diff --git a/CHANGELOG.md b/CHANGELOG.md
index c5f23cef6..689a024df 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,31 @@
+## [v2.8.0-rc2](https://github.com/traefik/traefik/tree/v2.8.0-rc2) (2022-06-27)
+[All Commits](https://github.com/traefik/traefik/compare/v2.8.0-rc1...v2.8.0-rc2)
+
+**Bug fixes:**
+- **[nomad]** Use configured token in the Nomad client ([#9111](https://github.com/traefik/traefik/pull/9111) by [kevinpollet](https://github.com/kevinpollet))
+
+**Misc:**
+- Merge current v2.7 into v2.8 ([#9133](https://github.com/traefik/traefik/pull/9133) by [rtribotte](https://github.com/rtribotte))
+
+## [v2.7.2](https://github.com/traefik/traefik/tree/v2.7.2) (2022-06-27)
+[All Commits](https://github.com/traefik/traefik/compare/v2.7.1...v2.7.2)
+
+**Bug fixes:**
+- **[healthcheck,service]** Do not make multiple requests to the same URL for balancer healthcheck ([#8632](https://github.com/traefik/traefik/pull/8632) by [TPXP](https://github.com/TPXP))
+- **[healthcheck,service]** Add log when missing path in health check ([#9104](https://github.com/traefik/traefik/pull/9104) by [moutoum](https://github.com/moutoum))
+- **[k8s/gatewayapi]** Allow multiple listeners on same port in Gateway API provider ([#9107](https://github.com/traefik/traefik/pull/9107) by [burner-account](https://github.com/burner-account))
+- **[middleware]** RedirectScheme redirects based on X-Forwarded-Proto header ([#9121](https://github.com/traefik/traefik/pull/9121) by [moutoum](https://github.com/moutoum))
+- **[plugins]** Update yaegi to v0.13.0 ([#9118](https://github.com/traefik/traefik/pull/9118) by [kevinpollet](https://github.com/kevinpollet))
+- **[rules]** Fix HostRegexp and Query muxers ([#9131](https://github.com/traefik/traefik/pull/9131) by [juliens](https://github.com/juliens))
+- **[tracing]** Update DataDog tracing dependency to v1.38.1 ([#9105](https://github.com/traefik/traefik/pull/9105) by [kevinpollet](https://github.com/kevinpollet))
+
+**Documentation:**
+- **[acme,k8s/crd]** Add documentation to Traefik CRD properties ([#9096](https://github.com/traefik/traefik/pull/9096) by [mloiseleur](https://github.com/mloiseleur))
+- **[middleware]** Add missing info.serialNumber option to PassTLSClientCert middleware ([#9115](https://github.com/traefik/traefik/pull/9115) by [miteshjadia](https://github.com/miteshjadia))
+- **[tcp]** Add a note on how to handle server first protocols ([#9002](https://github.com/traefik/traefik/pull/9002) by [romantomjak](https://github.com/romantomjak))
+- Update to improve info section relevance ([#9130](https://github.com/traefik/traefik/pull/9130) by [tomatokoolaid](https://github.com/tomatokoolaid))
+- Added useful links for commercial applications ([#9129](https://github.com/traefik/traefik/pull/9129) by [tomatokoolaid](https://github.com/tomatokoolaid))
+
## [v2.8.0-rc1](https://github.com/traefik/traefik/tree/v2.8.0-rc1) (2022-06-13)
[All Commits](https://github.com/traefik/traefik/compare/v2.7.0-rc1...v2.8.0-rc1)
diff --git a/docs/content/getting-started/install-traefik.md b/docs/content/getting-started/install-traefik.md
index f31342603..199c40380 100644
--- a/docs/content/getting-started/install-traefik.md
+++ b/docs/content/getting-started/install-traefik.md
@@ -178,3 +178,11 @@ And run it:
## Compile your Binary from the Sources
All the details are available in the [Contributing Guide](../contributing/building-testing.md)
+
+!!! question "Using Traefik for Business?"
+
+ If you're using Traefik for commercial applications,
+ consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/) of Traefik as your [Kubernetes Ingress](https://traefik.io/solutions/kubernetes-ingress/),
+ your [Docker Swarm Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/),
+ or your [API gateway](https://traefik.io/solutions/api-gateway/).
+ Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
diff --git a/docs/content/https/acme.md b/docs/content/https/acme.md
index 527ab0ac2..f41f29b0e 100644
--- a/docs/content/https/acme.md
+++ b/docs/content/https/acme.md
@@ -293,112 +293,112 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
For complete details, refer to your provider's _Additional configuration_ link.
-| Provider Name | Provider Code | Environment Variables | |
-|-------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|
-| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) |
-| [Alibaba Cloud](https://www.alibabacloud.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/alidns) |
-| [all-inkl](https://all-inkl.com) | `allinkl` | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl) |
-| [ArvanCloud](https://www.arvancloud.com/en) | `arvancloud` | `ARVANCLOUD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud) |
-| [Auroradns](https://www.pcextreme.com/dns-health-checks) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns) |
-| [Autodns](https://www.internetx.com/domains/autodns/) | `autodns` | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/autodns) |
-| [Azure](https://azure.microsoft.com/services/dns/) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]` | [Additional configuration](https://go-acme.github.io/lego/dns/azure) |
-| [Bindman](https://github.com/labbsr0x/bindman-dns-webhook) | `bindman` | `BINDMAN_MANAGER_ADDRESS` | [Additional configuration](https://go-acme.github.io/lego/dns/bindman) |
-| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat) |
-| [Checkdomain](https://www.checkdomain.de/) | `checkdomain` | `CHECKDOMAIN_TOKEN`, | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/) |
-| [CloudDNS](https://vshosting.eu/) | `clouddns` | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns) |
-| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare) |
-| [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns) |
-| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns) |
-| [ConoHa](https://www.conoha.jp) | `conoha` | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/conoha) |
-| [Constellix](https://constellix.com) | `constellix` | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/constellix) |
-| [deSEC](https://desec.io) | `desec` | `DESEC_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/desec) |
-| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) |
-| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy) |
-| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple) |
-| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod) |
-| [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/dode) |
-| [Domeneshop](https://domene.shop) | `domeneshop` | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop) |
-| [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost) |
-| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns) |
-| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/dyn) |
-| [Dynu](https://www.dynu.com) | `dynu` | `DYNU_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dynu) |
-| [EasyDNS](https://easydns.com/) | `easydns` | `EASYDNS_TOKEN`, `EASYDNS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/easydns) |
-| [EdgeDNS](https://www.akamai.com/) | `edgedns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
-| [Epik](https://www.epik.com) | `epik` | `EPIK_SIGNATURE` | [Additional configuration](https://go-acme.github.io/lego/dns/epik) |
-| [Exoscale](https://www.exoscale.com) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale) |
-| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
-| [Freemyip.com](https://freemyip.com) | `freemyip` | `FREEMYIP_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip) |
-| [G-Core Lab](https://gcorelabs.com/dns/) | `gcore` | `GCORE_PERMANENT_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/gcore) |
-| [Gandi v5](https://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
-| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandi) |
-| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | [Additional configuration](https://go-acme.github.io/lego/dns/glesys) |
-| [GoDaddy](https://godaddy.com/) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy) |
-| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud) |
-| [Hetzner](https://hetzner.com) | `hetzner` | `HETZNER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner) |
-| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) |
-| [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) |
-| [Hurricane Electric](https://dns.he.net) | `hurricane` | `HURRICANE_TOKENS` [^6] | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane) |
-| [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) |
-| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/) | `ibmcloud` | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud) |
-| [IIJ DNS Platform Service](https://www.iij.ad.jp) | `iijdpf` | `IIJ_DPF_API_TOKEN` , `IIJ_DPF_DPM_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iijdpf) |
-| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) |
-| [Infoblox](https://www.infoblox.com/) | `infoblox` | `INFOBLOX_USER`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox) |
-| [Infomaniak](https://www.infomaniak.com) | `infomaniak` | `INFOMANIAK_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak) |
-| [Internet.bs](https://internetbs.net) | `internetbs` | `INTERNET_BS_API_KEY`, `INTERNET_BS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/internetbs) |
-| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/inwx) |
-| [ionos](https://ionos.com/) | `ionos` | `IONOS_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ionos) |
-| [iwantmyname](https://iwantmyname.com) | `iwantmyname` | `IWANTMYNAME_USERNAME` , `IWANTMYNAME_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/iwantmyname) |
-| [Joker.com](https://joker.com) | `joker` | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/joker) |
-| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail) |
-| [Linode v4](https://www.linode.com) | `linode` | `LINODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/linode) |
-| [Liquid Web](https://www.liquidweb.com/) | `liquidweb` | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb) |
-| [Loopia](https://loopia.com/) | `loopia` | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER` | [Additional configuration](https://go-acme.github.io/lego/dns/loopia) |
-| [LuaDNS](https://luadns.com) | `luadns` | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/luadns) |
-| [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp) |
-| [Mythic Beasts](https://www.mythic-beasts.com) | `mythicbeasts` | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts) |
-| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom) |
-| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap) |
-| [Namesilo](https://www.namesilo.com/) | `namesilo` | `NAMESILO_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo) |
-| [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/netcup) |
-| [Netlify](https://www.netlify.com) | `netlify` | `NETLIFY_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/netlify) |
-| [Nicmanager](https://www.nicmanager.com) | `nicmanager` | `NICMANAGER_API_EMAIL`, `NICMANAGER_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/nicmanager) |
-| [NIFCloud](https://cloud.nifty.com/service/dns.htm) | `nifcloud` | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud) |
-| [Njalla](https://njal.la) | `njalla` | `NJALLA_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/njalla) |
-| [NS1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ns1) |
-| [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/otc) |
-| [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) |
-| [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) |
-| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) |
-| [Porkbun](https://porkbun.com/) | `porkbun` | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun) |
-| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/pdns) |
-| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace) |
-| [reg.ru](https://www.reg.ru) | `regru` | `REGRU_USERNAME`, `REGRU_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/regru) |
-| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136) |
-| [RimuHosting](https://rimuhosting.com) | `rimuhosting` | `RIMUHOSTING_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting) |
-| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | [Additional configuration](https://go-acme.github.io/lego/dns/route53) |
-| [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud) |
-| [Scaleway](https://www.scaleway.com) | `scaleway` | `SCALEWAY_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway) |
-| [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) |
-| [Servercow](https://servercow.de) | `servercow` | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/servercow) |
-| [Simply.com](https://www.simply.com/en/domains/) | `simply` | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/simply) |
-| [Sonic](https://www.sonic.com/) | `sonic` | `SONIC_USER_ID`, `SONIC_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/sonic) |
-| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath) |
-| [Tencent Cloud DNS](https://cloud.tencent.com/product/cns) | `tencentcloud` | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud) |
-| [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/transip) |
-| [UKFast SafeDNS](https://www.ukfast.co.uk/dns-hosting.html) | `safedns` | `SAFEDNS_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/safedns) |
-| [VegaDNS](https://github.com/shupp/VegaDNS-API) | `vegadns` | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns) |
-| [Vercel](https://vercel.com) | `vercel` | `VERCEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vercel) |
-| [Versio](https://www.versio.nl/domeinnamen) | `versio` | `VERSIO_USERNAME`, `VERSIO_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/versio) |
-| [VinylDNS](https://www.vinyldns.io) | `vinyldns` | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns) |
-| [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) |
-| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) |
-| [WEDOS](https://www.wedos.com) | `wedos` | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/wedos) |
-| [Yandex](https://yandex.com) | `yandex` | `YANDEX_PDD_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex) |
-| [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee) |
-| [Zonomi](https://zonomi.com) | `zonomi` | `ZONOMI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi) |
-| External Program | `exec` | `EXEC_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/exec) |
-| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
-| manual | `manual` | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press Enter. | |
+| Provider Name | Provider Code | Environment Variables | |
+|----------------------------------------------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|
+| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) |
+| [Alibaba Cloud](https://www.alibabacloud.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/alidns) |
+| [all-inkl](https://all-inkl.com) | `allinkl` | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl) |
+| [ArvanCloud](https://www.arvancloud.com/en) | `arvancloud` | `ARVANCLOUD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud) |
+| [Auroradns](https://www.pcextreme.com/dns-health-checks) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns) |
+| [Autodns](https://www.internetx.com/domains/autodns/) | `autodns` | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/autodns) |
+| [Azure](https://azure.microsoft.com/services/dns/) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]` | [Additional configuration](https://go-acme.github.io/lego/dns/azure) |
+| [Bindman](https://github.com/labbsr0x/bindman-dns-webhook) | `bindman` | `BINDMAN_MANAGER_ADDRESS` | [Additional configuration](https://go-acme.github.io/lego/dns/bindman) |
+| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat) |
+| [Checkdomain](https://www.checkdomain.de/) | `checkdomain` | `CHECKDOMAIN_TOKEN`, | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/) |
+| [CloudDNS](https://vshosting.eu/) | `clouddns` | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns) |
+| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare) |
+| [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns) |
+| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns) |
+| [ConoHa](https://www.conoha.jp) | `conoha` | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/conoha) |
+| [Constellix](https://constellix.com) | `constellix` | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/constellix) |
+| [deSEC](https://desec.io) | `desec` | `DESEC_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/desec) |
+| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) |
+| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy) |
+| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple) |
+| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod) |
+| [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/dode) |
+| [Domeneshop](https://domene.shop) | `domeneshop` | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop) |
+| [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost) |
+| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns) |
+| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/dyn) |
+| [Dynu](https://www.dynu.com) | `dynu` | `DYNU_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dynu) |
+| [EasyDNS](https://easydns.com/) | `easydns` | `EASYDNS_TOKEN`, `EASYDNS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/easydns) |
+| [EdgeDNS](https://www.akamai.com/) | `edgedns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
+| [Epik](https://www.epik.com) | `epik` | `EPIK_SIGNATURE` | [Additional configuration](https://go-acme.github.io/lego/dns/epik) |
+| [Exoscale](https://www.exoscale.com) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale) |
+| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
+| [Freemyip.com](https://freemyip.com) | `freemyip` | `FREEMYIP_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip) |
+| [G-Core Lab](https://gcorelabs.com/dns/) | `gcore` | `GCORE_PERMANENT_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/gcore) |
+| [Gandi v5](https://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
+| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandi) |
+| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | [Additional configuration](https://go-acme.github.io/lego/dns/glesys) |
+| [GoDaddy](https://godaddy.com/) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy) |
+| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud) |
+| [Hetzner](https://hetzner.com) | `hetzner` | `HETZNER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner) |
+| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) |
+| [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) |
+| [Hurricane Electric](https://dns.he.net) | `hurricane` | `HURRICANE_TOKENS` [^6] | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane) |
+| [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) |
+| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/) | `ibmcloud` | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud) |
+| [IIJ DNS Platform Service](https://www.iij.ad.jp) | `iijdpf` | `IIJ_DPF_API_TOKEN` , `IIJ_DPF_DPM_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iijdpf) |
+| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) |
+| [Infoblox](https://www.infoblox.com/) | `infoblox` | `INFOBLOX_USER`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox) |
+| [Infomaniak](https://www.infomaniak.com) | `infomaniak` | `INFOMANIAK_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak) |
+| [Internet.bs](https://internetbs.net) | `internetbs` | `INTERNET_BS_API_KEY`, `INTERNET_BS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/internetbs) |
+| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/inwx) |
+| [ionos](https://ionos.com/) | `ionos` | `IONOS_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ionos) |
+| [iwantmyname](https://iwantmyname.com) | `iwantmyname` | `IWANTMYNAME_USERNAME` , `IWANTMYNAME_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/iwantmyname) |
+| [Joker.com](https://joker.com) | `joker` | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/joker) |
+| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail) |
+| [Linode v4](https://www.linode.com) | `linode` | `LINODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/linode) |
+| [Liquid Web](https://www.liquidweb.com/) | `liquidweb` | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb) |
+| [Loopia](https://loopia.com/) | `loopia` | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER` | [Additional configuration](https://go-acme.github.io/lego/dns/loopia) |
+| [LuaDNS](https://luadns.com) | `luadns` | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/luadns) |
+| [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp) |
+| [Mythic Beasts](https://www.mythic-beasts.com) | `mythicbeasts` | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts) |
+| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom) |
+| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap) |
+| [Namesilo](https://www.namesilo.com/) | `namesilo` | `NAMESILO_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo) |
+| [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/netcup) |
+| [Netlify](https://www.netlify.com) | `netlify` | `NETLIFY_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/netlify) |
+| [Nicmanager](https://www.nicmanager.com) | `nicmanager` | `NICMANAGER_API_EMAIL`, `NICMANAGER_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/nicmanager) |
+| [NIFCloud](https://cloud.nifty.com/service/dns.htm) | `nifcloud` | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud) |
+| [Njalla](https://njal.la) | `njalla` | `NJALLA_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/njalla) |
+| [NS1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ns1) |
+| [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/otc) |
+| [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) |
+| [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) |
+| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) |
+| [Porkbun](https://porkbun.com/) | `porkbun` | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun) |
+| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/pdns) |
+| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace) |
+| [reg.ru](https://www.reg.ru) | `regru` | `REGRU_USERNAME`, `REGRU_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/regru) |
+| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136) |
+| [RimuHosting](https://rimuhosting.com) | `rimuhosting` | `RIMUHOSTING_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting) |
+| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | [Additional configuration](https://go-acme.github.io/lego/dns/route53) |
+| [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud) |
+| [Scaleway](https://www.scaleway.com) | `scaleway` | `SCALEWAY_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway) |
+| [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) |
+| [Servercow](https://servercow.de) | `servercow` | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/servercow) |
+| [Simply.com](https://www.simply.com/en/domains/) | `simply` | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/simply) |
+| [Sonic](https://www.sonic.com/) | `sonic` | `SONIC_USER_ID`, `SONIC_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/sonic) |
+| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath) |
+| [Tencent Cloud DNS](https://cloud.tencent.com/product/cns) | `tencentcloud` | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud) |
+| [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/transip) |
+| [UKFast SafeDNS](https://www.ans.co.uk/cloud-and-infrastructure/dedicated-servers/dns-management/) | `safedns` | `SAFEDNS_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/safedns) |
+| [VegaDNS](https://github.com/shupp/VegaDNS-API) | `vegadns` | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns) |
+| [Vercel](https://vercel.com) | `vercel` | `VERCEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vercel) |
+| [Versio](https://www.versio.nl/domeinnamen) | `versio` | `VERSIO_USERNAME`, `VERSIO_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/versio) |
+| [VinylDNS](https://www.vinyldns.io) | `vinyldns` | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns) |
+| [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) |
+| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) |
+| [WEDOS](https://www.wedos.com) | `wedos` | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/wedos) |
+| [Yandex](https://yandex.com) | `yandex` | `YANDEX_PDD_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex) |
+| [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee) |
+| [Zonomi](https://zonomi.com) | `zonomi` | `ZONOMI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi) |
+| External Program | `exec` | `EXEC_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/exec) |
+| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
+| manual | `manual` | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press Enter. | |
[^1]: More information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/).
[^2]: [Providing credentials to your application](https://cloud.google.com/docs/authentication/production).
diff --git a/docs/content/index.md b/docs/content/index.md
index e03c5b656..b882fb148 100644
--- a/docs/content/index.md
+++ b/docs/content/index.md
@@ -26,7 +26,8 @@ Developing Traefik, our main goal is to make it simple to use, and we're sure yo
Join our user friendly and active [Community Forum](https://community.traefik.io) to discuss, learn, and connect with the traefik community.
- If you're a business running critical services behind Traefik,
- know that [Traefik Labs](https://traefik.io), the company that sponsors Traefik's development,
- can provide [commercial support](https://info.traefik.io/commercial-services)
- and develops an [Enterprise Edition](https://traefik.io/traefik-enterprise/) of Traefik.
+ Using Traefik for commercial applications?
+ Consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/) of Traefik as your [Kubernetes Ingress](https://traefik.io/solutions/kubernetes-ingress/),
+ your [Docker Swarm Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/),
+ or your [API gateway](https://traefik.io/solutions/api-gateway/).
+ Get started with a [free 30-day trial](https://info.traefik.io/get-traefik-enterprise-free-for-30-days).
diff --git a/docs/content/middlewares/http/passtlsclientcert.md b/docs/content/middlewares/http/passtlsclientcert.md
index e38391912..39a1a9ef5 100644
--- a/docs/content/middlewares/http/passtlsclientcert.md
+++ b/docs/content/middlewares/http/passtlsclientcert.md
@@ -445,6 +445,23 @@ Subject="DC=org,DC=cheese,C=FR,C=US,ST=Cheese org state,ST=Cheese com state,L=TO
If there are more than one certificate, they are separated by a `,`.
+#### `info.serialNumber`
+
+Set the `info.serialNumber` option to `true` to add the `Serial Number` of the certificate.
+
+The data is taken from the following certificate part:
+
+```text
+Serial Number:
+ 6a:2f:20:f8:ce:8d:48:52:ba:d9:bb:be:60:ec:bf:79
+```
+
+And it is formatted as follows in the header (decimal representation):
+
+```text
+SerialNumber="141142874255168551917600297745052909433"
+```
+
#### `info.notAfter`
Set the `info.notAfter` option to `true` to add the `Not After` information from the `Validity` part.
@@ -452,8 +469,8 @@ Set the `info.notAfter` option to `true` to add the `Not After` information from
The data is taken from the following certificate part:
```text
- Validity
- Not After : Dec 5 11:10:16 2020 GMT
+Validity
+ Not After : Dec 5 11:10:16 2020 GMT
```
And it is formatted as follows in the header:
@@ -486,8 +503,8 @@ Set the `info.sans` option to `true` to add the `Subject Alternative Name` infor
The data is taken from the following certificate part:
```text
- X509v3 Subject Alternative Name:
- DNS:*.example.org, DNS:*.example.net, DNS:*.example.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:test@example.org, email:test@example.net
+X509v3 Subject Alternative Name:
+ DNS:*.example.org, DNS:*.example.net, DNS:*.example.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:test@example.org, email:test@example.net
```
And it is formatted as follows in the header:
diff --git a/docs/content/middlewares/http/redirectscheme.md b/docs/content/middlewares/http/redirectscheme.md
index 2d4520867..3e37e89fc 100644
--- a/docs/content/middlewares/http/redirectscheme.md
+++ b/docs/content/middlewares/http/redirectscheme.md
@@ -12,7 +12,17 @@ Redirecting the Client to a Different Scheme/Port
TODO: add schema
-->
-RedirectScheme redirects requests from a scheme/port to another.
+The RedirectScheme middleware redirects the request if the request scheme is different from the configured scheme.
+The middleware does not work for websocket requests.
+
+!!! warning "When behind another reverse-proxy"
+
+ When there is at least one other reverse-proxy between the client and Traefik,
+ the other reverse-proxy (i.e. the last hop) needs to be a [trusted](../../routing/entrypoints.md#forwarded-headers) one.
+
+ Otherwise, Traefik would clean up the X-Forwarded headers coming from this last hop,
+ and as the RedirectScheme middleware relies on them to determine the scheme used,
+ it would not function as intended.
## Configuration Examples
diff --git a/docs/content/providers/kubernetes-crd.md b/docs/content/providers/kubernetes-crd.md
index 3859fed59..e9e848f11 100644
--- a/docs/content/providers/kubernetes-crd.md
+++ b/docs/content/providers/kubernetes-crd.md
@@ -31,15 +31,14 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku
For Kubernetes `v1.16+`, please use the Traefik `apiextensions.k8s.io/v1` CRDs instead.
-??? example "Initializing Resource Definition and RBAC"
+!!! example "Installing Resource Definition and RBAC"
- ```yaml tab="Traefik Resource Definition"
- # All resources definition must be declared
- --8<-- "content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml"
- ```
-
- ```yaml tab="RBAC for Traefik CRD"
- --8<-- "content/reference/dynamic-configuration/kubernetes-crd-rbac.yml"
+ ```bash
+ # Install Traefik Resource Definitions:
+ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+
+ # Install RBAC for Traefik:
+ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
```
## Resource Configuration
diff --git a/docs/content/providers/nomad.md b/docs/content/providers/nomad.md
index f9d009f9e..92ce542ad 100644
--- a/docs/content/providers/nomad.md
+++ b/docs/content/providers/nomad.md
@@ -158,33 +158,6 @@ providers:
# ...
```
-#### `datacenter`
-
-_Optional, Default=""_
-
-Defines the datacenter to use.
-If not provided in Traefik, Nomad uses the agent datacenter.
-
-```yaml tab="File (YAML)"
-providers:
- nomad:
- endpoint:
- datacenter: dc1
- # ...
-```
-
-```toml tab="File (TOML)"
-[providers.nomad]
- [providers.nomad.endpoint]
- datacenter = "dc1"
- # ...
-```
-
-```bash tab="CLI"
---providers.nomad.endpoint.datacenter=dc1
-# ...
-```
-
#### `token`
_Optional, Default=""_
@@ -238,58 +211,6 @@ providers:
# ...
```
-#### `httpAuth`
-
-_Optional_
-
-Used to authenticate the HTTP client using HTTP Basic Authentication.
-
-##### `username`
-
-_Optional, Default=""_
-
-Username to use for HTTP Basic Authentication.
-
-```yaml tab="File (YAML)"
-providers:
- nomad:
- endpoint:
- httpAuth:
- username: admin
-```
-
-```toml tab="File (TOML)"
-[providers.nomad.endpoint.httpAuth]
- username = "admin"
-```
-
-```bash tab="CLI"
---providers.nomad.endpoint.httpauth.username=admin
-```
-
-##### `password`
-
-_Optional, Default=""_
-
-Password to use for HTTP Basic Authentication.
-
-```yaml tab="File (YAML)"
-providers:
- nomad:
- endpoint:
- httpAuth:
- password: passw0rd
-```
-
-```toml tab="File (TOML)"
-[providers.nomad.endpoint.httpAuth]
- password = "passw0rd"
-```
-
-```bash tab="CLI"
---providers.nomad.endpoint.httpauth.password=passw0rd
-```
-
#### `tls`
_Optional_
diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
index 69a939498..b804fc422 100644
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
@@ -1,9 +1,2257 @@
---8<-- "content/reference/dynamic-configuration/traefik.containo.us_ingressroutes.yaml"
---8<-- "content/reference/dynamic-configuration/traefik.containo.us_ingressroutetcps.yaml"
---8<-- "content/reference/dynamic-configuration/traefik.containo.us_ingressrouteudps.yaml"
---8<-- "content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml"
---8<-- "content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml"
---8<-- "content/reference/dynamic-configuration/traefik.containo.us_serverstransports.yaml"
---8<-- "content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml"
---8<-- "content/reference/dynamic-configuration/traefik.containo.us_tlsstores.yaml"
---8<-- "content/reference/dynamic-configuration/traefik.containo.us_traefikservices.yaml"
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: ingressroutes.traefik.containo.us
+spec:
+ group: traefik.containo.us
+ names:
+ kind: IngressRoute
+ listKind: IngressRouteList
+ plural: ingressroutes
+ singular: ingressroute
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IngressRouteSpec defines the desired state of IngressRoute.
+ properties:
+ entryPoints:
+ description: 'EntryPoints defines the list of entry point names to
+ bind to. Entry points have to be configured in the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+ Default: all.'
+ items:
+ type: string
+ type: array
+ routes:
+ description: Routes defines the list of routes.
+ items:
+ description: Route holds the HTTP route configuration.
+ properties:
+ kind:
+ description: Kind defines the kind of the route. Rule is the
+ only supported kind.
+ enum:
+ - Rule
+ type: string
+ match:
+ description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#rule'
+ type: string
+ middlewares:
+ description: 'Middlewares defines the list of references to
+ Middleware resources. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-middleware'
+ items:
+ description: MiddlewareRef is a reference to a Middleware
+ resource.
+ properties:
+ name:
+ description: Name defines the name of the referenced Middleware
+ resource.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Middleware resource.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ priority:
+ description: 'Priority defines the router''s priority. More
+ info: https://doc.traefik.io/traefik/v2.7/routing/routers/#priority'
+ type: integer
+ services:
+ description: Services defines the list of Service. It can contain
+ any combination of TraefikService and/or reference to a Kubernetes
+ Service.
+ items:
+ description: Service defines an upstream HTTP service to proxy
+ traffic to.
+ properties:
+ kind:
+ description: Kind defines the kind of the Service.
+ enum:
+ - Service
+ - TraefikService
+ type: string
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between
+ the two is specified in the Kind field.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
+ type: string
+ passHostHeader:
+ description: PassHostHeader defines whether the client
+ Host header is forwarded to the upstream Kubernetes
+ Service. By default, passHostHeader is true.
+ type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ responseForwarding:
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to
+ the client.
+ properties:
+ flushInterval:
+ description: 'FlushInterval defines the interval,
+ in milliseconds, in between flushes to the client
+ while copying the response body. A negative value
+ means to flush immediately after each write to the
+ client. This configuration is ignored when ReverseProxy
+ recognizes a response as a streaming response; for
+ such responses, writes are flushed to the client
+ immediately. Default: 100ms'
+ type: string
+ type: object
+ scheme:
+ description: Scheme defines the scheme to use for the
+ request to the upstream Kubernetes Service. It defaults
+ to https when Kubernetes Service port is 443, http otherwise.
+ type: string
+ serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport
+ between Traefik and your servers. Can only be used on
+ a Kubernetes Service.
+ type: string
+ sticky:
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+ properties:
+ cookie:
+ description: Cookie defines the sticky cookie configuration.
+ properties:
+ httpOnly:
+ description: HTTPOnly defines whether the cookie
+ can be accessed by client-side APIs, such as
+ JavaScript.
+ type: boolean
+ name:
+ description: Name defines the Cookie name.
+ type: string
+ sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+ type: string
+ secure:
+ description: Secure defines whether the cookie
+ can only be transmitted over an encrypted connection
+ (i.e. HTTPS).
+ type: boolean
+ type: object
+ type: object
+ strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported
+ value at the moment.
+ type: string
+ weight:
+ description: Weight defines the weight and should only
+ be specified when Name references a TraefikService object
+ (and to be precise, one that embeds a Weighted Round
+ Robin).
+ type: integer
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - kind
+ - match
+ type: object
+ type: array
+ tls:
+ description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls'
+ properties:
+ certResolver:
+ description: 'CertResolver defines the name of the certificate
+ resolver to use. Cert resolvers have to be configured in the
+ static configuration. More info: https://doc.traefik.io/traefik/v2.7/https/acme/#certificate-resolvers'
+ type: string
+ domains:
+ description: 'Domains defines the list of domains that will be
+ used to issue certificates. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#domains'
+ items:
+ description: Domain holds a domain name with SANs.
+ properties:
+ main:
+ type: string
+ sans:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ options:
+ description: 'Options defines the reference to a TLSOption, that
+ specifies the parameters of the TLS connection. If not defined,
+ the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
+ properties:
+ name:
+ description: 'Name defines the name of the referenced TLSOption.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsoption'
+ type: string
+ namespace:
+ description: 'Namespace defines the namespace of the referenced
+ TLSOption. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsoption'
+ type: string
+ required:
+ - name
+ type: object
+ secretName:
+ description: SecretName is the name of the referenced Kubernetes
+ Secret to specify the certificate details.
+ type: string
+ store:
+ description: Store defines the reference to the TLSStore, that
+ will be used to store certificates. Please note that only `default`
+ TLSStore can be used.
+ properties:
+ name:
+ description: 'Name defines the name of the referenced TLSStore.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsstore'
+ type: string
+ namespace:
+ description: 'Namespace defines the namespace of the referenced
+ TLSStore. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsstore'
+ type: string
+ required:
+ - name
+ type: object
+ type: object
+ required:
+ - routes
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: ingressroutetcps.traefik.containo.us
+spec:
+ group: traefik.containo.us
+ names:
+ kind: IngressRouteTCP
+ listKind: IngressRouteTCPList
+ plural: ingressroutetcps
+ singular: ingressroutetcp
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
+ properties:
+ entryPoints:
+ description: 'EntryPoints defines the list of entry point names to
+ bind to. Entry points have to be configured in the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+ Default: all.'
+ items:
+ type: string
+ type: array
+ routes:
+ description: Routes defines the list of routes.
+ items:
+ description: RouteTCP holds the TCP route configuration.
+ properties:
+ match:
+ description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#rule_1'
+ type: string
+ middlewares:
+ description: Middlewares defines the list of references to MiddlewareTCP
+ resources.
+ items:
+ description: ObjectReference is a generic reference to a Traefik
+ resource.
+ properties:
+ name:
+ description: Name defines the name of the referenced Traefik
+ resource.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Traefik resource.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ priority:
+ description: 'Priority defines the router''s priority. More
+ info: https://doc.traefik.io/traefik/v2.7/routing/routers/#priority_1'
+ type: integer
+ services:
+ description: Services defines the list of TCP services.
+ items:
+ description: ServiceTCP defines an upstream TCP service to
+ proxy traffic to.
+ properties:
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ proxyProtocol:
+ description: 'ProxyProtocol defines the PROXY protocol
+ configuration. More info: https://doc.traefik.io/traefik/v2.7/routing/services/#proxy-protocol'
+ properties:
+ version:
+ description: Version defines the PROXY Protocol version
+ to use.
+ type: integer
+ type: object
+ terminationDelay:
+ description: TerminationDelay defines the deadline that
+ the proxy sets, after one of its connected peers indicates
+ it has closed the writing capability of its connection,
+ to close the reading capability as well, hence fully
+ terminating the connection. It is a duration in milliseconds,
+ defaulting to 100. A negative value means an infinite
+ deadline (i.e. the reading capability is never closed).
+ type: integer
+ weight:
+ description: Weight defines the weight used when balancing
+ requests between multiple Kubernetes Service.
+ type: integer
+ required:
+ - name
+ - port
+ type: object
+ type: array
+ required:
+ - match
+ type: object
+ type: array
+ tls:
+ description: 'TLS defines the TLS configuration on a layer 4 / TCP
+ Route. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls_1'
+ properties:
+ certResolver:
+ description: 'CertResolver defines the name of the certificate
+ resolver to use. Cert resolvers have to be configured in the
+ static configuration. More info: https://doc.traefik.io/traefik/v2.7/https/acme/#certificate-resolvers'
+ type: string
+ domains:
+ description: 'Domains defines the list of domains that will be
+ used to issue certificates. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#domains'
+ items:
+ description: Domain holds a domain name with SANs.
+ properties:
+ main:
+ type: string
+ sans:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ options:
+ description: 'Options defines the reference to a TLSOption, that
+ specifies the parameters of the TLS connection. If not defined,
+ the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
+ properties:
+ name:
+ description: Name defines the name of the referenced Traefik
+ resource.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Traefik resource.
+ type: string
+ required:
+ - name
+ type: object
+ passthrough:
+ description: Passthrough defines whether a TLS router will terminate
+ the TLS connection.
+ type: boolean
+ secretName:
+ description: SecretName is the name of the referenced Kubernetes
+ Secret to specify the certificate details.
+ type: string
+ store:
+ description: Store defines the reference to the TLSStore, that
+ will be used to store certificates. Please note that only `default`
+ TLSStore can be used.
+ properties:
+ name:
+ description: Name defines the name of the referenced Traefik
+ resource.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Traefik resource.
+ type: string
+ required:
+ - name
+ type: object
+ type: object
+ required:
+ - routes
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: ingressrouteudps.traefik.containo.us
+spec:
+ group: traefik.containo.us
+ names:
+ kind: IngressRouteUDP
+ listKind: IngressRouteUDPList
+ plural: ingressrouteudps
+ singular: ingressrouteudp
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
+ properties:
+ entryPoints:
+ description: 'EntryPoints defines the list of entry point names to
+ bind to. Entry points have to be configured in the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+ Default: all.'
+ items:
+ type: string
+ type: array
+ routes:
+ description: Routes defines the list of routes.
+ items:
+ description: RouteUDP holds the UDP route configuration.
+ properties:
+ services:
+ description: Services defines the list of UDP services.
+ items:
+ description: ServiceUDP defines an upstream UDP service to
+ proxy traffic to.
+ properties:
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ weight:
+ description: Weight defines the weight used when balancing
+ requests between multiple Kubernetes Service.
+ type: integer
+ required:
+ - name
+ - port
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - routes
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: middlewares.traefik.containo.us
+spec:
+ group: traefik.containo.us
+ names:
+ kind: Middleware
+ listKind: MiddlewareList
+ plural: middlewares
+ singular: middleware
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'Middleware is the CRD implementation of a Traefik Middleware.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/overview/'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MiddlewareSpec defines the desired state of a Middleware.
+ properties:
+ addPrefix:
+ description: 'AddPrefix holds the add prefix middleware configuration.
+ This middleware updates the path of a request before forwarding
+ it. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/addprefix/'
+ properties:
+ prefix:
+ description: Prefix is the string to add before the current path
+ in the requested URL. It should include a leading slash (/).
+ type: string
+ type: object
+ basicAuth:
+ description: 'BasicAuth holds the basic auth middleware configuration.
+ This middleware restricts access to your services to known users.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/'
+ properties:
+ headerField:
+ description: 'HeaderField defines a header field to store the
+ authenticated user. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield'
+ type: string
+ realm:
+ description: 'Realm allows the protected resources on a server
+ to be partitioned into a set of protection spaces, each with
+ its own authentication scheme. Default: traefik.'
+ type: string
+ removeHeader:
+ description: 'RemoveHeader sets the removeHeader option to true
+ to remove the authorization header before forwarding the request
+ to your service. Default: false.'
+ type: boolean
+ secret:
+ description: Secret is the name of the referenced Kubernetes Secret
+ containing user credentials.
+ type: string
+ type: object
+ buffering:
+ description: 'Buffering holds the buffering middleware configuration.
+ This middleware retries or limits the size of requests that can
+ be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#maxrequestbodybytes'
+ properties:
+ maxRequestBodyBytes:
+ description: 'MaxRequestBodyBytes defines the maximum allowed
+ body size for the request (in bytes). If the request exceeds
+ the allowed size, it is not forwarded to the service, and the
+ client gets a 413 (Request Entity Too Large) response. Default:
+ 0 (no maximum).'
+ format: int64
+ type: integer
+ maxResponseBodyBytes:
+ description: 'MaxResponseBodyBytes defines the maximum allowed
+ response size from the service (in bytes). If the response exceeds
+ the allowed size, it is not forwarded to the client. The client
+ gets a 500 (Internal Server Error) response instead. Default:
+ 0 (no maximum).'
+ format: int64
+ type: integer
+ memRequestBodyBytes:
+ description: 'MemRequestBodyBytes defines the threshold (in bytes)
+ from which the request will be buffered on disk instead of in
+ memory. Default: 1048576 (1Mi).'
+ format: int64
+ type: integer
+ memResponseBodyBytes:
+ description: 'MemResponseBodyBytes defines the threshold (in bytes)
+ from which the response will be buffered on disk instead of
+ in memory. Default: 1048576 (1Mi).'
+ format: int64
+ type: integer
+ retryExpression:
+ description: 'RetryExpression defines the retry conditions. It
+ is a logical combination of functions with operators AND (&&)
+ and OR (||). More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#retryexpression'
+ type: string
+ type: object
+ chain:
+ description: 'Chain holds the configuration of the chain middleware.
+ This middleware enables to define reusable combinations of other
+ pieces of middleware. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/chain/'
+ properties:
+ middlewares:
+ description: Middlewares is the list of MiddlewareRef which composes
+ the chain.
+ items:
+ description: MiddlewareRef is a reference to a Middleware resource.
+ properties:
+ name:
+ description: Name defines the name of the referenced Middleware
+ resource.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Middleware resource.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ circuitBreaker:
+ description: CircuitBreaker holds the circuit breaker configuration.
+ properties:
+ checkPeriod:
+ anyOf:
+ - type: integer
+ - type: string
+ description: CheckPeriod is the interval between successive checks
+ of the circuit breaker condition (when in standby state).
+ x-kubernetes-int-or-string: true
+ expression:
+ description: Expression is the condition that triggers the tripped
+ state.
+ type: string
+ fallbackDuration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: FallbackDuration is the duration for which the circuit
+ breaker will wait before trying to recover (from a tripped state).
+ x-kubernetes-int-or-string: true
+ recoveryDuration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: RecoveryDuration is the duration for which the circuit
+ breaker will try to recover (as soon as it is in recovering
+ state).
+ x-kubernetes-int-or-string: true
+ type: object
+ compress:
+ description: 'Compress holds the compress middleware configuration.
+ This middleware compresses responses before sending them to the
+ client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/compress/'
+ properties:
+ excludedContentTypes:
+ description: ExcludedContentTypes defines the list of content
+ types to compare the Content-Type header of the incoming requests
+ and responses before compressing.
+ items:
+ type: string
+ type: array
+ minResponseBodyBytes:
+ description: 'MinResponseBodyBytes defines the minimum amount
+ of bytes a response body must have to be compressed. Default:
+ 1024.'
+ type: integer
+ type: object
+ contentType:
+ description: ContentType holds the content-type middleware configuration.
+ This middleware exists to enable the correct behavior until at least
+ the default one can be changed in a future version.
+ properties:
+ autoDetect:
+ description: AutoDetect specifies whether to let the `Content-Type`
+ header, if it has not been set by the backend, be automatically
+ set to a value derived from the contents of the response. As
+ a proxy, the default behavior should be to leave the header
+ alone, regardless of what the backend did with it. However,
+ the historic default was to always auto-detect and set the header
+ if it was nil, and it is going to be kept that way in order
+ to support users currently relying on it.
+ type: boolean
+ type: object
+ digestAuth:
+ description: 'DigestAuth holds the digest auth middleware configuration.
+ This middleware restricts access to your services to known users.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/digestauth/'
+ properties:
+ headerField:
+ description: 'HeaderField defines a header field to store the
+ authenticated user. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield'
+ type: string
+ realm:
+ description: 'Realm allows the protected resources on a server
+ to be partitioned into a set of protection spaces, each with
+ its own authentication scheme. Default: traefik.'
+ type: string
+ removeHeader:
+ description: RemoveHeader defines whether to remove the authorization
+ header before forwarding the request to the backend.
+ type: boolean
+ secret:
+ description: Secret is the name of the referenced Kubernetes Secret
+ containing user credentials.
+ type: string
+ type: object
+ errors:
+ description: 'ErrorPage holds the custom error middleware configuration.
+ This middleware returns a custom page in lieu of the default, according
+ to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/errorpages/'
+ properties:
+ query:
+ description: Query defines the URL for the error page (hosted
+ by service). The {status} variable can be used in order to insert
+ the status code in the URL.
+ type: string
+ service:
+ description: 'Service defines the reference to a Kubernetes Service
+ that will serve the error page. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/errorpages/#service'
+ properties:
+ kind:
+ description: Kind defines the kind of the Service.
+ enum:
+ - Service
+ - TraefikService
+ type: string
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between the
+ two is specified in the Kind field.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
+ type: string
+ passHostHeader:
+ description: PassHostHeader defines whether the client Host
+ header is forwarded to the upstream Kubernetes Service.
+ By default, passHostHeader is true.
+ type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ responseForwarding:
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to the
+ client.
+ properties:
+ flushInterval:
+ description: 'FlushInterval defines the interval, in milliseconds,
+ in between flushes to the client while copying the response
+ body. A negative value means to flush immediately after
+ each write to the client. This configuration is ignored
+ when ReverseProxy recognizes a response as a streaming
+ response; for such responses, writes are flushed to
+ the client immediately. Default: 100ms'
+ type: string
+ type: object
+ scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https
+ when Kubernetes Service port is 443, http otherwise.
+ type: string
+ serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport between
+ Traefik and your servers. Can only be used on a Kubernetes
+ Service.
+ type: string
+ sticky:
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+ properties:
+ cookie:
+ description: Cookie defines the sticky cookie configuration.
+ properties:
+ httpOnly:
+ description: HTTPOnly defines whether the cookie can
+ be accessed by client-side APIs, such as JavaScript.
+ type: boolean
+ name:
+ description: Name defines the Cookie name.
+ type: string
+ sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+ type: string
+ secure:
+ description: Secure defines whether the cookie can
+ only be transmitted over an encrypted connection
+ (i.e. HTTPS).
+ type: boolean
+ type: object
+ type: object
+ strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported value
+ at the moment.
+ type: string
+ weight:
+ description: Weight defines the weight and should only be
+ specified when Name references a TraefikService object (and
+ to be precise, one that embeds a Weighted Round Robin).
+ type: integer
+ required:
+ - name
+ type: object
+ status:
+ description: Status defines which status or range of statuses
+ should result in an error page. It can be either a status code
+ as a number (500), as multiple comma-separated numbers (500,502),
+ as ranges by separating two codes with a dash (500-599), or
+ a combination of the two (404,418,500-599).
+ items:
+ type: string
+ type: array
+ type: object
+ forwardAuth:
+ description: 'ForwardAuth holds the forward auth middleware configuration.
+ This middleware delegates the request authentication to a Service.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/'
+ properties:
+ address:
+ description: Address defines the authentication server address.
+ type: string
+ authRequestHeaders:
+ description: AuthRequestHeaders defines the list of the headers
+ to copy from the request to the authentication server. If not
+ set or empty then all request headers are passed.
+ items:
+ type: string
+ type: array
+ authResponseHeaders:
+ description: AuthResponseHeaders defines the list of headers to
+ copy from the authentication server response and set on forwarded
+ request, replacing any existing conflicting headers.
+ items:
+ type: string
+ type: array
+ authResponseHeadersRegex:
+ description: 'AuthResponseHeadersRegex defines the regex to match
+ headers to copy from the authentication server response and
+ set on forwarded request, after stripping all headers that match
+ the regex. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/#authresponseheadersregex'
+ type: string
+ tls:
+ description: TLS defines the configuration used to secure the
+ connection to the authentication server.
+ properties:
+ caOptional:
+ type: boolean
+ caSecret:
+ description: CASecret is the name of the referenced Kubernetes
+ Secret containing the CA to validate the server certificate.
+ The CA certificate is extracted from key `tls.ca` or `ca.crt`.
+ type: string
+ certSecret:
+ description: CertSecret is the name of the referenced Kubernetes
+ Secret containing the client certificate. The client certificate
+ is extracted from the keys `tls.crt` and `tls.key`.
+ type: string
+ insecureSkipVerify:
+ description: InsecureSkipVerify defines whether the server
+ certificates should be validated.
+ type: boolean
+ type: object
+ trustForwardHeader:
+ description: 'TrustForwardHeader defines whether to trust (ie:
+ forward) all X-Forwarded-* headers.'
+ type: boolean
+ type: object
+ headers:
+ description: 'Headers holds the headers middleware configuration.
+ This middleware manages the requests and responses headers. More
+ info: https://doc.traefik.io/traefik/v2.7/middlewares/http/headers/#customrequestheaders'
+ properties:
+ accessControlAllowCredentials:
+ description: AccessControlAllowCredentials defines whether the
+ request can include user credentials.
+ type: boolean
+ accessControlAllowHeaders:
+ description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
+ values sent in preflight response.
+ items:
+ type: string
+ type: array
+ accessControlAllowMethods:
+ description: AccessControlAllowMethods defines the Access-Control-Request-Method
+ values sent in preflight response.
+ items:
+ type: string
+ type: array
+ accessControlAllowOriginList:
+ description: AccessControlAllowOriginList is a list of allowable
+ origins. Can also be a wildcard origin "*".
+ items:
+ type: string
+ type: array
+ accessControlAllowOriginListRegex:
+ description: AccessControlAllowOriginListRegex is a list of allowable
+ origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
+ items:
+ type: string
+ type: array
+ accessControlExposeHeaders:
+ description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
+ values sent in preflight response.
+ items:
+ type: string
+ type: array
+ accessControlMaxAge:
+ description: AccessControlMaxAge defines the time that a preflight
+ request may be cached.
+ format: int64
+ type: integer
+ addVaryHeader:
+ description: AddVaryHeader defines whether the Vary header is
+ automatically added/updated when the AccessControlAllowOriginList
+ is set.
+ type: boolean
+ allowedHosts:
+ description: AllowedHosts defines the fully qualified list of
+ allowed domain names.
+ items:
+ type: string
+ type: array
+ browserXssFilter:
+ description: BrowserXSSFilter defines whether to add the X-XSS-Protection
+ header with the value 1; mode=block.
+ type: boolean
+ contentSecurityPolicy:
+ description: ContentSecurityPolicy defines the Content-Security-Policy
+ header value.
+ type: string
+ contentTypeNosniff:
+ description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
+ header with the nosniff value.
+ type: boolean
+ customBrowserXSSValue:
+ description: CustomBrowserXSSValue defines the X-XSS-Protection
+ header value. This overrides the BrowserXssFilter option.
+ type: string
+ customFrameOptionsValue:
+ description: CustomFrameOptionsValue defines the X-Frame-Options
+ header value. This overrides the FrameDeny option.
+ type: string
+ customRequestHeaders:
+ additionalProperties:
+ type: string
+ description: CustomRequestHeaders defines the header names and
+ values to apply to the request.
+ type: object
+ customResponseHeaders:
+ additionalProperties:
+ type: string
+ description: CustomResponseHeaders defines the header names and
+ values to apply to the response.
+ type: object
+ featurePolicy:
+ description: 'Deprecated: use PermissionsPolicy instead.'
+ type: string
+ forceSTSHeader:
+ description: ForceSTSHeader defines whether to add the STS header
+ even when the connection is HTTP.
+ type: boolean
+ frameDeny:
+ description: FrameDeny defines whether to add the X-Frame-Options
+ header with the DENY value.
+ type: boolean
+ hostsProxyHeaders:
+ description: HostsProxyHeaders defines the header keys that may
+ hold a proxied hostname value for the request.
+ items:
+ type: string
+ type: array
+ isDevelopment:
+ description: IsDevelopment defines whether to mitigate the unwanted
+ effects of the AllowedHosts, SSL, and STS options when developing.
+ Usually testing takes place using HTTP, not HTTPS, and on localhost,
+ not your production domain. If you would like your development
+ environment to mimic production with complete Host blocking,
+ SSL redirects, and STS headers, leave this as false.
+ type: boolean
+ permissionsPolicy:
+ description: PermissionsPolicy defines the Permissions-Policy
+ header value. This allows sites to control browser features.
+ type: string
+ publicKey:
+ description: PublicKey is the public key that implements HPKP
+ to prevent MITM attacks with forged certificates.
+ type: string
+ referrerPolicy:
+ description: ReferrerPolicy defines the Referrer-Policy header
+ value. This allows sites to control whether browsers forward
+ the Referer header to other sites.
+ type: string
+ sslForceHost:
+ description: 'Deprecated: use RedirectRegex instead.'
+ type: boolean
+ sslHost:
+ description: 'Deprecated: use RedirectRegex instead.'
+ type: string
+ sslProxyHeaders:
+ additionalProperties:
+ type: string
+ description: 'SSLProxyHeaders defines the header keys with associated
+ values that would indicate a valid HTTPS request. It can be
+ useful when using other proxies (example: "X-Forwarded-Proto":
+ "https").'
+ type: object
+ sslRedirect:
+ description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+ instead.'
+ type: boolean
+ sslTemporaryRedirect:
+ description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+ instead.'
+ type: boolean
+ stsIncludeSubdomains:
+ description: STSIncludeSubdomains defines whether the includeSubDomains
+ directive is appended to the Strict-Transport-Security header.
+ type: boolean
+ stsPreload:
+ description: STSPreload defines whether the preload flag is appended
+ to the Strict-Transport-Security header.
+ type: boolean
+ stsSeconds:
+ description: STSSeconds defines the max-age of the Strict-Transport-Security
+ header. If set to 0, the header is not set.
+ format: int64
+ type: integer
+ type: object
+ inFlightReq:
+ description: 'InFlightReq holds the in-flight request middleware configuration.
+ This middleware limits the number of requests being processed and
+ served concurrently. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/'
+ properties:
+ amount:
+ description: Amount defines the maximum amount of allowed simultaneous
+ in-flight request. The middleware responds with HTTP 429 Too
+ Many Requests if there are already amount requests in progress
+ (based on the same sourceCriterion strategy).
+ format: int64
+ type: integer
+ sourceCriterion:
+ description: 'SourceCriterion defines what criterion is used to
+ group requests as originating from a common source. If several
+ strategies are defined at the same time, an error will be raised.
+ If none are set, the default is to use the requestHost. More
+ info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/#sourcecriterion'
+ properties:
+ ipStrategy:
+ description: 'IPStrategy holds the IP strategy configuration
+ used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
+ properties:
+ depth:
+ description: Depth tells Traefik to use the X-Forwarded-For
+ header and take the IP located at the depth position
+ (starting from the right).
+ type: integer
+ excludedIPs:
+ description: ExcludedIPs configures Traefik to scan the
+ X-Forwarded-For header and select the first IP not in
+ the list.
+ items:
+ type: string
+ type: array
+ type: object
+ requestHeaderName:
+ description: RequestHeaderName defines the name of the header
+ used to group incoming requests.
+ type: string
+ requestHost:
+ description: RequestHost defines whether to consider the request
+ Host as the source.
+ type: boolean
+ type: object
+ type: object
+ ipWhiteList:
+ description: 'IPWhiteList holds the IP whitelist middleware configuration.
+ This middleware accepts / refuses requests based on the client IP.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/'
+ properties:
+ ipStrategy:
+ description: 'IPStrategy holds the IP strategy configuration used
+ by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
+ properties:
+ depth:
+ description: Depth tells Traefik to use the X-Forwarded-For
+ header and take the IP located at the depth position (starting
+ from the right).
+ type: integer
+ excludedIPs:
+ description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
+ header and select the first IP not in the list.
+ items:
+ type: string
+ type: array
+ type: object
+ sourceRange:
+ description: SourceRange defines the set of allowed IPs (or ranges
+ of allowed IPs by using CIDR notation).
+ items:
+ type: string
+ type: array
+ type: object
+ passTLSClientCert:
+ description: 'PassTLSClientCert holds the pass TLS client cert middleware
+ configuration. This middleware adds the selected data from the passed
+ client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/passtlsclientcert/'
+ properties:
+ info:
+ description: Info selects the specific client certificate details
+ you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
+ properties:
+ issuer:
+ description: Issuer defines the client certificate issuer
+ details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+ properties:
+ commonName:
+ description: CommonName defines whether to add the organizationalUnit
+ information into the issuer.
+ type: boolean
+ country:
+ description: Country defines whether to add the country
+ information into the issuer.
+ type: boolean
+ domainComponent:
+ description: DomainComponent defines whether to add the
+ domainComponent information into the issuer.
+ type: boolean
+ locality:
+ description: Locality defines whether to add the locality
+ information into the issuer.
+ type: boolean
+ organization:
+ description: Organization defines whether to add the organization
+ information into the issuer.
+ type: boolean
+ province:
+ description: Province defines whether to add the province
+ information into the issuer.
+ type: boolean
+ serialNumber:
+ description: SerialNumber defines whether to add the serialNumber
+ information into the issuer.
+ type: boolean
+ type: object
+ notAfter:
+ description: NotAfter defines whether to add the Not After
+ information from the Validity part.
+ type: boolean
+ notBefore:
+ description: NotBefore defines whether to add the Not Before
+ information from the Validity part.
+ type: boolean
+ sans:
+ description: Sans defines whether to add the Subject Alternative
+ Name information from the Subject Alternative Name part.
+ type: boolean
+ serialNumber:
+ description: SerialNumber defines whether to add the client
+ serialNumber information.
+ type: boolean
+ subject:
+ description: Subject defines the client certificate subject
+ details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+ properties:
+ commonName:
+ description: CommonName defines whether to add the organizationalUnit
+ information into the subject.
+ type: boolean
+ country:
+ description: Country defines whether to add the country
+ information into the subject.
+ type: boolean
+ domainComponent:
+ description: DomainComponent defines whether to add the
+ domainComponent information into the subject.
+ type: boolean
+ locality:
+ description: Locality defines whether to add the locality
+ information into the subject.
+ type: boolean
+ organization:
+ description: Organization defines whether to add the organization
+ information into the subject.
+ type: boolean
+ organizationalUnit:
+ description: OrganizationalUnit defines whether to add
+ the organizationalUnit information into the subject.
+ type: boolean
+ province:
+ description: Province defines whether to add the province
+ information into the subject.
+ type: boolean
+ serialNumber:
+ description: SerialNumber defines whether to add the serialNumber
+ information into the subject.
+ type: boolean
+ type: object
+ type: object
+ pem:
+ description: PEM sets the X-Forwarded-Tls-Client-Cert header with
+ the escaped certificate.
+ type: boolean
+ type: object
+ plugin:
+ additionalProperties:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ rateLimit:
+ description: 'RateLimit holds the rate limit configuration. This middleware
+ ensures that services will receive a fair amount of requests, and
+ allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ratelimit/'
+ properties:
+ average:
+ description: Average is the maximum rate, by default in requests/s,
+ allowed for the given source. It defaults to 0, which means
+ no rate limiting. The rate is actually defined by dividing Average
+ by Period. So for a rate below 1req/s, one needs to define a
+ Period larger than a second.
+ format: int64
+ type: integer
+ burst:
+ description: Burst is the maximum number of requests allowed to
+ arrive in the same arbitrarily small period of time. It defaults
+ to 1.
+ format: int64
+ type: integer
+ period:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Period, in combination with Average, defines the
+ actual maximum rate, such as: r = Average / Period. It defaults
+ to a second.'
+ x-kubernetes-int-or-string: true
+ sourceCriterion:
+ description: SourceCriterion defines what criterion is used to
+ group requests as originating from a common source. If several
+ strategies are defined at the same time, an error will be raised.
+ If none are set, the default is to use the request's remote
+ address field (as an ipStrategy).
+ properties:
+ ipStrategy:
+ description: 'IPStrategy holds the IP strategy configuration
+ used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
+ properties:
+ depth:
+ description: Depth tells Traefik to use the X-Forwarded-For
+ header and take the IP located at the depth position
+ (starting from the right).
+ type: integer
+ excludedIPs:
+ description: ExcludedIPs configures Traefik to scan the
+ X-Forwarded-For header and select the first IP not in
+ the list.
+ items:
+ type: string
+ type: array
+ type: object
+ requestHeaderName:
+ description: RequestHeaderName defines the name of the header
+ used to group incoming requests.
+ type: string
+ requestHost:
+ description: RequestHost defines whether to consider the request
+ Host as the source.
+ type: boolean
+ type: object
+ type: object
+ redirectRegex:
+ description: 'RedirectRegex holds the redirect regex middleware configuration.
+ This middleware redirects a request using regex matching and replacement.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectregex/#regex'
+ properties:
+ permanent:
+ description: Permanent defines whether the redirection is permanent
+ (301).
+ type: boolean
+ regex:
+ description: Regex defines the regex used to match and capture
+ elements from the request URL.
+ type: string
+ replacement:
+ description: Replacement defines how to modify the URL to have
+ the new target URL.
+ type: string
+ type: object
+ redirectScheme:
+ description: 'RedirectScheme holds the redirect scheme middleware
+ configuration. This middleware redirects requests from a scheme/port
+ to another. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectscheme/'
+ properties:
+ permanent:
+ description: Permanent defines whether the redirection is permanent
+ (301).
+ type: boolean
+ port:
+ description: Port defines the port of the new URL.
+ type: string
+ scheme:
+ description: Scheme defines the scheme of the new URL.
+ type: string
+ type: object
+ replacePath:
+ description: 'ReplacePath holds the replace path middleware configuration.
+ This middleware replaces the path of the request URL and store the
+ original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepath/'
+ properties:
+ path:
+ description: Path defines the path to use as replacement in the
+ request URL.
+ type: string
+ type: object
+ replacePathRegex:
+ description: 'ReplacePathRegex holds the replace path regex middleware
+ configuration. This middleware replaces the path of a URL using
+ regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepathregex/'
+ properties:
+ regex:
+ description: Regex defines the regular expression used to match
+ and capture the path from the request URL.
+ type: string
+ replacement:
+ description: Replacement defines the replacement path format,
+ which can include captured variables.
+ type: string
+ type: object
+ retry:
+ description: 'Retry holds the retry middleware configuration. This
+ middleware reissues requests a given number of times to a backend
+ server if that server does not reply. As soon as the server answers,
+ the middleware stops retrying, regardless of the response status.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/retry/'
+ properties:
+ attempts:
+ description: Attempts defines how many times the request should
+ be retried.
+ type: integer
+ initialInterval:
+ anyOf:
+ - type: integer
+ - type: string
+ description: InitialInterval defines the first wait time in the
+ exponential backoff series. The maximum interval is calculated
+ as twice the initialInterval. If unspecified, requests will
+ be retried immediately. The value of initialInterval should
+ be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
+ x-kubernetes-int-or-string: true
+ type: object
+ stripPrefix:
+ description: 'StripPrefix holds the strip prefix middleware configuration.
+ This middleware removes the specified prefixes from the URL path.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefix/'
+ properties:
+ forceSlash:
+ description: 'ForceSlash ensures that the resulting stripped path
+ is not the empty string, by replacing it with / when necessary.
+ Default: true.'
+ type: boolean
+ prefixes:
+ description: Prefixes defines the prefixes to strip from the request
+ URL.
+ items:
+ type: string
+ type: array
+ type: object
+ stripPrefixRegex:
+ description: 'StripPrefixRegex holds the strip prefix regex middleware
+ configuration. This middleware removes the matching prefixes from
+ the URL path. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefixregex/'
+ properties:
+ regex:
+ description: Regex defines the regular expression to match the
+ path prefix from the request URL.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: middlewaretcps.traefik.containo.us
+spec:
+ group: traefik.containo.us
+ names:
+ kind: MiddlewareTCP
+ listKind: MiddlewareTCPList
+ plural: middlewaretcps
+ singular: middlewaretcp
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/overview/'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
+ properties:
+ inFlightConn:
+ description: InFlightConn defines the InFlightConn middleware configuration.
+ properties:
+ amount:
+ description: Amount defines the maximum amount of allowed simultaneous
+ connections. The middleware closes the connection if there are
+ already amount connections opened.
+ format: int64
+ type: integer
+ type: object
+ ipWhiteList:
+ description: IPWhiteList defines the IPWhiteList middleware configuration.
+ properties:
+ sourceRange:
+ description: SourceRange defines the allowed IPs (or ranges of
+ allowed IPs by using CIDR notation).
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: serverstransports.traefik.containo.us
+spec:
+ group: traefik.containo.us
+ names:
+ kind: ServersTransport
+ listKind: ServersTransportList
+ plural: serverstransports
+ singular: serverstransport
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'ServersTransport is the CRD implementation of a ServersTransport.
+ If no serversTransport is specified, the default@internal will be used.
+ The default@internal serversTransport is created from the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/services/#serverstransport_1'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ServersTransportSpec defines the desired state of a ServersTransport.
+ properties:
+ certificatesSecrets:
+ description: CertificatesSecrets defines a list of secret storing
+ client certificates for mTLS.
+ items:
+ type: string
+ type: array
+ disableHTTP2:
+ description: DisableHTTP2 disables HTTP/2 for connections with backend
+ servers.
+ type: boolean
+ forwardingTimeouts:
+ description: ForwardingTimeouts defines the timeouts for requests
+ forwarded to the backend servers.
+ properties:
+ dialTimeout:
+ anyOf:
+ - type: integer
+ - type: string
+ description: DialTimeout is the amount of time to wait until a
+ connection to a backend server can be established.
+ x-kubernetes-int-or-string: true
+ idleConnTimeout:
+ anyOf:
+ - type: integer
+ - type: string
+ description: IdleConnTimeout is the maximum period for which an
+ idle HTTP keep-alive connection will remain open before closing
+ itself.
+ x-kubernetes-int-or-string: true
+ pingTimeout:
+ anyOf:
+ - type: integer
+ - type: string
+ description: PingTimeout is the timeout after which the HTTP/2
+ connection will be closed if a response to ping is not received.
+ x-kubernetes-int-or-string: true
+ readIdleTimeout:
+ anyOf:
+ - type: integer
+ - type: string
+ description: ReadIdleTimeout is the timeout after which a health
+ check using ping frame will be carried out if no frame is received
+ on the HTTP/2 connection.
+ x-kubernetes-int-or-string: true
+ responseHeaderTimeout:
+ anyOf:
+ - type: integer
+ - type: string
+ description: ResponseHeaderTimeout is the amount of time to wait
+ for a server's response headers after fully writing the request
+ (including its body, if any).
+ x-kubernetes-int-or-string: true
+ type: object
+ insecureSkipVerify:
+ description: InsecureSkipVerify disables SSL certificate verification.
+ type: boolean
+ maxIdleConnsPerHost:
+ description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
+ to keep per-host.
+ type: integer
+ peerCertURI:
+ description: PeerCertURI defines the peer cert URI used to match against
+ SAN URI during the peer certificate verification.
+ type: string
+ rootCAsSecrets:
+ description: RootCAsSecrets defines a list of CA secret used to validate
+ self-signed certificate.
+ items:
+ type: string
+ type: array
+ serverName:
+ description: ServerName defines the server name used to contact the
+ server.
+ type: string
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: tlsoptions.traefik.containo.us
+spec:
+ group: traefik.containo.us
+ names:
+ kind: TLSOption
+ listKind: TLSOptionList
+ plural: tlsoptions
+ singular: tlsoption
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
+ allowing to configure some parameters of the TLS connection. More info:
+ https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: TLSOptionSpec defines the desired state of a TLSOption.
+ properties:
+ alpnProtocols:
+ description: 'ALPNProtocols defines the list of supported application
+ level protocols for the TLS handshake, in order of preference. More
+ info: https://doc.traefik.io/traefik/v2.7/https/tls/#alpn-protocols'
+ items:
+ type: string
+ type: array
+ cipherSuites:
+ description: 'CipherSuites defines the list of supported cipher suites
+ for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#cipher-suites'
+ items:
+ type: string
+ type: array
+ clientAuth:
+ description: ClientAuth defines the server's policy for TLS Client
+ Authentication.
+ properties:
+ clientAuthType:
+ description: ClientAuthType defines the client authentication
+ type to apply.
+ enum:
+ - NoClientCert
+ - RequestClientCert
+ - RequireAnyClientCert
+ - VerifyClientCertIfGiven
+ - RequireAndVerifyClientCert
+ type: string
+ secretNames:
+ description: SecretNames defines the names of the referenced Kubernetes
+ Secret storing certificate details.
+ items:
+ type: string
+ type: array
+ type: object
+ curvePreferences:
+ description: 'CurvePreferences defines the preferred elliptic curves
+ in a specific order. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#curve-preferences'
+ items:
+ type: string
+ type: array
+ maxVersion:
+ description: 'MaxVersion defines the maximum TLS version that Traefik
+ will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+ VersionTLS13. Default: None.'
+ type: string
+ minVersion:
+ description: 'MinVersion defines the minimum TLS version that Traefik
+ will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+ VersionTLS13. Default: VersionTLS10.'
+ type: string
+ preferServerCipherSuites:
+ description: PreferServerCipherSuites defines whether the server chooses
+ a cipher suite among his own instead of among the client's. It is
+ enabled automatically when minVersion or maxVersion are set.
+ type: boolean
+ sniStrict:
+ description: SniStrict defines whether Traefik allows connections
+ from clients connections that do not specify a server_name extension.
+ type: boolean
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: tlsstores.traefik.containo.us
+spec:
+ group: traefik.containo.us
+ names:
+ kind: TLSStore
+ listKind: TLSStoreList
+ plural: tlsstores
+ singular: tlsstore
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
+ the time being, only the TLSStore named default is supported. This means
+ that you cannot have two stores that are named default in different Kubernetes
+ namespaces. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#certificates-stores'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: TLSStoreSpec defines the desired state of a TLSStore.
+ properties:
+ certificates:
+ description: Certificates is a list of secret names, each secret holding
+ a key/certificate pair to add to the store.
+ items:
+ description: Certificate holds a secret name for the TLSStore resource.
+ properties:
+ secretName:
+ description: SecretName is the name of the referenced Kubernetes
+ Secret to specify the certificate details.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ defaultCertificate:
+ description: DefaultCertificate defines the default certificate configuration.
+ properties:
+ secretName:
+ description: SecretName is the name of the referenced Kubernetes
+ Secret to specify the certificate details.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: traefikservices.traefik.containo.us
+spec:
+ group: traefik.containo.us
+ names:
+ kind: TraefikService
+ listKind: TraefikServiceList
+ plural: traefikservices
+ singular: traefikservice
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'TraefikService is the CRD implementation of a Traefik Service.
+ TraefikService object allows to: - Apply weight to Services on load-balancing -
+ Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-traefikservice'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: TraefikServiceSpec defines the desired state of a TraefikService.
+ properties:
+ mirroring:
+ description: Mirroring defines the Mirroring service configuration.
+ properties:
+ kind:
+ description: Kind defines the kind of the Service.
+ enum:
+ - Service
+ - TraefikService
+ type: string
+ maxBodySize:
+ description: MaxBodySize defines the maximum size allowed for
+ the body of the request. If the body is larger, the request
+ is not mirrored. Default value is -1, which means unlimited
+ size.
+ format: int64
+ type: integer
+ mirrors:
+ description: Mirrors defines the list of mirrors where Traefik
+ will duplicate the traffic.
+ items:
+ description: MirrorService holds the mirror configuration.
+ properties:
+ kind:
+ description: Kind defines the kind of the Service.
+ enum:
+ - Service
+ - TraefikService
+ type: string
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between
+ the two is specified in the Kind field.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
+ type: string
+ passHostHeader:
+ description: PassHostHeader defines whether the client Host
+ header is forwarded to the upstream Kubernetes Service.
+ By default, passHostHeader is true.
+ type: boolean
+ percent:
+ description: 'Percent defines the part of the traffic to
+ mirror. Supported values: 0 to 100.'
+ type: integer
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ responseForwarding:
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to the
+ client.
+ properties:
+ flushInterval:
+ description: 'FlushInterval defines the interval, in
+ milliseconds, in between flushes to the client while
+ copying the response body. A negative value means
+ to flush immediately after each write to the client.
+ This configuration is ignored when ReverseProxy recognizes
+ a response as a streaming response; for such responses,
+ writes are flushed to the client immediately. Default:
+ 100ms'
+ type: string
+ type: object
+ scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https
+ when Kubernetes Service port is 443, http otherwise.
+ type: string
+ serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport
+ between Traefik and your servers. Can only be used on
+ a Kubernetes Service.
+ type: string
+ sticky:
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+ properties:
+ cookie:
+ description: Cookie defines the sticky cookie configuration.
+ properties:
+ httpOnly:
+ description: HTTPOnly defines whether the cookie
+ can be accessed by client-side APIs, such as JavaScript.
+ type: boolean
+ name:
+ description: Name defines the Cookie name.
+ type: string
+ sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+ type: string
+ secure:
+ description: Secure defines whether the cookie can
+ only be transmitted over an encrypted connection
+ (i.e. HTTPS).
+ type: boolean
+ type: object
+ type: object
+ strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported
+ value at the moment.
+ type: string
+ weight:
+ description: Weight defines the weight and should only be
+ specified when Name references a TraefikService object
+ (and to be precise, one that embeds a Weighted Round Robin).
+ type: integer
+ required:
+ - name
+ type: object
+ type: array
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between the two
+ is specified in the Kind field.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
+ type: string
+ passHostHeader:
+ description: PassHostHeader defines whether the client Host header
+ is forwarded to the upstream Kubernetes Service. By default,
+ passHostHeader is true.
+ type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service. This
+ can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ responseForwarding:
+ description: ResponseForwarding defines how Traefik forwards the
+ response from the upstream Kubernetes Service to the client.
+ properties:
+ flushInterval:
+ description: 'FlushInterval defines the interval, in milliseconds,
+ in between flushes to the client while copying the response
+ body. A negative value means to flush immediately after
+ each write to the client. This configuration is ignored
+ when ReverseProxy recognizes a response as a streaming response;
+ for such responses, writes are flushed to the client immediately.
+ Default: 100ms'
+ type: string
+ type: object
+ scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https when
+ Kubernetes Service port is 443, http otherwise.
+ type: string
+ serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport between
+ Traefik and your servers. Can only be used on a Kubernetes Service.
+ type: string
+ sticky:
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+ properties:
+ cookie:
+ description: Cookie defines the sticky cookie configuration.
+ properties:
+ httpOnly:
+ description: HTTPOnly defines whether the cookie can be
+ accessed by client-side APIs, such as JavaScript.
+ type: boolean
+ name:
+ description: Name defines the Cookie name.
+ type: string
+ sameSite:
+ description: 'SameSite defines the same site policy. More
+ info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+ type: string
+ secure:
+ description: Secure defines whether the cookie can only
+ be transmitted over an encrypted connection (i.e. HTTPS).
+ type: boolean
+ type: object
+ type: object
+ strategy:
+ description: Strategy defines the load balancing strategy between
+ the servers. RoundRobin is the only supported value at the moment.
+ type: string
+ weight:
+ description: Weight defines the weight and should only be specified
+ when Name references a TraefikService object (and to be precise,
+ one that embeds a Weighted Round Robin).
+ type: integer
+ required:
+ - name
+ type: object
+ weighted:
+ description: Weighted defines the Weighted Round Robin configuration.
+ properties:
+ services:
+ description: Services defines the list of Kubernetes Service and/or
+ TraefikService to load-balance, with weight.
+ items:
+ description: Service defines an upstream HTTP service to proxy
+ traffic to.
+ properties:
+ kind:
+ description: Kind defines the kind of the Service.
+ enum:
+ - Service
+ - TraefikService
+ type: string
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between
+ the two is specified in the Kind field.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
+ type: string
+ passHostHeader:
+ description: PassHostHeader defines whether the client Host
+ header is forwarded to the upstream Kubernetes Service.
+ By default, passHostHeader is true.
+ type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ responseForwarding:
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to the
+ client.
+ properties:
+ flushInterval:
+ description: 'FlushInterval defines the interval, in
+ milliseconds, in between flushes to the client while
+ copying the response body. A negative value means
+ to flush immediately after each write to the client.
+ This configuration is ignored when ReverseProxy recognizes
+ a response as a streaming response; for such responses,
+ writes are flushed to the client immediately. Default:
+ 100ms'
+ type: string
+ type: object
+ scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https
+ when Kubernetes Service port is 443, http otherwise.
+ type: string
+ serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport
+ between Traefik and your servers. Can only be used on
+ a Kubernetes Service.
+ type: string
+ sticky:
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
+ properties:
+ cookie:
+ description: Cookie defines the sticky cookie configuration.
+ properties:
+ httpOnly:
+ description: HTTPOnly defines whether the cookie
+ can be accessed by client-side APIs, such as JavaScript.
+ type: boolean
+ name:
+ description: Name defines the Cookie name.
+ type: string
+ sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+ type: string
+ secure:
+ description: Secure defines whether the cookie can
+ only be transmitted over an encrypted connection
+ (i.e. HTTPS).
+ type: boolean
+ type: object
+ type: object
+ strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported
+ value at the moment.
+ type: string
+ weight:
+ description: Weight defines the weight and should only be
+ specified when Name references a TraefikService object
+ (and to be precise, one that embeds a Weighted Round Robin).
+ type: integer
+ required:
+ - name
+ type: object
+ type: array
+ sticky:
+ description: 'Sticky defines whether sticky sessions are enabled.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
+ properties:
+ cookie:
+ description: Cookie defines the sticky cookie configuration.
+ properties:
+ httpOnly:
+ description: HTTPOnly defines whether the cookie can be
+ accessed by client-side APIs, such as JavaScript.
+ type: boolean
+ name:
+ description: Name defines the Cookie name.
+ type: string
+ sameSite:
+ description: 'SameSite defines the same site policy. More
+ info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+ type: string
+ secure:
+ description: Secure defines whether the cookie can only
+ be transmitted over an encrypted connection (i.e. HTTPS).
+ type: boolean
+ type: object
+ type: object
+ type: object
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd.md b/docs/content/reference/dynamic-configuration/kubernetes-crd.md
index 42720d17c..29228f252 100644
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd.md
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd.md
@@ -8,13 +8,19 @@ description: "Learn about the definitions, resources, and RBAC of dynamic config
Dynamic configuration with Kubernetes Custom Resource
{: .subtitle }
+!!! warning "Deprecated apiextensions.k8s.io/v1beta1 CRD"
+
+ The `apiextensions.k8s.io/v1beta1` CustomResourceDefinition is deprecated in Kubernetes `v1.16+` and will be removed in `v1.22+`.
+
+ For Kubernetes `v1.16+`, please use the Traefik `apiextensions.k8s.io/v1` CRDs instead.
+
## Definitions
-```yaml tab="apiextensions.k8s.io/v1"
+```yaml tab="apiextensions.k8s.io/v1 (Kubernetes v1.16+)"
--8<-- "content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml"
```
-```yaml tab="apiextensions.k8s.io/v1beta1"
+```yaml tab="apiextensions.k8s.io/v1beta1 (Deprecated)"
--8<-- "content/reference/dynamic-configuration/kubernetes-crd-definition-v1beta1.yml"
```
diff --git a/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutes.yaml b/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutes.yaml
index 1f5545927..d79c4539d 100644
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutes.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutes.yaml
@@ -19,7 +19,7 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
- description: IngressRoute is an Ingress CRD specification.
+ description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,96 +34,151 @@ spec:
metadata:
type: object
spec:
- description: IngressRouteSpec is a specification for a IngressRouteSpec
- resource.
+ description: IngressRouteSpec defines the desired state of IngressRoute.
properties:
entryPoints:
+ description: 'EntryPoints defines the list of entry point names to
+ bind to. Entry points have to be configured in the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+ Default: all.'
items:
type: string
type: array
routes:
+ description: Routes defines the list of routes.
items:
- description: Route contains the set of routes.
+ description: Route holds the HTTP route configuration.
properties:
kind:
+ description: Kind defines the kind of the route. Rule is the
+ only supported kind.
enum:
- Rule
type: string
match:
+ description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#rule'
type: string
middlewares:
+ description: 'Middlewares defines the list of references to
+ Middleware resources. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-middleware'
items:
- description: MiddlewareRef is a ref to the Middleware resources.
+ description: MiddlewareRef is a reference to a Middleware
+ resource.
properties:
name:
+ description: Name defines the name of the referenced Middleware
+ resource.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Middleware resource.
type: string
required:
- name
type: object
type: array
priority:
+ description: 'Priority defines the router''s priority. More
+ info: https://doc.traefik.io/traefik/v2.7/routing/routers/#priority'
type: integer
services:
+ description: Services defines the list of Service. It can contain
+ any combination of TraefikService and/or reference to a Kubernetes
+ Service.
items:
- description: Service defines an upstream to proxy traffic.
+ description: Service defines an upstream HTTP service to proxy
+ traffic to.
properties:
kind:
+ description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
- description: Name is a reference to a Kubernetes Service
- object (for a load-balancer of servers), or to a TraefikService
- object (service load-balancer, mirroring, etc). The
- differentiation between the two is specified in the
- Kind field.
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between
+ the two is specified in the Kind field.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
type: string
passHostHeader:
+ description: PassHostHeader defines whether the client
+ Host header is forwarded to the upstream Kubernetes
+ Service. By default, passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
- description: ResponseForwarding holds configuration for
- the forward of the response.
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to
+ the client.
properties:
flushInterval:
+ description: 'FlushInterval defines the interval,
+ in milliseconds, in between flushes to the client
+ while copying the response body. A negative value
+ means to flush immediately after each write to the
+ client. This configuration is ignored when ReverseProxy
+ recognizes a response as a streaming response; for
+ such responses, writes are flushed to the client
+ immediately. Default: 100ms'
type: string
type: object
scheme:
+ description: Scheme defines the scheme to use for the
+ request to the upstream Kubernetes Service. It defaults
+ to https when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport
+ between Traefik and your servers. Can only be used on
+ a Kubernetes Service.
type: string
sticky:
- description: Sticky holds the sticky configuration.
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
properties:
cookie:
- description: Cookie holds the sticky configuration
- based on cookie.
+ description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
+ description: HTTPOnly defines whether the cookie
+ can be accessed by client-side APIs, such as
+ JavaScript.
type: boolean
name:
+ description: Name defines the Cookie name.
type: string
sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
+ description: Secure defines whether the cookie
+ can only be transmitted over an encrypted connection
+ (i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported
+ value at the moment.
type: string
weight:
- description: Weight should only be specified when Name
- references a TraefikService object (and to be precise,
- one that embeds a Weighted Round Robin).
+ description: Weight defines the weight and should only
+ be specified when Name references a TraefikService object
+ (and to be precise, one that embeds a Weighted Round
+ Robin).
type: integer
required:
- name
@@ -135,14 +190,16 @@ spec:
type: object
type: array
tls:
- description: "TLS contains the TLS certificates configuration of the
- routes. To enable Let's Encrypt, use an empty TLS struct, e.g. in
- YAML: \n \t tls: {} # inline format \n \t tls: \t secretName:
- # block format"
+ description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls'
properties:
certResolver:
+ description: 'CertResolver defines the name of the certificate
+ resolver to use. Cert resolvers have to be configured in the
+ static configuration. More info: https://doc.traefik.io/traefik/v2.7/https/acme/#certificate-resolvers'
type: string
domains:
+ description: 'Domains defines the list of domains that will be
+ used to issue certificates. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#domains'
items:
description: Domain holds a domain name with SANs.
properties:
@@ -155,12 +212,17 @@ spec:
type: object
type: array
options:
- description: Options is a reference to a TLSOption, that specifies
- the parameters of the TLS connection.
+ description: 'Options defines the reference to a TLSOption, that
+ specifies the parameters of the TLS connection. If not defined,
+ the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
properties:
name:
+ description: 'Name defines the name of the referenced TLSOption.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsoption'
type: string
namespace:
+ description: 'Namespace defines the namespace of the referenced
+ TLSOption. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsoption'
type: string
required:
- name
@@ -170,12 +232,17 @@ spec:
Secret to specify the certificate details.
type: string
store:
- description: Store is a reference to a TLSStore, that specifies
- the parameters of the TLS store.
+ description: Store defines the reference to the TLSStore, that
+ will be used to store certificates. Please note that only `default`
+ TLSStore can be used.
properties:
name:
+ description: 'Name defines the name of the referenced TLSStore.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsstore'
type: string
namespace:
+ description: 'Namespace defines the namespace of the referenced
+ TLSStore. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsstore'
type: string
required:
- name
diff --git a/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutetcps.yaml b/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutetcps.yaml
index e20d612a7..1be022474 100644
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutetcps.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutetcps.yaml
@@ -19,7 +19,7 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
- description: IngressRouteTCP is an Ingress CRD specification.
+ description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,58 +34,89 @@ spec:
metadata:
type: object
spec:
- description: IngressRouteTCPSpec is a specification for a IngressRouteTCPSpec
- resource.
+ description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
properties:
entryPoints:
+ description: 'EntryPoints defines the list of entry point names to
+ bind to. Entry points have to be configured in the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+ Default: all.'
items:
type: string
type: array
routes:
+ description: Routes defines the list of routes.
items:
- description: RouteTCP contains the set of routes.
+ description: RouteTCP holds the TCP route configuration.
properties:
match:
+ description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#rule_1'
type: string
middlewares:
- description: Middlewares contains references to MiddlewareTCP
+ description: Middlewares defines the list of references to MiddlewareTCP
resources.
items:
description: ObjectReference is a generic reference to a Traefik
resource.
properties:
name:
+ description: Name defines the name of the referenced Traefik
+ resource.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Traefik resource.
type: string
required:
- name
type: object
type: array
priority:
+ description: 'Priority defines the router''s priority. More
+ info: https://doc.traefik.io/traefik/v2.7/routing/routers/#priority_1'
type: integer
services:
+ description: Services defines the list of TCP services.
items:
- description: ServiceTCP defines an upstream to proxy traffic.
+ description: ServiceTCP defines an upstream TCP service to
+ proxy traffic to.
properties:
name:
+ description: Name defines the name of the referenced Kubernetes
+ Service.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service.
type: string
port:
anyOf:
- type: integer
- type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
x-kubernetes-int-or-string: true
proxyProtocol:
- description: ProxyProtocol holds the ProxyProtocol configuration.
+ description: 'ProxyProtocol defines the PROXY protocol
+ configuration. More info: https://doc.traefik.io/traefik/v2.7/routing/services/#proxy-protocol'
properties:
version:
+ description: Version defines the PROXY Protocol version
+ to use.
type: integer
type: object
terminationDelay:
+ description: TerminationDelay defines the deadline that
+ the proxy sets, after one of its connected peers indicates
+ it has closed the writing capability of its connection,
+ to close the reading capability as well, hence fully
+ terminating the connection. It is a duration in milliseconds,
+ defaulting to 100. A negative value means an infinite
+ deadline (i.e. the reading capability is never closed).
type: integer
weight:
+ description: Weight defines the weight used when balancing
+ requests between multiple Kubernetes Service.
type: integer
required:
- name
@@ -97,14 +128,17 @@ spec:
type: object
type: array
tls:
- description: "TLSTCP contains the TLS certificates configuration of
- the routes. To enable Let's Encrypt, use an empty TLS struct, e.g.
- in YAML: \n \t tls: {} # inline format \n \t tls: \t secretName:
- # block format"
+ description: 'TLS defines the TLS configuration on a layer 4 / TCP
+ Route. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls_1'
properties:
certResolver:
+ description: 'CertResolver defines the name of the certificate
+ resolver to use. Cert resolvers have to be configured in the
+ static configuration. More info: https://doc.traefik.io/traefik/v2.7/https/acme/#certificate-resolvers'
type: string
domains:
+ description: 'Domains defines the list of domains that will be
+ used to issue certificates. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#domains'
items:
description: Domain holds a domain name with SANs.
properties:
@@ -117,29 +151,41 @@ spec:
type: object
type: array
options:
- description: Options is a reference to a TLSOption, that specifies
- the parameters of the TLS connection.
+ description: 'Options defines the reference to a TLSOption, that
+ specifies the parameters of the TLS connection. If not defined,
+ the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
properties:
name:
+ description: Name defines the name of the referenced Traefik
+ resource.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Traefik resource.
type: string
required:
- name
type: object
passthrough:
+ description: Passthrough defines whether a TLS router will terminate
+ the TLS connection.
type: boolean
secretName:
description: SecretName is the name of the referenced Kubernetes
Secret to specify the certificate details.
type: string
store:
- description: Store is a reference to a TLSStore, that specifies
- the parameters of the TLS store.
+ description: Store defines the reference to the TLSStore, that
+ will be used to store certificates. Please note that only `default`
+ TLSStore can be used.
properties:
name:
+ description: Name defines the name of the referenced Traefik
+ resource.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Traefik resource.
type: string
required:
- name
diff --git a/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressrouteudps.yaml b/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressrouteudps.yaml
index 57fbaa7db..f183cd46a 100644
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressrouteudps.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressrouteudps.yaml
@@ -19,7 +19,7 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
- description: IngressRouteUDP is an Ingress CRD specification.
+ description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,31 +34,45 @@ spec:
metadata:
type: object
spec:
- description: IngressRouteUDPSpec is a specification for a IngressRouteUDPSpec
- resource.
+ description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
properties:
entryPoints:
+ description: 'EntryPoints defines the list of entry point names to
+ bind to. Entry points have to be configured in the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+ Default: all.'
items:
type: string
type: array
routes:
+ description: Routes defines the list of routes.
items:
- description: RouteUDP contains the set of routes.
+ description: RouteUDP holds the UDP route configuration.
properties:
services:
+ description: Services defines the list of UDP services.
items:
- description: ServiceUDP defines an upstream to proxy traffic.
+ description: ServiceUDP defines an upstream UDP service to
+ proxy traffic to.
properties:
name:
+ description: Name defines the name of the referenced Kubernetes
+ Service.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service.
type: string
port:
anyOf:
- type: integer
- type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
x-kubernetes-int-or-string: true
weight:
+ description: Weight defines the weight used when balancing
+ requests between multiple Kubernetes Service.
type: integer
required:
- name
diff --git a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml
index d9a4cfd2a..58ed8e466 100644
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml
@@ -19,7 +19,8 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
- description: Middleware is a specification for a Middleware resource.
+ description: 'Middleware is the CRD implementation of a Traefik Middleware.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/overview/'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,54 +35,99 @@ spec:
metadata:
type: object
spec:
- description: MiddlewareSpec holds the Middleware configuration.
+ description: MiddlewareSpec defines the desired state of a Middleware.
properties:
addPrefix:
- description: AddPrefix holds the AddPrefix configuration.
+ description: 'AddPrefix holds the add prefix middleware configuration.
+ This middleware updates the path of a request before forwarding
+ it. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/addprefix/'
properties:
prefix:
+ description: Prefix is the string to add before the current path
+ in the requested URL. It should include a leading slash (/).
type: string
type: object
basicAuth:
- description: BasicAuth holds the HTTP basic authentication configuration.
+ description: 'BasicAuth holds the basic auth middleware configuration.
+ This middleware restricts access to your services to known users.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/'
properties:
headerField:
+ description: 'HeaderField defines a header field to store the
+ authenticated user. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield'
type: string
realm:
+ description: 'Realm allows the protected resources on a server
+ to be partitioned into a set of protection spaces, each with
+ its own authentication scheme. Default: traefik.'
type: string
removeHeader:
+ description: 'RemoveHeader sets the removeHeader option to true
+ to remove the authorization header before forwarding the request
+ to your service. Default: false.'
type: boolean
secret:
+ description: Secret is the name of the referenced Kubernetes Secret
+ containing user credentials.
type: string
type: object
buffering:
- description: Buffering holds the request/response buffering configuration.
+ description: 'Buffering holds the buffering middleware configuration.
+ This middleware retries or limits the size of requests that can
+ be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#maxrequestbodybytes'
properties:
maxRequestBodyBytes:
+ description: 'MaxRequestBodyBytes defines the maximum allowed
+ body size for the request (in bytes). If the request exceeds
+ the allowed size, it is not forwarded to the service, and the
+ client gets a 413 (Request Entity Too Large) response. Default:
+ 0 (no maximum).'
format: int64
type: integer
maxResponseBodyBytes:
+ description: 'MaxResponseBodyBytes defines the maximum allowed
+ response size from the service (in bytes). If the response exceeds
+ the allowed size, it is not forwarded to the client. The client
+ gets a 500 (Internal Server Error) response instead. Default:
+ 0 (no maximum).'
format: int64
type: integer
memRequestBodyBytes:
+ description: 'MemRequestBodyBytes defines the threshold (in bytes)
+ from which the request will be buffered on disk instead of in
+ memory. Default: 1048576 (1Mi).'
format: int64
type: integer
memResponseBodyBytes:
+ description: 'MemResponseBodyBytes defines the threshold (in bytes)
+ from which the response will be buffered on disk instead of
+ in memory. Default: 1048576 (1Mi).'
format: int64
type: integer
retryExpression:
+ description: 'RetryExpression defines the retry conditions. It
+ is a logical combination of functions with operators AND (&&)
+ and OR (||). More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#retryexpression'
type: string
type: object
chain:
- description: Chain holds a chain of middlewares.
+ description: 'Chain holds the configuration of the chain middleware.
+ This middleware enables to define reusable combinations of other
+ pieces of middleware. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/chain/'
properties:
middlewares:
+ description: Middlewares is the list of MiddlewareRef which composes
+ the chain.
items:
- description: MiddlewareRef is a ref to the Middleware resources.
+ description: MiddlewareRef is a reference to a Middleware resource.
properties:
name:
+ description: Name defines the name of the referenced Middleware
+ resource.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Middleware resource.
type: string
required:
- name
@@ -119,159 +165,249 @@ spec:
x-kubernetes-int-or-string: true
type: object
compress:
- description: Compress holds the compress configuration.
+ description: 'Compress holds the compress middleware configuration.
+ This middleware compresses responses before sending them to the
+ client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/compress/'
properties:
excludedContentTypes:
+ description: ExcludedContentTypes defines the list of content
+ types to compare the Content-Type header of the incoming requests
+ and responses before compressing.
items:
type: string
type: array
minResponseBodyBytes:
+ description: 'MinResponseBodyBytes defines the minimum amount
+ of bytes a response body must have to be compressed. Default:
+ 1024.'
type: integer
type: object
contentType:
- description: ContentType middleware - or rather its unique `autoDetect`
- option - specifies whether to let the `Content-Type` header, if
- it has not been set by the backend, be automatically set to a value
- derived from the contents of the response. As a proxy, the default
- behavior should be to leave the header alone, regardless of what
- the backend did with it. However, the historic default was to always
- auto-detect and set the header if it was nil, and it is going to
- be kept that way in order to support users currently relying on
- it. This middleware exists to enable the correct behavior until
- at least the default one can be changed in a future version.
+ description: ContentType holds the content-type middleware configuration.
+ This middleware exists to enable the correct behavior until at least
+ the default one can be changed in a future version.
properties:
autoDetect:
+ description: AutoDetect specifies whether to let the `Content-Type`
+ header, if it has not been set by the backend, be automatically
+ set to a value derived from the contents of the response. As
+ a proxy, the default behavior should be to leave the header
+ alone, regardless of what the backend did with it. However,
+ the historic default was to always auto-detect and set the header
+ if it was nil, and it is going to be kept that way in order
+ to support users currently relying on it.
type: boolean
type: object
digestAuth:
- description: DigestAuth holds the Digest HTTP authentication configuration.
+ description: 'DigestAuth holds the digest auth middleware configuration.
+ This middleware restricts access to your services to known users.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/digestauth/'
properties:
headerField:
+ description: 'HeaderField defines a header field to store the
+ authenticated user. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield'
type: string
realm:
+ description: 'Realm allows the protected resources on a server
+ to be partitioned into a set of protection spaces, each with
+ its own authentication scheme. Default: traefik.'
type: string
removeHeader:
+ description: RemoveHeader defines whether to remove the authorization
+ header before forwarding the request to the backend.
type: boolean
secret:
+ description: Secret is the name of the referenced Kubernetes Secret
+ containing user credentials.
type: string
type: object
errors:
- description: ErrorPage holds the custom error page configuration.
+ description: 'ErrorPage holds the custom error middleware configuration.
+ This middleware returns a custom page in lieu of the default, according
+ to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/errorpages/'
properties:
query:
+ description: Query defines the URL for the error page (hosted
+ by service). The {status} variable can be used in order to insert
+ the status code in the URL.
type: string
service:
- description: Service defines an upstream to proxy traffic.
+ description: 'Service defines the reference to a Kubernetes Service
+ that will serve the error page. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/errorpages/#service'
properties:
kind:
+ description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
- description: Name is a reference to a Kubernetes Service object
- (for a load-balancer of servers), or to a TraefikService
- object (service load-balancer, mirroring, etc). The differentiation
- between the two is specified in the Kind field.
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between the
+ two is specified in the Kind field.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
type: string
passHostHeader:
+ description: PassHostHeader defines whether the client Host
+ header is forwarded to the upstream Kubernetes Service.
+ By default, passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
- description: ResponseForwarding holds configuration for the
- forward of the response.
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to the
+ client.
properties:
flushInterval:
+ description: 'FlushInterval defines the interval, in milliseconds,
+ in between flushes to the client while copying the response
+ body. A negative value means to flush immediately after
+ each write to the client. This configuration is ignored
+ when ReverseProxy recognizes a response as a streaming
+ response; for such responses, writes are flushed to
+ the client immediately. Default: 100ms'
type: string
type: object
scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https
+ when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport between
+ Traefik and your servers. Can only be used on a Kubernetes
+ Service.
type: string
sticky:
- description: Sticky holds the sticky configuration.
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
properties:
cookie:
- description: Cookie holds the sticky configuration based
- on cookie.
+ description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
+ description: HTTPOnly defines whether the cookie can
+ be accessed by client-side APIs, such as JavaScript.
type: boolean
name:
+ description: Name defines the Cookie name.
type: string
sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
+ description: Secure defines whether the cookie can
+ only be transmitted over an encrypted connection
+ (i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported value
+ at the moment.
type: string
weight:
- description: Weight should only be specified when Name references
- a TraefikService object (and to be precise, one that embeds
- a Weighted Round Robin).
+ description: Weight defines the weight and should only be
+ specified when Name references a TraefikService object (and
+ to be precise, one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
status:
+ description: Status defines which status or range of statuses
+ should result in an error page. It can be either a status code
+ as a number (500), as multiple comma-separated numbers (500,502),
+ as ranges by separating two codes with a dash (500-599), or
+ a combination of the two (404,418,500-599).
items:
type: string
type: array
type: object
forwardAuth:
- description: ForwardAuth holds the http forward authentication configuration.
+ description: 'ForwardAuth holds the forward auth middleware configuration.
+ This middleware delegates the request authentication to a Service.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/'
properties:
address:
+ description: Address defines the authentication server address.
type: string
authRequestHeaders:
+ description: AuthRequestHeaders defines the list of the headers
+ to copy from the request to the authentication server. If not
+ set or empty then all request headers are passed.
items:
type: string
type: array
authResponseHeaders:
+ description: AuthResponseHeaders defines the list of headers to
+ copy from the authentication server response and set on forwarded
+ request, replacing any existing conflicting headers.
items:
type: string
type: array
authResponseHeadersRegex:
+ description: 'AuthResponseHeadersRegex defines the regex to match
+ headers to copy from the authentication server response and
+ set on forwarded request, after stripping all headers that match
+ the regex. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/#authresponseheadersregex'
type: string
tls:
- description: ClientTLS holds TLS specific configurations as client.
+ description: TLS defines the configuration used to secure the
+ connection to the authentication server.
properties:
caOptional:
type: boolean
caSecret:
+ description: CASecret is the name of the referenced Kubernetes
+ Secret containing the CA to validate the server certificate.
+ The CA certificate is extracted from key `tls.ca` or `ca.crt`.
type: string
certSecret:
+ description: CertSecret is the name of the referenced Kubernetes
+ Secret containing the client certificate. The client certificate
+ is extracted from the keys `tls.crt` and `tls.key`.
type: string
insecureSkipVerify:
+ description: InsecureSkipVerify defines whether the server
+ certificates should be validated.
type: boolean
type: object
trustForwardHeader:
+ description: 'TrustForwardHeader defines whether to trust (ie:
+ forward) all X-Forwarded-* headers.'
type: boolean
type: object
headers:
- description: Headers holds the custom header configuration.
+ description: 'Headers holds the headers middleware configuration.
+ This middleware manages the requests and responses headers. More
+ info: https://doc.traefik.io/traefik/v2.7/middlewares/http/headers/#customrequestheaders'
properties:
accessControlAllowCredentials:
- description: AccessControlAllowCredentials is only valid if true.
- false is ignored.
+ description: AccessControlAllowCredentials defines whether the
+ request can include user credentials.
type: boolean
accessControlAllowHeaders:
- description: AccessControlAllowHeaders must be used in response
- to a preflight request with Access-Control-Request-Headers set.
+ description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
+ values sent in preflight response.
items:
type: string
type: array
accessControlAllowMethods:
- description: AccessControlAllowMethods must be used in response
- to a preflight request with Access-Control-Request-Method set.
+ description: AccessControlAllowMethods defines the Access-Control-Request-Method
+ values sent in preflight response.
items:
type: string
type: array
@@ -288,60 +424,96 @@ spec:
type: string
type: array
accessControlExposeHeaders:
- description: AccessControlExposeHeaders sets valid headers for
- the response.
+ description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
+ values sent in preflight response.
items:
type: string
type: array
accessControlMaxAge:
- description: AccessControlMaxAge sets the time that a preflight
+ description: AccessControlMaxAge defines the time that a preflight
request may be cached.
format: int64
type: integer
addVaryHeader:
- description: AddVaryHeader controls if the Vary header is automatically
- added/updated when the AccessControlAllowOriginList is set.
+ description: AddVaryHeader defines whether the Vary header is
+ automatically added/updated when the AccessControlAllowOriginList
+ is set.
type: boolean
allowedHosts:
+ description: AllowedHosts defines the fully qualified list of
+ allowed domain names.
items:
type: string
type: array
browserXssFilter:
+ description: BrowserXSSFilter defines whether to add the X-XSS-Protection
+ header with the value 1; mode=block.
type: boolean
contentSecurityPolicy:
+ description: ContentSecurityPolicy defines the Content-Security-Policy
+ header value.
type: string
contentTypeNosniff:
+ description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
+ header with the nosniff value.
type: boolean
customBrowserXSSValue:
+ description: CustomBrowserXSSValue defines the X-XSS-Protection
+ header value. This overrides the BrowserXssFilter option.
type: string
customFrameOptionsValue:
+ description: CustomFrameOptionsValue defines the X-Frame-Options
+ header value. This overrides the FrameDeny option.
type: string
customRequestHeaders:
additionalProperties:
type: string
+ description: CustomRequestHeaders defines the header names and
+ values to apply to the request.
type: object
customResponseHeaders:
additionalProperties:
type: string
+ description: CustomResponseHeaders defines the header names and
+ values to apply to the response.
type: object
featurePolicy:
description: 'Deprecated: use PermissionsPolicy instead.'
type: string
forceSTSHeader:
+ description: ForceSTSHeader defines whether to add the STS header
+ even when the connection is HTTP.
type: boolean
frameDeny:
+ description: FrameDeny defines whether to add the X-Frame-Options
+ header with the DENY value.
type: boolean
hostsProxyHeaders:
+ description: HostsProxyHeaders defines the header keys that may
+ hold a proxied hostname value for the request.
items:
type: string
type: array
isDevelopment:
+ description: IsDevelopment defines whether to mitigate the unwanted
+ effects of the AllowedHosts, SSL, and STS options when developing.
+ Usually testing takes place using HTTP, not HTTPS, and on localhost,
+ not your production domain. If you would like your development
+ environment to mimic production with complete Host blocking,
+ SSL redirects, and STS headers, leave this as false.
type: boolean
permissionsPolicy:
+ description: PermissionsPolicy defines the Permissions-Policy
+ header value. This allows sites to control browser features.
type: string
publicKey:
+ description: PublicKey is the public key that implements HPKP
+ to prevent MITM attacks with forged certificates.
type: string
referrerPolicy:
+ description: ReferrerPolicy defines the Referrer-Policy header
+ value. This allows sites to control whether browsers forward
+ the Referer header to other sites.
type: string
sslForceHost:
description: 'Deprecated: use RedirectRegex instead.'
@@ -352,6 +524,10 @@ spec:
sslProxyHeaders:
additionalProperties:
type: string
+ description: 'SSLProxyHeaders defines the header keys with associated
+ values that would indicate a valid HTTPS request. It can be
+ useful when using other proxies (example: "X-Forwarded-Proto":
+ "https").'
type: object
sslRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
@@ -362,119 +538,192 @@ spec:
instead.'
type: boolean
stsIncludeSubdomains:
+ description: STSIncludeSubdomains defines whether the includeSubDomains
+ directive is appended to the Strict-Transport-Security header.
type: boolean
stsPreload:
+ description: STSPreload defines whether the preload flag is appended
+ to the Strict-Transport-Security header.
type: boolean
stsSeconds:
+ description: STSSeconds defines the max-age of the Strict-Transport-Security
+ header. If set to 0, the header is not set.
format: int64
type: integer
type: object
inFlightReq:
- description: InFlightReq limits the number of requests being processed
- and served concurrently.
+ description: 'InFlightReq holds the in-flight request middleware configuration.
+ This middleware limits the number of requests being processed and
+ served concurrently. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/'
properties:
amount:
+ description: Amount defines the maximum amount of allowed simultaneous
+ in-flight request. The middleware responds with HTTP 429 Too
+ Many Requests if there are already amount requests in progress
+ (based on the same sourceCriterion strategy).
format: int64
type: integer
sourceCriterion:
- description: SourceCriterion defines what criterion is used to
- group requests as originating from a common source. If none
- are set, the default is to use the request's remote address
- field. All fields are mutually exclusive.
+ description: 'SourceCriterion defines what criterion is used to
+ group requests as originating from a common source. If several
+ strategies are defined at the same time, an error will be raised.
+ If none are set, the default is to use the requestHost. More
+ info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/#sourcecriterion'
properties:
ipStrategy:
- description: IPStrategy holds the ip strategy configuration.
+ description: 'IPStrategy holds the IP strategy configuration
+ used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
properties:
depth:
+ description: Depth tells Traefik to use the X-Forwarded-For
+ header and take the IP located at the depth position
+ (starting from the right).
type: integer
excludedIPs:
+ description: ExcludedIPs configures Traefik to scan the
+ X-Forwarded-For header and select the first IP not in
+ the list.
items:
type: string
type: array
type: object
requestHeaderName:
+ description: RequestHeaderName defines the name of the header
+ used to group incoming requests.
type: string
requestHost:
+ description: RequestHost defines whether to consider the request
+ Host as the source.
type: boolean
type: object
type: object
ipWhiteList:
- description: IPWhiteList holds the ip white list configuration.
+ description: 'IPWhiteList holds the IP whitelist middleware configuration.
+ This middleware accepts / refuses requests based on the client IP.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/'
properties:
ipStrategy:
- description: IPStrategy holds the ip strategy configuration.
+ description: 'IPStrategy holds the IP strategy configuration used
+ by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
properties:
depth:
+ description: Depth tells Traefik to use the X-Forwarded-For
+ header and take the IP located at the depth position (starting
+ from the right).
type: integer
excludedIPs:
+ description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
+ header and select the first IP not in the list.
items:
type: string
type: array
type: object
sourceRange:
+ description: SourceRange defines the set of allowed IPs (or ranges
+ of allowed IPs by using CIDR notation).
items:
type: string
type: array
type: object
passTLSClientCert:
- description: PassTLSClientCert holds the TLS client cert headers configuration.
+ description: 'PassTLSClientCert holds the pass TLS client cert middleware
+ configuration. This middleware adds the selected data from the passed
+ client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/passtlsclientcert/'
properties:
info:
- description: TLSClientCertificateInfo holds the client TLS certificate
- info configuration.
+ description: Info selects the specific client certificate details
+ you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
properties:
issuer:
- description: TLSClientCertificateIssuerDNInfo holds the client
- TLS certificate distinguished name info configuration. cf
- https://tools.ietf.org/html/rfc3739
+ description: Issuer defines the client certificate issuer
+ details to add to the X-Forwarded-Tls-Client-Cert-Info header.
properties:
commonName:
+ description: CommonName defines whether to add the organizationalUnit
+ information into the issuer.
type: boolean
country:
+ description: Country defines whether to add the country
+ information into the issuer.
type: boolean
domainComponent:
+ description: DomainComponent defines whether to add the
+ domainComponent information into the issuer.
type: boolean
locality:
+ description: Locality defines whether to add the locality
+ information into the issuer.
type: boolean
organization:
+ description: Organization defines whether to add the organization
+ information into the issuer.
type: boolean
province:
+ description: Province defines whether to add the province
+ information into the issuer.
type: boolean
serialNumber:
+ description: SerialNumber defines whether to add the serialNumber
+ information into the issuer.
type: boolean
type: object
notAfter:
+ description: NotAfter defines whether to add the Not After
+ information from the Validity part.
type: boolean
notBefore:
+ description: NotBefore defines whether to add the Not Before
+ information from the Validity part.
type: boolean
sans:
+ description: Sans defines whether to add the Subject Alternative
+ Name information from the Subject Alternative Name part.
type: boolean
serialNumber:
+ description: SerialNumber defines whether to add the client
+ serialNumber information.
type: boolean
subject:
- description: TLSClientCertificateSubjectDNInfo holds the client
- TLS certificate distinguished name info configuration. cf
- https://tools.ietf.org/html/rfc3739
+ description: Subject defines the client certificate subject
+ details to add to the X-Forwarded-Tls-Client-Cert-Info header.
properties:
commonName:
+ description: CommonName defines whether to add the organizationalUnit
+ information into the subject.
type: boolean
country:
+ description: Country defines whether to add the country
+ information into the subject.
type: boolean
domainComponent:
+ description: DomainComponent defines whether to add the
+ domainComponent information into the subject.
type: boolean
locality:
+ description: Locality defines whether to add the locality
+ information into the subject.
type: boolean
organization:
+ description: Organization defines whether to add the organization
+ information into the subject.
type: boolean
organizationalUnit:
+ description: OrganizationalUnit defines whether to add
+ the organizationalUnit information into the subject.
type: boolean
province:
+ description: Province defines whether to add the province
+ information into the subject.
type: boolean
serialNumber:
+ description: SerialNumber defines whether to add the serialNumber
+ information into the subject.
type: boolean
type: object
type: object
pem:
+ description: PEM sets the X-Forwarded-Tls-Client-Cert header with
+ the escaped certificate.
type: boolean
type: object
plugin:
@@ -482,101 +731,171 @@ spec:
x-kubernetes-preserve-unknown-fields: true
type: object
rateLimit:
- description: RateLimit holds the rate limiting configuration for a
- given router.
+ description: 'RateLimit holds the rate limit configuration. This middleware
+ ensures that services will receive a fair amount of requests, and
+ allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ratelimit/'
properties:
average:
+ description: Average is the maximum rate, by default in requests/s,
+ allowed for the given source. It defaults to 0, which means
+ no rate limiting. The rate is actually defined by dividing Average
+ by Period. So for a rate below 1req/s, one needs to define a
+ Period larger than a second.
format: int64
type: integer
burst:
+ description: Burst is the maximum number of requests allowed to
+ arrive in the same arbitrarily small period of time. It defaults
+ to 1.
format: int64
type: integer
period:
anyOf:
- type: integer
- type: string
+ description: 'Period, in combination with Average, defines the
+ actual maximum rate, such as: r = Average / Period. It defaults
+ to a second.'
x-kubernetes-int-or-string: true
sourceCriterion:
description: SourceCriterion defines what criterion is used to
- group requests as originating from a common source. If none
- are set, the default is to use the request's remote address
- field. All fields are mutually exclusive.
+ group requests as originating from a common source. If several
+ strategies are defined at the same time, an error will be raised.
+ If none are set, the default is to use the request's remote
+ address field (as an ipStrategy).
properties:
ipStrategy:
- description: IPStrategy holds the ip strategy configuration.
+ description: 'IPStrategy holds the IP strategy configuration
+ used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
properties:
depth:
+ description: Depth tells Traefik to use the X-Forwarded-For
+ header and take the IP located at the depth position
+ (starting from the right).
type: integer
excludedIPs:
+ description: ExcludedIPs configures Traefik to scan the
+ X-Forwarded-For header and select the first IP not in
+ the list.
items:
type: string
type: array
type: object
requestHeaderName:
+ description: RequestHeaderName defines the name of the header
+ used to group incoming requests.
type: string
requestHost:
+ description: RequestHost defines whether to consider the request
+ Host as the source.
type: boolean
type: object
type: object
redirectRegex:
- description: RedirectRegex holds the redirection configuration.
+ description: 'RedirectRegex holds the redirect regex middleware configuration.
+ This middleware redirects a request using regex matching and replacement.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectregex/#regex'
properties:
permanent:
+ description: Permanent defines whether the redirection is permanent
+ (301).
type: boolean
regex:
+ description: Regex defines the regex used to match and capture
+ elements from the request URL.
type: string
replacement:
+ description: Replacement defines how to modify the URL to have
+ the new target URL.
type: string
type: object
redirectScheme:
- description: RedirectScheme holds the scheme redirection configuration.
+ description: 'RedirectScheme holds the redirect scheme middleware
+ configuration. This middleware redirects requests from a scheme/port
+ to another. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectscheme/'
properties:
permanent:
+ description: Permanent defines whether the redirection is permanent
+ (301).
type: boolean
port:
+ description: Port defines the port of the new URL.
type: string
scheme:
+ description: Scheme defines the scheme of the new URL.
type: string
type: object
replacePath:
- description: ReplacePath holds the ReplacePath configuration.
+ description: 'ReplacePath holds the replace path middleware configuration.
+ This middleware replaces the path of the request URL and store the
+ original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepath/'
properties:
path:
+ description: Path defines the path to use as replacement in the
+ request URL.
type: string
type: object
replacePathRegex:
- description: ReplacePathRegex holds the ReplacePathRegex configuration.
+ description: 'ReplacePathRegex holds the replace path regex middleware
+ configuration. This middleware replaces the path of a URL using
+ regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepathregex/'
properties:
regex:
+ description: Regex defines the regular expression used to match
+ and capture the path from the request URL.
type: string
replacement:
+ description: Replacement defines the replacement path format,
+ which can include captured variables.
type: string
type: object
retry:
- description: Retry holds the retry configuration.
+ description: 'Retry holds the retry middleware configuration. This
+ middleware reissues requests a given number of times to a backend
+ server if that server does not reply. As soon as the server answers,
+ the middleware stops retrying, regardless of the response status.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/retry/'
properties:
attempts:
+ description: Attempts defines how many times the request should
+ be retried.
type: integer
initialInterval:
anyOf:
- type: integer
- type: string
+ description: InitialInterval defines the first wait time in the
+ exponential backoff series. The maximum interval is calculated
+ as twice the initialInterval. If unspecified, requests will
+ be retried immediately. The value of initialInterval should
+ be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
x-kubernetes-int-or-string: true
type: object
stripPrefix:
- description: StripPrefix holds the StripPrefix configuration.
+ description: 'StripPrefix holds the strip prefix middleware configuration.
+ This middleware removes the specified prefixes from the URL path.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefix/'
properties:
forceSlash:
+ description: 'ForceSlash ensures that the resulting stripped path
+ is not the empty string, by replacing it with / when necessary.
+ Default: true.'
type: boolean
prefixes:
+ description: Prefixes defines the prefixes to strip from the request
+ URL.
items:
type: string
type: array
type: object
stripPrefixRegex:
- description: StripPrefixRegex holds the StripPrefixRegex configuration.
+ description: 'StripPrefixRegex holds the strip prefix regex middleware
+ configuration. This middleware removes the matching prefixes from
+ the URL path. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefixregex/'
properties:
regex:
+ description: Regex defines the regular expression to match the
+ path prefix from the request URL.
items:
type: string
type: array
diff --git a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml
index 35aa98931..da8bfe74d 100644
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml
@@ -19,7 +19,8 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
- description: MiddlewareTCP is a specification for a MiddlewareTCP resource.
+ description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/overview/'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,19 +35,24 @@ spec:
metadata:
type: object
spec:
- description: MiddlewareTCPSpec holds the MiddlewareTCP configuration.
+ description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
properties:
inFlightConn:
- description: TCPInFlightConn holds the TCP in flight connection configuration.
+ description: InFlightConn defines the InFlightConn middleware configuration.
properties:
amount:
+ description: Amount defines the maximum amount of allowed simultaneous
+ connections. The middleware closes the connection if there are
+ already amount connections opened.
format: int64
type: integer
type: object
ipWhiteList:
- description: TCPIPWhiteList holds the TCP ip white list configuration.
+ description: IPWhiteList defines the IPWhiteList middleware configuration.
properties:
sourceRange:
+ description: SourceRange defines the allowed IPs (or ranges of
+ allowed IPs by using CIDR notation).
items:
type: string
type: array
diff --git a/docs/content/reference/dynamic-configuration/traefik.containo.us_serverstransports.yaml b/docs/content/reference/dynamic-configuration/traefik.containo.us_serverstransports.yaml
index aac46790b..04be0daab 100644
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_serverstransports.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_serverstransports.yaml
@@ -19,7 +19,10 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
- description: ServersTransport is a specification for a ServersTransport resource.
+ description: 'ServersTransport is the CRD implementation of a ServersTransport.
+ If no serversTransport is specified, the default@internal will be used.
+ The default@internal serversTransport is created from the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/services/#serverstransport_1'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,27 +37,28 @@ spec:
metadata:
type: object
spec:
- description: ServersTransportSpec options to configure communication between
- Traefik and the servers.
+ description: ServersTransportSpec defines the desired state of a ServersTransport.
properties:
certificatesSecrets:
- description: Certificates for mTLS.
+ description: CertificatesSecrets defines a list of secret storing
+ client certificates for mTLS.
items:
type: string
type: array
disableHTTP2:
- description: Disable HTTP/2 for connections with backend servers.
+ description: DisableHTTP2 disables HTTP/2 for connections with backend
+ servers.
type: boolean
forwardingTimeouts:
- description: Timeouts for requests forwarded to the backend servers.
+ description: ForwardingTimeouts defines the timeouts for requests
+ forwarded to the backend servers.
properties:
dialTimeout:
anyOf:
- type: integer
- type: string
description: DialTimeout is the amount of time to wait until a
- connection to a backend server can be established. If zero,
- no timeout exists.
+ connection to a backend server can be established.
x-kubernetes-int-or-string: true
idleConnTimeout:
anyOf:
@@ -77,7 +81,7 @@ spec:
- type: string
description: ReadIdleTimeout is the timeout after which a health
check using ping frame will be carried out if no frame is received
- on the HTTP/2 connection. If zero, no health check is performed.
+ on the HTTP/2 connection.
x-kubernetes-int-or-string: true
responseHeaderTimeout:
anyOf:
@@ -85,27 +89,29 @@ spec:
- type: string
description: ResponseHeaderTimeout is the amount of time to wait
for a server's response headers after fully writing the request
- (including its body, if any). If zero, no timeout exists.
+ (including its body, if any).
x-kubernetes-int-or-string: true
type: object
insecureSkipVerify:
- description: Disable SSL certificate verification.
+ description: InsecureSkipVerify disables SSL certificate verification.
type: boolean
maxIdleConnsPerHost:
- description: If non-zero, controls the maximum idle (keep-alive) to
- keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.
+ description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
+ to keep per-host.
type: integer
peerCertURI:
- description: URI used to match against SAN URI during the peer certificate
- verification.
+ description: PeerCertURI defines the peer cert URI used to match against
+ SAN URI during the peer certificate verification.
type: string
rootCAsSecrets:
- description: Add cert file for self-signed certificate.
+ description: RootCAsSecrets defines a list of CA secret used to validate
+ self-signed certificate.
items:
type: string
type: array
serverName:
- description: ServerName used to contact the server.
+ description: ServerName defines the server name used to contact the
+ server.
type: string
type: object
required:
diff --git a/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml b/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml
index 40e813de1..6b20b9ba3 100644
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml
@@ -19,7 +19,9 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
- description: TLSOption is a specification for a TLSOption resource.
+ description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
+ allowing to configure some parameters of the TLS connection. More info:
+ https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,19 +36,24 @@ spec:
metadata:
type: object
spec:
- description: TLSOptionSpec configures TLS for an entry point.
+ description: TLSOptionSpec defines the desired state of a TLSOption.
properties:
alpnProtocols:
+ description: 'ALPNProtocols defines the list of supported application
+ level protocols for the TLS handshake, in order of preference. More
+ info: https://doc.traefik.io/traefik/v2.7/https/tls/#alpn-protocols'
items:
type: string
type: array
cipherSuites:
+ description: 'CipherSuites defines the list of supported cipher suites
+ for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#cipher-suites'
items:
type: string
type: array
clientAuth:
- description: ClientAuth defines the parameters of the client authentication
- part of the TLS connection, if any.
+ description: ClientAuth defines the server's policy for TLS Client
+ Authentication.
properties:
clientAuthType:
description: ClientAuthType defines the client authentication
@@ -59,23 +66,36 @@ spec:
- RequireAndVerifyClientCert
type: string
secretNames:
- description: SecretName is the name of the referenced Kubernetes
- Secret to specify the certificate details.
+ description: SecretNames defines the names of the referenced Kubernetes
+ Secret storing certificate details.
items:
type: string
type: array
type: object
curvePreferences:
+ description: 'CurvePreferences defines the preferred elliptic curves
+ in a specific order. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#curve-preferences'
items:
type: string
type: array
maxVersion:
+ description: 'MaxVersion defines the maximum TLS version that Traefik
+ will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+ VersionTLS13. Default: None.'
type: string
minVersion:
+ description: 'MinVersion defines the minimum TLS version that Traefik
+ will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+ VersionTLS13. Default: VersionTLS10.'
type: string
preferServerCipherSuites:
+ description: PreferServerCipherSuites defines whether the server chooses
+ a cipher suite among his own instead of among the client's. It is
+ enabled automatically when minVersion or maxVersion are set.
type: boolean
sniStrict:
+ description: SniStrict defines whether Traefik allows connections
+ from clients connections that do not specify a server_name extension.
type: boolean
type: object
required:
diff --git a/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsstores.yaml b/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsstores.yaml
index 57e7ef582..17560214b 100644
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsstores.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsstores.yaml
@@ -19,7 +19,10 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
- description: TLSStore is a specification for a TLSStore resource.
+ description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
+ the time being, only the TLSStore named default is supported. This means
+ that you cannot have two stores that are named default in different Kubernetes
+ namespaces. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#certificates-stores'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,7 +37,7 @@ spec:
metadata:
type: object
spec:
- description: TLSStoreSpec configures a TLSStore resource.
+ description: TLSStoreSpec defines the desired state of a TLSStore.
properties:
certificates:
description: Certificates is a list of secret names, each secret holding
@@ -51,8 +54,7 @@ spec:
type: object
type: array
defaultCertificate:
- description: DefaultCertificate is the name of the secret holding
- the default key/certificate pair for the store.
+ description: DefaultCertificate defines the default certificate configuration.
properties:
secretName:
description: SecretName is the name of the referenced Kubernetes
diff --git a/docs/content/reference/dynamic-configuration/traefik.containo.us_traefikservices.yaml b/docs/content/reference/dynamic-configuration/traefik.containo.us_traefikservices.yaml
index 61f2aa93c..b312ee117 100644
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_traefikservices.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_traefikservices.yaml
@@ -19,10 +19,9 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
- description: TraefikService is the specification for a service (that an IngressRoute
- refers to) that is usually not a terminal service (i.e. not a pod of servers),
- as opposed to a Kubernetes Service. That is to say, it usually refers to
- other (children) services, which themselves can be TraefikServices or Services.
+ description: 'TraefikService is the CRD implementation of a Traefik Service.
+ TraefikService object allows to: - Apply weight to Services on load-balancing -
+ Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-traefikservice'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -37,220 +36,332 @@ spec:
metadata:
type: object
spec:
- description: ServiceSpec defines whether a TraefikService is a load-balancer
- of services or a mirroring service.
+ description: TraefikServiceSpec defines the desired state of a TraefikService.
properties:
mirroring:
- description: Mirroring defines a mirroring service, which is composed
- of a main load-balancer, and a list of mirrors.
+ description: Mirroring defines the Mirroring service configuration.
properties:
kind:
+ description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
maxBodySize:
+ description: MaxBodySize defines the maximum size allowed for
+ the body of the request. If the body is larger, the request
+ is not mirrored. Default value is -1, which means unlimited
+ size.
format: int64
type: integer
mirrors:
+ description: Mirrors defines the list of mirrors where Traefik
+ will duplicate the traffic.
items:
- description: MirrorService defines one of the mirrors of a Mirroring
- service.
+ description: MirrorService holds the mirror configuration.
properties:
kind:
+ description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
- description: Name is a reference to a Kubernetes Service
- object (for a load-balancer of servers), or to a TraefikService
- object (service load-balancer, mirroring, etc). The differentiation
- between the two is specified in the Kind field.
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between
+ the two is specified in the Kind field.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
type: string
passHostHeader:
+ description: PassHostHeader defines whether the client Host
+ header is forwarded to the upstream Kubernetes Service.
+ By default, passHostHeader is true.
type: boolean
percent:
+ description: 'Percent defines the part of the traffic to
+ mirror. Supported values: 0 to 100.'
type: integer
port:
anyOf:
- type: integer
- type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
- description: ResponseForwarding holds configuration for
- the forward of the response.
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to the
+ client.
properties:
flushInterval:
+ description: 'FlushInterval defines the interval, in
+ milliseconds, in between flushes to the client while
+ copying the response body. A negative value means
+ to flush immediately after each write to the client.
+ This configuration is ignored when ReverseProxy recognizes
+ a response as a streaming response; for such responses,
+ writes are flushed to the client immediately. Default:
+ 100ms'
type: string
type: object
scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https
+ when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport
+ between Traefik and your servers. Can only be used on
+ a Kubernetes Service.
type: string
sticky:
- description: Sticky holds the sticky configuration.
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
properties:
cookie:
- description: Cookie holds the sticky configuration based
- on cookie.
+ description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
+ description: HTTPOnly defines whether the cookie
+ can be accessed by client-side APIs, such as JavaScript.
type: boolean
name:
+ description: Name defines the Cookie name.
type: string
sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
+ description: Secure defines whether the cookie can
+ only be transmitted over an encrypted connection
+ (i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported
+ value at the moment.
type: string
weight:
- description: Weight should only be specified when Name references
- a TraefikService object (and to be precise, one that embeds
- a Weighted Round Robin).
+ description: Weight defines the weight and should only be
+ specified when Name references a TraefikService object
+ (and to be precise, one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
type: array
name:
- description: Name is a reference to a Kubernetes Service object
- (for a load-balancer of servers), or to a TraefikService object
- (service load-balancer, mirroring, etc). The differentiation
- between the two is specified in the Kind field.
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between the two
+ is specified in the Kind field.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
type: string
passHostHeader:
+ description: PassHostHeader defines whether the client Host header
+ is forwarded to the upstream Kubernetes Service. By default,
+ passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
+ description: Port defines the port of a Kubernetes Service. This
+ can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
- description: ResponseForwarding holds configuration for the forward
- of the response.
+ description: ResponseForwarding defines how Traefik forwards the
+ response from the upstream Kubernetes Service to the client.
properties:
flushInterval:
+ description: 'FlushInterval defines the interval, in milliseconds,
+ in between flushes to the client while copying the response
+ body. A negative value means to flush immediately after
+ each write to the client. This configuration is ignored
+ when ReverseProxy recognizes a response as a streaming response;
+ for such responses, writes are flushed to the client immediately.
+ Default: 100ms'
type: string
type: object
scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https when
+ Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport between
+ Traefik and your servers. Can only be used on a Kubernetes Service.
type: string
sticky:
- description: Sticky holds the sticky configuration.
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
properties:
cookie:
- description: Cookie holds the sticky configuration based on
- cookie.
+ description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
+ description: HTTPOnly defines whether the cookie can be
+ accessed by client-side APIs, such as JavaScript.
type: boolean
name:
+ description: Name defines the Cookie name.
type: string
sameSite:
+ description: 'SameSite defines the same site policy. More
+ info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
+ description: Secure defines whether the cookie can only
+ be transmitted over an encrypted connection (i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
+ description: Strategy defines the load balancing strategy between
+ the servers. RoundRobin is the only supported value at the moment.
type: string
weight:
- description: Weight should only be specified when Name references
- a TraefikService object (and to be precise, one that embeds
- a Weighted Round Robin).
+ description: Weight defines the weight and should only be specified
+ when Name references a TraefikService object (and to be precise,
+ one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
weighted:
- description: WeightedRoundRobin defines a load-balancer of services.
+ description: Weighted defines the Weighted Round Robin configuration.
properties:
services:
+ description: Services defines the list of Kubernetes Service and/or
+ TraefikService to load-balance, with weight.
items:
- description: Service defines an upstream to proxy traffic.
+ description: Service defines an upstream HTTP service to proxy
+ traffic to.
properties:
kind:
+ description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
- description: Name is a reference to a Kubernetes Service
- object (for a load-balancer of servers), or to a TraefikService
- object (service load-balancer, mirroring, etc). The differentiation
- between the two is specified in the Kind field.
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between
+ the two is specified in the Kind field.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
type: string
passHostHeader:
+ description: PassHostHeader defines whether the client Host
+ header is forwarded to the upstream Kubernetes Service.
+ By default, passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
- description: ResponseForwarding holds configuration for
- the forward of the response.
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to the
+ client.
properties:
flushInterval:
+ description: 'FlushInterval defines the interval, in
+ milliseconds, in between flushes to the client while
+ copying the response body. A negative value means
+ to flush immediately after each write to the client.
+ This configuration is ignored when ReverseProxy recognizes
+ a response as a streaming response; for such responses,
+ writes are flushed to the client immediately. Default:
+ 100ms'
type: string
type: object
scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https
+ when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport
+ between Traefik and your servers. Can only be used on
+ a Kubernetes Service.
type: string
sticky:
- description: Sticky holds the sticky configuration.
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
properties:
cookie:
- description: Cookie holds the sticky configuration based
- on cookie.
+ description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
+ description: HTTPOnly defines whether the cookie
+ can be accessed by client-side APIs, such as JavaScript.
type: boolean
name:
+ description: Name defines the Cookie name.
type: string
sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
+ description: Secure defines whether the cookie can
+ only be transmitted over an encrypted connection
+ (i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported
+ value at the moment.
type: string
weight:
- description: Weight should only be specified when Name references
- a TraefikService object (and to be precise, one that embeds
- a Weighted Round Robin).
+ description: Weight defines the weight and should only be
+ specified when Name references a TraefikService object
+ (and to be precise, one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
type: array
sticky:
- description: Sticky holds the sticky configuration.
+ description: 'Sticky defines whether sticky sessions are enabled.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
properties:
cookie:
- description: Cookie holds the sticky configuration based on
- cookie.
+ description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
+ description: HTTPOnly defines whether the cookie can be
+ accessed by client-side APIs, such as JavaScript.
type: boolean
name:
+ description: Name defines the Cookie name.
type: string
sameSite:
+ description: 'SameSite defines the same site policy. More
+ info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
+ description: Secure defines whether the cookie can only
+ be transmitted over an encrypted connection (i.e. HTTPS).
type: boolean
type: object
type: object
diff --git a/docs/content/routing/providers/kubernetes-crd.md b/docs/content/routing/providers/kubernetes-crd.md
index 44353de0d..82aa6021f 100644
--- a/docs/content/routing/providers/kubernetes-crd.md
+++ b/docs/content/routing/providers/kubernetes-crd.md
@@ -298,10 +298,10 @@ You can find an excerpt of the available custom resources in the table below:
| Kind | Purpose | Concept Behind |
|--------------------------------------------|--------------------------------------------------------------------|----------------------------------------------------------------|
| [IngressRoute](#kind-ingressroute) | HTTP Routing | [HTTP router](../routers/index.md#configuring-http-routers) |
-| [Middleware](#kind-middleware) | Tweaks the HTTP requests before they are sent to your service | [HTTP Middlewares](../../middlewares/http/overview.md) |
+| [Middleware](#kind-middleware) | Tweaks the HTTP requests before they are sent to your service | [HTTP Middlewares](../../middlewares/http/overview.md) |
| [TraefikService](#kind-traefikservice) | Abstraction for HTTP loadbalancing/mirroring | [HTTP service](../services/index.md#configuring-http-services) |
| [IngressRouteTCP](#kind-ingressroutetcp) | TCP Routing | [TCP router](../routers/index.md#configuring-tcp-routers) |
-| [MiddlewareTCP](#kind-middlewaretcp) | Tweaks the TCP requests before they are sent to your service | [TCP Middlewares](../../middlewares/tcp/overview.md) |
+| [MiddlewareTCP](#kind-middlewaretcp) | Tweaks the TCP requests before they are sent to your service | [TCP Middlewares](../../middlewares/tcp/overview.md) |
| [IngressRouteUDP](#kind-ingressrouteudp) | UDP Routing | [UDP router](../routers/index.md#configuring-udp-routers) |
| [TLSOptions](#kind-tlsoption) | Allows to configure some parameters of the TLS connection | [TLSOptions](../../https/tls.md#tls-options) |
| [TLSStores](#kind-tlsstore) | Allows to configure the default TLS store | [TLSStores](../../https/tls.md#certificates-stores) |
@@ -583,6 +583,62 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
- port: 80
```
+#### Load Balancing
+
+More information in the dedicated server [load balancing](../services/index.md#load-balancing) section.
+
+!!! info "Declaring and using Kubernetes Service Load Balancing"
+
+ ```yaml tab="IngressRoute"
+ apiVersion: traefik.containo.us/v1alpha1
+ kind: IngressRoute
+ metadata:
+ name: ingressroutebar
+ namespace: default
+
+ spec:
+ entryPoints:
+ - web
+ routes:
+ - match: Host(`example.com`) && PathPrefix(`/foo`)
+ kind: Rule
+ services:
+ - name: svc1
+ namespace: default
+ - name: svc2
+ namespace: default
+ ```
+
+ ```yaml tab="K8s Service"
+ apiVersion: v1
+ kind: Service
+ metadata:
+ name: svc1
+ namespace: default
+
+ spec:
+ ports:
+ - name: http
+ port: 80
+ selector:
+ app: traefiklabs
+ task: app1
+ ---
+ apiVersion: v1
+ kind: Service
+ metadata:
+ name: svc2
+ namespace: default
+
+ spec:
+ ports:
+ - name: http
+ port: 80
+ selector:
+ app: traefiklabs
+ task: app2
+ ```
+
### Kind: `Middleware`
`Middleware` is the CRD implementation of a [Traefik middleware](../../middlewares/http/overview.md).
@@ -642,7 +698,7 @@ More information about available middlewares in the dedicated [middlewares secti
Register the `TraefikService` [kind](../../reference/dynamic-configuration/kubernetes-crd.md#definitions) in the Kubernetes cluster before creating `TraefikService` objects,
referencing services in the [`IngressRoute`](#kind-ingressroute) objects, or recursively in others `TraefikService` objects.
-!!! info "Disambiguate Traefik and Kubernetes Services "
+!!! info "Disambiguate Traefik and Kubernetes Services"
As the field `name` can reference different types of objects, use the field `kind` to avoid any ambiguity.
@@ -653,65 +709,8 @@ referencing services in the [`IngressRoute`](#kind-ingressroute) objects, or rec
`TraefikService` object allows to use any (valid) combinations of:
-* servers [load balancing](#server-load-balancing).
-* services [Weighted Round Robin](#weighted-round-robin) load balancing.
-* services [mirroring](#mirroring).
-
-#### Server Load Balancing
-
-More information in the dedicated server [load balancing](../services/index.md#load-balancing) section.
-
-??? "Declaring and Using Server Load Balancing"
-
- ```yaml tab="IngressRoute"
- apiVersion: traefik.containo.us/v1alpha1
- kind: IngressRoute
- metadata:
- name: ingressroutebar
- namespace: default
-
- spec:
- entryPoints:
- - web
- routes:
- - match: Host(`example.com`) && PathPrefix(`/foo`)
- kind: Rule
- services:
- - name: svc1
- namespace: default
- - name: svc2
- namespace: default
- ```
-
- ```yaml tab="K8s Service"
- apiVersion: v1
- kind: Service
- metadata:
- name: svc1
- namespace: default
-
- spec:
- ports:
- - name: http
- port: 80
- selector:
- app: traefiklabs
- task: app1
- ---
- apiVersion: v1
- kind: Service
- metadata:
- name: svc2
- namespace: default
-
- spec:
- ports:
- - name: http
- port: 80
- selector:
- app: traefiklabs
- task: app2
- ```
+* [Weighted Round Robin](#weighted-round-robin) load balancing.
+* [Mirroring](#mirroring).
#### Weighted Round Robin
@@ -1074,7 +1073,7 @@ and there is a second level because each whoami service is a `replicaset` and is
assuming `10.42.0.6` is the IP address of one of the replicas (a pod then) of the `whoami1` service.
-### Kind `IngressRouteTCP`
+### Kind: `IngressRouteTCP`
`IngressRouteTCP` is the CRD implementation of a [Traefik TCP router](../routers/index.md#configuring-tcp-routers).
@@ -1327,7 +1326,7 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern
More information about available TCP middlewares in the dedicated [middlewares section](../../middlewares/tcp/overview.md).
-### Kind `IngressRouteUDP`
+### Kind: `IngressRouteUDP`
`IngressRouteUDP` is the CRD implementation of a [Traefik UDP router](../routers/index.md#configuring-udp-routers).
@@ -1616,8 +1615,7 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
!!! important "Default TLS Store"
Traefik currently only uses the [TLS Store named "default"](../../https/tls.md#certificates-stores).
- This means that if you have two stores that are named default in different kubernetes namespaces,
- they may be randomly chosen.
+ This means that you cannot have two stores that are named default in different Kubernetes namespaces.
For the time being, please only configure one TLSStore named default.
!!! info "TLSStore Attributes"
diff --git a/docs/content/routing/routers/index.md b/docs/content/routing/routers/index.md
index d22f034df..fe123bd37 100644
--- a/docs/content/routing/routers/index.md
+++ b/docs/content/routing/routers/index.md
@@ -673,6 +673,21 @@ If no matching route is found for the TCP routers, then the HTTP routers will ta
If not specified, TCP routers will accept requests from all defined entry points.
If you want to limit the router scope to a set of entry points, set the entry points option.
+??? info "How to handle Server First protocols?"
+
+ To correctly handle a request, Traefik needs to wait for the first
+ few bytes to arrive before it can decide what to do with it.
+
+ For protocols where the server is expected to send first, such
+ as SMTP, if no specific setup is in place, we could end up in
+ a situation where both sides are waiting for data and the
+ connection appears to have hanged.
+
+ The only way that Traefik can deal with such a case, is to make
+ sure that on the concerned entry point, there is no TLS router
+ whatsoever (neither TCP nor HTTP), and there is at least one
+ non-TLS TCP router that leads to the server in question.
+
??? example "Listens to Every Entry Point"
**Dynamic Configuration**
diff --git a/docs/content/routing/services/index.md b/docs/content/routing/services/index.md
index 53623e884..98758ad6d 100644
--- a/docs/content/routing/services/index.md
+++ b/docs/content/routing/services/index.md
@@ -322,14 +322,14 @@ To propagate status changes (e.g. all servers of this service are down) upwards,
Below are the available options for the health check mechanism:
-- `path` is appended to the server URL to set the health check endpoint.
-- `scheme`, if defined, will replace the server URL `scheme` for the health check endpoint
-- `hostname`, if defined, will apply `Host` header `hostname` to the health check request.
-- `port`, if defined, will replace the server URL `port` for the health check endpoint.
-- `interval` defines the frequency of the health check calls.
-- `timeout` defines the maximum duration Traefik will wait for a health check request before considering the server failed (unhealthy).
-- `headers` defines custom headers to be sent to the health check endpoint.
-- `followRedirects` defines whether redirects should be followed during the health check calls (default: true).
+- `path` (required), defines the server URL path for the health check endpoint .
+- `scheme` (optional), replaces the server URL `scheme` for the health check endpoint.
+- `hostname` (optional), sets the value of `hostname` in the `Host` header of the health check request.
+- `port` (optional), replaces the server URL `port` for the health check endpoint.
+- `interval` (default: 30s), defines the frequency of the health check calls.
+- `timeout` (default: 5s), defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
+- `headers` (optional), defines custom headers to be sent to the health check endpoint.
+- `followRedirects` (default: true), defines whether redirects should be followed during the health check calls.
!!! info "Interval & Timeout Format"
diff --git a/docs/content/user-guides/crd-acme/05-tlsoption.yml b/docs/content/user-guides/crd-acme/05-tlsoption.yml
new file mode 100644
index 000000000..f29d9bcd7
--- /dev/null
+++ b/docs/content/user-guides/crd-acme/05-tlsoption.yml
@@ -0,0 +1,17 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TLSOption
+metadata:
+ name: default
+ namespace: default
+spec:
+ minVersion: VersionTLS12
+ cipherSuites:
+ - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # TLS 1.2
+ - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 # TLS 1.2
+ - TLS_AES_256_GCM_SHA384 # TLS 1.3
+ - TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3
+ curvePreferences:
+ - CurveP521
+ - CurveP384
+ sniStrict: true
diff --git a/docs/content/user-guides/crd-acme/index.md b/docs/content/user-guides/crd-acme/index.md
index 91079bbd7..bc3142108 100644
--- a/docs/content/user-guides/crd-acme/index.md
+++ b/docs/content/user-guides/crd-acme/index.md
@@ -44,20 +44,25 @@ Let's now have a look (in the order they should be applied, if using `kubectl ap
### IngressRoute Definition
-First, the definition of the `IngressRoute` and the `Middleware` kinds.
-Also note the RBAC authorization resources; they'll be referenced through the `serviceAccountName` of the deployment, later on.
+First, you will need to install Traefik CRDs containing the definition of the `IngressRoute` and the `Middleware` kinds,
+and the RBAC authorization resources which will be referenced through the `serviceAccountName` of the deployment.
-```yaml
---8<-- "content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml"
+```bash
+# Install Traefik Resource Definitions:
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
----
---8<-- "content/reference/dynamic-configuration/kubernetes-crd-rbac.yml"
+# Install RBAC for Traefik:
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
```
### Services
Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/traefik/whoami).
+```bash
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/user-guides/crd-acme/02-services.yml
+```
+
```yaml
--8<-- "content/user-guides/crd-acme/02-services.yml"
```
@@ -67,6 +72,10 @@ Then, the services. One for Traefik itself, and one for the app it routes for, i
Next, the deployments, i.e. the actual pods behind the services.
Again, one pod for Traefik, and one for the whoami app.
+```bash
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/user-guides/crd-acme/03-deployments.yml
+```
+
```yaml
--8<-- "content/user-guides/crd-acme/03-deployments.yml"
```
@@ -91,7 +100,7 @@ Look it up.
We can now finally apply the actual ingressRoutes, with:
```bash
-kubectl apply -f 04-ingressroutes.yml
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/user-guides/crd-acme/04-ingressroutes.yml
```
```yaml
@@ -110,3 +119,16 @@ curl http://your.example.com:8000/notls
```
Note that you'll have to use `-k` as long as you're using the staging server of Let's Encrypt, since it is not an authorized certificate authority on systems where it hasn't been manually added.
+
+### Force TLS v1.2+
+
+Nowadays, TLS v1.0 and v1.1 are deprecated.
+In order to force TLS v1.2 or later on all your IngressRoute, you can define the `default` TLSOption:
+
+```bash
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/user-guides/crd-acme/05-tlsoption.yml
+```
+
+```yaml
+--8<-- "content/user-guides/crd-acme/05-tlsoption.yml"
+```
diff --git a/go.mod b/go.mod
index c8c78965a..27128176c 100644
--- a/go.mod
+++ b/go.mod
@@ -28,14 +28,14 @@ require (
github.com/gorilla/websocket v1.5.0
github.com/hashicorp/consul v1.10.4
github.com/hashicorp/consul/api v1.12.0
- github.com/hashicorp/go-hclog v0.16.1
+ github.com/hashicorp/go-hclog v0.16.2
github.com/hashicorp/go-multierror v1.1.1
github.com/hashicorp/go-version v1.3.0
github.com/hashicorp/nomad/api v0.0.0-20220506174431-b5665129cd1f
github.com/influxdata/influxdb-client-go/v2 v2.7.0
github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d
github.com/instana/go-sensor v1.38.3
- github.com/klauspost/compress v1.13.0
+ github.com/klauspost/compress v1.14.2
github.com/kvtools/valkeyrie v0.4.0
github.com/lucas-clemente/quic-go v0.27.0
github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f
@@ -56,7 +56,7 @@ require (
github.com/stretchr/testify v1.7.1
github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154
github.com/traefik/paerser v0.1.5
- github.com/traefik/yaegi v0.12.0
+ github.com/traefik/yaegi v0.13.0
github.com/uber/jaeger-client-go v2.30.0+incompatible
github.com/uber/jaeger-lib v2.2.0+incompatible
github.com/unrolled/render v1.0.2
@@ -68,10 +68,10 @@ require (
go.elastic.co/apm/module/apmot v1.13.1
golang.org/x/mod v0.4.2
golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4
- golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
+ golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11
golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2
google.golang.org/grpc v1.38.0
- gopkg.in/DataDog/dd-trace-go.v1 v1.19.0
+ gopkg.in/DataDog/dd-trace-go.v1 v1.38.1
gopkg.in/fsnotify.v1 v1.4.7
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
k8s.io/api v0.22.1
@@ -98,11 +98,14 @@ require (
github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
- github.com/DataDog/datadog-go v3.2.0+incompatible // indirect
+ github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583 // indirect
+ github.com/DataDog/datadog-go v4.8.2+incompatible // indirect
+ github.com/DataDog/datadog-go/v5 v5.0.2 // indirect
+ github.com/DataDog/sketches-go v1.0.0 // indirect
github.com/HdrHistogram/hdrhistogram-go v1.1.2 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver/v3 v3.1.1 // indirect
- github.com/Microsoft/go-winio v0.4.17 // indirect
+ github.com/Microsoft/go-winio v0.5.1 // indirect
github.com/Microsoft/hcsshim v0.8.23 // indirect
github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87 // indirect
github.com/Shopify/sarama v1.23.1 // indirect
@@ -115,7 +118,7 @@ require (
github.com/beorn7/perks v1.0.1 // indirect
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
github.com/buger/goterm v1.0.0 // indirect
- github.com/cespare/xxhash/v2 v2.1.1 // indirect
+ github.com/cespare/xxhash/v2 v2.1.2 // indirect
github.com/cheekybits/genny v1.0.0 // indirect
github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible // indirect
github.com/circonus-labs/circonusllhist v0.1.3 // indirect
@@ -130,6 +133,7 @@ require (
github.com/coreos/go-systemd/v22 v22.3.2 // indirect
github.com/cpu/goacmedns v0.1.1 // indirect
github.com/deepmap/oapi-codegen v1.8.2 // indirect
+ github.com/dgraph-io/ristretto v0.1.0 // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
github.com/distribution/distribution/v3 v3.0.0-20210316161203-a01c71e2477e // indirect
github.com/dnsimple/dnsimple-go v0.70.1 // indirect
@@ -140,6 +144,7 @@ require (
github.com/docker/go-metrics v0.0.1 // indirect
github.com/docker/go-units v0.4.0 // indirect
github.com/donovanhide/eventsource v0.0.0-20170630084216-b8f31a59085e // indirect
+ github.com/dustin/go-humanize v1.0.0 // indirect
github.com/elastic/go-licenser v0.3.1 // indirect
github.com/elastic/go-sysinfo v1.1.1 // indirect
github.com/elastic/go-windows v1.0.0 // indirect
@@ -156,12 +161,12 @@ require (
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
github.com/go-zookeeper/zk v1.0.2 // indirect
github.com/gofrs/flock v0.8.0 // indirect
- github.com/gofrs/uuid v3.3.0+incompatible // indirect
+ github.com/gofrs/uuid v4.0.0+incompatible // indirect
github.com/gogo/googleapis v1.4.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
+ github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/mock v1.6.0 // indirect
- github.com/golang/snappy v0.0.3 // indirect
github.com/google/btree v1.0.1 // indirect
github.com/google/go-cmp v0.5.7 // indirect
github.com/google/go-querystring v1.1.0 // indirect
@@ -172,15 +177,14 @@ require (
github.com/googleapis/gnostic v0.5.5 // indirect
github.com/gophercloud/gophercloud v0.16.0 // indirect
github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae // indirect
- github.com/gorilla/context v1.1.1 // indirect
github.com/gravitational/trace v1.1.16-0.20220114165159-14a9a7dd6aaf // indirect
github.com/grpc-ecosystem/go-grpc-middleware v1.2.0 // indirect
github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect
github.com/hashicorp/consul/sdk v0.8.0 // indirect
github.com/hashicorp/cronexpr v1.1.1 // indirect
- github.com/hashicorp/errwrap v1.0.0 // indirect
+ github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
- github.com/hashicorp/go-immutable-radix v1.3.0 // indirect
+ github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
github.com/hashicorp/go-msgpack v0.5.5 // indirect
github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
github.com/hashicorp/go-rootcerts v1.0.2 // indirect
@@ -205,6 +209,7 @@ require (
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 // indirect
github.com/jonboulle/clockwork v0.2.2 // indirect
+ github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213 // indirect
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
@@ -219,12 +224,13 @@ require (
github.com/mailgun/minheap v0.0.0-20170619185613-3dbe6c6bf55f // indirect
github.com/mailgun/multibuf v0.1.2 // indirect
github.com/mailgun/timetools v0.0.0-20141028012446-7e6055773c51 // indirect
+ github.com/mailru/easyjson v0.7.7 // indirect
github.com/marten-seemann/qpack v0.2.1 // indirect
github.com/marten-seemann/qtls-go1-16 v0.1.5 // indirect
github.com/marten-seemann/qtls-go1-17 v0.1.1 // indirect
github.com/marten-seemann/qtls-go1-18 v0.1.1 // indirect
- github.com/mattn/go-colorable v0.1.8 // indirect
- github.com/mattn/go-isatty v0.0.12 // indirect
+ github.com/mattn/go-colorable v0.1.11 // indirect
+ github.com/mattn/go-isatty v0.0.14 // indirect
github.com/mattn/go-shellwords v1.0.12 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
@@ -257,7 +263,7 @@ require (
github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 // indirect
github.com/oracle/oci-go-sdk v24.3.0+incompatible // indirect
github.com/ovh/go-ovh v1.1.0 // indirect
- github.com/philhofer/fwd v1.0.0 // indirect
+ github.com/philhofer/fwd v1.1.1 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pquerna/otp v1.3.0 // indirect
github.com/prometheus/common v0.26.0 // indirect
@@ -279,7 +285,7 @@ require (
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.287 // indirect
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.287 // indirect
github.com/theupdateframework/notary v0.6.1 // indirect
- github.com/tinylib/msgp v1.0.2 // indirect
+ github.com/tinylib/msgp v1.1.2 // indirect
github.com/tonistiigi/fsutil v0.0.0-20201103201449-0834f99b7b85 // indirect
github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea // indirect
github.com/transip/gotransip/v6 v6.6.1 // indirect
@@ -329,7 +335,7 @@ require (
replace (
github.com/abbot/go-http-auth => github.com/containous/go-http-auth v0.4.1-0.20200324110947-a37a7636d23e
github.com/go-check/check => github.com/containous/check v0.0.0-20170915194414-ca0bf163426a
- github.com/gorilla/mux => github.com/containous/mux v0.0.0-20220113180107-8ffa4f6d063c
+ github.com/gorilla/mux => github.com/containous/mux v0.0.0-20220627093034-b2dd784e613f
github.com/mailgun/minheap => github.com/containous/minheap v0.0.0-20190809180810-6e71eb837595
)
diff --git a/go.sum b/go.sum
index fea636ab1..a5fb0fe58 100644
--- a/go.sum
+++ b/go.sum
@@ -39,6 +39,7 @@ cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2k
cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
+cloud.google.com/go/pubsub v1.4.0/go.mod h1:LFrqilwgdw4X2cJS9ALgzYmMu+ULyrUN6IHV3CPK4TM=
cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
@@ -116,9 +117,18 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03
github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU=
github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583 h1:3nVO1nQyh64IUY6BPZUpMYMZ738Pu+LsMt3E0eqqIYw=
+github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583/go.mod h1:EP9f4GqaDJyP1F5jTNMtzdIpw3JpNs3rMSJOnYywCiw=
github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
-github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dXCilEuNEeAn20fdD4=
github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
+github.com/DataDog/datadog-go v4.8.2+incompatible h1:qbcKSx29aBLD+5QLvlQZlGmRMF/FfGqFLFev/1TDzRo=
+github.com/DataDog/datadog-go v4.8.2+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
+github.com/DataDog/datadog-go/v5 v5.0.2 h1:UFtEe7662/Qojxkw1d6SboAeA0CPI3naKhVASwFn+04=
+github.com/DataDog/datadog-go/v5 v5.0.2/go.mod h1:ZI9JFB4ewXbw1sBnF4sxsR2k1H3xjV+PUAOUsHvKpcU=
+github.com/DataDog/gostackparse v0.5.0/go.mod h1:lTfqcJKqS9KnXQGnyQMCugq3u1FP6UZMfWR0aitKFMM=
+github.com/DataDog/sketches-go v1.0.0 h1:chm5KSXO7kO+ywGWJ0Zs6tdmWU8PBXSbywFVciL6BG4=
+github.com/DataDog/sketches-go v1.0.0/go.mod h1:O+XkJHWk9w4hDwY2ZUDU31ZC9sNYlYo8DiFsxjYeo1k=
+github.com/DataDog/zstd v1.3.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=
github.com/DataDog/zstd v1.3.6-0.20190409195224-796139022798 h1:2T/jmrHeTezcCM58lvEQXs0UpQJCo5SoGAcg+mbSTIg=
github.com/DataDog/zstd v1.3.6-0.20190409195224-796139022798/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=
github.com/ExpediaDotCom/haystack-client-go v0.0.0-20190315171017-e7edbdf53a61 h1:1NIUJ+MAMpqDr4LWIfNsoJR+G7zg/8GZVwuRkmJxtTc=
@@ -144,8 +154,10 @@ github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB
github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.4.17 h1:iT12IBVClFevaf8PuVyi3UmZOVh4OqnaLxDTW2O6j3w=
github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
+github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
+github.com/Microsoft/go-winio v0.5.1 h1:aPJp2QD7OOrhO5tQXqQoGSJc+DjDtWTGLOmNyAm6FgY=
+github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
@@ -174,6 +186,7 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdko
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
+github.com/Shopify/sarama v1.22.0/go.mod h1:lm3THZ8reqBDBQKQyb5HB3sY1lKp3grEbQ81aWSgPp4=
github.com/Shopify/sarama v1.23.1 h1:XxJBCZEoWJtoWjf/xRbmGUpAmTZGnuuF0ON0EvxxBrs=
github.com/Shopify/sarama v1.23.1/go.mod h1:XLH1GYJnLVE0XCr6KdJGVJRTwY30moWNJ4sERjXX6fs=
github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
@@ -198,6 +211,7 @@ github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk5
github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1183 h1:dkj8/dxOQ4L1XpwCzRLqukvUBbxuNdz3FeyvHFnRjmo=
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1183/go.mod h1:pUKYbK5JQ+1Dfxk80P0qxGqe5dkxDoabbZS7zOcouyA=
+github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
@@ -226,9 +240,19 @@ github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.34.9/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
+github.com/aws/aws-sdk-go v1.34.28/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48=
github.com/aws/aws-sdk-go v1.39.0 h1:74BBwkEmiqBbi2CGflEh34l0YNtIibTjZsibGarkNjo=
github.com/aws/aws-sdk-go v1.39.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
+github.com/aws/aws-sdk-go-v2 v1.0.0/go.mod h1:smfAbmpW+tcRVuNUjo3MOArSZmW72t62rkCzc2i0TWM=
+github.com/aws/aws-sdk-go-v2/config v1.0.0/go.mod h1:WysE/OpUgE37tjtmtJd8GXgT8s1euilE5XtUkRNUQ1w=
+github.com/aws/aws-sdk-go-v2/credentials v1.0.0/go.mod h1:/SvsiqBf509hG4Bddigr3NB12MIpfHhZapyBurJe8aY=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.0.0/go.mod h1:wpMHDCXvOXZxGCRSidyepa8uJHY4vaBGfY2/+oKU/Bc=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.0.0/go.mod h1:3jExOmpbjgPnz2FJaMOfbSk1heTkZ66aD3yNtVhnjvI=
+github.com/aws/aws-sdk-go-v2/service/sqs v1.0.0/go.mod h1:w5BclCU8ptTbagzXS/fHBr+vAyXUjggg/72qDIURKMk=
+github.com/aws/aws-sdk-go-v2/service/sts v1.0.0/go.mod h1:5f+cELGATgill5Pu3/vK3Ebuigstc+qYEHW5MvGWZO4=
+github.com/aws/smithy-go v1.0.0/go.mod h1:EzMw8dbp/YJL4A5/sbhGddag+NPT7q084agLbB9LgIw=
+github.com/aws/smithy-go v1.11.0/go.mod h1:3xHYmszWVx2c0kIwQeEVf9uSm4fYZt67FBJnwub1bgM=
github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -251,6 +275,7 @@ github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx2
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI=
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
+github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
github.com/buger/goterm v1.0.0 h1:ZB6uUlY8+sjJyFGzz2WpRqX2XYPeXVgtZAOJMwOsTWM=
@@ -277,8 +302,9 @@ github.com/certifi/gocertifi v0.0.0-20180118203423-deb3ae2ef261/go.mod h1:GJKEex
github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
github.com/cespare/xxhash/v2 v2.1.0/go.mod h1:dgIUBU3pDso/gPgZ1osOZ0iQf77oPR28Tjxl5dIMyVM=
-github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
+github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M=
github.com/cheekybits/genny v1.0.0 h1:uGGa4nei+j20rOSeDeP5Of12XVm7TGUd4dJA9RDitfE=
@@ -321,6 +347,7 @@ github.com/compose-spec/compose-go v1.0.3 h1:yvut1x9H4TUMptNA4mZ63VGVtDNX1OKy2TZ
github.com/compose-spec/compose-go v1.0.3/go.mod h1:gCIA3No0j5nNszz2X0yd/mkigTIWcOgHiPa9guWvoec=
github.com/compose-spec/godotenv v1.0.0 h1:TV24JYhh5GCC1G14npQVhCtxeoiwd0NcT0VdwcCQyXU=
github.com/compose-spec/godotenv v1.0.0/go.mod h1:zF/3BOa18Z24tts5qnO/E9YURQanJTBUf7nlcCTNsyc=
+github.com/confluentinc/confluent-kafka-go v1.4.0/go.mod h1:u2zNLny2xq+5rWeTQjFHbDzzNuba4P1vo31r9r4uAdg=
github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU=
github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
@@ -429,8 +456,8 @@ github.com/containous/go-http-auth v0.4.1-0.20200324110947-a37a7636d23e h1:D+uTE
github.com/containous/go-http-auth v0.4.1-0.20200324110947-a37a7636d23e/go.mod h1:s8kLgBQolDbsJOPVIGCEEv9zGAKUUf/685Gi0Qqg8z8=
github.com/containous/minheap v0.0.0-20190809180810-6e71eb837595 h1:aPspFRO6b94To3gl4yTDOEtpjFwXI7V2W+z0JcNljQ4=
github.com/containous/minheap v0.0.0-20190809180810-6e71eb837595/go.mod h1:+lHFbEasIiQVGzhVDVw/cn0ZaOzde2OwNncp1NhXV4c=
-github.com/containous/mux v0.0.0-20220113180107-8ffa4f6d063c h1:g6JvgTtfpS6AfhRjY87NZ0g39CrNDbdm8R+1CD85Cfo=
-github.com/containous/mux v0.0.0-20220113180107-8ffa4f6d063c/go.mod h1:z8WW7n06n8/1xF9Jl9WmuDeZuHAhfL+bwarNjsciwwg=
+github.com/containous/mux v0.0.0-20220627093034-b2dd784e613f h1:1uEtynq2C0ljy3630jt7EAxg8jZY2gy6YHdGwdqEpWw=
+github.com/containous/mux v0.0.0-20220627093034-b2dd784e613f/go.mod h1:z8WW7n06n8/1xF9Jl9WmuDeZuHAhfL+bwarNjsciwwg=
github.com/coredns/coredns v1.1.2/go.mod h1:zASH/MVDgR6XZTbxvOnsZfffS+31vg6Ackf/wo1+AM0=
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
@@ -446,6 +473,7 @@ github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7
github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU=
github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
@@ -480,10 +508,17 @@ github.com/deepmap/oapi-codegen v1.8.2 h1:SegyeYGcdi0jLLrpbCMoJxnUUn8GBXHsvr4rbz
github.com/deepmap/oapi-codegen v1.8.2/go.mod h1:YLgSKSDv/bZQB7N4ws6luhozi3cEdRktEqrX88CvjIw=
github.com/denisenkom/go-mssqldb v0.0.0-20190315220205-a8ed825ac853/go.mod h1:xN/JuLBIz4bjkxNmByTiV1IbhfnYb6oo99phBn4Eqhc=
github.com/denisenkom/go-mssqldb v0.0.0-20190515213511-eb9f6a1743f3/go.mod h1:zAg7JM8CkOJ43xKXIj7eRO9kmWm/TW578qo+oDO6tuM=
+github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
+github.com/denisenkom/go-mssqldb v0.11.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
github.com/denverdino/aliyungo v0.0.0-20170926055100-d3308649c661/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
+github.com/dgraph-io/ristretto v0.1.0 h1:Jv3CGQHp9OjuMBSne1485aDpUkTKEcUqF+jm/LuerPI=
+github.com/dgraph-io/ristretto v0.1.0/go.mod h1:fux0lOrBhrVCJd3lcTHsIJhq1T2rokOu6v9Vcb3Q9ug=
github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2 h1:tdlZCpZ/P9DhczCTSixgIKmwPv6+wP5DGjqLYw5SUiA=
+github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
github.com/digitalocean/godo v1.1.1/go.mod h1:h6faOIcZ8lWIwNQ+DN7b3CgX4Kwby5T+nbpNqkUIozU=
github.com/digitalocean/godo v1.10.0/go.mod h1:h6faOIcZ8lWIwNQ+DN7b3CgX4Kwby5T+nbpNqkUIozU=
@@ -552,6 +587,7 @@ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3
github.com/donovanhide/eventsource v0.0.0-20170630084216-b8f31a59085e h1:rMOGp6HPeMHbdLrZkX2nD+94uqDunc27tXVuS+ey4mQ=
github.com/donovanhide/eventsource v0.0.0-20170630084216-b8f31a59085e/go.mod h1:56wL82FO0bfMU5RvfXoIwSOP2ggqqxT+tAfNEIyxuHw=
github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/eapache/go-resiliency v1.1.0 h1:1NtRmCAqadE2FN4ZcN6g90TP3uk8cg9rn9eNK2197aU=
github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
@@ -562,6 +598,8 @@ github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFP
github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
github.com/eknkc/amber v0.0.0-20171010120322-cdade1c07385 h1:clC1lXBpe2kTj2VHdaIu9ajZQe4kcEY9j0NsnDDBZ3o=
github.com/eknkc/amber v0.0.0-20171010120322-cdade1c07385/go.mod h1:0vRUJqYpeSZifjYj7uP3BG/gKcuzL9xWVV/Y+cK33KM=
+github.com/elastic/go-elasticsearch/v6 v6.8.5/go.mod h1:UwaDJsD3rWLM5rKNFzv9hgox93HoX8utj1kxD9aFUcI=
+github.com/elastic/go-elasticsearch/v7 v7.17.1/go.mod h1:OJ4wdbtDNk5g503kvlHLyErCgQwwzmDtaFC4XyOxXA4=
github.com/elastic/go-licenser v0.3.1 h1:RmRukU/JUmts+rpexAw0Fvt2ly7VVu6mw8z4HrEzObU=
github.com/elastic/go-licenser v0.3.1/go.mod h1:D8eNQk70FOCVBl3smCGQt/lv7meBeQno2eI1S5apiHQ=
github.com/elastic/go-sysinfo v1.1.1 h1:ZVlaLDyhVkDfjwPGU55CQRCRolNpc7P0BbyhhQZQmMI=
@@ -604,11 +642,13 @@ github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/
github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c=
github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
+github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY=
github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4=
github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20=
github.com/frankban/quicktest v1.11.0/go.mod h1:K+q6oSqb0W0Ininfk863uOk1lMy69l/P6txr3mVT54s=
github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
+github.com/frankban/quicktest v1.13.0/go.mod h1:qLE0fzW0VuyUAJgPU19zByoIr0HtCHN/r/VLSOOIySU=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
@@ -619,16 +659,20 @@ github.com/fvbommel/sortorder v1.0.1/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui72
github.com/gambol99/go-marathon v0.0.0-20180614232016-99a156b96fb2 h1:df6OFl8WNXk82xxP3R9ZPZ5seOA8XZkwLdbEzZF1/xI=
github.com/gambol99/go-marathon v0.0.0-20180614232016-99a156b96fb2/go.mod h1:GLyXJD41gBO/NPKVPGQbhyyC06eugGy15QEZyUkE2/s=
github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
+github.com/garyburd/redigo v1.6.3/go.mod h1:rTb6epsqigu3kYKBnaF028A7Tf/Aw5s0cqA47doKKqw=
github.com/getkin/kin-openapi v0.53.0/go.mod h1:7Yn5whZr5kJi6t+kShccXS8ae1APpYTW6yheSwk8Yi4=
github.com/getkin/kin-openapi v0.61.0/go.mod h1:7Yn5whZr5kJi6t+kShccXS8ae1APpYTW6yheSwk8Yi4=
github.com/getsentry/raven-go v0.0.0-20180121060056-563b81fc02b7/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.7.0/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
github.com/go-acme/lego/v4 v4.7.0 h1:f5/9EigoIC3Lu14XUsbDzlJ1ZcTYBN3zu/0TJExQaOc=
github.com/go-acme/lego/v4 v4.7.0/go.mod h1:hoPWeY+jooDbgbe5GUqHTGRGdENDhrkiypiDCAqgmmg=
github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
+github.com/go-chi/chi v1.5.0/go.mod h1:REp24E+25iKvxgeTfHmdUoL5x15kBiDBlnIl5bCwe2k=
github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs=
github.com/go-cmd/cmd v1.0.5/go.mod h1:y8q8qlK5wQibcw63djSl/ntiHUHXHGdCkPk0j4QeW4s=
github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w=
@@ -668,13 +712,23 @@ github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dp
github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
+github.com/go-pg/pg/v10 v10.0.0/go.mod h1:XHU1AkQW534GFuUdSiQ46+Xw6Ah+9+b8DlT4YwhiXL8=
+github.com/go-pg/zerochecker v0.2.0/go.mod h1:NJZ4wKL0NmTtz0GKCoJ8kym6Xn/EQzXRl2OnAe7MmDo=
+github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
+github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
+github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
+github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
+github.com/go-redis/redis/v7 v7.1.0/go.mod h1:JDNMw23GTyLNC4GZu9njt15ctBQVn7xjRfnwdHj/Dcg=
+github.com/go-redis/redis/v8 v8.0.0/go.mod h1:isLoQT/NFSP7V67lyvM9GmdvLdyZ7pEhsXvvyQtnQTo=
github.com/go-resty/resty/v2 v2.1.1-0.20191201195748-d7b97669fe48 h1:JVrqSeQfdhYRFk24TvhTZWU0q8lfCojxZQFi3Ou7+uY=
github.com/go-resty/resty/v2 v2.1.1-0.20191201195748-d7b97669fe48/go.mod h1:dZGr0i9PLlaaTD4H/hoZIDjQ+r6xq8mgbRzHZf7f2J8=
github.com/go-sql-driver/mysql v1.3.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
-github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
+github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
+github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
@@ -686,19 +740,46 @@ github.com/go-zookeeper/zk v1.0.2 h1:4mx0EYENAdX/B/rbunjlt5+4RTA/a9SMHBRuSKdGxPM
github.com/go-zookeeper/zk v1.0.2/go.mod h1:nOB03cncLtlp4t+UAkGSV+9beXP/akpekBwL+UX1Qcw=
github.com/gobs/pretty v0.0.0-20180724170744-09732c25a95b h1:/vQ+oYKu+JoyaMPDsv5FzwuL2wwWBgBbtj/YLCi4LuA=
github.com/gobs/pretty v0.0.0-20180724170744-09732c25a95b/go.mod h1:Xo4aNUOrJnVruqWQJBtW6+bTBDTniY8yZum5rF3b5jw=
+github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
+github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY=
+github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg=
+github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
+github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
+github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs=
+github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
+github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
github.com/gobuffalo/flect v0.2.3/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20jmEmX3jc=
+github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk=
+github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28=
+github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo=
+github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk=
+github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw=
+github.com/gobuffalo/gogen v0.0.0-20190315121717-8f38393713f5/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360=
+github.com/gobuffalo/gogen v0.1.0/go.mod h1:8NTelM5qd8RZ15VjQTFkAW6qOMx5wBbW4dSCS3BY8gg=
+github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+71xfDNE=
+github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8=
+github.com/gobuffalo/mapi v1.0.1/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
+github.com/gobuffalo/mapi v1.0.2/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
+github.com/gobuffalo/packd v0.0.0-20190315124812-a385830c7fc0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
+github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
+github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ=
+github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
+github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
+github.com/gocql/gocql v0.0.0-20220224095938-0eacd3183625/go.mod h1:3gM2c4D3AnkISwBxGnMMsS8Oy4y2lhbPRsH4xnJrHG8=
github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
github.com/godbus/dbus v4.1.0+incompatible/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/gofiber/fiber/v2 v2.11.0/go.mod h1:oZTLWqYnqpMMuF922SjGbsYZsdpE1MCfh416HNdweIM=
github.com/gofrs/flock v0.7.3/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
github.com/gofrs/flock v0.8.0 h1:MSdYClljsF3PbENUUEx85nkWfJSGfzYI9yEBZOJz6CY=
github.com/gofrs/flock v0.8.0/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
-github.com/gofrs/uuid v3.3.0+incompatible h1:8K4tyRfvU1CYPgJsveYFQMhpFd/wXNM7iK6rR7UHz84=
github.com/gofrs/uuid v3.3.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
+github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s=
github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
github.com/gogo/googleapis v1.3.0/go.mod h1:d+q1s/xVJxZGKWwC/6UfPIF33J+G1Tq4GYv9Y+Tg/EU=
@@ -713,7 +794,9 @@ github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A=
+github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -755,9 +838,11 @@ github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA=
github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
+github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golangci/lint-1 v0.0.0-20181222135242-d2cdd8c08219/go.mod h1:/X8TswGSh1pIozq4ZwCfxS0WA5JGXguxk94ar/4c87Y=
+github.com/gomodule/redigo v1.7.0/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0=
github.com/google/btree v0.0.0-20180124185431-e89373fe6b4a/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@@ -811,6 +896,7 @@ github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLe
github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210423192551-a2663126120b/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
@@ -844,7 +930,6 @@ github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae h1:Hi3IgB9RQDE15
github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae/go.mod h1:wx8HMD8oQD0Ryhz6+6ykq75PJ79iPyEqYHfwZ4l7OsA=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
@@ -854,6 +939,7 @@ github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/ad
github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/gotestyourself/gotestyourself v2.2.0+incompatible/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY=
+github.com/graph-gophers/graphql-go v1.3.0/go.mod h1:9CQHMSxwO4MprSdzoIEobiHpoLtHm77vfxsvsIN5Vuc=
github.com/gravitational/trace v1.1.16-0.20220114165159-14a9a7dd6aaf h1:C1GPyPJrOlJlIrcaBBiBpDsqZena2Ks8spa5xZqr1XQ=
github.com/gravitational/trace v1.1.16-0.20220114165159-14a9a7dd6aaf/go.mod h1:zXqxTI6jXDdKnlf8s+nT+3c8LrwUEy3yNpO4XJL90lA=
github.com/gregjones/httpcache v0.0.0-20170728041850-787624de3eb7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
@@ -877,11 +963,13 @@ github.com/hanwen/go-fuse v1.0.0/go.mod h1:unqXarDXqzAk0rt98O2tVndEPIpUgLD9+rwFi
github.com/hanwen/go-fuse/v2 v2.0.4-0.20201208195215-4a458845028b/go.mod h1:0EQM6aH2ctVpvZ6a+onrQ/vaykxh2GH7hy3e13vzTUY=
github.com/hashicorp/consul v1.10.4 h1:rqKmYP49KnCSSxbiaJ4J2CnLA3zUAmI6KwASKxmPqFc=
github.com/hashicorp/consul v1.10.4/go.mod h1:3EJeqDz7W0LQJ2I4KzRtZZBgG5H80kZvgEtOLis/yCo=
+github.com/hashicorp/consul/api v1.0.0/go.mod h1:mbFwfRxOTDHZpT3iUsMAFcLNoVm6Xbe1xZ6KiSm8FY0=
github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE=
github.com/hashicorp/consul/api v1.10.0/go.mod h1:sDjTOq0yUyv5G4h+BqSea7Fn6BU+XbolEz1952UB+mk=
github.com/hashicorp/consul/api v1.12.0 h1:k3y1FYv6nuKyNTqj6w9gXOx5r5CfLj/k/euUeBXj1OY=
github.com/hashicorp/consul/api v1.12.0/go.mod h1:6pVBMo0ebnYdt2S3H87XhekM/HHrUoTD2XXb/VrZVy0=
+github.com/hashicorp/consul/internal v0.1.0/go.mod h1:zi9bMZYbiPHyAjgBWo7kCUcy5l2NrTdrkVupCc7Oo6c=
github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
github.com/hashicorp/consul/sdk v0.7.0/go.mod h1:fY08Y9z5SvJqevyZNy6WWPXiG3KwBPAvlcdx16zZ0fM=
@@ -890,8 +978,9 @@ github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOj
github.com/hashicorp/cronexpr v1.1.1 h1:NJZDd87hGXjoZBdvyCF9mX4DCq5Wy7+A/w+A7q0wn6c=
github.com/hashicorp/cronexpr v1.1.1/go.mod h1:P4wA0KBl9C5q2hABiMO7cp6jcIg96CDh1Efb3g1PWA4=
github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-bexpr v0.1.2 h1:ijMXI4qERbzxbCnkxmfUtwMyjrrk3y+Vt0MxojNCbBs=
github.com/hashicorp/go-bexpr v0.1.2/go.mod h1:ANbpTX1oAql27TZkKVeW8p1w8NTdnyzPe/0qqPCKohU=
github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg=
@@ -907,11 +996,12 @@ github.com/hashicorp/go-hclog v0.9.1/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrj
github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-hclog v0.16.1 h1:IVQwpTGNRRIHafnTs2dQLIk4ENtneRIEEJWOVDqz99o=
-github.com/hashicorp/go-hclog v0.16.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-hclog v0.16.2 h1:K4ev2ib4LdQETX5cSZBG0DVLk1jwGqSPXBjdah3veNs=
+github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-immutable-radix v1.3.0 h1:8exGP7ego3OmkfksihtSouGMZ+hQrhxx+FVELeXpVPE=
github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
+github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g=
github.com/hashicorp/go-memdb v1.3.1/go.mod h1:Mluclgwib3R93Hk5fxEfiRhB+6Dar64wWh71LpNSe3g=
github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
@@ -961,6 +1051,7 @@ github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0m
github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY=
github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc=
github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
+github.com/hashicorp/memberlist v0.1.6/go.mod h1:5VDNHjqFMgEcclnwmkCnC99IPwxBmIsxwY8qn+Nl0H4=
github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
github.com/hashicorp/memberlist v0.2.4/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
github.com/hashicorp/memberlist v0.3.0 h1:8+567mCcFDnS5ADl7lrpxPMWiFCElyUEeW0gtj34fMA=
@@ -976,11 +1067,13 @@ github.com/hashicorp/raft-autopilot v0.1.5 h1:onEfMH5uHVdXQqtas36zXUHEZxLdsJVu/n
github.com/hashicorp/raft-autopilot v0.1.5/go.mod h1:Af4jZBwaNOI+tXfIqIdbcAnh/UyyqIMj/pOISIfhArw=
github.com/hashicorp/raft-boltdb v0.0.0-20171010151810-6e5ba93211ea/go.mod h1:pNv7Wc3ycL6F5oOWn+tPGo2gWD4a5X+yp/ntwdKLjRk=
github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
+github.com/hashicorp/serf v0.8.6/go.mod h1:P/AVgr4UHsUYqVHG1y9eFhz8S35pqhGhLZaDpfGKIMo=
github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk=
github.com/hashicorp/serf v0.9.6 h1:uuEX1kLR6aoda1TBttmJQKDLZE1Ob7KN0NPdE7EtCDc=
github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4=
github.com/hashicorp/uuid v0.0.0-20160311170451-ebb0a03e909c/go.mod h1:fHzc09UnyJyqyW+bFuq864eh+wC7dj65aXmXLRe5to0=
github.com/hashicorp/vault/api v1.0.5-0.20200717191844-f687267c8086/go.mod h1:R3Umvhlxi2TN7Ex2hzOowyeNb+SfbVWI973N+ctaFMk=
+github.com/hashicorp/vault/api v1.1.0/go.mod h1:R3Umvhlxi2TN7Ex2hzOowyeNb+SfbVWI973N+ctaFMk=
github.com/hashicorp/vault/sdk v0.1.14-0.20200519221838-e0cfd64bc267/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10=
github.com/hashicorp/vic v1.5.1-0.20190403131502-bbfe86ec9443/go.mod h1:bEpDU35nTu0ey1EXjwNwPjI9xErAsoOCmcMb9GKvyxo=
github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
@@ -1019,8 +1112,63 @@ github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65 h1:T25FL3WEzgmKB
github.com/instana/testify v1.6.2-0.20200721153833-94b1851f4d65/go.mod h1:nYhEREG/B7HUY7P+LKOrqy53TpIqmJ9JyUShcaEKtGw=
github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07/go.mod h1:co9pwDoBCm1kGxawmb4sPq0cSIOOWNPT4KnHotMP1Zg=
github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
+github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo=
+github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
+github.com/jackc/chunkreader/v2 v2.0.1/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
github.com/jackc/fake v0.0.0-20150926172116-812a484cc733/go.mod h1:WrMFNQdiFJ80sQsxDoMokWK1W5TQtxBFNpzWTD84ibQ=
+github.com/jackc/pgconn v0.0.0-20190420214824-7e0022ef6ba3/go.mod h1:jkELnwuX+w9qN5YIfX0fl88Ehu4XC3keFuOJJk9pcnA=
+github.com/jackc/pgconn v0.0.0-20190824142844-760dd75542eb/go.mod h1:lLjNuW/+OfW9/pnVKPazfWOgNfH2aPem8YQ7ilXGvJE=
+github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsUgOEh9hBm+xYTstcNHg7UPMVJqRfQxq4s=
+github.com/jackc/pgconn v1.4.0/go.mod h1:Y2O3ZDF0q4mMacyWV3AstPJpeHXWGEetiFttmq5lahk=
+github.com/jackc/pgconn v1.5.0/go.mod h1:QeD3lBfpTFe8WUnPZWN5KY/mB8FGMIYRdd8P8Jr0fAI=
+github.com/jackc/pgconn v1.5.1-0.20200601181101-fa742c524853/go.mod h1:QeD3lBfpTFe8WUnPZWN5KY/mB8FGMIYRdd8P8Jr0fAI=
+github.com/jackc/pgconn v1.6.4/go.mod h1:w2pne1C2tZgP+TvjqLpOigGzNqjBgQW9dUw/4Chex78=
+github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfGIB/o=
+github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY=
+github.com/jackc/pgconn v1.9.1-0.20210724152538-d89c8390a530/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI=
+github.com/jackc/pgconn v1.10.1/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI=
+github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8=
+github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE=
+github.com/jackc/pgmock v0.0.0-20201204152224-4fe30f7445fd/go.mod h1:hrBW0Enj2AZTNpt/7Y5rr2xe/9Mn757Wtb2xeBzPv2c=
+github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak=
+github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
+github.com/jackc/pgproto3 v1.1.0/go.mod h1:eR5FA3leWg7p9aeAqi37XOTgTIbkABlvcPB3E5rlc78=
+github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod h1:bhq50y+xrl9n5mRYyCBFKkpRVTLYJVWeCc+mEAI3yXA=
+github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg=
+github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM=
+github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM=
+github.com/jackc/pgproto3/v2 v2.0.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
+github.com/jackc/pgproto3/v2 v2.0.2/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
+github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
+github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
+github.com/jackc/pgproto3/v2 v2.2.0/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
+github.com/jackc/pgservicefile v0.0.0-20200307190119-3430c5407db8/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E=
+github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E=
+github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg=
+github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc=
+github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw=
+github.com/jackc/pgtype v1.2.0/go.mod h1:5m2OfMh1wTK7x+Fk952IDmI4nw3nPrvtQdM0ZT4WpC0=
+github.com/jackc/pgtype v1.3.1-0.20200510190516-8cd94a14c75a/go.mod h1:vaogEUkALtxZMCH411K+tKzNpwzCKU+AnPzBKZ+I+Po=
+github.com/jackc/pgtype v1.3.1-0.20200606141011-f6355165a91c/go.mod h1:cvk9Bgu/VzJ9/lxTO5R5sf80p0DiucVtN7ZxvaC4GmQ=
+github.com/jackc/pgtype v1.4.2/go.mod h1:JCULISAZBFGrHaOXIIFiyfzW5VY0GRitRr8NeJsrdig=
+github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM=
+github.com/jackc/pgtype v1.9.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4=
github.com/jackc/pgx v3.3.0+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I=
+github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y=
+github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM=
+github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc=
+github.com/jackc/pgx/v4 v4.5.0/go.mod h1:EpAKPLdnTorwmPUUsqrPxy5fphV18j9q3wrfRXgo+kA=
+github.com/jackc/pgx/v4 v4.6.1-0.20200510190926-94ba730bb1e9/go.mod h1:t3/cdRQl6fOLDxqtlyhe9UWgfIi9R8+8v8GKV5TRA/o=
+github.com/jackc/pgx/v4 v4.6.1-0.20200606145419-4e5062306904/go.mod h1:ZDaNWkt9sW1JMiNn0kdYBaLelIhw7Pg4qd+Vk6tw7Hg=
+github.com/jackc/pgx/v4 v4.8.1/go.mod h1:4HOLxrl8wToZJReD04/yB20GDwf4KBYETvlHciCnwW0=
+github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs=
+github.com/jackc/pgx/v4 v4.14.0/go.mod h1:jT3ibf/A0ZVCp89rtCIN0zCJxcE74ypROmHEZYsG/j8=
+github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/puddle v1.1.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/puddle v1.1.1/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/puddle v1.2.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da/go.mod h1:ks+b9deReOc7jgqp+e7LuFiCBH6Rm5hL32cLcEAArb4=
github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik=
github.com/jarcoal/httpmock v1.0.6/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik=
@@ -1032,6 +1180,7 @@ github.com/jcmturner/gofork v0.0.0-20190328161633-dc7c13fece03 h1:FUwcHNlEqkqLjL
github.com/jcmturner/gofork v0.0.0-20190328161633-dc7c13fece03/go.mod h1:MK8+TM0La+2rjBD4jE12Kj1pCCxK7d2LK/UM3ncEo0o=
github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
+github.com/jinzhu/gorm v1.9.1/go.mod h1:Vla75njaFJ8clLU1W44h34PjIkijhjHIYnZxMqCdxqo=
github.com/jinzhu/gorm v1.9.2/go.mod h1:Vla75njaFJ8clLU1W44h34PjIkijhjHIYnZxMqCdxqo=
github.com/jinzhu/gorm v1.9.11 h1:gaHGvE+UnWGlbWG4Y3FUwY1EcZ5n6S9WtqBA/uySMLE=
github.com/jinzhu/gorm v1.9.11/go.mod h1:bu/pK8szGZ2puuErfU0RwyeNdsf3e6nCX/noXaVxkfw=
@@ -1040,6 +1189,8 @@ github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD
github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
github.com/jinzhu/now v1.0.0/go.mod h1:oHTiXerJ20+SfYcrdlBO7rzZRJWGwSTQ0iUY2jI6Gfc=
github.com/jinzhu/now v1.0.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/jinzhu/now v1.1.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/jinzhu/now v1.1.3/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
@@ -1050,11 +1201,14 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw
github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548/go.mod h1:hGT6jSUVzF6no3QaDSMLGLEHtHSBSefs+MgcDWnmhmo=
github.com/jmoiron/sqlx v0.0.0-20180124204410-05cef0741ade/go.mod h1:IiEW3SEiiErVyFdH8NTuWjSifiEQKUoyK3LNqr2kCHU=
+github.com/jmoiron/sqlx v1.2.0/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks=
github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 h1:rp+c0RAYOWj8l6qbCUTSiRLG/iKnW3K3/QfPPuSsBt4=
github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901/go.mod h1:Z86h9688Y0wesXCyonoVr47MasHilkuLMqGhRZ4Hpak=
+github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ=
github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/joyent/triton-go v0.0.0-20180628001255-830d2b111e62/go.mod h1:U+RSyWxWd04xTqnuOQxnai7XGS2PrPY2cfGoDKtMHjA=
github.com/joyent/triton-go v1.7.1-0.20200416154420-6801d15b779f/go.mod h1:KDSfL7qe5ZfQqvlDMkVjCztbmcpp/c8M77vhQP8ZPvk=
@@ -1074,6 +1228,7 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1
github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/julienschmidt/httprouter v1.1.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
@@ -1082,6 +1237,8 @@ github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213/go.mod h1:vNUNkEQ1
github.com/kardianos/osext v0.0.0-20170510131534-ae77be60afb1/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8=
github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 h1:iQTw/8FWTuc7uiaSepXwyf3o52HaUYcV+Tu66S3F5GA=
github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8=
+github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
+github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA=
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
@@ -1090,10 +1247,13 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/kisielk/sqlstruct v0.0.0-20150923205031-648daed35d49/go.mod h1:yyMNCyc/Ib3bDTKd379tNMpB/7/H5TjM2Y9QJ5THLbE=
github.com/kisom/goutils v1.1.0/go.mod h1:+UBTfd78habUYWFbNWTJNG+jNG/i/lGURakr4A/yNRw=
+github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.13.0 h1:2T7tUoQrQT+fQWdaY5rjWztFGAFwbGD04iPJg90ZiOs=
-github.com/klauspost/compress v1.13.0/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
+github.com/klauspost/compress v1.12.2/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
+github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
+github.com/klauspost/compress v1.14.2 h1:S0OHlFk/Gbon/yauFJ4FfJJF5V0fc5HbBTJazi28pRw=
+github.com/klauspost/compress v1.14.2/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
github.com/kolo/xmlrpc v0.0.0-20200310150728-e0350524596b h1:DzHy0GlWeF0KAglaTMY7Q+khIFoG8toHP+wLFBVBQJc=
github.com/kolo/xmlrpc v0.0.0-20200310150728-e0350524596b/go.mod h1:o03bZfuBwAXHetKXuInt4S7omeXUu62/A845kiycsSQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -1123,12 +1283,20 @@ github.com/labbsr0x/bindman-dns-webhook v1.0.2 h1:I7ITbmQPAVwrDdhd6dHKi+MYJTJqPC
github.com/labbsr0x/bindman-dns-webhook v1.0.2/go.mod h1:p6b+VCXIR8NYKpDr8/dg1HKfQoRHCdcsROXKvmoehKA=
github.com/labbsr0x/goh v1.0.1 h1:97aBJkDjpyBZGPbQuOK5/gHcSFbcr5aRsq3RSRJFpPk=
github.com/labbsr0x/goh v1.0.1/go.mod h1:8K2UhVoaWXcCU7Lxoa2omWnC8gyW8px7/lmO61c027w=
+github.com/labstack/echo v3.3.10+incompatible/go.mod h1:0INS7j/VjnFxD4E2wkz67b8cVwCLbBmJyDaka6Cmk1s=
+github.com/labstack/echo/v4 v4.2.0/go.mod h1:AA49e0DZ8kk5jTOOCKNuPR6oTnBS0dYiM4FW1e6jwpg=
github.com/labstack/echo/v4 v4.2.1/go.mod h1:AA49e0DZ8kk5jTOOCKNuPR6oTnBS0dYiM4FW1e6jwpg=
github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k=
+github.com/labstack/gommon v0.3.1/go.mod h1:uW6kP17uPlLJsD3ijUYn3/M5bAxtlZhMI6m3MFxTMTM=
+github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
github.com/lib/pq v0.0.0-20180201184707-88edab080323/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lib/pq v1.3.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
github.com/linode/linodego v0.7.1/go.mod h1:ga11n3ivecUrPCHN0rANxKmfWBJVkOXfLMZinAbj2sY=
@@ -1160,11 +1328,16 @@ github.com/mailgun/timetools v0.0.0-20141028012446-7e6055773c51/go.mod h1:RYmqHb
github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f h1:ZZYhg16XocqSKPGNQAe0aeweNtFxuedbwwb4fSlg7h4=
github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f/go.mod h1:8heskWJ5c0v5J9WH89ADhyal1DOZcayll8fSbhB+/9A=
github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/mailru/easyjson v0.0.0-20180730094502-03f2033d19d5/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
+github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho=
github.com/marten-seemann/qpack v0.2.1 h1:jvTsT/HpCn2UZJdP+UUB53FfUUgeOyG5K1ns0OJOGVs=
github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc=
@@ -1176,20 +1349,25 @@ github.com/marten-seemann/qtls-go1-18 v0.1.1 h1:qp7p7XXUFL7fpBvSS1sWD+uSqPvzNQK4
github.com/marten-seemann/qtls-go1-18 v0.1.1/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4=
github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
github.com/mattn/go-colorable v0.1.7/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8=
github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.11 h1:nQ+aFkoE2TMGc0b68U2OKSexC+eq46+XwZzWXHRmPYs=
+github.com/mattn/go-colorable v0.1.11/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
+github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
-github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/go-runewidth v0.0.3/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
@@ -1197,8 +1375,10 @@ github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m
github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
+github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/mattn/go-sqlite3 v1.11.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/mattn/go-sqlite3 v1.14.12/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
github.com/mattn/go-tty v0.0.0-20180219170247-931426f7535a/go.mod h1:XPvLUNfbS4fJH25nqRHfWLMa1ONC8Amw+mIA639KxkE=
github.com/mattn/go-tty v0.0.3/go.mod h1:ihxohKRERHTVzN+aSVRwACLCeqIoZAWpoICkkvrWyR0=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
@@ -1208,6 +1388,7 @@ github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b h1:j7+1HpAFS1zy5+Q4qx1f
github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
+github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
github.com/miekg/dns v1.1.45/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
@@ -1280,6 +1461,7 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8=
@@ -1341,6 +1523,7 @@ github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+
github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
+github.com/onsi/ginkgo v1.14.1/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
github.com/onsi/ginkgo v1.16.2/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvwxz1E=
github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc=
github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
@@ -1354,9 +1537,11 @@ github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/onsi/gomega v1.10.2/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
github.com/onsi/gomega v1.13.0/go.mod h1:lRk9szgn8TxENtWd0Tp4c3wjlRfMTMH27I+3Je41yGY=
github.com/onsi/gomega v1.14.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0=
+github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
github.com/onsi/gomega v1.18.1 h1:M1GfJqGRrBrrGGsbxzV5dqM2U2ApXefZCQpkukxYRLE=
github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
@@ -1422,18 +1607,20 @@ github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaR
github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
github.com/pelletier/go-toml v1.9.3 h1:zeC5b1GviRUyKYd6OJPvBU/mcVDVoL1OhT17FCt5dSQ=
github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
-github.com/philhofer/fwd v1.0.0 h1:UbZqGr5Y38ApvM/V/jEljVxwocdweyH+vmYvRPBnbqQ=
-github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
+github.com/philhofer/fwd v1.1.1 h1:GdGcTjf5RNAxwS4QLsiMzJYj5KEvPJD3Abr261yRQXQ=
+github.com/philhofer/fwd v1.1.1/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
github.com/pierrec/lz4 v0.0.0-20190327172049-315a67e90e41/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
github.com/pierrec/lz4 v2.5.2+incompatible h1:WCjObylUIOlKy/+7Abdn34TLIkXiA4UWUMhxq9m9ZXI=
github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
+github.com/pierrec/lz4/v4 v4.1.14/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
github.com/pires/go-proxyproto v0.6.1 h1:EBupykFmo22SDjv4fQVQd2J9NOoLPmyZA/15ldOGkPw=
github.com/pires/go-proxyproto v0.6.1/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY=
github.com/pivotal/image-relocation v0.0.0-20191111101224-e94aff6df06c/go.mod h1:/JNbQwGylYm3AQh8q+MBF8e/h0W1Jy20JGTvozuXYTE=
@@ -1518,11 +1705,15 @@ github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03/go.mod h1:gRAiPF5C5N
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
github.com/rogpeppe/go-charset v0.0.0-20180617210344-2471d30d28b4/go.mod h1:qgYeAmZ5ZIpBWTGllZSQnw97Dj+woV0toclVaRGI8pc=
+github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
github.com/rs/zerolog v1.4.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
+github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
+github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@@ -1547,11 +1738,13 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg
github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
github.com/segmentio/fasthash v1.0.3 h1:EI9+KE1EwvMLBWwjpRDc+fEM+prwxDYbslddQGtrmhM=
github.com/segmentio/fasthash v1.0.3/go.mod h1:waKX8l2N8yckOgmSsXJi7x1ZfdKZ4x7KRMzBtS3oedY=
+github.com/segmentio/kafka-go v0.4.29/go.mod h1:m1lXeqJtIFYZayv0shM/tjrAFljvWLTprxBHd+3PnaU=
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
github.com/serialx/hashring v0.0.0-20190422032157-8b2912629002/go.mod h1:/yeG0My1xr/u+HZrFQ1tOQQQQrOawfyMUH13ai5brBc=
github.com/shirou/gopsutil/v3 v3.20.10/go.mod h1:igHnfak0qnw1biGeI2qKQvu0ZkwvEkUcCLlYhZzdr/4=
github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
+github.com/shopspring/decimal v0.0.0-20200227202807-02e2044944cc/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
github.com/shurcooL/component v0.0.0-20170202220835-f88ec8f54cc4/go.mod h1:XhFIlyj5a1fBNx5aJTbKoIq0mNaPvOagO+HjB3EtxrY=
@@ -1581,6 +1774,7 @@ github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvH
github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
@@ -1670,6 +1864,7 @@ github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69
github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
+github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA=
github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.287 h1:ohsyW4WffPdd2JLPio2Sd0qGr93hzkawAt9vWdCFLgY=
@@ -1679,10 +1874,26 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.287/go.mod
github.com/tent/http-link-go v0.0.0-20130702225549-ac974c61c2f9/go.mod h1:RHkNRtSLfOK7qBTHaeSX1D6BNpI3qw7NTxsmNr4RvN8=
github.com/theupdateframework/notary v0.6.1 h1:7wshjstgS9x9F5LuB1L5mBI2xNMObWqjz+cjWoom6l0=
github.com/theupdateframework/notary v0.6.1/go.mod h1:MOfgIfmox8s7/7fduvB2xyPPMJCrjRLRizA8OFwpnKY=
-github.com/tinylib/msgp v1.0.2 h1:DfdQrzQa7Yh2es9SuLkixqxuXS2SxsdYn0KbdrOGWD8=
-github.com/tinylib/msgp v1.0.2/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE=
+github.com/tidwall/btree v0.3.0/go.mod h1:huei1BkDWJ3/sLXmO+bsCNELL+Bp2Kks9OLyQFkzvA8=
+github.com/tidwall/btree v1.1.0/go.mod h1:TzIRzen6yHbibdSfK6t8QimqbUnoxUSrZfeW7Uob0q4=
+github.com/tidwall/buntdb v1.2.0/go.mod h1:XLza/dhlwzO6dc5o/KWor4kfZSt3BP8QV+77ZMKfI58=
+github.com/tidwall/gjson v1.6.7/go.mod h1:zeFuBCIqD4sN/gmqBzZ4j7Jd6UcA2Fc56x7QFsv+8fI=
+github.com/tidwall/gjson v1.6.8/go.mod h1:zeFuBCIqD4sN/gmqBzZ4j7Jd6UcA2Fc56x7QFsv+8fI=
+github.com/tidwall/gjson v1.12.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
+github.com/tidwall/grect v0.1.0/go.mod h1:sa5O42oP6jWfTShL9ka6Sgmg3TgIK649veZe05B7+J8=
+github.com/tidwall/grect v0.1.4/go.mod h1:9FBsaYRaR0Tcy4UwefBX/UDcDcDy9V5jUcxHzv2jd5Q=
+github.com/tidwall/match v1.0.3/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
+github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
+github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
+github.com/tidwall/pretty v1.0.2/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
+github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
+github.com/tidwall/rtred v0.1.2/go.mod h1:hd69WNXQ5RP9vHd7dqekAz+RIdtfBogmglkZSRxCHFQ=
+github.com/tidwall/tinyqueue v0.1.1/go.mod h1:O/QNHwrnjqr6IHItYrzoHAKYhBkLI67Q096fQP5zMYw=
+github.com/tinylib/msgp v1.1.2 h1:gWmO7n0Ys2RBEb7GPYB9Ujq8Mk5p2U08lRnmMcGy6BQ=
+github.com/tinylib/msgp v1.1.2/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE=
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/tmthrgd/go-hex v0.0.0-20190904060850-447a3041c3bc/go.mod h1:bciPuU6GHm1iF1pBvUfxfsH0Wmnc2VbpgvbI9ZWuIRs=
github.com/tonistiigi/fsutil v0.0.0-20201103201449-0834f99b7b85 h1:014iQD8i8EabPWK2XgUuOTxg5s2nhfDmq6GupskfUO8=
github.com/tonistiigi/fsutil v0.0.0-20201103201449-0834f99b7b85/go.mod h1:a7cilN64dG941IOXfhJhlH0qB92hxJ9A1ewrdUmJ6xo=
github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea h1:SXhTLE6pb6eld/v/cCndK0AMpt1wiVFb/YYmqB3/QG0=
@@ -1691,12 +1902,13 @@ github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305 h1:y/1cL5AL2oRcfz
github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305/go.mod h1:gXOLibKqQTRAVuVZ9gX7G9Ykky8ll8yb4slxsEMoY0c=
github.com/traefik/paerser v0.1.5 h1:crit7KzQ9PUWGCYu+H2acwyr7ZKb3RQDSn6iJCtxBhE=
github.com/traefik/paerser v0.1.5/go.mod h1:Fuwl9DWJfGpZPPwZY6djYIF0vhvzhLmCizn6P66UeLY=
-github.com/traefik/yaegi v0.12.0 h1:1gSdARfQ5JB/yEvwEyy9e0AOyLuJrocGiDfkTftQpEo=
-github.com/traefik/yaegi v0.12.0/go.mod h1:RuCwD8/wsX7b6KoQHOaIFUfuH3gQIK4KWnFFmJMw5VA=
+github.com/traefik/yaegi v0.13.0 h1:dNwyGNSLHuRw5xswpbuW1TlzzGDciiK6uAighR1tMsc=
+github.com/traefik/yaegi v0.13.0/go.mod h1:RuCwD8/wsX7b6KoQHOaIFUfuH3gQIK4KWnFFmJMw5VA=
github.com/transip/gotransip/v6 v6.6.1 h1:nsCU1ErZS5G0FeOpgGXc4FsWvBff9GPswSMggsC4564=
github.com/transip/gotransip/v6 v6.6.1/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g=
github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8=
github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
+github.com/twitchtv/twirp v8.1.1+incompatible/go.mod h1:RRJoFSAmTEh2weEqWtpPE3vFK5YBhA6bqp2l1kfCC5A=
github.com/uber-go/atomic v1.3.2 h1:Azu9lPBWRNKzYXSIwRfgRuDuS0YKsK4NFhiQv98gkxo=
github.com/uber-go/atomic v1.3.2/go.mod h1:/Ct5t2lcmbJ4OSe/waGBoaVvVqtO0bmtfVNex1PFV8g=
github.com/uber/jaeger-client-go v2.25.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
@@ -1705,7 +1917,9 @@ github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMW
github.com/uber/jaeger-lib v2.2.0+incompatible h1:MxZXOiR2JuoANZ3J6DE/U0kSFv/eJ/GfSYVCjK7dyaw=
github.com/uber/jaeger-lib v2.2.0+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
+github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
+github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
github.com/unrolled/render v1.0.2 h1:dGS3EmChQP3yOi1YeFNO/Dx+MbWZhdvhQJTXochM5bs=
github.com/unrolled/render v1.0.2/go.mod h1:gN9T0NhL4Bfbwu8ann7Ry/TGHYfosul+J0obPf6NBdM=
github.com/unrolled/secure v1.0.9 h1:BWRuEb1vDrBFFDdbCnKkof3gZ35I/bnHGyt0LB0TNyQ=
@@ -1718,8 +1932,11 @@ github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/X
github.com/urfave/negroni v1.0.0 h1:kIimOitoypq34K7TG7DUaJ9kq/N4Ofuwi1sjz0KipXc=
github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4=
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
+github.com/valyala/fasthttp v1.26.0/go.mod h1:cmWIqlu99AO/RKcp1HWaViTqc57FswJOfYYdPJBl8BA=
+github.com/valyala/fasthttp v1.32.0/go.mod h1:2rsYD01CKFrjjsvFxx75KlEUNpWNBY9JWD3K/7o2Cus=
github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
+github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
github.com/vdemeester/shakers v0.1.0 h1:K+n9sSyUCg2ywmZkv+3c7vsYZfivcfKhMh8kRxCrONM=
github.com/vdemeester/shakers v0.1.0/go.mod h1:IZ1HHynUOQt32iQ3rvAeVddXLd19h/6LWiKsh9RZtAQ=
github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
@@ -1732,9 +1949,15 @@ github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:tw
github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
+github.com/vmihailenco/bufpool v0.1.11/go.mod h1:AFf/MOy3l2CFTKbxwt0mp2MwnqjNEs5H/UxrkA5jxTQ=
github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
+github.com/vmihailenco/msgpack/v4 v4.3.11/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
+github.com/vmihailenco/msgpack/v5 v5.0.0-beta.1/go.mod h1:xlngVLeyQ/Qi05oQxhQ+oTuqa03RjMwMfk/7/TCs+QI=
+github.com/vmihailenco/msgpack/v5 v5.3.4/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc=
github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
+github.com/vmihailenco/tagparser v0.1.2/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
+github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
github.com/vmware/govmomi v0.18.0/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU=
github.com/vulcand/oxy v1.4.1 h1:8FUsbr5xhSJqNlSrpUBcw93WuZIEI9JUyvThB9YqqF8=
github.com/vulcand/oxy v1.4.1/go.mod h1:Yq8OBb0XWU/7nPSglwUH5LS2Pcp4yvad8SVayobZbSo=
@@ -1747,6 +1970,9 @@ github.com/weppos/publicsuffix-go v0.5.0 h1:rutRtjBJViU/YjcI5d80t4JAVvDltS6bciJg
github.com/weppos/publicsuffix-go v0.5.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k=
github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
+github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
+github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs=
+github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I=
github.com/xdg/stringprep v1.0.0/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y=
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -1760,6 +1986,7 @@ github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQ
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1/go.mod h1:QcJo0QPSfTONNIgpN5RA8prR7fF8nkF6cTWTcNerRO8=
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
+github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -1771,6 +1998,8 @@ github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go
github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
github.com/zclconf/go-cty v1.4.0/go.mod h1:nHzOclRkoj++EU9ZjSrZvRG0BXIWt8c7loYc0qXAFGQ=
github.com/zclconf/go-cty v1.7.1/go.mod h1:VDR4+I79ubFBGm1uJac1226K5yANQFHeauxPBoP54+o=
+github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
+github.com/zenazn/goji v1.0.1/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE=
github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54tB79AMBcySS0R2XIyZBAVmeHranShAFELYx7is=
@@ -1800,6 +2029,7 @@ go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3
go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
go.etcd.io/etcd/client/v3 v3.5.0 h1:62Eh0XOro+rDwkrypAGDfgmNh5Joq+z+W9HZdlXMzek=
go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0=
+go.mongodb.org/mongo-driver v1.5.1/go.mod h1:gRXCHX4Jo7J0IJ1oDQyUxF7jfy19UfxniMS4xxMmUqw=
go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA=
go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
@@ -1812,20 +2042,24 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
+go.opentelemetry.io/otel v0.11.0/go.mod h1:G8UCk+KooF2HLkgo8RHX9epABH/aRGYET7gQOqBVdB0=
go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
+go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0=
go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
+go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
go.uber.org/ratelimit v0.0.0-20180316092928-c15da0234277 h1:d9qaMM+ODpCq+9We41//fu/sHsTnXcrqd1en3x+GKy4=
go.uber.org/ratelimit v0.0.0-20180316092928-c15da0234277/go.mod h1:2X8KaoNd1J0lZV+PxJk/5+DGbO/tpwLR1m++a7FnB/Y=
go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
+go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
@@ -1836,6 +2070,7 @@ golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+
golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20180621125126-a49355c7e3f8/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20180910181607-0e37d006457b/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -1845,14 +2080,18 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190404164418-38d8ce5564a5/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
+golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
+golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190506204251-e1dfcc566284/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190530122614-20be4c3c3ed5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191028145041-f83a4685e152/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -1860,7 +2099,9 @@ golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPh
golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200317142112-1b76d66859c6/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200422194213-44a606286825/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -1869,11 +2110,14 @@ golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPh
golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f h1:OeJjE6G4dgCY4PIXvIRQbE8+RX+uXZyGhUy/ksMGJoc=
golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1888,8 +2132,10 @@ golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u0
golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6 h1:QE6XYQK6naiK1EPAe1g/ILLxN5RBoH5xkJk3CqlMI/Y=
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/exp v0.0.0-20200901203048-c4f52b2c50aa/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/exp v0.0.0-20200908183739-ae8ad444f925 h1:5XVKs2rlCg8EFyRcvO8/XFwYxh1oKJO1Q3X5vttIf9c=
+golang.org/x/exp v0.0.0-20200908183739-ae8ad444f925/go.mod h1:1phAWC201xIgDyaFpmDeZkgf70Q4Pd/CNqfRtVPtxNw=
golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
@@ -1968,6 +2214,7 @@ golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/
golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200904194848-62affa334b73/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
@@ -1984,6 +2231,7 @@ golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT
golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 h1:HVyaeDAYux4pnY+D/SiwmLOR36ewZ4iGQIIrtnuCjFA=
golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
@@ -2008,6 +2256,7 @@ golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -2036,6 +2285,7 @@ golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190502175342-a43fa875dd82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -2045,6 +2295,7 @@ golang.org/x/sys v0.0.0-20190515120540-06a5c4944438/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20190522044717-8097e1b27ff5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190523142557-0e01d883c5c5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190530182044-ad28b68e88f1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -2063,6 +2314,7 @@ golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191025021431-6c3a3bfe00ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -2129,12 +2381,16 @@ golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220307203707-22a9840ba4d7 h1:8IVLkfbr2cLhv0a/vKq4UFUcJym8RmDoDboxCFWEjYE=
golang.org/x/sys v0.0.0-20220307203707-22a9840ba4d7/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
@@ -2162,8 +2418,9 @@ golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxb
golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20210611083556-38a9dc6acbc6/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac h1:7zkz7BUtwNFFqcowJ+RIgu2MaV/MapERkDIy+mwPyjs=
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 h1:GZokNIeuVkl3aZHJchRrr13WCsols02MLUcz1U9is6M=
+golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -2178,15 +2435,21 @@ golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3
golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -2220,6 +2483,7 @@ golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roY
golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200527183253-8e7acdbce89d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
@@ -2238,6 +2502,8 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2 h1:BonxutuHCTL0rBDnZlKjpGIQFTjyUVTexFOdWkB6Fg0=
golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -2268,6 +2534,7 @@ google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/
google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.25.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
@@ -2325,7 +2592,9 @@ google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfG
google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20200528110217-3d3490e7e671/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+google.golang.org/genproto v0.0.0-20200726014623-da3ae01ef02d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
@@ -2366,6 +2635,7 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji
google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
@@ -2388,8 +2658,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-gopkg.in/DataDog/dd-trace-go.v1 v1.19.0 h1:aFSFd6oDMdvPYiToGqTv7/ERA6QrPhGaXSuueRCaM88=
-gopkg.in/DataDog/dd-trace-go.v1 v1.19.0/go.mod h1:DVp8HmDh8PuTu2Z0fVVlBsyWaC++fzwVCaGWylTe3tg=
+gopkg.in/DataDog/dd-trace-go.v1 v1.38.1 h1:nAKgcpJLXRHF56cKCP3bN8gTTQmmNAZFEblbyGKhKTo=
+gopkg.in/DataDog/dd-trace-go.v1 v1.38.1/go.mod h1:GBhK4yaMJ1h329ivtKAqRNe1EZ944UnZwtz5lh7CnJc=
gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -2412,6 +2682,7 @@ gopkg.in/gorethink/gorethink.v3 v3.0.5 h1:e2Uc/Xe+hpcVQFsj6MuHlYog3r0JYpnTzwDj/y
gopkg.in/gorethink/gorethink.v3 v3.0.5/go.mod h1:+3yIIHJUGMBK+wyPH+iN5TP+88ikFDfZdqTlK3Y9q8I=
gopkg.in/h2non/gock.v1 v1.0.15 h1:SzLqcIlb/fDfg7UvukMpNcWsu7sI5tWwL+KCATZqks0=
gopkg.in/h2non/gock.v1 v1.0.15/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdODlynE=
+gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s=
gopkg.in/inf.v0 v0.9.0/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
@@ -2429,9 +2700,12 @@ gopkg.in/jcmturner/gokrb5.v7 v7.2.3 h1:hHMV/yKPwMnJhPuPx7pH2Uw/3Qyf+thJYlisUc440
gopkg.in/jcmturner/gokrb5.v7 v7.2.3/go.mod h1:l8VISx+WGYp+Fp7KRbsiUuXTTOnxIc3Tuvyavf11/WM=
gopkg.in/jcmturner/rpc.v1 v1.1.0 h1:QHIUxTX1ISuAv9dD2wJ9HWQVuWDX/Zc0PfeC2tjc4rU=
gopkg.in/jcmturner/rpc.v1 v1.1.0/go.mod h1:YIdkC4XfD6GXbzje11McwsDuOlZQSb9W4vfLvuNnlv8=
+gopkg.in/jinzhu/gorm.v1 v1.9.1/go.mod h1:56JJPUzbikvTVnoyP1nppSkbJ2L8sunqTBDY2fDrmFg=
gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
gopkg.in/ns1/ns1-go.v2 v2.6.2 h1:tC+gRSN6fmnb9l9cVrIysXyuRO0wV6cZrjDqlMB0gGc=
gopkg.in/ns1/ns1-go.v2 v2.6.2/go.mod h1:GMnKY+ZuoJ+lVLL+78uSTjwTz2jMazq6AfGKQOYhsPk=
+gopkg.in/olivere/elastic.v3 v3.0.75/go.mod h1:yDEuSnrM51Pc8dM5ov7U8aI/ToR3PG0llA8aRv2qmw0=
+gopkg.in/olivere/elastic.v5 v5.0.84/go.mod h1:LXF6q9XNBxpMqrcgax95C6xyARXWbbCXUrtTxrNrxJI=
gopkg.in/redis.v5 v5.2.9 h1:MNZYOLPomQzZMfpN3ZtD1uyJ2IDonTTlxYiV/pEApiw=
gopkg.in/redis.v5 v5.2.9/go.mod h1:6gtv0/+A4iM08kdRfocWYB3bLX2tebpNtfKlFT6H4mY=
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
@@ -2457,6 +2731,12 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gorm.io/driver/mysql v1.0.1/go.mod h1:KtqSthtg55lFp3S5kUXqlGaelnWpKitn4k1xZTnoiPw=
+gorm.io/driver/postgres v1.0.0/go.mod h1:wtMFcOzmuA5QigNsgEIb7O5lhvH1tHAF1RbWmLWV4to=
+gorm.io/driver/sqlserver v1.0.4/go.mod h1:ciEo5btfITTBCj9BkoUVDvgQbUdLWQNqdFY5OGuGnRg=
+gorm.io/gorm v1.9.19/go.mod h1:0HFTzE/SqkGTzK6TlDPPQbAYCluiVvhzoA1+aVyzenw=
+gorm.io/gorm v1.20.0/go.mod h1:0HFTzE/SqkGTzK6TlDPPQbAYCluiVvhzoA1+aVyzenw=
+gorm.io/gorm v1.20.6/go.mod h1:0HFTzE/SqkGTzK6TlDPPQbAYCluiVvhzoA1+aVyzenw=
gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
@@ -2476,6 +2756,7 @@ howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCU
k8s.io/api v0.0.0-20180904230853-4e7be11eab3f/go.mod h1:iuAfoD4hCxJ8Onx9kaTIt30j7jUFS00AXQi6QMi99vA=
k8s.io/api v0.0.0-20191016110408-35e52d86657a/go.mod h1:/L5qH+AD540e7Cetbui1tuJeXdmNhO8jM6VkXeDdDhQ=
k8s.io/api v0.16.9/go.mod h1:Y7dZNHs1Xy0mSwSlzL9QShi6qkljnN41yR8oWCRTDe8=
+k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI=
k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo=
k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ=
k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8=
@@ -2489,6 +2770,7 @@ k8s.io/apimachinery v0.0.0-20180904193909-def12e63c512/go.mod h1:ccL7Eh7zubPUSh9
k8s.io/apimachinery v0.0.0-20190806215851-162a2dabc72f/go.mod h1:+ntn62igV2hyNj7/0brOvXSMONE2KxcePkSxK7/9FFQ=
k8s.io/apimachinery v0.0.0-20191004115801-a2eda9f80ab8/go.mod h1:llRdnznGEAqC3DcNm6yEj472xaFVfLM7hnYofMb12tQ=
k8s.io/apimachinery v0.16.9/go.mod h1:Xk2vD2TRRpuWYLQNM6lT9R7DSFZUYG03SarNkbGrnKE=
+k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg=
k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc=
@@ -2503,6 +2785,7 @@ k8s.io/apiserver v0.21.3/go.mod h1:eDPWlZG6/cCCMj/JBcEpDoK+I+6i3r9GsChYBHSbAzU=
k8s.io/client-go v0.0.0-20180910083459-2cefa64ff137/go.mod h1:7vJpHMYJwNQCWgzmNV+VYUl1zCObLyodBc8nIyt8L5s=
k8s.io/client-go v0.0.0-20191016111102-bec269661e48/go.mod h1:hrwktSwYGI4JK+TJA3dMaFyyvHVi/aLarVHpbs8bgCU=
k8s.io/client-go v0.16.9/go.mod h1:ThjPlh7Kx+XoBFOCt775vx5J7atwY7F/zaFzTco5gL0=
+k8s.io/client-go v0.17.0/go.mod h1:TYgR6EUHs6k45hb6KWjVD6jFZvJV4gHDikv/It0xz+k=
k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y=
k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k=
k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0=
@@ -2541,6 +2824,7 @@ k8s.io/klog/v2 v2.10.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec=
k8s.io/kube-openapi v0.0.0-20180731170545-e3762e86a74c/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc=
k8s.io/kube-openapi v0.0.0-20190709113604-33be087ad058/go.mod h1:nfDlWeOsu3pUf4yWGL+ERqohP4YsZcBJXWMK+gkzOA4=
k8s.io/kube-openapi v0.0.0-20190816220812-743ec37842bf/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
+k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7/go.mod h1:wXW5VT87nVfh/iLV8FpR2uDvrFyomxbtb1KivDbvPTE=
k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e h1:KLHHjkdQFomZy8+06csTWZ0m1343QqxZhR2LJ1OxCYM=
@@ -2548,12 +2832,14 @@ k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2R
k8s.io/kubernetes v1.11.10/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
k8s.io/utils v0.0.0-20190801114015-581e00157fb1/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
+k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
k8s.io/utils v0.0.0-20210722164352-7f3ee0f31471/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
k8s.io/utils v0.0.0-20210820185131-d34e5cb4466e h1:ldQh+neBabomh7+89dTpiFAB8tGdfVmuIzAHbvtl+9I=
k8s.io/utils v0.0.0-20210820185131-d34e5cb4466e/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
launchpad.net/gocheck v0.0.0-20140225173054-000000000087/go.mod h1:hj7XX3B/0A+80Vse0e+BUHsHMTEhd0O4cpUHr/e/BUM=
+mellium.im/sasl v0.2.1/go.mod h1:ROaEDLQNuf9vjKqE1SrAfnsobm2YKXT1gnN1uDp1PjQ=
mvdan.cc/xurls/v2 v2.1.0 h1:KaMb5GLhlcSX+e+qhbRJODnUUBvlw01jt4yrjFIHAuA=
mvdan.cc/xurls/v2 v2.1.0/go.mod h1:5GrSd9rOnKOpZaji1OZLYL/yeAAtGDlo/cFe+8K5n8E=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
diff --git a/integration/fixtures/k8s/01-traefik-crd.yml b/integration/fixtures/k8s/01-traefik-crd.yml
index 5f963d898..b804fc422 100644
--- a/integration/fixtures/k8s/01-traefik-crd.yml
+++ b/integration/fixtures/k8s/01-traefik-crd.yml
@@ -19,7 +19,7 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
- description: IngressRoute is an Ingress CRD specification.
+ description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,96 +34,151 @@ spec:
metadata:
type: object
spec:
- description: IngressRouteSpec is a specification for a IngressRouteSpec
- resource.
+ description: IngressRouteSpec defines the desired state of IngressRoute.
properties:
entryPoints:
+ description: 'EntryPoints defines the list of entry point names to
+ bind to. Entry points have to be configured in the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+ Default: all.'
items:
type: string
type: array
routes:
+ description: Routes defines the list of routes.
items:
- description: Route contains the set of routes.
+ description: Route holds the HTTP route configuration.
properties:
kind:
+ description: Kind defines the kind of the route. Rule is the
+ only supported kind.
enum:
- Rule
type: string
match:
+ description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#rule'
type: string
middlewares:
+ description: 'Middlewares defines the list of references to
+ Middleware resources. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-middleware'
items:
- description: MiddlewareRef is a ref to the Middleware resources.
+ description: MiddlewareRef is a reference to a Middleware
+ resource.
properties:
name:
+ description: Name defines the name of the referenced Middleware
+ resource.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Middleware resource.
type: string
required:
- name
type: object
type: array
priority:
+ description: 'Priority defines the router''s priority. More
+ info: https://doc.traefik.io/traefik/v2.7/routing/routers/#priority'
type: integer
services:
+ description: Services defines the list of Service. It can contain
+ any combination of TraefikService and/or reference to a Kubernetes
+ Service.
items:
- description: Service defines an upstream to proxy traffic.
+ description: Service defines an upstream HTTP service to proxy
+ traffic to.
properties:
kind:
+ description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
- description: Name is a reference to a Kubernetes Service
- object (for a load-balancer of servers), or to a TraefikService
- object (service load-balancer, mirroring, etc). The
- differentiation between the two is specified in the
- Kind field.
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between
+ the two is specified in the Kind field.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
type: string
passHostHeader:
+ description: PassHostHeader defines whether the client
+ Host header is forwarded to the upstream Kubernetes
+ Service. By default, passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
- description: ResponseForwarding holds configuration for
- the forward of the response.
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to
+ the client.
properties:
flushInterval:
+ description: 'FlushInterval defines the interval,
+ in milliseconds, in between flushes to the client
+ while copying the response body. A negative value
+ means to flush immediately after each write to the
+ client. This configuration is ignored when ReverseProxy
+ recognizes a response as a streaming response; for
+ such responses, writes are flushed to the client
+ immediately. Default: 100ms'
type: string
type: object
scheme:
+ description: Scheme defines the scheme to use for the
+ request to the upstream Kubernetes Service. It defaults
+ to https when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport
+ between Traefik and your servers. Can only be used on
+ a Kubernetes Service.
type: string
sticky:
- description: Sticky holds the sticky configuration.
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
properties:
cookie:
- description: Cookie holds the sticky configuration
- based on cookie.
+ description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
+ description: HTTPOnly defines whether the cookie
+ can be accessed by client-side APIs, such as
+ JavaScript.
type: boolean
name:
+ description: Name defines the Cookie name.
type: string
sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
+ description: Secure defines whether the cookie
+ can only be transmitted over an encrypted connection
+ (i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported
+ value at the moment.
type: string
weight:
- description: Weight should only be specified when Name
- references a TraefikService object (and to be precise,
- one that embeds a Weighted Round Robin).
+ description: Weight defines the weight and should only
+ be specified when Name references a TraefikService object
+ (and to be precise, one that embeds a Weighted Round
+ Robin).
type: integer
required:
- name
@@ -135,14 +190,16 @@ spec:
type: object
type: array
tls:
- description: "TLS contains the TLS certificates configuration of the
- routes. To enable Let's Encrypt, use an empty TLS struct, e.g. in
- YAML: \n \t tls: {} # inline format \n \t tls: \t secretName:
- # block format"
+ description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls'
properties:
certResolver:
+ description: 'CertResolver defines the name of the certificate
+ resolver to use. Cert resolvers have to be configured in the
+ static configuration. More info: https://doc.traefik.io/traefik/v2.7/https/acme/#certificate-resolvers'
type: string
domains:
+ description: 'Domains defines the list of domains that will be
+ used to issue certificates. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#domains'
items:
description: Domain holds a domain name with SANs.
properties:
@@ -155,12 +212,17 @@ spec:
type: object
type: array
options:
- description: Options is a reference to a TLSOption, that specifies
- the parameters of the TLS connection.
+ description: 'Options defines the reference to a TLSOption, that
+ specifies the parameters of the TLS connection. If not defined,
+ the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
properties:
name:
+ description: 'Name defines the name of the referenced TLSOption.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsoption'
type: string
namespace:
+ description: 'Namespace defines the namespace of the referenced
+ TLSOption. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsoption'
type: string
required:
- name
@@ -170,12 +232,17 @@ spec:
Secret to specify the certificate details.
type: string
store:
- description: Store is a reference to a TLSStore, that specifies
- the parameters of the TLS store.
+ description: Store defines the reference to the TLSStore, that
+ will be used to store certificates. Please note that only `default`
+ TLSStore can be used.
properties:
name:
+ description: 'Name defines the name of the referenced TLSStore.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsstore'
type: string
namespace:
+ description: 'Namespace defines the namespace of the referenced
+ TLSStore. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsstore'
type: string
required:
- name
@@ -217,7 +284,7 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
- description: IngressRouteTCP is an Ingress CRD specification.
+ description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -232,58 +299,89 @@ spec:
metadata:
type: object
spec:
- description: IngressRouteTCPSpec is a specification for a IngressRouteTCPSpec
- resource.
+ description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
properties:
entryPoints:
+ description: 'EntryPoints defines the list of entry point names to
+ bind to. Entry points have to be configured in the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+ Default: all.'
items:
type: string
type: array
routes:
+ description: Routes defines the list of routes.
items:
- description: RouteTCP contains the set of routes.
+ description: RouteTCP holds the TCP route configuration.
properties:
match:
+ description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#rule_1'
type: string
middlewares:
- description: Middlewares contains references to MiddlewareTCP
+ description: Middlewares defines the list of references to MiddlewareTCP
resources.
items:
description: ObjectReference is a generic reference to a Traefik
resource.
properties:
name:
+ description: Name defines the name of the referenced Traefik
+ resource.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Traefik resource.
type: string
required:
- name
type: object
type: array
priority:
+ description: 'Priority defines the router''s priority. More
+ info: https://doc.traefik.io/traefik/v2.7/routing/routers/#priority_1'
type: integer
services:
+ description: Services defines the list of TCP services.
items:
- description: ServiceTCP defines an upstream to proxy traffic.
+ description: ServiceTCP defines an upstream TCP service to
+ proxy traffic to.
properties:
name:
+ description: Name defines the name of the referenced Kubernetes
+ Service.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service.
type: string
port:
anyOf:
- type: integer
- type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
x-kubernetes-int-or-string: true
proxyProtocol:
- description: ProxyProtocol holds the ProxyProtocol configuration.
+ description: 'ProxyProtocol defines the PROXY protocol
+ configuration. More info: https://doc.traefik.io/traefik/v2.7/routing/services/#proxy-protocol'
properties:
version:
+ description: Version defines the PROXY Protocol version
+ to use.
type: integer
type: object
terminationDelay:
+ description: TerminationDelay defines the deadline that
+ the proxy sets, after one of its connected peers indicates
+ it has closed the writing capability of its connection,
+ to close the reading capability as well, hence fully
+ terminating the connection. It is a duration in milliseconds,
+ defaulting to 100. A negative value means an infinite
+ deadline (i.e. the reading capability is never closed).
type: integer
weight:
+ description: Weight defines the weight used when balancing
+ requests between multiple Kubernetes Service.
type: integer
required:
- name
@@ -295,14 +393,17 @@ spec:
type: object
type: array
tls:
- description: "TLSTCP contains the TLS certificates configuration of
- the routes. To enable Let's Encrypt, use an empty TLS struct, e.g.
- in YAML: \n \t tls: {} # inline format \n \t tls: \t secretName:
- # block format"
+ description: 'TLS defines the TLS configuration on a layer 4 / TCP
+ Route. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls_1'
properties:
certResolver:
+ description: 'CertResolver defines the name of the certificate
+ resolver to use. Cert resolvers have to be configured in the
+ static configuration. More info: https://doc.traefik.io/traefik/v2.7/https/acme/#certificate-resolvers'
type: string
domains:
+ description: 'Domains defines the list of domains that will be
+ used to issue certificates. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#domains'
items:
description: Domain holds a domain name with SANs.
properties:
@@ -315,29 +416,41 @@ spec:
type: object
type: array
options:
- description: Options is a reference to a TLSOption, that specifies
- the parameters of the TLS connection.
+ description: 'Options defines the reference to a TLSOption, that
+ specifies the parameters of the TLS connection. If not defined,
+ the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
properties:
name:
+ description: Name defines the name of the referenced Traefik
+ resource.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Traefik resource.
type: string
required:
- name
type: object
passthrough:
+ description: Passthrough defines whether a TLS router will terminate
+ the TLS connection.
type: boolean
secretName:
description: SecretName is the name of the referenced Kubernetes
Secret to specify the certificate details.
type: string
store:
- description: Store is a reference to a TLSStore, that specifies
- the parameters of the TLS store.
+ description: Store defines the reference to the TLSStore, that
+ will be used to store certificates. Please note that only `default`
+ TLSStore can be used.
properties:
name:
+ description: Name defines the name of the referenced Traefik
+ resource.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Traefik resource.
type: string
required:
- name
@@ -379,7 +492,7 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
- description: IngressRouteUDP is an Ingress CRD specification.
+ description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -394,31 +507,45 @@ spec:
metadata:
type: object
spec:
- description: IngressRouteUDPSpec is a specification for a IngressRouteUDPSpec
- resource.
+ description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
properties:
entryPoints:
+ description: 'EntryPoints defines the list of entry point names to
+ bind to. Entry points have to be configured in the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+ Default: all.'
items:
type: string
type: array
routes:
+ description: Routes defines the list of routes.
items:
- description: RouteUDP contains the set of routes.
+ description: RouteUDP holds the UDP route configuration.
properties:
services:
+ description: Services defines the list of UDP services.
items:
- description: ServiceUDP defines an upstream to proxy traffic.
+ description: ServiceUDP defines an upstream UDP service to
+ proxy traffic to.
properties:
name:
+ description: Name defines the name of the referenced Kubernetes
+ Service.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service.
type: string
port:
anyOf:
- type: integer
- type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
x-kubernetes-int-or-string: true
weight:
+ description: Weight defines the weight used when balancing
+ requests between multiple Kubernetes Service.
type: integer
required:
- name
@@ -463,7 +590,8 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
- description: Middleware is a specification for a Middleware resource.
+ description: 'Middleware is the CRD implementation of a Traefik Middleware.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/overview/'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -478,54 +606,99 @@ spec:
metadata:
type: object
spec:
- description: MiddlewareSpec holds the Middleware configuration.
+ description: MiddlewareSpec defines the desired state of a Middleware.
properties:
addPrefix:
- description: AddPrefix holds the AddPrefix configuration.
+ description: 'AddPrefix holds the add prefix middleware configuration.
+ This middleware updates the path of a request before forwarding
+ it. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/addprefix/'
properties:
prefix:
+ description: Prefix is the string to add before the current path
+ in the requested URL. It should include a leading slash (/).
type: string
type: object
basicAuth:
- description: BasicAuth holds the HTTP basic authentication configuration.
+ description: 'BasicAuth holds the basic auth middleware configuration.
+ This middleware restricts access to your services to known users.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/'
properties:
headerField:
+ description: 'HeaderField defines a header field to store the
+ authenticated user. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield'
type: string
realm:
+ description: 'Realm allows the protected resources on a server
+ to be partitioned into a set of protection spaces, each with
+ its own authentication scheme. Default: traefik.'
type: string
removeHeader:
+ description: 'RemoveHeader sets the removeHeader option to true
+ to remove the authorization header before forwarding the request
+ to your service. Default: false.'
type: boolean
secret:
+ description: Secret is the name of the referenced Kubernetes Secret
+ containing user credentials.
type: string
type: object
buffering:
- description: Buffering holds the request/response buffering configuration.
+ description: 'Buffering holds the buffering middleware configuration.
+ This middleware retries or limits the size of requests that can
+ be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#maxrequestbodybytes'
properties:
maxRequestBodyBytes:
+ description: 'MaxRequestBodyBytes defines the maximum allowed
+ body size for the request (in bytes). If the request exceeds
+ the allowed size, it is not forwarded to the service, and the
+ client gets a 413 (Request Entity Too Large) response. Default:
+ 0 (no maximum).'
format: int64
type: integer
maxResponseBodyBytes:
+ description: 'MaxResponseBodyBytes defines the maximum allowed
+ response size from the service (in bytes). If the response exceeds
+ the allowed size, it is not forwarded to the client. The client
+ gets a 500 (Internal Server Error) response instead. Default:
+ 0 (no maximum).'
format: int64
type: integer
memRequestBodyBytes:
+ description: 'MemRequestBodyBytes defines the threshold (in bytes)
+ from which the request will be buffered on disk instead of in
+ memory. Default: 1048576 (1Mi).'
format: int64
type: integer
memResponseBodyBytes:
+ description: 'MemResponseBodyBytes defines the threshold (in bytes)
+ from which the response will be buffered on disk instead of
+ in memory. Default: 1048576 (1Mi).'
format: int64
type: integer
retryExpression:
+ description: 'RetryExpression defines the retry conditions. It
+ is a logical combination of functions with operators AND (&&)
+ and OR (||). More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#retryexpression'
type: string
type: object
chain:
- description: Chain holds a chain of middlewares.
+ description: 'Chain holds the configuration of the chain middleware.
+ This middleware enables to define reusable combinations of other
+ pieces of middleware. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/chain/'
properties:
middlewares:
+ description: Middlewares is the list of MiddlewareRef which composes
+ the chain.
items:
- description: MiddlewareRef is a ref to the Middleware resources.
+ description: MiddlewareRef is a reference to a Middleware resource.
properties:
name:
+ description: Name defines the name of the referenced Middleware
+ resource.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Middleware resource.
type: string
required:
- name
@@ -563,159 +736,249 @@ spec:
x-kubernetes-int-or-string: true
type: object
compress:
- description: Compress holds the compress configuration.
+ description: 'Compress holds the compress middleware configuration.
+ This middleware compresses responses before sending them to the
+ client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/compress/'
properties:
excludedContentTypes:
+ description: ExcludedContentTypes defines the list of content
+ types to compare the Content-Type header of the incoming requests
+ and responses before compressing.
items:
type: string
type: array
minResponseBodyBytes:
+ description: 'MinResponseBodyBytes defines the minimum amount
+ of bytes a response body must have to be compressed. Default:
+ 1024.'
type: integer
type: object
contentType:
- description: ContentType middleware - or rather its unique `autoDetect`
- option - specifies whether to let the `Content-Type` header, if
- it has not been set by the backend, be automatically set to a value
- derived from the contents of the response. As a proxy, the default
- behavior should be to leave the header alone, regardless of what
- the backend did with it. However, the historic default was to always
- auto-detect and set the header if it was nil, and it is going to
- be kept that way in order to support users currently relying on
- it. This middleware exists to enable the correct behavior until
- at least the default one can be changed in a future version.
+ description: ContentType holds the content-type middleware configuration.
+ This middleware exists to enable the correct behavior until at least
+ the default one can be changed in a future version.
properties:
autoDetect:
+ description: AutoDetect specifies whether to let the `Content-Type`
+ header, if it has not been set by the backend, be automatically
+ set to a value derived from the contents of the response. As
+ a proxy, the default behavior should be to leave the header
+ alone, regardless of what the backend did with it. However,
+ the historic default was to always auto-detect and set the header
+ if it was nil, and it is going to be kept that way in order
+ to support users currently relying on it.
type: boolean
type: object
digestAuth:
- description: DigestAuth holds the Digest HTTP authentication configuration.
+ description: 'DigestAuth holds the digest auth middleware configuration.
+ This middleware restricts access to your services to known users.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/digestauth/'
properties:
headerField:
+ description: 'HeaderField defines a header field to store the
+ authenticated user. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield'
type: string
realm:
+ description: 'Realm allows the protected resources on a server
+ to be partitioned into a set of protection spaces, each with
+ its own authentication scheme. Default: traefik.'
type: string
removeHeader:
+ description: RemoveHeader defines whether to remove the authorization
+ header before forwarding the request to the backend.
type: boolean
secret:
+ description: Secret is the name of the referenced Kubernetes Secret
+ containing user credentials.
type: string
type: object
errors:
- description: ErrorPage holds the custom error page configuration.
+ description: 'ErrorPage holds the custom error middleware configuration.
+ This middleware returns a custom page in lieu of the default, according
+ to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/errorpages/'
properties:
query:
+ description: Query defines the URL for the error page (hosted
+ by service). The {status} variable can be used in order to insert
+ the status code in the URL.
type: string
service:
- description: Service defines an upstream to proxy traffic.
+ description: 'Service defines the reference to a Kubernetes Service
+ that will serve the error page. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/errorpages/#service'
properties:
kind:
+ description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
- description: Name is a reference to a Kubernetes Service object
- (for a load-balancer of servers), or to a TraefikService
- object (service load-balancer, mirroring, etc). The differentiation
- between the two is specified in the Kind field.
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between the
+ two is specified in the Kind field.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
type: string
passHostHeader:
+ description: PassHostHeader defines whether the client Host
+ header is forwarded to the upstream Kubernetes Service.
+ By default, passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
- description: ResponseForwarding holds configuration for the
- forward of the response.
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to the
+ client.
properties:
flushInterval:
+ description: 'FlushInterval defines the interval, in milliseconds,
+ in between flushes to the client while copying the response
+ body. A negative value means to flush immediately after
+ each write to the client. This configuration is ignored
+ when ReverseProxy recognizes a response as a streaming
+ response; for such responses, writes are flushed to
+ the client immediately. Default: 100ms'
type: string
type: object
scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https
+ when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport between
+ Traefik and your servers. Can only be used on a Kubernetes
+ Service.
type: string
sticky:
- description: Sticky holds the sticky configuration.
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
properties:
cookie:
- description: Cookie holds the sticky configuration based
- on cookie.
+ description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
+ description: HTTPOnly defines whether the cookie can
+ be accessed by client-side APIs, such as JavaScript.
type: boolean
name:
+ description: Name defines the Cookie name.
type: string
sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
+ description: Secure defines whether the cookie can
+ only be transmitted over an encrypted connection
+ (i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported value
+ at the moment.
type: string
weight:
- description: Weight should only be specified when Name references
- a TraefikService object (and to be precise, one that embeds
- a Weighted Round Robin).
+ description: Weight defines the weight and should only be
+ specified when Name references a TraefikService object (and
+ to be precise, one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
status:
+ description: Status defines which status or range of statuses
+ should result in an error page. It can be either a status code
+ as a number (500), as multiple comma-separated numbers (500,502),
+ as ranges by separating two codes with a dash (500-599), or
+ a combination of the two (404,418,500-599).
items:
type: string
type: array
type: object
forwardAuth:
- description: ForwardAuth holds the http forward authentication configuration.
+ description: 'ForwardAuth holds the forward auth middleware configuration.
+ This middleware delegates the request authentication to a Service.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/'
properties:
address:
+ description: Address defines the authentication server address.
type: string
authRequestHeaders:
+ description: AuthRequestHeaders defines the list of the headers
+ to copy from the request to the authentication server. If not
+ set or empty then all request headers are passed.
items:
type: string
type: array
authResponseHeaders:
+ description: AuthResponseHeaders defines the list of headers to
+ copy from the authentication server response and set on forwarded
+ request, replacing any existing conflicting headers.
items:
type: string
type: array
authResponseHeadersRegex:
+ description: 'AuthResponseHeadersRegex defines the regex to match
+ headers to copy from the authentication server response and
+ set on forwarded request, after stripping all headers that match
+ the regex. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/#authresponseheadersregex'
type: string
tls:
- description: ClientTLS holds TLS specific configurations as client.
+ description: TLS defines the configuration used to secure the
+ connection to the authentication server.
properties:
caOptional:
type: boolean
caSecret:
+ description: CASecret is the name of the referenced Kubernetes
+ Secret containing the CA to validate the server certificate.
+ The CA certificate is extracted from key `tls.ca` or `ca.crt`.
type: string
certSecret:
+ description: CertSecret is the name of the referenced Kubernetes
+ Secret containing the client certificate. The client certificate
+ is extracted from the keys `tls.crt` and `tls.key`.
type: string
insecureSkipVerify:
+ description: InsecureSkipVerify defines whether the server
+ certificates should be validated.
type: boolean
type: object
trustForwardHeader:
+ description: 'TrustForwardHeader defines whether to trust (ie:
+ forward) all X-Forwarded-* headers.'
type: boolean
type: object
headers:
- description: Headers holds the custom header configuration.
+ description: 'Headers holds the headers middleware configuration.
+ This middleware manages the requests and responses headers. More
+ info: https://doc.traefik.io/traefik/v2.7/middlewares/http/headers/#customrequestheaders'
properties:
accessControlAllowCredentials:
- description: AccessControlAllowCredentials is only valid if true.
- false is ignored.
+ description: AccessControlAllowCredentials defines whether the
+ request can include user credentials.
type: boolean
accessControlAllowHeaders:
- description: AccessControlAllowHeaders must be used in response
- to a preflight request with Access-Control-Request-Headers set.
+ description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
+ values sent in preflight response.
items:
type: string
type: array
accessControlAllowMethods:
- description: AccessControlAllowMethods must be used in response
- to a preflight request with Access-Control-Request-Method set.
+ description: AccessControlAllowMethods defines the Access-Control-Request-Method
+ values sent in preflight response.
items:
type: string
type: array
@@ -732,60 +995,96 @@ spec:
type: string
type: array
accessControlExposeHeaders:
- description: AccessControlExposeHeaders sets valid headers for
- the response.
+ description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
+ values sent in preflight response.
items:
type: string
type: array
accessControlMaxAge:
- description: AccessControlMaxAge sets the time that a preflight
+ description: AccessControlMaxAge defines the time that a preflight
request may be cached.
format: int64
type: integer
addVaryHeader:
- description: AddVaryHeader controls if the Vary header is automatically
- added/updated when the AccessControlAllowOriginList is set.
+ description: AddVaryHeader defines whether the Vary header is
+ automatically added/updated when the AccessControlAllowOriginList
+ is set.
type: boolean
allowedHosts:
+ description: AllowedHosts defines the fully qualified list of
+ allowed domain names.
items:
type: string
type: array
browserXssFilter:
+ description: BrowserXSSFilter defines whether to add the X-XSS-Protection
+ header with the value 1; mode=block.
type: boolean
contentSecurityPolicy:
+ description: ContentSecurityPolicy defines the Content-Security-Policy
+ header value.
type: string
contentTypeNosniff:
+ description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
+ header with the nosniff value.
type: boolean
customBrowserXSSValue:
+ description: CustomBrowserXSSValue defines the X-XSS-Protection
+ header value. This overrides the BrowserXssFilter option.
type: string
customFrameOptionsValue:
+ description: CustomFrameOptionsValue defines the X-Frame-Options
+ header value. This overrides the FrameDeny option.
type: string
customRequestHeaders:
additionalProperties:
type: string
+ description: CustomRequestHeaders defines the header names and
+ values to apply to the request.
type: object
customResponseHeaders:
additionalProperties:
type: string
+ description: CustomResponseHeaders defines the header names and
+ values to apply to the response.
type: object
featurePolicy:
description: 'Deprecated: use PermissionsPolicy instead.'
type: string
forceSTSHeader:
+ description: ForceSTSHeader defines whether to add the STS header
+ even when the connection is HTTP.
type: boolean
frameDeny:
+ description: FrameDeny defines whether to add the X-Frame-Options
+ header with the DENY value.
type: boolean
hostsProxyHeaders:
+ description: HostsProxyHeaders defines the header keys that may
+ hold a proxied hostname value for the request.
items:
type: string
type: array
isDevelopment:
+ description: IsDevelopment defines whether to mitigate the unwanted
+ effects of the AllowedHosts, SSL, and STS options when developing.
+ Usually testing takes place using HTTP, not HTTPS, and on localhost,
+ not your production domain. If you would like your development
+ environment to mimic production with complete Host blocking,
+ SSL redirects, and STS headers, leave this as false.
type: boolean
permissionsPolicy:
+ description: PermissionsPolicy defines the Permissions-Policy
+ header value. This allows sites to control browser features.
type: string
publicKey:
+ description: PublicKey is the public key that implements HPKP
+ to prevent MITM attacks with forged certificates.
type: string
referrerPolicy:
+ description: ReferrerPolicy defines the Referrer-Policy header
+ value. This allows sites to control whether browsers forward
+ the Referer header to other sites.
type: string
sslForceHost:
description: 'Deprecated: use RedirectRegex instead.'
@@ -796,6 +1095,10 @@ spec:
sslProxyHeaders:
additionalProperties:
type: string
+ description: 'SSLProxyHeaders defines the header keys with associated
+ values that would indicate a valid HTTPS request. It can be
+ useful when using other proxies (example: "X-Forwarded-Proto":
+ "https").'
type: object
sslRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
@@ -806,119 +1109,192 @@ spec:
instead.'
type: boolean
stsIncludeSubdomains:
+ description: STSIncludeSubdomains defines whether the includeSubDomains
+ directive is appended to the Strict-Transport-Security header.
type: boolean
stsPreload:
+ description: STSPreload defines whether the preload flag is appended
+ to the Strict-Transport-Security header.
type: boolean
stsSeconds:
+ description: STSSeconds defines the max-age of the Strict-Transport-Security
+ header. If set to 0, the header is not set.
format: int64
type: integer
type: object
inFlightReq:
- description: InFlightReq limits the number of requests being processed
- and served concurrently.
+ description: 'InFlightReq holds the in-flight request middleware configuration.
+ This middleware limits the number of requests being processed and
+ served concurrently. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/'
properties:
amount:
+ description: Amount defines the maximum amount of allowed simultaneous
+ in-flight request. The middleware responds with HTTP 429 Too
+ Many Requests if there are already amount requests in progress
+ (based on the same sourceCriterion strategy).
format: int64
type: integer
sourceCriterion:
- description: SourceCriterion defines what criterion is used to
- group requests as originating from a common source. If none
- are set, the default is to use the request's remote address
- field. All fields are mutually exclusive.
+ description: 'SourceCriterion defines what criterion is used to
+ group requests as originating from a common source. If several
+ strategies are defined at the same time, an error will be raised.
+ If none are set, the default is to use the requestHost. More
+ info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/#sourcecriterion'
properties:
ipStrategy:
- description: IPStrategy holds the ip strategy configuration.
+ description: 'IPStrategy holds the IP strategy configuration
+ used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
properties:
depth:
+ description: Depth tells Traefik to use the X-Forwarded-For
+ header and take the IP located at the depth position
+ (starting from the right).
type: integer
excludedIPs:
+ description: ExcludedIPs configures Traefik to scan the
+ X-Forwarded-For header and select the first IP not in
+ the list.
items:
type: string
type: array
type: object
requestHeaderName:
+ description: RequestHeaderName defines the name of the header
+ used to group incoming requests.
type: string
requestHost:
+ description: RequestHost defines whether to consider the request
+ Host as the source.
type: boolean
type: object
type: object
ipWhiteList:
- description: IPWhiteList holds the ip white list configuration.
+ description: 'IPWhiteList holds the IP whitelist middleware configuration.
+ This middleware accepts / refuses requests based on the client IP.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/'
properties:
ipStrategy:
- description: IPStrategy holds the ip strategy configuration.
+ description: 'IPStrategy holds the IP strategy configuration used
+ by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
properties:
depth:
+ description: Depth tells Traefik to use the X-Forwarded-For
+ header and take the IP located at the depth position (starting
+ from the right).
type: integer
excludedIPs:
+ description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
+ header and select the first IP not in the list.
items:
type: string
type: array
type: object
sourceRange:
+ description: SourceRange defines the set of allowed IPs (or ranges
+ of allowed IPs by using CIDR notation).
items:
type: string
type: array
type: object
passTLSClientCert:
- description: PassTLSClientCert holds the TLS client cert headers configuration.
+ description: 'PassTLSClientCert holds the pass TLS client cert middleware
+ configuration. This middleware adds the selected data from the passed
+ client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/passtlsclientcert/'
properties:
info:
- description: TLSClientCertificateInfo holds the client TLS certificate
- info configuration.
+ description: Info selects the specific client certificate details
+ you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
properties:
issuer:
- description: TLSClientCertificateIssuerDNInfo holds the client
- TLS certificate distinguished name info configuration. cf
- https://tools.ietf.org/html/rfc3739
+ description: Issuer defines the client certificate issuer
+ details to add to the X-Forwarded-Tls-Client-Cert-Info header.
properties:
commonName:
+ description: CommonName defines whether to add the organizationalUnit
+ information into the issuer.
type: boolean
country:
+ description: Country defines whether to add the country
+ information into the issuer.
type: boolean
domainComponent:
+ description: DomainComponent defines whether to add the
+ domainComponent information into the issuer.
type: boolean
locality:
+ description: Locality defines whether to add the locality
+ information into the issuer.
type: boolean
organization:
+ description: Organization defines whether to add the organization
+ information into the issuer.
type: boolean
province:
+ description: Province defines whether to add the province
+ information into the issuer.
type: boolean
serialNumber:
+ description: SerialNumber defines whether to add the serialNumber
+ information into the issuer.
type: boolean
type: object
notAfter:
+ description: NotAfter defines whether to add the Not After
+ information from the Validity part.
type: boolean
notBefore:
+ description: NotBefore defines whether to add the Not Before
+ information from the Validity part.
type: boolean
sans:
+ description: Sans defines whether to add the Subject Alternative
+ Name information from the Subject Alternative Name part.
type: boolean
serialNumber:
+ description: SerialNumber defines whether to add the client
+ serialNumber information.
type: boolean
subject:
- description: TLSClientCertificateSubjectDNInfo holds the client
- TLS certificate distinguished name info configuration. cf
- https://tools.ietf.org/html/rfc3739
+ description: Subject defines the client certificate subject
+ details to add to the X-Forwarded-Tls-Client-Cert-Info header.
properties:
commonName:
+ description: CommonName defines whether to add the organizationalUnit
+ information into the subject.
type: boolean
country:
+ description: Country defines whether to add the country
+ information into the subject.
type: boolean
domainComponent:
+ description: DomainComponent defines whether to add the
+ domainComponent information into the subject.
type: boolean
locality:
+ description: Locality defines whether to add the locality
+ information into the subject.
type: boolean
organization:
+ description: Organization defines whether to add the organization
+ information into the subject.
type: boolean
organizationalUnit:
+ description: OrganizationalUnit defines whether to add
+ the organizationalUnit information into the subject.
type: boolean
province:
+ description: Province defines whether to add the province
+ information into the subject.
type: boolean
serialNumber:
+ description: SerialNumber defines whether to add the serialNumber
+ information into the subject.
type: boolean
type: object
type: object
pem:
+ description: PEM sets the X-Forwarded-Tls-Client-Cert header with
+ the escaped certificate.
type: boolean
type: object
plugin:
@@ -926,101 +1302,171 @@ spec:
x-kubernetes-preserve-unknown-fields: true
type: object
rateLimit:
- description: RateLimit holds the rate limiting configuration for a
- given router.
+ description: 'RateLimit holds the rate limit configuration. This middleware
+ ensures that services will receive a fair amount of requests, and
+ allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ratelimit/'
properties:
average:
+ description: Average is the maximum rate, by default in requests/s,
+ allowed for the given source. It defaults to 0, which means
+ no rate limiting. The rate is actually defined by dividing Average
+ by Period. So for a rate below 1req/s, one needs to define a
+ Period larger than a second.
format: int64
type: integer
burst:
+ description: Burst is the maximum number of requests allowed to
+ arrive in the same arbitrarily small period of time. It defaults
+ to 1.
format: int64
type: integer
period:
anyOf:
- type: integer
- type: string
+ description: 'Period, in combination with Average, defines the
+ actual maximum rate, such as: r = Average / Period. It defaults
+ to a second.'
x-kubernetes-int-or-string: true
sourceCriterion:
description: SourceCriterion defines what criterion is used to
- group requests as originating from a common source. If none
- are set, the default is to use the request's remote address
- field. All fields are mutually exclusive.
+ group requests as originating from a common source. If several
+ strategies are defined at the same time, an error will be raised.
+ If none are set, the default is to use the request's remote
+ address field (as an ipStrategy).
properties:
ipStrategy:
- description: IPStrategy holds the ip strategy configuration.
+ description: 'IPStrategy holds the IP strategy configuration
+ used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
properties:
depth:
+ description: Depth tells Traefik to use the X-Forwarded-For
+ header and take the IP located at the depth position
+ (starting from the right).
type: integer
excludedIPs:
+ description: ExcludedIPs configures Traefik to scan the
+ X-Forwarded-For header and select the first IP not in
+ the list.
items:
type: string
type: array
type: object
requestHeaderName:
+ description: RequestHeaderName defines the name of the header
+ used to group incoming requests.
type: string
requestHost:
+ description: RequestHost defines whether to consider the request
+ Host as the source.
type: boolean
type: object
type: object
redirectRegex:
- description: RedirectRegex holds the redirection configuration.
+ description: 'RedirectRegex holds the redirect regex middleware configuration.
+ This middleware redirects a request using regex matching and replacement.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectregex/#regex'
properties:
permanent:
+ description: Permanent defines whether the redirection is permanent
+ (301).
type: boolean
regex:
+ description: Regex defines the regex used to match and capture
+ elements from the request URL.
type: string
replacement:
+ description: Replacement defines how to modify the URL to have
+ the new target URL.
type: string
type: object
redirectScheme:
- description: RedirectScheme holds the scheme redirection configuration.
+ description: 'RedirectScheme holds the redirect scheme middleware
+ configuration. This middleware redirects requests from a scheme/port
+ to another. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectscheme/'
properties:
permanent:
+ description: Permanent defines whether the redirection is permanent
+ (301).
type: boolean
port:
+ description: Port defines the port of the new URL.
type: string
scheme:
+ description: Scheme defines the scheme of the new URL.
type: string
type: object
replacePath:
- description: ReplacePath holds the ReplacePath configuration.
+ description: 'ReplacePath holds the replace path middleware configuration.
+ This middleware replaces the path of the request URL and store the
+ original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepath/'
properties:
path:
+ description: Path defines the path to use as replacement in the
+ request URL.
type: string
type: object
replacePathRegex:
- description: ReplacePathRegex holds the ReplacePathRegex configuration.
+ description: 'ReplacePathRegex holds the replace path regex middleware
+ configuration. This middleware replaces the path of a URL using
+ regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepathregex/'
properties:
regex:
+ description: Regex defines the regular expression used to match
+ and capture the path from the request URL.
type: string
replacement:
+ description: Replacement defines the replacement path format,
+ which can include captured variables.
type: string
type: object
retry:
- description: Retry holds the retry configuration.
+ description: 'Retry holds the retry middleware configuration. This
+ middleware reissues requests a given number of times to a backend
+ server if that server does not reply. As soon as the server answers,
+ the middleware stops retrying, regardless of the response status.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/retry/'
properties:
attempts:
+ description: Attempts defines how many times the request should
+ be retried.
type: integer
initialInterval:
anyOf:
- type: integer
- type: string
+ description: InitialInterval defines the first wait time in the
+ exponential backoff series. The maximum interval is calculated
+ as twice the initialInterval. If unspecified, requests will
+ be retried immediately. The value of initialInterval should
+ be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
x-kubernetes-int-or-string: true
type: object
stripPrefix:
- description: StripPrefix holds the StripPrefix configuration.
+ description: 'StripPrefix holds the strip prefix middleware configuration.
+ This middleware removes the specified prefixes from the URL path.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefix/'
properties:
forceSlash:
+ description: 'ForceSlash ensures that the resulting stripped path
+ is not the empty string, by replacing it with / when necessary.
+ Default: true.'
type: boolean
prefixes:
+ description: Prefixes defines the prefixes to strip from the request
+ URL.
items:
type: string
type: array
type: object
stripPrefixRegex:
- description: StripPrefixRegex holds the StripPrefixRegex configuration.
+ description: 'StripPrefixRegex holds the strip prefix regex middleware
+ configuration. This middleware removes the matching prefixes from
+ the URL path. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefixregex/'
properties:
regex:
+ description: Regex defines the regular expression to match the
+ path prefix from the request URL.
items:
type: string
type: array
@@ -1059,7 +1505,8 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
- description: MiddlewareTCP is a specification for a MiddlewareTCP resource.
+ description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
+ More info: https://doc.traefik.io/traefik/v2.7/middlewares/overview/'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -1074,19 +1521,24 @@ spec:
metadata:
type: object
spec:
- description: MiddlewareTCPSpec holds the MiddlewareTCP configuration.
+ description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
properties:
inFlightConn:
- description: TCPInFlightConn holds the TCP in flight connection configuration.
+ description: InFlightConn defines the InFlightConn middleware configuration.
properties:
amount:
+ description: Amount defines the maximum amount of allowed simultaneous
+ connections. The middleware closes the connection if there are
+ already amount connections opened.
format: int64
type: integer
type: object
ipWhiteList:
- description: TCPIPWhiteList holds the TCP ip white list configuration.
+ description: IPWhiteList defines the IPWhiteList middleware configuration.
properties:
sourceRange:
+ description: SourceRange defines the allowed IPs (or ranges of
+ allowed IPs by using CIDR notation).
items:
type: string
type: array
@@ -1125,7 +1577,10 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
- description: ServersTransport is a specification for a ServersTransport resource.
+ description: 'ServersTransport is the CRD implementation of a ServersTransport.
+ If no serversTransport is specified, the default@internal will be used.
+ The default@internal serversTransport is created from the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/services/#serverstransport_1'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -1140,27 +1595,28 @@ spec:
metadata:
type: object
spec:
- description: ServersTransportSpec options to configure communication between
- Traefik and the servers.
+ description: ServersTransportSpec defines the desired state of a ServersTransport.
properties:
certificatesSecrets:
- description: Certificates for mTLS.
+ description: CertificatesSecrets defines a list of secret storing
+ client certificates for mTLS.
items:
type: string
type: array
disableHTTP2:
- description: Disable HTTP/2 for connections with backend servers.
+ description: DisableHTTP2 disables HTTP/2 for connections with backend
+ servers.
type: boolean
forwardingTimeouts:
- description: Timeouts for requests forwarded to the backend servers.
+ description: ForwardingTimeouts defines the timeouts for requests
+ forwarded to the backend servers.
properties:
dialTimeout:
anyOf:
- type: integer
- type: string
description: DialTimeout is the amount of time to wait until a
- connection to a backend server can be established. If zero,
- no timeout exists.
+ connection to a backend server can be established.
x-kubernetes-int-or-string: true
idleConnTimeout:
anyOf:
@@ -1183,7 +1639,7 @@ spec:
- type: string
description: ReadIdleTimeout is the timeout after which a health
check using ping frame will be carried out if no frame is received
- on the HTTP/2 connection. If zero, no health check is performed.
+ on the HTTP/2 connection.
x-kubernetes-int-or-string: true
responseHeaderTimeout:
anyOf:
@@ -1191,27 +1647,29 @@ spec:
- type: string
description: ResponseHeaderTimeout is the amount of time to wait
for a server's response headers after fully writing the request
- (including its body, if any). If zero, no timeout exists.
+ (including its body, if any).
x-kubernetes-int-or-string: true
type: object
insecureSkipVerify:
- description: Disable SSL certificate verification.
+ description: InsecureSkipVerify disables SSL certificate verification.
type: boolean
maxIdleConnsPerHost:
- description: If non-zero, controls the maximum idle (keep-alive) to
- keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.
+ description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
+ to keep per-host.
type: integer
peerCertURI:
- description: URI used to match against SAN URI during the peer certificate
- verification.
+ description: PeerCertURI defines the peer cert URI used to match against
+ SAN URI during the peer certificate verification.
type: string
rootCAsSecrets:
- description: Add cert file for self-signed certificate.
+ description: RootCAsSecrets defines a list of CA secret used to validate
+ self-signed certificate.
items:
type: string
type: array
serverName:
- description: ServerName used to contact the server.
+ description: ServerName defines the server name used to contact the
+ server.
type: string
type: object
required:
@@ -1247,7 +1705,9 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
- description: TLSOption is a specification for a TLSOption resource.
+ description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
+ allowing to configure some parameters of the TLS connection. More info:
+ https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -1262,19 +1722,24 @@ spec:
metadata:
type: object
spec:
- description: TLSOptionSpec configures TLS for an entry point.
+ description: TLSOptionSpec defines the desired state of a TLSOption.
properties:
alpnProtocols:
+ description: 'ALPNProtocols defines the list of supported application
+ level protocols for the TLS handshake, in order of preference. More
+ info: https://doc.traefik.io/traefik/v2.7/https/tls/#alpn-protocols'
items:
type: string
type: array
cipherSuites:
+ description: 'CipherSuites defines the list of supported cipher suites
+ for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#cipher-suites'
items:
type: string
type: array
clientAuth:
- description: ClientAuth defines the parameters of the client authentication
- part of the TLS connection, if any.
+ description: ClientAuth defines the server's policy for TLS Client
+ Authentication.
properties:
clientAuthType:
description: ClientAuthType defines the client authentication
@@ -1287,23 +1752,36 @@ spec:
- RequireAndVerifyClientCert
type: string
secretNames:
- description: SecretName is the name of the referenced Kubernetes
- Secret to specify the certificate details.
+ description: SecretNames defines the names of the referenced Kubernetes
+ Secret storing certificate details.
items:
type: string
type: array
type: object
curvePreferences:
+ description: 'CurvePreferences defines the preferred elliptic curves
+ in a specific order. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#curve-preferences'
items:
type: string
type: array
maxVersion:
+ description: 'MaxVersion defines the maximum TLS version that Traefik
+ will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+ VersionTLS13. Default: None.'
type: string
minVersion:
+ description: 'MinVersion defines the minimum TLS version that Traefik
+ will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+ VersionTLS13. Default: VersionTLS10.'
type: string
preferServerCipherSuites:
+ description: PreferServerCipherSuites defines whether the server chooses
+ a cipher suite among his own instead of among the client's. It is
+ enabled automatically when minVersion or maxVersion are set.
type: boolean
sniStrict:
+ description: SniStrict defines whether Traefik allows connections
+ from clients connections that do not specify a server_name extension.
type: boolean
type: object
required:
@@ -1339,7 +1817,10 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
- description: TLSStore is a specification for a TLSStore resource.
+ description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
+ the time being, only the TLSStore named default is supported. This means
+ that you cannot have two stores that are named default in different Kubernetes
+ namespaces. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#certificates-stores'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -1354,7 +1835,7 @@ spec:
metadata:
type: object
spec:
- description: TLSStoreSpec configures a TLSStore resource.
+ description: TLSStoreSpec defines the desired state of a TLSStore.
properties:
certificates:
description: Certificates is a list of secret names, each secret holding
@@ -1371,8 +1852,7 @@ spec:
type: object
type: array
defaultCertificate:
- description: DefaultCertificate is the name of the secret holding
- the default key/certificate pair for the store.
+ description: DefaultCertificate defines the default certificate configuration.
properties:
secretName:
description: SecretName is the name of the referenced Kubernetes
@@ -1415,10 +1895,9 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
- description: TraefikService is the specification for a service (that an IngressRoute
- refers to) that is usually not a terminal service (i.e. not a pod of servers),
- as opposed to a Kubernetes Service. That is to say, it usually refers to
- other (children) services, which themselves can be TraefikServices or Services.
+ description: 'TraefikService is the CRD implementation of a Traefik Service.
+ TraefikService object allows to: - Apply weight to Services on load-balancing -
+ Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-traefikservice'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -1433,220 +1912,332 @@ spec:
metadata:
type: object
spec:
- description: ServiceSpec defines whether a TraefikService is a load-balancer
- of services or a mirroring service.
+ description: TraefikServiceSpec defines the desired state of a TraefikService.
properties:
mirroring:
- description: Mirroring defines a mirroring service, which is composed
- of a main load-balancer, and a list of mirrors.
+ description: Mirroring defines the Mirroring service configuration.
properties:
kind:
+ description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
maxBodySize:
+ description: MaxBodySize defines the maximum size allowed for
+ the body of the request. If the body is larger, the request
+ is not mirrored. Default value is -1, which means unlimited
+ size.
format: int64
type: integer
mirrors:
+ description: Mirrors defines the list of mirrors where Traefik
+ will duplicate the traffic.
items:
- description: MirrorService defines one of the mirrors of a Mirroring
- service.
+ description: MirrorService holds the mirror configuration.
properties:
kind:
+ description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
- description: Name is a reference to a Kubernetes Service
- object (for a load-balancer of servers), or to a TraefikService
- object (service load-balancer, mirroring, etc). The differentiation
- between the two is specified in the Kind field.
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between
+ the two is specified in the Kind field.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
type: string
passHostHeader:
+ description: PassHostHeader defines whether the client Host
+ header is forwarded to the upstream Kubernetes Service.
+ By default, passHostHeader is true.
type: boolean
percent:
+ description: 'Percent defines the part of the traffic to
+ mirror. Supported values: 0 to 100.'
type: integer
port:
anyOf:
- type: integer
- type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
- description: ResponseForwarding holds configuration for
- the forward of the response.
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to the
+ client.
properties:
flushInterval:
+ description: 'FlushInterval defines the interval, in
+ milliseconds, in between flushes to the client while
+ copying the response body. A negative value means
+ to flush immediately after each write to the client.
+ This configuration is ignored when ReverseProxy recognizes
+ a response as a streaming response; for such responses,
+ writes are flushed to the client immediately. Default:
+ 100ms'
type: string
type: object
scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https
+ when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport
+ between Traefik and your servers. Can only be used on
+ a Kubernetes Service.
type: string
sticky:
- description: Sticky holds the sticky configuration.
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
properties:
cookie:
- description: Cookie holds the sticky configuration based
- on cookie.
+ description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
+ description: HTTPOnly defines whether the cookie
+ can be accessed by client-side APIs, such as JavaScript.
type: boolean
name:
+ description: Name defines the Cookie name.
type: string
sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
+ description: Secure defines whether the cookie can
+ only be transmitted over an encrypted connection
+ (i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported
+ value at the moment.
type: string
weight:
- description: Weight should only be specified when Name references
- a TraefikService object (and to be precise, one that embeds
- a Weighted Round Robin).
+ description: Weight defines the weight and should only be
+ specified when Name references a TraefikService object
+ (and to be precise, one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
type: array
name:
- description: Name is a reference to a Kubernetes Service object
- (for a load-balancer of servers), or to a TraefikService object
- (service load-balancer, mirroring, etc). The differentiation
- between the two is specified in the Kind field.
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between the two
+ is specified in the Kind field.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
type: string
passHostHeader:
+ description: PassHostHeader defines whether the client Host header
+ is forwarded to the upstream Kubernetes Service. By default,
+ passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
+ description: Port defines the port of a Kubernetes Service. This
+ can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
- description: ResponseForwarding holds configuration for the forward
- of the response.
+ description: ResponseForwarding defines how Traefik forwards the
+ response from the upstream Kubernetes Service to the client.
properties:
flushInterval:
+ description: 'FlushInterval defines the interval, in milliseconds,
+ in between flushes to the client while copying the response
+ body. A negative value means to flush immediately after
+ each write to the client. This configuration is ignored
+ when ReverseProxy recognizes a response as a streaming response;
+ for such responses, writes are flushed to the client immediately.
+ Default: 100ms'
type: string
type: object
scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https when
+ Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport between
+ Traefik and your servers. Can only be used on a Kubernetes Service.
type: string
sticky:
- description: Sticky holds the sticky configuration.
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
properties:
cookie:
- description: Cookie holds the sticky configuration based on
- cookie.
+ description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
+ description: HTTPOnly defines whether the cookie can be
+ accessed by client-side APIs, such as JavaScript.
type: boolean
name:
+ description: Name defines the Cookie name.
type: string
sameSite:
+ description: 'SameSite defines the same site policy. More
+ info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
+ description: Secure defines whether the cookie can only
+ be transmitted over an encrypted connection (i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
+ description: Strategy defines the load balancing strategy between
+ the servers. RoundRobin is the only supported value at the moment.
type: string
weight:
- description: Weight should only be specified when Name references
- a TraefikService object (and to be precise, one that embeds
- a Weighted Round Robin).
+ description: Weight defines the weight and should only be specified
+ when Name references a TraefikService object (and to be precise,
+ one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
weighted:
- description: WeightedRoundRobin defines a load-balancer of services.
+ description: Weighted defines the Weighted Round Robin configuration.
properties:
services:
+ description: Services defines the list of Kubernetes Service and/or
+ TraefikService to load-balance, with weight.
items:
- description: Service defines an upstream to proxy traffic.
+ description: Service defines an upstream HTTP service to proxy
+ traffic to.
properties:
kind:
+ description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
- description: Name is a reference to a Kubernetes Service
- object (for a load-balancer of servers), or to a TraefikService
- object (service load-balancer, mirroring, etc). The differentiation
- between the two is specified in the Kind field.
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between
+ the two is specified in the Kind field.
type: string
namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
type: string
passHostHeader:
+ description: PassHostHeader defines whether the client Host
+ header is forwarded to the upstream Kubernetes Service.
+ By default, passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
- description: ResponseForwarding holds configuration for
- the forward of the response.
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to the
+ client.
properties:
flushInterval:
+ description: 'FlushInterval defines the interval, in
+ milliseconds, in between flushes to the client while
+ copying the response body. A negative value means
+ to flush immediately after each write to the client.
+ This configuration is ignored when ReverseProxy recognizes
+ a response as a streaming response; for such responses,
+ writes are flushed to the client immediately. Default:
+ 100ms'
type: string
type: object
scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https
+ when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport
+ between Traefik and your servers. Can only be used on
+ a Kubernetes Service.
type: string
sticky:
- description: Sticky holds the sticky configuration.
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
properties:
cookie:
- description: Cookie holds the sticky configuration based
- on cookie.
+ description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
+ description: HTTPOnly defines whether the cookie
+ can be accessed by client-side APIs, such as JavaScript.
type: boolean
name:
+ description: Name defines the Cookie name.
type: string
sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
+ description: Secure defines whether the cookie can
+ only be transmitted over an encrypted connection
+ (i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported
+ value at the moment.
type: string
weight:
- description: Weight should only be specified when Name references
- a TraefikService object (and to be precise, one that embeds
- a Weighted Round Robin).
+ description: Weight defines the weight and should only be
+ specified when Name references a TraefikService object
+ (and to be precise, one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
type: array
sticky:
- description: Sticky holds the sticky configuration.
+ description: 'Sticky defines whether sticky sessions are enabled.
+ More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
properties:
cookie:
- description: Cookie holds the sticky configuration based on
- cookie.
+ description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
+ description: HTTPOnly defines whether the cookie can be
+ accessed by client-side APIs, such as JavaScript.
type: boolean
name:
+ description: Name defines the Cookie name.
type: string
sameSite:
+ description: 'SameSite defines the same site policy. More
+ info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
+ description: Secure defines whether the cookie can only
+ be transmitted over an encrypted connection (i.e. HTTPS).
type: boolean
type: object
type: object
diff --git a/integration/fixtures/simple_muxer.toml b/integration/fixtures/simple_muxer.toml
new file mode 100644
index 000000000..9ec55ebdc
--- /dev/null
+++ b/integration/fixtures/simple_muxer.toml
@@ -0,0 +1,44 @@
+[global]
+ checkNewVersion = false
+ sendAnonymousUsage = false
+
+[log]
+ level = "DEBUG"
+
+[entryPoints]
+ [entryPoints.webHost]
+ address = ":8000"
+ [entryPoints.webHostRegexp]
+ address = ":8001"
+ [entryPoints.webQuery]
+ address = ":8002"
+
+[api]
+ insecure = true
+
+[providers.file]
+ filename = "{{ .SelfFilename }}"
+
+## dynamic configuration ##
+
+[http.routers]
+ [http.routers.router1]
+ entryPoints = ["webHost"]
+ service = "service1"
+ rule = "!Host(`test.localhost`)"
+
+ [http.routers.router2]
+ entryPoints = ["webHostRegexp"]
+ service = "service1"
+ rule = "!HostRegexp(`test.localhost`)"
+
+ [http.routers.router3]
+ entryPoints = ["webQuery"]
+ service = "service1"
+ rule = "!Query(`foo=`)"
+
+
+[http.services]
+ [http.services.service1.loadBalancer]
+ [[http.services.service1.loadBalancer.servers]]
+ url = "{{ .Server1 }}"
diff --git a/integration/simple_test.go b/integration/simple_test.go
index b66371971..c939d8f0a 100644
--- a/integration/simple_test.go
+++ b/integration/simple_test.go
@@ -1,6 +1,7 @@
package integration
import (
+ "bufio"
"bytes"
"crypto/rand"
"encoding/json"
@@ -1178,3 +1179,124 @@ func (s *SimpleSuite) TestContentTypeDisableAutoDetect(c *check.C) {
})
c.Assert(err, checker.IsNil)
}
+
+func (s *SimpleSuite) TestMuxer(c *check.C) {
+ s.createComposeProject(c, "base")
+
+ s.composeUp(c)
+ defer s.composeDown(c)
+
+ whoami1URL := "http://" + net.JoinHostPort(s.getComposeServiceIP(c, "whoami1"), "80")
+
+ file := s.adaptFile(c, "fixtures/simple_muxer.toml", struct {
+ Server1 string
+ }{whoami1URL})
+ defer os.Remove(file)
+
+ cmd, output := s.traefikCmd(withConfigFile(file))
+ defer output(c)
+
+ err := cmd.Start()
+ c.Assert(err, checker.IsNil)
+ defer s.killCmd(cmd)
+
+ err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("!Host"))
+ c.Assert(err, checker.IsNil)
+
+ testCases := []struct {
+ desc string
+ request string
+ target string
+ body string
+ expected int
+ }{
+ {
+ desc: "!Host with absolute-form URL with empty host and host header, no match",
+ request: "GET http://@/ HTTP/1.1\r\nHost: test.localhost\r\n\r\n",
+ target: "127.0.0.1:8000",
+ expected: http.StatusNotFound,
+ },
+ {
+ desc: "!Host with absolute-form URL with empty host and host header, match",
+ request: "GET http://@/ HTTP/1.1\r\nHost: toto.localhost\r\n\r\n",
+ target: "127.0.0.1:8000",
+ expected: http.StatusOK,
+ },
+ {
+ desc: "!Host with absolute-form URL and host header, no match",
+ request: "GET http://test.localhost/ HTTP/1.1\r\nHost: toto.localhost\r\n\r\n",
+ target: "127.0.0.1:8000",
+ expected: http.StatusNotFound,
+ },
+ {
+ desc: "!Host with absolute-form URL and host header, match",
+ request: "GET http://toto.localhost/ HTTP/1.1\r\nHost: test.localhost\r\n\r\n",
+ target: "127.0.0.1:8000",
+ expected: http.StatusOK,
+ },
+ {
+ desc: "!HostRegexp with absolute-form URL with empty host and host header, no match",
+ request: "GET http://@/ HTTP/1.1\r\nHost: test.localhost\r\n\r\n",
+ target: "127.0.0.1:8001",
+ expected: http.StatusNotFound,
+ },
+ {
+ desc: "!HostRegexp with absolute-form URL with empty host and host header, match",
+ request: "GET http://@/ HTTP/1.1\r\nHost: toto.localhost\r\n\r\n",
+ target: "127.0.0.1:8001",
+ expected: http.StatusOK,
+ },
+ {
+ desc: "!HostRegexp with absolute-form URL and host header, no match",
+ request: "GET http://test.localhost/ HTTP/1.1\r\nHost: toto.localhost\r\n\r\n",
+ target: "127.0.0.1:8001",
+ expected: http.StatusNotFound,
+ },
+ {
+ desc: "!HostRegexp with absolute-form URL and host header, match",
+ request: "GET http://toto.localhost/ HTTP/1.1\r\nHost: test.localhost\r\n\r\n",
+ target: "127.0.0.1:8001",
+ expected: http.StatusOK,
+ },
+ {
+ desc: "!Query with semicolon, no match",
+ request: "GET /?foo=; HTTP/1.1\r\nHost: other.localhost\r\n\r\n",
+ target: "127.0.0.1:8002",
+ expected: http.StatusNotFound,
+ },
+ {
+ desc: "!Query with semicolon, no match",
+ request: "GET /?foo=titi;bar=toto HTTP/1.1\r\nHost: other.localhost\r\n\r\n",
+ target: "127.0.0.1:8002",
+ expected: http.StatusNotFound,
+ },
+ {
+ desc: "!Query with semicolon, match",
+ request: "GET /?bar=toto;boo=titi HTTP/1.1\r\nHost: other.localhost\r\n\r\n",
+ target: "127.0.0.1:8002",
+ expected: http.StatusOK,
+ body: "bar=toto&boo=titi",
+ },
+ }
+
+ for _, test := range testCases {
+ conn, err := net.Dial("tcp", test.target)
+ c.Assert(err, checker.IsNil)
+
+ _, err = conn.Write([]byte(test.request))
+ c.Assert(err, checker.IsNil)
+
+ resp, err := http.ReadResponse(bufio.NewReader(conn), nil)
+ c.Assert(err, checker.IsNil)
+
+ if resp.StatusCode != test.expected {
+ c.Errorf("%s failed with %d instead of %d", test.desc, resp.StatusCode, test.expected)
+ }
+
+ if test.body != "" {
+ body, err := io.ReadAll(resp.Body)
+ c.Assert(err, checker.IsNil)
+ c.Assert(string(body), checker.Contains, test.body)
+ }
+ }
+}
diff --git a/pkg/config/dynamic/http_config.go b/pkg/config/dynamic/http_config.go
index e8305e6c8..7cf4f64ff 100644
--- a/pkg/config/dynamic/http_config.go
+++ b/pkg/config/dynamic/http_config.go
@@ -124,6 +124,7 @@ func (w *WRRService) SetDefaults() {
// Sticky holds the sticky configuration.
type Sticky struct {
+ // Cookie defines the sticky cookie configuration.
Cookie *Cookie `json:"cookie,omitempty" toml:"cookie,omitempty" yaml:"cookie,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"`
}
@@ -131,9 +132,14 @@ type Sticky struct {
// Cookie holds the sticky configuration based on cookie.
type Cookie struct {
- Name string `json:"name,omitempty" toml:"name,omitempty" yaml:"name,omitempty" export:"true"`
- Secure bool `json:"secure,omitempty" toml:"secure,omitempty" yaml:"secure,omitempty" export:"true"`
- HTTPOnly bool `json:"httpOnly,omitempty" toml:"httpOnly,omitempty" yaml:"httpOnly,omitempty" export:"true"`
+ // Name defines the Cookie name.
+ Name string `json:"name,omitempty" toml:"name,omitempty" yaml:"name,omitempty" export:"true"`
+ // Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).
+ Secure bool `json:"secure,omitempty" toml:"secure,omitempty" yaml:"secure,omitempty" export:"true"`
+ // HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript.
+ HTTPOnly bool `json:"httpOnly,omitempty" toml:"httpOnly,omitempty" yaml:"httpOnly,omitempty" export:"true"`
+ // SameSite defines the same site policy.
+ // More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
SameSite string `json:"sameSite,omitempty" toml:"sameSite,omitempty" yaml:"sameSite,omitempty" export:"true"`
}
@@ -178,8 +184,13 @@ func (l *ServersLoadBalancer) SetDefaults() {
// +k8s:deepcopy-gen=true
-// ResponseForwarding holds configuration for the forward of the response.
+// ResponseForwarding holds the response forwarding configuration.
type ResponseForwarding struct {
+ // FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+ // A negative value means to flush immediately after each write to the client.
+ // This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
+ // for such responses, writes are flushed to the client immediately.
+ // Default: 100ms
FlushInterval string `json:"flushInterval,omitempty" toml:"flushInterval,omitempty" yaml:"flushInterval,omitempty" export:"true"`
}
diff --git a/pkg/config/dynamic/middlewares.go b/pkg/config/dynamic/middlewares.go
index f8c9cfab2..f68e21694 100644
--- a/pkg/config/dynamic/middlewares.go
+++ b/pkg/config/dynamic/middlewares.go
@@ -40,60 +40,93 @@ type Middleware struct {
// +k8s:deepcopy-gen=true
-// ContentType middleware - or rather its unique `autoDetect` option -
-// specifies whether to let the `Content-Type` header,
-// if it has not been set by the backend,
-// be automatically set to a value derived from the contents of the response.
-// As a proxy, the default behavior should be to leave the header alone,
-// regardless of what the backend did with it.
-// However, the historic default was to always auto-detect and set the header if it was nil,
-// and it is going to be kept that way in order to support users currently relying on it.
+// ContentType holds the content-type middleware configuration.
// This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
type ContentType struct {
+ // AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
+ // be automatically set to a value derived from the contents of the response.
+ // As a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it.
+ // However, the historic default was to always auto-detect and set the header if it was nil,
+ // and it is going to be kept that way in order to support users currently relying on it.
AutoDetect bool `json:"autoDetect,omitempty" toml:"autoDetect,omitempty" yaml:"autoDetect,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
-// AddPrefix holds the AddPrefix configuration.
+// AddPrefix holds the add prefix middleware configuration.
+// This middleware updates the path of a request before forwarding it.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/addprefix/
type AddPrefix struct {
+ // Prefix is the string to add before the current path in the requested URL.
+ // It should include a leading slash (/).
Prefix string `json:"prefix,omitempty" toml:"prefix,omitempty" yaml:"prefix,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
-// BasicAuth holds the HTTP basic authentication configuration.
+// BasicAuth holds the basic auth middleware configuration.
+// This middleware restricts access to your services to known users.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/
type BasicAuth struct {
- Users Users `json:"users,omitempty" toml:"users,omitempty" yaml:"users,omitempty" loggable:"false"`
- UsersFile string `json:"usersFile,omitempty" toml:"usersFile,omitempty" yaml:"usersFile,omitempty"`
- Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"`
- RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"`
- HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
+ // Users is an array of authorized users.
+ // Each user must be declared using the name:hashed-password format.
+ // Tip: Use htpasswd to generate the passwords.
+ Users Users `json:"users,omitempty" toml:"users,omitempty" yaml:"users,omitempty" loggable:"false"`
+ // UsersFile is the path to an external file that contains the authorized users.
+ UsersFile string `json:"usersFile,omitempty" toml:"usersFile,omitempty" yaml:"usersFile,omitempty"`
+ // Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
+ // Default: traefik.
+ Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"`
+ // RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.
+ // Default: false.
+ RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"`
+ // HeaderField defines a header field to store the authenticated user.
+ // More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield
+ HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
-// Buffering holds the request/response buffering configuration.
+// Buffering holds the buffering middleware configuration.
+// This middleware retries or limits the size of requests that can be forwarded to backends.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#maxrequestbodybytes
type Buffering struct {
- MaxRequestBodyBytes int64 `json:"maxRequestBodyBytes,omitempty" toml:"maxRequestBodyBytes,omitempty" yaml:"maxRequestBodyBytes,omitempty" export:"true"`
- MemRequestBodyBytes int64 `json:"memRequestBodyBytes,omitempty" toml:"memRequestBodyBytes,omitempty" yaml:"memRequestBodyBytes,omitempty" export:"true"`
- MaxResponseBodyBytes int64 `json:"maxResponseBodyBytes,omitempty" toml:"maxResponseBodyBytes,omitempty" yaml:"maxResponseBodyBytes,omitempty" export:"true"`
- MemResponseBodyBytes int64 `json:"memResponseBodyBytes,omitempty" toml:"memResponseBodyBytes,omitempty" yaml:"memResponseBodyBytes,omitempty" export:"true"`
- RetryExpression string `json:"retryExpression,omitempty" toml:"retryExpression,omitempty" yaml:"retryExpression,omitempty" export:"true"`
+ // MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
+ // If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
+ // Default: 0 (no maximum).
+ MaxRequestBodyBytes int64 `json:"maxRequestBodyBytes,omitempty" toml:"maxRequestBodyBytes,omitempty" yaml:"maxRequestBodyBytes,omitempty" export:"true"`
+ // MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory.
+ // Default: 1048576 (1Mi).
+ MemRequestBodyBytes int64 `json:"memRequestBodyBytes,omitempty" toml:"memRequestBodyBytes,omitempty" yaml:"memRequestBodyBytes,omitempty" export:"true"`
+ // MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes).
+ // If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead.
+ // Default: 0 (no maximum).
+ MaxResponseBodyBytes int64 `json:"maxResponseBodyBytes,omitempty" toml:"maxResponseBodyBytes,omitempty" yaml:"maxResponseBodyBytes,omitempty" export:"true"`
+ // MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory.
+ // Default: 1048576 (1Mi).
+ MemResponseBodyBytes int64 `json:"memResponseBodyBytes,omitempty" toml:"memResponseBodyBytes,omitempty" yaml:"memResponseBodyBytes,omitempty" export:"true"`
+ // RetryExpression defines the retry conditions.
+ // It is a logical combination of functions with operators AND (&&) and OR (||).
+ // More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#retryexpression
+ RetryExpression string `json:"retryExpression,omitempty" toml:"retryExpression,omitempty" yaml:"retryExpression,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
-// Chain holds a chain of middlewares.
+// Chain holds the chain middleware configuration.
+// This middleware enables to define reusable combinations of other pieces of middleware.
type Chain struct {
+ // Middlewares is the list of middleware names which composes the chain.
Middlewares []string `json:"middlewares,omitempty" toml:"middlewares,omitempty" yaml:"middlewares,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
-// CircuitBreaker holds the circuit breaker configuration.
+// CircuitBreaker holds the circuit breaker middleware configuration.
+// This middleware protects the system from stacking requests to unhealthy services, resulting in cascading failures.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/circuitbreaker/
type CircuitBreaker struct {
- // Expression is the condition that triggers the tripped state.
+ // Expression defines the expression that, once matched, opens the circuit breaker and applies the fallback mechanism instead of calling the services.
Expression string `json:"expression,omitempty" toml:"expression,omitempty" yaml:"expression,omitempty" export:"true"`
// CheckPeriod is the interval between successive checks of the circuit breaker condition (when in standby state).
CheckPeriod ptypes.Duration `json:"checkPeriod,omitempty" toml:"checkPeriod,omitempty" yaml:"checkPeriod,omitempty" export:"true"`
@@ -112,95 +145,158 @@ func (c *CircuitBreaker) SetDefaults() {
// +k8s:deepcopy-gen=true
-// Compress holds the compress configuration.
+// Compress holds the compress middleware configuration.
+// This middleware compresses responses before sending them to the client, using gzip compression.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/compress/
type Compress struct {
+ // ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
ExcludedContentTypes []string `json:"excludedContentTypes,omitempty" toml:"excludedContentTypes,omitempty" yaml:"excludedContentTypes,omitempty" export:"true"`
- MinResponseBodyBytes int `json:"minResponseBodyBytes,omitempty" toml:"minResponseBodyBytes,omitempty" yaml:"minResponseBodyBytes,omitempty" export:"true"`
+ // MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
+ // Default: 1024.
+ MinResponseBodyBytes int `json:"minResponseBodyBytes,omitempty" toml:"minResponseBodyBytes,omitempty" yaml:"minResponseBodyBytes,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
-// DigestAuth holds the Digest HTTP authentication configuration.
+// DigestAuth holds the digest auth middleware configuration.
+// This middleware restricts access to your services to known users.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/digestauth/
type DigestAuth struct {
- Users Users `json:"users,omitempty" toml:"users,omitempty" yaml:"users,omitempty" loggable:"false"`
- UsersFile string `json:"usersFile,omitempty" toml:"usersFile,omitempty" yaml:"usersFile,omitempty"`
- RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"`
- Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"`
- HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
+ // Users defines the authorized users.
+ // Each user should be declared using the name:realm:encoded-password format.
+ Users Users `json:"users,omitempty" toml:"users,omitempty" yaml:"users,omitempty" loggable:"false"`
+ // UsersFile is the path to an external file that contains the authorized users for the middleware.
+ UsersFile string `json:"usersFile,omitempty" toml:"usersFile,omitempty" yaml:"usersFile,omitempty"`
+ // RemoveHeader defines whether to remove the authorization header before forwarding the request to the backend.
+ RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"`
+ // Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
+ // Default: traefik.
+ Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"`
+ // HeaderField defines a header field to store the authenticated user.
+ // More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield
+ HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
-// ErrorPage holds the custom error page configuration.
+// ErrorPage holds the custom error middleware configuration.
+// This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
type ErrorPage struct {
- Status []string `json:"status,omitempty" toml:"status,omitempty" yaml:"status,omitempty" export:"true"`
- Service string `json:"service,omitempty" toml:"service,omitempty" yaml:"service,omitempty" export:"true"`
- Query string `json:"query,omitempty" toml:"query,omitempty" yaml:"query,omitempty" export:"true"`
+ // Status defines which status or range of statuses should result in an error page.
+ // It can be either a status code as a number (500),
+ // as multiple comma-separated numbers (500,502),
+ // as ranges by separating two codes with a dash (500-599),
+ // or a combination of the two (404,418,500-599).
+ Status []string `json:"status,omitempty" toml:"status,omitempty" yaml:"status,omitempty" export:"true"`
+ // Service defines the name of the service that will serve the error page.
+ Service string `json:"service,omitempty" toml:"service,omitempty" yaml:"service,omitempty" export:"true"`
+ // Query defines the URL for the error page (hosted by service).
+ // The {status} variable can be used in order to insert the status code in the URL.
+ Query string `json:"query,omitempty" toml:"query,omitempty" yaml:"query,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
-// ForwardAuth holds the http forward authentication configuration.
+// ForwardAuth holds the forward auth middleware configuration.
+// This middleware delegates the request authentication to a Service.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/
type ForwardAuth struct {
- Address string `json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"`
- TLS *types.ClientTLS `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
- TrustForwardHeader bool `json:"trustForwardHeader,omitempty" toml:"trustForwardHeader,omitempty" yaml:"trustForwardHeader,omitempty" export:"true"`
- AuthResponseHeaders []string `json:"authResponseHeaders,omitempty" toml:"authResponseHeaders,omitempty" yaml:"authResponseHeaders,omitempty" export:"true"`
- AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty" toml:"authResponseHeadersRegex,omitempty" yaml:"authResponseHeadersRegex,omitempty" export:"true"`
- AuthRequestHeaders []string `json:"authRequestHeaders,omitempty" toml:"authRequestHeaders,omitempty" yaml:"authRequestHeaders,omitempty" export:"true"`
+ // Address defines the authentication server address.
+ Address string `json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"`
+ // TLS defines the configuration used to secure the connection to the authentication server.
+ TLS *types.ClientTLS `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
+ // TrustForwardHeader defines whether to trust (ie: forward) all X-Forwarded-* headers.
+ TrustForwardHeader bool `json:"trustForwardHeader,omitempty" toml:"trustForwardHeader,omitempty" yaml:"trustForwardHeader,omitempty" export:"true"`
+ // AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
+ AuthResponseHeaders []string `json:"authResponseHeaders,omitempty" toml:"authResponseHeaders,omitempty" yaml:"authResponseHeaders,omitempty" export:"true"`
+ // AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
+ // More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/#authresponseheadersregex
+ AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty" toml:"authResponseHeadersRegex,omitempty" yaml:"authResponseHeadersRegex,omitempty" export:"true"`
+ // AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
+ // If not set or empty then all request headers are passed.
+ AuthRequestHeaders []string `json:"authRequestHeaders,omitempty" toml:"authRequestHeaders,omitempty" yaml:"authRequestHeaders,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
-// Headers holds the custom header configuration.
+// Headers holds the headers middleware configuration.
+// This middleware manages the requests and responses headers.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/headers/#customrequestheaders
type Headers struct {
- CustomRequestHeaders map[string]string `json:"customRequestHeaders,omitempty" toml:"customRequestHeaders,omitempty" yaml:"customRequestHeaders,omitempty" export:"true"`
+ // CustomRequestHeaders defines the header names and values to apply to the request.
+ CustomRequestHeaders map[string]string `json:"customRequestHeaders,omitempty" toml:"customRequestHeaders,omitempty" yaml:"customRequestHeaders,omitempty" export:"true"`
+ // CustomResponseHeaders defines the header names and values to apply to the response.
CustomResponseHeaders map[string]string `json:"customResponseHeaders,omitempty" toml:"customResponseHeaders,omitempty" yaml:"customResponseHeaders,omitempty" export:"true"`
- // AccessControlAllowCredentials is only valid if true. false is ignored.
+ // AccessControlAllowCredentials defines whether the request can include user credentials.
AccessControlAllowCredentials bool `json:"accessControlAllowCredentials,omitempty" toml:"accessControlAllowCredentials,omitempty" yaml:"accessControlAllowCredentials,omitempty" export:"true"`
- // AccessControlAllowHeaders must be used in response to a preflight request with Access-Control-Request-Headers set.
+ // AccessControlAllowHeaders defines the Access-Control-Request-Headers values sent in preflight response.
AccessControlAllowHeaders []string `json:"accessControlAllowHeaders,omitempty" toml:"accessControlAllowHeaders,omitempty" yaml:"accessControlAllowHeaders,omitempty" export:"true"`
- // AccessControlAllowMethods must be used in response to a preflight request with Access-Control-Request-Method set.
+ // AccessControlAllowMethods defines the Access-Control-Request-Method values sent in preflight response.
AccessControlAllowMethods []string `json:"accessControlAllowMethods,omitempty" toml:"accessControlAllowMethods,omitempty" yaml:"accessControlAllowMethods,omitempty" export:"true"`
// AccessControlAllowOriginList is a list of allowable origins. Can also be a wildcard origin "*".
AccessControlAllowOriginList []string `json:"accessControlAllowOriginList,omitempty" toml:"accessControlAllowOriginList,omitempty" yaml:"accessControlAllowOriginList,omitempty"`
// AccessControlAllowOriginListRegex is a list of allowable origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
AccessControlAllowOriginListRegex []string `json:"accessControlAllowOriginListRegex,omitempty" toml:"accessControlAllowOriginListRegex,omitempty" yaml:"accessControlAllowOriginListRegex,omitempty"`
- // AccessControlExposeHeaders sets valid headers for the response.
+ // AccessControlExposeHeaders defines the Access-Control-Expose-Headers values sent in preflight response.
AccessControlExposeHeaders []string `json:"accessControlExposeHeaders,omitempty" toml:"accessControlExposeHeaders,omitempty" yaml:"accessControlExposeHeaders,omitempty" export:"true"`
- // AccessControlMaxAge sets the time that a preflight request may be cached.
+ // AccessControlMaxAge defines the time that a preflight request may be cached.
AccessControlMaxAge int64 `json:"accessControlMaxAge,omitempty" toml:"accessControlMaxAge,omitempty" yaml:"accessControlMaxAge,omitempty" export:"true"`
- // AddVaryHeader controls if the Vary header is automatically added/updated when the AccessControlAllowOriginList is set.
+ // AddVaryHeader defines whether the Vary header is automatically added/updated when the AccessControlAllowOriginList is set.
AddVaryHeader bool `json:"addVaryHeader,omitempty" toml:"addVaryHeader,omitempty" yaml:"addVaryHeader,omitempty" export:"true"`
-
- AllowedHosts []string `json:"allowedHosts,omitempty" toml:"allowedHosts,omitempty" yaml:"allowedHosts,omitempty"`
+ // AllowedHosts defines the fully qualified list of allowed domain names.
+ AllowedHosts []string `json:"allowedHosts,omitempty" toml:"allowedHosts,omitempty" yaml:"allowedHosts,omitempty"`
+ // HostsProxyHeaders defines the header keys that may hold a proxied hostname value for the request.
HostsProxyHeaders []string `json:"hostsProxyHeaders,omitempty" toml:"hostsProxyHeaders,omitempty" yaml:"hostsProxyHeaders,omitempty" export:"true"`
// Deprecated: use EntryPoint redirection or RedirectScheme instead.
SSLRedirect bool `json:"sslRedirect,omitempty" toml:"sslRedirect,omitempty" yaml:"sslRedirect,omitempty" export:"true"`
// Deprecated: use EntryPoint redirection or RedirectScheme instead.
SSLTemporaryRedirect bool `json:"sslTemporaryRedirect,omitempty" toml:"sslTemporaryRedirect,omitempty" yaml:"sslTemporaryRedirect,omitempty" export:"true"`
// Deprecated: use RedirectRegex instead.
- SSLHost string `json:"sslHost,omitempty" toml:"sslHost,omitempty" yaml:"sslHost,omitempty"`
+ SSLHost string `json:"sslHost,omitempty" toml:"sslHost,omitempty" yaml:"sslHost,omitempty"`
+ // SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
+ // It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
SSLProxyHeaders map[string]string `json:"sslProxyHeaders,omitempty" toml:"sslProxyHeaders,omitempty" yaml:"sslProxyHeaders,omitempty"`
// Deprecated: use RedirectRegex instead.
- SSLForceHost bool `json:"sslForceHost,omitempty" toml:"sslForceHost,omitempty" yaml:"sslForceHost,omitempty" export:"true"`
- STSSeconds int64 `json:"stsSeconds,omitempty" toml:"stsSeconds,omitempty" yaml:"stsSeconds,omitempty" export:"true"`
- STSIncludeSubdomains bool `json:"stsIncludeSubdomains,omitempty" toml:"stsIncludeSubdomains,omitempty" yaml:"stsIncludeSubdomains,omitempty" export:"true"`
- STSPreload bool `json:"stsPreload,omitempty" toml:"stsPreload,omitempty" yaml:"stsPreload,omitempty" export:"true"`
- ForceSTSHeader bool `json:"forceSTSHeader,omitempty" toml:"forceSTSHeader,omitempty" yaml:"forceSTSHeader,omitempty" export:"true"`
- FrameDeny bool `json:"frameDeny,omitempty" toml:"frameDeny,omitempty" yaml:"frameDeny,omitempty" export:"true"`
+ SSLForceHost bool `json:"sslForceHost,omitempty" toml:"sslForceHost,omitempty" yaml:"sslForceHost,omitempty" export:"true"`
+ // STSSeconds defines the max-age of the Strict-Transport-Security header.
+ // If set to 0, the header is not set.
+ STSSeconds int64 `json:"stsSeconds,omitempty" toml:"stsSeconds,omitempty" yaml:"stsSeconds,omitempty" export:"true"`
+ // STSIncludeSubdomains defines whether the includeSubDomains directive is appended to the Strict-Transport-Security header.
+ STSIncludeSubdomains bool `json:"stsIncludeSubdomains,omitempty" toml:"stsIncludeSubdomains,omitempty" yaml:"stsIncludeSubdomains,omitempty" export:"true"`
+ // STSPreload defines whether the preload flag is appended to the Strict-Transport-Security header.
+ STSPreload bool `json:"stsPreload,omitempty" toml:"stsPreload,omitempty" yaml:"stsPreload,omitempty" export:"true"`
+ // ForceSTSHeader defines whether to add the STS header even when the connection is HTTP.
+ ForceSTSHeader bool `json:"forceSTSHeader,omitempty" toml:"forceSTSHeader,omitempty" yaml:"forceSTSHeader,omitempty" export:"true"`
+ // FrameDeny defines whether to add the X-Frame-Options header with the DENY value.
+ FrameDeny bool `json:"frameDeny,omitempty" toml:"frameDeny,omitempty" yaml:"frameDeny,omitempty" export:"true"`
+ // CustomFrameOptionsValue defines the X-Frame-Options header value.
+ // This overrides the FrameDeny option.
CustomFrameOptionsValue string `json:"customFrameOptionsValue,omitempty" toml:"customFrameOptionsValue,omitempty" yaml:"customFrameOptionsValue,omitempty"`
- ContentTypeNosniff bool `json:"contentTypeNosniff,omitempty" toml:"contentTypeNosniff,omitempty" yaml:"contentTypeNosniff,omitempty" export:"true"`
- BrowserXSSFilter bool `json:"browserXssFilter,omitempty" toml:"browserXssFilter,omitempty" yaml:"browserXssFilter,omitempty" export:"true"`
- CustomBrowserXSSValue string `json:"customBrowserXSSValue,omitempty" toml:"customBrowserXSSValue,omitempty" yaml:"customBrowserXSSValue,omitempty"`
- ContentSecurityPolicy string `json:"contentSecurityPolicy,omitempty" toml:"contentSecurityPolicy,omitempty" yaml:"contentSecurityPolicy,omitempty"`
- PublicKey string `json:"publicKey,omitempty" toml:"publicKey,omitempty" yaml:"publicKey,omitempty"`
- ReferrerPolicy string `json:"referrerPolicy,omitempty" toml:"referrerPolicy,omitempty" yaml:"referrerPolicy,omitempty" export:"true"`
+ // ContentTypeNosniff defines whether to add the X-Content-Type-Options header with the nosniff value.
+ ContentTypeNosniff bool `json:"contentTypeNosniff,omitempty" toml:"contentTypeNosniff,omitempty" yaml:"contentTypeNosniff,omitempty" export:"true"`
+ // BrowserXSSFilter defines whether to add the X-XSS-Protection header with the value 1; mode=block.
+ BrowserXSSFilter bool `json:"browserXssFilter,omitempty" toml:"browserXssFilter,omitempty" yaml:"browserXssFilter,omitempty" export:"true"`
+ // CustomBrowserXSSValue defines the X-XSS-Protection header value.
+ // This overrides the BrowserXssFilter option.
+ CustomBrowserXSSValue string `json:"customBrowserXSSValue,omitempty" toml:"customBrowserXSSValue,omitempty" yaml:"customBrowserXSSValue,omitempty"`
+ // ContentSecurityPolicy defines the Content-Security-Policy header value.
+ ContentSecurityPolicy string `json:"contentSecurityPolicy,omitempty" toml:"contentSecurityPolicy,omitempty" yaml:"contentSecurityPolicy,omitempty"`
+ // PublicKey is the public key that implements HPKP to prevent MITM attacks with forged certificates.
+ PublicKey string `json:"publicKey,omitempty" toml:"publicKey,omitempty" yaml:"publicKey,omitempty"`
+ // ReferrerPolicy defines the Referrer-Policy header value.
+ // This allows sites to control whether browsers forward the Referer header to other sites.
+ ReferrerPolicy string `json:"referrerPolicy,omitempty" toml:"referrerPolicy,omitempty" yaml:"referrerPolicy,omitempty" export:"true"`
// Deprecated: use PermissionsPolicy instead.
- FeaturePolicy string `json:"featurePolicy,omitempty" toml:"featurePolicy,omitempty" yaml:"featurePolicy,omitempty" export:"true"`
+ FeaturePolicy string `json:"featurePolicy,omitempty" toml:"featurePolicy,omitempty" yaml:"featurePolicy,omitempty" export:"true"`
+ // PermissionsPolicy defines the Permissions-Policy header value.
+ // This allows sites to control browser features.
PermissionsPolicy string `json:"permissionsPolicy,omitempty" toml:"permissionsPolicy,omitempty" yaml:"permissionsPolicy,omitempty" export:"true"`
- IsDevelopment bool `json:"isDevelopment,omitempty" toml:"isDevelopment,omitempty" yaml:"isDevelopment,omitempty" export:"true"`
+ // IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing.
+ // Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain.
+ // If you would like your development environment to mimic production with complete Host blocking, SSL redirects,
+ // and STS headers, leave this as false.
+ IsDevelopment bool `json:"isDevelopment,omitempty" toml:"isDevelopment,omitempty" yaml:"isDevelopment,omitempty" export:"true"`
}
// HasCustomHeadersDefined checks to see if any of the custom header elements have been set.
@@ -249,9 +345,12 @@ func (h *Headers) HasSecureHeadersDefined() bool {
// +k8s:deepcopy-gen=true
-// IPStrategy holds the ip strategy configuration.
+// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy
type IPStrategy struct {
- Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
+ // Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
+ Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
+ // ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.
ExcludedIPs []string `json:"excludedIPs,omitempty" toml:"excludedIPs,omitempty" yaml:"excludedIPs,omitempty"`
// TODO(mpl): I think we should make RemoteAddr an explicit field. For one thing, it would yield better documentation.
}
@@ -286,25 +385,40 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
// +k8s:deepcopy-gen=true
-// IPWhiteList holds the ip white list configuration.
+// IPWhiteList holds the IP whitelist middleware configuration.
+// This middleware accepts / refuses requests based on the client IP.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/
type IPWhiteList struct {
+ // SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
IPStrategy *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"`
}
// +k8s:deepcopy-gen=true
-// InFlightReq limits the number of requests being processed and served concurrently.
+// InFlightReq holds the in-flight request middleware configuration.
+// This middleware limits the number of requests being processed and served concurrently.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/
type InFlightReq struct {
- Amount int64 `json:"amount,omitempty" toml:"amount,omitempty" yaml:"amount,omitempty" export:"true"`
+ // Amount defines the maximum amount of allowed simultaneous in-flight request.
+ // The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
+ Amount int64 `json:"amount,omitempty" toml:"amount,omitempty" yaml:"amount,omitempty" export:"true"`
+ // SourceCriterion defines what criterion is used to group requests as originating from a common source.
+ // If several strategies are defined at the same time, an error will be raised.
+ // If none are set, the default is to use the requestHost.
+ // More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/#sourcecriterion
SourceCriterion *SourceCriterion `json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
-// PassTLSClientCert holds the TLS client cert headers configuration.
+// PassTLSClientCert holds the pass TLS client cert middleware configuration.
+// This middleware adds the selected data from the passed client TLS certificate to a header.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/passtlsclientcert/
type PassTLSClientCert struct {
- PEM bool `json:"pem,omitempty" toml:"pem,omitempty" yaml:"pem,omitempty" export:"true"`
+ // PEM sets the X-Forwarded-Tls-Client-Cert header with the escaped certificate.
+ PEM bool `json:"pem,omitempty" toml:"pem,omitempty" yaml:"pem,omitempty" export:"true"`
+ // Info selects the specific client certificate details you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
Info *TLSClientCertificateInfo `json:"info,omitempty" toml:"info,omitempty" yaml:"info,omitempty" export:"true"`
}
@@ -314,14 +428,17 @@ type PassTLSClientCert struct {
// If none are set, the default is to use the request's remote address field.
// All fields are mutually exclusive.
type SourceCriterion struct {
- IPStrategy *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" export:"true"`
- RequestHeaderName string `json:"requestHeaderName,omitempty" toml:"requestHeaderName,omitempty" yaml:"requestHeaderName,omitempty" export:"true"`
- RequestHost bool `json:"requestHost,omitempty" toml:"requestHost,omitempty" yaml:"requestHost,omitempty" export:"true"`
+ IPStrategy *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" export:"true"`
+ // RequestHeaderName defines the name of the header used to group incoming requests.
+ RequestHeaderName string `json:"requestHeaderName,omitempty" toml:"requestHeaderName,omitempty" yaml:"requestHeaderName,omitempty" export:"true"`
+ // RequestHost defines whether to consider the request Host as the source.
+ RequestHost bool `json:"requestHost,omitempty" toml:"requestHost,omitempty" yaml:"requestHost,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
-// RateLimit holds the rate limiting configuration for a given router.
+// RateLimit holds the rate limit configuration.
+// This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
type RateLimit struct {
// Average is the maximum rate, by default in requests/s, allowed for the given source.
// It defaults to 0, which means no rate limiting.
@@ -337,6 +454,9 @@ type RateLimit struct {
// It defaults to 1.
Burst int64 `json:"burst,omitempty" toml:"burst,omitempty" yaml:"burst,omitempty" export:"true"`
+ // SourceCriterion defines what criterion is used to group requests as originating from a common source.
+ // If several strategies are defined at the same time, an error will be raised.
+ // If none are set, the default is to use the request's remote address field (as an ipStrategy).
SourceCriterion *SourceCriterion `json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true"`
}
@@ -348,51 +468,82 @@ func (r *RateLimit) SetDefaults() {
// +k8s:deepcopy-gen=true
-// RedirectRegex holds the redirection configuration.
+// RedirectRegex holds the redirect regex middleware configuration.
+// This middleware redirects a request using regex matching and replacement.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectregex/#regex
type RedirectRegex struct {
- Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty"`
+ // Regex defines the regex used to match and capture elements from the request URL.
+ Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty"`
+ // Replacement defines how to modify the URL to have the new target URL.
Replacement string `json:"replacement,omitempty" toml:"replacement,omitempty" yaml:"replacement,omitempty"`
- Permanent bool `json:"permanent,omitempty" toml:"permanent,omitempty" yaml:"permanent,omitempty" export:"true"`
+ // Permanent defines whether the redirection is permanent (301).
+ Permanent bool `json:"permanent,omitempty" toml:"permanent,omitempty" yaml:"permanent,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
-// RedirectScheme holds the scheme redirection configuration.
+// RedirectScheme holds the redirect scheme middleware configuration.
+// This middleware redirects requests from a scheme/port to another.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectscheme/
type RedirectScheme struct {
- Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
- Port string `json:"port,omitempty" toml:"port,omitempty" yaml:"port,omitempty" export:"true"`
- Permanent bool `json:"permanent,omitempty" toml:"permanent,omitempty" yaml:"permanent,omitempty" export:"true"`
+ // Scheme defines the scheme of the new URL.
+ Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
+ // Port defines the port of the new URL.
+ Port string `json:"port,omitempty" toml:"port,omitempty" yaml:"port,omitempty" export:"true"`
+ // Permanent defines whether the redirection is permanent (301).
+ Permanent bool `json:"permanent,omitempty" toml:"permanent,omitempty" yaml:"permanent,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
-// ReplacePath holds the ReplacePath configuration.
+// ReplacePath holds the replace path middleware configuration.
+// This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepath/
type ReplacePath struct {
+ // Path defines the path to use as replacement in the request URL.
Path string `json:"path,omitempty" toml:"path,omitempty" yaml:"path,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
-// ReplacePathRegex holds the ReplacePathRegex configuration.
+// ReplacePathRegex holds the replace path regex middleware configuration.
+// This middleware replaces the path of a URL using regex matching and replacement.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepathregex/
type ReplacePathRegex struct {
- Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
+ // Regex defines the regular expression used to match and capture the path from the request URL.
+ Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
+ // Replacement defines the replacement path format, which can include captured variables.
Replacement string `json:"replacement,omitempty" toml:"replacement,omitempty" yaml:"replacement,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
-// Retry holds the retry configuration.
+// Retry holds the retry middleware configuration.
+// This middleware reissues requests a given number of times to a backend server if that server does not reply.
+// As soon as the server answers, the middleware stops retrying, regardless of the response status.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/retry/
type Retry struct {
- Attempts int `json:"attempts,omitempty" toml:"attempts,omitempty" yaml:"attempts,omitempty" export:"true"`
+ // Attempts defines how many times the request should be retried.
+ Attempts int `json:"attempts,omitempty" toml:"attempts,omitempty" yaml:"attempts,omitempty" export:"true"`
+ // InitialInterval defines the first wait time in the exponential backoff series.
+ // The maximum interval is calculated as twice the initialInterval.
+ // If unspecified, requests will be retried immediately.
+ // The value of initialInterval should be provided in seconds or as a valid duration format,
+ // see https://pkg.go.dev/time#ParseDuration.
InitialInterval ptypes.Duration `json:"initialInterval,omitempty" toml:"initialInterval,omitempty" yaml:"initialInterval,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
-// StripPrefix holds the StripPrefix configuration.
+// StripPrefix holds the strip prefix middleware configuration.
+// This middleware removes the specified prefixes from the URL path.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefix/
type StripPrefix struct {
- Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"`
- ForceSlash bool `json:"forceSlash,omitempty" toml:"forceSlash,omitempty" yaml:"forceSlash,omitempty" export:"true"` // Deprecated
+ // Prefixes defines the prefixes to strip from the request URL.
+ Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"`
+ // ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
+ // Default: true.
+ ForceSlash bool `json:"forceSlash,omitempty" toml:"forceSlash,omitempty" yaml:"forceSlash,omitempty" export:"true"` // Deprecated
}
// SetDefaults Default values for a StripPrefix.
@@ -402,8 +553,11 @@ func (s *StripPrefix) SetDefaults() {
// +k8s:deepcopy-gen=true
-// StripPrefixRegex holds the StripPrefixRegex configuration.
+// StripPrefixRegex holds the strip prefix regex middleware configuration.
+// This middleware removes the matching prefixes from the URL path.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefixregex/
type StripPrefixRegex struct {
+ // Regex defines the regular expression to match the path prefix from the request URL.
Regex []string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
}
@@ -411,12 +565,18 @@ type StripPrefixRegex struct {
// TLSClientCertificateInfo holds the client TLS certificate info configuration.
type TLSClientCertificateInfo struct {
- NotAfter bool `json:"notAfter,omitempty" toml:"notAfter,omitempty" yaml:"notAfter,omitempty" export:"true"`
- NotBefore bool `json:"notBefore,omitempty" toml:"notBefore,omitempty" yaml:"notBefore,omitempty" export:"true"`
- Sans bool `json:"sans,omitempty" toml:"sans,omitempty" yaml:"sans,omitempty" export:"true"`
- Subject *TLSClientCertificateSubjectDNInfo `json:"subject,omitempty" toml:"subject,omitempty" yaml:"subject,omitempty" export:"true"`
- Issuer *TLSClientCertificateIssuerDNInfo `json:"issuer,omitempty" toml:"issuer,omitempty" yaml:"issuer,omitempty" export:"true"`
- SerialNumber bool `json:"serialNumber,omitempty" toml:"serialNumber,omitempty" yaml:"serialNumber,omitempty" export:"true"`
+ // NotAfter defines whether to add the Not After information from the Validity part.
+ NotAfter bool `json:"notAfter,omitempty" toml:"notAfter,omitempty" yaml:"notAfter,omitempty" export:"true"`
+ // NotBefore defines whether to add the Not Before information from the Validity part.
+ NotBefore bool `json:"notBefore,omitempty" toml:"notBefore,omitempty" yaml:"notBefore,omitempty" export:"true"`
+ // Sans defines whether to add the Subject Alternative Name information from the Subject Alternative Name part.
+ Sans bool `json:"sans,omitempty" toml:"sans,omitempty" yaml:"sans,omitempty" export:"true"`
+ // SerialNumber defines whether to add the client serialNumber information.
+ SerialNumber bool `json:"serialNumber,omitempty" toml:"serialNumber,omitempty" yaml:"serialNumber,omitempty" export:"true"`
+ // Subject defines the client certificate subject details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+ Subject *TLSClientCertificateSubjectDNInfo `json:"subject,omitempty" toml:"subject,omitempty" yaml:"subject,omitempty" export:"true"`
+ // Issuer defines the client certificate issuer details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+ Issuer *TLSClientCertificateIssuerDNInfo `json:"issuer,omitempty" toml:"issuer,omitempty" yaml:"issuer,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
@@ -424,12 +584,19 @@ type TLSClientCertificateInfo struct {
// TLSClientCertificateIssuerDNInfo holds the client TLS certificate distinguished name info configuration.
// cf https://tools.ietf.org/html/rfc3739
type TLSClientCertificateIssuerDNInfo struct {
- Country bool `json:"country,omitempty" toml:"country,omitempty" yaml:"country,omitempty" export:"true"`
- Province bool `json:"province,omitempty" toml:"province,omitempty" yaml:"province,omitempty" export:"true"`
- Locality bool `json:"locality,omitempty" toml:"locality,omitempty" yaml:"locality,omitempty" export:"true"`
- Organization bool `json:"organization,omitempty" toml:"organization,omitempty" yaml:"organization,omitempty" export:"true"`
- CommonName bool `json:"commonName,omitempty" toml:"commonName,omitempty" yaml:"commonName,omitempty" export:"true"`
- SerialNumber bool `json:"serialNumber,omitempty" toml:"serialNumber,omitempty" yaml:"serialNumber,omitempty" export:"true"`
+ // Country defines whether to add the country information into the issuer.
+ Country bool `json:"country,omitempty" toml:"country,omitempty" yaml:"country,omitempty" export:"true"`
+ // Province defines whether to add the province information into the issuer.
+ Province bool `json:"province,omitempty" toml:"province,omitempty" yaml:"province,omitempty" export:"true"`
+ // Locality defines whether to add the locality information into the issuer.
+ Locality bool `json:"locality,omitempty" toml:"locality,omitempty" yaml:"locality,omitempty" export:"true"`
+ // Organization defines whether to add the organization information into the issuer.
+ Organization bool `json:"organization,omitempty" toml:"organization,omitempty" yaml:"organization,omitempty" export:"true"`
+ // CommonName defines whether to add the organizationalUnit information into the issuer.
+ CommonName bool `json:"commonName,omitempty" toml:"commonName,omitempty" yaml:"commonName,omitempty" export:"true"`
+ // SerialNumber defines whether to add the serialNumber information into the issuer.
+ SerialNumber bool `json:"serialNumber,omitempty" toml:"serialNumber,omitempty" yaml:"serialNumber,omitempty" export:"true"`
+ // DomainComponent defines whether to add the domainComponent information into the issuer.
DomainComponent bool `json:"domainComponent,omitempty" toml:"domainComponent,omitempty" yaml:"domainComponent,omitempty" export:"true"`
}
@@ -438,14 +605,22 @@ type TLSClientCertificateIssuerDNInfo struct {
// TLSClientCertificateSubjectDNInfo holds the client TLS certificate distinguished name info configuration.
// cf https://tools.ietf.org/html/rfc3739
type TLSClientCertificateSubjectDNInfo struct {
- Country bool `json:"country,omitempty" toml:"country,omitempty" yaml:"country,omitempty" export:"true"`
- Province bool `json:"province,omitempty" toml:"province,omitempty" yaml:"province,omitempty" export:"true"`
- Locality bool `json:"locality,omitempty" toml:"locality,omitempty" yaml:"locality,omitempty" export:"true"`
- Organization bool `json:"organization,omitempty" toml:"organization,omitempty" yaml:"organization,omitempty" export:"true"`
+ // Country defines whether to add the country information into the subject.
+ Country bool `json:"country,omitempty" toml:"country,omitempty" yaml:"country,omitempty" export:"true"`
+ // Province defines whether to add the province information into the subject.
+ Province bool `json:"province,omitempty" toml:"province,omitempty" yaml:"province,omitempty" export:"true"`
+ // Locality defines whether to add the locality information into the subject.
+ Locality bool `json:"locality,omitempty" toml:"locality,omitempty" yaml:"locality,omitempty" export:"true"`
+ // Organization defines whether to add the organization information into the subject.
+ Organization bool `json:"organization,omitempty" toml:"organization,omitempty" yaml:"organization,omitempty" export:"true"`
+ // OrganizationalUnit defines whether to add the organizationalUnit information into the subject.
OrganizationalUnit bool `json:"organizationalUnit,omitempty" toml:"organizationalUnit,omitempty" yaml:"organizationalUnit,omitempty" export:"true"`
- CommonName bool `json:"commonName,omitempty" toml:"commonName,omitempty" yaml:"commonName,omitempty" export:"true"`
- SerialNumber bool `json:"serialNumber,omitempty" toml:"serialNumber,omitempty" yaml:"serialNumber,omitempty" export:"true"`
- DomainComponent bool `json:"domainComponent,omitempty" toml:"domainComponent,omitempty" yaml:"domainComponent,omitempty" export:"true"`
+ // CommonName defines whether to add the organizationalUnit information into the subject.
+ CommonName bool `json:"commonName,omitempty" toml:"commonName,omitempty" yaml:"commonName,omitempty" export:"true"`
+ // SerialNumber defines whether to add the serialNumber information into the subject.
+ SerialNumber bool `json:"serialNumber,omitempty" toml:"serialNumber,omitempty" yaml:"serialNumber,omitempty" export:"true"`
+ // DomainComponent defines whether to add the domainComponent information into the subject.
+ DomainComponent bool `json:"domainComponent,omitempty" toml:"domainComponent,omitempty" yaml:"domainComponent,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
diff --git a/pkg/config/dynamic/tcp_config.go b/pkg/config/dynamic/tcp_config.go
index e16564411..66f5c71e2 100644
--- a/pkg/config/dynamic/tcp_config.go
+++ b/pkg/config/dynamic/tcp_config.go
@@ -113,8 +113,10 @@ type TCPServer struct {
// +k8s:deepcopy-gen=true
-// ProxyProtocol holds the ProxyProtocol configuration.
+// ProxyProtocol holds the PROXY Protocol configuration.
+// More info: https://doc.traefik.io/traefik/v2.7/routing/services/#proxy-protocol
type ProxyProtocol struct {
+ // Version defines the PROXY Protocol version to use.
Version int `json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"`
}
diff --git a/pkg/config/dynamic/tcp_middlewares.go b/pkg/config/dynamic/tcp_middlewares.go
index 57d313193..e42c06a80 100644
--- a/pkg/config/dynamic/tcp_middlewares.go
+++ b/pkg/config/dynamic/tcp_middlewares.go
@@ -10,14 +10,21 @@ type TCPMiddleware struct {
// +k8s:deepcopy-gen=true
-// TCPInFlightConn holds the TCP in flight connection configuration.
+// TCPInFlightConn holds the TCP InFlightConn middleware configuration.
+// This middleware prevents services from being overwhelmed with high load,
+// by limiting the number of allowed simultaneous connections for one IP.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/tcp/inflightconn/
type TCPInFlightConn struct {
+ // Amount defines the maximum amount of allowed simultaneous connections.
+ // The middleware closes the connection if there are already amount connections opened.
Amount int64 `json:"amount,omitempty" toml:"amount,omitempty" yaml:"amount,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
-// TCPIPWhiteList holds the TCP ip white list configuration.
+// TCPIPWhiteList holds the TCP IPWhiteList middleware configuration.
+// This middleware accepts/refuses connections based on the client IP.
type TCPIPWhiteList struct {
+ // SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
}
diff --git a/pkg/healthcheck/healthcheck.go b/pkg/healthcheck/healthcheck.go
index 000ee2d00..97a4264c9 100644
--- a/pkg/healthcheck/healthcheck.go
+++ b/pkg/healthcheck/healthcheck.go
@@ -375,17 +375,31 @@ func (lb *LbStatusUpdater) UpsertServer(u *url.URL, options ...roundrobin.Server
// Balancers is a list of Balancers(s) that implements the Balancer interface.
type Balancers []Balancer
-// Servers returns the servers url from all the BalancerHandler.
+// Servers returns the deduplicated server URLs from all the Balancer.
+// Note that the deduplication is only possible because all the underlying
+// balancers are of the same kind (the oxy implementation).
+// The comparison property is the same as the one found at:
+// https://github.com/vulcand/oxy/blob/fb2728c857b7973a27f8de2f2190729c0f22cf49/roundrobin/rr.go#L347.
func (b Balancers) Servers() []*url.URL {
+ seen := make(map[string]struct{})
+
var servers []*url.URL
for _, lb := range b {
- servers = append(servers, lb.Servers()...)
+ for _, server := range lb.Servers() {
+ key := serverKey(server)
+ if _, ok := seen[key]; ok {
+ continue
+ }
+
+ servers = append(servers, server)
+ seen[key] = struct{}{}
+ }
}
return servers
}
-// RemoveServer removes the given server from all the BalancerHandler,
+// RemoveServer removes the given server from all the Balancer,
// and updates the status of the server to "DOWN".
func (b Balancers) RemoveServer(u *url.URL) error {
for _, lb := range b {
@@ -396,7 +410,7 @@ func (b Balancers) RemoveServer(u *url.URL) error {
return nil
}
-// UpsertServer adds the given server to all the BalancerHandler,
+// UpsertServer adds the given server to all the Balancer,
// and updates the status of the server to "UP".
func (b Balancers) UpsertServer(u *url.URL, options ...roundrobin.ServerOption) error {
for _, lb := range b {
@@ -406,3 +420,7 @@ func (b Balancers) UpsertServer(u *url.URL, options ...roundrobin.ServerOption)
}
return nil
}
+
+func serverKey(u *url.URL) string {
+ return u.Path + u.Host + u.Scheme
+}
diff --git a/pkg/healthcheck/healthcheck_test.go b/pkg/healthcheck/healthcheck_test.go
index 88972419e..fc71eafdd 100644
--- a/pkg/healthcheck/healthcheck_test.go
+++ b/pkg/healthcheck/healthcheck_test.go
@@ -362,6 +362,81 @@ func TestAddHeadersAndHost(t *testing.T) {
}
}
+func TestBalancers_Servers(t *testing.T) {
+ server1, err := url.Parse("http://foo.com")
+ require.NoError(t, err)
+
+ balancer1, err := roundrobin.New(nil)
+ require.NoError(t, err)
+
+ err = balancer1.UpsertServer(server1)
+ require.NoError(t, err)
+
+ server2, err := url.Parse("http://foo.com")
+ require.NoError(t, err)
+
+ balancer2, err := roundrobin.New(nil)
+ require.NoError(t, err)
+
+ err = balancer2.UpsertServer(server2)
+ require.NoError(t, err)
+
+ balancers := Balancers([]Balancer{balancer1, balancer2})
+
+ want, err := url.Parse("http://foo.com")
+ require.NoError(t, err)
+
+ assert.Equal(t, 1, len(balancers.Servers()))
+ assert.Equal(t, want, balancers.Servers()[0])
+}
+
+func TestBalancers_UpsertServer(t *testing.T) {
+ balancer1, err := roundrobin.New(nil)
+ require.NoError(t, err)
+
+ balancer2, err := roundrobin.New(nil)
+ require.NoError(t, err)
+
+ want, err := url.Parse("http://foo.com")
+ require.NoError(t, err)
+
+ balancers := Balancers([]Balancer{balancer1, balancer2})
+
+ err = balancers.UpsertServer(want)
+ require.NoError(t, err)
+
+ assert.Equal(t, 1, len(balancer1.Servers()))
+ assert.Equal(t, want, balancer1.Servers()[0])
+
+ assert.Equal(t, 1, len(balancer2.Servers()))
+ assert.Equal(t, want, balancer2.Servers()[0])
+}
+
+func TestBalancers_RemoveServer(t *testing.T) {
+ server, err := url.Parse("http://foo.com")
+ require.NoError(t, err)
+
+ balancer1, err := roundrobin.New(nil)
+ require.NoError(t, err)
+
+ err = balancer1.UpsertServer(server)
+ require.NoError(t, err)
+
+ balancer2, err := roundrobin.New(nil)
+ require.NoError(t, err)
+
+ err = balancer2.UpsertServer(server)
+ require.NoError(t, err)
+
+ balancers := Balancers([]Balancer{balancer1, balancer2})
+
+ err = balancers.RemoveServer(server)
+ require.NoError(t, err)
+
+ assert.Equal(t, 0, len(balancer1.Servers()))
+ assert.Equal(t, 0, len(balancer2.Servers()))
+}
+
type testLoadBalancer struct {
// RWMutex needed due to parallel test execution: Both the system-under-test
// and the test assertions reference the counters.
diff --git a/pkg/middlewares/redirect/redirect_scheme.go b/pkg/middlewares/redirect/redirect_scheme.go
index 00e30b8b4..204e1a16c 100644
--- a/pkg/middlewares/redirect/redirect_scheme.go
+++ b/pkg/middlewares/redirect/redirect_scheme.go
@@ -13,8 +13,9 @@ import (
)
const (
- typeSchemeName = "RedirectScheme"
- uriPattern = `^(https?:\/\/)?(\[[\w:.]+\]|[\w\._-]+)?(:\d+)?(.*)$`
+ typeSchemeName = "RedirectScheme"
+ uriPattern = `^(https?:\/\/)?(\[[\w:.]+\]|[\w\._-]+)?(:\d+)?(.*)$`
+ xForwardedProto = "X-Forwarded-Proto"
)
// NewRedirectScheme creates a new RedirectScheme middleware.
@@ -63,7 +64,11 @@ func rawURLScheme(req *http.Request) string {
scheme = schemeHTTPS
}
- if scheme == schemeHTTP && port == ":80" || scheme == schemeHTTPS && port == ":443" || port == "" {
+ if value := req.Header.Get(xForwardedProto); value != "" {
+ scheme = value
+ }
+
+ if scheme == schemeHTTP && port == ":80" || scheme == schemeHTTPS && port == ":443" {
port = ""
}
diff --git a/pkg/middlewares/redirect/redirect_scheme_test.go b/pkg/middlewares/redirect/redirect_scheme_test.go
index 710a681ee..3d94bfcda 100644
--- a/pkg/middlewares/redirect/redirect_scheme_test.go
+++ b/pkg/middlewares/redirect/redirect_scheme_test.go
@@ -47,11 +47,22 @@ func TestRedirectSchemeHandler(t *testing.T) {
},
url: "http://foo",
headers: map[string]string{
- "X-Forwarded-Proto": "https",
+ "X-Forwarded-Proto": "http",
},
expectedURL: "https://foo",
expectedStatus: http.StatusFound,
},
+ {
+ desc: "HTTP to HTTPS, with X-Forwarded-Proto to HTTPS",
+ config: dynamic.RedirectScheme{
+ Scheme: "https",
+ },
+ url: "http://foo",
+ headers: map[string]string{
+ "X-Forwarded-Proto": "https",
+ },
+ expectedStatus: http.StatusOK,
+ },
{
desc: "HTTP with port to HTTPS without port",
config: dynamic.RedirectScheme{
diff --git a/pkg/muxer/http/mux_test.go b/pkg/muxer/http/mux_test.go
index 930364ba6..2f2d64c9a 100644
--- a/pkg/muxer/http/mux_test.go
+++ b/pkg/muxer/http/mux_test.go
@@ -1,6 +1,8 @@
package http
import (
+ "bufio"
+ "bytes"
"net/http"
"net/http/httptest"
"testing"
@@ -956,3 +958,74 @@ func TestParseDomains(t *testing.T) {
})
}
}
+
+func TestAbsoluteFormURL(t *testing.T) {
+ testCases := []struct {
+ desc string
+ request string
+ rule string
+ expected int
+ }{
+ {
+ desc: "!HostRegexp with absolute-form URL with empty host with non-matching host header",
+ request: "GET http://@/ HTTP/1.1\r\nHost: test.localhost\r\n\r\n",
+ rule: "!HostRegexp(`test.localhost`)",
+ expected: http.StatusNotFound,
+ },
+ {
+ desc: "!Host with absolute-form URL with empty host with non-matching host header",
+ request: "GET http://@/ HTTP/1.1\r\nHost: test.localhost\r\n\r\n",
+ rule: "!Host(`test.localhost`)",
+ expected: http.StatusNotFound,
+ },
+ {
+ desc: "!HostRegexp with absolute-form URL with matching host header",
+ request: "GET http://test.localhost/ HTTP/1.1\r\nHost: toto.localhost\r\n\r\n",
+ rule: "!HostRegexp(`test.localhost`)",
+ expected: http.StatusNotFound,
+ },
+ {
+ desc: "!Host with absolute-form URL with matching host header",
+ request: "GET http://test.localhost/ HTTP/1.1\r\nHost: toto.localhost\r\n\r\n",
+ rule: "!Host(`test.localhost`)",
+ expected: http.StatusNotFound,
+ },
+ {
+ desc: "!HostRegexp with absolute-form URL with non-matching host header",
+ request: "GET http://test.localhost/ HTTP/1.1\r\nHost: toto.localhost\r\n\r\n",
+ rule: "!HostRegexp(`toto.localhost`)",
+ expected: http.StatusOK,
+ },
+ {
+ desc: "!Host with absolute-form URL with non-matching host header",
+ request: "GET http://test.localhost/ HTTP/1.1\r\nHost: toto.localhost\r\n\r\n",
+ rule: "!Host(`toto.localhost`)",
+ expected: http.StatusOK,
+ },
+ }
+
+ for _, test := range testCases {
+ test := test
+ t.Run(test.desc, func(t *testing.T) {
+ t.Parallel()
+
+ handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
+ muxer, err := NewMuxer()
+ require.NoError(t, err)
+
+ err = muxer.AddRoute(test.rule, 0, handler)
+ require.NoError(t, err)
+
+ // RequestDecorator is necessary for the host rule
+ reqHost := requestdecorator.New(nil)
+
+ w := httptest.NewRecorder()
+
+ req, err := http.ReadRequest(bufio.NewReader(bytes.NewReader([]byte(test.request))))
+ require.NoError(t, err)
+
+ reqHost.ServeHTTP(w, req, muxer.ServeHTTP)
+ assert.Equal(t, test.expected, w.Code)
+ })
+ }
+}
diff --git a/pkg/provider/kubernetes/crd/kubernetes_http.go b/pkg/provider/kubernetes/crd/kubernetes_http.go
index 4e08d90e9..320b1f651 100644
--- a/pkg/provider/kubernetes/crd/kubernetes_http.go
+++ b/pkg/provider/kubernetes/crd/kubernetes_http.go
@@ -84,7 +84,7 @@ func (p *Provider) loadIngressRouteConfiguration(ctx context.Context, client Cli
serviceName := normalized
if len(route.Services) > 1 {
- spec := v1alpha1.ServiceSpec{
+ spec := v1alpha1.TraefikServiceSpec{
Weighted: &v1alpha1.WeightedRoundRobin{
Services: route.Services,
},
@@ -217,7 +217,7 @@ func (c configBuilder) buildTraefikService(ctx context.Context, tService *v1alph
// buildServicesLB creates the configuration for the load-balancer of services named id, and defined in tService.
// It adds it to the given conf map.
-func (c configBuilder) buildServicesLB(ctx context.Context, namespace string, tService v1alpha1.ServiceSpec, id string, conf map[string]*dynamic.Service) error {
+func (c configBuilder) buildServicesLB(ctx context.Context, namespace string, tService v1alpha1.TraefikServiceSpec, id string, conf map[string]*dynamic.Service) error {
var wrrServices []dynamic.WRRService
for _, service := range tService.Weighted.Services {
diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroute.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroute.go
index 0de26e8fa..ef7ea9626 100644
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroute.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroute.go
@@ -7,90 +7,130 @@ import (
"k8s.io/apimachinery/pkg/util/intstr"
)
-// IngressRouteSpec is a specification for a IngressRouteSpec resource.
+// IngressRouteSpec defines the desired state of IngressRoute.
type IngressRouteSpec struct {
- Routes []Route `json:"routes"`
+ // Routes defines the list of routes.
+ Routes []Route `json:"routes"`
+ // EntryPoints defines the list of entry point names to bind to.
+ // Entry points have to be configured in the static configuration.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+ // Default: all.
EntryPoints []string `json:"entryPoints,omitempty"`
- TLS *TLS `json:"tls,omitempty"`
+ // TLS defines the TLS configuration.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls
+ TLS *TLS `json:"tls,omitempty"`
}
-// Route contains the set of routes.
+// Route holds the HTTP route configuration.
type Route struct {
+ // Match defines the router's rule.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#rule
Match string `json:"match"`
+ // Kind defines the kind of the route.
+ // Rule is the only supported kind.
// +kubebuilder:validation:Enum=Rule
- Kind string `json:"kind"`
- Priority int `json:"priority,omitempty"`
- Services []Service `json:"services,omitempty"`
+ Kind string `json:"kind"`
+ // Priority defines the router's priority.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#priority
+ Priority int `json:"priority,omitempty"`
+ // Services defines the list of Service.
+ // It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
+ Services []Service `json:"services,omitempty"`
+ // Middlewares defines the list of references to Middleware resources.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-middleware
Middlewares []MiddlewareRef `json:"middlewares,omitempty"`
}
-// TLS contains the TLS certificates configuration of the routes.
-// To enable Let's Encrypt, use an empty TLS struct,
-// e.g. in YAML:
-//
-// tls: {} # inline format
-//
-// tls:
-// secretName: # block format
+// TLS holds the TLS configuration.
+// More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls
type TLS struct {
- // SecretName is the name of the referenced Kubernetes Secret to specify the
- // certificate details.
+ // SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
SecretName string `json:"secretName,omitempty"`
- // Options is a reference to a TLSOption, that specifies the parameters of the TLS connection.
+ // Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
+ // If not defined, the `default` TLSOption is used.
+ // More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options
Options *TLSOptionRef `json:"options,omitempty"`
- // Store is a reference to a TLSStore, that specifies the parameters of the TLS store.
- Store *TLSStoreRef `json:"store,omitempty"`
- CertResolver string `json:"certResolver,omitempty"`
- Domains []types.Domain `json:"domains,omitempty"`
+ // Store defines the reference to the TLSStore, that will be used to store certificates.
+ // Please note that only `default` TLSStore can be used.
+ Store *TLSStoreRef `json:"store,omitempty"`
+ // CertResolver defines the name of the certificate resolver to use.
+ // Cert resolvers have to be configured in the static configuration.
+ // More info: https://doc.traefik.io/traefik/v2.7/https/acme/#certificate-resolvers
+ CertResolver string `json:"certResolver,omitempty"`
+ // Domains defines the list of domains that will be used to issue certificates.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#domains
+ Domains []types.Domain `json:"domains,omitempty"`
}
-// TLSOptionRef is a ref to the TLSOption resources.
+// TLSOptionRef is a reference to a TLSOption resource.
type TLSOptionRef struct {
- Name string `json:"name"`
+ // Name defines the name of the referenced TLSOption.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsoption
+ Name string `json:"name"`
+ // Namespace defines the namespace of the referenced TLSOption.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsoption
Namespace string `json:"namespace,omitempty"`
}
-// TLSStoreRef is a ref to the TLSStore resource.
+// TLSStoreRef is a reference to a TLSStore resource.
type TLSStoreRef struct {
- Name string `json:"name"`
+ // Name defines the name of the referenced TLSStore.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsstore
+ Name string `json:"name"`
+ // Namespace defines the namespace of the referenced TLSStore.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsstore
Namespace string `json:"namespace,omitempty"`
}
-// LoadBalancerSpec can reference either a Kubernetes Service object (a load-balancer of servers),
-// or a TraefikService object (a traefik load-balancer of services).
+// LoadBalancerSpec defines the desired state of LoadBalancer.
+// It can reference either a Kubernetes Service object (a load-balancer of servers),
+// or a TraefikService object (a load-balancer of Traefik services).
type LoadBalancerSpec struct {
- // Name is a reference to a Kubernetes Service object (for a load-balancer of servers),
- // or to a TraefikService object (service load-balancer, mirroring, etc).
+ // Name defines the name of the referenced Kubernetes Service or TraefikService.
// The differentiation between the two is specified in the Kind field.
Name string `json:"name"`
+ // Kind defines the kind of the Service.
// +kubebuilder:validation:Enum=Service;TraefikService
- Kind string `json:"kind,omitempty"`
- Namespace string `json:"namespace,omitempty"`
- Sticky *dynamic.Sticky `json:"sticky,omitempty"`
-
- // Port and all the fields below are related to a servers load-balancer,
- // and therefore should only be specified when Name references a Kubernetes Service.
-
- Port intstr.IntOrString `json:"port,omitempty"`
- Scheme string `json:"scheme,omitempty"`
- Strategy string `json:"strategy,omitempty"`
- PassHostHeader *bool `json:"passHostHeader,omitempty"`
+ Kind string `json:"kind,omitempty"`
+ // Namespace defines the namespace of the referenced Kubernetes Service or TraefikService.
+ Namespace string `json:"namespace,omitempty"`
+ // Sticky defines the sticky sessions configuration.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions
+ Sticky *dynamic.Sticky `json:"sticky,omitempty"`
+ // Port defines the port of a Kubernetes Service.
+ // This can be a reference to a named port.
+ Port intstr.IntOrString `json:"port,omitempty"`
+ // Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+ // It defaults to https when Kubernetes Service port is 443, http otherwise.
+ Scheme string `json:"scheme,omitempty"`
+ // Strategy defines the load balancing strategy between the servers.
+ // RoundRobin is the only supported value at the moment.
+ Strategy string `json:"strategy,omitempty"`
+ // PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
+ // By default, passHostHeader is true.
+ PassHostHeader *bool `json:"passHostHeader,omitempty"`
+ // ResponseForwarding defines how Traefik forwards the response from the upstream Kubernetes Service to the client.
ResponseForwarding *dynamic.ResponseForwarding `json:"responseForwarding,omitempty"`
- ServersTransport string `json:"serversTransport,omitempty"`
+ // ServersTransport defines the name of ServersTransport resource to use.
+ // It allows to configure the transport between Traefik and your servers.
+ // Can only be used on a Kubernetes Service.
+ ServersTransport string `json:"serversTransport,omitempty"`
- // Weight should only be specified when Name references a TraefikService object
+ // Weight defines the weight and should only be specified when Name references a TraefikService object
// (and to be precise, one that embeds a Weighted Round Robin).
Weight *int `json:"weight,omitempty"`
}
-// Service defines an upstream to proxy traffic.
+// Service defines an upstream HTTP service to proxy traffic to.
type Service struct {
LoadBalancerSpec `json:",inline"`
}
-// MiddlewareRef is a ref to the Middleware resources.
+// MiddlewareRef is a reference to a Middleware resource.
type MiddlewareRef struct {
- Name string `json:"name"`
+ // Name defines the name of the referenced Middleware resource.
+ Name string `json:"name"`
+ // Namespace defines the namespace of the referenced Middleware resource.
Namespace string `json:"namespace,omitempty"`
}
@@ -98,9 +138,11 @@ type MiddlewareRef struct {
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:storageversion
-// IngressRoute is an Ingress CRD specification.
+// IngressRoute is the CRD implementation of a Traefik HTTP Router.
type IngressRoute struct {
- metav1.TypeMeta `json:",inline"`
+ metav1.TypeMeta `json:",inline"`
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata"`
Spec IngressRouteSpec `json:"spec"`
@@ -108,9 +150,13 @@ type IngressRoute struct {
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// IngressRouteList is a list of IngressRoutes.
+// IngressRouteList is a collection of IngressRoute.
type IngressRouteList struct {
metav1.TypeMeta `json:",inline"`
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
- Items []IngressRoute `json:"items"`
+
+ // Items is the list of IngressRoute.
+ Items []IngressRoute `json:"items"`
}
diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroutetcp.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroutetcp.go
index ef62542e8..53eeb8c28 100644
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroutetcp.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroutetcp.go
@@ -7,60 +7,88 @@ import (
"k8s.io/apimachinery/pkg/util/intstr"
)
-// IngressRouteTCPSpec is a specification for a IngressRouteTCPSpec resource.
+// IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
type IngressRouteTCPSpec struct {
- Routes []RouteTCP `json:"routes"`
- EntryPoints []string `json:"entryPoints,omitempty"`
- TLS *TLSTCP `json:"tls,omitempty"`
+ // Routes defines the list of routes.
+ Routes []RouteTCP `json:"routes"`
+ // EntryPoints defines the list of entry point names to bind to.
+ // Entry points have to be configured in the static configuration.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+ // Default: all.
+ EntryPoints []string `json:"entryPoints,omitempty"`
+ // TLS defines the TLS configuration on a layer 4 / TCP Route.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls_1
+ TLS *TLSTCP `json:"tls,omitempty"`
}
-// RouteTCP contains the set of routes.
+// RouteTCP holds the TCP route configuration.
type RouteTCP struct {
- Match string `json:"match"`
- Priority int `json:"priority,omitempty"`
+ // Match defines the router's rule.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#rule_1
+ Match string `json:"match"`
+ // Priority defines the router's priority.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#priority_1
+ Priority int `json:"priority,omitempty"`
+ // Services defines the list of TCP services.
Services []ServiceTCP `json:"services,omitempty"`
- // Middlewares contains references to MiddlewareTCP resources.
+ // Middlewares defines the list of references to MiddlewareTCP resources.
Middlewares []ObjectReference `json:"middlewares,omitempty"`
}
-// TLSTCP contains the TLS certificates configuration of the routes.
-// To enable Let's Encrypt, use an empty TLS struct,
-// e.g. in YAML:
-//
-// tls: {} # inline format
-//
-// tls:
-// secretName: # block format
+// TLSTCP holds the TLS configuration for an IngressRouteTCP.
+// More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls_1
type TLSTCP struct {
- // SecretName is the name of the referenced Kubernetes Secret to specify the
- // certificate details.
- SecretName string `json:"secretName,omitempty"`
- Passthrough bool `json:"passthrough,omitempty"`
- // Options is a reference to a TLSOption, that specifies the parameters of the TLS connection.
+ // SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
+ SecretName string `json:"secretName,omitempty"`
+ // Passthrough defines whether a TLS router will terminate the TLS connection.
+ Passthrough bool `json:"passthrough,omitempty"`
+ // Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
+ // If not defined, the `default` TLSOption is used.
+ // More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options
Options *ObjectReference `json:"options,omitempty"`
- // Store is a reference to a TLSStore, that specifies the parameters of the TLS store.
- Store *ObjectReference `json:"store,omitempty"`
- CertResolver string `json:"certResolver,omitempty"`
- Domains []types.Domain `json:"domains,omitempty"`
+ // Store defines the reference to the TLSStore, that will be used to store certificates.
+ // Please note that only `default` TLSStore can be used.
+ Store *ObjectReference `json:"store,omitempty"`
+ // CertResolver defines the name of the certificate resolver to use.
+ // Cert resolvers have to be configured in the static configuration.
+ // More info: https://doc.traefik.io/traefik/v2.7/https/acme/#certificate-resolvers
+ CertResolver string `json:"certResolver,omitempty"`
+ // Domains defines the list of domains that will be used to issue certificates.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#domains
+ Domains []types.Domain `json:"domains,omitempty"`
}
-// ServiceTCP defines an upstream to proxy traffic.
+// ServiceTCP defines an upstream TCP service to proxy traffic to.
type ServiceTCP struct {
- Name string `json:"name"`
- Namespace string `json:"namespace,omitempty"`
- Port intstr.IntOrString `json:"port"`
- Weight *int `json:"weight,omitempty"`
- TerminationDelay *int `json:"terminationDelay,omitempty"`
- ProxyProtocol *dynamic.ProxyProtocol `json:"proxyProtocol,omitempty"`
+ // Name defines the name of the referenced Kubernetes Service.
+ Name string `json:"name"`
+ // Namespace defines the namespace of the referenced Kubernetes Service.
+ Namespace string `json:"namespace,omitempty"`
+ // Port defines the port of a Kubernetes Service.
+ // This can be a reference to a named port.
+ Port intstr.IntOrString `json:"port"`
+ // Weight defines the weight used when balancing requests between multiple Kubernetes Service.
+ Weight *int `json:"weight,omitempty"`
+ // TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates
+ // it has closed the writing capability of its connection, to close the reading capability as well,
+ // hence fully terminating the connection.
+ // It is a duration in milliseconds, defaulting to 100.
+ // A negative value means an infinite deadline (i.e. the reading capability is never closed).
+ TerminationDelay *int `json:"terminationDelay,omitempty"`
+ // ProxyProtocol defines the PROXY protocol configuration.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/services/#proxy-protocol
+ ProxyProtocol *dynamic.ProxyProtocol `json:"proxyProtocol,omitempty"`
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:storageversion
-// IngressRouteTCP is an Ingress CRD specification.
+// IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
type IngressRouteTCP struct {
- metav1.TypeMeta `json:",inline"`
+ metav1.TypeMeta `json:",inline"`
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata"`
Spec IngressRouteTCPSpec `json:"spec"`
@@ -68,9 +96,13 @@ type IngressRouteTCP struct {
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// IngressRouteTCPList is a list of IngressRoutes.
+// IngressRouteTCPList is a collection of IngressRouteTCP.
type IngressRouteTCPList struct {
metav1.TypeMeta `json:",inline"`
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
- Items []IngressRouteTCP `json:"items"`
+
+ // Items is the list of IngressRouteTCP.
+ Items []IngressRouteTCP `json:"items"`
}
diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressrouteudp.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressrouteudp.go
index eb44cd64f..e05525314 100644
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressrouteudp.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressrouteudp.go
@@ -5,38 +5,45 @@ import (
"k8s.io/apimachinery/pkg/util/intstr"
)
-// IngressRouteUDPSpec is a specification for a IngressRouteUDPSpec resource.
+// IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
type IngressRouteUDPSpec struct {
- Routes []RouteUDP `json:"routes"`
- EntryPoints []string `json:"entryPoints,omitempty"`
+ // Routes defines the list of routes.
+ Routes []RouteUDP `json:"routes"`
+ // EntryPoints defines the list of entry point names to bind to.
+ // Entry points have to be configured in the static configuration.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
+ // Default: all.
+ EntryPoints []string `json:"entryPoints,omitempty"`
}
-// RouteUDP contains the set of routes.
+// RouteUDP holds the UDP route configuration.
type RouteUDP struct {
+ // Services defines the list of UDP services.
Services []ServiceUDP `json:"services,omitempty"`
}
-// TLSOptionUDPRef is a ref to the TLSOption resources.
-type TLSOptionUDPRef struct {
- Name string `json:"name"`
- Namespace string `json:"namespace,omitempty"`
-}
-
-// ServiceUDP defines an upstream to proxy traffic.
+// ServiceUDP defines an upstream UDP service to proxy traffic to.
type ServiceUDP struct {
- Name string `json:"name"`
- Namespace string `json:"namespace,omitempty"`
- Port intstr.IntOrString `json:"port"`
- Weight *int `json:"weight,omitempty"`
+ // Name defines the name of the referenced Kubernetes Service.
+ Name string `json:"name"`
+ // Namespace defines the namespace of the referenced Kubernetes Service.
+ Namespace string `json:"namespace,omitempty"`
+ // Port defines the port of a Kubernetes Service.
+ // This can be a reference to a named port.
+ Port intstr.IntOrString `json:"port"`
+ // Weight defines the weight used when balancing requests between multiple Kubernetes Service.
+ Weight *int `json:"weight,omitempty"`
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:storageversion
-// IngressRouteUDP is an Ingress CRD specification.
+// IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
type IngressRouteUDP struct {
- metav1.TypeMeta `json:",inline"`
+ metav1.TypeMeta `json:",inline"`
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata"`
Spec IngressRouteUDPSpec `json:"spec"`
@@ -44,9 +51,13 @@ type IngressRouteUDP struct {
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// IngressRouteUDPList is a list of IngressRoutes.
+// IngressRouteUDPList is a collection of IngressRouteUDP.
type IngressRouteUDPList struct {
metav1.TypeMeta `json:",inline"`
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
- Items []IngressRouteUDP `json:"items"`
+
+ // Items is the list of IngressRouteUDP.
+ Items []IngressRouteUDP `json:"items"`
}
diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go
index a4ae8b2ce..7a80f6d6e 100644
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/middleware.go
@@ -11,9 +11,12 @@ import (
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:storageversion
-// Middleware is a specification for a Middleware resource.
+// Middleware is the CRD implementation of a Traefik Middleware.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/overview/
type Middleware struct {
- metav1.TypeMeta `json:",inline"`
+ metav1.TypeMeta `json:",inline"`
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata"`
Spec MiddlewareSpec `json:"spec"`
@@ -21,7 +24,7 @@ type Middleware struct {
// +k8s:deepcopy-gen=true
-// MiddlewareSpec holds the Middleware configuration.
+// MiddlewareSpec defines the desired state of a Middleware.
type MiddlewareSpec struct {
AddPrefix *dynamic.AddPrefix `json:"addPrefix,omitempty"`
StripPrefix *dynamic.StripPrefix `json:"stripPrefix,omitempty"`
@@ -50,11 +53,22 @@ type MiddlewareSpec struct {
// +k8s:deepcopy-gen=true
-// ErrorPage holds the custom error page configuration.
+// ErrorPage holds the custom error middleware configuration.
+// This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/errorpages/
type ErrorPage struct {
- Status []string `json:"status,omitempty"`
- Service Service `json:"service,omitempty"`
- Query string `json:"query,omitempty"`
+ // Status defines which status or range of statuses should result in an error page.
+ // It can be either a status code as a number (500),
+ // as multiple comma-separated numbers (500,502),
+ // as ranges by separating two codes with a dash (500-599),
+ // or a combination of the two (404,418,500-599).
+ Status []string `json:"status,omitempty"`
+ // Service defines the reference to a Kubernetes Service that will serve the error page.
+ // More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/errorpages/#service
+ Service Service `json:"service,omitempty"`
+ // Query defines the URL for the error page (hosted by service).
+ // The {status} variable can be used in order to insert the status code in the URL.
+ Query string `json:"query,omitempty"`
}
// +k8s:deepcopy-gen=true
@@ -73,75 +87,135 @@ type CircuitBreaker struct {
// +k8s:deepcopy-gen=true
-// Chain holds a chain of middlewares.
+// Chain holds the configuration of the chain middleware.
+// This middleware enables to define reusable combinations of other pieces of middleware.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/chain/
type Chain struct {
+ // Middlewares is the list of MiddlewareRef which composes the chain.
Middlewares []MiddlewareRef `json:"middlewares,omitempty"`
}
// +k8s:deepcopy-gen=true
-// BasicAuth holds the HTTP basic authentication configuration.
+// BasicAuth holds the basic auth middleware configuration.
+// This middleware restricts access to your services to known users.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/
type BasicAuth struct {
- Secret string `json:"secret,omitempty"`
- Realm string `json:"realm,omitempty"`
- RemoveHeader bool `json:"removeHeader,omitempty"`
- HeaderField string `json:"headerField,omitempty"`
+ // Secret is the name of the referenced Kubernetes Secret containing user credentials.
+ Secret string `json:"secret,omitempty"`
+ // Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
+ // Default: traefik.
+ Realm string `json:"realm,omitempty"`
+ // RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.
+ // Default: false.
+ RemoveHeader bool `json:"removeHeader,omitempty"`
+ // HeaderField defines a header field to store the authenticated user.
+ // More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield
+ HeaderField string `json:"headerField,omitempty"`
}
// +k8s:deepcopy-gen=true
-// DigestAuth holds the Digest HTTP authentication configuration.
+// DigestAuth holds the digest auth middleware configuration.
+// This middleware restricts access to your services to known users.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/digestauth/
type DigestAuth struct {
- Secret string `json:"secret,omitempty"`
- RemoveHeader bool `json:"removeHeader,omitempty"`
- Realm string `json:"realm,omitempty"`
- HeaderField string `json:"headerField,omitempty"`
+ // Secret is the name of the referenced Kubernetes Secret containing user credentials.
+ Secret string `json:"secret,omitempty"`
+ // RemoveHeader defines whether to remove the authorization header before forwarding the request to the backend.
+ RemoveHeader bool `json:"removeHeader,omitempty"`
+ // Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
+ // Default: traefik.
+ Realm string `json:"realm,omitempty"`
+ // HeaderField defines a header field to store the authenticated user.
+ // More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield
+ HeaderField string `json:"headerField,omitempty"`
}
// +k8s:deepcopy-gen=true
-// ForwardAuth holds the http forward authentication configuration.
+// ForwardAuth holds the forward auth middleware configuration.
+// This middleware delegates the request authentication to a Service.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/
type ForwardAuth struct {
- Address string `json:"address,omitempty"`
- TrustForwardHeader bool `json:"trustForwardHeader,omitempty"`
- AuthResponseHeaders []string `json:"authResponseHeaders,omitempty"`
- AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty"`
- AuthRequestHeaders []string `json:"authRequestHeaders,omitempty"`
- TLS *ClientTLS `json:"tls,omitempty"`
+ // Address defines the authentication server address.
+ Address string `json:"address,omitempty"`
+ // TrustForwardHeader defines whether to trust (ie: forward) all X-Forwarded-* headers.
+ TrustForwardHeader bool `json:"trustForwardHeader,omitempty"`
+ // AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
+ AuthResponseHeaders []string `json:"authResponseHeaders,omitempty"`
+ // AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
+ // More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/#authresponseheadersregex
+ AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty"`
+ // AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
+ // If not set or empty then all request headers are passed.
+ AuthRequestHeaders []string `json:"authRequestHeaders,omitempty"`
+ // TLS defines the configuration used to secure the connection to the authentication server.
+ TLS *ClientTLS `json:"tls,omitempty"`
}
-// ClientTLS holds TLS specific configurations as client.
+// ClientTLS holds the client TLS configuration.
type ClientTLS struct {
- CASecret string `json:"caSecret,omitempty"`
- CAOptional bool `json:"caOptional,omitempty"`
- CertSecret string `json:"certSecret,omitempty"`
- InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// MiddlewareList is a list of Middleware resources.
-type MiddlewareList struct {
- metav1.TypeMeta `json:",inline"`
- metav1.ListMeta `json:"metadata"`
-
- Items []Middleware `json:"items"`
+ // CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate.
+ // The CA certificate is extracted from key `tls.ca` or `ca.crt`.
+ CASecret string `json:"caSecret,omitempty"`
+ // CertSecret is the name of the referenced Kubernetes Secret containing the client certificate.
+ // The client certificate is extracted from the keys `tls.crt` and `tls.key`.
+ CertSecret string `json:"certSecret,omitempty"`
+ // InsecureSkipVerify defines whether the server certificates should be validated.
+ InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`
+ CAOptional bool `json:"caOptional,omitempty"`
}
// +k8s:deepcopy-gen=true
-// RateLimit holds the rate limiting configuration for a given router.
+// RateLimit holds the rate limit configuration.
+// This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ratelimit/
type RateLimit struct {
- Average int64 `json:"average,omitempty"`
- Period *intstr.IntOrString `json:"period,omitempty"`
- Burst *int64 `json:"burst,omitempty"`
+ // Average is the maximum rate, by default in requests/s, allowed for the given source.
+ // It defaults to 0, which means no rate limiting.
+ // The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
+ // one needs to define a Period larger than a second.
+ Average int64 `json:"average,omitempty"`
+ // Period, in combination with Average, defines the actual maximum rate, such as:
+ // r = Average / Period. It defaults to a second.
+ Period *intstr.IntOrString `json:"period,omitempty"`
+ // Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
+ // It defaults to 1.
+ Burst *int64 `json:"burst,omitempty"`
+ // SourceCriterion defines what criterion is used to group requests as originating from a common source.
+ // If several strategies are defined at the same time, an error will be raised.
+ // If none are set, the default is to use the request's remote address field (as an ipStrategy).
SourceCriterion *dynamic.SourceCriterion `json:"sourceCriterion,omitempty"`
}
// +k8s:deepcopy-gen=true
-// Retry holds the retry configuration.
+// Retry holds the retry middleware configuration.
+// This middleware reissues requests a given number of times to a backend server if that server does not reply.
+// As soon as the server answers, the middleware stops retrying, regardless of the response status.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/retry/
type Retry struct {
- Attempts int `json:"attempts,omitempty"`
+ // Attempts defines how many times the request should be retried.
+ Attempts int `json:"attempts,omitempty"`
+ // InitialInterval defines the first wait time in the exponential backoff series.
+ // The maximum interval is calculated as twice the initialInterval.
+ // If unspecified, requests will be retried immediately.
+ // The value of initialInterval should be provided in seconds or as a valid duration format,
+ // see https://pkg.go.dev/time#ParseDuration.
InitialInterval intstr.IntOrString `json:"initialInterval,omitempty"`
}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// MiddlewareList is a collection of Middleware resources.
+type MiddlewareList struct {
+ metav1.TypeMeta `json:",inline"`
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ metav1.ListMeta `json:"metadata"`
+
+ // Items is the list of Middleware.
+ Items []Middleware `json:"items"`
+}
diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/middlewaretcp.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/middlewaretcp.go
index ff42921d0..5b70fd781 100644
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/middlewaretcp.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/middlewaretcp.go
@@ -8,9 +8,12 @@ import (
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// MiddlewareTCP is a specification for a MiddlewareTCP resource.
+// MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
+// More info: https://doc.traefik.io/traefik/v2.7/middlewares/overview/
type MiddlewareTCP struct {
- metav1.TypeMeta `json:",inline"`
+ metav1.TypeMeta `json:",inline"`
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata"`
Spec MiddlewareTCPSpec `json:"spec"`
@@ -18,18 +21,23 @@ type MiddlewareTCP struct {
// +k8s:deepcopy-gen=true
-// MiddlewareTCPSpec holds the MiddlewareTCP configuration.
+// MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
type MiddlewareTCPSpec struct {
+ // InFlightConn defines the InFlightConn middleware configuration.
InFlightConn *dynamic.TCPInFlightConn `json:"inFlightConn,omitempty"`
- IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"`
+ // IPWhiteList defines the IPWhiteList middleware configuration.
+ IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// MiddlewareTCPList is a list of MiddlewareTCP resources.
+// MiddlewareTCPList is a collection of MiddlewareTCP resources.
type MiddlewareTCPList struct {
metav1.TypeMeta `json:",inline"`
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
+ // Items is the list of MiddlewareTCP.
Items []MiddlewareTCP `json:"items"`
}
diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/objectreference.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/objectreference.go
index c28d4a96d..6334ab631 100644
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/objectreference.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/objectreference.go
@@ -2,6 +2,8 @@ package v1alpha1
// ObjectReference is a generic reference to a Traefik resource.
type ObjectReference struct {
- Name string `json:"name"`
+ // Name defines the name of the referenced Traefik resource.
+ Name string `json:"name"`
+ // Namespace defines the namespace of the referenced Traefik resource.
Namespace string `json:"namespace,omitempty"`
}
diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/serverstransport.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/serverstransport.go
index 4fce5e0be..e850a4cb0 100644
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/serverstransport.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/serverstransport.go
@@ -9,9 +9,14 @@ import (
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:storageversion
-// ServersTransport is a specification for a ServersTransport resource.
+// ServersTransport is the CRD implementation of a ServersTransport.
+// If no serversTransport is specified, the default@internal will be used.
+// The default@internal serversTransport is created from the static configuration.
+// More info: https://doc.traefik.io/traefik/v2.7/routing/services/#serverstransport_1
type ServersTransport struct {
- metav1.TypeMeta `json:",inline"`
+ metav1.TypeMeta `json:",inline"`
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata"`
Spec ServersTransportSpec `json:"spec"`
@@ -19,38 +24,37 @@ type ServersTransport struct {
// +k8s:deepcopy-gen=true
-// ServersTransportSpec options to configure communication between Traefik and the servers.
+// ServersTransportSpec defines the desired state of a ServersTransport.
type ServersTransportSpec struct {
- // ServerName used to contact the server.
+ // ServerName defines the server name used to contact the server.
ServerName string `json:"serverName,omitempty"`
- // Disable SSL certificate verification.
+ // InsecureSkipVerify disables SSL certificate verification.
InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`
- // Add cert file for self-signed certificate.
+ // RootCAsSecrets defines a list of CA secret used to validate self-signed certificate.
RootCAsSecrets []string `json:"rootCAsSecrets,omitempty"`
- // Certificates for mTLS.
+ // CertificatesSecrets defines a list of secret storing client certificates for mTLS.
CertificatesSecrets []string `json:"certificatesSecrets,omitempty"`
- // If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.
+ // MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host.
MaxIdleConnsPerHost int `json:"maxIdleConnsPerHost,omitempty"`
- // Timeouts for requests forwarded to the backend servers.
+ // ForwardingTimeouts defines the timeouts for requests forwarded to the backend servers.
ForwardingTimeouts *ForwardingTimeouts `json:"forwardingTimeouts,omitempty"`
- // Disable HTTP/2 for connections with backend servers.
+ // DisableHTTP2 disables HTTP/2 for connections with backend servers.
DisableHTTP2 bool `json:"disableHTTP2,omitempty"`
- // URI used to match against SAN URI during the peer certificate verification.
+ // PeerCertURI defines the peer cert URI used to match against SAN URI during the peer certificate verification.
PeerCertURI string `json:"peerCertURI,omitempty"`
}
// +k8s:deepcopy-gen=true
-// ForwardingTimeouts contains timeout configurations for forwarding requests to the backend servers.
+// ForwardingTimeouts holds the timeout configurations for forwarding requests to the backend servers.
type ForwardingTimeouts struct {
- // DialTimeout is the amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists.
+ // DialTimeout is the amount of time to wait until a connection to a backend server can be established.
DialTimeout *intstr.IntOrString `json:"dialTimeout,omitempty"`
// ResponseHeaderTimeout is the amount of time to wait for a server's response headers after fully writing the request (including its body, if any).
- // If zero, no timeout exists.
ResponseHeaderTimeout *intstr.IntOrString `json:"responseHeaderTimeout,omitempty"`
// IdleConnTimeout is the maximum period for which an idle HTTP keep-alive connection will remain open before closing itself.
IdleConnTimeout *intstr.IntOrString `json:"idleConnTimeout,omitempty"`
- // ReadIdleTimeout is the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection. If zero, no health check is performed.
+ // ReadIdleTimeout is the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection.
ReadIdleTimeout *intstr.IntOrString `json:"readIdleTimeout,omitempty"`
// PingTimeout is the timeout after which the HTTP/2 connection will be closed if a response to ping is not received.
PingTimeout *intstr.IntOrString `json:"pingTimeout,omitempty"`
@@ -58,10 +62,13 @@ type ForwardingTimeouts struct {
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// ServersTransportList is a list of ServersTransport resources.
+// ServersTransportList is a collection of ServersTransport resources.
type ServersTransportList struct {
metav1.TypeMeta `json:",inline"`
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
+ // Items is the list of ServersTransport.
Items []ServersTransport `json:"items"`
}
diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/service.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/service.go
index fa70a253b..0d2737e5b 100644
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/service.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/service.go
@@ -9,60 +9,77 @@ import (
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:storageversion
-// TraefikService is the specification for a service (that an IngressRoute refers
-// to) that is usually not a terminal service (i.e. not a pod of servers), as
-// opposed to a Kubernetes Service. That is to say, it usually refers to other
-// (children) services, which themselves can be TraefikServices or Services.
+// TraefikService is the CRD implementation of a Traefik Service.
+// TraefikService object allows to:
+// - Apply weight to Services on load-balancing
+// - Mirror traffic on services
+// More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-traefikservice
type TraefikService struct {
- metav1.TypeMeta `json:",inline"`
+ metav1.TypeMeta `json:",inline"`
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata"`
- Spec ServiceSpec `json:"spec"`
+ Spec TraefikServiceSpec `json:"spec"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// TraefikServiceList is a list of TraefikService resources.
+// TraefikServiceList is a collection of TraefikService resources.
type TraefikServiceList struct {
metav1.TypeMeta `json:",inline"`
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
+ // Items is the list of TraefikService.
Items []TraefikService `json:"items"`
}
// +k8s:deepcopy-gen=true
-// ServiceSpec defines whether a TraefikService is a load-balancer of services or a
-// mirroring service.
-type ServiceSpec struct {
- Weighted *WeightedRoundRobin `json:"weighted,omitempty"`
- Mirroring *Mirroring `json:"mirroring,omitempty"`
+// TraefikServiceSpec defines the desired state of a TraefikService.
+type TraefikServiceSpec struct {
+ // Weighted defines the Weighted Round Robin configuration.
+ Weighted *WeightedRoundRobin `json:"weighted,omitempty"`
+ // Mirroring defines the Mirroring service configuration.
+ Mirroring *Mirroring `json:"mirroring,omitempty"`
}
// +k8s:deepcopy-gen=true
-// Mirroring defines a mirroring service, which is composed of a main
-// load-balancer, and a list of mirrors.
+// Mirroring holds the mirroring service configuration.
+// More info: https://doc.traefik.io/traefik/v2.7/routing/services/#mirroring-service
type Mirroring struct {
LoadBalancerSpec `json:",inline"`
- MaxBodySize *int64 `json:"maxBodySize,omitempty"`
- Mirrors []MirrorService `json:"mirrors,omitempty"`
+ // MaxBodySize defines the maximum size allowed for the body of the request.
+ // If the body is larger, the request is not mirrored.
+ // Default value is -1, which means unlimited size.
+ MaxBodySize *int64 `json:"maxBodySize,omitempty"`
+ // Mirrors defines the list of mirrors where Traefik will duplicate the traffic.
+ Mirrors []MirrorService `json:"mirrors,omitempty"`
}
// +k8s:deepcopy-gen=true
-// MirrorService defines one of the mirrors of a Mirroring service.
+// MirrorService holds the mirror configuration.
type MirrorService struct {
LoadBalancerSpec `json:",inline"`
+ // Percent defines the part of the traffic to mirror.
+ // Supported values: 0 to 100.
Percent int `json:"percent,omitempty"`
}
// +k8s:deepcopy-gen=true
-// WeightedRoundRobin defines a load-balancer of services.
+// WeightedRoundRobin holds the weighted round-robin configuration.
+// More info: https://doc.traefik.io/traefik/v2.7/routing/services/#weighted-round-robin-service
type WeightedRoundRobin struct {
- Services []Service `json:"services,omitempty"`
- Sticky *dynamic.Sticky `json:"sticky,omitempty"`
+ // Services defines the list of Kubernetes Service and/or TraefikService to load-balance, with weight.
+ Services []Service `json:"services,omitempty"`
+ // Sticky defines whether sticky sessions are enabled.
+ // More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
+ Sticky *dynamic.Sticky `json:"sticky,omitempty"`
}
diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go
index 72c06f144..564c6698a 100644
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go
@@ -8,9 +8,12 @@ import (
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:storageversion
-// TLSOption is a specification for a TLSOption resource.
+// TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
+// More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options
type TLSOption struct {
- metav1.TypeMeta `json:",inline"`
+ metav1.TypeMeta `json:",inline"`
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata"`
Spec TLSOptionSpec `json:"spec"`
@@ -18,35 +21,54 @@ type TLSOption struct {
// +k8s:deepcopy-gen=true
-// TLSOptionSpec configures TLS for an entry point.
+// TLSOptionSpec defines the desired state of a TLSOption.
type TLSOptionSpec struct {
- MinVersion string `json:"minVersion,omitempty"`
- MaxVersion string `json:"maxVersion,omitempty"`
- CipherSuites []string `json:"cipherSuites,omitempty"`
- CurvePreferences []string `json:"curvePreferences,omitempty"`
- ClientAuth ClientAuth `json:"clientAuth,omitempty"`
- SniStrict bool `json:"sniStrict,omitempty"`
- PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty"`
- ALPNProtocols []string `json:"alpnProtocols,omitempty"`
+ // MinVersion defines the minimum TLS version that Traefik will accept.
+ // Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
+ // Default: VersionTLS10.
+ MinVersion string `json:"minVersion,omitempty"`
+ // MaxVersion defines the maximum TLS version that Traefik will accept.
+ // Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
+ // Default: None.
+ MaxVersion string `json:"maxVersion,omitempty"`
+ // CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
+ // More info: https://doc.traefik.io/traefik/v2.7/https/tls/#cipher-suites
+ CipherSuites []string `json:"cipherSuites,omitempty"`
+ // CurvePreferences defines the preferred elliptic curves in a specific order.
+ // More info: https://doc.traefik.io/traefik/v2.7/https/tls/#curve-preferences
+ CurvePreferences []string `json:"curvePreferences,omitempty"`
+ // ClientAuth defines the server's policy for TLS Client Authentication.
+ ClientAuth ClientAuth `json:"clientAuth,omitempty"`
+ // SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
+ SniStrict bool `json:"sniStrict,omitempty"`
+ // PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
+ // It is enabled automatically when minVersion or maxVersion are set.
+ PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty"`
+ // ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
+ // More info: https://doc.traefik.io/traefik/v2.7/https/tls/#alpn-protocols
+ ALPNProtocols []string `json:"alpnProtocols,omitempty"`
}
// +k8s:deepcopy-gen=true
-// ClientAuth defines the parameters of the client authentication part of the TLS connection, if any.
+// ClientAuth holds the TLS client authentication configuration.
type ClientAuth struct {
- // SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
+ // SecretNames defines the names of the referenced Kubernetes Secret storing certificate details.
SecretNames []string `json:"secretNames,omitempty"`
- // +kubebuilder:validation:Enum=NoClientCert;RequestClientCert;RequireAnyClientCert;VerifyClientCertIfGiven;RequireAndVerifyClientCert
// ClientAuthType defines the client authentication type to apply.
+ // +kubebuilder:validation:Enum=NoClientCert;RequestClientCert;RequireAnyClientCert;VerifyClientCertIfGiven;RequireAndVerifyClientCert
ClientAuthType string `json:"clientAuthType,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// TLSOptionList is a list of TLSOption resources.
+// TLSOptionList is a collection of TLSOption resources.
type TLSOptionList struct {
metav1.TypeMeta `json:",inline"`
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
+ // Items is the list of TLSOption.
Items []TLSOption `json:"items"`
}
diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsstore.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsstore.go
index 06c1d8a6e..811a42ea3 100644
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsstore.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsstore.go
@@ -8,9 +8,14 @@ import (
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:storageversion
-// TLSStore is a specification for a TLSStore resource.
+// TLSStore is the CRD implementation of a Traefik TLS Store.
+// For the time being, only the TLSStore named default is supported.
+// This means that you cannot have two stores that are named default in different Kubernetes namespaces.
+// More info: https://doc.traefik.io/traefik/v2.7/https/tls/#certificates-stores
type TLSStore struct {
- metav1.TypeMeta `json:",inline"`
+ metav1.TypeMeta `json:",inline"`
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata"`
Spec TLSStoreSpec `json:"spec"`
@@ -18,9 +23,9 @@ type TLSStore struct {
// +k8s:deepcopy-gen=true
-// TLSStoreSpec configures a TLSStore resource.
+// TLSStoreSpec defines the desired state of a TLSStore.
type TLSStoreSpec struct {
- // DefaultCertificate is the name of the secret holding the default key/certificate pair for the store.
+ // DefaultCertificate defines the default certificate configuration.
DefaultCertificate *Certificate `json:"defaultCertificate,omitempty"`
// Certificates is a list of secret names, each secret holding a key/certificate pair to add to the store.
Certificates []Certificate `json:"certificates,omitempty"`
@@ -36,10 +41,13 @@ type Certificate struct {
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// TLSStoreList is a list of TLSStore resources.
+// TLSStoreList is a collection of TLSStore resources.
type TLSStoreList struct {
metav1.TypeMeta `json:",inline"`
+ // Standard object's metadata.
+ // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
+ // Items is the list of TLSStore.
Items []TLSStore `json:"items"`
}
diff --git a/pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go b/pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go
index 120ad8dfc..5d44aeef3 100644
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/zz_generated.deepcopy.go
@@ -1171,32 +1171,6 @@ func (in *Service) DeepCopy() *Service {
return out
}
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ServiceSpec) DeepCopyInto(out *ServiceSpec) {
- *out = *in
- if in.Weighted != nil {
- in, out := &in.Weighted, &out.Weighted
- *out = new(WeightedRoundRobin)
- (*in).DeepCopyInto(*out)
- }
- if in.Mirroring != nil {
- in, out := &in.Mirroring, &out.Mirroring
- *out = new(Mirroring)
- (*in).DeepCopyInto(*out)
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceSpec.
-func (in *ServiceSpec) DeepCopy() *ServiceSpec {
- if in == nil {
- return nil
- }
- out := new(ServiceSpec)
- in.DeepCopyInto(out)
- return out
-}
-
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ServiceTCP) DeepCopyInto(out *ServiceTCP) {
*out = *in
@@ -1392,22 +1366,6 @@ func (in *TLSOptionSpec) DeepCopy() *TLSOptionSpec {
return out
}
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *TLSOptionUDPRef) DeepCopyInto(out *TLSOptionUDPRef) {
- *out = *in
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSOptionUDPRef.
-func (in *TLSOptionUDPRef) DeepCopy() *TLSOptionUDPRef {
- if in == nil {
- return nil
- }
- out := new(TLSOptionUDPRef)
- in.DeepCopyInto(out)
- return out
-}
-
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TLSStore) DeepCopyInto(out *TLSStore) {
*out = *in
@@ -1603,6 +1561,32 @@ func (in *TraefikServiceList) DeepCopyObject() runtime.Object {
return nil
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TraefikServiceSpec) DeepCopyInto(out *TraefikServiceSpec) {
+ *out = *in
+ if in.Weighted != nil {
+ in, out := &in.Weighted, &out.Weighted
+ *out = new(WeightedRoundRobin)
+ (*in).DeepCopyInto(*out)
+ }
+ if in.Mirroring != nil {
+ in, out := &in.Mirroring, &out.Mirroring
+ *out = new(Mirroring)
+ (*in).DeepCopyInto(*out)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TraefikServiceSpec.
+func (in *TraefikServiceSpec) DeepCopy() *TraefikServiceSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(TraefikServiceSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WeightedRoundRobin) DeepCopyInto(out *WeightedRoundRobin) {
*out = *in
diff --git a/pkg/provider/kubernetes/gateway/fixtures/mixed/with_multiple_protocol_using_same_port.yml b/pkg/provider/kubernetes/gateway/fixtures/mixed/with_multiple_listeners_using_same_hostname_port_protocol.yml
similarity index 76%
rename from pkg/provider/kubernetes/gateway/fixtures/mixed/with_multiple_protocol_using_same_port.yml
rename to pkg/provider/kubernetes/gateway/fixtures/mixed/with_multiple_listeners_using_same_hostname_port_protocol.yml
index 448dec2c7..dd3d32238 100644
--- a/pkg/provider/kubernetes/gateway/fixtures/mixed/with_multiple_protocol_using_same_port.yml
+++ b/pkg/provider/kubernetes/gateway/fixtures/mixed/with_multiple_listeners_using_same_hostname_port_protocol.yml
@@ -21,12 +21,13 @@ spec:
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1alpha2
metadata:
- name: my-gateway
+ name: my-gateway-http
namespace: default
spec:
gatewayClassName: my-gateway-class
listeners: # Use GatewayClass defaults for listener definition.
- name: http1
+ hostname: foo.bar
protocol: HTTP
port: 9080
allowedRoutes:
@@ -37,6 +38,7 @@ spec:
from: Same
- name: http2
+ hostname: foo.bar
protocol: HTTP
port: 9080
allowedRoutes:
@@ -45,7 +47,26 @@ spec:
namespaces:
from: Same
- - name: tcp
+---
+kind: Gateway
+apiVersion: gateway.networking.k8s.io/v1alpha2
+metadata:
+ name: my-gateway-tcp
+ namespace: default
+spec:
+ gatewayClassName: my-gateway-class
+ listeners: # Use GatewayClass defaults for listener definition.
+ - name: tcp1
+ hostname: foo.bar
+ protocol: TCP
+ port: 9000
+ allowedRoutes:
+ kinds:
+ - kind: TCPRoute
+ namespaces:
+ from: Same
+ - name: tcp2
+ hostname: foo.bar
protocol: TCP
port: 9000
allowedRoutes:
@@ -54,7 +75,17 @@ spec:
namespaces:
from: Same
- - name: tls
+---
+kind: Gateway
+apiVersion: gateway.networking.k8s.io/v1alpha2
+metadata:
+ name: my-gateway-tls
+ namespace: default
+spec:
+ gatewayClassName: my-gateway-class
+ listeners: # Use GatewayClass defaults for listener definition.
+ - name: tls1
+ hostname: foo.bar
protocol: TLS
port: 9000
tls:
@@ -66,6 +97,7 @@ spec:
from: Same
- name: tls2
+ hostname: foo.bar
protocol: TLS
port: 9000
tls:
diff --git a/pkg/provider/kubernetes/gateway/kubernetes.go b/pkg/provider/kubernetes/gateway/kubernetes.go
index 05698f5f9..7b2bc5b72 100644
--- a/pkg/provider/kubernetes/gateway/kubernetes.go
+++ b/pkg/provider/kubernetes/gateway/kubernetes.go
@@ -317,7 +317,7 @@ func (p *Provider) createGatewayConf(ctx context.Context, client Client, gateway
func (p *Provider) fillGatewayConf(ctx context.Context, client Client, gateway *v1alpha2.Gateway, conf *dynamic.Configuration, tlsConfigs map[string]*tls.CertAndStores) []v1alpha2.ListenerStatus {
logger := log.FromContext(ctx)
listenerStatuses := make([]v1alpha2.ListenerStatus, len(gateway.Spec.Listeners))
- allocatedPort := map[v1alpha2.PortNumber]v1alpha2.ProtocolType{}
+ allocatedListeners := make(map[string]struct{})
for i, listener := range gateway.Spec.Listeners {
listenerStatuses[i] = v1alpha2.ListenerStatus{
@@ -340,19 +340,22 @@ func (p *Provider) fillGatewayConf(ctx context.Context, client Client, gateway *
continue
}
- if _, ok := allocatedPort[listener.Port]; ok {
+ listenerKey := makeListenerKey(listener)
+
+ if _, ok := allocatedListeners[listenerKey]; ok {
listenerStatuses[i].Conditions = append(listenerStatuses[i].Conditions, metav1.Condition{
- Type: string(v1alpha2.ListenerConditionDetached),
+ Type: string(v1alpha2.ListenerConditionConflicted),
Status: metav1.ConditionTrue,
LastTransitionTime: metav1.Now(),
- Reason: string(v1alpha2.ListenerReasonPortUnavailable),
- Message: fmt.Sprintf("Port %d unavailable", listener.Port),
+ Reason: "DuplicateListener",
+ Message: "A listener with same protocol, port and hostname already exists",
})
continue
}
- allocatedPort[listener.Port] = listener.Protocol
+ allocatedListeners[listenerKey] = struct{}{}
+
ep, err := p.entryPointName(listener.Port, listener.Protocol)
if err != nil {
// update "Detached" status with "PortUnavailable" reason
@@ -1700,3 +1703,13 @@ func isInternalService(ref v1alpha2.BackendRef) bool {
*ref.Group == traefikv1alpha1.GroupName &&
strings.HasSuffix(string(ref.Name), "@internal")
}
+
+// makeListenerKey joins protocol, hostname, and port of a listener into a string key.
+func makeListenerKey(l v1alpha2.Listener) string {
+ var hostname v1alpha2.Hostname
+ if l.Hostname != nil {
+ hostname = *l.Hostname
+ }
+
+ return fmt.Sprintf("%s|%s|%d", l.Protocol, hostname, l.Port)
+}
diff --git a/pkg/provider/kubernetes/gateway/kubernetes_test.go b/pkg/provider/kubernetes/gateway/kubernetes_test.go
index 2fafd65bb..a3ce54924 100644
--- a/pkg/provider/kubernetes/gateway/kubernetes_test.go
+++ b/pkg/provider/kubernetes/gateway/kubernetes_test.go
@@ -3566,8 +3566,8 @@ func TestLoadMixedRoutes(t *testing.T) {
},
},
{
- desc: "Empty caused by mixed routes multiple protocol using same port",
- paths: []string{"services.yml", "mixed/with_multiple_protocol_using_same_port.yml"},
+ desc: "Empty caused by mixed routes with multiple listeners using same hostname, port and protocol",
+ paths: []string{"services.yml", "mixed/with_multiple_listeners_using_same_hostname_port_protocol.yml"},
entryPoints: map[string]Entrypoint{
"web": {Address: ":9080"},
"tcp": {Address: ":9000"},
@@ -4989,7 +4989,7 @@ func Test_shouldAttach(t *testing.T) {
}
func Test_matchingHostnames(t *testing.T) {
- tests := []struct {
+ testCases := []struct {
desc string
listener v1alpha2.Listener
hostnames []v1alpha2.Hostname
@@ -5081,7 +5081,7 @@ func Test_matchingHostnames(t *testing.T) {
},
}
- for _, test := range tests {
+ for _, test := range testCases {
test := test
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
@@ -5093,7 +5093,7 @@ func Test_matchingHostnames(t *testing.T) {
}
func Test_getAllowedRoutes(t *testing.T) {
- tests := []struct {
+ testCases := []struct {
desc string
listener v1alpha2.Listener
supportedRouteKinds []v1alpha2.RouteGroupKind
@@ -5193,7 +5193,7 @@ func Test_getAllowedRoutes(t *testing.T) {
},
}
- for _, test := range tests {
+ for _, test := range testCases {
test := test
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
@@ -5210,6 +5210,45 @@ func Test_getAllowedRoutes(t *testing.T) {
}
}
+func Test_makeListenerKey(t *testing.T) {
+ testCases := []struct {
+ desc string
+ listener v1alpha2.Listener
+ expectedKey string
+ }{
+ {
+ desc: "empty",
+ expectedKey: "||0",
+ },
+ {
+ desc: "listener with port, protocol and hostname",
+ listener: v1alpha2.Listener{
+ Port: 443,
+ Protocol: v1alpha2.HTTPSProtocolType,
+ Hostname: hostnamePtr("www.example.com"),
+ },
+ expectedKey: "HTTPS|www.example.com|443",
+ },
+ {
+ desc: "listener with port, protocol and nil hostname",
+ listener: v1alpha2.Listener{
+ Port: 443,
+ Protocol: v1alpha2.HTTPSProtocolType,
+ },
+ expectedKey: "HTTPS||443",
+ },
+ }
+
+ for _, test := range testCases {
+ test := test
+ t.Run(test.desc, func(t *testing.T) {
+ t.Parallel()
+
+ assert.Equal(t, test.expectedKey, makeListenerKey(test.listener))
+ })
+ }
+}
+
func hostnamePtr(hostname v1alpha2.Hostname) *v1alpha2.Hostname {
return &hostname
}
diff --git a/pkg/provider/nomad/nomad.go b/pkg/provider/nomad/nomad.go
index c7afa3b1d..1e2af4510 100644
--- a/pkg/provider/nomad/nomad.go
+++ b/pkg/provider/nomad/nomad.go
@@ -164,9 +164,10 @@ func (p *Provider) loadConfiguration(ctx context.Context, configurationC chan<-
func createClient(namespace string, endpoint *EndpointConfig) (*api.Client, error) {
config := api.Config{
Address: endpoint.Address,
- Region: endpoint.Region,
- WaitTime: time.Duration(endpoint.EndpointWaitTime),
Namespace: namespace,
+ Region: endpoint.Region,
+ SecretID: endpoint.Token,
+ WaitTime: time.Duration(endpoint.EndpointWaitTime),
}
if endpoint.TLS != nil {
diff --git a/pkg/redactor/testdata/anonymized-dynamic-config.json b/pkg/redactor/testdata/anonymized-dynamic-config.json
index c55b17a5b..8236dcde7 100644
--- a/pkg/redactor/testdata/anonymized-dynamic-config.json
+++ b/pkg/redactor/testdata/anonymized-dynamic-config.json
@@ -283,6 +283,7 @@
"notAfter": true,
"notBefore": true,
"sans": true,
+ "serialNumber": true,
"subject": {
"country": true,
"province": true,
@@ -301,8 +302,7 @@
"commonName": true,
"serialNumber": true,
"domainComponent": true
- },
- "serialNumber": true
+ }
}
},
"retry": {
diff --git a/pkg/redactor/testdata/secured-dynamic-config.json b/pkg/redactor/testdata/secured-dynamic-config.json
index df5dc3795..cf71aab33 100644
--- a/pkg/redactor/testdata/secured-dynamic-config.json
+++ b/pkg/redactor/testdata/secured-dynamic-config.json
@@ -286,6 +286,7 @@
"notAfter": true,
"notBefore": true,
"sans": true,
+ "serialNumber": true,
"subject": {
"country": true,
"province": true,
@@ -304,8 +305,7 @@
"commonName": true,
"serialNumber": true,
"domainComponent": true
- },
- "serialNumber": true
+ }
}
},
"retry": {
diff --git a/pkg/server/server_entrypoint_tcp.go b/pkg/server/server_entrypoint_tcp.go
index 0d45dc564..71f7a58eb 100644
--- a/pkg/server/server_entrypoint_tcp.go
+++ b/pkg/server/server_entrypoint_tcp.go
@@ -529,6 +529,8 @@ func createHTTPServer(ctx context.Context, ln net.Listener, configuration *stati
return nil, err
}
+ handler = http.AllowQuerySemicolons(handler)
+
if withH2c {
handler = h2c.NewHandler(handler, &http2.Server{
MaxConcurrentStreams: uint32(configuration.HTTP2.MaxConcurrentStreams),
diff --git a/pkg/server/service/proxy.go b/pkg/server/service/proxy.go
index bb0f7d92d..93cd1c033 100644
--- a/pkg/server/service/proxy.go
+++ b/pkg/server/service/proxy.go
@@ -9,6 +9,7 @@ import (
"net/http"
"net/http/httputil"
"net/url"
+ "strings"
"time"
ptypes "github.com/traefik/paerser/types"
@@ -46,7 +47,7 @@ func buildProxy(passHostHeader *bool, responseForwarding *dynamic.ResponseForwar
outReq.URL.Path = u.Path
outReq.URL.RawPath = u.RawPath
- outReq.URL.RawQuery = u.RawQuery
+ outReq.URL.RawQuery = strings.ReplaceAll(u.RawQuery, ";", "&")
outReq.RequestURI = "" // Outgoing request should not have RequestURI
outReq.Proto = "HTTP/1.1"
diff --git a/pkg/server/service/service.go b/pkg/server/service/service.go
index e2f878594..375e9f64e 100644
--- a/pkg/server/service/service.go
+++ b/pkg/server/service/service.go
@@ -311,12 +311,17 @@ func (m *Manager) LaunchHealthCheck() {
}
func buildHealthCheckOptions(ctx context.Context, lb healthcheck.Balancer, backend string, hc *dynamic.ServerHealthCheck) *healthcheck.Options {
- if hc == nil || hc.Path == "" {
+ if hc == nil {
return nil
}
logger := log.FromContext(ctx)
+ if hc.Path == "" {
+ logger.Errorf("Ignoring heath check configuration for '%s': no path provided", backend)
+ return nil
+ }
+
interval := defaultHealthCheckInterval
if hc.Interval != "" {
intervalOverride, err := time.ParseDuration(hc.Interval)
diff --git a/script/code-gen.sh b/script/code-gen.sh
index 4704fcec8..7a4c9b5e6 100755
--- a/script/code-gen.sh
+++ b/script/code-gen.sh
@@ -32,8 +32,9 @@ docker run --rm \
-w "/go/src/${PROJECT_MODULE}" \
"${IMAGE_NAME}" $cmd
-echo "Concatenate the CRD definitions for the integration tests ..."
-cat $(pwd)/docs/content/reference/dynamic-configuration/traefik.containo.us_*.yaml > $(pwd)/integration/fixtures/k8s/01-traefik-crd.yml
+echo "Concatenate the CRD definitions for publication and integration tests ..."
+cat $(pwd)/docs/content/reference/dynamic-configuration/traefik.containo.us_*.yaml > $(pwd)/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+cp -f $(pwd)/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml $(pwd)/integration/fixtures/k8s/01-traefik-crd.yml
cp -r $(pwd)/${MODULE_VERSION}/* $(pwd)
rm -rf $(pwd)/${MODULE_VERSION}
diff --git a/script/gcg/traefik-bugfix.toml b/script/gcg/traefik-bugfix.toml
index fd9142763..f941b7419 100644
--- a/script/gcg/traefik-bugfix.toml
+++ b/script/gcg/traefik-bugfix.toml
@@ -4,11 +4,11 @@ RepositoryName = "traefik"
OutputType = "file"
FileName = "traefik_changelog.md"
-# example new bugfix v2.7.1
+# example new bugfix v2.7.2
CurrentRef = "v2.7"
-PreviousRef = "v2.7.0"
+PreviousRef = "v2.7.1"
BaseBranch = "v2.7"
-FutureCurrentRefName = "v2.7.1"
+FutureCurrentRefName = "v2.7.2"
ThresholdPreviousRef = 10
ThresholdCurrentRef = 10
diff --git a/script/gcg/traefik-rc-new.toml b/script/gcg/traefik-rc-new.toml
index d2461a9d2..9e01d10e0 100644
--- a/script/gcg/traefik-rc-new.toml
+++ b/script/gcg/traefik-rc-new.toml
@@ -4,11 +4,11 @@ RepositoryName = "traefik"
OutputType = "file"
FileName = "traefik_changelog.md"
-# example RC2 of v2.7.0
-CurrentRef = "v2.7"
-PreviousRef = "v2.7.0-rc1"
-BaseBranch = "v2.7"
-FutureCurrentRefName = "v2.7.0-rc2"
+# example RC2 of v2.8.0
+CurrentRef = "v2.8"
+PreviousRef = "v2.8.0-rc1"
+BaseBranch = "v2.8"
+FutureCurrentRefName = "v2.8.0-rc2"
ThresholdPreviousRef = 10
ThresholdCurrentRef = 10