diff --git a/.golangci.yml b/.golangci.yml index 626a19225..cf35a0d8a 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -150,17 +150,10 @@ linters-settings: - github.com/jaguilar/vt100 - github.com/cucumber/godog testifylint: - enable: - - bool-compare - - compares - - empty - - error-is-as - - error-nil - - expected-actual - - float-compare - - len - - suite-extra-assert-call - - suite-thelper + disable: + - suite-dont-use-pkg + - require-error + - go-require staticcheck: checks: - all @@ -219,11 +212,12 @@ linters: issues: exclude-use-default: false - max-per-linter: 0 + max-issues-per-linter: 0 max-same-issues: 0 exclude: - 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked' - "should have a package comment, unless it's in another file for this package" + - 'fmt.Sprintf can be replaced with string addition' exclude-rules: - path: '(.+)_test.go' linters: diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index a8fc18b6f..bbbb8d239 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -19,13 +19,13 @@ global_job_config: prologue: commands: - curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin" - - sudo semgo go1.21 + - sudo semgo go1.22 - export "GOPATH=$(go env GOPATH)" - export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}" - export "PATH=${GOPATH}/bin:${PATH}" - mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin" - export GOPROXY=https://proxy.golang.org,direct - - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.55.2 + - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.56.0 - curl -sSfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin" - checkout - cache restore traefik-$(checksum go.sum) diff --git a/CHANGELOG.md b/CHANGELOG.md index d0cabd687..8f66b736f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,13 @@ +## [v2.11.0-rc2](https://github.com/traefik/traefik/tree/v2.11.0-rc2) (2024-01-24) +[All Commits](https://github.com/traefik/traefik/compare/v2.11.0-rc1...v2.11.0-rc2) + +**Bug fixes:** +- **[middleware,tcp]** Add missing TCP IPAllowList middleware constructor ([#10331](https://github.com/traefik/traefik/pull/10331) by [youkoulayley](https://github.com/youkoulayley)) +- **[nomad]** Update the Nomad API dependency to v1.7.2 ([#10327](https://github.com/traefik/traefik/pull/10327) by [jrasell](https://github.com/jrasell)) + +**Documentation:** +- Improve Concepts documentation page ([#10315](https://github.com/traefik/traefik/pull/10315) by [oliver-dvorski](https://github.com/oliver-dvorski)) + ## [v2.11.0-rc1](https://github.com/traefik/traefik/tree/v2.11.0-rc1) (2024-01-02) [All Commits](https://github.com/traefik/traefik/compare/0a7964300166d167f68d5502bc245b3b9c8842b4...v2.11.0-rc1) diff --git a/Makefile b/Makefile index 02a0a0b6d..5c9b15656 100644 --- a/Makefile +++ b/Makefile @@ -22,40 +22,41 @@ LINT_EXECUTABLES = misspell shellcheck DOCKER_BUILD_PLATFORMS ?= linux/amd64,linux/arm64 .PHONY: default +#? default: Run `make generate` and `make binary` default: generate binary -## Create the "dist" directory +#? dist: Create the "dist" directory dist: mkdir -p dist -## Build WebUI Docker image .PHONY: build-webui-image +#? build-webui-image: Build WebUI Docker image build-webui-image: docker build -t traefik-webui -f webui/Dockerfile webui -## Clean WebUI static generated assets .PHONY: clean-webui +#? clean-webui: Clean WebUI static generated assets clean-webui: rm -r webui/static mkdir -p webui/static printf 'For more information see `webui/readme.md`' > webui/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md -## Generate WebUI webui/static/index.html: $(MAKE) build-webui-image docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui npm run build:nc docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ./static .PHONY: generate-webui +#? generate-webui: Generate WebUI generate-webui: webui/static/index.html -## Generate code .PHONY: generate +#? generate: Generate code (Dynamic and Static configuration documentation reference files) generate: go generate -## Build the binary .PHONY: binary +#? binary: Build the binary binary: generate-webui dist @echo SHA: $(VERSION) $(CODENAME) $(DATE) CGO_ENABLED=0 GOGC=off GOOS=${GOOS} GOARCH=${GOARCH} go build ${FLAGS[*]} -ldflags "-s -w \ @@ -80,38 +81,39 @@ binary-windows-amd64: export BIN_NAME := traefik.exe binary-windows-amd64: @$(MAKE) binary -## Build the binary for the standard platforms (linux, darwin, windows) .PHONY: crossbinary-default +#? crossbinary-default: Build the binary for the standard platforms (linux, darwin, windows) crossbinary-default: generate generate-webui $(CURDIR)/script/crossbinary-default.sh -## Run the unit and integration tests .PHONY: test +#? test: Run the unit and integration tests test: test-unit test-integration -## Run the unit tests .PHONY: test-unit +#? test-unit: Run the unit tests test-unit: GOOS=$(GOOS) GOARCH=$(GOARCH) go test -cover "-coverprofile=cover.out" -v $(TESTFLAGS) ./pkg/... ./cmd/... -## Run the integration tests .PHONY: test-integration +#? test-integration: Run the integration tests test-integration: binary GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -test.timeout=20m -failfast -v $(TESTFLAGS) -## Run the conformance tests .PHONY: test-gateway-api-conformance +#? test-gateway-api-conformance: Run the conformance tests test-gateway-api-conformance: binary GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -v -test.run K8sConformanceSuite -k8sConformance=true $(TESTFLAGS) ## TODO: Need to be fixed to work in all situations. -## Run the conformance tests .PHONY: test-gateway-api-conformance-ci +#? test-gateway-api-conformance-ci: Run the conformance tests test-gateway-api-conformance-ci: GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -v -test.run K8sConformanceSuite -k8sConformance=true $(TESTFLAGS) -## Pull all Docker images to avoid timeout during integration tests + .PHONY: pull-images +#? pull-images: Pull all Docker images to avoid timeout during integration tests pull-images: grep --no-filename -E '^\s+image:' ./integration/resources/compose/*.yml \ | awk '{print $$2}' \ @@ -119,21 +121,21 @@ pull-images: | uniq \ | xargs -P 6 -n 1 docker pull -## Lint run golangci-lint .PHONY: lint +#? lint: Run golangci-lint lint: golangci-lint run -## Validate code and docs .PHONY: validate-files +#? validate-files: Validate code and docs validate-files: lint $(foreach exec,$(LINT_EXECUTABLES),\ $(if $(shell which $(exec)),,$(error "No $(exec) in PATH"))) $(CURDIR)/script/validate-misspell.sh $(CURDIR)/script/validate-shell-script.sh -## Validate code, docs, and vendor .PHONY: validate +#? validate: Validate code, docs, and vendor validate: lint $(foreach exec,$(EXECUTABLES),\ $(if $(shell which $(exec)),,$(error "No $(exec) in PATH"))) @@ -147,51 +149,57 @@ multi-arch-image-%: binary-linux-amd64 binary-linux-arm64 docker buildx build $(DOCKER_BUILDX_ARGS) -t traefik/traefik:$* --platform=$(DOCKER_BUILD_PLATFORMS) -f Dockerfile . -## Clean up static directory and build a Docker Traefik image .PHONY: build-image +#? build-image: Clean up static directory and build a Docker Traefik image build-image: export DOCKER_BUILDX_ARGS := --load build-image: export DOCKER_BUILD_PLATFORMS := linux/$(GOARCH) build-image: clean-webui @$(MAKE) multi-arch-image-latest -## Build a Docker Traefik image without re-building the webui when it's already built .PHONY: build-image-dirty +#? build-image-dirty: Build a Docker Traefik image without re-building the webui when it's already built build-image-dirty: export DOCKER_BUILDX_ARGS := --load build-image-dirty: export DOCKER_BUILD_PLATFORMS := linux/$(GOARCH) build-image-dirty: @$(MAKE) multi-arch-image-latest -## Build documentation site .PHONY: docs +#? docs: Build documentation site docs: make -C ./docs docs -## Serve the documentation site locally .PHONY: docs-serve +#? docs-serve: Serve the documentation site locally docs-serve: make -C ./docs docs-serve -## Pull image for doc building .PHONY: docs-pull-images +#? docs-pull-images: Pull image for doc building docs-pull-images: make -C ./docs docs-pull-images -## Generate CRD clientset and CRD manifests .PHONY: generate-crd +#? generate-crd: Generate CRD clientset and CRD manifests generate-crd: @$(CURDIR)/script/code-gen-docker.sh -## Generate code from dynamic configuration https://github.com/traefik/genconf .PHONY: generate-genconf +#? generate-genconf: Generate code from dynamic configuration github.com/traefik/genconf generate-genconf: go run ./cmd/internal/gen/ -## Create packages for the release .PHONY: release-packages +#? release-packages: Create packages for the release release-packages: generate-webui $(CURDIR)/script/release-packages.sh -## Format the Code .PHONY: fmt +#? fmt: Format the Code fmt: gofmt -s -l -w $(SRCS) + +.PHONY: help +#? help: Get more info on make commands +help: Makefile + @echo " Choose a command run in traefik:" + @sed -n 's/^#?//p' $< | column -t -s ':' | sort | sed -e 's/^/ /' diff --git a/README.md b/README.md index 26e4e5169..73decf511 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,7 @@ _(But if you'd rather configure some of your routes manually, Traefik supports t - [Docker](https://doc.traefik.io/traefik/providers/docker/) / [Swarm mode](https://doc.traefik.io/traefik/providers/docker/) - [Kubernetes](https://doc.traefik.io/traefik/providers/kubernetes-crd/) +- [ECS](https://doc.traefik.io/traefik/providers/ecs/) - [File](https://doc.traefik.io/traefik/providers/file/) ## Quickstart diff --git a/docs/content/https/acme.md b/docs/content/https/acme.md index b614beedd..f423b23db 100644 --- a/docs/content/https/acme.md +++ b/docs/content/https/acme.md @@ -313,7 +313,7 @@ For complete details, refer to your provider's _Additional configuration_ link. | [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) | | [Alibaba Cloud](https://www.alibabacloud.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/alidns) | | [all-inkl](https://all-inkl.com) | `allinkl` | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl) | -| [ArvanCloud](https://www.arvancloud.ir/en) | `arvancloud` | `ARVANCLOUD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud) | +| [ArvanCloud](https://www.arvancloud.ir/en) | `arvancloud` | `ARVANCLOUD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud) | | [Auroradns](https://www.pcextreme.com/dns-health-checks) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns) | | [Autodns](https://www.internetx.com/domains/autodns/) | `autodns` | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/autodns) | | [Azure](https://azure.microsoft.com/services/dns/) (DEPRECATED) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]` | [Additional configuration](https://go-acme.github.io/lego/dns/azure) | @@ -361,6 +361,7 @@ For complete details, refer to your provider's _Additional configuration_ link. | [Hetzner](https://hetzner.com) | `hetzner` | `HETZNER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner) | | [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) | | [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) | +| [http.net](https://www.http.net/) | `httpnet` | `HTTPNET_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/httpnet) | | [Hurricane Electric](https://dns.he.net) | `hurricane` | `HURRICANE_TOKENS` [^6] | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane) | | [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) | | [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/) | `ibmcloud` | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud) | @@ -426,6 +427,7 @@ For complete details, refer to your provider's _Additional configuration_ link. | [VK Cloud](https://mcs.mail.ru/) | `vkcloud` | `VK_CLOUD_PASSWORD`, `VK_CLOUD_PROJECT_ID`, `VK_CLOUD_USERNAME` | [Additional configuration](https://go-acme.github.io/lego/dns/vkcloud) | | [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) | | [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) | +| [Webnames](https://www.webnames.ru/) | `webnames` | `WEBNAMES_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/webnames) | | [Websupport](https://websupport.sk) | `websupport` | `WEBSUPPORT_API_KEY`, `WEBSUPPORT_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/websupport) | | [WEDOS](https://www.wedos.com) | `wedos` | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/wedos) | | [Yandex 360](https://360.yandex.ru) | `yandex360` | `YANDEX360_OAUTH_TOKEN`, `YANDEX360_ORG_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex360) | diff --git a/docs/content/migration/v2.md b/docs/content/migration/v2.md index 6db72ea76..ed38e5263 100644 --- a/docs/content/migration/v2.md +++ b/docs/content/migration/v2.md @@ -536,3 +536,30 @@ In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowL ### IPWhiteList (TCP) In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowList](../middlewares/tcp/ipallowlist.md) middleware instead. + +### TLS CipherSuites + +> By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes. +> This change can be reverted with the `tlsrsakex=1 GODEBUG` setting. +> (https://go.dev/doc/go1.22#crypto/tls) + +The _RSA key exchange_ cipher suites are way less secure than the modern ECDHE cipher suites and exposes to potential vulnerabilities like [the Marvin Attack](https://people.redhat.com/~hkario/marvin). +Decision has been made to support ECDHE cipher suites only by default. + +The following ciphers have been removed from the default list: + +- `TLS_RSA_WITH_AES_128_CBC_SHA` +- `TLS_RSA_WITH_AES_256_CBC_SHA` +- `TLS_RSA_WITH_AES_128_GCM_SHA256` +- `TLS_RSA_WITH_AES_256_GCM_SHA384` + +To enable these ciphers, please set the option `CipherSuites` in your [TLS configuration](https://doc.traefik.io/traefik/https/tls/#cipher-suites) or set the environment variable `GODEBUG=tlsrsakex=1`. + +### Minimum TLS Version + +> By default, the minimum version offered by `crypto/tls` servers is now TLS 1.2 if not specified with config.MinimumVersion, +> matching the behavior of crypto/tls clients. +> This change can be reverted with the `tls10server=1 GODEBUG` setting. +> (https://go.dev/doc/go1.22#crypto/tls) + +To enable TLS 1.0, please set the option `MinVersion` to `VersionTLS10` in your [TLS configuration](https://doc.traefik.io/traefik/https/tls/#cipher-suites) or set the environment variable `GODEBUG=tls10server=1`. diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml index 34631cbe4..a95cf1153 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: ingressroutes.traefik.io spec: group: traefik.io @@ -20,14 +20,19 @@ spec: description: IngressRoute is the CRD implementation of a Traefik HTTP Router. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -35,10 +40,11 @@ spec: description: IngressRouteSpec defines the desired state of IngressRoute. properties: entryPoints: - description: 'EntryPoints defines the list of entry point names to - bind to. Entry points have to be configured in the static configuration. + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ - Default: all.' + Default: all. items: type: string type: array @@ -48,17 +54,21 @@ spec: description: Route holds the HTTP route configuration. properties: kind: - description: Kind defines the kind of the route. Rule is the - only supported kind. + description: |- + Kind defines the kind of the route. + Rule is the only supported kind. enum: - Rule type: string match: - description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule' + description: |- + Match defines the router's rule. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule type: string middlewares: - description: 'Middlewares defines the list of references to - Middleware resources. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware' + description: |- + Middlewares defines the list of references to Middleware resources. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware items: description: MiddlewareRef is a reference to a Middleware resource. @@ -76,13 +86,14 @@ spec: type: object type: array priority: - description: 'Priority defines the router''s priority. More - info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority' + description: |- + Priority defines the router's priority. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority type: integer services: - description: Services defines the list of Service. It can contain - any combination of TraefikService and/or reference to a Kubernetes - Service. + description: |- + Services defines the list of Service. + It can contain any combination of TraefikService and/or reference to a Kubernetes Service. items: description: Service defines an upstream HTTP service to proxy traffic to. @@ -94,31 +105,32 @@ spec: - TraefikService type: string name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between - the two is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs - or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client - Host header is forwarded to the upstream Kubernetes - Service. By default, passHostHeader is true. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: @@ -127,30 +139,29 @@ spec: the client. properties: flushInterval: - description: 'FlushInterval defines the interval, - in milliseconds, in between flushes to the client - while copying the response body. A negative value - means to flush immediately after each write to the - client. This configuration is ignored when ReverseProxy - recognizes a response as a streaming response; for - such responses, writes are flushed to the client - immediately. Default: 100ms' + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the - request to the upstream Kubernetes Service. It defaults - to https when Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport - between Traefik and your servers. Can only be used on - a Kubernetes Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -161,17 +172,18 @@ spec: JavaScript. type: boolean maxAge: - description: MaxAge indicates the number of seconds - until the cookie expires. When set to a negative - number, the cookie expires immediately. When - set to zero, the cookie never expires. + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie @@ -181,23 +193,23 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported - value at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only - be specified when Name references a TraefikService object - (and to be precise, one that embeds a Weighted Round - Robin). + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). type: integer required: - name type: object type: array syntax: - description: 'Syntax defines the router''s rule syntax. More - info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax' + description: |- + Syntax defines the router's rule syntax. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax type: string required: - kind @@ -205,16 +217,20 @@ spec: type: object type: array tls: - description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls' + description: |- + TLS defines the TLS configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls properties: certResolver: - description: 'CertResolver defines the name of the certificate - resolver to use. Cert resolvers have to be configured in the - static configuration. More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers' + description: |- + CertResolver defines the name of the certificate resolver to use. + Cert resolvers have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers type: string domains: - description: 'Domains defines the list of domains that will be - used to issue certificates. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains' + description: |- + Domains defines the list of domains that will be used to issue certificates. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains items: description: Domain holds a domain name with SANs. properties: @@ -230,17 +246,20 @@ spec: type: object type: array options: - description: 'Options defines the reference to a TLSOption, that - specifies the parameters of the TLS connection. If not defined, - the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options' + description: |- + Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. + If not defined, the `default` TLSOption is used. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options properties: name: - description: 'Name defines the name of the referenced TLSOption. - More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption' + description: |- + Name defines the name of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption type: string namespace: - description: 'Namespace defines the namespace of the referenced - TLSOption. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption' + description: |- + Namespace defines the namespace of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption type: string required: - name @@ -250,17 +269,19 @@ spec: Secret to specify the certificate details. type: string store: - description: Store defines the reference to the TLSStore, that - will be used to store certificates. Please note that only `default` - TLSStore can be used. + description: |- + Store defines the reference to the TLSStore, that will be used to store certificates. + Please note that only `default` TLSStore can be used. properties: name: - description: 'Name defines the name of the referenced TLSStore. - More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore' + description: |- + Name defines the name of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore type: string namespace: - description: 'Namespace defines the namespace of the referenced - TLSStore. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore' + description: |- + Namespace defines the namespace of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore type: string required: - name @@ -280,7 +301,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: ingressroutetcps.traefik.io spec: group: traefik.io @@ -297,14 +318,19 @@ spec: description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -312,10 +338,11 @@ spec: description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. properties: entryPoints: - description: 'EntryPoints defines the list of entry point names to - bind to. Entry points have to be configured in the static configuration. + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ - Default: all.' + Default: all. items: type: string type: array @@ -325,7 +352,9 @@ spec: description: RouteTCP holds the TCP route configuration. properties: match: - description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1' + description: |- + Match defines the router's rule. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1 type: string middlewares: description: Middlewares defines the list of references to MiddlewareTCP @@ -347,8 +376,9 @@ spec: type: object type: array priority: - description: 'Priority defines the router''s priority. More - info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1' + description: |- + Priority defines the router's priority. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1 type: integer services: description: Services defines the list of TCP services. @@ -365,22 +395,24 @@ spec: Kubernetes Service. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs - or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true proxyProtocol: - description: 'ProxyProtocol defines the PROXY protocol - configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol' + description: |- + ProxyProtocol defines the PROXY protocol configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol properties: version: description: Version defines the PROXY Protocol version @@ -388,22 +420,19 @@ spec: type: integer type: object serversTransport: - description: ServersTransport defines the name of ServersTransportTCP - resource to use. It allows to configure the transport - between Traefik and your servers. Can only be used on - a Kubernetes Service. + description: |- + ServersTransport defines the name of ServersTransportTCP resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string terminationDelay: - description: 'TerminationDelay defines the deadline that - the proxy sets, after one of its connected peers indicates - it has closed the writing capability of its connection, - to close the reading capability as well, hence fully - terminating the connection. It is a duration in milliseconds, - defaulting to 100. A negative value means an infinite - deadline (i.e. the reading capability is never closed). - Deprecated: TerminationDelay is not supported APIVersion - traefik.io/v1, please use ServersTransport to configure - the TerminationDelay instead.' + description: |- + TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates + it has closed the writing capability of its connection, to close the reading capability as well, + hence fully terminating the connection. + It is a duration in milliseconds, defaulting to 100. + A negative value means an infinite deadline (i.e. the reading capability is never closed). + Deprecated: TerminationDelay is not supported APIVersion traefik.io/v1, please use ServersTransport to configure the TerminationDelay instead. type: integer tls: description: TLS determines whether to use TLS when dialing @@ -419,25 +448,29 @@ spec: type: object type: array syntax: - description: 'Syntax defines the router''s rule syntax. More - info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1' + description: |- + Syntax defines the router's rule syntax. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1 type: string required: - match type: object type: array tls: - description: 'TLS defines the TLS configuration on a layer 4 / TCP - Route. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1' + description: |- + TLS defines the TLS configuration on a layer 4 / TCP Route. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1 properties: certResolver: - description: 'CertResolver defines the name of the certificate - resolver to use. Cert resolvers have to be configured in the - static configuration. More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers' + description: |- + CertResolver defines the name of the certificate resolver to use. + Cert resolvers have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers type: string domains: - description: 'Domains defines the list of domains that will be - used to issue certificates. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains' + description: |- + Domains defines the list of domains that will be used to issue certificates. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains items: description: Domain holds a domain name with SANs. properties: @@ -453,9 +486,10 @@ spec: type: object type: array options: - description: 'Options defines the reference to a TLSOption, that - specifies the parameters of the TLS connection. If not defined, - the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options' + description: |- + Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. + If not defined, the `default` TLSOption is used. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options properties: name: description: Name defines the name of the referenced Traefik @@ -477,9 +511,9 @@ spec: Secret to specify the certificate details. type: string store: - description: Store defines the reference to the TLSStore, that - will be used to store certificates. Please note that only `default` - TLSStore can be used. + description: |- + Store defines the reference to the TLSStore, that will be used to store certificates. + Please note that only `default` TLSStore can be used. properties: name: description: Name defines the name of the referenced Traefik @@ -507,7 +541,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: ingressrouteudps.traefik.io spec: group: traefik.io @@ -524,14 +558,19 @@ spec: description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -539,10 +578,11 @@ spec: description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. properties: entryPoints: - description: 'EntryPoints defines the list of entry point names to - bind to. Entry points have to be configured in the static configuration. + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ - Default: all.' + Default: all. items: type: string type: array @@ -566,17 +606,18 @@ spec: Kubernetes Service. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs - or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true weight: @@ -604,7 +645,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: middlewares.traefik.io spec: group: traefik.io @@ -618,18 +659,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'Middleware is the CRD implementation of a Traefik Middleware. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/' + description: |- + Middleware is the CRD implementation of a Traefik Middleware. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/ properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -637,33 +684,37 @@ spec: description: MiddlewareSpec defines the desired state of a Middleware. properties: addPrefix: - description: 'AddPrefix holds the add prefix middleware configuration. - This middleware updates the path of a request before forwarding - it. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/' + description: |- + AddPrefix holds the add prefix middleware configuration. + This middleware updates the path of a request before forwarding it. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/ properties: prefix: - description: Prefix is the string to add before the current path - in the requested URL. It should include a leading slash (/). + description: |- + Prefix is the string to add before the current path in the requested URL. + It should include a leading slash (/). type: string type: object basicAuth: - description: 'BasicAuth holds the basic auth middleware configuration. + description: |- + BasicAuth holds the basic auth middleware configuration. This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/ properties: headerField: - description: 'HeaderField defines a header field to store the - authenticated user. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield' + description: |- + HeaderField defines a header field to store the authenticated user. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield type: string realm: - description: 'Realm allows the protected resources on a server - to be partitioned into a set of protection spaces, each with - its own authentication scheme. Default: traefik.' + description: |- + Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme. + Default: traefik. type: string removeHeader: - description: 'RemoveHeader sets the removeHeader option to true - to remove the authorization header before forwarding the request - to your service. Default: false.' + description: |- + RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service. + Default: false. type: boolean secret: description: Secret is the name of the referenced Kubernetes Secret @@ -671,48 +722,49 @@ spec: type: string type: object buffering: - description: 'Buffering holds the buffering middleware configuration. - This middleware retries or limits the size of requests that can - be forwarded to backends. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes' + description: |- + Buffering holds the buffering middleware configuration. + This middleware retries or limits the size of requests that can be forwarded to backends. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes properties: maxRequestBodyBytes: - description: 'MaxRequestBodyBytes defines the maximum allowed - body size for the request (in bytes). If the request exceeds - the allowed size, it is not forwarded to the service, and the - client gets a 413 (Request Entity Too Large) response. Default: - 0 (no maximum).' + description: |- + MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes). + If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response. + Default: 0 (no maximum). format: int64 type: integer maxResponseBodyBytes: - description: 'MaxResponseBodyBytes defines the maximum allowed - response size from the service (in bytes). If the response exceeds - the allowed size, it is not forwarded to the client. The client - gets a 500 (Internal Server Error) response instead. Default: - 0 (no maximum).' + description: |- + MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes). + If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead. + Default: 0 (no maximum). format: int64 type: integer memRequestBodyBytes: - description: 'MemRequestBodyBytes defines the threshold (in bytes) - from which the request will be buffered on disk instead of in - memory. Default: 1048576 (1Mi).' + description: |- + MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory. + Default: 1048576 (1Mi). format: int64 type: integer memResponseBodyBytes: - description: 'MemResponseBodyBytes defines the threshold (in bytes) - from which the response will be buffered on disk instead of - in memory. Default: 1048576 (1Mi).' + description: |- + MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory. + Default: 1048576 (1Mi). format: int64 type: integer retryExpression: - description: 'RetryExpression defines the retry conditions. It - is a logical combination of functions with operators AND (&&) - and OR (||). More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression' + description: |- + RetryExpression defines the retry conditions. + It is a logical combination of functions with operators AND (&&) and OR (||). + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression type: string type: object chain: - description: 'Chain holds the configuration of the chain middleware. - This middleware enables to define reusable combinations of other - pieces of middleware. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/' + description: |- + Chain holds the configuration of the chain middleware. + This middleware enables to define reusable combinations of other pieces of middleware. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/ properties: middlewares: description: Middlewares is the list of MiddlewareRef which composes @@ -764,15 +816,15 @@ spec: x-kubernetes-int-or-string: true type: object compress: - description: 'Compress holds the compress middleware configuration. - This middleware compresses responses before sending them to the - client, using gzip compression. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/' + description: |- + Compress holds the compress middleware configuration. + This middleware compresses responses before sending them to the client, using gzip compression. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/ properties: excludedContentTypes: - description: ExcludedContentTypes defines the list of content - types to compare the Content-Type header of the incoming requests - and responses before compressing. `application/grpc` is always - excluded. + description: |- + ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing. + `application/grpc` is always excluded. items: type: string type: array @@ -784,38 +836,38 @@ spec: type: string type: array minResponseBodyBytes: - description: 'MinResponseBodyBytes defines the minimum amount - of bytes a response body must have to be compressed. Default: - 1024.' + description: |- + MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. + Default: 1024. type: integer type: object contentType: - description: ContentType holds the content-type middleware configuration. - This middleware exists to enable the correct behavior until at least - the default one can be changed in a future version. + description: |- + ContentType holds the content-type middleware configuration. + This middleware exists to enable the correct behavior until at least the default one can be changed in a future version. properties: autoDetect: - description: 'AutoDetect specifies whether to let the `Content-Type` - header, if it has not been set by the backend, be automatically - set to a value derived from the contents of the response. Deprecated: - AutoDetect option is deprecated, Content-Type middleware is - only meant to be used to enable the content-type detection, - please remove any usage of this option.' + description: |- + AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend, + be automatically set to a value derived from the contents of the response. + Deprecated: AutoDetect option is deprecated, Content-Type middleware is only meant to be used to enable the content-type detection, please remove any usage of this option. type: boolean type: object digestAuth: - description: 'DigestAuth holds the digest auth middleware configuration. + description: |- + DigestAuth holds the digest auth middleware configuration. This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/ properties: headerField: - description: 'HeaderField defines a header field to store the - authenticated user. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield' + description: |- + HeaderField defines a header field to store the authenticated user. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield type: string realm: - description: 'Realm allows the protected resources on a server - to be partitioned into a set of protection spaces, each with - its own authentication scheme. Default: traefik.' + description: |- + Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme. + Default: traefik. type: string removeHeader: description: RemoveHeader defines whether to remove the authorization @@ -827,18 +879,20 @@ spec: type: string type: object errors: - description: 'ErrorPage holds the custom error middleware configuration. - This middleware returns a custom page in lieu of the default, according - to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/' + description: |- + ErrorPage holds the custom error middleware configuration. + This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/ properties: query: - description: Query defines the URL for the error page (hosted - by service). The {status} variable can be used in order to insert - the status code in the URL. + description: |- + Query defines the URL for the error page (hosted by service). + The {status} variable can be used in order to insert the status code in the URL. type: string service: - description: 'Service defines the reference to a Kubernetes Service - that will serve the error page. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service' + description: |- + Service defines the reference to a Kubernetes Service that will serve the error page. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service properties: kind: description: Kind defines the kind of the Service. @@ -847,31 +901,32 @@ spec: - TraefikService type: string name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between the - two is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or if - the only child is the Kubernetes Service clusterIP. The - Kubernetes Service itself does load-balance to the pods. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client Host - header is forwarded to the upstream Kubernetes Service. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. By default, passHostHeader is true. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: @@ -880,29 +935,29 @@ spec: client. properties: flushInterval: - description: 'FlushInterval defines the interval, in milliseconds, - in between flushes to the client while copying the response - body. A negative value means to flush immediately after - each write to the client. This configuration is ignored - when ReverseProxy recognizes a response as a streaming - response; for such responses, writes are flushed to - the client immediately. Default: 100ms' + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https - when Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport between - Traefik and your servers. Can only be used on a Kubernetes - Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -912,17 +967,18 @@ spec: be accessed by client-side APIs, such as JavaScript. type: boolean maxAge: - description: MaxAge indicates the number of seconds - until the cookie expires. When set to a negative - number, the cookie expires immediately. When set - to zero, the cookie never expires. + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can @@ -932,32 +988,34 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported value - at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only be - specified when Name references a TraefikService object (and - to be precise, one that embeds a Weighted Round Robin). + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). type: integer required: - name type: object status: - description: Status defines which status or range of statuses - should result in an error page. It can be either a status code - as a number (500), as multiple comma-separated numbers (500,502), - as ranges by separating two codes with a dash (500-599), or - a combination of the two (404,418,500-599). + description: |- + Status defines which status or range of statuses should result in an error page. + It can be either a status code as a number (500), + as multiple comma-separated numbers (500,502), + as ranges by separating two codes with a dash (500-599), + or a combination of the two (404,418,500-599). items: type: string type: array type: object forwardAuth: - description: 'ForwardAuth holds the forward auth middleware configuration. + description: |- + ForwardAuth holds the forward auth middleware configuration. This middleware delegates the request authentication to a Service. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/ properties: addAuthCookiesToResponse: description: AddAuthCookiesToResponse defines the list of cookies @@ -969,9 +1027,9 @@ spec: description: Address defines the authentication server address. type: string authRequestHeaders: - description: AuthRequestHeaders defines the list of the headers - to copy from the request to the authentication server. If not - set or empty then all request headers are passed. + description: |- + AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server. + If not set or empty then all request headers are passed. items: type: string type: array @@ -983,10 +1041,9 @@ spec: type: string type: array authResponseHeadersRegex: - description: 'AuthResponseHeadersRegex defines the regex to match - headers to copy from the authentication server response and - set on forwarded request, after stripping all headers that match - the regex. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex' + description: |- + AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex type: string tls: description: TLS defines the configuration used to secure the @@ -997,14 +1054,14 @@ spec: side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).' type: boolean caSecret: - description: CASecret is the name of the referenced Kubernetes - Secret containing the CA to validate the server certificate. + description: |- + CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate. The CA certificate is extracted from key `tls.ca` or `ca.crt`. type: string certSecret: - description: CertSecret is the name of the referenced Kubernetes - Secret containing the client certificate. The client certificate - is extracted from the keys `tls.crt` and `tls.key`. + description: |- + CertSecret is the name of the referenced Kubernetes Secret containing the client certificate. + The client certificate is extracted from the keys `tls.crt` and `tls.key`. type: string insecureSkipVerify: description: InsecureSkipVerify defines whether the server @@ -1017,20 +1074,23 @@ spec: type: boolean type: object grpcWeb: - description: GrpcWeb holds the gRPC web middleware configuration. + description: |- + GrpcWeb holds the gRPC web middleware configuration. This middleware converts a gRPC web request to an HTTP/2 gRPC request. properties: allowOrigins: - description: AllowOrigins is a list of allowable origins. Can - also be a wildcard origin "*". + description: |- + AllowOrigins is a list of allowable origins. + Can also be a wildcard origin "*". items: type: string type: array type: object headers: - description: 'Headers holds the headers middleware configuration. - This middleware manages the requests and responses headers. More - info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders' + description: |- + Headers holds the headers middleware configuration. + This middleware manages the requests and responses headers. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders properties: accessControlAllowCredentials: description: AccessControlAllowCredentials defines whether the @@ -1095,12 +1155,14 @@ spec: header with the nosniff value. type: boolean customBrowserXSSValue: - description: CustomBrowserXSSValue defines the X-XSS-Protection - header value. This overrides the BrowserXssFilter option. + description: |- + CustomBrowserXSSValue defines the X-XSS-Protection header value. + This overrides the BrowserXssFilter option. type: string customFrameOptionsValue: - description: CustomFrameOptionsValue defines the X-Frame-Options - header value. This overrides the FrameDeny option. + description: |- + CustomFrameOptionsValue defines the X-Frame-Options header value. + This overrides the FrameDeny option. type: string customRequestHeaders: additionalProperties: @@ -1133,25 +1195,25 @@ spec: type: string type: array isDevelopment: - description: IsDevelopment defines whether to mitigate the unwanted - effects of the AllowedHosts, SSL, and STS options when developing. - Usually testing takes place using HTTP, not HTTPS, and on localhost, - not your production domain. If you would like your development - environment to mimic production with complete Host blocking, - SSL redirects, and STS headers, leave this as false. + description: |- + IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing. + Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain. + If you would like your development environment to mimic production with complete Host blocking, SSL redirects, + and STS headers, leave this as false. type: boolean permissionsPolicy: - description: PermissionsPolicy defines the Permissions-Policy - header value. This allows sites to control browser features. + description: |- + PermissionsPolicy defines the Permissions-Policy header value. + This allows sites to control browser features. type: string publicKey: description: PublicKey is the public key that implements HPKP to prevent MITM attacks with forged certificates. type: string referrerPolicy: - description: ReferrerPolicy defines the Referrer-Policy header - value. This allows sites to control whether browsers forward - the Referer header to other sites. + description: |- + ReferrerPolicy defines the Referrer-Policy header value. + This allows sites to control whether browsers forward the Referer header to other sites. type: string sslForceHost: description: 'Deprecated: SSLForceHost option is deprecated, please @@ -1164,10 +1226,9 @@ spec: sslProxyHeaders: additionalProperties: type: string - description: 'SSLProxyHeaders defines the header keys with associated - values that would indicate a valid HTTPS request. It can be - useful when using other proxies (example: "X-Forwarded-Proto": - "https").' + description: |- + SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request. + It can be useful when using other proxies (example: "X-Forwarded-Proto": "https"). type: object sslRedirect: description: 'Deprecated: SSLRedirect option is deprecated, please @@ -1186,33 +1247,35 @@ spec: to the Strict-Transport-Security header. type: boolean stsSeconds: - description: STSSeconds defines the max-age of the Strict-Transport-Security - header. If set to 0, the header is not set. + description: |- + STSSeconds defines the max-age of the Strict-Transport-Security header. + If set to 0, the header is not set. format: int64 type: integer type: object inFlightReq: - description: 'InFlightReq holds the in-flight request middleware configuration. - This middleware limits the number of requests being processed and - served concurrently. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/' + description: |- + InFlightReq holds the in-flight request middleware configuration. + This middleware limits the number of requests being processed and served concurrently. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/ properties: amount: - description: Amount defines the maximum amount of allowed simultaneous - in-flight request. The middleware responds with HTTP 429 Too - Many Requests if there are already amount requests in progress - (based on the same sourceCriterion strategy). + description: |- + Amount defines the maximum amount of allowed simultaneous in-flight request. + The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). format: int64 type: integer sourceCriterion: - description: 'SourceCriterion defines what criterion is used to - group requests as originating from a common source. If several - strategies are defined at the same time, an error will be raised. - If none are set, the default is to use the requestHost. More - info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion' + description: |- + SourceCriterion defines what criterion is used to group requests as originating from a common source. + If several strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the requestHost. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion properties: ipStrategy: - description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy' + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1238,13 +1301,15 @@ spec: type: object type: object ipAllowList: - description: 'IPAllowList holds the IP allowlist middleware configuration. + description: |- + IPAllowList holds the IP allowlist middleware configuration. This middleware accepts / refuses requests based on the client IP. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/ properties: ipStrategy: - description: 'IPStrategy holds the IP strategy configuration used - by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy' + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1259,8 +1324,9 @@ spec: type: array type: object rejectStatusCode: - description: RejectStatusCode defines the HTTP status code used - for refused requests. If not set, the default is 403 (Forbidden). + description: |- + RejectStatusCode defines the HTTP status code used for refused requests. + If not set, the default is 403 (Forbidden). type: integer sourceRange: description: SourceRange defines the set of allowed IPs (or ranges @@ -1273,8 +1339,9 @@ spec: description: 'Deprecated: please use IPAllowList instead.' properties: ipStrategy: - description: 'IPStrategy holds the IP strategy configuration used - by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy' + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1296,9 +1363,10 @@ spec: type: array type: object passTLSClientCert: - description: 'PassTLSClientCert holds the pass TLS client cert middleware - configuration. This middleware adds the selected data from the passed - client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/' + description: |- + PassTLSClientCert holds the pass TLS client cert middleware configuration. + This middleware adds the selected data from the passed client TLS certificate to a header. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/ properties: info: description: Info selects the specific client certificate details @@ -1399,46 +1467,48 @@ spec: plugin: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Plugin defines the middleware plugin configuration. - More info: https://doc.traefik.io/traefik/plugins/' + description: |- + Plugin defines the middleware plugin configuration. + More info: https://doc.traefik.io/traefik/plugins/ type: object rateLimit: - description: 'RateLimit holds the rate limit configuration. This middleware - ensures that services will receive a fair amount of requests, and - allows one to define what fair is. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/' + description: |- + RateLimit holds the rate limit configuration. + This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/ properties: average: - description: Average is the maximum rate, by default in requests/s, - allowed for the given source. It defaults to 0, which means - no rate limiting. The rate is actually defined by dividing Average - by Period. So for a rate below 1req/s, one needs to define a - Period larger than a second. + description: |- + Average is the maximum rate, by default in requests/s, allowed for the given source. + It defaults to 0, which means no rate limiting. + The rate is actually defined by dividing Average by Period. So for a rate below 1req/s, + one needs to define a Period larger than a second. format: int64 type: integer burst: - description: Burst is the maximum number of requests allowed to - arrive in the same arbitrarily small period of time. It defaults - to 1. + description: |- + Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time. + It defaults to 1. format: int64 type: integer period: anyOf: - type: integer - type: string - description: 'Period, in combination with Average, defines the - actual maximum rate, such as: r = Average / Period. It defaults - to a second.' + description: |- + Period, in combination with Average, defines the actual maximum rate, such as: + r = Average / Period. It defaults to a second. x-kubernetes-int-or-string: true sourceCriterion: - description: SourceCriterion defines what criterion is used to - group requests as originating from a common source. If several - strategies are defined at the same time, an error will be raised. - If none are set, the default is to use the request's remote - address field (as an ipStrategy). + description: |- + SourceCriterion defines what criterion is used to group requests as originating from a common source. + If several strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the request's remote address field (as an ipStrategy). properties: ipStrategy: - description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy' + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1464,9 +1534,10 @@ spec: type: object type: object redirectRegex: - description: 'RedirectRegex holds the redirect regex middleware configuration. + description: |- + RedirectRegex holds the redirect regex middleware configuration. This middleware redirects a request using regex matching and replacement. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex properties: permanent: description: Permanent defines whether the redirection is permanent @@ -1482,9 +1553,10 @@ spec: type: string type: object redirectScheme: - description: 'RedirectScheme holds the redirect scheme middleware - configuration. This middleware redirects requests from a scheme/port - to another. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/' + description: |- + RedirectScheme holds the redirect scheme middleware configuration. + This middleware redirects requests from a scheme/port to another. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/ properties: permanent: description: Permanent defines whether the redirection is permanent @@ -1498,9 +1570,10 @@ spec: type: string type: object replacePath: - description: 'ReplacePath holds the replace path middleware configuration. - This middleware replaces the path of the request URL and store the - original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/' + description: |- + ReplacePath holds the replace path middleware configuration. + This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/ properties: path: description: Path defines the path to use as replacement in the @@ -1508,9 +1581,10 @@ spec: type: string type: object replacePathRegex: - description: 'ReplacePathRegex holds the replace path regex middleware - configuration. This middleware replaces the path of a URL using - regex matching and replacement. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/' + description: |- + ReplacePathRegex holds the replace path regex middleware configuration. + This middleware replaces the path of a URL using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/ properties: regex: description: Regex defines the regular expression used to match @@ -1522,11 +1596,11 @@ spec: type: string type: object retry: - description: 'Retry holds the retry middleware configuration. This - middleware reissues requests a given number of times to a backend - server if that server does not reply. As soon as the server answers, - the middleware stops retrying, regardless of the response status. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/' + description: |- + Retry holds the retry middleware configuration. + This middleware reissues requests a given number of times to a backend server if that server does not reply. + As soon as the server answers, the middleware stops retrying, regardless of the response status. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/ properties: attempts: description: Attempts defines how many times the request should @@ -1536,23 +1610,25 @@ spec: anyOf: - type: integer - type: string - description: InitialInterval defines the first wait time in the - exponential backoff series. The maximum interval is calculated - as twice the initialInterval. If unspecified, requests will - be retried immediately. The value of initialInterval should - be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. + description: |- + InitialInterval defines the first wait time in the exponential backoff series. + The maximum interval is calculated as twice the initialInterval. + If unspecified, requests will be retried immediately. + The value of initialInterval should be provided in seconds or as a valid duration format, + see https://pkg.go.dev/time#ParseDuration. x-kubernetes-int-or-string: true type: object stripPrefix: - description: 'StripPrefix holds the strip prefix middleware configuration. + description: |- + StripPrefix holds the strip prefix middleware configuration. This middleware removes the specified prefixes from the URL path. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/ properties: forceSlash: - description: 'Deprecated: ForceSlash option is deprecated, please - remove any usage of this option. ForceSlash ensures that the - resulting stripped path is not the empty string, by replacing - it with / when necessary. Default: true.' + description: |- + Deprecated: ForceSlash option is deprecated, please remove any usage of this option. + ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary. + Default: true. type: boolean prefixes: description: Prefixes defines the prefixes to strip from the request @@ -1562,9 +1638,10 @@ spec: type: array type: object stripPrefixRegex: - description: 'StripPrefixRegex holds the strip prefix regex middleware - configuration. This middleware removes the matching prefixes from - the URL path. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/' + description: |- + StripPrefixRegex holds the strip prefix regex middleware configuration. + This middleware removes the matching prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/ properties: regex: description: Regex defines the regular expression to match the @@ -1585,7 +1662,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: middlewaretcps.traefik.io spec: group: traefik.io @@ -1599,18 +1676,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/' + description: |- + MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/ properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1621,16 +1704,17 @@ spec: description: InFlightConn defines the InFlightConn middleware configuration. properties: amount: - description: Amount defines the maximum amount of allowed simultaneous - connections. The middleware closes the connection if there are - already amount connections opened. + description: |- + Amount defines the maximum amount of allowed simultaneous connections. + The middleware closes the connection if there are already amount connections opened. format: int64 type: integer type: object ipAllowList: - description: 'IPAllowList defines the IPAllowList middleware configuration. - This middleware accepts/refuses connections based on the client - IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/' + description: |- + IPAllowList defines the IPAllowList middleware configuration. + This middleware accepts/refuses connections based on the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/ properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of @@ -1640,9 +1724,11 @@ spec: type: array type: object ipWhiteList: - description: 'IPWhiteList defines the IPWhiteList middleware configuration. - This middleware accepts/refuses connections based on the client - IP. Deprecated: please use IPAllowList instead. More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/' + description: |- + IPWhiteList defines the IPWhiteList middleware configuration. + This middleware accepts/refuses connections based on the client IP. + Deprecated: please use IPAllowList instead. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/ properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of @@ -1663,7 +1749,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: serverstransports.traefik.io spec: group: traefik.io @@ -1677,20 +1763,26 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'ServersTransport is the CRD implementation of a ServersTransport. + description: |- + ServersTransport is the CRD implementation of a ServersTransport. If no serversTransport is specified, the default@internal will be used. The default@internal serversTransport is created from the static configuration. - More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1' + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1 properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1796,7 +1888,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: serverstransporttcps.traefik.io spec: group: traefik.io @@ -1810,20 +1902,26 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'ServersTransportTCP is the CRD implementation of a TCPServersTransport. - If no tcpServersTransport is specified, a default one named default@internal - will be used. The default@internal tcpServersTransport can be configured - in the static configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3' + description: |- + ServersTransportTCP is the CRD implementation of a TCPServersTransport. + If no tcpServersTransport is specified, a default one named default@internal will be used. + The default@internal tcpServersTransport can be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3 properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1869,9 +1967,9 @@ spec: description: InsecureSkipVerify disables TLS certificate verification. type: boolean peerCertURI: - description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) - to keep per-host. PeerCertURI defines the peer cert URI used - to match against SAN URI during the peer certificate verification. + description: |- + MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host. + PeerCertURI defines the peer cert URI used to match against SAN URI during the peer certificate verification. type: string rootCAsSecrets: description: RootCAsSecrets defines a list of CA secret used to @@ -1910,7 +2008,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: tlsoptions.traefik.io spec: group: traefik.io @@ -1924,19 +2022,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'TLSOption is the CRD implementation of a Traefik TLS Option, - allowing to configure some parameters of the TLS connection. More info: - https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options' + description: |- + TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1944,15 +2047,16 @@ spec: description: TLSOptionSpec defines the desired state of a TLSOption. properties: alpnProtocols: - description: 'ALPNProtocols defines the list of supported application - level protocols for the TLS handshake, in order of preference. More - info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols' + description: |- + ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols items: type: string type: array cipherSuites: - description: 'CipherSuites defines the list of supported cipher suites - for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites' + description: |- + CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites items: type: string type: array @@ -1978,26 +2082,29 @@ spec: type: array type: object curvePreferences: - description: 'CurvePreferences defines the preferred elliptic curves - in a specific order. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences' + description: |- + CurvePreferences defines the preferred elliptic curves in a specific order. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences items: type: string type: array maxVersion: - description: 'MaxVersion defines the maximum TLS version that Traefik - will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, - VersionTLS13. Default: None.' + description: |- + MaxVersion defines the maximum TLS version that Traefik will accept. + Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. + Default: None. type: string minVersion: - description: 'MinVersion defines the minimum TLS version that Traefik - will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, - VersionTLS13. Default: VersionTLS10.' + description: |- + MinVersion defines the minimum TLS version that Traefik will accept. + Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. + Default: VersionTLS10. type: string preferServerCipherSuites: - description: 'PreferServerCipherSuites defines whether the server - chooses a cipher suite among his own instead of among the client''s. + description: |- + PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's. It is enabled automatically when minVersion or maxVersion is set. - Deprecated: https://github.com/golang/go/issues/45430' + Deprecated: https://github.com/golang/go/issues/45430 type: boolean sniStrict: description: SniStrict defines whether Traefik allows connections @@ -2015,7 +2122,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: tlsstores.traefik.io spec: group: traefik.io @@ -2029,20 +2136,26 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For - the time being, only the TLSStore named default is supported. This means - that you cannot have two stores that are named default in different Kubernetes - namespaces. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores' + description: |- + TLSStore is the CRD implementation of a Traefik TLS Store. + For the time being, only the TLSStore named default is supported. + This means that you cannot have two stores that are named default in different Kubernetes namespaces. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2106,7 +2219,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: traefikservices.traefik.io spec: group: traefik.io @@ -2120,19 +2233,27 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'TraefikService is the CRD implementation of a Traefik Service. - TraefikService object allows to: - Apply weight to Services on load-balancing - - Mirror traffic on services More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice' + description: |- + TraefikService is the CRD implementation of a Traefik Service. + TraefikService object allows to: + - Apply weight to Services on load-balancing + - Mirror traffic on services + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2149,10 +2270,10 @@ spec: - TraefikService type: string maxBodySize: - description: MaxBodySize defines the maximum size allowed for - the body of the request. If the body is larger, the request - is not mirrored. Default value is -1, which means unlimited - size. + description: |- + MaxBodySize defines the maximum size allowed for the body of the request. + If the body is larger, the request is not mirrored. + Default value is -1, which means unlimited size. format: int64 type: integer mirrors: @@ -2168,35 +2289,37 @@ spec: - TraefikService type: string name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between - the two is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or - if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client Host - header is forwarded to the upstream Kubernetes Service. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. By default, passHostHeader is true. type: boolean percent: - description: 'Percent defines the part of the traffic to - mirror. Supported values: 0 to 100.' + description: |- + Percent defines the part of the traffic to mirror. + Supported values: 0 to 100. type: integer port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: @@ -2205,30 +2328,29 @@ spec: client. properties: flushInterval: - description: 'FlushInterval defines the interval, in - milliseconds, in between flushes to the client while - copying the response body. A negative value means - to flush immediately after each write to the client. - This configuration is ignored when ReverseProxy recognizes - a response as a streaming response; for such responses, - writes are flushed to the client immediately. Default: - 100ms' + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https - when Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport - between Traefik and your servers. Can only be used on - a Kubernetes Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -2238,17 +2360,18 @@ spec: can be accessed by client-side APIs, such as JavaScript. type: boolean maxAge: - description: MaxAge indicates the number of seconds - until the cookie expires. When set to a negative - number, the cookie expires immediately. When set - to zero, the cookie never expires. + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can @@ -2258,13 +2381,13 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported - value at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only be - specified when Name references a TraefikService object + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). type: integer required: @@ -2272,60 +2395,62 @@ spec: type: object type: array name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between the two - is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or if the - only child is the Kubernetes Service clusterIP. The Kubernetes - Service itself does load-balance to the pods. By default, NativeLB - is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client Host header - is forwarded to the upstream Kubernetes Service. By default, - passHostHeader is true. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. This - can be a reference to a named port. + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: description: ResponseForwarding defines how Traefik forwards the response from the upstream Kubernetes Service to the client. properties: flushInterval: - description: 'FlushInterval defines the interval, in milliseconds, - in between flushes to the client while copying the response - body. A negative value means to flush immediately after - each write to the client. This configuration is ignored - when ReverseProxy recognizes a response as a streaming response; + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; for such responses, writes are flushed to the client immediately. - Default: 100ms' + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https when - Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport between - Traefik and your servers. Can only be used on a Kubernetes Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -2335,17 +2460,18 @@ spec: accessed by client-side APIs, such as JavaScript. type: boolean maxAge: - description: MaxAge indicates the number of seconds until - the cookie expires. When set to a negative number, the - cookie expires immediately. When set to zero, the cookie - never expires. + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. More - info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can only @@ -2354,13 +2480,14 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy between - the servers. RoundRobin is the only supported value at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only be specified - when Name references a TraefikService object (and to be precise, - one that embeds a Weighted Round Robin). + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). type: integer required: - name @@ -2382,31 +2509,32 @@ spec: - TraefikService type: string name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between - the two is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or - if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client Host - header is forwarded to the upstream Kubernetes Service. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. By default, passHostHeader is true. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: @@ -2415,30 +2543,29 @@ spec: client. properties: flushInterval: - description: 'FlushInterval defines the interval, in - milliseconds, in between flushes to the client while - copying the response body. A negative value means - to flush immediately after each write to the client. - This configuration is ignored when ReverseProxy recognizes - a response as a streaming response; for such responses, - writes are flushed to the client immediately. Default: - 100ms' + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https - when Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport - between Traefik and your servers. Can only be used on - a Kubernetes Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -2448,17 +2575,18 @@ spec: can be accessed by client-side APIs, such as JavaScript. type: boolean maxAge: - description: MaxAge indicates the number of seconds - until the cookie expires. When set to a negative - number, the cookie expires immediately. When set - to zero, the cookie never expires. + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can @@ -2468,13 +2596,13 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported - value at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only be - specified when Name references a TraefikService object + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). type: integer required: @@ -2482,8 +2610,9 @@ spec: type: object type: array sticky: - description: 'Sticky defines whether sticky sessions are enabled. - More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' + description: |- + Sticky defines whether sticky sessions are enabled. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -2493,17 +2622,18 @@ spec: accessed by client-side APIs, such as JavaScript. type: boolean maxAge: - description: MaxAge indicates the number of seconds until - the cookie expires. When set to a negative number, the - cookie expires immediately. When set to zero, the cookie - never expires. + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. More - info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can only diff --git a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml index 8399f56fb..9031689c0 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: ingressroutes.traefik.io spec: group: traefik.io @@ -20,14 +20,19 @@ spec: description: IngressRoute is the CRD implementation of a Traefik HTTP Router. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -35,10 +40,11 @@ spec: description: IngressRouteSpec defines the desired state of IngressRoute. properties: entryPoints: - description: 'EntryPoints defines the list of entry point names to - bind to. Entry points have to be configured in the static configuration. + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ - Default: all.' + Default: all. items: type: string type: array @@ -48,17 +54,21 @@ spec: description: Route holds the HTTP route configuration. properties: kind: - description: Kind defines the kind of the route. Rule is the - only supported kind. + description: |- + Kind defines the kind of the route. + Rule is the only supported kind. enum: - Rule type: string match: - description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule' + description: |- + Match defines the router's rule. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule type: string middlewares: - description: 'Middlewares defines the list of references to - Middleware resources. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware' + description: |- + Middlewares defines the list of references to Middleware resources. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware items: description: MiddlewareRef is a reference to a Middleware resource. @@ -76,13 +86,14 @@ spec: type: object type: array priority: - description: 'Priority defines the router''s priority. More - info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority' + description: |- + Priority defines the router's priority. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority type: integer services: - description: Services defines the list of Service. It can contain - any combination of TraefikService and/or reference to a Kubernetes - Service. + description: |- + Services defines the list of Service. + It can contain any combination of TraefikService and/or reference to a Kubernetes Service. items: description: Service defines an upstream HTTP service to proxy traffic to. @@ -94,31 +105,32 @@ spec: - TraefikService type: string name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between - the two is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs - or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client - Host header is forwarded to the upstream Kubernetes - Service. By default, passHostHeader is true. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: @@ -127,30 +139,29 @@ spec: the client. properties: flushInterval: - description: 'FlushInterval defines the interval, - in milliseconds, in between flushes to the client - while copying the response body. A negative value - means to flush immediately after each write to the - client. This configuration is ignored when ReverseProxy - recognizes a response as a streaming response; for - such responses, writes are flushed to the client - immediately. Default: 100ms' + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the - request to the upstream Kubernetes Service. It defaults - to https when Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport - between Traefik and your servers. Can only be used on - a Kubernetes Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -161,17 +172,18 @@ spec: JavaScript. type: boolean maxAge: - description: MaxAge indicates the number of seconds - until the cookie expires. When set to a negative - number, the cookie expires immediately. When - set to zero, the cookie never expires. + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie @@ -181,23 +193,23 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported - value at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only - be specified when Name references a TraefikService object - (and to be precise, one that embeds a Weighted Round - Robin). + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). type: integer required: - name type: object type: array syntax: - description: 'Syntax defines the router''s rule syntax. More - info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax' + description: |- + Syntax defines the router's rule syntax. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax type: string required: - kind @@ -205,16 +217,20 @@ spec: type: object type: array tls: - description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls' + description: |- + TLS defines the TLS configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls properties: certResolver: - description: 'CertResolver defines the name of the certificate - resolver to use. Cert resolvers have to be configured in the - static configuration. More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers' + description: |- + CertResolver defines the name of the certificate resolver to use. + Cert resolvers have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers type: string domains: - description: 'Domains defines the list of domains that will be - used to issue certificates. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains' + description: |- + Domains defines the list of domains that will be used to issue certificates. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains items: description: Domain holds a domain name with SANs. properties: @@ -230,17 +246,20 @@ spec: type: object type: array options: - description: 'Options defines the reference to a TLSOption, that - specifies the parameters of the TLS connection. If not defined, - the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options' + description: |- + Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. + If not defined, the `default` TLSOption is used. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options properties: name: - description: 'Name defines the name of the referenced TLSOption. - More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption' + description: |- + Name defines the name of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption type: string namespace: - description: 'Namespace defines the namespace of the referenced - TLSOption. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption' + description: |- + Namespace defines the namespace of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption type: string required: - name @@ -250,17 +269,19 @@ spec: Secret to specify the certificate details. type: string store: - description: Store defines the reference to the TLSStore, that - will be used to store certificates. Please note that only `default` - TLSStore can be used. + description: |- + Store defines the reference to the TLSStore, that will be used to store certificates. + Please note that only `default` TLSStore can be used. properties: name: - description: 'Name defines the name of the referenced TLSStore. - More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore' + description: |- + Name defines the name of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore type: string namespace: - description: 'Namespace defines the namespace of the referenced - TLSStore. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore' + description: |- + Namespace defines the namespace of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore type: string required: - name diff --git a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml index 6a68b0b0a..930b06c04 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: ingressroutetcps.traefik.io spec: group: traefik.io @@ -20,14 +20,19 @@ spec: description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -35,10 +40,11 @@ spec: description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. properties: entryPoints: - description: 'EntryPoints defines the list of entry point names to - bind to. Entry points have to be configured in the static configuration. + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ - Default: all.' + Default: all. items: type: string type: array @@ -48,7 +54,9 @@ spec: description: RouteTCP holds the TCP route configuration. properties: match: - description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1' + description: |- + Match defines the router's rule. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1 type: string middlewares: description: Middlewares defines the list of references to MiddlewareTCP @@ -70,8 +78,9 @@ spec: type: object type: array priority: - description: 'Priority defines the router''s priority. More - info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1' + description: |- + Priority defines the router's priority. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1 type: integer services: description: Services defines the list of TCP services. @@ -88,22 +97,24 @@ spec: Kubernetes Service. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs - or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true proxyProtocol: - description: 'ProxyProtocol defines the PROXY protocol - configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol' + description: |- + ProxyProtocol defines the PROXY protocol configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol properties: version: description: Version defines the PROXY Protocol version @@ -111,22 +122,19 @@ spec: type: integer type: object serversTransport: - description: ServersTransport defines the name of ServersTransportTCP - resource to use. It allows to configure the transport - between Traefik and your servers. Can only be used on - a Kubernetes Service. + description: |- + ServersTransport defines the name of ServersTransportTCP resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string terminationDelay: - description: 'TerminationDelay defines the deadline that - the proxy sets, after one of its connected peers indicates - it has closed the writing capability of its connection, - to close the reading capability as well, hence fully - terminating the connection. It is a duration in milliseconds, - defaulting to 100. A negative value means an infinite - deadline (i.e. the reading capability is never closed). - Deprecated: TerminationDelay is not supported APIVersion - traefik.io/v1, please use ServersTransport to configure - the TerminationDelay instead.' + description: |- + TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates + it has closed the writing capability of its connection, to close the reading capability as well, + hence fully terminating the connection. + It is a duration in milliseconds, defaulting to 100. + A negative value means an infinite deadline (i.e. the reading capability is never closed). + Deprecated: TerminationDelay is not supported APIVersion traefik.io/v1, please use ServersTransport to configure the TerminationDelay instead. type: integer tls: description: TLS determines whether to use TLS when dialing @@ -142,25 +150,29 @@ spec: type: object type: array syntax: - description: 'Syntax defines the router''s rule syntax. More - info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1' + description: |- + Syntax defines the router's rule syntax. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1 type: string required: - match type: object type: array tls: - description: 'TLS defines the TLS configuration on a layer 4 / TCP - Route. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1' + description: |- + TLS defines the TLS configuration on a layer 4 / TCP Route. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1 properties: certResolver: - description: 'CertResolver defines the name of the certificate - resolver to use. Cert resolvers have to be configured in the - static configuration. More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers' + description: |- + CertResolver defines the name of the certificate resolver to use. + Cert resolvers have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers type: string domains: - description: 'Domains defines the list of domains that will be - used to issue certificates. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains' + description: |- + Domains defines the list of domains that will be used to issue certificates. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains items: description: Domain holds a domain name with SANs. properties: @@ -176,9 +188,10 @@ spec: type: object type: array options: - description: 'Options defines the reference to a TLSOption, that - specifies the parameters of the TLS connection. If not defined, - the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options' + description: |- + Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. + If not defined, the `default` TLSOption is used. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options properties: name: description: Name defines the name of the referenced Traefik @@ -200,9 +213,9 @@ spec: Secret to specify the certificate details. type: string store: - description: Store defines the reference to the TLSStore, that - will be used to store certificates. Please note that only `default` - TLSStore can be used. + description: |- + Store defines the reference to the TLSStore, that will be used to store certificates. + Please note that only `default` TLSStore can be used. properties: name: description: Name defines the name of the referenced Traefik diff --git a/docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml b/docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml index 76ead3b92..245194c62 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: ingressrouteudps.traefik.io spec: group: traefik.io @@ -20,14 +20,19 @@ spec: description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -35,10 +40,11 @@ spec: description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. properties: entryPoints: - description: 'EntryPoints defines the list of entry point names to - bind to. Entry points have to be configured in the static configuration. + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ - Default: all.' + Default: all. items: type: string type: array @@ -62,17 +68,18 @@ spec: Kubernetes Service. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs - or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true weight: diff --git a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml index 0e49f9092..4ef178a57 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: middlewares.traefik.io spec: group: traefik.io @@ -17,18 +17,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'Middleware is the CRD implementation of a Traefik Middleware. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/' + description: |- + Middleware is the CRD implementation of a Traefik Middleware. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/ properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -36,33 +42,37 @@ spec: description: MiddlewareSpec defines the desired state of a Middleware. properties: addPrefix: - description: 'AddPrefix holds the add prefix middleware configuration. - This middleware updates the path of a request before forwarding - it. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/' + description: |- + AddPrefix holds the add prefix middleware configuration. + This middleware updates the path of a request before forwarding it. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/ properties: prefix: - description: Prefix is the string to add before the current path - in the requested URL. It should include a leading slash (/). + description: |- + Prefix is the string to add before the current path in the requested URL. + It should include a leading slash (/). type: string type: object basicAuth: - description: 'BasicAuth holds the basic auth middleware configuration. + description: |- + BasicAuth holds the basic auth middleware configuration. This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/ properties: headerField: - description: 'HeaderField defines a header field to store the - authenticated user. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield' + description: |- + HeaderField defines a header field to store the authenticated user. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield type: string realm: - description: 'Realm allows the protected resources on a server - to be partitioned into a set of protection spaces, each with - its own authentication scheme. Default: traefik.' + description: |- + Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme. + Default: traefik. type: string removeHeader: - description: 'RemoveHeader sets the removeHeader option to true - to remove the authorization header before forwarding the request - to your service. Default: false.' + description: |- + RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service. + Default: false. type: boolean secret: description: Secret is the name of the referenced Kubernetes Secret @@ -70,48 +80,49 @@ spec: type: string type: object buffering: - description: 'Buffering holds the buffering middleware configuration. - This middleware retries or limits the size of requests that can - be forwarded to backends. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes' + description: |- + Buffering holds the buffering middleware configuration. + This middleware retries or limits the size of requests that can be forwarded to backends. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes properties: maxRequestBodyBytes: - description: 'MaxRequestBodyBytes defines the maximum allowed - body size for the request (in bytes). If the request exceeds - the allowed size, it is not forwarded to the service, and the - client gets a 413 (Request Entity Too Large) response. Default: - 0 (no maximum).' + description: |- + MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes). + If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response. + Default: 0 (no maximum). format: int64 type: integer maxResponseBodyBytes: - description: 'MaxResponseBodyBytes defines the maximum allowed - response size from the service (in bytes). If the response exceeds - the allowed size, it is not forwarded to the client. The client - gets a 500 (Internal Server Error) response instead. Default: - 0 (no maximum).' + description: |- + MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes). + If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead. + Default: 0 (no maximum). format: int64 type: integer memRequestBodyBytes: - description: 'MemRequestBodyBytes defines the threshold (in bytes) - from which the request will be buffered on disk instead of in - memory. Default: 1048576 (1Mi).' + description: |- + MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory. + Default: 1048576 (1Mi). format: int64 type: integer memResponseBodyBytes: - description: 'MemResponseBodyBytes defines the threshold (in bytes) - from which the response will be buffered on disk instead of - in memory. Default: 1048576 (1Mi).' + description: |- + MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory. + Default: 1048576 (1Mi). format: int64 type: integer retryExpression: - description: 'RetryExpression defines the retry conditions. It - is a logical combination of functions with operators AND (&&) - and OR (||). More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression' + description: |- + RetryExpression defines the retry conditions. + It is a logical combination of functions with operators AND (&&) and OR (||). + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression type: string type: object chain: - description: 'Chain holds the configuration of the chain middleware. - This middleware enables to define reusable combinations of other - pieces of middleware. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/' + description: |- + Chain holds the configuration of the chain middleware. + This middleware enables to define reusable combinations of other pieces of middleware. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/ properties: middlewares: description: Middlewares is the list of MiddlewareRef which composes @@ -163,15 +174,15 @@ spec: x-kubernetes-int-or-string: true type: object compress: - description: 'Compress holds the compress middleware configuration. - This middleware compresses responses before sending them to the - client, using gzip compression. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/' + description: |- + Compress holds the compress middleware configuration. + This middleware compresses responses before sending them to the client, using gzip compression. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/ properties: excludedContentTypes: - description: ExcludedContentTypes defines the list of content - types to compare the Content-Type header of the incoming requests - and responses before compressing. `application/grpc` is always - excluded. + description: |- + ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing. + `application/grpc` is always excluded. items: type: string type: array @@ -183,38 +194,38 @@ spec: type: string type: array minResponseBodyBytes: - description: 'MinResponseBodyBytes defines the minimum amount - of bytes a response body must have to be compressed. Default: - 1024.' + description: |- + MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. + Default: 1024. type: integer type: object contentType: - description: ContentType holds the content-type middleware configuration. - This middleware exists to enable the correct behavior until at least - the default one can be changed in a future version. + description: |- + ContentType holds the content-type middleware configuration. + This middleware exists to enable the correct behavior until at least the default one can be changed in a future version. properties: autoDetect: - description: 'AutoDetect specifies whether to let the `Content-Type` - header, if it has not been set by the backend, be automatically - set to a value derived from the contents of the response. Deprecated: - AutoDetect option is deprecated, Content-Type middleware is - only meant to be used to enable the content-type detection, - please remove any usage of this option.' + description: |- + AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend, + be automatically set to a value derived from the contents of the response. + Deprecated: AutoDetect option is deprecated, Content-Type middleware is only meant to be used to enable the content-type detection, please remove any usage of this option. type: boolean type: object digestAuth: - description: 'DigestAuth holds the digest auth middleware configuration. + description: |- + DigestAuth holds the digest auth middleware configuration. This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/ properties: headerField: - description: 'HeaderField defines a header field to store the - authenticated user. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield' + description: |- + HeaderField defines a header field to store the authenticated user. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield type: string realm: - description: 'Realm allows the protected resources on a server - to be partitioned into a set of protection spaces, each with - its own authentication scheme. Default: traefik.' + description: |- + Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme. + Default: traefik. type: string removeHeader: description: RemoveHeader defines whether to remove the authorization @@ -226,18 +237,20 @@ spec: type: string type: object errors: - description: 'ErrorPage holds the custom error middleware configuration. - This middleware returns a custom page in lieu of the default, according - to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/' + description: |- + ErrorPage holds the custom error middleware configuration. + This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/ properties: query: - description: Query defines the URL for the error page (hosted - by service). The {status} variable can be used in order to insert - the status code in the URL. + description: |- + Query defines the URL for the error page (hosted by service). + The {status} variable can be used in order to insert the status code in the URL. type: string service: - description: 'Service defines the reference to a Kubernetes Service - that will serve the error page. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service' + description: |- + Service defines the reference to a Kubernetes Service that will serve the error page. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service properties: kind: description: Kind defines the kind of the Service. @@ -246,31 +259,32 @@ spec: - TraefikService type: string name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between the - two is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or if - the only child is the Kubernetes Service clusterIP. The - Kubernetes Service itself does load-balance to the pods. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client Host - header is forwarded to the upstream Kubernetes Service. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. By default, passHostHeader is true. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: @@ -279,29 +293,29 @@ spec: client. properties: flushInterval: - description: 'FlushInterval defines the interval, in milliseconds, - in between flushes to the client while copying the response - body. A negative value means to flush immediately after - each write to the client. This configuration is ignored - when ReverseProxy recognizes a response as a streaming - response; for such responses, writes are flushed to - the client immediately. Default: 100ms' + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https - when Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport between - Traefik and your servers. Can only be used on a Kubernetes - Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -311,17 +325,18 @@ spec: be accessed by client-side APIs, such as JavaScript. type: boolean maxAge: - description: MaxAge indicates the number of seconds - until the cookie expires. When set to a negative - number, the cookie expires immediately. When set - to zero, the cookie never expires. + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can @@ -331,32 +346,34 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported value - at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only be - specified when Name references a TraefikService object (and - to be precise, one that embeds a Weighted Round Robin). + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). type: integer required: - name type: object status: - description: Status defines which status or range of statuses - should result in an error page. It can be either a status code - as a number (500), as multiple comma-separated numbers (500,502), - as ranges by separating two codes with a dash (500-599), or - a combination of the two (404,418,500-599). + description: |- + Status defines which status or range of statuses should result in an error page. + It can be either a status code as a number (500), + as multiple comma-separated numbers (500,502), + as ranges by separating two codes with a dash (500-599), + or a combination of the two (404,418,500-599). items: type: string type: array type: object forwardAuth: - description: 'ForwardAuth holds the forward auth middleware configuration. + description: |- + ForwardAuth holds the forward auth middleware configuration. This middleware delegates the request authentication to a Service. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/ properties: addAuthCookiesToResponse: description: AddAuthCookiesToResponse defines the list of cookies @@ -368,9 +385,9 @@ spec: description: Address defines the authentication server address. type: string authRequestHeaders: - description: AuthRequestHeaders defines the list of the headers - to copy from the request to the authentication server. If not - set or empty then all request headers are passed. + description: |- + AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server. + If not set or empty then all request headers are passed. items: type: string type: array @@ -382,10 +399,9 @@ spec: type: string type: array authResponseHeadersRegex: - description: 'AuthResponseHeadersRegex defines the regex to match - headers to copy from the authentication server response and - set on forwarded request, after stripping all headers that match - the regex. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex' + description: |- + AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex type: string tls: description: TLS defines the configuration used to secure the @@ -396,14 +412,14 @@ spec: side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).' type: boolean caSecret: - description: CASecret is the name of the referenced Kubernetes - Secret containing the CA to validate the server certificate. + description: |- + CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate. The CA certificate is extracted from key `tls.ca` or `ca.crt`. type: string certSecret: - description: CertSecret is the name of the referenced Kubernetes - Secret containing the client certificate. The client certificate - is extracted from the keys `tls.crt` and `tls.key`. + description: |- + CertSecret is the name of the referenced Kubernetes Secret containing the client certificate. + The client certificate is extracted from the keys `tls.crt` and `tls.key`. type: string insecureSkipVerify: description: InsecureSkipVerify defines whether the server @@ -416,20 +432,23 @@ spec: type: boolean type: object grpcWeb: - description: GrpcWeb holds the gRPC web middleware configuration. + description: |- + GrpcWeb holds the gRPC web middleware configuration. This middleware converts a gRPC web request to an HTTP/2 gRPC request. properties: allowOrigins: - description: AllowOrigins is a list of allowable origins. Can - also be a wildcard origin "*". + description: |- + AllowOrigins is a list of allowable origins. + Can also be a wildcard origin "*". items: type: string type: array type: object headers: - description: 'Headers holds the headers middleware configuration. - This middleware manages the requests and responses headers. More - info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders' + description: |- + Headers holds the headers middleware configuration. + This middleware manages the requests and responses headers. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders properties: accessControlAllowCredentials: description: AccessControlAllowCredentials defines whether the @@ -494,12 +513,14 @@ spec: header with the nosniff value. type: boolean customBrowserXSSValue: - description: CustomBrowserXSSValue defines the X-XSS-Protection - header value. This overrides the BrowserXssFilter option. + description: |- + CustomBrowserXSSValue defines the X-XSS-Protection header value. + This overrides the BrowserXssFilter option. type: string customFrameOptionsValue: - description: CustomFrameOptionsValue defines the X-Frame-Options - header value. This overrides the FrameDeny option. + description: |- + CustomFrameOptionsValue defines the X-Frame-Options header value. + This overrides the FrameDeny option. type: string customRequestHeaders: additionalProperties: @@ -532,25 +553,25 @@ spec: type: string type: array isDevelopment: - description: IsDevelopment defines whether to mitigate the unwanted - effects of the AllowedHosts, SSL, and STS options when developing. - Usually testing takes place using HTTP, not HTTPS, and on localhost, - not your production domain. If you would like your development - environment to mimic production with complete Host blocking, - SSL redirects, and STS headers, leave this as false. + description: |- + IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing. + Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain. + If you would like your development environment to mimic production with complete Host blocking, SSL redirects, + and STS headers, leave this as false. type: boolean permissionsPolicy: - description: PermissionsPolicy defines the Permissions-Policy - header value. This allows sites to control browser features. + description: |- + PermissionsPolicy defines the Permissions-Policy header value. + This allows sites to control browser features. type: string publicKey: description: PublicKey is the public key that implements HPKP to prevent MITM attacks with forged certificates. type: string referrerPolicy: - description: ReferrerPolicy defines the Referrer-Policy header - value. This allows sites to control whether browsers forward - the Referer header to other sites. + description: |- + ReferrerPolicy defines the Referrer-Policy header value. + This allows sites to control whether browsers forward the Referer header to other sites. type: string sslForceHost: description: 'Deprecated: SSLForceHost option is deprecated, please @@ -563,10 +584,9 @@ spec: sslProxyHeaders: additionalProperties: type: string - description: 'SSLProxyHeaders defines the header keys with associated - values that would indicate a valid HTTPS request. It can be - useful when using other proxies (example: "X-Forwarded-Proto": - "https").' + description: |- + SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request. + It can be useful when using other proxies (example: "X-Forwarded-Proto": "https"). type: object sslRedirect: description: 'Deprecated: SSLRedirect option is deprecated, please @@ -585,33 +605,35 @@ spec: to the Strict-Transport-Security header. type: boolean stsSeconds: - description: STSSeconds defines the max-age of the Strict-Transport-Security - header. If set to 0, the header is not set. + description: |- + STSSeconds defines the max-age of the Strict-Transport-Security header. + If set to 0, the header is not set. format: int64 type: integer type: object inFlightReq: - description: 'InFlightReq holds the in-flight request middleware configuration. - This middleware limits the number of requests being processed and - served concurrently. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/' + description: |- + InFlightReq holds the in-flight request middleware configuration. + This middleware limits the number of requests being processed and served concurrently. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/ properties: amount: - description: Amount defines the maximum amount of allowed simultaneous - in-flight request. The middleware responds with HTTP 429 Too - Many Requests if there are already amount requests in progress - (based on the same sourceCriterion strategy). + description: |- + Amount defines the maximum amount of allowed simultaneous in-flight request. + The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). format: int64 type: integer sourceCriterion: - description: 'SourceCriterion defines what criterion is used to - group requests as originating from a common source. If several - strategies are defined at the same time, an error will be raised. - If none are set, the default is to use the requestHost. More - info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion' + description: |- + SourceCriterion defines what criterion is used to group requests as originating from a common source. + If several strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the requestHost. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion properties: ipStrategy: - description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy' + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -637,13 +659,15 @@ spec: type: object type: object ipAllowList: - description: 'IPAllowList holds the IP allowlist middleware configuration. + description: |- + IPAllowList holds the IP allowlist middleware configuration. This middleware accepts / refuses requests based on the client IP. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/ properties: ipStrategy: - description: 'IPStrategy holds the IP strategy configuration used - by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy' + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -658,8 +682,9 @@ spec: type: array type: object rejectStatusCode: - description: RejectStatusCode defines the HTTP status code used - for refused requests. If not set, the default is 403 (Forbidden). + description: |- + RejectStatusCode defines the HTTP status code used for refused requests. + If not set, the default is 403 (Forbidden). type: integer sourceRange: description: SourceRange defines the set of allowed IPs (or ranges @@ -672,8 +697,9 @@ spec: description: 'Deprecated: please use IPAllowList instead.' properties: ipStrategy: - description: 'IPStrategy holds the IP strategy configuration used - by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy' + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -695,9 +721,10 @@ spec: type: array type: object passTLSClientCert: - description: 'PassTLSClientCert holds the pass TLS client cert middleware - configuration. This middleware adds the selected data from the passed - client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/' + description: |- + PassTLSClientCert holds the pass TLS client cert middleware configuration. + This middleware adds the selected data from the passed client TLS certificate to a header. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/ properties: info: description: Info selects the specific client certificate details @@ -798,46 +825,48 @@ spec: plugin: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Plugin defines the middleware plugin configuration. - More info: https://doc.traefik.io/traefik/plugins/' + description: |- + Plugin defines the middleware plugin configuration. + More info: https://doc.traefik.io/traefik/plugins/ type: object rateLimit: - description: 'RateLimit holds the rate limit configuration. This middleware - ensures that services will receive a fair amount of requests, and - allows one to define what fair is. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/' + description: |- + RateLimit holds the rate limit configuration. + This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/ properties: average: - description: Average is the maximum rate, by default in requests/s, - allowed for the given source. It defaults to 0, which means - no rate limiting. The rate is actually defined by dividing Average - by Period. So for a rate below 1req/s, one needs to define a - Period larger than a second. + description: |- + Average is the maximum rate, by default in requests/s, allowed for the given source. + It defaults to 0, which means no rate limiting. + The rate is actually defined by dividing Average by Period. So for a rate below 1req/s, + one needs to define a Period larger than a second. format: int64 type: integer burst: - description: Burst is the maximum number of requests allowed to - arrive in the same arbitrarily small period of time. It defaults - to 1. + description: |- + Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time. + It defaults to 1. format: int64 type: integer period: anyOf: - type: integer - type: string - description: 'Period, in combination with Average, defines the - actual maximum rate, such as: r = Average / Period. It defaults - to a second.' + description: |- + Period, in combination with Average, defines the actual maximum rate, such as: + r = Average / Period. It defaults to a second. x-kubernetes-int-or-string: true sourceCriterion: - description: SourceCriterion defines what criterion is used to - group requests as originating from a common source. If several - strategies are defined at the same time, an error will be raised. - If none are set, the default is to use the request's remote - address field (as an ipStrategy). + description: |- + SourceCriterion defines what criterion is used to group requests as originating from a common source. + If several strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the request's remote address field (as an ipStrategy). properties: ipStrategy: - description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy' + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -863,9 +892,10 @@ spec: type: object type: object redirectRegex: - description: 'RedirectRegex holds the redirect regex middleware configuration. + description: |- + RedirectRegex holds the redirect regex middleware configuration. This middleware redirects a request using regex matching and replacement. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex properties: permanent: description: Permanent defines whether the redirection is permanent @@ -881,9 +911,10 @@ spec: type: string type: object redirectScheme: - description: 'RedirectScheme holds the redirect scheme middleware - configuration. This middleware redirects requests from a scheme/port - to another. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/' + description: |- + RedirectScheme holds the redirect scheme middleware configuration. + This middleware redirects requests from a scheme/port to another. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/ properties: permanent: description: Permanent defines whether the redirection is permanent @@ -897,9 +928,10 @@ spec: type: string type: object replacePath: - description: 'ReplacePath holds the replace path middleware configuration. - This middleware replaces the path of the request URL and store the - original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/' + description: |- + ReplacePath holds the replace path middleware configuration. + This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/ properties: path: description: Path defines the path to use as replacement in the @@ -907,9 +939,10 @@ spec: type: string type: object replacePathRegex: - description: 'ReplacePathRegex holds the replace path regex middleware - configuration. This middleware replaces the path of a URL using - regex matching and replacement. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/' + description: |- + ReplacePathRegex holds the replace path regex middleware configuration. + This middleware replaces the path of a URL using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/ properties: regex: description: Regex defines the regular expression used to match @@ -921,11 +954,11 @@ spec: type: string type: object retry: - description: 'Retry holds the retry middleware configuration. This - middleware reissues requests a given number of times to a backend - server if that server does not reply. As soon as the server answers, - the middleware stops retrying, regardless of the response status. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/' + description: |- + Retry holds the retry middleware configuration. + This middleware reissues requests a given number of times to a backend server if that server does not reply. + As soon as the server answers, the middleware stops retrying, regardless of the response status. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/ properties: attempts: description: Attempts defines how many times the request should @@ -935,23 +968,25 @@ spec: anyOf: - type: integer - type: string - description: InitialInterval defines the first wait time in the - exponential backoff series. The maximum interval is calculated - as twice the initialInterval. If unspecified, requests will - be retried immediately. The value of initialInterval should - be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. + description: |- + InitialInterval defines the first wait time in the exponential backoff series. + The maximum interval is calculated as twice the initialInterval. + If unspecified, requests will be retried immediately. + The value of initialInterval should be provided in seconds or as a valid duration format, + see https://pkg.go.dev/time#ParseDuration. x-kubernetes-int-or-string: true type: object stripPrefix: - description: 'StripPrefix holds the strip prefix middleware configuration. + description: |- + StripPrefix holds the strip prefix middleware configuration. This middleware removes the specified prefixes from the URL path. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/ properties: forceSlash: - description: 'Deprecated: ForceSlash option is deprecated, please - remove any usage of this option. ForceSlash ensures that the - resulting stripped path is not the empty string, by replacing - it with / when necessary. Default: true.' + description: |- + Deprecated: ForceSlash option is deprecated, please remove any usage of this option. + ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary. + Default: true. type: boolean prefixes: description: Prefixes defines the prefixes to strip from the request @@ -961,9 +996,10 @@ spec: type: array type: object stripPrefixRegex: - description: 'StripPrefixRegex holds the strip prefix regex middleware - configuration. This middleware removes the matching prefixes from - the URL path. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/' + description: |- + StripPrefixRegex holds the strip prefix regex middleware configuration. + This middleware removes the matching prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/ properties: regex: description: Regex defines the regular expression to match the diff --git a/docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml b/docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml index f72579c65..250ac1b12 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: middlewaretcps.traefik.io spec: group: traefik.io @@ -17,18 +17,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/' + description: |- + MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/ properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -39,16 +45,17 @@ spec: description: InFlightConn defines the InFlightConn middleware configuration. properties: amount: - description: Amount defines the maximum amount of allowed simultaneous - connections. The middleware closes the connection if there are - already amount connections opened. + description: |- + Amount defines the maximum amount of allowed simultaneous connections. + The middleware closes the connection if there are already amount connections opened. format: int64 type: integer type: object ipAllowList: - description: 'IPAllowList defines the IPAllowList middleware configuration. - This middleware accepts/refuses connections based on the client - IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/' + description: |- + IPAllowList defines the IPAllowList middleware configuration. + This middleware accepts/refuses connections based on the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/ properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of @@ -58,9 +65,11 @@ spec: type: array type: object ipWhiteList: - description: 'IPWhiteList defines the IPWhiteList middleware configuration. - This middleware accepts/refuses connections based on the client - IP. Deprecated: please use IPAllowList instead. More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/' + description: |- + IPWhiteList defines the IPWhiteList middleware configuration. + This middleware accepts/refuses connections based on the client IP. + Deprecated: please use IPAllowList instead. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/ properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of diff --git a/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml b/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml index 3ac912f6f..287943fbf 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: serverstransports.traefik.io spec: group: traefik.io @@ -17,20 +17,26 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'ServersTransport is the CRD implementation of a ServersTransport. + description: |- + ServersTransport is the CRD implementation of a ServersTransport. If no serversTransport is specified, the default@internal will be used. The default@internal serversTransport is created from the static configuration. - More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1' + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1 properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml b/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml index 22b76caa2..b255d3296 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: serverstransporttcps.traefik.io spec: group: traefik.io @@ -17,20 +17,26 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'ServersTransportTCP is the CRD implementation of a TCPServersTransport. - If no tcpServersTransport is specified, a default one named default@internal - will be used. The default@internal tcpServersTransport can be configured - in the static configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3' + description: |- + ServersTransportTCP is the CRD implementation of a TCPServersTransport. + If no tcpServersTransport is specified, a default one named default@internal will be used. + The default@internal tcpServersTransport can be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3 properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -76,9 +82,9 @@ spec: description: InsecureSkipVerify disables TLS certificate verification. type: boolean peerCertURI: - description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) - to keep per-host. PeerCertURI defines the peer cert URI used - to match against SAN URI during the peer certificate verification. + description: |- + MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host. + PeerCertURI defines the peer cert URI used to match against SAN URI during the peer certificate verification. type: string rootCAsSecrets: description: RootCAsSecrets defines a list of CA secret used to diff --git a/docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml b/docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml index ae829b34a..2380e8ef6 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: tlsoptions.traefik.io spec: group: traefik.io @@ -17,19 +17,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'TLSOption is the CRD implementation of a Traefik TLS Option, - allowing to configure some parameters of the TLS connection. More info: - https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options' + description: |- + TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -37,15 +42,16 @@ spec: description: TLSOptionSpec defines the desired state of a TLSOption. properties: alpnProtocols: - description: 'ALPNProtocols defines the list of supported application - level protocols for the TLS handshake, in order of preference. More - info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols' + description: |- + ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols items: type: string type: array cipherSuites: - description: 'CipherSuites defines the list of supported cipher suites - for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites' + description: |- + CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites items: type: string type: array @@ -71,26 +77,29 @@ spec: type: array type: object curvePreferences: - description: 'CurvePreferences defines the preferred elliptic curves - in a specific order. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences' + description: |- + CurvePreferences defines the preferred elliptic curves in a specific order. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences items: type: string type: array maxVersion: - description: 'MaxVersion defines the maximum TLS version that Traefik - will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, - VersionTLS13. Default: None.' + description: |- + MaxVersion defines the maximum TLS version that Traefik will accept. + Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. + Default: None. type: string minVersion: - description: 'MinVersion defines the minimum TLS version that Traefik - will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, - VersionTLS13. Default: VersionTLS10.' + description: |- + MinVersion defines the minimum TLS version that Traefik will accept. + Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. + Default: VersionTLS10. type: string preferServerCipherSuites: - description: 'PreferServerCipherSuites defines whether the server - chooses a cipher suite among his own instead of among the client''s. + description: |- + PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's. It is enabled automatically when minVersion or maxVersion is set. - Deprecated: https://github.com/golang/go/issues/45430' + Deprecated: https://github.com/golang/go/issues/45430 type: boolean sniStrict: description: SniStrict defines whether Traefik allows connections diff --git a/docs/content/reference/dynamic-configuration/traefik.io_tlsstores.yaml b/docs/content/reference/dynamic-configuration/traefik.io_tlsstores.yaml index efafd398c..15c4951ea 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_tlsstores.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_tlsstores.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: tlsstores.traefik.io spec: group: traefik.io @@ -17,20 +17,26 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For - the time being, only the TLSStore named default is supported. This means - that you cannot have two stores that are named default in different Kubernetes - namespaces. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores' + description: |- + TLSStore is the CRD implementation of a Traefik TLS Store. + For the time being, only the TLSStore named default is supported. + This means that you cannot have two stores that are named default in different Kubernetes namespaces. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml b/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml index 8620b4d74..7c8f58a3e 100644 --- a/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml +++ b/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: traefikservices.traefik.io spec: group: traefik.io @@ -17,19 +17,27 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'TraefikService is the CRD implementation of a Traefik Service. - TraefikService object allows to: - Apply weight to Services on load-balancing - - Mirror traffic on services More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice' + description: |- + TraefikService is the CRD implementation of a Traefik Service. + TraefikService object allows to: + - Apply weight to Services on load-balancing + - Mirror traffic on services + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -46,10 +54,10 @@ spec: - TraefikService type: string maxBodySize: - description: MaxBodySize defines the maximum size allowed for - the body of the request. If the body is larger, the request - is not mirrored. Default value is -1, which means unlimited - size. + description: |- + MaxBodySize defines the maximum size allowed for the body of the request. + If the body is larger, the request is not mirrored. + Default value is -1, which means unlimited size. format: int64 type: integer mirrors: @@ -65,35 +73,37 @@ spec: - TraefikService type: string name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between - the two is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or - if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client Host - header is forwarded to the upstream Kubernetes Service. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. By default, passHostHeader is true. type: boolean percent: - description: 'Percent defines the part of the traffic to - mirror. Supported values: 0 to 100.' + description: |- + Percent defines the part of the traffic to mirror. + Supported values: 0 to 100. type: integer port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: @@ -102,30 +112,29 @@ spec: client. properties: flushInterval: - description: 'FlushInterval defines the interval, in - milliseconds, in between flushes to the client while - copying the response body. A negative value means - to flush immediately after each write to the client. - This configuration is ignored when ReverseProxy recognizes - a response as a streaming response; for such responses, - writes are flushed to the client immediately. Default: - 100ms' + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https - when Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport - between Traefik and your servers. Can only be used on - a Kubernetes Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -135,17 +144,18 @@ spec: can be accessed by client-side APIs, such as JavaScript. type: boolean maxAge: - description: MaxAge indicates the number of seconds - until the cookie expires. When set to a negative - number, the cookie expires immediately. When set - to zero, the cookie never expires. + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can @@ -155,13 +165,13 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported - value at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only be - specified when Name references a TraefikService object + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). type: integer required: @@ -169,60 +179,62 @@ spec: type: object type: array name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between the two - is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or if the - only child is the Kubernetes Service clusterIP. The Kubernetes - Service itself does load-balance to the pods. By default, NativeLB - is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client Host header - is forwarded to the upstream Kubernetes Service. By default, - passHostHeader is true. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. This - can be a reference to a named port. + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: description: ResponseForwarding defines how Traefik forwards the response from the upstream Kubernetes Service to the client. properties: flushInterval: - description: 'FlushInterval defines the interval, in milliseconds, - in between flushes to the client while copying the response - body. A negative value means to flush immediately after - each write to the client. This configuration is ignored - when ReverseProxy recognizes a response as a streaming response; + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; for such responses, writes are flushed to the client immediately. - Default: 100ms' + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https when - Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport between - Traefik and your servers. Can only be used on a Kubernetes Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -232,17 +244,18 @@ spec: accessed by client-side APIs, such as JavaScript. type: boolean maxAge: - description: MaxAge indicates the number of seconds until - the cookie expires. When set to a negative number, the - cookie expires immediately. When set to zero, the cookie - never expires. + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. More - info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can only @@ -251,13 +264,14 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy between - the servers. RoundRobin is the only supported value at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only be specified - when Name references a TraefikService object (and to be precise, - one that embeds a Weighted Round Robin). + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). type: integer required: - name @@ -279,31 +293,32 @@ spec: - TraefikService type: string name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between - the two is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or - if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client Host - header is forwarded to the upstream Kubernetes Service. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. By default, passHostHeader is true. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: @@ -312,30 +327,29 @@ spec: client. properties: flushInterval: - description: 'FlushInterval defines the interval, in - milliseconds, in between flushes to the client while - copying the response body. A negative value means - to flush immediately after each write to the client. - This configuration is ignored when ReverseProxy recognizes - a response as a streaming response; for such responses, - writes are flushed to the client immediately. Default: - 100ms' + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https - when Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport - between Traefik and your servers. Can only be used on - a Kubernetes Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -345,17 +359,18 @@ spec: can be accessed by client-side APIs, such as JavaScript. type: boolean maxAge: - description: MaxAge indicates the number of seconds - until the cookie expires. When set to a negative - number, the cookie expires immediately. When set - to zero, the cookie never expires. + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can @@ -365,13 +380,13 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported - value at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only be - specified when Name references a TraefikService object + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). type: integer required: @@ -379,8 +394,9 @@ spec: type: object type: array sticky: - description: 'Sticky defines whether sticky sessions are enabled. - More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' + description: |- + Sticky defines whether sticky sessions are enabled. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -390,17 +406,18 @@ spec: accessed by client-side APIs, such as JavaScript. type: boolean maxAge: - description: MaxAge indicates the number of seconds until - the cookie expires. When set to a negative number, the - cookie expires immediately. When set to zero, the cookie - never expires. + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. More - info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can only diff --git a/docs/content/routing/entrypoints.md b/docs/content/routing/entrypoints.md index aa92aa5c9..75376bd9b 100644 --- a/docs/content/routing/entrypoints.md +++ b/docs/content/routing/entrypoints.md @@ -723,7 +723,7 @@ The maximum number of requests Traefik can handle before sending a `Connection: ```bash tab="CLI" ## Static configuration --entryPoints.name.address=:8888 - --entryPoints.name.transport.keepAliveRequests=42 + --entryPoints.name.transport.keepAliveMaxRequests=42 ``` #### `keepAliveMaxTime` @@ -753,7 +753,7 @@ The maximum duration Traefik can handle requests before sending a `Connection: C ```bash tab="CLI" ## Static configuration --entryPoints.name.address=:8888 - --entryPoints.name.transport.keepAliveTime=42s + --entryPoints.name.transport.keepAliveMaxTime=42s ``` ### ProxyProtocol diff --git a/go.mod b/go.mod index b4e712b51..702fbd501 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/traefik/traefik/v3 -go 1.21 +go 1.22 require ( github.com/BurntSushi/toml v1.3.2 @@ -17,7 +17,7 @@ require ( github.com/docker/go-connections v0.4.0 github.com/fatih/structs v1.1.0 github.com/fsnotify/fsnotify v1.7.0 - github.com/go-acme/lego/v4 v4.14.0 + github.com/go-acme/lego/v4 v4.15.0 github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea github.com/golang/protobuf v1.5.3 github.com/google/go-github/v28 v28.1.1 @@ -26,7 +26,7 @@ require ( github.com/hashicorp/consul/api v1.26.1 github.com/hashicorp/go-hclog v1.5.0 github.com/hashicorp/go-multierror v1.1.1 - github.com/hashicorp/go-retryablehttp v0.7.4 + github.com/hashicorp/go-retryablehttp v0.7.5 github.com/hashicorp/go-version v1.6.0 github.com/hashicorp/nomad/api v0.0.0-20240122103822-8a4bd61caf74 github.com/http-wasm/http-wasm-host-go v0.5.2 @@ -39,7 +39,7 @@ require ( github.com/kvtools/valkeyrie v1.0.0 github.com/kvtools/zookeeper v1.0.2 github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f - github.com/miekg/dns v1.1.55 + github.com/miekg/dns v1.1.58 github.com/mitchellh/copystructure v1.2.0 github.com/mitchellh/hashstructure v1.0.0 github.com/mitchellh/mapstructure v1.5.0 @@ -78,12 +78,12 @@ require ( go.opentelemetry.io/otel/sdk/metric v1.21.0 go.opentelemetry.io/otel/trace v1.21.0 golang.org/x/exp v0.0.0-20231006140011-7918f672742d - golang.org/x/mod v0.13.0 - golang.org/x/net v0.17.0 - golang.org/x/sys v0.15.0 - golang.org/x/text v0.13.0 - golang.org/x/time v0.3.0 - golang.org/x/tools v0.14.0 + golang.org/x/mod v0.14.0 + golang.org/x/net v0.20.0 + golang.org/x/sys v0.16.0 + golang.org/x/text v0.14.0 + golang.org/x/time v0.5.0 + golang.org/x/tools v0.17.0 google.golang.org/grpc v1.59.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.28.4 @@ -109,8 +109,8 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.1.0 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest v0.11.27 // indirect - github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect + github.com/Azure/go-autorest/autorest v0.11.29 // indirect + github.com/Azure/go-autorest/autorest/adal v0.9.22 // indirect github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect @@ -129,26 +129,27 @@ require ( github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 // indirect github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 // indirect github.com/armon/go-metrics v0.4.1 // indirect - github.com/aws/aws-sdk-go-v2 v1.20.3 // indirect - github.com/aws/aws-sdk-go-v2/config v1.18.28 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.13.27 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.40 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.34 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.34 // indirect - github.com/aws/aws-sdk-go-v2/service/lightsail v1.27.2 // indirect - github.com/aws/aws-sdk-go-v2/service/route53 v1.28.4 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.19.3 // indirect - github.com/aws/smithy-go v1.14.2 // indirect + github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect + github.com/aws/aws-sdk-go-v2/config v1.26.6 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect + github.com/aws/aws-sdk-go-v2/service/lightsail v1.34.0 // indirect + github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect + github.com/aws/smithy-go v1.19.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect github.com/bytedance/sonic v1.10.0 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/civo/civogo v0.3.11 // indirect - github.com/cloudflare/cloudflare-go v0.70.0 // indirect + github.com/cloudflare/cloudflare-go v0.86.0 // indirect github.com/containerd/containerd v1.7.11 // indirect github.com/containerd/log v0.1.0 // indirect github.com/coreos/go-semver v0.3.1 // indirect @@ -165,12 +166,12 @@ require ( github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch v5.7.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.7.0 // indirect - github.com/exoscale/egoscale v0.100.1 // indirect + github.com/exoscale/egoscale v0.102.3 // indirect github.com/fatih/color v1.15.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/gin-gonic/gin v1.9.1 // indirect github.com/go-errors/errors v1.0.1 // indirect - github.com/go-jose/go-jose/v3 v3.0.0 // indirect + github.com/go-jose/go-jose/v3 v3.0.1 // indirect github.com/go-logfmt/logfmt v0.5.1 // indirect github.com/go-logr/logr v1.3.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect @@ -179,9 +180,10 @@ require ( github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.4 // indirect github.com/go-playground/validator/v10 v10.15.1 // indirect - github.com/go-resty/resty/v2 v2.7.0 // indirect + github.com/go-resty/resty/v2 v2.11.0 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/go-zookeeper/zk v1.0.3 // indirect + github.com/goccy/go-json v0.10.2 // indirect github.com/gofrs/uuid v4.4.0+incompatible // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect @@ -221,10 +223,9 @@ require ( github.com/kylelemons/godebug v1.1.0 // indirect github.com/labbsr0x/bindman-dns-webhook v1.0.2 // indirect github.com/labbsr0x/goh v1.0.1 // indirect - github.com/linode/linodego v1.17.2 // indirect - github.com/liquidweb/go-lwApi v0.0.5 // indirect + github.com/linode/linodego v1.28.0 // indirect github.com/liquidweb/liquidweb-cli v0.6.9 // indirect - github.com/liquidweb/liquidweb-go v1.6.3 // indirect + github.com/liquidweb/liquidweb-go v1.6.4 // indirect github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mailgun/minheap v0.0.0-20170619185613-3dbe6c6bf55f // indirect @@ -248,13 +249,14 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 // indirect github.com/nrdcg/auroradns v1.1.0 // indirect + github.com/nrdcg/bunny-go v0.0.0-20230728143221-c9dda82568d9 // indirect github.com/nrdcg/desec v0.7.0 // indirect github.com/nrdcg/dnspod-go v0.4.0 // indirect github.com/nrdcg/freemyip v0.2.0 // indirect - github.com/nrdcg/goinwx v0.8.2 // indirect + github.com/nrdcg/goinwx v0.10.0 // indirect github.com/nrdcg/namesilo v0.2.1 // indirect github.com/nrdcg/nodion v0.1.0 // indirect - github.com/nrdcg/porkbun v0.2.0 // indirect + github.com/nrdcg/porkbun v0.3.0 // indirect github.com/nzdjb/go-metaname v1.0.0 // indirect github.com/onsi/ginkgo v1.16.5 // indirect github.com/onsi/ginkgo/v2 v2.11.0 // indirect @@ -262,7 +264,7 @@ require ( github.com/opencontainers/image-spec v1.1.0-rc5 // indirect github.com/opencontainers/runc v1.1.5 // indirect github.com/oracle/oci-go-sdk v24.3.0+incompatible // indirect - github.com/ovh/go-ovh v1.4.1 // indirect + github.com/ovh/go-ovh v1.4.3 // indirect github.com/pelletier/go-toml/v2 v2.0.9 // indirect github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect github.com/pkg/errors v0.9.1 // indirect @@ -278,13 +280,12 @@ require ( github.com/sacloud/go-http v0.1.6 // indirect github.com/sacloud/iaas-api-go v1.11.1 // indirect github.com/sacloud/packages-go v0.0.9 // indirect - github.com/scaleway/scaleway-sdk-go v1.0.0-beta.17 // indirect + github.com/scaleway/scaleway-sdk-go v1.0.0-beta.22 // indirect github.com/shirou/gopsutil/v3 v3.23.11 // indirect github.com/shoenig/go-m1cpu v0.1.6 // indirect github.com/shopspring/decimal v1.2.0 // indirect - github.com/simplesurance/bunny-go v0.0.0-20221115111006-e11d9dc91f04 // indirect github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9 // indirect - github.com/softlayer/softlayer-go v1.1.2 // indirect + github.com/softlayer/softlayer-go v1.1.3 // indirect github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e // indirect github.com/spf13/cast v1.3.1 // indirect github.com/spf13/pflag v1.0.5 // indirect @@ -295,8 +296,8 @@ require ( github.com/tidwall/pretty v1.2.1 // indirect github.com/tklauser/go-sysconf v0.3.12 // indirect github.com/tklauser/numcpus v0.6.1 // indirect - github.com/transip/gotransip/v6 v6.20.0 // indirect - github.com/ultradns/ultradns-go-sdk v1.5.0-20230427130837-23c9b0c // indirect + github.com/transip/gotransip/v6 v6.23.0 // indirect + github.com/ultradns/ultradns-go-sdk v1.6.1-20231103022937-8589b6a // indirect github.com/vinyldns/go-vinyldns v0.9.16 // indirect github.com/vultr/govultr/v2 v2.17.2 // indirect github.com/yandex-cloud/go-genproto v0.0.0-20220805142335-27b56ddae16f // indirect @@ -314,9 +315,9 @@ require ( go.uber.org/ratelimit v0.2.0 // indirect go.uber.org/zap v1.26.0 // indirect golang.org/x/arch v0.4.0 // indirect - golang.org/x/crypto v0.14.0 // indirect - golang.org/x/oauth2 v0.13.0 // indirect - golang.org/x/term v0.13.0 // indirect + golang.org/x/crypto v0.18.0 // indirect + golang.org/x/oauth2 v0.16.0 // indirect + golang.org/x/term v0.16.0 // indirect google.golang.org/api v0.128.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect @@ -326,7 +327,7 @@ require ( gopkg.in/h2non/gock.v1 v1.0.16 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect - gopkg.in/ns1/ns1-go.v2 v2.7.6 // indirect + gopkg.in/ns1/ns1-go.v2 v2.7.13 // indirect gopkg.in/square/go-jose.v2 v2.5.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/klog/v2 v2.100.1 // indirect diff --git a/go.sum b/go.sum index c651525ee..c9bd69ebd 100644 --- a/go.sum +++ b/go.sum @@ -42,11 +42,11 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg6 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= -github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A= -github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= +github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw= +github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs= github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg= -github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= +github.com/Azure/go-autorest/autorest/adal v0.9.22 h1:/GblQdIudfEM3AWWZ0mrYJQSd7JS4S/Mbzh6F0ov0Xc= +github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk= github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 h1:wkAZRgT/pn8HhFyzfe9UnqOjJYqlembgCTi72Bm/xKk= github.com/Azure/go-autorest/autorest/azure/auth v0.5.12/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg= github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 h1:0W/yGmFdTIT77fvdlGZ0LMISoLHFJ7Tx4U0yeB+uFs4= @@ -122,39 +122,36 @@ github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN github.com/aws/aws-sdk-go v1.44.327 h1:ZS8oO4+7MOBLhkdwIhgtVeDzCeWOlTfKJS7EgggbIEY= github.com/aws/aws-sdk-go v1.44.327/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= -github.com/aws/aws-sdk-go-v2 v1.19.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= -github.com/aws/aws-sdk-go-v2 v1.20.3 h1:lgeKmAZhlj1JqN43bogrM75spIvYnRxqTAh1iupu1yE= -github.com/aws/aws-sdk-go-v2 v1.20.3/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M= -github.com/aws/aws-sdk-go-v2/config v1.18.28 h1:TINEaKyh1Td64tqFvn09iYpKiWjmHYrG1fa91q2gnqw= -github.com/aws/aws-sdk-go-v2/config v1.18.28/go.mod h1:nIL+4/8JdAuNHEjn/gPEXqtnS02Q3NXB/9Z7o5xE4+A= -github.com/aws/aws-sdk-go-v2/credentials v1.13.27 h1:dz0yr/yR1jweAnsCx+BmjerUILVPQ6FS5AwF/OyG1kA= -github.com/aws/aws-sdk-go-v2/credentials v1.13.27/go.mod h1:syOqAek45ZXZp29HlnRS/BNgMIW6uiRmeuQsz4Qh2UE= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 h1:kP3Me6Fy3vdi+9uHd7YLr6ewPxRL+PU6y15urfTaamU= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5/go.mod h1:Gj7tm95r+QsDoN2Fhuz/3npQvcZbkEf5mL70n3Xfluc= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35/go.mod h1:ipR5PvpSPqIqL5Mi82BxLnfMkHVbmco8kUwO2xrCi0M= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.40 h1:CXceCS9BrDInRc74GDCQ8Qyk/Gp9VLdK+Rlve+zELSE= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.40/go.mod h1:5kKmFhLeOVy6pwPDpDNA6/hK/d6URC98pqDDqHgdBx4= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29/go.mod h1:M/eUABlDbw2uVrdAn+UsI6M727qp2fxkp8K0ejcBDUY= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.34 h1:B+nZtd22cbko5+793hg7LEaTeLMiZwlgCLUrN5Y0uzg= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.34/go.mod h1:RZP0scceAyhMIQ9JvFp7HvkpcgqjL4l/4C+7RAeGbuM= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36 h1:8r5m1BoAWkn0TDC34lUculryf7nUF25EgIMdjvGCkgo= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.36/go.mod h1:Rmw2M1hMVTwiUhjwMoIBFWFJMhvJbct06sSidxInkhY= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.29/go.mod h1:fDbkK4o7fpPXWn8YAPmTieAMuB9mk/VgvW64uaUqxd4= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.34 h1:JwvXk+1ePAD9xkFHprhHYqwsxLDcbNFsPI1IAT2sPS0= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.34/go.mod h1:ytsF+t+FApY2lFnN51fJKPhH6ICKOPXKEcwwgmJEdWI= -github.com/aws/aws-sdk-go-v2/service/lightsail v1.27.2 h1:PwNeYoonBzmTdCztKiiutws3U24KrnDBuabzRfIlZY4= -github.com/aws/aws-sdk-go-v2/service/lightsail v1.27.2/go.mod h1:gQhLZrTEath4zik5ixIe6axvgY5jJrgSBDJ360Fxnco= -github.com/aws/aws-sdk-go-v2/service/route53 v1.28.4 h1:p4mTxJfCAyiTT4Wp6p/mOPa6j5MqCSRGot8qZwFs+Z0= -github.com/aws/aws-sdk-go-v2/service/route53 v1.28.4/go.mod h1:VBLWpaHvhQNeu7N9rMEf00SWeOONb/HvaDUxe/7b44k= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.13 h1:sWDv7cMITPcZ21QdreULwxOOAmE05JjEsT6fCDtDA9k= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.13/go.mod h1:DfX0sWuT46KpcqbMhJ9QWtxAIP1VozkDWf8VAkByjYY= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 h1:BFubHS/xN5bjl818QaroN6mQdjneYQ+AOx44KNXlyH4= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13/go.mod h1:BzqsVVFduubEmzrVtUFQQIQdFqvUItF8XUq2EnS8Wog= -github.com/aws/aws-sdk-go-v2/service/sts v1.19.3 h1:e5mnydVdCVWxP+5rPAGi2PYxC7u2OZgH1ypC114H04U= -github.com/aws/aws-sdk-go-v2/service/sts v1.19.3/go.mod h1:yVGZA1CPkmUhBdA039jXNJJG7/6t+G+EBWmFq23xqnY= -github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= -github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ= -github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= +github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU= +github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4= +github.com/aws/aws-sdk-go-v2/config v1.26.6 h1:Z/7w9bUqlRI0FFQpetVuFYEsjzE3h7fpU6HuGmfPL/o= +github.com/aws/aws-sdk-go-v2/config v1.26.6/go.mod h1:uKU6cnDmYCvJ+pxO9S4cWDb2yWWIH5hra+32hVh1MI4= +github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8= +github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw= +github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 h1:n3GDfwqF2tzEkXlv5cuy4iy7LpKDtqDMcNLfZDu9rls= +github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino= +github.com/aws/aws-sdk-go-v2/service/lightsail v1.34.0 h1:LvWkxBi/bsWHqj3bFTUuDLl4OAlbaM1HDZ9YPhj5+jg= +github.com/aws/aws-sdk-go-v2/service/lightsail v1.34.0/go.mod h1:35MKNS46RX7Lb9EIFP2bPy3WrJu+bxU6QgLis8K1aa4= +github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0 h1:f3hBZWtpn9clZGXJoqahQeec9ZPZnu22g8pg+zNyif0= +github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0/go.mod h1:8qqfpG4mug2JLlEyWPSFhEGvJiaZ9iPmMDDMYc5Xtas= +github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow= +github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8= +github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0= +github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U= +github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM= +github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -199,8 +196,8 @@ github.com/civo/civogo v0.3.11 h1:mON/fyrV946Sbk6paRtOSGsN+asCgCmHCgArf5xmGxM= github.com/civo/civogo v0.3.11/go.mod h1:7+GeeFwc4AYTULaEshpT2vIcl3Qq8HPoxA17viX3l6g= github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/cloudflare-go v0.70.0 h1:4opGbUygM8DjirUuaz23jn3akuAcnOCEx+0nQtQEcFo= -github.com/cloudflare/cloudflare-go v0.70.0/go.mod h1:VW6GuazkaZ4xEDkFt24lkXQUsE8q7BiGqDniC2s8WEM= +github.com/cloudflare/cloudflare-go v0.86.0 h1:jEKN5VHNYNYtfDL2lUFLTRo+nOVNPFxpXTstVx0rqHI= +github.com/cloudflare/cloudflare-go v0.86.0/go.mod h1:wYW/5UP02TUfBToa/yKbQHV+r6h1NnJ1Je7XjuGM4Jw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= @@ -306,8 +303,8 @@ github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc= github.com/evanphx/json-patch/v5 v5.7.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= -github.com/exoscale/egoscale v0.100.1 h1:iXsV1Ei7daqe/6FYSCSDyrFs1iUG1l1X9qNh2uMw6z0= -github.com/exoscale/egoscale v0.100.1/go.mod h1:BAb9p4rmyU+Wl400CJZO5270H2sXtdsZjLcm5xMKkz4= +github.com/exoscale/egoscale v0.102.3 h1:DYqN2ipoLKpiFoprRGQkp2av/Ze7sUYYlGhi1N62tfY= +github.com/exoscale/egoscale v0.102.3/go.mod h1:RPf2Gah6up+6kAEayHTQwqapzXlm93f0VQas/UEGU5c= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= @@ -338,15 +335,15 @@ github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwv github.com/gin-gonic/gin v1.7.4/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY= github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg= github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU= -github.com/go-acme/lego/v4 v4.14.0 h1:/skZoRHgVh0d2RK7l1g3Ch8HqeqP9LB8ZEjLdGEpcDE= -github.com/go-acme/lego/v4 v4.14.0/go.mod h1:zjmvNCDLGz7GrC1OqdVpVmZFKSRabEDtWbdzmcpBsGo= +github.com/go-acme/lego/v4 v4.15.0 h1:A7MHEU3b+TDFqhC/HmzMJnzPbyeaYvMZQBbqgvbThhU= +github.com/go-acme/lego/v4 v4.15.0/go.mod h1:eeGhjW4zWT7Ccqa3sY7ayEqFLCAICx+mXgkMHKIkLxg= github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs= github.com/go-cmd/cmd v1.0.5/go.mod h1:y8q8qlK5wQibcw63djSl/ntiHUHXHGdCkPk0j4QeW4s= github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo= -github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= +github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA= +github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea h1:CnEQOUv4ilElSwFB9g/lVmz206oLE4aNZDYngIY1Gvg= @@ -390,8 +387,8 @@ github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn github.com/go-playground/validator/v10 v10.9.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos= github.com/go-playground/validator/v10 v10.15.1 h1:BSe8uhN+xQ4r5guV/ywQI4gO59C2raYcGffYWZEjZzM= github.com/go-playground/validator/v10 v10.15.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= -github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY= -github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I= +github.com/go-resty/resty/v2 v2.11.0 h1:i7jMfNOJYMp69lq7qozJP+bjgzfAzeOhuGlyDrqxT/8= +github.com/go-resty/resty/v2 v2.11.0/go.mod h1:iiP/OpA0CkcL3IGt1O0+/SIItFUbkkyw5BGXiVdTu+A= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= @@ -480,7 +477,6 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= -github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -569,8 +565,8 @@ github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA= -github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= +github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M= +github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= @@ -709,15 +705,13 @@ github.com/lestrrat-go/jwx v1.2.7/go.mod h1:bw24IXWbavc0R2RsOtpXL7RtMyP589yZ1+L7 github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/linode/linodego v1.17.2 h1:b32dj4662PGG5P9qVa6nBezccWdqgukndlMIuPGq1CQ= -github.com/linode/linodego v1.17.2/go.mod h1:C2iyT3Vg2O2sPxkWka4XAQ5WSUtm5LmTZ3Adw43Ra7Q= +github.com/linode/linodego v1.28.0 h1:lzxxJebsYg5cCWRNDLyL2StW3sfMyAwf/FYfxFjFrlk= +github.com/linode/linodego v1.28.0/go.mod h1:5oAsx+uinHtVo6U77nXXXtox7MWzUW6aEkTOKXxA9uo= github.com/liquidweb/go-lwApi v0.0.0-20190605172801-52a4864d2738/go.mod h1:0sYF9rMXb0vlG+4SzdiGMXHheCZxjguMq+Zb4S2BfBs= -github.com/liquidweb/go-lwApi v0.0.5 h1:CT4cdXzJXmo0bon298kS7NeSk+Gt8/UHpWBBol1NGCA= -github.com/liquidweb/go-lwApi v0.0.5/go.mod h1:0sYF9rMXb0vlG+4SzdiGMXHheCZxjguMq+Zb4S2BfBs= github.com/liquidweb/liquidweb-cli v0.6.9 h1:acbIvdRauiwbxIsOCEMXGwF75aSJDbDiyAWPjVnwoYM= github.com/liquidweb/liquidweb-cli v0.6.9/go.mod h1:cE1uvQ+x24NGUL75D0QagOFCG8Wdvmwu8aL9TLmA/eQ= -github.com/liquidweb/liquidweb-go v1.6.3 h1:NVHvcnX3eb3BltiIoA+gLYn15nOpkYkdizOEYGSKrk4= -github.com/liquidweb/liquidweb-go v1.6.3/go.mod h1:SuXXp+thr28LnjEw18AYtWwIbWMHSUiajPQs8T9c/Rc= +github.com/liquidweb/liquidweb-go v1.6.4 h1:6S0m3hHSpiLqGD7AFSb7lH/W/qr1wx+tKil9fgIbjMc= +github.com/liquidweb/liquidweb-go v1.6.4/go.mod h1:B934JPIIcdA+uTq2Nz5PgOtG6CuCaEvQKe/Ge/5GgZ4= github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4= github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= @@ -771,8 +765,8 @@ github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3N github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= github.com/miekg/dns v1.1.47/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= -github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo= -github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= +github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= +github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= github.com/mimuret/golang-iij-dpf v0.9.1 h1:Gj6EhHJkOhr+q2RnvRPJsPMcjuVnWPSccEHyoEehU34= github.com/mimuret/golang-iij-dpf v0.9.1/go.mod h1:sl9KyOkESib9+KRD3HaGpgi1xk7eoN2+d96LCLsME2M= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= @@ -839,20 +833,22 @@ github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uY github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nrdcg/auroradns v1.1.0 h1:KekGh8kmf2MNwqZVVYo/fw/ZONt8QMEmbMFOeljteWo= github.com/nrdcg/auroradns v1.1.0/go.mod h1:O7tViUZbAcnykVnrGkXzIJTHoQCHcgalgAe6X1mzHfk= +github.com/nrdcg/bunny-go v0.0.0-20230728143221-c9dda82568d9 h1:qpB3wZR4+MPK92cTC9zZPnndkJgDgPvQqPUAgVc1NXU= +github.com/nrdcg/bunny-go v0.0.0-20230728143221-c9dda82568d9/go.mod h1:HUoHXDrFvidN1NK9Wb/mZKNOfDNutKkzF2Pg71M9hHA= github.com/nrdcg/desec v0.7.0 h1:iuGhi4pstF3+vJWwt292Oqe2+AsSPKDynQna/eu1fDs= github.com/nrdcg/desec v0.7.0/go.mod h1:e1uRqqKv1mJdd5+SQROAhmy75lKMphLzWIuASLkpeFY= github.com/nrdcg/dnspod-go v0.4.0 h1:c/jn1mLZNKF3/osJ6mz3QPxTudvPArXTjpkmYj0uK6U= github.com/nrdcg/dnspod-go v0.4.0/go.mod h1:vZSoFSFeQVm2gWLMkyX61LZ8HI3BaqtHZWgPTGKr6KQ= github.com/nrdcg/freemyip v0.2.0 h1:/GscavT4GVqAY13HExl5UyoB4wlchv6Cg5NYDGsUoJ8= github.com/nrdcg/freemyip v0.2.0/go.mod h1:HjF0Yz0lSb37HD2ihIyGz9esyGcxbCrrGFLPpKevbx4= -github.com/nrdcg/goinwx v0.8.2 h1:RmjiHlEA+lzi3toXyPSaE6hWnBQ0+G+1u7w8C6Fpp4g= -github.com/nrdcg/goinwx v0.8.2/go.mod h1:mnMSTi7CXBu2io4DzdOBoGFA1XclD0sEPWJaDhNgkA4= +github.com/nrdcg/goinwx v0.10.0 h1:6W630bjDxQD6OuXKqrFRYVpTt0G/9GXXm3CeOrN0zJM= +github.com/nrdcg/goinwx v0.10.0/go.mod h1:mnMSTi7CXBu2io4DzdOBoGFA1XclD0sEPWJaDhNgkA4= github.com/nrdcg/namesilo v0.2.1 h1:kLjCjsufdW/IlC+iSfAqj0iQGgKjlbUUeDJio5Y6eMg= github.com/nrdcg/namesilo v0.2.1/go.mod h1:lwMvfQTyYq+BbjJd30ylEG4GPSS6PII0Tia4rRpRiyw= github.com/nrdcg/nodion v0.1.0 h1:zLKaqTn2X0aDuBHHfyA1zFgeZfiCpmu/O9DM73okavw= github.com/nrdcg/nodion v0.1.0/go.mod h1:inbuh3neCtIWlMPZHtEpe43TmRXxHV6+hk97iCZicms= -github.com/nrdcg/porkbun v0.2.0 h1:ghaqPtIKcffba99epWFkK3VWf6TKJT9WMXMgaTqv95Y= -github.com/nrdcg/porkbun v0.2.0/go.mod h1:i0uLMn9ItFsLsSQIAeEu1wQ9/+6EvX1eQw15hulMMRw= +github.com/nrdcg/porkbun v0.3.0 h1:jnRV7j2zd3hmh+tSDOGetJyy3+WklaMxbs7HtTTmWMs= +github.com/nrdcg/porkbun v0.3.0/go.mod h1:jh1DKz96jGHW+NCdG3AmTbbnQeBlNUz1KeSgeN/cBVw= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= @@ -899,8 +895,8 @@ github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnh github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/oracle/oci-go-sdk v24.3.0+incompatible h1:x4mcfb4agelf1O4/1/auGlZ1lr97jXRSSN5MxTgG/zU= github.com/oracle/oci-go-sdk v24.3.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888= -github.com/ovh/go-ovh v1.4.1 h1:VBGa5wMyQtTP7Zb+w97zRCh9sLtM/2YKRyy+MEJmWaM= -github.com/ovh/go-ovh v1.4.1/go.mod h1:6bL6pPyUT7tBfI0pqOegJgRjgjuO+mOo+MyXd1EEC0M= +github.com/ovh/go-ovh v1.4.3 h1:Gs3V823zwTFpzgGLZNI6ILS4rmxZgJwJCz54Er9LwD0= +github.com/ovh/go-ovh v1.4.3/go.mod h1:AkPXVtgwB6xlKblMjRKJJmjRp+ogrE7fz2lVgcQY8SY= github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= @@ -1003,8 +999,8 @@ github.com/sacloud/iaas-api-go v1.11.1/go.mod h1:uBDSa06F/V0OnoR66jGdbH0PVnCJw+N github.com/sacloud/packages-go v0.0.9 h1:GbinkBLC/eirFhHpLjoDW6JV7+95Rnd2d8RWj7Afeks= github.com/sacloud/packages-go v0.0.9/go.mod h1:k+EEUMF2LlncjbNIJNOqLyZ9wjTESPIWIk1OA7x9j2Q= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.17 h1:1WuWJu7/e8SqK+uQl7lfk/N/oMZTL2NE/TJsNKRNMc4= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.17/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.22 h1:wJrcTdddKOI8TFxs8cemnhKP2EmKy3yfUKHj3ZdfzYo= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.22/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= @@ -1020,8 +1016,6 @@ github.com/shoenig/test v1.7.0/go.mod h1:UxJ6u/x2v/TNs/LoLxBNJRV9DiwBBKYxXSyczsB github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/simplesurance/bunny-go v0.0.0-20221115111006-e11d9dc91f04 h1:ZTzdx88+AcnjqUfJwnz89UBrMSBQ1NEysg9u5d+dU9c= -github.com/simplesurance/bunny-go v0.0.0-20221115111006-e11d9dc91f04/go.mod h1:5KS21fpch8TIMyAUv/qQqTa3GZfBDYgjaZbd2KXKYfg= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= @@ -1036,8 +1030,8 @@ github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/gunit v1.0.4 h1:tpTjnuH7MLlqhoD21vRoMZbMIi5GmBsAJDFyF67GhZA= github.com/smartystreets/gunit v1.0.4/go.mod h1:EH5qMBab2UclzXUcpR8b93eHsIlp9u+pDQIRp5DZNzQ= -github.com/softlayer/softlayer-go v1.1.2 h1:rUSSGCyaxymvTOsaFjwr+cGxA8muw3xg2LSrIMNcN/c= -github.com/softlayer/softlayer-go v1.1.2/go.mod h1:hvAbzGH4LRXA6yXY8BNx99yoqZ7urfDdtl9mvBf0G+g= +github.com/softlayer/softlayer-go v1.1.3 h1:dfFzt5eOKIAyB/b78fHMyDu5ICx0ZtxL9NRhBlf831A= +github.com/softlayer/softlayer-go v1.1.3/go.mod h1:Pc7F57OgUKaAam7TtpqkUeqL7QyKknfiUI4R49h41/U= github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e h1:3OgWYFw7jxCZPcvAg+4R8A50GZ+CCkARF10lxu2qDsQ= github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e/go.mod h1:fKZCUVdirrxrBpwd9wb+lSoVixvpwAu8eHzbQB2tums= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= @@ -1115,8 +1109,8 @@ github.com/traefik/paerser v0.2.0 h1:zqCLGSXoNlcBd+mzqSCLjon/I6phqIjeJL2xFB2ysgQ github.com/traefik/paerser v0.2.0/go.mod h1:afzaVcgF8A+MpTnPG4wBr4whjanCSYA6vK5RwaYVtRc= github.com/traefik/yaegi v0.15.1 h1:YA5SbaL6HZA0Exh9T/oArRHqGN2HQ+zgmCY7dkoTXu4= github.com/traefik/yaegi v0.15.1/go.mod h1:AVRxhaI2G+nUsaM1zyktzwXn69G3t/AuTDrCiTds9p0= -github.com/transip/gotransip/v6 v6.20.0 h1:AuvwyOZ51f2brzMbTqlRy/wmaM3kF7Vx5Wds8xcDflY= -github.com/transip/gotransip/v6 v6.20.0/go.mod h1:nzv9eN2tdsUrm5nG5ZX6AugYIU4qgsMwIn2c0EZLk8c= +github.com/transip/gotransip/v6 v6.23.0 h1:PsTdjortrEZ8IFFifEryzjVjOy9SgK4ahlnhKBBIQgA= +github.com/transip/gotransip/v6 v6.23.0/go.mod h1:nzv9eN2tdsUrm5nG5ZX6AugYIU4qgsMwIn2c0EZLk8c= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI= github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08= @@ -1127,8 +1121,8 @@ github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLY github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw= github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU= github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg= -github.com/ultradns/ultradns-go-sdk v1.5.0-20230427130837-23c9b0c h1:mKnW6IGLw7uXu6DL6RitufZWcXS6hCnauXRUFof7rKM= -github.com/ultradns/ultradns-go-sdk v1.5.0-20230427130837-23c9b0c/go.mod h1:F4UyVEmq4/m5lAmx+GccrxyRCXmnBjzUL09JLTQFp94= +github.com/ultradns/ultradns-go-sdk v1.6.1-20231103022937-8589b6a h1:w4PK5/N9kq8PfNxBv8a5t1bqlYRrVT7XzT7iTPTtiPk= +github.com/ultradns/ultradns-go-sdk v1.6.1-20231103022937-8589b6a/go.mod h1:Xwz7o+ExFtxR/i0aJDnTXuiccQJlOxDgNe6FsZC4TzQ= github.com/unrolled/render v1.0.2 h1:dGS3EmChQP3yOi1YeFNO/Dx+MbWZhdvhQJTXochM5bs= github.com/unrolled/render v1.0.2/go.mod h1:gN9T0NhL4Bfbwu8ann7Ry/TGHYfosul+J0obPf6NBdM= github.com/unrolled/secure v1.0.9 h1:BWRuEb1vDrBFFDdbCnKkof3gZ35I/bnHGyt0LB0TNyQ= @@ -1253,9 +1247,12 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= +golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1286,8 +1283,9 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= -golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1322,20 +1320,22 @@ golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= +golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY= -golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= +golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= +golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1346,8 +1346,9 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ= -golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1424,15 +1425,20 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= +golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= @@ -1443,16 +1449,20 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1487,8 +1497,9 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc= -golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= +golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1598,8 +1609,8 @@ gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ns1/ns1-go.v2 v2.7.6 h1:mCPl7q0jbIGACXvGBljAuuApmKZo3rRi4tlRIEbMvjA= -gopkg.in/ns1/ns1-go.v2 v2.7.6/go.mod h1:GMnKY+ZuoJ+lVLL+78uSTjwTz2jMazq6AfGKQOYhsPk= +gopkg.in/ns1/ns1-go.v2 v2.7.13 h1:r07CLALg18f/L1KIK1ZJdbirBV349UtYT1rDWGjnaTk= +gopkg.in/ns1/ns1-go.v2 v2.7.13/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.4.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w= diff --git a/integration/fixtures/k8s/01-traefik-crd.yml b/integration/fixtures/k8s/01-traefik-crd.yml index 34631cbe4..a95cf1153 100644 --- a/integration/fixtures/k8s/01-traefik-crd.yml +++ b/integration/fixtures/k8s/01-traefik-crd.yml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: ingressroutes.traefik.io spec: group: traefik.io @@ -20,14 +20,19 @@ spec: description: IngressRoute is the CRD implementation of a Traefik HTTP Router. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -35,10 +40,11 @@ spec: description: IngressRouteSpec defines the desired state of IngressRoute. properties: entryPoints: - description: 'EntryPoints defines the list of entry point names to - bind to. Entry points have to be configured in the static configuration. + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ - Default: all.' + Default: all. items: type: string type: array @@ -48,17 +54,21 @@ spec: description: Route holds the HTTP route configuration. properties: kind: - description: Kind defines the kind of the route. Rule is the - only supported kind. + description: |- + Kind defines the kind of the route. + Rule is the only supported kind. enum: - Rule type: string match: - description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule' + description: |- + Match defines the router's rule. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule type: string middlewares: - description: 'Middlewares defines the list of references to - Middleware resources. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware' + description: |- + Middlewares defines the list of references to Middleware resources. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware items: description: MiddlewareRef is a reference to a Middleware resource. @@ -76,13 +86,14 @@ spec: type: object type: array priority: - description: 'Priority defines the router''s priority. More - info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority' + description: |- + Priority defines the router's priority. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority type: integer services: - description: Services defines the list of Service. It can contain - any combination of TraefikService and/or reference to a Kubernetes - Service. + description: |- + Services defines the list of Service. + It can contain any combination of TraefikService and/or reference to a Kubernetes Service. items: description: Service defines an upstream HTTP service to proxy traffic to. @@ -94,31 +105,32 @@ spec: - TraefikService type: string name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between - the two is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs - or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client - Host header is forwarded to the upstream Kubernetes - Service. By default, passHostHeader is true. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: @@ -127,30 +139,29 @@ spec: the client. properties: flushInterval: - description: 'FlushInterval defines the interval, - in milliseconds, in between flushes to the client - while copying the response body. A negative value - means to flush immediately after each write to the - client. This configuration is ignored when ReverseProxy - recognizes a response as a streaming response; for - such responses, writes are flushed to the client - immediately. Default: 100ms' + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the - request to the upstream Kubernetes Service. It defaults - to https when Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport - between Traefik and your servers. Can only be used on - a Kubernetes Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -161,17 +172,18 @@ spec: JavaScript. type: boolean maxAge: - description: MaxAge indicates the number of seconds - until the cookie expires. When set to a negative - number, the cookie expires immediately. When - set to zero, the cookie never expires. + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie @@ -181,23 +193,23 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported - value at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only - be specified when Name references a TraefikService object - (and to be precise, one that embeds a Weighted Round - Robin). + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). type: integer required: - name type: object type: array syntax: - description: 'Syntax defines the router''s rule syntax. More - info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax' + description: |- + Syntax defines the router's rule syntax. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax type: string required: - kind @@ -205,16 +217,20 @@ spec: type: object type: array tls: - description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls' + description: |- + TLS defines the TLS configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls properties: certResolver: - description: 'CertResolver defines the name of the certificate - resolver to use. Cert resolvers have to be configured in the - static configuration. More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers' + description: |- + CertResolver defines the name of the certificate resolver to use. + Cert resolvers have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers type: string domains: - description: 'Domains defines the list of domains that will be - used to issue certificates. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains' + description: |- + Domains defines the list of domains that will be used to issue certificates. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains items: description: Domain holds a domain name with SANs. properties: @@ -230,17 +246,20 @@ spec: type: object type: array options: - description: 'Options defines the reference to a TLSOption, that - specifies the parameters of the TLS connection. If not defined, - the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options' + description: |- + Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. + If not defined, the `default` TLSOption is used. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options properties: name: - description: 'Name defines the name of the referenced TLSOption. - More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption' + description: |- + Name defines the name of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption type: string namespace: - description: 'Namespace defines the namespace of the referenced - TLSOption. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption' + description: |- + Namespace defines the namespace of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption type: string required: - name @@ -250,17 +269,19 @@ spec: Secret to specify the certificate details. type: string store: - description: Store defines the reference to the TLSStore, that - will be used to store certificates. Please note that only `default` - TLSStore can be used. + description: |- + Store defines the reference to the TLSStore, that will be used to store certificates. + Please note that only `default` TLSStore can be used. properties: name: - description: 'Name defines the name of the referenced TLSStore. - More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore' + description: |- + Name defines the name of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore type: string namespace: - description: 'Namespace defines the namespace of the referenced - TLSStore. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore' + description: |- + Namespace defines the namespace of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore type: string required: - name @@ -280,7 +301,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: ingressroutetcps.traefik.io spec: group: traefik.io @@ -297,14 +318,19 @@ spec: description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -312,10 +338,11 @@ spec: description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. properties: entryPoints: - description: 'EntryPoints defines the list of entry point names to - bind to. Entry points have to be configured in the static configuration. + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ - Default: all.' + Default: all. items: type: string type: array @@ -325,7 +352,9 @@ spec: description: RouteTCP holds the TCP route configuration. properties: match: - description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1' + description: |- + Match defines the router's rule. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1 type: string middlewares: description: Middlewares defines the list of references to MiddlewareTCP @@ -347,8 +376,9 @@ spec: type: object type: array priority: - description: 'Priority defines the router''s priority. More - info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1' + description: |- + Priority defines the router's priority. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1 type: integer services: description: Services defines the list of TCP services. @@ -365,22 +395,24 @@ spec: Kubernetes Service. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs - or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true proxyProtocol: - description: 'ProxyProtocol defines the PROXY protocol - configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol' + description: |- + ProxyProtocol defines the PROXY protocol configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol properties: version: description: Version defines the PROXY Protocol version @@ -388,22 +420,19 @@ spec: type: integer type: object serversTransport: - description: ServersTransport defines the name of ServersTransportTCP - resource to use. It allows to configure the transport - between Traefik and your servers. Can only be used on - a Kubernetes Service. + description: |- + ServersTransport defines the name of ServersTransportTCP resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string terminationDelay: - description: 'TerminationDelay defines the deadline that - the proxy sets, after one of its connected peers indicates - it has closed the writing capability of its connection, - to close the reading capability as well, hence fully - terminating the connection. It is a duration in milliseconds, - defaulting to 100. A negative value means an infinite - deadline (i.e. the reading capability is never closed). - Deprecated: TerminationDelay is not supported APIVersion - traefik.io/v1, please use ServersTransport to configure - the TerminationDelay instead.' + description: |- + TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates + it has closed the writing capability of its connection, to close the reading capability as well, + hence fully terminating the connection. + It is a duration in milliseconds, defaulting to 100. + A negative value means an infinite deadline (i.e. the reading capability is never closed). + Deprecated: TerminationDelay is not supported APIVersion traefik.io/v1, please use ServersTransport to configure the TerminationDelay instead. type: integer tls: description: TLS determines whether to use TLS when dialing @@ -419,25 +448,29 @@ spec: type: object type: array syntax: - description: 'Syntax defines the router''s rule syntax. More - info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1' + description: |- + Syntax defines the router's rule syntax. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1 type: string required: - match type: object type: array tls: - description: 'TLS defines the TLS configuration on a layer 4 / TCP - Route. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1' + description: |- + TLS defines the TLS configuration on a layer 4 / TCP Route. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1 properties: certResolver: - description: 'CertResolver defines the name of the certificate - resolver to use. Cert resolvers have to be configured in the - static configuration. More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers' + description: |- + CertResolver defines the name of the certificate resolver to use. + Cert resolvers have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers type: string domains: - description: 'Domains defines the list of domains that will be - used to issue certificates. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains' + description: |- + Domains defines the list of domains that will be used to issue certificates. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains items: description: Domain holds a domain name with SANs. properties: @@ -453,9 +486,10 @@ spec: type: object type: array options: - description: 'Options defines the reference to a TLSOption, that - specifies the parameters of the TLS connection. If not defined, - the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options' + description: |- + Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. + If not defined, the `default` TLSOption is used. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options properties: name: description: Name defines the name of the referenced Traefik @@ -477,9 +511,9 @@ spec: Secret to specify the certificate details. type: string store: - description: Store defines the reference to the TLSStore, that - will be used to store certificates. Please note that only `default` - TLSStore can be used. + description: |- + Store defines the reference to the TLSStore, that will be used to store certificates. + Please note that only `default` TLSStore can be used. properties: name: description: Name defines the name of the referenced Traefik @@ -507,7 +541,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: ingressrouteudps.traefik.io spec: group: traefik.io @@ -524,14 +558,19 @@ spec: description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -539,10 +578,11 @@ spec: description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. properties: entryPoints: - description: 'EntryPoints defines the list of entry point names to - bind to. Entry points have to be configured in the static configuration. + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ - Default: all.' + Default: all. items: type: string type: array @@ -566,17 +606,18 @@ spec: Kubernetes Service. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs - or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true weight: @@ -604,7 +645,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: middlewares.traefik.io spec: group: traefik.io @@ -618,18 +659,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'Middleware is the CRD implementation of a Traefik Middleware. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/' + description: |- + Middleware is the CRD implementation of a Traefik Middleware. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/ properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -637,33 +684,37 @@ spec: description: MiddlewareSpec defines the desired state of a Middleware. properties: addPrefix: - description: 'AddPrefix holds the add prefix middleware configuration. - This middleware updates the path of a request before forwarding - it. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/' + description: |- + AddPrefix holds the add prefix middleware configuration. + This middleware updates the path of a request before forwarding it. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/ properties: prefix: - description: Prefix is the string to add before the current path - in the requested URL. It should include a leading slash (/). + description: |- + Prefix is the string to add before the current path in the requested URL. + It should include a leading slash (/). type: string type: object basicAuth: - description: 'BasicAuth holds the basic auth middleware configuration. + description: |- + BasicAuth holds the basic auth middleware configuration. This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/ properties: headerField: - description: 'HeaderField defines a header field to store the - authenticated user. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield' + description: |- + HeaderField defines a header field to store the authenticated user. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield type: string realm: - description: 'Realm allows the protected resources on a server - to be partitioned into a set of protection spaces, each with - its own authentication scheme. Default: traefik.' + description: |- + Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme. + Default: traefik. type: string removeHeader: - description: 'RemoveHeader sets the removeHeader option to true - to remove the authorization header before forwarding the request - to your service. Default: false.' + description: |- + RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service. + Default: false. type: boolean secret: description: Secret is the name of the referenced Kubernetes Secret @@ -671,48 +722,49 @@ spec: type: string type: object buffering: - description: 'Buffering holds the buffering middleware configuration. - This middleware retries or limits the size of requests that can - be forwarded to backends. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes' + description: |- + Buffering holds the buffering middleware configuration. + This middleware retries or limits the size of requests that can be forwarded to backends. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes properties: maxRequestBodyBytes: - description: 'MaxRequestBodyBytes defines the maximum allowed - body size for the request (in bytes). If the request exceeds - the allowed size, it is not forwarded to the service, and the - client gets a 413 (Request Entity Too Large) response. Default: - 0 (no maximum).' + description: |- + MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes). + If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response. + Default: 0 (no maximum). format: int64 type: integer maxResponseBodyBytes: - description: 'MaxResponseBodyBytes defines the maximum allowed - response size from the service (in bytes). If the response exceeds - the allowed size, it is not forwarded to the client. The client - gets a 500 (Internal Server Error) response instead. Default: - 0 (no maximum).' + description: |- + MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes). + If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead. + Default: 0 (no maximum). format: int64 type: integer memRequestBodyBytes: - description: 'MemRequestBodyBytes defines the threshold (in bytes) - from which the request will be buffered on disk instead of in - memory. Default: 1048576 (1Mi).' + description: |- + MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory. + Default: 1048576 (1Mi). format: int64 type: integer memResponseBodyBytes: - description: 'MemResponseBodyBytes defines the threshold (in bytes) - from which the response will be buffered on disk instead of - in memory. Default: 1048576 (1Mi).' + description: |- + MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory. + Default: 1048576 (1Mi). format: int64 type: integer retryExpression: - description: 'RetryExpression defines the retry conditions. It - is a logical combination of functions with operators AND (&&) - and OR (||). More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression' + description: |- + RetryExpression defines the retry conditions. + It is a logical combination of functions with operators AND (&&) and OR (||). + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression type: string type: object chain: - description: 'Chain holds the configuration of the chain middleware. - This middleware enables to define reusable combinations of other - pieces of middleware. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/' + description: |- + Chain holds the configuration of the chain middleware. + This middleware enables to define reusable combinations of other pieces of middleware. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/ properties: middlewares: description: Middlewares is the list of MiddlewareRef which composes @@ -764,15 +816,15 @@ spec: x-kubernetes-int-or-string: true type: object compress: - description: 'Compress holds the compress middleware configuration. - This middleware compresses responses before sending them to the - client, using gzip compression. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/' + description: |- + Compress holds the compress middleware configuration. + This middleware compresses responses before sending them to the client, using gzip compression. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/ properties: excludedContentTypes: - description: ExcludedContentTypes defines the list of content - types to compare the Content-Type header of the incoming requests - and responses before compressing. `application/grpc` is always - excluded. + description: |- + ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing. + `application/grpc` is always excluded. items: type: string type: array @@ -784,38 +836,38 @@ spec: type: string type: array minResponseBodyBytes: - description: 'MinResponseBodyBytes defines the minimum amount - of bytes a response body must have to be compressed. Default: - 1024.' + description: |- + MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. + Default: 1024. type: integer type: object contentType: - description: ContentType holds the content-type middleware configuration. - This middleware exists to enable the correct behavior until at least - the default one can be changed in a future version. + description: |- + ContentType holds the content-type middleware configuration. + This middleware exists to enable the correct behavior until at least the default one can be changed in a future version. properties: autoDetect: - description: 'AutoDetect specifies whether to let the `Content-Type` - header, if it has not been set by the backend, be automatically - set to a value derived from the contents of the response. Deprecated: - AutoDetect option is deprecated, Content-Type middleware is - only meant to be used to enable the content-type detection, - please remove any usage of this option.' + description: |- + AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend, + be automatically set to a value derived from the contents of the response. + Deprecated: AutoDetect option is deprecated, Content-Type middleware is only meant to be used to enable the content-type detection, please remove any usage of this option. type: boolean type: object digestAuth: - description: 'DigestAuth holds the digest auth middleware configuration. + description: |- + DigestAuth holds the digest auth middleware configuration. This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/ properties: headerField: - description: 'HeaderField defines a header field to store the - authenticated user. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield' + description: |- + HeaderField defines a header field to store the authenticated user. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield type: string realm: - description: 'Realm allows the protected resources on a server - to be partitioned into a set of protection spaces, each with - its own authentication scheme. Default: traefik.' + description: |- + Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme. + Default: traefik. type: string removeHeader: description: RemoveHeader defines whether to remove the authorization @@ -827,18 +879,20 @@ spec: type: string type: object errors: - description: 'ErrorPage holds the custom error middleware configuration. - This middleware returns a custom page in lieu of the default, according - to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/' + description: |- + ErrorPage holds the custom error middleware configuration. + This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/ properties: query: - description: Query defines the URL for the error page (hosted - by service). The {status} variable can be used in order to insert - the status code in the URL. + description: |- + Query defines the URL for the error page (hosted by service). + The {status} variable can be used in order to insert the status code in the URL. type: string service: - description: 'Service defines the reference to a Kubernetes Service - that will serve the error page. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service' + description: |- + Service defines the reference to a Kubernetes Service that will serve the error page. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service properties: kind: description: Kind defines the kind of the Service. @@ -847,31 +901,32 @@ spec: - TraefikService type: string name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between the - two is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or if - the only child is the Kubernetes Service clusterIP. The - Kubernetes Service itself does load-balance to the pods. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client Host - header is forwarded to the upstream Kubernetes Service. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. By default, passHostHeader is true. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: @@ -880,29 +935,29 @@ spec: client. properties: flushInterval: - description: 'FlushInterval defines the interval, in milliseconds, - in between flushes to the client while copying the response - body. A negative value means to flush immediately after - each write to the client. This configuration is ignored - when ReverseProxy recognizes a response as a streaming - response; for such responses, writes are flushed to - the client immediately. Default: 100ms' + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https - when Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport between - Traefik and your servers. Can only be used on a Kubernetes - Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -912,17 +967,18 @@ spec: be accessed by client-side APIs, such as JavaScript. type: boolean maxAge: - description: MaxAge indicates the number of seconds - until the cookie expires. When set to a negative - number, the cookie expires immediately. When set - to zero, the cookie never expires. + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can @@ -932,32 +988,34 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported value - at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only be - specified when Name references a TraefikService object (and - to be precise, one that embeds a Weighted Round Robin). + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). type: integer required: - name type: object status: - description: Status defines which status or range of statuses - should result in an error page. It can be either a status code - as a number (500), as multiple comma-separated numbers (500,502), - as ranges by separating two codes with a dash (500-599), or - a combination of the two (404,418,500-599). + description: |- + Status defines which status or range of statuses should result in an error page. + It can be either a status code as a number (500), + as multiple comma-separated numbers (500,502), + as ranges by separating two codes with a dash (500-599), + or a combination of the two (404,418,500-599). items: type: string type: array type: object forwardAuth: - description: 'ForwardAuth holds the forward auth middleware configuration. + description: |- + ForwardAuth holds the forward auth middleware configuration. This middleware delegates the request authentication to a Service. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/ properties: addAuthCookiesToResponse: description: AddAuthCookiesToResponse defines the list of cookies @@ -969,9 +1027,9 @@ spec: description: Address defines the authentication server address. type: string authRequestHeaders: - description: AuthRequestHeaders defines the list of the headers - to copy from the request to the authentication server. If not - set or empty then all request headers are passed. + description: |- + AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server. + If not set or empty then all request headers are passed. items: type: string type: array @@ -983,10 +1041,9 @@ spec: type: string type: array authResponseHeadersRegex: - description: 'AuthResponseHeadersRegex defines the regex to match - headers to copy from the authentication server response and - set on forwarded request, after stripping all headers that match - the regex. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex' + description: |- + AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex type: string tls: description: TLS defines the configuration used to secure the @@ -997,14 +1054,14 @@ spec: side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).' type: boolean caSecret: - description: CASecret is the name of the referenced Kubernetes - Secret containing the CA to validate the server certificate. + description: |- + CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate. The CA certificate is extracted from key `tls.ca` or `ca.crt`. type: string certSecret: - description: CertSecret is the name of the referenced Kubernetes - Secret containing the client certificate. The client certificate - is extracted from the keys `tls.crt` and `tls.key`. + description: |- + CertSecret is the name of the referenced Kubernetes Secret containing the client certificate. + The client certificate is extracted from the keys `tls.crt` and `tls.key`. type: string insecureSkipVerify: description: InsecureSkipVerify defines whether the server @@ -1017,20 +1074,23 @@ spec: type: boolean type: object grpcWeb: - description: GrpcWeb holds the gRPC web middleware configuration. + description: |- + GrpcWeb holds the gRPC web middleware configuration. This middleware converts a gRPC web request to an HTTP/2 gRPC request. properties: allowOrigins: - description: AllowOrigins is a list of allowable origins. Can - also be a wildcard origin "*". + description: |- + AllowOrigins is a list of allowable origins. + Can also be a wildcard origin "*". items: type: string type: array type: object headers: - description: 'Headers holds the headers middleware configuration. - This middleware manages the requests and responses headers. More - info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders' + description: |- + Headers holds the headers middleware configuration. + This middleware manages the requests and responses headers. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders properties: accessControlAllowCredentials: description: AccessControlAllowCredentials defines whether the @@ -1095,12 +1155,14 @@ spec: header with the nosniff value. type: boolean customBrowserXSSValue: - description: CustomBrowserXSSValue defines the X-XSS-Protection - header value. This overrides the BrowserXssFilter option. + description: |- + CustomBrowserXSSValue defines the X-XSS-Protection header value. + This overrides the BrowserXssFilter option. type: string customFrameOptionsValue: - description: CustomFrameOptionsValue defines the X-Frame-Options - header value. This overrides the FrameDeny option. + description: |- + CustomFrameOptionsValue defines the X-Frame-Options header value. + This overrides the FrameDeny option. type: string customRequestHeaders: additionalProperties: @@ -1133,25 +1195,25 @@ spec: type: string type: array isDevelopment: - description: IsDevelopment defines whether to mitigate the unwanted - effects of the AllowedHosts, SSL, and STS options when developing. - Usually testing takes place using HTTP, not HTTPS, and on localhost, - not your production domain. If you would like your development - environment to mimic production with complete Host blocking, - SSL redirects, and STS headers, leave this as false. + description: |- + IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing. + Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain. + If you would like your development environment to mimic production with complete Host blocking, SSL redirects, + and STS headers, leave this as false. type: boolean permissionsPolicy: - description: PermissionsPolicy defines the Permissions-Policy - header value. This allows sites to control browser features. + description: |- + PermissionsPolicy defines the Permissions-Policy header value. + This allows sites to control browser features. type: string publicKey: description: PublicKey is the public key that implements HPKP to prevent MITM attacks with forged certificates. type: string referrerPolicy: - description: ReferrerPolicy defines the Referrer-Policy header - value. This allows sites to control whether browsers forward - the Referer header to other sites. + description: |- + ReferrerPolicy defines the Referrer-Policy header value. + This allows sites to control whether browsers forward the Referer header to other sites. type: string sslForceHost: description: 'Deprecated: SSLForceHost option is deprecated, please @@ -1164,10 +1226,9 @@ spec: sslProxyHeaders: additionalProperties: type: string - description: 'SSLProxyHeaders defines the header keys with associated - values that would indicate a valid HTTPS request. It can be - useful when using other proxies (example: "X-Forwarded-Proto": - "https").' + description: |- + SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request. + It can be useful when using other proxies (example: "X-Forwarded-Proto": "https"). type: object sslRedirect: description: 'Deprecated: SSLRedirect option is deprecated, please @@ -1186,33 +1247,35 @@ spec: to the Strict-Transport-Security header. type: boolean stsSeconds: - description: STSSeconds defines the max-age of the Strict-Transport-Security - header. If set to 0, the header is not set. + description: |- + STSSeconds defines the max-age of the Strict-Transport-Security header. + If set to 0, the header is not set. format: int64 type: integer type: object inFlightReq: - description: 'InFlightReq holds the in-flight request middleware configuration. - This middleware limits the number of requests being processed and - served concurrently. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/' + description: |- + InFlightReq holds the in-flight request middleware configuration. + This middleware limits the number of requests being processed and served concurrently. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/ properties: amount: - description: Amount defines the maximum amount of allowed simultaneous - in-flight request. The middleware responds with HTTP 429 Too - Many Requests if there are already amount requests in progress - (based on the same sourceCriterion strategy). + description: |- + Amount defines the maximum amount of allowed simultaneous in-flight request. + The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). format: int64 type: integer sourceCriterion: - description: 'SourceCriterion defines what criterion is used to - group requests as originating from a common source. If several - strategies are defined at the same time, an error will be raised. - If none are set, the default is to use the requestHost. More - info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion' + description: |- + SourceCriterion defines what criterion is used to group requests as originating from a common source. + If several strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the requestHost. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion properties: ipStrategy: - description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy' + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1238,13 +1301,15 @@ spec: type: object type: object ipAllowList: - description: 'IPAllowList holds the IP allowlist middleware configuration. + description: |- + IPAllowList holds the IP allowlist middleware configuration. This middleware accepts / refuses requests based on the client IP. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/ properties: ipStrategy: - description: 'IPStrategy holds the IP strategy configuration used - by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy' + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1259,8 +1324,9 @@ spec: type: array type: object rejectStatusCode: - description: RejectStatusCode defines the HTTP status code used - for refused requests. If not set, the default is 403 (Forbidden). + description: |- + RejectStatusCode defines the HTTP status code used for refused requests. + If not set, the default is 403 (Forbidden). type: integer sourceRange: description: SourceRange defines the set of allowed IPs (or ranges @@ -1273,8 +1339,9 @@ spec: description: 'Deprecated: please use IPAllowList instead.' properties: ipStrategy: - description: 'IPStrategy holds the IP strategy configuration used - by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy' + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1296,9 +1363,10 @@ spec: type: array type: object passTLSClientCert: - description: 'PassTLSClientCert holds the pass TLS client cert middleware - configuration. This middleware adds the selected data from the passed - client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/' + description: |- + PassTLSClientCert holds the pass TLS client cert middleware configuration. + This middleware adds the selected data from the passed client TLS certificate to a header. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/ properties: info: description: Info selects the specific client certificate details @@ -1399,46 +1467,48 @@ spec: plugin: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Plugin defines the middleware plugin configuration. - More info: https://doc.traefik.io/traefik/plugins/' + description: |- + Plugin defines the middleware plugin configuration. + More info: https://doc.traefik.io/traefik/plugins/ type: object rateLimit: - description: 'RateLimit holds the rate limit configuration. This middleware - ensures that services will receive a fair amount of requests, and - allows one to define what fair is. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/' + description: |- + RateLimit holds the rate limit configuration. + This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/ properties: average: - description: Average is the maximum rate, by default in requests/s, - allowed for the given source. It defaults to 0, which means - no rate limiting. The rate is actually defined by dividing Average - by Period. So for a rate below 1req/s, one needs to define a - Period larger than a second. + description: |- + Average is the maximum rate, by default in requests/s, allowed for the given source. + It defaults to 0, which means no rate limiting. + The rate is actually defined by dividing Average by Period. So for a rate below 1req/s, + one needs to define a Period larger than a second. format: int64 type: integer burst: - description: Burst is the maximum number of requests allowed to - arrive in the same arbitrarily small period of time. It defaults - to 1. + description: |- + Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time. + It defaults to 1. format: int64 type: integer period: anyOf: - type: integer - type: string - description: 'Period, in combination with Average, defines the - actual maximum rate, such as: r = Average / Period. It defaults - to a second.' + description: |- + Period, in combination with Average, defines the actual maximum rate, such as: + r = Average / Period. It defaults to a second. x-kubernetes-int-or-string: true sourceCriterion: - description: SourceCriterion defines what criterion is used to - group requests as originating from a common source. If several - strategies are defined at the same time, an error will be raised. - If none are set, the default is to use the request's remote - address field (as an ipStrategy). + description: |- + SourceCriterion defines what criterion is used to group requests as originating from a common source. + If several strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the request's remote address field (as an ipStrategy). properties: ipStrategy: - description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy' + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -1464,9 +1534,10 @@ spec: type: object type: object redirectRegex: - description: 'RedirectRegex holds the redirect regex middleware configuration. + description: |- + RedirectRegex holds the redirect regex middleware configuration. This middleware redirects a request using regex matching and replacement. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex properties: permanent: description: Permanent defines whether the redirection is permanent @@ -1482,9 +1553,10 @@ spec: type: string type: object redirectScheme: - description: 'RedirectScheme holds the redirect scheme middleware - configuration. This middleware redirects requests from a scheme/port - to another. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/' + description: |- + RedirectScheme holds the redirect scheme middleware configuration. + This middleware redirects requests from a scheme/port to another. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/ properties: permanent: description: Permanent defines whether the redirection is permanent @@ -1498,9 +1570,10 @@ spec: type: string type: object replacePath: - description: 'ReplacePath holds the replace path middleware configuration. - This middleware replaces the path of the request URL and store the - original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/' + description: |- + ReplacePath holds the replace path middleware configuration. + This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/ properties: path: description: Path defines the path to use as replacement in the @@ -1508,9 +1581,10 @@ spec: type: string type: object replacePathRegex: - description: 'ReplacePathRegex holds the replace path regex middleware - configuration. This middleware replaces the path of a URL using - regex matching and replacement. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/' + description: |- + ReplacePathRegex holds the replace path regex middleware configuration. + This middleware replaces the path of a URL using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/ properties: regex: description: Regex defines the regular expression used to match @@ -1522,11 +1596,11 @@ spec: type: string type: object retry: - description: 'Retry holds the retry middleware configuration. This - middleware reissues requests a given number of times to a backend - server if that server does not reply. As soon as the server answers, - the middleware stops retrying, regardless of the response status. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/' + description: |- + Retry holds the retry middleware configuration. + This middleware reissues requests a given number of times to a backend server if that server does not reply. + As soon as the server answers, the middleware stops retrying, regardless of the response status. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/ properties: attempts: description: Attempts defines how many times the request should @@ -1536,23 +1610,25 @@ spec: anyOf: - type: integer - type: string - description: InitialInterval defines the first wait time in the - exponential backoff series. The maximum interval is calculated - as twice the initialInterval. If unspecified, requests will - be retried immediately. The value of initialInterval should - be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. + description: |- + InitialInterval defines the first wait time in the exponential backoff series. + The maximum interval is calculated as twice the initialInterval. + If unspecified, requests will be retried immediately. + The value of initialInterval should be provided in seconds or as a valid duration format, + see https://pkg.go.dev/time#ParseDuration. x-kubernetes-int-or-string: true type: object stripPrefix: - description: 'StripPrefix holds the strip prefix middleware configuration. + description: |- + StripPrefix holds the strip prefix middleware configuration. This middleware removes the specified prefixes from the URL path. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/ properties: forceSlash: - description: 'Deprecated: ForceSlash option is deprecated, please - remove any usage of this option. ForceSlash ensures that the - resulting stripped path is not the empty string, by replacing - it with / when necessary. Default: true.' + description: |- + Deprecated: ForceSlash option is deprecated, please remove any usage of this option. + ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary. + Default: true. type: boolean prefixes: description: Prefixes defines the prefixes to strip from the request @@ -1562,9 +1638,10 @@ spec: type: array type: object stripPrefixRegex: - description: 'StripPrefixRegex holds the strip prefix regex middleware - configuration. This middleware removes the matching prefixes from - the URL path. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/' + description: |- + StripPrefixRegex holds the strip prefix regex middleware configuration. + This middleware removes the matching prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/ properties: regex: description: Regex defines the regular expression to match the @@ -1585,7 +1662,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: middlewaretcps.traefik.io spec: group: traefik.io @@ -1599,18 +1676,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. - More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/' + description: |- + MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/ properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1621,16 +1704,17 @@ spec: description: InFlightConn defines the InFlightConn middleware configuration. properties: amount: - description: Amount defines the maximum amount of allowed simultaneous - connections. The middleware closes the connection if there are - already amount connections opened. + description: |- + Amount defines the maximum amount of allowed simultaneous connections. + The middleware closes the connection if there are already amount connections opened. format: int64 type: integer type: object ipAllowList: - description: 'IPAllowList defines the IPAllowList middleware configuration. - This middleware accepts/refuses connections based on the client - IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/' + description: |- + IPAllowList defines the IPAllowList middleware configuration. + This middleware accepts/refuses connections based on the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/ properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of @@ -1640,9 +1724,11 @@ spec: type: array type: object ipWhiteList: - description: 'IPWhiteList defines the IPWhiteList middleware configuration. - This middleware accepts/refuses connections based on the client - IP. Deprecated: please use IPAllowList instead. More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/' + description: |- + IPWhiteList defines the IPWhiteList middleware configuration. + This middleware accepts/refuses connections based on the client IP. + Deprecated: please use IPAllowList instead. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/ properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of @@ -1663,7 +1749,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: serverstransports.traefik.io spec: group: traefik.io @@ -1677,20 +1763,26 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'ServersTransport is the CRD implementation of a ServersTransport. + description: |- + ServersTransport is the CRD implementation of a ServersTransport. If no serversTransport is specified, the default@internal will be used. The default@internal serversTransport is created from the static configuration. - More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1' + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1 properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1796,7 +1888,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: serverstransporttcps.traefik.io spec: group: traefik.io @@ -1810,20 +1902,26 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'ServersTransportTCP is the CRD implementation of a TCPServersTransport. - If no tcpServersTransport is specified, a default one named default@internal - will be used. The default@internal tcpServersTransport can be configured - in the static configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3' + description: |- + ServersTransportTCP is the CRD implementation of a TCPServersTransport. + If no tcpServersTransport is specified, a default one named default@internal will be used. + The default@internal tcpServersTransport can be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3 properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1869,9 +1967,9 @@ spec: description: InsecureSkipVerify disables TLS certificate verification. type: boolean peerCertURI: - description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) - to keep per-host. PeerCertURI defines the peer cert URI used - to match against SAN URI during the peer certificate verification. + description: |- + MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host. + PeerCertURI defines the peer cert URI used to match against SAN URI during the peer certificate verification. type: string rootCAsSecrets: description: RootCAsSecrets defines a list of CA secret used to @@ -1910,7 +2008,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: tlsoptions.traefik.io spec: group: traefik.io @@ -1924,19 +2022,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'TLSOption is the CRD implementation of a Traefik TLS Option, - allowing to configure some parameters of the TLS connection. More info: - https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options' + description: |- + TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1944,15 +2047,16 @@ spec: description: TLSOptionSpec defines the desired state of a TLSOption. properties: alpnProtocols: - description: 'ALPNProtocols defines the list of supported application - level protocols for the TLS handshake, in order of preference. More - info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols' + description: |- + ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols items: type: string type: array cipherSuites: - description: 'CipherSuites defines the list of supported cipher suites - for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites' + description: |- + CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites items: type: string type: array @@ -1978,26 +2082,29 @@ spec: type: array type: object curvePreferences: - description: 'CurvePreferences defines the preferred elliptic curves - in a specific order. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences' + description: |- + CurvePreferences defines the preferred elliptic curves in a specific order. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences items: type: string type: array maxVersion: - description: 'MaxVersion defines the maximum TLS version that Traefik - will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, - VersionTLS13. Default: None.' + description: |- + MaxVersion defines the maximum TLS version that Traefik will accept. + Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. + Default: None. type: string minVersion: - description: 'MinVersion defines the minimum TLS version that Traefik - will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, - VersionTLS13. Default: VersionTLS10.' + description: |- + MinVersion defines the minimum TLS version that Traefik will accept. + Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. + Default: VersionTLS10. type: string preferServerCipherSuites: - description: 'PreferServerCipherSuites defines whether the server - chooses a cipher suite among his own instead of among the client''s. + description: |- + PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's. It is enabled automatically when minVersion or maxVersion is set. - Deprecated: https://github.com/golang/go/issues/45430' + Deprecated: https://github.com/golang/go/issues/45430 type: boolean sniStrict: description: SniStrict defines whether Traefik allows connections @@ -2015,7 +2122,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: tlsstores.traefik.io spec: group: traefik.io @@ -2029,20 +2136,26 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For - the time being, only the TLSStore named default is supported. This means - that you cannot have two stores that are named default in different Kubernetes - namespaces. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores' + description: |- + TLSStore is the CRD implementation of a Traefik TLS Store. + For the time being, only the TLSStore named default is supported. + This means that you cannot have two stores that are named default in different Kubernetes namespaces. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2106,7 +2219,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: traefikservices.traefik.io spec: group: traefik.io @@ -2120,19 +2233,27 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'TraefikService is the CRD implementation of a Traefik Service. - TraefikService object allows to: - Apply weight to Services on load-balancing - - Mirror traffic on services More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice' + description: |- + TraefikService is the CRD implementation of a Traefik Service. + TraefikService object allows to: + - Apply weight to Services on load-balancing + - Mirror traffic on services + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2149,10 +2270,10 @@ spec: - TraefikService type: string maxBodySize: - description: MaxBodySize defines the maximum size allowed for - the body of the request. If the body is larger, the request - is not mirrored. Default value is -1, which means unlimited - size. + description: |- + MaxBodySize defines the maximum size allowed for the body of the request. + If the body is larger, the request is not mirrored. + Default value is -1, which means unlimited size. format: int64 type: integer mirrors: @@ -2168,35 +2289,37 @@ spec: - TraefikService type: string name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between - the two is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or - if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client Host - header is forwarded to the upstream Kubernetes Service. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. By default, passHostHeader is true. type: boolean percent: - description: 'Percent defines the part of the traffic to - mirror. Supported values: 0 to 100.' + description: |- + Percent defines the part of the traffic to mirror. + Supported values: 0 to 100. type: integer port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: @@ -2205,30 +2328,29 @@ spec: client. properties: flushInterval: - description: 'FlushInterval defines the interval, in - milliseconds, in between flushes to the client while - copying the response body. A negative value means - to flush immediately after each write to the client. - This configuration is ignored when ReverseProxy recognizes - a response as a streaming response; for such responses, - writes are flushed to the client immediately. Default: - 100ms' + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https - when Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport - between Traefik and your servers. Can only be used on - a Kubernetes Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -2238,17 +2360,18 @@ spec: can be accessed by client-side APIs, such as JavaScript. type: boolean maxAge: - description: MaxAge indicates the number of seconds - until the cookie expires. When set to a negative - number, the cookie expires immediately. When set - to zero, the cookie never expires. + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can @@ -2258,13 +2381,13 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported - value at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only be - specified when Name references a TraefikService object + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). type: integer required: @@ -2272,60 +2395,62 @@ spec: type: object type: array name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between the two - is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or if the - only child is the Kubernetes Service clusterIP. The Kubernetes - Service itself does load-balance to the pods. By default, NativeLB - is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client Host header - is forwarded to the upstream Kubernetes Service. By default, - passHostHeader is true. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. This - can be a reference to a named port. + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: description: ResponseForwarding defines how Traefik forwards the response from the upstream Kubernetes Service to the client. properties: flushInterval: - description: 'FlushInterval defines the interval, in milliseconds, - in between flushes to the client while copying the response - body. A negative value means to flush immediately after - each write to the client. This configuration is ignored - when ReverseProxy recognizes a response as a streaming response; + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; for such responses, writes are flushed to the client immediately. - Default: 100ms' + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https when - Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport between - Traefik and your servers. Can only be used on a Kubernetes Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -2335,17 +2460,18 @@ spec: accessed by client-side APIs, such as JavaScript. type: boolean maxAge: - description: MaxAge indicates the number of seconds until - the cookie expires. When set to a negative number, the - cookie expires immediately. When set to zero, the cookie - never expires. + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. More - info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can only @@ -2354,13 +2480,14 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy between - the servers. RoundRobin is the only supported value at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only be specified - when Name references a TraefikService object (and to be precise, - one that embeds a Weighted Round Robin). + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). type: integer required: - name @@ -2382,31 +2509,32 @@ spec: - TraefikService type: string name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between - the two is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or - if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client Host - header is forwarded to the upstream Kubernetes Service. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. By default, passHostHeader is true. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: @@ -2415,30 +2543,29 @@ spec: client. properties: flushInterval: - description: 'FlushInterval defines the interval, in - milliseconds, in between flushes to the client while - copying the response body. A negative value means - to flush immediately after each write to the client. - This configuration is ignored when ReverseProxy recognizes - a response as a streaming response; for such responses, - writes are flushed to the client immediately. Default: - 100ms' + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https - when Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport - between Traefik and your servers. Can only be used on - a Kubernetes Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -2448,17 +2575,18 @@ spec: can be accessed by client-side APIs, such as JavaScript. type: boolean maxAge: - description: MaxAge indicates the number of seconds - until the cookie expires. When set to a negative - number, the cookie expires immediately. When set - to zero, the cookie never expires. + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can @@ -2468,13 +2596,13 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported - value at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only be - specified when Name references a TraefikService object + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). type: integer required: @@ -2482,8 +2610,9 @@ spec: type: object type: array sticky: - description: 'Sticky defines whether sticky sessions are enabled. - More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' + description: |- + Sticky defines whether sticky sessions are enabled. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -2493,17 +2622,18 @@ spec: accessed by client-side APIs, such as JavaScript. type: boolean maxAge: - description: MaxAge indicates the number of seconds until - the cookie expires. When set to a negative number, the - cookie expires immediately. When set to zero, the cookie - never expires. + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. More - info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can only diff --git a/integration/tcp_test.go b/integration/tcp_test.go index 732bc1f03..059714d92 100644 --- a/integration/tcp_test.go +++ b/integration/tcp_test.go @@ -302,7 +302,7 @@ func (s *TCPSuite) TestWRR() { time.Sleep(time.Second) } - assert.EqualValues(s.T(), call, map[string]int{"whoami-b": 3, "whoami-ab": 1}) + assert.EqualValues(s.T(), map[string]int{"whoami-b": 3, "whoami-ab": 1}, call) } func welcome(addr string) (string, error) { @@ -404,7 +404,6 @@ func guessWhoTLSPassthrough(addr, serverName string) (string, error) { return fmt.Errorf("tls: no valid certificate for serverName %s", serverName) }, }) - if err != nil { return "", err } diff --git a/integration/udp_test.go b/integration/udp_test.go index 30753a7f5..e8acadfba 100644 --- a/integration/udp_test.go +++ b/integration/udp_test.go @@ -96,7 +96,7 @@ func (s *UDPSuite) TestWRR() { call["unknown"]++ } } - assert.EqualValues(s.T(), call, map[string]int{"whoami-a": 3, "whoami-b": 2, "whoami-c": 3}) + assert.EqualValues(s.T(), map[string]int{"whoami-a": 3, "whoami-b": 2, "whoami-c": 3}, call) close(stop) }() diff --git a/pkg/api/handler.go b/pkg/api/handler.go index 9c135546a..a8345b9ff 100644 --- a/pkg/api/handler.go +++ b/pkg/api/handler.go @@ -76,7 +76,7 @@ func New(staticConfig static.Configuration, runtimeConfig *runtime.Configuration // createRouter creates API routes and router. func (h Handler) createRouter() *mux.Router { - router := mux.NewRouter() + router := mux.NewRouter().UseEncodedPath() if h.staticConfig.API.Debug { DebugHandler{}.Append(router) diff --git a/pkg/api/handler_entrypoint.go b/pkg/api/handler_entrypoint.go index d21e83d0d..90dc66daa 100644 --- a/pkg/api/handler_entrypoint.go +++ b/pkg/api/handler_entrypoint.go @@ -4,6 +4,7 @@ import ( "encoding/json" "fmt" "net/http" + "net/url" "sort" "strconv" @@ -49,7 +50,13 @@ func (h Handler) getEntryPoints(rw http.ResponseWriter, request *http.Request) { } func (h Handler) getEntryPoint(rw http.ResponseWriter, request *http.Request) { - entryPointID := mux.Vars(request)["entryPointID"] + scapedEntryPointID := mux.Vars(request)["entryPointID"] + + entryPointID, err := url.PathUnescape(scapedEntryPointID) + if err != nil { + writeError(rw, fmt.Sprintf("unable to decode entryPointID %q: %s", scapedEntryPointID, err), http.StatusBadRequest) + return + } rw.Header().Set("Content-Type", "application/json") @@ -64,7 +71,7 @@ func (h Handler) getEntryPoint(rw http.ResponseWriter, request *http.Request) { Name: entryPointID, } - err := json.NewEncoder(rw).Encode(result) + err = json.NewEncoder(rw).Encode(result) if err != nil { log.Ctx(request.Context()).Error().Err(err).Send() writeError(rw, err.Error(), http.StatusInternalServerError) diff --git a/pkg/api/handler_entrypoint_test.go b/pkg/api/handler_entrypoint_test.go index 7d2f358e4..1630f2f7c 100644 --- a/pkg/api/handler_entrypoint_test.go +++ b/pkg/api/handler_entrypoint_test.go @@ -6,6 +6,7 @@ import ( "io" "net/http" "net/http/httptest" + "net/url" "os" "strconv" "testing" @@ -169,6 +170,21 @@ func TestHandler_EntryPoints(t *testing.T) { jsonFile: "testdata/entrypoint-bar.json", }, }, + { + desc: "one entry point by id containing slash", + path: "/api/entrypoints/" + url.PathEscape("foo / bar"), + conf: static.Configuration{ + Global: &static.Global{}, + API: &static.API{}, + EntryPoints: map[string]*static.EntryPoint{ + "foo / bar": {Address: ":81"}, + }, + }, + expected: expected{ + statusCode: http.StatusOK, + jsonFile: "testdata/entrypoint-foo-slash-bar.json", + }, + }, { desc: "one entry point by id, that does not exist", path: "/api/entrypoints/foo", diff --git a/pkg/api/handler_http.go b/pkg/api/handler_http.go index a0f25d4a6..9439d8ab8 100644 --- a/pkg/api/handler_http.go +++ b/pkg/api/handler_http.go @@ -4,6 +4,7 @@ import ( "encoding/json" "fmt" "net/http" + "net/url" "strconv" "strings" @@ -97,7 +98,13 @@ func (h Handler) getRouters(rw http.ResponseWriter, request *http.Request) { } func (h Handler) getRouter(rw http.ResponseWriter, request *http.Request) { - routerID := mux.Vars(request)["routerID"] + scapedRouterID := mux.Vars(request)["routerID"] + + routerID, err := url.PathUnescape(scapedRouterID) + if err != nil { + writeError(rw, fmt.Sprintf("unable to decode routerID %q: %s", scapedRouterID, err), http.StatusBadRequest) + return + } rw.Header().Set("Content-Type", "application/json") @@ -109,7 +116,7 @@ func (h Handler) getRouter(rw http.ResponseWriter, request *http.Request) { result := newRouterRepresentation(routerID, router) - err := json.NewEncoder(rw).Encode(result) + err = json.NewEncoder(rw).Encode(result) if err != nil { log.Ctx(request.Context()).Error().Err(err).Send() writeError(rw, err.Error(), http.StatusInternalServerError) @@ -148,7 +155,13 @@ func (h Handler) getServices(rw http.ResponseWriter, request *http.Request) { } func (h Handler) getService(rw http.ResponseWriter, request *http.Request) { - serviceID := mux.Vars(request)["serviceID"] + scapedServiceID := mux.Vars(request)["serviceID"] + + serviceID, err := url.PathUnescape(scapedServiceID) + if err != nil { + writeError(rw, fmt.Sprintf("unable to decode serviceID %q: %s", scapedServiceID, err), http.StatusBadRequest) + return + } rw.Header().Add("Content-Type", "application/json") @@ -160,7 +173,7 @@ func (h Handler) getService(rw http.ResponseWriter, request *http.Request) { result := newServiceRepresentation(serviceID, service) - err := json.NewEncoder(rw).Encode(result) + err = json.NewEncoder(rw).Encode(result) if err != nil { log.Ctx(request.Context()).Error().Err(err).Send() writeError(rw, err.Error(), http.StatusInternalServerError) @@ -199,7 +212,13 @@ func (h Handler) getMiddlewares(rw http.ResponseWriter, request *http.Request) { } func (h Handler) getMiddleware(rw http.ResponseWriter, request *http.Request) { - middlewareID := mux.Vars(request)["middlewareID"] + scapedMiddlewareID := mux.Vars(request)["middlewareID"] + + middlewareID, err := url.PathUnescape(scapedMiddlewareID) + if err != nil { + writeError(rw, fmt.Sprintf("unable to decode middlewareID %q: %s", scapedMiddlewareID, err), http.StatusBadRequest) + return + } rw.Header().Set("Content-Type", "application/json") @@ -211,7 +230,7 @@ func (h Handler) getMiddleware(rw http.ResponseWriter, request *http.Request) { result := newMiddlewareRepresentation(middlewareID, middleware) - err := json.NewEncoder(rw).Encode(result) + err = json.NewEncoder(rw).Encode(result) if err != nil { log.Ctx(request.Context()).Error().Err(err).Send() writeError(rw, err.Error(), http.StatusInternalServerError) diff --git a/pkg/api/handler_http_test.go b/pkg/api/handler_http_test.go index f9eac0705..e76628261 100644 --- a/pkg/api/handler_http_test.go +++ b/pkg/api/handler_http_test.go @@ -7,6 +7,7 @@ import ( "io" "net/http" "net/http/httptest" + "net/url" "os" "strconv" "testing" @@ -301,6 +302,27 @@ func TestHandler_HTTP(t *testing.T) { jsonFile: "testdata/router-bar.json", }, }, + { + desc: "one router by id containing slash", + path: "/api/http/routers/" + url.PathEscape("foo / bar@myprovider"), + conf: runtime.Configuration{ + Routers: map[string]*runtime.RouterInfo{ + "foo / bar@myprovider": { + Router: &dynamic.Router{ + EntryPoints: []string{"web"}, + Service: "foo-service@myprovider", + Rule: "Host(`foo.bar`)", + Middlewares: []string{"auth", "addPrefixTest@anotherprovider"}, + }, + Status: "enabled", + }, + }, + }, + expected: expected{ + statusCode: http.StatusOK, + jsonFile: "testdata/router-foo-slash-bar.json", + }, + }, { desc: "one router by id, implicitly using default TLS options", path: "/api/http/routers/baz@myprovider", @@ -661,6 +683,35 @@ func TestHandler_HTTP(t *testing.T) { jsonFile: "testdata/service-bar.json", }, }, + { + desc: "one service by id containing slash", + path: "/api/http/services/" + url.PathEscape("foo / bar@myprovider"), + conf: runtime.Configuration{ + Services: map[string]*runtime.ServiceInfo{ + "foo / bar@myprovider": func() *runtime.ServiceInfo { + si := &runtime.ServiceInfo{ + Service: &dynamic.Service{ + LoadBalancer: &dynamic.ServersLoadBalancer{ + PassHostHeader: Bool(true), + Servers: []dynamic.Server{ + { + URL: "http://127.0.0.1", + }, + }, + }, + }, + UsedBy: []string{"foo@myprovider", "test@myprovider"}, + } + si.UpdateServerStatus("http://127.0.0.1", "UP") + return si + }(), + }, + }, + expected: expected{ + statusCode: http.StatusOK, + jsonFile: "testdata/service-foo-slash-bar.json", + }, + }, { desc: "one service by id, that does not exist", path: "/api/http/services/nono@myprovider", @@ -897,6 +948,26 @@ func TestHandler_HTTP(t *testing.T) { jsonFile: "testdata/middleware-auth.json", }, }, + { + desc: "one middleware by id containing slash", + path: "/api/http/middlewares/" + url.PathEscape("foo / bar@myprovider"), + conf: runtime.Configuration{ + Middlewares: map[string]*runtime.MiddlewareInfo{ + "foo / bar@myprovider": { + Middleware: &dynamic.Middleware{ + AddPrefix: &dynamic.AddPrefix{ + Prefix: "/titi", + }, + }, + UsedBy: []string{"test@myprovider"}, + }, + }, + }, + expected: expected{ + statusCode: http.StatusOK, + jsonFile: "testdata/middleware-foo-slash-bar.json", + }, + }, { desc: "one middleware by id, that does not exist", path: "/api/http/middlewares/foo@myprovider", diff --git a/pkg/api/handler_tcp.go b/pkg/api/handler_tcp.go index 7c6a6fe67..3ad0fb5b7 100644 --- a/pkg/api/handler_tcp.go +++ b/pkg/api/handler_tcp.go @@ -4,6 +4,7 @@ import ( "encoding/json" "fmt" "net/http" + "net/url" "strconv" "strings" @@ -90,7 +91,13 @@ func (h Handler) getTCPRouters(rw http.ResponseWriter, request *http.Request) { } func (h Handler) getTCPRouter(rw http.ResponseWriter, request *http.Request) { - routerID := mux.Vars(request)["routerID"] + scapedRouterID := mux.Vars(request)["routerID"] + + routerID, err := url.PathUnescape(scapedRouterID) + if err != nil { + writeError(rw, fmt.Sprintf("unable to decode routerID %q: %s", scapedRouterID, err), http.StatusBadRequest) + return + } rw.Header().Set("Content-Type", "application/json") @@ -102,7 +109,7 @@ func (h Handler) getTCPRouter(rw http.ResponseWriter, request *http.Request) { result := newTCPRouterRepresentation(routerID, router) - err := json.NewEncoder(rw).Encode(result) + err = json.NewEncoder(rw).Encode(result) if err != nil { log.Ctx(request.Context()).Error().Err(err).Send() writeError(rw, err.Error(), http.StatusInternalServerError) @@ -141,7 +148,13 @@ func (h Handler) getTCPServices(rw http.ResponseWriter, request *http.Request) { } func (h Handler) getTCPService(rw http.ResponseWriter, request *http.Request) { - serviceID := mux.Vars(request)["serviceID"] + scapedServiceID := mux.Vars(request)["serviceID"] + + serviceID, err := url.PathUnescape(scapedServiceID) + if err != nil { + writeError(rw, fmt.Sprintf("unable to decode serviceID %q: %s", scapedServiceID, err), http.StatusBadRequest) + return + } rw.Header().Set("Content-Type", "application/json") @@ -153,7 +166,7 @@ func (h Handler) getTCPService(rw http.ResponseWriter, request *http.Request) { result := newTCPServiceRepresentation(serviceID, service) - err := json.NewEncoder(rw).Encode(result) + err = json.NewEncoder(rw).Encode(result) if err != nil { log.Ctx(request.Context()).Error().Err(err).Send() writeError(rw, err.Error(), http.StatusInternalServerError) @@ -192,7 +205,13 @@ func (h Handler) getTCPMiddlewares(rw http.ResponseWriter, request *http.Request } func (h Handler) getTCPMiddleware(rw http.ResponseWriter, request *http.Request) { - middlewareID := mux.Vars(request)["middlewareID"] + scapedMiddlewareID := mux.Vars(request)["middlewareID"] + + middlewareID, err := url.PathUnescape(scapedMiddlewareID) + if err != nil { + writeError(rw, fmt.Sprintf("unable to decode middlewareID %q: %s", scapedMiddlewareID, err), http.StatusBadRequest) + return + } rw.Header().Set("Content-Type", "application/json") @@ -204,7 +223,7 @@ func (h Handler) getTCPMiddleware(rw http.ResponseWriter, request *http.Request) result := newTCPMiddlewareRepresentation(middlewareID, middleware) - err := json.NewEncoder(rw).Encode(result) + err = json.NewEncoder(rw).Encode(result) if err != nil { log.Ctx(request.Context()).Error().Err(err).Send() writeError(rw, err.Error(), http.StatusInternalServerError) diff --git a/pkg/api/handler_tcp_test.go b/pkg/api/handler_tcp_test.go index 6c963bce5..2bf5e5706 100644 --- a/pkg/api/handler_tcp_test.go +++ b/pkg/api/handler_tcp_test.go @@ -6,6 +6,7 @@ import ( "io" "net/http" "net/http/httptest" + "net/url" "os" "testing" @@ -295,6 +296,25 @@ func TestHandler_TCP(t *testing.T) { jsonFile: "testdata/tcprouter-bar.json", }, }, + { + desc: "one TCP router by id containing slash", + path: "/api/tcp/routers/" + url.PathEscape("foo / bar@myprovider"), + conf: runtime.Configuration{ + TCPRouters: map[string]*runtime.TCPRouterInfo{ + "foo / bar@myprovider": { + TCPRouter: &dynamic.TCPRouter{ + EntryPoints: []string{"web"}, + Service: "foo-service@myprovider", + Rule: "Host(`foo.bar`)", + }, + }, + }, + }, + expected: expected{ + statusCode: http.StatusOK, + jsonFile: "testdata/tcprouter-foo-slash-bar.json", + }, + }, { desc: "one TCP router by id, that does not exist", path: "/api/tcp/routers/foo@myprovider", @@ -559,6 +579,30 @@ func TestHandler_TCP(t *testing.T) { jsonFile: "testdata/tcpservice-bar.json", }, }, + { + desc: "one tcp service by id containing slash", + path: "/api/tcp/services/" + url.PathEscape("foo / bar@myprovider"), + conf: runtime.Configuration{ + TCPServices: map[string]*runtime.TCPServiceInfo{ + "foo / bar@myprovider": { + TCPService: &dynamic.TCPService{ + LoadBalancer: &dynamic.TCPServersLoadBalancer{ + Servers: []dynamic.TCPServer{ + { + Address: "127.0.0.1:2345", + }, + }, + }, + }, + UsedBy: []string{"foo@myprovider", "test@myprovider"}, + }, + }, + }, + expected: expected{ + statusCode: http.StatusOK, + jsonFile: "testdata/tcpservice-foo-slash-bar.json", + }, + }, { desc: "one tcp service by id, that does not exist", path: "/api/tcp/services/nono@myprovider", @@ -780,6 +824,26 @@ func TestHandler_TCP(t *testing.T) { jsonFile: "testdata/tcpmiddleware-ipallowlist.json", }, }, + { + desc: "one middleware by id containing slash", + path: "/api/tcp/middlewares/" + url.PathEscape("foo / bar@myprovider"), + conf: runtime.Configuration{ + TCPMiddlewares: map[string]*runtime.TCPMiddlewareInfo{ + "foo / bar@myprovider": { + TCPMiddleware: &dynamic.TCPMiddleware{ + IPWhiteList: &dynamic.TCPIPWhiteList{ + SourceRange: []string{"127.0.0.1/32"}, + }, + }, + UsedBy: []string{"bar@myprovider", "test@myprovider"}, + }, + }, + }, + expected: expected{ + statusCode: http.StatusOK, + jsonFile: "testdata/tcpmiddleware-foo-slash-bar.json", + }, + }, { desc: "one middleware by id, that does not exist", path: "/api/tcp/middlewares/foo@myprovider", diff --git a/pkg/api/handler_udp.go b/pkg/api/handler_udp.go index bf637ee72..60f4b7178 100644 --- a/pkg/api/handler_udp.go +++ b/pkg/api/handler_udp.go @@ -4,6 +4,7 @@ import ( "encoding/json" "fmt" "net/http" + "net/url" "strconv" "strings" @@ -74,7 +75,13 @@ func (h Handler) getUDPRouters(rw http.ResponseWriter, request *http.Request) { } func (h Handler) getUDPRouter(rw http.ResponseWriter, request *http.Request) { - routerID := mux.Vars(request)["routerID"] + scapedRouterID := mux.Vars(request)["routerID"] + + routerID, err := url.PathUnescape(scapedRouterID) + if err != nil { + writeError(rw, fmt.Sprintf("unable to decode routerID %q: %s", scapedRouterID, err), http.StatusBadRequest) + return + } rw.Header().Set("Content-Type", "application/json") @@ -86,7 +93,7 @@ func (h Handler) getUDPRouter(rw http.ResponseWriter, request *http.Request) { result := newUDPRouterRepresentation(routerID, router) - err := json.NewEncoder(rw).Encode(result) + err = json.NewEncoder(rw).Encode(result) if err != nil { log.Ctx(request.Context()).Error().Err(err).Send() writeError(rw, err.Error(), http.StatusInternalServerError) @@ -125,7 +132,13 @@ func (h Handler) getUDPServices(rw http.ResponseWriter, request *http.Request) { } func (h Handler) getUDPService(rw http.ResponseWriter, request *http.Request) { - serviceID := mux.Vars(request)["serviceID"] + scapedServiceID := mux.Vars(request)["serviceID"] + + serviceID, err := url.PathUnescape(scapedServiceID) + if err != nil { + writeError(rw, fmt.Sprintf("unable to decode serviceID %q: %s", scapedServiceID, err), http.StatusBadRequest) + return + } rw.Header().Set("Content-Type", "application/json") @@ -137,7 +150,7 @@ func (h Handler) getUDPService(rw http.ResponseWriter, request *http.Request) { result := newUDPServiceRepresentation(serviceID, service) - err := json.NewEncoder(rw).Encode(result) + err = json.NewEncoder(rw).Encode(result) if err != nil { log.Ctx(request.Context()).Error().Err(err).Send() writeError(rw, err.Error(), http.StatusInternalServerError) diff --git a/pkg/api/handler_udp_test.go b/pkg/api/handler_udp_test.go index f9e2cb356..741239940 100644 --- a/pkg/api/handler_udp_test.go +++ b/pkg/api/handler_udp_test.go @@ -6,6 +6,7 @@ import ( "io" "net/http" "net/http/httptest" + "net/url" "os" "testing" @@ -224,6 +225,24 @@ func TestHandler_UDP(t *testing.T) { jsonFile: "testdata/udprouter-bar.json", }, }, + { + desc: "one UDP router by id containing slash", + path: "/api/udp/routers/" + url.PathEscape("foo / bar@myprovider"), + conf: runtime.Configuration{ + UDPRouters: map[string]*runtime.UDPRouterInfo{ + "foo / bar@myprovider": { + UDPRouter: &dynamic.UDPRouter{ + EntryPoints: []string{"web"}, + Service: "foo-service@myprovider", + }, + }, + }, + }, + expected: expected{ + statusCode: http.StatusOK, + jsonFile: "testdata/udprouter-foo-slash-bar.json", + }, + }, { desc: "one UDP router by id, that does not exist", path: "/api/udp/routers/foo@myprovider", @@ -487,6 +506,30 @@ func TestHandler_UDP(t *testing.T) { jsonFile: "testdata/udpservice-bar.json", }, }, + { + desc: "one udp service by id containing slash", + path: "/api/udp/services/" + url.PathEscape("foo / bar@myprovider"), + conf: runtime.Configuration{ + UDPServices: map[string]*runtime.UDPServiceInfo{ + "foo / bar@myprovider": { + UDPService: &dynamic.UDPService{ + LoadBalancer: &dynamic.UDPServersLoadBalancer{ + Servers: []dynamic.UDPServer{ + { + Address: "127.0.0.1:2345", + }, + }, + }, + }, + UsedBy: []string{"foo@myprovider", "test@myprovider"}, + }, + }, + }, + expected: expected{ + statusCode: http.StatusOK, + jsonFile: "testdata/udpservice-foo-slash-bar.json", + }, + }, { desc: "one udp service by id, that does not exist", path: "/api/udp/services/nono@myprovider", diff --git a/pkg/api/testdata/entrypoint-foo-slash-bar.json b/pkg/api/testdata/entrypoint-foo-slash-bar.json new file mode 100644 index 000000000..5f0bcbafc --- /dev/null +++ b/pkg/api/testdata/entrypoint-foo-slash-bar.json @@ -0,0 +1,5 @@ +{ + "address": ":81", + "http": {}, + "name": "foo / bar" +} diff --git a/pkg/api/testdata/middleware-foo-slash-bar.json b/pkg/api/testdata/middleware-foo-slash-bar.json new file mode 100644 index 000000000..5e68c7e3d --- /dev/null +++ b/pkg/api/testdata/middleware-foo-slash-bar.json @@ -0,0 +1,12 @@ +{ + "addPrefix": { + "prefix": "/titi" + }, + "name": "foo / bar@myprovider", + "provider": "myprovider", + "status": "enabled", + "type": "addprefix", + "usedBy": [ + "test@myprovider" + ] +} diff --git a/pkg/api/testdata/router-foo-slash-bar.json b/pkg/api/testdata/router-foo-slash-bar.json new file mode 100644 index 000000000..f9e30c240 --- /dev/null +++ b/pkg/api/testdata/router-foo-slash-bar.json @@ -0,0 +1,17 @@ +{ + "entryPoints": [ + "web" + ], + "middlewares": [ + "auth", + "addPrefixTest@anotherprovider" + ], + "name": "foo / bar@myprovider", + "provider": "myprovider", + "rule": "Host(`foo.bar`)", + "service": "foo-service@myprovider", + "status": "enabled", + "using": [ + "web" + ] +} diff --git a/pkg/api/testdata/service-foo-slash-bar.json b/pkg/api/testdata/service-foo-slash-bar.json new file mode 100644 index 000000000..58cde8530 --- /dev/null +++ b/pkg/api/testdata/service-foo-slash-bar.json @@ -0,0 +1,21 @@ +{ + "loadBalancer": { + "passHostHeader": true, + "servers": [ + { + "url": "http://127.0.0.1" + } + ] + }, + "name": "foo / bar@myprovider", + "provider": "myprovider", + "serverStatus": { + "http://127.0.0.1": "UP" + }, + "status": "enabled", + "type": "loadbalancer", + "usedBy": [ + "foo@myprovider", + "test@myprovider" + ] +} diff --git a/pkg/api/testdata/tcpmiddleware-foo-slash-bar.json b/pkg/api/testdata/tcpmiddleware-foo-slash-bar.json new file mode 100644 index 000000000..985e0380a --- /dev/null +++ b/pkg/api/testdata/tcpmiddleware-foo-slash-bar.json @@ -0,0 +1,13 @@ +{ + "ipWhiteList": { + "sourceRange": ["127.0.0.1/32"] + }, + "name": "foo / bar@myprovider", + "provider": "myprovider", + "status": "enabled", + "type": "ipwhitelist", + "usedBy": [ + "bar@myprovider", + "test@myprovider" + ] +} diff --git a/pkg/api/testdata/tcprouter-foo-slash-bar.json b/pkg/api/testdata/tcprouter-foo-slash-bar.json new file mode 100644 index 000000000..4656ea9f9 --- /dev/null +++ b/pkg/api/testdata/tcprouter-foo-slash-bar.json @@ -0,0 +1,13 @@ +{ + "entryPoints": [ + "web" + ], + "name": "foo / bar@myprovider", + "provider": "myprovider", + "rule": "Host(`foo.bar`)", + "service": "foo-service@myprovider", + "status": "enabled", + "using": [ + "web" + ] +} diff --git a/pkg/api/testdata/tcpservice-foo-slash-bar.json b/pkg/api/testdata/tcpservice-foo-slash-bar.json new file mode 100644 index 000000000..b250966d5 --- /dev/null +++ b/pkg/api/testdata/tcpservice-foo-slash-bar.json @@ -0,0 +1,17 @@ +{ + "loadBalancer": { + "servers": [ + { + "address": "127.0.0.1:2345" + } + ] + }, + "name": "foo / bar@myprovider", + "provider": "myprovider", + "status": "enabled", + "type": "loadbalancer", + "usedBy": [ + "foo@myprovider", + "test@myprovider" + ] +} diff --git a/pkg/api/testdata/udprouter-foo-slash-bar.json b/pkg/api/testdata/udprouter-foo-slash-bar.json new file mode 100644 index 000000000..276c1a907 --- /dev/null +++ b/pkg/api/testdata/udprouter-foo-slash-bar.json @@ -0,0 +1,12 @@ +{ + "entryPoints": [ + "web" + ], + "name": "foo / bar@myprovider", + "provider": "myprovider", + "service": "foo-service@myprovider", + "status": "enabled", + "using": [ + "web" + ] +} diff --git a/pkg/api/testdata/udpservice-foo-slash-bar.json b/pkg/api/testdata/udpservice-foo-slash-bar.json new file mode 100644 index 000000000..b250966d5 --- /dev/null +++ b/pkg/api/testdata/udpservice-foo-slash-bar.json @@ -0,0 +1,17 @@ +{ + "loadBalancer": { + "servers": [ + { + "address": "127.0.0.1:2345" + } + ] + }, + "name": "foo / bar@myprovider", + "provider": "myprovider", + "status": "enabled", + "type": "loadbalancer", + "usedBy": [ + "foo@myprovider", + "test@myprovider" + ] +} diff --git a/pkg/collector/collector.go b/pkg/collector/collector.go index e721f8e3d..9b974cc5c 100644 --- a/pkg/collector/collector.go +++ b/pkg/collector/collector.go @@ -20,8 +20,6 @@ import ( const collectorURL = "https://collect.traefik.io/yYaUej3P42cziRVzv6T5w2aYy9po2Mrn" // Collected data. -// -//nolint:musttag // cannot be changed for historical reasons. type data struct { Version string Codename string @@ -67,7 +65,7 @@ func createBody(staticConfiguration *static.Configuration) (*bytes.Buffer, error } buf := new(bytes.Buffer) - err = json.NewEncoder(buf).Encode(data) + err = json.NewEncoder(buf).Encode(data) //nolint:musttag // cannot be changed for historical reasons. if err != nil { return nil, err } diff --git a/pkg/config/runtime/runtime_http.go b/pkg/config/runtime/runtime_http.go index 1ea5eebd1..97a89f066 100644 --- a/pkg/config/runtime/runtime_http.go +++ b/pkg/config/runtime/runtime_http.go @@ -2,6 +2,7 @@ package runtime import ( "context" + "errors" "fmt" "slices" "sort" @@ -43,7 +44,7 @@ func (c *Configuration) GetRoutersByEntryPoints(ctx context.Context, entryPoints } if entryPointsCount == 0 { - rt.AddError(fmt.Errorf("no valid entryPoint for this router"), true) + rt.AddError(errors.New("no valid entryPoint for this router"), true) logger.Error().Msg("No valid entryPoint for this router") } diff --git a/pkg/config/runtime/runtime_tcp.go b/pkg/config/runtime/runtime_tcp.go index a5826c77d..1c213f7b1 100644 --- a/pkg/config/runtime/runtime_tcp.go +++ b/pkg/config/runtime/runtime_tcp.go @@ -2,6 +2,7 @@ package runtime import ( "context" + "errors" "fmt" "slices" @@ -37,7 +38,7 @@ func (c *Configuration) GetTCPRoutersByEntryPoints(ctx context.Context, entryPoi } if entryPointsCount == 0 { - rt.AddError(fmt.Errorf("no valid entryPoint for this router"), true) + rt.AddError(errors.New("no valid entryPoint for this router"), true) logger.Error().Msg("No valid entryPoint for this router") } } diff --git a/pkg/config/runtime/runtime_udp.go b/pkg/config/runtime/runtime_udp.go index 47d88c84f..e1a867506 100644 --- a/pkg/config/runtime/runtime_udp.go +++ b/pkg/config/runtime/runtime_udp.go @@ -2,6 +2,7 @@ package runtime import ( "context" + "errors" "fmt" "slices" @@ -43,7 +44,7 @@ func (c *Configuration) GetUDPRoutersByEntryPoints(ctx context.Context, entryPoi } if entryPointsCount == 0 { - rt.AddError(fmt.Errorf("no valid entryPoint for this router"), true) + rt.AddError(errors.New("no valid entryPoint for this router"), true) logger.Error().Msg("No valid entryPoint for this router") } } diff --git a/pkg/middlewares/accesslog/logger_test.go b/pkg/middlewares/accesslog/logger_test.go index 6f7d3a422..4fce3deba 100644 --- a/pkg/middlewares/accesslog/logger_test.go +++ b/pkg/middlewares/accesslog/logger_test.go @@ -27,6 +27,8 @@ import ( "github.com/traefik/traefik/v3/pkg/types" ) +const delta float64 = 1e-10 + var ( logFileNameSuffix = "/traefik/logger/test.log" testContent = "Hello, World" @@ -280,7 +282,7 @@ func assertFloat64(exp float64) func(t *testing.T, actual interface{}) { return func(t *testing.T, actual interface{}) { t.Helper() - assert.Equal(t, exp, actual) + assert.InDelta(t, exp, actual, delta) } } diff --git a/pkg/middlewares/addprefix/add_prefix.go b/pkg/middlewares/addprefix/add_prefix.go index e91facaf9..46f8d98d0 100644 --- a/pkg/middlewares/addprefix/add_prefix.go +++ b/pkg/middlewares/addprefix/add_prefix.go @@ -2,7 +2,7 @@ package addprefix import ( "context" - "fmt" + "errors" "net/http" "github.com/traefik/traefik/v3/pkg/config/dynamic" @@ -33,7 +33,7 @@ func New(ctx context.Context, next http.Handler, config dynamic.AddPrefix, name name: name, } } else { - return nil, fmt.Errorf("prefix cannot be empty") + return nil, errors.New("prefix cannot be empty") } return result, nil diff --git a/pkg/middlewares/compress/brotli/brotli.go b/pkg/middlewares/compress/brotli/brotli.go index 142eb78ee..17225f252 100644 --- a/pkg/middlewares/compress/brotli/brotli.go +++ b/pkg/middlewares/compress/brotli/brotli.go @@ -2,6 +2,7 @@ package brotli import ( "bufio" + "errors" "fmt" "io" "mime" @@ -34,11 +35,11 @@ type Config struct { // NewWrapper returns a new Brotli compressing wrapper. func NewWrapper(cfg Config) (func(http.Handler) http.HandlerFunc, error) { if cfg.MinSize < 0 { - return nil, fmt.Errorf("minimum size must be greater than or equal to zero") + return nil, errors.New("minimum size must be greater than or equal to zero") } if len(cfg.ExcludedContentTypes) > 0 && len(cfg.IncludedContentTypes) > 0 { - return nil, fmt.Errorf("excludedContentTypes and includedContentTypes options are mutually exclusive") + return nil, errors.New("excludedContentTypes and includedContentTypes options are mutually exclusive") } var excludedContentTypes []parsedContentType diff --git a/pkg/middlewares/compress/compress.go b/pkg/middlewares/compress/compress.go index 0cdd29883..bde909978 100644 --- a/pkg/middlewares/compress/compress.go +++ b/pkg/middlewares/compress/compress.go @@ -2,6 +2,7 @@ package compress import ( "context" + "errors" "fmt" "mime" "net/http" @@ -38,7 +39,7 @@ func New(ctx context.Context, next http.Handler, conf dynamic.Compress, name str middlewares.GetLogger(ctx, name, typeName).Debug().Msg("Creating middleware") if len(conf.ExcludedContentTypes) > 0 && len(conf.IncludedContentTypes) > 0 { - return nil, fmt.Errorf("excludedContentTypes and includedContentTypes options are mutually exclusive") + return nil, errors.New("excludedContentTypes and includedContentTypes options are mutually exclusive") } excludes := []string{"application/grpc"} diff --git a/pkg/muxer/tcp/matcher_v2.go b/pkg/muxer/tcp/matcher_v2.go index 3d918b02e..b473f87a4 100644 --- a/pkg/muxer/tcp/matcher_v2.go +++ b/pkg/muxer/tcp/matcher_v2.go @@ -126,7 +126,7 @@ func hostSNIV2(tree *matchersTree, hosts ...string) error { // hostSNIRegexpV2 checks if the SNI Host of the connection matches the matcher host regexp. func hostSNIRegexpV2(tree *matchersTree, templates ...string) error { if len(templates) == 0 { - return fmt.Errorf("empty value for \"HostSNIRegexp\" matcher is not allowed") + return errors.New("empty value for \"HostSNIRegexp\" matcher is not allowed") } var regexps []*regexp.Regexp diff --git a/pkg/plugins/builder.go b/pkg/plugins/builder.go index 42f1a5f05..9a5261307 100644 --- a/pkg/plugins/builder.go +++ b/pkg/plugins/builder.go @@ -2,6 +2,7 @@ package plugins import ( "context" + "errors" "fmt" "net/http" "path/filepath" @@ -176,7 +177,7 @@ func getWasmPath(manifest *Manifest) (string, error) { } if !filepath.IsLocal(wasmPath) { - return "", fmt.Errorf("wasmPath must be a local path") + return "", errors.New("wasmPath must be a local path") } return wasmPath, nil diff --git a/pkg/plugins/client.go b/pkg/plugins/client.go index 52369585f..ac4e71bcf 100644 --- a/pkg/plugins/client.go +++ b/pkg/plugins/client.go @@ -228,7 +228,7 @@ func (c *Client) Check(ctx context.Context, pName, pVersion, hash string) error return nil } - return fmt.Errorf("plugin integrity check failed") + return errors.New("plugin integrity check failed") } // Unzip unzip a plugin archive. diff --git a/pkg/provider/http/http.go b/pkg/provider/http/http.go index c354e5f8b..4da8a2973 100644 --- a/pkg/provider/http/http.go +++ b/pkg/provider/http/http.go @@ -2,6 +2,7 @@ package http import ( "context" + "errors" "fmt" "hash/fnv" "io" @@ -44,11 +45,11 @@ func (p *Provider) SetDefaults() { // Init the provider. func (p *Provider) Init() error { if p.Endpoint == "" { - return fmt.Errorf("non-empty endpoint is required") + return errors.New("non-empty endpoint is required") } if p.PollInterval <= 0 { - return fmt.Errorf("poll interval must be greater than 0") + return errors.New("poll interval must be greater than 0") } p.httpClient = &http.Client{ diff --git a/pkg/provider/kubernetes/crd/generated/informers/externalversions/factory.go b/pkg/provider/kubernetes/crd/generated/informers/externalversions/factory.go index 56302b197..8f6ccf752 100644 --- a/pkg/provider/kubernetes/crd/generated/informers/externalversions/factory.go +++ b/pkg/provider/kubernetes/crd/generated/informers/externalversions/factory.go @@ -50,6 +50,7 @@ type sharedInformerFactory struct { lock sync.Mutex defaultResync time.Duration customResync map[reflect.Type]time.Duration + transform cache.TransformFunc informers map[reflect.Type]cache.SharedIndexInformer // startedInformers is used for tracking which informers have been started. @@ -88,6 +89,14 @@ func WithNamespace(namespace string) SharedInformerOption { } } +// WithTransform sets a transform on all informers. +func WithTransform(transform cache.TransformFunc) SharedInformerOption { + return func(factory *sharedInformerFactory) *sharedInformerFactory { + factory.transform = transform + return factory + } +} + // NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces. func NewSharedInformerFactory(client versioned.Interface, defaultResync time.Duration) SharedInformerFactory { return NewSharedInformerFactoryWithOptions(client, defaultResync) @@ -192,6 +201,7 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal } informer = newFunc(f.client, resyncPeriod) + informer.SetTransform(f.transform) f.informers[informerType] = informer return informer diff --git a/pkg/provider/kubernetes/crd/kubernetes.go b/pkg/provider/kubernetes/crd/kubernetes.go index 45ce6513c..6caddca3a 100644 --- a/pkg/provider/kubernetes/crd/kubernetes.go +++ b/pkg/provider/kubernetes/crd/kubernetes.go @@ -720,7 +720,7 @@ func createForwardAuthMiddleware(k8sClient Client, namespace string, auth *traef return nil, nil } if len(auth.Address) == 0 { - return nil, fmt.Errorf("forward authentication requires an address") + return nil, errors.New("forward authentication requires an address") } forwardAuth := &dynamic.ForwardAuth{ @@ -815,7 +815,7 @@ func createBasicAuthMiddleware(client Client, namespace string, basicAuth *traef } if basicAuth.Secret == "" { - return nil, fmt.Errorf("auth secret must be set") + return nil, errors.New("auth secret must be set") } secret, ok, err := client.GetSecret(namespace, basicAuth.Secret) @@ -862,7 +862,7 @@ func createDigestAuthMiddleware(client Client, namespace string, digestAuth *tra } if digestAuth.Secret == "" { - return nil, fmt.Errorf("auth secret must be set") + return nil, errors.New("auth secret must be set") } secret, ok, err := client.GetSecret(namespace, digestAuth.Secret) diff --git a/pkg/provider/kubernetes/ingress/client_test.go b/pkg/provider/kubernetes/ingress/client_test.go index 44d611bcb..0a162e877 100644 --- a/pkg/provider/kubernetes/ingress/client_test.go +++ b/pkg/provider/kubernetes/ingress/client_test.go @@ -2,7 +2,7 @@ package ingress import ( "context" - "fmt" + "errors" "testing" "time" @@ -39,9 +39,9 @@ func TestTranslateNotFoundError(t *testing.T) { }, { desc: "not a kubernetes not found error", - err: fmt.Errorf("bar error"), + err: errors.New("bar error"), expectedExists: false, - expectedError: fmt.Errorf("bar error"), + expectedError: errors.New("bar error"), }, } diff --git a/pkg/safe/routine_test.go b/pkg/safe/routine_test.go index 45f87978c..1880b7c4e 100644 --- a/pkg/safe/routine_test.go +++ b/pkg/safe/routine_test.go @@ -2,7 +2,7 @@ package safe import ( "context" - "fmt" + "errors" "sync" "testing" "time" @@ -146,7 +146,7 @@ func TestOperationWithRecoverPanic(t *testing.T) { func TestOperationWithRecoverError(t *testing.T) { operation := func() error { - return fmt.Errorf("ERROR") + return errors.New("ERROR") } err := backoff.Retry(OperationWithRecover(operation), &backoff.StopBackOff{}) if err == nil { diff --git a/pkg/server/configurationwatcher_test.go b/pkg/server/configurationwatcher_test.go index 267735560..d77874634 100644 --- a/pkg/server/configurationwatcher_test.go +++ b/pkg/server/configurationwatcher_test.go @@ -2,7 +2,7 @@ package server import ( "context" - "fmt" + "errors" "strconv" "sync" "testing" @@ -30,7 +30,7 @@ func (p *mockProvider) Provide(configurationChan chan<- dynamic.Message, _ *safe } if len(p.messages) == 0 { - return fmt.Errorf("no messages available") + return errors.New("no messages available") } configurationChan <- p.messages[0] diff --git a/pkg/server/router/tcp/router_test.go b/pkg/server/router/tcp/router_test.go index 1bcd987b1..64f32f7f7 100644 --- a/pkg/server/router/tcp/router_test.go +++ b/pkg/server/router/tcp/router_test.go @@ -173,9 +173,11 @@ func Test_Routing(t *testing.T) { map[string]traefiktls.Store{}, map[string]traefiktls.Options{ "default": { + MinVersion: "VersionTLS10", MaxVersion: "VersionTLS10", }, "tls10": { + MinVersion: "VersionTLS10", MaxVersion: "VersionTLS10", }, "tls12": { diff --git a/pkg/server/server_entrypoint_tcp.go b/pkg/server/server_entrypoint_tcp.go index c7d33abb7..6a25953d4 100644 --- a/pkg/server/server_entrypoint_tcp.go +++ b/pkg/server/server_entrypoint_tcp.go @@ -31,6 +31,7 @@ import ( "github.com/traefik/traefik/v3/pkg/safe" "github.com/traefik/traefik/v3/pkg/server/router" tcprouter "github.com/traefik/traefik/v3/pkg/server/router/tcp" + "github.com/traefik/traefik/v3/pkg/server/service" "github.com/traefik/traefik/v3/pkg/tcp" "github.com/traefik/traefik/v3/pkg/types" "golang.org/x/net/http2" @@ -387,7 +388,7 @@ func writeCloser(conn net.Conn) (tcp.WriteCloser, error) { case *proxyproto.Conn: underlying, ok := typedConn.TCPConn() if !ok { - return nil, fmt.Errorf("underlying connection is not a tcp connection") + return nil, errors.New("underlying connection is not a tcp connection") } return &writeCloserWrapper{writeCloser: underlying, Conn: typedConn}, nil case *net.TCPConn: @@ -633,6 +634,16 @@ func createHTTPServer(ctx context.Context, ln net.Listener, configuration *stati } } + prevConnContext := serverHTTP.ConnContext + serverHTTP.ConnContext = func(ctx context.Context, c net.Conn) context.Context { + // This adds an empty struct in order to store a RoundTripper in the ConnContext in case of Kerberos or NTLM. + ctx = service.AddTransportOnContext(ctx) + if prevConnContext != nil { + return prevConnContext(ctx, c) + } + return ctx + } + // ConfigureServer configures HTTP/2 with the MaxConcurrentStreams option for the given server. // Also keeping behavior the same as // https://cs.opensource.google/go/go/+/refs/tags/go1.17.7:src/net/http/server.go;l=3262 @@ -641,7 +652,6 @@ func createHTTPServer(ctx context.Context, ln net.Listener, configuration *stati MaxConcurrentStreams: uint32(configuration.HTTP2.MaxConcurrentStreams), NewWriteScheduler: func() http2.WriteScheduler { return http2.NewPriorityWriteScheduler(nil) }, }) - if err != nil { return nil, fmt.Errorf("configure HTTP/2 server: %w", err) } diff --git a/pkg/server/service/loadbalancer/wrr/wrr.go b/pkg/server/service/loadbalancer/wrr/wrr.go index f38facf35..6aa04c8ec 100644 --- a/pkg/server/service/loadbalancer/wrr/wrr.go +++ b/pkg/server/service/loadbalancer/wrr/wrr.go @@ -4,9 +4,9 @@ import ( "container/heap" "context" "errors" - "fmt" "hash/fnv" "net/http" + "strconv" "sync" "github.com/rs/zerolog/log" @@ -276,5 +276,5 @@ func hash(input string) string { // We purposely ignore the error because the implementation always returns nil. _, _ = hasher.Write([]byte(input)) - return fmt.Sprintf("%x", hasher.Sum64()) + return strconv.FormatUint(hasher.Sum64(), 16) } diff --git a/pkg/server/service/roundtripper.go b/pkg/server/service/roundtripper.go index 7b7786a07..3259e04fb 100644 --- a/pkg/server/service/roundtripper.go +++ b/pkg/server/service/roundtripper.go @@ -1,6 +1,7 @@ package service import ( + "context" "crypto/tls" "crypto/x509" "errors" @@ -8,6 +9,7 @@ import ( "net" "net/http" "reflect" + "strings" "sync" "time" @@ -180,10 +182,71 @@ func (r *RoundTripperManager) createRoundTripper(cfg *dynamic.ServersTransport) // Return directly HTTP/1.1 transport when HTTP/2 is disabled if cfg.DisableHTTP2 { - return transport, nil + return &KerberosRoundTripper{ + OriginalRoundTripper: transport, + new: func() http.RoundTripper { + return transport.Clone() + }, + }, nil } - return newSmartRoundTripper(transport, cfg.ForwardingTimeouts) + rt, err := newSmartRoundTripper(transport, cfg.ForwardingTimeouts) + if err != nil { + return nil, err + } + return &KerberosRoundTripper{ + OriginalRoundTripper: rt, + new: func() http.RoundTripper { + return rt.Clone() + }, + }, nil +} + +type KerberosRoundTripper struct { + new func() http.RoundTripper + OriginalRoundTripper http.RoundTripper +} + +type stickyRoundTripper struct { + RoundTripper http.RoundTripper +} + +type transportKeyType string + +var transportKey transportKeyType = "transport" + +func AddTransportOnContext(ctx context.Context) context.Context { + return context.WithValue(ctx, transportKey, &stickyRoundTripper{}) +} + +func (k *KerberosRoundTripper) RoundTrip(request *http.Request) (*http.Response, error) { + value, ok := request.Context().Value(transportKey).(*stickyRoundTripper) + if !ok { + return k.OriginalRoundTripper.RoundTrip(request) + } + + if value.RoundTripper != nil { + return value.RoundTripper.RoundTrip(request) + } + + resp, err := k.OriginalRoundTripper.RoundTrip(request) + + // If we found that we are authenticating with Kerberos (Negotiate) or NTLM. + // We put a dedicated roundTripper in the ConnContext. + // This will stick the next calls to the same connection with the backend. + if err == nil && containsNTLMorNegotiate(resp.Header.Values("WWW-Authenticate")) { + value.RoundTripper = k.new() + } + return resp, err +} + +func containsNTLMorNegotiate(h []string) bool { + for _, s := range h { + if strings.HasPrefix(s, "NTLM") || strings.HasPrefix(s, "Negotiate") { + return true + } + } + return false } func createRootCACertPool(rootCAs []types.FileOrContent) *x509.CertPool { diff --git a/pkg/server/service/roundtripper_test.go b/pkg/server/service/roundtripper_test.go index 2d7763888..2ca542d69 100644 --- a/pkg/server/service/roundtripper_test.go +++ b/pkg/server/service/roundtripper_test.go @@ -1,6 +1,7 @@ package service import ( + "context" "crypto/rand" "crypto/rsa" "crypto/tls" @@ -549,3 +550,80 @@ func (s *fakeSpiffeSource) GetX509BundleForTrustDomain(trustDomain spiffeid.Trus func (s *fakeSpiffeSource) GetX509SVID() (*x509svid.SVID, error) { return s.svid, nil } + +type roundTripperFn func(req *http.Request) (*http.Response, error) + +func (r roundTripperFn) RoundTrip(request *http.Request) (*http.Response, error) { + return r(request) +} + +func TestKerberosRoundTripper(t *testing.T) { + testCases := []struct { + desc string + + originalRoundTripperHeaders map[string][]string + + expectedStatusCode []int + expectedDedicatedCount int + expectedOriginalCount int + }{ + { + desc: "without special header", + expectedStatusCode: []int{http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized}, + expectedOriginalCount: 3, + }, + { + desc: "with Negotiate (Kerberos)", + originalRoundTripperHeaders: map[string][]string{"Www-Authenticate": {"Negotiate"}}, + expectedStatusCode: []int{http.StatusUnauthorized, http.StatusOK, http.StatusOK}, + expectedOriginalCount: 1, + expectedDedicatedCount: 2, + }, + { + desc: "with NTLM", + originalRoundTripperHeaders: map[string][]string{"Www-Authenticate": {"NTLM"}}, + expectedStatusCode: []int{http.StatusUnauthorized, http.StatusOK, http.StatusOK}, + expectedOriginalCount: 1, + expectedDedicatedCount: 2, + }, + } + + for _, test := range testCases { + test := test + t.Run(test.desc, func(t *testing.T) { + t.Parallel() + + origCount := 0 + dedicatedCount := 0 + rt := KerberosRoundTripper{ + new: func() http.RoundTripper { + return roundTripperFn(func(req *http.Request) (*http.Response, error) { + dedicatedCount++ + return &http.Response{ + StatusCode: http.StatusOK, + }, nil + }) + }, + OriginalRoundTripper: roundTripperFn(func(req *http.Request) (*http.Response, error) { + origCount++ + return &http.Response{ + StatusCode: http.StatusUnauthorized, + Header: test.originalRoundTripperHeaders, + }, nil + }), + } + + ctx := AddTransportOnContext(context.Background()) + for _, expected := range test.expectedStatusCode { + req, err := http.NewRequestWithContext(ctx, http.MethodGet, "http://127.0.0.1", http.NoBody) + require.NoError(t, err) + resp, err := rt.RoundTrip(req) + require.NoError(t, err) + require.Equal(t, expected, resp.StatusCode) + } + + require.Equal(t, test.expectedOriginalCount, origCount) + require.Equal(t, test.expectedDedicatedCount, dedicatedCount) + }) + } +} diff --git a/pkg/server/service/smart_roundtripper.go b/pkg/server/service/smart_roundtripper.go index 3b88b499a..93b8c62d6 100644 --- a/pkg/server/service/smart_roundtripper.go +++ b/pkg/server/service/smart_roundtripper.go @@ -11,7 +11,7 @@ import ( "golang.org/x/net/http2" ) -func newSmartRoundTripper(transport *http.Transport, forwardingTimeouts *dynamic.ForwardingTimeouts) (http.RoundTripper, error) { +func newSmartRoundTripper(transport *http.Transport, forwardingTimeouts *dynamic.ForwardingTimeouts) (*smartRoundTripper, error) { transportHTTP1 := transport.Clone() transportHTTP2, err := http2.ConfigureTransports(transport) @@ -53,6 +53,12 @@ type smartRoundTripper struct { http *http.Transport } +func (m *smartRoundTripper) Clone() http.RoundTripper { + h := m.http.Clone() + h2 := m.http2.Clone() + return &smartRoundTripper{http: h, http2: h2} +} + func (m *smartRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { // If we have a connection upgrade, we don't use HTTP/2 if httpguts.HeaderValuesContainsToken(req.Header["Connection"], "Upgrade") { diff --git a/pkg/tcp/chain.go b/pkg/tcp/chain.go index 8cc351ba5..f50262d72 100644 --- a/pkg/tcp/chain.go +++ b/pkg/tcp/chain.go @@ -1,7 +1,7 @@ package tcp import ( - "fmt" + "errors" ) // Constructor A constructor for a piece of TCP middleware. @@ -29,7 +29,7 @@ func NewChain(constructors ...Constructor) Chain { // Then adds an handler at the end of the chain. func (c Chain) Then(h Handler) (Handler, error) { if h == nil { - return nil, fmt.Errorf("cannot add a nil handler to the chain") + return nil, errors.New("cannot add a nil handler to the chain") } for i := range c.constructors { diff --git a/pkg/tcp/wrr_load_balancer.go b/pkg/tcp/wrr_load_balancer.go index d494e0abf..e4eb9650e 100644 --- a/pkg/tcp/wrr_load_balancer.go +++ b/pkg/tcp/wrr_load_balancer.go @@ -1,7 +1,7 @@ package tcp import ( - "fmt" + "errors" "sync" "github.com/rs/zerolog/log" @@ -91,7 +91,7 @@ func gcd(a, b int) int { func (b *WRRLoadBalancer) next() (Handler, error) { if len(b.servers) == 0 { - return nil, fmt.Errorf("no servers in the pool") + return nil, errors.New("no servers in the pool") } // The algo below may look messy, but is actually very simple @@ -101,7 +101,7 @@ func (b *WRRLoadBalancer) next() (Handler, error) { // Maximum weight across all enabled servers max := b.maxWeight() if max == 0 { - return nil, fmt.Errorf("all servers have 0 weight") + return nil, errors.New("all servers have 0 weight") } // GCD across all enabled servers diff --git a/pkg/tls/tlsmanager_test.go b/pkg/tls/tlsmanager_test.go index 56c92b401..9103aac32 100644 --- a/pkg/tls/tlsmanager_test.go +++ b/pkg/tls/tlsmanager_test.go @@ -334,10 +334,6 @@ func TestManager_Get_DefaultValues(t *testing.T) { assert.Equal(t, uint16(tls.VersionTLS12), config.MinVersion) assert.Equal(t, []string{"h2", "http/1.1", "acme-tls/1"}, config.NextProtos) assert.Equal(t, []uint16{ - tls.TLS_RSA_WITH_AES_128_CBC_SHA, - tls.TLS_RSA_WITH_AES_256_CBC_SHA, - tls.TLS_RSA_WITH_AES_128_GCM_SHA256, - tls.TLS_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_AES_128_GCM_SHA256, tls.TLS_AES_256_GCM_SHA384, tls.TLS_CHACHA20_POLY1305_SHA256, diff --git a/pkg/udp/wrr_load_balancer.go b/pkg/udp/wrr_load_balancer.go index 03fe059e1..8ea6357c8 100644 --- a/pkg/udp/wrr_load_balancer.go +++ b/pkg/udp/wrr_load_balancer.go @@ -1,7 +1,7 @@ package udp import ( - "fmt" + "errors" "sync" "github.com/rs/zerolog/log" @@ -91,7 +91,7 @@ func gcd(a, b int) int { func (b *WRRLoadBalancer) next() (Handler, error) { if len(b.servers) == 0 { - return nil, fmt.Errorf("no servers in the pool") + return nil, errors.New("no servers in the pool") } // The algorithm below may look messy, @@ -101,7 +101,7 @@ func (b *WRRLoadBalancer) next() (Handler, error) { // Maximum weight across all enabled servers max := b.maxWeight() if max == 0 { - return nil, fmt.Errorf("all servers have 0 weight") + return nil, errors.New("all servers have 0 weight") } // GCD across all enabled servers diff --git a/script/code-gen-docker.sh b/script/code-gen-docker.sh index 9b1065507..fe425a6be 100755 --- a/script/code-gen-docker.sh +++ b/script/code-gen-docker.sh @@ -9,7 +9,7 @@ IMAGE_NAME="kubernetes-codegen:latest" CURRENT_DIR="$(pwd)" echo "Building codegen Docker image..." -docker build --build-arg KUBE_VERSION=v0.28.3 \ +docker build --build-arg KUBE_VERSION=v0.29.1 \ --build-arg USER="${USER}" \ --build-arg UID="$(id -u)" \ --build-arg GID="$(id -g)" \ diff --git a/script/codegen.Dockerfile b/script/codegen.Dockerfile index ffb5430eb..315d349c1 100644 --- a/script/codegen.Dockerfile +++ b/script/codegen.Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21 +FROM golang:1.22 ARG USER=$USER ARG UID=$UID @@ -13,7 +13,7 @@ RUN go install k8s.io/code-generator/cmd/client-gen@$KUBE_VERSION RUN go install k8s.io/code-generator/cmd/lister-gen@$KUBE_VERSION RUN go install k8s.io/code-generator/cmd/informer-gen@$KUBE_VERSION RUN go install k8s.io/code-generator/cmd/deepcopy-gen@$KUBE_VERSION -RUN go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.13.0 +RUN go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0 RUN mkdir -p $GOPATH/src/k8s.io/code-generator RUN cp -R $GOPATH/pkg/mod/k8s.io/code-generator@$KUBE_VERSION/* $GOPATH/src/k8s.io/code-generator/ diff --git a/script/release-packages.sh b/script/release-packages.sh index f442e12dd..5f67c3c4c 100755 --- a/script/release-packages.sh +++ b/script/release-packages.sh @@ -11,7 +11,7 @@ fi rm -rf dist for os in linux darwin windows freebsd openbsd; do - goreleaser release --snapshot --skip=publish -p 2 --timeout="90m" --config "$(go run ./internal/release "$os")" + goreleaser release --skip=publish -p 2 --timeout="90m" --config "$(go run ./internal/release "$os")" go clean -cache done diff --git a/webui/.nvmrc b/webui/.nvmrc index 8ba691606..8b0beab16 100644 --- a/webui/.nvmrc +++ b/webui/.nvmrc @@ -1 +1 @@ -12.11.1 +20.11.0 diff --git a/webui/Dockerfile b/webui/Dockerfile index edb9593bc..3939d56b0 100644 --- a/webui/Dockerfile +++ b/webui/Dockerfile @@ -1,4 +1,4 @@ -FROM node:14.16 +FROM node:20.11 # Current Active LTS release according to (https://nodejs.org/en/about/releases/) ENV WEBUI_DIR /src/webui diff --git a/webui/package.json b/webui/package.json index 23e2be3d4..f114f2ce8 100644 --- a/webui/package.json +++ b/webui/package.json @@ -16,22 +16,23 @@ "build:nc": "yarn build" }, "dependencies": { - "@quasar/extras": "^1.0.0", - "axios": "^0.19.0", + "@quasar/extras": "^1.11.2", + "axios": "^0.21.1", "bowser": "^2.5.2", "chart.js": "^2.8.0", "dot-prop": "^5.2.0", + "core-js": "^3.35.1", "iframe-resizer": "^4.2.11", "lodash.isequal": "4.5.0", "moment": "^2.24.0", - "quasar": "^1.4.4", + "quasar": "^1.22.10", "query-string": "^6.13.1", "vh-check": "^2.0.5", "vue-chartjs": "^3.4.2", "vuex-map-fields": "^1.3.4" }, "devDependencies": { - "@quasar/app": "^1.2.4", + "@quasar/app": "^2.4.3", "@vue/eslint-config-standard": "^4.0.0", "@vue/test-utils": "^1.0.0-beta.29", "babel-eslint": "^10.0.1", @@ -43,9 +44,7 @@ "eslint-plugin-vue": "^5.0.0", "mocha": "^6.2.2", "mocha-webpack": "^2.0.0-beta.0", - "node-sass": "^4.12.0", - "prettier": "1.19.1", - "sass-loader": "^7.1.0" + "prettier": "1.19.1" }, "engines": { "node": ">= 8.9.0", diff --git a/webui/src/statics/app-logo-128x128.png b/webui/public/app-logo-128x128.png similarity index 100% rename from webui/src/statics/app-logo-128x128.png rename to webui/public/app-logo-128x128.png diff --git a/webui/src/statics/icons/apple-icon-120x120.png b/webui/public/icons/apple-icon-120x120.png similarity index 100% rename from webui/src/statics/icons/apple-icon-120x120.png rename to webui/public/icons/apple-icon-120x120.png diff --git a/webui/src/statics/icons/apple-icon-152x152.png b/webui/public/icons/apple-icon-152x152.png similarity index 100% rename from webui/src/statics/icons/apple-icon-152x152.png rename to webui/public/icons/apple-icon-152x152.png diff --git a/webui/src/statics/icons/apple-icon-167x167.png b/webui/public/icons/apple-icon-167x167.png similarity index 100% rename from webui/src/statics/icons/apple-icon-167x167.png rename to webui/public/icons/apple-icon-167x167.png diff --git a/webui/src/statics/icons/apple-icon-180x180.png b/webui/public/icons/apple-icon-180x180.png similarity index 100% rename from webui/src/statics/icons/apple-icon-180x180.png rename to webui/public/icons/apple-icon-180x180.png diff --git a/webui/src/statics/icons/favicon-16x16.png b/webui/public/icons/favicon-16x16.png similarity index 100% rename from webui/src/statics/icons/favicon-16x16.png rename to webui/public/icons/favicon-16x16.png diff --git a/webui/src/statics/icons/favicon-32x32.png b/webui/public/icons/favicon-32x32.png similarity index 100% rename from webui/src/statics/icons/favicon-32x32.png rename to webui/public/icons/favicon-32x32.png diff --git a/webui/src/statics/icons/favicon-96x96.png b/webui/public/icons/favicon-96x96.png similarity index 100% rename from webui/src/statics/icons/favicon-96x96.png rename to webui/public/icons/favicon-96x96.png diff --git a/webui/src/statics/icons/favicon.ico b/webui/public/icons/favicon.ico similarity index 100% rename from webui/src/statics/icons/favicon.ico rename to webui/public/icons/favicon.ico diff --git a/webui/src/statics/icons/icon-128x128.png b/webui/public/icons/icon-128x128.png similarity index 100% rename from webui/src/statics/icons/icon-128x128.png rename to webui/public/icons/icon-128x128.png diff --git a/webui/src/statics/icons/icon-192x192.png b/webui/public/icons/icon-192x192.png similarity index 100% rename from webui/src/statics/icons/icon-192x192.png rename to webui/public/icons/icon-192x192.png diff --git a/webui/src/statics/icons/icon-256x256.png b/webui/public/icons/icon-256x256.png similarity index 100% rename from webui/src/statics/icons/icon-256x256.png rename to webui/public/icons/icon-256x256.png diff --git a/webui/src/statics/icons/icon-384x384.png b/webui/public/icons/icon-384x384.png similarity index 100% rename from webui/src/statics/icons/icon-384x384.png rename to webui/public/icons/icon-384x384.png diff --git a/webui/src/statics/icons/icon-512x512.png b/webui/public/icons/icon-512x512.png similarity index 100% rename from webui/src/statics/icons/icon-512x512.png rename to webui/public/icons/icon-512x512.png diff --git a/webui/src/statics/icons/ms-icon-144x144.png b/webui/public/icons/ms-icon-144x144.png similarity index 100% rename from webui/src/statics/icons/ms-icon-144x144.png rename to webui/public/icons/ms-icon-144x144.png diff --git a/webui/src/statics/icons/safari-pinned-tab.svg b/webui/public/icons/safari-pinned-tab.svg similarity index 100% rename from webui/src/statics/icons/safari-pinned-tab.svg rename to webui/public/icons/safari-pinned-tab.svg diff --git a/webui/src/statics/providers/consul.svg b/webui/public/providers/consul.svg similarity index 100% rename from webui/src/statics/providers/consul.svg rename to webui/public/providers/consul.svg diff --git a/webui/src/statics/providers/consulcatalog.svg b/webui/public/providers/consulcatalog.svg similarity index 100% rename from webui/src/statics/providers/consulcatalog.svg rename to webui/public/providers/consulcatalog.svg diff --git a/webui/src/statics/providers/docker.svg b/webui/public/providers/docker.svg similarity index 100% rename from webui/src/statics/providers/docker.svg rename to webui/public/providers/docker.svg diff --git a/webui/src/statics/providers/ecs.svg b/webui/public/providers/ecs.svg similarity index 100% rename from webui/src/statics/providers/ecs.svg rename to webui/public/providers/ecs.svg diff --git a/webui/src/statics/providers/etcd.svg b/webui/public/providers/etcd.svg similarity index 100% rename from webui/src/statics/providers/etcd.svg rename to webui/public/providers/etcd.svg diff --git a/webui/src/statics/providers/file.svg b/webui/public/providers/file.svg similarity index 100% rename from webui/src/statics/providers/file.svg rename to webui/public/providers/file.svg diff --git a/webui/src/statics/providers/http.svg b/webui/public/providers/http.svg similarity index 100% rename from webui/src/statics/providers/http.svg rename to webui/public/providers/http.svg diff --git a/webui/src/statics/providers/hub.svg b/webui/public/providers/hub.svg similarity index 100% rename from webui/src/statics/providers/hub.svg rename to webui/public/providers/hub.svg diff --git a/webui/src/statics/providers/internal.svg b/webui/public/providers/internal.svg similarity index 100% rename from webui/src/statics/providers/internal.svg rename to webui/public/providers/internal.svg diff --git a/webui/src/statics/providers/kubernetes.svg b/webui/public/providers/kubernetes.svg similarity index 100% rename from webui/src/statics/providers/kubernetes.svg rename to webui/public/providers/kubernetes.svg diff --git a/webui/src/statics/providers/kubernetescrd.svg b/webui/public/providers/kubernetescrd.svg similarity index 100% rename from webui/src/statics/providers/kubernetescrd.svg rename to webui/public/providers/kubernetescrd.svg diff --git a/webui/src/statics/providers/kubernetesgateway.svg b/webui/public/providers/kubernetesgateway.svg similarity index 100% rename from webui/src/statics/providers/kubernetesgateway.svg rename to webui/public/providers/kubernetesgateway.svg diff --git a/webui/src/statics/providers/kubernetesingress.svg b/webui/public/providers/kubernetesingress.svg similarity index 100% rename from webui/src/statics/providers/kubernetesingress.svg rename to webui/public/providers/kubernetesingress.svg diff --git a/webui/src/statics/providers/marathon.svg b/webui/public/providers/marathon.svg similarity index 100% rename from webui/src/statics/providers/marathon.svg rename to webui/public/providers/marathon.svg diff --git a/webui/src/statics/providers/nomad.svg b/webui/public/providers/nomad.svg similarity index 100% rename from webui/src/statics/providers/nomad.svg rename to webui/public/providers/nomad.svg diff --git a/webui/src/statics/providers/plugin.svg b/webui/public/providers/plugin.svg similarity index 100% rename from webui/src/statics/providers/plugin.svg rename to webui/public/providers/plugin.svg diff --git a/webui/src/statics/providers/rancher.svg b/webui/public/providers/rancher.svg similarity index 100% rename from webui/src/statics/providers/rancher.svg rename to webui/public/providers/rancher.svg diff --git a/webui/src/statics/providers/redis.svg b/webui/public/providers/redis.svg similarity index 100% rename from webui/src/statics/providers/redis.svg rename to webui/public/providers/redis.svg diff --git a/webui/src/statics/providers/rest.svg b/webui/public/providers/rest.svg similarity index 100% rename from webui/src/statics/providers/rest.svg rename to webui/public/providers/rest.svg diff --git a/webui/src/statics/providers/zookeeper.svg b/webui/public/providers/zookeeper.svg similarity index 100% rename from webui/src/statics/providers/zookeeper.svg rename to webui/public/providers/zookeeper.svg diff --git a/webui/public/traefiklabs-hub-button-app/main-v1.js b/webui/public/traefiklabs-hub-button-app/main-v1.js new file mode 100644 index 000000000..9d36a8b62 --- /dev/null +++ b/webui/public/traefiklabs-hub-button-app/main-v1.js @@ -0,0 +1,3 @@ +/* eslint-disable */ +!function(){var e={110:function(e,t,n){"use strict";var r=n(441),a={childContextTypes:!0,contextType:!0,contextTypes:!0,defaultProps:!0,displayName:!0,getDefaultProps:!0,getDerivedStateFromError:!0,getDerivedStateFromProps:!0,mixins:!0,propTypes:!0,type:!0},l={name:!0,length:!0,prototype:!0,caller:!0,callee:!0,arguments:!0,arity:!0},o={$$typeof:!0,compare:!0,defaultProps:!0,displayName:!0,propTypes:!0,type:!0},i={};function u(e){return r.isMemo(e)?o:i[e.$$typeof]||a}i[r.ForwardRef]={$$typeof:!0,render:!0,defaultProps:!0,displayName:!0,propTypes:!0},i[r.Memo]=o;var s=Object.defineProperty,c=Object.getOwnPropertyNames,f=Object.getOwnPropertySymbols,d=Object.getOwnPropertyDescriptor,p=Object.getPrototypeOf,h=Object.prototype;e.exports=function e(t,n,r){if("string"!==typeof n){if(h){var a=p(n);a&&a!==h&&e(t,a,r)}var o=c(n);f&&(o=o.concat(f(n)));for(var i=u(t),m=u(n),g=0;g