doc(k8s): add documentation.
This commit is contained in:
parent
7c80b9a692
commit
62df067fac
1 changed files with 74 additions and 34 deletions
|
@ -100,40 +100,80 @@ See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-
|
||||||
|
|
||||||
The following general annotations are applicable on the Ingress object:
|
The following general annotations are applicable on the Ingress object:
|
||||||
|
|
||||||
- `traefik.frontend.rule.type: PathPrefixStrip`
|
| Annotation | Description |
|
||||||
Override the default frontend rule type. Default: `PathPrefix`.
|
|---------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||||
- `traefik.frontend.priority: "3"`
|
| `traefik.ingress.kubernetes.io/buffering: <YML>` | (3) See [buffering](/configuration/commons/#buffering) section. |
|
||||||
Override the default frontend rule priority.
|
| `traefik.ingress.kubernetes.io/error-pages: <YML>` | (1) See [custom error pages](/configuration/commons/#custom-error-pages) section. |
|
||||||
- `traefik.frontend.redirect.entryPoint: https`:
|
| `traefik.ingress.kubernetes.io/frontend-entry-points: http,https` | Override the default frontend endpoints. |
|
||||||
Enables Redirect to another entryPoint for that frontend (e.g. HTTPS).
|
| `traefik.ingress.kubernetes.io/pass-tls-cert: true` | Override the default frontend PassTLSCert value. Default: `false`. |
|
||||||
- `traefik.frontend.redirect.regex: ^http://localhost/(.*)`:
|
| `traefik.ingress.kubernetes.io/preserve-host: true` | Forward client `Host` header to the backend. |
|
||||||
Redirect to another URL for that frontend. Must be set with `traefik.frontend.redirect.replacement`.
|
| `traefik.ingress.kubernetes.io/priority: "3"` | Override the default frontend rule priority. |
|
||||||
- `traefik.frontend.redirect.replacement: http://mydomain/$1`:
|
| `traefik.ingress.kubernetes.io/rate-limit: <YML>` | (2) See [custom error pages](/configuration/commons/#rate-limiting) section. |
|
||||||
Redirect to another URL for that frontend. Must be set with `traefik.frontend.redirect.regex`.
|
| `traefik.ingress.kubernetes.io/redirect-entry-point: https` | Enables Redirect to another entryPoint for that frontend (e.g. HTTPS). |
|
||||||
- `traefik.frontend.entryPoints: http,https`
|
| `traefik.ingress.kubernetes.io/redirect-regex: ^http://localhost/(.*)` | Redirect to another URL for that frontend. Must be set with `traefik.ingress.kubernetes.io/redirect-replacement`. |
|
||||||
Override the default frontend endpoints.
|
| `traefik.ingress.kubernetes.io/redirect-replacement: http://mydomain/$1` | Redirect to another URL for that frontend. Must be set with `traefik.ingress.kubernetes.io/redirect-regex`. |
|
||||||
- `traefik.frontend.passTLSCert: true`
|
| `traefik.ingress.kubernetes.io/rewrite-target: /users` | Replaces each matched Ingress path with the specified one, and adds the old path to the `X-Replaced-Path` header. |
|
||||||
Override the default frontend PassTLSCert value. Default: `false`.
|
| `traefik.ingress.kubernetes.io/rule-type: PathPrefixStrip` | Override the default frontend rule type. Default: `PathPrefix`. |
|
||||||
- `ingress.kubernetes.io/rewrite-target: /users`
|
| `traefik.ingress.kubernetes.io/whitelist-source-range: "1.2.3.0/24, fe80::/16"` | A comma-separated list of IP ranges permitted for access. all source IPs are permitted if the list is empty or a single range is ill-formatted. |
|
||||||
Replaces each matched Ingress path with the specified one, and adds the old path to the `X-Replaced-Path` header.
|
|
||||||
- `ingress.kubernetes.io/whitelist-source-range: "1.2.3.0/24, fe80::/16"`
|
<1> `traefik.ingress.kubernetes.io/error-pages` example:
|
||||||
A comma-separated list of IP ranges permitted for access. all source IPs are permitted if the list is empty or a single range is ill-formatted.
|
|
||||||
|
```yaml
|
||||||
|
foo:
|
||||||
|
status:
|
||||||
|
- "404"
|
||||||
|
backend: bar
|
||||||
|
query: /bar
|
||||||
|
fii:
|
||||||
|
status:
|
||||||
|
- "503"
|
||||||
|
- "500"
|
||||||
|
backend: bar
|
||||||
|
query: /bir
|
||||||
|
```
|
||||||
|
|
||||||
|
<2> `traefik.ingress.kubernetes.io/rate-limit` example:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
extractorfunc: client.ip
|
||||||
|
rateset:
|
||||||
|
bar:
|
||||||
|
period: 3s
|
||||||
|
average: 6
|
||||||
|
burst: 9
|
||||||
|
foo:
|
||||||
|
period: 6s
|
||||||
|
average: 12
|
||||||
|
burst: 18
|
||||||
|
```
|
||||||
|
|
||||||
|
<3> `traefik.ingress.kubernetes.io/buffering` example:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
maxrequestbodybytes: 10485760
|
||||||
|
memrequestbodybytes: 2097153
|
||||||
|
maxresponsebodybytes: 10485761
|
||||||
|
memresponsebodybytes: 2097152
|
||||||
|
retryexpression: IsNetworkError() && Attempts() <= 2
|
||||||
|
```
|
||||||
|
|
||||||
!!! note
|
!!! note
|
||||||
Please note that `traefik.frontend.redirect.regex` and `traefik.frontend.redirect.replacement` do not have to be set if `traefik.frontend.redirect.entryPoint` is defined for the redirection (they will not be used in this case).
|
Please note that `traefik.ingress.kubernetes.io/redirect-regex` and `traefik.ingress.kubernetes.io/redirect-replacement` do not have to be set if `traefik.ingress.kubernetes.io/redirect-entry-point` is defined for the redirection (they will not be used in this case).
|
||||||
|
|
||||||
The following annotations are applicable on the Service object associated with a particular Ingress object:
|
The following annotations are applicable on the Service object associated with a particular Ingress object:
|
||||||
|
|
||||||
- `traefik.backend.loadbalancer.method=drr`
|
| Annotation | Description |
|
||||||
Override the default `wrr` load balancer algorithm.
|
|--------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||||
- `traefik.backend.loadbalancer.stickiness=true`
|
| `traefik.backend.loadbalancer.sticky=true` | Enable backend sticky sessions (DEPRECATED). |
|
||||||
Enable backend sticky sessions.
|
| `traefik.ingress.kubernetes.io/affinity: true` | Enable backend sticky sessions. |
|
||||||
- `traefik.backend.loadbalancer.stickiness.cookieName=NAME`
|
| `traefik.ingress.kubernetes.io/circuit-breaker-expression: <expression>` | Set the circuit breaker expression for the backend. |
|
||||||
Manually set the cookie name for sticky sessions.
|
| `traefik.ingress.kubernetes.io/load-balancer-method: drr` | Override the default `wrr` load balancer algorithm. |
|
||||||
- `traefik.backend.loadbalancer.sticky=true`
|
| `traefik.ingress.kubernetes.io/max-conn-amount: 10` | Set a maximum number of connections to the backend.<br>Must be used in conjunction with the below label to take effect. |
|
||||||
Enable backend sticky sessions (DEPRECATED).
|
| `traefik.ingress.kubernetes.io/max-conn-extractor-func: client.ip` | Set the function to be used against the request to determine what to limit maximum connections to the backend by.<br>Must be used in conjunction with the above label to take effect. |
|
||||||
- `traefik.backend.circuitbreaker: <expression>`
|
| `traefik.ingress.kubernetes.io/session-cookie-name: <NAME>` | Manually set the cookie name for sticky sessions. |
|
||||||
Set the circuit breaker expression for the backend.
|
|
||||||
|
!!! note
|
||||||
|
`traefik.ingress.kubernetes.io/` and `ingress.kubernetes.io/` are supported prefixes.
|
||||||
|
|
||||||
### Security annotations
|
### Security annotations
|
||||||
|
|
||||||
|
@ -167,10 +207,10 @@ The following security annotations are applicable on the Ingress object:
|
||||||
Is possible to add additional authentication annotations to the Ingress object.
|
Is possible to add additional authentication annotations to the Ingress object.
|
||||||
The source of the authentication is a Secret object that contains the credentials.
|
The source of the authentication is a Secret object that contains the credentials.
|
||||||
|
|
||||||
- `ingress.kubernetes.io/auth-type`: `basic`
|
| Annotation | Description |
|
||||||
Contains the authentication type. The only permitted type is `basic`.
|
|----------------------------------------------|--------------------------------------------------------------------------------------------|
|
||||||
- `ingress.kubernetes.io/auth-secret`: `mysecret`
|
| `ingress.kubernetes.io/auth-type:basic` | Contains the authentication type. The only permitted type is `basic`. |
|
||||||
Contains the username and password with access to the paths defined in the Ingress object.
|
| `ingress.kubernetes.io/auth-secret:mysecret` | Contains the username and password with access to the paths defined in the Ingress object. |
|
||||||
|
|
||||||
The secret must be created in the same namespace as the Ingress object.
|
The secret must be created in the same namespace as the Ingress object.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue