
||||
defer func() {
|
||||
traefikLog, err := os.ReadFile(traefikTestLogFile)
|
||||
require.NoError(s.T(), err)
|
||||
log.Info().Msg(string(traefikLog))
|
||||
}()
|
||||
|
||||
// waitForTraefik makes at least one call to the rawdata api endpoint,
|
||||
// but the logs for this endpoint are ignored in checkAccessLogOutput.
|
||||
s.waitForTraefik("customPing")
|
||||
|
||||
s.checkStatsForLogFile()
|
||||
|
||||
// Verify Traefik started OK.
|
||||
s.checkTraefikStarted()
|
||||
|
||||
// Make some requests on the internal ping router.
|
||||
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8080/ping", nil)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.HasBody())
|
||||
require.NoError(s.T(), err)
|
||||
err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.HasBody())
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// Make some requests on the custom ping router.
|
||||
req, err = http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/ping", nil)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.HasBody())
|
||||
require.NoError(s.T(), err)
|
||||
err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.HasBody())
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// Verify access.log output as expected.
|
||||
count := s.checkAccessLogOutput()
|
||||
|
||||
require.Equal(s.T(), 0, count)
|
||||
|
||||
// Verify no other Traefik problems.
|
||||
s.checkNoOtherTraefikProblems()
|
||||
}
|
||||
|
||||
func (s *AccessLogSuite) checkNoOtherTraefikProblems() {
|
||||
traefikLog, err := os.ReadFile(traefikTestLogFile)
|
||||
require.NoError(s.T(), err)
|
||||
|
@ -612,6 +662,8 @@ func (s *AccessLogSuite) checkNoOtherTraefikProblems() {
|
|||
}
|
||||
|
||||
func (s *AccessLogSuite) checkAccessLogOutput() int {
|
||||
s.T().Helper()
|
||||
|
||||
lines := s.extractLines()
|
||||
count := 0
|
||||
for i, line := range lines {
|
||||
|
@ -624,6 +676,8 @@ func (s *AccessLogSuite) checkAccessLogOutput() int {
|
|||
}
|
||||
|
||||
func (s *AccessLogSuite) checkAccessLogExactValuesOutput(values []accessLogValue) int {
|
||||
s.T().Helper()
|
||||
|
||||
lines := s.extractLines()
|
||||
count := 0
|
||||
for i, line := range lines {
|
||||
|
@ -641,6 +695,8 @@ func (s *AccessLogSuite) checkAccessLogExactValuesOutput(values []accessLogValue
|
|||
}
|
||||
|
||||
func (s *AccessLogSuite) extractLines() []string {
|
||||
s.T().Helper()
|
||||
|
||||
accessLog, err := os.ReadFile(traefikTestAccessLogFile)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
|
@ -656,6 +712,8 @@ func (s *AccessLogSuite) extractLines() []string {
|
|||
}
|
||||
|
||||
func (s *AccessLogSuite) checkStatsForLogFile() {
|
||||
s.T().Helper()
|
||||
|
||||
err := try.Do(1*time.Second, func() error {
|
||||
if _, errStat := os.Stat(traefikTestLogFile); errStat != nil {
|
||||
return fmt.Errorf("could not get stats for log file: %w", errStat)
|
||||
|
@ -671,6 +729,8 @@ func ensureWorkingDirectoryIsClean() {
|
|||
}
|
||||
|
||||
func (s *AccessLogSuite) checkTraefikStarted() []byte {
|
||||
s.T().Helper()
|
||||
|
||||
traefikLog, err := os.ReadFile(traefikTestLogFile)
|
||||
require.NoError(s.T(), err)
|
||||
if len(traefikLog) > 0 {
|
||||
|
@ -680,6 +740,8 @@ func (s *AccessLogSuite) checkTraefikStarted() []byte {
|
|||
}
|
||||
|
||||
func (s *BaseSuite) CheckAccessLogFormat(line string, i int) {
|
||||
s.T().Helper()
|
||||
|
||||
results, err := accesslog.ParseAccessLog(line)
|
||||
require.NoError(s.T(), err)
|
||||
assert.Len(s.T(), results, 14)
|
||||
|
@ -692,6 +754,8 @@ func (s *BaseSuite) CheckAccessLogFormat(line string, i int) {
|
|||
}
|
||||
|
||||
func (s *AccessLogSuite) checkAccessLogExactValues(line string, i int, v accessLogValue) {
|
||||
s.T().Helper()
|
||||
|
||||
results, err := accesslog.ParseAccessLog(line)
|
||||
require.NoError(s.T(), err)
|
||||
assert.Len(s.T(), results, 14)
|
||||
|
|
|
@ -4,6 +4,7 @@ import (
|
|||
"encoding/json"
|
||||
"io"
|
||||
"net/http"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
|
@ -55,6 +56,56 @@ func (s *DockerSuite) TestSimpleConfiguration() {
|
|||
require.NoError(s.T(), err)
|
||||
}
|
||||
|
||||
func (s *DockerSuite) TestWRRServer() {
|
||||
tempObjects := struct {
|
||||
DockerHost string
|
||||
DefaultRule string
|
||||
}{
|
||||
DockerHost: s.getDockerHost(),
|
||||
DefaultRule: "Host(`{{ normalize .Name }}.docker.localhost`)",
|
||||
}
|
||||
|
||||
file := s.adaptFile("fixtures/docker/simple.toml", tempObjects)
|
||||
|
||||
s.composeUp()
|
||||
|
||||
s.traefikCmd(withConfigFile(file))
|
||||
|
||||
whoami1IP := s.getComposeServiceIP("wrr-server")
|
||||
whoami2IP := s.getComposeServiceIP("wrr-server2")
|
||||
|
||||
// Expected a 404 as we did not configure anything
|
||||
err := try.GetRequest("http://127.0.0.1:8000/", 500*time.Millisecond, try.StatusCodeIs(http.StatusNotFound))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = try.GetRequest("http://127.0.0.1:8080/api/http/services", 1000*time.Millisecond, try.BodyContains("wrr-server"))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
repartition := map[string]int{}
|
||||
for i := 0; i < 4; i++ {
|
||||
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/whoami", nil)
|
||||
req.Host = "my.wrr.host"
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
response, err := http.DefaultClient.Do(req)
|
||||
require.NoError(s.T(), err)
|
||||
assert.Equal(s.T(), http.StatusOK, response.StatusCode)
|
||||
|
||||
body, err := io.ReadAll(response.Body)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
if strings.Contains(string(body), whoami1IP) {
|
||||
repartition[whoami1IP]++
|
||||
}
|
||||
if strings.Contains(string(body), whoami2IP) {
|
||||
repartition[whoami2IP]++
|
||||
}
|
||||
}
|
||||
|
||||
assert.Equal(s.T(), 3, repartition[whoami1IP])
|
||||
assert.Equal(s.T(), 1, repartition[whoami2IP])
|
||||
}
|
||||
|
||||
func (s *DockerSuite) TestDefaultDockerContainers() {
|
||||
tempObjects := struct {
|
||||
DockerHost string
|
||||
|
|
30
integration/fixtures/access_log/access_log_ping.toml
Normal file
30
integration/fixtures/access_log/access_log_ping.toml
Normal file
|
@ -0,0 +1,30 @@
|
|||
[global]
|
||||
checkNewVersion = false
|
||||
sendAnonymousUsage = false
|
||||
|
||||
[log]
|
||||
level = "ERROR"
|
||||
filePath = "traefik.log"
|
||||
|
||||
[accessLog]
|
||||
filePath = "access.log"
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
address = ":8000"
|
||||
|
||||
[api]
|
||||
insecure = true
|
||||
|
||||
[ping]
|
||||
|
||||
[providers]
|
||||
[providers.file]
|
||||
filename = "{{ .SelfFilename }}"
|
||||
|
||||
## dynamic configuration ##
|
||||
[http.routers]
|
||||
[http.routers.customPing]
|
||||
entryPoints = ["web"]
|
||||
rule = "PathPrefix(`/ping`)"
|
||||
service = "ping@internal"
|
File diff suppressed because it is too large
Load diff
21
integration/fixtures/k8s_gateway_conformance.toml
Normal file
21
integration/fixtures/k8s_gateway_conformance.toml
Normal file
|
@ -0,0 +1,21 @@
|
|||
[global]
|
||||
checkNewVersion = false
|
||||
sendAnonymousUsage = false
|
||||
|
||||
[log]
|
||||
level = "DEBUG"
|
||||
noColor = true
|
||||
|
||||
[api]
|
||||
insecure = true
|
||||
|
||||
[experimental]
|
||||
kubernetesGateway = true
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
address = ":80"
|
||||
[entryPoints.websecure]
|
||||
address = ":443"
|
||||
|
||||
[providers.kubernetesGateway]
|
|
@ -19,5 +19,6 @@
|
|||
insecure = true
|
||||
|
||||
[metrics]
|
||||
addInternals = true
|
||||
[metrics.prometheus]
|
||||
buckets = [0.1,0.3,1.2,5.0]
|
||||
|
|
|
@ -9,6 +9,8 @@
|
|||
[api]
|
||||
insecure = true
|
||||
|
||||
[ping]
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
address = ":8000"
|
||||
|
@ -47,6 +49,10 @@
|
|||
Service = "service3"
|
||||
Middlewares = ["retry", "basic-auth"]
|
||||
Rule = "Path(`/auth`)"
|
||||
[http.routers.customPing]
|
||||
entryPoints = ["web"]
|
||||
rule = "PathPrefix(`/ping`)"
|
||||
service = "ping@internal"
|
||||
|
||||
[http.middlewares]
|
||||
[http.middlewares.retry.retry]
|
||||
|
|
41
integration/fixtures/with_default_rule_syntax.toml
Normal file
41
integration/fixtures/with_default_rule_syntax.toml
Normal file
|
@ -0,0 +1,41 @@
|
|||
[global]
|
||||
checkNewVersion = false
|
||||
sendAnonymousUsage = false
|
||||
|
||||
[core]
|
||||
defaultRuleSyntax = "v2"
|
||||
|
||||
[log]
|
||||
level = "DEBUG"
|
||||
noColor = true
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
address = ":8000"
|
||||
|
||||
[api]
|
||||
insecure = true
|
||||
|
||||
[providers.file]
|
||||
filename = "{{ .SelfFilename }}"
|
||||
|
||||
## dynamic configuration ##
|
||||
|
||||
[http.routers]
|
||||
[http.routers.router1]
|
||||
service = "service1"
|
||||
rule = "PathPrefix(`/foo`, `/bar`)"
|
||||
|
||||
[http.routers.router2]
|
||||
service = "service1"
|
||||
rule = "QueryRegexp(`foo`, `bar`)"
|
||||
|
||||
[http.routers.router3]
|
||||
service = "service1"
|
||||
rule = "PathPrefix(`/foo`, `/bar`)"
|
||||
ruleSyntax = "v3"
|
||||
|
||||
[http.services]
|
||||
[http.services.service1]
|
||||
[http.services.service1.loadBalancer]
|
||||
[http.services.service1.loadBalancer.servers]
|
38
integration/fixtures/without_default_rule_syntax.toml
Normal file
38
integration/fixtures/without_default_rule_syntax.toml
Normal file
|
@ -0,0 +1,38 @@
|
|||
[global]
|
||||
checkNewVersion = false
|
||||
sendAnonymousUsage = false
|
||||
|
||||
[log]
|
||||
level = "DEBUG"
|
||||
noColor = true
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
address = ":8000"
|
||||
|
||||
[api]
|
||||
insecure = true
|
||||
|
||||
[providers.file]
|
||||
filename = "{{ .SelfFilename }}"
|
||||
|
||||
## dynamic configuration ##
|
||||
|
||||
[http.routers]
|
||||
[http.routers.router1]
|
||||
service = "service1"
|
||||
rule = "PathPrefix(`/foo`) || PathPrefix(`/bar`)"
|
||||
|
||||
[http.routers.router2]
|
||||
service = "service1"
|
||||
rule = "PathPrefix(`/foo`, `/bar`)"
|
||||
|
||||
[http.routers.router3]
|
||||
service = "service1"
|
||||
rule = "QueryRegexp(`foo`, `bar`)"
|
||||
ruleSyntax = "v2"
|
||||
|
||||
[http.services]
|
||||
[http.services.service1]
|
||||
[http.services.service1.loadBalancer]
|
||||
[http.services.service1.loadBalancer.servers]
|
35
integration/fixtures/wrr_server.toml
Normal file
35
integration/fixtures/wrr_server.toml
Normal file
|
@ -0,0 +1,35 @@
|
|||
[global]
|
||||
checkNewVersion = false
|
||||
sendAnonymousUsage = false
|
||||
|
||||
[api]
|
||||
insecure = true
|
||||
|
||||
[log]
|
||||
level = "DEBUG"
|
||||
noColor = true
|
||||
|
||||
[entryPoints]
|
||||
|
||||
[entryPoints.web]
|
||||
address = ":8000"
|
||||
|
||||
[providers.file]
|
||||
filename = "{{ .SelfFilename }}"
|
||||
|
||||
## dynamic configuration ##
|
||||
|
||||
[http.routers]
|
||||
[http.routers.router]
|
||||
service = "service1"
|
||||
rule = "Path(`/whoami`)"
|
||||
|
||||
[http.services]
|
||||
|
||||
[http.services.service1.loadBalancer]
|
||||
[[http.services.service1.loadBalancer.servers]]
|
||||
url = "{{ .Server1 }}"
|
||||
weight = 3
|
||||
[[http.services.service1.loadBalancer.servers]]
|
||||
url = "{{ .Server2 }}"
|
||||
|
|
@ -35,7 +35,13 @@ import (
|
|||
"gopkg.in/yaml.v3"
|
||||
)
|
||||
|
||||
var showLog = flag.Bool("tlog", false, "always show Traefik logs")
|
||||
var (
|
||||
showLog = flag.Bool("tlog", false, "always show Traefik logs")
|
||||
k8sConformance = flag.Bool("k8sConformance", false, "run K8s Gateway API conformance test")
|
||||
k8sConformanceRunTest = flag.String("k8sConformanceRunTest", "", "run a specific K8s Gateway API conformance test")
|
||||
)
|
||||
|
||||
const tailscaleSecretFilePath = "tailscale.secret"
|
||||
|
||||
type composeConfig struct {
|
||||
Services map[string]composeService `yaml:"services"`
|
||||
|
@ -99,6 +105,11 @@ func (s *BaseSuite) displayTraefikLogFile(path string) {
|
|||
}
|
||||
|
||||
func (s *BaseSuite) SetupSuite() {
|
||||
if isDockerDesktop(context.Background(), s.T()) {
|
||||
_, err := os.Stat(tailscaleSecretFilePath)
|
||||
require.NoError(s.T(), err, "Tailscale need to be configured when running integration tests with Docker Desktop: (https://doc.traefik.io/traefik/v2.11/contributing/building-testing/#testing)")
|
||||
}
|
||||
|
||||
// configure default standard log.
|
||||
stdlog.SetFlags(stdlog.Lshortfile | stdlog.LstdFlags)
|
||||
// TODO
|
||||
|
@ -124,7 +135,7 @@ func (s *BaseSuite) SetupSuite() {
|
|||
s.hostIP = "172.31.42.1"
|
||||
if isDockerDesktop(ctx, s.T()) {
|
||||
s.hostIP = getDockerDesktopHostIP(ctx, s.T())
|
||||
s.setupVPN("tailscale.secret")
|
||||
s.setupVPN(tailscaleSecretFilePath)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
225
integration/k8s_conformance_test.go
Normal file
225
integration/k8s_conformance_test.go
Normal file
|
@ -0,0 +1,225 @@
|
|||
package integration
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/rs/zerolog/log"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/traefik/traefik/v3/integration/try"
|
||||
"github.com/traefik/traefik/v3/pkg/version"
|
||||
"gopkg.in/yaml.v3"
|
||||
ktypes "k8s.io/apimachinery/pkg/types"
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
kclientset "k8s.io/client-go/kubernetes"
|
||||
"k8s.io/client-go/tools/clientcmd"
|
||||
"sigs.k8s.io/controller-runtime/pkg/client"
|
||||
gatev1 "sigs.k8s.io/gateway-api/apis/v1"
|
||||
gatev1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
|
||||
gatev1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1"
|
||||
conformanceV1alpha1 "sigs.k8s.io/gateway-api/conformance/apis/v1alpha1"
|
||||
"sigs.k8s.io/gateway-api/conformance/tests"
|
||||
"sigs.k8s.io/gateway-api/conformance/utils/config"
|
||||
ksuite "sigs.k8s.io/gateway-api/conformance/utils/suite"
|
||||
)
|
||||
|
||||
// K8sConformanceSuite tests suite.
|
||||
type K8sConformanceSuite struct{ BaseSuite }
|
||||
|
||||
func TestK8sConformanceSuite(t *testing.T) {
|
||||
suite.Run(t, new(K8sConformanceSuite))
|
||||
}
|
||||
|
||||
func (s *K8sConformanceSuite) SetupSuite() {
|
||||
s.BaseSuite.SetupSuite()
|
||||
|
||||
s.createComposeProject("k8s")
|
||||
s.composeUp()
|
||||
|
||||
abs, err := filepath.Abs("./fixtures/k8s/config.skip/kubeconfig.yaml")
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = try.Do(60*time.Second, func() error {
|
||||
_, err := os.Stat(abs)
|
||||
return err
|
||||
})
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
data, err := os.ReadFile(abs)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
content := strings.ReplaceAll(string(data), "https://server:6443", fmt.Sprintf("https://%s", net.JoinHostPort(s.getComposeServiceIP("server"), "6443")))
|
||||
|
||||
err = os.WriteFile(abs, []byte(content), 0o644)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = os.Setenv("KUBECONFIG", abs)
|
||||
require.NoError(s.T(), err)
|
||||
}
|
||||
|
||||
func (s *K8sConformanceSuite) TearDownSuite() {
|
||||
s.BaseSuite.TearDownSuite()
|
||||
|
||||
generatedFiles := []string{
|
||||
"./fixtures/k8s/config.skip/kubeconfig.yaml",
|
||||
"./fixtures/k8s/config.skip/k3s.log",
|
||||
"./fixtures/k8s/rolebindings.yaml",
|
||||
"./fixtures/k8s/ccm.yaml",
|
||||
}
|
||||
|
||||
for _, filename := range generatedFiles {
|
||||
if err := os.Remove(filename); err != nil {
|
||||
log.Warn().Err(err).Send()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (s *K8sConformanceSuite) TestK8sGatewayAPIConformance() {
|
||||
if !*k8sConformance {
|
||||
s.T().Skip("Skip because it can take a long time to execute. To enable pass the `k8sConformance` flag.")
|
||||
}
|
||||
|
||||
configFromFlags, err := clientcmd.BuildConfigFromFlags("", os.Getenv("KUBECONFIG"))
|
||||
if err != nil {
|
||||
s.T().Fatal(err)
|
||||
}
|
||||
|
||||
kClient, err := client.New(configFromFlags, client.Options{})
|
||||
if err != nil {
|
||||
s.T().Fatalf("Error initializing Kubernetes client: %v", err)
|
||||
}
|
||||
|
||||
kClientSet, err := kclientset.NewForConfig(configFromFlags)
|
||||
if err != nil {
|
||||
s.T().Fatal(err)
|
||||
}
|
||||
|
||||
err = gatev1alpha2.AddToScheme(kClient.Scheme())
|
||||
require.NoError(s.T(), err)
|
||||
err = gatev1beta1.AddToScheme(kClient.Scheme())
|
||||
require.NoError(s.T(), err)
|
||||
err = gatev1.AddToScheme(kClient.Scheme())
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
s.traefikCmd(withConfigFile("fixtures/k8s_gateway_conformance.toml"))
|
||||
|
||||
// Wait for traefik to start
|
||||
err = try.GetRequest("http://127.0.0.1:8080/api/entrypoints", 10*time.Second, try.BodyContains(`"name":"web"`))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = try.Do(10*time.Second, func() error {
|
||||
gwc := &gatev1.GatewayClass{}
|
||||
err := kClient.Get(context.Background(), ktypes.NamespacedName{Name: "my-gateway-class"}, gwc)
|
||||
if err != nil {
|
||||
return fmt.Errorf("error fetching GatewayClass: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
opts := ksuite.Options{
|
||||
Client: kClient,
|
||||
RestConfig: configFromFlags,
|
||||
Clientset: kClientSet,
|
||||
GatewayClassName: "my-gateway-class",
|
||||
Debug: true,
|
||||
CleanupBaseResources: true,
|
||||
TimeoutConfig: config.TimeoutConfig{
|
||||
CreateTimeout: 5 * time.Second,
|
||||
DeleteTimeout: 5 * time.Second,
|
||||
GetTimeout: 5 * time.Second,
|
||||
GatewayMustHaveAddress: 5 * time.Second,
|
||||
GatewayMustHaveCondition: 5 * time.Second,
|
||||
GatewayStatusMustHaveListeners: 10 * time.Second,
|
||||
GatewayListenersMustHaveCondition: 5 * time.Second,
|
||||
GWCMustBeAccepted: 60 * time.Second, // Pod creation in k3s cluster can be long.
|
||||
HTTPRouteMustNotHaveParents: 5 * time.Second,
|
||||
HTTPRouteMustHaveCondition: 5 * time.Second,
|
||||
TLSRouteMustHaveCondition: 5 * time.Second,
|
||||
RouteMustHaveParents: 5 * time.Second,
|
||||
ManifestFetchTimeout: 5 * time.Second,
|
||||
MaxTimeToConsistency: 5 * time.Second,
|
||||
NamespacesMustBeReady: 60 * time.Second, // Pod creation in k3s cluster can be long.
|
||||
RequestTimeout: 5 * time.Second,
|
||||
LatestObservedGenerationSet: 5 * time.Second,
|
||||
RequiredConsecutiveSuccesses: 0,
|
||||
},
|
||||
SupportedFeatures: sets.New[ksuite.SupportedFeature]().
|
||||
Insert(ksuite.GatewayCoreFeatures.UnsortedList()...).
|
||||
Insert(ksuite.ReferenceGrantCoreFeatures.UnsortedList()...),
|
||||
EnableAllSupportedFeatures: false,
|
||||
RunTest: *k8sConformanceRunTest,
|
||||
// Until the feature are all supported, following tests are skipped.
|
||||
SkipTests: []string{
|
||||
"HTTPExactPathMatching",
|
||||
"HTTPRouteHostnameIntersection",
|
||||
"HTTPRouteListenerHostnameMatching",
|
||||
"HTTPRouteRequestHeaderModifier",
|
||||
"GatewayClassObservedGenerationBump",
|
||||
"HTTPRouteInvalidNonExistentBackendRef",
|
||||
"GatewayWithAttachedRoutes",
|
||||
"HTTPRouteCrossNamespace",
|
||||
"HTTPRouteDisallowedKind",
|
||||
"HTTPRouteInvalidReferenceGrant",
|
||||
"HTTPRouteObservedGenerationBump",
|
||||
"TLSRouteSimpleSameNamespace",
|
||||
"TLSRouteInvalidReferenceGrant",
|
||||
"HTTPRouteInvalidCrossNamespaceParentRef",
|
||||
"HTTPRouteInvalidParentRefNotMatchingSectionName",
|
||||
"GatewayModifyListeners",
|
||||
"GatewayInvalidTLSConfiguration",
|
||||
"HTTPRouteInvalidCrossNamespaceBackendRef",
|
||||
"HTTPRouteMatchingAcrossRoutes",
|
||||
"HTTPRoutePartiallyInvalidViaInvalidReferenceGrant",
|
||||
"HTTPRouteRedirectHostAndStatus",
|
||||
"HTTPRouteInvalidBackendRefUnknownKind",
|
||||
"HTTPRoutePathMatchOrder",
|
||||
"HTTPRouteSimpleSameNamespace",
|
||||
"HTTPRouteMatching",
|
||||
"HTTPRouteHeaderMatching",
|
||||
"HTTPRouteReferenceGrant",
|
||||
},
|
||||
}
|
||||
|
||||
cSuite, err := ksuite.NewExperimentalConformanceTestSuite(ksuite.ExperimentalConformanceOptions{
|
||||
Options: opts,
|
||||
Implementation: conformanceV1alpha1.Implementation{
|
||||
Organization: "traefik",
|
||||
Project: "traefik",
|
||||
URL: "https://traefik.io/",
|
||||
Version: version.Version,
|
||||
Contact: []string{"@traefik/maintainers"},
|
||||
},
|
||||
ConformanceProfiles: sets.New[ksuite.ConformanceProfileName](
|
||||
ksuite.HTTPConformanceProfileName,
|
||||
ksuite.TLSConformanceProfileName,
|
||||
),
|
||||
})
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
cSuite.Setup(s.T())
|
||||
err = cSuite.Run(s.T(), tests.ConformanceTests)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
report, err := cSuite.Report()
|
||||
require.NoError(s.T(), err, "failed generating conformance report")
|
||||
|
||||
report.GatewayAPIVersion = "1.0.0"
|
||||
|
||||
rawReport, err := yaml.Marshal(report)
|
||||
require.NoError(s.T(), err)
|
||||
s.T().Logf("Conformance report:\n%s", string(rawReport))
|
||||
|
||||
require.NoError(s.T(), os.MkdirAll("./conformance-reports", 0o755))
|
||||
outFile := filepath.Join("conformance-reports", fmt.Sprintf("traefik-traefik-%d.yaml", time.Now().UnixNano()))
|
||||
require.NoError(s.T(), os.WriteFile(outFile, rawReport, 0o600))
|
||||
s.T().Logf("Report written to: %s", outFile)
|
||||
}
|
|
@ -57,7 +57,7 @@ func (s *LogRotationSuite) TearDownSuite() {
|
|||
|
||||
func (s *LogRotationSuite) TestAccessLogRotation() {
|
||||
// Start Traefik
|
||||
cmd, _ := s.cmdTraefik(withConfigFile("fixtures/access_log_config.toml"))
|
||||
cmd, _ := s.cmdTraefik(withConfigFile("fixtures/access_log/access_log_base.toml"))
|
||||
defer s.displayTraefikLogFile(traefikTestLogFile)
|
||||
|
||||
// Verify Traefik started ok
|
||||
|
|
|
@ -36,3 +36,14 @@ services:
|
|||
labels:
|
||||
traefik.http.Routers.Super.Rule: Host(`my.super.host`)
|
||||
traefik.http.Services.powpow.LoadBalancer.server.Port: 2375
|
||||
|
||||
wrr-server:
|
||||
image: traefik/whoami
|
||||
labels:
|
||||
traefik.http.Routers.wrr-server.Rule: Host(`my.wrr.host`)
|
||||
traefik.http.Services.wrr-server.LoadBalancer.server.Weight: 4
|
||||
wrr-server2:
|
||||
image: traefik/whoami
|
||||
labels:
|
||||
traefik.http.Routers.wrr-server.Rule: Host(`my.wrr.host`)
|
||||
traefik.http.Services.wrr-server.LoadBalancer.server.Weight: 1
|
||||
|
|
|
@ -287,6 +287,10 @@ func (s *SimpleSuite) TestMetricsPrometheusDefaultEntryPoint() {
|
|||
|
||||
err = try.GetRequest("http://127.0.0.1:8080/metrics", 1*time.Second, try.BodyContains("_service_"))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// No metrics for internals.
|
||||
err = try.GetRequest("http://127.0.0.1:8080/metrics", 1*time.Second, try.BodyNotContains("router=\"api@internal\"", "service=\"api@internal\""))
|
||||
require.NoError(s.T(), err)
|
||||
}
|
||||
|
||||
func (s *SimpleSuite) TestMetricsPrometheusTwoRoutersOneService() {
|
||||
|
@ -659,6 +663,66 @@ func (s *SimpleSuite) TestSimpleConfigurationHostRequestTrailingPeriod() {
|
|||
}
|
||||
}
|
||||
|
||||
func (s *SimpleSuite) TestWithDefaultRuleSyntax() {
|
||||
file := s.adaptFile("fixtures/with_default_rule_syntax.toml", struct{}{})
|
||||
|
||||
s.traefikCmd(withConfigFile(file))
|
||||
|
||||
err := try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("PathPrefix"))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// router1 has no error
|
||||
err = try.GetRequest("http://127.0.0.1:8080/api/http/routers/router1@file", 1*time.Second, try.BodyContains(`"status":"enabled"`))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = try.GetRequest("http://127.0.0.1:8000/notfound", 1*time.Second, try.StatusCodeIs(http.StatusNotFound))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = try.GetRequest("http://127.0.0.1:8000/foo", 1*time.Second, try.StatusCodeIs(http.StatusServiceUnavailable))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = try.GetRequest("http://127.0.0.1:8000/bar", 1*time.Second, try.StatusCodeIs(http.StatusServiceUnavailable))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// router2 has an error because it uses the wrong rule syntax (v3 instead of v2)
|
||||
err = try.GetRequest("http://127.0.0.1:8080/api/http/routers/router2@file", 1*time.Second, try.BodyContains("error while parsing rule QueryRegexp(`foo`, `bar`): unsupported function: QueryRegexp"))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// router3 has an error because it uses the wrong rule syntax (v2 instead of v3)
|
||||
err = try.GetRequest("http://127.0.0.1:8080/api/http/routers/router3@file", 1*time.Second, try.BodyContains("error while adding rule PathPrefix: unexpected number of parameters; got 2, expected one of [1]"))
|
||||
require.NoError(s.T(), err)
|
||||
}
|
||||
|
||||
func (s *SimpleSuite) TestWithoutDefaultRuleSyntax() {
|
||||
file := s.adaptFile("fixtures/without_default_rule_syntax.toml", struct{}{})
|
||||
|
||||
s.traefikCmd(withConfigFile(file))
|
||||
|
||||
err := try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("PathPrefix"))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// router1 has no error
|
||||
err = try.GetRequest("http://127.0.0.1:8080/api/http/routers/router1@file", 1*time.Second, try.BodyContains(`"status":"enabled"`))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = try.GetRequest("http://127.0.0.1:8000/notfound", 1*time.Second, try.StatusCodeIs(http.StatusNotFound))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = try.GetRequest("http://127.0.0.1:8000/foo", 1*time.Second, try.StatusCodeIs(http.StatusServiceUnavailable))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = try.GetRequest("http://127.0.0.1:8000/bar", 1*time.Second, try.StatusCodeIs(http.StatusServiceUnavailable))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// router2 has an error because it uses the wrong rule syntax (v3 instead of v2)
|
||||
err = try.GetRequest("http://127.0.0.1:8080/api/http/routers/router2@file", 1*time.Second, try.BodyContains("error while adding rule PathPrefix: unexpected number of parameters; got 2, expected one of [1]"))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// router2 has an error because it uses the wrong rule syntax (v2 instead of v3)
|
||||
err = try.GetRequest("http://127.0.0.1:8080/api/http/routers/router3@file", 1*time.Second, try.BodyContains("error while parsing rule QueryRegexp(`foo`, `bar`): unsupported function: QueryRegexp"))
|
||||
require.NoError(s.T(), err)
|
||||
}
|
||||
|
||||
func (s *SimpleSuite) TestRouterConfigErrors() {
|
||||
file := s.adaptFile("fixtures/router_errors.toml", struct{}{})
|
||||
|
||||
|
@ -749,6 +813,49 @@ func (s *SimpleSuite) TestUDPServiceConfigErrors() {
|
|||
require.NoError(s.T(), err)
|
||||
}
|
||||
|
||||
func (s *SimpleSuite) TestWRRServer() {
|
||||
s.createComposeProject("base")
|
||||
|
||||
s.composeUp()
|
||||
defer s.composeDown()
|
||||
|
||||
whoami1IP := s.getComposeServiceIP("whoami1")
|
||||
whoami2IP := s.getComposeServiceIP("whoami2")
|
||||
|
||||
file := s.adaptFile("fixtures/wrr_server.toml", struct {
|
||||
Server1 string
|
||||
Server2 string
|
||||
}{Server1: "http://" + whoami1IP, Server2: "http://" + whoami2IP})
|
||||
|
||||
s.traefikCmd(withConfigFile(file))
|
||||
|
||||
err := try.GetRequest("http://127.0.0.1:8080/api/http/services", 1000*time.Millisecond, try.BodyContains("service1"))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
repartition := map[string]int{}
|
||||
for i := 0; i < 4; i++ {
|
||||
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/whoami", nil)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
response, err := http.DefaultClient.Do(req)
|
||||
require.NoError(s.T(), err)
|
||||
assert.Equal(s.T(), http.StatusOK, response.StatusCode)
|
||||
|
||||
body, err := io.ReadAll(response.Body)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
if strings.Contains(string(body), whoami1IP) {
|
||||
repartition[whoami1IP]++
|
||||
}
|
||||
if strings.Contains(string(body), whoami2IP) {
|
||||
repartition[whoami2IP]++
|
||||
}
|
||||
}
|
||||
|
||||
assert.Equal(s.T(), 3, repartition[whoami1IP])
|
||||
assert.Equal(s.T(), 1, repartition[whoami2IP])
|
||||
}
|
||||
|
||||
func (s *SimpleSuite) TestWRR() {
|
||||
s.createComposeProject("base")
|
||||
|
||||
|
|
|
@ -302,7 +302,7 @@ func (s *TCPSuite) TestWRR() {
|
|||
time.Sleep(time.Second)
|
||||
}
|
||||
|
||||
assert.EqualValues(s.T(), call, map[string]int{"whoami-b": 3, "whoami-ab": 1})
|
||||
assert.EqualValues(s.T(), map[string]int{"whoami-b": 3, "whoami-ab": 1}, call)
|
||||
}
|
||||
|
||||
func welcome(addr string) (string, error) {
|
||||
|
@ -404,7 +404,6 @@ func guessWhoTLSPassthrough(addr, serverName string) (string, error) {
|
|||
return fmt.Errorf("tls: no valid certificate for serverName %s", serverName)
|
||||
},
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
|
5
integration/testdata/rawdata-gateway.json
vendored
5
integration/testdata/rawdata-gateway.json
vendored
|
@ -34,6 +34,7 @@
|
|||
],
|
||||
"service": "default-http-app-1-my-gateway-web-1c0cf64bde37d9d0df06-wrr",
|
||||
"rule": "Host(`foo.com`) \u0026\u0026 Path(`/bar`)",
|
||||
"ruleSyntax": "v3",
|
||||
"priority": 31,
|
||||
"status": "enabled",
|
||||
"using": [
|
||||
|
@ -46,6 +47,7 @@
|
|||
],
|
||||
"service": "default-http-app-1-my-https-gateway-websecure-1c0cf64bde37d9d0df06-wrr",
|
||||
"rule": "Host(`foo.com`) \u0026\u0026 Path(`/bar`)",
|
||||
"ruleSyntax": "v3",
|
||||
"priority": 31,
|
||||
"tls": {},
|
||||
"status": "enabled",
|
||||
|
@ -152,6 +154,7 @@
|
|||
],
|
||||
"service": "default-tcp-app-1-my-tcp-gateway-footcp-e3b0c44298fc1c149afb-wrr-0",
|
||||
"rule": "HostSNI(`*`)",
|
||||
"ruleSyntax": "v3",
|
||||
"priority": -1,
|
||||
"status": "enabled",
|
||||
"using": [
|
||||
|
@ -164,6 +167,7 @@
|
|||
],
|
||||
"service": "default-tcp-app-1-my-tls-gateway-footlsterminate-e3b0c44298fc1c149afb-wrr-0",
|
||||
"rule": "HostSNI(`*`)",
|
||||
"ruleSyntax": "v3",
|
||||
"priority": -1,
|
||||
"tls": {
|
||||
"passthrough": false
|
||||
|
@ -179,6 +183,7 @@
|
|||
],
|
||||
"service": "default-tls-app-1-my-tls-gateway-footlspassthrough-2279fe75c5156dc5eb26-wrr-0",
|
||||
"rule": "HostSNI(`foo.bar`)",
|
||||
"ruleSyntax": "v3",
|
||||
"priority": 18,
|
||||
"tls": {
|
||||
"passthrough": true
|
||||
|
|
|
@ -414,6 +414,67 @@ func (s *TracingSuite) TestOpentelemetryAuth() {
|
|||
s.checkTraceContent(contains)
|
||||
}
|
||||
|
||||
func (s *TracingSuite) TestNoInternals() {
|
||||
file := s.adaptFile("fixtures/tracing/simple-opentelemetry.toml", TracingTemplate{
|
||||
WhoamiIP: s.whoamiIP,
|
||||
WhoamiPort: s.whoamiPort,
|
||||
IP: s.otelCollectorIP,
|
||||
IsHTTP: true,
|
||||
})
|
||||
|
||||
s.traefikCmd(withConfigFile(file))
|
||||
|
||||
// wait for traefik
|
||||
err := try.GetRequest("http://127.0.0.1:8080/api/rawdata", time.Second, try.BodyContains("basic-auth"))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = try.GetRequest("http://127.0.0.1:8000/ratelimit", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = try.GetRequest("http://127.0.0.1:8000/ping", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK))
|
||||
require.NoError(s.T(), err)
|
||||
err = try.GetRequest("http://127.0.0.1:8080/ping", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
baseURL, err := url.Parse("http://" + s.tempoIP + ":3200/api/search")
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
req := &http.Request{
|
||||
Method: http.MethodGet,
|
||||
URL: baseURL,
|
||||
}
|
||||
// Wait for traces to be available.
|
||||
time.Sleep(10 * time.Second)
|
||||
resp, err := try.Response(req, 5*time.Second)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
out := &TraceResponse{}
|
||||
content, err := io.ReadAll(resp.Body)
|
||||
require.NoError(s.T(), err)
|
||||
err = json.Unmarshal(content, &out)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
s.NotEmptyf(len(out.Traces), "expected at least one trace")
|
||||
|
||||
for _, t := range out.Traces {
|
||||
baseURL, err := url.Parse("http://" + s.tempoIP + ":3200/api/traces/" + t.TraceID)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
req := &http.Request{
|
||||
Method: http.MethodGet,
|
||||
URL: baseURL,
|
||||
}
|
||||
|
||||
resp, err := try.Response(req, 5*time.Second)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
content, err := io.ReadAll(resp.Body)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
require.NotContains(s.T(), content, "@internal")
|
||||
}
|
||||
}
|
||||
|
||||
func (s *TracingSuite) checkTraceContent(expectedJSON []map[string]string) {
|
||||
s.T().Helper()
|
||||
|
||||
|
|
|
@ -96,7 +96,7 @@ func (s *UDPSuite) TestWRR() {
|
|||
call["unknown"]++
|
||||
}
|
||||
}
|
||||
assert.EqualValues(s.T(), call, map[string]int{"whoami-a": 3, "whoami-b": 2, "whoami-c": 3})
|
||||
assert.EqualValues(s.T(), map[string]int{"whoami-a": 3, "whoami-b": 2, "whoami-c": 3}, call)
|
||||
close(stop)
|
||||
}()
|
||||
|
||||
|
|
|
@ -76,7 +76,7 @@ func New(staticConfig static.Configuration, runtimeConfig *runtime.Configuration
|
|||
|
||||
// createRouter creates API routes and router.
|
||||
func (h Handler) createRouter() *mux.Router {
|
||||
router := mux.NewRouter()
|
||||
router := mux.NewRouter().UseEncodedPath()
|
||||
|
||||
if h.staticConfig.API.Debug {
|
||||
DebugHandler{}.Append(router)
|
||||
|
|
|
@ -4,6 +4,7 @@ import (
|
|||
"encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"sort"
|
||||
"strconv"
|
||||
|
||||
|
@ -49,7 +50,13 @@ func (h Handler) getEntryPoints(rw http.ResponseWriter, request *http.Request) {
|
|||
}
|
||||
|
||||
func (h Handler) getEntryPoint(rw http.ResponseWriter, request *http.Request) {
|
||||
entryPointID := mux.Vars(request)["entryPointID"]
|
||||
scapedEntryPointID := mux.Vars(request)["entryPointID"]
|
||||
|
||||
entryPointID, err := url.PathUnescape(scapedEntryPointID)
|
||||
if err != nil {
|
||||
writeError(rw, fmt.Sprintf("unable to decode entryPointID %q: %s", scapedEntryPointID, err), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
rw.Header().Set("Content-Type", "application/json")
|
||||
|
||||
|
@ -64,7 +71,7 @@ func (h Handler) getEntryPoint(rw http.ResponseWriter, request *http.Request) {
|
|||
Name: entryPointID,
|
||||
}
|
||||
|
||||
err := json.NewEncoder(rw).Encode(result)
|
||||
err = json.NewEncoder(rw).Encode(result)
|
||||
if err != nil {
|
||||
log.Ctx(request.Context()).Error().Err(err).Send()
|
||||
writeError(rw, err.Error(), http.StatusInternalServerError)
|
||||
|
|
|
@ -6,6 +6,7 @@ import (
|
|||
"io"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"net/url"
|
||||
"os"
|
||||
"strconv"
|
||||
"testing"
|
||||
|
@ -169,6 +170,21 @@ func TestHandler_EntryPoints(t *testing.T) {
|
|||
jsonFile: "testdata/entrypoint-bar.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "one entry point by id containing slash",
|
||||
path: "/api/entrypoints/" + url.PathEscape("foo / bar"),
|
||||
conf: static.Configuration{
|
||||
Global: &static.Global{},
|
||||
API: &static.API{},
|
||||
EntryPoints: map[string]*static.EntryPoint{
|
||||
"foo / bar": {Address: ":81"},
|
||||
},
|
||||
},
|
||||
expected: expected{
|
||||
statusCode: http.StatusOK,
|
||||
jsonFile: "testdata/entrypoint-foo-slash-bar.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "one entry point by id, that does not exist",
|
||||
path: "/api/entrypoints/foo",
|
||||
|
|
|
@ -4,6 +4,7 @@ import (
|
|||
"encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
|
@ -97,7 +98,13 @@ func (h Handler) getRouters(rw http.ResponseWriter, request *http.Request) {
|
|||
}
|
||||
|
||||
func (h Handler) getRouter(rw http.ResponseWriter, request *http.Request) {
|
||||
routerID := mux.Vars(request)["routerID"]
|
||||
scapedRouterID := mux.Vars(request)["routerID"]
|
||||
|
||||
routerID, err := url.PathUnescape(scapedRouterID)
|
||||
if err != nil {
|
||||
writeError(rw, fmt.Sprintf("unable to decode routerID %q: %s", scapedRouterID, err), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
rw.Header().Set("Content-Type", "application/json")
|
||||
|
||||
|
@ -109,7 +116,7 @@ func (h Handler) getRouter(rw http.ResponseWriter, request *http.Request) {
|
|||
|
||||
result := newRouterRepresentation(routerID, router)
|
||||
|
||||
err := json.NewEncoder(rw).Encode(result)
|
||||
err = json.NewEncoder(rw).Encode(result)
|
||||
if err != nil {
|
||||
log.Ctx(request.Context()).Error().Err(err).Send()
|
||||
writeError(rw, err.Error(), http.StatusInternalServerError)
|
||||
|
@ -148,7 +155,13 @@ func (h Handler) getServices(rw http.ResponseWriter, request *http.Request) {
|
|||
}
|
||||
|
||||
func (h Handler) getService(rw http.ResponseWriter, request *http.Request) {
|
||||
serviceID := mux.Vars(request)["serviceID"]
|
||||
scapedServiceID := mux.Vars(request)["serviceID"]
|
||||
|
||||
serviceID, err := url.PathUnescape(scapedServiceID)
|
||||
if err != nil {
|
||||
writeError(rw, fmt.Sprintf("unable to decode serviceID %q: %s", scapedServiceID, err), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
rw.Header().Add("Content-Type", "application/json")
|
||||
|
||||
|
@ -160,7 +173,7 @@ func (h Handler) getService(rw http.ResponseWriter, request *http.Request) {
|
|||
|
||||
result := newServiceRepresentation(serviceID, service)
|
||||
|
||||
err := json.NewEncoder(rw).Encode(result)
|
||||
err = json.NewEncoder(rw).Encode(result)
|
||||
if err != nil {
|
||||
log.Ctx(request.Context()).Error().Err(err).Send()
|
||||
writeError(rw, err.Error(), http.StatusInternalServerError)
|
||||
|
@ -199,7 +212,13 @@ func (h Handler) getMiddlewares(rw http.ResponseWriter, request *http.Request) {
|
|||
}
|
||||
|
||||
func (h Handler) getMiddleware(rw http.ResponseWriter, request *http.Request) {
|
||||
middlewareID := mux.Vars(request)["middlewareID"]
|
||||
scapedMiddlewareID := mux.Vars(request)["middlewareID"]
|
||||
|
||||
middlewareID, err := url.PathUnescape(scapedMiddlewareID)
|
||||
if err != nil {
|
||||
writeError(rw, fmt.Sprintf("unable to decode middlewareID %q: %s", scapedMiddlewareID, err), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
rw.Header().Set("Content-Type", "application/json")
|
||||
|
||||
|
@ -211,7 +230,7 @@ func (h Handler) getMiddleware(rw http.ResponseWriter, request *http.Request) {
|
|||
|
||||
result := newMiddlewareRepresentation(middlewareID, middleware)
|
||||
|
||||
err := json.NewEncoder(rw).Encode(result)
|
||||
err = json.NewEncoder(rw).Encode(result)
|
||||
if err != nil {
|
||||
log.Ctx(request.Context()).Error().Err(err).Send()
|
||||
writeError(rw, err.Error(), http.StatusInternalServerError)
|
||||
|
|
|
@ -7,6 +7,7 @@ import (
|
|||
"io"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"net/url"
|
||||
"os"
|
||||
"strconv"
|
||||
"testing"
|
||||
|
@ -301,6 +302,27 @@ func TestHandler_HTTP(t *testing.T) {
|
|||
jsonFile: "testdata/router-bar.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "one router by id containing slash",
|
||||
path: "/api/http/routers/" + url.PathEscape("foo / bar@myprovider"),
|
||||
conf: runtime.Configuration{
|
||||
Routers: map[string]*runtime.RouterInfo{
|
||||
"foo / bar@myprovider": {
|
||||
Router: &dynamic.Router{
|
||||
EntryPoints: []string{"web"},
|
||||
Service: "foo-service@myprovider",
|
||||
Rule: "Host(`foo.bar`)",
|
||||
Middlewares: []string{"auth", "addPrefixTest@anotherprovider"},
|
||||
},
|
||||
Status: "enabled",
|
||||
},
|
||||
},
|
||||
},
|
||||
expected: expected{
|
||||
statusCode: http.StatusOK,
|
||||
jsonFile: "testdata/router-foo-slash-bar.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "one router by id, implicitly using default TLS options",
|
||||
path: "/api/http/routers/baz@myprovider",
|
||||
|
@ -661,6 +683,35 @@ func TestHandler_HTTP(t *testing.T) {
|
|||
jsonFile: "testdata/service-bar.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "one service by id containing slash",
|
||||
path: "/api/http/services/" + url.PathEscape("foo / bar@myprovider"),
|
||||
conf: runtime.Configuration{
|
||||
Services: map[string]*runtime.ServiceInfo{
|
||||
"foo / bar@myprovider": func() *runtime.ServiceInfo {
|
||||
si := &runtime.ServiceInfo{
|
||||
Service: &dynamic.Service{
|
||||
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||
PassHostHeader: Bool(true),
|
||||
Servers: []dynamic.Server{
|
||||
{
|
||||
URL: "http://127.0.0.1",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
UsedBy: []string{"foo@myprovider", "test@myprovider"},
|
||||
}
|
||||
si.UpdateServerStatus("http://127.0.0.1", "UP")
|
||||
return si
|
||||
}(),
|
||||
},
|
||||
},
|
||||
expected: expected{
|
||||
statusCode: http.StatusOK,
|
||||
jsonFile: "testdata/service-foo-slash-bar.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "one service by id, that does not exist",
|
||||
path: "/api/http/services/nono@myprovider",
|
||||
|
@ -897,6 +948,26 @@ func TestHandler_HTTP(t *testing.T) {
|
|||
jsonFile: "testdata/middleware-auth.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "one middleware by id containing slash",
|
||||
path: "/api/http/middlewares/" + url.PathEscape("foo / bar@myprovider"),
|
||||
conf: runtime.Configuration{
|
||||
Middlewares: map[string]*runtime.MiddlewareInfo{
|
||||
"foo / bar@myprovider": {
|
||||
Middleware: &dynamic.Middleware{
|
||||
AddPrefix: &dynamic.AddPrefix{
|
||||
Prefix: "/titi",
|
||||
},
|
||||
},
|
||||
UsedBy: []string{"test@myprovider"},
|
||||
},
|
||||
},
|
||||
},
|
||||
expected: expected{
|
||||
statusCode: http.StatusOK,
|
||||
jsonFile: "testdata/middleware-foo-slash-bar.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "one middleware by id, that does not exist",
|
||||
path: "/api/http/middlewares/foo@myprovider",
|
||||
|
|
|
@ -4,6 +4,7 @@ import (
|
|||
"encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
|
@ -90,7 +91,13 @@ func (h Handler) getTCPRouters(rw http.ResponseWriter, request *http.Request) {
|
|||
}
|
||||
|
||||
func (h Handler) getTCPRouter(rw http.ResponseWriter, request *http.Request) {
|
||||
routerID := mux.Vars(request)["routerID"]
|
||||
scapedRouterID := mux.Vars(request)["routerID"]
|
||||
|
||||
routerID, err := url.PathUnescape(scapedRouterID)
|
||||
if err != nil {
|
||||
writeError(rw, fmt.Sprintf("unable to decode routerID %q: %s", scapedRouterID, err), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
rw.Header().Set("Content-Type", "application/json")
|
||||
|
||||
|
@ -102,7 +109,7 @@ func (h Handler) getTCPRouter(rw http.ResponseWriter, request *http.Request) {
|
|||
|
||||
result := newTCPRouterRepresentation(routerID, router)
|
||||
|
||||
err := json.NewEncoder(rw).Encode(result)
|
||||
err = json.NewEncoder(rw).Encode(result)
|
||||
if err != nil {
|
||||
log.Ctx(request.Context()).Error().Err(err).Send()
|
||||
writeError(rw, err.Error(), http.StatusInternalServerError)
|
||||
|
@ -141,7 +148,13 @@ func (h Handler) getTCPServices(rw http.ResponseWriter, request *http.Request) {
|
|||
}
|
||||
|
||||
func (h Handler) getTCPService(rw http.ResponseWriter, request *http.Request) {
|
||||
serviceID := mux.Vars(request)["serviceID"]
|
||||
scapedServiceID := mux.Vars(request)["serviceID"]
|
||||
|
||||
serviceID, err := url.PathUnescape(scapedServiceID)
|
||||
if err != nil {
|
||||
writeError(rw, fmt.Sprintf("unable to decode serviceID %q: %s", scapedServiceID, err), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
rw.Header().Set("Content-Type", "application/json")
|
||||
|
||||
|
@ -153,7 +166,7 @@ func (h Handler) getTCPService(rw http.ResponseWriter, request *http.Request) {
|
|||
|
||||
result := newTCPServiceRepresentation(serviceID, service)
|
||||
|
||||
err := json.NewEncoder(rw).Encode(result)
|
||||
err = json.NewEncoder(rw).Encode(result)
|
||||
if err != nil {
|
||||
log.Ctx(request.Context()).Error().Err(err).Send()
|
||||
writeError(rw, err.Error(), http.StatusInternalServerError)
|
||||
|
@ -192,7 +205,13 @@ func (h Handler) getTCPMiddlewares(rw http.ResponseWriter, request *http.Request
|
|||
}
|
||||
|
||||
func (h Handler) getTCPMiddleware(rw http.ResponseWriter, request *http.Request) {
|
||||
middlewareID := mux.Vars(request)["middlewareID"]
|
||||
scapedMiddlewareID := mux.Vars(request)["middlewareID"]
|
||||
|
||||
middlewareID, err := url.PathUnescape(scapedMiddlewareID)
|
||||
if err != nil {
|
||||
writeError(rw, fmt.Sprintf("unable to decode middlewareID %q: %s", scapedMiddlewareID, err), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
rw.Header().Set("Content-Type", "application/json")
|
||||
|
||||
|
@ -204,7 +223,7 @@ func (h Handler) getTCPMiddleware(rw http.ResponseWriter, request *http.Request)
|
|||
|
||||
result := newTCPMiddlewareRepresentation(middlewareID, middleware)
|
||||
|
||||
err := json.NewEncoder(rw).Encode(result)
|
||||
err = json.NewEncoder(rw).Encode(result)
|
||||
if err != nil {
|
||||
log.Ctx(request.Context()).Error().Err(err).Send()
|
||||
writeError(rw, err.Error(), http.StatusInternalServerError)
|
||||
|
|
|
@ -6,6 +6,7 @@ import (
|
|||
"io"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"net/url"
|
||||
"os"
|
||||
"testing"
|
||||
|
||||
|
@ -295,6 +296,25 @@ func TestHandler_TCP(t *testing.T) {
|
|||
jsonFile: "testdata/tcprouter-bar.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "one TCP router by id containing slash",
|
||||
path: "/api/tcp/routers/" + url.PathEscape("foo / bar@myprovider"),
|
||||
conf: runtime.Configuration{
|
||||
TCPRouters: map[string]*runtime.TCPRouterInfo{
|
||||
"foo / bar@myprovider": {
|
||||
TCPRouter: &dynamic.TCPRouter{
|
||||
EntryPoints: []string{"web"},
|
||||
Service: "foo-service@myprovider",
|
||||
Rule: "Host(`foo.bar`)",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expected: expected{
|
||||
statusCode: http.StatusOK,
|
||||
jsonFile: "testdata/tcprouter-foo-slash-bar.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "one TCP router by id, that does not exist",
|
||||
path: "/api/tcp/routers/foo@myprovider",
|
||||
|
@ -559,6 +579,30 @@ func TestHandler_TCP(t *testing.T) {
|
|||
jsonFile: "testdata/tcpservice-bar.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "one tcp service by id containing slash",
|
||||
path: "/api/tcp/services/" + url.PathEscape("foo / bar@myprovider"),
|
||||
conf: runtime.Configuration{
|
||||
TCPServices: map[string]*runtime.TCPServiceInfo{
|
||||
"foo / bar@myprovider": {
|
||||
TCPService: &dynamic.TCPService{
|
||||
LoadBalancer: &dynamic.TCPServersLoadBalancer{
|
||||
Servers: []dynamic.TCPServer{
|
||||
{
|
||||
Address: "127.0.0.1:2345",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
UsedBy: []string{"foo@myprovider", "test@myprovider"},
|
||||
},
|
||||
},
|
||||
},
|
||||
expected: expected{
|
||||
statusCode: http.StatusOK,
|
||||
jsonFile: "testdata/tcpservice-foo-slash-bar.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "one tcp service by id, that does not exist",
|
||||
path: "/api/tcp/services/nono@myprovider",
|
||||
|
@ -780,6 +824,26 @@ func TestHandler_TCP(t *testing.T) {
|
|||
jsonFile: "testdata/tcpmiddleware-ipallowlist.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "one middleware by id containing slash",
|
||||
path: "/api/tcp/middlewares/" + url.PathEscape("foo / bar@myprovider"),
|
||||
conf: runtime.Configuration{
|
||||
TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{
|
||||
"foo / bar@myprovider": {
|
||||
TCPMiddleware: &dynamic.TCPMiddleware{
|
||||
IPWhiteList: &dynamic.TCPIPWhiteList{
|
||||
SourceRange: []string{"127.0.0.1/32"},
|
||||
},
|
||||
},
|
||||
UsedBy: []string{"bar@myprovider", "test@myprovider"},
|
||||
},
|
||||
},
|
||||
},
|
||||
expected: expected{
|
||||
statusCode: http.StatusOK,
|
||||
jsonFile: "testdata/tcpmiddleware-foo-slash-bar.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "one middleware by id, that does not exist",
|
||||
path: "/api/tcp/middlewares/foo@myprovider",
|
||||
|
|
|
@ -4,6 +4,7 @@ import (
|
|||
"encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
|
@ -74,7 +75,13 @@ func (h Handler) getUDPRouters(rw http.ResponseWriter, request *http.Request) {
|
|||
}
|
||||
|
||||
func (h Handler) getUDPRouter(rw http.ResponseWriter, request *http.Request) {
|
||||
routerID := mux.Vars(request)["routerID"]
|
||||
scapedRouterID := mux.Vars(request)["routerID"]
|
||||
|
||||
routerID, err := url.PathUnescape(scapedRouterID)
|
||||
if err != nil {
|
||||
writeError(rw, fmt.Sprintf("unable to decode routerID %q: %s", scapedRouterID, err), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
rw.Header().Set("Content-Type", "application/json")
|
||||
|
||||
|
@ -86,7 +93,7 @@ func (h Handler) getUDPRouter(rw http.ResponseWriter, request *http.Request) {
|
|||
|
||||
result := newUDPRouterRepresentation(routerID, router)
|
||||
|
||||
err := json.NewEncoder(rw).Encode(result)
|
||||
err = json.NewEncoder(rw).Encode(result)
|
||||
if err != nil {
|
||||
log.Ctx(request.Context()).Error().Err(err).Send()
|
||||
writeError(rw, err.Error(), http.StatusInternalServerError)
|
||||
|
@ -125,7 +132,13 @@ func (h Handler) getUDPServices(rw http.ResponseWriter, request *http.Request) {
|
|||
}
|
||||
|
||||
func (h Handler) getUDPService(rw http.ResponseWriter, request *http.Request) {
|
||||
serviceID := mux.Vars(request)["serviceID"]
|
||||
scapedServiceID := mux.Vars(request)["serviceID"]
|
||||
|
||||
serviceID, err := url.PathUnescape(scapedServiceID)
|
||||
if err != nil {
|
||||
writeError(rw, fmt.Sprintf("unable to decode serviceID %q: %s", scapedServiceID, err), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
rw.Header().Set("Content-Type", "application/json")
|
||||
|
||||
|
@ -137,7 +150,7 @@ func (h Handler) getUDPService(rw http.ResponseWriter, request *http.Request) {
|
|||
|
||||
result := newUDPServiceRepresentation(serviceID, service)
|
||||
|
||||
err := json.NewEncoder(rw).Encode(result)
|
||||
err = json.NewEncoder(rw).Encode(result)
|
||||
if err != nil {
|
||||
log.Ctx(request.Context()).Error().Err(err).Send()
|
||||
writeError(rw, err.Error(), http.StatusInternalServerError)
|
||||
|
|
|
@ -6,6 +6,7 @@ import (
|
|||
"io"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"net/url"
|
||||
"os"
|
||||
"testing"
|
||||
|
||||
|
@ -224,6 +225,24 @@ func TestHandler_UDP(t *testing.T) {
|
|||
jsonFile: "testdata/udprouter-bar.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "one UDP router by id containing slash",
|
||||
path: "/api/udp/routers/" + url.PathEscape("foo / bar@myprovider"),
|
||||
conf: runtime.Configuration{
|
||||
UDPRouters: map[string]*runtime.UDPRouterInfo{
|
||||
"foo / bar@myprovider": {
|
||||
UDPRouter: &dynamic.UDPRouter{
|
||||
EntryPoints: []string{"web"},
|
||||
Service: "foo-service@myprovider",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expected: expected{
|
||||
statusCode: http.StatusOK,
|
||||
jsonFile: "testdata/udprouter-foo-slash-bar.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "one UDP router by id, that does not exist",
|
||||
path: "/api/udp/routers/foo@myprovider",
|
||||
|
@ -487,6 +506,30 @@ func TestHandler_UDP(t *testing.T) {
|
|||
jsonFile: "testdata/udpservice-bar.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "one udp service by id containing slash",
|
||||
path: "/api/udp/services/" + url.PathEscape("foo / bar@myprovider"),
|
||||
conf: runtime.Configuration{
|
||||
UDPServices: map[string]*runtime.UDPServiceInfo{
|
||||
"foo / bar@myprovider": {
|
||||
UDPService: &dynamic.UDPService{
|
||||
LoadBalancer: &dynamic.UDPServersLoadBalancer{
|
||||
Servers: []dynamic.UDPServer{
|
||||
{
|
||||
Address: "127.0.0.1:2345",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
UsedBy: []string{"foo@myprovider", "test@myprovider"},
|
||||
},
|
||||
},
|
||||
},
|
||||
expected: expected{
|
||||
statusCode: http.StatusOK,
|
||||
jsonFile: "testdata/udpservice-foo-slash-bar.json",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "one udp service by id, that does not exist",
|
||||
path: "/api/udp/services/nono@myprovider",
|
||||
|
|
5
pkg/api/testdata/entrypoint-foo-slash-bar.json
vendored
Normal file
5
pkg/api/testdata/entrypoint-foo-slash-bar.json
vendored
Normal file
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"address": ":81",
|
||||
"http": {},
|
||||
"name": "foo / bar"
|
||||
}
|
12
pkg/api/testdata/middleware-foo-slash-bar.json
vendored
Normal file
12
pkg/api/testdata/middleware-foo-slash-bar.json
vendored
Normal file
|
@ -0,0 +1,12 @@
|
|||
{
|
||||
"addPrefix": {
|
||||
"prefix": "/titi"
|
||||
},
|
||||
"name": "foo / bar@myprovider",
|
||||
"provider": "myprovider",
|
||||
"status": "enabled",
|
||||
"type": "addprefix",
|
||||
"usedBy": [
|
||||
"test@myprovider"
|
||||
]
|
||||
}
|
17
pkg/api/testdata/router-foo-slash-bar.json
vendored
Normal file
17
pkg/api/testdata/router-foo-slash-bar.json
vendored
Normal file
|
@ -0,0 +1,17 @@
|
|||
{
|
||||
"entryPoints": [
|
||||
"web"
|
||||
],
|
||||
"middlewares": [
|
||||
"auth",
|
||||
"addPrefixTest@anotherprovider"
|
||||
],
|
||||
"name": "foo / bar@myprovider",
|
||||
"provider": "myprovider",
|
||||
"rule": "Host(`foo.bar`)",
|
||||
"service": "foo-service@myprovider",
|
||||
"status": "enabled",
|
||||
"using": [
|
||||
"web"
|
||||
]
|
||||
}
|
21
pkg/api/testdata/service-foo-slash-bar.json
vendored
Normal file
21
pkg/api/testdata/service-foo-slash-bar.json
vendored
Normal file
|
@ -0,0 +1,21 @@
|
|||
{
|
||||
"loadBalancer": {
|
||||
"passHostHeader": true,
|
||||
"servers": [
|
||||
{
|
||||
"url": "http://127.0.0.1"
|
||||
}
|
||||
]
|
||||
},
|
||||
"name": "foo / bar@myprovider",
|
||||
"provider": "myprovider",
|
||||
"serverStatus": {
|
||||
"http://127.0.0.1": "UP"
|
||||
},
|
||||
"status": "enabled",
|
||||
"type": "loadbalancer",
|
||||
"usedBy": [
|
||||
"foo@myprovider",
|
||||
"test@myprovider"
|
||||
]
|
||||
}
|
13
pkg/api/testdata/tcpmiddleware-foo-slash-bar.json
vendored
Normal file
13
pkg/api/testdata/tcpmiddleware-foo-slash-bar.json
vendored
Normal file
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
"ipWhiteList": {
|
||||
"sourceRange": ["127.0.0.1/32"]
|
||||
},
|
||||
"name": "foo / bar@myprovider",
|
||||
"provider": "myprovider",
|
||||
"status": "enabled",
|
||||
"type": "ipwhitelist",
|
||||
"usedBy": [
|
||||
"bar@myprovider",
|
||||
"test@myprovider"
|
||||
]
|
||||
}
|
13
pkg/api/testdata/tcprouter-foo-slash-bar.json
vendored
Normal file
13
pkg/api/testdata/tcprouter-foo-slash-bar.json
vendored
Normal file
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
"entryPoints": [
|
||||
"web"
|
||||
],
|
||||
"name": "foo / bar@myprovider",
|
||||
"provider": "myprovider",
|
||||
"rule": "Host(`foo.bar`)",
|
||||
"service": "foo-service@myprovider",
|
||||
"status": "enabled",
|
||||
"using": [
|
||||
"web"
|
||||
]
|
||||
}
|
17
pkg/api/testdata/tcpservice-foo-slash-bar.json
vendored
Normal file
17
pkg/api/testdata/tcpservice-foo-slash-bar.json
vendored
Normal file
|
@ -0,0 +1,17 @@
|
|||
{
|
||||
"loadBalancer": {
|
||||
"servers": [
|
||||
{
|
||||
"address": "127.0.0.1:2345"
|
||||
}
|
||||
]
|
||||
},
|
||||
"name": "foo / bar@myprovider",
|
||||
"provider": "myprovider",
|
||||
"status": "enabled",
|
||||
"type": "loadbalancer",
|
||||
"usedBy": [
|
||||
"foo@myprovider",
|
||||
"test@myprovider"
|
||||
]
|
||||
}
|
12
pkg/api/testdata/udprouter-foo-slash-bar.json
vendored
Normal file
12
pkg/api/testdata/udprouter-foo-slash-bar.json
vendored
Normal file
|
@ -0,0 +1,12 @@
|
|||
{
|
||||
"entryPoints": [
|
||||
"web"
|
||||
],
|
||||
"name": "foo / bar@myprovider",
|
||||
"provider": "myprovider",
|
||||
"service": "foo-service@myprovider",
|
||||
"status": "enabled",
|
||||
"using": [
|
||||
"web"
|
||||
]
|
||||
}
|
17
pkg/api/testdata/udpservice-foo-slash-bar.json
vendored
Normal file
17
pkg/api/testdata/udpservice-foo-slash-bar.json
vendored
Normal file
|
@ -0,0 +1,17 @@
|
|||
{
|
||||
"loadBalancer": {
|
||||
"servers": [
|
||||
{
|
||||
"address": "127.0.0.1:2345"
|
||||
}
|
||||
]
|
||||
},
|
||||
"name": "foo / bar@myprovider",
|
||||
"provider": "myprovider",
|
||||
"status": "enabled",
|
||||
"type": "loadbalancer",
|
||||
"usedBy": [
|
||||
"foo@myprovider",
|
||||
"test@myprovider"
|
||||
]
|
||||
}
|
541
pkg/cli/deprecation.go
Normal file
541
pkg/cli/deprecation.go
Normal file
|
@ -0,0 +1,541 @@
|
|||
package cli
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"os"
|
||||
"reflect"
|
||||
"strings"
|
||||
|
||||
"github.com/rs/zerolog"
|
||||
"github.com/rs/zerolog/log"
|
||||
"github.com/traefik/paerser/cli"
|
||||
"github.com/traefik/paerser/flag"
|
||||
"github.com/traefik/paerser/parser"
|
||||
)
|
||||
|
||||
type DeprecationLoader struct{}
|
||||
|
||||
func (d DeprecationLoader) Load(args []string, cmd *cli.Command) (bool, error) {
|
||||
if logDeprecation(cmd.Configuration, args) {
|
||||
return true, errors.New("incompatible deprecated static option found")
|
||||
}
|
||||
|
||||
return false, nil
|
||||
}
|
||||
|
||||
// logDeprecation prints deprecation hints and returns whether incompatible deprecated options need to be removed.
|
||||
func logDeprecation(traefikConfiguration interface{}, args []string) bool {
|
||||
// This part doesn't handle properly a flag defined like this:
|
||||
// --accesslog true
|
||||
// where `true` could be considered as a new argument.
|
||||
// This is not really an issue with the deprecation loader since it will filter the unknown nodes later in this
|
||||
// function.
|
||||
for i, arg := range args {
|
||||
if !strings.Contains(arg, "=") {
|
||||
args[i] = arg + "=true"
|
||||
}
|
||||
}
|
||||
|
||||
labels, err := flag.Parse(args, nil)
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("deprecated static options analysis failed")
|
||||
return false
|
||||
}
|
||||
|
||||
node, err := parser.DecodeToNode(labels, "traefik")
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("deprecated static options analysis failed")
|
||||
return false
|
||||
}
|
||||
|
||||
if node != nil && len(node.Children) > 0 {
|
||||
config := &configuration{}
|
||||
filterUnknownNodes(reflect.TypeOf(config), node)
|
||||
|
||||
if len(node.Children) > 0 {
|
||||
// Telling parser to look for the label struct tag to allow empty values.
|
||||
err = parser.AddMetadata(config, node, parser.MetadataOpts{TagName: "label"})
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("deprecated static options analysis failed")
|
||||
return false
|
||||
}
|
||||
|
||||
err = parser.Fill(config, node, parser.FillerOpts{})
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("deprecated static options analysis failed")
|
||||
return false
|
||||
}
|
||||
|
||||
if config.deprecationNotice(log.With().Str("loader", "FLAG").Logger()) {
|
||||
return true
|
||||
}
|
||||
|
||||
// No further deprecation parsing and logging,
|
||||
// as args configuration contains at least one deprecated option.
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
// FILE
|
||||
ref, err := flag.Parse(args, traefikConfiguration)
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("deprecated static options analysis failed")
|
||||
return false
|
||||
}
|
||||
|
||||
configFileFlag := "traefik.configfile"
|
||||
if _, ok := ref["traefik.configFile"]; ok {
|
||||
configFileFlag = "traefik.configFile"
|
||||
}
|
||||
|
||||
config := &configuration{}
|
||||
_, err = loadConfigFiles(ref[configFileFlag], config)
|
||||
|
||||
if err == nil {
|
||||
if config.deprecationNotice(log.With().Str("loader", "FILE").Logger()) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
config = &configuration{}
|
||||
l := EnvLoader{}
|
||||
_, err = l.Load(os.Args, &cli.Command{
|
||||
Configuration: config,
|
||||
})
|
||||
|
||||
if err == nil {
|
||||
if config.deprecationNotice(log.With().Str("loader", "ENV").Logger()) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
func filterUnknownNodes(fType reflect.Type, node *parser.Node) bool {
|
||||
var children []*parser.Node
|
||||
for _, child := range node.Children {
|
||||
if hasKnownNodes(fType, child) {
|
||||
children = append(children, child)
|
||||
}
|
||||
}
|
||||
|
||||
node.Children = children
|
||||
return len(node.Children) > 0
|
||||
}
|
||||
|
||||
func hasKnownNodes(rootType reflect.Type, node *parser.Node) bool {
|
||||
rType := rootType
|
||||
if rootType.Kind() == reflect.Pointer {
|
||||
rType = rootType.Elem()
|
||||
}
|
||||
|
||||
// unstructured type fitting anything, considering the current node as known.
|
||||
if rType.Kind() == reflect.Map && rType.Elem().Kind() == reflect.Interface {
|
||||
return true
|
||||
}
|
||||
|
||||
// unstructured type fitting anything, considering the current node as known.
|
||||
if rType.Kind() == reflect.Interface {
|
||||
return true
|
||||
}
|
||||
|
||||
// find matching field in struct type.
|
||||
field, b := findTypedField(rType, node)
|
||||
if !b {
|
||||
return b
|
||||
}
|
||||
|
||||
if len(node.Children) > 0 {
|
||||
return filterUnknownNodes(field.Type, node)
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
func findTypedField(rType reflect.Type, node *parser.Node) (reflect.StructField, bool) {
|
||||
// avoid panicking.
|
||||
if rType.Kind() != reflect.Struct {
|
||||
return reflect.StructField{}, false
|
||||
}
|
||||
|
||||
for i := 0; i < rType.NumField(); i++ {
|
||||
cField := rType.Field(i)
|
||||
|
||||
// ignore unexported fields.
|
||||
if cField.PkgPath == "" {
|
||||
if strings.EqualFold(cField.Name, node.Name) {
|
||||
node.FieldName = cField.Name
|
||||
return cField, true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return reflect.StructField{}, false
|
||||
}
|
||||
|
||||
// configuration holds the static configuration removed/deprecated options.
|
||||
type configuration struct {
|
||||
Experimental *experimental `json:"experimental,omitempty" toml:"experimental,omitempty" yaml:"experimental,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
Pilot map[string]any `json:"pilot,omitempty" toml:"pilot,omitempty" yaml:"pilot,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
Providers *providers `json:"providers,omitempty" toml:"providers,omitempty" yaml:"providers,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
Tracing *tracing `json:"tracing,omitempty" toml:"tracing,omitempty" yaml:"tracing,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
}
|
||||
|
||||
func (c *configuration) deprecationNotice(logger zerolog.Logger) bool {
|
||||
if c == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
var incompatible bool
|
||||
if c.Pilot != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Pilot configuration has been removed in v3, please remove all Pilot-related static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#pilot")
|
||||
}
|
||||
|
||||
incompatibleExperimental := c.Experimental.deprecationNotice(logger)
|
||||
incompatibleProviders := c.Providers.deprecationNotice(logger)
|
||||
incompatibleTracing := c.Tracing.deprecationNotice(logger)
|
||||
return incompatible || incompatibleExperimental || incompatibleProviders || incompatibleTracing
|
||||
}
|
||||
|
||||
type providers struct {
|
||||
Docker *docker `json:"docker,omitempty" toml:"docker,omitempty" yaml:"docker,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
Swarm *swarm `json:"swarm,omitempty" toml:"swarm,omitempty" yaml:"swarm,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
Consul *consul `json:"consul,omitempty" toml:"consul,omitempty" yaml:"consul,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
ConsulCatalog *consulCatalog `json:"consulCatalog,omitempty" toml:"consulCatalog,omitempty" yaml:"consulCatalog,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
Nomad *nomad `json:"nomad,omitempty" toml:"nomad,omitempty" yaml:"nomad,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
Marathon map[string]any `json:"marathon,omitempty" toml:"marathon,omitempty" yaml:"marathon,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
Rancher map[string]any `json:"rancher,omitempty" toml:"rancher,omitempty" yaml:"rancher,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
ETCD *etcd `json:"etcd,omitempty" toml:"etcd,omitempty" yaml:"etcd,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
Redis *redis `json:"redis,omitempty" toml:"redis,omitempty" yaml:"redis,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
HTTP *http `json:"http,omitempty" toml:"http,omitempty" yaml:"http,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
}
|
||||
|
||||
func (p *providers) deprecationNotice(logger zerolog.Logger) bool {
|
||||
if p == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
var incompatible bool
|
||||
|
||||
if p.Marathon != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Marathon provider has been removed in v3, please remove all Marathon-related static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#marathon-provider")
|
||||
}
|
||||
|
||||
if p.Rancher != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Rancher provider has been removed in v3, please remove all Rancher-related static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#rancher-v1-provider")
|
||||
}
|
||||
|
||||
dockerIncompatible := p.Docker.deprecationNotice(logger)
|
||||
consulIncompatible := p.Consul.deprecationNotice(logger)
|
||||
consulCatalogIncompatible := p.ConsulCatalog.deprecationNotice(logger)
|
||||
nomadIncompatible := p.Nomad.deprecationNotice(logger)
|
||||
swarmIncompatible := p.Swarm.deprecationNotice(logger)
|
||||
etcdIncompatible := p.ETCD.deprecationNotice(logger)
|
||||
redisIncompatible := p.Redis.deprecationNotice(logger)
|
||||
httpIncompatible := p.HTTP.deprecationNotice(logger)
|
||||
return incompatible ||
|
||||
dockerIncompatible ||
|
||||
consulIncompatible ||
|
||||
consulCatalogIncompatible ||
|
||||
nomadIncompatible ||
|
||||
swarmIncompatible ||
|
||||
etcdIncompatible ||
|
||||
redisIncompatible ||
|
||||
httpIncompatible
|
||||
}
|
||||
|
||||
type tls struct {
|
||||
CAOptional *bool `json:"caOptional,omitempty" toml:"caOptional,omitempty" yaml:"caOptional,omitempty"`
|
||||
}
|
||||
|
||||
type docker struct {
|
||||
SwarmMode *bool `json:"swarmMode,omitempty" toml:"swarmMode,omitempty" yaml:"swarmMode,omitempty"`
|
||||
TLS *tls `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
}
|
||||
|
||||
func (d *docker) deprecationNotice(logger zerolog.Logger) bool {
|
||||
if d == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
var incompatible bool
|
||||
|
||||
if d.SwarmMode != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Docker provider `swarmMode` option has been removed in v3, please use the Swarm Provider instead." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#docker-docker-swarm")
|
||||
}
|
||||
|
||||
if d.TLS != nil && d.TLS.CAOptional != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Docker provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
}
|
||||
|
||||
type swarm struct {
|
||||
TLS *tls `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
}
|
||||
|
||||
func (s *swarm) deprecationNotice(logger zerolog.Logger) bool {
|
||||
if s == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
var incompatible bool
|
||||
|
||||
if s.TLS != nil && s.TLS.CAOptional != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Swarm provider `tls.CAOptional` option does not exist, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start.")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
}
|
||||
|
||||
type etcd struct {
|
||||
TLS *tls `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
}
|
||||
|
||||
func (e *etcd) deprecationNotice(logger zerolog.Logger) bool {
|
||||
if e == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
var incompatible bool
|
||||
|
||||
if e.TLS != nil && e.TLS.CAOptional != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("ETCD provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional_3")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
}
|
||||
|
||||
type redis struct {
|
||||
TLS *tls `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
}
|
||||
|
||||
func (r *redis) deprecationNotice(logger zerolog.Logger) bool {
|
||||
if r == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
var incompatible bool
|
||||
|
||||
if r.TLS != nil && r.TLS.CAOptional != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Redis provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional_4")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
}
|
||||
|
||||
type consul struct {
|
||||
Namespace *string `json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
|
||||
TLS *tls `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
}
|
||||
|
||||
func (c *consul) deprecationNotice(logger zerolog.Logger) bool {
|
||||
if c == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
var incompatible bool
|
||||
|
||||
if c.Namespace != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Consul provider `namespace` option has been removed, please use the `namespaces` option instead." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#consul-provider")
|
||||
}
|
||||
|
||||
if c.TLS != nil && c.TLS.CAOptional != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Consul provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional_1")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
}
|
||||
|
||||
type consulCatalog struct {
|
||||
Namespace *string `json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
|
||||
Endpoint *endpointConfig `json:"endpoint,omitempty" toml:"endpoint,omitempty" yaml:"endpoint,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
}
|
||||
|
||||
type endpointConfig struct {
|
||||
TLS *tls `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty"`
|
||||
}
|
||||
|
||||
func (c *consulCatalog) deprecationNotice(logger zerolog.Logger) bool {
|
||||
if c == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
var incompatible bool
|
||||
|
||||
if c.Namespace != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("ConsulCatalog provider `namespace` option has been removed, please use the `namespaces` option instead." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#consulcatalog-provider")
|
||||
}
|
||||
|
||||
if c.Endpoint != nil && c.Endpoint.TLS != nil && c.Endpoint.TLS.CAOptional != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("ConsulCatalog provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#endpointtlscaoptional")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
}
|
||||
|
||||
type nomad struct {
|
||||
Namespace *string `json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
|
||||
Endpoint *endpointConfig `json:"endpoint,omitempty" toml:"endpoint,omitempty" yaml:"endpoint,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
}
|
||||
|
||||
func (n *nomad) deprecationNotice(logger zerolog.Logger) bool {
|
||||
if n == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
var incompatible bool
|
||||
|
||||
if n.Namespace != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Nomad provider `namespace` option has been removed, please use the `namespaces` option instead." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#nomad-provider")
|
||||
}
|
||||
|
||||
if n.Endpoint != nil && n.Endpoint.TLS != nil && n.Endpoint.TLS.CAOptional != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Nomad provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#endpointtlscaoptional_1")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
}
|
||||
|
||||
type http struct {
|
||||
TLS *tls `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
}
|
||||
|
||||
func (h *http) deprecationNotice(logger zerolog.Logger) bool {
|
||||
if h == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
var incompatible bool
|
||||
|
||||
if h.TLS != nil && h.TLS.CAOptional != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("HTTP provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional_2")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
}
|
||||
|
||||
type experimental struct {
|
||||
HTTP3 *bool `json:"http3,omitempty" toml:"http3,omitempty" yaml:"http3,omitempty"`
|
||||
}
|
||||
|
||||
func (e *experimental) deprecationNotice(logger zerolog.Logger) bool {
|
||||
if e == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
if e.HTTP3 != nil {
|
||||
logger.Error().Msg("HTTP3 is not an experimental feature in v3 and the associated enablement has been removed." +
|
||||
"Please remove its usage from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#http3-experimental-configuration")
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
type tracing struct {
|
||||
SpanNameLimit *int `json:"spanNameLimit,omitempty" toml:"spanNameLimit,omitempty" yaml:"spanNameLimit,omitempty"`
|
||||
Jaeger map[string]any `json:"jaeger,omitempty" toml:"jaeger,omitempty" yaml:"jaeger,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
Zipkin map[string]any `json:"zipkin,omitempty" toml:"zipkin,omitempty" yaml:"zipkin,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
Datadog map[string]any `json:"datadog,omitempty" toml:"datadog,omitempty" yaml:"datadog,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
Instana map[string]any `json:"instana,omitempty" toml:"instana,omitempty" yaml:"instana,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
Haystack map[string]any `json:"haystack,omitempty" toml:"haystack,omitempty" yaml:"haystack,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
Elastic map[string]any `json:"elastic,omitempty" toml:"elastic,omitempty" yaml:"elastic,omitempty" label:"allowEmpty" file:"allowEmpty"`
|
||||
}
|
||||
|
||||
func (t *tracing) deprecationNotice(logger zerolog.Logger) bool {
|
||||
if t == nil {
|
||||
return false
|
||||
}
|
||||
var incompatible bool
|
||||
if t.SpanNameLimit != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("SpanNameLimit option for Tracing has been removed in v3, as Span names are now of a fixed length." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
if t.Jaeger != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Jaeger Tracing backend has been removed in v3, please remove all Jaeger-related Tracing static configuration for Traefik to start." +
|
||||
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
if t.Zipkin != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Zipkin Tracing backend has been removed in v3, please remove all Zipkin-related Tracing static configuration for Traefik to start." +
|
||||
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
if t.Datadog != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Datadog Tracing backend has been removed in v3, please remove all Datadog-related Tracing static configuration for Traefik to start." +
|
||||
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
if t.Instana != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Instana Tracing backend has been removed in v3, please remove all Instana-related Tracing static configuration for Traefik to start." +
|
||||
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
if t.Haystack != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Haystack Tracing backend has been removed in v3, please remove all Haystack-related Tracing static configuration for Traefik to start." +
|
||||
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
if t.Elastic != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Elastic Tracing backend has been removed in v3, please remove all Elastic-related Tracing static configuration for Traefik to start." +
|
||||
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
}
|
404
pkg/cli/deprecation_test.go
Normal file
404
pkg/cli/deprecation_test.go
Normal file
|
@ -0,0 +1,404 @@
|
|||
package cli
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/rs/zerolog"
|
||||
"github.com/rs/zerolog/log"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/traefik/paerser/cli"
|
||||
"github.com/traefik/traefik/v3/cmd"
|
||||
)
|
||||
|
||||
func ptr[T any](t T) *T {
|
||||
return &t
|
||||
}
|
||||
|
||||
func TestDeprecationNotice(t *testing.T) {
|
||||
tests := []struct {
|
||||
desc string
|
||||
config configuration
|
||||
}{
|
||||
{
|
||||
desc: "Docker provider swarmMode option is incompatible",
|
||||
config: configuration{
|
||||
Providers: &providers{
|
||||
Docker: &docker{
|
||||
SwarmMode: ptr(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Docker provider tls.CAOptional option is incompatible",
|
||||
config: configuration{
|
||||
Providers: &providers{
|
||||
Docker: &docker{
|
||||
TLS: &tls{
|
||||
CAOptional: ptr(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Swarm provider tls.CAOptional option is incompatible",
|
||||
config: configuration{
|
||||
Providers: &providers{
|
||||
Swarm: &swarm{
|
||||
TLS: &tls{
|
||||
CAOptional: ptr(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Consul provider namespace option is incompatible",
|
||||
config: configuration{
|
||||
Providers: &providers{
|
||||
Consul: &consul{
|
||||
Namespace: ptr("foobar"),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Consul provider tls.CAOptional option is incompatible",
|
||||
config: configuration{
|
||||
Providers: &providers{
|
||||
Consul: &consul{
|
||||
TLS: &tls{
|
||||
CAOptional: ptr(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "ConsulCatalog provider namespace option is incompatible",
|
||||
config: configuration{
|
||||
Providers: &providers{
|
||||
ConsulCatalog: &consulCatalog{
|
||||
Namespace: ptr("foobar"),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "ConsulCatalog provider tls.CAOptional option is incompatible",
|
||||
config: configuration{
|
||||
Providers: &providers{
|
||||
ConsulCatalog: &consulCatalog{
|
||||
Endpoint: &endpointConfig{
|
||||
TLS: &tls{
|
||||
CAOptional: ptr(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Nomad provider namespace option is incompatible",
|
||||
config: configuration{
|
||||
Providers: &providers{
|
||||
Nomad: &nomad{
|
||||
Namespace: ptr("foobar"),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Nomad provider tls.CAOptional option is incompatible",
|
||||
config: configuration{
|
||||
Providers: &providers{
|
||||
Nomad: &nomad{
|
||||
Endpoint: &endpointConfig{
|
||||
TLS: &tls{
|
||||
CAOptional: ptr(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Marathon configuration is incompatible",
|
||||
config: configuration{
|
||||
Providers: &providers{
|
||||
Marathon: map[string]any{
|
||||
"foo": "bar",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Rancher configuration is incompatible",
|
||||
config: configuration{
|
||||
Providers: &providers{
|
||||
Rancher: map[string]any{
|
||||
"foo": "bar",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "ETCD provider tls.CAOptional option is incompatible",
|
||||
config: configuration{
|
||||
Providers: &providers{
|
||||
ETCD: &etcd{
|
||||
TLS: &tls{
|
||||
CAOptional: ptr(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Redis provider tls.CAOptional option is incompatible",
|
||||
config: configuration{
|
||||
Providers: &providers{
|
||||
Redis: &redis{
|
||||
TLS: &tls{
|
||||
CAOptional: ptr(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "HTTP provider tls.CAOptional option is incompatible",
|
||||
config: configuration{
|
||||
Providers: &providers{
|
||||
HTTP: &http{
|
||||
TLS: &tls{
|
||||
CAOptional: ptr(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Pilot configuration is incompatible",
|
||||
config: configuration{
|
||||
Pilot: map[string]any{
|
||||
"foo": "bar",
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Experimental HTTP3 enablement configuration is incompatible",
|
||||
config: configuration{
|
||||
Experimental: &experimental{
|
||||
HTTP3: ptr(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Tracing SpanNameLimit option is incompatible",
|
||||
config: configuration{
|
||||
Tracing: &tracing{
|
||||
SpanNameLimit: ptr(42),
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Tracing Jaeger configuration is incompatible",
|
||||
config: configuration{
|
||||
Tracing: &tracing{
|
||||
Jaeger: map[string]any{
|
||||
"foo": "bar",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Tracing Zipkin configuration is incompatible",
|
||||
config: configuration{
|
||||
Tracing: &tracing{
|
||||
Zipkin: map[string]any{
|
||||
"foo": "bar",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Tracing Datadog configuration is incompatible",
|
||||
config: configuration{
|
||||
Tracing: &tracing{
|
||||
Datadog: map[string]any{
|
||||
"foo": "bar",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Tracing Instana configuration is incompatible",
|
||||
config: configuration{
|
||||
Tracing: &tracing{
|
||||
Instana: map[string]any{
|
||||
"foo": "bar",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Tracing Haystack configuration is incompatible",
|
||||
config: configuration{
|
||||
Tracing: &tracing{
|
||||
Haystack: map[string]any{
|
||||
"foo": "bar",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Tracing Elastic configuration is incompatible",
|
||||
config: configuration{
|
||||
Tracing: &tracing{
|
||||
Elastic: map[string]any{
|
||||
"foo": "bar",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range tests {
|
||||
test := test
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
var gotLog bool
|
||||
var gotLevel zerolog.Level
|
||||
testHook := zerolog.HookFunc(func(e *zerolog.Event, level zerolog.Level, message string) {
|
||||
gotLog = true
|
||||
gotLevel = level
|
||||
})
|
||||
|
||||
logger := log.With().Logger().Hook(testHook)
|
||||
assert.True(t, test.config.deprecationNotice(logger))
|
||||
assert.True(t, gotLog)
|
||||
assert.Equal(t, zerolog.ErrorLevel, gotLevel)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestLoad(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
args []string
|
||||
env map[string]string
|
||||
wantDeprecated bool
|
||||
}{
|
||||
{
|
||||
desc: "Empty",
|
||||
args: []string{},
|
||||
wantDeprecated: false,
|
||||
},
|
||||
{
|
||||
desc: "[FLAG] providers.marathon is deprecated",
|
||||
args: []string{
|
||||
"--access-log",
|
||||
"--log.level=DEBUG",
|
||||
"--entrypoints.test.http.tls",
|
||||
"--providers.nomad.endpoint.tls.insecureskipverify=true",
|
||||
"--providers.marathon",
|
||||
},
|
||||
wantDeprecated: true,
|
||||
},
|
||||
{
|
||||
desc: "[FLAG] multiple deprecated",
|
||||
args: []string{
|
||||
"--access-log",
|
||||
"--log.level=DEBUG",
|
||||
"--entrypoints.test.http.tls",
|
||||
"--providers.marathon",
|
||||
"--pilot.token=XXX",
|
||||
},
|
||||
wantDeprecated: true,
|
||||
},
|
||||
{
|
||||
desc: "[FLAG] no deprecated",
|
||||
args: []string{
|
||||
"--access-log",
|
||||
"--log.level=DEBUG",
|
||||
"--entrypoints.test.http.tls",
|
||||
"--providers.docker",
|
||||
},
|
||||
wantDeprecated: false,
|
||||
},
|
||||
{
|
||||
desc: "[ENV] providers.marathon is deprecated",
|
||||
env: map[string]string{
|
||||
"TRAEFIK_ACCESS_LOG": "",
|
||||
"TRAEFIK_LOG_LEVEL": "DEBUG",
|
||||
"TRAEFIK_ENTRYPOINT_TEST_HTTP_TLS": "true",
|
||||
"TRAEFIK_PROVIDERS_MARATHON": "true",
|
||||
},
|
||||
wantDeprecated: true,
|
||||
},
|
||||
{
|
||||
desc: "[ENV] multiple deprecated",
|
||||
env: map[string]string{
|
||||
"TRAEFIK_ACCESS_LOG": "true",
|
||||
"TRAEFIK_LOG_LEVEL": "DEBUG",
|
||||
"TRAEFIK_ENTRYPOINT_TEST_HTTP_TLS": "true",
|
||||
"TRAEFIK_PROVIDERS_MARATHON": "true",
|
||||
"TRAEFIK_PILOT_TOKEN": "xxx",
|
||||
},
|
||||
wantDeprecated: true,
|
||||
},
|
||||
{
|
||||
desc: "[ENV] no deprecated",
|
||||
env: map[string]string{
|
||||
"TRAEFIK_ACCESS_LOG": "true",
|
||||
"TRAEFIK_LOG_LEVEL": "DEBUG",
|
||||
"TRAEFIK_ENTRYPOINT_TEST_HTTP_TLS": "true",
|
||||
},
|
||||
|
||||
wantDeprecated: false,
|
||||
},
|
||||
{
|
||||
desc: "[FILE] providers.marathon is deprecated",
|
||||
args: []string{
|
||||
"--configfile=./fixtures/traefik_deprecated.toml",
|
||||
},
|
||||
wantDeprecated: true,
|
||||
},
|
||||
{
|
||||
desc: "[FILE] multiple deprecated",
|
||||
args: []string{
|
||||
"--configfile=./fixtures/traefik_multiple_deprecated.toml",
|
||||
},
|
||||
wantDeprecated: true,
|
||||
},
|
||||
{
|
||||
desc: "[FILE] no deprecated",
|
||||
args: []string{
|
||||
"--configfile=./fixtures/traefik_no_deprecated.toml",
|
||||
},
|
||||
wantDeprecated: false,
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
test := test
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
tconfig := cmd.NewTraefikConfiguration()
|
||||
c := &cli.Command{Configuration: tconfig}
|
||||
l := DeprecationLoader{}
|
||||
|
||||
for name, val := range test.env {
|
||||
t.Setenv(name, val)
|
||||
}
|
||||
deprecated, err := l.Load(test.args, c)
|
||||
assert.Equal(t, test.wantDeprecated, deprecated)
|
||||
if !test.wantDeprecated {
|
||||
require.NoError(t, err)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
5
pkg/cli/fixtures/traefik_deprecated.toml
Normal file
5
pkg/cli/fixtures/traefik_deprecated.toml
Normal file
|
@ -0,0 +1,5 @@
|
|||
[accesslog]
|
||||
|
||||
[entrypoints.test.http.tls]
|
||||
|
||||
[providers.marathon]
|
8
pkg/cli/fixtures/traefik_multiple_deprecated.toml
Normal file
8
pkg/cli/fixtures/traefik_multiple_deprecated.toml
Normal file
|
@ -0,0 +1,8 @@
|
|||
[accesslog]
|
||||
|
||||
[entrypoints.test.http.tls]
|
||||
|
||||
[providers.marathon]
|
||||
|
||||
[pilot]
|
||||
token="xxx"
|
3
pkg/cli/fixtures/traefik_no_deprecated.toml
Normal file
3
pkg/cli/fixtures/traefik_no_deprecated.toml
Normal file
|
@ -0,0 +1,3 @@
|
|||
[accesslog]
|
||||
|
||||
[entrypoints.test.http.tls]
|
|
@ -20,8 +20,6 @@ import (
|
|||
const collectorURL = "https://collect.traefik.io/yYaUej3P42cziRVzv6T5w2aYy9po2Mrn"
|
||||
|
||||
// Collected data.
|
||||
//
|
||||
//nolint:musttag // cannot be changed for historical reasons.
|
||||
type data struct {
|
||||
Version string
|
||||
Codename string
|
||||
|
@ -67,7 +65,7 @@ func createBody(staticConfiguration *static.Configuration) (*bytes.Buffer, error
|
|||
}
|
||||
|
||||
buf := new(bytes.Buffer)
|
||||
err = json.NewEncoder(buf).Encode(data)
|
||||
err = json.NewEncoder(buf).Encode(data) //nolint:musttag // cannot be changed for historical reasons.
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
@ -39,6 +39,7 @@ type HTTPConfiguration struct {
|
|||
type Model struct {
|
||||
Middlewares []string `json:"middlewares,omitempty" toml:"middlewares,omitempty" yaml:"middlewares,omitempty" export:"true"`
|
||||
TLS *RouterTLSConfig `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"`
|
||||
DefaultRuleSyntax string `json:"-" toml:"-" yaml:"-" label:"-" file:"-" kv:"-" export:"true"`
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
@ -59,6 +60,7 @@ type Router struct {
|
|||
Middlewares []string `json:"middlewares,omitempty" toml:"middlewares,omitempty" yaml:"middlewares,omitempty" export:"true"`
|
||||
Service string `json:"service,omitempty" toml:"service,omitempty" yaml:"service,omitempty" export:"true"`
|
||||
Rule string `json:"rule,omitempty" toml:"rule,omitempty" yaml:"rule,omitempty"`
|
||||
RuleSyntax string `json:"ruleSyntax,omitempty" toml:"ruleSyntax,omitempty" yaml:"ruleSyntax,omitempty" export:"true"`
|
||||
Priority int `json:"priority,omitempty" toml:"priority,omitempty,omitzero" yaml:"priority,omitempty" export:"true"`
|
||||
TLS *RouterTLSConfig `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"`
|
||||
DefaultRule bool `json:"-" toml:"-" yaml:"-" label:"-" file:"-"`
|
||||
|
@ -225,6 +227,7 @@ func (r *ResponseForwarding) SetDefaults() {
|
|||
// Server holds the server configuration.
|
||||
type Server struct {
|
||||
URL string `json:"url,omitempty" toml:"url,omitempty" yaml:"url,omitempty" label:"-"`
|
||||
Weight *int `json:"weight,omitempty" toml:"weight,omitempty" yaml:"weight,omitempty" label:"weight"`
|
||||
Scheme string `json:"-" toml:"-" yaml:"-" file:"-"`
|
||||
Port string `json:"-" toml:"-" yaml:"-" file:"-"`
|
||||
}
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue