Merge github.com:traefik/traefik

This commit is contained in:
baalajimaestro 2022-11-26 07:17:12 +05:30
commit 6d5fb61856
Signed by: baalajimaestro
GPG key ID: F93C394FE9BBAFD5
63 changed files with 45 additions and 988 deletions

View file

@ -134,14 +134,6 @@ issues:
exclude: exclude:
- 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked' - 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked'
- "should have a package comment, unless it's in another file for this package" - "should have a package comment, unless it's in another file for this package"
- 'SA1019: cfg.SSLRedirect is deprecated'
- 'SA1019: cfg.SSLTemporaryRedirect is deprecated'
- 'SA1019: cfg.SSLHost is deprecated'
- 'SA1019: cfg.SSLForceHost is deprecated'
- 'SA1019: cfg.FeaturePolicy is deprecated'
- 'SA1019: c.Providers.ConsulCatalog.Namespace is deprecated'
- 'SA1019: c.Providers.Consul.Namespace is deprecated'
- 'SA1019: c.Providers.Nomad.Namespace is deprecated'
exclude-rules: exclude-rules:
- path: '(.+)_test.go' - path: '(.+)_test.go'
linters: linters:

View file

@ -27,16 +27,15 @@ func setupLogger(staticConfiguration *static.Configuration) {
// configure log level // configure log level
logLevel := getLogLevel(staticConfiguration) logLevel := getLogLevel(staticConfiguration)
zerolog.SetGlobalLevel(logLevel)
// create logger // create logger
logCtx := zerolog.New(w).With().Timestamp() logCtx := zerolog.New(w).With().Timestamp()
if logLevel <= zerolog.DebugLevel { if logLevel <= zerolog.DebugLevel {
logCtx = logCtx.Caller() logCtx = logCtx.Caller()
} }
log.Logger = logCtx.Logger() log.Logger = logCtx.Logger().Level(logLevel)
zerolog.DefaultContextLogger = &log.Logger zerolog.DefaultContextLogger = &log.Logger
zerolog.SetGlobalLevel(logLevel)
// Global logrus replacement (related to lib like go-rancher-metadata, docker, etc.) // Global logrus replacement (related to lib like go-rancher-metadata, docker, etc.)
logrus.StandardLogger().Out = logs.NoLevel(log.Logger, zerolog.DebugLevel) logrus.StandardLogger().Out = logs.NoLevel(log.Logger, zerolog.DebugLevel)

View file

@ -204,10 +204,6 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
return nil, err return nil, err
} }
if staticConfiguration.Pilot != nil {
log.Warn().Msg("Traefik Pilot has been removed.")
}
// Plugins // Plugins
pluginBuilder, err := createPluginBuilder(staticConfiguration) pluginBuilder, err := createPluginBuilder(staticConfiguration)

View file

@ -2,33 +2,4 @@
This page is maintained and updated periodically to reflect our roadmap and any decisions around feature deprecation. This page is maintained and updated periodically to reflect our roadmap and any decisions around feature deprecation.
| Feature | Deprecated | End of Support | Removal | There is no feature deprecation in Traefik v3 for now.
|-------------------------------------------------------------|------------|----------------|---------|
| [Pilot](#pilot) | 2.7 | 2.8 | 2.9 |
| [Consul Enterprise Namespace](#consul-enterprise-namespace) | 2.8 | N/A | 3.0 |
| [TLS 1.0 and 1.1 Support](#tls-10-and-11) | N/A | 2.8 | N/A |
| [Nomad Namespace](#nomad-namespace) | 2.10 | N/A | 3.0 |
## Impact
### Pilot
Metrics will continue to function normally up to 2.8, when they will be disabled.
In 2.9, the Pilot platform and all Traefik integration code will be permanently removed.
Starting on 2.7 the pilot token will not be a requirement anymore for plugins.
Since 2.8, a [new plugin catalog](https://plugins.traefik.io) is available, decoupled from Pilot.
### Consul Enterprise Namespace
Starting on 2.8 the `namespace` option of Consul and Consul Catalog providers is deprecated,
please use the `namespaces` options instead.
### TLS 1.0 and 1.1
Starting on 2.8 the default TLS options will use the minimum version of TLS 1.2. Of course, it can still be overridden with custom configuration.
### Nomad Namespace
Starting on 2.10 the `namespace` option of the Nomad provider is deprecated,
please use the `namespaces` options instead.

View file

@ -364,43 +364,11 @@ The `allowedHosts` option lists fully qualified domain names that are allowed.
The `hostsProxyHeaders` option is a set of header keys that may hold a proxied hostname value for the request. The `hostsProxyHeaders` option is a set of header keys that may hold a proxied hostname value for the request.
### `sslRedirect`
!!! warning
Deprecated in favor of [EntryPoint redirection](../../routing/entrypoints.md#redirection) or the [RedirectScheme middleware](./redirectscheme.md).
The `sslRedirect` only allow HTTPS requests when set to `true`.
### `sslTemporaryRedirect`
!!! warning
Deprecated in favor of [EntryPoint redirection](../../routing/entrypoints.md#redirection) or the [RedirectScheme middleware](./redirectscheme.md).
Set `sslTemporaryRedirect` to `true` to force an SSL redirection using a 302 (instead of a 301).
### `sslHost`
!!! warning
Deprecated in favor of the [RedirectRegex middleware](./redirectregex.md).
The `sslHost` option is the host name that is used to redirect HTTP requests to HTTPS.
### `sslProxyHeaders` ### `sslProxyHeaders`
The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid HTTPS request. The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid HTTPS request.
It can be useful when using other proxies (example: `"X-Forwarded-Proto": "https"`). It can be useful when using other proxies (example: `"X-Forwarded-Proto": "https"`).
### `sslForceHost`
!!! warning
Deprecated in favor of the [RedirectRegex middleware](./redirectregex.md).
Set `sslForceHost` to `true` and set `sslHost` to force requests to use `SSLHost` regardless of whether they already use SSL.
### `stsSeconds` ### `stsSeconds`
The `stsSeconds` is the max-age of the `Strict-Transport-Security` header. The `stsSeconds` is the max-age of the `Strict-Transport-Security` header.
@ -452,14 +420,6 @@ The `publicKey` implements HPKP to prevent MITM attacks with forged certificates
The `referrerPolicy` allows sites to control whether browsers forward the `Referer` header to other sites. The `referrerPolicy` allows sites to control whether browsers forward the `Referer` header to other sites.
### `featurePolicy`
!!! warning
Deprecated in favor of `permissionsPolicy`
The `featurePolicy` allows sites to control browser features.
### `permissionsPolicy` ### `permissionsPolicy`
The `permissionsPolicy` allows sites to control browser features. The `permissionsPolicy` allows sites to control browser features.

View file

@ -88,85 +88,3 @@ For instance, `/products` also matches `/products/shoes` and `/products/shirts`.
If your backend is serving assets (e.g., images or JavaScript files), it can use the `X-Forwarded-Prefix` header to properly construct relative URLs. If your backend is serving assets (e.g., images or JavaScript files), it can use the `X-Forwarded-Prefix` header to properly construct relative URLs.
Using the previous example, the backend should return `/products/shoes/image.png` (and not `/image.png`, which Traefik would likely not be able to associate with the same backend). Using the previous example, the backend should return `/products/shoes/image.png` (and not `/image.png`, which Traefik would likely not be able to associate with the same backend).
### `forceSlash`
_Optional, Default=true_
The `forceSlash` option ensures the resulting stripped path is not the empty string, by replacing it with `/` when necessary.
This option was added to keep the initial (non-intuitive) behavior of this middleware, in order to avoid introducing a breaking change.
It is recommended to explicitly set `forceSlash` to `false`.
??? info "Behavior examples"
- `forceSlash=true`
| Path | Prefix to strip | Result |
|------------|-----------------|--------|
| `/` | `/` | `/` |
| `/foo` | `/foo` | `/` |
| `/foo/` | `/foo` | `/` |
| `/foo/` | `/foo/` | `/` |
| `/bar` | `/foo` | `/bar` |
| `/foo/bar` | `/foo` | `/bar` |
- `forceSlash=false`
| Path | Prefix to strip | Result |
|------------|-----------------|--------|
| `/` | `/` | empty |
| `/foo` | `/foo` | empty |
| `/foo/` | `/foo` | `/` |
| `/foo/` | `/foo/` | empty |
| `/bar` | `/foo` | `/bar` |
| `/foo/bar` | `/foo` | `/bar` |
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.example.stripprefix.prefixes=/foobar"
- "traefik.http.middlewares.example.stripprefix.forceSlash=false"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: example
spec:
stripPrefix:
prefixes:
- "/foobar"
forceSlash: false
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.example.stripprefix.prefixes": "/foobar",
"traefik.http.middlewares.example.stripprefix.forceSlash": "false"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.example.stripprefix.prefixes=/foobar"
- "traefik.http.middlewares.example.stripprefix.forceSlash=false"
```
```yaml tab="File (YAML)"
http:
middlewares:
example:
stripPrefix:
prefixes:
- "/foobar"
forceSlash: false
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.example.stripPrefix]
prefixes = ["/foobar"]
forceSlash = false
```

View file

@ -19,4 +19,14 @@ In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing
## gRPC Metrics ## gRPC Metrics
In v3, the reported status code for gRPC requests is now the value of the `Grpc-Status` header. In v3, the reported status code for gRPC requests is now the value of the `Grpc-Status` header.
## Deprecated Options Removal
- The `pilot` option has been removed from the static configuration.
- The `tracing.datadog.globaltag` option has been removed.
- The `namespace` option of Consul, Consul Catalog and Nomad providers has been removed.
- The `tls.caOptional` option has been removed from the ForwardAuth middleware, as well as from the HTTP, Consul, Etcd, Redis, ZooKeeper, Marathon, Consul Catalog, and Docker providers.
- `sslRedirect`, `sslTemporaryRedirect`, `sslHost`, `sslForceHost` and `featurePolicy` options of the Headers middleware have been removed.
- The `forceSlash` option of the StripPrefix middleware has been removed.
- the `preferServerCipherSuites` option has been removed.

View file

@ -65,30 +65,6 @@ tracing:
--tracing.datadog.debug=true --tracing.datadog.debug=true
``` ```
#### `globalTag`
??? warning "Deprecated in favor of the [`globalTags`](#globaltags) option."
_Optional, Default=empty_
Applies a shared key:value tag on all spans.
```yaml tab="File (YAML)"
tracing:
datadog:
globalTag: sample
```
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
globalTag = "sample"
```
```bash tab="CLI"
--tracing.datadog.globalTag=sample
```
#### `globalTags` #### `globalTags`
_Optional, Default=empty_ _Optional, Default=empty_

View file

@ -667,41 +667,6 @@ providers:
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
### `namespace`
??? warning "Deprecated in favor of the [`namespaces`](#namespaces) option."
_Optional, Default=""_
The `namespace` option defines the namespace in which the consul catalog services will be discovered.
!!! warning
The namespace option only works with [Consul Enterprise](https://www.consul.io/docs/enterprise),
which provides the [Namespaces](https://www.consul.io/docs/enterprise/namespaces) feature.
!!! warning
One should only define either the `namespaces` option or the `namespace` option.
```yaml tab="File (YAML)"
providers:
consulCatalog:
namespace: "production"
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
namespace = "production"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.namespace=production
# ...
```
### `namespaces` ### `namespaces`
_Optional, Default=""_ _Optional, Default=""_

View file

@ -59,40 +59,6 @@ providers:
--providers.consul.rootkey=traefik --providers.consul.rootkey=traefik
``` ```
### `namespace`
??? warning "Deprecated in favor of the [`namespaces`](#namespaces) option."
_Optional, Default=""_
The `namespace` option defines the namespace to query.
!!! warning
The namespace option only works with [Consul Enterprise](https://www.consul.io/docs/enterprise),
which provides the [Namespaces](https://www.consul.io/docs/enterprise/namespaces) feature.
!!! warning
One should only define either the `namespaces` option or the `namespace` option.
```yaml tab="File (YAML)"
providers:
consul:
# ...
namespace: "production"
```
```toml tab="File (TOML)"
[providers.consul]
# ...
namespace = "production"
```
```bash tab="CLI"
--providers.consul.namespace=production
```
### `namespaces` ### `namespaces`
_Optional, Default=""_ _Optional, Default=""_

View file

@ -440,36 +440,6 @@ providers:
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
### `namespace`
??? warning "Deprecated in favor of the [`namespaces`](#namespaces) option."
_Optional, Default=""_
The `namespace` option defines the namespace in which the Nomad services will be discovered.
!!! warning
One should only define either the `namespaces` option or the `namespace` option.
```yaml tab="File (YAML)"
providers:
nomad:
namespace: "production"
# ...
```
```toml tab="File (TOML)"
[providers.nomad]
namespace = "production"
# ...
```
```bash tab="CLI"
--providers.nomad.namespace=production
# ...
```
### `namespaces` ### `namespaces`
_Optional, Default=""_ _Optional, Default=""_

View file

@ -31,7 +31,6 @@
- "traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex=foobar" - "traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex=foobar"
- "traefik.http.middlewares.middleware09.forwardauth.authrequestheaders=foobar, foobar" - "traefik.http.middlewares.middleware09.forwardauth.authrequestheaders=foobar, foobar"
- "traefik.http.middlewares.middleware09.forwardauth.tls.ca=foobar" - "traefik.http.middlewares.middleware09.forwardauth.tls.ca=foobar"
- "traefik.http.middlewares.middleware09.forwardauth.tls.caoptional=true"
- "traefik.http.middlewares.middleware09.forwardauth.tls.cert=foobar" - "traefik.http.middlewares.middleware09.forwardauth.tls.cert=foobar"
- "traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify=true" - "traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify=true"
- "traefik.http.middlewares.middleware09.forwardauth.tls.key=foobar" - "traefik.http.middlewares.middleware09.forwardauth.tls.key=foobar"
@ -54,7 +53,6 @@
- "traefik.http.middlewares.middleware10.headers.customrequestheaders.name1=foobar" - "traefik.http.middlewares.middleware10.headers.customrequestheaders.name1=foobar"
- "traefik.http.middlewares.middleware10.headers.customresponseheaders.name0=foobar" - "traefik.http.middlewares.middleware10.headers.customresponseheaders.name0=foobar"
- "traefik.http.middlewares.middleware10.headers.customresponseheaders.name1=foobar" - "traefik.http.middlewares.middleware10.headers.customresponseheaders.name1=foobar"
- "traefik.http.middlewares.middleware10.headers.featurepolicy=foobar"
- "traefik.http.middlewares.middleware10.headers.forcestsheader=true" - "traefik.http.middlewares.middleware10.headers.forcestsheader=true"
- "traefik.http.middlewares.middleware10.headers.framedeny=true" - "traefik.http.middlewares.middleware10.headers.framedeny=true"
- "traefik.http.middlewares.middleware10.headers.hostsproxyheaders=foobar, foobar" - "traefik.http.middlewares.middleware10.headers.hostsproxyheaders=foobar, foobar"
@ -62,12 +60,8 @@
- "traefik.http.middlewares.middleware10.headers.permissionspolicy=foobar" - "traefik.http.middlewares.middleware10.headers.permissionspolicy=foobar"
- "traefik.http.middlewares.middleware10.headers.publickey=foobar" - "traefik.http.middlewares.middleware10.headers.publickey=foobar"
- "traefik.http.middlewares.middleware10.headers.referrerpolicy=foobar" - "traefik.http.middlewares.middleware10.headers.referrerpolicy=foobar"
- "traefik.http.middlewares.middleware10.headers.sslforcehost=true"
- "traefik.http.middlewares.middleware10.headers.sslhost=foobar"
- "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0=foobar" - "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0=foobar"
- "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1=foobar" - "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1=foobar"
- "traefik.http.middlewares.middleware10.headers.sslredirect=true"
- "traefik.http.middlewares.middleware10.headers.ssltemporaryredirect=true"
- "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true" - "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true"
- "traefik.http.middlewares.middleware10.headers.stspreload=true" - "traefik.http.middlewares.middleware10.headers.stspreload=true"
- "traefik.http.middlewares.middleware10.headers.stsseconds=42" - "traefik.http.middlewares.middleware10.headers.stsseconds=42"
@ -118,7 +112,6 @@
- "traefik.http.middlewares.middleware19.replacepathregex.replacement=foobar" - "traefik.http.middlewares.middleware19.replacepathregex.replacement=foobar"
- "traefik.http.middlewares.middleware20.retry.attempts=42" - "traefik.http.middlewares.middleware20.retry.attempts=42"
- "traefik.http.middlewares.middleware20.retry.initialinterval=42" - "traefik.http.middlewares.middleware20.retry.initialinterval=42"
- "traefik.http.middlewares.middleware21.stripprefix.forceslash=true"
- "traefik.http.middlewares.middleware21.stripprefix.prefixes=foobar, foobar" - "traefik.http.middlewares.middleware21.stripprefix.prefixes=foobar, foobar"
- "traefik.http.middlewares.middleware22.stripprefixregex.regex=foobar, foobar" - "traefik.http.middlewares.middleware22.stripprefixregex.regex=foobar, foobar"
- "traefik.http.middlewares.middleware23.grpcweb.alloworigins=foobar, foobar" - "traefik.http.middlewares.middleware23.grpcweb.alloworigins=foobar, foobar"

View file

@ -159,7 +159,6 @@
authRequestHeaders = ["foobar", "foobar"] authRequestHeaders = ["foobar", "foobar"]
[http.middlewares.Middleware09.forwardAuth.tls] [http.middlewares.Middleware09.forwardAuth.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@ -175,10 +174,6 @@
addVaryHeader = true addVaryHeader = true
allowedHosts = ["foobar", "foobar"] allowedHosts = ["foobar", "foobar"]
hostsProxyHeaders = ["foobar", "foobar"] hostsProxyHeaders = ["foobar", "foobar"]
sslRedirect = true
sslTemporaryRedirect = true
sslHost = "foobar"
sslForceHost = true
stsSeconds = 42 stsSeconds = 42
stsIncludeSubdomains = true stsIncludeSubdomains = true
stsPreload = true stsPreload = true
@ -191,7 +186,6 @@
contentSecurityPolicy = "foobar" contentSecurityPolicy = "foobar"
publicKey = "foobar" publicKey = "foobar"
referrerPolicy = "foobar" referrerPolicy = "foobar"
featurePolicy = "foobar"
permissionsPolicy = "foobar" permissionsPolicy = "foobar"
isDevelopment = true isDevelopment = true
[http.middlewares.Middleware10.headers.customRequestHeaders] [http.middlewares.Middleware10.headers.customRequestHeaders]
@ -282,7 +276,6 @@
[http.middlewares.Middleware21] [http.middlewares.Middleware21]
[http.middlewares.Middleware21.stripPrefix] [http.middlewares.Middleware21.stripPrefix]
prefixes = ["foobar", "foobar"] prefixes = ["foobar", "foobar"]
forceSlash = true
[http.middlewares.Middleware22] [http.middlewares.Middleware22]
[http.middlewares.Middleware22.stripPrefixRegex] [http.middlewares.Middleware22.stripPrefixRegex]
regex = ["foobar", "foobar"] regex = ["foobar", "foobar"]
@ -458,7 +451,6 @@
cipherSuites = ["foobar", "foobar"] cipherSuites = ["foobar", "foobar"]
curvePreferences = ["foobar", "foobar"] curvePreferences = ["foobar", "foobar"]
sniStrict = true sniStrict = true
preferServerCipherSuites = true
alpnProtocols = ["foobar", "foobar"] alpnProtocols = ["foobar", "foobar"]
[tls.options.Options0.clientAuth] [tls.options.Options0.clientAuth]
caFiles = ["foobar", "foobar"] caFiles = ["foobar", "foobar"]
@ -469,7 +461,6 @@
cipherSuites = ["foobar", "foobar"] cipherSuites = ["foobar", "foobar"]
curvePreferences = ["foobar", "foobar"] curvePreferences = ["foobar", "foobar"]
sniStrict = true sniStrict = true
preferServerCipherSuites = true
alpnProtocols = ["foobar", "foobar"] alpnProtocols = ["foobar", "foobar"]
[tls.options.Options1.clientAuth] [tls.options.Options1.clientAuth]
caFiles = ["foobar", "foobar"] caFiles = ["foobar", "foobar"]

View file

@ -164,7 +164,6 @@ http:
address: foobar address: foobar
tls: tls:
ca: foobar ca: foobar
caOptional: true
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
@ -208,13 +207,9 @@ http:
hostsProxyHeaders: hostsProxyHeaders:
- foobar - foobar
- foobar - foobar
sslRedirect: true
sslTemporaryRedirect: true
sslHost: foobar
sslProxyHeaders: sslProxyHeaders:
name0: foobar name0: foobar
name1: foobar name1: foobar
sslForceHost: true
stsSeconds: 42 stsSeconds: 42
stsIncludeSubdomains: true stsIncludeSubdomains: true
stsPreload: true stsPreload: true
@ -227,7 +222,6 @@ http:
contentSecurityPolicy: foobar contentSecurityPolicy: foobar
publicKey: foobar publicKey: foobar
referrerPolicy: foobar referrerPolicy: foobar
featurePolicy: foobar
permissionsPolicy: foobar permissionsPolicy: foobar
isDevelopment: true isDevelopment: true
Middleware11: Middleware11:
@ -319,7 +313,6 @@ http:
prefixes: prefixes:
- foobar - foobar
- foobar - foobar
forceSlash: true
Middleware22: Middleware22:
stripPrefixRegex: stripPrefixRegex:
regex: regex:
@ -509,7 +502,6 @@ tls:
- foobar - foobar
clientAuthType: foobar clientAuthType: foobar
sniStrict: true sniStrict: true
preferServerCipherSuites: true
alpnProtocols: alpnProtocols:
- foobar - foobar
- foobar - foobar
@ -528,7 +520,6 @@ tls:
- foobar - foobar
clientAuthType: foobar clientAuthType: foobar
sniStrict: true sniStrict: true
preferServerCipherSuites: true
alpnProtocols: alpnProtocols:
- foobar - foobar
- foobar - foobar

View file

@ -946,8 +946,6 @@ spec:
description: TLS defines the configuration used to secure the description: TLS defines the configuration used to secure the
connection to the authentication server. connection to the authentication server.
properties: properties:
caOptional:
type: boolean
caSecret: caSecret:
description: CASecret is the name of the referenced Kubernetes description: CASecret is the name of the referenced Kubernetes
Secret containing the CA to validate the server certificate. Secret containing the CA to validate the server certificate.
@ -1066,9 +1064,6 @@ spec:
description: CustomResponseHeaders defines the header names and description: CustomResponseHeaders defines the header names and
values to apply to the response. values to apply to the response.
type: object type: object
featurePolicy:
description: 'Deprecated: use PermissionsPolicy instead.'
type: string
forceSTSHeader: forceSTSHeader:
description: ForceSTSHeader defines whether to add the STS header description: ForceSTSHeader defines whether to add the STS header
even when the connection is HTTP. even when the connection is HTTP.
@ -1104,12 +1099,6 @@ spec:
value. This allows sites to control whether browsers forward value. This allows sites to control whether browsers forward
the Referer header to other sites. the Referer header to other sites.
type: string type: string
sslForceHost:
description: 'Deprecated: use RedirectRegex instead.'
type: boolean
sslHost:
description: 'Deprecated: use RedirectRegex instead.'
type: string
sslProxyHeaders: sslProxyHeaders:
additionalProperties: additionalProperties:
type: string type: string
@ -1118,14 +1107,6 @@ spec:
useful when using other proxies (example: "X-Forwarded-Proto": useful when using other proxies (example: "X-Forwarded-Proto":
"https").' "https").'
type: object type: object
sslRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
instead.'
type: boolean
sslTemporaryRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
instead.'
type: boolean
stsIncludeSubdomains: stsIncludeSubdomains:
description: STSIncludeSubdomains defines whether the includeSubDomains description: STSIncludeSubdomains defines whether the includeSubDomains
directive is appended to the Strict-Transport-Security header. directive is appended to the Strict-Transport-Security header.
@ -1467,11 +1448,6 @@ spec:
This middleware removes the specified prefixes from the URL path. This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/' More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
properties: properties:
forceSlash:
description: 'ForceSlash ensures that the resulting stripped path
is not the empty string, by replacing it with / when necessary.
Default: true.'
type: boolean
prefixes: prefixes:
description: Prefixes defines the prefixes to strip from the request description: Prefixes defines the prefixes to strip from the request
URL. URL.
@ -1807,12 +1783,6 @@ spec:
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
VersionTLS13. Default: VersionTLS10.' VersionTLS13. Default: VersionTLS10.'
type: string type: string
preferServerCipherSuites:
description: 'PreferServerCipherSuites defines whether the server
chooses a cipher suite among his own instead of among the client''s.
It is enabled automatically when minVersion or maxVersion is set.
Deprecated: https://github.com/golang/go/issues/45430'
type: boolean
sniStrict: sniStrict:
description: SniStrict defines whether Traefik allows connections description: SniStrict defines whether Traefik allows connections
from clients connections that do not specify a server_name extension. from clients connections that do not specify a server_name extension.

View file

@ -193,7 +193,6 @@ spec:
- foobar - foobar
clientAuthType: RequireAndVerifyClientCert clientAuthType: RequireAndVerifyClientCert
sniStrict: true sniStrict: true
preferServerCipherSuites: true
alpnProtocols: alpnProtocols:
- foobar - foobar
- foobar - foobar

View file

@ -37,7 +37,6 @@
| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeaders/1` | `foobar` | | `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeaders/1` | `foobar` |
| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeadersRegex` | `foobar` | | `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeadersRegex` | `foobar` |
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/ca` | `foobar` | | `traefik/http/middlewares/Middleware09/forwardAuth/tls/ca` | `foobar` |
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/caOptional` | `true` |
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/cert` | `foobar` | | `traefik/http/middlewares/Middleware09/forwardAuth/tls/cert` | `foobar` |
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/insecureSkipVerify` | `true` | | `traefik/http/middlewares/Middleware09/forwardAuth/tls/insecureSkipVerify` | `true` |
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/key` | `foobar` | | `traefik/http/middlewares/Middleware09/forwardAuth/tls/key` | `foobar` |
@ -66,7 +65,6 @@
| `traefik/http/middlewares/Middleware10/headers/customRequestHeaders/name1` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/customRequestHeaders/name1` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name0` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name0` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name1` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name1` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/featurePolicy` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/forceSTSHeader` | `true` | | `traefik/http/middlewares/Middleware10/headers/forceSTSHeader` | `true` |
| `traefik/http/middlewares/Middleware10/headers/frameDeny` | `true` | | `traefik/http/middlewares/Middleware10/headers/frameDeny` | `true` |
| `traefik/http/middlewares/Middleware10/headers/hostsProxyHeaders/0` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/hostsProxyHeaders/0` | `foobar` |
@ -75,12 +73,8 @@
| `traefik/http/middlewares/Middleware10/headers/permissionsPolicy` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/permissionsPolicy` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/publicKey` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/publicKey` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/referrerPolicy` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/referrerPolicy` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/sslForceHost` | `true` |
| `traefik/http/middlewares/Middleware10/headers/sslHost` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name0` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name0` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name1` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name1` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/sslRedirect` | `true` |
| `traefik/http/middlewares/Middleware10/headers/sslTemporaryRedirect` | `true` |
| `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` | | `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` |
| `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` | | `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` |
| `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` | | `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` |
@ -135,7 +129,6 @@
| `traefik/http/middlewares/Middleware19/replacePathRegex/replacement` | `foobar` | | `traefik/http/middlewares/Middleware19/replacePathRegex/replacement` | `foobar` |
| `traefik/http/middlewares/Middleware20/retry/attempts` | `42` | | `traefik/http/middlewares/Middleware20/retry/attempts` | `42` |
| `traefik/http/middlewares/Middleware20/retry/initialInterval` | `42s` | | `traefik/http/middlewares/Middleware20/retry/initialInterval` | `42s` |
| `traefik/http/middlewares/Middleware21/stripPrefix/forceSlash` | `true` |
| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/0` | `foobar` | | `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/0` | `foobar` |
| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/1` | `foobar` | | `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/1` | `foobar` |
| `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/0` | `foobar` | | `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/0` | `foobar` |
@ -312,7 +305,6 @@
| `traefik/tls/options/Options0/curvePreferences/1` | `foobar` | | `traefik/tls/options/Options0/curvePreferences/1` | `foobar` |
| `traefik/tls/options/Options0/maxVersion` | `foobar` | | `traefik/tls/options/Options0/maxVersion` | `foobar` |
| `traefik/tls/options/Options0/minVersion` | `foobar` | | `traefik/tls/options/Options0/minVersion` | `foobar` |
| `traefik/tls/options/Options0/preferServerCipherSuites` | `true` |
| `traefik/tls/options/Options0/sniStrict` | `true` | | `traefik/tls/options/Options0/sniStrict` | `true` |
| `traefik/tls/options/Options1/alpnProtocols/0` | `foobar` | | `traefik/tls/options/Options1/alpnProtocols/0` | `foobar` |
| `traefik/tls/options/Options1/alpnProtocols/1` | `foobar` | | `traefik/tls/options/Options1/alpnProtocols/1` | `foobar` |
@ -325,7 +317,6 @@
| `traefik/tls/options/Options1/curvePreferences/1` | `foobar` | | `traefik/tls/options/Options1/curvePreferences/1` | `foobar` |
| `traefik/tls/options/Options1/maxVersion` | `foobar` | | `traefik/tls/options/Options1/maxVersion` | `foobar` |
| `traefik/tls/options/Options1/minVersion` | `foobar` | | `traefik/tls/options/Options1/minVersion` | `foobar` |
| `traefik/tls/options/Options1/preferServerCipherSuites` | `true` |
| `traefik/tls/options/Options1/sniStrict` | `true` | | `traefik/tls/options/Options1/sniStrict` | `true` |
| `traefik/tls/stores/Store0/defaultCertificate/certFile` | `foobar` | | `traefik/tls/stores/Store0/defaultCertificate/certFile` | `foobar` |
| `traefik/tls/stores/Store0/defaultCertificate/keyFile` | `foobar` | | `traefik/tls/stores/Store0/defaultCertificate/keyFile` | `foobar` |

View file

@ -31,7 +31,6 @@
"traefik.http.middlewares.middleware09.forwardauth.authresponseheaders": "foobar, foobar", "traefik.http.middlewares.middleware09.forwardauth.authresponseheaders": "foobar, foobar",
"traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex": "foobar", "traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex": "foobar",
"traefik.http.middlewares.middleware09.forwardauth.tls.ca": "foobar", "traefik.http.middlewares.middleware09.forwardauth.tls.ca": "foobar",
"traefik.http.middlewares.middleware09.forwardauth.tls.caoptional": "true",
"traefik.http.middlewares.middleware09.forwardauth.tls.cert": "foobar", "traefik.http.middlewares.middleware09.forwardauth.tls.cert": "foobar",
"traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify": "true", "traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify": "true",
"traefik.http.middlewares.middleware09.forwardauth.tls.key": "foobar", "traefik.http.middlewares.middleware09.forwardauth.tls.key": "foobar",
@ -54,7 +53,6 @@
"traefik.http.middlewares.middleware10.headers.customrequestheaders.name1": "foobar", "traefik.http.middlewares.middleware10.headers.customrequestheaders.name1": "foobar",
"traefik.http.middlewares.middleware10.headers.customresponseheaders.name0": "foobar", "traefik.http.middlewares.middleware10.headers.customresponseheaders.name0": "foobar",
"traefik.http.middlewares.middleware10.headers.customresponseheaders.name1": "foobar", "traefik.http.middlewares.middleware10.headers.customresponseheaders.name1": "foobar",
"traefik.http.middlewares.middleware10.headers.featurepolicy": "foobar",
"traefik.http.middlewares.middleware10.headers.forcestsheader": "true", "traefik.http.middlewares.middleware10.headers.forcestsheader": "true",
"traefik.http.middlewares.middleware10.headers.framedeny": "true", "traefik.http.middlewares.middleware10.headers.framedeny": "true",
"traefik.http.middlewares.middleware10.headers.hostsproxyheaders": "foobar, foobar", "traefik.http.middlewares.middleware10.headers.hostsproxyheaders": "foobar, foobar",
@ -62,12 +60,8 @@
"traefik.http.middlewares.middleware10.headers.permissionspolicy": "foobar", "traefik.http.middlewares.middleware10.headers.permissionspolicy": "foobar",
"traefik.http.middlewares.middleware10.headers.publickey": "foobar", "traefik.http.middlewares.middleware10.headers.publickey": "foobar",
"traefik.http.middlewares.middleware10.headers.referrerpolicy": "foobar", "traefik.http.middlewares.middleware10.headers.referrerpolicy": "foobar",
"traefik.http.middlewares.middleware10.headers.sslforcehost": "true",
"traefik.http.middlewares.middleware10.headers.sslhost": "foobar",
"traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0": "foobar", "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0": "foobar",
"traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1": "foobar", "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1": "foobar",
"traefik.http.middlewares.middleware10.headers.sslredirect": "true",
"traefik.http.middlewares.middleware10.headers.ssltemporaryredirect": "true",
"traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true", "traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true",
"traefik.http.middlewares.middleware10.headers.stspreload": "true", "traefik.http.middlewares.middleware10.headers.stspreload": "true",
"traefik.http.middlewares.middleware10.headers.stsseconds": "42", "traefik.http.middlewares.middleware10.headers.stsseconds": "42",
@ -118,7 +112,6 @@
"traefik.http.middlewares.middleware19.replacepathregex.replacement": "foobar", "traefik.http.middlewares.middleware19.replacepathregex.replacement": "foobar",
"traefik.http.middlewares.middleware20.retry.attempts": "42", "traefik.http.middlewares.middleware20.retry.attempts": "42",
"traefik.http.middlewares.middleware20.retry.initialinterval": "42", "traefik.http.middlewares.middleware20.retry.initialinterval": "42",
"traefik.http.middlewares.middleware21.stripprefix.forceslash": "true",
"traefik.http.middlewares.middleware21.stripprefix.prefixes": "foobar, foobar", "traefik.http.middlewares.middleware21.stripprefix.prefixes": "foobar, foobar",
"traefik.http.middlewares.middleware22.stripprefixregex.regex": "foobar, foobar", "traefik.http.middlewares.middleware22.stripprefixregex.regex": "foobar, foobar",
"traefik.http.middlewares.middleware23.grpcweb.alloworigins": "foobar, foobar", "traefik.http.middlewares.middleware23.grpcweb.alloworigins": "foobar, foobar",

View file

@ -369,8 +369,6 @@ spec:
description: TLS defines the configuration used to secure the description: TLS defines the configuration used to secure the
connection to the authentication server. connection to the authentication server.
properties: properties:
caOptional:
type: boolean
caSecret: caSecret:
description: CASecret is the name of the referenced Kubernetes description: CASecret is the name of the referenced Kubernetes
Secret containing the CA to validate the server certificate. Secret containing the CA to validate the server certificate.
@ -489,9 +487,6 @@ spec:
description: CustomResponseHeaders defines the header names and description: CustomResponseHeaders defines the header names and
values to apply to the response. values to apply to the response.
type: object type: object
featurePolicy:
description: 'Deprecated: use PermissionsPolicy instead.'
type: string
forceSTSHeader: forceSTSHeader:
description: ForceSTSHeader defines whether to add the STS header description: ForceSTSHeader defines whether to add the STS header
even when the connection is HTTP. even when the connection is HTTP.
@ -527,12 +522,6 @@ spec:
value. This allows sites to control whether browsers forward value. This allows sites to control whether browsers forward
the Referer header to other sites. the Referer header to other sites.
type: string type: string
sslForceHost:
description: 'Deprecated: use RedirectRegex instead.'
type: boolean
sslHost:
description: 'Deprecated: use RedirectRegex instead.'
type: string
sslProxyHeaders: sslProxyHeaders:
additionalProperties: additionalProperties:
type: string type: string
@ -541,14 +530,6 @@ spec:
useful when using other proxies (example: "X-Forwarded-Proto": useful when using other proxies (example: "X-Forwarded-Proto":
"https").' "https").'
type: object type: object
sslRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
instead.'
type: boolean
sslTemporaryRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
instead.'
type: boolean
stsIncludeSubdomains: stsIncludeSubdomains:
description: STSIncludeSubdomains defines whether the includeSubDomains description: STSIncludeSubdomains defines whether the includeSubDomains
directive is appended to the Strict-Transport-Security header. directive is appended to the Strict-Transport-Security header.
@ -890,11 +871,6 @@ spec:
This middleware removes the specified prefixes from the URL path. This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/' More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
properties: properties:
forceSlash:
description: 'ForceSlash ensures that the resulting stripped path
is not the empty string, by replacing it with / when necessary.
Default: true.'
type: boolean
prefixes: prefixes:
description: Prefixes defines the prefixes to strip from the request description: Prefixes defines the prefixes to strip from the request
URL. URL.

View file

@ -88,12 +88,6 @@ spec:
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
VersionTLS13. Default: VersionTLS10.' VersionTLS13. Default: VersionTLS10.'
type: string type: string
preferServerCipherSuites:
description: 'PreferServerCipherSuites defines whether the server
chooses a cipher suite among his own instead of among the client''s.
It is enabled automatically when minVersion or maxVersion is set.
Deprecated: https://github.com/golang/go/issues/45430'
type: boolean
sniStrict: sniStrict:
description: SniStrict defines whether Traefik allows connections description: SniStrict defines whether Traefik allows connections
from clients connections that do not specify a server_name extension. from clients connections that do not specify a server_name extension.

View file

@ -417,9 +417,6 @@ Enable Consul backend with default settings. (Default: ```false```)
`--providers.consul.endpoints`: `--providers.consul.endpoints`:
KV store endpoints. (Default: ```127.0.0.1:8500```) KV store endpoints. (Default: ```127.0.0.1:8500```)
`--providers.consul.namespace`:
Sets the namespace used to discover the configuration (Consul Enterprise only).
`--providers.consul.namespaces`: `--providers.consul.namespaces`:
Sets the namespaces used to discover the configuration (Consul Enterprise only). Sets the namespaces used to discover the configuration (Consul Enterprise only).
@ -429,9 +426,6 @@ Root key used for KV store. (Default: ```traefik```)
`--providers.consul.tls.ca`: `--providers.consul.tls.ca`:
TLS CA TLS CA
`--providers.consul.tls.caoptional`:
TLS CA.Optional (Default: ```false```)
`--providers.consul.tls.cert`: `--providers.consul.tls.cert`:
TLS cert TLS cert
@ -483,9 +477,6 @@ The URI scheme for the Consul server
`--providers.consulcatalog.endpoint.tls.ca`: `--providers.consulcatalog.endpoint.tls.ca`:
TLS CA TLS CA
`--providers.consulcatalog.endpoint.tls.caoptional`:
TLS CA.Optional (Default: ```false```)
`--providers.consulcatalog.endpoint.tls.cert`: `--providers.consulcatalog.endpoint.tls.cert`:
TLS cert TLS cert
@ -501,9 +492,6 @@ Token is used to provide a per-request ACL token which overrides the agent's def
`--providers.consulcatalog.exposedbydefault`: `--providers.consulcatalog.exposedbydefault`:
Expose containers by default. (Default: ```true```) Expose containers by default. (Default: ```true```)
`--providers.consulcatalog.namespace`:
Sets the namespace used to discover services (Consul Enterprise only).
`--providers.consulcatalog.namespaces`: `--providers.consulcatalog.namespaces`:
Sets the namespaces used to discover services (Consul Enterprise only). Sets the namespaces used to discover services (Consul Enterprise only).
@ -558,9 +546,6 @@ Polling interval for swarm mode. (Default: ```15```)
`--providers.docker.tls.ca`: `--providers.docker.tls.ca`:
TLS CA TLS CA
`--providers.docker.tls.caoptional`:
TLS CA.Optional (Default: ```false```)
`--providers.docker.tls.cert`: `--providers.docker.tls.cert`:
TLS cert TLS cert
@ -627,9 +612,6 @@ Root key used for KV store. (Default: ```traefik```)
`--providers.etcd.tls.ca`: `--providers.etcd.tls.ca`:
TLS CA TLS CA
`--providers.etcd.tls.caoptional`:
TLS CA.Optional (Default: ```false```)
`--providers.etcd.tls.cert`: `--providers.etcd.tls.cert`:
TLS cert TLS cert
@ -672,9 +654,6 @@ Polling timeout for endpoint. (Default: ```5```)
`--providers.http.tls.ca`: `--providers.http.tls.ca`:
TLS CA TLS CA
`--providers.http.tls.caoptional`:
TLS CA.Optional (Default: ```false```)
`--providers.http.tls.cert`: `--providers.http.tls.cert`:
TLS cert TLS cert
@ -819,9 +798,6 @@ Set a response header timeout for Marathon. (Default: ```60```)
`--providers.marathon.tls.ca`: `--providers.marathon.tls.ca`:
TLS CA TLS CA
`--providers.marathon.tls.caoptional`:
TLS CA.Optional (Default: ```false```)
`--providers.marathon.tls.cert`: `--providers.marathon.tls.cert`:
TLS cert TLS cert
@ -861,9 +837,6 @@ Nomad region to use. If not provided, the local agent region is used.
`--providers.nomad.endpoint.tls.ca`: `--providers.nomad.endpoint.tls.ca`:
TLS CA TLS CA
`--providers.nomad.endpoint.tls.caoptional`:
TLS CA.Optional (Default: ```false```)
`--providers.nomad.endpoint.tls.cert`: `--providers.nomad.endpoint.tls.cert`:
TLS cert TLS cert
@ -879,9 +852,6 @@ Token is used to provide a per-request ACL token.
`--providers.nomad.exposedbydefault`: `--providers.nomad.exposedbydefault`:
Expose Nomad services by default. (Default: ```true```) Expose Nomad services by default. (Default: ```true```)
`--providers.nomad.namespace`:
Sets the Nomad namespace used to discover services.
`--providers.nomad.namespaces`: `--providers.nomad.namespaces`:
Sets the Nomad namespaces used to discover services. Sets the Nomad namespaces used to discover services.
@ -945,9 +915,6 @@ Root key used for KV store. (Default: ```traefik```)
`--providers.redis.tls.ca`: `--providers.redis.tls.ca`:
TLS CA TLS CA
`--providers.redis.tls.caoptional`:
TLS CA.Optional (Default: ```false```)
`--providers.redis.tls.cert`: `--providers.redis.tls.cert`:
TLS cert TLS cert
@ -1023,9 +990,6 @@ Sets the header name prefix used to store baggage items in a map.
`--tracing.datadog.debug`: `--tracing.datadog.debug`:
Enables Datadog debug. (Default: ```false```) Enables Datadog debug. (Default: ```false```)
`--tracing.datadog.globaltag`:
Sets a key:value tag on all spans.
`--tracing.datadog.globaltags.<name>`: `--tracing.datadog.globaltags.<name>`:
Sets a list of key:value tags on all spans. Sets a list of key:value tags on all spans.

View file

@ -453,9 +453,6 @@ The URI scheme for the Consul server
`TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CA`: `TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CA`:
TLS CA TLS CA
`TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CERT`: `TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CERT`:
TLS cert TLS cert
@ -471,9 +468,6 @@ Token is used to provide a per-request ACL token which overrides the agent's def
`TRAEFIK_PROVIDERS_CONSULCATALOG_EXPOSEDBYDEFAULT`: `TRAEFIK_PROVIDERS_CONSULCATALOG_EXPOSEDBYDEFAULT`:
Expose containers by default. (Default: ```true```) Expose containers by default. (Default: ```true```)
`TRAEFIK_PROVIDERS_CONSULCATALOG_NAMESPACE`:
Sets the namespace used to discover services (Consul Enterprise only).
`TRAEFIK_PROVIDERS_CONSULCATALOG_NAMESPACES`: `TRAEFIK_PROVIDERS_CONSULCATALOG_NAMESPACES`:
Sets the namespaces used to discover services (Consul Enterprise only). Sets the namespaces used to discover services (Consul Enterprise only).
@ -498,9 +492,6 @@ Watch Consul API events. (Default: ```false```)
`TRAEFIK_PROVIDERS_CONSUL_ENDPOINTS`: `TRAEFIK_PROVIDERS_CONSUL_ENDPOINTS`:
KV store endpoints. (Default: ```127.0.0.1:8500```) KV store endpoints. (Default: ```127.0.0.1:8500```)
`TRAEFIK_PROVIDERS_CONSUL_NAMESPACE`:
Sets the namespace used to discover the configuration (Consul Enterprise only).
`TRAEFIK_PROVIDERS_CONSUL_NAMESPACES`: `TRAEFIK_PROVIDERS_CONSUL_NAMESPACES`:
Sets the namespaces used to discover the configuration (Consul Enterprise only). Sets the namespaces used to discover the configuration (Consul Enterprise only).
@ -510,9 +501,6 @@ Root key used for KV store. (Default: ```traefik```)
`TRAEFIK_PROVIDERS_CONSUL_TLS_CA`: `TRAEFIK_PROVIDERS_CONSUL_TLS_CA`:
TLS CA TLS CA
`TRAEFIK_PROVIDERS_CONSUL_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_CONSUL_TLS_CERT`: `TRAEFIK_PROVIDERS_CONSUL_TLS_CERT`:
TLS cert TLS cert
@ -558,9 +546,6 @@ Polling interval for swarm mode. (Default: ```15```)
`TRAEFIK_PROVIDERS_DOCKER_TLS_CA`: `TRAEFIK_PROVIDERS_DOCKER_TLS_CA`:
TLS CA TLS CA
`TRAEFIK_PROVIDERS_DOCKER_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_TLS_CERT`: `TRAEFIK_PROVIDERS_DOCKER_TLS_CERT`:
TLS cert TLS cert
@ -627,9 +612,6 @@ Root key used for KV store. (Default: ```traefik```)
`TRAEFIK_PROVIDERS_ETCD_TLS_CA`: `TRAEFIK_PROVIDERS_ETCD_TLS_CA`:
TLS CA TLS CA
`TRAEFIK_PROVIDERS_ETCD_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_ETCD_TLS_CERT`: `TRAEFIK_PROVIDERS_ETCD_TLS_CERT`:
TLS cert TLS cert
@ -672,9 +654,6 @@ Polling timeout for endpoint. (Default: ```5```)
`TRAEFIK_PROVIDERS_HTTP_TLS_CA`: `TRAEFIK_PROVIDERS_HTTP_TLS_CA`:
TLS CA TLS CA
`TRAEFIK_PROVIDERS_HTTP_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_HTTP_TLS_CERT`: `TRAEFIK_PROVIDERS_HTTP_TLS_CERT`:
TLS cert TLS cert
@ -822,9 +801,6 @@ Set a TLS handshake timeout for Marathon. (Default: ```5```)
`TRAEFIK_PROVIDERS_MARATHON_TLS_CA`: `TRAEFIK_PROVIDERS_MARATHON_TLS_CA`:
TLS CA TLS CA
`TRAEFIK_PROVIDERS_MARATHON_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_TLS_CERT`: `TRAEFIK_PROVIDERS_MARATHON_TLS_CERT`:
TLS cert TLS cert
@ -861,9 +837,6 @@ Nomad region to use. If not provided, the local agent region is used.
`TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CA`: `TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CA`:
TLS CA TLS CA
`TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CERT`: `TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CERT`:
TLS cert TLS cert
@ -879,9 +852,6 @@ Token is used to provide a per-request ACL token.
`TRAEFIK_PROVIDERS_NOMAD_EXPOSEDBYDEFAULT`: `TRAEFIK_PROVIDERS_NOMAD_EXPOSEDBYDEFAULT`:
Expose Nomad services by default. (Default: ```true```) Expose Nomad services by default. (Default: ```true```)
`TRAEFIK_PROVIDERS_NOMAD_NAMESPACE`:
Sets the Nomad namespace used to discover services.
`TRAEFIK_PROVIDERS_NOMAD_NAMESPACES`: `TRAEFIK_PROVIDERS_NOMAD_NAMESPACES`:
Sets the Nomad namespaces used to discover services. Sets the Nomad namespaces used to discover services.
@ -945,9 +915,6 @@ Root key used for KV store. (Default: ```traefik```)
`TRAEFIK_PROVIDERS_REDIS_TLS_CA`: `TRAEFIK_PROVIDERS_REDIS_TLS_CA`:
TLS CA TLS CA
`TRAEFIK_PROVIDERS_REDIS_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_REDIS_TLS_CERT`: `TRAEFIK_PROVIDERS_REDIS_TLS_CERT`:
TLS cert TLS cert
@ -1023,9 +990,6 @@ Sets the header name prefix used to store baggage items in a map.
`TRAEFIK_TRACING_DATADOG_DEBUG`: `TRAEFIK_TRACING_DATADOG_DEBUG`:
Enables Datadog debug. (Default: ```false```) Enables Datadog debug. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_GLOBALTAG`:
Sets a key:value tag on all spans.
`TRAEFIK_TRACING_DATADOG_GLOBALTAGS_<NAME>`: `TRAEFIK_TRACING_DATADOG_GLOBALTAGS_<NAME>`:
Sets a list of key:value tags on all spans. Sets a list of key:value tags on all spans.

View file

@ -71,7 +71,6 @@
allowEmptyServices = true allowEmptyServices = true
[providers.docker.tls] [providers.docker.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@ -96,7 +95,6 @@
respectReadinessChecks = true respectReadinessChecks = true
[providers.marathon.tls] [providers.marathon.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@ -159,7 +157,6 @@
connectByDefault = true connectByDefault = true
serviceName = "foobar" serviceName = "foobar"
watch = true watch = true
namespace = "foobar"
namespaces = ["foobar", "foobar"] namespaces = ["foobar", "foobar"]
[providers.consulCatalog.endpoint] [providers.consulCatalog.endpoint]
address = "foobar" address = "foobar"
@ -169,7 +166,6 @@
endpointWaitTime = "42s" endpointWaitTime = "42s"
[providers.consulCatalog.endpoint.tls] [providers.consulCatalog.endpoint.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@ -181,7 +177,6 @@
constraints = "foobar" constraints = "foobar"
prefix = "foobar" prefix = "foobar"
stale = true stale = true
namespace = "foobar"
namespaces = ["foobar", "foobar"] namespaces = ["foobar", "foobar"]
exposedByDefault = true exposedByDefault = true
refreshInterval = "42s" refreshInterval = "42s"
@ -192,7 +187,6 @@
endpointWaitTime = "42s" endpointWaitTime = "42s"
[providers.nomad.endpoint.tls] [providers.nomad.endpoint.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@ -212,11 +206,9 @@
rootKey = "foobar" rootKey = "foobar"
endpoints = ["foobar", "foobar"] endpoints = ["foobar", "foobar"]
token = "foobar" token = "foobar"
namespace = "foobar"
namespaces = ["foobar", "foobar"] namespaces = ["foobar", "foobar"]
[providers.consul.tls] [providers.consul.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@ -227,7 +219,6 @@
password = "foobar" password = "foobar"
[providers.etcd.tls] [providers.etcd.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@ -244,7 +235,6 @@
db = 42 db = 42
[providers.redis.tls] [providers.redis.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@ -257,7 +247,6 @@
name1 = "foobar" name1 = "foobar"
[providers.http.tls] [providers.http.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@ -376,7 +365,6 @@
sampleRate = 42.0 sampleRate = 42.0
[tracing.datadog] [tracing.datadog]
localAgentHostPort = "foobar" localAgentHostPort = "foobar"
globalTag = "foobar"
[tracing.datadog.globalTags] [tracing.datadog.globalTags]
tag1 = "foobar" tag1 = "foobar"
tag2 = "foobar" tag2 = "foobar"

View file

@ -70,7 +70,6 @@ providers:
defaultRule: foobar defaultRule: foobar
tls: tls:
ca: foobar ca: foobar
caOptional: true
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
@ -96,7 +95,6 @@ providers:
dcosToken: foobar dcosToken: foobar
tls: tls:
ca: foobar ca: foobar
caOptional: true
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
@ -171,7 +169,6 @@ providers:
connectByDefault: true connectByDefault: true
serviceName: foobar serviceName: foobar
watch: true watch: true
namespace: foobar
namespaces: namespaces:
- foobar - foobar
- foobar - foobar
@ -183,7 +180,6 @@ providers:
endpointWaitTime: 42s endpointWaitTime: 42s
tls: tls:
ca: foobar ca: foobar
caOptional: true
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
@ -195,7 +191,6 @@ providers:
constraints: foobar constraints: foobar
prefix: foobar prefix: foobar
stale: true stale: true
namespace: foobar
namespaces: namespaces:
- foobar - foobar
- foobar - foobar
@ -208,7 +203,6 @@ providers:
endpointWaitTime: 42s endpointWaitTime: 42s
tls: tls:
ca: foobar ca: foobar
caOptional: true
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
@ -232,13 +226,11 @@ providers:
- foobar - foobar
- foobar - foobar
token: foobar token: foobar
namespace: foobar
namespaces: namespaces:
- foobar - foobar
- foobar - foobar
tls: tls:
ca: foobar ca: foobar
caOptional: true
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
@ -251,7 +243,6 @@ providers:
password: foobar password: foobar
tls: tls:
ca: foobar ca: foobar
caOptional: true
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
@ -272,7 +263,6 @@ providers:
db: 42 db: 42
tls: tls:
ca: foobar ca: foobar
caOptional: true
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
@ -285,7 +275,6 @@ providers:
name1: foobar name1: foobar
tls: tls:
ca: foobar ca: foobar
caOptional: true
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
@ -402,7 +391,6 @@ tracing:
sampleRate: 42 sampleRate: 42
datadog: datadog:
localAgentHostPort: foobar localAgentHostPort: foobar
globalTag: foobar
globalTags: globalTags:
tag1: foobar tag1: foobar
tag2: foobar tag2: foobar

View file

@ -102,7 +102,6 @@ func (s *ConsulSuite) TestSimpleConfiguration(c *check.C) {
"traefik/http/middlewares/compressor/compress": "", "traefik/http/middlewares/compressor/compress": "",
"traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo", "traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo",
"traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar", "traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar",
"traefik/http/middlewares/striper/stripPrefix/forceSlash": "true",
} }
for k, v := range data { for k, v := range data {

View file

@ -97,7 +97,6 @@ func (s *EtcdSuite) TestSimpleConfiguration(c *check.C) {
"traefik/http/middlewares/compressor/compress": "", "traefik/http/middlewares/compressor/compress": "",
"traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo", "traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo",
"traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar", "traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar",
"traefik/http/middlewares/striper/stripPrefix/forceSlash": "true",
} }
for k, v := range data { for k, v := range data {

View file

@ -946,8 +946,6 @@ spec:
description: TLS defines the configuration used to secure the description: TLS defines the configuration used to secure the
connection to the authentication server. connection to the authentication server.
properties: properties:
caOptional:
type: boolean
caSecret: caSecret:
description: CASecret is the name of the referenced Kubernetes description: CASecret is the name of the referenced Kubernetes
Secret containing the CA to validate the server certificate. Secret containing the CA to validate the server certificate.
@ -1066,9 +1064,6 @@ spec:
description: CustomResponseHeaders defines the header names and description: CustomResponseHeaders defines the header names and
values to apply to the response. values to apply to the response.
type: object type: object
featurePolicy:
description: 'Deprecated: use PermissionsPolicy instead.'
type: string
forceSTSHeader: forceSTSHeader:
description: ForceSTSHeader defines whether to add the STS header description: ForceSTSHeader defines whether to add the STS header
even when the connection is HTTP. even when the connection is HTTP.
@ -1104,12 +1099,6 @@ spec:
value. This allows sites to control whether browsers forward value. This allows sites to control whether browsers forward
the Referer header to other sites. the Referer header to other sites.
type: string type: string
sslForceHost:
description: 'Deprecated: use RedirectRegex instead.'
type: boolean
sslHost:
description: 'Deprecated: use RedirectRegex instead.'
type: string
sslProxyHeaders: sslProxyHeaders:
additionalProperties: additionalProperties:
type: string type: string
@ -1118,14 +1107,6 @@ spec:
useful when using other proxies (example: "X-Forwarded-Proto": useful when using other proxies (example: "X-Forwarded-Proto":
"https").' "https").'
type: object type: object
sslRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
instead.'
type: boolean
sslTemporaryRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
instead.'
type: boolean
stsIncludeSubdomains: stsIncludeSubdomains:
description: STSIncludeSubdomains defines whether the includeSubDomains description: STSIncludeSubdomains defines whether the includeSubDomains
directive is appended to the Strict-Transport-Security header. directive is appended to the Strict-Transport-Security header.
@ -1467,11 +1448,6 @@ spec:
This middleware removes the specified prefixes from the URL path. This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/' More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
properties: properties:
forceSlash:
description: 'ForceSlash ensures that the resulting stripped path
is not the empty string, by replacing it with / when necessary.
Default: true.'
type: boolean
prefixes: prefixes:
description: Prefixes defines the prefixes to strip from the request description: Prefixes defines the prefixes to strip from the request
URL. URL.
@ -1807,12 +1783,6 @@ spec:
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
VersionTLS13. Default: VersionTLS10.' VersionTLS13. Default: VersionTLS10.'
type: string type: string
preferServerCipherSuites:
description: 'PreferServerCipherSuites defines whether the server
chooses a cipher suite among his own instead of among the client''s.
It is enabled automatically when minVersion or maxVersion is set.
Deprecated: https://github.com/golang/go/issues/45430'
type: boolean
sniStrict: sniStrict:
description: SniStrict defines whether Traefik allows connections description: SniStrict defines whether Traefik allows connections
from clients connections that do not specify a server_name extension. from clients connections that do not specify a server_name extension.

View file

@ -98,7 +98,6 @@ func (s *RedisSuite) TestSimpleConfiguration(c *check.C) {
"traefik/http/middlewares/compressor/compress": "true", "traefik/http/middlewares/compressor/compress": "true",
"traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo", "traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo",
"traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar", "traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar",
"traefik/http/middlewares/striper/stripPrefix/forceSlash": "true",
} }
for k, v := range data { for k, v := range data {

View file

@ -112,8 +112,7 @@
"prefixes": [ "prefixes": [
"foo", "foo",
"bar" "bar"
], ]
"forceSlash": true
}, },
"status": "enabled", "status": "enabled",
"usedBy": [ "usedBy": [

View file

@ -112,8 +112,7 @@
"prefixes": [ "prefixes": [
"foo", "foo",
"bar" "bar"
], ]
"forceSlash": true
}, },
"status": "enabled", "status": "enabled",
"usedBy": [ "usedBy": [

View file

@ -112,8 +112,7 @@
"prefixes": [ "prefixes": [
"foo", "foo",
"bar" "bar"
], ]
"forceSlash": true
}, },
"status": "enabled", "status": "enabled",
"usedBy": [ "usedBy": [

View file

@ -112,8 +112,7 @@
"prefixes": [ "prefixes": [
"foo", "foo",
"bar" "bar"
], ]
"forceSlash": true
}, },
"status": "enabled", "status": "enabled",
"usedBy": [ "usedBy": [

View file

@ -100,7 +100,6 @@ func (s *ZookeeperSuite) TestSimpleConfiguration(c *check.C) {
"traefik/http/middlewares/compressor/compress": "", "traefik/http/middlewares/compressor/compress": "",
"traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo", "traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo",
"traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar", "traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar",
"traefik/http/middlewares/striper/stripPrefix/forceSlash": "true",
} }
for k, v := range data { for k, v := range data {

View file

@ -46,7 +46,6 @@
httpClientTimeout = 42 httpClientTimeout = 42
[providers.docker.tls] [providers.docker.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@ -71,7 +70,6 @@
respectReadinessChecks = true respectReadinessChecks = true
[providers.marathon.tls] [providers.marathon.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@ -182,7 +180,6 @@
sampleRate = 42.0 sampleRate = 42.0
[tracing.datadog] [tracing.datadog]
localAgentHostPort = "foobar" localAgentHostPort = "foobar"
globalTag = "foobar"
debug = true debug = true
prioritySampling = true prioritySampling = true
traceIDHeaderName = "foobar" traceIDHeaderName = "foobar"
@ -292,7 +289,6 @@
authRequestHeaders = ["foobar", "foobar"] authRequestHeaders = ["foobar", "foobar"]
[http.middlewares.Middleware15.forwardAuth.tls] [http.middlewares.Middleware15.forwardAuth.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@ -376,10 +372,6 @@
addVaryHeader = true addVaryHeader = true
allowedHosts = ["foobar", "foobar"] allowedHosts = ["foobar", "foobar"]
hostsProxyHeaders = ["foobar", "foobar"] hostsProxyHeaders = ["foobar", "foobar"]
sslRedirect = true
sslTemporaryRedirect = true
sslHost = "foobar"
sslForceHost = true
stsSeconds = 42 stsSeconds = 42
stsIncludeSubdomains = true stsIncludeSubdomains = true
stsPreload = true stsPreload = true
@ -392,7 +384,6 @@
contentSecurityPolicy = "foobar" contentSecurityPolicy = "foobar"
publicKey = "foobar" publicKey = "foobar"
referrerPolicy = "foobar" referrerPolicy = "foobar"
featurePolicy = "foobar"
isDevelopment = true isDevelopment = true
[http.middlewares.Middleware8.headers.customRequestHeaders] [http.middlewares.Middleware8.headers.customRequestHeaders]
name0 = "foobar" name0 = "foobar"

View file

@ -260,17 +260,9 @@ type Headers struct {
AllowedHosts []string `json:"allowedHosts,omitempty" toml:"allowedHosts,omitempty" yaml:"allowedHosts,omitempty"` AllowedHosts []string `json:"allowedHosts,omitempty" toml:"allowedHosts,omitempty" yaml:"allowedHosts,omitempty"`
// HostsProxyHeaders defines the header keys that may hold a proxied hostname value for the request. // HostsProxyHeaders defines the header keys that may hold a proxied hostname value for the request.
HostsProxyHeaders []string `json:"hostsProxyHeaders,omitempty" toml:"hostsProxyHeaders,omitempty" yaml:"hostsProxyHeaders,omitempty" export:"true"` HostsProxyHeaders []string `json:"hostsProxyHeaders,omitempty" toml:"hostsProxyHeaders,omitempty" yaml:"hostsProxyHeaders,omitempty" export:"true"`
// Deprecated: use EntryPoint redirection or RedirectScheme instead.
SSLRedirect bool `json:"sslRedirect,omitempty" toml:"sslRedirect,omitempty" yaml:"sslRedirect,omitempty" export:"true"`
// Deprecated: use EntryPoint redirection or RedirectScheme instead.
SSLTemporaryRedirect bool `json:"sslTemporaryRedirect,omitempty" toml:"sslTemporaryRedirect,omitempty" yaml:"sslTemporaryRedirect,omitempty" export:"true"`
// Deprecated: use RedirectRegex instead.
SSLHost string `json:"sslHost,omitempty" toml:"sslHost,omitempty" yaml:"sslHost,omitempty"`
// SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request. // SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
// It can be useful when using other proxies (example: "X-Forwarded-Proto": "https"). // It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
SSLProxyHeaders map[string]string `json:"sslProxyHeaders,omitempty" toml:"sslProxyHeaders,omitempty" yaml:"sslProxyHeaders,omitempty"` SSLProxyHeaders map[string]string `json:"sslProxyHeaders,omitempty" toml:"sslProxyHeaders,omitempty" yaml:"sslProxyHeaders,omitempty"`
// Deprecated: use RedirectRegex instead.
SSLForceHost bool `json:"sslForceHost,omitempty" toml:"sslForceHost,omitempty" yaml:"sslForceHost,omitempty" export:"true"`
// STSSeconds defines the max-age of the Strict-Transport-Security header. // STSSeconds defines the max-age of the Strict-Transport-Security header.
// If set to 0, the header is not set. // If set to 0, the header is not set.
STSSeconds int64 `json:"stsSeconds,omitempty" toml:"stsSeconds,omitempty" yaml:"stsSeconds,omitempty" export:"true"` STSSeconds int64 `json:"stsSeconds,omitempty" toml:"stsSeconds,omitempty" yaml:"stsSeconds,omitempty" export:"true"`
@ -299,8 +291,6 @@ type Headers struct {
// ReferrerPolicy defines the Referrer-Policy header value. // ReferrerPolicy defines the Referrer-Policy header value.
// This allows sites to control whether browsers forward the Referer header to other sites. // This allows sites to control whether browsers forward the Referer header to other sites.
ReferrerPolicy string `json:"referrerPolicy,omitempty" toml:"referrerPolicy,omitempty" yaml:"referrerPolicy,omitempty" export:"true"` ReferrerPolicy string `json:"referrerPolicy,omitempty" toml:"referrerPolicy,omitempty" yaml:"referrerPolicy,omitempty" export:"true"`
// Deprecated: use PermissionsPolicy instead.
FeaturePolicy string `json:"featurePolicy,omitempty" toml:"featurePolicy,omitempty" yaml:"featurePolicy,omitempty" export:"true"`
// PermissionsPolicy defines the Permissions-Policy header value. // PermissionsPolicy defines the Permissions-Policy header value.
// This allows sites to control browser features. // This allows sites to control browser features.
PermissionsPolicy string `json:"permissionsPolicy,omitempty" toml:"permissionsPolicy,omitempty" yaml:"permissionsPolicy,omitempty" export:"true"` PermissionsPolicy string `json:"permissionsPolicy,omitempty" toml:"permissionsPolicy,omitempty" yaml:"permissionsPolicy,omitempty" export:"true"`
@ -333,10 +323,6 @@ func (h *Headers) HasCorsHeadersDefined() bool {
func (h *Headers) HasSecureHeadersDefined() bool { func (h *Headers) HasSecureHeadersDefined() bool {
return h != nil && (len(h.AllowedHosts) != 0 || return h != nil && (len(h.AllowedHosts) != 0 ||
len(h.HostsProxyHeaders) != 0 || len(h.HostsProxyHeaders) != 0 ||
h.SSLRedirect ||
h.SSLTemporaryRedirect ||
h.SSLForceHost ||
h.SSLHost != "" ||
len(h.SSLProxyHeaders) != 0 || len(h.SSLProxyHeaders) != 0 ||
h.STSSeconds != 0 || h.STSSeconds != 0 ||
h.STSIncludeSubdomains || h.STSIncludeSubdomains ||
@ -350,7 +336,6 @@ func (h *Headers) HasSecureHeadersDefined() bool {
h.ContentSecurityPolicy != "" || h.ContentSecurityPolicy != "" ||
h.PublicKey != "" || h.PublicKey != "" ||
h.ReferrerPolicy != "" || h.ReferrerPolicy != "" ||
h.FeaturePolicy != "" ||
h.PermissionsPolicy != "" || h.PermissionsPolicy != "" ||
h.IsDevelopment) h.IsDevelopment)
} }
@ -553,14 +538,6 @@ type Retry struct {
type StripPrefix struct { type StripPrefix struct {
// Prefixes defines the prefixes to strip from the request URL. // Prefixes defines the prefixes to strip from the request URL.
Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"` Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"`
// ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
// Default: true.
ForceSlash bool `json:"forceSlash,omitempty" toml:"forceSlash,omitempty" yaml:"forceSlash,omitempty" export:"true"` // Deprecated
}
// SetDefaults Default values for a StripPrefix.
func (s *StripPrefix) SetDefaults() {
s.ForceSlash = true
} }
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true

View file

@ -42,7 +42,6 @@ func TestDecodeConfiguration(t *testing.T) {
"traefik.http.middlewares.Middleware7.forwardauth.authresponseheaders": "foobar, fiibar", "traefik.http.middlewares.Middleware7.forwardauth.authresponseheaders": "foobar, fiibar",
"traefik.http.middlewares.Middleware7.forwardauth.authrequestheaders": "foobar, fiibar", "traefik.http.middlewares.Middleware7.forwardauth.authrequestheaders": "foobar, fiibar",
"traefik.http.middlewares.Middleware7.forwardauth.tls.ca": "foobar", "traefik.http.middlewares.Middleware7.forwardauth.tls.ca": "foobar",
"traefik.http.middlewares.Middleware7.forwardauth.tls.caoptional": "true",
"traefik.http.middlewares.Middleware7.forwardauth.tls.cert": "foobar", "traefik.http.middlewares.Middleware7.forwardauth.tls.cert": "foobar",
"traefik.http.middlewares.Middleware7.forwardauth.tls.insecureskipverify": "true", "traefik.http.middlewares.Middleware7.forwardauth.tls.insecureskipverify": "true",
"traefik.http.middlewares.Middleware7.forwardauth.tls.key": "foobar", "traefik.http.middlewares.Middleware7.forwardauth.tls.key": "foobar",
@ -71,14 +70,9 @@ func TestDecodeConfiguration(t *testing.T) {
"traefik.http.middlewares.Middleware8.headers.isdevelopment": "true", "traefik.http.middlewares.Middleware8.headers.isdevelopment": "true",
"traefik.http.middlewares.Middleware8.headers.publickey": "foobar", "traefik.http.middlewares.Middleware8.headers.publickey": "foobar",
"traefik.http.middlewares.Middleware8.headers.referrerpolicy": "foobar", "traefik.http.middlewares.Middleware8.headers.referrerpolicy": "foobar",
"traefik.http.middlewares.Middleware8.headers.featurepolicy": "foobar",
"traefik.http.middlewares.Middleware8.headers.permissionspolicy": "foobar", "traefik.http.middlewares.Middleware8.headers.permissionspolicy": "foobar",
"traefik.http.middlewares.Middleware8.headers.sslforcehost": "true",
"traefik.http.middlewares.Middleware8.headers.sslhost": "foobar",
"traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name0": "foobar", "traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name0": "foobar",
"traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name1": "foobar", "traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name1": "foobar",
"traefik.http.middlewares.Middleware8.headers.sslredirect": "true",
"traefik.http.middlewares.Middleware8.headers.ssltemporaryredirect": "true",
"traefik.http.middlewares.Middleware8.headers.stsincludesubdomains": "true", "traefik.http.middlewares.Middleware8.headers.stsincludesubdomains": "true",
"traefik.http.middlewares.Middleware8.headers.stspreload": "true", "traefik.http.middlewares.Middleware8.headers.stspreload": "true",
"traefik.http.middlewares.Middleware8.headers.stsseconds": "42", "traefik.http.middlewares.Middleware8.headers.stsseconds": "42",
@ -462,7 +456,6 @@ func TestDecodeConfiguration(t *testing.T) {
"foobar", "foobar",
"fiibar", "fiibar",
}, },
ForceSlash: true,
}, },
}, },
"Middleware18": { "Middleware18": {
@ -530,7 +523,6 @@ func TestDecodeConfiguration(t *testing.T) {
Address: "foobar", Address: "foobar",
TLS: &types.ClientTLS{ TLS: &types.ClientTLS{
CA: "foobar", CA: "foobar",
CAOptional: true,
Cert: "foobar", Cert: "foobar",
Key: "foobar", Key: "foobar",
InsecureSkipVerify: true, InsecureSkipVerify: true,
@ -587,14 +579,10 @@ func TestDecodeConfiguration(t *testing.T) {
"foobar", "foobar",
"fiibar", "fiibar",
}, },
SSLRedirect: true,
SSLTemporaryRedirect: true,
SSLHost: "foobar",
SSLProxyHeaders: map[string]string{ SSLProxyHeaders: map[string]string{
"name0": "foobar", "name0": "foobar",
"name1": "foobar", "name1": "foobar",
}, },
SSLForceHost: true,
STSSeconds: 42, STSSeconds: 42,
STSIncludeSubdomains: true, STSIncludeSubdomains: true,
STSPreload: true, STSPreload: true,
@ -607,7 +595,6 @@ func TestDecodeConfiguration(t *testing.T) {
ContentSecurityPolicy: "foobar", ContentSecurityPolicy: "foobar",
PublicKey: "foobar", PublicKey: "foobar",
ReferrerPolicy: "foobar", ReferrerPolicy: "foobar",
FeaturePolicy: "foobar",
PermissionsPolicy: "foobar", PermissionsPolicy: "foobar",
IsDevelopment: true, IsDevelopment: true,
}, },
@ -958,7 +945,6 @@ func TestEncodeConfiguration(t *testing.T) {
"foobar", "foobar",
"fiibar", "fiibar",
}, },
ForceSlash: true,
}, },
}, },
"Middleware18": { "Middleware18": {
@ -1034,7 +1020,6 @@ func TestEncodeConfiguration(t *testing.T) {
Address: "foobar", Address: "foobar",
TLS: &types.ClientTLS{ TLS: &types.ClientTLS{
CA: "foobar", CA: "foobar",
CAOptional: true,
Cert: "foobar", Cert: "foobar",
Key: "foobar", Key: "foobar",
InsecureSkipVerify: true, InsecureSkipVerify: true,
@ -1091,14 +1076,10 @@ func TestEncodeConfiguration(t *testing.T) {
"foobar", "foobar",
"fiibar", "fiibar",
}, },
SSLRedirect: true,
SSLTemporaryRedirect: true,
SSLHost: "foobar",
SSLProxyHeaders: map[string]string{ SSLProxyHeaders: map[string]string{
"name0": "foobar", "name0": "foobar",
"name1": "foobar", "name1": "foobar",
}, },
SSLForceHost: true,
STSSeconds: 42, STSSeconds: 42,
STSIncludeSubdomains: true, STSIncludeSubdomains: true,
STSPreload: true, STSPreload: true,
@ -1111,7 +1092,6 @@ func TestEncodeConfiguration(t *testing.T) {
ContentSecurityPolicy: "foobar", ContentSecurityPolicy: "foobar",
PublicKey: "foobar", PublicKey: "foobar",
ReferrerPolicy: "foobar", ReferrerPolicy: "foobar",
FeaturePolicy: "foobar",
PermissionsPolicy: "foobar", PermissionsPolicy: "foobar",
IsDevelopment: true, IsDevelopment: true,
}, },
@ -1231,7 +1211,6 @@ func TestEncodeConfiguration(t *testing.T) {
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthResponseHeaders": "foobar, fiibar", "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthResponseHeaders": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthRequestHeaders": "foobar, fiibar", "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthRequestHeaders": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CA": "foobar", "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CA": "foobar",
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CAOptional": "true",
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Cert": "foobar", "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Cert": "foobar",
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.InsecureSkipVerify": "true", "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.InsecureSkipVerify": "true",
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Key": "foobar", "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Key": "foobar",
@ -1260,14 +1239,9 @@ func TestEncodeConfiguration(t *testing.T) {
"traefik.HTTP.Middlewares.Middleware8.Headers.IsDevelopment": "true", "traefik.HTTP.Middlewares.Middleware8.Headers.IsDevelopment": "true",
"traefik.HTTP.Middlewares.Middleware8.Headers.PublicKey": "foobar", "traefik.HTTP.Middlewares.Middleware8.Headers.PublicKey": "foobar",
"traefik.HTTP.Middlewares.Middleware8.Headers.ReferrerPolicy": "foobar", "traefik.HTTP.Middlewares.Middleware8.Headers.ReferrerPolicy": "foobar",
"traefik.HTTP.Middlewares.Middleware8.Headers.FeaturePolicy": "foobar",
"traefik.HTTP.Middlewares.Middleware8.Headers.PermissionsPolicy": "foobar", "traefik.HTTP.Middlewares.Middleware8.Headers.PermissionsPolicy": "foobar",
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLForceHost": "true",
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLHost": "foobar",
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name0": "foobar", "traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name0": "foobar",
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name1": "foobar", "traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name1": "foobar",
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLRedirect": "true",
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLTemporaryRedirect": "true",
"traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains": "true", "traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains": "true",
"traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload": "true", "traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload": "true",
"traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds": "42", "traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds": "42",
@ -1318,7 +1292,6 @@ func TestEncodeConfiguration(t *testing.T) {
"traefik.HTTP.Middlewares.Middleware16.Retry.Attempts": "42", "traefik.HTTP.Middlewares.Middleware16.Retry.Attempts": "42",
"traefik.HTTP.Middlewares.Middleware16.Retry.InitialInterval": "1000000000", "traefik.HTTP.Middlewares.Middleware16.Retry.InitialInterval": "1000000000",
"traefik.HTTP.Middlewares.Middleware17.StripPrefix.Prefixes": "foobar, fiibar", "traefik.HTTP.Middlewares.Middleware17.StripPrefix.Prefixes": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware17.StripPrefix.ForceSlash": "true",
"traefik.HTTP.Middlewares.Middleware18.StripPrefixRegex.Regex": "foobar, fiibar", "traefik.HTTP.Middlewares.Middleware18.StripPrefixRegex.Regex": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware19.Compress.MinResponseBodyBytes": "42", "traefik.HTTP.Middlewares.Middleware19.Compress.MinResponseBodyBytes": "42",
"traefik.HTTP.Middlewares.Middleware20.Plugin.tomato.aaa": "foo1", "traefik.HTTP.Middlewares.Middleware20.Plugin.tomato.aaa": "foo1",

View file

@ -1,8 +0,0 @@
package static
// Pilot Configuration related to Traefik Pilot.
// Deprecated.
type Pilot struct {
Token string `description:"Traefik Pilot token. (Deprecated)" json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty" loggable:"false"`
Dashboard bool `description:"Enable Traefik Pilot in the dashboard. (Deprecated)" json:"dashboard,omitempty" toml:"dashboard,omitempty" yaml:"dashboard,omitempty"`
}

View file

@ -78,9 +78,6 @@ type Configuration struct {
CertificatesResolvers map[string]CertificateResolver `description:"Certificates resolvers configuration." json:"certificatesResolvers,omitempty" toml:"certificatesResolvers,omitempty" yaml:"certificatesResolvers,omitempty" export:"true"` CertificatesResolvers map[string]CertificateResolver `description:"Certificates resolvers configuration." json:"certificatesResolvers,omitempty" toml:"certificatesResolvers,omitempty" yaml:"certificatesResolvers,omitempty" export:"true"`
// Deprecated.
Pilot *Pilot `description:"Traefik Pilot configuration (Deprecated)." json:"pilot,omitempty" toml:"pilot,omitempty" yaml:"pilot,omitempty" export:"true"`
Hub *hub.Provider `description:"Traefik Hub configuration." json:"hub,omitempty" toml:"hub,omitempty" yaml:"hub,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"` Hub *hub.Provider `description:"Traefik Hub configuration." json:"hub,omitempty" toml:"hub,omitempty" yaml:"hub,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
Experimental *Experimental `description:"experimental features." json:"experimental,omitempty" toml:"experimental,omitempty" yaml:"experimental,omitempty" export:"true"` Experimental *Experimental `description:"experimental features." json:"experimental,omitempty" toml:"experimental,omitempty" yaml:"experimental,omitempty" export:"true"`
@ -264,11 +261,6 @@ func (c *Configuration) SetEffectiveConfiguration() {
} }
} }
// Enable anonymous usage when pilot is enabled.
if c.Pilot != nil {
c.Global.SendAnonymousUsage = true
}
// Disable Gateway API provider if not enabled in experimental. // Disable Gateway API provider if not enabled in experimental.
if c.Experimental == nil || !c.Experimental.KubernetesGateway { if c.Experimental == nil || !c.Experimental.KubernetesGateway {
c.Providers.KubernetesGateway = nil c.Providers.KubernetesGateway = nil
@ -346,18 +338,6 @@ func (c *Configuration) ValidateConfiguration() error {
acmeEmail = resolver.ACME.Email acmeEmail = resolver.ACME.Email
} }
if c.Providers.ConsulCatalog != nil && c.Providers.ConsulCatalog.Namespace != "" && len(c.Providers.ConsulCatalog.Namespaces) > 0 {
return fmt.Errorf("Consul Catalog provider cannot have both namespace and namespaces options configured")
}
if c.Providers.Consul != nil && c.Providers.Consul.Namespace != "" && len(c.Providers.Consul.Namespaces) > 0 {
return fmt.Errorf("Consul provider cannot have both namespace and namespaces options configured")
}
if c.Providers.Nomad != nil && c.Providers.Nomad.Namespace != "" && len(c.Providers.Nomad.Namespaces) > 0 {
return fmt.Errorf("Nomad provider cannot have both namespace and namespaces options configured")
}
return nil return nil
} }

View file

@ -1,16 +1,13 @@
package headers package headers
import ( import (
"context"
"fmt" "fmt"
"net/http" "net/http"
"regexp" "regexp"
"strconv" "strconv"
"strings" "strings"
"github.com/rs/zerolog/log"
"github.com/traefik/traefik/v2/pkg/config/dynamic" "github.com/traefik/traefik/v2/pkg/config/dynamic"
"github.com/traefik/traefik/v2/pkg/logs"
) )
// Header is a middleware that helps setup a few basic security features. // Header is a middleware that helps setup a few basic security features.
@ -29,10 +26,6 @@ func NewHeader(next http.Handler, cfg dynamic.Headers) (*Header, error) {
hasCustomHeaders := cfg.HasCustomHeadersDefined() hasCustomHeaders := cfg.HasCustomHeadersDefined()
hasCorsHeaders := cfg.HasCorsHeadersDefined() hasCorsHeaders := cfg.HasCorsHeadersDefined()
ctx := log.With().Str(logs.MiddlewareType, typeName).Logger().WithContext(context.Background())
handleDeprecation(ctx, &cfg)
regexes := make([]*regexp.Regexp, len(cfg.AccessControlAllowOriginListRegex)) regexes := make([]*regexp.Regexp, len(cfg.AccessControlAllowOriginListRegex))
for i, str := range cfg.AccessControlAllowOriginListRegex { for i, str := range cfg.AccessControlAllowOriginListRegex {
reg, err := regexp.Compile(str) reg, err := regexp.Compile(str)

View file

@ -7,7 +7,6 @@ import (
"net/http" "net/http"
"github.com/opentracing/opentracing-go/ext" "github.com/opentracing/opentracing-go/ext"
"github.com/rs/zerolog/log"
"github.com/traefik/traefik/v2/pkg/config/dynamic" "github.com/traefik/traefik/v2/pkg/config/dynamic"
"github.com/traefik/traefik/v2/pkg/middlewares" "github.com/traefik/traefik/v2/pkg/middlewares"
"github.com/traefik/traefik/v2/pkg/middlewares/connectionheader" "github.com/traefik/traefik/v2/pkg/middlewares/connectionheader"
@ -18,26 +17,6 @@ const (
typeName = "Headers" typeName = "Headers"
) )
func handleDeprecation(ctx context.Context, cfg *dynamic.Headers) {
logger := log.Ctx(ctx).Warn()
if cfg.SSLRedirect {
logger.Msg("SSLRedirect is deprecated, please use entrypoint redirection instead.")
}
if cfg.SSLTemporaryRedirect {
logger.Msg("SSLTemporaryRedirect is deprecated, please use entrypoint redirection instead.")
}
if cfg.SSLHost != "" {
logger.Msg("SSLHost is deprecated, please use RedirectRegex middleware instead.")
}
if cfg.SSLForceHost {
logger.Msg("SSLForceHost is deprecated, please use RedirectScheme middleware instead.")
}
if cfg.FeaturePolicy != "" {
logger.Msg("FeaturePolicy is deprecated, please use PermissionsPolicy header instead.")
}
}
type headers struct { type headers struct {
name string name string
handler http.Handler handler http.Handler
@ -49,10 +28,6 @@ func New(ctx context.Context, next http.Handler, cfg dynamic.Headers, name strin
logger := middlewares.GetLogger(ctx, name, typeName) logger := middlewares.GetLogger(ctx, name, typeName)
logger.Debug().Msg("Creating middleware") logger.Debug().Msg("Creating middleware")
mCtx := logger.WithContext(ctx)
handleDeprecation(mCtx, &cfg)
hasSecureHeaders := cfg.HasSecureHeadersDefined() hasSecureHeaders := cfg.HasSecureHeadersDefined()
hasCustomHeaders := cfg.HasCustomHeadersDefined() hasCustomHeaders := cfg.HasCustomHeadersDefined()
hasCorsHeaders := cfg.HasCorsHeadersDefined() hasCorsHeaders := cfg.HasCorsHeadersDefined()

View file

@ -21,9 +21,6 @@ func newSecure(next http.Handler, cfg dynamic.Headers, contextKey string) *secur
ForceSTSHeader: cfg.ForceSTSHeader, ForceSTSHeader: cfg.ForceSTSHeader,
FrameDeny: cfg.FrameDeny, FrameDeny: cfg.FrameDeny,
IsDevelopment: cfg.IsDevelopment, IsDevelopment: cfg.IsDevelopment,
SSLRedirect: cfg.SSLRedirect,
SSLForceHost: cfg.SSLForceHost,
SSLTemporaryRedirect: cfg.SSLTemporaryRedirect,
STSIncludeSubdomains: cfg.STSIncludeSubdomains, STSIncludeSubdomains: cfg.STSIncludeSubdomains,
STSPreload: cfg.STSPreload, STSPreload: cfg.STSPreload,
ContentSecurityPolicy: cfg.ContentSecurityPolicy, ContentSecurityPolicy: cfg.ContentSecurityPolicy,
@ -31,12 +28,10 @@ func newSecure(next http.Handler, cfg dynamic.Headers, contextKey string) *secur
CustomFrameOptionsValue: cfg.CustomFrameOptionsValue, CustomFrameOptionsValue: cfg.CustomFrameOptionsValue,
PublicKey: cfg.PublicKey, PublicKey: cfg.PublicKey,
ReferrerPolicy: cfg.ReferrerPolicy, ReferrerPolicy: cfg.ReferrerPolicy,
SSLHost: cfg.SSLHost,
AllowedHosts: cfg.AllowedHosts, AllowedHosts: cfg.AllowedHosts,
HostsProxyHeaders: cfg.HostsProxyHeaders, HostsProxyHeaders: cfg.HostsProxyHeaders,
SSLProxyHeaders: cfg.SSLProxyHeaders, SSLProxyHeaders: cfg.SSLProxyHeaders,
STSSeconds: cfg.STSSeconds, STSSeconds: cfg.STSSeconds,
FeaturePolicy: cfg.FeaturePolicy,
PermissionsPolicy: cfg.PermissionsPolicy, PermissionsPolicy: cfg.PermissionsPolicy,
SecureContextKey: contextKey, SecureContextKey: contextKey,
} }

View file

@ -11,125 +11,12 @@ import (
// Middleware tests based on https://github.com/unrolled/secure // Middleware tests based on https://github.com/unrolled/secure
func Test_newSecure_sslForceHost(t *testing.T) {
type expected struct {
statusCode int
location string
}
testCases := []struct {
desc string
host string
cfg dynamic.Headers
expected
}{
{
desc: "http should return a 301",
host: "http://powpow.example.com",
cfg: dynamic.Headers{
SSLRedirect: true,
SSLForceHost: true,
SSLHost: "powpow.example.com",
},
expected: expected{
statusCode: http.StatusMovedPermanently,
location: "https://powpow.example.com",
},
},
{
desc: "http sub domain should return a 301",
host: "http://www.powpow.example.com",
cfg: dynamic.Headers{
SSLRedirect: true,
SSLForceHost: true,
SSLHost: "powpow.example.com",
},
expected: expected{
statusCode: http.StatusMovedPermanently,
location: "https://powpow.example.com",
},
},
{
desc: "https should return a 200",
host: "https://powpow.example.com",
cfg: dynamic.Headers{
SSLRedirect: true,
SSLForceHost: true,
SSLHost: "powpow.example.com",
},
expected: expected{statusCode: http.StatusOK},
},
{
desc: "https sub domain should return a 301",
host: "https://www.powpow.example.com",
cfg: dynamic.Headers{
SSLRedirect: true,
SSLForceHost: true,
SSLHost: "powpow.example.com",
},
expected: expected{
statusCode: http.StatusMovedPermanently,
location: "https://powpow.example.com",
},
},
{
desc: "http without force host and sub domain should return a 301",
host: "http://www.powpow.example.com",
cfg: dynamic.Headers{
SSLRedirect: true,
SSLForceHost: false,
SSLHost: "powpow.example.com",
},
expected: expected{
statusCode: http.StatusMovedPermanently,
location: "https://powpow.example.com",
},
},
{
desc: "https without force host and sub domain should return a 301",
host: "https://www.powpow.example.com",
cfg: dynamic.Headers{
SSLRedirect: true,
SSLForceHost: false,
SSLHost: "powpow.example.com",
},
expected: expected{statusCode: http.StatusOK},
},
}
next := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
_, _ = rw.Write([]byte("OK"))
})
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
mid := newSecure(next, test.cfg, "mymiddleware")
req := httptest.NewRequest(http.MethodGet, test.host, nil)
rw := httptest.NewRecorder()
mid.ServeHTTP(rw, req)
assert.Equal(t, test.expected.statusCode, rw.Result().StatusCode)
assert.Equal(t, test.expected.location, rw.Header().Get("Location"))
})
}
}
func Test_newSecure_modifyResponse(t *testing.T) { func Test_newSecure_modifyResponse(t *testing.T) {
testCases := []struct { testCases := []struct {
desc string desc string
cfg dynamic.Headers cfg dynamic.Headers
expected http.Header expected http.Header
}{ }{
{
desc: "FeaturePolicy",
cfg: dynamic.Headers{
FeaturePolicy: "vibrate 'none';",
},
expected: http.Header{"Feature-Policy": []string{"vibrate 'none';"}},
},
{ {
desc: "PermissionsPolicy", desc: "PermissionsPolicy",
cfg: dynamic.Headers{ cfg: dynamic.Headers{

View file

@ -19,20 +19,18 @@ const (
// stripPrefix is a middleware used to strip prefix from an URL request. // stripPrefix is a middleware used to strip prefix from an URL request.
type stripPrefix struct { type stripPrefix struct {
next http.Handler next http.Handler
prefixes []string prefixes []string
forceSlash bool // TODO Must be removed (breaking), the default behavior must be forceSlash=false name string
name string
} }
// New creates a new strip prefix middleware. // New creates a new strip prefix middleware.
func New(ctx context.Context, next http.Handler, config dynamic.StripPrefix, name string) (http.Handler, error) { func New(ctx context.Context, next http.Handler, config dynamic.StripPrefix, name string) (http.Handler, error) {
middlewares.GetLogger(ctx, name, typeName).Debug().Msg("Creating middleware") middlewares.GetLogger(ctx, name, typeName).Debug().Msg("Creating middleware")
return &stripPrefix{ return &stripPrefix{
prefixes: config.Prefixes, prefixes: config.Prefixes,
forceSlash: config.ForceSlash, next: next,
next: next, name: name,
name: name,
}, nil }, nil
} }
@ -61,13 +59,6 @@ func (s *stripPrefix) serveRequest(rw http.ResponseWriter, req *http.Request, pr
} }
func (s *stripPrefix) getPrefixStripped(urlPath, prefix string) string { func (s *stripPrefix) getPrefixStripped(urlPath, prefix string) string {
if s.forceSlash {
// Only for compatibility reason with the previous behavior,
// but the previous behavior is wrong.
// This needs to be removed in the next breaking version.
return "/" + strings.TrimPrefix(strings.TrimPrefix(urlPath, prefix), "/")
}
return ensureLeadingSlash(strings.TrimPrefix(urlPath, prefix)) return ensureLeadingSlash(strings.TrimPrefix(urlPath, prefix))
} }

View file

@ -31,17 +31,6 @@ func TestStripPrefix(t *testing.T) {
expectedStatusCode: http.StatusOK, expectedStatusCode: http.StatusOK,
expectedPath: "/noprefixes", expectedPath: "/noprefixes",
}, },
{
desc: "wildcard (.*) requests (ForceSlash)",
config: dynamic.StripPrefix{
Prefixes: []string{"/"},
ForceSlash: true,
},
path: "/",
expectedStatusCode: http.StatusOK,
expectedPath: "/",
expectedHeader: "/",
},
{ {
desc: "wildcard (.*) requests", desc: "wildcard (.*) requests",
config: dynamic.StripPrefix{ config: dynamic.StripPrefix{
@ -52,17 +41,6 @@ func TestStripPrefix(t *testing.T) {
expectedPath: "", expectedPath: "",
expectedHeader: "/", expectedHeader: "/",
}, },
{
desc: "prefix and path matching (ForceSlash)",
config: dynamic.StripPrefix{
Prefixes: []string{"/stat"},
ForceSlash: true,
},
path: "/stat",
expectedStatusCode: http.StatusOK,
expectedPath: "/",
expectedHeader: "/stat",
},
{ {
desc: "prefix and path matching", desc: "prefix and path matching",
config: dynamic.StripPrefix{ config: dynamic.StripPrefix{
@ -73,17 +51,6 @@ func TestStripPrefix(t *testing.T) {
expectedPath: "", expectedPath: "",
expectedHeader: "/stat", expectedHeader: "/stat",
}, },
{
desc: "path prefix on exactly matching path (ForceSlash)",
config: dynamic.StripPrefix{
Prefixes: []string{"/stat/"},
ForceSlash: true,
},
path: "/stat/",
expectedStatusCode: http.StatusOK,
expectedPath: "/",
expectedHeader: "/stat/",
},
{ {
desc: "path prefix on exactly matching path", desc: "path prefix on exactly matching path",
config: dynamic.StripPrefix{ config: dynamic.StripPrefix{
@ -133,17 +100,6 @@ func TestStripPrefix(t *testing.T) {
expectedPath: "/us", expectedPath: "/us",
expectedHeader: "/stat", expectedHeader: "/stat",
}, },
{
desc: "later prefix matching (ForceSlash)",
config: dynamic.StripPrefix{
Prefixes: []string{"/mismatch", "/stat"},
ForceSlash: true,
},
path: "/stat",
expectedStatusCode: http.StatusOK,
expectedPath: "/",
expectedHeader: "/stat",
},
{ {
desc: "later prefix matching", desc: "later prefix matching",
config: dynamic.StripPrefix{ config: dynamic.StripPrefix{

View file

@ -35,8 +35,7 @@ const (
const pluginsURL = "https://plugins.traefik.io/public/" const pluginsURL = "https://plugins.traefik.io/public/"
const ( const (
hashHeader = "X-Plugin-Hash" hashHeader = "X-Plugin-Hash"
tokenHeader = "X-Token"
) )
// ClientOptions the options of a Traefik plugins client. // ClientOptions the options of a Traefik plugins client.
@ -49,7 +48,6 @@ type Client struct {
HTTPClient *http.Client HTTPClient *http.Client
baseURL *url.URL baseURL *url.URL
token string
archives string archives string
stateFile string stateFile string
goPath string goPath string
@ -158,10 +156,6 @@ func (c *Client) Download(ctx context.Context, pName, pVersion string) (string,
req.Header.Set(hashHeader, hash) req.Header.Set(hashHeader, hash)
} }
if c.token != "" {
req.Header.Set(tokenHeader, c.token)
}
resp, err := c.HTTPClient.Do(req) resp, err := c.HTTPClient.Do(req)
if err != nil { if err != nil {
return "", fmt.Errorf("failed to call service: %w", err) return "", fmt.Errorf("failed to call service: %w", err)
@ -222,10 +216,6 @@ func (c *Client) Check(ctx context.Context, pName, pVersion, hash string) error
req.Header.Set(hashHeader, hash) req.Header.Set(hashHeader, hash)
} }
if c.token != "" {
req.Header.Set(tokenHeader, c.token)
}
resp, err := c.HTTPClient.Do(req) resp, err := c.HTTPClient.Do(req)
if err != nil { if err != nil {
return fmt.Errorf("failed to call service: %w", err) return fmt.Errorf("failed to call service: %w", err)

View file

@ -3070,7 +3070,6 @@ func Test_buildConfiguration(t *testing.T) {
func TestNamespaces(t *testing.T) { func TestNamespaces(t *testing.T) {
testCases := []struct { testCases := []struct {
desc string desc string
namespace string
namespaces []string namespaces []string
expectedNamespaces []string expectedNamespaces []string
}{ }{
@ -3078,11 +3077,6 @@ func TestNamespaces(t *testing.T) {
desc: "no defined namespaces", desc: "no defined namespaces",
expectedNamespaces: []string{""}, expectedNamespaces: []string{""},
}, },
{
desc: "deprecated: use of defined namespace",
namespace: "test-ns",
expectedNamespaces: []string{"test-ns"},
},
{ {
desc: "use of 1 defined namespaces", desc: "use of 1 defined namespaces",
namespaces: []string{"test-ns"}, namespaces: []string{"test-ns"},
@ -3102,7 +3096,6 @@ func TestNamespaces(t *testing.T) {
t.Parallel() t.Parallel()
pb := &ProviderBuilder{ pb := &ProviderBuilder{
Namespace: test.namespace,
Namespaces: test.namespaces, Namespaces: test.namespaces,
} }

View file

@ -49,25 +49,15 @@ type itemData struct {
type ProviderBuilder struct { type ProviderBuilder struct {
Configuration `yaml:",inline" export:"true"` Configuration `yaml:",inline" export:"true"`
// Deprecated: use Namespaces option instead.
Namespace string `description:"Sets the namespace used to discover services (Consul Enterprise only)." json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
Namespaces []string `description:"Sets the namespaces used to discover services (Consul Enterprise only)." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"` Namespaces []string `description:"Sets the namespaces used to discover services (Consul Enterprise only)." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"`
} }
// BuildProviders builds Consul Catalog provider instances for the given namespaces configuration. // BuildProviders builds Consul Catalog provider instances for the given namespaces configuration.
func (p *ProviderBuilder) BuildProviders() []*Provider { func (p *ProviderBuilder) BuildProviders() []*Provider {
// We can warn about that, because we've already made sure before that
// Namespace and Namespaces are mutually exclusive.
if p.Namespace != "" {
log.Warn().Msg("Namespace option is deprecated, please use the Namespaces option instead.")
}
if len(p.Namespaces) == 0 { if len(p.Namespaces) == 0 {
return []*Provider{{ return []*Provider{{
Configuration: p.Configuration, Configuration: p.Configuration,
name: providerName, name: providerName,
// p.Namespace could very well be empty.
namespace: p.Namespace,
}} }}
} }

View file

@ -626,7 +626,6 @@ func createForwardAuthMiddleware(k8sClient Client, namespace string, auth *v1alp
} }
forwardAuth.TLS = &types.ClientTLS{ forwardAuth.TLS = &types.ClientTLS{
CAOptional: auth.TLS.CAOptional,
InsecureSkipVerify: auth.TLS.InsecureSkipVerify, InsecureSkipVerify: auth.TLS.InsecureSkipVerify,
} }

View file

@ -5144,8 +5144,7 @@ func TestCrossNamespace(t *testing.T) {
Middlewares: map[string]*dynamic.Middleware{ Middlewares: map[string]*dynamic.Middleware{
"cross-ns-stripprefix": { "cross-ns-stripprefix": {
StripPrefix: &dynamic.StripPrefix{ StripPrefix: &dynamic.StripPrefix{
Prefixes: []string{"/stripit"}, Prefixes: []string{"/stripit"},
ForceSlash: false,
}, },
}, },
}, },
@ -5215,8 +5214,7 @@ func TestCrossNamespace(t *testing.T) {
Middlewares: map[string]*dynamic.Middleware{ Middlewares: map[string]*dynamic.Middleware{
"cross-ns-stripprefix": { "cross-ns-stripprefix": {
StripPrefix: &dynamic.StripPrefix{ StripPrefix: &dynamic.StripPrefix{
Prefixes: []string{"/stripit"}, Prefixes: []string{"/stripit"},
ForceSlash: false,
}, },
}, },
"default-test-errorpage": { "default-test-errorpage": {

View file

@ -167,7 +167,6 @@ type ClientTLS struct {
CertSecret string `json:"certSecret,omitempty"` CertSecret string `json:"certSecret,omitempty"`
// InsecureSkipVerify defines whether the server certificates should be validated. // InsecureSkipVerify defines whether the server certificates should be validated.
InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"` InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`
CAOptional bool `json:"caOptional,omitempty"`
} }
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true

View file

@ -41,10 +41,6 @@ type TLSOptionSpec struct {
ClientAuth ClientAuth `json:"clientAuth,omitempty"` ClientAuth ClientAuth `json:"clientAuth,omitempty"`
// SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension. // SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
SniStrict bool `json:"sniStrict,omitempty"` SniStrict bool `json:"sniStrict,omitempty"`
// PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
// It is enabled automatically when minVersion or maxVersion is set.
// Deprecated: https://github.com/golang/go/issues/45430
PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty"`
// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. // ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
// More info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols // More info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols
ALPNProtocols []string `json:"alpnProtocols,omitempty"` ALPNProtocols []string `json:"alpnProtocols,omitempty"`

View file

@ -7,7 +7,6 @@ import (
"time" "time"
"github.com/kvtools/consul" "github.com/kvtools/consul"
"github.com/rs/zerolog/log"
"github.com/traefik/traefik/v2/pkg/provider" "github.com/traefik/traefik/v2/pkg/provider"
"github.com/traefik/traefik/v2/pkg/provider/kv" "github.com/traefik/traefik/v2/pkg/provider/kv"
"github.com/traefik/traefik/v2/pkg/types" "github.com/traefik/traefik/v2/pkg/types"
@ -25,8 +24,6 @@ type ProviderBuilder struct {
Token string `description:"Per-request ACL token." json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty" loggable:"false"` Token string `description:"Per-request ACL token." json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty" loggable:"false"`
TLS *types.ClientTLS `description:"Enable TLS support." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"` TLS *types.ClientTLS `description:"Enable TLS support." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
// Deprecated: use Namespaces instead.
Namespace string `description:"Sets the namespace used to discover the configuration (Consul Enterprise only)." json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
Namespaces []string `description:"Sets the namespaces used to discover the configuration (Consul Enterprise only)." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"` Namespaces []string `description:"Sets the namespaces used to discover the configuration (Consul Enterprise only)." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"`
} }
@ -38,20 +35,12 @@ func (p *ProviderBuilder) SetDefaults() {
// BuildProviders builds Consul provider instances for the given namespaces configuration. // BuildProviders builds Consul provider instances for the given namespaces configuration.
func (p *ProviderBuilder) BuildProviders() []*Provider { func (p *ProviderBuilder) BuildProviders() []*Provider {
// We can warn about that, because we've already made sure before that
// Namespace and Namespaces are mutually exclusive.
if p.Namespace != "" {
log.Warn().Msg("Namespace option is deprecated, please use the Namespaces option instead.")
}
if len(p.Namespaces) == 0 { if len(p.Namespaces) == 0 {
return []*Provider{{ return []*Provider{{
Provider: p.Provider, Provider: p.Provider,
name: providerName, name: providerName,
// p.Namespace could very well be empty. token: p.Token,
namespace: p.Namespace, tls: p.TLS,
token: p.Token,
tls: p.TLS,
}} }}
} }

View file

@ -9,7 +9,6 @@ import (
func TestNamespaces(t *testing.T) { func TestNamespaces(t *testing.T) {
testCases := []struct { testCases := []struct {
desc string desc string
namespace string
namespaces []string namespaces []string
expectedNamespaces []string expectedNamespaces []string
}{ }{
@ -17,11 +16,6 @@ func TestNamespaces(t *testing.T) {
desc: "no defined namespaces", desc: "no defined namespaces",
expectedNamespaces: []string{""}, expectedNamespaces: []string{""},
}, },
{
desc: "deprecated: use of defined namespace",
namespace: "test-ns",
expectedNamespaces: []string{"test-ns"},
},
{ {
desc: "use of 1 defined namespaces", desc: "use of 1 defined namespaces",
namespaces: []string{"test-ns"}, namespaces: []string{"test-ns"},
@ -41,7 +35,6 @@ func TestNamespaces(t *testing.T) {
t.Parallel() t.Parallel()
pb := &ProviderBuilder{ pb := &ProviderBuilder{
Namespace: test.namespace,
Namespaces: test.namespaces, Namespaces: test.namespaces,
} }

View file

@ -79,7 +79,6 @@ func Test_buildConfiguration(t *testing.T) {
"traefik/http/middlewares/Middleware08/forwardAuth/tls/key": "foobar", "traefik/http/middlewares/Middleware08/forwardAuth/tls/key": "foobar",
"traefik/http/middlewares/Middleware08/forwardAuth/tls/insecureSkipVerify": "true", "traefik/http/middlewares/Middleware08/forwardAuth/tls/insecureSkipVerify": "true",
"traefik/http/middlewares/Middleware08/forwardAuth/tls/ca": "foobar", "traefik/http/middlewares/Middleware08/forwardAuth/tls/ca": "foobar",
"traefik/http/middlewares/Middleware08/forwardAuth/tls/caOptional": "true",
"traefik/http/middlewares/Middleware08/forwardAuth/tls/cert": "foobar", "traefik/http/middlewares/Middleware08/forwardAuth/tls/cert": "foobar",
"traefik/http/middlewares/Middleware08/forwardAuth/address": "foobar", "traefik/http/middlewares/Middleware08/forwardAuth/address": "foobar",
"traefik/http/middlewares/Middleware08/forwardAuth/trustForwardHeader": "true", "traefik/http/middlewares/Middleware08/forwardAuth/trustForwardHeader": "true",
@ -106,12 +105,8 @@ func Test_buildConfiguration(t *testing.T) {
"traefik/http/middlewares/Middleware09/headers/accessControlAllowOriginListRegex/1": "foobar", "traefik/http/middlewares/Middleware09/headers/accessControlAllowOriginListRegex/1": "foobar",
"traefik/http/middlewares/Middleware09/headers/contentTypeNosniff": "true", "traefik/http/middlewares/Middleware09/headers/contentTypeNosniff": "true",
"traefik/http/middlewares/Middleware09/headers/accessControlAllowCredentials": "true", "traefik/http/middlewares/Middleware09/headers/accessControlAllowCredentials": "true",
"traefik/http/middlewares/Middleware09/headers/featurePolicy": "foobar",
"traefik/http/middlewares/Middleware09/headers/permissionsPolicy": "foobar", "traefik/http/middlewares/Middleware09/headers/permissionsPolicy": "foobar",
"traefik/http/middlewares/Middleware09/headers/forceSTSHeader": "true", "traefik/http/middlewares/Middleware09/headers/forceSTSHeader": "true",
"traefik/http/middlewares/Middleware09/headers/sslRedirect": "true",
"traefik/http/middlewares/Middleware09/headers/sslHost": "foobar",
"traefik/http/middlewares/Middleware09/headers/sslForceHost": "true",
"traefik/http/middlewares/Middleware09/headers/sslProxyHeaders/name1": "foobar", "traefik/http/middlewares/Middleware09/headers/sslProxyHeaders/name1": "foobar",
"traefik/http/middlewares/Middleware09/headers/sslProxyHeaders/name0": "foobar", "traefik/http/middlewares/Middleware09/headers/sslProxyHeaders/name0": "foobar",
"traefik/http/middlewares/Middleware09/headers/allowedHosts/0": "foobar", "traefik/http/middlewares/Middleware09/headers/allowedHosts/0": "foobar",
@ -130,7 +125,6 @@ func Test_buildConfiguration(t *testing.T) {
"traefik/http/middlewares/Middleware09/headers/addVaryHeader": "true", "traefik/http/middlewares/Middleware09/headers/addVaryHeader": "true",
"traefik/http/middlewares/Middleware09/headers/hostsProxyHeaders/0": "foobar", "traefik/http/middlewares/Middleware09/headers/hostsProxyHeaders/0": "foobar",
"traefik/http/middlewares/Middleware09/headers/hostsProxyHeaders/1": "foobar", "traefik/http/middlewares/Middleware09/headers/hostsProxyHeaders/1": "foobar",
"traefik/http/middlewares/Middleware09/headers/sslTemporaryRedirect": "true",
"traefik/http/middlewares/Middleware09/headers/customBrowserXSSValue": "foobar", "traefik/http/middlewares/Middleware09/headers/customBrowserXSSValue": "foobar",
"traefik/http/middlewares/Middleware09/headers/referrerPolicy": "foobar", "traefik/http/middlewares/Middleware09/headers/referrerPolicy": "foobar",
"traefik/http/middlewares/Middleware09/headers/accessControlExposeHeaders/0": "foobar", "traefik/http/middlewares/Middleware09/headers/accessControlExposeHeaders/0": "foobar",
@ -206,7 +200,6 @@ func Test_buildConfiguration(t *testing.T) {
"traefik/http/middlewares/Middleware18/retry/attempts": "42", "traefik/http/middlewares/Middleware18/retry/attempts": "42",
"traefik/http/middlewares/Middleware19/stripPrefix/prefixes/0": "foobar", "traefik/http/middlewares/Middleware19/stripPrefix/prefixes/0": "foobar",
"traefik/http/middlewares/Middleware19/stripPrefix/prefixes/1": "foobar", "traefik/http/middlewares/Middleware19/stripPrefix/prefixes/1": "foobar",
"traefik/http/middlewares/Middleware19/stripPrefix/forceSlash": "true",
"traefik/tcp/routers/TCPRouter0/entryPoints/0": "foobar", "traefik/tcp/routers/TCPRouter0/entryPoints/0": "foobar",
"traefik/tcp/routers/TCPRouter0/entryPoints/1": "foobar", "traefik/tcp/routers/TCPRouter0/entryPoints/1": "foobar",
"traefik/tcp/routers/TCPRouter0/service": "foobar", "traefik/tcp/routers/TCPRouter0/service": "foobar",
@ -378,7 +371,6 @@ func Test_buildConfiguration(t *testing.T) {
"foobar", "foobar",
"foobar", "foobar",
}, },
ForceSlash: true,
}, },
}, },
"Middleware00": { "Middleware00": {
@ -413,7 +405,6 @@ func Test_buildConfiguration(t *testing.T) {
Address: "foobar", Address: "foobar",
TLS: &types.ClientTLS{ TLS: &types.ClientTLS{
CA: "foobar", CA: "foobar",
CAOptional: true,
Cert: "foobar", Cert: "foobar",
Key: "foobar", Key: "foobar",
InsecureSkipVerify: true, InsecureSkipVerify: true,
@ -589,14 +580,10 @@ func Test_buildConfiguration(t *testing.T) {
"foobar", "foobar",
"foobar", "foobar",
}, },
SSLRedirect: true,
SSLTemporaryRedirect: true,
SSLHost: "foobar",
SSLProxyHeaders: map[string]string{ SSLProxyHeaders: map[string]string{
"name1": "foobar", "name1": "foobar",
"name0": "foobar", "name0": "foobar",
}, },
SSLForceHost: true,
STSSeconds: 42, STSSeconds: 42,
STSIncludeSubdomains: true, STSIncludeSubdomains: true,
STSPreload: true, STSPreload: true,
@ -609,7 +596,6 @@ func Test_buildConfiguration(t *testing.T) {
ContentSecurityPolicy: "foobar", ContentSecurityPolicy: "foobar",
PublicKey: "foobar", PublicKey: "foobar",
ReferrerPolicy: "foobar", ReferrerPolicy: "foobar",
FeaturePolicy: "foobar",
PermissionsPolicy: "foobar", PermissionsPolicy: "foobar",
IsDevelopment: true, IsDevelopment: true,
}, },

View file

@ -2611,7 +2611,6 @@ func Test_keepItem(t *testing.T) {
func TestNamespaces(t *testing.T) { func TestNamespaces(t *testing.T) {
testCases := []struct { testCases := []struct {
desc string desc string
namespace string
namespaces []string namespaces []string
expectedNamespaces []string expectedNamespaces []string
}{ }{
@ -2619,11 +2618,6 @@ func TestNamespaces(t *testing.T) {
desc: "no defined namespaces", desc: "no defined namespaces",
expectedNamespaces: []string{""}, expectedNamespaces: []string{""},
}, },
{
desc: "deprecated: use of defined namespace",
namespace: "test-ns",
expectedNamespaces: []string{"test-ns"},
},
{ {
desc: "use of 1 defined namespaces", desc: "use of 1 defined namespaces",
namespaces: []string{"test-ns"}, namespaces: []string{"test-ns"},
@ -2643,7 +2637,6 @@ func TestNamespaces(t *testing.T) {
t.Parallel() t.Parallel()
pb := &ProviderBuilder{ pb := &ProviderBuilder{
Namespace: test.namespace,
Namespaces: test.namespaces, Namespaces: test.namespaces,
} }

View file

@ -52,23 +52,15 @@ type item struct {
type ProviderBuilder struct { type ProviderBuilder struct {
Configuration `yaml:",inline" export:"true"` Configuration `yaml:",inline" export:"true"`
// Deprecated: Use Namespaces option instead
Namespace string `description:"Sets the Nomad namespace used to discover services." json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
Namespaces []string `description:"Sets the Nomad namespaces used to discover services." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"` Namespaces []string `description:"Sets the Nomad namespaces used to discover services." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"`
} }
// BuildProviders builds Nomad provider instances for the given namespaces configuration. // BuildProviders builds Nomad provider instances for the given namespaces configuration.
func (p *ProviderBuilder) BuildProviders() []*Provider { func (p *ProviderBuilder) BuildProviders() []*Provider {
if p.Namespace != "" {
log.Warn().Msg("Namespace option is deprecated, please use the Namespaces option instead.")
}
if len(p.Namespaces) == 0 { if len(p.Namespaces) == 0 {
return []*Provider{{ return []*Provider{{
Configuration: p.Configuration, Configuration: p.Configuration,
name: providerName, name: providerName,
// p.Namespace could be empty
namespace: p.Namespace,
}} }}
} }

View file

@ -175,8 +175,7 @@ func init() {
Prefix: "foo", Prefix: "foo",
}, },
StripPrefix: &dynamic.StripPrefix{ StripPrefix: &dynamic.StripPrefix{
Prefixes: []string{"foo"}, Prefixes: []string{"foo"},
ForceSlash: true,
}, },
StripPrefixRegex: &dynamic.StripPrefixRegex{ StripPrefixRegex: &dynamic.StripPrefixRegex{
Regex: []string{"foo"}, Regex: []string{"foo"},
@ -211,11 +210,7 @@ func init() {
AddVaryHeader: true, AddVaryHeader: true,
AllowedHosts: []string{"foo"}, AllowedHosts: []string{"foo"},
HostsProxyHeaders: []string{"foo"}, HostsProxyHeaders: []string{"foo"},
SSLRedirect: true,
SSLTemporaryRedirect: true,
SSLHost: "foo",
SSLProxyHeaders: map[string]string{"foo": "bar"}, SSLProxyHeaders: map[string]string{"foo": "bar"},
SSLForceHost: true,
STSSeconds: 42, STSSeconds: 42,
STSIncludeSubdomains: true, STSIncludeSubdomains: true,
STSPreload: true, STSPreload: true,
@ -228,7 +223,6 @@ func init() {
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
FeaturePolicy: "foo",
PermissionsPolicy: "foo", PermissionsPolicy: "foo",
IsDevelopment: true, IsDevelopment: true,
}, },
@ -278,7 +272,6 @@ func init() {
Address: "127.0.0.1", Address: "127.0.0.1",
TLS: &types.ClientTLS{ TLS: &types.ClientTLS{
CA: "ca.pem", CA: "ca.pem",
CAOptional: true,
Cert: "cert.pem", Cert: "cert.pem",
Key: "cert.pem", Key: "cert.pem",
InsecureSkipVerify: true, InsecureSkipVerify: true,
@ -592,7 +585,6 @@ func TestDo_staticConfiguration(t *testing.T) {
DefaultRule: "PathPrefix(`/`)", DefaultRule: "PathPrefix(`/`)",
TLS: &types.ClientTLS{ TLS: &types.ClientTLS{
CA: "myCa", CA: "myCa",
CAOptional: true,
Cert: "mycert.pem", Cert: "mycert.pem",
Key: "mycert.key", Key: "mycert.key",
InsecureSkipVerify: true, InsecureSkipVerify: true,
@ -615,7 +607,6 @@ func TestDo_staticConfiguration(t *testing.T) {
DCOSToken: "foobar", DCOSToken: "foobar",
TLS: &types.ClientTLS{ TLS: &types.ClientTLS{
CA: "myCa", CA: "myCa",
CAOptional: true,
Cert: "mycert.pem", Cert: "mycert.pem",
Key: "mycert.key", Key: "mycert.key",
InsecureSkipVerify: true, InsecureSkipVerify: true,
@ -691,7 +682,6 @@ func TestDo_staticConfiguration(t *testing.T) {
Token: "MyToken", Token: "MyToken",
TLS: &types.ClientTLS{ TLS: &types.ClientTLS{
CA: "myCa", CA: "myCa",
CAOptional: true,
Cert: "mycert.pem", Cert: "mycert.pem",
Key: "mycert.key", Key: "mycert.key",
InsecureSkipVerify: true, InsecureSkipVerify: true,
@ -710,7 +700,6 @@ func TestDo_staticConfiguration(t *testing.T) {
ExposedByDefault: true, ExposedByDefault: true,
DefaultRule: "PathPrefix(`/`)", DefaultRule: "PathPrefix(`/`)",
}, },
Namespace: "ns",
Namespaces: []string{"ns1", "ns2"}, Namespaces: []string{"ns1", "ns2"},
} }
@ -735,12 +724,10 @@ func TestDo_staticConfiguration(t *testing.T) {
Token: "secret", Token: "secret",
TLS: &types.ClientTLS{ TLS: &types.ClientTLS{
CA: "myCa", CA: "myCa",
CAOptional: true,
Cert: "mycert.pem", Cert: "mycert.pem",
Key: "mycert.key", Key: "mycert.key",
InsecureSkipVerify: true, InsecureSkipVerify: true,
}, },
Namespace: "ns",
Namespaces: []string{"ns1", "ns2"}, Namespaces: []string{"ns1", "ns2"},
} }
@ -753,7 +740,6 @@ func TestDo_staticConfiguration(t *testing.T) {
Password: "password", Password: "password",
TLS: &types.ClientTLS{ TLS: &types.ClientTLS{
CA: "myCa", CA: "myCa",
CAOptional: true,
Cert: "mycert.pem", Cert: "mycert.pem",
Key: "mycert.key", Key: "mycert.key",
InsecureSkipVerify: true, InsecureSkipVerify: true,
@ -778,7 +764,6 @@ func TestDo_staticConfiguration(t *testing.T) {
Password: "password", Password: "password",
TLS: &types.ClientTLS{ TLS: &types.ClientTLS{
CA: "myCa", CA: "myCa",
CAOptional: true,
Cert: "mycert.pem", Cert: "mycert.pem",
Key: "mycert.key", Key: "mycert.key",
InsecureSkipVerify: true, InsecureSkipVerify: true,
@ -791,7 +776,6 @@ func TestDo_staticConfiguration(t *testing.T) {
PollTimeout: 42, PollTimeout: 42,
TLS: &types.ClientTLS{ TLS: &types.ClientTLS{
CA: "myCa", CA: "myCa",
CAOptional: true,
Cert: "mycert.pem", Cert: "mycert.pem",
Key: "mycert.key", Key: "mycert.key",
InsecureSkipVerify: true, InsecureSkipVerify: true,
@ -903,7 +887,7 @@ func TestDo_staticConfiguration(t *testing.T) {
}, },
Datadog: &datadog.Config{ Datadog: &datadog.Config{
LocalAgentHostPort: "foobar", LocalAgentHostPort: "foobar",
GlobalTag: "foobar", GlobalTags: map[string]string{"foobar": "foobar"},
Debug: true, Debug: true,
PrioritySampling: true, PrioritySampling: true,
TraceIDHeaderName: "foobar", TraceIDHeaderName: "foobar",

View file

@ -99,8 +99,7 @@
"stripPrefix": { "stripPrefix": {
"prefixes": [ "prefixes": [
"foo" "foo"
], ]
"forceSlash": true
}, },
"stripPrefixRegex": { "stripPrefixRegex": {
"regex": [ "regex": [
@ -161,10 +160,6 @@
"hostsProxyHeaders": [ "hostsProxyHeaders": [
"foo" "foo"
], ],
"sslRedirect": true,
"sslTemporaryRedirect": true,
"sslHost": "xxxx",
"sslForceHost": true,
"stsSeconds": 42, "stsSeconds": 42,
"stsIncludeSubdomains": true, "stsIncludeSubdomains": true,
"stsPreload": true, "stsPreload": true,
@ -177,7 +172,6 @@
"contentSecurityPolicy": "xxxx", "contentSecurityPolicy": "xxxx",
"publicKey": "xxxx", "publicKey": "xxxx",
"referrerPolicy": "foo", "referrerPolicy": "foo",
"featurePolicy": "foo",
"permissionsPolicy": "foo", "permissionsPolicy": "foo",
"isDevelopment": true "isDevelopment": true
}, },
@ -235,7 +229,6 @@
"address": "xxxx", "address": "xxxx",
"tls": { "tls": {
"ca": "xxxx", "ca": "xxxx",
"caOptional": true,
"cert": "xxxx", "cert": "xxxx",
"key": "xxxx", "key": "xxxx",
"insecureSkipVerify": true "insecureSkipVerify": true

View file

@ -83,7 +83,6 @@
"defaultRule": "xxxx", "defaultRule": "xxxx",
"tls": { "tls": {
"ca": "xxxx", "ca": "xxxx",
"caOptional": true,
"cert": "xxxx", "cert": "xxxx",
"key": "xxxx", "key": "xxxx",
"insecureSkipVerify": true "insecureSkipVerify": true
@ -111,7 +110,6 @@
"dcosToken": "xxxx", "dcosToken": "xxxx",
"tls": { "tls": {
"ca": "xxxx", "ca": "xxxx",
"caOptional": true,
"cert": "xxxx", "cert": "xxxx",
"key": "xxxx", "key": "xxxx",
"insecureSkipVerify": true "insecureSkipVerify": true
@ -189,7 +187,6 @@
"token": "xxxx", "token": "xxxx",
"tls": { "tls": {
"ca": "xxxx", "ca": "xxxx",
"caOptional": true,
"cert": "xxxx", "cert": "xxxx",
"key": "xxxx", "key": "xxxx",
"insecureSkipVerify": true "insecureSkipVerify": true
@ -207,7 +204,6 @@
"cache": true, "cache": true,
"exposedByDefault": true, "exposedByDefault": true,
"defaultRule": "xxxx", "defaultRule": "xxxx",
"namespace": "xxxx",
"namespaces": [ "namespaces": [
"xxxx", "xxxx",
"xxxx" "xxxx"
@ -233,12 +229,10 @@
"token": "xxxx", "token": "xxxx",
"tls": { "tls": {
"ca": "xxxx", "ca": "xxxx",
"caOptional": true,
"cert": "xxxx", "cert": "xxxx",
"key": "xxxx", "key": "xxxx",
"insecureSkipVerify": true "insecureSkipVerify": true
}, },
"namespace": "xxxx",
"namespaces": [ "namespaces": [
"xxxx", "xxxx",
"xxxx" "xxxx"
@ -248,7 +242,6 @@
"rootKey": "xxxx", "rootKey": "xxxx",
"tls": { "tls": {
"ca": "xxxx", "ca": "xxxx",
"caOptional": true,
"cert": "xxxx", "cert": "xxxx",
"key": "xxxx", "key": "xxxx",
"insecureSkipVerify": true "insecureSkipVerify": true
@ -265,7 +258,6 @@
"rootKey": "xxxx", "rootKey": "xxxx",
"tls": { "tls": {
"ca": "xxxx", "ca": "xxxx",
"caOptional": true,
"cert": "xxxx", "cert": "xxxx",
"key": "xxxx", "key": "xxxx",
"insecureSkipVerify": true "insecureSkipVerify": true
@ -279,7 +271,6 @@
"pollTimeout": "42ns", "pollTimeout": "42ns",
"tls": { "tls": {
"ca": "xxxx", "ca": "xxxx",
"caOptional": true,
"cert": "xxxx", "cert": "xxxx",
"key": "xxxx", "key": "xxxx",
"insecureSkipVerify": true "insecureSkipVerify": true
@ -394,7 +385,9 @@
}, },
"datadog": { "datadog": {
"localAgentHostPort": "xxxx", "localAgentHostPort": "xxxx",
"globalTag": "foobar", "globalTags": {
"foobar": "foobar"
},
"debug": true, "debug": true,
"prioritySampling": true, "prioritySampling": true,
"traceIDHeaderName": "foobar", "traceIDHeaderName": "foobar",

View file

@ -99,8 +99,7 @@
"stripPrefix": { "stripPrefix": {
"prefixes": [ "prefixes": [
"foo" "foo"
], ]
"forceSlash": true
}, },
"stripPrefixRegex": { "stripPrefixRegex": {
"regex": [ "regex": [
@ -161,13 +160,9 @@
"hostsProxyHeaders": [ "hostsProxyHeaders": [
"foo" "foo"
], ],
"sslRedirect": true,
"sslTemporaryRedirect": true,
"sslHost": "foo",
"sslProxyHeaders": { "sslProxyHeaders": {
"foo": "bar" "foo": "bar"
}, },
"sslForceHost": true,
"stsSeconds": 42, "stsSeconds": 42,
"stsIncludeSubdomains": true, "stsIncludeSubdomains": true,
"stsPreload": true, "stsPreload": true,
@ -180,7 +175,6 @@
"contentSecurityPolicy": "foo", "contentSecurityPolicy": "foo",
"publicKey": "foo", "publicKey": "foo",
"referrerPolicy": "foo", "referrerPolicy": "foo",
"featurePolicy": "foo",
"permissionsPolicy": "foo", "permissionsPolicy": "foo",
"isDevelopment": true "isDevelopment": true
}, },
@ -238,7 +232,6 @@
"address": "127.0.0.1", "address": "127.0.0.1",
"tls": { "tls": {
"ca": "ca.pem", "ca": "ca.pem",
"caOptional": true,
"cert": "cert.pem", "cert": "cert.pem",
"key": "xxxx", "key": "xxxx",
"insecureSkipVerify": true "insecureSkipVerify": true

View file

@ -18,14 +18,13 @@ type ClientAuth struct {
// Options configures TLS for an entry point. // Options configures TLS for an entry point.
type Options struct { type Options struct {
MinVersion string `json:"minVersion,omitempty" toml:"minVersion,omitempty" yaml:"minVersion,omitempty" export:"true"` MinVersion string `json:"minVersion,omitempty" toml:"minVersion,omitempty" yaml:"minVersion,omitempty" export:"true"`
MaxVersion string `json:"maxVersion,omitempty" toml:"maxVersion,omitempty" yaml:"maxVersion,omitempty" export:"true"` MaxVersion string `json:"maxVersion,omitempty" toml:"maxVersion,omitempty" yaml:"maxVersion,omitempty" export:"true"`
CipherSuites []string `json:"cipherSuites,omitempty" toml:"cipherSuites,omitempty" yaml:"cipherSuites,omitempty" export:"true"` CipherSuites []string `json:"cipherSuites,omitempty" toml:"cipherSuites,omitempty" yaml:"cipherSuites,omitempty" export:"true"`
CurvePreferences []string `json:"curvePreferences,omitempty" toml:"curvePreferences,omitempty" yaml:"curvePreferences,omitempty" export:"true"` CurvePreferences []string `json:"curvePreferences,omitempty" toml:"curvePreferences,omitempty" yaml:"curvePreferences,omitempty" export:"true"`
ClientAuth ClientAuth `json:"clientAuth,omitempty" toml:"clientAuth,omitempty" yaml:"clientAuth,omitempty"` ClientAuth ClientAuth `json:"clientAuth,omitempty" toml:"clientAuth,omitempty" yaml:"clientAuth,omitempty"`
SniStrict bool `json:"sniStrict,omitempty" toml:"sniStrict,omitempty" yaml:"sniStrict,omitempty" export:"true"` SniStrict bool `json:"sniStrict,omitempty" toml:"sniStrict,omitempty" yaml:"sniStrict,omitempty" export:"true"`
PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty" toml:"preferServerCipherSuites,omitempty" yaml:"preferServerCipherSuites,omitempty" export:"true"` // Deprecated: https://github.com/golang/go/issues/45430 ALPNProtocols []string `json:"alpnProtocols,omitempty" toml:"alpnProtocols,omitempty" yaml:"alpnProtocols,omitempty" export:"true"`
ALPNProtocols []string `json:"alpnProtocols,omitempty" toml:"alpnProtocols,omitempty" yaml:"alpnProtocols,omitempty" export:"true"`
} }
// SetDefaults sets the default values for an Options struct. // SetDefaults sets the default values for an Options struct.

View file

@ -4,7 +4,6 @@ import (
"io" "io"
"net" "net"
"os" "os"
"strings"
"github.com/opentracing/opentracing-go" "github.com/opentracing/opentracing-go"
"github.com/rs/zerolog/log" "github.com/rs/zerolog/log"
@ -18,9 +17,7 @@ const Name = "datadog"
// Config provides configuration settings for a datadog tracer. // Config provides configuration settings for a datadog tracer.
type Config struct { type Config struct {
LocalAgentHostPort string `description:"Sets the Datadog Agent host:port." json:"localAgentHostPort,omitempty" toml:"localAgentHostPort,omitempty" yaml:"localAgentHostPort,omitempty"` LocalAgentHostPort string `description:"Sets the Datadog Agent host:port." json:"localAgentHostPort,omitempty" toml:"localAgentHostPort,omitempty" yaml:"localAgentHostPort,omitempty"`
// Deprecated: use GlobalTags instead.
GlobalTag string `description:"Sets a key:value tag on all spans." json:"globalTag,omitempty" toml:"globalTag,omitempty" yaml:"globalTag,omitempty" export:"true"`
GlobalTags map[string]string `description:"Sets a list of key:value tags on all spans." json:"globalTags,omitempty" toml:"globalTags,omitempty" yaml:"globalTags,omitempty" export:"true"` GlobalTags map[string]string `description:"Sets a list of key:value tags on all spans." json:"globalTags,omitempty" toml:"globalTags,omitempty" yaml:"globalTags,omitempty" export:"true"`
Debug bool `description:"Enables Datadog debug." json:"debug,omitempty" toml:"debug,omitempty" yaml:"debug,omitempty" export:"true"` Debug bool `description:"Enables Datadog debug." json:"debug,omitempty" toml:"debug,omitempty" yaml:"debug,omitempty" export:"true"`
PrioritySampling bool `description:"Enables priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled." json:"prioritySampling,omitempty" toml:"prioritySampling,omitempty" yaml:"prioritySampling,omitempty" export:"true"` PrioritySampling bool `description:"Enables priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled." json:"prioritySampling,omitempty" toml:"prioritySampling,omitempty" yaml:"prioritySampling,omitempty" export:"true"`
@ -66,17 +63,6 @@ func (c *Config) Setup(serviceName string) (opentracing.Tracer, io.Closer, error
opts = append(opts, datadog.WithGlobalTag(k, v)) opts = append(opts, datadog.WithGlobalTag(k, v))
} }
if c.GlobalTag != "" {
logger.Warn().Msg(`Datadog: option "globalTag" is deprecated, please use "globalTags" instead.`)
key, value, _ := strings.Cut(c.GlobalTag, ":")
// Don't override a tag already defined with the new option.
if _, ok := c.GlobalTags[key]; !ok {
opts = append(opts, datadog.WithGlobalTag(key, value))
}
}
if c.PrioritySampling { if c.PrioritySampling {
opts = append(opts, datadog.WithPrioritySampling()) opts = append(opts, datadog.WithPrioritySampling())
} }

View file

@ -16,9 +16,7 @@ import (
// ClientTLS holds TLS specific configurations as client // ClientTLS holds TLS specific configurations as client
// CA, Cert and Key can be either path or file contents. // CA, Cert and Key can be either path or file contents.
type ClientTLS struct { type ClientTLS struct {
CA string `description:"TLS CA" json:"ca,omitempty" toml:"ca,omitempty" yaml:"ca,omitempty"` CA string `description:"TLS CA" json:"ca,omitempty" toml:"ca,omitempty" yaml:"ca,omitempty"`
// Deprecated: TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).
CAOptional bool `description:"TLS CA.Optional" json:"caOptional,omitempty" toml:"caOptional,omitempty" yaml:"caOptional,omitempty" export:"true"`
Cert string `description:"TLS cert" json:"cert,omitempty" toml:"cert,omitempty" yaml:"cert,omitempty"` Cert string `description:"TLS cert" json:"cert,omitempty" toml:"cert,omitempty" yaml:"cert,omitempty"`
Key string `description:"TLS key" json:"key,omitempty" toml:"key,omitempty" yaml:"key,omitempty" loggable:"false"` Key string `description:"TLS key" json:"key,omitempty" toml:"key,omitempty" yaml:"key,omitempty" loggable:"false"`
InsecureSkipVerify bool `description:"TLS insecure skip verify" json:"insecureSkipVerify,omitempty" toml:"insecureSkipVerify,omitempty" yaml:"insecureSkipVerify,omitempty" export:"true"` InsecureSkipVerify bool `description:"TLS insecure skip verify" json:"insecureSkipVerify,omitempty" toml:"insecureSkipVerify,omitempty" yaml:"insecureSkipVerify,omitempty" export:"true"`
@ -31,10 +29,6 @@ func (c *ClientTLS) CreateTLSConfig(ctx context.Context) (*tls.Config, error) {
return nil, nil return nil, nil
} }
if c.CAOptional {
log.Ctx(ctx).Warn().Msg("CAOptional is deprecated, TLS client authentication is a server side option.")
}
// Not initialized, to rely on system bundle. // Not initialized, to rely on system bundle.
var caPool *x509.CertPool var caPool *x509.CertPool