baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Update to go1.22

Browse source 
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
This commit is contained in:
Ludovic Fernandez 2024-02-07 17:14:07 +01:00 committed by GitHub
parent e11ff98608
commit d5cb9b50f4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
56 changed files with 4189 additions and 3419 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/build.yaml vendored
View file

@ -6,7 +6,7 @@ on:
- '*' - '*'
env: env:
GO_VERSION: '1.21' GO_VERSION: '1.22'
CGO_ENABLED: 0 CGO_ENABLED: 0
jobs: jobs:

2
.github/workflows/experimental.yaml vendored
View file

@ -7,7 +7,7 @@ on:
- v* - v*
env: env:
GO_VERSION: '1.21' GO_VERSION: '1.22'
CGO_ENABLED: 0 CGO_ENABLED: 0
jobs: jobs:

2
.github/workflows/test-integration.yaml vendored
View file

@ -9,7 +9,7 @@ on:
- 'gh-actions' - 'gh-actions'
env: env:
GO_VERSION: '1.21' GO_VERSION: '1.22'
CGO_ENABLED: 0 CGO_ENABLED: 0
jobs: jobs:

2
.github/workflows/test-unit.yaml vendored
View file

@ -6,7 +6,7 @@ on:
- '*' - '*'
env: env:
GO_VERSION: '1.21' GO_VERSION: '1.22'
jobs: jobs:

4
.github/workflows/validate.yaml vendored
View file

@ -6,8 +6,8 @@ on:
- '*' - '*'
env: env:
GO_VERSION: '1.21' GO_VERSION: '1.22'
GOLANGCI_LINT_VERSION: v1.55.2 GOLANGCI_LINT_VERSION: v1.56.0
MISSSPELL_VERSION: v0.4.1 MISSSPELL_VERSION: v0.4.1
jobs: jobs:

18
.golangci.yml
View file

@ -152,17 +152,10 @@ linters-settings:
- github.com/jaguilar/vt100 - github.com/jaguilar/vt100
- github.com/cucumber/godog - github.com/cucumber/godog
testifylint: testifylint:
enable: disable:
- bool-compare - suite-dont-use-pkg
- compares - require-error
- empty - go-require
- error-is-as
- error-nil
- expected-actual
- float-compare
- len
- suite-extra-assert-call
- suite-thelper
linters: linters:
enable-all: true enable-all: true
@ -218,7 +211,7 @@ linters:
issues: issues:
exclude-use-default: false exclude-use-default: false
max-per-linter: 0 max-issues-per-linter: 0
max-same-issues: 0 max-same-issues: 0
exclude: exclude:
- 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked' - 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked'
@ -232,6 +225,7 @@ issues:
- 'SA1019: c.Providers.ConsulCatalog.Namespace is deprecated' - 'SA1019: c.Providers.ConsulCatalog.Namespace is deprecated'
- 'SA1019: c.Providers.Consul.Namespace is deprecated' - 'SA1019: c.Providers.Consul.Namespace is deprecated'
- 'SA1019: c.Providers.Nomad.Namespace is deprecated' - 'SA1019: c.Providers.Nomad.Namespace is deprecated'
- 'fmt.Sprintf can be replaced with string addition'
exclude-rules: exclude-rules:
- path: '(.+)_test.go' - path: '(.+)_test.go'
linters: linters:

4
.semaphore/semaphore.yml
View file

@ -19,13 +19,13 @@ global_job_config:
prologue: prologue:
commands: commands:
- curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin" - curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin"
- sudo semgo go1.21 - sudo semgo go1.22
- export "GOPATH=$(go env GOPATH)" - export "GOPATH=$(go env GOPATH)"
- export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}" - export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}"
- export "PATH=${GOPATH}/bin:${PATH}" - export "PATH=${GOPATH}/bin:${PATH}"
- mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin" - mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin"
- export GOPROXY=https://proxy.golang.org,direct - export GOPROXY=https://proxy.golang.org,direct
- curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.55.2 - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.56.0
- curl -sSfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin" - curl -sSfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin"
- checkout - checkout
- cache restore traefik-$(checksum go.sum) - cache restore traefik-$(checksum go.sum)

27
docs/content/migration/v2.md
View file

@ -533,3 +533,30 @@ In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowL
### IPWhiteList (TCP) ### IPWhiteList (TCP)
In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowList](../middlewares/tcp/ipallowlist.md) middleware instead. In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowList](../middlewares/tcp/ipallowlist.md) middleware instead.
### TLS CipherSuites
> By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes.
> This change can be reverted with the `tlsrsakex=1 GODEBUG` setting.
> (https://go.dev/doc/go1.22#crypto/tls)
The _RSA key exchange_ cipher suites are way less secure than the modern ECDHE cipher suites and exposes to potential vulnerabilities like [the Marvin Attack](https://people.redhat.com/~hkario/marvin).
Decision has been made to support ECDHE cipher suites only by default.
The following ciphers have been removed from the default list:
- `TLS_RSA_WITH_AES_128_CBC_SHA`
- `TLS_RSA_WITH_AES_256_CBC_SHA`
- `TLS_RSA_WITH_AES_128_GCM_SHA256`
- `TLS_RSA_WITH_AES_256_GCM_SHA384`
To enable these ciphers, please set the option `CipherSuites` in your [TLS configuration](https://doc.traefik.io/traefik/https/tls/#cipher-suites) or set the environment variable `GODEBUG=tlsrsakex=1`.
### Minimum TLS Version
> By default, the minimum version offered by `crypto/tls` servers is now TLS 1.2 if not specified with config.MinimumVersion,
> matching the behavior of crypto/tls clients.
> This change can be reverted with the `tls10server=1 GODEBUG` setting.
> (https://go.dev/doc/go1.22#crypto/tls)
To enable TLS 1.0, please set the option `MinVersion` to `VersionTLS10` in your [TLS configuration](https://doc.traefik.io/traefik/https/tls/#cipher-suites) or set the environment variable `GODEBUG=tls10server=1`.

2478
docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
View file

File diff suppressed because it is too large Load diff

176
docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutes.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: ingressroutes.traefik.containo.us name: ingressroutes.traefik.containo.us
spec: spec:
group: traefik.containo.us group: traefik.containo.us
@ -20,14 +20,19 @@ spec:
description: IngressRoute is the CRD implementation of a Traefik HTTP Router. description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -35,10 +40,11 @@ spec:
description: IngressRouteSpec defines the desired state of IngressRoute. description: IngressRouteSpec defines the desired state of IngressRoute.
properties: properties:
entryPoints: entryPoints:
description: 'EntryPoints defines the list of entry point names to description: |-
bind to. Entry points have to be configured in the static configuration. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
Default: all.' Default: all.
items: items:
type: string type: string
type: array type: array
@ -48,17 +54,21 @@ spec:
description: Route holds the HTTP route configuration. description: Route holds the HTTP route configuration.
properties: properties:
kind: kind:
description: Kind defines the kind of the route. Rule is the description: |-
only supported kind. Kind defines the kind of the route.
Rule is the only supported kind.
enum: enum:
- Rule - Rule
type: string type: string
match: match:
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule' description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule
type: string type: string
middlewares: middlewares:
description: 'Middlewares defines the list of references to description: |-
Middleware resources. More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware' Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware
items: items:
description: MiddlewareRef is a reference to a Middleware description: MiddlewareRef is a reference to a Middleware
resource. resource.
@ -76,13 +86,14 @@ spec:
type: object type: object
type: array type: array
priority: priority:
description: 'Priority defines the router''s priority. More description: |-
info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority' Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority
type: integer type: integer
services: services:
description: Services defines the list of Service. It can contain description: |-
any combination of TraefikService and/or reference to a Kubernetes Services defines the list of Service.
Service. It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
items: items:
description: Service defines an upstream HTTP service to proxy description: Service defines an upstream HTTP service to proxy
traffic to. traffic to.
@ -94,31 +105,32 @@ spec:
- TraefikService - TraefikService
type: string type: string
name: name:
description: Name defines the name of the referenced Kubernetes description: |-
Service or TraefikService. The differentiation between Name defines the name of the referenced Kubernetes Service or TraefikService.
the two is specified in the Kind field. The differentiation between the two is specified in the Kind field.
type: string type: string
namespace: namespace:
description: Namespace defines the namespace of the referenced description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService. Kubernetes Service or TraefikService.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs NativeLB controls, when creating the load-balancer,
or if the only child is the Kubernetes Service clusterIP. whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the The Kubernetes Service itself does load-balance to the pods.
pods. By default, NativeLB is false. By default, NativeLB is false.
type: boolean type: boolean
passHostHeader: passHostHeader:
description: PassHostHeader defines whether the client description: |-
Host header is forwarded to the upstream Kubernetes PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
Service. By default, passHostHeader is true. By default, passHostHeader is true.
type: boolean type: boolean
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port. This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseForwarding: responseForwarding:
@ -127,30 +139,29 @@ spec:
the client. the client.
properties: properties:
flushInterval: flushInterval:
description: 'FlushInterval defines the interval, description: |-
in milliseconds, in between flushes to the client FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
while copying the response body. A negative value A negative value means to flush immediately after each write to the client.
means to flush immediately after each write to the This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
client. This configuration is ignored when ReverseProxy for such responses, writes are flushed to the client immediately.
recognizes a response as a streaming response; for Default: 100ms
such responses, writes are flushed to the client
immediately. Default: 100ms'
type: string type: string
type: object type: object
scheme: scheme:
description: Scheme defines the scheme to use for the description: |-
request to the upstream Kubernetes Service. It defaults Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
to https when Kubernetes Service port is 443, http otherwise. It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string type: string
serversTransport: serversTransport:
description: ServersTransport defines the name of ServersTransport description: |-
resource to use. It allows to configure the transport ServersTransport defines the name of ServersTransport resource to use.
between Traefik and your servers. Can only be used on It allows to configure the transport between Traefik and your servers.
a Kubernetes Service. Can only be used on a Kubernetes Service.
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: |-
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -164,8 +175,9 @@ spec:
description: Name defines the Cookie name. description: Name defines the Cookie name.
type: string type: string
sameSite: sameSite:
description: 'SameSite defines the same site policy. description: |-
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string type: string
secure: secure:
description: Secure defines whether the cookie description: Secure defines whether the cookie
@ -175,15 +187,14 @@ spec:
type: object type: object
type: object type: object
strategy: strategy:
description: Strategy defines the load balancing strategy description: |-
between the servers. RoundRobin is the only supported Strategy defines the load balancing strategy between the servers.
value at the moment. RoundRobin is the only supported value at the moment.
type: string type: string
weight: weight:
description: Weight defines the weight and should only description: |-
be specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round (and to be precise, one that embeds a Weighted Round Robin).
Robin).
type: integer type: integer
required: required:
- name - name
@ -195,16 +206,20 @@ spec:
type: object type: object
type: array type: array
tls: tls:
description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls' description: |-
TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls
properties: properties:
certResolver: certResolver:
description: 'CertResolver defines the name of the certificate description: |-
resolver to use. Cert resolvers have to be configured in the CertResolver defines the name of the certificate resolver to use.
static configuration. More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers' Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers
type: string type: string
domains: domains:
description: 'Domains defines the list of domains that will be description: |-
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains' Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@ -220,17 +235,20 @@ spec:
type: object type: object
type: array type: array
options: options:
description: 'Options defines the reference to a TLSOption, that description: |-
specifies the parameters of the TLS connection. If not defined, Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options' If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
properties: properties:
name: name:
description: 'Name defines the name of the referenced TLSOption. description: |-
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption' Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption
type: string type: string
namespace: namespace:
description: 'Namespace defines the namespace of the referenced description: |-
TLSOption. More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption' Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption
type: string type: string
required: required:
- name - name
@ -240,17 +258,19 @@ spec:
Secret to specify the certificate details. Secret to specify the certificate details.
type: string type: string
store: store:
description: Store defines the reference to the TLSStore, that description: |-
will be used to store certificates. Please note that only `default` Store defines the reference to the TLSStore, that will be used to store certificates.
TLSStore can be used. Please note that only `default` TLSStore can be used.
properties: properties:
name: name:
description: 'Name defines the name of the referenced TLSStore. description: |-
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore' Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore
type: string type: string
namespace: namespace:
description: 'Namespace defines the namespace of the referenced description: |-
TLSStore. More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore' Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore
type: string type: string
required: required:
- name - name

96
docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutetcps.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: ingressroutetcps.traefik.containo.us name: ingressroutetcps.traefik.containo.us
spec: spec:
group: traefik.containo.us group: traefik.containo.us
@ -20,14 +20,19 @@ spec:
description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -35,10 +40,11 @@ spec:
description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
properties: properties:
entryPoints: entryPoints:
description: 'EntryPoints defines the list of entry point names to description: |-
bind to. Entry points have to be configured in the static configuration. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
Default: all.' Default: all.
items: items:
type: string type: string
type: array type: array
@ -48,7 +54,9 @@ spec:
description: RouteTCP holds the TCP route configuration. description: RouteTCP holds the TCP route configuration.
properties: properties:
match: match:
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1' description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1
type: string type: string
middlewares: middlewares:
description: Middlewares defines the list of references to MiddlewareTCP description: Middlewares defines the list of references to MiddlewareTCP
@ -70,8 +78,9 @@ spec:
type: object type: object
type: array type: array
priority: priority:
description: 'Priority defines the router''s priority. More description: |-
info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1' Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1
type: integer type: integer
services: services:
description: Services defines the list of TCP services. description: Services defines the list of TCP services.
@ -88,22 +97,24 @@ spec:
Kubernetes Service. Kubernetes Service.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs NativeLB controls, when creating the load-balancer,
or if the only child is the Kubernetes Service clusterIP. whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the The Kubernetes Service itself does load-balance to the pods.
pods. By default, NativeLB is false. By default, NativeLB is false.
type: boolean type: boolean
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port. This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
proxyProtocol: proxyProtocol:
description: 'ProxyProtocol defines the PROXY protocol description: |-
configuration. More info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol' ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol
properties: properties:
version: version:
description: Version defines the PROXY Protocol version description: Version defines the PROXY Protocol version
@ -111,13 +122,12 @@ spec:
type: integer type: integer
type: object type: object
terminationDelay: terminationDelay:
description: TerminationDelay defines the deadline that description: |-
the proxy sets, after one of its connected peers indicates TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates
it has closed the writing capability of its connection, it has closed the writing capability of its connection, to close the reading capability as well,
to close the reading capability as well, hence fully hence fully terminating the connection.
terminating the connection. It is a duration in milliseconds, It is a duration in milliseconds, defaulting to 100.
defaulting to 100. A negative value means an infinite A negative value means an infinite deadline (i.e. the reading capability is never closed).
deadline (i.e. the reading capability is never closed).
type: integer type: integer
weight: weight:
description: Weight defines the weight used when balancing description: Weight defines the weight used when balancing
@ -133,17 +143,20 @@ spec:
type: object type: object
type: array type: array
tls: tls:
description: 'TLS defines the TLS configuration on a layer 4 / TCP description: |-
Route. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1' TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1
properties: properties:
certResolver: certResolver:
description: 'CertResolver defines the name of the certificate description: |-
resolver to use. Cert resolvers have to be configured in the CertResolver defines the name of the certificate resolver to use.
static configuration. More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers' Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers
type: string type: string
domains: domains:
description: 'Domains defines the list of domains that will be description: |-
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains' Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@ -159,9 +172,10 @@ spec:
type: object type: object
type: array type: array
options: options:
description: 'Options defines the reference to a TLSOption, that description: |-
specifies the parameters of the TLS connection. If not defined, Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options' If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
properties: properties:
name: name:
description: Name defines the name of the referenced Traefik description: Name defines the name of the referenced Traefik
@ -183,9 +197,9 @@ spec:
Secret to specify the certificate details. Secret to specify the certificate details.
type: string type: string
store: store:
description: Store defines the reference to the TLSStore, that description: |-
will be used to store certificates. Please note that only `default` Store defines the reference to the TLSStore, that will be used to store certificates.
TLSStore can be used. Please note that only `default` TLSStore can be used.
properties: properties:
name: name:
description: Name defines the name of the referenced Traefik description: Name defines the name of the referenced Traefik

39
docs/content/reference/dynamic-configuration/traefik.containo.us_ingressrouteudps.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: ingressrouteudps.traefik.containo.us name: ingressrouteudps.traefik.containo.us
spec: spec:
group: traefik.containo.us group: traefik.containo.us
@ -20,14 +20,19 @@ spec:
description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -35,10 +40,11 @@ spec:
description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
properties: properties:
entryPoints: entryPoints:
description: 'EntryPoints defines the list of entry point names to description: |-
bind to. Entry points have to be configured in the static configuration. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
Default: all.' Default: all.
items: items:
type: string type: string
type: array type: array
@ -62,17 +68,18 @@ spec:
Kubernetes Service. Kubernetes Service.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs NativeLB controls, when creating the load-balancer,
or if the only child is the Kubernetes Service clusterIP. whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the The Kubernetes Service itself does load-balance to the pods.
pods. By default, NativeLB is false. By default, NativeLB is false.
type: boolean type: boolean
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port. This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
weight: weight:

505
docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: middlewares.traefik.containo.us name: middlewares.traefik.containo.us
spec: spec:
group: traefik.containo.us group: traefik.containo.us
@ -17,18 +17,24 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'Middleware is the CRD implementation of a Traefik Middleware. description: |-
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/' Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -36,33 +42,37 @@ spec:
description: MiddlewareSpec defines the desired state of a Middleware. description: MiddlewareSpec defines the desired state of a Middleware.
properties: properties:
addPrefix: addPrefix:
description: 'AddPrefix holds the add prefix middleware configuration. description: |-
This middleware updates the path of a request before forwarding AddPrefix holds the add prefix middleware configuration.
it. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/' This middleware updates the path of a request before forwarding it.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/
properties: properties:
prefix: prefix:
description: Prefix is the string to add before the current path description: |-
in the requested URL. It should include a leading slash (/). Prefix is the string to add before the current path in the requested URL.
It should include a leading slash (/).
type: string type: string
type: object type: object
basicAuth: basicAuth:
description: 'BasicAuth holds the basic auth middleware configuration. description: |-
BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/' More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/
properties: properties:
headerField: headerField:
description: 'HeaderField defines a header field to store the description: |-
authenticated user. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield' HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield
type: string type: string
realm: realm:
description: 'Realm allows the protected resources on a server description: |-
to be partitioned into a set of protection spaces, each with Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
its own authentication scheme. Default: traefik.' Default: traefik.
type: string type: string
removeHeader: removeHeader:
description: 'RemoveHeader sets the removeHeader option to true description: |-
to remove the authorization header before forwarding the request RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.
to your service. Default: false.' Default: false.
type: boolean type: boolean
secret: secret:
description: Secret is the name of the referenced Kubernetes Secret description: Secret is the name of the referenced Kubernetes Secret
@ -70,48 +80,49 @@ spec:
type: string type: string
type: object type: object
buffering: buffering:
description: 'Buffering holds the buffering middleware configuration. description: |-
This middleware retries or limits the size of requests that can Buffering holds the buffering middleware configuration.
be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes' This middleware retries or limits the size of requests that can be forwarded to backends.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes
properties: properties:
maxRequestBodyBytes: maxRequestBodyBytes:
description: 'MaxRequestBodyBytes defines the maximum allowed description: |-
body size for the request (in bytes). If the request exceeds MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
the allowed size, it is not forwarded to the service, and the If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
client gets a 413 (Request Entity Too Large) response. Default: Default: 0 (no maximum).
0 (no maximum).'
format: int64 format: int64
type: integer type: integer
maxResponseBodyBytes: maxResponseBodyBytes:
description: 'MaxResponseBodyBytes defines the maximum allowed description: |-
response size from the service (in bytes). If the response exceeds MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes).
the allowed size, it is not forwarded to the client. The client If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead.
gets a 500 (Internal Server Error) response instead. Default: Default: 0 (no maximum).
0 (no maximum).'
format: int64 format: int64
type: integer type: integer
memRequestBodyBytes: memRequestBodyBytes:
description: 'MemRequestBodyBytes defines the threshold (in bytes) description: |-
from which the request will be buffered on disk instead of in MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory.
memory. Default: 1048576 (1Mi).' Default: 1048576 (1Mi).
format: int64 format: int64
type: integer type: integer
memResponseBodyBytes: memResponseBodyBytes:
description: 'MemResponseBodyBytes defines the threshold (in bytes) description: |-
from which the response will be buffered on disk instead of MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory.
in memory. Default: 1048576 (1Mi).' Default: 1048576 (1Mi).
format: int64 format: int64
type: integer type: integer
retryExpression: retryExpression:
description: 'RetryExpression defines the retry conditions. It description: |-
is a logical combination of functions with operators AND (&&) RetryExpression defines the retry conditions.
and OR (||). More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression' It is a logical combination of functions with operators AND (&&) and OR (||).
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression
type: string type: string
type: object type: object
chain: chain:
description: 'Chain holds the configuration of the chain middleware. description: |-
This middleware enables to define reusable combinations of other Chain holds the configuration of the chain middleware.
pieces of middleware. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/' This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/
properties: properties:
middlewares: middlewares:
description: Middlewares is the list of MiddlewareRef which composes description: Middlewares is the list of MiddlewareRef which composes
@ -163,9 +174,10 @@ spec:
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
type: object type: object
compress: compress:
description: 'Compress holds the compress middleware configuration. description: |-
This middleware compresses responses before sending them to the Compress holds the compress middleware configuration.
client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/' This middleware compresses responses before sending them to the client, using gzip compression.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/
properties: properties:
excludedContentTypes: excludedContentTypes:
description: ExcludedContentTypes defines the list of content description: ExcludedContentTypes defines the list of content
@ -175,40 +187,40 @@ spec:
type: string type: string
type: array type: array
minResponseBodyBytes: minResponseBodyBytes:
description: 'MinResponseBodyBytes defines the minimum amount description: |-
of bytes a response body must have to be compressed. Default: MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
1024.' Default: 1024.
type: integer type: integer
type: object type: object
contentType: contentType:
description: ContentType holds the content-type middleware configuration. description: |-
This middleware exists to enable the correct behavior until at least ContentType holds the content-type middleware configuration.
the default one can be changed in a future version. This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
properties: properties:
autoDetect: autoDetect:
description: AutoDetect specifies whether to let the `Content-Type` description: |-
header, if it has not been set by the backend, be automatically AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
set to a value derived from the contents of the response. As be automatically set to a value derived from the contents of the response.
a proxy, the default behavior should be to leave the header As a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it.
alone, regardless of what the backend did with it. However, However, the historic default was to always auto-detect and set the header if it was nil,
the historic default was to always auto-detect and set the header and it is going to be kept that way in order to support users currently relying on it.
if it was nil, and it is going to be kept that way in order
to support users currently relying on it.
type: boolean type: boolean
type: object type: object
digestAuth: digestAuth:
description: 'DigestAuth holds the digest auth middleware configuration. description: |-
DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/' More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/
properties: properties:
headerField: headerField:
description: 'HeaderField defines a header field to store the description: |-
authenticated user. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield' HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield
type: string type: string
realm: realm:
description: 'Realm allows the protected resources on a server description: |-
to be partitioned into a set of protection spaces, each with Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
its own authentication scheme. Default: traefik.' Default: traefik.
type: string type: string
removeHeader: removeHeader:
description: RemoveHeader defines whether to remove the authorization description: RemoveHeader defines whether to remove the authorization
@ -220,18 +232,20 @@ spec:
type: string type: string
type: object type: object
errors: errors:
description: 'ErrorPage holds the custom error middleware configuration. description: |-
This middleware returns a custom page in lieu of the default, according ErrorPage holds the custom error middleware configuration.
to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/' This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/
properties: properties:
query: query:
description: Query defines the URL for the error page (hosted description: |-
by service). The {status} variable can be used in order to insert Query defines the URL for the error page (hosted by service).
the status code in the URL. The {status} variable can be used in order to insert the status code in the URL.
type: string type: string
service: service:
description: 'Service defines the reference to a Kubernetes Service description: |-
that will serve the error page. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service' Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service
properties: properties:
kind: kind:
description: Kind defines the kind of the Service. description: Kind defines the kind of the Service.
@ -240,31 +254,32 @@ spec:
- TraefikService - TraefikService
type: string type: string
name: name:
description: Name defines the name of the referenced Kubernetes description: |-
Service or TraefikService. The differentiation between the Name defines the name of the referenced Kubernetes Service or TraefikService.
two is specified in the Kind field. The differentiation between the two is specified in the Kind field.
type: string type: string
namespace: namespace:
description: Namespace defines the namespace of the referenced description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService. Kubernetes Service or TraefikService.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs or if NativeLB controls, when creating the load-balancer,
the only child is the Kubernetes Service clusterIP. The whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
Kubernetes Service itself does load-balance to the pods. The Kubernetes Service itself does load-balance to the pods.
By default, NativeLB is false. By default, NativeLB is false.
type: boolean type: boolean
passHostHeader: passHostHeader:
description: PassHostHeader defines whether the client Host description: |-
header is forwarded to the upstream Kubernetes Service. PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true. By default, passHostHeader is true.
type: boolean type: boolean
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port. This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseForwarding: responseForwarding:
@ -273,29 +288,29 @@ spec:
client. client.
properties: properties:
flushInterval: flushInterval:
description: 'FlushInterval defines the interval, in milliseconds, description: |-
in between flushes to the client while copying the response FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
body. A negative value means to flush immediately after A negative value means to flush immediately after each write to the client.
each write to the client. This configuration is ignored This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
when ReverseProxy recognizes a response as a streaming for such responses, writes are flushed to the client immediately.
response; for such responses, writes are flushed to Default: 100ms
the client immediately. Default: 100ms'
type: string type: string
type: object type: object
scheme: scheme:
description: Scheme defines the scheme to use for the request description: |-
to the upstream Kubernetes Service. It defaults to https Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
when Kubernetes Service port is 443, http otherwise. It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string type: string
serversTransport: serversTransport:
description: ServersTransport defines the name of ServersTransport description: |-
resource to use. It allows to configure the transport between ServersTransport defines the name of ServersTransport resource to use.
Traefik and your servers. Can only be used on a Kubernetes It allows to configure the transport between Traefik and your servers.
Service. Can only be used on a Kubernetes Service.
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: |-
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -308,8 +323,9 @@ spec:
description: Name defines the Cookie name. description: Name defines the Cookie name.
type: string type: string
sameSite: sameSite:
description: 'SameSite defines the same site policy. description: |-
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string type: string
secure: secure:
description: Secure defines whether the cookie can description: Secure defines whether the cookie can
@ -319,40 +335,42 @@ spec:
type: object type: object
type: object type: object
strategy: strategy:
description: Strategy defines the load balancing strategy description: |-
between the servers. RoundRobin is the only supported value Strategy defines the load balancing strategy between the servers.
at the moment. RoundRobin is the only supported value at the moment.
type: string type: string
weight: weight:
description: Weight defines the weight and should only be description: |-
specified when Name references a TraefikService object (and Weight defines the weight and should only be specified when Name references a TraefikService object
to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
type: integer type: integer
required: required:
- name - name
type: object type: object
status: status:
description: Status defines which status or range of statuses description: |-
should result in an error page. It can be either a status code Status defines which status or range of statuses should result in an error page.
as a number (500), as multiple comma-separated numbers (500,502), It can be either a status code as a number (500),
as ranges by separating two codes with a dash (500-599), or as multiple comma-separated numbers (500,502),
a combination of the two (404,418,500-599). as ranges by separating two codes with a dash (500-599),
or a combination of the two (404,418,500-599).
items: items:
type: string type: string
type: array type: array
type: object type: object
forwardAuth: forwardAuth:
description: 'ForwardAuth holds the forward auth middleware configuration. description: |-
ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service. This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/' More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/
properties: properties:
address: address:
description: Address defines the authentication server address. description: Address defines the authentication server address.
type: string type: string
authRequestHeaders: authRequestHeaders:
description: AuthRequestHeaders defines the list of the headers description: |-
to copy from the request to the authentication server. If not AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
set or empty then all request headers are passed. If not set or empty then all request headers are passed.
items: items:
type: string type: string
type: array type: array
@ -364,10 +382,9 @@ spec:
type: string type: string
type: array type: array
authResponseHeadersRegex: authResponseHeadersRegex:
description: 'AuthResponseHeadersRegex defines the regex to match description: |-
headers to copy from the authentication server response and AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
set on forwarded request, after stripping all headers that match More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex
the regex. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex'
type: string type: string
tls: tls:
description: TLS defines the configuration used to secure the description: TLS defines the configuration used to secure the
@ -376,14 +393,14 @@ spec:
caOptional: caOptional:
type: boolean type: boolean
caSecret: caSecret:
description: CASecret is the name of the referenced Kubernetes description: |-
Secret containing the CA to validate the server certificate. CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate.
The CA certificate is extracted from key `tls.ca` or `ca.crt`. The CA certificate is extracted from key `tls.ca` or `ca.crt`.
type: string type: string
certSecret: certSecret:
description: CertSecret is the name of the referenced Kubernetes description: |-
Secret containing the client certificate. The client certificate CertSecret is the name of the referenced Kubernetes Secret containing the client certificate.
is extracted from the keys `tls.crt` and `tls.key`. The client certificate is extracted from the keys `tls.crt` and `tls.key`.
type: string type: string
insecureSkipVerify: insecureSkipVerify:
description: InsecureSkipVerify defines whether the server description: InsecureSkipVerify defines whether the server
@ -396,9 +413,10 @@ spec:
type: boolean type: boolean
type: object type: object
headers: headers:
description: 'Headers holds the headers middleware configuration. description: |-
This middleware manages the requests and responses headers. More Headers holds the headers middleware configuration.
info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders' This middleware manages the requests and responses headers.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders
properties: properties:
accessControlAllowCredentials: accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the description: AccessControlAllowCredentials defines whether the
@ -463,12 +481,14 @@ spec:
header with the nosniff value. header with the nosniff value.
type: boolean type: boolean
customBrowserXSSValue: customBrowserXSSValue:
description: CustomBrowserXSSValue defines the X-XSS-Protection description: |-
header value. This overrides the BrowserXssFilter option. CustomBrowserXSSValue defines the X-XSS-Protection header value.
This overrides the BrowserXssFilter option.
type: string type: string
customFrameOptionsValue: customFrameOptionsValue:
description: CustomFrameOptionsValue defines the X-Frame-Options description: |-
header value. This overrides the FrameDeny option. CustomFrameOptionsValue defines the X-Frame-Options header value.
This overrides the FrameDeny option.
type: string type: string
customRequestHeaders: customRequestHeaders:
additionalProperties: additionalProperties:
@ -500,25 +520,25 @@ spec:
type: string type: string
type: array type: array
isDevelopment: isDevelopment:
description: IsDevelopment defines whether to mitigate the unwanted description: |-
effects of the AllowedHosts, SSL, and STS options when developing. IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing.
Usually testing takes place using HTTP, not HTTPS, and on localhost, Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain.
not your production domain. If you would like your development If you would like your development environment to mimic production with complete Host blocking, SSL redirects,
environment to mimic production with complete Host blocking, and STS headers, leave this as false.
SSL redirects, and STS headers, leave this as false.
type: boolean type: boolean
permissionsPolicy: permissionsPolicy:
description: PermissionsPolicy defines the Permissions-Policy description: |-
header value. This allows sites to control browser features. PermissionsPolicy defines the Permissions-Policy header value.
This allows sites to control browser features.
type: string type: string
publicKey: publicKey:
description: PublicKey is the public key that implements HPKP description: PublicKey is the public key that implements HPKP
to prevent MITM attacks with forged certificates. to prevent MITM attacks with forged certificates.
type: string type: string
referrerPolicy: referrerPolicy:
description: ReferrerPolicy defines the Referrer-Policy header description: |-
value. This allows sites to control whether browsers forward ReferrerPolicy defines the Referrer-Policy header value.
the Referer header to other sites. This allows sites to control whether browsers forward the Referer header to other sites.
type: string type: string
sslForceHost: sslForceHost:
description: 'Deprecated: use RedirectRegex instead.' description: 'Deprecated: use RedirectRegex instead.'
@ -529,10 +549,9 @@ spec:
sslProxyHeaders: sslProxyHeaders:
additionalProperties: additionalProperties:
type: string type: string
description: 'SSLProxyHeaders defines the header keys with associated description: |-
values that would indicate a valid HTTPS request. It can be SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
useful when using other proxies (example: "X-Forwarded-Proto": It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
"https").'
type: object type: object
sslRedirect: sslRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme description: 'Deprecated: use EntryPoint redirection or RedirectScheme
@ -551,33 +570,35 @@ spec:
to the Strict-Transport-Security header. to the Strict-Transport-Security header.
type: boolean type: boolean
stsSeconds: stsSeconds:
description: STSSeconds defines the max-age of the Strict-Transport-Security description: |-
header. If set to 0, the header is not set. STSSeconds defines the max-age of the Strict-Transport-Security header.
If set to 0, the header is not set.
format: int64 format: int64
type: integer type: integer
type: object type: object
inFlightReq: inFlightReq:
description: 'InFlightReq holds the in-flight request middleware configuration. description: |-
This middleware limits the number of requests being processed and InFlightReq holds the in-flight request middleware configuration.
served concurrently. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/' This middleware limits the number of requests being processed and served concurrently.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/
properties: properties:
amount: amount:
description: Amount defines the maximum amount of allowed simultaneous description: |-
in-flight request. The middleware responds with HTTP 429 Too Amount defines the maximum amount of allowed simultaneous in-flight request.
Many Requests if there are already amount requests in progress The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
(based on the same sourceCriterion strategy).
format: int64 format: int64
type: integer type: integer
sourceCriterion: sourceCriterion:
description: 'SourceCriterion defines what criterion is used to description: |-
group requests as originating from a common source. If several SourceCriterion defines what criterion is used to group requests as originating from a common source.
strategies are defined at the same time, an error will be raised. If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost. More If none are set, the default is to use the requestHost.
info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion' More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: |-
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy' IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -603,13 +624,15 @@ spec:
type: object type: object
type: object type: object
ipAllowList: ipAllowList:
description: 'IPAllowList holds the IP allowlist middleware configuration. description: |-
IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/' More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration used description: |-
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy' IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -631,14 +654,16 @@ spec:
type: array type: array
type: object type: object
ipWhiteList: ipWhiteList:
description: 'IPWhiteList holds the IP whitelist middleware configuration. description: |-
IPWhiteList holds the IP whitelist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/ More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
Deprecated: please use IPAllowList instead.' Deprecated: please use IPAllowList instead.
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration used description: |-
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy' IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -660,9 +685,10 @@ spec:
type: array type: array
type: object type: object
passTLSClientCert: passTLSClientCert:
description: 'PassTLSClientCert holds the pass TLS client cert middleware description: |-
configuration. This middleware adds the selected data from the passed PassTLSClientCert holds the pass TLS client cert middleware configuration.
client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/' This middleware adds the selected data from the passed client TLS certificate to a header.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/
properties: properties:
info: info:
description: Info selects the specific client certificate details description: Info selects the specific client certificate details
@ -763,46 +789,48 @@ spec:
plugin: plugin:
additionalProperties: additionalProperties:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
description: 'Plugin defines the middleware plugin configuration. description: |-
More info: https://doc.traefik.io/traefik/plugins/' Plugin defines the middleware plugin configuration.
More info: https://doc.traefik.io/traefik/plugins/
type: object type: object
rateLimit: rateLimit:
description: 'RateLimit holds the rate limit configuration. This middleware description: |-
ensures that services will receive a fair amount of requests, and RateLimit holds the rate limit configuration.
allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/' This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/
properties: properties:
average: average:
description: Average is the maximum rate, by default in requests/s, description: |-
allowed for the given source. It defaults to 0, which means Average is the maximum rate, by default in requests/s, allowed for the given source.
no rate limiting. The rate is actually defined by dividing Average It defaults to 0, which means no rate limiting.
by Period. So for a rate below 1req/s, one needs to define a The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
Period larger than a second. one needs to define a Period larger than a second.
format: int64 format: int64
type: integer type: integer
burst: burst:
description: Burst is the maximum number of requests allowed to description: |-
arrive in the same arbitrarily small period of time. It defaults Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
to 1. It defaults to 1.
format: int64 format: int64
type: integer type: integer
period: period:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: 'Period, in combination with Average, defines the description: |-
actual maximum rate, such as: r = Average / Period. It defaults Period, in combination with Average, defines the actual maximum rate, such as:
to a second.' r = Average / Period. It defaults to a second.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
sourceCriterion: sourceCriterion:
description: SourceCriterion defines what criterion is used to description: |-
group requests as originating from a common source. If several SourceCriterion defines what criterion is used to group requests as originating from a common source.
strategies are defined at the same time, an error will be raised. If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the request's remote If none are set, the default is to use the request's remote address field (as an ipStrategy).
address field (as an ipStrategy).
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: |-
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy' IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -828,9 +856,10 @@ spec:
type: object type: object
type: object type: object
redirectRegex: redirectRegex:
description: 'RedirectRegex holds the redirect regex middleware configuration. description: |-
RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement. This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex' More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@ -846,9 +875,10 @@ spec:
type: string type: string
type: object type: object
redirectScheme: redirectScheme:
description: 'RedirectScheme holds the redirect scheme middleware description: |-
configuration. This middleware redirects requests from a scheme/port RedirectScheme holds the redirect scheme middleware configuration.
to another. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/' This middleware redirects requests from a scheme/port to another.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@ -862,9 +892,10 @@ spec:
type: string type: string
type: object type: object
replacePath: replacePath:
description: 'ReplacePath holds the replace path middleware configuration. description: |-
This middleware replaces the path of the request URL and store the ReplacePath holds the replace path middleware configuration.
original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/' This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/
properties: properties:
path: path:
description: Path defines the path to use as replacement in the description: Path defines the path to use as replacement in the
@ -872,9 +903,10 @@ spec:
type: string type: string
type: object type: object
replacePathRegex: replacePathRegex:
description: 'ReplacePathRegex holds the replace path regex middleware description: |-
configuration. This middleware replaces the path of a URL using ReplacePathRegex holds the replace path regex middleware configuration.
regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/' This middleware replaces the path of a URL using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/
properties: properties:
regex: regex:
description: Regex defines the regular expression used to match description: Regex defines the regular expression used to match
@ -886,11 +918,11 @@ spec:
type: string type: string
type: object type: object
retry: retry:
description: 'Retry holds the retry middleware configuration. This description: |-
middleware reissues requests a given number of times to a backend Retry holds the retry middleware configuration.
server if that server does not reply. As soon as the server answers, This middleware reissues requests a given number of times to a backend server if that server does not reply.
the middleware stops retrying, regardless of the response status. As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/' More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/
properties: properties:
attempts: attempts:
description: Attempts defines how many times the request should description: Attempts defines how many times the request should
@ -900,22 +932,24 @@ spec:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: InitialInterval defines the first wait time in the description: |-
exponential backoff series. The maximum interval is calculated InitialInterval defines the first wait time in the exponential backoff series.
as twice the initialInterval. If unspecified, requests will The maximum interval is calculated as twice the initialInterval.
be retried immediately. The value of initialInterval should If unspecified, requests will be retried immediately.
be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. The value of initialInterval should be provided in seconds or as a valid duration format,
see https://pkg.go.dev/time#ParseDuration.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
type: object type: object
stripPrefix: stripPrefix:
description: 'StripPrefix holds the strip prefix middleware configuration. description: |-
StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path. This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/' More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/
properties: properties:
forceSlash: forceSlash:
description: 'ForceSlash ensures that the resulting stripped path description: |-
is not the empty string, by replacing it with / when necessary. ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
Default: true.' Default: true.
type: boolean type: boolean
prefixes: prefixes:
description: Prefixes defines the prefixes to strip from the request description: Prefixes defines the prefixes to strip from the request
@ -925,9 +959,10 @@ spec:
type: array type: array
type: object type: object
stripPrefixRegex: stripPrefixRegex:
description: 'StripPrefixRegex holds the strip prefix regex middleware description: |-
configuration. This middleware removes the matching prefixes from StripPrefixRegex holds the strip prefix regex middleware configuration.
the URL path. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/' This middleware removes the matching prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/
properties: properties:
regex: regex:
description: Regex defines the regular expression to match the description: Regex defines the regular expression to match the

45
docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: middlewaretcps.traefik.containo.us name: middlewaretcps.traefik.containo.us
spec: spec:
group: traefik.containo.us group: traefik.containo.us
@ -17,18 +17,24 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. description: |-
More info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/' MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -39,16 +45,17 @@ spec:
description: InFlightConn defines the InFlightConn middleware configuration. description: InFlightConn defines the InFlightConn middleware configuration.
properties: properties:
amount: amount:
description: Amount defines the maximum amount of allowed simultaneous description: |-
connections. The middleware closes the connection if there are Amount defines the maximum amount of allowed simultaneous connections.
already amount connections opened. The middleware closes the connection if there are already amount connections opened.
format: int64 format: int64
type: integer type: integer
type: object type: object
ipAllowList: ipAllowList:
description: 'IPAllowList defines the IPAllowList middleware configuration. description: |-
This middleware accepts/refuses connections based on the client IPAllowList defines the IPAllowList middleware configuration.
IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/' This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of
@ -58,9 +65,11 @@ spec:
type: array type: array
type: object type: object
ipWhiteList: ipWhiteList:
description: 'IPWhiteList defines the IPWhiteList middleware configuration. description: |-
This middleware accepts/refuses connections based on the client IPWhiteList defines the IPWhiteList middleware configuration.
IP. Deprecated: please use IPAllowList instead. More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/' This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of

24
docs/content/reference/dynamic-configuration/traefik.containo.us_serverstransports.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: serverstransports.traefik.containo.us name: serverstransports.traefik.containo.us
spec: spec:
group: traefik.containo.us group: traefik.containo.us
@ -17,20 +17,26 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'ServersTransport is the CRD implementation of a ServersTransport. description: |-
ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used. If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration. The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1' More info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object

61
docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: tlsoptions.traefik.containo.us name: tlsoptions.traefik.containo.us
spec: spec:
group: traefik.containo.us group: traefik.containo.us
@ -17,19 +17,24 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'TLSOption is the CRD implementation of a Traefik TLS Option, description: |-
allowing to configure some parameters of the TLS connection. More info: TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options' More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -37,15 +42,16 @@ spec:
description: TLSOptionSpec defines the desired state of a TLSOption. description: TLSOptionSpec defines the desired state of a TLSOption.
properties: properties:
alpnProtocols: alpnProtocols:
description: 'ALPNProtocols defines the list of supported application description: |-
level protocols for the TLS handshake, in order of preference. More ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols' More info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols
items: items:
type: string type: string
type: array type: array
cipherSuites: cipherSuites:
description: 'CipherSuites defines the list of supported cipher suites description: |-
for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites' CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites
items: items:
type: string type: string
type: array type: array
@ -71,26 +77,29 @@ spec:
type: array type: array
type: object type: object
curvePreferences: curvePreferences:
description: 'CurvePreferences defines the preferred elliptic curves description: |-
in a specific order. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences' CurvePreferences defines the preferred elliptic curves in a specific order.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences
items: items:
type: string type: string
type: array type: array
maxVersion: maxVersion:
description: 'MaxVersion defines the maximum TLS version that Traefik description: |-
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, MaxVersion defines the maximum TLS version that Traefik will accept.
VersionTLS13. Default: None.' Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
Default: None.
type: string type: string
minVersion: minVersion:
description: 'MinVersion defines the minimum TLS version that Traefik description: |-
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, MinVersion defines the minimum TLS version that Traefik will accept.
VersionTLS13. Default: VersionTLS10.' Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
Default: VersionTLS10.
type: string type: string
preferServerCipherSuites: preferServerCipherSuites:
description: 'PreferServerCipherSuites defines whether the server description: |-
chooses a cipher suite among his own instead of among the client''s. PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
It is enabled automatically when minVersion or maxVersion is set. It is enabled automatically when minVersion or maxVersion is set.
Deprecated: https://github.com/golang/go/issues/45430' Deprecated: https://github.com/golang/go/issues/45430
type: boolean type: boolean
sniStrict: sniStrict:
description: SniStrict defines whether Traefik allows connections description: SniStrict defines whether Traefik allows connections

28
docs/content/reference/dynamic-configuration/traefik.containo.us_tlsstores.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: tlsstores.traefik.containo.us name: tlsstores.traefik.containo.us
spec: spec:
group: traefik.containo.us group: traefik.containo.us
@ -17,20 +17,26 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For description: |-
the time being, only the TLSStore named default is supported. This means TLSStore is the CRD implementation of a Traefik TLS Store.
that you cannot have two stores that are named default in different Kubernetes For the time being, only the TLSStore named default is supported.
namespaces. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#certificates-stores' This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#certificates-stores
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object

265
docs/content/reference/dynamic-configuration/traefik.containo.us_traefikservices.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: traefikservices.traefik.containo.us name: traefikservices.traefik.containo.us
spec: spec:
group: traefik.containo.us group: traefik.containo.us
@ -17,19 +17,27 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'TraefikService is the CRD implementation of a Traefik Service. description: |-
TraefikService object allows to: - Apply weight to Services on load-balancing TraefikService is the CRD implementation of a Traefik Service.
- Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-traefikservice' TraefikService object allows to:
- Apply weight to Services on load-balancing
- Mirror traffic on services
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-traefikservice
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -46,10 +54,10 @@ spec:
- TraefikService - TraefikService
type: string type: string
maxBodySize: maxBodySize:
description: MaxBodySize defines the maximum size allowed for description: |-
the body of the request. If the body is larger, the request MaxBodySize defines the maximum size allowed for the body of the request.
is not mirrored. Default value is -1, which means unlimited If the body is larger, the request is not mirrored.
size. Default value is -1, which means unlimited size.
format: int64 format: int64
type: integer type: integer
mirrors: mirrors:
@ -65,35 +73,37 @@ spec:
- TraefikService - TraefikService
type: string type: string
name: name:
description: Name defines the name of the referenced Kubernetes description: |-
Service or TraefikService. The differentiation between Name defines the name of the referenced Kubernetes Service or TraefikService.
the two is specified in the Kind field. The differentiation between the two is specified in the Kind field.
type: string type: string
namespace: namespace:
description: Namespace defines the namespace of the referenced description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService. Kubernetes Service or TraefikService.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs or NativeLB controls, when creating the load-balancer,
if the only child is the Kubernetes Service clusterIP. whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the The Kubernetes Service itself does load-balance to the pods.
pods. By default, NativeLB is false. By default, NativeLB is false.
type: boolean type: boolean
passHostHeader: passHostHeader:
description: PassHostHeader defines whether the client Host description: |-
header is forwarded to the upstream Kubernetes Service. PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true. By default, passHostHeader is true.
type: boolean type: boolean
percent: percent:
description: 'Percent defines the part of the traffic to description: |-
mirror. Supported values: 0 to 100.' Percent defines the part of the traffic to mirror.
Supported values: 0 to 100.
type: integer type: integer
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port. This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseForwarding: responseForwarding:
@ -102,30 +112,29 @@ spec:
client. client.
properties: properties:
flushInterval: flushInterval:
description: 'FlushInterval defines the interval, in description: |-
milliseconds, in between flushes to the client while FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
copying the response body. A negative value means A negative value means to flush immediately after each write to the client.
to flush immediately after each write to the client. This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
This configuration is ignored when ReverseProxy recognizes for such responses, writes are flushed to the client immediately.
a response as a streaming response; for such responses, Default: 100ms
writes are flushed to the client immediately. Default:
100ms'
type: string type: string
type: object type: object
scheme: scheme:
description: Scheme defines the scheme to use for the request description: |-
to the upstream Kubernetes Service. It defaults to https Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
when Kubernetes Service port is 443, http otherwise. It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string type: string
serversTransport: serversTransport:
description: ServersTransport defines the name of ServersTransport description: |-
resource to use. It allows to configure the transport ServersTransport defines the name of ServersTransport resource to use.
between Traefik and your servers. Can only be used on It allows to configure the transport between Traefik and your servers.
a Kubernetes Service. Can only be used on a Kubernetes Service.
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: |-
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -138,8 +147,9 @@ spec:
description: Name defines the Cookie name. description: Name defines the Cookie name.
type: string type: string
sameSite: sameSite:
description: 'SameSite defines the same site policy. description: |-
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string type: string
secure: secure:
description: Secure defines whether the cookie can description: Secure defines whether the cookie can
@ -149,13 +159,13 @@ spec:
type: object type: object
type: object type: object
strategy: strategy:
description: Strategy defines the load balancing strategy description: |-
between the servers. RoundRobin is the only supported Strategy defines the load balancing strategy between the servers.
value at the moment. RoundRobin is the only supported value at the moment.
type: string type: string
weight: weight:
description: Weight defines the weight and should only be description: |-
specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
type: integer type: integer
required: required:
@ -163,60 +173,62 @@ spec:
type: object type: object
type: array type: array
name: name:
description: Name defines the name of the referenced Kubernetes description: |-
Service or TraefikService. The differentiation between the two Name defines the name of the referenced Kubernetes Service or TraefikService.
is specified in the Kind field. The differentiation between the two is specified in the Kind field.
type: string type: string
namespace: namespace:
description: Namespace defines the namespace of the referenced description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService. Kubernetes Service or TraefikService.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs or if the NativeLB controls, when creating the load-balancer,
only child is the Kubernetes Service clusterIP. The Kubernetes whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
Service itself does load-balance to the pods. By default, NativeLB The Kubernetes Service itself does load-balance to the pods.
is false. By default, NativeLB is false.
type: boolean type: boolean
passHostHeader: passHostHeader:
description: PassHostHeader defines whether the client Host header description: |-
is forwarded to the upstream Kubernetes Service. By default, PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
passHostHeader is true. By default, passHostHeader is true.
type: boolean type: boolean
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. This description: |-
can be a reference to a named port. Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseForwarding: responseForwarding:
description: ResponseForwarding defines how Traefik forwards the description: ResponseForwarding defines how Traefik forwards the
response from the upstream Kubernetes Service to the client. response from the upstream Kubernetes Service to the client.
properties: properties:
flushInterval: flushInterval:
description: 'FlushInterval defines the interval, in milliseconds, description: |-
in between flushes to the client while copying the response FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
body. A negative value means to flush immediately after A negative value means to flush immediately after each write to the client.
each write to the client. This configuration is ignored This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
when ReverseProxy recognizes a response as a streaming response;
for such responses, writes are flushed to the client immediately. for such responses, writes are flushed to the client immediately.
Default: 100ms' Default: 100ms
type: string type: string
type: object type: object
scheme: scheme:
description: Scheme defines the scheme to use for the request description: |-
to the upstream Kubernetes Service. It defaults to https when Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
Kubernetes Service port is 443, http otherwise. It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string type: string
serversTransport: serversTransport:
description: ServersTransport defines the name of ServersTransport description: |-
resource to use. It allows to configure the transport between ServersTransport defines the name of ServersTransport resource to use.
Traefik and your servers. Can only be used on a Kubernetes Service. It allows to configure the transport between Traefik and your servers.
Can only be used on a Kubernetes Service.
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: |-
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -229,8 +241,9 @@ spec:
description: Name defines the Cookie name. description: Name defines the Cookie name.
type: string type: string
sameSite: sameSite:
description: 'SameSite defines the same site policy. More description: |-
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string type: string
secure: secure:
description: Secure defines whether the cookie can only description: Secure defines whether the cookie can only
@ -239,13 +252,14 @@ spec:
type: object type: object
type: object type: object
strategy: strategy:
description: Strategy defines the load balancing strategy between description: |-
the servers. RoundRobin is the only supported value at the moment. Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
type: string type: string
weight: weight:
description: Weight defines the weight and should only be specified description: |-
when Name references a TraefikService object (and to be precise, Weight defines the weight and should only be specified when Name references a TraefikService object
one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
type: integer type: integer
required: required:
- name - name
@ -267,31 +281,32 @@ spec:
- TraefikService - TraefikService
type: string type: string
name: name:
description: Name defines the name of the referenced Kubernetes description: |-
Service or TraefikService. The differentiation between Name defines the name of the referenced Kubernetes Service or TraefikService.
the two is specified in the Kind field. The differentiation between the two is specified in the Kind field.
type: string type: string
namespace: namespace:
description: Namespace defines the namespace of the referenced description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService. Kubernetes Service or TraefikService.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs or NativeLB controls, when creating the load-balancer,
if the only child is the Kubernetes Service clusterIP. whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the The Kubernetes Service itself does load-balance to the pods.
pods. By default, NativeLB is false. By default, NativeLB is false.
type: boolean type: boolean
passHostHeader: passHostHeader:
description: PassHostHeader defines whether the client Host description: |-
header is forwarded to the upstream Kubernetes Service. PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true. By default, passHostHeader is true.
type: boolean type: boolean
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port. This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseForwarding: responseForwarding:
@ -300,30 +315,29 @@ spec:
client. client.
properties: properties:
flushInterval: flushInterval:
description: 'FlushInterval defines the interval, in description: |-
milliseconds, in between flushes to the client while FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
copying the response body. A negative value means A negative value means to flush immediately after each write to the client.
to flush immediately after each write to the client. This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
This configuration is ignored when ReverseProxy recognizes for such responses, writes are flushed to the client immediately.
a response as a streaming response; for such responses, Default: 100ms
writes are flushed to the client immediately. Default:
100ms'
type: string type: string
type: object type: object
scheme: scheme:
description: Scheme defines the scheme to use for the request description: |-
to the upstream Kubernetes Service. It defaults to https Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
when Kubernetes Service port is 443, http otherwise. It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string type: string
serversTransport: serversTransport:
description: ServersTransport defines the name of ServersTransport description: |-
resource to use. It allows to configure the transport ServersTransport defines the name of ServersTransport resource to use.
between Traefik and your servers. Can only be used on It allows to configure the transport between Traefik and your servers.
a Kubernetes Service. Can only be used on a Kubernetes Service.
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: |-
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -336,8 +350,9 @@ spec:
description: Name defines the Cookie name. description: Name defines the Cookie name.
type: string type: string
sameSite: sameSite:
description: 'SameSite defines the same site policy. description: |-
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string type: string
secure: secure:
description: Secure defines whether the cookie can description: Secure defines whether the cookie can
@ -347,13 +362,13 @@ spec:
type: object type: object
type: object type: object
strategy: strategy:
description: Strategy defines the load balancing strategy description: |-
between the servers. RoundRobin is the only supported Strategy defines the load balancing strategy between the servers.
value at the moment. RoundRobin is the only supported value at the moment.
type: string type: string
weight: weight:
description: Weight defines the weight and should only be description: |-
specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
type: integer type: integer
required: required:
@ -361,8 +376,9 @@ spec:
type: object type: object
type: array type: array
sticky: sticky:
description: 'Sticky defines whether sticky sessions are enabled. description: |-
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -375,8 +391,9 @@ spec:
description: Name defines the Cookie name. description: Name defines the Cookie name.
type: string type: string
sameSite: sameSite:
description: 'SameSite defines the same site policy. More description: |-
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string type: string
secure: secure:
description: Secure defines whether the cookie can only description: Secure defines whether the cookie can only

176
docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: ingressroutes.traefik.io name: ingressroutes.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -20,14 +20,19 @@ spec:
description: IngressRoute is the CRD implementation of a Traefik HTTP Router. description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -35,10 +40,11 @@ spec:
description: IngressRouteSpec defines the desired state of IngressRoute. description: IngressRouteSpec defines the desired state of IngressRoute.
properties: properties:
entryPoints: entryPoints:
description: 'EntryPoints defines the list of entry point names to description: |-
bind to. Entry points have to be configured in the static configuration. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
Default: all.' Default: all.
items: items:
type: string type: string
type: array type: array
@ -48,17 +54,21 @@ spec:
description: Route holds the HTTP route configuration. description: Route holds the HTTP route configuration.
properties: properties:
kind: kind:
description: Kind defines the kind of the route. Rule is the description: |-
only supported kind. Kind defines the kind of the route.
Rule is the only supported kind.
enum: enum:
- Rule - Rule
type: string type: string
match: match:
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule' description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule
type: string type: string
middlewares: middlewares:
description: 'Middlewares defines the list of references to description: |-
Middleware resources. More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware' Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware
items: items:
description: MiddlewareRef is a reference to a Middleware description: MiddlewareRef is a reference to a Middleware
resource. resource.
@ -76,13 +86,14 @@ spec:
type: object type: object
type: array type: array
priority: priority:
description: 'Priority defines the router''s priority. More description: |-
info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority' Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority
type: integer type: integer
services: services:
description: Services defines the list of Service. It can contain description: |-
any combination of TraefikService and/or reference to a Kubernetes Services defines the list of Service.
Service. It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
items: items:
description: Service defines an upstream HTTP service to proxy description: Service defines an upstream HTTP service to proxy
traffic to. traffic to.
@ -94,31 +105,32 @@ spec:
- TraefikService - TraefikService
type: string type: string
name: name:
description: Name defines the name of the referenced Kubernetes description: |-
Service or TraefikService. The differentiation between Name defines the name of the referenced Kubernetes Service or TraefikService.
the two is specified in the Kind field. The differentiation between the two is specified in the Kind field.
type: string type: string
namespace: namespace:
description: Namespace defines the namespace of the referenced description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService. Kubernetes Service or TraefikService.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs NativeLB controls, when creating the load-balancer,
or if the only child is the Kubernetes Service clusterIP. whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the The Kubernetes Service itself does load-balance to the pods.
pods. By default, NativeLB is false. By default, NativeLB is false.
type: boolean type: boolean
passHostHeader: passHostHeader:
description: PassHostHeader defines whether the client description: |-
Host header is forwarded to the upstream Kubernetes PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
Service. By default, passHostHeader is true. By default, passHostHeader is true.
type: boolean type: boolean
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port. This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseForwarding: responseForwarding:
@ -127,30 +139,29 @@ spec:
the client. the client.
properties: properties:
flushInterval: flushInterval:
description: 'FlushInterval defines the interval, description: |-
in milliseconds, in between flushes to the client FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
while copying the response body. A negative value A negative value means to flush immediately after each write to the client.
means to flush immediately after each write to the This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
client. This configuration is ignored when ReverseProxy for such responses, writes are flushed to the client immediately.
recognizes a response as a streaming response; for Default: 100ms
such responses, writes are flushed to the client
immediately. Default: 100ms'
type: string type: string
type: object type: object
scheme: scheme:
description: Scheme defines the scheme to use for the description: |-
request to the upstream Kubernetes Service. It defaults Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
to https when Kubernetes Service port is 443, http otherwise. It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string type: string
serversTransport: serversTransport:
description: ServersTransport defines the name of ServersTransport description: |-
resource to use. It allows to configure the transport ServersTransport defines the name of ServersTransport resource to use.
between Traefik and your servers. Can only be used on It allows to configure the transport between Traefik and your servers.
a Kubernetes Service. Can only be used on a Kubernetes Service.
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: |-
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -164,8 +175,9 @@ spec:
description: Name defines the Cookie name. description: Name defines the Cookie name.
type: string type: string
sameSite: sameSite:
description: 'SameSite defines the same site policy. description: |-
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string type: string
secure: secure:
description: Secure defines whether the cookie description: Secure defines whether the cookie
@ -175,15 +187,14 @@ spec:
type: object type: object
type: object type: object
strategy: strategy:
description: Strategy defines the load balancing strategy description: |-
between the servers. RoundRobin is the only supported Strategy defines the load balancing strategy between the servers.
value at the moment. RoundRobin is the only supported value at the moment.
type: string type: string
weight: weight:
description: Weight defines the weight and should only description: |-
be specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round (and to be precise, one that embeds a Weighted Round Robin).
Robin).
type: integer type: integer
required: required:
- name - name
@ -195,16 +206,20 @@ spec:
type: object type: object
type: array type: array
tls: tls:
description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls' description: |-
TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls
properties: properties:
certResolver: certResolver:
description: 'CertResolver defines the name of the certificate description: |-
resolver to use. Cert resolvers have to be configured in the CertResolver defines the name of the certificate resolver to use.
static configuration. More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers' Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers
type: string type: string
domains: domains:
description: 'Domains defines the list of domains that will be description: |-
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains' Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@ -220,17 +235,20 @@ spec:
type: object type: object
type: array type: array
options: options:
description: 'Options defines the reference to a TLSOption, that description: |-
specifies the parameters of the TLS connection. If not defined, Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options' If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
properties: properties:
name: name:
description: 'Name defines the name of the referenced TLSOption. description: |-
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption' Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption
type: string type: string
namespace: namespace:
description: 'Namespace defines the namespace of the referenced description: |-
TLSOption. More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption' Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption
type: string type: string
required: required:
- name - name
@ -240,17 +258,19 @@ spec:
Secret to specify the certificate details. Secret to specify the certificate details.
type: string type: string
store: store:
description: Store defines the reference to the TLSStore, that description: |-
will be used to store certificates. Please note that only `default` Store defines the reference to the TLSStore, that will be used to store certificates.
TLSStore can be used. Please note that only `default` TLSStore can be used.
properties: properties:
name: name:
description: 'Name defines the name of the referenced TLSStore. description: |-
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore' Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore
type: string type: string
namespace: namespace:
description: 'Namespace defines the namespace of the referenced description: |-
TLSStore. More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore' Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore
type: string type: string
required: required:
- name - name

96
docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: ingressroutetcps.traefik.io name: ingressroutetcps.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -20,14 +20,19 @@ spec:
description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -35,10 +40,11 @@ spec:
description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
properties: properties:
entryPoints: entryPoints:
description: 'EntryPoints defines the list of entry point names to description: |-
bind to. Entry points have to be configured in the static configuration. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
Default: all.' Default: all.
items: items:
type: string type: string
type: array type: array
@ -48,7 +54,9 @@ spec:
description: RouteTCP holds the TCP route configuration. description: RouteTCP holds the TCP route configuration.
properties: properties:
match: match:
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1' description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1
type: string type: string
middlewares: middlewares:
description: Middlewares defines the list of references to MiddlewareTCP description: Middlewares defines the list of references to MiddlewareTCP
@ -70,8 +78,9 @@ spec:
type: object type: object
type: array type: array
priority: priority:
description: 'Priority defines the router''s priority. More description: |-
info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1' Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1
type: integer type: integer
services: services:
description: Services defines the list of TCP services. description: Services defines the list of TCP services.
@ -88,22 +97,24 @@ spec:
Kubernetes Service. Kubernetes Service.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs NativeLB controls, when creating the load-balancer,
or if the only child is the Kubernetes Service clusterIP. whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the The Kubernetes Service itself does load-balance to the pods.
pods. By default, NativeLB is false. By default, NativeLB is false.
type: boolean type: boolean
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port. This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
proxyProtocol: proxyProtocol:
description: 'ProxyProtocol defines the PROXY protocol description: |-
configuration. More info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol' ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol
properties: properties:
version: version:
description: Version defines the PROXY Protocol version description: Version defines the PROXY Protocol version
@ -111,13 +122,12 @@ spec:
type: integer type: integer
type: object type: object
terminationDelay: terminationDelay:
description: TerminationDelay defines the deadline that description: |-
the proxy sets, after one of its connected peers indicates TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates
it has closed the writing capability of its connection, it has closed the writing capability of its connection, to close the reading capability as well,
to close the reading capability as well, hence fully hence fully terminating the connection.
terminating the connection. It is a duration in milliseconds, It is a duration in milliseconds, defaulting to 100.
defaulting to 100. A negative value means an infinite A negative value means an infinite deadline (i.e. the reading capability is never closed).
deadline (i.e. the reading capability is never closed).
type: integer type: integer
weight: weight:
description: Weight defines the weight used when balancing description: Weight defines the weight used when balancing
@ -133,17 +143,20 @@ spec:
type: object type: object
type: array type: array
tls: tls:
description: 'TLS defines the TLS configuration on a layer 4 / TCP description: |-
Route. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1' TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1
properties: properties:
certResolver: certResolver:
description: 'CertResolver defines the name of the certificate description: |-
resolver to use. Cert resolvers have to be configured in the CertResolver defines the name of the certificate resolver to use.
static configuration. More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers' Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers
type: string type: string
domains: domains:
description: 'Domains defines the list of domains that will be description: |-
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains' Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@ -159,9 +172,10 @@ spec:
type: object type: object
type: array type: array
options: options:
description: 'Options defines the reference to a TLSOption, that description: |-
specifies the parameters of the TLS connection. If not defined, Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options' If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
properties: properties:
name: name:
description: Name defines the name of the referenced Traefik description: Name defines the name of the referenced Traefik
@ -183,9 +197,9 @@ spec:
Secret to specify the certificate details. Secret to specify the certificate details.
type: string type: string
store: store:
description: Store defines the reference to the TLSStore, that description: |-
will be used to store certificates. Please note that only `default` Store defines the reference to the TLSStore, that will be used to store certificates.
TLSStore can be used. Please note that only `default` TLSStore can be used.
properties: properties:
name: name:
description: Name defines the name of the referenced Traefik description: Name defines the name of the referenced Traefik

39
docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: ingressrouteudps.traefik.io name: ingressrouteudps.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -20,14 +20,19 @@ spec:
description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -35,10 +40,11 @@ spec:
description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
properties: properties:
entryPoints: entryPoints:
description: 'EntryPoints defines the list of entry point names to description: |-
bind to. Entry points have to be configured in the static configuration. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
Default: all.' Default: all.
items: items:
type: string type: string
type: array type: array
@ -62,17 +68,18 @@ spec:
Kubernetes Service. Kubernetes Service.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs NativeLB controls, when creating the load-balancer,
or if the only child is the Kubernetes Service clusterIP. whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the The Kubernetes Service itself does load-balance to the pods.
pods. By default, NativeLB is false. By default, NativeLB is false.
type: boolean type: boolean
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port. This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
weight: weight:

505
docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: middlewares.traefik.io name: middlewares.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -17,18 +17,24 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'Middleware is the CRD implementation of a Traefik Middleware. description: |-
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/' Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -36,33 +42,37 @@ spec:
description: MiddlewareSpec defines the desired state of a Middleware. description: MiddlewareSpec defines the desired state of a Middleware.
properties: properties:
addPrefix: addPrefix:
description: 'AddPrefix holds the add prefix middleware configuration. description: |-
This middleware updates the path of a request before forwarding AddPrefix holds the add prefix middleware configuration.
it. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/' This middleware updates the path of a request before forwarding it.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/
properties: properties:
prefix: prefix:
description: Prefix is the string to add before the current path description: |-
in the requested URL. It should include a leading slash (/). Prefix is the string to add before the current path in the requested URL.
It should include a leading slash (/).
type: string type: string
type: object type: object
basicAuth: basicAuth:
description: 'BasicAuth holds the basic auth middleware configuration. description: |-
BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/' More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/
properties: properties:
headerField: headerField:
description: 'HeaderField defines a header field to store the description: |-
authenticated user. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield' HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield
type: string type: string
realm: realm:
description: 'Realm allows the protected resources on a server description: |-
to be partitioned into a set of protection spaces, each with Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
its own authentication scheme. Default: traefik.' Default: traefik.
type: string type: string
removeHeader: removeHeader:
description: 'RemoveHeader sets the removeHeader option to true description: |-
to remove the authorization header before forwarding the request RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.
to your service. Default: false.' Default: false.
type: boolean type: boolean
secret: secret:
description: Secret is the name of the referenced Kubernetes Secret description: Secret is the name of the referenced Kubernetes Secret
@ -70,48 +80,49 @@ spec:
type: string type: string
type: object type: object
buffering: buffering:
description: 'Buffering holds the buffering middleware configuration. description: |-
This middleware retries or limits the size of requests that can Buffering holds the buffering middleware configuration.
be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes' This middleware retries or limits the size of requests that can be forwarded to backends.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes
properties: properties:
maxRequestBodyBytes: maxRequestBodyBytes:
description: 'MaxRequestBodyBytes defines the maximum allowed description: |-
body size for the request (in bytes). If the request exceeds MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
the allowed size, it is not forwarded to the service, and the If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
client gets a 413 (Request Entity Too Large) response. Default: Default: 0 (no maximum).
0 (no maximum).'
format: int64 format: int64
type: integer type: integer
maxResponseBodyBytes: maxResponseBodyBytes:
description: 'MaxResponseBodyBytes defines the maximum allowed description: |-
response size from the service (in bytes). If the response exceeds MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes).
the allowed size, it is not forwarded to the client. The client If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead.
gets a 500 (Internal Server Error) response instead. Default: Default: 0 (no maximum).
0 (no maximum).'
format: int64 format: int64
type: integer type: integer
memRequestBodyBytes: memRequestBodyBytes:
description: 'MemRequestBodyBytes defines the threshold (in bytes) description: |-
from which the request will be buffered on disk instead of in MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory.
memory. Default: 1048576 (1Mi).' Default: 1048576 (1Mi).
format: int64 format: int64
type: integer type: integer
memResponseBodyBytes: memResponseBodyBytes:
description: 'MemResponseBodyBytes defines the threshold (in bytes) description: |-
from which the response will be buffered on disk instead of MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory.
in memory. Default: 1048576 (1Mi).' Default: 1048576 (1Mi).
format: int64 format: int64
type: integer type: integer
retryExpression: retryExpression:
description: 'RetryExpression defines the retry conditions. It description: |-
is a logical combination of functions with operators AND (&&) RetryExpression defines the retry conditions.
and OR (||). More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression' It is a logical combination of functions with operators AND (&&) and OR (||).
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression
type: string type: string
type: object type: object
chain: chain:
description: 'Chain holds the configuration of the chain middleware. description: |-
This middleware enables to define reusable combinations of other Chain holds the configuration of the chain middleware.
pieces of middleware. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/' This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/
properties: properties:
middlewares: middlewares:
description: Middlewares is the list of MiddlewareRef which composes description: Middlewares is the list of MiddlewareRef which composes
@ -163,9 +174,10 @@ spec:
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
type: object type: object
compress: compress:
description: 'Compress holds the compress middleware configuration. description: |-
This middleware compresses responses before sending them to the Compress holds the compress middleware configuration.
client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/' This middleware compresses responses before sending them to the client, using gzip compression.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/
properties: properties:
excludedContentTypes: excludedContentTypes:
description: ExcludedContentTypes defines the list of content description: ExcludedContentTypes defines the list of content
@ -175,40 +187,40 @@ spec:
type: string type: string
type: array type: array
minResponseBodyBytes: minResponseBodyBytes:
description: 'MinResponseBodyBytes defines the minimum amount description: |-
of bytes a response body must have to be compressed. Default: MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
1024.' Default: 1024.
type: integer type: integer
type: object type: object
contentType: contentType:
description: ContentType holds the content-type middleware configuration. description: |-
This middleware exists to enable the correct behavior until at least ContentType holds the content-type middleware configuration.
the default one can be changed in a future version. This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
properties: properties:
autoDetect: autoDetect:
description: AutoDetect specifies whether to let the `Content-Type` description: |-
header, if it has not been set by the backend, be automatically AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
set to a value derived from the contents of the response. As be automatically set to a value derived from the contents of the response.
a proxy, the default behavior should be to leave the header As a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it.
alone, regardless of what the backend did with it. However, However, the historic default was to always auto-detect and set the header if it was nil,
the historic default was to always auto-detect and set the header and it is going to be kept that way in order to support users currently relying on it.
if it was nil, and it is going to be kept that way in order
to support users currently relying on it.
type: boolean type: boolean
type: object type: object
digestAuth: digestAuth:
description: 'DigestAuth holds the digest auth middleware configuration. description: |-
DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/' More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/
properties: properties:
headerField: headerField:
description: 'HeaderField defines a header field to store the description: |-
authenticated user. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield' HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield
type: string type: string
realm: realm:
description: 'Realm allows the protected resources on a server description: |-
to be partitioned into a set of protection spaces, each with Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
its own authentication scheme. Default: traefik.' Default: traefik.
type: string type: string
removeHeader: removeHeader:
description: RemoveHeader defines whether to remove the authorization description: RemoveHeader defines whether to remove the authorization
@ -220,18 +232,20 @@ spec:
type: string type: string
type: object type: object
errors: errors:
description: 'ErrorPage holds the custom error middleware configuration. description: |-
This middleware returns a custom page in lieu of the default, according ErrorPage holds the custom error middleware configuration.
to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/' This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/
properties: properties:
query: query:
description: Query defines the URL for the error page (hosted description: |-
by service). The {status} variable can be used in order to insert Query defines the URL for the error page (hosted by service).
the status code in the URL. The {status} variable can be used in order to insert the status code in the URL.
type: string type: string
service: service:
description: 'Service defines the reference to a Kubernetes Service description: |-
that will serve the error page. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service' Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service
properties: properties:
kind: kind:
description: Kind defines the kind of the Service. description: Kind defines the kind of the Service.
@ -240,31 +254,32 @@ spec:
- TraefikService - TraefikService
type: string type: string
name: name:
description: Name defines the name of the referenced Kubernetes description: |-
Service or TraefikService. The differentiation between the Name defines the name of the referenced Kubernetes Service or TraefikService.
two is specified in the Kind field. The differentiation between the two is specified in the Kind field.
type: string type: string
namespace: namespace:
description: Namespace defines the namespace of the referenced description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService. Kubernetes Service or TraefikService.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs or if NativeLB controls, when creating the load-balancer,
the only child is the Kubernetes Service clusterIP. The whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
Kubernetes Service itself does load-balance to the pods. The Kubernetes Service itself does load-balance to the pods.
By default, NativeLB is false. By default, NativeLB is false.
type: boolean type: boolean
passHostHeader: passHostHeader:
description: PassHostHeader defines whether the client Host description: |-
header is forwarded to the upstream Kubernetes Service. PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true. By default, passHostHeader is true.
type: boolean type: boolean
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port. This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseForwarding: responseForwarding:
@ -273,29 +288,29 @@ spec:
client. client.
properties: properties:
flushInterval: flushInterval:
description: 'FlushInterval defines the interval, in milliseconds, description: |-
in between flushes to the client while copying the response FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
body. A negative value means to flush immediately after A negative value means to flush immediately after each write to the client.
each write to the client. This configuration is ignored This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
when ReverseProxy recognizes a response as a streaming for such responses, writes are flushed to the client immediately.
response; for such responses, writes are flushed to Default: 100ms
the client immediately. Default: 100ms'
type: string type: string
type: object type: object
scheme: scheme:
description: Scheme defines the scheme to use for the request description: |-
to the upstream Kubernetes Service. It defaults to https Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
when Kubernetes Service port is 443, http otherwise. It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string type: string
serversTransport: serversTransport:
description: ServersTransport defines the name of ServersTransport description: |-
resource to use. It allows to configure the transport between ServersTransport defines the name of ServersTransport resource to use.
Traefik and your servers. Can only be used on a Kubernetes It allows to configure the transport between Traefik and your servers.
Service. Can only be used on a Kubernetes Service.
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: |-
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -308,8 +323,9 @@ spec:
description: Name defines the Cookie name. description: Name defines the Cookie name.
type: string type: string
sameSite: sameSite:
description: 'SameSite defines the same site policy. description: |-
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string type: string
secure: secure:
description: Secure defines whether the cookie can description: Secure defines whether the cookie can
@ -319,40 +335,42 @@ spec:
type: object type: object
type: object type: object
strategy: strategy:
description: Strategy defines the load balancing strategy description: |-
between the servers. RoundRobin is the only supported value Strategy defines the load balancing strategy between the servers.
at the moment. RoundRobin is the only supported value at the moment.
type: string type: string
weight: weight:
description: Weight defines the weight and should only be description: |-
specified when Name references a TraefikService object (and Weight defines the weight and should only be specified when Name references a TraefikService object
to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
type: integer type: integer
required: required:
- name - name
type: object type: object
status: status:
description: Status defines which status or range of statuses description: |-
should result in an error page. It can be either a status code Status defines which status or range of statuses should result in an error page.
as a number (500), as multiple comma-separated numbers (500,502), It can be either a status code as a number (500),
as ranges by separating two codes with a dash (500-599), or as multiple comma-separated numbers (500,502),
a combination of the two (404,418,500-599). as ranges by separating two codes with a dash (500-599),
or a combination of the two (404,418,500-599).
items: items:
type: string type: string
type: array type: array
type: object type: object
forwardAuth: forwardAuth:
description: 'ForwardAuth holds the forward auth middleware configuration. description: |-
ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service. This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/' More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/
properties: properties:
address: address:
description: Address defines the authentication server address. description: Address defines the authentication server address.
type: string type: string
authRequestHeaders: authRequestHeaders:
description: AuthRequestHeaders defines the list of the headers description: |-
to copy from the request to the authentication server. If not AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
set or empty then all request headers are passed. If not set or empty then all request headers are passed.
items: items:
type: string type: string
type: array type: array
@ -364,10 +382,9 @@ spec:
type: string type: string
type: array type: array
authResponseHeadersRegex: authResponseHeadersRegex:
description: 'AuthResponseHeadersRegex defines the regex to match description: |-
headers to copy from the authentication server response and AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
set on forwarded request, after stripping all headers that match More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex
the regex. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex'
type: string type: string
tls: tls:
description: TLS defines the configuration used to secure the description: TLS defines the configuration used to secure the
@ -376,14 +393,14 @@ spec:
caOptional: caOptional:
type: boolean type: boolean
caSecret: caSecret:
description: CASecret is the name of the referenced Kubernetes description: |-
Secret containing the CA to validate the server certificate. CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate.
The CA certificate is extracted from key `tls.ca` or `ca.crt`. The CA certificate is extracted from key `tls.ca` or `ca.crt`.
type: string type: string
certSecret: certSecret:
description: CertSecret is the name of the referenced Kubernetes description: |-
Secret containing the client certificate. The client certificate CertSecret is the name of the referenced Kubernetes Secret containing the client certificate.
is extracted from the keys `tls.crt` and `tls.key`. The client certificate is extracted from the keys `tls.crt` and `tls.key`.
type: string type: string
insecureSkipVerify: insecureSkipVerify:
description: InsecureSkipVerify defines whether the server description: InsecureSkipVerify defines whether the server
@ -396,9 +413,10 @@ spec:
type: boolean type: boolean
type: object type: object
headers: headers:
description: 'Headers holds the headers middleware configuration. description: |-
This middleware manages the requests and responses headers. More Headers holds the headers middleware configuration.
info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders' This middleware manages the requests and responses headers.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders
properties: properties:
accessControlAllowCredentials: accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the description: AccessControlAllowCredentials defines whether the
@ -463,12 +481,14 @@ spec:
header with the nosniff value. header with the nosniff value.
type: boolean type: boolean
customBrowserXSSValue: customBrowserXSSValue:
description: CustomBrowserXSSValue defines the X-XSS-Protection description: |-
header value. This overrides the BrowserXssFilter option. CustomBrowserXSSValue defines the X-XSS-Protection header value.
This overrides the BrowserXssFilter option.
type: string type: string
customFrameOptionsValue: customFrameOptionsValue:
description: CustomFrameOptionsValue defines the X-Frame-Options description: |-
header value. This overrides the FrameDeny option. CustomFrameOptionsValue defines the X-Frame-Options header value.
This overrides the FrameDeny option.
type: string type: string
customRequestHeaders: customRequestHeaders:
additionalProperties: additionalProperties:
@ -500,25 +520,25 @@ spec:
type: string type: string
type: array type: array
isDevelopment: isDevelopment:
description: IsDevelopment defines whether to mitigate the unwanted description: |-
effects of the AllowedHosts, SSL, and STS options when developing. IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing.
Usually testing takes place using HTTP, not HTTPS, and on localhost, Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain.
not your production domain. If you would like your development If you would like your development environment to mimic production with complete Host blocking, SSL redirects,
environment to mimic production with complete Host blocking, and STS headers, leave this as false.
SSL redirects, and STS headers, leave this as false.
type: boolean type: boolean
permissionsPolicy: permissionsPolicy:
description: PermissionsPolicy defines the Permissions-Policy description: |-
header value. This allows sites to control browser features. PermissionsPolicy defines the Permissions-Policy header value.
This allows sites to control browser features.
type: string type: string
publicKey: publicKey:
description: PublicKey is the public key that implements HPKP description: PublicKey is the public key that implements HPKP
to prevent MITM attacks with forged certificates. to prevent MITM attacks with forged certificates.
type: string type: string
referrerPolicy: referrerPolicy:
description: ReferrerPolicy defines the Referrer-Policy header description: |-
value. This allows sites to control whether browsers forward ReferrerPolicy defines the Referrer-Policy header value.
the Referer header to other sites. This allows sites to control whether browsers forward the Referer header to other sites.
type: string type: string
sslForceHost: sslForceHost:
description: 'Deprecated: use RedirectRegex instead.' description: 'Deprecated: use RedirectRegex instead.'
@ -529,10 +549,9 @@ spec:
sslProxyHeaders: sslProxyHeaders:
additionalProperties: additionalProperties:
type: string type: string
description: 'SSLProxyHeaders defines the header keys with associated description: |-
values that would indicate a valid HTTPS request. It can be SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
useful when using other proxies (example: "X-Forwarded-Proto": It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
"https").'
type: object type: object
sslRedirect: sslRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme description: 'Deprecated: use EntryPoint redirection or RedirectScheme
@ -551,33 +570,35 @@ spec:
to the Strict-Transport-Security header. to the Strict-Transport-Security header.
type: boolean type: boolean
stsSeconds: stsSeconds:
description: STSSeconds defines the max-age of the Strict-Transport-Security description: |-
header. If set to 0, the header is not set. STSSeconds defines the max-age of the Strict-Transport-Security header.
If set to 0, the header is not set.
format: int64 format: int64
type: integer type: integer
type: object type: object
inFlightReq: inFlightReq:
description: 'InFlightReq holds the in-flight request middleware configuration. description: |-
This middleware limits the number of requests being processed and InFlightReq holds the in-flight request middleware configuration.
served concurrently. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/' This middleware limits the number of requests being processed and served concurrently.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/
properties: properties:
amount: amount:
description: Amount defines the maximum amount of allowed simultaneous description: |-
in-flight request. The middleware responds with HTTP 429 Too Amount defines the maximum amount of allowed simultaneous in-flight request.
Many Requests if there are already amount requests in progress The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
(based on the same sourceCriterion strategy).
format: int64 format: int64
type: integer type: integer
sourceCriterion: sourceCriterion:
description: 'SourceCriterion defines what criterion is used to description: |-
group requests as originating from a common source. If several SourceCriterion defines what criterion is used to group requests as originating from a common source.
strategies are defined at the same time, an error will be raised. If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost. More If none are set, the default is to use the requestHost.
info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion' More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: |-
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy' IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -603,13 +624,15 @@ spec:
type: object type: object
type: object type: object
ipAllowList: ipAllowList:
description: 'IPAllowList holds the IP allowlist middleware configuration. description: |-
IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/' More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration used description: |-
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy' IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -631,14 +654,16 @@ spec:
type: array type: array
type: object type: object
ipWhiteList: ipWhiteList:
description: 'IPWhiteList holds the IP whitelist middleware configuration. description: |-
IPWhiteList holds the IP whitelist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/ More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
Deprecated: please use IPAllowList instead.' Deprecated: please use IPAllowList instead.
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration used description: |-
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy' IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -660,9 +685,10 @@ spec:
type: array type: array
type: object type: object
passTLSClientCert: passTLSClientCert:
description: 'PassTLSClientCert holds the pass TLS client cert middleware description: |-
configuration. This middleware adds the selected data from the passed PassTLSClientCert holds the pass TLS client cert middleware configuration.
client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/' This middleware adds the selected data from the passed client TLS certificate to a header.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/
properties: properties:
info: info:
description: Info selects the specific client certificate details description: Info selects the specific client certificate details
@ -763,46 +789,48 @@ spec:
plugin: plugin:
additionalProperties: additionalProperties:
x-kubernetes-preserve-unknown-fields: true x-kubernetes-preserve-unknown-fields: true
description: 'Plugin defines the middleware plugin configuration. description: |-
More info: https://doc.traefik.io/traefik/plugins/' Plugin defines the middleware plugin configuration.
More info: https://doc.traefik.io/traefik/plugins/
type: object type: object
rateLimit: rateLimit:
description: 'RateLimit holds the rate limit configuration. This middleware description: |-
ensures that services will receive a fair amount of requests, and RateLimit holds the rate limit configuration.
allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/' This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/
properties: properties:
average: average:
description: Average is the maximum rate, by default in requests/s, description: |-
allowed for the given source. It defaults to 0, which means Average is the maximum rate, by default in requests/s, allowed for the given source.
no rate limiting. The rate is actually defined by dividing Average It defaults to 0, which means no rate limiting.
by Period. So for a rate below 1req/s, one needs to define a The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
Period larger than a second. one needs to define a Period larger than a second.
format: int64 format: int64
type: integer type: integer
burst: burst:
description: Burst is the maximum number of requests allowed to description: |-
arrive in the same arbitrarily small period of time. It defaults Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
to 1. It defaults to 1.
format: int64 format: int64
type: integer type: integer
period: period:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: 'Period, in combination with Average, defines the description: |-
actual maximum rate, such as: r = Average / Period. It defaults Period, in combination with Average, defines the actual maximum rate, such as:
to a second.' r = Average / Period. It defaults to a second.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
sourceCriterion: sourceCriterion:
description: SourceCriterion defines what criterion is used to description: |-
group requests as originating from a common source. If several SourceCriterion defines what criterion is used to group requests as originating from a common source.
strategies are defined at the same time, an error will be raised. If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the request's remote If none are set, the default is to use the request's remote address field (as an ipStrategy).
address field (as an ipStrategy).
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: |-
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy' IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -828,9 +856,10 @@ spec:
type: object type: object
type: object type: object
redirectRegex: redirectRegex:
description: 'RedirectRegex holds the redirect regex middleware configuration. description: |-
RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement. This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex' More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@ -846,9 +875,10 @@ spec:
type: string type: string
type: object type: object
redirectScheme: redirectScheme:
description: 'RedirectScheme holds the redirect scheme middleware description: |-
configuration. This middleware redirects requests from a scheme/port RedirectScheme holds the redirect scheme middleware configuration.
to another. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/' This middleware redirects requests from a scheme/port to another.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@ -862,9 +892,10 @@ spec:
type: string type: string
type: object type: object
replacePath: replacePath:
description: 'ReplacePath holds the replace path middleware configuration. description: |-
This middleware replaces the path of the request URL and store the ReplacePath holds the replace path middleware configuration.
original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/' This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/
properties: properties:
path: path:
description: Path defines the path to use as replacement in the description: Path defines the path to use as replacement in the
@ -872,9 +903,10 @@ spec:
type: string type: string
type: object type: object
replacePathRegex: replacePathRegex:
description: 'ReplacePathRegex holds the replace path regex middleware description: |-
configuration. This middleware replaces the path of a URL using ReplacePathRegex holds the replace path regex middleware configuration.
regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/' This middleware replaces the path of a URL using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/
properties: properties:
regex: regex:
description: Regex defines the regular expression used to match description: Regex defines the regular expression used to match
@ -886,11 +918,11 @@ spec:
type: string type: string
type: object type: object
retry: retry:
description: 'Retry holds the retry middleware configuration. This description: |-
middleware reissues requests a given number of times to a backend Retry holds the retry middleware configuration.
server if that server does not reply. As soon as the server answers, This middleware reissues requests a given number of times to a backend server if that server does not reply.
the middleware stops retrying, regardless of the response status. As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/' More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/
properties: properties:
attempts: attempts:
description: Attempts defines how many times the request should description: Attempts defines how many times the request should
@ -900,22 +932,24 @@ spec:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: InitialInterval defines the first wait time in the description: |-
exponential backoff series. The maximum interval is calculated InitialInterval defines the first wait time in the exponential backoff series.
as twice the initialInterval. If unspecified, requests will The maximum interval is calculated as twice the initialInterval.
be retried immediately. The value of initialInterval should If unspecified, requests will be retried immediately.
be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. The value of initialInterval should be provided in seconds or as a valid duration format,
see https://pkg.go.dev/time#ParseDuration.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
type: object type: object
stripPrefix: stripPrefix:
description: 'StripPrefix holds the strip prefix middleware configuration. description: |-
StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path. This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/' More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/
properties: properties:
forceSlash: forceSlash:
description: 'ForceSlash ensures that the resulting stripped path description: |-
is not the empty string, by replacing it with / when necessary. ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
Default: true.' Default: true.
type: boolean type: boolean
prefixes: prefixes:
description: Prefixes defines the prefixes to strip from the request description: Prefixes defines the prefixes to strip from the request
@ -925,9 +959,10 @@ spec:
type: array type: array
type: object type: object
stripPrefixRegex: stripPrefixRegex:
description: 'StripPrefixRegex holds the strip prefix regex middleware description: |-
configuration. This middleware removes the matching prefixes from StripPrefixRegex holds the strip prefix regex middleware configuration.
the URL path. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/' This middleware removes the matching prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/
properties: properties:
regex: regex:
description: Regex defines the regular expression to match the description: Regex defines the regular expression to match the

45
docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: middlewaretcps.traefik.io name: middlewaretcps.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -17,18 +17,24 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. description: |-
More info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/' MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -39,16 +45,17 @@ spec:
description: InFlightConn defines the InFlightConn middleware configuration. description: InFlightConn defines the InFlightConn middleware configuration.
properties: properties:
amount: amount:
description: Amount defines the maximum amount of allowed simultaneous description: |-
connections. The middleware closes the connection if there are Amount defines the maximum amount of allowed simultaneous connections.
already amount connections opened. The middleware closes the connection if there are already amount connections opened.
format: int64 format: int64
type: integer type: integer
type: object type: object
ipAllowList: ipAllowList:
description: 'IPAllowList defines the IPAllowList middleware configuration. description: |-
This middleware accepts/refuses connections based on the client IPAllowList defines the IPAllowList middleware configuration.
IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/' This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of
@ -58,9 +65,11 @@ spec:
type: array type: array
type: object type: object
ipWhiteList: ipWhiteList:
description: 'IPWhiteList defines the IPWhiteList middleware configuration. description: |-
This middleware accepts/refuses connections based on the client IPWhiteList defines the IPWhiteList middleware configuration.
IP. Deprecated: please use IPAllowList instead. More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/' This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of

24
docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: serverstransports.traefik.io name: serverstransports.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -17,20 +17,26 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'ServersTransport is the CRD implementation of a ServersTransport. description: |-
ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used. If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration. The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1' More info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object

61
docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: tlsoptions.traefik.io name: tlsoptions.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -17,19 +17,24 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'TLSOption is the CRD implementation of a Traefik TLS Option, description: |-
allowing to configure some parameters of the TLS connection. More info: TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options' More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -37,15 +42,16 @@ spec:
description: TLSOptionSpec defines the desired state of a TLSOption. description: TLSOptionSpec defines the desired state of a TLSOption.
properties: properties:
alpnProtocols: alpnProtocols:
description: 'ALPNProtocols defines the list of supported application description: |-
level protocols for the TLS handshake, in order of preference. More ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols' More info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols
items: items:
type: string type: string
type: array type: array
cipherSuites: cipherSuites:
description: 'CipherSuites defines the list of supported cipher suites description: |-
for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites' CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites
items: items:
type: string type: string
type: array type: array
@ -71,26 +77,29 @@ spec:
type: array type: array
type: object type: object
curvePreferences: curvePreferences:
description: 'CurvePreferences defines the preferred elliptic curves description: |-
in a specific order. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences' CurvePreferences defines the preferred elliptic curves in a specific order.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences
items: items:
type: string type: string
type: array type: array
maxVersion: maxVersion:
description: 'MaxVersion defines the maximum TLS version that Traefik description: |-
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, MaxVersion defines the maximum TLS version that Traefik will accept.
VersionTLS13. Default: None.' Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
Default: None.
type: string type: string
minVersion: minVersion:
description: 'MinVersion defines the minimum TLS version that Traefik description: |-
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, MinVersion defines the minimum TLS version that Traefik will accept.
VersionTLS13. Default: VersionTLS10.' Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
Default: VersionTLS10.
type: string type: string
preferServerCipherSuites: preferServerCipherSuites:
description: 'PreferServerCipherSuites defines whether the server description: |-
chooses a cipher suite among his own instead of among the client''s. PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
It is enabled automatically when minVersion or maxVersion is set. It is enabled automatically when minVersion or maxVersion is set.
Deprecated: https://github.com/golang/go/issues/45430' Deprecated: https://github.com/golang/go/issues/45430
type: boolean type: boolean
sniStrict: sniStrict:
description: SniStrict defines whether Traefik allows connections description: SniStrict defines whether Traefik allows connections

28
docs/content/reference/dynamic-configuration/traefik.io_tlsstores.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: tlsstores.traefik.io name: tlsstores.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -17,20 +17,26 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For description: |-
the time being, only the TLSStore named default is supported. This means TLSStore is the CRD implementation of a Traefik TLS Store.
that you cannot have two stores that are named default in different Kubernetes For the time being, only the TLSStore named default is supported.
namespaces. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#certificates-stores' This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#certificates-stores
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object

265
docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.13.0 controller-gen.kubebuilder.io/version: v0.14.0
name: traefikservices.traefik.io name: traefikservices.traefik.io
spec: spec:
group: traefik.io group: traefik.io
@ -17,19 +17,27 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'TraefikService is the CRD implementation of a Traefik Service. description: |-
TraefikService object allows to: - Apply weight to Services on load-balancing TraefikService is the CRD implementation of a Traefik Service.
- Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-traefikservice' TraefikService object allows to:
- Apply weight to Services on load-balancing
- Mirror traffic on services
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-traefikservice
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
@ -46,10 +54,10 @@ spec:
- TraefikService - TraefikService
type: string type: string
maxBodySize: maxBodySize:
description: MaxBodySize defines the maximum size allowed for description: |-
the body of the request. If the body is larger, the request MaxBodySize defines the maximum size allowed for the body of the request.
is not mirrored. Default value is -1, which means unlimited If the body is larger, the request is not mirrored.
size. Default value is -1, which means unlimited size.
format: int64 format: int64
type: integer type: integer
mirrors: mirrors:
@ -65,35 +73,37 @@ spec:
- TraefikService - TraefikService
type: string type: string
name: name:
description: Name defines the name of the referenced Kubernetes description: |-
Service or TraefikService. The differentiation between Name defines the name of the referenced Kubernetes Service or TraefikService.
the two is specified in the Kind field. The differentiation between the two is specified in the Kind field.
type: string type: string
namespace: namespace:
description: Namespace defines the namespace of the referenced description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService. Kubernetes Service or TraefikService.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs or NativeLB controls, when creating the load-balancer,
if the only child is the Kubernetes Service clusterIP. whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the The Kubernetes Service itself does load-balance to the pods.
pods. By default, NativeLB is false. By default, NativeLB is false.
type: boolean type: boolean
passHostHeader: passHostHeader:
description: PassHostHeader defines whether the client Host description: |-
header is forwarded to the upstream Kubernetes Service. PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true. By default, passHostHeader is true.
type: boolean type: boolean
percent: percent:
description: 'Percent defines the part of the traffic to description: |-
mirror. Supported values: 0 to 100.' Percent defines the part of the traffic to mirror.
Supported values: 0 to 100.
type: integer type: integer
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port. This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseForwarding: responseForwarding:
@ -102,30 +112,29 @@ spec:
client. client.
properties: properties:
flushInterval: flushInterval:
description: 'FlushInterval defines the interval, in description: |-
milliseconds, in between flushes to the client while FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
copying the response body. A negative value means A negative value means to flush immediately after each write to the client.
to flush immediately after each write to the client. This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
This configuration is ignored when ReverseProxy recognizes for such responses, writes are flushed to the client immediately.
a response as a streaming response; for such responses, Default: 100ms
writes are flushed to the client immediately. Default:
100ms'
type: string type: string
type: object type: object
scheme: scheme:
description: Scheme defines the scheme to use for the request description: |-
to the upstream Kubernetes Service. It defaults to https Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
when Kubernetes Service port is 443, http otherwise. It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string type: string
serversTransport: serversTransport:
description: ServersTransport defines the name of ServersTransport description: |-
resource to use. It allows to configure the transport ServersTransport defines the name of ServersTransport resource to use.
between Traefik and your servers. Can only be used on It allows to configure the transport between Traefik and your servers.
a Kubernetes Service. Can only be used on a Kubernetes Service.
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: |-
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -138,8 +147,9 @@ spec:
description: Name defines the Cookie name. description: Name defines the Cookie name.
type: string type: string
sameSite: sameSite:
description: 'SameSite defines the same site policy. description: |-
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string type: string
secure: secure:
description: Secure defines whether the cookie can description: Secure defines whether the cookie can
@ -149,13 +159,13 @@ spec:
type: object type: object
type: object type: object
strategy: strategy:
description: Strategy defines the load balancing strategy description: |-
between the servers. RoundRobin is the only supported Strategy defines the load balancing strategy between the servers.
value at the moment. RoundRobin is the only supported value at the moment.
type: string type: string
weight: weight:
description: Weight defines the weight and should only be description: |-
specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
type: integer type: integer
required: required:
@ -163,60 +173,62 @@ spec:
type: object type: object
type: array type: array
name: name:
description: Name defines the name of the referenced Kubernetes description: |-
Service or TraefikService. The differentiation between the two Name defines the name of the referenced Kubernetes Service or TraefikService.
is specified in the Kind field. The differentiation between the two is specified in the Kind field.
type: string type: string
namespace: namespace:
description: Namespace defines the namespace of the referenced description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService. Kubernetes Service or TraefikService.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs or if the NativeLB controls, when creating the load-balancer,
only child is the Kubernetes Service clusterIP. The Kubernetes whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
Service itself does load-balance to the pods. By default, NativeLB The Kubernetes Service itself does load-balance to the pods.
is false. By default, NativeLB is false.
type: boolean type: boolean
passHostHeader: passHostHeader:
description: PassHostHeader defines whether the client Host header description: |-
is forwarded to the upstream Kubernetes Service. By default, PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
passHostHeader is true. By default, passHostHeader is true.
type: boolean type: boolean
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. This description: |-
can be a reference to a named port. Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseForwarding: responseForwarding:
description: ResponseForwarding defines how Traefik forwards the description: ResponseForwarding defines how Traefik forwards the
response from the upstream Kubernetes Service to the client. response from the upstream Kubernetes Service to the client.
properties: properties:
flushInterval: flushInterval:
description: 'FlushInterval defines the interval, in milliseconds, description: |-
in between flushes to the client while copying the response FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
body. A negative value means to flush immediately after A negative value means to flush immediately after each write to the client.
each write to the client. This configuration is ignored This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
when ReverseProxy recognizes a response as a streaming response;
for such responses, writes are flushed to the client immediately. for such responses, writes are flushed to the client immediately.
Default: 100ms' Default: 100ms
type: string type: string
type: object type: object
scheme: scheme:
description: Scheme defines the scheme to use for the request description: |-
to the upstream Kubernetes Service. It defaults to https when Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
Kubernetes Service port is 443, http otherwise. It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string type: string
serversTransport: serversTransport:
description: ServersTransport defines the name of ServersTransport description: |-
resource to use. It allows to configure the transport between ServersTransport defines the name of ServersTransport resource to use.
Traefik and your servers. Can only be used on a Kubernetes Service. It allows to configure the transport between Traefik and your servers.
Can only be used on a Kubernetes Service.
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: |-
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -229,8 +241,9 @@ spec:
description: Name defines the Cookie name. description: Name defines the Cookie name.
type: string type: string
sameSite: sameSite:
description: 'SameSite defines the same site policy. More description: |-
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string type: string
secure: secure:
description: Secure defines whether the cookie can only description: Secure defines whether the cookie can only
@ -239,13 +252,14 @@ spec:
type: object type: object
type: object type: object
strategy: strategy:
description: Strategy defines the load balancing strategy between description: |-
the servers. RoundRobin is the only supported value at the moment. Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
type: string type: string
weight: weight:
description: Weight defines the weight and should only be specified description: |-
when Name references a TraefikService object (and to be precise, Weight defines the weight and should only be specified when Name references a TraefikService object
one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
type: integer type: integer
required: required:
- name - name
@ -267,31 +281,32 @@ spec:
- TraefikService - TraefikService
type: string type: string
name: name:
description: Name defines the name of the referenced Kubernetes description: |-
Service or TraefikService. The differentiation between Name defines the name of the referenced Kubernetes Service or TraefikService.
the two is specified in the Kind field. The differentiation between the two is specified in the Kind field.
type: string type: string
namespace: namespace:
description: Namespace defines the namespace of the referenced description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService. Kubernetes Service or TraefikService.
type: string type: string
nativeLB: nativeLB:
description: NativeLB controls, when creating the load-balancer, description: |-
whether the LB's children are directly the pods IPs or NativeLB controls, when creating the load-balancer,
if the only child is the Kubernetes Service clusterIP. whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the The Kubernetes Service itself does load-balance to the pods.
pods. By default, NativeLB is false. By default, NativeLB is false.
type: boolean type: boolean
passHostHeader: passHostHeader:
description: PassHostHeader defines whether the client Host description: |-
header is forwarded to the upstream Kubernetes Service. PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true. By default, passHostHeader is true.
type: boolean type: boolean
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Port defines the port of a Kubernetes Service. description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port. This can be a reference to a named port.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseForwarding: responseForwarding:
@ -300,30 +315,29 @@ spec:
client. client.
properties: properties:
flushInterval: flushInterval:
description: 'FlushInterval defines the interval, in description: |-
milliseconds, in between flushes to the client while FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
copying the response body. A negative value means A negative value means to flush immediately after each write to the client.
to flush immediately after each write to the client. This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
This configuration is ignored when ReverseProxy recognizes for such responses, writes are flushed to the client immediately.
a response as a streaming response; for such responses, Default: 100ms
writes are flushed to the client immediately. Default:
100ms'
type: string type: string
type: object type: object
scheme: scheme:
description: Scheme defines the scheme to use for the request description: |-
to the upstream Kubernetes Service. It defaults to https Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
when Kubernetes Service port is 443, http otherwise. It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string type: string
serversTransport: serversTransport:
description: ServersTransport defines the name of ServersTransport description: |-
resource to use. It allows to configure the transport ServersTransport defines the name of ServersTransport resource to use.
between Traefik and your servers. Can only be used on It allows to configure the transport between Traefik and your servers.
a Kubernetes Service. Can only be used on a Kubernetes Service.
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: |-
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -336,8 +350,9 @@ spec:
description: Name defines the Cookie name. description: Name defines the Cookie name.
type: string type: string
sameSite: sameSite:
description: 'SameSite defines the same site policy. description: |-
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string type: string
secure: secure:
description: Secure defines whether the cookie can description: Secure defines whether the cookie can
@ -347,13 +362,13 @@ spec:
type: object type: object
type: object type: object
strategy: strategy:
description: Strategy defines the load balancing strategy description: |-
between the servers. RoundRobin is the only supported Strategy defines the load balancing strategy between the servers.
value at the moment. RoundRobin is the only supported value at the moment.
type: string type: string
weight: weight:
description: Weight defines the weight and should only be description: |-
specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
type: integer type: integer
required: required:
@ -361,8 +376,9 @@ spec:
type: object type: object
type: array type: array
sticky: sticky:
description: 'Sticky defines whether sticky sessions are enabled. description: |-
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -375,8 +391,9 @@ spec:
description: Name defines the Cookie name. description: Name defines the Cookie name.
type: string type: string
sameSite: sameSite:
description: 'SameSite defines the same site policy. More description: |-
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string type: string
secure: secure:
description: Secure defines whether the cookie can only description: Secure defines whether the cookie can only

2
go.mod
View file

@ -1,6 +1,6 @@
module github.com/traefik/traefik/v2 module github.com/traefik/traefik/v2
go 1.21 go 1.22
require ( require (
github.com/BurntSushi/toml v1.3.2 github.com/BurntSushi/toml v1.3.2

2478
integration/fixtures/k8s/01-traefik-crd.yml
View file

File diff suppressed because it is too large Load diff

3
integration/tcp_test.go
View file

@ -278,7 +278,7 @@ func (s *TCPSuite) TestWRR() {
time.Sleep(time.Second) time.Sleep(time.Second)
} }
assert.EqualValues(s.T(), call, map[string]int{"whoami-b": 3, "whoami-ab": 1}) assert.EqualValues(s.T(), map[string]int{"whoami-b": 3, "whoami-ab": 1}, call)
} }
func welcome(addr string) (string, error) { func welcome(addr string) (string, error) {
@ -380,7 +380,6 @@ func guessWhoTLSPassthrough(addr, serverName string) (string, error) {
return fmt.Errorf("tls: no valid certificate for serverName %s", serverName) return fmt.Errorf("tls: no valid certificate for serverName %s", serverName)
}, },
}) })
if err != nil { if err != nil {
return "", err return "", err
} }

2
integration/udp_test.go
View file

@ -96,7 +96,7 @@ func (s *UDPSuite) TestWRR() {
call["unknown"]++ call["unknown"]++
} }
} }
assert.EqualValues(s.T(), call, map[string]int{"whoami-a": 3, "whoami-b": 2, "whoami-c": 3}) assert.EqualValues(s.T(), map[string]int{"whoami-a": 3, "whoami-b": 2, "whoami-c": 3}, call)
close(stop) close(stop)
}() }()

4
pkg/collector/collector.go
View file

@ -20,8 +20,6 @@ import (
const collectorURL = "https://collect.traefik.io/9vxmmkcdmalbdi635d4jgc5p5rx0h7h8" const collectorURL = "https://collect.traefik.io/9vxmmkcdmalbdi635d4jgc5p5rx0h7h8"
// Collected data. // Collected data.
//
//nolint:musttag // cannot be changed for historical reasons.
type data struct { type data struct {
Version string Version string
Codename string Codename string
@ -67,7 +65,7 @@ func createBody(staticConfiguration *static.Configuration) (*bytes.Buffer, error
} }
buf := new(bytes.Buffer) buf := new(bytes.Buffer)
err = json.NewEncoder(buf).Encode(data) err = json.NewEncoder(buf).Encode(data) //nolint:musttag // cannot be changed for historical reasons.
if err != nil { if err != nil {
return nil, err return nil, err
} }

3
pkg/config/runtime/runtime_http.go
View file

@ -2,6 +2,7 @@ package runtime
import ( import (
"context" "context"
"errors"
"fmt" "fmt"
"slices" "slices"
"sort" "sort"
@ -42,7 +43,7 @@ func (c *Configuration) GetRoutersByEntryPoints(ctx context.Context, entryPoints
} }
if entryPointsCount == 0 { if entryPointsCount == 0 {
rt.AddError(fmt.Errorf("no valid entryPoint for this router"), true) rt.AddError(errors.New("no valid entryPoint for this router"), true)
logger.Error("no valid entryPoint for this router") logger.Error("no valid entryPoint for this router")
} }

3
pkg/config/runtime/runtime_tcp.go
View file

@ -2,6 +2,7 @@ package runtime
import ( import (
"context" "context"
"errors"
"fmt" "fmt"
"slices" "slices"
@ -36,7 +37,7 @@ func (c *Configuration) GetTCPRoutersByEntryPoints(ctx context.Context, entryPoi
} }
if entryPointsCount == 0 { if entryPointsCount == 0 {
rt.AddError(fmt.Errorf("no valid entryPoint for this router"), true) rt.AddError(errors.New("no valid entryPoint for this router"), true)
logger.Error("no valid entryPoint for this router") logger.Error("no valid entryPoint for this router")
} }
} }

3
pkg/config/runtime/runtime_udp.go
View file

@ -2,6 +2,7 @@ package runtime
import ( import (
"context" "context"
"errors"
"fmt" "fmt"
"slices" "slices"
@ -42,7 +43,7 @@ func (c *Configuration) GetUDPRoutersByEntryPoints(ctx context.Context, entryPoi
} }
if entryPointsCount == 0 { if entryPointsCount == 0 {
rt.AddError(fmt.Errorf("no valid entryPoint for this router"), true) rt.AddError(errors.New("no valid entryPoint for this router"), true)
logger.Error("no valid entryPoint for this router") logger.Error("no valid entryPoint for this router")
} }
} }

7
pkg/config/static/static_config.go
View file

@ -1,6 +1,7 @@
package static package static
import ( import (
"errors"
"fmt" "fmt"
stdlog "log" stdlog "log"
"strings" "strings"
@ -304,15 +305,15 @@ func (c *Configuration) ValidateConfiguration() error {
} }
if c.Providers.ConsulCatalog != nil && c.Providers.ConsulCatalog.Namespace != "" && len(c.Providers.ConsulCatalog.Namespaces) > 0 { if c.Providers.ConsulCatalog != nil && c.Providers.ConsulCatalog.Namespace != "" && len(c.Providers.ConsulCatalog.Namespaces) > 0 {
return fmt.Errorf("Consul Catalog provider cannot have both namespace and namespaces options configured") return errors.New("Consul Catalog provider cannot have both namespace and namespaces options configured")
} }
if c.Providers.Consul != nil && c.Providers.Consul.Namespace != "" && len(c.Providers.Consul.Namespaces) > 0 { if c.Providers.Consul != nil && c.Providers.Consul.Namespace != "" && len(c.Providers.Consul.Namespaces) > 0 {
return fmt.Errorf("Consul provider cannot have both namespace and namespaces options configured") return errors.New("Consul provider cannot have both namespace and namespaces options configured")
} }
if c.Providers.Nomad != nil && c.Providers.Nomad.Namespace != "" && len(c.Providers.Nomad.Namespaces) > 0 { if c.Providers.Nomad != nil && c.Providers.Nomad.Namespace != "" && len(c.Providers.Nomad.Namespaces) > 0 {
return fmt.Errorf("Nomad provider cannot have both namespace and namespaces options configured") return errors.New("Nomad provider cannot have both namespace and namespaces options configured")
} }
return nil return nil

4
pkg/middlewares/accesslog/logger_test.go
View file

@ -25,6 +25,8 @@ import (
"github.com/traefik/traefik/v2/pkg/types" "github.com/traefik/traefik/v2/pkg/types"
) )
const delta float64 = 1e-10
var ( var (
logFileNameSuffix = "/traefik/logger/test.log" logFileNameSuffix = "/traefik/logger/test.log"
testContent = "Hello, World" testContent = "Hello, World"
@ -278,7 +280,7 @@ func assertFloat64(exp float64) func(t *testing.T, actual interface{}) {
return func(t *testing.T, actual interface{}) { return func(t *testing.T, actual interface{}) {
t.Helper() t.Helper()
assert.Equal(t, exp, actual) assert.InDelta(t, exp, actual, delta)
} }
} }

4
pkg/middlewares/addprefix/add_prefix.go
View file

@ -2,7 +2,7 @@ package addprefix
import ( import (
"context" "context"
"fmt" "errors"
"net/http" "net/http"
"github.com/opentracing/opentracing-go/ext" "github.com/opentracing/opentracing-go/ext"
@ -35,7 +35,7 @@ func New(ctx context.Context, next http.Handler, config dynamic.AddPrefix, name
name: name, name: name,
} }
} else { } else {
return nil, fmt.Errorf("prefix cannot be empty") return nil, errors.New("prefix cannot be empty")
} }
return result, nil return result, nil

2
pkg/middlewares/customerrors/custom_errors_test.go
View file

@ -298,7 +298,7 @@ func TestNewResponseRecorder(t *testing.T) {
t.Parallel() t.Parallel()
rec := newCodeModifier(test.rw, 0) rec := newCodeModifier(test.rw, 0)
assert.IsType(t, rec, test.expected) assert.IsType(t, test.expected, rec)
}) })
} }
} }

2
pkg/muxer/tcp/mux.go
View file

@ -374,7 +374,7 @@ func hostSNI(tree *matchersTree, hosts ...string) error {
// hostSNIRegexp checks if the SNI Host of the connection matches the matcher host regexp. // hostSNIRegexp checks if the SNI Host of the connection matches the matcher host regexp.
func hostSNIRegexp(tree *matchersTree, templates ...string) error { func hostSNIRegexp(tree *matchersTree, templates ...string) error {
if len(templates) == 0 { if len(templates) == 0 {
return fmt.Errorf("empty value for \"HostSNIRegexp\" matcher is not allowed") return errors.New("empty value for \"HostSNIRegexp\" matcher is not allowed")
} }
var regexps []*regexp.Regexp var regexps []*regexp.Regexp

2
pkg/plugins/client.go
View file

@ -230,7 +230,7 @@ func (c *Client) Check(ctx context.Context, pName, pVersion, hash string) error
return nil return nil
} }
return fmt.Errorf("plugin integrity check failed") return errors.New("plugin integrity check failed")
} }
// Unzip unzip a plugin archive. // Unzip unzip a plugin archive.

5
pkg/provider/http/http.go
View file

@ -2,6 +2,7 @@ package http
import ( import (
"context" "context"
"errors"
"fmt" "fmt"
"hash/fnv" "hash/fnv"
"io" "io"
@ -41,11 +42,11 @@ func (p *Provider) SetDefaults() {
// Init the provider. // Init the provider.
func (p *Provider) Init() error { func (p *Provider) Init() error {
if p.Endpoint == "" { if p.Endpoint == "" {
return fmt.Errorf("non-empty endpoint is required") return errors.New("non-empty endpoint is required")
} }
if p.PollInterval <= 0 { if p.PollInterval <= 0 {
return fmt.Errorf("poll interval must be greater than 0") return errors.New("poll interval must be greater than 0")
} }
p.httpClient = &http.Client{ p.httpClient = &http.Client{

10
pkg/provider/kubernetes/crd/generated/informers/externalversions/factory.go
View file

@ -51,6 +51,7 @@ type sharedInformerFactory struct {
lock sync.Mutex lock sync.Mutex
defaultResync time.Duration defaultResync time.Duration
customResync map[reflect.Type]time.Duration customResync map[reflect.Type]time.Duration
transform cache.TransformFunc
informers map[reflect.Type]cache.SharedIndexInformer informers map[reflect.Type]cache.SharedIndexInformer
// startedInformers is used for tracking which informers have been started. // startedInformers is used for tracking which informers have been started.
@ -89,6 +90,14 @@ func WithNamespace(namespace string) SharedInformerOption {
} }
} }
// WithTransform sets a transform on all informers.
func WithTransform(transform cache.TransformFunc) SharedInformerOption {
return func(factory *sharedInformerFactory) *sharedInformerFactory {
factory.transform = transform
return factory
}
}
// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces. // NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
func NewSharedInformerFactory(client versioned.Interface, defaultResync time.Duration) SharedInformerFactory { func NewSharedInformerFactory(client versioned.Interface, defaultResync time.Duration) SharedInformerFactory {
return NewSharedInformerFactoryWithOptions(client, defaultResync) return NewSharedInformerFactoryWithOptions(client, defaultResync)
@ -193,6 +202,7 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal
} }
informer = newFunc(f.client, resyncPeriod) informer = newFunc(f.client, resyncPeriod)
informer.SetTransform(f.transform)
f.informers[informerType] = informer f.informers[informerType] = informer
return informer return informer

6
pkg/provider/kubernetes/crd/kubernetes.go
View file

@ -641,7 +641,7 @@ func createForwardAuthMiddleware(k8sClient Client, namespace string, auth *traef
return nil, nil return nil, nil
} }
if len(auth.Address) == 0 { if len(auth.Address) == 0 {
return nil, fmt.Errorf("forward authentication requires an address") return nil, errors.New("forward authentication requires an address")
} }
forwardAuth := &dynamic.ForwardAuth{ forwardAuth := &dynamic.ForwardAuth{
@ -734,7 +734,7 @@ func createBasicAuthMiddleware(client Client, namespace string, basicAuth *traef
} }
if basicAuth.Secret == "" { if basicAuth.Secret == "" {
return nil, fmt.Errorf("auth secret must be set") return nil, errors.New("auth secret must be set")
} }
secret, ok, err := client.GetSecret(namespace, basicAuth.Secret) secret, ok, err := client.GetSecret(namespace, basicAuth.Secret)
@ -781,7 +781,7 @@ func createDigestAuthMiddleware(client Client, namespace string, digestAuth *tra
} }
if digestAuth.Secret == "" { if digestAuth.Secret == "" {
return nil, fmt.Errorf("auth secret must be set") return nil, errors.New("auth secret must be set")
} }
secret, ok, err := client.GetSecret(namespace, digestAuth.Secret) secret, ok, err := client.GetSecret(namespace, digestAuth.Secret)

6
pkg/provider/kubernetes/ingress/client_test.go
View file

@ -2,7 +2,7 @@ package ingress
import ( import (
"context" "context"
"fmt" "errors"
"testing" "testing"
"time" "time"
@ -40,9 +40,9 @@ func TestTranslateNotFoundError(t *testing.T) {
}, },
{ {
desc: "not a kubernetes not found error", desc: "not a kubernetes not found error",
err: fmt.Errorf("bar error"), err: errors.New("bar error"),
expectedExists: false, expectedExists: false,
expectedError: fmt.Errorf("bar error"), expectedError: errors.New("bar error"),
}, },
} }

4
pkg/safe/routine_test.go
View file

@ -2,7 +2,7 @@ package safe
import ( import (
"context" "context"
"fmt" "errors"
"sync" "sync"
"testing" "testing"
"time" "time"
@ -146,7 +146,7 @@ func TestOperationWithRecoverPanic(t *testing.T) {
func TestOperationWithRecoverError(t *testing.T) { func TestOperationWithRecoverError(t *testing.T) {
operation := func() error { operation := func() error {
return fmt.Errorf("ERROR") return errors.New("ERROR")
} }
err := backoff.Retry(OperationWithRecover(operation), &backoff.StopBackOff{}) err := backoff.Retry(OperationWithRecover(operation), &backoff.StopBackOff{})
if err == nil { if err == nil {

4
pkg/server/configurationwatcher_test.go
View file

@ -2,7 +2,7 @@ package server
import ( import (
"context" "context"
"fmt" "errors"
"strconv" "strconv"
"sync" "sync"
"testing" "testing"
@ -30,7 +30,7 @@ func (p *mockProvider) Provide(configurationChan chan<- dynamic.Message, _ *safe
} }
if len(p.messages) == 0 { if len(p.messages) == 0 {
return fmt.Errorf("no messages available") return errors.New("no messages available")
} }
configurationChan <- p.messages[0] configurationChan <- p.messages[0]

2
pkg/server/router/tcp/router_test.go
View file

@ -171,9 +171,11 @@ func Test_Routing(t *testing.T) {
map[string]traefiktls.Store{}, map[string]traefiktls.Store{},
map[string]traefiktls.Options{ map[string]traefiktls.Options{
"default": { "default": {
MinVersion: "VersionTLS10",
MaxVersion: "VersionTLS10", MaxVersion: "VersionTLS10",
}, },
"tls10": { "tls10": {
MinVersion: "VersionTLS10",
MaxVersion: "VersionTLS10", MaxVersion: "VersionTLS10",
}, },
"tls12": { "tls12": {

3
pkg/server/server_entrypoint_tcp.go
View file

@ -381,7 +381,7 @@ func writeCloser(conn net.Conn) (tcp.WriteCloser, error) {
case *proxyproto.Conn: case *proxyproto.Conn:
underlying, ok := typedConn.TCPConn() underlying, ok := typedConn.TCPConn()
if !ok { if !ok {
return nil, fmt.Errorf("underlying connection is not a tcp connection") return nil, errors.New("underlying connection is not a tcp connection")
} }
return &writeCloserWrapper{writeCloser: underlying, Conn: typedConn}, nil return &writeCloserWrapper{writeCloser: underlying, Conn: typedConn}, nil
case *net.TCPConn: case *net.TCPConn:
@ -632,7 +632,6 @@ func createHTTPServer(ctx context.Context, ln net.Listener, configuration *stati
MaxConcurrentStreams: uint32(configuration.HTTP2.MaxConcurrentStreams), MaxConcurrentStreams: uint32(configuration.HTTP2.MaxConcurrentStreams),
NewWriteScheduler: func() http2.WriteScheduler { return http2.NewPriorityWriteScheduler(nil) }, NewWriteScheduler: func() http2.WriteScheduler { return http2.NewPriorityWriteScheduler(nil) },
}) })
if err != nil { if err != nil {
return nil, fmt.Errorf("configure HTTP/2 server: %w", err) return nil, fmt.Errorf("configure HTTP/2 server: %w", err)
} }

6
pkg/server/service/loadbalancer/wrr/wrr.go
View file

@ -4,9 +4,9 @@ import (
"container/heap" "container/heap"
"context" "context"
"errors" "errors"
"fmt"
"hash/fnv" "hash/fnv"
"net/http" "net/http"
"strconv"
"sync" "sync"
"github.com/traefik/traefik/v2/pkg/config/dynamic" "github.com/traefik/traefik/v2/pkg/config/dynamic"
@ -156,7 +156,7 @@ func (b *Balancer) nextServer() (*namedHandler, error) {
defer b.handlersMu.Unlock() defer b.handlersMu.Unlock()
if len(b.handlers) == 0 { if len(b.handlers) == 0 {
return nil, fmt.Errorf("no servers in the pool") return nil, errors.New("no servers in the pool")
} }
if len(b.status) == 0 { if len(b.status) == 0 {
return nil, errNoAvailableServer return nil, errNoAvailableServer
@ -252,5 +252,5 @@ func hash(input string) string {
// We purposely ignore the error because the implementation always returns nil. // We purposely ignore the error because the implementation always returns nil.
_, _ = hasher.Write([]byte(input)) _, _ = hasher.Write([]byte(input))
return fmt.Sprintf("%x", hasher.Sum64()) return strconv.FormatUint(hasher.Sum64(), 16)
} }

4
pkg/tcp/chain.go
View file

@ -1,7 +1,7 @@
package tcp package tcp
import ( import (
"fmt" "errors"
) )
// Constructor A constructor for a piece of TCP middleware. // Constructor A constructor for a piece of TCP middleware.
@ -29,7 +29,7 @@ func NewChain(constructors ...Constructor) Chain {
// Then adds an handler at the end of the chain. // Then adds an handler at the end of the chain.
func (c Chain) Then(h Handler) (Handler, error) { func (c Chain) Then(h Handler) (Handler, error) {
if h == nil { if h == nil {
return nil, fmt.Errorf("cannot add a nil handler to the chain") return nil, errors.New("cannot add a nil handler to the chain")
} }
for i := range c.constructors { for i := range c.constructors {

6
pkg/tcp/wrr_load_balancer.go
View file

@ -1,7 +1,7 @@
package tcp package tcp
import ( import (
"fmt" "errors"
"sync" "sync"
"github.com/traefik/traefik/v2/pkg/log" "github.com/traefik/traefik/v2/pkg/log"
@ -91,7 +91,7 @@ func gcd(a, b int) int {
func (b *WRRLoadBalancer) next() (Handler, error) { func (b *WRRLoadBalancer) next() (Handler, error) {
if len(b.servers) == 0 { if len(b.servers) == 0 {
return nil, fmt.Errorf("no servers in the pool") return nil, errors.New("no servers in the pool")
} }
// The algo below may look messy, but is actually very simple // The algo below may look messy, but is actually very simple
@ -101,7 +101,7 @@ func (b *WRRLoadBalancer) next() (Handler, error) {
// Maximum weight across all enabled servers // Maximum weight across all enabled servers
max := b.maxWeight() max := b.maxWeight()
if max == 0 { if max == 0 {
return nil, fmt.Errorf("all servers have 0 weight") return nil, errors.New("all servers have 0 weight")
} }
// GCD across all enabled servers // GCD across all enabled servers

4
pkg/tls/tlsmanager_test.go
View file

@ -333,10 +333,6 @@ func TestManager_Get_DefaultValues(t *testing.T) {
assert.Equal(t, uint16(tls.VersionTLS12), config.MinVersion) assert.Equal(t, uint16(tls.VersionTLS12), config.MinVersion)
assert.Equal(t, []string{"h2", "http/1.1", "acme-tls/1"}, config.NextProtos) assert.Equal(t, []string{"h2", "http/1.1", "acme-tls/1"}, config.NextProtos)
assert.Equal(t, []uint16{ assert.Equal(t, []uint16{
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_AES_128_GCM_SHA256, tls.TLS_AES_128_GCM_SHA256,
tls.TLS_AES_256_GCM_SHA384, tls.TLS_AES_256_GCM_SHA384,
tls.TLS_CHACHA20_POLY1305_SHA256, tls.TLS_CHACHA20_POLY1305_SHA256,

6
pkg/udp/wrr_load_balancer.go
View file

@ -1,7 +1,7 @@
package udp package udp
import ( import (
"fmt" "errors"
"sync" "sync"
"github.com/traefik/traefik/v2/pkg/log" "github.com/traefik/traefik/v2/pkg/log"
@ -91,7 +91,7 @@ func gcd(a, b int) int {
func (b *WRRLoadBalancer) next() (Handler, error) { func (b *WRRLoadBalancer) next() (Handler, error) {
if len(b.servers) == 0 { if len(b.servers) == 0 {
return nil, fmt.Errorf("no servers in the pool") return nil, errors.New("no servers in the pool")
} }
// The algorithm below may look messy, // The algorithm below may look messy,
@ -101,7 +101,7 @@ func (b *WRRLoadBalancer) next() (Handler, error) {
// Maximum weight across all enabled servers // Maximum weight across all enabled servers
max := b.maxWeight() max := b.maxWeight()
if max == 0 { if max == 0 {
return nil, fmt.Errorf("all servers have 0 weight") return nil, errors.New("all servers have 0 weight")
} }
// GCD across all enabled servers // GCD across all enabled servers

2
script/code-gen-docker.sh
View file

@ -9,7 +9,7 @@ IMAGE_NAME="kubernetes-codegen:latest"
CURRENT_DIR="$(pwd)" CURRENT_DIR="$(pwd)"
echo "Building codegen Docker image..." echo "Building codegen Docker image..."
docker build --build-arg KUBE_VERSION=v0.28.3 \ docker build --build-arg KUBE_VERSION=v0.29.1 \
--build-arg USER="${USER}" \ --build-arg USER="${USER}" \
--build-arg UID="$(id -u)" \ --build-arg UID="$(id -u)" \
--build-arg GID="$(id -g)" \ --build-arg GID="$(id -g)" \

4
script/codegen.Dockerfile
View file

@ -1,4 +1,4 @@
FROM golang:1.21 FROM golang:1.22
ARG USER=$USER ARG USER=$USER
ARG UID=$UID ARG UID=$UID
@ -13,7 +13,7 @@ RUN go install k8s.io/code-generator/cmd/client-gen@$KUBE_VERSION
RUN go install k8s.io/code-generator/cmd/lister-gen@$KUBE_VERSION RUN go install k8s.io/code-generator/cmd/lister-gen@$KUBE_VERSION
RUN go install k8s.io/code-generator/cmd/informer-gen@$KUBE_VERSION RUN go install k8s.io/code-generator/cmd/informer-gen@$KUBE_VERSION
RUN go install k8s.io/code-generator/cmd/deepcopy-gen@$KUBE_VERSION RUN go install k8s.io/code-generator/cmd/deepcopy-gen@$KUBE_VERSION
RUN go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.13.0 RUN go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0
RUN mkdir -p $GOPATH/src/k8s.io/code-generator RUN mkdir -p $GOPATH/src/k8s.io/code-generator
RUN cp -R $GOPATH/pkg/mod/k8s.io/code-generator@$KUBE_VERSION/* $GOPATH/src/k8s.io/code-generator/ RUN cp -R $GOPATH/pkg/mod/k8s.io/code-generator@$KUBE_VERSION/* $GOPATH/src/k8s.io/code-generator/