baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Compare commits

base: baalajimaestro:93ec8f763670decf2b623653c6cc8739a848c96c
Branches Tags
baalajimaestro:master
...
compare: baalajimaestro:6f8b9a338d9d886bb1d6cab02719d08d5887bf87
Branches Tags
baalajimaestro:master

17 commits
93ec8f7636 ... 6f8b9a338d

Author SHA1 Message Date
baalajimaestro
6f8b9a338d
Merge branch 'master' of github.com:traefik/traefik
All checks were successful
Build & Push / build-and-push (push) Successful in 10m30s
Details
2024-10-08 22:02:07 +05:30
Romain
a7502c8700
Prepare Release v3.2.0-rc1 2024-10-02 16:24:04 +02:00
kevinpollet
54c3afd760
Merge branch v3.1 into master 2024-10-02 15:32:09 +02:00
Kevin Pollet
a2ab3e534d
Prepare release v3.1.5 2024-10-02 14:42:05 +02:00
kevinpollet
8cfa68a8e1
Merge branch v2.11 into v3.1 2024-10-02 11:25:30 +02:00
Kevin Pollet
518caa79f9
Prepare release v2.11.11 2024-10-02 11:10:04 +02:00
Romain
373095f1a8
Support NativeLB option in GatewayAPI provider 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2024-10-02 10:34:04 +02:00
romain
b641d5cf2a Merge current v2.11 into v3.1 2024-09-30 14:59:38 +02:00
Mathieu
4d6cb6af03
Ensure defaultGeneratedCert.main as Subject's CN 2024-09-30 12:10:05 +02:00
Kevin Pollet
9eb804a689
Bump github.com/klauspost/compress to 8e14b1b5a913 2024-09-30 11:56:04 +02:00
Jesper Noordsij
c02b72ca51
Disable IngressClass lookup when disableClusterScopeResources is enabled 2024-09-27 16:24:04 +02:00
Rémi BUISSON
2bb712135d
Specify default format value for access log 2024-09-27 15:34:04 +02:00
Michel Heusschen
14e5d4b4b3
Remove unused boot files from webui 2024-09-27 15:22:04 +02:00
lyrandy
e485edbe9f
Update API documentation to mention pagination 2024-09-27 15:00:06 +02:00
Romain
61bb3ab991
Rework condition to not log on timeout 2024-09-27 11:34:05 +02:00
Romain
e62f8af23b
Rework condition to not log on timeout 2024-09-27 11:20:04 +02:00
Romain
a42d396ed2
Clean connection headers for forward auth request only 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2024-09-27 11:18:05 +02:00
89 changed files with 1250 additions and 515 deletions
Show stats Expand all files Collapse all files

2
.semaphore/semaphore.yml
View file

@ -46,7 +46,7 @@ blocks:
- name: GH_VERSION - name: GH_VERSION
value: 2.32.1 value: 2.32.1
- name: CODENAME - name: CODENAME
value: "comte" value: "munster"
prologue: prologue:
commands: commands:
- export VERSION=${SEMAPHORE_GIT_TAG_NAME} - export VERSION=${SEMAPHORE_GIT_TAG_NAME}

51
CHANGELOG.md
View file

@ -1,3 +1,54 @@
## [v3.2.0-rc1](https://github.com/traefik/traefik/tree/v3.2.0-rc1) (2024-10-02)
[All Commits](https://github.com/traefik/traefik/compare/v3.1.0-rc1...v3.2.0-rc1)
**Enhancements:**
- **[acme]** Remove same email requirement for certresolvers ([#11019](https://github.com/traefik/traefik/pull/11019) by [Emrio](https://github.com/Emrio))
- **[acme]** Add support for custom CA certificates by certificate resolver ([#10816](https://github.com/traefik/traefik/pull/10816) by [ldez](https://github.com/ldez))
- **[acme]** Add 30 day certificatesDuration step ([#10970](https://github.com/traefik/traefik/pull/10970) by [luker983](https://github.com/luker983))
- **[docker]** Support HTTP BasicAuth for docker and swarm endpoint ([#10776](https://github.com/traefik/traefik/pull/10776) by [985492783](https://github.com/985492783))
- **[k8s,k8s/gatewayapi]** Add supported features to the Gateway API GatewayClass status ([#11056](https://github.com/traefik/traefik/pull/11056) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Update sigs.k8s.io/gateway-api to v1.2.0-rc1 ([#11124](https://github.com/traefik/traefik/pull/11124) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Add support for backend protocol selection in HTTP and GRPC routes ([#11051](https://github.com/traefik/traefik/pull/11051) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Improve Kubernetes GatewayAPI TCPRoute and TLSRoute support ([#11042](https://github.com/traefik/traefik/pull/11042) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Support HTTPRoute destination port matching ([#11134](https://github.com/traefik/traefik/pull/11134) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s,k8s/gatewayapi]** Bump sigs.k8s.io/gateway-api to v1.2.0-rc2 ([#11131](https://github.com/traefik/traefik/pull/11131) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s,k8s/gatewayapi]** Add support for Gateway API BackendTLSPolicies ([#11009](https://github.com/traefik/traefik/pull/11009) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Support NativeLB option in GatewayAPI provider ([#11147](https://github.com/traefik/traefik/pull/11147) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Support ResponseHeaderModifier filter ([#10987](https://github.com/traefik/traefik/pull/10987) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s,k8s/gatewayapi]** Support GRPC routes ([#10975](https://github.com/traefik/traefik/pull/10975) by [kevinpollet](https://github.com/kevinpollet))
- **[metrics,otel]** Allow setting service.name for OTLP metrics ([#10917](https://github.com/traefik/traefik/pull/10917) by [cmartell-at-ocp](https://github.com/cmartell-at-ocp))
- **[middleware,accesslogs]** Record trace id and EntryPoint span id into access log ([#10921](https://github.com/traefik/traefik/pull/10921) by [weijiany](https://github.com/weijiany))
- **[middleware,authentication]** Support LogUserHeader with forwardAuth middleware ([#10833](https://github.com/traefik/traefik/pull/10833) by [GaleHuang](https://github.com/GaleHuang))
- **[middleware]** Add encodings option to the compression middleware ([#10943](https://github.com/traefik/traefik/pull/10943) by [wollomatic](https://github.com/wollomatic))
- **[middleware]** Add support for ipv6 subnet in ipStrategy ([#9747](https://github.com/traefik/traefik/pull/9747) by [michal-kralik](https://github.com/michal-kralik))
- **[nomad]** Support for watching instead of polling Nomad ([#10997](https://github.com/traefik/traefik/pull/10997) by [deverton-godaddy](https://github.com/deverton-godaddy))
- **[server,performance]** Introduce a fast proxy mode to improve HTTP/1.1 performances with backends ([#11122](https://github.com/traefik/traefik/pull/11122) by [kevinpollet](https://github.com/kevinpollet))
- **[server]** Configurable max request header size ([#10995](https://github.com/traefik/traefik/pull/10995) by [lucasrod16](https://github.com/lucasrod16))
- **[service]** Add mirrorBody option to HTTP mirroring ([#11032](https://github.com/traefik/traefik/pull/11032) by [MatteoPaier](https://github.com/MatteoPaier))
## [v3.1.5](https://github.com/traefik/traefik/tree/v3.1.5) (2024-10-02)
[All Commits](https://github.com/traefik/traefik/compare/v3.1.4...v3.1.5)
**Bug fixes:**
- **[k8s/ingress,k8s]** Disable IngressClass lookup when disableClusterScopeResources is enabled ([#11111](https://github.com/traefik/traefik/pull/11111) by [jnoordsij](https://github.com/jnoordsij))
- **[server]** Rework condition to not log on timeout ([#11132](https://github.com/traefik/traefik/pull/11132) by [rtribotte](https://github.com/rtribotte))
- Merge branch v2.11 into v3.1 ([#11149](https://github.com/traefik/traefik/pull/11149) by [kevinpollet](https://github.com/kevinpollet))
- Merge branch v2.11 into v3.1 ([#11142](https://github.com/traefik/traefik/pull/11142) by [rtribotte](https://github.com/rtribotte))
## [v2.11.11](https://github.com/traefik/traefik/tree/v2.11.11) (2024-10-02)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.10...v2.11.11)
**Bug fixes:**
- **[acme]** Ensure defaultGeneratedCert.main as Subject&#39;s CN ([#10581](https://github.com/traefik/traefik/pull/10581) by [Lamatte](https://github.com/Lamatte))
- **[middleware,authentication]** Clean connection headers for forward auth request only ([#11095](https://github.com/traefik/traefik/pull/11095) by [rtribotte](https://github.com/rtribotte))
- **[middleware]** Bump github.com/klauspost/compress to 8e14b1b5a913 ([#11141](https://github.com/traefik/traefik/pull/11141) by [kevinpollet](https://github.com/kevinpollet))
- **[server]** Rework condition to not log on timeout ([#11133](https://github.com/traefik/traefik/pull/11133) by [rtribotte](https://github.com/rtribotte))
- **[webui]** Remove unused boot files from webui ([#11109](https://github.com/traefik/traefik/pull/11109) by [michelheusschen](https://github.com/michelheusschen))
**Documentation:**
- **[accesslogs]** Specify default format value for access log ([#11130](https://github.com/traefik/traefik/pull/11130) by [darkweaver87](https://github.com/darkweaver87))
- **[api]** Update API documentation to mention pagination ([#11115](https://github.com/traefik/traefik/pull/11115) by [lyrandy](https://github.com/lyrandy))
## [v3.1.4](https://github.com/traefik/traefik/tree/v3.1.4) (2024-09-19) ## [v3.1.4](https://github.com/traefik/traefik/tree/v3.1.4) (2024-09-19)
[All Commits](https://github.com/traefik/traefik/compare/v3.1.3...v3.1.4) [All Commits](https://github.com/traefik/traefik/compare/v3.1.3...v3.1.4)

2
docs/content/getting-started/configuration-overview.md
View file

@ -79,7 +79,7 @@ traefik --help
# or # or
docker run traefik[:version] --help docker run traefik[:version] --help
# ex: docker run traefik:v3.1 --help # ex: docker run traefik:v3.2 --help
``` ```
Check the [CLI reference](../reference/static-configuration/cli.md "Link to CLI reference overview") for an overview about all available arguments. Check the [CLI reference](../reference/static-configuration/cli.md "Link to CLI reference overview") for an overview about all available arguments.

8
docs/content/getting-started/install-traefik.md
View file

@ -16,12 +16,12 @@ You can install Traefik with the following flavors:
Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file: Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file:
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.1/traefik.sample.yml) * [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.2/traefik.sample.yml)
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.1/traefik.sample.toml) * [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.2/traefik.sample.toml)
```shell ```shell
docker run -d -p 8080:8080 -p 80:80 \ docker run -d -p 8080:8080 -p 80:80 \
-v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.1 -v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.2
``` ```
For more details, go to the [Docker provider documentation](../providers/docker.md) For more details, go to the [Docker provider documentation](../providers/docker.md)
@ -29,7 +29,7 @@ For more details, go to the [Docker provider documentation](../providers/docker.
!!! tip !!! tip
* Prefer a fixed version than the latest that could be an unexpected version. * Prefer a fixed version than the latest that could be an unexpected version.
ex: `traefik:v3.1` ex: `traefik:v3.2`
* Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine). * Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine).
* Any orchestrator using docker images can fetch the official Traefik docker image. * Any orchestrator using docker images can fetch the official Traefik docker image.

2
docs/content/getting-started/quick-start-with-kubernetes.md
View file

@ -154,7 +154,7 @@ spec:
serviceAccountName: traefik-account serviceAccountName: traefik-account
containers: containers:
- name: traefik - name: traefik
image: traefik:v3.1 image: traefik:v3.2
args: args:
- --api.insecure - --api.insecure
- --providers.kubernetesingress - --providers.kubernetesingress

2
docs/content/getting-started/quick-start.md
View file

@ -20,7 +20,7 @@ version: '3'
services: services:
reverse-proxy: reverse-proxy:
# The official v3 Traefik docker image # The official v3 Traefik docker image
image: traefik:v3.1 image: traefik:v3.2
# Enables the web UI and tells Traefik to listen to docker # Enables the web UI and tells Traefik to listen to docker
command: --api.insecure=true --providers.docker command: --api.insecure=true --providers.docker
ports: ports:

12
docs/content/migration/v2.md
View file

@ -640,3 +640,15 @@ Increasing the `readTimeout` value could be the solution notably if you are deal
- TCP: `Error while handling TCP connection: readfrom tcp X.X.X.X:X->X.X.X.X:X: read tcp X.X.X.X:X->X.X.X.X:X: i/o timeout` - TCP: `Error while handling TCP connection: readfrom tcp X.X.X.X:X->X.X.X.X:X: read tcp X.X.X.X:X->X.X.X.X:X: i/o timeout`
- HTTP: `'499 Client Closed Request' caused by: context canceled` - HTTP: `'499 Client Closed Request' caused by: context canceled`
- HTTP: `ReverseProxy read error during body copy: read tcp X.X.X.X:X->X.X.X.X:X: use of closed network connection` - HTTP: `ReverseProxy read error during body copy: read tcp X.X.X.X:X->X.X.X.X:X: use of closed network connection`
## v2.11.3
### Connection headers
In `v2.11.3`, the handling of the request Connection headers directives has changed to prevent any abuse.
Before, Traefik removed any header listed in the Connection header just before forwarding the request to the backends.
Now, Traefik removes the headers listed in the Connection header as soon as the request is handled.
As a consequence, middlewares do not have access to those Connection headers,
and a new option has been introduced to specify which ones could go through the middleware chain before being removed: `<entrypoint>.forwardedHeaders.connection`.
Please check out the [entrypoint forwarded headers connection option configuration](../routing/entrypoints.md#forwarded-headers) documentation.

4
docs/content/observability/access-logs.md
View file

@ -67,6 +67,8 @@ accessLog:
### `format` ### `format`
_Optional, Default="common"_
By default, logs are written using the Common Log Format (CLF). By default, logs are written using the Common Log Format (CLF).
To write logs in JSON, use `json` in the `format` option. To write logs in JSON, use `json` in the `format` option.
If the given format is unsupported, the default (CLF) is used instead. If the given format is unsupported, the default (CLF) is used instead.
@ -277,7 +279,7 @@ version: "3.7"
services: services:
traefik: traefik:
image: traefik:v3.1 image: traefik:v3.2
environment: environment:
- TZ=US/Alaska - TZ=US/Alaska
command: command:

9
docs/content/operations/api.md
View file

@ -136,6 +136,15 @@ api:
All the following endpoints must be accessed with a `GET` HTTP request. All the following endpoints must be accessed with a `GET` HTTP request.
!!! info "Pagination"
By default, up to 100 results are returned per page, and the next page can be checked using the `X-Next-Page` HTTP Header.
To control pagination, use the `page` and `per_page` query parameters.
```bash
curl https://traefik.example.com:8080/api/http/routers?page=2&per_page=20
```
| Path | Description | | Path | Description |
|--------------------------------|---------------------------------------------------------------------------------------------| |--------------------------------|---------------------------------------------------------------------------------------------|
| `/api/http/routers` | Lists all the HTTP routers information. | | `/api/http/routers` | Lists all the HTTP routers information. |

2
docs/content/providers/docker.md
View file

@ -166,7 +166,7 @@ See the [Docker API Access](#docker-api-access) section for more information.
services: services:
traefik: traefik:
image: traefik:v3.1 # The official v3 Traefik docker image image: traefik:v3.2 # The official v3 Traefik docker image
ports: ports:
- "80:80" - "80:80"
volumes: volumes:

4
docs/content/providers/kubernetes-crd.md
View file

@ -31,10 +31,10 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku
```bash ```bash
# Install Traefik Resource Definitions: # Install Traefik Resource Definitions:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
# Install RBAC for Traefik: # Install RBAC for Traefik:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
``` ```
## Resource Configuration ## Resource Configuration

2
docs/content/providers/kubernetes-gateway.md
View file

@ -34,7 +34,7 @@ For more details, check out the conformance [report](https://github.com/kubernet
```bash ```bash
# Install Traefik RBACs. # Install Traefik RBACs.
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml
``` ```
3. Deploy Traefik and enable the `kubernetesGateway` provider in the static configuration as detailed below: 3. Deploy Traefik and enable the `kubernetesGateway` provider in the static configuration as detailed below:

2
docs/content/providers/kubernetes-ingress.md
View file

@ -526,6 +526,6 @@ providers:
### Further ### Further
To learn more about the various aspects of the Ingress specification that Traefik supports, To learn more about the various aspects of the Ingress specification that Traefik supports,
many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v3.1/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository. many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v3.2/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
{!traefik-for-business-applications.md!} {!traefik-for-business-applications.md!}

2
docs/content/providers/swarm.md
View file

@ -212,7 +212,7 @@ See the [Docker Swarm API Access](#docker-api-access) section for more informati
services: services:
traefik: traefik:
image: traefik:v3.1 # The official v3 Traefik docker image image: traefik:v3.2 # The official v3 Traefik docker image
ports: ports:
- "80:80" - "80:80"
volumes: volumes:

142
docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
View file

@ -43,7 +43,7 @@ spec:
description: |- description: |-
EntryPoints defines the list of entry point names to bind to. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all. Default: all.
items: items:
type: string type: string
@ -63,12 +63,12 @@ spec:
match: match:
description: |- description: |-
Match defines the router's rule. Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule
type: string type: string
middlewares: middlewares:
description: |- description: |-
Middlewares defines the list of references to Middleware resources. Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware
items: items:
description: MiddlewareRef is a reference to a Middleware description: MiddlewareRef is a reference to a Middleware
resource. resource.
@ -88,7 +88,7 @@ spec:
priority: priority:
description: |- description: |-
Priority defines the router's priority. Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority
type: integer type: integer
services: services:
description: |- description: |-
@ -229,7 +229,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -277,7 +277,7 @@ spec:
syntax: syntax:
description: |- description: |-
Syntax defines the router's rule syntax. Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax
type: string type: string
required: required:
- kind - kind
@ -287,18 +287,18 @@ spec:
tls: tls:
description: |- description: |-
TLS defines the TLS configuration. TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls
properties: properties:
certResolver: certResolver:
description: |- description: |-
CertResolver defines the name of the certificate resolver to use. CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration. Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
type: string type: string
domains: domains:
description: |- description: |-
Domains defines the list of domains that will be used to issue certificates. Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@ -317,17 +317,17 @@ spec:
description: |- description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used. If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties: properties:
name: name:
description: |- description: |-
Name defines the name of the referenced TLSOption. Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
type: string type: string
namespace: namespace:
description: |- description: |-
Namespace defines the namespace of the referenced TLSOption. Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
type: string type: string
required: required:
- name - name
@ -344,12 +344,12 @@ spec:
name: name:
description: |- description: |-
Name defines the name of the referenced TLSStore. Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
type: string type: string
namespace: namespace:
description: |- description: |-
Namespace defines the namespace of the referenced TLSStore. Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
type: string type: string
required: required:
- name - name
@ -409,7 +409,7 @@ spec:
description: |- description: |-
EntryPoints defines the list of entry point names to bind to. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all. Default: all.
items: items:
type: string type: string
@ -422,7 +422,7 @@ spec:
match: match:
description: |- description: |-
Match defines the router's rule. Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1 More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1
type: string type: string
middlewares: middlewares:
description: Middlewares defines the list of references to MiddlewareTCP description: Middlewares defines the list of references to MiddlewareTCP
@ -446,7 +446,7 @@ spec:
priority: priority:
description: |- description: |-
Priority defines the router's priority. Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1 More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1
type: integer type: integer
services: services:
description: Services defines the list of TCP services. description: Services defines the list of TCP services.
@ -487,7 +487,7 @@ spec:
proxyProtocol: proxyProtocol:
description: |- description: |-
ProxyProtocol defines the PROXY protocol configuration. ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
properties: properties:
version: version:
description: Version defines the PROXY Protocol version description: Version defines the PROXY Protocol version
@ -525,7 +525,7 @@ spec:
syntax: syntax:
description: |- description: |-
Syntax defines the router's rule syntax. Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1 More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1
type: string type: string
required: required:
- match - match
@ -534,18 +534,18 @@ spec:
tls: tls:
description: |- description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route. TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1 More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1
properties: properties:
certResolver: certResolver:
description: |- description: |-
CertResolver defines the name of the certificate resolver to use. CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration. Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
type: string type: string
domains: domains:
description: |- description: |-
Domains defines the list of domains that will be used to issue certificates. Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@ -564,7 +564,7 @@ spec:
description: |- description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used. If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties: properties:
name: name:
description: Name defines the name of the referenced Traefik description: Name defines the name of the referenced Traefik
@ -656,7 +656,7 @@ spec:
description: |- description: |-
EntryPoints defines the list of entry point names to bind to. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all. Default: all.
items: items:
type: string type: string
@ -743,7 +743,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: |- description: |-
Middleware is the CRD implementation of a Traefik Middleware. Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -769,7 +769,7 @@ spec:
description: |- description: |-
AddPrefix holds the add prefix middleware configuration. AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding it. This middleware updates the path of a request before forwarding it.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/
properties: properties:
prefix: prefix:
description: |- description: |-
@ -781,12 +781,12 @@ spec:
description: |- description: |-
BasicAuth holds the basic auth middleware configuration. BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
properties: properties:
headerField: headerField:
description: |- description: |-
HeaderField defines a header field to store the authenticated user. HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
type: string type: string
realm: realm:
description: |- description: |-
@ -807,7 +807,7 @@ spec:
description: |- description: |-
Buffering holds the buffering middleware configuration. Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can be forwarded to backends. This middleware retries or limits the size of requests that can be forwarded to backends.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes
properties: properties:
maxRequestBodyBytes: maxRequestBodyBytes:
description: |- description: |-
@ -839,14 +839,14 @@ spec:
description: |- description: |-
RetryExpression defines the retry conditions. RetryExpression defines the retry conditions.
It is a logical combination of functions with operators AND (&&) and OR (||). It is a logical combination of functions with operators AND (&&) and OR (||).
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression
type: string type: string
type: object type: object
chain: chain:
description: |- description: |-
Chain holds the configuration of the chain middleware. Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware. This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/
properties: properties:
middlewares: middlewares:
description: Middlewares is the list of MiddlewareRef which composes description: Middlewares is the list of MiddlewareRef which composes
@ -905,7 +905,7 @@ spec:
description: |- description: |-
Compress holds the compress middleware configuration. Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression. This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/
properties: properties:
defaultEncoding: defaultEncoding:
description: DefaultEncoding specifies the default encoding if description: DefaultEncoding specifies the default encoding if
@ -954,12 +954,12 @@ spec:
description: |- description: |-
DigestAuth holds the digest auth middleware configuration. DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
properties: properties:
headerField: headerField:
description: |- description: |-
HeaderField defines a header field to store the authenticated user. HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
type: string type: string
realm: realm:
description: |- description: |-
@ -979,7 +979,7 @@ spec:
description: |- description: |-
ErrorPage holds the custom error middleware configuration. ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/
properties: properties:
query: query:
description: |- description: |-
@ -989,7 +989,7 @@ spec:
service: service:
description: |- description: |-
Service defines the reference to a Kubernetes Service that will serve the error page. Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service
properties: properties:
healthCheck: healthCheck:
description: Healthcheck defines health checks for ExternalName description: Healthcheck defines health checks for ExternalName
@ -1122,7 +1122,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -1180,7 +1180,7 @@ spec:
description: |- description: |-
ForwardAuth holds the forward auth middleware configuration. ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service. This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
properties: properties:
addAuthCookiesToResponse: addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies description: AddAuthCookiesToResponse defines the list of cookies
@ -1208,7 +1208,7 @@ spec:
authResponseHeadersRegex: authResponseHeadersRegex:
description: |- description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
type: string type: string
tls: tls:
description: TLS defines the configuration used to secure the description: TLS defines the configuration used to secure the
@ -1255,7 +1255,7 @@ spec:
description: |- description: |-
Headers holds the headers middleware configuration. Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers. This middleware manages the requests and responses headers.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders
properties: properties:
accessControlAllowCredentials: accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the description: AccessControlAllowCredentials defines whether the
@ -1426,7 +1426,7 @@ spec:
description: |- description: |-
InFlightReq holds the in-flight request middleware configuration. InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and served concurrently. This middleware limits the number of requests being processed and served concurrently.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/
properties: properties:
amount: amount:
description: |- description: |-
@ -1439,12 +1439,12 @@ spec:
SourceCriterion defines what criterion is used to group requests as originating from a common source. SourceCriterion defines what criterion is used to group requests as originating from a common source.
If several strategies are defined at the same time, an error will be raised. If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost. If none are set, the default is to use the requestHost.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion
properties: properties:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1479,12 +1479,12 @@ spec:
description: |- description: |-
IPAllowList holds the IP allowlist middleware configuration. IPAllowList holds the IP allowlist middleware configuration.
This middleware limits allowed requests based on the client IP. This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/
properties: properties:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1521,7 +1521,7 @@ spec:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1551,7 +1551,7 @@ spec:
description: |- description: |-
PassTLSClientCert holds the pass TLS client cert middleware configuration. PassTLSClientCert holds the pass TLS client cert middleware configuration.
This middleware adds the selected data from the passed client TLS certificate to a header. This middleware adds the selected data from the passed client TLS certificate to a header.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/
properties: properties:
info: info:
description: Info selects the specific client certificate details description: Info selects the specific client certificate details
@ -1660,7 +1660,7 @@ spec:
description: |- description: |-
RateLimit holds the rate limit configuration. RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/
properties: properties:
average: average:
description: |- description: |-
@ -1693,7 +1693,7 @@ spec:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1728,7 +1728,7 @@ spec:
description: |- description: |-
RedirectRegex holds the redirect regex middleware configuration. RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement. This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@ -1747,7 +1747,7 @@ spec:
description: |- description: |-
RedirectScheme holds the redirect scheme middleware configuration. RedirectScheme holds the redirect scheme middleware configuration.
This middleware redirects requests from a scheme/port to another. This middleware redirects requests from a scheme/port to another.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@ -1764,7 +1764,7 @@ spec:
description: |- description: |-
ReplacePath holds the replace path middleware configuration. ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/
properties: properties:
path: path:
description: Path defines the path to use as replacement in the description: Path defines the path to use as replacement in the
@ -1775,7 +1775,7 @@ spec:
description: |- description: |-
ReplacePathRegex holds the replace path regex middleware configuration. ReplacePathRegex holds the replace path regex middleware configuration.
This middleware replaces the path of a URL using regex matching and replacement. This middleware replaces the path of a URL using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/
properties: properties:
regex: regex:
description: Regex defines the regular expression used to match description: Regex defines the regular expression used to match
@ -1791,7 +1791,7 @@ spec:
Retry holds the retry middleware configuration. Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply. This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status. As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
properties: properties:
attempts: attempts:
description: Attempts defines how many times the request should description: Attempts defines how many times the request should
@ -1813,7 +1813,7 @@ spec:
description: |- description: |-
StripPrefix holds the strip prefix middleware configuration. StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path. This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/
properties: properties:
forceSlash: forceSlash:
description: |- description: |-
@ -1832,7 +1832,7 @@ spec:
description: |- description: |-
StripPrefixRegex holds the strip prefix regex middleware configuration. StripPrefixRegex holds the strip prefix regex middleware configuration.
This middleware removes the matching prefixes from the URL path. This middleware removes the matching prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/
properties: properties:
regex: regex:
description: Regex defines the regular expression to match the description: Regex defines the regular expression to match the
@ -1869,7 +1869,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: |- description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -1905,7 +1905,7 @@ spec:
description: |- description: |-
IPAllowList defines the IPAllowList middleware configuration. IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP. This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of
@ -1919,7 +1919,7 @@ spec:
IPWhiteList defines the IPWhiteList middleware configuration. IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP. This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead. Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of
@ -1958,7 +1958,7 @@ spec:
ServersTransport is the CRD implementation of a ServersTransport. ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used. If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration. The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1 More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2097,7 +2097,7 @@ spec:
ServersTransportTCP is the CRD implementation of a TCPServersTransport. ServersTransportTCP is the CRD implementation of a TCPServersTransport.
If no tcpServersTransport is specified, a default one named default@internal will be used. If no tcpServersTransport is specified, a default one named default@internal will be used.
The default@internal tcpServersTransport can be configured in the static configuration. The default@internal tcpServersTransport can be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3 More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2215,7 +2215,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: |- description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2240,14 +2240,14 @@ spec:
alpnProtocols: alpnProtocols:
description: |- description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols
items: items:
type: string type: string
type: array type: array
cipherSuites: cipherSuites:
description: |- description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites
items: items:
type: string type: string
type: array type: array
@ -2275,7 +2275,7 @@ spec:
curvePreferences: curvePreferences:
description: |- description: |-
CurvePreferences defines the preferred elliptic curves in a specific order. CurvePreferences defines the preferred elliptic curves in a specific order.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences
items: items:
type: string type: string
type: array type: array
@ -2331,7 +2331,7 @@ spec:
TLSStore is the CRD implementation of a Traefik TLS Store. TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported. For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces. This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2429,7 +2429,7 @@ spec:
TraefikService object allows to: TraefikService object allows to:
- Apply weight to Services on load-balancing - Apply weight to Services on load-balancing
- Mirror traffic on services - Mirror traffic on services
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2675,7 +2675,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -2782,7 +2782,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -2965,7 +2965,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -3012,7 +3012,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines whether sticky sessions are enabled. Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.

2
docs/content/reference/dynamic-configuration/kubernetes-gateway-traefik-lb-svc.yml
View file

@ -25,7 +25,7 @@ spec:
serviceAccountName: traefik-controller serviceAccountName: traefik-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v3.1 image: traefik:v3.2
args: args:
- --entryPoints.web.address=:80 - --entryPoints.web.address=:80
- --entryPoints.websecure.address=:443 - --entryPoints.websecure.address=:443

28
docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml
View file

@ -43,7 +43,7 @@ spec:
description: |- description: |-
EntryPoints defines the list of entry point names to bind to. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all. Default: all.
items: items:
type: string type: string
@ -63,12 +63,12 @@ spec:
match: match:
description: |- description: |-
Match defines the router's rule. Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule
type: string type: string
middlewares: middlewares:
description: |- description: |-
Middlewares defines the list of references to Middleware resources. Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware
items: items:
description: MiddlewareRef is a reference to a Middleware description: MiddlewareRef is a reference to a Middleware
resource. resource.
@ -88,7 +88,7 @@ spec:
priority: priority:
description: |- description: |-
Priority defines the router's priority. Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority
type: integer type: integer
services: services:
description: |- description: |-
@ -229,7 +229,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -277,7 +277,7 @@ spec:
syntax: syntax:
description: |- description: |-
Syntax defines the router's rule syntax. Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax
type: string type: string
required: required:
- kind - kind
@ -287,18 +287,18 @@ spec:
tls: tls:
description: |- description: |-
TLS defines the TLS configuration. TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls
properties: properties:
certResolver: certResolver:
description: |- description: |-
CertResolver defines the name of the certificate resolver to use. CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration. Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
type: string type: string
domains: domains:
description: |- description: |-
Domains defines the list of domains that will be used to issue certificates. Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@ -317,17 +317,17 @@ spec:
description: |- description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used. If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties: properties:
name: name:
description: |- description: |-
Name defines the name of the referenced TLSOption. Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
type: string type: string
namespace: namespace:
description: |- description: |-
Namespace defines the namespace of the referenced TLSOption. Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
type: string type: string
required: required:
- name - name
@ -344,12 +344,12 @@ spec:
name: name:
description: |- description: |-
Name defines the name of the referenced TLSStore. Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
type: string type: string
namespace: namespace:
description: |- description: |-
Namespace defines the namespace of the referenced TLSStore. Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
type: string type: string
required: required:
- name - name

18
docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml
View file

@ -43,7 +43,7 @@ spec:
description: |- description: |-
EntryPoints defines the list of entry point names to bind to. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all. Default: all.
items: items:
type: string type: string
@ -56,7 +56,7 @@ spec:
match: match:
description: |- description: |-
Match defines the router's rule. Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1 More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1
type: string type: string
middlewares: middlewares:
description: Middlewares defines the list of references to MiddlewareTCP description: Middlewares defines the list of references to MiddlewareTCP
@ -80,7 +80,7 @@ spec:
priority: priority:
description: |- description: |-
Priority defines the router's priority. Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1 More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1
type: integer type: integer
services: services:
description: Services defines the list of TCP services. description: Services defines the list of TCP services.
@ -121,7 +121,7 @@ spec:
proxyProtocol: proxyProtocol:
description: |- description: |-
ProxyProtocol defines the PROXY protocol configuration. ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
properties: properties:
version: version:
description: Version defines the PROXY Protocol version description: Version defines the PROXY Protocol version
@ -159,7 +159,7 @@ spec:
syntax: syntax:
description: |- description: |-
Syntax defines the router's rule syntax. Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1 More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1
type: string type: string
required: required:
- match - match
@ -168,18 +168,18 @@ spec:
tls: tls:
description: |- description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route. TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1 More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1
properties: properties:
certResolver: certResolver:
description: |- description: |-
CertResolver defines the name of the certificate resolver to use. CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration. Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
type: string type: string
domains: domains:
description: |- description: |-
Domains defines the list of domains that will be used to issue certificates. Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@ -198,7 +198,7 @@ spec:
description: |- description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used. If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties: properties:
name: name:
description: Name defines the name of the referenced Traefik description: Name defines the name of the referenced Traefik

2
docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml
View file

@ -43,7 +43,7 @@ spec:
description: |- description: |-
EntryPoints defines the list of entry point names to bind to. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all. Default: all.
items: items:
type: string type: string

64
docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
View file

@ -19,7 +19,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: |- description: |-
Middleware is the CRD implementation of a Traefik Middleware. Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -45,7 +45,7 @@ spec:
description: |- description: |-
AddPrefix holds the add prefix middleware configuration. AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding it. This middleware updates the path of a request before forwarding it.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/
properties: properties:
prefix: prefix:
description: |- description: |-
@ -57,12 +57,12 @@ spec:
description: |- description: |-
BasicAuth holds the basic auth middleware configuration. BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
properties: properties:
headerField: headerField:
description: |- description: |-
HeaderField defines a header field to store the authenticated user. HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
type: string type: string
realm: realm:
description: |- description: |-
@ -83,7 +83,7 @@ spec:
description: |- description: |-
Buffering holds the buffering middleware configuration. Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can be forwarded to backends. This middleware retries or limits the size of requests that can be forwarded to backends.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes
properties: properties:
maxRequestBodyBytes: maxRequestBodyBytes:
description: |- description: |-
@ -115,14 +115,14 @@ spec:
description: |- description: |-
RetryExpression defines the retry conditions. RetryExpression defines the retry conditions.
It is a logical combination of functions with operators AND (&&) and OR (||). It is a logical combination of functions with operators AND (&&) and OR (||).
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression
type: string type: string
type: object type: object
chain: chain:
description: |- description: |-
Chain holds the configuration of the chain middleware. Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware. This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/
properties: properties:
middlewares: middlewares:
description: Middlewares is the list of MiddlewareRef which composes description: Middlewares is the list of MiddlewareRef which composes
@ -181,7 +181,7 @@ spec:
description: |- description: |-
Compress holds the compress middleware configuration. Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression. This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/
properties: properties:
defaultEncoding: defaultEncoding:
description: DefaultEncoding specifies the default encoding if description: DefaultEncoding specifies the default encoding if
@ -230,12 +230,12 @@ spec:
description: |- description: |-
DigestAuth holds the digest auth middleware configuration. DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
properties: properties:
headerField: headerField:
description: |- description: |-
HeaderField defines a header field to store the authenticated user. HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
type: string type: string
realm: realm:
description: |- description: |-
@ -255,7 +255,7 @@ spec:
description: |- description: |-
ErrorPage holds the custom error middleware configuration. ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/
properties: properties:
query: query:
description: |- description: |-
@ -265,7 +265,7 @@ spec:
service: service:
description: |- description: |-
Service defines the reference to a Kubernetes Service that will serve the error page. Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service
properties: properties:
healthCheck: healthCheck:
description: Healthcheck defines health checks for ExternalName description: Healthcheck defines health checks for ExternalName
@ -398,7 +398,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -456,7 +456,7 @@ spec:
description: |- description: |-
ForwardAuth holds the forward auth middleware configuration. ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service. This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
properties: properties:
addAuthCookiesToResponse: addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies description: AddAuthCookiesToResponse defines the list of cookies
@ -484,7 +484,7 @@ spec:
authResponseHeadersRegex: authResponseHeadersRegex:
description: |- description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
type: string type: string
tls: tls:
description: TLS defines the configuration used to secure the description: TLS defines the configuration used to secure the
@ -531,7 +531,7 @@ spec:
description: |- description: |-
Headers holds the headers middleware configuration. Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers. This middleware manages the requests and responses headers.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders
properties: properties:
accessControlAllowCredentials: accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the description: AccessControlAllowCredentials defines whether the
@ -702,7 +702,7 @@ spec:
description: |- description: |-
InFlightReq holds the in-flight request middleware configuration. InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and served concurrently. This middleware limits the number of requests being processed and served concurrently.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/
properties: properties:
amount: amount:
description: |- description: |-
@ -715,12 +715,12 @@ spec:
SourceCriterion defines what criterion is used to group requests as originating from a common source. SourceCriterion defines what criterion is used to group requests as originating from a common source.
If several strategies are defined at the same time, an error will be raised. If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost. If none are set, the default is to use the requestHost.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion
properties: properties:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -755,12 +755,12 @@ spec:
description: |- description: |-
IPAllowList holds the IP allowlist middleware configuration. IPAllowList holds the IP allowlist middleware configuration.
This middleware limits allowed requests based on the client IP. This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/
properties: properties:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -797,7 +797,7 @@ spec:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -827,7 +827,7 @@ spec:
description: |- description: |-
PassTLSClientCert holds the pass TLS client cert middleware configuration. PassTLSClientCert holds the pass TLS client cert middleware configuration.
This middleware adds the selected data from the passed client TLS certificate to a header. This middleware adds the selected data from the passed client TLS certificate to a header.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/
properties: properties:
info: info:
description: Info selects the specific client certificate details description: Info selects the specific client certificate details
@ -936,7 +936,7 @@ spec:
description: |- description: |-
RateLimit holds the rate limit configuration. RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/
properties: properties:
average: average:
description: |- description: |-
@ -969,7 +969,7 @@ spec:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1004,7 +1004,7 @@ spec:
description: |- description: |-
RedirectRegex holds the redirect regex middleware configuration. RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement. This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@ -1023,7 +1023,7 @@ spec:
description: |- description: |-
RedirectScheme holds the redirect scheme middleware configuration. RedirectScheme holds the redirect scheme middleware configuration.
This middleware redirects requests from a scheme/port to another. This middleware redirects requests from a scheme/port to another.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@ -1040,7 +1040,7 @@ spec:
description: |- description: |-
ReplacePath holds the replace path middleware configuration. ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/
properties: properties:
path: path:
description: Path defines the path to use as replacement in the description: Path defines the path to use as replacement in the
@ -1051,7 +1051,7 @@ spec:
description: |- description: |-
ReplacePathRegex holds the replace path regex middleware configuration. ReplacePathRegex holds the replace path regex middleware configuration.
This middleware replaces the path of a URL using regex matching and replacement. This middleware replaces the path of a URL using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/
properties: properties:
regex: regex:
description: Regex defines the regular expression used to match description: Regex defines the regular expression used to match
@ -1067,7 +1067,7 @@ spec:
Retry holds the retry middleware configuration. Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply. This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status. As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
properties: properties:
attempts: attempts:
description: Attempts defines how many times the request should description: Attempts defines how many times the request should
@ -1089,7 +1089,7 @@ spec:
description: |- description: |-
StripPrefix holds the strip prefix middleware configuration. StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path. This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/
properties: properties:
forceSlash: forceSlash:
description: |- description: |-
@ -1108,7 +1108,7 @@ spec:
description: |- description: |-
StripPrefixRegex holds the strip prefix regex middleware configuration. StripPrefixRegex holds the strip prefix regex middleware configuration.
This middleware removes the matching prefixes from the URL path. This middleware removes the matching prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/
properties: properties:
regex: regex:
description: Regex defines the regular expression to match the description: Regex defines the regular expression to match the

6
docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml
View file

@ -19,7 +19,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: |- description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -55,7 +55,7 @@ spec:
description: |- description: |-
IPAllowList defines the IPAllowList middleware configuration. IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP. This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of
@ -69,7 +69,7 @@ spec:
IPWhiteList defines the IPWhiteList middleware configuration. IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP. This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead. Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of

2
docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml
View file

@ -21,7 +21,7 @@ spec:
ServersTransport is the CRD implementation of a ServersTransport. ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used. If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration. The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1 More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1
properties: properties:
apiVersion: apiVersion:
description: |- description: |-

2
docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml
View file

@ -21,7 +21,7 @@ spec:
ServersTransportTCP is the CRD implementation of a TCPServersTransport. ServersTransportTCP is the CRD implementation of a TCPServersTransport.
If no tcpServersTransport is specified, a default one named default@internal will be used. If no tcpServersTransport is specified, a default one named default@internal will be used.
The default@internal tcpServersTransport can be configured in the static configuration. The default@internal tcpServersTransport can be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3 More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3
properties: properties:
apiVersion: apiVersion:
description: |- description: |-

8
docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml
View file

@ -19,7 +19,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: |- description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -44,14 +44,14 @@ spec:
alpnProtocols: alpnProtocols:
description: |- description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols
items: items:
type: string type: string
type: array type: array
cipherSuites: cipherSuites:
description: |- description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites
items: items:
type: string type: string
type: array type: array
@ -79,7 +79,7 @@ spec:
curvePreferences: curvePreferences:
description: |- description: |-
CurvePreferences defines the preferred elliptic curves in a specific order. CurvePreferences defines the preferred elliptic curves in a specific order.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences
items: items:
type: string type: string
type: array type: array

2
docs/content/reference/dynamic-configuration/traefik.io_tlsstores.yaml
View file

@ -21,7 +21,7 @@ spec:
TLSStore is the CRD implementation of a Traefik TLS Store. TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported. For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces. This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores
properties: properties:
apiVersion: apiVersion:
description: |- description: |-

10
docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml
View file

@ -22,7 +22,7 @@ spec:
TraefikService object allows to: TraefikService object allows to:
- Apply weight to Services on load-balancing - Apply weight to Services on load-balancing
- Mirror traffic on services - Mirror traffic on services
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -268,7 +268,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -375,7 +375,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -558,7 +558,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -605,7 +605,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines whether sticky sessions are enabled. Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.

3
docs/content/reference/static-configuration/cli-ref.md
View file

@ -801,6 +801,9 @@ Kubernetes label selector to select specific GatewayClasses.
`--providers.kubernetesgateway.namespaces`: `--providers.kubernetesgateway.namespaces`:
Kubernetes namespaces. Kubernetes namespaces.
`--providers.kubernetesgateway.nativelbbydefault`:
Defines whether to use Native Kubernetes load-balancing by default. (Default: ```false```)
`--providers.kubernetesgateway.statusaddress.hostname`: `--providers.kubernetesgateway.statusaddress.hostname`:
Hostname used for Kubernetes Gateway status address. Hostname used for Kubernetes Gateway status address.

3
docs/content/reference/static-configuration/env-ref.md
View file

@ -801,6 +801,9 @@ Kubernetes label selector to select specific GatewayClasses.
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_NAMESPACES`: `TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_NAMESPACES`:
Kubernetes namespaces. Kubernetes namespaces.
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_NATIVELBBYDEFAULT`:
Defines whether to use Native Kubernetes load-balancing by default. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_STATUSADDRESS_HOSTNAME`: `TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_STATUSADDRESS_HOSTNAME`:
Hostname used for Kubernetes Gateway status address. Hostname used for Kubernetes Gateway status address.

1
docs/content/reference/static-configuration/file.toml
View file

@ -158,6 +158,7 @@
labelSelector = "foobar" labelSelector = "foobar"
throttleDuration = "42s" throttleDuration = "42s"
experimentalChannel = true experimentalChannel = true
nativeLBByDefault = true
[providers.kubernetesGateway.statusAddress] [providers.kubernetesGateway.statusAddress]
ip = "foobar" ip = "foobar"
hostname = "foobar" hostname = "foobar"

1
docs/content/reference/static-configuration/file.yaml
View file

@ -183,6 +183,7 @@ providers:
service: service:
name: foobar name: foobar
namespace: foobar namespace: foobar
nativeLBByDefault: true
rest: rest:
insecure: true insecure: true
consulCatalog: consulCatalog:

2
docs/content/routing/providers/kubernetes-crd.md
View file

@ -48,7 +48,7 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
serviceAccountName: traefik-ingress-controller serviceAccountName: traefik-ingress-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v3.1 image: traefik:v3.2
args: args:
- --log.level=DEBUG - --log.level=DEBUG
- --api - --api

6
docs/content/routing/providers/kubernetes-ingress.md
View file

@ -130,7 +130,7 @@ which in turn will create the resulting routers, services, handlers, etc.
serviceAccountName: traefik-ingress-controller serviceAccountName: traefik-ingress-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v3.1 image: traefik:v3.2
args: args:
- --entryPoints.web.address=:80 - --entryPoints.web.address=:80
- --providers.kubernetesingress - --providers.kubernetesingress
@ -543,7 +543,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
serviceAccountName: traefik-ingress-controller serviceAccountName: traefik-ingress-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v3.1 image: traefik:v3.2
args: args:
- --entryPoints.websecure.address=:443 - --entryPoints.websecure.address=:443
- --entryPoints.websecure.http.tls - --entryPoints.websecure.http.tls
@ -736,7 +736,7 @@ For more options, please refer to the available [annotations](#on-ingress).
serviceAccountName: traefik-ingress-controller serviceAccountName: traefik-ingress-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v3.1 image: traefik:v3.2
args: args:
- --entryPoints.websecure.address=:443 - --entryPoints.websecure.address=:443
- --providers.kubernetesingress - --providers.kubernetesingress

2
docs/content/user-guides/crd-acme/03-deployments.yml
View file

@ -26,7 +26,7 @@ spec:
serviceAccountName: traefik-ingress-controller serviceAccountName: traefik-ingress-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v3.1 image: traefik:v3.2
args: args:
- --api.insecure - --api.insecure
- --accesslog - --accesslog

12
docs/content/user-guides/crd-acme/index.md
View file

@ -49,10 +49,10 @@ and the RBAC authorization resources which will be referenced through the `servi
```bash ```bash
# Install Traefik Resource Definitions: # Install Traefik Resource Definitions:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
# Install RBAC for Traefik: # Install RBAC for Traefik:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
``` ```
### Services ### Services
@ -60,7 +60,7 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/con
Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/traefik/whoami). Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/traefik/whoami).
```bash ```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/02-services.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/02-services.yml
``` ```
```yaml ```yaml
@ -73,7 +73,7 @@ Next, the deployments, i.e. the actual pods behind the services.
Again, one pod for Traefik, and one for the whoami app. Again, one pod for Traefik, and one for the whoami app.
```bash ```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/03-deployments.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/03-deployments.yml
``` ```
```yaml ```yaml
@ -100,7 +100,7 @@ Look it up.
We can now finally apply the actual ingressRoutes, with: We can now finally apply the actual ingressRoutes, with:
```bash ```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/04-ingressroutes.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/04-ingressroutes.yml
``` ```
```yaml ```yaml
@ -126,7 +126,7 @@ Nowadays, TLS v1.0 and v1.1 are deprecated.
In order to force TLS v1.2 or later on all your IngressRoute, you can define the `default` TLSOption: In order to force TLS v1.2 or later on all your IngressRoute, you can define the `default` TLSOption:
```bash ```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/05-tlsoption.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/05-tlsoption.yml
``` ```
```yaml ```yaml

2
docs/content/user-guides/crd-acme/k3s.yml
View file

@ -26,5 +26,5 @@ node:
- K3S_CLUSTER_SECRET=somethingtotallyrandom - K3S_CLUSTER_SECRET=somethingtotallyrandom
volumes: volumes:
# this is where you would place a alternative traefik image (saved as a .tar file with # this is where you would place a alternative traefik image (saved as a .tar file with
# 'docker save'), if you want to use it, instead of the traefik:v3.1 image. # 'docker save'), if you want to use it, instead of the traefik:v3.2 image.
- /somewhere/on/your/host/custom-image:/var/lib/rancher/k3s/agent/images - /somewhere/on/your/host/custom-image:/var/lib/rancher/k3s/agent/images

2
docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml
View file

@ -3,7 +3,7 @@ version: "3.3"
services: services:
traefik: traefik:
image: "traefik:v3.1" image: "traefik:v3.2"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/acme-dns/docker-compose_secrets.yml
View file

@ -13,7 +13,7 @@ secrets:
services: services:
traefik: traefik:
image: "traefik:v3.1" image: "traefik:v3.2"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/acme-http/docker-compose.yml
View file

@ -3,7 +3,7 @@ version: "3.3"
services: services:
traefik: traefik:
image: "traefik:v3.1" image: "traefik:v3.2"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/acme-tls/docker-compose.yml
View file

@ -3,7 +3,7 @@ version: "3.3"
services: services:
traefik: traefik:
image: "traefik:v3.1" image: "traefik:v3.2"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/basic-example/docker-compose.yml
View file

@ -3,7 +3,7 @@ version: "3.3"
services: services:
traefik: traefik:
image: "traefik:v3.1" image: "traefik:v3.2"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/basic-example/index.md
View file

@ -31,7 +31,7 @@ Create a `docker-compose.yml` file with the following content:
services: services:
traefik: traefik:
image: "traefik:v3.1" image: "traefik:v3.2"
... ...
networks: networks:
- traefiknet - traefiknet

2
go.mod
View file

@ -34,7 +34,7 @@ require (
github.com/http-wasm/http-wasm-host-go v0.6.0 github.com/http-wasm/http-wasm-host-go v0.6.0
github.com/influxdata/influxdb-client-go/v2 v2.7.0 github.com/influxdata/influxdb-client-go/v2 v2.7.0
github.com/influxdata/influxdb1-client v0.0.0-20200827194710-b269163b24ab // No tag on the repo. github.com/influxdata/influxdb1-client v0.0.0-20200827194710-b269163b24ab // No tag on the repo.
github.com/klauspost/compress v1.17.9 github.com/klauspost/compress v1.17.11-0.20240927175842-8e14b1b5a913 // Required to have the content-type fix: https://github.com/klauspost/compress/pull/1011
github.com/kvtools/consul v1.0.2 github.com/kvtools/consul v1.0.2
github.com/kvtools/etcdv3 v1.0.2 github.com/kvtools/etcdv3 v1.0.2
github.com/kvtools/redis v1.1.0 github.com/kvtools/redis v1.1.0

4
go.sum
View file

@ -597,8 +597,8 @@ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvW
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= github.com/klauspost/compress v1.17.11-0.20240927175842-8e14b1b5a913 h1:7s7Xd7zVElAw1qh/eh+tXDNfDNXXj38Tpq54eeG6/BM=
github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/klauspost/compress v1.17.11-0.20240927175842-8e14b1b5a913/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg= github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=

142
integration/fixtures/k8s/01-traefik-crd.yml
View file

@ -43,7 +43,7 @@ spec:
description: |- description: |-
EntryPoints defines the list of entry point names to bind to. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all. Default: all.
items: items:
type: string type: string
@ -63,12 +63,12 @@ spec:
match: match:
description: |- description: |-
Match defines the router's rule. Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule
type: string type: string
middlewares: middlewares:
description: |- description: |-
Middlewares defines the list of references to Middleware resources. Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware
items: items:
description: MiddlewareRef is a reference to a Middleware description: MiddlewareRef is a reference to a Middleware
resource. resource.
@ -88,7 +88,7 @@ spec:
priority: priority:
description: |- description: |-
Priority defines the router's priority. Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority
type: integer type: integer
services: services:
description: |- description: |-
@ -229,7 +229,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -277,7 +277,7 @@ spec:
syntax: syntax:
description: |- description: |-
Syntax defines the router's rule syntax. Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax
type: string type: string
required: required:
- kind - kind
@ -287,18 +287,18 @@ spec:
tls: tls:
description: |- description: |-
TLS defines the TLS configuration. TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls
properties: properties:
certResolver: certResolver:
description: |- description: |-
CertResolver defines the name of the certificate resolver to use. CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration. Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
type: string type: string
domains: domains:
description: |- description: |-
Domains defines the list of domains that will be used to issue certificates. Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@ -317,17 +317,17 @@ spec:
description: |- description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used. If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties: properties:
name: name:
description: |- description: |-
Name defines the name of the referenced TLSOption. Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
type: string type: string
namespace: namespace:
description: |- description: |-
Namespace defines the namespace of the referenced TLSOption. Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
type: string type: string
required: required:
- name - name
@ -344,12 +344,12 @@ spec:
name: name:
description: |- description: |-
Name defines the name of the referenced TLSStore. Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
type: string type: string
namespace: namespace:
description: |- description: |-
Namespace defines the namespace of the referenced TLSStore. Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
type: string type: string
required: required:
- name - name
@ -409,7 +409,7 @@ spec:
description: |- description: |-
EntryPoints defines the list of entry point names to bind to. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all. Default: all.
items: items:
type: string type: string
@ -422,7 +422,7 @@ spec:
match: match:
description: |- description: |-
Match defines the router's rule. Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1 More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1
type: string type: string
middlewares: middlewares:
description: Middlewares defines the list of references to MiddlewareTCP description: Middlewares defines the list of references to MiddlewareTCP
@ -446,7 +446,7 @@ spec:
priority: priority:
description: |- description: |-
Priority defines the router's priority. Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1 More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1
type: integer type: integer
services: services:
description: Services defines the list of TCP services. description: Services defines the list of TCP services.
@ -487,7 +487,7 @@ spec:
proxyProtocol: proxyProtocol:
description: |- description: |-
ProxyProtocol defines the PROXY protocol configuration. ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
properties: properties:
version: version:
description: Version defines the PROXY Protocol version description: Version defines the PROXY Protocol version
@ -525,7 +525,7 @@ spec:
syntax: syntax:
description: |- description: |-
Syntax defines the router's rule syntax. Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1 More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1
type: string type: string
required: required:
- match - match
@ -534,18 +534,18 @@ spec:
tls: tls:
description: |- description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route. TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1 More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1
properties: properties:
certResolver: certResolver:
description: |- description: |-
CertResolver defines the name of the certificate resolver to use. CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration. Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
type: string type: string
domains: domains:
description: |- description: |-
Domains defines the list of domains that will be used to issue certificates. Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@ -564,7 +564,7 @@ spec:
description: |- description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used. If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties: properties:
name: name:
description: Name defines the name of the referenced Traefik description: Name defines the name of the referenced Traefik
@ -656,7 +656,7 @@ spec:
description: |- description: |-
EntryPoints defines the list of entry point names to bind to. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all. Default: all.
items: items:
type: string type: string
@ -743,7 +743,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: |- description: |-
Middleware is the CRD implementation of a Traefik Middleware. Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -769,7 +769,7 @@ spec:
description: |- description: |-
AddPrefix holds the add prefix middleware configuration. AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding it. This middleware updates the path of a request before forwarding it.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/
properties: properties:
prefix: prefix:
description: |- description: |-
@ -781,12 +781,12 @@ spec:
description: |- description: |-
BasicAuth holds the basic auth middleware configuration. BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
properties: properties:
headerField: headerField:
description: |- description: |-
HeaderField defines a header field to store the authenticated user. HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
type: string type: string
realm: realm:
description: |- description: |-
@ -807,7 +807,7 @@ spec:
description: |- description: |-
Buffering holds the buffering middleware configuration. Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can be forwarded to backends. This middleware retries or limits the size of requests that can be forwarded to backends.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes
properties: properties:
maxRequestBodyBytes: maxRequestBodyBytes:
description: |- description: |-
@ -839,14 +839,14 @@ spec:
description: |- description: |-
RetryExpression defines the retry conditions. RetryExpression defines the retry conditions.
It is a logical combination of functions with operators AND (&&) and OR (||). It is a logical combination of functions with operators AND (&&) and OR (||).
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression
type: string type: string
type: object type: object
chain: chain:
description: |- description: |-
Chain holds the configuration of the chain middleware. Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware. This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/
properties: properties:
middlewares: middlewares:
description: Middlewares is the list of MiddlewareRef which composes description: Middlewares is the list of MiddlewareRef which composes
@ -905,7 +905,7 @@ spec:
description: |- description: |-
Compress holds the compress middleware configuration. Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression. This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/
properties: properties:
defaultEncoding: defaultEncoding:
description: DefaultEncoding specifies the default encoding if description: DefaultEncoding specifies the default encoding if
@ -954,12 +954,12 @@ spec:
description: |- description: |-
DigestAuth holds the digest auth middleware configuration. DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
properties: properties:
headerField: headerField:
description: |- description: |-
HeaderField defines a header field to store the authenticated user. HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
type: string type: string
realm: realm:
description: |- description: |-
@ -979,7 +979,7 @@ spec:
description: |- description: |-
ErrorPage holds the custom error middleware configuration. ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/
properties: properties:
query: query:
description: |- description: |-
@ -989,7 +989,7 @@ spec:
service: service:
description: |- description: |-
Service defines the reference to a Kubernetes Service that will serve the error page. Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service
properties: properties:
healthCheck: healthCheck:
description: Healthcheck defines health checks for ExternalName description: Healthcheck defines health checks for ExternalName
@ -1122,7 +1122,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -1180,7 +1180,7 @@ spec:
description: |- description: |-
ForwardAuth holds the forward auth middleware configuration. ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service. This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
properties: properties:
addAuthCookiesToResponse: addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies description: AddAuthCookiesToResponse defines the list of cookies
@ -1208,7 +1208,7 @@ spec:
authResponseHeadersRegex: authResponseHeadersRegex:
description: |- description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
type: string type: string
tls: tls:
description: TLS defines the configuration used to secure the description: TLS defines the configuration used to secure the
@ -1255,7 +1255,7 @@ spec:
description: |- description: |-
Headers holds the headers middleware configuration. Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers. This middleware manages the requests and responses headers.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders
properties: properties:
accessControlAllowCredentials: accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the description: AccessControlAllowCredentials defines whether the
@ -1426,7 +1426,7 @@ spec:
description: |- description: |-
InFlightReq holds the in-flight request middleware configuration. InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and served concurrently. This middleware limits the number of requests being processed and served concurrently.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/
properties: properties:
amount: amount:
description: |- description: |-
@ -1439,12 +1439,12 @@ spec:
SourceCriterion defines what criterion is used to group requests as originating from a common source. SourceCriterion defines what criterion is used to group requests as originating from a common source.
If several strategies are defined at the same time, an error will be raised. If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost. If none are set, the default is to use the requestHost.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion
properties: properties:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1479,12 +1479,12 @@ spec:
description: |- description: |-
IPAllowList holds the IP allowlist middleware configuration. IPAllowList holds the IP allowlist middleware configuration.
This middleware limits allowed requests based on the client IP. This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/
properties: properties:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1521,7 +1521,7 @@ spec:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1551,7 +1551,7 @@ spec:
description: |- description: |-
PassTLSClientCert holds the pass TLS client cert middleware configuration. PassTLSClientCert holds the pass TLS client cert middleware configuration.
This middleware adds the selected data from the passed client TLS certificate to a header. This middleware adds the selected data from the passed client TLS certificate to a header.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/
properties: properties:
info: info:
description: Info selects the specific client certificate details description: Info selects the specific client certificate details
@ -1660,7 +1660,7 @@ spec:
description: |- description: |-
RateLimit holds the rate limit configuration. RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/
properties: properties:
average: average:
description: |- description: |-
@ -1693,7 +1693,7 @@ spec:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1728,7 +1728,7 @@ spec:
description: |- description: |-
RedirectRegex holds the redirect regex middleware configuration. RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement. This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@ -1747,7 +1747,7 @@ spec:
description: |- description: |-
RedirectScheme holds the redirect scheme middleware configuration. RedirectScheme holds the redirect scheme middleware configuration.
This middleware redirects requests from a scheme/port to another. This middleware redirects requests from a scheme/port to another.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@ -1764,7 +1764,7 @@ spec:
description: |- description: |-
ReplacePath holds the replace path middleware configuration. ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/
properties: properties:
path: path:
description: Path defines the path to use as replacement in the description: Path defines the path to use as replacement in the
@ -1775,7 +1775,7 @@ spec:
description: |- description: |-
ReplacePathRegex holds the replace path regex middleware configuration. ReplacePathRegex holds the replace path regex middleware configuration.
This middleware replaces the path of a URL using regex matching and replacement. This middleware replaces the path of a URL using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/
properties: properties:
regex: regex:
description: Regex defines the regular expression used to match description: Regex defines the regular expression used to match
@ -1791,7 +1791,7 @@ spec:
Retry holds the retry middleware configuration. Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply. This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status. As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
properties: properties:
attempts: attempts:
description: Attempts defines how many times the request should description: Attempts defines how many times the request should
@ -1813,7 +1813,7 @@ spec:
description: |- description: |-
StripPrefix holds the strip prefix middleware configuration. StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path. This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/
properties: properties:
forceSlash: forceSlash:
description: |- description: |-
@ -1832,7 +1832,7 @@ spec:
description: |- description: |-
StripPrefixRegex holds the strip prefix regex middleware configuration. StripPrefixRegex holds the strip prefix regex middleware configuration.
This middleware removes the matching prefixes from the URL path. This middleware removes the matching prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/
properties: properties:
regex: regex:
description: Regex defines the regular expression to match the description: Regex defines the regular expression to match the
@ -1869,7 +1869,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: |- description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -1905,7 +1905,7 @@ spec:
description: |- description: |-
IPAllowList defines the IPAllowList middleware configuration. IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP. This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of
@ -1919,7 +1919,7 @@ spec:
IPWhiteList defines the IPWhiteList middleware configuration. IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP. This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead. Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/ More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of
@ -1958,7 +1958,7 @@ spec:
ServersTransport is the CRD implementation of a ServersTransport. ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used. If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration. The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1 More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2097,7 +2097,7 @@ spec:
ServersTransportTCP is the CRD implementation of a TCPServersTransport. ServersTransportTCP is the CRD implementation of a TCPServersTransport.
If no tcpServersTransport is specified, a default one named default@internal will be used. If no tcpServersTransport is specified, a default one named default@internal will be used.
The default@internal tcpServersTransport can be configured in the static configuration. The default@internal tcpServersTransport can be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3 More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2215,7 +2215,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: |- description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2240,14 +2240,14 @@ spec:
alpnProtocols: alpnProtocols:
description: |- description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols
items: items:
type: string type: string
type: array type: array
cipherSuites: cipherSuites:
description: |- description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites
items: items:
type: string type: string
type: array type: array
@ -2275,7 +2275,7 @@ spec:
curvePreferences: curvePreferences:
description: |- description: |-
CurvePreferences defines the preferred elliptic curves in a specific order. CurvePreferences defines the preferred elliptic curves in a specific order.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences
items: items:
type: string type: string
type: array type: array
@ -2331,7 +2331,7 @@ spec:
TLSStore is the CRD implementation of a Traefik TLS Store. TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported. For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces. This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2429,7 +2429,7 @@ spec:
TraefikService object allows to: TraefikService object allows to:
- Apply weight to Services on load-balancing - Apply weight to Services on load-balancing
- Mirror traffic on services - Mirror traffic on services
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2675,7 +2675,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -2782,7 +2782,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -2965,7 +2965,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -3012,7 +3012,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines whether sticky sessions are enabled. Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.

48
pkg/cli/deprecation.go
View file

@ -194,7 +194,7 @@ func (c *configuration) deprecationNotice(logger zerolog.Logger) bool {
if c.Pilot != nil { if c.Pilot != nil {
incompatible = true incompatible = true
logger.Error().Msg("Pilot configuration has been removed in v3, please remove all Pilot-related static configuration for Traefik to start." + logger.Error().Msg("Pilot configuration has been removed in v3, please remove all Pilot-related static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#pilot") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#pilot")
} }
incompatibleExperimental := c.Experimental.deprecationNotice(logger) incompatibleExperimental := c.Experimental.deprecationNotice(logger)
@ -227,13 +227,13 @@ func (p *providers) deprecationNotice(logger zerolog.Logger) bool {
if p.Marathon != nil { if p.Marathon != nil {
incompatible = true incompatible = true
logger.Error().Msg("Marathon provider has been removed in v3, please remove all Marathon-related static configuration for Traefik to start." + logger.Error().Msg("Marathon provider has been removed in v3, please remove all Marathon-related static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#marathon-provider") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#marathon-provider")
} }
if p.Rancher != nil { if p.Rancher != nil {
incompatible = true incompatible = true
logger.Error().Msg("Rancher provider has been removed in v3, please remove all Rancher-related static configuration for Traefik to start." + logger.Error().Msg("Rancher provider has been removed in v3, please remove all Rancher-related static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#rancher-v1-provider") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#rancher-v1-provider")
} }
dockerIncompatible := p.Docker.deprecationNotice(logger) dockerIncompatible := p.Docker.deprecationNotice(logger)
@ -275,14 +275,14 @@ func (d *docker) deprecationNotice(logger zerolog.Logger) bool {
if d.SwarmMode != nil { if d.SwarmMode != nil {
incompatible = true incompatible = true
logger.Error().Msg("Docker provider `swarmMode` option has been removed in v3, please use the Swarm Provider instead." + logger.Error().Msg("Docker provider `swarmMode` option has been removed in v3, please use the Swarm Provider instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#docker-docker-swarm") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#docker-docker-swarm")
} }
if d.TLS != nil && d.TLS.CAOptional != nil { if d.TLS != nil && d.TLS.CAOptional != nil {
incompatible = true incompatible = true
logger.Error().Msg("Docker provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + logger.Error().Msg("Docker provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." + "Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional")
} }
return incompatible return incompatible
@ -323,7 +323,7 @@ func (e *etcd) deprecationNotice(logger zerolog.Logger) bool {
incompatible = true incompatible = true
logger.Error().Msg("ETCD provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + logger.Error().Msg("ETCD provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." + "Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_3") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_3")
} }
return incompatible return incompatible
@ -344,7 +344,7 @@ func (r *redis) deprecationNotice(logger zerolog.Logger) bool {
incompatible = true incompatible = true
logger.Error().Msg("Redis provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + logger.Error().Msg("Redis provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." + "Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_4") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_4")
} }
return incompatible return incompatible
@ -365,14 +365,14 @@ func (c *consul) deprecationNotice(logger zerolog.Logger) bool {
if c.Namespace != nil { if c.Namespace != nil {
incompatible = true incompatible = true
logger.Error().Msg("Consul provider `namespace` option has been removed, please use the `namespaces` option instead." + logger.Error().Msg("Consul provider `namespace` option has been removed, please use the `namespaces` option instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#consul-provider") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#consul-provider")
} }
if c.TLS != nil && c.TLS.CAOptional != nil { if c.TLS != nil && c.TLS.CAOptional != nil {
incompatible = true incompatible = true
logger.Error().Msg("Consul provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + logger.Error().Msg("Consul provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." + "Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_1") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_1")
} }
return incompatible return incompatible
@ -397,14 +397,14 @@ func (c *consulCatalog) deprecationNotice(logger zerolog.Logger) bool {
if c.Namespace != nil { if c.Namespace != nil {
incompatible = true incompatible = true
logger.Error().Msg("ConsulCatalog provider `namespace` option has been removed, please use the `namespaces` option instead." + logger.Error().Msg("ConsulCatalog provider `namespace` option has been removed, please use the `namespaces` option instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#consulcatalog-provider") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#consulcatalog-provider")
} }
if c.Endpoint != nil && c.Endpoint.TLS != nil && c.Endpoint.TLS.CAOptional != nil { if c.Endpoint != nil && c.Endpoint.TLS != nil && c.Endpoint.TLS.CAOptional != nil {
incompatible = true incompatible = true
logger.Error().Msg("ConsulCatalog provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + logger.Error().Msg("ConsulCatalog provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." + "Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#endpointtlscaoptional") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#endpointtlscaoptional")
} }
return incompatible return incompatible
@ -425,14 +425,14 @@ func (n *nomad) deprecationNotice(logger zerolog.Logger) bool {
if n.Namespace != nil { if n.Namespace != nil {
incompatible = true incompatible = true
logger.Error().Msg("Nomad provider `namespace` option has been removed, please use the `namespaces` option instead." + logger.Error().Msg("Nomad provider `namespace` option has been removed, please use the `namespaces` option instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#nomad-provider") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#nomad-provider")
} }
if n.Endpoint != nil && n.Endpoint.TLS != nil && n.Endpoint.TLS.CAOptional != nil { if n.Endpoint != nil && n.Endpoint.TLS != nil && n.Endpoint.TLS.CAOptional != nil {
incompatible = true incompatible = true
logger.Error().Msg("Nomad provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + logger.Error().Msg("Nomad provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." + "Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#endpointtlscaoptional_1") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#endpointtlscaoptional_1")
} }
return incompatible return incompatible
@ -453,7 +453,7 @@ func (h *http) deprecationNotice(logger zerolog.Logger) bool {
incompatible = true incompatible = true
logger.Error().Msg("HTTP provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + logger.Error().Msg("HTTP provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." + "Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_2") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_2")
} }
return incompatible return incompatible
@ -471,7 +471,7 @@ func (i *ingress) deprecationNotice(logger zerolog.Logger) {
if i.DisableIngressClassLookup != nil { if i.DisableIngressClassLookup != nil {
logger.Error().Msg("Kubernetes Ingress provider `disableIngressClassLookup` option has been deprecated in v3.1, and will be removed in the next major version." + logger.Error().Msg("Kubernetes Ingress provider `disableIngressClassLookup` option has been deprecated in v3.1, and will be removed in the next major version." +
"Please use the `disableClusterScopeResources` option instead." + "Please use the `disableClusterScopeResources` option instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v3/#ingressclasslookup") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v3/#ingressclasslookup")
} }
} }
@ -488,7 +488,7 @@ func (e *experimental) deprecationNotice(logger zerolog.Logger) bool {
if e.HTTP3 != nil { if e.HTTP3 != nil {
logger.Error().Msg("HTTP3 is not an experimental feature in v3 and the associated enablement has been removed." + logger.Error().Msg("HTTP3 is not an experimental feature in v3 and the associated enablement has been removed." +
"Please remove its usage from the static configuration for Traefik to start." + "Please remove its usage from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3-details/#http3") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3-details/#http3")
return true return true
} }
@ -496,7 +496,7 @@ func (e *experimental) deprecationNotice(logger zerolog.Logger) bool {
if e.KubernetesGateway != nil { if e.KubernetesGateway != nil {
logger.Error().Msg("KubernetesGateway provider is not an experimental feature starting with v3.1." + logger.Error().Msg("KubernetesGateway provider is not an experimental feature starting with v3.1." +
"Please remove its usage from the static configuration." + "Please remove its usage from the static configuration." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v3/#gateway-api-kubernetesgateway-provider") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v3/#gateway-api-kubernetesgateway-provider")
} }
return false return false
@ -520,49 +520,49 @@ func (t *tracing) deprecationNotice(logger zerolog.Logger) bool {
if t.SpanNameLimit != nil { if t.SpanNameLimit != nil {
incompatible = true incompatible = true
logger.Error().Msg("SpanNameLimit option for Tracing has been removed in v3, as Span names are now of a fixed length." + logger.Error().Msg("SpanNameLimit option for Tracing has been removed in v3, as Span names are now of a fixed length." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
} }
if t.Jaeger != nil { if t.Jaeger != nil {
incompatible = true incompatible = true
logger.Error().Msg("Jaeger Tracing backend has been removed in v3, please remove all Jaeger-related Tracing static configuration for Traefik to start." + logger.Error().Msg("Jaeger Tracing backend has been removed in v3, please remove all Jaeger-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." + "In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
} }
if t.Zipkin != nil { if t.Zipkin != nil {
incompatible = true incompatible = true
logger.Error().Msg("Zipkin Tracing backend has been removed in v3, please remove all Zipkin-related Tracing static configuration for Traefik to start." + logger.Error().Msg("Zipkin Tracing backend has been removed in v3, please remove all Zipkin-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." + "In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
} }
if t.Datadog != nil { if t.Datadog != nil {
incompatible = true incompatible = true
logger.Error().Msg("Datadog Tracing backend has been removed in v3, please remove all Datadog-related Tracing static configuration for Traefik to start." + logger.Error().Msg("Datadog Tracing backend has been removed in v3, please remove all Datadog-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." + "In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
} }
if t.Instana != nil { if t.Instana != nil {
incompatible = true incompatible = true
logger.Error().Msg("Instana Tracing backend has been removed in v3, please remove all Instana-related Tracing static configuration for Traefik to start." + logger.Error().Msg("Instana Tracing backend has been removed in v3, please remove all Instana-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." + "In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
} }
if t.Haystack != nil { if t.Haystack != nil {
incompatible = true incompatible = true
logger.Error().Msg("Haystack Tracing backend has been removed in v3, please remove all Haystack-related Tracing static configuration for Traefik to start." + logger.Error().Msg("Haystack Tracing backend has been removed in v3, please remove all Haystack-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." + "In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
} }
if t.Elastic != nil { if t.Elastic != nil {
incompatible = true incompatible = true
logger.Error().Msg("Elastic Tracing backend has been removed in v3, please remove all Elastic-related Tracing static configuration for Traefik to start." + logger.Error().Msg("Elastic Tracing backend has been removed in v3, please remove all Elastic-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." + "In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
} }
return incompatible return incompatible

48
pkg/config/dynamic/middlewares.go
View file

@ -73,7 +73,7 @@ type ContentType struct {
// AddPrefix holds the add prefix middleware configuration. // AddPrefix holds the add prefix middleware configuration.
// This middleware updates the path of a request before forwarding it. // This middleware updates the path of a request before forwarding it.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/
type AddPrefix struct { type AddPrefix struct {
// Prefix is the string to add before the current path in the requested URL. // Prefix is the string to add before the current path in the requested URL.
// It should include a leading slash (/). // It should include a leading slash (/).
@ -84,7 +84,7 @@ type AddPrefix struct {
// BasicAuth holds the basic auth middleware configuration. // BasicAuth holds the basic auth middleware configuration.
// This middleware restricts access to your services to known users. // This middleware restricts access to your services to known users.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
type BasicAuth struct { type BasicAuth struct {
// Users is an array of authorized users. // Users is an array of authorized users.
// Each user must be declared using the name:hashed-password format. // Each user must be declared using the name:hashed-password format.
@ -99,7 +99,7 @@ type BasicAuth struct {
// Default: false. // Default: false.
RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"` RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"`
// HeaderField defines a header field to store the authenticated user. // HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"` HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
} }
@ -107,7 +107,7 @@ type BasicAuth struct {
// Buffering holds the buffering middleware configuration. // Buffering holds the buffering middleware configuration.
// This middleware retries or limits the size of requests that can be forwarded to backends. // This middleware retries or limits the size of requests that can be forwarded to backends.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes
type Buffering struct { type Buffering struct {
// MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes). // MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
// If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response. // If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
@ -125,7 +125,7 @@ type Buffering struct {
MemResponseBodyBytes int64 `json:"memResponseBodyBytes,omitempty" toml:"memResponseBodyBytes,omitempty" yaml:"memResponseBodyBytes,omitempty" export:"true"` MemResponseBodyBytes int64 `json:"memResponseBodyBytes,omitempty" toml:"memResponseBodyBytes,omitempty" yaml:"memResponseBodyBytes,omitempty" export:"true"`
// RetryExpression defines the retry conditions. // RetryExpression defines the retry conditions.
// It is a logical combination of functions with operators AND (&&) and OR (||). // It is a logical combination of functions with operators AND (&&) and OR (||).
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression
RetryExpression string `json:"retryExpression,omitempty" toml:"retryExpression,omitempty" yaml:"retryExpression,omitempty" export:"true"` RetryExpression string `json:"retryExpression,omitempty" toml:"retryExpression,omitempty" yaml:"retryExpression,omitempty" export:"true"`
} }
@ -142,7 +142,7 @@ type Chain struct {
// CircuitBreaker holds the circuit breaker middleware configuration. // CircuitBreaker holds the circuit breaker middleware configuration.
// This middleware protects the system from stacking requests to unhealthy services, resulting in cascading failures. // This middleware protects the system from stacking requests to unhealthy services, resulting in cascading failures.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/circuitbreaker/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/circuitbreaker/
type CircuitBreaker struct { type CircuitBreaker struct {
// Expression defines the expression that, once matched, opens the circuit breaker and applies the fallback mechanism instead of calling the services. // Expression defines the expression that, once matched, opens the circuit breaker and applies the fallback mechanism instead of calling the services.
Expression string `json:"expression,omitempty" toml:"expression,omitempty" yaml:"expression,omitempty" export:"true"` Expression string `json:"expression,omitempty" toml:"expression,omitempty" yaml:"expression,omitempty" export:"true"`
@ -191,7 +191,7 @@ func (c *Compress) SetDefaults() {
// DigestAuth holds the digest auth middleware configuration. // DigestAuth holds the digest auth middleware configuration.
// This middleware restricts access to your services to known users. // This middleware restricts access to your services to known users.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
type DigestAuth struct { type DigestAuth struct {
// Users defines the authorized users. // Users defines the authorized users.
// Each user should be declared using the name:realm:encoded-password format. // Each user should be declared using the name:realm:encoded-password format.
@ -204,7 +204,7 @@ type DigestAuth struct {
// Default: traefik. // Default: traefik.
Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"` Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"`
// HeaderField defines a header field to store the authenticated user. // HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"` HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
} }
@ -230,7 +230,7 @@ type ErrorPage struct {
// ForwardAuth holds the forward auth middleware configuration. // ForwardAuth holds the forward auth middleware configuration.
// This middleware delegates the request authentication to a Service. // This middleware delegates the request authentication to a Service.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
type ForwardAuth struct { type ForwardAuth struct {
// Address defines the authentication server address. // Address defines the authentication server address.
Address string `json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"` Address string `json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"`
@ -241,7 +241,7 @@ type ForwardAuth struct {
// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers. // AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
AuthResponseHeaders []string `json:"authResponseHeaders,omitempty" toml:"authResponseHeaders,omitempty" yaml:"authResponseHeaders,omitempty" export:"true"` AuthResponseHeaders []string `json:"authResponseHeaders,omitempty" toml:"authResponseHeaders,omitempty" yaml:"authResponseHeaders,omitempty" export:"true"`
// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. // AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty" toml:"authResponseHeadersRegex,omitempty" yaml:"authResponseHeadersRegex,omitempty" export:"true"` AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty" toml:"authResponseHeadersRegex,omitempty" yaml:"authResponseHeadersRegex,omitempty" export:"true"`
// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server. // AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
// If not set or empty then all request headers are passed. // If not set or empty then all request headers are passed.
@ -271,7 +271,7 @@ type ClientTLS struct {
// Headers holds the headers middleware configuration. // Headers holds the headers middleware configuration.
// This middleware manages the requests and responses headers. // This middleware manages the requests and responses headers.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders
type Headers struct { type Headers struct {
// CustomRequestHeaders defines the header names and values to apply to the request. // CustomRequestHeaders defines the header names and values to apply to the request.
CustomRequestHeaders map[string]string `json:"customRequestHeaders,omitempty" toml:"customRequestHeaders,omitempty" yaml:"customRequestHeaders,omitempty" export:"true"` CustomRequestHeaders map[string]string `json:"customRequestHeaders,omitempty" toml:"customRequestHeaders,omitempty" yaml:"customRequestHeaders,omitempty" export:"true"`
@ -400,7 +400,7 @@ func (h *Headers) HasSecureHeadersDefined() bool {
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. // IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
type IPStrategy struct { type IPStrategy struct {
// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). // Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"` Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
@ -454,7 +454,7 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
// IPWhiteList holds the IP whitelist middleware configuration. // IPWhiteList holds the IP whitelist middleware configuration.
// This middleware limits allowed requests based on the client IP. // This middleware limits allowed requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipwhitelist/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipwhitelist/
// Deprecated: please use IPAllowList instead. // Deprecated: please use IPAllowList instead.
type IPWhiteList struct { type IPWhiteList struct {
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). Required. // SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). Required.
@ -466,7 +466,7 @@ type IPWhiteList struct {
// IPAllowList holds the IP allowlist middleware configuration. // IPAllowList holds the IP allowlist middleware configuration.
// This middleware limits allowed requests based on the client IP. // This middleware limits allowed requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/
type IPAllowList struct { type IPAllowList struct {
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). // SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"` SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
@ -480,7 +480,7 @@ type IPAllowList struct {
// InFlightReq holds the in-flight request middleware configuration. // InFlightReq holds the in-flight request middleware configuration.
// This middleware limits the number of requests being processed and served concurrently. // This middleware limits the number of requests being processed and served concurrently.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/
type InFlightReq struct { type InFlightReq struct {
// Amount defines the maximum amount of allowed simultaneous in-flight request. // Amount defines the maximum amount of allowed simultaneous in-flight request.
// The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). // The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
@ -488,7 +488,7 @@ type InFlightReq struct {
// SourceCriterion defines what criterion is used to group requests as originating from a common source. // SourceCriterion defines what criterion is used to group requests as originating from a common source.
// If several strategies are defined at the same time, an error will be raised. // If several strategies are defined at the same time, an error will be raised.
// If none are set, the default is to use the requestHost. // If none are set, the default is to use the requestHost.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion
SourceCriterion *SourceCriterion `json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true"` SourceCriterion *SourceCriterion `json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true"`
} }
@ -496,7 +496,7 @@ type InFlightReq struct {
// PassTLSClientCert holds the pass TLS client cert middleware configuration. // PassTLSClientCert holds the pass TLS client cert middleware configuration.
// This middleware adds the selected data from the passed client TLS certificate to a header. // This middleware adds the selected data from the passed client TLS certificate to a header.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/
type PassTLSClientCert struct { type PassTLSClientCert struct {
// PEM sets the X-Forwarded-Tls-Client-Cert header with the certificate. // PEM sets the X-Forwarded-Tls-Client-Cert header with the certificate.
PEM bool `json:"pem,omitempty" toml:"pem,omitempty" yaml:"pem,omitempty" export:"true"` PEM bool `json:"pem,omitempty" toml:"pem,omitempty" yaml:"pem,omitempty" export:"true"`
@ -552,7 +552,7 @@ func (r *RateLimit) SetDefaults() {
// RedirectRegex holds the redirect regex middleware configuration. // RedirectRegex holds the redirect regex middleware configuration.
// This middleware redirects a request using regex matching and replacement. // This middleware redirects a request using regex matching and replacement.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex
type RedirectRegex struct { type RedirectRegex struct {
// Regex defines the regex used to match and capture elements from the request URL. // Regex defines the regex used to match and capture elements from the request URL.
Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty"` Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty"`
@ -566,7 +566,7 @@ type RedirectRegex struct {
// RedirectScheme holds the redirect scheme middleware configuration. // RedirectScheme holds the redirect scheme middleware configuration.
// This middleware redirects requests from a scheme/port to another. // This middleware redirects requests from a scheme/port to another.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/
type RedirectScheme struct { type RedirectScheme struct {
// Scheme defines the scheme of the new URL. // Scheme defines the scheme of the new URL.
Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"` Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
@ -580,7 +580,7 @@ type RedirectScheme struct {
// ReplacePath holds the replace path middleware configuration. // ReplacePath holds the replace path middleware configuration.
// This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. // This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/
type ReplacePath struct { type ReplacePath struct {
// Path defines the path to use as replacement in the request URL. // Path defines the path to use as replacement in the request URL.
Path string `json:"path,omitempty" toml:"path,omitempty" yaml:"path,omitempty" export:"true"` Path string `json:"path,omitempty" toml:"path,omitempty" yaml:"path,omitempty" export:"true"`
@ -590,7 +590,7 @@ type ReplacePath struct {
// ReplacePathRegex holds the replace path regex middleware configuration. // ReplacePathRegex holds the replace path regex middleware configuration.
// This middleware replaces the path of a URL using regex matching and replacement. // This middleware replaces the path of a URL using regex matching and replacement.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/
type ReplacePathRegex struct { type ReplacePathRegex struct {
// Regex defines the regular expression used to match and capture the path from the request URL. // Regex defines the regular expression used to match and capture the path from the request URL.
Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"` Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
@ -603,7 +603,7 @@ type ReplacePathRegex struct {
// Retry holds the retry middleware configuration. // Retry holds the retry middleware configuration.
// This middleware reissues requests a given number of times to a backend server if that server does not reply. // This middleware reissues requests a given number of times to a backend server if that server does not reply.
// As soon as the server answers, the middleware stops retrying, regardless of the response status. // As soon as the server answers, the middleware stops retrying, regardless of the response status.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
type Retry struct { type Retry struct {
// Attempts defines how many times the request should be retried. // Attempts defines how many times the request should be retried.
Attempts int `json:"attempts,omitempty" toml:"attempts,omitempty" yaml:"attempts,omitempty" export:"true"` Attempts int `json:"attempts,omitempty" toml:"attempts,omitempty" yaml:"attempts,omitempty" export:"true"`
@ -619,7 +619,7 @@ type Retry struct {
// StripPrefix holds the strip prefix middleware configuration. // StripPrefix holds the strip prefix middleware configuration.
// This middleware removes the specified prefixes from the URL path. // This middleware removes the specified prefixes from the URL path.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/
type StripPrefix struct { type StripPrefix struct {
// Prefixes defines the prefixes to strip from the request URL. // Prefixes defines the prefixes to strip from the request URL.
Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"` Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"`
@ -634,7 +634,7 @@ type StripPrefix struct {
// StripPrefixRegex holds the strip prefix regex middleware configuration. // StripPrefixRegex holds the strip prefix regex middleware configuration.
// This middleware removes the matching prefixes from the URL path. // This middleware removes the matching prefixes from the URL path.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/
type StripPrefixRegex struct { type StripPrefixRegex struct {
// Regex defines the regular expression to match the path prefix from the request URL. // Regex defines the regular expression to match the path prefix from the request URL.
Regex []string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"` Regex []string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`

2
pkg/config/dynamic/tcp_config.go
View file

@ -125,7 +125,7 @@ type TCPServer struct {
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// ProxyProtocol holds the PROXY Protocol configuration. // ProxyProtocol holds the PROXY Protocol configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol // More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
type ProxyProtocol struct { type ProxyProtocol struct {
// Version defines the PROXY Protocol version to use. // Version defines the PROXY Protocol version to use.
Version int `json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"` Version int `json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"`

4
pkg/config/dynamic/tcp_middlewares.go
View file

@ -15,7 +15,7 @@ type TCPMiddleware struct {
// TCPInFlightConn holds the TCP InFlightConn middleware configuration. // TCPInFlightConn holds the TCP InFlightConn middleware configuration.
// This middleware prevents services from being overwhelmed with high load, // This middleware prevents services from being overwhelmed with high load,
// by limiting the number of allowed simultaneous connections for one IP. // by limiting the number of allowed simultaneous connections for one IP.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/inflightconn/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/inflightconn/
type TCPInFlightConn struct { type TCPInFlightConn struct {
// Amount defines the maximum amount of allowed simultaneous connections. // Amount defines the maximum amount of allowed simultaneous connections.
// The middleware closes the connection if there are already amount connections opened. // The middleware closes the connection if there are already amount connections opened.
@ -35,7 +35,7 @@ type TCPIPWhiteList struct {
// TCPIPAllowList holds the TCP IPAllowList middleware configuration. // TCPIPAllowList holds the TCP IPAllowList middleware configuration.
// This middleware limits allowed requests based on the client IP. // This middleware limits allowed requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
type TCPIPAllowList struct { type TCPIPAllowList struct {
// SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation). // SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"` SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`

31
pkg/middlewares/auth/connectionheader.go
View file

@ -13,22 +13,21 @@ const (
upgradeHeader = "Upgrade" upgradeHeader = "Upgrade"
) )
// Remover removes hop-by-hop headers listed in the "Connection" header. // RemoveConnectionHeaders removes hop-by-hop headers listed in the "Connection" header.
// See RFC 7230, section 6.1. // See RFC 7230, section 6.1.
func Remover(next http.Handler) http.HandlerFunc { func RemoveConnectionHeaders(req *http.Request) {
return func(rw http.ResponseWriter, req *http.Request) {
next.ServeHTTP(rw, Remove(req))
}
}
// Remove removes hop-by-hop header on the request.
func Remove(req *http.Request) *http.Request {
var reqUpType string var reqUpType string
if httpguts.HeaderValuesContainsToken(req.Header[connectionHeader], upgradeHeader) { if httpguts.HeaderValuesContainsToken(req.Header[connectionHeader], upgradeHeader) {
reqUpType = req.Header.Get(upgradeHeader) reqUpType = req.Header.Get(upgradeHeader)
} }
removeConnectionHeaders(req.Header) for _, f := range req.Header[connectionHeader] {
for _, sf := range strings.Split(f, ",") {
if sf = textproto.TrimString(sf); sf != "" {
req.Header.Del(sf)
}
}
}
if reqUpType != "" { if reqUpType != "" {
req.Header.Set(connectionHeader, upgradeHeader) req.Header.Set(connectionHeader, upgradeHeader)
@ -36,16 +35,4 @@ func Remove(req *http.Request) *http.Request {
} else { } else {
req.Header.Del(connectionHeader) req.Header.Del(connectionHeader)
} }
return req
}
func removeConnectionHeaders(h http.Header) {
for _, f := range h[connectionHeader] {
for _, sf := range strings.Split(f, ",") {
if sf = textproto.TrimString(sf); sf != "" {
h.Del(sf)
}
}
}
} }

8
pkg/middlewares/auth/connectionheader_test.go
View file

@ -50,19 +50,13 @@ func TestRemover(t *testing.T) {
t.Run(test.desc, func(t *testing.T) { t.Run(test.desc, func(t *testing.T) {
t.Parallel() t.Parallel()
next := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {})
h := Remover(next)
req := httptest.NewRequest(http.MethodGet, "https://localhost", nil) req := httptest.NewRequest(http.MethodGet, "https://localhost", nil)
for k, v := range test.reqHeaders { for k, v := range test.reqHeaders {
req.Header.Set(k, v) req.Header.Set(k, v)
} }
rw := httptest.NewRecorder() RemoveConnectionHeaders(req)
h.ServeHTTP(rw, req)
assert.Equal(t, test.expected, req.Header) assert.Equal(t, test.expected, req.Header)
}) })

4
pkg/middlewares/auth/forward.go
View file

@ -123,8 +123,6 @@ func (fa *forwardAuth) GetTracingInformation() (string, string, trace.SpanKind)
func (fa *forwardAuth) ServeHTTP(rw http.ResponseWriter, req *http.Request) { func (fa *forwardAuth) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
logger := middlewares.GetLogger(req.Context(), fa.name, typeNameForward) logger := middlewares.GetLogger(req.Context(), fa.name, typeNameForward)
req = Remove(req)
forwardReq, err := http.NewRequestWithContext(req.Context(), http.MethodGet, fa.address, nil) forwardReq, err := http.NewRequestWithContext(req.Context(), http.MethodGet, fa.address, nil)
if err != nil { if err != nil {
logger.Debug().Msgf("Error calling %s. Cause %s", fa.address, err) logger.Debug().Msgf("Error calling %s. Cause %s", fa.address, err)
@ -274,6 +272,8 @@ func (fa *forwardAuth) buildModifier(authCookies []*http.Cookie) func(res *http.
func writeHeader(req, forwardReq *http.Request, trustForwardHeader bool, allowedHeaders []string) { func writeHeader(req, forwardReq *http.Request, trustForwardHeader bool, allowedHeaders []string) {
utils.CopyHeaders(forwardReq.Header, req.Header) utils.CopyHeaders(forwardReq.Header, req.Header)
RemoveConnectionHeaders(forwardReq)
utils.RemoveHeaders(forwardReq.Header, hopHeaders...) utils.RemoveHeaders(forwardReq.Header, hopHeaders...)
forwardReq.Header = filterForwardRequestHeaders(forwardReq.Header, allowedHeaders) forwardReq.Header = filterForwardRequestHeaders(forwardReq.Header, allowedHeaders)

13
pkg/provider/acme/provider.go
View file

@ -623,8 +623,11 @@ func (p *Provider) resolveDefaultCertificate(ctx context.Context, domains []stri
p.resolvingDomainsMutex.Lock() p.resolvingDomainsMutex.Lock()
sort.Strings(domains) sortedDomains := make([]string, len(domains))
domainKey := strings.Join(domains, ",") copy(sortedDomains, domains)
sort.Strings(sortedDomains)
domainKey := strings.Join(sortedDomains, ",")
if _, ok := p.resolvingDomains[domainKey]; ok { if _, ok := p.resolvingDomains[domainKey]; ok {
p.resolvingDomainsMutex.Unlock() p.resolvingDomainsMutex.Unlock()
@ -1026,12 +1029,14 @@ func (p *Provider) certExists(validDomains []string) bool {
p.certificatesMu.RLock() p.certificatesMu.RLock()
defer p.certificatesMu.RUnlock() defer p.certificatesMu.RUnlock()
sort.Strings(validDomains) sortedDomains := make([]string, len(validDomains))
copy(sortedDomains, validDomains)
sort.Strings(sortedDomains)
for _, cert := range p.certificates { for _, cert := range p.certificates {
domains := cert.Certificate.Domain.ToStrArray() domains := cert.Certificate.Domain.ToStrArray()
sort.Strings(domains) sort.Strings(domains)
if reflect.DeepEqual(domains, validDomains) { if reflect.DeepEqual(domains, sortedDomains) {
return true return true
} }
} }

20
pkg/provider/kubernetes/crd/kubernetes_test.go
View file

@ -1609,7 +1609,7 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
k8sObjects, crdObjects := readResources(t, test.paths) k8sObjects, crdObjects := readResources(t, test.paths)
kubeClient := kubefake.NewSimpleClientset(k8sObjects...) kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...) crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
client := newClientImpl(kubeClient, crdClient) client := newClientImpl(kubeClient, crdClient)
@ -4891,7 +4891,7 @@ func TestLoadIngressRoutes(t *testing.T) {
k8sObjects, crdObjects := readResources(t, test.paths) k8sObjects, crdObjects := readResources(t, test.paths)
kubeClient := kubefake.NewSimpleClientset(k8sObjects...) kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...) crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
client := newClientImpl(kubeClient, crdClient) client := newClientImpl(kubeClient, crdClient)
@ -4972,7 +4972,7 @@ func TestLoadIngressRoutes_multipleEndpointAddresses(t *testing.T) {
k8sObjects, crdObjects := readResources(t, []string{"services.yml", "with_multiple_endpointslices.yml"}) k8sObjects, crdObjects := readResources(t, []string{"services.yml", "with_multiple_endpointslices.yml"})
kubeClient := kubefake.NewSimpleClientset(k8sObjects...) kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...) crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
client := newClientImpl(kubeClient, crdClient) client := newClientImpl(kubeClient, crdClient)
@ -5481,7 +5481,7 @@ func TestLoadIngressRouteUDPs(t *testing.T) {
k8sObjects, crdObjects := readResources(t, test.paths) k8sObjects, crdObjects := readResources(t, test.paths)
kubeClient := kubefake.NewSimpleClientset(k8sObjects...) kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...) crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
client := newClientImpl(kubeClient, crdClient) client := newClientImpl(kubeClient, crdClient)
@ -6971,7 +6971,7 @@ func TestCrossNamespace(t *testing.T) {
k8sObjects, crdObjects := readResources(t, test.paths) k8sObjects, crdObjects := readResources(t, test.paths)
kubeClient := kubefake.NewSimpleClientset(k8sObjects...) kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...) crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
client := newClientImpl(kubeClient, crdClient) client := newClientImpl(kubeClient, crdClient)
@ -7240,7 +7240,7 @@ func TestExternalNameService(t *testing.T) {
k8sObjects, crdObjects := readResources(t, test.paths) k8sObjects, crdObjects := readResources(t, test.paths)
kubeClient := kubefake.NewSimpleClientset(k8sObjects...) kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...) crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
client := newClientImpl(kubeClient, crdClient) client := newClientImpl(kubeClient, crdClient)
@ -7421,7 +7421,7 @@ func TestNativeLB(t *testing.T) {
k8sObjects, crdObjects := readResources(t, test.paths) k8sObjects, crdObjects := readResources(t, test.paths)
kubeClient := kubefake.NewSimpleClientset(k8sObjects...) kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...) crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
client := newClientImpl(kubeClient, crdClient) client := newClientImpl(kubeClient, crdClient)
@ -7686,7 +7686,7 @@ func TestNodePortLB(t *testing.T) {
k8sObjects, crdObjects := readResources(t, test.paths) k8sObjects, crdObjects := readResources(t, test.paths)
kubeClient := kubefake.NewSimpleClientset(k8sObjects...) kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...) crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
client := newClientImpl(kubeClient, crdClient) client := newClientImpl(kubeClient, crdClient)
@ -7727,7 +7727,7 @@ func TestCreateBasicAuthCredentials(t *testing.T) {
} }
} }
kubeClient := kubefake.NewSimpleClientset(k8sObjects...) kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset() crdClient := traefikcrdfake.NewSimpleClientset()
client := newClientImpl(kubeClient, crdClient) client := newClientImpl(kubeClient, crdClient)
@ -8198,7 +8198,7 @@ func TestGlobalNativeLB(t *testing.T) {
} }
} }
kubeClient := kubefake.NewSimpleClientset(k8sObjects...) kubeClient := kubefake.NewClientset(k8sObjects...)
crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...) crdClient := traefikcrdfake.NewSimpleClientset(crdObjects...)
client := newClientImpl(kubeClient, crdClient) client := newClientImpl(kubeClient, crdClient)

30
pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go
View file

@ -13,75 +13,75 @@ type IngressRouteSpec struct {
Routes []Route `json:"routes"` Routes []Route `json:"routes"`
// EntryPoints defines the list of entry point names to bind to. // EntryPoints defines the list of entry point names to bind to.
// Entry points have to be configured in the static configuration. // Entry points have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ // More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
// Default: all. // Default: all.
EntryPoints []string `json:"entryPoints,omitempty"` EntryPoints []string `json:"entryPoints,omitempty"`
// TLS defines the TLS configuration. // TLS defines the TLS configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls
TLS *TLS `json:"tls,omitempty"` TLS *TLS `json:"tls,omitempty"`
} }
// Route holds the HTTP route configuration. // Route holds the HTTP route configuration.
type Route struct { type Route struct {
// Match defines the router's rule. // Match defines the router's rule.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule
Match string `json:"match"` Match string `json:"match"`
// Kind defines the kind of the route. // Kind defines the kind of the route.
// Rule is the only supported kind. // Rule is the only supported kind.
// +kubebuilder:validation:Enum=Rule // +kubebuilder:validation:Enum=Rule
Kind string `json:"kind"` Kind string `json:"kind"`
// Priority defines the router's priority. // Priority defines the router's priority.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority
Priority int `json:"priority,omitempty"` Priority int `json:"priority,omitempty"`
// Syntax defines the router's rule syntax. // Syntax defines the router's rule syntax.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax
Syntax string `json:"syntax,omitempty"` Syntax string `json:"syntax,omitempty"`
// Services defines the list of Service. // Services defines the list of Service.
// It can contain any combination of TraefikService and/or reference to a Kubernetes Service. // It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
Services []Service `json:"services,omitempty"` Services []Service `json:"services,omitempty"`
// Middlewares defines the list of references to Middleware resources. // Middlewares defines the list of references to Middleware resources.
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware // More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware
Middlewares []MiddlewareRef `json:"middlewares,omitempty"` Middlewares []MiddlewareRef `json:"middlewares,omitempty"`
} }
// TLS holds the TLS configuration. // TLS holds the TLS configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls
type TLS struct { type TLS struct {
// SecretName is the name of the referenced Kubernetes Secret to specify the certificate details. // SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
SecretName string `json:"secretName,omitempty"` SecretName string `json:"secretName,omitempty"`
// Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. // Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
// If not defined, the `default` TLSOption is used. // If not defined, the `default` TLSOption is used.
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options // More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
Options *TLSOptionRef `json:"options,omitempty"` Options *TLSOptionRef `json:"options,omitempty"`
// Store defines the reference to the TLSStore, that will be used to store certificates. // Store defines the reference to the TLSStore, that will be used to store certificates.
// Please note that only `default` TLSStore can be used. // Please note that only `default` TLSStore can be used.
Store *TLSStoreRef `json:"store,omitempty"` Store *TLSStoreRef `json:"store,omitempty"`
// CertResolver defines the name of the certificate resolver to use. // CertResolver defines the name of the certificate resolver to use.
// Cert resolvers have to be configured in the static configuration. // Cert resolvers have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers // More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
CertResolver string `json:"certResolver,omitempty"` CertResolver string `json:"certResolver,omitempty"`
// Domains defines the list of domains that will be used to issue certificates. // Domains defines the list of domains that will be used to issue certificates.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
Domains []types.Domain `json:"domains,omitempty"` Domains []types.Domain `json:"domains,omitempty"`
} }
// TLSOptionRef is a reference to a TLSOption resource. // TLSOptionRef is a reference to a TLSOption resource.
type TLSOptionRef struct { type TLSOptionRef struct {
// Name defines the name of the referenced TLSOption. // Name defines the name of the referenced TLSOption.
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption // More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
Name string `json:"name"` Name string `json:"name"`
// Namespace defines the namespace of the referenced TLSOption. // Namespace defines the namespace of the referenced TLSOption.
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption // More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
Namespace string `json:"namespace,omitempty"` Namespace string `json:"namespace,omitempty"`
} }
// TLSStoreRef is a reference to a TLSStore resource. // TLSStoreRef is a reference to a TLSStore resource.
type TLSStoreRef struct { type TLSStoreRef struct {
// Name defines the name of the referenced TLSStore. // Name defines the name of the referenced TLSStore.
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore // More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
Name string `json:"name"` Name string `json:"name"`
// Namespace defines the namespace of the referenced TLSStore. // Namespace defines the namespace of the referenced TLSStore.
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore // More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
Namespace string `json:"namespace,omitempty"` Namespace string `json:"namespace,omitempty"`
} }
@ -98,7 +98,7 @@ type LoadBalancerSpec struct {
// Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. // Namespace defines the namespace of the referenced Kubernetes Service or TraefikService.
Namespace string `json:"namespace,omitempty"` Namespace string `json:"namespace,omitempty"`
// Sticky defines the sticky sessions configuration. // Sticky defines the sticky sessions configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions // More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
Sticky *dynamic.Sticky `json:"sticky,omitempty"` Sticky *dynamic.Sticky `json:"sticky,omitempty"`
// Port defines the port of a Kubernetes Service. // Port defines the port of a Kubernetes Service.
// This can be a reference to a named port. // This can be a reference to a named port.

20
pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroutetcp.go
View file

@ -13,24 +13,24 @@ type IngressRouteTCPSpec struct {
Routes []RouteTCP `json:"routes"` Routes []RouteTCP `json:"routes"`
// EntryPoints defines the list of entry point names to bind to. // EntryPoints defines the list of entry point names to bind to.
// Entry points have to be configured in the static configuration. // Entry points have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ // More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
// Default: all. // Default: all.
EntryPoints []string `json:"entryPoints,omitempty"` EntryPoints []string `json:"entryPoints,omitempty"`
// TLS defines the TLS configuration on a layer 4 / TCP Route. // TLS defines the TLS configuration on a layer 4 / TCP Route.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1 // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1
TLS *TLSTCP `json:"tls,omitempty"` TLS *TLSTCP `json:"tls,omitempty"`
} }
// RouteTCP holds the TCP route configuration. // RouteTCP holds the TCP route configuration.
type RouteTCP struct { type RouteTCP struct {
// Match defines the router's rule. // Match defines the router's rule.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1 // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1
Match string `json:"match"` Match string `json:"match"`
// Priority defines the router's priority. // Priority defines the router's priority.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1 // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1
Priority int `json:"priority,omitempty"` Priority int `json:"priority,omitempty"`
// Syntax defines the router's rule syntax. // Syntax defines the router's rule syntax.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1 // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1
Syntax string `json:"syntax,omitempty"` Syntax string `json:"syntax,omitempty"`
// Services defines the list of TCP services. // Services defines the list of TCP services.
Services []ServiceTCP `json:"services,omitempty"` Services []ServiceTCP `json:"services,omitempty"`
@ -39,7 +39,7 @@ type RouteTCP struct {
} }
// TLSTCP holds the TLS configuration for an IngressRouteTCP. // TLSTCP holds the TLS configuration for an IngressRouteTCP.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1 // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1
type TLSTCP struct { type TLSTCP struct {
// SecretName is the name of the referenced Kubernetes Secret to specify the certificate details. // SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
SecretName string `json:"secretName,omitempty"` SecretName string `json:"secretName,omitempty"`
@ -47,17 +47,17 @@ type TLSTCP struct {
Passthrough bool `json:"passthrough,omitempty"` Passthrough bool `json:"passthrough,omitempty"`
// Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. // Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
// If not defined, the `default` TLSOption is used. // If not defined, the `default` TLSOption is used.
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options // More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
Options *ObjectReference `json:"options,omitempty"` Options *ObjectReference `json:"options,omitempty"`
// Store defines the reference to the TLSStore, that will be used to store certificates. // Store defines the reference to the TLSStore, that will be used to store certificates.
// Please note that only `default` TLSStore can be used. // Please note that only `default` TLSStore can be used.
Store *ObjectReference `json:"store,omitempty"` Store *ObjectReference `json:"store,omitempty"`
// CertResolver defines the name of the certificate resolver to use. // CertResolver defines the name of the certificate resolver to use.
// Cert resolvers have to be configured in the static configuration. // Cert resolvers have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers // More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
CertResolver string `json:"certResolver,omitempty"` CertResolver string `json:"certResolver,omitempty"`
// Domains defines the list of domains that will be used to issue certificates. // Domains defines the list of domains that will be used to issue certificates.
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains // More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
Domains []types.Domain `json:"domains,omitempty"` Domains []types.Domain `json:"domains,omitempty"`
} }
@ -80,7 +80,7 @@ type ServiceTCP struct {
// Deprecated: TerminationDelay will not be supported in future APIVersions, please use ServersTransport to configure the TerminationDelay instead. // Deprecated: TerminationDelay will not be supported in future APIVersions, please use ServersTransport to configure the TerminationDelay instead.
TerminationDelay *int `json:"terminationDelay,omitempty"` TerminationDelay *int `json:"terminationDelay,omitempty"`
// ProxyProtocol defines the PROXY protocol configuration. // ProxyProtocol defines the PROXY protocol configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol // More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
ProxyProtocol *dynamic.ProxyProtocol `json:"proxyProtocol,omitempty"` ProxyProtocol *dynamic.ProxyProtocol `json:"proxyProtocol,omitempty"`
// ServersTransport defines the name of ServersTransportTCP resource to use. // ServersTransport defines the name of ServersTransportTCP resource to use.
// It allows to configure the transport between Traefik and your servers. // It allows to configure the transport between Traefik and your servers.

2
pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressrouteudp.go
View file

@ -11,7 +11,7 @@ type IngressRouteUDPSpec struct {
Routes []RouteUDP `json:"routes"` Routes []RouteUDP `json:"routes"`
// EntryPoints defines the list of entry point names to bind to. // EntryPoints defines the list of entry point names to bind to.
// Entry points have to be configured in the static configuration. // Entry points have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/ // More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
// Default: all. // Default: all.
EntryPoints []string `json:"entryPoints,omitempty"` EntryPoints []string `json:"entryPoints,omitempty"`
} }

26
pkg/provider/kubernetes/crd/traefikio/v1alpha1/middleware.go
View file

@ -12,7 +12,7 @@ import (
// +kubebuilder:storageversion // +kubebuilder:storageversion
// Middleware is the CRD implementation of a Traefik Middleware. // Middleware is the CRD implementation of a Traefik Middleware.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/
type Middleware struct { type Middleware struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
// Standard object's metadata. // Standard object's metadata.
@ -60,7 +60,7 @@ type MiddlewareSpec struct {
// ErrorPage holds the custom error middleware configuration. // ErrorPage holds the custom error middleware configuration.
// This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. // This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/
type ErrorPage struct { type ErrorPage struct {
// Status defines which status or range of statuses should result in an error page. // Status defines which status or range of statuses should result in an error page.
// It can be either a status code as a number (500), // It can be either a status code as a number (500),
@ -69,7 +69,7 @@ type ErrorPage struct {
// or a combination of the two (404,418,500-599). // or a combination of the two (404,418,500-599).
Status []string `json:"status,omitempty"` Status []string `json:"status,omitempty"`
// Service defines the reference to a Kubernetes Service that will serve the error page. // Service defines the reference to a Kubernetes Service that will serve the error page.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service
Service Service `json:"service,omitempty"` Service Service `json:"service,omitempty"`
// Query defines the URL for the error page (hosted by service). // Query defines the URL for the error page (hosted by service).
// The {status} variable can be used in order to insert the status code in the URL. // The {status} variable can be used in order to insert the status code in the URL.
@ -96,7 +96,7 @@ type CircuitBreaker struct {
// Chain holds the configuration of the chain middleware. // Chain holds the configuration of the chain middleware.
// This middleware enables to define reusable combinations of other pieces of middleware. // This middleware enables to define reusable combinations of other pieces of middleware.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/
type Chain struct { type Chain struct {
// Middlewares is the list of MiddlewareRef which composes the chain. // Middlewares is the list of MiddlewareRef which composes the chain.
Middlewares []MiddlewareRef `json:"middlewares,omitempty"` Middlewares []MiddlewareRef `json:"middlewares,omitempty"`
@ -106,7 +106,7 @@ type Chain struct {
// BasicAuth holds the basic auth middleware configuration. // BasicAuth holds the basic auth middleware configuration.
// This middleware restricts access to your services to known users. // This middleware restricts access to your services to known users.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
type BasicAuth struct { type BasicAuth struct {
// Secret is the name of the referenced Kubernetes Secret containing user credentials. // Secret is the name of the referenced Kubernetes Secret containing user credentials.
Secret string `json:"secret,omitempty"` Secret string `json:"secret,omitempty"`
@ -117,7 +117,7 @@ type BasicAuth struct {
// Default: false. // Default: false.
RemoveHeader bool `json:"removeHeader,omitempty"` RemoveHeader bool `json:"removeHeader,omitempty"`
// HeaderField defines a header field to store the authenticated user. // HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
HeaderField string `json:"headerField,omitempty"` HeaderField string `json:"headerField,omitempty"`
} }
@ -125,7 +125,7 @@ type BasicAuth struct {
// DigestAuth holds the digest auth middleware configuration. // DigestAuth holds the digest auth middleware configuration.
// This middleware restricts access to your services to known users. // This middleware restricts access to your services to known users.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
type DigestAuth struct { type DigestAuth struct {
// Secret is the name of the referenced Kubernetes Secret containing user credentials. // Secret is the name of the referenced Kubernetes Secret containing user credentials.
Secret string `json:"secret,omitempty"` Secret string `json:"secret,omitempty"`
@ -135,7 +135,7 @@ type DigestAuth struct {
// Default: traefik. // Default: traefik.
Realm string `json:"realm,omitempty"` Realm string `json:"realm,omitempty"`
// HeaderField defines a header field to store the authenticated user. // HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
HeaderField string `json:"headerField,omitempty"` HeaderField string `json:"headerField,omitempty"`
} }
@ -143,7 +143,7 @@ type DigestAuth struct {
// ForwardAuth holds the forward auth middleware configuration. // ForwardAuth holds the forward auth middleware configuration.
// This middleware delegates the request authentication to a Service. // This middleware delegates the request authentication to a Service.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
type ForwardAuth struct { type ForwardAuth struct {
// Address defines the authentication server address. // Address defines the authentication server address.
Address string `json:"address,omitempty"` Address string `json:"address,omitempty"`
@ -152,7 +152,7 @@ type ForwardAuth struct {
// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers. // AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
AuthResponseHeaders []string `json:"authResponseHeaders,omitempty"` AuthResponseHeaders []string `json:"authResponseHeaders,omitempty"`
// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. // AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty"` AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty"`
// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server. // AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
// If not set or empty then all request headers are passed. // If not set or empty then all request headers are passed.
@ -182,7 +182,7 @@ type ClientTLS struct {
// RateLimit holds the rate limit configuration. // RateLimit holds the rate limit configuration.
// This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. // This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/
type RateLimit struct { type RateLimit struct {
// Average is the maximum rate, by default in requests/s, allowed for the given source. // Average is the maximum rate, by default in requests/s, allowed for the given source.
// It defaults to 0, which means no rate limiting. // It defaults to 0, which means no rate limiting.
@ -205,7 +205,7 @@ type RateLimit struct {
// Compress holds the compress middleware configuration. // Compress holds the compress middleware configuration.
// This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression. // This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/
type Compress struct { type Compress struct {
// ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing. // ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
// `application/grpc` is always excluded. // `application/grpc` is always excluded.
@ -226,7 +226,7 @@ type Compress struct {
// Retry holds the retry middleware configuration. // Retry holds the retry middleware configuration.
// This middleware reissues requests a given number of times to a backend server if that server does not reply. // This middleware reissues requests a given number of times to a backend server if that server does not reply.
// As soon as the server answers, the middleware stops retrying, regardless of the response status. // As soon as the server answers, the middleware stops retrying, regardless of the response status.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
type Retry struct { type Retry struct {
// Attempts defines how many times the request should be retried. // Attempts defines how many times the request should be retried.
Attempts int `json:"attempts,omitempty"` Attempts int `json:"attempts,omitempty"`

6
pkg/provider/kubernetes/crd/traefikio/v1alpha1/middlewaretcp.go
View file

@ -9,7 +9,7 @@ import (
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. // MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/
type MiddlewareTCP struct { type MiddlewareTCP struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
// Standard object's metadata. // Standard object's metadata.
@ -28,11 +28,11 @@ type MiddlewareTCPSpec struct {
// IPWhiteList defines the IPWhiteList middleware configuration. // IPWhiteList defines the IPWhiteList middleware configuration.
// This middleware accepts/refuses connections based on the client IP. // This middleware accepts/refuses connections based on the client IP.
// Deprecated: please use IPAllowList instead. // Deprecated: please use IPAllowList instead.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/
IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"` IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"`
// IPAllowList defines the IPAllowList middleware configuration. // IPAllowList defines the IPAllowList middleware configuration.
// This middleware accepts/refuses connections based on the client IP. // This middleware accepts/refuses connections based on the client IP.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/ // More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
IPAllowList *dynamic.TCPIPAllowList `json:"ipAllowList,omitempty"` IPAllowList *dynamic.TCPIPAllowList `json:"ipAllowList,omitempty"`
} }

2
pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go
View file

@ -13,7 +13,7 @@ import (
// ServersTransport is the CRD implementation of a ServersTransport. // ServersTransport is the CRD implementation of a ServersTransport.
// If no serversTransport is specified, the default@internal will be used. // If no serversTransport is specified, the default@internal will be used.
// The default@internal serversTransport is created from the static configuration. // The default@internal serversTransport is created from the static configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1 // More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1
type ServersTransport struct { type ServersTransport struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
// Standard object's metadata. // Standard object's metadata.

2
pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransporttcp.go
View file

@ -13,7 +13,7 @@ import (
// ServersTransportTCP is the CRD implementation of a TCPServersTransport. // ServersTransportTCP is the CRD implementation of a TCPServersTransport.
// If no tcpServersTransport is specified, a default one named default@internal will be used. // If no tcpServersTransport is specified, a default one named default@internal will be used.
// The default@internal tcpServersTransport can be configured in the static configuration. // The default@internal tcpServersTransport can be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3 // More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3
type ServersTransportTCP struct { type ServersTransportTCP struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
// Standard object's metadata. // Standard object's metadata.

8
pkg/provider/kubernetes/crd/traefikio/v1alpha1/service.go
View file

@ -13,7 +13,7 @@ import (
// TraefikService object allows to: // TraefikService object allows to:
// - Apply weight to Services on load-balancing // - Apply weight to Services on load-balancing
// - Mirror traffic on services // - Mirror traffic on services
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice // More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice
type TraefikService struct { type TraefikService struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
// Standard object's metadata. // Standard object's metadata.
@ -49,7 +49,7 @@ type TraefikServiceSpec struct {
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// Mirroring holds the mirroring service configuration. // Mirroring holds the mirroring service configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#mirroring-service // More info: https://doc.traefik.io/traefik/v3.2/routing/services/#mirroring-service
type Mirroring struct { type Mirroring struct {
LoadBalancerSpec `json:",inline"` LoadBalancerSpec `json:",inline"`
@ -78,11 +78,11 @@ type MirrorService struct {
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// WeightedRoundRobin holds the weighted round-robin configuration. // WeightedRoundRobin holds the weighted round-robin configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#weighted-round-robin-service // More info: https://doc.traefik.io/traefik/v3.2/routing/services/#weighted-round-robin-service
type WeightedRoundRobin struct { type WeightedRoundRobin struct {
// Services defines the list of Kubernetes Service and/or TraefikService to load-balance, with weight. // Services defines the list of Kubernetes Service and/or TraefikService to load-balance, with weight.
Services []Service `json:"services,omitempty"` Services []Service `json:"services,omitempty"`
// Sticky defines whether sticky sessions are enabled. // Sticky defines whether sticky sessions are enabled.
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing // More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
Sticky *dynamic.Sticky `json:"sticky,omitempty"` Sticky *dynamic.Sticky `json:"sticky,omitempty"`
} }

8
pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsoption.go
View file

@ -9,7 +9,7 @@ import (
// +kubebuilder:storageversion // +kubebuilder:storageversion
// TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. // TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options // More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
type TLSOption struct { type TLSOption struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
// Standard object's metadata. // Standard object's metadata.
@ -32,17 +32,17 @@ type TLSOptionSpec struct {
// Default: None. // Default: None.
MaxVersion string `json:"maxVersion,omitempty"` MaxVersion string `json:"maxVersion,omitempty"`
// CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. // CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites // More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites
CipherSuites []string `json:"cipherSuites,omitempty"` CipherSuites []string `json:"cipherSuites,omitempty"`
// CurvePreferences defines the preferred elliptic curves in a specific order. // CurvePreferences defines the preferred elliptic curves in a specific order.
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences // More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences
CurvePreferences []string `json:"curvePreferences,omitempty"` CurvePreferences []string `json:"curvePreferences,omitempty"`
// ClientAuth defines the server's policy for TLS Client Authentication. // ClientAuth defines the server's policy for TLS Client Authentication.
ClientAuth ClientAuth `json:"clientAuth,omitempty"` ClientAuth ClientAuth `json:"clientAuth,omitempty"`
// SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension. // SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
SniStrict bool `json:"sniStrict,omitempty"` SniStrict bool `json:"sniStrict,omitempty"`
// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. // ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols // More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols
ALPNProtocols []string `json:"alpnProtocols,omitempty"` ALPNProtocols []string `json:"alpnProtocols,omitempty"`
// PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's. // PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.

2
pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsstore.go
View file

@ -12,7 +12,7 @@ import (
// TLSStore is the CRD implementation of a Traefik TLS Store. // TLSStore is the CRD implementation of a Traefik TLS Store.
// For the time being, only the TLSStore named default is supported. // For the time being, only the TLSStore named default is supported.
// This means that you cannot have two stores that are named default in different Kubernetes namespaces. // This means that you cannot have two stores that are named default in different Kubernetes namespaces.
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores // More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores
type TLSStore struct { type TLSStore struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
// Standard object's metadata. // Standard object's metadata.

54
pkg/provider/kubernetes/gateway/annotations.go Normal file
View file

@ -0,0 +1,54 @@
package gateway
import (
"fmt"
"strings"
"github.com/traefik/traefik/v3/pkg/config/label"
)
const annotationsPrefix = "traefik.io/"
// ServiceConfig is the service's root configuration from annotations.
type ServiceConfig struct {
Service Service `json:"service"`
}
// Service is the service's configuration from annotations.
type Service struct {
NativeLB bool `json:"nativeLB"`
}
func parseServiceAnnotations(annotations map[string]string) (ServiceConfig, error) {
var svcConf ServiceConfig
labels := convertAnnotations(annotations)
if len(labels) == 0 {
return svcConf, nil
}
if err := label.Decode(labels, &svcConf, "traefik.service."); err != nil {
return svcConf, fmt.Errorf("decoding labels: %w", err)
}
return svcConf, nil
}
func convertAnnotations(annotations map[string]string) map[string]string {
if len(annotations) == 0 {
return nil
}
result := make(map[string]string)
for key, value := range annotations {
if !strings.HasPrefix(key, annotationsPrefix) {
continue
}
newKey := strings.ReplaceAll(key, "io/", "")
result[newKey] = value
}
return result
}

89
pkg/provider/kubernetes/gateway/annotations_test.go Normal file
View file

@ -0,0 +1,89 @@
package gateway
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func Test_parseServiceConfig(t *testing.T) {
testCases := []struct {
desc string
annotations map[string]string
expected ServiceConfig
}{
{
desc: "service annotations",
annotations: map[string]string{
"ingress.kubernetes.io/foo": "bar",
"traefik.io/foo": "bar",
"traefik.io/service.nativelb": "true",
},
expected: ServiceConfig{
Service: Service{
NativeLB: true,
},
},
},
{
desc: "empty map",
annotations: map[string]string{},
expected: ServiceConfig{},
},
{
desc: "nil map",
annotations: nil,
expected: ServiceConfig{},
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
cfg, err := parseServiceAnnotations(test.annotations)
require.NoError(t, err)
assert.Equal(t, test.expected, cfg)
})
}
}
func Test_convertAnnotations(t *testing.T) {
testCases := []struct {
desc string
annotations map[string]string
expected map[string]string
}{
{
desc: "service annotations",
annotations: map[string]string{
"traefik.io/service.nativelb": "true",
},
expected: map[string]string{
"traefik.service.nativelb": "true",
},
},
{
desc: "empty map",
annotations: map[string]string{},
expected: nil,
},
{
desc: "nil map",
annotations: nil,
expected: nil,
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
labels := convertAnnotations(test.annotations)
assert.Equal(t, test.expected, labels)
})
}
}

51
pkg/provider/kubernetes/gateway/fixtures/httproute/simple_nativelb.yml Normal file
View file

@ -0,0 +1,51 @@
---
kind: GatewayClass
apiVersion: gateway.networking.k8s.io/v1
metadata:
name: my-gateway-class
spec:
controllerName: traefik.io/gateway-controller
---
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1
metadata:
name: my-gateway
namespace: default
spec:
gatewayClassName: my-gateway-class
listeners: # Use GatewayClass defaults for listener definition.
- name: http
protocol: HTTP
port: 80
allowedRoutes:
kinds:
- kind: HTTPRoute
group: gateway.networking.k8s.io
namespaces:
from: Same
---
kind: HTTPRoute
apiVersion: gateway.networking.k8s.io/v1
metadata:
name: http-app-1
namespace: default
spec:
parentRefs:
- name: my-gateway
kind: Gateway
group: gateway.networking.k8s.io
hostnames:
- "foo.com"
rules:
- matches:
- path:
type: Exact
value: /bar
backendRefs:
- name: whoami-native
port: 80
weight: 1
kind: Service
group: ""

44
pkg/provider/kubernetes/gateway/fixtures/services.yml
View file

@ -5,6 +5,7 @@ metadata:
namespace: default namespace: default
spec: spec:
clusterIP: 10.10.10.1
ports: ports:
- name: web2 - name: web2
protocol: TCP protocol: TCP
@ -262,6 +263,7 @@ metadata:
namespace: default namespace: default
spec: spec:
clusterIP: 10.10.10.1
ports: ports:
- protocol: TCP - protocol: TCP
port: 9000 port: 9000
@ -424,3 +426,45 @@ spec:
port: 80 port: 80
name: wss name: wss
appProtocol: kubernetes.io/wss appProtocol: kubernetes.io/wss
---
apiVersion: v1
kind: Service
metadata:
name: whoami-native
namespace: default
annotations:
traefik.io/service.nativelb: "true"
spec:
clusterIP: 10.10.10.1
ports:
- name: web2
protocol: TCP
port: 8000
targetPort: web2
- name: web
protocol: TCP
port: 80
targetPort: web
selector:
app: containous
task: whoami
---
apiVersion: v1
kind: Service
metadata:
name: whoamitcp-native
namespace: default
annotations:
traefik.io/service.nativelb: "true"
spec:
clusterIP: 10.10.10.1
ports:
- protocol: TCP
port: 9000
name: tcp-1
- protocol: TCP
port: 10000
name: tcp-2

46
pkg/provider/kubernetes/gateway/fixtures/tcproute/simple_nativelb.yml Normal file
View file

@ -0,0 +1,46 @@
---
kind: GatewayClass
apiVersion: gateway.networking.k8s.io/v1
metadata:
name: my-gateway-class
namespace: default
spec:
controllerName: traefik.io/gateway-controller
---
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1
metadata:
name: my-tcp-gateway
namespace: default
spec:
gatewayClassName: my-gateway-class
listeners: # Use GatewayClass defaults for listener definition.
- name: tcp
protocol: TCP
port: 9000
allowedRoutes:
namespaces:
from: Same
kinds:
- kind: TCPRoute
group: gateway.networking.k8s.io
---
kind: TCPRoute
apiVersion: gateway.networking.k8s.io/v1alpha2
metadata:
name: tcp-app-1
namespace: default
spec:
parentRefs:
- name: my-tcp-gateway
kind: Gateway
group: gateway.networking.k8s.io
rules:
- backendRefs:
- name: whoamitcp-native
port: 9000
weight: 1
kind: Service
group: ""

60
pkg/provider/kubernetes/gateway/fixtures/tlsroute/simple_nativelb.yml Normal file
View file

@ -0,0 +1,60 @@
---
apiVersion: v1
kind: Secret
metadata:
name: supersecret
namespace: default
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
---
kind: GatewayClass
apiVersion: gateway.networking.k8s.io/v1
metadata:
name: my-gateway-class
namespace: default
spec:
controllerName: traefik.io/gateway-controller
---
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1
metadata:
name: my-tls-gateway
namespace: default
spec:
gatewayClassName: my-gateway-class
listeners: # Use GatewayClass defaults for listener definition.
- name: tls
protocol: TLS
hostname: foo.example.com
port: 9000
tls:
mode: Passthrough
allowedRoutes:
kinds:
- kind: TLSRoute
group: gateway.networking.k8s.io
namespaces:
from: Same
---
kind: TLSRoute
apiVersion: gateway.networking.k8s.io/v1alpha2
metadata:
name: tls-app-1
namespace: default
spec:
parentRefs:
- name: my-tls-gateway
kind: Gateway
group: gateway.networking.k8s.io
rules:
- backendRefs:
- name: whoamitcp-native
port: 9000
weight: 1
kind: Service
group: ""

2
pkg/provider/kubernetes/gateway/grpcroute.go
View file

@ -350,7 +350,7 @@ func (p *Provider) loadGRPCServers(namespace string, route *gatev1.GRPCRoute, ba
for _, ba := range backendAddresses { for _, ba := range backendAddresses {
lb.Servers = append(lb.Servers, dynamic.Server{ lb.Servers = append(lb.Servers, dynamic.Server{
URL: fmt.Sprintf("h2c://%s", net.JoinHostPort(ba.Address, strconv.Itoa(int(ba.Port)))), URL: fmt.Sprintf("h2c://%s", net.JoinHostPort(ba.IP, strconv.Itoa(int(ba.Port)))),
}) })
} }
return lb, nil return lb, nil

2
pkg/provider/kubernetes/gateway/httproute.go
View file

@ -482,7 +482,7 @@ func (p *Provider) loadHTTPServers(namespace string, route *gatev1.HTTPRoute, ba
for _, ba := range backendAddresses { for _, ba := range backendAddresses {
lb.Servers = append(lb.Servers, dynamic.Server{ lb.Servers = append(lb.Servers, dynamic.Server{
URL: fmt.Sprintf("%s://%s", protocol, net.JoinHostPort(ba.Address, strconv.Itoa(int(ba.Port)))), URL: fmt.Sprintf("%s://%s", protocol, net.JoinHostPort(ba.IP, strconv.Itoa(int(ba.Port)))),
}) })
} }
return lb, svcPort, nil return lb, svcPort, nil

28
pkg/provider/kubernetes/gateway/kubernetes.go
View file

@ -65,6 +65,7 @@ type Provider struct {
ThrottleDuration ptypes.Duration `description:"Kubernetes refresh throttle duration" json:"throttleDuration,omitempty" toml:"throttleDuration,omitempty" yaml:"throttleDuration,omitempty" export:"true"` ThrottleDuration ptypes.Duration `description:"Kubernetes refresh throttle duration" json:"throttleDuration,omitempty" toml:"throttleDuration,omitempty" yaml:"throttleDuration,omitempty" export:"true"`
ExperimentalChannel bool `description:"Toggles Experimental Channel resources support (TCPRoute, TLSRoute...)." json:"experimentalChannel,omitempty" toml:"experimentalChannel,omitempty" yaml:"experimentalChannel,omitempty" export:"true"` ExperimentalChannel bool `description:"Toggles Experimental Channel resources support (TCPRoute, TLSRoute...)." json:"experimentalChannel,omitempty" toml:"experimentalChannel,omitempty" yaml:"experimentalChannel,omitempty" export:"true"`
StatusAddress *StatusAddress `description:"Defines the Kubernetes Gateway status address." json:"statusAddress,omitempty" toml:"statusAddress,omitempty" yaml:"statusAddress,omitempty" export:"true"` StatusAddress *StatusAddress `description:"Defines the Kubernetes Gateway status address." json:"statusAddress,omitempty" toml:"statusAddress,omitempty" yaml:"statusAddress,omitempty" export:"true"`
NativeLBByDefault bool `description:"Defines whether to use Native Kubernetes load-balancing by default." json:"nativeLBByDefault,omitempty" toml:"nativeLBByDefault,omitempty" yaml:"nativeLBByDefault,omitempty" export:"true"`
EntryPoints map[string]Entrypoint `json:"-" toml:"-" yaml:"-" label:"-" file:"-"` EntryPoints map[string]Entrypoint `json:"-" toml:"-" yaml:"-" label:"-" file:"-"`
@ -873,8 +874,8 @@ func (p *Provider) allowedNamespaces(gatewayNamespace string, routeNamespaces *g
} }
type backendAddress struct { type backendAddress struct {
Address string IP string
Port int32 Port int32
} }
func (p *Provider) getBackendAddresses(namespace string, ref gatev1.BackendRef) ([]backendAddress, corev1.ServicePort, error) { func (p *Provider) getBackendAddresses(namespace string, ref gatev1.BackendRef) ([]backendAddress, corev1.ServicePort, error) {
@ -889,6 +890,9 @@ func (p *Provider) getBackendAddresses(namespace string, ref gatev1.BackendRef)
if !exists { if !exists {
return nil, corev1.ServicePort{}, errors.New("service not found") return nil, corev1.ServicePort{}, errors.New("service not found")
} }
if service.Spec.Type == corev1.ServiceTypeExternalName {
return nil, corev1.ServicePort{}, errors.New("type ExternalName is not supported for Kubernetes Service reference")
}
var svcPort *corev1.ServicePort var svcPort *corev1.ServicePort
for _, p := range service.Spec.Ports { for _, p := range service.Spec.Ports {
@ -901,6 +905,22 @@ func (p *Provider) getBackendAddresses(namespace string, ref gatev1.BackendRef)
return nil, corev1.ServicePort{}, fmt.Errorf("service port %d not found", *ref.Port) return nil, corev1.ServicePort{}, fmt.Errorf("service port %d not found", *ref.Port)
} }
annotationsConfig, err := parseServiceAnnotations(service.Annotations)
if err != nil {
return nil, corev1.ServicePort{}, fmt.Errorf("parsing service annotations config: %w", err)
}
if p.NativeLBByDefault || annotationsConfig.Service.NativeLB {
if service.Spec.ClusterIP == "" || service.Spec.ClusterIP == "None" {
return nil, corev1.ServicePort{}, fmt.Errorf("no clusterIP found for service: %s/%s", service.Namespace, service.Name)
}
return []backendAddress{{
IP: service.Spec.ClusterIP,
Port: svcPort.Port,
}}, *svcPort, nil
}
endpointSlices, err := p.client.ListEndpointSlicesForService(namespace, string(ref.Name)) endpointSlices, err := p.client.ListEndpointSlicesForService(namespace, string(ref.Name))
if err != nil { if err != nil {
return nil, corev1.ServicePort{}, fmt.Errorf("getting endpointslices: %w", err) return nil, corev1.ServicePort{}, fmt.Errorf("getting endpointslices: %w", err)
@ -935,8 +955,8 @@ func (p *Provider) getBackendAddresses(namespace string, ref gatev1.BackendRef)
uniqAddresses[address] = struct{}{} uniqAddresses[address] = struct{}{}
backendServers = append(backendServers, backendAddress{ backendServers = append(backendServers, backendAddress{
Address: address, IP: address,
Port: port, Port: port,
}) })
} }
} }

345
pkg/provider/kubernetes/gateway/kubernetes_test.go
View file

@ -57,6 +57,7 @@ func TestLoadHTTPRoutes(t *testing.T) {
expected *dynamic.Configuration expected *dynamic.Configuration
entryPoints map[string]Entrypoint entryPoints map[string]Entrypoint
experimentalChannel bool experimentalChannel bool
nativeLB bool
}{ }{
{ {
desc: "Empty", desc: "Empty",
@ -2334,6 +2335,123 @@ func TestLoadHTTPRoutes(t *testing.T) {
TLS: &dynamic.TLSConfiguration{}, TLS: &dynamic.TLSConfiguration{},
}, },
}, },
{
desc: "Simple HTTPRoute with NativeLBByDefault enabled",
paths: []string{"services.yml", "httproute/simple.yml"},
nativeLB: true,
entryPoints: map[string]Entrypoint{"web": {
Address: ":80",
}},
expected: &dynamic.Configuration{
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{},
Middlewares: map[string]*dynamic.TCPMiddleware{},
Services: map[string]*dynamic.TCPService{},
ServersTransports: map[string]*dynamic.TCPServersTransport{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{
"default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06": {
EntryPoints: []string{"web"},
Service: "default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06-wrr",
Rule: "Host(`foo.com`) && Path(`/bar`)",
Priority: 100008,
RuleSyntax: "v3",
},
},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{
"default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06-wrr": {
Weighted: &dynamic.WeightedRoundRobin{
Services: []dynamic.WRRService{
{
Name: "default-whoami-80",
Weight: ptr.To(1),
},
},
},
},
"default-whoami-80": {
LoadBalancer: &dynamic.ServersLoadBalancer{
Servers: []dynamic.Server{
{
URL: "http://10.10.10.1:80",
},
},
PassHostHeader: ptr.To(true),
ResponseForwarding: &dynamic.ResponseForwarding{
FlushInterval: ptypes.Duration(100 * time.Millisecond),
},
},
},
},
ServersTransports: map[string]*dynamic.ServersTransport{},
},
TLS: &dynamic.TLSConfiguration{},
},
},
{
desc: "Simple HTTPRoute with NativeLB annotation",
paths: []string{"services.yml", "httproute/simple_nativelb.yml"},
entryPoints: map[string]Entrypoint{"web": {
Address: ":80",
}},
expected: &dynamic.Configuration{
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{},
Middlewares: map[string]*dynamic.TCPMiddleware{},
Services: map[string]*dynamic.TCPService{},
ServersTransports: map[string]*dynamic.TCPServersTransport{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{
"default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06": {
EntryPoints: []string{"web"},
Service: "default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06-wrr",
Rule: "Host(`foo.com`) && Path(`/bar`)",
Priority: 100008,
RuleSyntax: "v3",
},
},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{
"default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06-wrr": {
Weighted: &dynamic.WeightedRoundRobin{
Services: []dynamic.WRRService{
{
Name: "default-whoami-native-80",
Weight: ptr.To(1),
},
},
},
},
"default-whoami-native-80": {
LoadBalancer: &dynamic.ServersLoadBalancer{
Servers: []dynamic.Server{
{
URL: "http://10.10.10.1:80",
},
},
PassHostHeader: ptr.To(true),
ResponseForwarding: &dynamic.ResponseForwarding{
FlushInterval: ptypes.Duration(100 * time.Millisecond),
},
},
},
},
ServersTransports: map[string]*dynamic.ServersTransport{},
},
TLS: &dynamic.TLSConfiguration{},
},
},
} }
for _, test := range testCases { for _, test := range testCases {
@ -2363,6 +2481,7 @@ func TestLoadHTTPRoutes(t *testing.T) {
p := Provider{ p := Provider{
EntryPoints: test.entryPoints, EntryPoints: test.entryPoints,
ExperimentalChannel: test.experimentalChannel, ExperimentalChannel: test.experimentalChannel,
NativeLBByDefault: test.nativeLB,
client: client, client: client,
} }
@ -3078,6 +3197,7 @@ func TestLoadTCPRoutes(t *testing.T) {
paths []string paths []string
expected *dynamic.Configuration expected *dynamic.Configuration
entryPoints map[string]Entrypoint entryPoints map[string]Entrypoint
nativeLB bool
}{ }{
{ {
desc: "Empty", desc: "Empty",
@ -3826,6 +3946,113 @@ func TestLoadTCPRoutes(t *testing.T) {
TLS: &dynamic.TLSConfiguration{}, TLS: &dynamic.TLSConfiguration{},
}, },
}, },
{
desc: "Simple TCPRoute with NativeLBByDefault",
paths: []string{"services.yml", "tcproute/simple.yml"},
nativeLB: true,
entryPoints: map[string]Entrypoint{
"tcp": {Address: ":9000"},
},
expected: &dynamic.Configuration{
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{
"default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb": {
EntryPoints: []string{"tcp"},
Service: "default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb-wrr",
Rule: "HostSNI(`*`)",
RuleSyntax: "v3",
},
},
Middlewares: map[string]*dynamic.TCPMiddleware{},
Services: map[string]*dynamic.TCPService{
"default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb-wrr": {
Weighted: &dynamic.TCPWeightedRoundRobin{
Services: []dynamic.TCPWRRService{
{
Name: "default-whoamitcp-9000",
Weight: ptr.To(1),
},
},
},
},
"default-whoamitcp-9000": {
LoadBalancer: &dynamic.TCPServersLoadBalancer{
Servers: []dynamic.TCPServer{
{
Address: "10.10.10.1:9000",
},
},
},
},
},
ServersTransports: map[string]*dynamic.TCPServersTransport{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{},
ServersTransports: map[string]*dynamic.ServersTransport{},
},
TLS: &dynamic.TLSConfiguration{},
},
},
{
desc: "Simple TCPRoute with NativeLB annotation",
paths: []string{"services.yml", "tcproute/simple_nativelb.yml"},
entryPoints: map[string]Entrypoint{
"tcp": {Address: ":9000"},
},
expected: &dynamic.Configuration{
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{
"default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb": {
EntryPoints: []string{"tcp"},
Service: "default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb-wrr",
Rule: "HostSNI(`*`)",
RuleSyntax: "v3",
},
},
Middlewares: map[string]*dynamic.TCPMiddleware{},
Services: map[string]*dynamic.TCPService{
"default-tcp-app-1-my-tcp-gateway-tcp-0-e3b0c44298fc1c149afb-wrr": {
Weighted: &dynamic.TCPWeightedRoundRobin{
Services: []dynamic.TCPWRRService{
{
Name: "default-whoamitcp-native-9000",
Weight: ptr.To(1),
},
},
},
},
"default-whoamitcp-native-9000": {
LoadBalancer: &dynamic.TCPServersLoadBalancer{
Servers: []dynamic.TCPServer{
{
Address: "10.10.10.1:9000",
},
},
},
},
},
ServersTransports: map[string]*dynamic.TCPServersTransport{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{},
ServersTransports: map[string]*dynamic.ServersTransport{},
},
TLS: &dynamic.TLSConfiguration{},
},
},
} }
for _, test := range testCases { for _, test := range testCases {
@ -3854,6 +4081,7 @@ func TestLoadTCPRoutes(t *testing.T) {
p := Provider{ p := Provider{
EntryPoints: test.entryPoints, EntryPoints: test.entryPoints,
NativeLBByDefault: test.nativeLB,
ExperimentalChannel: true, ExperimentalChannel: true,
client: client, client: client,
} }
@ -3869,8 +4097,9 @@ func TestLoadTLSRoutes(t *testing.T) {
desc string desc string
ingressClass string ingressClass string
paths []string paths []string
expected *dynamic.Configuration
entryPoints map[string]Entrypoint entryPoints map[string]Entrypoint
nativeLB bool
expected *dynamic.Configuration
}{ }{
{ {
desc: "Empty", desc: "Empty",
@ -4975,6 +5204,119 @@ func TestLoadTLSRoutes(t *testing.T) {
TLS: &dynamic.TLSConfiguration{}, TLS: &dynamic.TLSConfiguration{},
}, },
}, },
{
desc: "Simple TLSRoute with NativeLBByDefault",
paths: []string{"services.yml", "tlsroute/simple_TLS_to_TLSRoute.yml"},
nativeLB: true,
entryPoints: map[string]Entrypoint{
"tcp": {Address: ":9000"},
},
expected: &dynamic.Configuration{
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{
"default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb": {
EntryPoints: []string{"tcp"},
Service: "default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb-wrr",
Rule: "HostSNI(`foo.example.com`)",
RuleSyntax: "v3",
TLS: &dynamic.RouterTCPTLSConfig{
Passthrough: true,
},
},
},
Middlewares: map[string]*dynamic.TCPMiddleware{},
Services: map[string]*dynamic.TCPService{
"default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb-wrr": {
Weighted: &dynamic.TCPWeightedRoundRobin{
Services: []dynamic.TCPWRRService{
{
Name: "default-whoamitcp-9000",
Weight: ptr.To(1),
},
},
},
},
"default-whoamitcp-9000": {
LoadBalancer: &dynamic.TCPServersLoadBalancer{
Servers: []dynamic.TCPServer{
{
Address: "10.10.10.1:9000",
},
},
},
},
},
ServersTransports: map[string]*dynamic.TCPServersTransport{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{},
ServersTransports: map[string]*dynamic.ServersTransport{},
},
TLS: &dynamic.TLSConfiguration{},
},
},
{
desc: "Simple TLSRoute with NativeLB annotation",
paths: []string{"services.yml", "tlsroute/simple_nativelb.yml"},
entryPoints: map[string]Entrypoint{
"tcp": {Address: ":9000"},
},
expected: &dynamic.Configuration{
UDP: &dynamic.UDPConfiguration{
Routers: map[string]*dynamic.UDPRouter{},
Services: map[string]*dynamic.UDPService{},
},
TCP: &dynamic.TCPConfiguration{
Routers: map[string]*dynamic.TCPRouter{
"default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb": {
EntryPoints: []string{"tcp"},
Service: "default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb-wrr",
Rule: "HostSNI(`foo.example.com`)",
RuleSyntax: "v3",
TLS: &dynamic.RouterTCPTLSConfig{
Passthrough: true,
},
},
},
Middlewares: map[string]*dynamic.TCPMiddleware{},
Services: map[string]*dynamic.TCPService{
"default-tls-app-1-my-tls-gateway-tcp-0-e3b0c44298fc1c149afb-wrr": {
Weighted: &dynamic.TCPWeightedRoundRobin{
Services: []dynamic.TCPWRRService{
{
Name: "default-whoamitcp-native-9000",
Weight: ptr.To(1),
},
},
},
},
"default-whoamitcp-native-9000": {
LoadBalancer: &dynamic.TCPServersLoadBalancer{
Servers: []dynamic.TCPServer{
{
Address: "10.10.10.1:9000",
},
},
},
},
},
ServersTransports: map[string]*dynamic.TCPServersTransport{},
},
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{},
Middlewares: map[string]*dynamic.Middleware{},
Services: map[string]*dynamic.Service{},
ServersTransports: map[string]*dynamic.ServersTransport{},
},
TLS: &dynamic.TLSConfiguration{},
},
},
} }
for _, test := range testCases { for _, test := range testCases {
@ -5003,6 +5345,7 @@ func TestLoadTLSRoutes(t *testing.T) {
p := Provider{ p := Provider{
EntryPoints: test.entryPoints, EntryPoints: test.entryPoints,
NativeLBByDefault: test.nativeLB,
ExperimentalChannel: true, ExperimentalChannel: true,
client: client, client: client,
} }

2
pkg/provider/kubernetes/gateway/tcproute.go
View file

@ -286,7 +286,7 @@ func (p *Provider) loadTCPServers(namespace string, route *gatev1alpha2.TCPRoute
for _, ba := range backendAddresses { for _, ba := range backendAddresses {
lb.Servers = append(lb.Servers, dynamic.TCPServer{ lb.Servers = append(lb.Servers, dynamic.TCPServer{
Address: net.JoinHostPort(ba.Address, strconv.Itoa(int(ba.Port))), Address: net.JoinHostPort(ba.IP, strconv.Itoa(int(ba.Port))),
}) })
} }
return lb, nil return lb, nil

2
pkg/provider/kubernetes/gateway/tlsroute.go
View file

@ -289,7 +289,7 @@ func (p *Provider) loadTLSServers(namespace string, route *gatev1alpha2.TLSRoute
for _, ba := range backendAddresses { for _, ba := range backendAddresses {
lb.Servers = append(lb.Servers, dynamic.TCPServer{ lb.Servers = append(lb.Servers, dynamic.TCPServer{
// TODO determine whether the servers needs TLS, from the port? // TODO determine whether the servers needs TLS, from the port?
Address: net.JoinHostPort(ba.Address, strconv.Itoa(int(ba.Port))), Address: net.JoinHostPort(ba.IP, strconv.Itoa(int(ba.Port))),
}) })
} }
return lb, nil return lb, nil

2
pkg/provider/kubernetes/ingress/kubernetes.go
View file

@ -219,7 +219,7 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl
var ingressClasses []*netv1.IngressClass var ingressClasses []*netv1.IngressClass
if !p.DisableIngressClassLookup { if !p.DisableIngressClassLookup && !p.DisableClusterScopeResources {
ics, err := client.GetIngressClasses() ics, err := client.GetIngressClasses()
if err != nil { if err != nil {
log.Ctx(ctx).Warn().Err(err).Msg("Failed to list ingress classes") log.Ctx(ctx).Warn().Err(err).Msg("Failed to list ingress classes")

63
pkg/provider/kubernetes/ingress/kubernetes_test.go
View file

@ -26,11 +26,12 @@ func Bool(v bool) *bool { return &v }
func TestLoadConfigurationFromIngresses(t *testing.T) { func TestLoadConfigurationFromIngresses(t *testing.T) {
testCases := []struct { testCases := []struct {
desc string desc string
ingressClass string ingressClass string
expected *dynamic.Configuration expected *dynamic.Configuration
allowEmptyServices bool allowEmptyServices bool
disableIngressClassLookup bool disableIngressClassLookup bool
disableClusterScopeResources bool
}{ }{
{ {
desc: "Empty ingresses", desc: "Empty ingresses",
@ -1335,6 +1336,38 @@ func TestLoadConfigurationFromIngresses(t *testing.T) {
}, },
}, },
}, },
{
// Duplicate test case with the same fixture as the one above, but with the disableClusterScopeResources option to true.
// Showing that disabling the ingressClass discovery still allow the discovery of ingresses with ingress annotation.
desc: "Ingress with ingress annotation",
disableClusterScopeResources: true,
expected: &dynamic.Configuration{
HTTP: &dynamic.HTTPConfiguration{
Middlewares: map[string]*dynamic.Middleware{},
Routers: map[string]*dynamic.Router{
"testing-bar": {
Rule: "PathPrefix(`/bar`)",
Service: "testing-service1-80",
},
},
Services: map[string]*dynamic.Service{
"testing-service1-80": {
LoadBalancer: &dynamic.ServersLoadBalancer{
PassHostHeader: Bool(true),
ResponseForwarding: &dynamic.ResponseForwarding{
FlushInterval: ptypes.Duration(100 * time.Millisecond),
},
Servers: []dynamic.Server{
{
URL: "http://10.10.0.1:8080",
},
},
},
},
},
},
},
},
{ {
desc: "Ingress with ingressClass", desc: "Ingress with ingressClass",
expected: &dynamic.Configuration{ expected: &dynamic.Configuration{
@ -1377,6 +1410,19 @@ func TestLoadConfigurationFromIngresses(t *testing.T) {
}, },
}, },
}, },
{
// Duplicate test case with the same fixture as the one above, but with the disableClusterScopeResources option to true.
// Showing that disabling the ingressClass discovery avoid discovering Ingresses with an IngressClass.
desc: "Ingress with ingressClass",
disableClusterScopeResources: true,
expected: &dynamic.Configuration{
HTTP: &dynamic.HTTPConfiguration{
Middlewares: map[string]*dynamic.Middleware{},
Routers: map[string]*dynamic.Router{},
Services: map[string]*dynamic.Service{},
},
},
},
{ {
desc: "Ingress with named port", desc: "Ingress with named port",
expected: &dynamic.Configuration{ expected: &dynamic.Configuration{
@ -1455,9 +1501,10 @@ func TestLoadConfigurationFromIngresses(t *testing.T) {
clientMock := newClientMock(generateTestFilename(test.desc)) clientMock := newClientMock(generateTestFilename(test.desc))
p := Provider{ p := Provider{
IngressClass: test.ingressClass, IngressClass: test.ingressClass,
AllowEmptyServices: test.allowEmptyServices, AllowEmptyServices: test.allowEmptyServices,
DisableIngressClassLookup: test.disableIngressClassLookup, DisableIngressClassLookup: test.disableIngressClassLookup,
DisableClusterScopeResources: test.disableClusterScopeResources,
} }
conf := p.loadConfigurationFromIngresses(context.Background(), clientMock) conf := p.loadConfigurationFromIngresses(context.Background(), clientMock)

2
pkg/server/router/tcp/postgres.go
View file

@ -28,7 +28,7 @@ func isPostgres(br *bufio.Reader) (bool, error) {
peeked, err := br.Peek(i) peeked, err := br.Peek(i)
if err != nil { if err != nil {
var opErr *net.OpError var opErr *net.OpError
if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || opErr.Timeout()) { if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || !opErr.Timeout()) {
log.Error().Err(err).Msg("Error while Peeking first byte") log.Error().Err(err).Msg("Error while Peeking first byte")
} }
return false, err return false, err

2
pkg/server/router/tcp/router.go
View file

@ -363,7 +363,7 @@ func clientHelloInfo(br *bufio.Reader) (*clientHello, error) {
hdr, err := br.Peek(1) hdr, err := br.Peek(1)
if err != nil { if err != nil {
var opErr *net.OpError var opErr *net.OpError
if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || opErr.Timeout()) { if !errors.Is(err, io.EOF) && (!errors.As(err, &opErr) || !opErr.Timeout()) {
log.Error().Err(err).Msg("Error while Peeking first byte") log.Error().Err(err).Msg("Error while Peeking first byte")
} }
return nil, err return nil, err

6
script/gcg/traefik-bugfix.toml
View file

@ -4,11 +4,11 @@ RepositoryName = "traefik"
OutputType = "file" OutputType = "file"
FileName = "traefik_changelog.md" FileName = "traefik_changelog.md"
# example new bugfix v3.1.4 # example new bugfix v3.1.5
CurrentRef = "v3.1" CurrentRef = "v3.1"
PreviousRef = "v3.1.3" PreviousRef = "v3.1.4"
BaseBranch = "v3.1" BaseBranch = "v3.1"
FutureCurrentRefName = "v3.1.4" FutureCurrentRefName = "v3.1.5"
ThresholdPreviousRef = 10 ThresholdPreviousRef = 10
ThresholdCurrentRef = 10 ThresholdCurrentRef = 10

6
script/gcg/traefik-rc-first.toml
View file

@ -4,11 +4,11 @@ RepositoryName = "traefik"
OutputType = "file" OutputType = "file"
FileName = "traefik_changelog.md" FileName = "traefik_changelog.md"
# example RC1 of v3.1.0-rc1 # example RC1 of v3.2.0-rc1
CurrentRef = "master" CurrentRef = "master"
PreviousRef = "v3.0.0-beta3" PreviousRef = "v3.1.0-rc1"
BaseBranch = "master" BaseBranch = "master"
FutureCurrentRefName = "v3.1.0-rc1" FutureCurrentRefName = "v3.2.0-rc1"
ThresholdPreviousRef = 10000 ThresholdPreviousRef = 10000
ThresholdCurrentRef = 10000 ThresholdCurrentRef = 10000

2
webui/embed.go
View file

@ -5,6 +5,8 @@ import (
"io/fs" "io/fs"
) )
// Files starting with . and _ are excluded by default
//
//go:embed static //go:embed static
var assets embed.FS var assets embed.FS

3
webui/package.json
View file

@ -20,16 +20,13 @@
"dependencies": { "dependencies": {
"@quasar/extras": "^1.16.12", "@quasar/extras": "^1.16.12",
"axios": "^1.7.4", "axios": "^1.7.4",
"bowser": "^2.11.0",
"chart.js": "^4.4.1", "chart.js": "^4.4.1",
"core-js": "^3.35.1", "core-js": "^3.35.1",
"dot-prop": "^8.0.2", "dot-prop": "^8.0.2",
"iframe-resizer": "^4.3.9",
"lodash.isequal": "4.5.0", "lodash.isequal": "4.5.0",
"moment": "^2.30.1", "moment": "^2.30.1",
"quasar": "^2.16.6", "quasar": "^2.16.6",
"query-string": "^8.1.0", "query-string": "^8.1.0",
"vh-check": "^2.0.5",
"vue": "^3.0.0", "vue": "^3.0.0",
"vue-chartjs": "^5.3.0", "vue-chartjs": "^5.3.0",
"vue-router": "^4.0.12", "vue-router": "^4.0.12",

4
webui/quasar.conf.js
View file

@ -13,9 +13,7 @@ module.exports = configure(function (ctx) {
// app boot file (/src/boot) // app boot file (/src/boot)
// --> boot files are part of "main.js" // --> boot files are part of "main.js"
boot: [ boot: [
'api', 'api'
'_hacks',
'_init'
], ],
css: [ css: [

16
webui/src/_directives/resize.js
View file

@ -1,16 +0,0 @@
import iframeResize from 'iframe-resizer/js/iframeResizer'
const resize = {
mounted (el, binding) {
const options = binding.value || {}
el.addEventListener('load', () => iframeResize(options, el))
},
unmounted (el) {
const resizableEl = el
if (resizableEl.iFrameResizer) {
resizableEl.iFrameResizer.removeListeners()
}
}
}
export default resize

10
webui/src/boot/_globals.js
View file

@ -1,10 +0,0 @@
import { APP } from '../_helpers/APP'
import Boot from '../_middleware/Boot'
export default async ({ app, router, store }) => {
app.use(Boot)
APP.root = app
APP.router = router
APP.store = store
}

13
webui/src/boot/_hacks.js
View file

@ -1,13 +0,0 @@
import Bowser from 'bowser'
import vhCheck from 'vh-check'
const browser = Bowser.getParser(window.navigator.userAgent)
// In Mobile
if (browser.getPlatform().type === 'mobile') {
vhCheck()
}
export default async ({ app, Vue }) => {
}

30
webui/src/boot/_init.js
View file

@ -1,30 +0,0 @@
import { APP } from '../_helpers/APP'
import errors from '../_helpers/Errors'
import resize from '../_directives/resize'
export default async ({ app, router }) => {
// Directives
app.directive('resize', resize)
// Router
// ----------------------------------------------
router.beforeEach(async (to, from, next) => {
// Set APP
APP.routeTo = to
APP.routeFrom = from
next()
})
// Api (axios)
// ----------------------------------------------
APP.api.interceptors.request.use((config) => {
console.log('interceptors -> config', config)
// config.headers['Accept'] = '*/*'
return config
})
APP.api.interceptors.response.use((response) => {
console.log('interceptors -> response', response)
return response
}, errors.handleResponse)
}

15
webui/yarn.lock
View file

@ -2267,11 +2267,6 @@ boolbase@^1.0.0:
resolved "https://registry.yarnpkg.com/boolbase/-/boolbase-1.0.0.tgz#68dff5fbe60c51eb37725ea9e3ed310dcc1e776e" resolved "https://registry.yarnpkg.com/boolbase/-/boolbase-1.0.0.tgz#68dff5fbe60c51eb37725ea9e3ed310dcc1e776e"
integrity sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww== integrity sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==
bowser@^2.11.0:
version "2.11.0"
resolved "https://registry.yarnpkg.com/bowser/-/bowser-2.11.0.tgz#5ca3c35757a7aa5771500c70a73a9f91ef420a8f"
integrity sha512-AlcaJBi/pqqJBIQ8U9Mcpc9i8Aqxn88Skv5d+xBX006BY5u8N3mGLHa5Lgppa7L/HfwgwLgZ6NYs+Ag6uUmJRA==
brace-expansion@^1.1.7: brace-expansion@^1.1.7:
version "1.1.11" version "1.1.11"
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd" resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd"
@ -3864,11 +3859,6 @@ ieee754@^1.1.13, ieee754@^1.2.1:
resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.2.1.tgz#8eb7a10a63fff25d15a57b001586d177d1b0d352" resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.2.1.tgz#8eb7a10a63fff25d15a57b001586d177d1b0d352"
integrity sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA== integrity sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==
iframe-resizer@^4.3.9:
version "4.4.5"
resolved "https://registry.yarnpkg.com/iframe-resizer/-/iframe-resizer-4.4.5.tgz#f5048636e7f2fb5d9a09cc2ae78eb2da55ad555c"
integrity sha512-U8bCywf/Gh07O69RXo6dXAzTtODQrxaHGHRI7Nt4ipXsuq6EMxVsOP/jjaP43YtXz/ibESS0uSVDN3sOGCzSmw==
ignore@^5.2.0, ignore@^5.2.4: ignore@^5.2.0, ignore@^5.2.4:
version "5.3.1" version "5.3.1"
resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.3.1.tgz#5073e554cd42c5b33b394375f538b8593e34d4ef" resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.3.1.tgz#5073e554cd42c5b33b394375f538b8593e34d4ef"
@ -6007,11 +5997,6 @@ vary@~1.1.2:
resolved "https://registry.yarnpkg.com/vary/-/vary-1.1.2.tgz#2299f02c6ded30d4a5961b0b9f74524a18f634fc" resolved "https://registry.yarnpkg.com/vary/-/vary-1.1.2.tgz#2299f02c6ded30d4a5961b0b9f74524a18f634fc"
integrity sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg== integrity sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==
vh-check@^2.0.5:
version "2.0.5"
resolved "https://registry.yarnpkg.com/vh-check/-/vh-check-2.0.5.tgz#1b70610461e9776176f23d172daae3c4761aed09"
integrity sha512-vHtIYWt9uLl2P2tLlatVpMwv9+ezuJCtMNjUVIpzd5Pa/dJXN8AtqkKmVRcNSlmXyCjkCkbMQX/Vs9axmdlfgg==
vite-jsconfig-paths@^2.0.1: vite-jsconfig-paths@^2.0.1:
version "2.0.1" version "2.0.1"
resolved "https://registry.yarnpkg.com/vite-jsconfig-paths/-/vite-jsconfig-paths-2.0.1.tgz#d66e36d67596dd8a8e4a6ed6e6db20debc50b45e" resolved "https://registry.yarnpkg.com/vite-jsconfig-paths/-/vite-jsconfig-paths-2.0.1.tgz#d66e36d67596dd8a8e4a6ed6e6db20debc50b45e"