baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Compare commits

base: baalajimaestro:93ec8f763670decf2b623653c6cc8739a848c96c
Branches Tags
baalajimaestro:master
...
compare: baalajimaestro:6f8b9a338d9d886bb1d6cab02719d08d5887bf87
Branches Tags
baalajimaestro:master

17 commits
93ec8f7636 ... 6f8b9a338d

Author SHA1 Message Date
baalajimaestro
6f8b9a338d
Merge branch 'master' of github.com:traefik/traefik
All checks were successful
Build & Push / build-and-push (push) Successful in 10m30s
Details
2024-10-08 22:02:07 +05:30
Romain
a7502c8700
Prepare Release v3.2.0-rc1 2024-10-02 16:24:04 +02:00
kevinpollet
54c3afd760
Merge branch v3.1 into master 2024-10-02 15:32:09 +02:00
Kevin Pollet
a2ab3e534d
Prepare release v3.1.5 2024-10-02 14:42:05 +02:00
kevinpollet
8cfa68a8e1
Merge branch v2.11 into v3.1 2024-10-02 11:25:30 +02:00
Kevin Pollet
518caa79f9
Prepare release v2.11.11 2024-10-02 11:10:04 +02:00
Romain
373095f1a8
Support NativeLB option in GatewayAPI provider 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2024-10-02 10:34:04 +02:00
romain
b641d5cf2a Merge current v2.11 into v3.1 2024-09-30 14:59:38 +02:00
Mathieu
4d6cb6af03
Ensure defaultGeneratedCert.main as Subject's CN 2024-09-30 12:10:05 +02:00
Kevin Pollet
9eb804a689
Bump github.com/klauspost/compress to 8e14b1b5a913 2024-09-30 11:56:04 +02:00
Jesper Noordsij
c02b72ca51
Disable IngressClass lookup when disableClusterScopeResources is enabled 2024-09-27 16:24:04 +02:00
Rémi BUISSON
2bb712135d
Specify default format value for access log 2024-09-27 15:34:04 +02:00
Michel Heusschen
14e5d4b4b3
Remove unused boot files from webui 2024-09-27 15:22:04 +02:00
lyrandy
e485edbe9f
Update API documentation to mention pagination 2024-09-27 15:00:06 +02:00
Romain
61bb3ab991
Rework condition to not log on timeout 2024-09-27 11:34:05 +02:00
Romain
e62f8af23b
Rework condition to not log on timeout 2024-09-27 11:20:04 +02:00
Romain
a42d396ed2
Clean connection headers for forward auth request only 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2024-09-27 11:18:05 +02:00
89 changed files with 1250 additions and 515 deletions
Show stats Expand all files Collapse all files

2
.semaphore/semaphore.yml
View file

@ -46,7 +46,7 @@ blocks:
- name: GH_VERSION
value: 2.32.1
- name: CODENAME
value: "comte"
value: "munster"
prologue:
commands:
- export VERSION=${SEMAPHORE_GIT_TAG_NAME}

51
CHANGELOG.md
View file

@ -1,3 +1,54 @@
## [v3.2.0-rc1](https://github.com/traefik/traefik/tree/v3.2.0-rc1) (2024-10-02)
[All Commits](https://github.com/traefik/traefik/compare/v3.1.0-rc1...v3.2.0-rc1)
**Enhancements:**
- **[acme]** Remove same email requirement for certresolvers ([#11019](https://github.com/traefik/traefik/pull/11019) by [Emrio](https://github.com/Emrio))
- **[acme]** Add support for custom CA certificates by certificate resolver ([#10816](https://github.com/traefik/traefik/pull/10816) by [ldez](https://github.com/ldez))
- **[acme]** Add 30 day certificatesDuration step ([#10970](https://github.com/traefik/traefik/pull/10970) by [luker983](https://github.com/luker983))
- **[docker]** Support HTTP BasicAuth for docker and swarm endpoint ([#10776](https://github.com/traefik/traefik/pull/10776) by [985492783](https://github.com/985492783))
- **[k8s,k8s/gatewayapi]** Add supported features to the Gateway API GatewayClass status ([#11056](https://github.com/traefik/traefik/pull/11056) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Update sigs.k8s.io/gateway-api to v1.2.0-rc1 ([#11124](https://github.com/traefik/traefik/pull/11124) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Add support for backend protocol selection in HTTP and GRPC routes ([#11051](https://github.com/traefik/traefik/pull/11051) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Improve Kubernetes GatewayAPI TCPRoute and TLSRoute support ([#11042](https://github.com/traefik/traefik/pull/11042) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Support HTTPRoute destination port matching ([#11134](https://github.com/traefik/traefik/pull/11134) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s,k8s/gatewayapi]** Bump sigs.k8s.io/gateway-api to v1.2.0-rc2 ([#11131](https://github.com/traefik/traefik/pull/11131) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s,k8s/gatewayapi]** Add support for Gateway API BackendTLSPolicies ([#11009](https://github.com/traefik/traefik/pull/11009) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Support NativeLB option in GatewayAPI provider ([#11147](https://github.com/traefik/traefik/pull/11147) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Support ResponseHeaderModifier filter ([#10987](https://github.com/traefik/traefik/pull/10987) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s,k8s/gatewayapi]** Support GRPC routes ([#10975](https://github.com/traefik/traefik/pull/10975) by [kevinpollet](https://github.com/kevinpollet))
- **[metrics,otel]** Allow setting service.name for OTLP metrics ([#10917](https://github.com/traefik/traefik/pull/10917) by [cmartell-at-ocp](https://github.com/cmartell-at-ocp))
- **[middleware,accesslogs]** Record trace id and EntryPoint span id into access log ([#10921](https://github.com/traefik/traefik/pull/10921) by [weijiany](https://github.com/weijiany))
- **[middleware,authentication]** Support LogUserHeader with forwardAuth middleware ([#10833](https://github.com/traefik/traefik/pull/10833) by [GaleHuang](https://github.com/GaleHuang))
- **[middleware]** Add encodings option to the compression middleware ([#10943](https://github.com/traefik/traefik/pull/10943) by [wollomatic](https://github.com/wollomatic))
- **[middleware]** Add support for ipv6 subnet in ipStrategy ([#9747](https://github.com/traefik/traefik/pull/9747) by [michal-kralik](https://github.com/michal-kralik))
- **[nomad]** Support for watching instead of polling Nomad ([#10997](https://github.com/traefik/traefik/pull/10997) by [deverton-godaddy](https://github.com/deverton-godaddy))
- **[server,performance]** Introduce a fast proxy mode to improve HTTP/1.1 performances with backends ([#11122](https://github.com/traefik/traefik/pull/11122) by [kevinpollet](https://github.com/kevinpollet))
- **[server]** Configurable max request header size ([#10995](https://github.com/traefik/traefik/pull/10995) by [lucasrod16](https://github.com/lucasrod16))
- **[service]** Add mirrorBody option to HTTP mirroring ([#11032](https://github.com/traefik/traefik/pull/11032) by [MatteoPaier](https://github.com/MatteoPaier))
## [v3.1.5](https://github.com/traefik/traefik/tree/v3.1.5) (2024-10-02)
[All Commits](https://github.com/traefik/traefik/compare/v3.1.4...v3.1.5)
**Bug fixes:**
- **[k8s/ingress,k8s]** Disable IngressClass lookup when disableClusterScopeResources is enabled ([#11111](https://github.com/traefik/traefik/pull/11111) by [jnoordsij](https://github.com/jnoordsij))
- **[server]** Rework condition to not log on timeout ([#11132](https://github.com/traefik/traefik/pull/11132) by [rtribotte](https://github.com/rtribotte))
- Merge branch v2.11 into v3.1 ([#11149](https://github.com/traefik/traefik/pull/11149) by [kevinpollet](https://github.com/kevinpollet))
- Merge branch v2.11 into v3.1 ([#11142](https://github.com/traefik/traefik/pull/11142) by [rtribotte](https://github.com/rtribotte))
## [v2.11.11](https://github.com/traefik/traefik/tree/v2.11.11) (2024-10-02)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.10...v2.11.11)
**Bug fixes:**
- **[acme]** Ensure defaultGeneratedCert.main as Subject&#39;s CN ([#10581](https://github.com/traefik/traefik/pull/10581) by [Lamatte](https://github.com/Lamatte))
- **[middleware,authentication]** Clean connection headers for forward auth request only ([#11095](https://github.com/traefik/traefik/pull/11095) by [rtribotte](https://github.com/rtribotte))
- **[middleware]** Bump github.com/klauspost/compress to 8e14b1b5a913 ([#11141](https://github.com/traefik/traefik/pull/11141) by [kevinpollet](https://github.com/kevinpollet))
- **[server]** Rework condition to not log on timeout ([#11133](https://github.com/traefik/traefik/pull/11133) by [rtribotte](https://github.com/rtribotte))
- **[webui]** Remove unused boot files from webui ([#11109](https://github.com/traefik/traefik/pull/11109) by [michelheusschen](https://github.com/michelheusschen))
**Documentation:**
- **[accesslogs]** Specify default format value for access log ([#11130](https://github.com/traefik/traefik/pull/11130) by [darkweaver87](https://github.com/darkweaver87))
- **[api]** Update API documentation to mention pagination ([#11115](https://github.com/traefik/traefik/pull/11115) by [lyrandy](https://github.com/lyrandy))
## [v3.1.4](https://github.com/traefik/traefik/tree/v3.1.4) (2024-09-19)
[All Commits](https://github.com/traefik/traefik/compare/v3.1.3...v3.1.4)

2
docs/content/getting-started/configuration-overview.md
View file

@ -79,7 +79,7 @@ traefik --help
# or
docker run traefik[:version] --help
# ex: docker run traefik:v3.1 --help
# ex: docker run traefik:v3.2 --help
```
Check the [CLI reference](../reference/static-configuration/cli.md "Link to CLI reference overview") for an overview about all available arguments.

8
docs/content/getting-started/install-traefik.md
View file

@ -16,12 +16,12 @@ You can install Traefik with the following flavors:
Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file:
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.1/traefik.sample.yml)
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.1/traefik.sample.toml)
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.2/traefik.sample.yml)
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.2/traefik.sample.toml)
```shell
docker run -d -p 8080:8080 -p 80:80 \
-v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.1
-v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.2
```
For more details, go to the [Docker provider documentation](../providers/docker.md)
@ -29,7 +29,7 @@ For more details, go to the [Docker provider documentation](../providers/docker.
!!! tip
* Prefer a fixed version than the latest that could be an unexpected version.
ex: `traefik:v3.1`
ex: `traefik:v3.2`
* Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine).
* Any orchestrator using docker images can fetch the official Traefik docker image.

2
docs/content/getting-started/quick-start-with-kubernetes.md
View file

@ -154,7 +154,7 @@ spec:
serviceAccountName: traefik-account
containers:
- name: traefik
image: traefik:v3.1
image: traefik:v3.2
args:
- --api.insecure
- --providers.kubernetesingress

2
docs/content/getting-started/quick-start.md
View file

@ -20,7 +20,7 @@ version: '3'
services:
reverse-proxy:
# The official v3 Traefik docker image
image: traefik:v3.1
image: traefik:v3.2
# Enables the web UI and tells Traefik to listen to docker
command: --api.insecure=true --providers.docker
ports:

12
docs/content/migration/v2.md
View file

@ -640,3 +640,15 @@ Increasing the `readTimeout` value could be the solution notably if you are deal
- TCP: `Error while handling TCP connection: readfrom tcp X.X.X.X:X->X.X.X.X:X: read tcp X.X.X.X:X->X.X.X.X:X: i/o timeout`
- HTTP: `'499 Client Closed Request' caused by: context canceled`
- HTTP: `ReverseProxy read error during body copy: read tcp X.X.X.X:X->X.X.X.X:X: use of closed network connection`
## v2.11.3
### Connection headers
In `v2.11.3`, the handling of the request Connection headers directives has changed to prevent any abuse.
Before, Traefik removed any header listed in the Connection header just before forwarding the request to the backends.
Now, Traefik removes the headers listed in the Connection header as soon as the request is handled.
As a consequence, middlewares do not have access to those Connection headers,
and a new option has been introduced to specify which ones could go through the middleware chain before being removed: `<entrypoint>.forwardedHeaders.connection`.
Please check out the [entrypoint forwarded headers connection option configuration](../routing/entrypoints.md#forwarded-headers) documentation.

4
docs/content/observability/access-logs.md
View file

@ -67,6 +67,8 @@ accessLog:
### `format`
_Optional, Default="common"_
By default, logs are written using the Common Log Format (CLF).
To write logs in JSON, use `json` in the `format` option.
If the given format is unsupported, the default (CLF) is used instead.
@ -277,7 +279,7 @@ version: "3.7"
services:
traefik:
image: traefik:v3.1
image: traefik:v3.2
environment:
- TZ=US/Alaska
command:

9
docs/content/operations/api.md
View file

@ -136,6 +136,15 @@ api:
All the following endpoints must be accessed with a `GET` HTTP request.
!!! info "Pagination"
By default, up to 100 results are returned per page, and the next page can be checked using the `X-Next-Page` HTTP Header.
To control pagination, use the `page` and `per_page` query parameters.
```bash
curl https://traefik.example.com:8080/api/http/routers?page=2&per_page=20
```
| Path | Description |
|--------------------------------|---------------------------------------------------------------------------------------------|
| `/api/http/routers` | Lists all the HTTP routers information. |

2
docs/content/providers/docker.md
View file

@ -166,7 +166,7 @@ See the [Docker API Access](#docker-api-access) section for more information.
services:
traefik:
image: traefik:v3.1 # The official v3 Traefik docker image
image: traefik:v3.2 # The official v3 Traefik docker image
ports:
- "80:80"
volumes:

4
docs/content/providers/kubernetes-crd.md
View file

@ -31,10 +31,10 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku
```bash
# Install Traefik Resource Definitions:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
# Install RBAC for Traefik:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
```
## Resource Configuration

2
docs/content/providers/kubernetes-gateway.md
View file

@ -34,7 +34,7 @@ For more details, check out the conformance [report](https://github.com/kubernet
```bash
# Install Traefik RBACs.
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml
```
3. Deploy Traefik and enable the `kubernetesGateway` provider in the static configuration as detailed below:

2
docs/content/providers/kubernetes-ingress.md
View file

@ -526,6 +526,6 @@ providers:
### Further
To learn more about the various aspects of the Ingress specification that Traefik supports,
many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v3.1/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v3.2/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
{!traefik-for-business-applications.md!}

2
docs/content/providers/swarm.md
View file

@ -212,7 +212,7 @@ See the [Docker Swarm API Access](#docker-api-access) section for more informati
services:
traefik:
image: traefik:v3.1 # The official v3 Traefik docker image
image: traefik:v3.2 # The official v3 Traefik docker image
ports:
- "80:80"
volumes:

142
docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
View file

@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all.
items:
type: string
@ -63,12 +63,12 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule
type: string
middlewares:
description: |-
Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware
items:
description: MiddlewareRef is a reference to a Middleware
resource.
@ -88,7 +88,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority
type: integer
services:
description: |-
@ -229,7 +229,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -277,7 +277,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax
type: string
required:
- kind
@ -287,18 +287,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@ -317,17 +317,17 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties:
name:
description: |-
Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
type: string
required:
- name
@ -344,12 +344,12 @@ spec:
name:
description: |-
Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
type: string
required:
- name
@ -409,7 +409,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all.
items:
type: string
@ -422,7 +422,7 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1
type: string
middlewares:
description: Middlewares defines the list of references to MiddlewareTCP
@ -446,7 +446,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1
type: integer
services:
description: Services defines the list of TCP services.
@ -487,7 +487,7 @@ spec:
proxyProtocol:
description: |-
ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
properties:
version:
description: Version defines the PROXY Protocol version
@ -525,7 +525,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1
type: string
required:
- match
@ -534,18 +534,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@ -564,7 +564,7 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties:
name:
description: Name defines the name of the referenced Traefik
@ -656,7 +656,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all.
items:
type: string
@ -743,7 +743,7 @@ spec:
openAPIV3Schema:
description: |-
Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/
properties:
apiVersion:
description: |-
@ -769,7 +769,7 @@ spec:
description: |-
AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding it.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/
properties:
prefix:
description: |-
@ -781,12 +781,12 @@ spec:
description: |-
BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
type: string
realm:
description: |-
@ -807,7 +807,7 @@ spec:
description: |-
Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can be forwarded to backends.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes
properties:
maxRequestBodyBytes:
description: |-
@ -839,14 +839,14 @@ spec:
description: |-
RetryExpression defines the retry conditions.
It is a logical combination of functions with operators AND (&&) and OR (||).
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression
type: string
type: object
chain:
description: |-
Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/
properties:
middlewares:
description: Middlewares is the list of MiddlewareRef which composes
@ -905,7 +905,7 @@ spec:
description: |-
Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/
properties:
defaultEncoding:
description: DefaultEncoding specifies the default encoding if
@ -954,12 +954,12 @@ spec:
description: |-
DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
type: string
realm:
description: |-
@ -979,7 +979,7 @@ spec:
description: |-
ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/
properties:
query:
description: |-
@ -989,7 +989,7 @@ spec:
service:
description: |-
Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service
properties:
healthCheck:
description: Healthcheck defines health checks for ExternalName
@ -1122,7 +1122,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -1180,7 +1180,7 @@ spec:
description: |-
ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
properties:
addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies
@ -1208,7 +1208,7 @@ spec:
authResponseHeadersRegex:
description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
type: string
tls:
description: TLS defines the configuration used to secure the
@ -1255,7 +1255,7 @@ spec:
description: |-
Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders
properties:
accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the
@ -1426,7 +1426,7 @@ spec:
description: |-
InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and served concurrently.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/
properties:
amount:
description: |-
@ -1439,12 +1439,12 @@ spec:
SourceCriterion defines what criterion is used to group requests as originating from a common source.
If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -1479,12 +1479,12 @@ spec:
description: |-
IPAllowList holds the IP allowlist middleware configuration.
This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -1521,7 +1521,7 @@ spec:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -1551,7 +1551,7 @@ spec:
description: |-
PassTLSClientCert holds the pass TLS client cert middleware configuration.
This middleware adds the selected data from the passed client TLS certificate to a header.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/
properties:
info:
description: Info selects the specific client certificate details
@ -1660,7 +1660,7 @@ spec:
description: |-
RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/
properties:
average:
description: |-
@ -1693,7 +1693,7 @@ spec:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -1728,7 +1728,7 @@ spec:
description: |-
RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex
properties:
permanent:
description: Permanent defines whether the redirection is permanent
@ -1747,7 +1747,7 @@ spec:
description: |-
RedirectScheme holds the redirect scheme middleware configuration.
This middleware redirects requests from a scheme/port to another.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/
properties:
permanent:
description: Permanent defines whether the redirection is permanent
@ -1764,7 +1764,7 @@ spec:
description: |-
ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/
properties:
path:
description: Path defines the path to use as replacement in the
@ -1775,7 +1775,7 @@ spec:
description: |-
ReplacePathRegex holds the replace path regex middleware configuration.
This middleware replaces the path of a URL using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/
properties:
regex:
description: Regex defines the regular expression used to match
@ -1791,7 +1791,7 @@ spec:
Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
properties:
attempts:
description: Attempts defines how many times the request should
@ -1813,7 +1813,7 @@ spec:
description: |-
StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/
properties:
forceSlash:
description: |-
@ -1832,7 +1832,7 @@ spec:
description: |-
StripPrefixRegex holds the strip prefix regex middleware configuration.
This middleware removes the matching prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/
properties:
regex:
description: Regex defines the regular expression to match the
@ -1869,7 +1869,7 @@ spec:
openAPIV3Schema:
description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/
properties:
apiVersion:
description: |-
@ -1905,7 +1905,7 @@ spec:
description: |-
IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@ -1919,7 +1919,7 @@ spec:
IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@ -1958,7 +1958,7 @@ spec:
ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1
properties:
apiVersion:
description: |-
@ -2097,7 +2097,7 @@ spec:
ServersTransportTCP is the CRD implementation of a TCPServersTransport.
If no tcpServersTransport is specified, a default one named default@internal will be used.
The default@internal tcpServersTransport can be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3
properties:
apiVersion:
description: |-
@ -2215,7 +2215,7 @@ spec:
openAPIV3Schema:
description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties:
apiVersion:
description: |-
@ -2240,14 +2240,14 @@ spec:
alpnProtocols:
description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols
items:
type: string
type: array
cipherSuites:
description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites
items:
type: string
type: array
@ -2275,7 +2275,7 @@ spec:
curvePreferences:
description: |-
CurvePreferences defines the preferred elliptic curves in a specific order.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences
items:
type: string
type: array
@ -2331,7 +2331,7 @@ spec:
TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores
properties:
apiVersion:
description: |-
@ -2429,7 +2429,7 @@ spec:
TraefikService object allows to:
- Apply weight to Services on load-balancing
- Mirror traffic on services
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice
properties:
apiVersion:
description: |-
@ -2675,7 +2675,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -2782,7 +2782,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -2965,7 +2965,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -3012,7 +3012,7 @@ spec:
sticky:
description: |-
Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
properties:
cookie:
description: Cookie defines the sticky cookie configuration.

2
docs/content/reference/dynamic-configuration/kubernetes-gateway-traefik-lb-svc.yml
View file

@ -25,7 +25,7 @@ spec:
serviceAccountName: traefik-controller
containers:
- name: traefik
image: traefik:v3.1
image: traefik:v3.2
args:
- --entryPoints.web.address=:80
- --entryPoints.websecure.address=:443

28
docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml
View file

@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all.
items:
type: string
@ -63,12 +63,12 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule
type: string
middlewares:
description: |-
Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware
items:
description: MiddlewareRef is a reference to a Middleware
resource.
@ -88,7 +88,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority
type: integer
services:
description: |-
@ -229,7 +229,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -277,7 +277,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax
type: string
required:
- kind
@ -287,18 +287,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@ -317,17 +317,17 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties:
name:
description: |-
Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
type: string
required:
- name
@ -344,12 +344,12 @@ spec:
name:
description: |-
Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
type: string
required:
- name

18
docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml
View file

@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all.
items:
type: string
@ -56,7 +56,7 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1
type: string
middlewares:
description: Middlewares defines the list of references to MiddlewareTCP
@ -80,7 +80,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1
type: integer
services:
description: Services defines the list of TCP services.
@ -121,7 +121,7 @@ spec:
proxyProtocol:
description: |-
ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
properties:
version:
description: Version defines the PROXY Protocol version
@ -159,7 +159,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1
type: string
required:
- match
@ -168,18 +168,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@ -198,7 +198,7 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties:
name:
description: Name defines the name of the referenced Traefik

2
docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml
View file

@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all.
items:
type: string

64
docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
View file

@ -19,7 +19,7 @@ spec:
openAPIV3Schema:
description: |-
Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/
properties:
apiVersion:
description: |-
@ -45,7 +45,7 @@ spec:
description: |-
AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding it.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/
properties:
prefix:
description: |-
@ -57,12 +57,12 @@ spec:
description: |-
BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
type: string
realm:
description: |-
@ -83,7 +83,7 @@ spec:
description: |-
Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can be forwarded to backends.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes
properties:
maxRequestBodyBytes:
description: |-
@ -115,14 +115,14 @@ spec:
description: |-
RetryExpression defines the retry conditions.
It is a logical combination of functions with operators AND (&&) and OR (||).
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression
type: string
type: object
chain:
description: |-
Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/
properties:
middlewares:
description: Middlewares is the list of MiddlewareRef which composes
@ -181,7 +181,7 @@ spec:
description: |-
Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/
properties:
defaultEncoding:
description: DefaultEncoding specifies the default encoding if
@ -230,12 +230,12 @@ spec:
description: |-
DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
type: string
realm:
description: |-
@ -255,7 +255,7 @@ spec:
description: |-
ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/
properties:
query:
description: |-
@ -265,7 +265,7 @@ spec:
service:
description: |-
Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service
properties:
healthCheck:
description: Healthcheck defines health checks for ExternalName
@ -398,7 +398,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -456,7 +456,7 @@ spec:
description: |-
ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
properties:
addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies
@ -484,7 +484,7 @@ spec:
authResponseHeadersRegex:
description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
type: string
tls:
description: TLS defines the configuration used to secure the
@ -531,7 +531,7 @@ spec:
description: |-
Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders
properties:
accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the
@ -702,7 +702,7 @@ spec:
description: |-
InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and served concurrently.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/
properties:
amount:
description: |-
@ -715,12 +715,12 @@ spec:
SourceCriterion defines what criterion is used to group requests as originating from a common source.
If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -755,12 +755,12 @@ spec:
description: |-
IPAllowList holds the IP allowlist middleware configuration.
This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -797,7 +797,7 @@ spec:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -827,7 +827,7 @@ spec:
description: |-
PassTLSClientCert holds the pass TLS client cert middleware configuration.
This middleware adds the selected data from the passed client TLS certificate to a header.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/
properties:
info:
description: Info selects the specific client certificate details
@ -936,7 +936,7 @@ spec:
description: |-
RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/
properties:
average:
description: |-
@ -969,7 +969,7 @@ spec:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -1004,7 +1004,7 @@ spec:
description: |-
RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex
properties:
permanent:
description: Permanent defines whether the redirection is permanent
@ -1023,7 +1023,7 @@ spec:
description: |-
RedirectScheme holds the redirect scheme middleware configuration.
This middleware redirects requests from a scheme/port to another.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/
properties:
permanent:
description: Permanent defines whether the redirection is permanent
@ -1040,7 +1040,7 @@ spec:
description: |-
ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/
properties:
path:
description: Path defines the path to use as replacement in the
@ -1051,7 +1051,7 @@ spec:
description: |-
ReplacePathRegex holds the replace path regex middleware configuration.
This middleware replaces the path of a URL using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/
properties:
regex:
description: Regex defines the regular expression used to match
@ -1067,7 +1067,7 @@ spec:
Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
properties:
attempts:
description: Attempts defines how many times the request should
@ -1089,7 +1089,7 @@ spec:
description: |-
StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/
properties:
forceSlash:
description: |-
@ -1108,7 +1108,7 @@ spec:
description: |-
StripPrefixRegex holds the strip prefix regex middleware configuration.
This middleware removes the matching prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/
properties:
regex:
description: Regex defines the regular expression to match the

6
docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml
View file

@ -19,7 +19,7 @@ spec:
openAPIV3Schema:
description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/
properties:
apiVersion:
description: |-
@ -55,7 +55,7 @@ spec:
description: |-
IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@ -69,7 +69,7 @@ spec:
IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of

2
docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml
View file

@ -21,7 +21,7 @@ spec:
ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1
properties:
apiVersion:
description: |-

2
docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml
View file

@ -21,7 +21,7 @@ spec:
ServersTransportTCP is the CRD implementation of a TCPServersTransport.
If no tcpServersTransport is specified, a default one named default@internal will be used.
The default@internal tcpServersTransport can be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3
properties:
apiVersion:
description: |-

8
docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml
View file

@ -19,7 +19,7 @@ spec:
openAPIV3Schema:
description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties:
apiVersion:
description: |-
@ -44,14 +44,14 @@ spec:
alpnProtocols:
description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols
items:
type: string
type: array
cipherSuites:
description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites
items:
type: string
type: array
@ -79,7 +79,7 @@ spec:
curvePreferences:
description: |-
CurvePreferences defines the preferred elliptic curves in a specific order.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences
items:
type: string
type: array

2
docs/content/reference/dynamic-configuration/traefik.io_tlsstores.yaml
View file

@ -21,7 +21,7 @@ spec:
TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores
properties:
apiVersion:
description: |-

10
docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml
View file

@ -22,7 +22,7 @@ spec:
TraefikService object allows to:
- Apply weight to Services on load-balancing
- Mirror traffic on services
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice
properties:
apiVersion:
description: |-
@ -268,7 +268,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -375,7 +375,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -558,7 +558,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -605,7 +605,7 @@ spec:
sticky:
description: |-
Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
properties:
cookie:
description: Cookie defines the sticky cookie configuration.

3
docs/content/reference/static-configuration/cli-ref.md
View file

@ -801,6 +801,9 @@ Kubernetes label selector to select specific GatewayClasses.
`--providers.kubernetesgateway.namespaces`:
Kubernetes namespaces.
`--providers.kubernetesgateway.nativelbbydefault`:
Defines whether to use Native Kubernetes load-balancing by default. (Default: ```false```)
`--providers.kubernetesgateway.statusaddress.hostname`:
Hostname used for Kubernetes Gateway status address.

3
docs/content/reference/static-configuration/env-ref.md
View file

@ -801,6 +801,9 @@ Kubernetes label selector to select specific GatewayClasses.
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_NAMESPACES`:
Kubernetes namespaces.
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_NATIVELBBYDEFAULT`:
Defines whether to use Native Kubernetes load-balancing by default. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_STATUSADDRESS_HOSTNAME`:
Hostname used for Kubernetes Gateway status address.

1
docs/content/reference/static-configuration/file.toml
View file

@ -158,6 +158,7 @@
labelSelector = "foobar"
throttleDuration = "42s"
experimentalChannel = true
nativeLBByDefault = true
[providers.kubernetesGateway.statusAddress]
ip = "foobar"
hostname = "foobar"

1
docs/content/reference/static-configuration/file.yaml
View file

@ -183,6 +183,7 @@ providers:
service:
name: foobar
namespace: foobar
nativeLBByDefault: true
rest:
insecure: true
consulCatalog:

2
docs/content/routing/providers/kubernetes-crd.md
View file

@ -48,7 +48,7 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v3.1
image: traefik:v3.2
args:
- --log.level=DEBUG
- --api

6
docs/content/routing/providers/kubernetes-ingress.md
View file

@ -130,7 +130,7 @@ which in turn will create the resulting routers, services, handlers, etc.
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v3.1
image: traefik:v3.2
args:
- --entryPoints.web.address=:80
- --providers.kubernetesingress
@ -543,7 +543,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v3.1
image: traefik:v3.2
args:
- --entryPoints.websecure.address=:443
- --entryPoints.websecure.http.tls
@ -736,7 +736,7 @@ For more options, please refer to the available [annotations](#on-ingress).
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v3.1
image: traefik:v3.2
args:
- --entryPoints.websecure.address=:443
- --providers.kubernetesingress

2
docs/content/user-guides/crd-acme/03-deployments.yml
View file

@ -26,7 +26,7 @@ spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v3.1
image: traefik:v3.2
args:
- --api.insecure
- --accesslog

12
docs/content/user-guides/crd-acme/index.md
View file

@ -49,10 +49,10 @@ and the RBAC authorization resources which will be referenced through the `servi
```bash
# Install Traefik Resource Definitions:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
# Install RBAC for Traefik:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
```
### Services
@ -60,7 +60,7 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/con
Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/traefik/whoami).
```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/02-services.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/02-services.yml
```
```yaml
@ -73,7 +73,7 @@ Next, the deployments, i.e. the actual pods behind the services.
Again, one pod for Traefik, and one for the whoami app.
```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/03-deployments.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/03-deployments.yml
```
```yaml
@ -100,7 +100,7 @@ Look it up.
We can now finally apply the actual ingressRoutes, with:
```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/04-ingressroutes.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/04-ingressroutes.yml
```
```yaml
@ -126,7 +126,7 @@ Nowadays, TLS v1.0 and v1.1 are deprecated.
In order to force TLS v1.2 or later on all your IngressRoute, you can define the `default` TLSOption:
```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/05-tlsoption.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/05-tlsoption.yml
```
```yaml

2
docs/content/user-guides/crd-acme/k3s.yml
View file

@ -26,5 +26,5 @@ node:
- K3S_CLUSTER_SECRET=somethingtotallyrandom
volumes:
# this is where you would place a alternative traefik image (saved as a .tar file with
# 'docker save'), if you want to use it, instead of the traefik:v3.1 image.
# 'docker save'), if you want to use it, instead of the traefik:v3.2 image.
- /somewhere/on/your/host/custom-image:/var/lib/rancher/k3s/agent/images

2
docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml
View file

@ -3,7 +3,7 @@ version: "3.3"
services:
traefik:
image: "traefik:v3.1"
image: "traefik:v3.2"
container_name: "traefik"
command:
#- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/acme-dns/docker-compose_secrets.yml
View file

@ -13,7 +13,7 @@ secrets:
services:
traefik:
image: "traefik:v3.1"
image: "traefik:v3.2"
container_name: "traefik"
command:
#- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/acme-http/docker-compose.yml
View file

@ -3,7 +3,7 @@ version: "3.3"
services:
traefik:
image: "traefik:v3.1"
image: "traefik:v3.2"
container_name: "traefik"
command:
#- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/acme-tls/docker-compose.yml
View file

@ -3,7 +3,7 @@ version: "3.3"
services:
traefik:
image: "traefik:v3.1"
image: "traefik:v3.2"
container_name: "traefik"
command:
#- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/basic-example/docker-compose.yml
View file

@ -3,7 +3,7 @@ version: "3.3"
services:
traefik:
image: "traefik:v3.1"
image: "traefik:v3.2"
container_name: "traefik"
command:
#- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/basic-example/index.md
View file

@ -31,7 +31,7 @@ Create a `docker-compose.yml` file with the following content:
services:
traefik:
image: "traefik:v3.1"
image: "traefik:v3.2"
...
networks:
- traefiknet

2
go.mod
View file

@ -34,7 +34,7 @@ require (
github.com/http-wasm/http-wasm-host-go v0.6.0
github.com/influxdata/influxdb-client-go/v2 v2.7.0
github.com/influxdata/influxdb1-client v0.0.0-20200827194710-b269163b24ab // No tag on the repo.
github.com/klauspost/compress v1.17.9
github.com/klauspost/compress v1.17.11-0.20240927175842-8e14b1b5a913 // Required to have the content-type fix: https://github.com/klauspost/compress/pull/1011
github.com/kvtools/consul v1.0.2
github.com/kvtools/etcdv3 v1.0.2
github.com/kvtools/redis v1.1.0

4
go.sum
View file

@ -597,8 +597,8 @@ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvW
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
github.com/klauspost/compress v1.17.11-0.20240927175842-8e14b1b5a913 h1:7s7Xd7zVElAw1qh/eh+tXDNfDNXXj38Tpq54eeG6/BM=
github.com/klauspost/compress v1.17.11-0.20240927175842-8e14b1b5a913/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=

142
integration/fixtures/k8s/01-traefik-crd.yml
View file

@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all.
items:
type: string
@ -63,12 +63,12 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule
type: string
middlewares:
description: |-
Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware
items:
description: MiddlewareRef is a reference to a Middleware
resource.
@ -88,7 +88,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority
type: integer
services:
description: |-
@ -229,7 +229,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -277,7 +277,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax
type: string
required:
- kind
@ -287,18 +287,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@ -317,17 +317,17 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties:
name:
description: |-
Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
type: string
required:
- name
@ -344,12 +344,12 @@ spec:
name:
description: |-
Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
type: string
required:
- name
@ -409,7 +409,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all.
items:
type: string
@ -422,7 +422,7 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1
type: string
middlewares:
description: Middlewares defines the list of references to MiddlewareTCP
@ -446,7 +446,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1
type: integer
services:
description: Services defines the list of TCP services.
@ -487,7 +487,7 @@ spec:
proxyProtocol:
description: |-
ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
properties:
version:
description: Version defines the PROXY Protocol version
@ -525,7 +525,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1
type: string
required:
- match
@ -534,18 +534,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@ -564,7 +564,7 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties:
name:
description: Name defines the name of the referenced Traefik
@ -656,7 +656,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all.
items:
type: string
@ -743,7 +743,7 @@ spec:
openAPIV3Schema:
description: |-
Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/
properties:
apiVersion:
description: |-
@ -769,7 +769,7 @@ spec:
description: |-
AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding it.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/
properties:
prefix:
description: |-
@ -781,12 +781,12 @@ spec:
description: |-
BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
type: string
realm:
description: |-
@ -807,7 +807,7 @@ spec:
description: |-
Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can be forwarded to backends.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes
properties:
maxRequestBodyBytes:
description: |-
@ -839,14 +839,14 @@ spec:
description: |-
RetryExpression defines the retry conditions.
It is a logical combination of functions with operators AND (&&) and OR (||).
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression
type: string
type: object
chain:
description: |-
Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/
properties:
middlewares:
description: Middlewares is the list of MiddlewareRef which composes
@ -905,7 +905,7 @@ spec:
description: |-
Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/
properties:
defaultEncoding:
description: DefaultEncoding specifies the default encoding if
@ -954,12 +954,12 @@ spec:
description: |-
DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
type: string
realm:
description: |-
@ -979,7 +979,7 @@ spec:
description: |-
ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/
properties:
query:
description: |-
@ -989,7 +989,7 @@ spec:
service:
description: |-
Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service
properties:
healthCheck:
description: Healthcheck defines health checks for ExternalName
@ -1122,7 +1122,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -1180,7 +1180,7 @@ spec:
description: |-
ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
properties:
addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies
@ -1208,7 +1208,7 @@ spec:
authResponseHeadersRegex:
description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
type: string
tls:
description: TLS defines the configuration used to secure the
@ -1255,7 +1255,7 @@ spec:
description: |-
Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders
properties:
accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the
@ -1426,7 +1426,7 @@ spec:
description: |-
InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and served concurrently.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/
properties:
amount:
description: |-
@ -1439,12 +1439,12 @@ spec:
SourceCriterion defines what criterion is used to group requests as originating from a common source.
If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -1479,12 +1479,12 @@ spec:
description: |-
IPAllowList holds the IP allowlist middleware configuration.
This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -1521,7 +1521,7 @@ spec:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -1551,7 +1551,7 @@ spec:
description: |-
PassTLSClientCert holds the pass TLS client cert middleware configuration.
This middleware adds the selected data from the passed client TLS certificate to a header.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/
properties:
info:
description: Info selects the specific client certificate details
@ -1660,7 +1660,7 @@ spec:
description: |-
RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/
properties:
average:
description: |-
@ -1693,7 +1693,7 @@ spec:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -1728,7 +1728,7 @@ spec:
description: |-
RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex
properties:
permanent:
description: Permanent defines whether the redirection is permanent
@ -1747,7 +1747,7 @@ spec:
description: |-
RedirectScheme holds the redirect scheme middleware configuration.
This middleware redirects requests from a scheme/port to another.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/
properties:
permanent:
description: Permanent defines whether the redirection is permanent
@ -1764,7 +1764,7 @@ spec:
description: |-
ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/
properties:
path:
description: Path defines the path to use as replacement in the
@ -1775,7 +1775,7 @@ spec:
description: |-
ReplacePathRegex holds the replace path regex middleware configuration.
This middleware replaces the path of a URL using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/
properties:
regex:
description: Regex defines the regular expression used to match
@ -1791,7 +1791,7 @@ spec:
Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
properties:
attempts:
description: Attempts defines how many times the request should
@ -1813,7 +1813,7 @@ spec:
description: |-
StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/
properties:
forceSlash:
description: |-
@ -1832,7 +1832,7 @@ spec:
description: |-
StripPrefixRegex holds the strip prefix regex middleware configuration.
This middleware removes the matching prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/
properties:
regex:
description: Regex defines the regular expression to match the
@ -1869,7 +1869,7 @@ spec:
openAPIV3Schema:
description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/
properties:
apiVersion:
description: |-
@ -1905,7 +1905,7 @@ spec:
description: |-
IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@ -1919,7 +1919,7 @@ spec:
IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@ -1958,7 +1958,7 @@ spec:
ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1
properties:
apiVersion:
description: |-
@ -2097,7 +2097,7 @@ spec:
ServersTransportTCP is the CRD implementation of a TCPServersTransport.
If no tcpServersTransport is specified, a default one named default@internal will be used.
The default@internal tcpServersTransport can be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3
properties:
apiVersion:
description: |-
@ -2215,7 +2215,7 @@ spec:
openAPIV3Schema:
description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties:
apiVersion:
description: |-
@ -2240,14 +2240,14 @@ spec:
alpnProtocols:
description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols
items:
type: string
type: array
cipherSuites:
description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites
items:
type: string
type: array
@ -2275,7 +2275,7 @@ spec:
curvePreferences:
description: |-
CurvePreferences defines the preferred elliptic curves in a specific order.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences
items:
type: string
type: array
@ -2331,7 +2331,7 @@ spec:
TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores
properties:
apiVersion:
description: |-
@ -2429,7 +2429,7 @@ spec:
TraefikService object allows to:
- Apply weight to Services on load-balancing
- Mirror traffic on services
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice
properties:
apiVersion:
description: |-
@ -2675,7 +2675,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -2782,7 +2782,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -2965,7 +2965,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -3012,7 +3012,7 @@ spec:
sticky:
description: |-
Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
properties:
cookie:
description: Cookie defines the sticky cookie configuration.

48
pkg/cli/deprecation.go
View file

@ -194,7 +194,7 @@ func (c *configuration) deprecationNotice(logger zerolog.Logger) bool {
if c.Pilot != nil {
incompatible = true
logger.Error().Msg("Pilot configuration has been removed in v3, please remove all Pilot-related static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#pilot")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#pilot")
}
incompatibleExperimental := c.Experimental.deprecationNotice(logger)
@ -227,13 +227,13 @@ func (p *providers) deprecationNotice(logger zerolog.Logger) bool {
if p.Marathon != nil {
incompatible = true
logger.Error().Msg("Marathon provider has been removed in v3, please remove all Marathon-related static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#marathon-provider")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#marathon-provider")
}
if p.Rancher != nil {
incompatible = true
logger.Error().Msg("Rancher provider has been removed in v3, please remove all Rancher-related static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#rancher-v1-provider")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#rancher-v1-provider")
}
dockerIncompatible := p.Docker.deprecationNotice(logger)
@ -275,14 +275,14 @@ func (d *docker) deprecationNotice(logger zerolog.Logger) bool {
if d.SwarmMode != nil {
incompatible = true
logger.Error().Msg("Docker provider `swarmMode` option has been removed in v3, please use the Swarm Provider instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#docker-docker-swarm")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#docker-docker-swarm")
}
if d.TLS != nil && d.TLS.CAOptional != nil {
incompatible = true
logger.Error().Msg("Docker provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional")
}
return incompatible
@ -323,7 +323,7 @@ func (e *etcd) deprecationNotice(logger zerolog.Logger) bool {
incompatible = true
logger.Error().Msg("ETCD provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_3")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_3")
}
return incompatible
@ -344,7 +344,7 @@ func (r *redis) deprecationNotice(logger zerolog.Logger) bool {
incompatible = true
logger.Error().Msg("Redis provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_4")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_4")
}
return incompatible
@ -365,14 +365,14 @@ func (c *consul) deprecationNotice(logger zerolog.Logger) bool {
if c.Namespace != nil {
incompatible = true
logger.Error().Msg("Consul provider `namespace` option has been removed, please use the `namespaces` option instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#consul-provider")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#consul-provider")
}
if c.TLS != nil && c.TLS.CAOptional != nil {
incompatible = true
logger.Error().Msg("Consul provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_1")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_1")
}
return incompatible
@ -397,14 +397,14 @@ func (c *consulCatalog) deprecationNotice(logger zerolog.Logger) bool {
if c.Namespace != nil {
incompatible = true
logger.Error().Msg("ConsulCatalog provider `namespace` option has been removed, please use the `namespaces` option instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#consulcatalog-provider")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#consulcatalog-provider")
}
if c.Endpoint != nil && c.Endpoint.TLS != nil && c.Endpoint.TLS.CAOptional != nil {
incompatible = true
logger.Error().Msg("ConsulCatalog provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#endpointtlscaoptional")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#endpointtlscaoptional")
}
return incompatible
@ -425,14 +425,14 @@ func (n *nomad) deprecationNotice(logger zerolog.Logger) bool {
if n.Namespace != nil {
incompatible = true
logger.Error().Msg("Nomad provider `namespace` option has been removed, please use the `namespaces` option instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#nomad-provider")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#nomad-provider")
}
if n.Endpoint != nil && n.Endpoint.TLS != nil && n.Endpoint.TLS.CAOptional != nil {
incompatible = true
logger.Error().Msg("Nomad provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#endpointtlscaoptional_1")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#endpointtlscaoptional_1")
}
return incompatible
@ -453,7 +453,7 @@ func (h *http) deprecationNotice(logger zerolog.Logger) bool {
incompatible = true
logger.Error().Msg("HTTP provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_2")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_2")
}
return incompatible
@ -471,7 +471,7 @@ func (i *ingress) deprecationNotice(logger zerolog.Logger) {
if i.DisableIngressClassLookup != nil {
logger.Error().Msg("Kubernetes Ingress provider `disableIngressClassLookup` option has been deprecated in v3.1, and will be removed in the next major version." +
"Please use the `disableClusterScopeResources` option instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v3/#ingressclasslookup")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v3/#ingressclasslookup")
}
}
@ -488,7 +488,7 @@ func (e *experimental) deprecationNotice(logger zerolog.Logger) bool {
if e.HTTP3 != nil {
logger.Error().Msg("HTTP3 is not an experimental feature in v3 and the associated enablement has been removed." +
"Please remove its usage from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3-details/#http3")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3-details/#http3")
return true
}
@ -496,7 +496,7 @@ func (e *experimental) deprecationNotice(logger zerolog.Logger) bool {
if e.KubernetesGateway != nil {
logger.Error().Msg("KubernetesGateway provider is not an experimental feature starting with v3.1." +
"Please remove its usage from the static configuration." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v3/#gateway-api-kubernetesgateway-provider")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v3/#gateway-api-kubernetesgateway-provider")
}
return false
@ -520,49 +520,49 @@ func (t *tracing) deprecationNotice(logger zerolog.Logger) bool {
if t.SpanNameLimit != nil {
incompatible = true
logger.Error().Msg("SpanNameLimit option for Tracing has been removed in v3, as Span names are now of a fixed length." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
}
if t.Jaeger != nil {
incompatible = true
logger.Error().Msg("Jaeger Tracing backend has been removed in v3, please remove all Jaeger-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
}
if t.Zipkin != nil {
incompatible = true
logger.Error().Msg("Zipkin Tracing backend has been removed in v3, please remove all Zipkin-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
}
if t.Datadog != nil {
incompatible = true
logger.Error().Msg("Datadog Tracing backend has been removed in v3, please remove all Datadog-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
}
if t.Instana != nil {
incompatible = true
logger.Error().Msg("Instana Tracing backend has been removed in v3, please remove all Instana-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
}
if t.Haystack != nil {
incompatible = true
logger.Error().Msg("Haystack Tracing backend has been removed in v3, please remove all Haystack-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
}
if t.Elastic != nil {
incompatible = true
logger.Error().Msg("Elastic Tracing backend has been removed in v3, please remove all Elastic-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
}
return incompatible

48
pkg/config/dynamic/middlewares.go
View file

@ -73,7 +73,7 @@ type ContentType struct {
// AddPrefix holds the add prefix middleware configuration.
// This middleware updates the path of a request before forwarding it.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/
type AddPrefix struct {
// Prefix is the string to add before the current path in the requested URL.
// It should include a leading slash (/).
@ -84,7 +84,7 @@ type AddPrefix struct {
// BasicAuth holds the basic auth middleware configuration.
// This middleware restricts access to your services to known users.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
type BasicAuth struct {
// Users is an array of authorized users.
// Each user must be declared using the name:hashed-password format.
@ -99,7 +99,7 @@ type BasicAuth struct {
// Default: false.
RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"`
// HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
}
@ -107,7 +107,7 @@ type BasicAuth struct {
// Buffering holds the buffering middleware configuration.
// This middleware retries or limits the size of requests that can be forwarded to backends.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes
type Buffering struct {
// MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
// If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
@ -125,7 +125,7 @@ type Buffering struct {
MemResponseBodyBytes int64 `json:"memResponseBodyBytes,omitempty" toml:"memResponseBodyBytes,omitempty" yaml:"memResponseBodyBytes,omitempty" export:"true"`
// RetryExpression defines the retry conditions.
// It is a logical combination of functions with operators AND (&&) and OR (||).
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression
RetryExpression string `json:"retryExpression,omitempty" toml:"retryExpression,omitempty" yaml:"retryExpression,omitempty" export:"true"`
}
@ -142,7 +142,7 @@ type Chain struct {
// CircuitBreaker holds the circuit breaker middleware configuration.
// This middleware protects the system from stacking requests to unhealthy services, resulting in cascading failures.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/circuitbreaker/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/circuitbreaker/
type CircuitBreaker struct {
// Expression defines the expression that, once matched, opens the circuit breaker and applies the fallback mechanism instead of calling the services.
Expression string `json:"expression,omitempty" toml:"expression,omitempty" yaml:"expression,omitempty" export:"true"`
@ -191,7 +191,7 @@ func (c *Compress) SetDefaults() {
// DigestAuth holds the digest auth middleware configuration.
// This middleware restricts access to your services to known users.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
type DigestAuth struct {
// Users defines the authorized users.
// Each user should be declared using the name:realm:encoded-password format.
@ -204,7 +204,7 @@ type DigestAuth struct {
// Default: traefik.
Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"`
// HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
}
@ -230,7 +230,7 @@ type ErrorPage struct {
// ForwardAuth holds the forward auth middleware configuration.
// This middleware delegates the request authentication to a Service.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
type ForwardAuth struct {
// Address defines the authentication server address.
Address string `json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"`
@ -241,7 +241,7 @@ type ForwardAuth struct {
// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
AuthResponseHeaders []string `json:"authResponseHeaders,omitempty" toml:"authResponseHeaders,omitempty" yaml:"authResponseHeaders,omitempty" export:"true"`
// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty" toml:"authResponseHeadersRegex,omitempty" yaml:"authResponseHeadersRegex,omitempty" export:"true"`
// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
// If not set or empty then all request headers are passed.
@ -271,7 +271,7 @@ type ClientTLS struct {
// Headers holds the headers middleware configuration.
// This middleware manages the requests and responses headers.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders
type Headers struct {
// CustomRequestHeaders defines the header names and values to apply to the request.
CustomRequestHeaders map[string]string `json:"customRequestHeaders,omitempty" toml:"customRequestHeaders,omitempty" yaml:"customRequestHeaders,omitempty" export:"true"`
@ -400,7 +400,7 @@ func (h *Headers) HasSecureHeadersDefined() bool {
// +k8s:deepcopy-gen=true
// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
type IPStrategy struct {
// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
@ -454,7 +454,7 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
// IPWhiteList holds the IP whitelist middleware configuration.
// This middleware limits allowed requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipwhitelist/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipwhitelist/
// Deprecated: please use IPAllowList instead.
type IPWhiteList struct {
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). Required.
@ -466,7 +466,7 @@ type IPWhiteList struct {
// IPAllowList holds the IP allowlist middleware configuration.
// This middleware limits allowed requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/
type IPAllowList struct {
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
@ -480,7 +480,7 @@ type IPAllowList struct {
// InFlightReq holds the in-flight request middleware configuration.
// This middleware limits the number of requests being processed and served concurrently.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/
type InFlightReq struct {
// Amount defines the maximum amount of allowed simultaneous in-flight request.
// The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
@ -488,7 +488,7 @@ type InFlightReq struct {
// SourceCriterion defines what criterion is used to group requests as originating from a common source.
// If several strategies are defined at the same time, an error will be raised.
// If none are set, the default is to use the requestHost.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion
SourceCriterion *SourceCriterion `json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true"`
}
@ -496,7 +496,7 @@ type InFlightReq struct {
// PassTLSClientCert holds the pass TLS client cert middleware configuration.
// This middleware adds the selected data from the passed client TLS certificate to a header.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/
type PassTLSClientCert struct {
// PEM sets the X-Forwarded-Tls-Client-Cert header with the certificate.
PEM bool `json:"pem,omitempty" toml:"pem,omitempty" yaml:"pem,omitempty" export:"true"`
@ -552,7 +552,7 @@ func (r *RateLimit) SetDefaults() {
// RedirectRegex holds the redirect regex middleware configuration.
// This middleware redirects a request using regex matching and replacement.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex
type RedirectRegex struct {
// Regex defines the regex used to match and capture elements from the request URL.
Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty"`
@ -566,7 +566,7 @@ type RedirectRegex struct {
// RedirectScheme holds the redirect scheme middleware configuration.
// This middleware redirects requests from a scheme/port to another.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/
type RedirectScheme struct {
// Scheme defines the scheme of the new URL.
Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
@ -580,7 +580,7 @@ type RedirectScheme struct {
// ReplacePath holds the replace path middleware configuration.
// This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/
type ReplacePath struct {
// Path defines the path to use as replacement in the request URL.
Path string `json:"path,omitempty" toml:"path,omitempty" yaml:"path,omitempty" export:"true"`
@ -590,7 +590,7 @@ type ReplacePath struct {
// ReplacePathRegex holds the replace path regex middleware configuration.
// This middleware replaces the path of a URL using regex matching and replacement.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/
type ReplacePathRegex struct {
// Regex defines the regular expression used to match and capture the path from the request URL.
Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
@ -603,7 +603,7 @@ type ReplacePathRegex struct {
// Retry holds the retry middleware configuration.
// This middleware reissues requests a given number of times to a backend server if that server does not reply.
// As soon as the server answers, the middleware stops retrying, regardless of the response status.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
type Retry struct {
// Attempts defines how many times the request should be retried.
Attempts int `json:"attempts,omitempty" toml:"attempts,omitempty" yaml:"attempts,omitempty" export:"true"`
@ -619,7 +619,7 @@ type Retry struct {
// StripPrefix holds the strip prefix middleware configuration.
// This middleware removes the specified prefixes from the URL path.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/
type StripPrefix struct {
// Prefixes defines the prefixes to strip from the request URL.
Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"`
@ -634,7 +634,7 @@ type StripPrefix struct {
// StripPrefixRegex holds the strip prefix regex middleware configuration.
// This middleware removes the matching prefixes from the URL path.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/
type StripPrefixRegex struct {
// Regex defines the regular expression to match the path prefix from the request URL.
Regex []string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`

2
pkg/config/dynamic/tcp_config.go
View file

@ -125,7 +125,7 @@ type TCPServer struct {
// +k8s:deepcopy-gen=true
// ProxyProtocol holds the PROXY Protocol configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
type ProxyProtocol struct {
// Version defines the PROXY Protocol version to use.
Version int `json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"`

4
pkg/config/dynamic/tcp_middlewares.go
View file

@ -15,7 +15,7 @@ type TCPMiddleware struct {
// TCPInFlightConn holds the TCP InFlightConn middleware configuration.
// This middleware prevents services from being overwhelmed with high load,
// by limiting the number of allowed simultaneous connections for one IP.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/inflightconn/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/inflightconn/
type TCPInFlightConn struct {
// Amount defines the maximum amount of allowed simultaneous connections.
// The middleware closes the connection if there are already amount connections opened.
@ -35,7 +35,7 @@ type TCPIPWhiteList struct {
// TCPIPAllowList holds the TCP IPAllowList middleware configuration.
// This middleware limits allowed requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
type TCPIPAllowList struct {
// SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`

31
pkg/middlewares/auth/connectionheader.go
View file

@ -13,22 +13,21 @@ const (
upgradeHeader = "Upgrade"
)
// Remover removes hop-by-hop headers listed in the "Connection" header.
// RemoveConnectionHeaders removes hop-by-hop headers listed in the "Connection" header.
// See RFC 7230, section 6.1.
func Remover(next http.Handler) http.HandlerFunc {
return func(rw http.ResponseWriter, req *http.Request) {
next.ServeHTTP(rw, Remove(req))
}
}
// Remove removes hop-by-hop header on the request.
func Remove(req *http.Request) *http.Request {
func RemoveConnectionHeaders(req *http.Request) {
var reqUpType string
if httpguts.HeaderValuesContainsToken(req.Header[connectionHeader], upgradeHeader) {
reqUpType = req.Header.Get(upgradeHeader)
}
removeConnectionHeaders(req.Header)
for _, f := range req.Header[connectionHeader] {
for _, sf := range strings.Split(f, ",") {
if sf = textproto.TrimString(sf); sf != "" {
req.Header.Del(sf)
}
}
}
if reqUpType != "" {
req.Header.Set(connectionHeader, upgradeHeader)
@ -36,16 +35,4 @@ func Remove(req *http.Request) *http.Request {
} else {
req.Header.Del(connectionHeader)
}
return req
}
func removeConnectionHeaders(h http.Header) {
for _, f := range h[connectionHeader] {
for _, sf := range strings.Split(f, ",") {
if sf = textproto.TrimString(sf); sf != "" {
h.Del(sf)
}
}
}
}

8
pkg/middlewares/auth/connectionheader_test.go
View file

@ -50,19 +50,13 @@ func TestRemover(t *testing.T) {
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
next := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {})
h := Remover(next)
req := httptest.NewRequest(http.MethodGet, "https://localhost", nil)
for k, v := range test.reqHeaders {
req.Header.Set(k, v)
}
rw := httptest.NewRecorder()
h.ServeHTTP(rw, req)
RemoveConnectionHeaders(req)
assert.Equal(t, test.expected, req.Header)
})

4
pkg/middlewares/auth/forward.go
View file

@ -123,8 +123,6 @@ func (fa *forwardAuth) GetTracingInformation() (string, string, trace.SpanKind)
func (fa *forwardAuth) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
logger := middlewares.GetLogger(req.Context(), fa.name, typeNameForward)
req = Remove(req)
forwardReq, err := http.NewRequestWithContext(req.Context(), http.MethodGet, fa.address, nil)
if err != nil {
logger.Debug().Msgf("Error calling %s. Cause %s", fa.address, err)
@ -274,6 +272,8 @@ func (fa *forwardAuth) buildModifier(authCookies []*http.Cookie) func(res *http.
func writeHeader(req, forwardReq *http.Request, trustForwardHeader bool, allowedHeaders []string) {
utils.CopyHeaders(forwardReq.Header, req.Header)
RemoveConnectionHeaders(forwardReq)
utils.RemoveHeaders(forwardReq.Header, hopHeaders...)
forwardReq.Header = filterForwardRequestHeaders(forwardReq.Header, allowedHeaders)

13
pkg/provider/acme/provider.go
View file

@ -623,8 +623,11 @@ func (p *Provider) resolveDefaultCertificate(ctx context.Context, domains []stri
p.resolvingDomainsMutex.Lock()
sort.Strings(domains)
domainKey := strings.Join(domains, ",")
sortedDomains := make([]string, len(domains))
copy(sortedDomains, domains)
sort.Strings(sortedDomains)
domainKey := strings.Join(sortedDomains, ",")
if _, ok := p.resolvingDomains[domainKey]; ok {
p.resolvingDomainsMutex.Unlock()
@ -1026,12 +1029,14 @@ func (p *Provider) certExists(validDomains []string) bool {
p.certificatesMu.RLock()
defer p.certificatesMu.RUnlock()
sort.Strings(validDomains)
sortedDomains := make([]string, len(validDomains))
copy(sortedDomains, validDomains)
sort.Strings(sortedDomains)
for _, cert := range p.certificates {
domains := cert.Certificate.Domain.ToStrArray()
sort.Strings(domains)
if reflect.DeepEqual(domains, validDomains) {
if reflect.DeepEqual(domains, sortedDomains) {
return true
}
}

20
pkg/provider/kubernetes/crd/kubernetes_test.go
View file

@ -1609,7 +1609,7 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
k8sObjects, crdObjects := readResources(t, test.paths)
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
client := newClientImpl(kubeClient, crdClient)
@ -4891,7 +4891,7 @@ func TestLoadIngressRoutes(t *testing.T) {
k8sObjects, crdObjects := readResources(t, test.paths)
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
client := newClientImpl(kubeClient, crdClient)
@ -4972,7 +4972,7 @@ func TestLoadIngressRoutes_multipleEndpointAddresses(t *testing.T) {
k8sObjects, crdObjects := readResources(t, []string{"services.yml", "with_multiple_endpointslices.yml"})
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
client := newClientImpl(kubeClient, crdClient)
@ -5481,7 +5481,7 @@ func TestLoadIngressRouteUDPs(t *testing.T) {
k8sObjects, crdObjects := readResources(t, test.paths)
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
client := newClientImpl(kubeClient, crdClient)
@ -6971,7 +6971,7 @@ func TestCrossNamespace(t *testing.T) {
k8sObjects, crdObjects := readResources(t, test.paths)
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
client := newClientImpl(kubeClient, crdClient)
@ -7240,7 +7240,7 @@ func TestExternalNameService(t *testing.T) {
k8sObjects, crdObjects := readResources(t, test.paths)
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
client := newClientImpl(kubeClient, crdClient)
@ -7421,7 +7421,7 @@ func TestNativeLB(t *testing.T) {
k8sObjects, crdObjects := readResources(t, test.paths)
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
client := newClientImpl(kubeClient, crdClient)
@ -7686,7 +7686,7 @@ func TestNodePortLB(t *testing.T) {
k8sObjects, crdObjects := readResources(t, test.paths)
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
client := newClientImpl(kubeClient, crdClient)
@ -7727,7 +7727,7 @@ func TestCreateBasicAuthCredentials(t *testing.T) {
}
}
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset()
client := newClientImpl(kubeClient, crdClient)
@ -8198,7 +8198,7 @@ func TestGlobalNativeLB(t *testing.T) {
}
}
kubeClient := kubefake.NewSimpleClientset(k8sObjects...)
kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
client := newClientImpl(kubeClient, crdClient)

30
pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go
View file

@ -13,75 +13,75 @@ type IngressRouteSpec struct {
Routes []Route `json:"routes"`
// EntryPoints defines the list of entry point names to bind to.
// Entry points have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
// More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
// Default: all.
EntryPoints []string `json:"entryPoints,omitempty"`
// TLS defines the TLS configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls
TLS *TLS `json:"tls,omitempty"`
}
// Route holds the HTTP route configuration.
type Route struct {
// Match defines the router's rule.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule
Match string `json:"match"`
// Kind defines the kind of the route.
// Rule is the only supported kind.
// +kubebuilder:validation:Enum=Rule
Kind string `json:"kind"`
// Priority defines the router's priority.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority
Priority int `json:"priority,omitempty"`
// Syntax defines the router's rule syntax.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax
Syntax string `json:"syntax,omitempty"`
// Services defines the list of Service.
// It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
Services []Service `json:"services,omitempty"`
// Middlewares defines the list of references to Middleware resources.
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
// More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware
Middlewares []MiddlewareRef `json:"middlewares,omitempty"`
}
// TLS holds the TLS configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls
type TLS struct {
// SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
SecretName string `json:"secretName,omitempty"`
// Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
// If not defined, the `default` TLSOption is used.
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
Options *TLSOptionRef `json:"options,omitempty"`
// Store defines the reference to the TLSStore, that will be used to store certificates.
// Please note that only `default` TLSStore can be used.
Store *TLSStoreRef `json:"store,omitempty"`
// CertResolver defines the name of the certificate resolver to use.
// Cert resolvers have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
// More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
CertResolver string `json:"certResolver,omitempty"`
// Domains defines the list of domains that will be used to issue certificates.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
Domains []types.Domain `json:"domains,omitempty"`
}
// TLSOptionRef is a reference to a TLSOption resource.
type TLSOptionRef struct {
// Name defines the name of the referenced TLSOption.
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
// More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
Name string `json:"name"`
// Namespace defines the namespace of the referenced TLSOption.
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
// More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
Namespace string `json:"namespace,omitempty"`
}
// TLSStoreRef is a reference to a TLSStore resource.
type TLSStoreRef struct {
// Name defines the name of the referenced TLSStore.
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
// More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
Name string `json:"name"`
// Namespace defines the namespace of the referenced TLSStore.
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
// More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
Namespace string `json:"namespace,omitempty"`
}
@ -98,7 +98,7 @@ type LoadBalancerSpec struct {
// Namespace defines the namespace of the referenced Kubernetes Service or TraefikService.
Namespace string `json:"namespace,omitempty"`
// Sticky defines the sticky sessions configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
Sticky *dynamic.Sticky `json:"sticky,omitempty"`
// Port defines the port of a Kubernetes Service.
// This can be a reference to a named port.

20
pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroutetcp.go
View file

@ -13,24 +13,24 @@ type IngressRouteTCPSpec struct {
Routes []RouteTCP `json:"routes"`
// EntryPoints defines the list of entry point names to bind to.
// Entry points have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
// More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
// Default: all.
EntryPoints []string `json:"entryPoints,omitempty"`
// TLS defines the TLS configuration on a layer 4 / TCP Route.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1
TLS *TLSTCP `json:"tls,omitempty"`
}
// RouteTCP holds the TCP route configuration.
type RouteTCP struct {
// Match defines the router's rule.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1
Match string `json:"match"`
// Priority defines the router's priority.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1
Priority int `json:"priority,omitempty"`
// Syntax defines the router's rule syntax.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1
Syntax string `json:"syntax,omitempty"`
// Services defines the list of TCP services.
Services []ServiceTCP `json:"services,omitempty"`
@ -39,7 +39,7 @@ type RouteTCP struct {
}
// TLSTCP holds the TLS configuration for an IngressRouteTCP.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1
type TLSTCP struct {
// SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
SecretName string `json:"secretName,omitempty"`
@ -47,17 +47,17 @@ type TLSTCP struct {
Passthrough bool `json:"passthrough,omitempty"`
// Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
// If not defined, the `default` TLSOption is used.
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
Options *ObjectReference `json:"options,omitempty"`
// Store defines the reference to the TLSStore, that will be used to store certificates.
// Please note that only `default` TLSStore can be used.
Store *ObjectReference `json:"store,omitempty"`
// CertResolver defines the name of the certificate resolver to use.
// Cert resolvers have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
// More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
CertResolver string `json:"certResolver,omitempty"`
// Domains defines the list of domains that will be used to issue certificates.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
// More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
Domains []types.Domain `json:"domains,omitempty"`
}
@ -80,7 +80,7 @@ type ServiceTCP struct {
// Deprecated: TerminationDelay will not be supported in future APIVersions, please use ServersTransport to configure the TerminationDelay instead.
TerminationDelay *int `json:"terminationDelay,omitempty"`
// ProxyProtocol defines the PROXY protocol configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
ProxyProtocol *dynamic.ProxyProtocol `json:"proxyProtocol,omitempty"`
// ServersTransport defines the name of ServersTransportTCP resource to use.
// It allows to configure the transport between Traefik and your servers.

2
pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressrouteudp.go
View file

@ -11,7 +11,7 @@ type IngressRouteUDPSpec struct {
Routes []RouteUDP `json:"routes"`
// EntryPoints defines the list of entry point names to bind to.
// Entry points have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
// More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
// Default: all.
EntryPoints []string `json:"entryPoints,omitempty"`
}

26
pkg/provider/kubernetes/crd/traefikio/v1alpha1/middleware.go
View file

@ -12,7 +12,7 @@ import (
// +kubebuilder:storageversion
// Middleware is the CRD implementation of a Traefik Middleware.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/
type Middleware struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
@ -60,7 +60,7 @@ type MiddlewareSpec struct {
// ErrorPage holds the custom error middleware configuration.
// This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/
type ErrorPage struct {
// Status defines which status or range of statuses should result in an error page.
// It can be either a status code as a number (500),
@ -69,7 +69,7 @@ type ErrorPage struct {
// or a combination of the two (404,418,500-599).
Status []string `json:"status,omitempty"`
// Service defines the reference to a Kubernetes Service that will serve the error page.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service
Service Service `json:"service,omitempty"`
// Query defines the URL for the error page (hosted by service).
// The {status} variable can be used in order to insert the status code in the URL.
@ -96,7 +96,7 @@ type CircuitBreaker struct {
// Chain holds the configuration of the chain middleware.
// This middleware enables to define reusable combinations of other pieces of middleware.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/
type Chain struct {
// Middlewares is the list of MiddlewareRef which composes the chain.
Middlewares []MiddlewareRef `json:"middlewares,omitempty"`
@ -106,7 +106,7 @@ type Chain struct {
// BasicAuth holds the basic auth middleware configuration.
// This middleware restricts access to your services to known users.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
type BasicAuth struct {
// Secret is the name of the referenced Kubernetes Secret containing user credentials.
Secret string `json:"secret,omitempty"`
@ -117,7 +117,7 @@ type BasicAuth struct {
// Default: false.
RemoveHeader bool `json:"removeHeader,omitempty"`
// HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
HeaderField string `json:"headerField,omitempty"`
}
@ -125,7 +125,7 @@ type BasicAuth struct {
// DigestAuth holds the digest auth middleware configuration.
// This middleware restricts access to your services to known users.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
type DigestAuth struct {
// Secret is the name of the referenced Kubernetes Secret containing user credentials.
Secret string `json:"secret,omitempty"`
@ -135,7 +135,7 @@ type DigestAuth struct {
// Default: traefik.
Realm string `json:"realm,omitempty"`
// HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
HeaderField string `json:"headerField,omitempty"`
}
@ -143,7 +143,7 @@ type DigestAuth struct {
// ForwardAuth holds the forward auth middleware configuration.
// This middleware delegates the request authentication to a Service.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
type ForwardAuth struct {
// Address defines the authentication server address.
Address string `json:"address,omitempty"`
@ -152,7 +152,7 @@ type ForwardAuth struct {
// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
AuthResponseHeaders []string `json:"authResponseHeaders,omitempty"`
// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty"`
// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
// If not set or empty then all request headers are passed.
@ -182,7 +182,7 @@ type ClientTLS struct {
// RateLimit holds the rate limit configuration.
// This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/
type RateLimit struct {
// Average is the maximum rate, by default in requests/s, allowed for the given source.
// It defaults to 0, which means no rate limiting.
@ -205,7 +205,7 @@ type RateLimit struct {
// Compress holds the compress middleware configuration.
// This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/
type Compress struct {
// ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
// `application/grpc` is always excluded.
@ -226,7 +226,7 @@ type Compress struct {
// Retry holds the retry middleware configuration.
// This middleware reissues requests a given number of times to a backend server if that server does not reply.
// As soon as the server answers, the middleware stops retrying, regardless of the response status.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
type Retry struct {
// Attempts defines how many times the request should be retried.
Attempts int `json:"attempts,omitempty"`

6
pkg/provider/kubernetes/crd/traefikio/v1alpha1/middlewaretcp.go
View file

@ -9,7 +9,7 @@ import (
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/
type MiddlewareTCP struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
@ -28,11 +28,11 @@ type MiddlewareTCPSpec struct {
// IPWhiteList defines the IPWhiteList middleware configuration.
// This middleware accepts/refuses connections based on the client IP.
// Deprecated: please use IPAllowList instead.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/
IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"`
// IPAllowList defines the IPAllowList middleware configuration.
// This middleware accepts/refuses connections based on the client IP.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
IPAllowList *dynamic.TCPIPAllowList `json:"ipAllowList,omitempty"`
}

2
pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go
View file

@ -13,7 +13,7 @@ import (
// ServersTransport is the CRD implementation of a ServersTransport.
// If no serversTransport is specified, the default@internal will be used.
// The default@internal serversTransport is created from the static configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1
type ServersTransport struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.

2
pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransporttcp.go
View file

@ -13,7 +13,7 @@ import (
// ServersTransportTCP is the CRD implementation of a TCPServersTransport.
// If no tcpServersTransport is specified, a default one named default@internal will be used.
// The default@internal tcpServersTransport can be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3
type ServersTransportTCP struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.

8
pkg/provider/kubernetes/crd/traefikio/v1alpha1/service.go
View file

@ -13,7 +13,7 @@ import (
// TraefikService object allows to:
// - Apply weight to Services on load-balancing
// - Mirror traffic on services
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
// More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice
type TraefikService struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
@ -49,7 +49,7 @@ type TraefikServiceSpec struct {
// +k8s:deepcopy-gen=true
// Mirroring holds the mirroring service configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#mirroring-service
// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#mirroring-service
type Mirroring struct {
LoadBalancerSpec `json:",inline"`
@ -78,11 +78,11 @@ type MirrorService struct {
// +k8s:deepcopy-gen=true
// WeightedRoundRobin holds the weighted round-robin configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#weighted-round-robin-service
// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#weighted-round-robin-service
type WeightedRoundRobin struct {
// Services defines the list of Kubernetes Service and/or TraefikService to load-balance, with weight.
Services []Service `json:"services,omitempty"`
// Sticky defines whether sticky sessions are enabled.
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
// More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
Sticky *dynamic.Sticky `json:"sticky,omitempty"`
}

8
pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsoption.go
View file

@ -9,7 +9,7 @@ import (
// +kubebuilder:storageversion
// TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
type TLSOption struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
@ -32,17 +32,17 @@ type TLSOptionSpec struct {
// Default: None.
MaxVersion string `json:"maxVersion,omitempty"`
// CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites
CipherSuites []string `json:"cipherSuites,omitempty"`
// CurvePreferences defines the preferred elliptic curves in a specific order.
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences
CurvePreferences []string `json:"curvePreferences,omitempty"`
// ClientAuth defines the server's policy for TLS Client Authentication.
ClientAuth ClientAuth `json:"clientAuth,omitempty"`
// SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
SniStrict bool `json:"sniStrict,omitempty"`
// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols
ALPNProtocols []string `json:"alpnProtocols,omitempty"`
// PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.

2
pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsstore.go
View file

@ -12,7 +12,7 @@ import (
// TLSStore is the CRD implementation of a Traefik TLS Store.
// For the time being, only the TLSStore named default is supported.
// This means that you cannot have two stores that are named default in different Kubernetes namespaces.
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
// More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores
type TLSStore struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.

54
pkg/provider/kubernetes/gateway/annotations.go Normal file
View file

@ -0,0 +1,54 @@
package gateway
import (
"fmt"
"strings"
"github.com/traefik/traefik/v3/pkg/config/label"
)
const annotationsPrefix = "traefik.io/"
// ServiceConfig is the service's root configuration from annotations.
type ServiceConfig struct {
Service Service `json:"service"`
}
// Service is the service's configuration from annotations.
type Service struct {
NativeLB bool `json:"nativeLB"`
}
func parseServiceAnnotations(annotations map[string]string) (ServiceConfig, error) {
var svcConf ServiceConfig
labels := convertAnnotations(annotations)
if len(labels) == 0 {
return svcConf, nil
}
if err := label.Decode(labels, &svcConf, "traefik.service."); err != nil {
return svcConf, fmt.Errorf("decoding labels: %w", err)
}
return svcConf, nil
}
func convertAnnotations(annotations map[string]string) map[string]string {
if len(annotations) == 0 {
return nil
}
result := make(map[string]string)
for key, value := range annotations {
if !strings.HasPrefix(key, annotationsPrefix) {
continue
}
newKey := strings.ReplaceAll(key, "io/", "")
result[newKey] = value
}
return result
}

89
pkg/provider/kubernetes/gateway/annotations_test.go Normal file
View file

@ -0,0 +1,89 @@
package gateway
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func Test_parseServiceConfig(t *testing.T) {
testCases := []struct {
desc string
annotations map[string]string
expected ServiceConfig
}{
{
desc: "service annotations",
annotations: map[string]string{
"ingress.kubernetes.io/foo": "bar",
"traefik.io/foo": "bar",
"traefik.io/service.nativelb": "true",
},
expected: ServiceConfig{
Service: Service{
NativeLB: true,
},
},
},
{
desc: "empty map",
annotations: map[string]string{},
expected: ServiceConfig{},
},
{
desc: "nil map",
annotations: nil,
expected: ServiceConfig{},
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
cfg, err := parseServiceAnnotations(test.annotations)
require.NoError(t, err)
assert.Equal(t, test.expected, cfg)
})
}
}
func Test_convertAnnotations(t *testing.T) {
testCases := []struct {
desc string
annotations map[string]string
expected map[string]string
}{
{
desc: "service annotations",
annotations: map[string]string{
"traefik.io/service.nativelb": "true",
},
expected: map[string]string{
"traefik.service.nativelb": "true",
},
},
{
desc: "empty map",
annotations: map[string]string{},
expected: nil,
},
{
desc: "nil map",
annotations: nil,
expected: nil,
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
labels := convertAnnotations(test.annotations)
assert.Equal(t, test.expected, labels)
})
}
}

51
pkg/provider/kubernetes/gateway/fixtures/httproute/simple_nativelb.yml Normal file
View file

@ -0,0 +1,51 @@
---
kind: GatewayClass
apiVersion: gateway.networking.k8s.io/v1
metadata:
name: my-gateway-class
spec:
controllerName: traefik.io/gateway-controller
---
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1
metadata:
name: my-gateway
namespace: default
spec:
gatewayClassName: my-gateway-class
listeners: # Use GatewayClass defaults for listener definition.
- name: http
protocol: HTTP
port: 80
allowedRoutes:
kinds:
- kind: HTTPRoute
group: gateway.networking.k8s.io
namespaces:
from: Same
---
kind: HTTPRoute
apiVersion: gateway.networking.k8s.io/v1
metadata:
name: http-app-1
namespace: default
spec:
parentRefs:
- name: my-gateway
kind: Gateway
group: gateway.networking.k8s.io
hostnames:
- "foo.com"
rules:
- matches:
- path:
type: Exact
value: /bar
backendRefs:
- name: whoami-native
port: 80
weight: 1
kind: Service
group: ""

44
pkg/provider/kubernetes/gateway/fixtures/services.yml
View file

@ -5,6 +5,7 @@ metadata:
namespace: default
spec:
clusterIP: 10.10.10.1
ports:
- name: web2
protocol: TCP
@ -262,6 +263,7 @@ metadata:
namespace: default
spec:
clusterIP: 10.10.10.1
ports:
- protocol: TCP
port: 9000
@ -424,3 +426,45 @@ spec:
port: 80
name: wss
appProtocol: kubernetes.io/wss
---
apiVersion: v1
kind: Service
metadata:
name: whoami-native
namespace: default
annotations:
traefik.io/service.nativelb: "true"
spec:
clusterIP: 10.10.10.1
ports:
- name: web2
protocol: TCP
port: 8000
targetPort: web2
- name: web
protocol: TCP
port: 80
targetPort: web
selector:
app: containous
task: whoami
---
apiVersion: v1
kind: Service
metadata:
name: whoamitcp-native
namespace: default
annotations:
traefik.io/service.nativelb: "true"
spec:
clusterIP: 10.10.10.1
ports:
- protocol: TCP
port: 9000
name: tcp-1
- protocol: TCP
port: 10000
name: tcp-2

46
pkg/provider/kubernetes/gateway/fixtures/tcproute/simple_nativelb.yml Normal file
View file

@ -0,0 +1,46 @@
---
kind: GatewayClass
apiVersion: gateway.networking.k8s.io/v1
metadata:
name: my-gateway-class
namespace: default
spec:
controllerName: traefik.io/gateway-controller
---
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1
metadata:
name: my-tcp-gateway
namespace: default
spec:
gatewayClassName: my-gateway-class
listeners: # Use GatewayClass defaults for listener definition.
- name: tcp
protocol: TCP
port: 9000
allowedRoutes:
namespaces:
from: Same
kinds:
- kind: TCPRoute
group: gateway.networking.k8s.io
---
kind: TCPRoute
apiVersion: gateway.networking.k8s.io/v1alpha2
metadata:
name: tcp-app-1
namespace: default
spec:
parentRefs:
- name: my-tcp-gateway
kind: Gateway
group: gateway.networking.k8s.io
rules:
- backendRefs:
- name: whoamitcp-native
port: 9000
weight: 1
kind: Service
group: ""

60
pkg/provider/kubernetes/gateway/fixtures/tlsroute/simple_nativelb.yml Normal file
View file

@ -0,0 +1,60 @@
---
apiVersion: v1
kind: Secret
metadata:
name: supersecret
namespace: default
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
---
kind: GatewayClass
apiVersion: gateway.networking.k8s.io/v1
metadata:
name: my-gateway-class
namespace: default
spec:
controllerName: traefik.io/gateway-controller
---
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1
metadata:
name: my-tls-gateway
namespace: default
spec:
gatewayClassName: my-gateway-class
listeners: # Use GatewayClass defaults for listener definition.
- name: tls
protocol: TLS
hostname: foo.example.com
port: 9000
tls:
mode: Passthrough
allowedRoutes:
kinds:
- kind: TLSRoute
group: gateway.networking.k8s.io
namespaces:
from: Same
---
kind: TLSRoute
apiVersion: gateway.networking.k8s.io/v1alpha2
metadata:
name: tls-app-1
namespace: default
spec:
parentRefs:
- name: my-tls-gateway
kind: Gateway
group: gateway.networking.k8s.io
rules:
- backendRefs:
- name: whoamitcp-native
port: 9000
weight: 1
kind: Service
group: ""

2
pkg/provider/kubernetes/gateway/grpcroute.go
View file

@ -350,7 +350,7 @@ func (p *Provider) loadGRPCServers(namespace string, route *gatev1.GRPCRoute, ba
for _, ba := range backendAddresses {
lb.Servers = append(lb.Servers, dynamic.Server{
URL: fmt.Sprintf("h2c://%s", net.JoinHostPort(ba.Address, strconv.Itoa(int(ba.Port)))),
URL: fmt.Sprintf("h2c://%s", net.JoinHostPort(ba.IP, strconv.Itoa(int(ba.Port)))),
})
}
return lb, nil

2
pkg/provider/kubernetes/gateway/httproute.go
View file

@ -482,7 +482,7 @@ func (p *Provider) loadHTTPServers(namespace string, route *gatev1.HTTPRoute, ba
for _, ba := range backendAddresses {
lb.Servers = append(lb.Servers, dynamic.Server{
URL: fmt.Sprintf("%s://%s", protocol, net.JoinHostPort(ba.Address, strconv.Itoa(int(ba.Port)))),
URL: fmt.Sprintf("%s://%s", protocol, net.JoinHostPort(ba.IP, strconv.Itoa(int(ba.Port)))),
})
}
return lb, svcPort, nil

28
pkg/provider/kubernetes/gateway/kubernetes.go
View file

@ -65,6 +65,7 @@ type Provider struct {
ThrottleDuration ptypes.Duration `description:"Kubernetes refresh throttle duration" json:"throttleDuration,omitempty" toml:"throttleDuration,omitempty" yaml:"throttleDuration,omitempty" export:"true"`
ExperimentalChannel bool `description:"Toggles Experimental Channel resources support (TCPRoute, TLSRoute...)." json:"experimentalChannel,omitempty" toml:"experimentalChannel,omitempty" yaml:"experimentalChannel,omitempty" export:"true"`
StatusAddress *StatusAddress `description:"Defines the Kubernetes Gateway status address." json:"statusAddress,omitempty" toml:"statusAddress,omitempty" yaml:"statusAddress,omitempty" export:"true"`
NativeLBByDefault bool `description:"Defines whether to use Native Kubernetes load-balancing by default." json:"nativeLBByDefault,omitempty" toml:"nativeLBByDefault,omitempty" yaml:"nativeLBByDefault,omitempty" export:"true"`
EntryPoints map[string]Entrypoint `json:"-" toml:"-" yaml:"-" label:"-" file:"-"`
@ -873,8 +874,8 @@ func (p *Provider) allowedNamespaces(gatewayNamespace string, routeNamespaces *g
}
type backendAddress struct {
Address string
Port int32
IP string
Port int32
}
func (p *Provider) getBackendAddresses(namespace string, ref gatev1.BackendRef) ([]backendAddress, corev1.ServicePort, error) {
@ -889,6 +890,9 @@ func (p *Provider) getBackendAddresses(namespace string, ref gatev1.BackendRef)
if !exists {
return nil, corev1.ServicePort{}, errors.New("service not found")
}
if service.Spec.Type == corev1.ServiceTypeExternalName {
return nil, corev1.ServicePort{}, errors.New("type ExternalName is not supported for Kubernetes Service reference")
}
var svcPort *corev1.ServicePort
for _, p := range service.Spec.Ports {
@ -901,6 +905,22 @@ func (p *Provider) getBackendAddresses(namespace string, ref gatev1.BackendRef)
return nil, corev1.ServicePort{}, fmt.Errorf("service port %d not found", *ref.Port)
}
annotationsConfig, err := parseServiceAnnotations(service.Annotations)
if err != nil {
return nil, corev1.ServicePort{}, fmt.Errorf("parsing service annotations config: %w", err)
}
if p.NativeLBByDefault || annotationsConfig.Service.NativeLB {
if service.Spec.ClusterIP == "" || service.Spec.ClusterIP == "None" {
return nil, corev1.ServicePort{}, fmt.Errorf("no clusterIP found for service: %s/%s", service.Namespace, service.Name)
}
return []backendAddress{{
IP: service.Spec.ClusterIP,
Port: svcPort.Port,
}}, *svcPort, nil
}
endpointSlices, err := p.client.ListEndpointSlicesForService(namespace, string(ref.Name))
if err != nil {
return nil, corev1.ServicePort{}, fmt.Errorf("getting endpointslices: %w", err)
@ -935,8 +955,8 @@ func (p *Provider) getBackendAddresses(namespace string, ref gatev1.BackendRef)
uniqAddresses[address] = struct{}{}
backendServers = append(backendServers, backendAddress{
Address: address,
Port: port,
IP: address,
Port: port,
})
}
}

345
pkg/provider/kubernetes/gateway/kubernetes_test.go
View file

@ -57,6 +57,7 @@ func TestLoadHTTPRoutes(t *testing.T) {
expected *dynamic.Configuration
entryPoints map[string]Entrypoint
experimentalChannel bool
nativeLB bool
}{
{
desc: "Empty",
@ -2334,6 +2335,123 @@ func TestLoadHTTPRoutes(t *testing.T) {
TLS: &dynamic.TLSConfiguration{},
},
},
{
desc: "Simple HTTPRoute with NativeLBByDefault enabled",
paths: []string{"services.yml", "httproute/simple.yml"},
nativeLB: true,
entryPoints: map[string]Entrypoint{"web": {
Address: ":80",
}},
expected: &dynamic.Configuration{
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{},
Middlewares: map[string]*dynamic.TCPMiddleware{},
Services: map[string]*dynamic.TCPService{},
ServersTransports: map[string]*dynamic.TCPServersTransport{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{
"default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06": {
EntryPoints: []string{"web"},
Service: "default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06-wrr",
Rule: "Host(`foo.com`) && Path(`/bar`)",
Priority: 100008,
RuleSyntax: "v3",
},
},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{
"default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06-wrr": {
Weighted: &dynamic.WeightedRoundRobin{
Services: []dynamic.WRRService{
{
Name: "default-whoami-80",
Weight: ptr.To(1),
},
},
},
},
"default-whoami-80": {
LoadBalancer: &dynamic.ServersLoadBalancer{
Servers: []dynamic.Server{
{
URL: "http://10.10.10.1:80",
},
},
PassHostHeader: ptr.To(true),
ResponseForwarding: &dynamic.ResponseForwarding{
FlushInterval: ptypes.Duration(100 * time.Millisecond),
},
},
},
},
ServersTransports: map[string]*dynamic.ServersTransport{},
},
TLS: &dynamic.TLSConfiguration{},
},
},
{
desc: "Simple HTTPRoute with NativeLB annotation",
paths: []string{"services.yml", "httproute/simple_nativelb.yml"},
entryPoints: map[string]Entrypoint{"web": {
Address: ":80",
}},
expected: &dynamic.Configuration{
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{},
Middlewares: map[string]*dynamic.TCPMiddleware{},
Services: map[string]*dynamic.TCPService{},
ServersTransports: map[string]*dynamic.TCPServersTransport{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{
"default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06": {
EntryPoints: []string{"web"},
Service: "default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06-wrr",
Rule: "Host(`foo.com`) && Path(`/bar`)",
Priority: 100008,
RuleSyntax: "v3",
},
},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{
"default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06-wrr": {
Weighted: &dynamic.WeightedRoundRobin{
Services: []dynamic.WRRService{
{
Name: "default-whoami-native-80",
Weight: ptr.To(1),
},
},
},
},
"default-whoami-native-80": {
LoadBalancer: &dynamic.ServersLoadBalancer{
Servers: []dynamic.Server{
{
URL: "http://10.10.10.1:80",
},
},
PassHostHeader: ptr.To(true),
ResponseForwarding: &dynamic.ResponseForwarding{
FlushInterval: ptypes.Duration(100 * time.Millisecond),
},
},
},
},
ServersTransports: map[string]*dynamic.ServersTransport{},
},
TLS: &dynamic.TLSConfiguration{},
},
},
}
for _, test := range testCases {
@ -2363,6 +2481,7 @@ func TestLoadHTTPRoutes(t *testing.T) {
p := Provider{
EntryPoints: test.entryPoints,
ExperimentalChannel: test.experimentalChannel,
NativeLBByDefault: test.nativeLB,
client: client,
}
@ -3078,6 +3197,7 @@ func TestLoadTCPRoutes(t *testing.T) {
paths []string
expected *dynamic.Configuration
entryPoints map[string]Entrypoint
nativeLB bool
}{
{
desc: "Empty",
@ -3826,6 +3946,113 @@ func TestLoadTCPRoutes(t *testing.T) {
TLS: &dynamic.TLSConfiguration{},
},
},
{
desc: "Simple TCPRoute with NativeLBByDefault",
paths: []string{"services.yml", "tcproute/simple.yml"},
nativeLB: true,
entryPoints: map[string]Entrypoint{
"tcp": {Address: ":9000"},
},
expected: &dynamic.Configuration{
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{
"default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb": {
EntryPoints: []string{"tcp"},
Service: "default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb-wrr",
Rule: "HostSNI(`*`)",
RuleSyntax: "v3",
},
},
Middlewares: map[string]*dynamic.TCPMiddleware{},
Services: map[string]*dynamic.TCPService{
"default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb-wrr": {
Weighted: &dynamic.TCPWeightedRoundRobin{
Services: []dynamic.TCPWRRService{
{
Name: "default-whoamitcp-9000",
Weight: ptr.To(1),
},
},
},
},
"default-whoamitcp-9000": {
LoadBalancer: &dynamic.TCPServersLoadBalancer{
Servers: []dynamic.TCPServer{
{
Address: "10.10.10.1:9000",
},
},
},
},
},
ServersTransports: map[string]*dynamic.TCPServersTransport{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{},
ServersTransports: map[string]*dynamic.ServersTransport{},
},
TLS: &dynamic.TLSConfiguration{},
},
},
{
desc: "Simple TCPRoute with NativeLB annotation",
paths: []string{"services.yml", "tcproute/simple_nativelb.yml"},
entryPoints: map[string]Entrypoint{
"tcp": {Address: ":9000"},
},
expected: &dynamic.Configuration{
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{
"default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb": {
EntryPoints: []string{"tcp"},
Service: "default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb-wrr",
Rule: "HostSNI(`*`)",
RuleSyntax: "v3",
},
},
Middlewares: map[string]*dynamic.TCPMiddleware{},
Services: map[string]*dynamic.TCPService{
"default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb-wrr": {
Weighted: &dynamic.TCPWeightedRoundRobin{
Services: []dynamic.TCPWRRService{
{
Name: "default-whoamitcp-native-9000",
Weight: ptr.To(1),
},
},
},
},
"default-whoamitcp-native-9000": {
LoadBalancer: &dynamic.TCPServersLoadBalancer{
Servers: []dynamic.TCPServer{
{
Address: "10.10.10.1:9000",
},
},
},
},
},
ServersTransports: map[string]*dynamic.TCPServersTransport{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{},
ServersTransports: map[string]*dynamic.ServersTransport{},
},
TLS: &dynamic.TLSConfiguration{},
},
},
}
for _, test := range testCases {
@ -3854,6 +4081,7 @@ func TestLoadTCPRoutes(t *testing.T) {
p := Provider{
EntryPoints: test.entryPoints,
NativeLBByDefault: test.nativeLB,
ExperimentalChannel: true,
client: client,
}
@ -3869,8 +4097,9 @@ func TestLoadTLSRoutes(t *testing.T) {
desc string
ingressClass string
paths []string
expected *dynamic.Configuration
entryPoints map[string]Entrypoint
nativeLB bool
expected *dynamic.Configuration
}{
{
desc: "Empty",
@ -4975,6 +5204,119 @@ func TestLoadTLSRoutes(t *testing.T) {
TLS: &dynamic.TLSConfiguration{},
},
},
{
desc: "Simple TLSRoute with NativeLBByDefault",
paths: []string{"services.yml", "tlsroute/simple_TLS_to_TLSRoute.yml"},
nativeLB: true,
entryPoints: map[string]Entrypoint{
"tcp": {Address: ":9000"},
},
expected: &dynamic.Configuration{
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{
"default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb": {
EntryPoints: []string{"tcp"},
Service: "default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb-wrr",
Rule: "HostSNI(`foo.example.com`)",
RuleSyntax: "v3",
TLS: &dynamic.RouterTCPTLSConfig{
Passthrough: true,
},
},
},
Middlewares: map[string]*dynamic.TCPMiddleware{},
Services: map[string]*dynamic.TCPService{
"default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb-wrr": {
Weighted: &dynamic.TCPWeightedRoundRobin{
Services: []dynamic.TCPWRRService{
{
Name: "default-whoamitcp-9000",
Weight: ptr.To(1),
},
},
},
},
"default-whoamitcp-9000": {
LoadBalancer: &dynamic.TCPServersLoadBalancer{
Servers: []dynamic.TCPServer{
{
Address: "10.10.10.1:9000",
},
},
},
},
},
ServersTransports: map[string]*dynamic.TCPServersTransport{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{},
ServersTransports: map[string]*dynamic.ServersTransport{},
},
TLS: &dynamic.TLSConfiguration{},
},
},
{
desc: "Simple TLSRoute with NativeLB annotation",
paths: []string{"services.yml", "tlsroute/simple_nativelb.yml"},
entryPoints: map[string]Entrypoint{
"tcp": {Address: ":9000"},
},
expected: &dynamic.Configuration{
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{
"default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb": {
EntryPoints: []string{"tcp"},
Service: "default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb-wrr",
Rule: "HostSNI(`foo.example.com`)",
RuleSyntax: "v3",
TLS: &dynamic.RouterTCPTLSConfig{
Passthrough: true,
},
},
},
Middlewares: map[string]*dynamic.TCPMiddleware{},
Services: map[string]*dynamic.TCPService{
"default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb-wrr": {
Weighted: &dynamic.TCPWeightedRoundRobin{
Services: []dynamic.TCPWRRService{
{
Name: "default-whoamitcp-native-9000",
Weight: ptr.To(1),
},
},
},
},
"default-whoamitcp-native-9000": {
LoadBalancer: &dynamic.TCPServersLoadBalancer{
Servers: []dynamic.TCPServer{
{
Address: "10.10.10.1:9000",
},
},
},
},
},
ServersTransports: map[string]*dynamic.TCPServersTransport{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{},
ServersTransports: map[string]*dynamic.ServersTransport{},
},
TLS: &dynamic.TLSConfiguration{},
},
},
}
for _, test := range testCases {
@ -5003,6 +5345,7 @@ func TestLoadTLSRoutes(t *testing.T) {
p := Provider{
EntryPoints: test.entryPoints,
NativeLBByDefault: test.nativeLB,
ExperimentalChannel: true,
client: client,
}

2
pkg/provider/kubernetes/gateway/tcproute.go
View file

@ -286,7 +286,7 @@ func (p *Provider) loadTCPServers(namespace string, route *gatev1alpha2.TCPRoute
for _, ba := range backendAddresses {
lb.Servers = append(lb.Servers, dynamic.TCPServer{
Address: net.JoinHostPort(ba.Address, strconv.Itoa(int(ba.Port))),
Address: net.JoinHostPort(ba.IP, strconv.Itoa(int(ba.Port))),
})
}
return lb, nil

2
pkg/provider/kubernetes/gateway/tlsroute.go
View file

@ -289,7 +289,7 @@ func (p *Provider) loadTLSServers(namespace string, route *gatev1alpha2.TLSRoute
for _, ba := range backendAddresses {
lb.Servers = append(lb.Servers, dynamic.TCPServer{
// TODO determine whether the servers needs TLS, from the port?
Address: net.JoinHostPort(ba.Address, strconv.Itoa(int(ba.Port))),
Address: net.JoinHostPort(ba.IP, strconv.Itoa(int(ba.Port))),
})
}
return lb, nil

2
pkg/provider/kubernetes/ingress/kubernetes.go
View file

@ -219,7 +219,7 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl
var ingressClasses []*netv1.IngressClass
if !p.DisableIngressClassLookup {
if !p.DisableIngressClassLookup && !p.DisableClusterScopeResources {
ics, err := client.GetIngressClasses()
if err != nil {
log.Ctx(ctx).Warn().Err(err).Msg("Failed to list ingress classes")

63
pkg/provider/kubernetes/ingress/kubernetes_test.go
View file

@ -26,11 +26,12 @@ func Bool(v bool) *bool { return &v }
func TestLoadConfigurationFromIngresses(t *testing.T) {
testCases := []struct {
desc string
ingressClass string
expected *dynamic.Configuration
allowEmptyServices bool
disableIngressClassLookup bool
desc string
ingressClass string
expected *dynamic.Configuration
allowEmptyServices bool
disableIngressClassLookup bool
disableClusterScopeResources bool
}{
{
desc: "Empty ingresses",
@ -1335,6 +1336,38 @@ func TestLoadConfigurationFromIngresses(t *testing.T) {
},
},
},
{
// Duplicate test case with the same fixture as the one above, but with the disableClusterScopeResources option to true.
// Showing that disabling the ingressClass discovery still allow the discovery of ingresses with ingress annotation.
desc: "Ingress with ingress annotation",
disableClusterScopeResources: true,
expected: &dynamic.Configuration{
HTTP: &dynamic.HTTPConfiguration{
Middlewares: map[string]*dynamic.Middleware{},
Routers: map[string]*dynamic.Router{
"testing-bar": {
Rule: "PathPrefix(`/bar`)",
Service: "testing-service1-80",
},
},
Services: map[string]*dynamic.Service{
"testing-service1-80": {
LoadBalancer: &dynamic.ServersLoadBalancer{
PassHostHeader: Bool(true),
ResponseForwarding: &dynamic.ResponseForwarding{
FlushInterval: ptypes.Duration(100 * time.Millisecond),
},
Servers: []dynamic.Server{
{
URL: "http://10.10.0.1:8080",
},
},
},
},
},
},
},
},
{
desc: "Ingress with ingressClass",
expected: &dynamic.Configuration{
@ -1377,6 +1410,19 @@ func TestLoadConfigurationFromIngresses(t *testing.T) {
},
},
},
{
// Duplicate test case with the same fixture as the one above, but with the disableClusterScopeResources option to true.
// Showing that disabling the ingressClass discovery avoid discovering Ingresses with an IngressClass.
desc: "Ingress with ingressClass",
disableClusterScopeResources: true,
expected: &dynamic.Configuration{
HTTP: &dynamic.HTTPConfiguration{
Middlewares: map[string]*dynamic.Middleware{},
Routers: map[string]*dynamic.Router{},
Services: map[string]*dynamic.Service{},
},
},
},
{
desc: "Ingress with named port",
expected: &dynamic.Configuration{
@ -1455,9 +1501,10 @@ func TestLoadConfigurationFromIngresses(t *testing.T) {
clientMock := newClientMock(generateTestFilename(test.desc))
p := Provider{
IngressClass: test.ingressClass,
AllowEmptyServices: test.allowEmptyServices,
DisableIngressClassLookup: test.disableIngressClassLookup,
IngressClass: test.ingressClass,
AllowEmptyServices: test.allowEmptyServices,
DisableIngressClassLookup: test.disableIngressClassLookup,
DisableClusterScopeResources: test.disableClusterScopeResources,
}
conf := p.loadConfigurationFromIngresses(context.Background(), clientMock)

2
pkg/server/router/tcp/postgres.go
View file

@ -28,7 +28,7 @@ func isPostgres(br *bufio.Reader) (bool, error) {
peeked, err := br.Peek(i)
if err != nil {
var opErr *net.OpError
if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || opErr.Timeout()) {
if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || !opErr.Timeout()) {
log.Error().Err(err).Msg("Error while Peeking first byte")
}
return false, err

2
pkg/server/router/tcp/router.go
View file

@ -363,7 +363,7 @@ func clientHelloInfo(br *bufio.Reader) (*clientHello, error) {
hdr, err := br.Peek(1)
if err != nil {
var opErr *net.OpError
if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || opErr.Timeout()) {
if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || !opErr.Timeout()) {
log.Error().Err(err).Msg("Error while Peeking first byte")
}
return nil, err

6
script/gcg/traefik-bugfix.toml
View file

@ -4,11 +4,11 @@ RepositoryName = "traefik"
OutputType = "file"
FileName = "traefik_changelog.md"
# example new bugfix v3.1.4
# example new bugfix v3.1.5
CurrentRef = "v3.1"
PreviousRef = "v3.1.3"
PreviousRef = "v3.1.4"
BaseBranch = "v3.1"
FutureCurrentRefName = "v3.1.4"
FutureCurrentRefName = "v3.1.5"
ThresholdPreviousRef = 10
ThresholdCurrentRef = 10

6
script/gcg/traefik-rc-first.toml
View file

@ -4,11 +4,11 @@ RepositoryName = "traefik"
OutputType = "file"
FileName = "traefik_changelog.md"
# example RC1 of v3.1.0-rc1
# example RC1 of v3.2.0-rc1
CurrentRef = "master"
PreviousRef = "v3.0.0-beta3"
PreviousRef = "v3.1.0-rc1"
BaseBranch = "master"
FutureCurrentRefName = "v3.1.0-rc1"
FutureCurrentRefName = "v3.2.0-rc1"
ThresholdPreviousRef = 10000
ThresholdCurrentRef = 10000

2
webui/embed.go
View file

@ -5,6 +5,8 @@ import (
"io/fs"
)
// Files starting with . and _ are excluded by default
//
//go:embed static
var assets embed.FS

3
webui/package.json
View file

@ -20,16 +20,13 @@
"dependencies": {
"@quasar/extras": "^1.16.12",
"axios": "^1.7.4",
"bowser": "^2.11.0",
"chart.js": "^4.4.1",
"core-js": "^3.35.1",
"dot-prop": "^8.0.2",
"iframe-resizer": "^4.3.9",
"lodash.isequal": "4.5.0",
"moment": "^2.30.1",
"quasar": "^2.16.6",
"query-string": "^8.1.0",
"vh-check": "^2.0.5",
"vue": "^3.0.0",
"vue-chartjs": "^5.3.0",
"vue-router": "^4.0.12",

4
webui/quasar.conf.js
View file

@ -13,9 +13,7 @@ module.exports = configure(function (ctx) {
// app boot file (/src/boot)
// --> boot files are part of "main.js"
boot: [
'api',
'_hacks',
'_init'
'api'
],
css: [

16
webui/src/_directives/resize.js
View file

@ -1,16 +0,0 @@
import iframeResize from 'iframe-resizer/js/iframeResizer'
const resize = {
mounted (el, binding) {
const options = binding.value || {}
el.addEventListener('load', () => iframeResize(options, el))
},
unmounted (el) {
const resizableEl = el
if (resizableEl.iFrameResizer) {
resizableEl.iFrameResizer.removeListeners()
}
}
}
export default resize

10
webui/src/boot/_globals.js
View file

@ -1,10 +0,0 @@
import { APP } from '../_helpers/APP'
import Boot from '../_middleware/Boot'
export default async ({ app, router, store }) => {
app.use(Boot)
APP.root = app
APP.router = router
APP.store = store
}

13
webui/src/boot/_hacks.js
View file

@ -1,13 +0,0 @@
import Bowser from 'bowser'
import vhCheck from 'vh-check'
const browser = Bowser.getParser(window.navigator.userAgent)
// In Mobile
if (browser.getPlatform().type === 'mobile') {
vhCheck()
}
export default async ({ app, Vue }) => {
}

30
webui/src/boot/_init.js
View file

@ -1,30 +0,0 @@
import { APP } from '../_helpers/APP'
import errors from '../_helpers/Errors'
import resize from '../_directives/resize'
export default async ({ app, router }) => {
// Directives
app.directive('resize', resize)
// Router
// ----------------------------------------------
router.beforeEach(async (to, from, next) => {
// Set APP
APP.routeTo = to
APP.routeFrom = from
next()
})
// Api (axios)
// ----------------------------------------------
APP.api.interceptors.request.use((config) => {
console.log('interceptors -> config', config)
// config.headers['Accept'] = '*/*'
return config
})
APP.api.interceptors.response.use((response) => {
console.log('interceptors -> response', response)
return response
}, errors.handleResponse)
}

15
webui/yarn.lock
View file

@ -2267,11 +2267,6 @@ boolbase@^1.0.0:
resolved "https://registry.yarnpkg.com/boolbase/-/boolbase-1.0.0.tgz#68dff5fbe60c51eb37725ea9e3ed310dcc1e776e"
integrity sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==
bowser@^2.11.0:
version "2.11.0"
resolved "https://registry.yarnpkg.com/bowser/-/bowser-2.11.0.tgz#5ca3c35757a7aa5771500c70a73a9f91ef420a8f"
integrity sha512-AlcaJBi/pqqJBIQ8U9Mcpc9i8Aqxn88Skv5d+xBX006BY5u8N3mGLHa5Lgppa7L/HfwgwLgZ6NYs+Ag6uUmJRA==
brace-expansion@^1.1.7:
version "1.1.11"
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd"
@ -3864,11 +3859,6 @@ ieee754@^1.1.13, ieee754@^1.2.1:
resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.2.1.tgz#8eb7a10a63fff25d15a57b001586d177d1b0d352"
integrity sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==
iframe-resizer@^4.3.9:
version "4.4.5"
resolved "https://registry.yarnpkg.com/iframe-resizer/-/iframe-resizer-4.4.5.tgz#f5048636e7f2fb5d9a09cc2ae78eb2da55ad555c"
integrity sha512-U8bCywf/Gh07O69RXo6dXAzTtODQrxaHGHRI7Nt4ipXsuq6EMxVsOP/jjaP43YtXz/ibESS0uSVDN3sOGCzSmw==
ignore@^5.2.0, ignore@^5.2.4:
version "5.3.1"
resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.3.1.tgz#5073e554cd42c5b33b394375f538b8593e34d4ef"
@ -6007,11 +5997,6 @@ vary@~1.1.2:
resolved "https://registry.yarnpkg.com/vary/-/vary-1.1.2.tgz#2299f02c6ded30d4a5961b0b9f74524a18f634fc"
integrity sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==
vh-check@^2.0.5:
version "2.0.5"
resolved "https://registry.yarnpkg.com/vh-check/-/vh-check-2.0.5.tgz#1b70610461e9776176f23d172daae3c4761aed09"
integrity sha512-vHtIYWt9uLl2P2tLlatVpMwv9+ezuJCtMNjUVIpzd5Pa/dJXN8AtqkKmVRcNSlmXyCjkCkbMQX/Vs9axmdlfgg==
vite-jsconfig-paths@^2.0.1:
version "2.0.1"
resolved "https://registry.yarnpkg.com/vite-jsconfig-paths/-/vite-jsconfig-paths-2.0.1.tgz#d66e36d67596dd8a8e4a6ed6e6db20debc50b45e"