Merge branch 'master' of github.com:traefik/traefik
All checks were successful
Build & Push / build-and-push (push) Successful in 10m30s
All checks were successful
Build & Push / build-and-push (push) Successful in 10m30s
This commit is contained in:
commit
6f8b9a338d
89 changed files with 1250 additions and 515 deletions
|
@ -46,7 +46,7 @@ blocks:
|
|||
- name: GH_VERSION
|
||||
value: 2.32.1
|
||||
- name: CODENAME
|
||||
value: "comte"
|
||||
value: "munster"
|
||||
prologue:
|
||||
commands:
|
||||
- export VERSION=${SEMAPHORE_GIT_TAG_NAME}
|
||||
|
|
51
CHANGELOG.md
51
CHANGELOG.md
|
@ -1,3 +1,54 @@
|
|||
## [v3.2.0-rc1](https://github.com/traefik/traefik/tree/v3.2.0-rc1) (2024-10-02)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v3.1.0-rc1...v3.2.0-rc1)
|
||||
|
||||
**Enhancements:**
|
||||
- **[acme]** Remove same email requirement for certresolvers ([#11019](https://github.com/traefik/traefik/pull/11019) by [Emrio](https://github.com/Emrio))
|
||||
- **[acme]** Add support for custom CA certificates by certificate resolver ([#10816](https://github.com/traefik/traefik/pull/10816) by [ldez](https://github.com/ldez))
|
||||
- **[acme]** Add 30 day certificatesDuration step ([#10970](https://github.com/traefik/traefik/pull/10970) by [luker983](https://github.com/luker983))
|
||||
- **[docker]** Support HTTP BasicAuth for docker and swarm endpoint ([#10776](https://github.com/traefik/traefik/pull/10776) by [985492783](https://github.com/985492783))
|
||||
- **[k8s,k8s/gatewayapi]** Add supported features to the Gateway API GatewayClass status ([#11056](https://github.com/traefik/traefik/pull/11056) by [rtribotte](https://github.com/rtribotte))
|
||||
- **[k8s,k8s/gatewayapi]** Update sigs.k8s.io/gateway-api to v1.2.0-rc1 ([#11124](https://github.com/traefik/traefik/pull/11124) by [rtribotte](https://github.com/rtribotte))
|
||||
- **[k8s,k8s/gatewayapi]** Add support for backend protocol selection in HTTP and GRPC routes ([#11051](https://github.com/traefik/traefik/pull/11051) by [rtribotte](https://github.com/rtribotte))
|
||||
- **[k8s,k8s/gatewayapi]** Improve Kubernetes GatewayAPI TCPRoute and TLSRoute support ([#11042](https://github.com/traefik/traefik/pull/11042) by [rtribotte](https://github.com/rtribotte))
|
||||
- **[k8s,k8s/gatewayapi]** Support HTTPRoute destination port matching ([#11134](https://github.com/traefik/traefik/pull/11134) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[k8s,k8s/gatewayapi]** Bump sigs.k8s.io/gateway-api to v1.2.0-rc2 ([#11131](https://github.com/traefik/traefik/pull/11131) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[k8s,k8s/gatewayapi]** Add support for Gateway API BackendTLSPolicies ([#11009](https://github.com/traefik/traefik/pull/11009) by [rtribotte](https://github.com/rtribotte))
|
||||
- **[k8s,k8s/gatewayapi]** Support NativeLB option in GatewayAPI provider ([#11147](https://github.com/traefik/traefik/pull/11147) by [rtribotte](https://github.com/rtribotte))
|
||||
- **[k8s,k8s/gatewayapi]** Support ResponseHeaderModifier filter ([#10987](https://github.com/traefik/traefik/pull/10987) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[k8s,k8s/gatewayapi]** Support GRPC routes ([#10975](https://github.com/traefik/traefik/pull/10975) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[metrics,otel]** Allow setting service.name for OTLP metrics ([#10917](https://github.com/traefik/traefik/pull/10917) by [cmartell-at-ocp](https://github.com/cmartell-at-ocp))
|
||||
- **[middleware,accesslogs]** Record trace id and EntryPoint span id into access log ([#10921](https://github.com/traefik/traefik/pull/10921) by [weijiany](https://github.com/weijiany))
|
||||
- **[middleware,authentication]** Support LogUserHeader with forwardAuth middleware ([#10833](https://github.com/traefik/traefik/pull/10833) by [GaleHuang](https://github.com/GaleHuang))
|
||||
- **[middleware]** Add encodings option to the compression middleware ([#10943](https://github.com/traefik/traefik/pull/10943) by [wollomatic](https://github.com/wollomatic))
|
||||
- **[middleware]** Add support for ipv6 subnet in ipStrategy ([#9747](https://github.com/traefik/traefik/pull/9747) by [michal-kralik](https://github.com/michal-kralik))
|
||||
- **[nomad]** Support for watching instead of polling Nomad ([#10997](https://github.com/traefik/traefik/pull/10997) by [deverton-godaddy](https://github.com/deverton-godaddy))
|
||||
- **[server,performance]** Introduce a fast proxy mode to improve HTTP/1.1 performances with backends ([#11122](https://github.com/traefik/traefik/pull/11122) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[server]** Configurable max request header size ([#10995](https://github.com/traefik/traefik/pull/10995) by [lucasrod16](https://github.com/lucasrod16))
|
||||
- **[service]** Add mirrorBody option to HTTP mirroring ([#11032](https://github.com/traefik/traefik/pull/11032) by [MatteoPaier](https://github.com/MatteoPaier))
|
||||
|
||||
## [v3.1.5](https://github.com/traefik/traefik/tree/v3.1.5) (2024-10-02)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v3.1.4...v3.1.5)
|
||||
|
||||
**Bug fixes:**
|
||||
- **[k8s/ingress,k8s]** Disable IngressClass lookup when disableClusterScopeResources is enabled ([#11111](https://github.com/traefik/traefik/pull/11111) by [jnoordsij](https://github.com/jnoordsij))
|
||||
- **[server]** Rework condition to not log on timeout ([#11132](https://github.com/traefik/traefik/pull/11132) by [rtribotte](https://github.com/rtribotte))
|
||||
- Merge branch v2.11 into v3.1 ([#11149](https://github.com/traefik/traefik/pull/11149) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- Merge branch v2.11 into v3.1 ([#11142](https://github.com/traefik/traefik/pull/11142) by [rtribotte](https://github.com/rtribotte))
|
||||
|
||||
## [v2.11.11](https://github.com/traefik/traefik/tree/v2.11.11) (2024-10-02)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v2.11.10...v2.11.11)
|
||||
|
||||
**Bug fixes:**
|
||||
- **[acme]** Ensure defaultGeneratedCert.main as Subject's CN ([#10581](https://github.com/traefik/traefik/pull/10581) by [Lamatte](https://github.com/Lamatte))
|
||||
- **[middleware,authentication]** Clean connection headers for forward auth request only ([#11095](https://github.com/traefik/traefik/pull/11095) by [rtribotte](https://github.com/rtribotte))
|
||||
- **[middleware]** Bump github.com/klauspost/compress to 8e14b1b5a913 ([#11141](https://github.com/traefik/traefik/pull/11141) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[server]** Rework condition to not log on timeout ([#11133](https://github.com/traefik/traefik/pull/11133) by [rtribotte](https://github.com/rtribotte))
|
||||
- **[webui]** Remove unused boot files from webui ([#11109](https://github.com/traefik/traefik/pull/11109) by [michelheusschen](https://github.com/michelheusschen))
|
||||
|
||||
**Documentation:**
|
||||
- **[accesslogs]** Specify default format value for access log ([#11130](https://github.com/traefik/traefik/pull/11130) by [darkweaver87](https://github.com/darkweaver87))
|
||||
- **[api]** Update API documentation to mention pagination ([#11115](https://github.com/traefik/traefik/pull/11115) by [lyrandy](https://github.com/lyrandy))
|
||||
|
||||
## [v3.1.4](https://github.com/traefik/traefik/tree/v3.1.4) (2024-09-19)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v3.1.3...v3.1.4)
|
||||
|
||||
|
|
|
@ -79,7 +79,7 @@ traefik --help
|
|||
# or
|
||||
|
||||
docker run traefik[:version] --help
|
||||
# ex: docker run traefik:v3.1 --help
|
||||
# ex: docker run traefik:v3.2 --help
|
||||
```
|
||||
|
||||
Check the [CLI reference](../reference/static-configuration/cli.md "Link to CLI reference overview") for an overview about all available arguments.
|
||||
|
|
|
@ -16,12 +16,12 @@ You can install Traefik with the following flavors:
|
|||
|
||||
Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file:
|
||||
|
||||
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.1/traefik.sample.yml)
|
||||
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.1/traefik.sample.toml)
|
||||
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.2/traefik.sample.yml)
|
||||
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.2/traefik.sample.toml)
|
||||
|
||||
```shell
|
||||
docker run -d -p 8080:8080 -p 80:80 \
|
||||
-v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.1
|
||||
-v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.2
|
||||
```
|
||||
|
||||
For more details, go to the [Docker provider documentation](../providers/docker.md)
|
||||
|
@ -29,7 +29,7 @@ For more details, go to the [Docker provider documentation](../providers/docker.
|
|||
!!! tip
|
||||
|
||||
* Prefer a fixed version than the latest that could be an unexpected version.
|
||||
ex: `traefik:v3.1`
|
||||
ex: `traefik:v3.2`
|
||||
* Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine).
|
||||
* Any orchestrator using docker images can fetch the official Traefik docker image.
|
||||
|
||||
|
|
|
@ -154,7 +154,7 @@ spec:
|
|||
serviceAccountName: traefik-account
|
||||
containers:
|
||||
- name: traefik
|
||||
image: traefik:v3.1
|
||||
image: traefik:v3.2
|
||||
args:
|
||||
- --api.insecure
|
||||
- --providers.kubernetesingress
|
||||
|
|
|
@ -20,7 +20,7 @@ version: '3'
|
|||
services:
|
||||
reverse-proxy:
|
||||
# The official v3 Traefik docker image
|
||||
image: traefik:v3.1
|
||||
image: traefik:v3.2
|
||||
# Enables the web UI and tells Traefik to listen to docker
|
||||
command: --api.insecure=true --providers.docker
|
||||
ports:
|
||||
|
|
|
@ -640,3 +640,15 @@ Increasing the `readTimeout` value could be the solution notably if you are deal
|
|||
- TCP: `Error while handling TCP connection: readfrom tcp X.X.X.X:X->X.X.X.X:X: read tcp X.X.X.X:X->X.X.X.X:X: i/o timeout`
|
||||
- HTTP: `'499 Client Closed Request' caused by: context canceled`
|
||||
- HTTP: `ReverseProxy read error during body copy: read tcp X.X.X.X:X->X.X.X.X:X: use of closed network connection`
|
||||
|
||||
## v2.11.3
|
||||
|
||||
### Connection headers
|
||||
|
||||
In `v2.11.3`, the handling of the request Connection headers directives has changed to prevent any abuse.
|
||||
Before, Traefik removed any header listed in the Connection header just before forwarding the request to the backends.
|
||||
Now, Traefik removes the headers listed in the Connection header as soon as the request is handled.
|
||||
As a consequence, middlewares do not have access to those Connection headers,
|
||||
and a new option has been introduced to specify which ones could go through the middleware chain before being removed: `<entrypoint>.forwardedHeaders.connection`.
|
||||
|
||||
Please check out the [entrypoint forwarded headers connection option configuration](../routing/entrypoints.md#forwarded-headers) documentation.
|
||||
|
|
|
@ -67,6 +67,8 @@ accessLog:
|
|||
|
||||
### `format`
|
||||
|
||||
_Optional, Default="common"_
|
||||
|
||||
By default, logs are written using the Common Log Format (CLF).
|
||||
To write logs in JSON, use `json` in the `format` option.
|
||||
If the given format is unsupported, the default (CLF) is used instead.
|
||||
|
@ -277,7 +279,7 @@ version: "3.7"
|
|||
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v3.1
|
||||
image: traefik:v3.2
|
||||
environment:
|
||||
- TZ=US/Alaska
|
||||
command:
|
||||
|
|
|
@ -136,6 +136,15 @@ api:
|
|||
|
||||
All the following endpoints must be accessed with a `GET` HTTP request.
|
||||
|
||||
!!! info "Pagination"
|
||||
|
||||
By default, up to 100 results are returned per page, and the next page can be checked using the `X-Next-Page` HTTP Header.
|
||||
To control pagination, use the `page` and `per_page` query parameters.
|
||||
|
||||
```bash
|
||||
curl https://traefik.example.com:8080/api/http/routers?page=2&per_page=20
|
||||
```
|
||||
|
||||
| Path | Description |
|
||||
|--------------------------------|---------------------------------------------------------------------------------------------|
|
||||
| `/api/http/routers` | Lists all the HTTP routers information. |
|
||||
|
|
|
@ -166,7 +166,7 @@ See the [Docker API Access](#docker-api-access) section for more information.
|
|||
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v3.1 # The official v3 Traefik docker image
|
||||
image: traefik:v3.2 # The official v3 Traefik docker image
|
||||
ports:
|
||||
- "80:80"
|
||||
volumes:
|
||||
|
|
|
@ -31,10 +31,10 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku
|
|||
|
||||
```bash
|
||||
# Install Traefik Resource Definitions:
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
|
||||
|
||||
# Install RBAC for Traefik:
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
|
||||
```
|
||||
|
||||
## Resource Configuration
|
||||
|
|
|
@ -34,7 +34,7 @@ For more details, check out the conformance [report](https://github.com/kubernet
|
|||
|
||||
```bash
|
||||
# Install Traefik RBACs.
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml
|
||||
```
|
||||
|
||||
3. Deploy Traefik and enable the `kubernetesGateway` provider in the static configuration as detailed below:
|
||||
|
|
|
@ -526,6 +526,6 @@ providers:
|
|||
### Further
|
||||
|
||||
To learn more about the various aspects of the Ingress specification that Traefik supports,
|
||||
many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v3.1/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
|
||||
many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v3.2/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
|
||||
|
||||
{!traefik-for-business-applications.md!}
|
||||
|
|
|
@ -212,7 +212,7 @@ See the [Docker Swarm API Access](#docker-api-access) section for more informati
|
|||
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v3.1 # The official v3 Traefik docker image
|
||||
image: traefik:v3.2 # The official v3 Traefik docker image
|
||||
ports:
|
||||
- "80:80"
|
||||
volumes:
|
||||
|
|
|
@ -43,7 +43,7 @@ spec:
|
|||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
|
@ -63,12 +63,12 @@ spec:
|
|||
match:
|
||||
description: |-
|
||||
Match defines the router's rule.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule
|
||||
type: string
|
||||
middlewares:
|
||||
description: |-
|
||||
Middlewares defines the list of references to Middleware resources.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware
|
||||
items:
|
||||
description: MiddlewareRef is a reference to a Middleware
|
||||
resource.
|
||||
|
@ -88,7 +88,7 @@ spec:
|
|||
priority:
|
||||
description: |-
|
||||
Priority defines the router's priority.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority
|
||||
type: integer
|
||||
services:
|
||||
description: |-
|
||||
|
@ -229,7 +229,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -277,7 +277,7 @@ spec:
|
|||
syntax:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax
|
||||
type: string
|
||||
required:
|
||||
- kind
|
||||
|
@ -287,18 +287,18 @@ spec:
|
|||
tls:
|
||||
description: |-
|
||||
TLS defines the TLS configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls
|
||||
properties:
|
||||
certResolver:
|
||||
description: |-
|
||||
CertResolver defines the name of the certificate resolver to use.
|
||||
Cert resolvers have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
|
||||
type: string
|
||||
domains:
|
||||
description: |-
|
||||
Domains defines the list of domains that will be used to issue certificates.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
|
@ -317,17 +317,17 @@ spec:
|
|||
description: |-
|
||||
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
If not defined, the `default` TLSOption is used.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
|
||||
properties:
|
||||
name:
|
||||
description: |-
|
||||
Name defines the name of the referenced TLSOption.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace defines the namespace of the referenced TLSOption.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
|
@ -344,12 +344,12 @@ spec:
|
|||
name:
|
||||
description: |-
|
||||
Name defines the name of the referenced TLSStore.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace defines the namespace of the referenced TLSStore.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
|
@ -409,7 +409,7 @@ spec:
|
|||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
|
@ -422,7 +422,7 @@ spec:
|
|||
match:
|
||||
description: |-
|
||||
Match defines the router's rule.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1
|
||||
type: string
|
||||
middlewares:
|
||||
description: Middlewares defines the list of references to MiddlewareTCP
|
||||
|
@ -446,7 +446,7 @@ spec:
|
|||
priority:
|
||||
description: |-
|
||||
Priority defines the router's priority.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1
|
||||
type: integer
|
||||
services:
|
||||
description: Services defines the list of TCP services.
|
||||
|
@ -487,7 +487,7 @@ spec:
|
|||
proxyProtocol:
|
||||
description: |-
|
||||
ProxyProtocol defines the PROXY protocol configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
|
||||
properties:
|
||||
version:
|
||||
description: Version defines the PROXY Protocol version
|
||||
|
@ -525,7 +525,7 @@ spec:
|
|||
syntax:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1
|
||||
type: string
|
||||
required:
|
||||
- match
|
||||
|
@ -534,18 +534,18 @@ spec:
|
|||
tls:
|
||||
description: |-
|
||||
TLS defines the TLS configuration on a layer 4 / TCP Route.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1
|
||||
properties:
|
||||
certResolver:
|
||||
description: |-
|
||||
CertResolver defines the name of the certificate resolver to use.
|
||||
Cert resolvers have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
|
||||
type: string
|
||||
domains:
|
||||
description: |-
|
||||
Domains defines the list of domains that will be used to issue certificates.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
|
@ -564,7 +564,7 @@ spec:
|
|||
description: |-
|
||||
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
If not defined, the `default` TLSOption is used.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Traefik
|
||||
|
@ -656,7 +656,7 @@ spec:
|
|||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
|
@ -743,7 +743,7 @@ spec:
|
|||
openAPIV3Schema:
|
||||
description: |-
|
||||
Middleware is the CRD implementation of a Traefik Middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -769,7 +769,7 @@ spec:
|
|||
description: |-
|
||||
AddPrefix holds the add prefix middleware configuration.
|
||||
This middleware updates the path of a request before forwarding it.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/
|
||||
properties:
|
||||
prefix:
|
||||
description: |-
|
||||
|
@ -781,12 +781,12 @@ spec:
|
|||
description: |-
|
||||
BasicAuth holds the basic auth middleware configuration.
|
||||
This middleware restricts access to your services to known users.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
|
||||
properties:
|
||||
headerField:
|
||||
description: |-
|
||||
HeaderField defines a header field to store the authenticated user.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
|
||||
type: string
|
||||
realm:
|
||||
description: |-
|
||||
|
@ -807,7 +807,7 @@ spec:
|
|||
description: |-
|
||||
Buffering holds the buffering middleware configuration.
|
||||
This middleware retries or limits the size of requests that can be forwarded to backends.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes
|
||||
properties:
|
||||
maxRequestBodyBytes:
|
||||
description: |-
|
||||
|
@ -839,14 +839,14 @@ spec:
|
|||
description: |-
|
||||
RetryExpression defines the retry conditions.
|
||||
It is a logical combination of functions with operators AND (&&) and OR (||).
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression
|
||||
type: string
|
||||
type: object
|
||||
chain:
|
||||
description: |-
|
||||
Chain holds the configuration of the chain middleware.
|
||||
This middleware enables to define reusable combinations of other pieces of middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/
|
||||
properties:
|
||||
middlewares:
|
||||
description: Middlewares is the list of MiddlewareRef which composes
|
||||
|
@ -905,7 +905,7 @@ spec:
|
|||
description: |-
|
||||
Compress holds the compress middleware configuration.
|
||||
This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/
|
||||
properties:
|
||||
defaultEncoding:
|
||||
description: DefaultEncoding specifies the default encoding if
|
||||
|
@ -954,12 +954,12 @@ spec:
|
|||
description: |-
|
||||
DigestAuth holds the digest auth middleware configuration.
|
||||
This middleware restricts access to your services to known users.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
|
||||
properties:
|
||||
headerField:
|
||||
description: |-
|
||||
HeaderField defines a header field to store the authenticated user.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
|
||||
type: string
|
||||
realm:
|
||||
description: |-
|
||||
|
@ -979,7 +979,7 @@ spec:
|
|||
description: |-
|
||||
ErrorPage holds the custom error middleware configuration.
|
||||
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/
|
||||
properties:
|
||||
query:
|
||||
description: |-
|
||||
|
@ -989,7 +989,7 @@ spec:
|
|||
service:
|
||||
description: |-
|
||||
Service defines the reference to a Kubernetes Service that will serve the error page.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service
|
||||
properties:
|
||||
healthCheck:
|
||||
description: Healthcheck defines health checks for ExternalName
|
||||
|
@ -1122,7 +1122,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -1180,7 +1180,7 @@ spec:
|
|||
description: |-
|
||||
ForwardAuth holds the forward auth middleware configuration.
|
||||
This middleware delegates the request authentication to a Service.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
|
||||
properties:
|
||||
addAuthCookiesToResponse:
|
||||
description: AddAuthCookiesToResponse defines the list of cookies
|
||||
|
@ -1208,7 +1208,7 @@ spec:
|
|||
authResponseHeadersRegex:
|
||||
description: |-
|
||||
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
type: string
|
||||
tls:
|
||||
description: TLS defines the configuration used to secure the
|
||||
|
@ -1255,7 +1255,7 @@ spec:
|
|||
description: |-
|
||||
Headers holds the headers middleware configuration.
|
||||
This middleware manages the requests and responses headers.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders
|
||||
properties:
|
||||
accessControlAllowCredentials:
|
||||
description: AccessControlAllowCredentials defines whether the
|
||||
|
@ -1426,7 +1426,7 @@ spec:
|
|||
description: |-
|
||||
InFlightReq holds the in-flight request middleware configuration.
|
||||
This middleware limits the number of requests being processed and served concurrently.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/
|
||||
properties:
|
||||
amount:
|
||||
description: |-
|
||||
|
@ -1439,12 +1439,12 @@ spec:
|
|||
SourceCriterion defines what criterion is used to group requests as originating from a common source.
|
||||
If several strategies are defined at the same time, an error will be raised.
|
||||
If none are set, the default is to use the requestHost.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1479,12 +1479,12 @@ spec:
|
|||
description: |-
|
||||
IPAllowList holds the IP allowlist middleware configuration.
|
||||
This middleware limits allowed requests based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1521,7 +1521,7 @@ spec:
|
|||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1551,7 +1551,7 @@ spec:
|
|||
description: |-
|
||||
PassTLSClientCert holds the pass TLS client cert middleware configuration.
|
||||
This middleware adds the selected data from the passed client TLS certificate to a header.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/
|
||||
properties:
|
||||
info:
|
||||
description: Info selects the specific client certificate details
|
||||
|
@ -1660,7 +1660,7 @@ spec:
|
|||
description: |-
|
||||
RateLimit holds the rate limit configuration.
|
||||
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/
|
||||
properties:
|
||||
average:
|
||||
description: |-
|
||||
|
@ -1693,7 +1693,7 @@ spec:
|
|||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1728,7 +1728,7 @@ spec:
|
|||
description: |-
|
||||
RedirectRegex holds the redirect regex middleware configuration.
|
||||
This middleware redirects a request using regex matching and replacement.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex
|
||||
properties:
|
||||
permanent:
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
|
@ -1747,7 +1747,7 @@ spec:
|
|||
description: |-
|
||||
RedirectScheme holds the redirect scheme middleware configuration.
|
||||
This middleware redirects requests from a scheme/port to another.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/
|
||||
properties:
|
||||
permanent:
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
|
@ -1764,7 +1764,7 @@ spec:
|
|||
description: |-
|
||||
ReplacePath holds the replace path middleware configuration.
|
||||
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/
|
||||
properties:
|
||||
path:
|
||||
description: Path defines the path to use as replacement in the
|
||||
|
@ -1775,7 +1775,7 @@ spec:
|
|||
description: |-
|
||||
ReplacePathRegex holds the replace path regex middleware configuration.
|
||||
This middleware replaces the path of a URL using regex matching and replacement.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/
|
||||
properties:
|
||||
regex:
|
||||
description: Regex defines the regular expression used to match
|
||||
|
@ -1791,7 +1791,7 @@ spec:
|
|||
Retry holds the retry middleware configuration.
|
||||
This middleware reissues requests a given number of times to a backend server if that server does not reply.
|
||||
As soon as the server answers, the middleware stops retrying, regardless of the response status.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
|
||||
properties:
|
||||
attempts:
|
||||
description: Attempts defines how many times the request should
|
||||
|
@ -1813,7 +1813,7 @@ spec:
|
|||
description: |-
|
||||
StripPrefix holds the strip prefix middleware configuration.
|
||||
This middleware removes the specified prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/
|
||||
properties:
|
||||
forceSlash:
|
||||
description: |-
|
||||
|
@ -1832,7 +1832,7 @@ spec:
|
|||
description: |-
|
||||
StripPrefixRegex holds the strip prefix regex middleware configuration.
|
||||
This middleware removes the matching prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/
|
||||
properties:
|
||||
regex:
|
||||
description: Regex defines the regular expression to match the
|
||||
|
@ -1869,7 +1869,7 @@ spec:
|
|||
openAPIV3Schema:
|
||||
description: |-
|
||||
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -1905,7 +1905,7 @@ spec:
|
|||
description: |-
|
||||
IPAllowList defines the IPAllowList middleware configuration.
|
||||
This middleware accepts/refuses connections based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
|
@ -1919,7 +1919,7 @@ spec:
|
|||
IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
This middleware accepts/refuses connections based on the client IP.
|
||||
Deprecated: please use IPAllowList instead.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
|
@ -1958,7 +1958,7 @@ spec:
|
|||
ServersTransport is the CRD implementation of a ServersTransport.
|
||||
If no serversTransport is specified, the default@internal will be used.
|
||||
The default@internal serversTransport is created from the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2097,7 +2097,7 @@ spec:
|
|||
ServersTransportTCP is the CRD implementation of a TCPServersTransport.
|
||||
If no tcpServersTransport is specified, a default one named default@internal will be used.
|
||||
The default@internal tcpServersTransport can be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2215,7 +2215,7 @@ spec:
|
|||
openAPIV3Schema:
|
||||
description: |-
|
||||
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2240,14 +2240,14 @@ spec:
|
|||
alpnProtocols:
|
||||
description: |-
|
||||
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
cipherSuites:
|
||||
description: |-
|
||||
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
|
@ -2275,7 +2275,7 @@ spec:
|
|||
curvePreferences:
|
||||
description: |-
|
||||
CurvePreferences defines the preferred elliptic curves in a specific order.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
|
@ -2331,7 +2331,7 @@ spec:
|
|||
TLSStore is the CRD implementation of a Traefik TLS Store.
|
||||
For the time being, only the TLSStore named default is supported.
|
||||
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2429,7 +2429,7 @@ spec:
|
|||
TraefikService object allows to:
|
||||
- Apply weight to Services on load-balancing
|
||||
- Mirror traffic on services
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2675,7 +2675,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -2782,7 +2782,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -2965,7 +2965,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -3012,7 +3012,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines whether sticky sessions are enabled.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
|
|
@ -25,7 +25,7 @@ spec:
|
|||
serviceAccountName: traefik-controller
|
||||
containers:
|
||||
- name: traefik
|
||||
image: traefik:v3.1
|
||||
image: traefik:v3.2
|
||||
args:
|
||||
- --entryPoints.web.address=:80
|
||||
- --entryPoints.websecure.address=:443
|
||||
|
|
|
@ -43,7 +43,7 @@ spec:
|
|||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
|
@ -63,12 +63,12 @@ spec:
|
|||
match:
|
||||
description: |-
|
||||
Match defines the router's rule.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule
|
||||
type: string
|
||||
middlewares:
|
||||
description: |-
|
||||
Middlewares defines the list of references to Middleware resources.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware
|
||||
items:
|
||||
description: MiddlewareRef is a reference to a Middleware
|
||||
resource.
|
||||
|
@ -88,7 +88,7 @@ spec:
|
|||
priority:
|
||||
description: |-
|
||||
Priority defines the router's priority.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority
|
||||
type: integer
|
||||
services:
|
||||
description: |-
|
||||
|
@ -229,7 +229,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -277,7 +277,7 @@ spec:
|
|||
syntax:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax
|
||||
type: string
|
||||
required:
|
||||
- kind
|
||||
|
@ -287,18 +287,18 @@ spec:
|
|||
tls:
|
||||
description: |-
|
||||
TLS defines the TLS configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls
|
||||
properties:
|
||||
certResolver:
|
||||
description: |-
|
||||
CertResolver defines the name of the certificate resolver to use.
|
||||
Cert resolvers have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
|
||||
type: string
|
||||
domains:
|
||||
description: |-
|
||||
Domains defines the list of domains that will be used to issue certificates.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
|
@ -317,17 +317,17 @@ spec:
|
|||
description: |-
|
||||
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
If not defined, the `default` TLSOption is used.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
|
||||
properties:
|
||||
name:
|
||||
description: |-
|
||||
Name defines the name of the referenced TLSOption.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace defines the namespace of the referenced TLSOption.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
|
@ -344,12 +344,12 @@ spec:
|
|||
name:
|
||||
description: |-
|
||||
Name defines the name of the referenced TLSStore.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace defines the namespace of the referenced TLSStore.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
|
|
|
@ -43,7 +43,7 @@ spec:
|
|||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
|
@ -56,7 +56,7 @@ spec:
|
|||
match:
|
||||
description: |-
|
||||
Match defines the router's rule.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1
|
||||
type: string
|
||||
middlewares:
|
||||
description: Middlewares defines the list of references to MiddlewareTCP
|
||||
|
@ -80,7 +80,7 @@ spec:
|
|||
priority:
|
||||
description: |-
|
||||
Priority defines the router's priority.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1
|
||||
type: integer
|
||||
services:
|
||||
description: Services defines the list of TCP services.
|
||||
|
@ -121,7 +121,7 @@ spec:
|
|||
proxyProtocol:
|
||||
description: |-
|
||||
ProxyProtocol defines the PROXY protocol configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
|
||||
properties:
|
||||
version:
|
||||
description: Version defines the PROXY Protocol version
|
||||
|
@ -159,7 +159,7 @@ spec:
|
|||
syntax:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1
|
||||
type: string
|
||||
required:
|
||||
- match
|
||||
|
@ -168,18 +168,18 @@ spec:
|
|||
tls:
|
||||
description: |-
|
||||
TLS defines the TLS configuration on a layer 4 / TCP Route.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1
|
||||
properties:
|
||||
certResolver:
|
||||
description: |-
|
||||
CertResolver defines the name of the certificate resolver to use.
|
||||
Cert resolvers have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
|
||||
type: string
|
||||
domains:
|
||||
description: |-
|
||||
Domains defines the list of domains that will be used to issue certificates.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
|
@ -198,7 +198,7 @@ spec:
|
|||
description: |-
|
||||
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
If not defined, the `default` TLSOption is used.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Traefik
|
||||
|
|
|
@ -43,7 +43,7 @@ spec:
|
|||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
|
|
|
@ -19,7 +19,7 @@ spec:
|
|||
openAPIV3Schema:
|
||||
description: |-
|
||||
Middleware is the CRD implementation of a Traefik Middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -45,7 +45,7 @@ spec:
|
|||
description: |-
|
||||
AddPrefix holds the add prefix middleware configuration.
|
||||
This middleware updates the path of a request before forwarding it.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/
|
||||
properties:
|
||||
prefix:
|
||||
description: |-
|
||||
|
@ -57,12 +57,12 @@ spec:
|
|||
description: |-
|
||||
BasicAuth holds the basic auth middleware configuration.
|
||||
This middleware restricts access to your services to known users.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
|
||||
properties:
|
||||
headerField:
|
||||
description: |-
|
||||
HeaderField defines a header field to store the authenticated user.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
|
||||
type: string
|
||||
realm:
|
||||
description: |-
|
||||
|
@ -83,7 +83,7 @@ spec:
|
|||
description: |-
|
||||
Buffering holds the buffering middleware configuration.
|
||||
This middleware retries or limits the size of requests that can be forwarded to backends.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes
|
||||
properties:
|
||||
maxRequestBodyBytes:
|
||||
description: |-
|
||||
|
@ -115,14 +115,14 @@ spec:
|
|||
description: |-
|
||||
RetryExpression defines the retry conditions.
|
||||
It is a logical combination of functions with operators AND (&&) and OR (||).
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression
|
||||
type: string
|
||||
type: object
|
||||
chain:
|
||||
description: |-
|
||||
Chain holds the configuration of the chain middleware.
|
||||
This middleware enables to define reusable combinations of other pieces of middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/
|
||||
properties:
|
||||
middlewares:
|
||||
description: Middlewares is the list of MiddlewareRef which composes
|
||||
|
@ -181,7 +181,7 @@ spec:
|
|||
description: |-
|
||||
Compress holds the compress middleware configuration.
|
||||
This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/
|
||||
properties:
|
||||
defaultEncoding:
|
||||
description: DefaultEncoding specifies the default encoding if
|
||||
|
@ -230,12 +230,12 @@ spec:
|
|||
description: |-
|
||||
DigestAuth holds the digest auth middleware configuration.
|
||||
This middleware restricts access to your services to known users.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
|
||||
properties:
|
||||
headerField:
|
||||
description: |-
|
||||
HeaderField defines a header field to store the authenticated user.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
|
||||
type: string
|
||||
realm:
|
||||
description: |-
|
||||
|
@ -255,7 +255,7 @@ spec:
|
|||
description: |-
|
||||
ErrorPage holds the custom error middleware configuration.
|
||||
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/
|
||||
properties:
|
||||
query:
|
||||
description: |-
|
||||
|
@ -265,7 +265,7 @@ spec:
|
|||
service:
|
||||
description: |-
|
||||
Service defines the reference to a Kubernetes Service that will serve the error page.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service
|
||||
properties:
|
||||
healthCheck:
|
||||
description: Healthcheck defines health checks for ExternalName
|
||||
|
@ -398,7 +398,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -456,7 +456,7 @@ spec:
|
|||
description: |-
|
||||
ForwardAuth holds the forward auth middleware configuration.
|
||||
This middleware delegates the request authentication to a Service.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
|
||||
properties:
|
||||
addAuthCookiesToResponse:
|
||||
description: AddAuthCookiesToResponse defines the list of cookies
|
||||
|
@ -484,7 +484,7 @@ spec:
|
|||
authResponseHeadersRegex:
|
||||
description: |-
|
||||
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
type: string
|
||||
tls:
|
||||
description: TLS defines the configuration used to secure the
|
||||
|
@ -531,7 +531,7 @@ spec:
|
|||
description: |-
|
||||
Headers holds the headers middleware configuration.
|
||||
This middleware manages the requests and responses headers.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders
|
||||
properties:
|
||||
accessControlAllowCredentials:
|
||||
description: AccessControlAllowCredentials defines whether the
|
||||
|
@ -702,7 +702,7 @@ spec:
|
|||
description: |-
|
||||
InFlightReq holds the in-flight request middleware configuration.
|
||||
This middleware limits the number of requests being processed and served concurrently.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/
|
||||
properties:
|
||||
amount:
|
||||
description: |-
|
||||
|
@ -715,12 +715,12 @@ spec:
|
|||
SourceCriterion defines what criterion is used to group requests as originating from a common source.
|
||||
If several strategies are defined at the same time, an error will be raised.
|
||||
If none are set, the default is to use the requestHost.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -755,12 +755,12 @@ spec:
|
|||
description: |-
|
||||
IPAllowList holds the IP allowlist middleware configuration.
|
||||
This middleware limits allowed requests based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -797,7 +797,7 @@ spec:
|
|||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -827,7 +827,7 @@ spec:
|
|||
description: |-
|
||||
PassTLSClientCert holds the pass TLS client cert middleware configuration.
|
||||
This middleware adds the selected data from the passed client TLS certificate to a header.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/
|
||||
properties:
|
||||
info:
|
||||
description: Info selects the specific client certificate details
|
||||
|
@ -936,7 +936,7 @@ spec:
|
|||
description: |-
|
||||
RateLimit holds the rate limit configuration.
|
||||
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/
|
||||
properties:
|
||||
average:
|
||||
description: |-
|
||||
|
@ -969,7 +969,7 @@ spec:
|
|||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1004,7 +1004,7 @@ spec:
|
|||
description: |-
|
||||
RedirectRegex holds the redirect regex middleware configuration.
|
||||
This middleware redirects a request using regex matching and replacement.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex
|
||||
properties:
|
||||
permanent:
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
|
@ -1023,7 +1023,7 @@ spec:
|
|||
description: |-
|
||||
RedirectScheme holds the redirect scheme middleware configuration.
|
||||
This middleware redirects requests from a scheme/port to another.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/
|
||||
properties:
|
||||
permanent:
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
|
@ -1040,7 +1040,7 @@ spec:
|
|||
description: |-
|
||||
ReplacePath holds the replace path middleware configuration.
|
||||
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/
|
||||
properties:
|
||||
path:
|
||||
description: Path defines the path to use as replacement in the
|
||||
|
@ -1051,7 +1051,7 @@ spec:
|
|||
description: |-
|
||||
ReplacePathRegex holds the replace path regex middleware configuration.
|
||||
This middleware replaces the path of a URL using regex matching and replacement.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/
|
||||
properties:
|
||||
regex:
|
||||
description: Regex defines the regular expression used to match
|
||||
|
@ -1067,7 +1067,7 @@ spec:
|
|||
Retry holds the retry middleware configuration.
|
||||
This middleware reissues requests a given number of times to a backend server if that server does not reply.
|
||||
As soon as the server answers, the middleware stops retrying, regardless of the response status.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
|
||||
properties:
|
||||
attempts:
|
||||
description: Attempts defines how many times the request should
|
||||
|
@ -1089,7 +1089,7 @@ spec:
|
|||
description: |-
|
||||
StripPrefix holds the strip prefix middleware configuration.
|
||||
This middleware removes the specified prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/
|
||||
properties:
|
||||
forceSlash:
|
||||
description: |-
|
||||
|
@ -1108,7 +1108,7 @@ spec:
|
|||
description: |-
|
||||
StripPrefixRegex holds the strip prefix regex middleware configuration.
|
||||
This middleware removes the matching prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/
|
||||
properties:
|
||||
regex:
|
||||
description: Regex defines the regular expression to match the
|
||||
|
|
|
@ -19,7 +19,7 @@ spec:
|
|||
openAPIV3Schema:
|
||||
description: |-
|
||||
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -55,7 +55,7 @@ spec:
|
|||
description: |-
|
||||
IPAllowList defines the IPAllowList middleware configuration.
|
||||
This middleware accepts/refuses connections based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
|
@ -69,7 +69,7 @@ spec:
|
|||
IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
This middleware accepts/refuses connections based on the client IP.
|
||||
Deprecated: please use IPAllowList instead.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
|
|
|
@ -21,7 +21,7 @@ spec:
|
|||
ServersTransport is the CRD implementation of a ServersTransport.
|
||||
If no serversTransport is specified, the default@internal will be used.
|
||||
The default@internal serversTransport is created from the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
|
|
@ -21,7 +21,7 @@ spec:
|
|||
ServersTransportTCP is the CRD implementation of a TCPServersTransport.
|
||||
If no tcpServersTransport is specified, a default one named default@internal will be used.
|
||||
The default@internal tcpServersTransport can be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
|
|
@ -19,7 +19,7 @@ spec:
|
|||
openAPIV3Schema:
|
||||
description: |-
|
||||
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -44,14 +44,14 @@ spec:
|
|||
alpnProtocols:
|
||||
description: |-
|
||||
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
cipherSuites:
|
||||
description: |-
|
||||
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
|
@ -79,7 +79,7 @@ spec:
|
|||
curvePreferences:
|
||||
description: |-
|
||||
CurvePreferences defines the preferred elliptic curves in a specific order.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
|
|
|
@ -21,7 +21,7 @@ spec:
|
|||
TLSStore is the CRD implementation of a Traefik TLS Store.
|
||||
For the time being, only the TLSStore named default is supported.
|
||||
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
|
|
@ -22,7 +22,7 @@ spec:
|
|||
TraefikService object allows to:
|
||||
- Apply weight to Services on load-balancing
|
||||
- Mirror traffic on services
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -268,7 +268,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -375,7 +375,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -558,7 +558,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -605,7 +605,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines whether sticky sessions are enabled.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
|
|
@ -801,6 +801,9 @@ Kubernetes label selector to select specific GatewayClasses.
|
|||
`--providers.kubernetesgateway.namespaces`:
|
||||
Kubernetes namespaces.
|
||||
|
||||
`--providers.kubernetesgateway.nativelbbydefault`:
|
||||
Defines whether to use Native Kubernetes load-balancing by default. (Default: ```false```)
|
||||
|
||||
`--providers.kubernetesgateway.statusaddress.hostname`:
|
||||
Hostname used for Kubernetes Gateway status address.
|
||||
|
||||
|
|
|
@ -801,6 +801,9 @@ Kubernetes label selector to select specific GatewayClasses.
|
|||
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_NAMESPACES`:
|
||||
Kubernetes namespaces.
|
||||
|
||||
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_NATIVELBBYDEFAULT`:
|
||||
Defines whether to use Native Kubernetes load-balancing by default. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_STATUSADDRESS_HOSTNAME`:
|
||||
Hostname used for Kubernetes Gateway status address.
|
||||
|
||||
|
|
|
@ -158,6 +158,7 @@
|
|||
labelSelector = "foobar"
|
||||
throttleDuration = "42s"
|
||||
experimentalChannel = true
|
||||
nativeLBByDefault = true
|
||||
[providers.kubernetesGateway.statusAddress]
|
||||
ip = "foobar"
|
||||
hostname = "foobar"
|
||||
|
|
|
@ -183,6 +183,7 @@ providers:
|
|||
service:
|
||||
name: foobar
|
||||
namespace: foobar
|
||||
nativeLBByDefault: true
|
||||
rest:
|
||||
insecure: true
|
||||
consulCatalog:
|
||||
|
|
|
@ -48,7 +48,7 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
|
|||
serviceAccountName: traefik-ingress-controller
|
||||
containers:
|
||||
- name: traefik
|
||||
image: traefik:v3.1
|
||||
image: traefik:v3.2
|
||||
args:
|
||||
- --log.level=DEBUG
|
||||
- --api
|
||||
|
|
|
@ -130,7 +130,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
|||
serviceAccountName: traefik-ingress-controller
|
||||
containers:
|
||||
- name: traefik
|
||||
image: traefik:v3.1
|
||||
image: traefik:v3.2
|
||||
args:
|
||||
- --entryPoints.web.address=:80
|
||||
- --providers.kubernetesingress
|
||||
|
@ -543,7 +543,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
|
|||
serviceAccountName: traefik-ingress-controller
|
||||
containers:
|
||||
- name: traefik
|
||||
image: traefik:v3.1
|
||||
image: traefik:v3.2
|
||||
args:
|
||||
- --entryPoints.websecure.address=:443
|
||||
- --entryPoints.websecure.http.tls
|
||||
|
@ -736,7 +736,7 @@ For more options, please refer to the available [annotations](#on-ingress).
|
|||
serviceAccountName: traefik-ingress-controller
|
||||
containers:
|
||||
- name: traefik
|
||||
image: traefik:v3.1
|
||||
image: traefik:v3.2
|
||||
args:
|
||||
- --entryPoints.websecure.address=:443
|
||||
- --providers.kubernetesingress
|
||||
|
|
|
@ -26,7 +26,7 @@ spec:
|
|||
serviceAccountName: traefik-ingress-controller
|
||||
containers:
|
||||
- name: traefik
|
||||
image: traefik:v3.1
|
||||
image: traefik:v3.2
|
||||
args:
|
||||
- --api.insecure
|
||||
- --accesslog
|
||||
|
|
|
@ -49,10 +49,10 @@ and the RBAC authorization resources which will be referenced through the `servi
|
|||
|
||||
```bash
|
||||
# Install Traefik Resource Definitions:
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
|
||||
|
||||
# Install RBAC for Traefik:
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
|
||||
```
|
||||
|
||||
### Services
|
||||
|
@ -60,7 +60,7 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/con
|
|||
Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/traefik/whoami).
|
||||
|
||||
```bash
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/02-services.yml
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/02-services.yml
|
||||
```
|
||||
|
||||
```yaml
|
||||
|
@ -73,7 +73,7 @@ Next, the deployments, i.e. the actual pods behind the services.
|
|||
Again, one pod for Traefik, and one for the whoami app.
|
||||
|
||||
```bash
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/03-deployments.yml
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/03-deployments.yml
|
||||
```
|
||||
|
||||
```yaml
|
||||
|
@ -100,7 +100,7 @@ Look it up.
|
|||
We can now finally apply the actual ingressRoutes, with:
|
||||
|
||||
```bash
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/04-ingressroutes.yml
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/04-ingressroutes.yml
|
||||
```
|
||||
|
||||
```yaml
|
||||
|
@ -126,7 +126,7 @@ Nowadays, TLS v1.0 and v1.1 are deprecated.
|
|||
In order to force TLS v1.2 or later on all your IngressRoute, you can define the `default` TLSOption:
|
||||
|
||||
```bash
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/05-tlsoption.yml
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/05-tlsoption.yml
|
||||
```
|
||||
|
||||
```yaml
|
||||
|
|
|
@ -26,5 +26,5 @@ node:
|
|||
- K3S_CLUSTER_SECRET=somethingtotallyrandom
|
||||
volumes:
|
||||
# this is where you would place a alternative traefik image (saved as a .tar file with
|
||||
# 'docker save'), if you want to use it, instead of the traefik:v3.1 image.
|
||||
# 'docker save'), if you want to use it, instead of the traefik:v3.2 image.
|
||||
- /somewhere/on/your/host/custom-image:/var/lib/rancher/k3s/agent/images
|
||||
|
|
|
@ -3,7 +3,7 @@ version: "3.3"
|
|||
services:
|
||||
|
||||
traefik:
|
||||
image: "traefik:v3.1"
|
||||
image: "traefik:v3.2"
|
||||
container_name: "traefik"
|
||||
command:
|
||||
#- "--log.level=DEBUG"
|
||||
|
|
|
@ -13,7 +13,7 @@ secrets:
|
|||
services:
|
||||
|
||||
traefik:
|
||||
image: "traefik:v3.1"
|
||||
image: "traefik:v3.2"
|
||||
container_name: "traefik"
|
||||
command:
|
||||
#- "--log.level=DEBUG"
|
||||
|
|
|
@ -3,7 +3,7 @@ version: "3.3"
|
|||
services:
|
||||
|
||||
traefik:
|
||||
image: "traefik:v3.1"
|
||||
image: "traefik:v3.2"
|
||||
container_name: "traefik"
|
||||
command:
|
||||
#- "--log.level=DEBUG"
|
||||
|
|
|
@ -3,7 +3,7 @@ version: "3.3"
|
|||
services:
|
||||
|
||||
traefik:
|
||||
image: "traefik:v3.1"
|
||||
image: "traefik:v3.2"
|
||||
container_name: "traefik"
|
||||
command:
|
||||
#- "--log.level=DEBUG"
|
||||
|
|
|
@ -3,7 +3,7 @@ version: "3.3"
|
|||
services:
|
||||
|
||||
traefik:
|
||||
image: "traefik:v3.1"
|
||||
image: "traefik:v3.2"
|
||||
container_name: "traefik"
|
||||
command:
|
||||
#- "--log.level=DEBUG"
|
||||
|
|
|
@ -31,7 +31,7 @@ Create a `docker-compose.yml` file with the following content:
|
|||
services:
|
||||
|
||||
traefik:
|
||||
image: "traefik:v3.1"
|
||||
image: "traefik:v3.2"
|
||||
...
|
||||
networks:
|
||||
- traefiknet
|
||||
|
|
2
go.mod
2
go.mod
|
@ -34,7 +34,7 @@ require (
|
|||
github.com/http-wasm/http-wasm-host-go v0.6.0
|
||||
github.com/influxdata/influxdb-client-go/v2 v2.7.0
|
||||
github.com/influxdata/influxdb1-client v0.0.0-20200827194710-b269163b24ab // No tag on the repo.
|
||||
github.com/klauspost/compress v1.17.9
|
||||
github.com/klauspost/compress v1.17.11-0.20240927175842-8e14b1b5a913 // Required to have the content-type fix: https://github.com/klauspost/compress/pull/1011
|
||||
github.com/kvtools/consul v1.0.2
|
||||
github.com/kvtools/etcdv3 v1.0.2
|
||||
github.com/kvtools/redis v1.1.0
|
||||
|
|
4
go.sum
4
go.sum
|
@ -597,8 +597,8 @@ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvW
|
|||
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
|
||||
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
|
||||
github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
|
||||
github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
|
||||
github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
|
||||
github.com/klauspost/compress v1.17.11-0.20240927175842-8e14b1b5a913 h1:7s7Xd7zVElAw1qh/eh+tXDNfDNXXj38Tpq54eeG6/BM=
|
||||
github.com/klauspost/compress v1.17.11-0.20240927175842-8e14b1b5a913/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
|
||||
github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
|
||||
github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
|
||||
github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
|
||||
|
|
|
@ -43,7 +43,7 @@ spec:
|
|||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
|
@ -63,12 +63,12 @@ spec:
|
|||
match:
|
||||
description: |-
|
||||
Match defines the router's rule.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule
|
||||
type: string
|
||||
middlewares:
|
||||
description: |-
|
||||
Middlewares defines the list of references to Middleware resources.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware
|
||||
items:
|
||||
description: MiddlewareRef is a reference to a Middleware
|
||||
resource.
|
||||
|
@ -88,7 +88,7 @@ spec:
|
|||
priority:
|
||||
description: |-
|
||||
Priority defines the router's priority.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority
|
||||
type: integer
|
||||
services:
|
||||
description: |-
|
||||
|
@ -229,7 +229,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -277,7 +277,7 @@ spec:
|
|||
syntax:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax
|
||||
type: string
|
||||
required:
|
||||
- kind
|
||||
|
@ -287,18 +287,18 @@ spec:
|
|||
tls:
|
||||
description: |-
|
||||
TLS defines the TLS configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls
|
||||
properties:
|
||||
certResolver:
|
||||
description: |-
|
||||
CertResolver defines the name of the certificate resolver to use.
|
||||
Cert resolvers have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
|
||||
type: string
|
||||
domains:
|
||||
description: |-
|
||||
Domains defines the list of domains that will be used to issue certificates.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
|
@ -317,17 +317,17 @@ spec:
|
|||
description: |-
|
||||
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
If not defined, the `default` TLSOption is used.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
|
||||
properties:
|
||||
name:
|
||||
description: |-
|
||||
Name defines the name of the referenced TLSOption.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace defines the namespace of the referenced TLSOption.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
|
@ -344,12 +344,12 @@ spec:
|
|||
name:
|
||||
description: |-
|
||||
Name defines the name of the referenced TLSStore.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace defines the namespace of the referenced TLSStore.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
|
@ -409,7 +409,7 @@ spec:
|
|||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
|
@ -422,7 +422,7 @@ spec:
|
|||
match:
|
||||
description: |-
|
||||
Match defines the router's rule.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1
|
||||
type: string
|
||||
middlewares:
|
||||
description: Middlewares defines the list of references to MiddlewareTCP
|
||||
|
@ -446,7 +446,7 @@ spec:
|
|||
priority:
|
||||
description: |-
|
||||
Priority defines the router's priority.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1
|
||||
type: integer
|
||||
services:
|
||||
description: Services defines the list of TCP services.
|
||||
|
@ -487,7 +487,7 @@ spec:
|
|||
proxyProtocol:
|
||||
description: |-
|
||||
ProxyProtocol defines the PROXY protocol configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
|
||||
properties:
|
||||
version:
|
||||
description: Version defines the PROXY Protocol version
|
||||
|
@ -525,7 +525,7 @@ spec:
|
|||
syntax:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1
|
||||
type: string
|
||||
required:
|
||||
- match
|
||||
|
@ -534,18 +534,18 @@ spec:
|
|||
tls:
|
||||
description: |-
|
||||
TLS defines the TLS configuration on a layer 4 / TCP Route.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1
|
||||
properties:
|
||||
certResolver:
|
||||
description: |-
|
||||
CertResolver defines the name of the certificate resolver to use.
|
||||
Cert resolvers have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
|
||||
type: string
|
||||
domains:
|
||||
description: |-
|
||||
Domains defines the list of domains that will be used to issue certificates.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
|
@ -564,7 +564,7 @@ spec:
|
|||
description: |-
|
||||
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
If not defined, the `default` TLSOption is used.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Traefik
|
||||
|
@ -656,7 +656,7 @@ spec:
|
|||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
|
@ -743,7 +743,7 @@ spec:
|
|||
openAPIV3Schema:
|
||||
description: |-
|
||||
Middleware is the CRD implementation of a Traefik Middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -769,7 +769,7 @@ spec:
|
|||
description: |-
|
||||
AddPrefix holds the add prefix middleware configuration.
|
||||
This middleware updates the path of a request before forwarding it.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/
|
||||
properties:
|
||||
prefix:
|
||||
description: |-
|
||||
|
@ -781,12 +781,12 @@ spec:
|
|||
description: |-
|
||||
BasicAuth holds the basic auth middleware configuration.
|
||||
This middleware restricts access to your services to known users.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
|
||||
properties:
|
||||
headerField:
|
||||
description: |-
|
||||
HeaderField defines a header field to store the authenticated user.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
|
||||
type: string
|
||||
realm:
|
||||
description: |-
|
||||
|
@ -807,7 +807,7 @@ spec:
|
|||
description: |-
|
||||
Buffering holds the buffering middleware configuration.
|
||||
This middleware retries or limits the size of requests that can be forwarded to backends.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes
|
||||
properties:
|
||||
maxRequestBodyBytes:
|
||||
description: |-
|
||||
|
@ -839,14 +839,14 @@ spec:
|
|||
description: |-
|
||||
RetryExpression defines the retry conditions.
|
||||
It is a logical combination of functions with operators AND (&&) and OR (||).
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression
|
||||
type: string
|
||||
type: object
|
||||
chain:
|
||||
description: |-
|
||||
Chain holds the configuration of the chain middleware.
|
||||
This middleware enables to define reusable combinations of other pieces of middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/
|
||||
properties:
|
||||
middlewares:
|
||||
description: Middlewares is the list of MiddlewareRef which composes
|
||||
|
@ -905,7 +905,7 @@ spec:
|
|||
description: |-
|
||||
Compress holds the compress middleware configuration.
|
||||
This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/
|
||||
properties:
|
||||
defaultEncoding:
|
||||
description: DefaultEncoding specifies the default encoding if
|
||||
|
@ -954,12 +954,12 @@ spec:
|
|||
description: |-
|
||||
DigestAuth holds the digest auth middleware configuration.
|
||||
This middleware restricts access to your services to known users.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
|
||||
properties:
|
||||
headerField:
|
||||
description: |-
|
||||
HeaderField defines a header field to store the authenticated user.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
|
||||
type: string
|
||||
realm:
|
||||
description: |-
|
||||
|
@ -979,7 +979,7 @@ spec:
|
|||
description: |-
|
||||
ErrorPage holds the custom error middleware configuration.
|
||||
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/
|
||||
properties:
|
||||
query:
|
||||
description: |-
|
||||
|
@ -989,7 +989,7 @@ spec:
|
|||
service:
|
||||
description: |-
|
||||
Service defines the reference to a Kubernetes Service that will serve the error page.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service
|
||||
properties:
|
||||
healthCheck:
|
||||
description: Healthcheck defines health checks for ExternalName
|
||||
|
@ -1122,7 +1122,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -1180,7 +1180,7 @@ spec:
|
|||
description: |-
|
||||
ForwardAuth holds the forward auth middleware configuration.
|
||||
This middleware delegates the request authentication to a Service.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
|
||||
properties:
|
||||
addAuthCookiesToResponse:
|
||||
description: AddAuthCookiesToResponse defines the list of cookies
|
||||
|
@ -1208,7 +1208,7 @@ spec:
|
|||
authResponseHeadersRegex:
|
||||
description: |-
|
||||
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
type: string
|
||||
tls:
|
||||
description: TLS defines the configuration used to secure the
|
||||
|
@ -1255,7 +1255,7 @@ spec:
|
|||
description: |-
|
||||
Headers holds the headers middleware configuration.
|
||||
This middleware manages the requests and responses headers.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders
|
||||
properties:
|
||||
accessControlAllowCredentials:
|
||||
description: AccessControlAllowCredentials defines whether the
|
||||
|
@ -1426,7 +1426,7 @@ spec:
|
|||
description: |-
|
||||
InFlightReq holds the in-flight request middleware configuration.
|
||||
This middleware limits the number of requests being processed and served concurrently.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/
|
||||
properties:
|
||||
amount:
|
||||
description: |-
|
||||
|
@ -1439,12 +1439,12 @@ spec:
|
|||
SourceCriterion defines what criterion is used to group requests as originating from a common source.
|
||||
If several strategies are defined at the same time, an error will be raised.
|
||||
If none are set, the default is to use the requestHost.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1479,12 +1479,12 @@ spec:
|
|||
description: |-
|
||||
IPAllowList holds the IP allowlist middleware configuration.
|
||||
This middleware limits allowed requests based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1521,7 +1521,7 @@ spec:
|
|||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1551,7 +1551,7 @@ spec:
|
|||
description: |-
|
||||
PassTLSClientCert holds the pass TLS client cert middleware configuration.
|
||||
This middleware adds the selected data from the passed client TLS certificate to a header.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/
|
||||
properties:
|
||||
info:
|
||||
description: Info selects the specific client certificate details
|
||||
|
@ -1660,7 +1660,7 @@ spec:
|
|||
description: |-
|
||||
RateLimit holds the rate limit configuration.
|
||||
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/
|
||||
properties:
|
||||
average:
|
||||
description: |-
|
||||
|
@ -1693,7 +1693,7 @@ spec:
|
|||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1728,7 +1728,7 @@ spec:
|
|||
description: |-
|
||||
RedirectRegex holds the redirect regex middleware configuration.
|
||||
This middleware redirects a request using regex matching and replacement.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex
|
||||
properties:
|
||||
permanent:
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
|
@ -1747,7 +1747,7 @@ spec:
|
|||
description: |-
|
||||
RedirectScheme holds the redirect scheme middleware configuration.
|
||||
This middleware redirects requests from a scheme/port to another.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/
|
||||
properties:
|
||||
permanent:
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
|
@ -1764,7 +1764,7 @@ spec:
|
|||
description: |-
|
||||
ReplacePath holds the replace path middleware configuration.
|
||||
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/
|
||||
properties:
|
||||
path:
|
||||
description: Path defines the path to use as replacement in the
|
||||
|
@ -1775,7 +1775,7 @@ spec:
|
|||
description: |-
|
||||
ReplacePathRegex holds the replace path regex middleware configuration.
|
||||
This middleware replaces the path of a URL using regex matching and replacement.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/
|
||||
properties:
|
||||
regex:
|
||||
description: Regex defines the regular expression used to match
|
||||
|
@ -1791,7 +1791,7 @@ spec:
|
|||
Retry holds the retry middleware configuration.
|
||||
This middleware reissues requests a given number of times to a backend server if that server does not reply.
|
||||
As soon as the server answers, the middleware stops retrying, regardless of the response status.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
|
||||
properties:
|
||||
attempts:
|
||||
description: Attempts defines how many times the request should
|
||||
|
@ -1813,7 +1813,7 @@ spec:
|
|||
description: |-
|
||||
StripPrefix holds the strip prefix middleware configuration.
|
||||
This middleware removes the specified prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/
|
||||
properties:
|
||||
forceSlash:
|
||||
description: |-
|
||||
|
@ -1832,7 +1832,7 @@ spec:
|
|||
description: |-
|
||||
StripPrefixRegex holds the strip prefix regex middleware configuration.
|
||||
This middleware removes the matching prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/
|
||||
properties:
|
||||
regex:
|
||||
description: Regex defines the regular expression to match the
|
||||
|
@ -1869,7 +1869,7 @@ spec:
|
|||
openAPIV3Schema:
|
||||
description: |-
|
||||
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -1905,7 +1905,7 @@ spec:
|
|||
description: |-
|
||||
IPAllowList defines the IPAllowList middleware configuration.
|
||||
This middleware accepts/refuses connections based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
|
@ -1919,7 +1919,7 @@ spec:
|
|||
IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
This middleware accepts/refuses connections based on the client IP.
|
||||
Deprecated: please use IPAllowList instead.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
|
||||
More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
|
@ -1958,7 +1958,7 @@ spec:
|
|||
ServersTransport is the CRD implementation of a ServersTransport.
|
||||
If no serversTransport is specified, the default@internal will be used.
|
||||
The default@internal serversTransport is created from the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2097,7 +2097,7 @@ spec:
|
|||
ServersTransportTCP is the CRD implementation of a TCPServersTransport.
|
||||
If no tcpServersTransport is specified, a default one named default@internal will be used.
|
||||
The default@internal tcpServersTransport can be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2215,7 +2215,7 @@ spec:
|
|||
openAPIV3Schema:
|
||||
description: |-
|
||||
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2240,14 +2240,14 @@ spec:
|
|||
alpnProtocols:
|
||||
description: |-
|
||||
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
cipherSuites:
|
||||
description: |-
|
||||
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
|
@ -2275,7 +2275,7 @@ spec:
|
|||
curvePreferences:
|
||||
description: |-
|
||||
CurvePreferences defines the preferred elliptic curves in a specific order.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
|
@ -2331,7 +2331,7 @@ spec:
|
|||
TLSStore is the CRD implementation of a Traefik TLS Store.
|
||||
For the time being, only the TLSStore named default is supported.
|
||||
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
|
||||
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2429,7 +2429,7 @@ spec:
|
|||
TraefikService object allows to:
|
||||
- Apply weight to Services on load-balancing
|
||||
- Mirror traffic on services
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2675,7 +2675,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -2782,7 +2782,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -2965,7 +2965,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -3012,7 +3012,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines whether sticky sessions are enabled.
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
|
||||
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
|
|
@ -194,7 +194,7 @@ func (c *configuration) deprecationNotice(logger zerolog.Logger) bool {
|
|||
if c.Pilot != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Pilot configuration has been removed in v3, please remove all Pilot-related static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#pilot")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#pilot")
|
||||
}
|
||||
|
||||
incompatibleExperimental := c.Experimental.deprecationNotice(logger)
|
||||
|
@ -227,13 +227,13 @@ func (p *providers) deprecationNotice(logger zerolog.Logger) bool {
|
|||
if p.Marathon != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Marathon provider has been removed in v3, please remove all Marathon-related static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#marathon-provider")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#marathon-provider")
|
||||
}
|
||||
|
||||
if p.Rancher != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Rancher provider has been removed in v3, please remove all Rancher-related static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#rancher-v1-provider")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#rancher-v1-provider")
|
||||
}
|
||||
|
||||
dockerIncompatible := p.Docker.deprecationNotice(logger)
|
||||
|
@ -275,14 +275,14 @@ func (d *docker) deprecationNotice(logger zerolog.Logger) bool {
|
|||
if d.SwarmMode != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Docker provider `swarmMode` option has been removed in v3, please use the Swarm Provider instead." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#docker-docker-swarm")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#docker-docker-swarm")
|
||||
}
|
||||
|
||||
if d.TLS != nil && d.TLS.CAOptional != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Docker provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
|
@ -323,7 +323,7 @@ func (e *etcd) deprecationNotice(logger zerolog.Logger) bool {
|
|||
incompatible = true
|
||||
logger.Error().Msg("ETCD provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_3")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_3")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
|
@ -344,7 +344,7 @@ func (r *redis) deprecationNotice(logger zerolog.Logger) bool {
|
|||
incompatible = true
|
||||
logger.Error().Msg("Redis provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_4")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_4")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
|
@ -365,14 +365,14 @@ func (c *consul) deprecationNotice(logger zerolog.Logger) bool {
|
|||
if c.Namespace != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Consul provider `namespace` option has been removed, please use the `namespaces` option instead." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#consul-provider")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#consul-provider")
|
||||
}
|
||||
|
||||
if c.TLS != nil && c.TLS.CAOptional != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Consul provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_1")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_1")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
|
@ -397,14 +397,14 @@ func (c *consulCatalog) deprecationNotice(logger zerolog.Logger) bool {
|
|||
if c.Namespace != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("ConsulCatalog provider `namespace` option has been removed, please use the `namespaces` option instead." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#consulcatalog-provider")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#consulcatalog-provider")
|
||||
}
|
||||
|
||||
if c.Endpoint != nil && c.Endpoint.TLS != nil && c.Endpoint.TLS.CAOptional != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("ConsulCatalog provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#endpointtlscaoptional")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#endpointtlscaoptional")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
|
@ -425,14 +425,14 @@ func (n *nomad) deprecationNotice(logger zerolog.Logger) bool {
|
|||
if n.Namespace != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Nomad provider `namespace` option has been removed, please use the `namespaces` option instead." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#nomad-provider")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#nomad-provider")
|
||||
}
|
||||
|
||||
if n.Endpoint != nil && n.Endpoint.TLS != nil && n.Endpoint.TLS.CAOptional != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Nomad provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#endpointtlscaoptional_1")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#endpointtlscaoptional_1")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
|
@ -453,7 +453,7 @@ func (h *http) deprecationNotice(logger zerolog.Logger) bool {
|
|||
incompatible = true
|
||||
logger.Error().Msg("HTTP provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_2")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_2")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
|
@ -471,7 +471,7 @@ func (i *ingress) deprecationNotice(logger zerolog.Logger) {
|
|||
if i.DisableIngressClassLookup != nil {
|
||||
logger.Error().Msg("Kubernetes Ingress provider `disableIngressClassLookup` option has been deprecated in v3.1, and will be removed in the next major version." +
|
||||
"Please use the `disableClusterScopeResources` option instead." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v3/#ingressclasslookup")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v3/#ingressclasslookup")
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -488,7 +488,7 @@ func (e *experimental) deprecationNotice(logger zerolog.Logger) bool {
|
|||
if e.HTTP3 != nil {
|
||||
logger.Error().Msg("HTTP3 is not an experimental feature in v3 and the associated enablement has been removed." +
|
||||
"Please remove its usage from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3-details/#http3")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3-details/#http3")
|
||||
|
||||
return true
|
||||
}
|
||||
|
@ -496,7 +496,7 @@ func (e *experimental) deprecationNotice(logger zerolog.Logger) bool {
|
|||
if e.KubernetesGateway != nil {
|
||||
logger.Error().Msg("KubernetesGateway provider is not an experimental feature starting with v3.1." +
|
||||
"Please remove its usage from the static configuration." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v3/#gateway-api-kubernetesgateway-provider")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v3/#gateway-api-kubernetesgateway-provider")
|
||||
}
|
||||
|
||||
return false
|
||||
|
@ -520,49 +520,49 @@ func (t *tracing) deprecationNotice(logger zerolog.Logger) bool {
|
|||
if t.SpanNameLimit != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("SpanNameLimit option for Tracing has been removed in v3, as Span names are now of a fixed length." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
if t.Jaeger != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Jaeger Tracing backend has been removed in v3, please remove all Jaeger-related Tracing static configuration for Traefik to start." +
|
||||
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
if t.Zipkin != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Zipkin Tracing backend has been removed in v3, please remove all Zipkin-related Tracing static configuration for Traefik to start." +
|
||||
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
if t.Datadog != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Datadog Tracing backend has been removed in v3, please remove all Datadog-related Tracing static configuration for Traefik to start." +
|
||||
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
if t.Instana != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Instana Tracing backend has been removed in v3, please remove all Instana-related Tracing static configuration for Traefik to start." +
|
||||
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
if t.Haystack != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Haystack Tracing backend has been removed in v3, please remove all Haystack-related Tracing static configuration for Traefik to start." +
|
||||
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
if t.Elastic != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Elastic Tracing backend has been removed in v3, please remove all Elastic-related Tracing static configuration for Traefik to start." +
|
||||
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
|
|
|
@ -73,7 +73,7 @@ type ContentType struct {
|
|||
|
||||
// AddPrefix holds the add prefix middleware configuration.
|
||||
// This middleware updates the path of a request before forwarding it.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/
|
||||
type AddPrefix struct {
|
||||
// Prefix is the string to add before the current path in the requested URL.
|
||||
// It should include a leading slash (/).
|
||||
|
@ -84,7 +84,7 @@ type AddPrefix struct {
|
|||
|
||||
// BasicAuth holds the basic auth middleware configuration.
|
||||
// This middleware restricts access to your services to known users.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
|
||||
type BasicAuth struct {
|
||||
// Users is an array of authorized users.
|
||||
// Each user must be declared using the name:hashed-password format.
|
||||
|
@ -99,7 +99,7 @@ type BasicAuth struct {
|
|||
// Default: false.
|
||||
RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"`
|
||||
// HeaderField defines a header field to store the authenticated user.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
|
||||
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
|
@ -107,7 +107,7 @@ type BasicAuth struct {
|
|||
|
||||
// Buffering holds the buffering middleware configuration.
|
||||
// This middleware retries or limits the size of requests that can be forwarded to backends.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes
|
||||
type Buffering struct {
|
||||
// MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
|
||||
// If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
|
||||
|
@ -125,7 +125,7 @@ type Buffering struct {
|
|||
MemResponseBodyBytes int64 `json:"memResponseBodyBytes,omitempty" toml:"memResponseBodyBytes,omitempty" yaml:"memResponseBodyBytes,omitempty" export:"true"`
|
||||
// RetryExpression defines the retry conditions.
|
||||
// It is a logical combination of functions with operators AND (&&) and OR (||).
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression
|
||||
RetryExpression string `json:"retryExpression,omitempty" toml:"retryExpression,omitempty" yaml:"retryExpression,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
|
@ -142,7 +142,7 @@ type Chain struct {
|
|||
|
||||
// CircuitBreaker holds the circuit breaker middleware configuration.
|
||||
// This middleware protects the system from stacking requests to unhealthy services, resulting in cascading failures.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/circuitbreaker/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/circuitbreaker/
|
||||
type CircuitBreaker struct {
|
||||
// Expression defines the expression that, once matched, opens the circuit breaker and applies the fallback mechanism instead of calling the services.
|
||||
Expression string `json:"expression,omitempty" toml:"expression,omitempty" yaml:"expression,omitempty" export:"true"`
|
||||
|
@ -191,7 +191,7 @@ func (c *Compress) SetDefaults() {
|
|||
|
||||
// DigestAuth holds the digest auth middleware configuration.
|
||||
// This middleware restricts access to your services to known users.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
|
||||
type DigestAuth struct {
|
||||
// Users defines the authorized users.
|
||||
// Each user should be declared using the name:realm:encoded-password format.
|
||||
|
@ -204,7 +204,7 @@ type DigestAuth struct {
|
|||
// Default: traefik.
|
||||
Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"`
|
||||
// HeaderField defines a header field to store the authenticated user.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
|
||||
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
|
@ -230,7 +230,7 @@ type ErrorPage struct {
|
|||
|
||||
// ForwardAuth holds the forward auth middleware configuration.
|
||||
// This middleware delegates the request authentication to a Service.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
|
||||
type ForwardAuth struct {
|
||||
// Address defines the authentication server address.
|
||||
Address string `json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"`
|
||||
|
@ -241,7 +241,7 @@ type ForwardAuth struct {
|
|||
// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
|
||||
AuthResponseHeaders []string `json:"authResponseHeaders,omitempty" toml:"authResponseHeaders,omitempty" yaml:"authResponseHeaders,omitempty" export:"true"`
|
||||
// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty" toml:"authResponseHeadersRegex,omitempty" yaml:"authResponseHeadersRegex,omitempty" export:"true"`
|
||||
// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
|
||||
// If not set or empty then all request headers are passed.
|
||||
|
@ -271,7 +271,7 @@ type ClientTLS struct {
|
|||
|
||||
// Headers holds the headers middleware configuration.
|
||||
// This middleware manages the requests and responses headers.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders
|
||||
type Headers struct {
|
||||
// CustomRequestHeaders defines the header names and values to apply to the request.
|
||||
CustomRequestHeaders map[string]string `json:"customRequestHeaders,omitempty" toml:"customRequestHeaders,omitempty" yaml:"customRequestHeaders,omitempty" export:"true"`
|
||||
|
@ -400,7 +400,7 @@ func (h *Headers) HasSecureHeadersDefined() bool {
|
|||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
|
||||
type IPStrategy struct {
|
||||
// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
|
||||
Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
|
||||
|
@ -454,7 +454,7 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
|
|||
|
||||
// IPWhiteList holds the IP whitelist middleware configuration.
|
||||
// This middleware limits allowed requests based on the client IP.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipwhitelist/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipwhitelist/
|
||||
// Deprecated: please use IPAllowList instead.
|
||||
type IPWhiteList struct {
|
||||
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). Required.
|
||||
|
@ -466,7 +466,7 @@ type IPWhiteList struct {
|
|||
|
||||
// IPAllowList holds the IP allowlist middleware configuration.
|
||||
// This middleware limits allowed requests based on the client IP.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/
|
||||
type IPAllowList struct {
|
||||
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
|
||||
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
|
||||
|
@ -480,7 +480,7 @@ type IPAllowList struct {
|
|||
|
||||
// InFlightReq holds the in-flight request middleware configuration.
|
||||
// This middleware limits the number of requests being processed and served concurrently.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/
|
||||
type InFlightReq struct {
|
||||
// Amount defines the maximum amount of allowed simultaneous in-flight request.
|
||||
// The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
|
||||
|
@ -488,7 +488,7 @@ type InFlightReq struct {
|
|||
// SourceCriterion defines what criterion is used to group requests as originating from a common source.
|
||||
// If several strategies are defined at the same time, an error will be raised.
|
||||
// If none are set, the default is to use the requestHost.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion
|
||||
SourceCriterion *SourceCriterion `json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
|
@ -496,7 +496,7 @@ type InFlightReq struct {
|
|||
|
||||
// PassTLSClientCert holds the pass TLS client cert middleware configuration.
|
||||
// This middleware adds the selected data from the passed client TLS certificate to a header.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/
|
||||
type PassTLSClientCert struct {
|
||||
// PEM sets the X-Forwarded-Tls-Client-Cert header with the certificate.
|
||||
PEM bool `json:"pem,omitempty" toml:"pem,omitempty" yaml:"pem,omitempty" export:"true"`
|
||||
|
@ -552,7 +552,7 @@ func (r *RateLimit) SetDefaults() {
|
|||
|
||||
// RedirectRegex holds the redirect regex middleware configuration.
|
||||
// This middleware redirects a request using regex matching and replacement.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex
|
||||
type RedirectRegex struct {
|
||||
// Regex defines the regex used to match and capture elements from the request URL.
|
||||
Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty"`
|
||||
|
@ -566,7 +566,7 @@ type RedirectRegex struct {
|
|||
|
||||
// RedirectScheme holds the redirect scheme middleware configuration.
|
||||
// This middleware redirects requests from a scheme/port to another.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/
|
||||
type RedirectScheme struct {
|
||||
// Scheme defines the scheme of the new URL.
|
||||
Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
|
||||
|
@ -580,7 +580,7 @@ type RedirectScheme struct {
|
|||
|
||||
// ReplacePath holds the replace path middleware configuration.
|
||||
// This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/
|
||||
type ReplacePath struct {
|
||||
// Path defines the path to use as replacement in the request URL.
|
||||
Path string `json:"path,omitempty" toml:"path,omitempty" yaml:"path,omitempty" export:"true"`
|
||||
|
@ -590,7 +590,7 @@ type ReplacePath struct {
|
|||
|
||||
// ReplacePathRegex holds the replace path regex middleware configuration.
|
||||
// This middleware replaces the path of a URL using regex matching and replacement.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/
|
||||
type ReplacePathRegex struct {
|
||||
// Regex defines the regular expression used to match and capture the path from the request URL.
|
||||
Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
|
||||
|
@ -603,7 +603,7 @@ type ReplacePathRegex struct {
|
|||
// Retry holds the retry middleware configuration.
|
||||
// This middleware reissues requests a given number of times to a backend server if that server does not reply.
|
||||
// As soon as the server answers, the middleware stops retrying, regardless of the response status.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
|
||||
type Retry struct {
|
||||
// Attempts defines how many times the request should be retried.
|
||||
Attempts int `json:"attempts,omitempty" toml:"attempts,omitempty" yaml:"attempts,omitempty" export:"true"`
|
||||
|
@ -619,7 +619,7 @@ type Retry struct {
|
|||
|
||||
// StripPrefix holds the strip prefix middleware configuration.
|
||||
// This middleware removes the specified prefixes from the URL path.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/
|
||||
type StripPrefix struct {
|
||||
// Prefixes defines the prefixes to strip from the request URL.
|
||||
Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"`
|
||||
|
@ -634,7 +634,7 @@ type StripPrefix struct {
|
|||
|
||||
// StripPrefixRegex holds the strip prefix regex middleware configuration.
|
||||
// This middleware removes the matching prefixes from the URL path.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/
|
||||
type StripPrefixRegex struct {
|
||||
// Regex defines the regular expression to match the path prefix from the request URL.
|
||||
Regex []string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
|
||||
|
|
|
@ -125,7 +125,7 @@ type TCPServer struct {
|
|||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// ProxyProtocol holds the PROXY Protocol configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
|
||||
type ProxyProtocol struct {
|
||||
// Version defines the PROXY Protocol version to use.
|
||||
Version int `json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"`
|
||||
|
|
|
@ -15,7 +15,7 @@ type TCPMiddleware struct {
|
|||
// TCPInFlightConn holds the TCP InFlightConn middleware configuration.
|
||||
// This middleware prevents services from being overwhelmed with high load,
|
||||
// by limiting the number of allowed simultaneous connections for one IP.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/inflightconn/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/inflightconn/
|
||||
type TCPInFlightConn struct {
|
||||
// Amount defines the maximum amount of allowed simultaneous connections.
|
||||
// The middleware closes the connection if there are already amount connections opened.
|
||||
|
@ -35,7 +35,7 @@ type TCPIPWhiteList struct {
|
|||
|
||||
// TCPIPAllowList holds the TCP IPAllowList middleware configuration.
|
||||
// This middleware limits allowed requests based on the client IP.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
|
||||
type TCPIPAllowList struct {
|
||||
// SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
|
||||
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
|
||||
|
|
|
@ -13,22 +13,21 @@ const (
|
|||
upgradeHeader = "Upgrade"
|
||||
)
|
||||
|
||||
// Remover removes hop-by-hop headers listed in the "Connection" header.
|
||||
// RemoveConnectionHeaders removes hop-by-hop headers listed in the "Connection" header.
|
||||
// See RFC 7230, section 6.1.
|
||||
func Remover(next http.Handler) http.HandlerFunc {
|
||||
return func(rw http.ResponseWriter, req *http.Request) {
|
||||
next.ServeHTTP(rw, Remove(req))
|
||||
}
|
||||
}
|
||||
|
||||
// Remove removes hop-by-hop header on the request.
|
||||
func Remove(req *http.Request) *http.Request {
|
||||
func RemoveConnectionHeaders(req *http.Request) {
|
||||
var reqUpType string
|
||||
if httpguts.HeaderValuesContainsToken(req.Header[connectionHeader], upgradeHeader) {
|
||||
reqUpType = req.Header.Get(upgradeHeader)
|
||||
}
|
||||
|
||||
removeConnectionHeaders(req.Header)
|
||||
for _, f := range req.Header[connectionHeader] {
|
||||
for _, sf := range strings.Split(f, ",") {
|
||||
if sf = textproto.TrimString(sf); sf != "" {
|
||||
req.Header.Del(sf)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if reqUpType != "" {
|
||||
req.Header.Set(connectionHeader, upgradeHeader)
|
||||
|
@ -36,16 +35,4 @@ func Remove(req *http.Request) *http.Request {
|
|||
} else {
|
||||
req.Header.Del(connectionHeader)
|
||||
}
|
||||
|
||||
return req
|
||||
}
|
||||
|
||||
func removeConnectionHeaders(h http.Header) {
|
||||
for _, f := range h[connectionHeader] {
|
||||
for _, sf := range strings.Split(f, ",") {
|
||||
if sf = textproto.TrimString(sf); sf != "" {
|
||||
h.Del(sf)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -50,19 +50,13 @@ func TestRemover(t *testing.T) {
|
|||
t.Run(test.desc, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
next := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {})
|
||||
|
||||
h := Remover(next)
|
||||
|
||||
req := httptest.NewRequest(http.MethodGet, "https://localhost", nil)
|
||||
|
||||
for k, v := range test.reqHeaders {
|
||||
req.Header.Set(k, v)
|
||||
}
|
||||
|
||||
rw := httptest.NewRecorder()
|
||||
|
||||
h.ServeHTTP(rw, req)
|
||||
RemoveConnectionHeaders(req)
|
||||
|
||||
assert.Equal(t, test.expected, req.Header)
|
||||
})
|
||||
|
|
|
@ -123,8 +123,6 @@ func (fa *forwardAuth) GetTracingInformation() (string, string, trace.SpanKind)
|
|||
func (fa *forwardAuth) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
||||
logger := middlewares.GetLogger(req.Context(), fa.name, typeNameForward)
|
||||
|
||||
req = Remove(req)
|
||||
|
||||
forwardReq, err := http.NewRequestWithContext(req.Context(), http.MethodGet, fa.address, nil)
|
||||
if err != nil {
|
||||
logger.Debug().Msgf("Error calling %s. Cause %s", fa.address, err)
|
||||
|
@ -274,6 +272,8 @@ func (fa *forwardAuth) buildModifier(authCookies []*http.Cookie) func(res *http.
|
|||
|
||||
func writeHeader(req, forwardReq *http.Request, trustForwardHeader bool, allowedHeaders []string) {
|
||||
utils.CopyHeaders(forwardReq.Header, req.Header)
|
||||
|
||||
RemoveConnectionHeaders(forwardReq)
|
||||
utils.RemoveHeaders(forwardReq.Header, hopHeaders...)
|
||||
|
||||
forwardReq.Header = filterForwardRequestHeaders(forwardReq.Header, allowedHeaders)
|
||||
|
|
|
@ -623,8 +623,11 @@ func (p *Provider) resolveDefaultCertificate(ctx context.Context, domains []stri
|
|||
|
||||
p.resolvingDomainsMutex.Lock()
|
||||
|
||||
sort.Strings(domains)
|
||||
domainKey := strings.Join(domains, ",")
|
||||
sortedDomains := make([]string, len(domains))
|
||||
copy(sortedDomains, domains)
|
||||
sort.Strings(sortedDomains)
|
||||
|
||||
domainKey := strings.Join(sortedDomains, ",")
|
||||
|
||||
if _, ok := p.resolvingDomains[domainKey]; ok {
|
||||
p.resolvingDomainsMutex.Unlock()
|
||||
|
@ -1026,12 +1029,14 @@ func (p *Provider) certExists(validDomains []string) bool {
|
|||
p.certificatesMu.RLock()
|
||||
defer p.certificatesMu.RUnlock()
|
||||
|
||||
sort.Strings(validDomains)
|
||||
sortedDomains := make([]string, len(validDomains))
|
||||
copy(sortedDomains, validDomains)
|
||||
sort.Strings(sortedDomains)
|
||||
|
||||
for _, cert := range p.certificates {
|
||||
domains := cert.Certificate.Domain.ToStrArray()
|
||||
sort.Strings(domains)
|
||||
if reflect.DeepEqual(domains, validDomains) {
|
||||
if reflect.DeepEqual(domains, sortedDomains) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1609,7 +1609,7 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
|
|||
|
||||
k8sObjects, crdObjects := readResources(t, test.paths)
|
||||
|
||||
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
|
||||
kubeClient := kubefake.NewClientset(k8sObjects...)
|
||||
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
|
||||
|
||||
client := newClientImpl(kubeClient, crdClient)
|
||||
|
@ -4891,7 +4891,7 @@ func TestLoadIngressRoutes(t *testing.T) {
|
|||
|
||||
k8sObjects, crdObjects := readResources(t, test.paths)
|
||||
|
||||
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
|
||||
kubeClient := kubefake.NewClientset(k8sObjects...)
|
||||
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
|
||||
|
||||
client := newClientImpl(kubeClient, crdClient)
|
||||
|
@ -4972,7 +4972,7 @@ func TestLoadIngressRoutes_multipleEndpointAddresses(t *testing.T) {
|
|||
|
||||
k8sObjects, crdObjects := readResources(t, []string{"services.yml", "with_multiple_endpointslices.yml"})
|
||||
|
||||
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
|
||||
kubeClient := kubefake.NewClientset(k8sObjects...)
|
||||
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
|
||||
|
||||
client := newClientImpl(kubeClient, crdClient)
|
||||
|
@ -5481,7 +5481,7 @@ func TestLoadIngressRouteUDPs(t *testing.T) {
|
|||
|
||||
k8sObjects, crdObjects := readResources(t, test.paths)
|
||||
|
||||
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
|
||||
kubeClient := kubefake.NewClientset(k8sObjects...)
|
||||
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
|
||||
|
||||
client := newClientImpl(kubeClient, crdClient)
|
||||
|
@ -6971,7 +6971,7 @@ func TestCrossNamespace(t *testing.T) {
|
|||
|
||||
k8sObjects, crdObjects := readResources(t, test.paths)
|
||||
|
||||
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
|
||||
kubeClient := kubefake.NewClientset(k8sObjects...)
|
||||
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
|
||||
|
||||
client := newClientImpl(kubeClient, crdClient)
|
||||
|
@ -7240,7 +7240,7 @@ func TestExternalNameService(t *testing.T) {
|
|||
|
||||
k8sObjects, crdObjects := readResources(t, test.paths)
|
||||
|
||||
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
|
||||
kubeClient := kubefake.NewClientset(k8sObjects...)
|
||||
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
|
||||
|
||||
client := newClientImpl(kubeClient, crdClient)
|
||||
|
@ -7421,7 +7421,7 @@ func TestNativeLB(t *testing.T) {
|
|||
|
||||
k8sObjects, crdObjects := readResources(t, test.paths)
|
||||
|
||||
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
|
||||
kubeClient := kubefake.NewClientset(k8sObjects...)
|
||||
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
|
||||
|
||||
client := newClientImpl(kubeClient, crdClient)
|
||||
|
@ -7686,7 +7686,7 @@ func TestNodePortLB(t *testing.T) {
|
|||
|
||||
k8sObjects, crdObjects := readResources(t, test.paths)
|
||||
|
||||
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
|
||||
kubeClient := kubefake.NewClientset(k8sObjects...)
|
||||
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
|
||||
|
||||
client := newClientImpl(kubeClient, crdClient)
|
||||
|
@ -7727,7 +7727,7 @@ func TestCreateBasicAuthCredentials(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
|
||||
kubeClient := kubefake.NewClientset(k8sObjects...)
|
||||
crdClient := traefikcrdfake.NewSimpleClientset()
|
||||
|
||||
client := newClientImpl(kubeClient, crdClient)
|
||||
|
@ -8198,7 +8198,7 @@ func TestGlobalNativeLB(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
|
||||
kubeClient := kubefake.NewClientset(k8sObjects...)
|
||||
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
|
||||
|
||||
client := newClientImpl(kubeClient, crdClient)
|
||||
|
|
|
@ -13,75 +13,75 @@ type IngressRouteSpec struct {
|
|||
Routes []Route `json:"routes"`
|
||||
// EntryPoints defines the list of entry point names to bind to.
|
||||
// Entry points have to be configured in the static configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
|
||||
// Default: all.
|
||||
EntryPoints []string `json:"entryPoints,omitempty"`
|
||||
// TLS defines the TLS configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls
|
||||
TLS *TLS `json:"tls,omitempty"`
|
||||
}
|
||||
|
||||
// Route holds the HTTP route configuration.
|
||||
type Route struct {
|
||||
// Match defines the router's rule.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule
|
||||
Match string `json:"match"`
|
||||
// Kind defines the kind of the route.
|
||||
// Rule is the only supported kind.
|
||||
// +kubebuilder:validation:Enum=Rule
|
||||
Kind string `json:"kind"`
|
||||
// Priority defines the router's priority.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority
|
||||
Priority int `json:"priority,omitempty"`
|
||||
// Syntax defines the router's rule syntax.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax
|
||||
Syntax string `json:"syntax,omitempty"`
|
||||
// Services defines the list of Service.
|
||||
// It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
|
||||
Services []Service `json:"services,omitempty"`
|
||||
// Middlewares defines the list of references to Middleware resources.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware
|
||||
Middlewares []MiddlewareRef `json:"middlewares,omitempty"`
|
||||
}
|
||||
|
||||
// TLS holds the TLS configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls
|
||||
type TLS struct {
|
||||
// SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
|
||||
SecretName string `json:"secretName,omitempty"`
|
||||
// Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
// If not defined, the `default` TLSOption is used.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
|
||||
Options *TLSOptionRef `json:"options,omitempty"`
|
||||
// Store defines the reference to the TLSStore, that will be used to store certificates.
|
||||
// Please note that only `default` TLSStore can be used.
|
||||
Store *TLSStoreRef `json:"store,omitempty"`
|
||||
// CertResolver defines the name of the certificate resolver to use.
|
||||
// Cert resolvers have to be configured in the static configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
|
||||
CertResolver string `json:"certResolver,omitempty"`
|
||||
// Domains defines the list of domains that will be used to issue certificates.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
|
||||
Domains []types.Domain `json:"domains,omitempty"`
|
||||
}
|
||||
|
||||
// TLSOptionRef is a reference to a TLSOption resource.
|
||||
type TLSOptionRef struct {
|
||||
// Name defines the name of the referenced TLSOption.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
Name string `json:"name"`
|
||||
// Namespace defines the namespace of the referenced TLSOption.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
Namespace string `json:"namespace,omitempty"`
|
||||
}
|
||||
|
||||
// TLSStoreRef is a reference to a TLSStore resource.
|
||||
type TLSStoreRef struct {
|
||||
// Name defines the name of the referenced TLSStore.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
Name string `json:"name"`
|
||||
// Namespace defines the namespace of the referenced TLSStore.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
Namespace string `json:"namespace,omitempty"`
|
||||
}
|
||||
|
||||
|
@ -98,7 +98,7 @@ type LoadBalancerSpec struct {
|
|||
// Namespace defines the namespace of the referenced Kubernetes Service or TraefikService.
|
||||
Namespace string `json:"namespace,omitempty"`
|
||||
// Sticky defines the sticky sessions configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
|
||||
Sticky *dynamic.Sticky `json:"sticky,omitempty"`
|
||||
// Port defines the port of a Kubernetes Service.
|
||||
// This can be a reference to a named port.
|
||||
|
|
|
@ -13,24 +13,24 @@ type IngressRouteTCPSpec struct {
|
|||
Routes []RouteTCP `json:"routes"`
|
||||
// EntryPoints defines the list of entry point names to bind to.
|
||||
// Entry points have to be configured in the static configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
|
||||
// Default: all.
|
||||
EntryPoints []string `json:"entryPoints,omitempty"`
|
||||
// TLS defines the TLS configuration on a layer 4 / TCP Route.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1
|
||||
TLS *TLSTCP `json:"tls,omitempty"`
|
||||
}
|
||||
|
||||
// RouteTCP holds the TCP route configuration.
|
||||
type RouteTCP struct {
|
||||
// Match defines the router's rule.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1
|
||||
Match string `json:"match"`
|
||||
// Priority defines the router's priority.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1
|
||||
Priority int `json:"priority,omitempty"`
|
||||
// Syntax defines the router's rule syntax.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1
|
||||
Syntax string `json:"syntax,omitempty"`
|
||||
// Services defines the list of TCP services.
|
||||
Services []ServiceTCP `json:"services,omitempty"`
|
||||
|
@ -39,7 +39,7 @@ type RouteTCP struct {
|
|||
}
|
||||
|
||||
// TLSTCP holds the TLS configuration for an IngressRouteTCP.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1
|
||||
type TLSTCP struct {
|
||||
// SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
|
||||
SecretName string `json:"secretName,omitempty"`
|
||||
|
@ -47,17 +47,17 @@ type TLSTCP struct {
|
|||
Passthrough bool `json:"passthrough,omitempty"`
|
||||
// Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
// If not defined, the `default` TLSOption is used.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
|
||||
Options *ObjectReference `json:"options,omitempty"`
|
||||
// Store defines the reference to the TLSStore, that will be used to store certificates.
|
||||
// Please note that only `default` TLSStore can be used.
|
||||
Store *ObjectReference `json:"store,omitempty"`
|
||||
// CertResolver defines the name of the certificate resolver to use.
|
||||
// Cert resolvers have to be configured in the static configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
|
||||
CertResolver string `json:"certResolver,omitempty"`
|
||||
// Domains defines the list of domains that will be used to issue certificates.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
|
||||
Domains []types.Domain `json:"domains,omitempty"`
|
||||
}
|
||||
|
||||
|
@ -80,7 +80,7 @@ type ServiceTCP struct {
|
|||
// Deprecated: TerminationDelay will not be supported in future APIVersions, please use ServersTransport to configure the TerminationDelay instead.
|
||||
TerminationDelay *int `json:"terminationDelay,omitempty"`
|
||||
// ProxyProtocol defines the PROXY protocol configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
|
||||
ProxyProtocol *dynamic.ProxyProtocol `json:"proxyProtocol,omitempty"`
|
||||
// ServersTransport defines the name of ServersTransportTCP resource to use.
|
||||
// It allows to configure the transport between Traefik and your servers.
|
||||
|
|
|
@ -11,7 +11,7 @@ type IngressRouteUDPSpec struct {
|
|||
Routes []RouteUDP `json:"routes"`
|
||||
// EntryPoints defines the list of entry point names to bind to.
|
||||
// Entry points have to be configured in the static configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
|
||||
// Default: all.
|
||||
EntryPoints []string `json:"entryPoints,omitempty"`
|
||||
}
|
||||
|
|
|
@ -12,7 +12,7 @@ import (
|
|||
// +kubebuilder:storageversion
|
||||
|
||||
// Middleware is the CRD implementation of a Traefik Middleware.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/
|
||||
type Middleware struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
// Standard object's metadata.
|
||||
|
@ -60,7 +60,7 @@ type MiddlewareSpec struct {
|
|||
|
||||
// ErrorPage holds the custom error middleware configuration.
|
||||
// This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/
|
||||
type ErrorPage struct {
|
||||
// Status defines which status or range of statuses should result in an error page.
|
||||
// It can be either a status code as a number (500),
|
||||
|
@ -69,7 +69,7 @@ type ErrorPage struct {
|
|||
// or a combination of the two (404,418,500-599).
|
||||
Status []string `json:"status,omitempty"`
|
||||
// Service defines the reference to a Kubernetes Service that will serve the error page.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service
|
||||
Service Service `json:"service,omitempty"`
|
||||
// Query defines the URL for the error page (hosted by service).
|
||||
// The {status} variable can be used in order to insert the status code in the URL.
|
||||
|
@ -96,7 +96,7 @@ type CircuitBreaker struct {
|
|||
|
||||
// Chain holds the configuration of the chain middleware.
|
||||
// This middleware enables to define reusable combinations of other pieces of middleware.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/
|
||||
type Chain struct {
|
||||
// Middlewares is the list of MiddlewareRef which composes the chain.
|
||||
Middlewares []MiddlewareRef `json:"middlewares,omitempty"`
|
||||
|
@ -106,7 +106,7 @@ type Chain struct {
|
|||
|
||||
// BasicAuth holds the basic auth middleware configuration.
|
||||
// This middleware restricts access to your services to known users.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
|
||||
type BasicAuth struct {
|
||||
// Secret is the name of the referenced Kubernetes Secret containing user credentials.
|
||||
Secret string `json:"secret,omitempty"`
|
||||
|
@ -117,7 +117,7 @@ type BasicAuth struct {
|
|||
// Default: false.
|
||||
RemoveHeader bool `json:"removeHeader,omitempty"`
|
||||
// HeaderField defines a header field to store the authenticated user.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
|
||||
HeaderField string `json:"headerField,omitempty"`
|
||||
}
|
||||
|
||||
|
@ -125,7 +125,7 @@ type BasicAuth struct {
|
|||
|
||||
// DigestAuth holds the digest auth middleware configuration.
|
||||
// This middleware restricts access to your services to known users.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
|
||||
type DigestAuth struct {
|
||||
// Secret is the name of the referenced Kubernetes Secret containing user credentials.
|
||||
Secret string `json:"secret,omitempty"`
|
||||
|
@ -135,7 +135,7 @@ type DigestAuth struct {
|
|||
// Default: traefik.
|
||||
Realm string `json:"realm,omitempty"`
|
||||
// HeaderField defines a header field to store the authenticated user.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
|
||||
HeaderField string `json:"headerField,omitempty"`
|
||||
}
|
||||
|
||||
|
@ -143,7 +143,7 @@ type DigestAuth struct {
|
|||
|
||||
// ForwardAuth holds the forward auth middleware configuration.
|
||||
// This middleware delegates the request authentication to a Service.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
|
||||
type ForwardAuth struct {
|
||||
// Address defines the authentication server address.
|
||||
Address string `json:"address,omitempty"`
|
||||
|
@ -152,7 +152,7 @@ type ForwardAuth struct {
|
|||
// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
|
||||
AuthResponseHeaders []string `json:"authResponseHeaders,omitempty"`
|
||||
// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty"`
|
||||
// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
|
||||
// If not set or empty then all request headers are passed.
|
||||
|
@ -182,7 +182,7 @@ type ClientTLS struct {
|
|||
|
||||
// RateLimit holds the rate limit configuration.
|
||||
// This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/
|
||||
type RateLimit struct {
|
||||
// Average is the maximum rate, by default in requests/s, allowed for the given source.
|
||||
// It defaults to 0, which means no rate limiting.
|
||||
|
@ -205,7 +205,7 @@ type RateLimit struct {
|
|||
|
||||
// Compress holds the compress middleware configuration.
|
||||
// This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/
|
||||
type Compress struct {
|
||||
// ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
|
||||
// `application/grpc` is always excluded.
|
||||
|
@ -226,7 +226,7 @@ type Compress struct {
|
|||
// Retry holds the retry middleware configuration.
|
||||
// This middleware reissues requests a given number of times to a backend server if that server does not reply.
|
||||
// As soon as the server answers, the middleware stops retrying, regardless of the response status.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
|
||||
type Retry struct {
|
||||
// Attempts defines how many times the request should be retried.
|
||||
Attempts int `json:"attempts,omitempty"`
|
||||
|
|
|
@ -9,7 +9,7 @@ import (
|
|||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
|
||||
// MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/
|
||||
type MiddlewareTCP struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
// Standard object's metadata.
|
||||
|
@ -28,11 +28,11 @@ type MiddlewareTCPSpec struct {
|
|||
// IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
// This middleware accepts/refuses connections based on the client IP.
|
||||
// Deprecated: please use IPAllowList instead.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/
|
||||
IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"`
|
||||
// IPAllowList defines the IPAllowList middleware configuration.
|
||||
// This middleware accepts/refuses connections based on the client IP.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
|
||||
IPAllowList *dynamic.TCPIPAllowList `json:"ipAllowList,omitempty"`
|
||||
}
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ import (
|
|||
// ServersTransport is the CRD implementation of a ServersTransport.
|
||||
// If no serversTransport is specified, the default@internal will be used.
|
||||
// The default@internal serversTransport is created from the static configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1
|
||||
type ServersTransport struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
// Standard object's metadata.
|
||||
|
|
|
@ -13,7 +13,7 @@ import (
|
|||
// ServersTransportTCP is the CRD implementation of a TCPServersTransport.
|
||||
// If no tcpServersTransport is specified, a default one named default@internal will be used.
|
||||
// The default@internal tcpServersTransport can be configured in the static configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3
|
||||
type ServersTransportTCP struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
// Standard object's metadata.
|
||||
|
|
|
@ -13,7 +13,7 @@ import (
|
|||
// TraefikService object allows to:
|
||||
// - Apply weight to Services on load-balancing
|
||||
// - Mirror traffic on services
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice
|
||||
type TraefikService struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
// Standard object's metadata.
|
||||
|
@ -49,7 +49,7 @@ type TraefikServiceSpec struct {
|
|||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// Mirroring holds the mirroring service configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#mirroring-service
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#mirroring-service
|
||||
type Mirroring struct {
|
||||
LoadBalancerSpec `json:",inline"`
|
||||
|
||||
|
@ -78,11 +78,11 @@ type MirrorService struct {
|
|||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// WeightedRoundRobin holds the weighted round-robin configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#weighted-round-robin-service
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#weighted-round-robin-service
|
||||
type WeightedRoundRobin struct {
|
||||
// Services defines the list of Kubernetes Service and/or TraefikService to load-balance, with weight.
|
||||
Services []Service `json:"services,omitempty"`
|
||||
// Sticky defines whether sticky sessions are enabled.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
|
||||
Sticky *dynamic.Sticky `json:"sticky,omitempty"`
|
||||
}
|
||||
|
|
|
@ -9,7 +9,7 @@ import (
|
|||
// +kubebuilder:storageversion
|
||||
|
||||
// TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
|
||||
type TLSOption struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
// Standard object's metadata.
|
||||
|
@ -32,17 +32,17 @@ type TLSOptionSpec struct {
|
|||
// Default: None.
|
||||
MaxVersion string `json:"maxVersion,omitempty"`
|
||||
// CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites
|
||||
CipherSuites []string `json:"cipherSuites,omitempty"`
|
||||
// CurvePreferences defines the preferred elliptic curves in a specific order.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences
|
||||
CurvePreferences []string `json:"curvePreferences,omitempty"`
|
||||
// ClientAuth defines the server's policy for TLS Client Authentication.
|
||||
ClientAuth ClientAuth `json:"clientAuth,omitempty"`
|
||||
// SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
|
||||
SniStrict bool `json:"sniStrict,omitempty"`
|
||||
// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols
|
||||
ALPNProtocols []string `json:"alpnProtocols,omitempty"`
|
||||
|
||||
// PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
|
||||
|
|
|
@ -12,7 +12,7 @@ import (
|
|||
// TLSStore is the CRD implementation of a Traefik TLS Store.
|
||||
// For the time being, only the TLSStore named default is supported.
|
||||
// This means that you cannot have two stores that are named default in different Kubernetes namespaces.
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
|
||||
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores
|
||||
type TLSStore struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
// Standard object's metadata.
|
||||
|
|
54
pkg/provider/kubernetes/gateway/annotations.go
Normal file
54
pkg/provider/kubernetes/gateway/annotations.go
Normal file
|
@ -0,0 +1,54 @@
|
|||
package gateway
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/traefik/traefik/v3/pkg/config/label"
|
||||
)
|
||||
|
||||
const annotationsPrefix = "traefik.io/"
|
||||
|
||||
// ServiceConfig is the service's root configuration from annotations.
|
||||
type ServiceConfig struct {
|
||||
Service Service `json:"service"`
|
||||
}
|
||||
|
||||
// Service is the service's configuration from annotations.
|
||||
type Service struct {
|
||||
NativeLB bool `json:"nativeLB"`
|
||||
}
|
||||
|
||||
func parseServiceAnnotations(annotations map[string]string) (ServiceConfig, error) {
|
||||
var svcConf ServiceConfig
|
||||
|
||||
labels := convertAnnotations(annotations)
|
||||
if len(labels) == 0 {
|
||||
return svcConf, nil
|
||||
}
|
||||
|
||||
if err := label.Decode(labels, &svcConf, "traefik.service."); err != nil {
|
||||
return svcConf, fmt.Errorf("decoding labels: %w", err)
|
||||
}
|
||||
|
||||
return svcConf, nil
|
||||
}
|
||||
|
||||
func convertAnnotations(annotations map[string]string) map[string]string {
|
||||
if len(annotations) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
result := make(map[string]string)
|
||||
|
||||
for key, value := range annotations {
|
||||
if !strings.HasPrefix(key, annotationsPrefix) {
|
||||
continue
|
||||
}
|
||||
|
||||
newKey := strings.ReplaceAll(key, "io/", "")
|
||||
result[newKey] = value
|
||||
}
|
||||
|
||||
return result
|
||||
}
|
89
pkg/provider/kubernetes/gateway/annotations_test.go
Normal file
89
pkg/provider/kubernetes/gateway/annotations_test.go
Normal file
|
@ -0,0 +1,89 @@
|
|||
package gateway
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func Test_parseServiceConfig(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
annotations map[string]string
|
||||
expected ServiceConfig
|
||||
}{
|
||||
{
|
||||
desc: "service annotations",
|
||||
annotations: map[string]string{
|
||||
"ingress.kubernetes.io/foo": "bar",
|
||||
"traefik.io/foo": "bar",
|
||||
"traefik.io/service.nativelb": "true",
|
||||
},
|
||||
expected: ServiceConfig{
|
||||
Service: Service{
|
||||
NativeLB: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "empty map",
|
||||
annotations: map[string]string{},
|
||||
expected: ServiceConfig{},
|
||||
},
|
||||
{
|
||||
desc: "nil map",
|
||||
annotations: nil,
|
||||
expected: ServiceConfig{},
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
cfg, err := parseServiceAnnotations(test.annotations)
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, test.expected, cfg)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func Test_convertAnnotations(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
annotations map[string]string
|
||||
expected map[string]string
|
||||
}{
|
||||
{
|
||||
desc: "service annotations",
|
||||
annotations: map[string]string{
|
||||
"traefik.io/service.nativelb": "true",
|
||||
},
|
||||
expected: map[string]string{
|
||||
"traefik.service.nativelb": "true",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "empty map",
|
||||
annotations: map[string]string{},
|
||||
expected: nil,
|
||||
},
|
||||
{
|
||||
desc: "nil map",
|
||||
annotations: nil,
|
||||
expected: nil,
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
labels := convertAnnotations(test.annotations)
|
||||
|
||||
assert.Equal(t, test.expected, labels)
|
||||
})
|
||||
}
|
||||
}
|
|
@ -0,0 +1,51 @@
|
|||
---
|
||||
kind: GatewayClass
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
metadata:
|
||||
name: my-gateway-class
|
||||
spec:
|
||||
controllerName: traefik.io/gateway-controller
|
||||
|
||||
---
|
||||
kind: Gateway
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
metadata:
|
||||
name: my-gateway
|
||||
namespace: default
|
||||
spec:
|
||||
gatewayClassName: my-gateway-class
|
||||
listeners: # Use GatewayClass defaults for listener definition.
|
||||
- name: http
|
||||
protocol: HTTP
|
||||
port: 80
|
||||
allowedRoutes:
|
||||
kinds:
|
||||
- kind: HTTPRoute
|
||||
group: gateway.networking.k8s.io
|
||||
namespaces:
|
||||
from: Same
|
||||
|
||||
---
|
||||
kind: HTTPRoute
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
metadata:
|
||||
name: http-app-1
|
||||
namespace: default
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: my-gateway
|
||||
kind: Gateway
|
||||
group: gateway.networking.k8s.io
|
||||
hostnames:
|
||||
- "foo.com"
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: Exact
|
||||
value: /bar
|
||||
backendRefs:
|
||||
- name: whoami-native
|
||||
port: 80
|
||||
weight: 1
|
||||
kind: Service
|
||||
group: ""
|
|
@ -5,6 +5,7 @@ metadata:
|
|||
namespace: default
|
||||
|
||||
spec:
|
||||
clusterIP: 10.10.10.1
|
||||
ports:
|
||||
- name: web2
|
||||
protocol: TCP
|
||||
|
@ -262,6 +263,7 @@ metadata:
|
|||
namespace: default
|
||||
|
||||
spec:
|
||||
clusterIP: 10.10.10.1
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 9000
|
||||
|
@ -424,3 +426,45 @@ spec:
|
|||
port: 80
|
||||
name: wss
|
||||
appProtocol: kubernetes.io/wss
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: whoami-native
|
||||
namespace: default
|
||||
annotations:
|
||||
traefik.io/service.nativelb: "true"
|
||||
spec:
|
||||
clusterIP: 10.10.10.1
|
||||
ports:
|
||||
- name: web2
|
||||
protocol: TCP
|
||||
port: 8000
|
||||
targetPort: web2
|
||||
- name: web
|
||||
protocol: TCP
|
||||
port: 80
|
||||
targetPort: web
|
||||
selector:
|
||||
app: containous
|
||||
task: whoami
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: whoamitcp-native
|
||||
namespace: default
|
||||
annotations:
|
||||
traefik.io/service.nativelb: "true"
|
||||
|
||||
spec:
|
||||
clusterIP: 10.10.10.1
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 9000
|
||||
name: tcp-1
|
||||
- protocol: TCP
|
||||
port: 10000
|
||||
name: tcp-2
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
---
|
||||
kind: GatewayClass
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
metadata:
|
||||
name: my-gateway-class
|
||||
namespace: default
|
||||
spec:
|
||||
controllerName: traefik.io/gateway-controller
|
||||
|
||||
---
|
||||
kind: Gateway
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
metadata:
|
||||
name: my-tcp-gateway
|
||||
namespace: default
|
||||
spec:
|
||||
gatewayClassName: my-gateway-class
|
||||
listeners: # Use GatewayClass defaults for listener definition.
|
||||
- name: tcp
|
||||
protocol: TCP
|
||||
port: 9000
|
||||
allowedRoutes:
|
||||
namespaces:
|
||||
from: Same
|
||||
kinds:
|
||||
- kind: TCPRoute
|
||||
group: gateway.networking.k8s.io
|
||||
|
||||
---
|
||||
kind: TCPRoute
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||
metadata:
|
||||
name: tcp-app-1
|
||||
namespace: default
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: my-tcp-gateway
|
||||
kind: Gateway
|
||||
group: gateway.networking.k8s.io
|
||||
rules:
|
||||
- backendRefs:
|
||||
- name: whoamitcp-native
|
||||
port: 9000
|
||||
weight: 1
|
||||
kind: Service
|
||||
group: ""
|
|
@ -0,0 +1,60 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: supersecret
|
||||
namespace: default
|
||||
|
||||
data:
|
||||
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
|
||||
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
|
||||
|
||||
---
|
||||
kind: GatewayClass
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
metadata:
|
||||
name: my-gateway-class
|
||||
namespace: default
|
||||
spec:
|
||||
controllerName: traefik.io/gateway-controller
|
||||
|
||||
---
|
||||
kind: Gateway
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
metadata:
|
||||
name: my-tls-gateway
|
||||
namespace: default
|
||||
spec:
|
||||
gatewayClassName: my-gateway-class
|
||||
listeners: # Use GatewayClass defaults for listener definition.
|
||||
- name: tls
|
||||
protocol: TLS
|
||||
hostname: foo.example.com
|
||||
port: 9000
|
||||
tls:
|
||||
mode: Passthrough
|
||||
allowedRoutes:
|
||||
kinds:
|
||||
- kind: TLSRoute
|
||||
group: gateway.networking.k8s.io
|
||||
namespaces:
|
||||
from: Same
|
||||
|
||||
---
|
||||
kind: TLSRoute
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||
metadata:
|
||||
name: tls-app-1
|
||||
namespace: default
|
||||
spec:
|
||||
parentRefs:
|
||||
- name: my-tls-gateway
|
||||
kind: Gateway
|
||||
group: gateway.networking.k8s.io
|
||||
rules:
|
||||
- backendRefs:
|
||||
- name: whoamitcp-native
|
||||
port: 9000
|
||||
weight: 1
|
||||
kind: Service
|
||||
group: ""
|
|
@ -350,7 +350,7 @@ func (p *Provider) loadGRPCServers(namespace string, route *gatev1.GRPCRoute, ba
|
|||
|
||||
for _, ba := range backendAddresses {
|
||||
lb.Servers = append(lb.Servers, dynamic.Server{
|
||||
URL: fmt.Sprintf("h2c://%s", net.JoinHostPort(ba.Address, strconv.Itoa(int(ba.Port)))),
|
||||
URL: fmt.Sprintf("h2c://%s", net.JoinHostPort(ba.IP, strconv.Itoa(int(ba.Port)))),
|
||||
})
|
||||
}
|
||||
return lb, nil
|
||||
|
|
|
@ -482,7 +482,7 @@ func (p *Provider) loadHTTPServers(namespace string, route *gatev1.HTTPRoute, ba
|
|||
|
||||
for _, ba := range backendAddresses {
|
||||
lb.Servers = append(lb.Servers, dynamic.Server{
|
||||
URL: fmt.Sprintf("%s://%s", protocol, net.JoinHostPort(ba.Address, strconv.Itoa(int(ba.Port)))),
|
||||
URL: fmt.Sprintf("%s://%s", protocol, net.JoinHostPort(ba.IP, strconv.Itoa(int(ba.Port)))),
|
||||
})
|
||||
}
|
||||
return lb, svcPort, nil
|
||||
|
|
|
@ -65,6 +65,7 @@ type Provider struct {
|
|||
ThrottleDuration ptypes.Duration `description:"Kubernetes refresh throttle duration" json:"throttleDuration,omitempty" toml:"throttleDuration,omitempty" yaml:"throttleDuration,omitempty" export:"true"`
|
||||
ExperimentalChannel bool `description:"Toggles Experimental Channel resources support (TCPRoute, TLSRoute...)." json:"experimentalChannel,omitempty" toml:"experimentalChannel,omitempty" yaml:"experimentalChannel,omitempty" export:"true"`
|
||||
StatusAddress *StatusAddress `description:"Defines the Kubernetes Gateway status address." json:"statusAddress,omitempty" toml:"statusAddress,omitempty" yaml:"statusAddress,omitempty" export:"true"`
|
||||
NativeLBByDefault bool `description:"Defines whether to use Native Kubernetes load-balancing by default." json:"nativeLBByDefault,omitempty" toml:"nativeLBByDefault,omitempty" yaml:"nativeLBByDefault,omitempty" export:"true"`
|
||||
|
||||
EntryPoints map[string]Entrypoint `json:"-" toml:"-" yaml:"-" label:"-" file:"-"`
|
||||
|
||||
|
@ -873,8 +874,8 @@ func (p *Provider) allowedNamespaces(gatewayNamespace string, routeNamespaces *g
|
|||
}
|
||||
|
||||
type backendAddress struct {
|
||||
Address string
|
||||
Port int32
|
||||
IP string
|
||||
Port int32
|
||||
}
|
||||
|
||||
func (p *Provider) getBackendAddresses(namespace string, ref gatev1.BackendRef) ([]backendAddress, corev1.ServicePort, error) {
|
||||
|
@ -889,6 +890,9 @@ func (p *Provider) getBackendAddresses(namespace string, ref gatev1.BackendRef)
|
|||
if !exists {
|
||||
return nil, corev1.ServicePort{}, errors.New("service not found")
|
||||
}
|
||||
if service.Spec.Type == corev1.ServiceTypeExternalName {
|
||||
return nil, corev1.ServicePort{}, errors.New("type ExternalName is not supported for Kubernetes Service reference")
|
||||
}
|
||||
|
||||
var svcPort *corev1.ServicePort
|
||||
for _, p := range service.Spec.Ports {
|
||||
|
@ -901,6 +905,22 @@ func (p *Provider) getBackendAddresses(namespace string, ref gatev1.BackendRef)
|
|||
return nil, corev1.ServicePort{}, fmt.Errorf("service port %d not found", *ref.Port)
|
||||
}
|
||||
|
||||
annotationsConfig, err := parseServiceAnnotations(service.Annotations)
|
||||
if err != nil {
|
||||
return nil, corev1.ServicePort{}, fmt.Errorf("parsing service annotations config: %w", err)
|
||||
}
|
||||
|
||||
if p.NativeLBByDefault || annotationsConfig.Service.NativeLB {
|
||||
if service.Spec.ClusterIP == "" || service.Spec.ClusterIP == "None" {
|
||||
return nil, corev1.ServicePort{}, fmt.Errorf("no clusterIP found for service: %s/%s", service.Namespace, service.Name)
|
||||
}
|
||||
|
||||
return []backendAddress{{
|
||||
IP: service.Spec.ClusterIP,
|
||||
Port: svcPort.Port,
|
||||
}}, *svcPort, nil
|
||||
}
|
||||
|
||||
endpointSlices, err := p.client.ListEndpointSlicesForService(namespace, string(ref.Name))
|
||||
if err != nil {
|
||||
return nil, corev1.ServicePort{}, fmt.Errorf("getting endpointslices: %w", err)
|
||||
|
@ -935,8 +955,8 @@ func (p *Provider) getBackendAddresses(namespace string, ref gatev1.BackendRef)
|
|||
|
||||
uniqAddresses[address] = struct{}{}
|
||||
backendServers = append(backendServers, backendAddress{
|
||||
Address: address,
|
||||
Port: port,
|
||||
IP: address,
|
||||
Port: port,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
|
@ -57,6 +57,7 @@ func TestLoadHTTPRoutes(t *testing.T) {
|
|||
expected *dynamic.Configuration
|
||||
entryPoints map[string]Entrypoint
|
||||
experimentalChannel bool
|
||||
nativeLB bool
|
||||
}{
|
||||
{
|
||||
desc: "Empty",
|
||||
|
@ -2334,6 +2335,123 @@ func TestLoadHTTPRoutes(t *testing.T) {
|
|||
TLS: &dynamic.TLSConfiguration{},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Simple HTTPRoute with NativeLBByDefault enabled",
|
||||
paths: []string{"services.yml", "httproute/simple.yml"},
|
||||
nativeLB: true,
|
||||
entryPoints: map[string]Entrypoint{"web": {
|
||||
Address: ":80",
|
||||
}},
|
||||
expected: &dynamic.Configuration{
|
||||
UDP: &dynamic.UDPConfiguration{
|
||||
Routers: map[string]*dynamic.UDPRouter{},
|
||||
Services: map[string]*dynamic.UDPService{},
|
||||
},
|
||||
TCP: &dynamic.TCPConfiguration{
|
||||
Routers: map[string]*dynamic.TCPRouter{},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{},
|
||||
Services: map[string]*dynamic.TCPService{},
|
||||
ServersTransports: map[string]*dynamic.TCPServersTransport{},
|
||||
},
|
||||
HTTP: &dynamic.HTTPConfiguration{
|
||||
Routers: map[string]*dynamic.Router{
|
||||
"default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06": {
|
||||
EntryPoints: []string{"web"},
|
||||
Service: "default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06-wrr",
|
||||
Rule: "Host(`foo.com`) && Path(`/bar`)",
|
||||
Priority: 100008,
|
||||
RuleSyntax: "v3",
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.Middleware{},
|
||||
Services: map[string]*dynamic.Service{
|
||||
"default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06-wrr": {
|
||||
Weighted: &dynamic.WeightedRoundRobin{
|
||||
Services: []dynamic.WRRService{
|
||||
{
|
||||
Name: "default-whoami-80",
|
||||
Weight: ptr.To(1),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"default-whoami-80": {
|
||||
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||
Servers: []dynamic.Server{
|
||||
{
|
||||
URL: "http://10.10.10.1:80",
|
||||
},
|
||||
},
|
||||
PassHostHeader: ptr.To(true),
|
||||
ResponseForwarding: &dynamic.ResponseForwarding{
|
||||
FlushInterval: ptypes.Duration(100 * time.Millisecond),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
ServersTransports: map[string]*dynamic.ServersTransport{},
|
||||
},
|
||||
TLS: &dynamic.TLSConfiguration{},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Simple HTTPRoute with NativeLB annotation",
|
||||
paths: []string{"services.yml", "httproute/simple_nativelb.yml"},
|
||||
entryPoints: map[string]Entrypoint{"web": {
|
||||
Address: ":80",
|
||||
}},
|
||||
expected: &dynamic.Configuration{
|
||||
UDP: &dynamic.UDPConfiguration{
|
||||
Routers: map[string]*dynamic.UDPRouter{},
|
||||
Services: map[string]*dynamic.UDPService{},
|
||||
},
|
||||
TCP: &dynamic.TCPConfiguration{
|
||||
Routers: map[string]*dynamic.TCPRouter{},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{},
|
||||
Services: map[string]*dynamic.TCPService{},
|
||||
ServersTransports: map[string]*dynamic.TCPServersTransport{},
|
||||
},
|
||||
HTTP: &dynamic.HTTPConfiguration{
|
||||
Routers: map[string]*dynamic.Router{
|
||||
"default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06": {
|
||||
EntryPoints: []string{"web"},
|
||||
Service: "default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06-wrr",
|
||||
Rule: "Host(`foo.com`) && Path(`/bar`)",
|
||||
Priority: 100008,
|
||||
RuleSyntax: "v3",
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.Middleware{},
|
||||
Services: map[string]*dynamic.Service{
|
||||
"default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06-wrr": {
|
||||
Weighted: &dynamic.WeightedRoundRobin{
|
||||
Services: []dynamic.WRRService{
|
||||
{
|
||||
Name: "default-whoami-native-80",
|
||||
Weight: ptr.To(1),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"default-whoami-native-80": {
|
||||
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||
Servers: []dynamic.Server{
|
||||
{
|
||||
URL: "http://10.10.10.1:80",
|
||||
},
|
||||
},
|
||||
PassHostHeader: ptr.To(true),
|
||||
ResponseForwarding: &dynamic.ResponseForwarding{
|
||||
FlushInterval: ptypes.Duration(100 * time.Millisecond),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
ServersTransports: map[string]*dynamic.ServersTransport{},
|
||||
},
|
||||
TLS: &dynamic.TLSConfiguration{},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
|
@ -2363,6 +2481,7 @@ func TestLoadHTTPRoutes(t *testing.T) {
|
|||
p := Provider{
|
||||
EntryPoints: test.entryPoints,
|
||||
ExperimentalChannel: test.experimentalChannel,
|
||||
NativeLBByDefault: test.nativeLB,
|
||||
client: client,
|
||||
}
|
||||
|
||||
|
@ -3078,6 +3197,7 @@ func TestLoadTCPRoutes(t *testing.T) {
|
|||
paths []string
|
||||
expected *dynamic.Configuration
|
||||
entryPoints map[string]Entrypoint
|
||||
nativeLB bool
|
||||
}{
|
||||
{
|
||||
desc: "Empty",
|
||||
|
@ -3826,6 +3946,113 @@ func TestLoadTCPRoutes(t *testing.T) {
|
|||
TLS: &dynamic.TLSConfiguration{},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Simple TCPRoute with NativeLBByDefault",
|
||||
paths: []string{"services.yml", "tcproute/simple.yml"},
|
||||
nativeLB: true,
|
||||
entryPoints: map[string]Entrypoint{
|
||||
"tcp": {Address: ":9000"},
|
||||
},
|
||||
expected: &dynamic.Configuration{
|
||||
UDP: &dynamic.UDPConfiguration{
|
||||
Routers: map[string]*dynamic.UDPRouter{},
|
||||
Services: map[string]*dynamic.UDPService{},
|
||||
},
|
||||
TCP: &dynamic.TCPConfiguration{
|
||||
Routers: map[string]*dynamic.TCPRouter{
|
||||
"default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb": {
|
||||
EntryPoints: []string{"tcp"},
|
||||
Service: "default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb-wrr",
|
||||
Rule: "HostSNI(`*`)",
|
||||
RuleSyntax: "v3",
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{},
|
||||
Services: map[string]*dynamic.TCPService{
|
||||
"default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb-wrr": {
|
||||
Weighted: &dynamic.TCPWeightedRoundRobin{
|
||||
Services: []dynamic.TCPWRRService{
|
||||
{
|
||||
Name: "default-whoamitcp-9000",
|
||||
Weight: ptr.To(1),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"default-whoamitcp-9000": {
|
||||
LoadBalancer: &dynamic.TCPServersLoadBalancer{
|
||||
Servers: []dynamic.TCPServer{
|
||||
{
|
||||
Address: "10.10.10.1:9000",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
ServersTransports: map[string]*dynamic.TCPServersTransport{},
|
||||
},
|
||||
HTTP: &dynamic.HTTPConfiguration{
|
||||
Routers: map[string]*dynamic.Router{},
|
||||
Middlewares: map[string]*dynamic.Middleware{},
|
||||
Services: map[string]*dynamic.Service{},
|
||||
ServersTransports: map[string]*dynamic.ServersTransport{},
|
||||
},
|
||||
TLS: &dynamic.TLSConfiguration{},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Simple TCPRoute with NativeLB annotation",
|
||||
paths: []string{"services.yml", "tcproute/simple_nativelb.yml"},
|
||||
entryPoints: map[string]Entrypoint{
|
||||
"tcp": {Address: ":9000"},
|
||||
},
|
||||
expected: &dynamic.Configuration{
|
||||
UDP: &dynamic.UDPConfiguration{
|
||||
Routers: map[string]*dynamic.UDPRouter{},
|
||||
Services: map[string]*dynamic.UDPService{},
|
||||
},
|
||||
TCP: &dynamic.TCPConfiguration{
|
||||
Routers: map[string]*dynamic.TCPRouter{
|
||||
"default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb": {
|
||||
EntryPoints: []string{"tcp"},
|
||||
Service: "default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb-wrr",
|
||||
Rule: "HostSNI(`*`)",
|
||||
RuleSyntax: "v3",
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{},
|
||||
Services: map[string]*dynamic.TCPService{
|
||||
"default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb-wrr": {
|
||||
Weighted: &dynamic.TCPWeightedRoundRobin{
|
||||
Services: []dynamic.TCPWRRService{
|
||||
{
|
||||
Name: "default-whoamitcp-native-9000",
|
||||
Weight: ptr.To(1),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"default-whoamitcp-native-9000": {
|
||||
LoadBalancer: &dynamic.TCPServersLoadBalancer{
|
||||
Servers: []dynamic.TCPServer{
|
||||
{
|
||||
Address: "10.10.10.1:9000",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
ServersTransports: map[string]*dynamic.TCPServersTransport{},
|
||||
},
|
||||
HTTP: &dynamic.HTTPConfiguration{
|
||||
Routers: map[string]*dynamic.Router{},
|
||||
Middlewares: map[string]*dynamic.Middleware{},
|
||||
Services: map[string]*dynamic.Service{},
|
||||
ServersTransports: map[string]*dynamic.ServersTransport{},
|
||||
},
|
||||
TLS: &dynamic.TLSConfiguration{},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
|
@ -3854,6 +4081,7 @@ func TestLoadTCPRoutes(t *testing.T) {
|
|||
|
||||
p := Provider{
|
||||
EntryPoints: test.entryPoints,
|
||||
NativeLBByDefault: test.nativeLB,
|
||||
ExperimentalChannel: true,
|
||||
client: client,
|
||||
}
|
||||
|
@ -3869,8 +4097,9 @@ func TestLoadTLSRoutes(t *testing.T) {
|
|||
desc string
|
||||
ingressClass string
|
||||
paths []string
|
||||
expected *dynamic.Configuration
|
||||
entryPoints map[string]Entrypoint
|
||||
nativeLB bool
|
||||
expected *dynamic.Configuration
|
||||
}{
|
||||
{
|
||||
desc: "Empty",
|
||||
|
@ -4975,6 +5204,119 @@ func TestLoadTLSRoutes(t *testing.T) {
|
|||
TLS: &dynamic.TLSConfiguration{},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Simple TLSRoute with NativeLBByDefault",
|
||||
paths: []string{"services.yml", "tlsroute/simple_TLS_to_TLSRoute.yml"},
|
||||
nativeLB: true,
|
||||
entryPoints: map[string]Entrypoint{
|
||||
"tcp": {Address: ":9000"},
|
||||
},
|
||||
expected: &dynamic.Configuration{
|
||||
UDP: &dynamic.UDPConfiguration{
|
||||
Routers: map[string]*dynamic.UDPRouter{},
|
||||
Services: map[string]*dynamic.UDPService{},
|
||||
},
|
||||
TCP: &dynamic.TCPConfiguration{
|
||||
Routers: map[string]*dynamic.TCPRouter{
|
||||
"default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb": {
|
||||
EntryPoints: []string{"tcp"},
|
||||
Service: "default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb-wrr",
|
||||
Rule: "HostSNI(`foo.example.com`)",
|
||||
RuleSyntax: "v3",
|
||||
TLS: &dynamic.RouterTCPTLSConfig{
|
||||
Passthrough: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{},
|
||||
Services: map[string]*dynamic.TCPService{
|
||||
"default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb-wrr": {
|
||||
Weighted: &dynamic.TCPWeightedRoundRobin{
|
||||
Services: []dynamic.TCPWRRService{
|
||||
{
|
||||
Name: "default-whoamitcp-9000",
|
||||
Weight: ptr.To(1),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"default-whoamitcp-9000": {
|
||||
LoadBalancer: &dynamic.TCPServersLoadBalancer{
|
||||
Servers: []dynamic.TCPServer{
|
||||
{
|
||||
Address: "10.10.10.1:9000",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
ServersTransports: map[string]*dynamic.TCPServersTransport{},
|
||||
},
|
||||
HTTP: &dynamic.HTTPConfiguration{
|
||||
Routers: map[string]*dynamic.Router{},
|
||||
Middlewares: map[string]*dynamic.Middleware{},
|
||||
Services: map[string]*dynamic.Service{},
|
||||
ServersTransports: map[string]*dynamic.ServersTransport{},
|
||||
},
|
||||
TLS: &dynamic.TLSConfiguration{},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Simple TLSRoute with NativeLB annotation",
|
||||
paths: []string{"services.yml", "tlsroute/simple_nativelb.yml"},
|
||||
entryPoints: map[string]Entrypoint{
|
||||
"tcp": {Address: ":9000"},
|
||||
},
|
||||
expected: &dynamic.Configuration{
|
||||
UDP: &dynamic.UDPConfiguration{
|
||||
Routers: map[string]*dynamic.UDPRouter{},
|
||||
Services: map[string]*dynamic.UDPService{},
|
||||
},
|
||||
TCP: &dynamic.TCPConfiguration{
|
||||
Routers: map[string]*dynamic.TCPRouter{
|
||||
"default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb": {
|
||||
EntryPoints: []string{"tcp"},
|
||||
Service: "default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb-wrr",
|
||||
Rule: "HostSNI(`foo.example.com`)",
|
||||
RuleSyntax: "v3",
|
||||
TLS: &dynamic.RouterTCPTLSConfig{
|
||||
Passthrough: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.TCPMiddleware{},
|
||||
Services: map[string]*dynamic.TCPService{
|
||||
"default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb-wrr": {
|
||||
Weighted: &dynamic.TCPWeightedRoundRobin{
|
||||
Services: []dynamic.TCPWRRService{
|
||||
{
|
||||
Name: "default-whoamitcp-native-9000",
|
||||
Weight: ptr.To(1),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"default-whoamitcp-native-9000": {
|
||||
LoadBalancer: &dynamic.TCPServersLoadBalancer{
|
||||
Servers: []dynamic.TCPServer{
|
||||
{
|
||||
Address: "10.10.10.1:9000",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
ServersTransports: map[string]*dynamic.TCPServersTransport{},
|
||||
},
|
||||
HTTP: &dynamic.HTTPConfiguration{
|
||||
Routers: map[string]*dynamic.Router{},
|
||||
Middlewares: map[string]*dynamic.Middleware{},
|
||||
Services: map[string]*dynamic.Service{},
|
||||
ServersTransports: map[string]*dynamic.ServersTransport{},
|
||||
},
|
||||
TLS: &dynamic.TLSConfiguration{},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
|
@ -5003,6 +5345,7 @@ func TestLoadTLSRoutes(t *testing.T) {
|
|||
|
||||
p := Provider{
|
||||
EntryPoints: test.entryPoints,
|
||||
NativeLBByDefault: test.nativeLB,
|
||||
ExperimentalChannel: true,
|
||||
client: client,
|
||||
}
|
||||
|
|
|
@ -286,7 +286,7 @@ func (p *Provider) loadTCPServers(namespace string, route *gatev1alpha2.TCPRoute
|
|||
|
||||
for _, ba := range backendAddresses {
|
||||
lb.Servers = append(lb.Servers, dynamic.TCPServer{
|
||||
Address: net.JoinHostPort(ba.Address, strconv.Itoa(int(ba.Port))),
|
||||
Address: net.JoinHostPort(ba.IP, strconv.Itoa(int(ba.Port))),
|
||||
})
|
||||
}
|
||||
return lb, nil
|
||||
|
|
|
@ -289,7 +289,7 @@ func (p *Provider) loadTLSServers(namespace string, route *gatev1alpha2.TLSRoute
|
|||
for _, ba := range backendAddresses {
|
||||
lb.Servers = append(lb.Servers, dynamic.TCPServer{
|
||||
// TODO determine whether the servers needs TLS, from the port?
|
||||
Address: net.JoinHostPort(ba.Address, strconv.Itoa(int(ba.Port))),
|
||||
Address: net.JoinHostPort(ba.IP, strconv.Itoa(int(ba.Port))),
|
||||
})
|
||||
}
|
||||
return lb, nil
|
||||
|
|
|
@ -219,7 +219,7 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl
|
|||
|
||||
var ingressClasses []*netv1.IngressClass
|
||||
|
||||
if !p.DisableIngressClassLookup {
|
||||
if !p.DisableIngressClassLookup && !p.DisableClusterScopeResources {
|
||||
ics, err := client.GetIngressClasses()
|
||||
if err != nil {
|
||||
log.Ctx(ctx).Warn().Err(err).Msg("Failed to list ingress classes")
|
||||
|
|
|
@ -26,11 +26,12 @@ func Bool(v bool) *bool { return &v }
|
|||
|
||||
func TestLoadConfigurationFromIngresses(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
ingressClass string
|
||||
expected *dynamic.Configuration
|
||||
allowEmptyServices bool
|
||||
disableIngressClassLookup bool
|
||||
desc string
|
||||
ingressClass string
|
||||
expected *dynamic.Configuration
|
||||
allowEmptyServices bool
|
||||
disableIngressClassLookup bool
|
||||
disableClusterScopeResources bool
|
||||
}{
|
||||
{
|
||||
desc: "Empty ingresses",
|
||||
|
@ -1335,6 +1336,38 @@ func TestLoadConfigurationFromIngresses(t *testing.T) {
|
|||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
// Duplicate test case with the same fixture as the one above, but with the disableClusterScopeResources option to true.
|
||||
// Showing that disabling the ingressClass discovery still allow the discovery of ingresses with ingress annotation.
|
||||
desc: "Ingress with ingress annotation",
|
||||
disableClusterScopeResources: true,
|
||||
expected: &dynamic.Configuration{
|
||||
HTTP: &dynamic.HTTPConfiguration{
|
||||
Middlewares: map[string]*dynamic.Middleware{},
|
||||
Routers: map[string]*dynamic.Router{
|
||||
"testing-bar": {
|
||||
Rule: "PathPrefix(`/bar`)",
|
||||
Service: "testing-service1-80",
|
||||
},
|
||||
},
|
||||
Services: map[string]*dynamic.Service{
|
||||
"testing-service1-80": {
|
||||
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||
PassHostHeader: Bool(true),
|
||||
ResponseForwarding: &dynamic.ResponseForwarding{
|
||||
FlushInterval: ptypes.Duration(100 * time.Millisecond),
|
||||
},
|
||||
Servers: []dynamic.Server{
|
||||
{
|
||||
URL: "http://10.10.0.1:8080",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Ingress with ingressClass",
|
||||
expected: &dynamic.Configuration{
|
||||
|
@ -1377,6 +1410,19 @@ func TestLoadConfigurationFromIngresses(t *testing.T) {
|
|||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
// Duplicate test case with the same fixture as the one above, but with the disableClusterScopeResources option to true.
|
||||
// Showing that disabling the ingressClass discovery avoid discovering Ingresses with an IngressClass.
|
||||
desc: "Ingress with ingressClass",
|
||||
disableClusterScopeResources: true,
|
||||
expected: &dynamic.Configuration{
|
||||
HTTP: &dynamic.HTTPConfiguration{
|
||||
Middlewares: map[string]*dynamic.Middleware{},
|
||||
Routers: map[string]*dynamic.Router{},
|
||||
Services: map[string]*dynamic.Service{},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Ingress with named port",
|
||||
expected: &dynamic.Configuration{
|
||||
|
@ -1455,9 +1501,10 @@ func TestLoadConfigurationFromIngresses(t *testing.T) {
|
|||
|
||||
clientMock := newClientMock(generateTestFilename(test.desc))
|
||||
p := Provider{
|
||||
IngressClass: test.ingressClass,
|
||||
AllowEmptyServices: test.allowEmptyServices,
|
||||
DisableIngressClassLookup: test.disableIngressClassLookup,
|
||||
IngressClass: test.ingressClass,
|
||||
AllowEmptyServices: test.allowEmptyServices,
|
||||
DisableIngressClassLookup: test.disableIngressClassLookup,
|
||||
DisableClusterScopeResources: test.disableClusterScopeResources,
|
||||
}
|
||||
conf := p.loadConfigurationFromIngresses(context.Background(), clientMock)
|
||||
|
||||
|
|
|
@ -28,7 +28,7 @@ func isPostgres(br *bufio.Reader) (bool, error) {
|
|||
peeked, err := br.Peek(i)
|
||||
if err != nil {
|
||||
var opErr *net.OpError
|
||||
if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || opErr.Timeout()) {
|
||||
if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || !opErr.Timeout()) {
|
||||
log.Error().Err(err).Msg("Error while Peeking first byte")
|
||||
}
|
||||
return false, err
|
||||
|
|
|
@ -363,7 +363,7 @@ func clientHelloInfo(br *bufio.Reader) (*clientHello, error) {
|
|||
hdr, err := br.Peek(1)
|
||||
if err != nil {
|
||||
var opErr *net.OpError
|
||||
if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || opErr.Timeout()) {
|
||||
if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || !opErr.Timeout()) {
|
||||
log.Error().Err(err).Msg("Error while Peeking first byte")
|
||||
}
|
||||
return nil, err
|
||||
|
|
|
@ -4,11 +4,11 @@ RepositoryName = "traefik"
|
|||
OutputType = "file"
|
||||
FileName = "traefik_changelog.md"
|
||||
|
||||
# example new bugfix v3.1.4
|
||||
# example new bugfix v3.1.5
|
||||
CurrentRef = "v3.1"
|
||||
PreviousRef = "v3.1.3"
|
||||
PreviousRef = "v3.1.4"
|
||||
BaseBranch = "v3.1"
|
||||
FutureCurrentRefName = "v3.1.4"
|
||||
FutureCurrentRefName = "v3.1.5"
|
||||
|
||||
ThresholdPreviousRef = 10
|
||||
ThresholdCurrentRef = 10
|
||||
|
|
|
@ -4,11 +4,11 @@ RepositoryName = "traefik"
|
|||
OutputType = "file"
|
||||
FileName = "traefik_changelog.md"
|
||||
|
||||
# example RC1 of v3.1.0-rc1
|
||||
# example RC1 of v3.2.0-rc1
|
||||
CurrentRef = "master"
|
||||
PreviousRef = "v3.0.0-beta3"
|
||||
PreviousRef = "v3.1.0-rc1"
|
||||
BaseBranch = "master"
|
||||
FutureCurrentRefName = "v3.1.0-rc1"
|
||||
FutureCurrentRefName = "v3.2.0-rc1"
|
||||
|
||||
ThresholdPreviousRef = 10000
|
||||
ThresholdCurrentRef = 10000
|
||||
|
|
|
@ -5,6 +5,8 @@ import (
|
|||
"io/fs"
|
||||
)
|
||||
|
||||
// Files starting with . and _ are excluded by default
|
||||
//
|
||||
//go:embed static
|
||||
var assets embed.FS
|
||||
|
||||
|
|
|
@ -20,16 +20,13 @@
|
|||
"dependencies": {
|
||||
"@quasar/extras": "^1.16.12",
|
||||
"axios": "^1.7.4",
|
||||
"bowser": "^2.11.0",
|
||||
"chart.js": "^4.4.1",
|
||||
"core-js": "^3.35.1",
|
||||
"dot-prop": "^8.0.2",
|
||||
"iframe-resizer": "^4.3.9",
|
||||
"lodash.isequal": "4.5.0",
|
||||
"moment": "^2.30.1",
|
||||
"quasar": "^2.16.6",
|
||||
"query-string": "^8.1.0",
|
||||
"vh-check": "^2.0.5",
|
||||
"vue": "^3.0.0",
|
||||
"vue-chartjs": "^5.3.0",
|
||||
"vue-router": "^4.0.12",
|
||||
|
|
|
@ -13,9 +13,7 @@ module.exports = configure(function (ctx) {
|
|||
// app boot file (/src/boot)
|
||||
// --> boot files are part of "main.js"
|
||||
boot: [
|
||||
'api',
|
||||
'_hacks',
|
||||
'_init'
|
||||
'api'
|
||||
],
|
||||
|
||||
css: [
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
import iframeResize from 'iframe-resizer/js/iframeResizer'
|
||||
|
||||
const resize = {
|
||||
mounted (el, binding) {
|
||||
const options = binding.value || {}
|
||||
el.addEventListener('load', () => iframeResize(options, el))
|
||||
},
|
||||
unmounted (el) {
|
||||
const resizableEl = el
|
||||
if (resizableEl.iFrameResizer) {
|
||||
resizableEl.iFrameResizer.removeListeners()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
export default resize
|
|
@ -1,10 +0,0 @@
|
|||
import { APP } from '../_helpers/APP'
|
||||
import Boot from '../_middleware/Boot'
|
||||
|
||||
export default async ({ app, router, store }) => {
|
||||
app.use(Boot)
|
||||
|
||||
APP.root = app
|
||||
APP.router = router
|
||||
APP.store = store
|
||||
}
|
|
@ -1,13 +0,0 @@
|
|||
import Bowser from 'bowser'
|
||||
import vhCheck from 'vh-check'
|
||||
|
||||
const browser = Bowser.getParser(window.navigator.userAgent)
|
||||
|
||||
// In Mobile
|
||||
if (browser.getPlatform().type === 'mobile') {
|
||||
vhCheck()
|
||||
}
|
||||
|
||||
export default async ({ app, Vue }) => {
|
||||
|
||||
}
|
|
@ -1,30 +0,0 @@
|
|||
import { APP } from '../_helpers/APP'
|
||||
import errors from '../_helpers/Errors'
|
||||
import resize from '../_directives/resize'
|
||||
|
||||
export default async ({ app, router }) => {
|
||||
// Directives
|
||||
app.directive('resize', resize)
|
||||
|
||||
// Router
|
||||
// ----------------------------------------------
|
||||
router.beforeEach(async (to, from, next) => {
|
||||
// Set APP
|
||||
APP.routeTo = to
|
||||
APP.routeFrom = from
|
||||
next()
|
||||
})
|
||||
|
||||
// Api (axios)
|
||||
// ----------------------------------------------
|
||||
APP.api.interceptors.request.use((config) => {
|
||||
console.log('interceptors -> config', config)
|
||||
// config.headers['Accept'] = '*/*'
|
||||
return config
|
||||
})
|
||||
|
||||
APP.api.interceptors.response.use((response) => {
|
||||
console.log('interceptors -> response', response)
|
||||
return response
|
||||
}, errors.handleResponse)
|
||||
}
|
|
@ -2267,11 +2267,6 @@ boolbase@^1.0.0:
|
|||
resolved "https://registry.yarnpkg.com/boolbase/-/boolbase-1.0.0.tgz#68dff5fbe60c51eb37725ea9e3ed310dcc1e776e"
|
||||
integrity sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==
|
||||
|
||||
bowser@^2.11.0:
|
||||
version "2.11.0"
|
||||
resolved "https://registry.yarnpkg.com/bowser/-/bowser-2.11.0.tgz#5ca3c35757a7aa5771500c70a73a9f91ef420a8f"
|
||||
integrity sha512-AlcaJBi/pqqJBIQ8U9Mcpc9i8Aqxn88Skv5d+xBX006BY5u8N3mGLHa5Lgppa7L/HfwgwLgZ6NYs+Ag6uUmJRA==
|
||||
|
||||
brace-expansion@^1.1.7:
|
||||
version "1.1.11"
|
||||
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd"
|
||||
|
@ -3864,11 +3859,6 @@ ieee754@^1.1.13, ieee754@^1.2.1:
|
|||
resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.2.1.tgz#8eb7a10a63fff25d15a57b001586d177d1b0d352"
|
||||
integrity sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==
|
||||
|
||||
iframe-resizer@^4.3.9:
|
||||
version "4.4.5"
|
||||
resolved "https://registry.yarnpkg.com/iframe-resizer/-/iframe-resizer-4.4.5.tgz#f5048636e7f2fb5d9a09cc2ae78eb2da55ad555c"
|
||||
integrity sha512-U8bCywf/Gh07O69RXo6dXAzTtODQrxaHGHRI7Nt4ipXsuq6EMxVsOP/jjaP43YtXz/ibESS0uSVDN3sOGCzSmw==
|
||||
|
||||
ignore@^5.2.0, ignore@^5.2.4:
|
||||
version "5.3.1"
|
||||
resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.3.1.tgz#5073e554cd42c5b33b394375f538b8593e34d4ef"
|
||||
|
@ -6007,11 +5997,6 @@ vary@~1.1.2:
|
|||
resolved "https://registry.yarnpkg.com/vary/-/vary-1.1.2.tgz#2299f02c6ded30d4a5961b0b9f74524a18f634fc"
|
||||
integrity sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==
|
||||
|
||||
vh-check@^2.0.5:
|
||||
version "2.0.5"
|
||||
resolved "https://registry.yarnpkg.com/vh-check/-/vh-check-2.0.5.tgz#1b70610461e9776176f23d172daae3c4761aed09"
|
||||
integrity sha512-vHtIYWt9uLl2P2tLlatVpMwv9+ezuJCtMNjUVIpzd5Pa/dJXN8AtqkKmVRcNSlmXyCjkCkbMQX/Vs9axmdlfgg==
|
||||
|
||||
vite-jsconfig-paths@^2.0.1:
|
||||
version "2.0.1"
|
||||
resolved "https://registry.yarnpkg.com/vite-jsconfig-paths/-/vite-jsconfig-paths-2.0.1.tgz#d66e36d67596dd8a8e4a6ed6e6db20debc50b45e"
|
||||
|
|
Loading…
Reference in a new issue