baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Compare commits

base: baalajimaestro:fd015c5a9b6dd5877d8ead926428949dc5bdcd65
Branches Tags
baalajimaestro:master
...
compare: baalajimaestro:4b7594bc564b128c129e54ef7675ddb086dbe15f
Branches Tags
baalajimaestro:master

12 commits
fd015c5a9b ... 4b7594bc56

Author SHA1 Message Date
baalajimaestro
4b7594bc56
Merge branch 'master' of github.com:traefik/traefik
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2024-07-08 21:45:55 +05:30
Romain
b1b4e6b918
Prepare release v3.1.0-rc1 2024-06-27 16:28:03 +02:00
Michael
8cb1829698
Upgrade to OpenTelemetry Semantic Conventions v1.26.0 2024-06-27 14:14:03 +02:00
mmatur
2f9905061e
Merge current v3.0 into master 2024-06-27 10:17:11 +02:00
mmatur
0a7a6afd59
Merge current v2.11 into v3.0 2024-06-26 17:44:51 +02:00
Kevin Pollet
b577b3a6ba
Fix conformance tests report format 2024-06-26 16:30:05 +02:00
Michael
230019eccf
feat: add logs for plugins load 
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
 2024-06-26 16:08:04 +02:00
Dylan Rodgers
2090baa938
Update Advanced Capabilities Callout 2024-06-26 09:30:04 +02:00
Julien Salleyron
b7de043991
Support systemd socket-activation 
Co-authored-by: Michael <michael.matur@gmail.com>
 2024-06-25 16:30:04 +02:00
Nicolas Mengin
9e0800f938
Fix the Kubernetes GatewayAPI documentation 2024-06-25 14:20:04 +02:00
Julien Salleyron
e7d1a98c5e
Enhance wasm plugins 
Co-authored-by: Michael <[michael.matur@gmail.com](mailto:michael.matur@gmail.com)>
 2024-06-25 09:58:04 +02:00
Emile Vauge
2798e18e18
Update maintainers 2024-06-21 11:10:04 +02:00
91 changed files with 1402 additions and 663 deletions
Show stats Expand all files Collapse all files

1
.golangci.yml
View file

@ -146,6 +146,7 @@ linters-settings:
- github.com/mailgun/multibuf - github.com/mailgun/multibuf
- github.com/jaguilar/vt100 - github.com/jaguilar/vt100
- github.com/cucumber/godog - github.com/cucumber/godog
- github.com/http-wasm/http-wasm-host-go
testifylint: testifylint:
disable: disable:
- suite-dont-use-pkg - suite-dont-use-pkg

2
.semaphore/semaphore.yml
View file

@ -46,7 +46,7 @@ blocks:
- name: GH_VERSION - name: GH_VERSION
value: 2.32.1 value: 2.32.1
- name: CODENAME - name: CODENAME
value: "beaufort" value: "comte"
prologue: prologue:
commands: commands:
- export VERSION=${SEMAPHORE_GIT_TAG_NAME} - export VERSION=${SEMAPHORE_GIT_TAG_NAME}

43
CHANGELOG.md
View file

@ -1,3 +1,46 @@
## [v3.1.0-rc1](https://github.com/traefik/traefik/tree/v3.1.0-rc1) (2024-06-27)
[All Commits](https://github.com/traefik/traefik/compare/v3.0.0-beta3...v3.1.0-rc1)
**Enhancements:**
- **[k8s,k8s/gatewayapi]** Support invalid HTTPRoute status ([#10714](https://github.com/traefik/traefik/pull/10714) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s,k8s/gatewayapi]** KubernetesGateway provider is no longer experimental ([#10840](https://github.com/traefik/traefik/pull/10840) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Bump Gateway API to v1.1.0 ([#10835](https://github.com/traefik/traefik/pull/10835) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s,k8s/gatewayapi]** Fix route attachments to gateways ([#10761](https://github.com/traefik/traefik/pull/10761) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s,k8s/gatewayapi]** Support HTTPRoute method and query param matching ([#10815](https://github.com/traefik/traefik/pull/10815) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s,k8s/gatewayapi]** Support HTTPURLRewrite filter ([#10571](https://github.com/traefik/traefik/pull/10571) by [SantoDE](https://github.com/SantoDE))
- **[k8s,k8s/gatewayapi]** Set Gateway HTTPRoute status ([#10667](https://github.com/traefik/traefik/pull/10667) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s,k8s/gatewayapi]** Support ReferenceGrant for HTTPRoute backends ([#10771](https://github.com/traefik/traefik/pull/10771) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Compute HTTPRoute priorities ([#10766](https://github.com/traefik/traefik/pull/10766) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s,k8s/gatewayapi]** Support RegularExpression for path matching ([#10717](https://github.com/traefik/traefik/pull/10717) by [dmavrommatis](https://github.com/dmavrommatis))
- **[k8s/crd,k8s]** Support HealthCheck for ExternalName services ([#10467](https://github.com/traefik/traefik/pull/10467) by [marcmognol](https://github.com/marcmognol))
- **[k8s/ingress,k8s/crd,k8s,k8s/gatewayapi]** Migrate to EndpointSlices API ([#10664](https://github.com/traefik/traefik/pull/10664) by [jnoordsij](https://github.com/jnoordsij))
- **[k8s/ingress,k8s/crd,k8s]** Change log level from Warning to Info when ExternalName services is enabled ([#10682](https://github.com/traefik/traefik/pull/10682) by [marcmognol](https://github.com/marcmognol))
- **[k8s/ingress,k8s/crd,k8s]** Allow to use internal Node IPs for NodePort services ([#10278](https://github.com/traefik/traefik/pull/10278) by [jorisvergeer](https://github.com/jorisvergeer))
- **[middleware,k8s,k8s/gatewayapi]** Improve HTTPRoute Redirect Filter with port and scheme ([#10784](https://github.com/traefik/traefik/pull/10784) by [rtribotte](https://github.com/rtribotte))
- **[middleware,k8s,k8s/gatewayapi]** Support HTTPRoute redirect port and scheme ([#10802](https://github.com/traefik/traefik/pull/10802) by [rtribotte](https://github.com/rtribotte))
- **[middleware]** Support Content-Security-Policy-Report-Only in the headers middleware ([#10709](https://github.com/traefik/traefik/pull/10709) by [SpecLad](https://github.com/SpecLad))
- **[middleware]** Add support for Zstandard to the compression middleware ([#10660](https://github.com/traefik/traefik/pull/10660) by [Belphemur](https://github.com/Belphemur))
- **[plugins]** Enhance wasm plugins ([#10829](https://github.com/traefik/traefik/pull/10829) by [juliens](https://github.com/juliens))
- **[plugins]** Add logs for plugins load ([#10848](https://github.com/traefik/traefik/pull/10848) by [mmatur](https://github.com/mmatur))
- **[server]** Support systemd socket-activation ([#10399](https://github.com/traefik/traefik/pull/10399) by [juliens](https://github.com/juliens))
**Bug fixes:**
- **[healthcheck,k8s/crd,k8s]** Fix Healthcheck default value for ExternalName services ([#10778](https://github.com/traefik/traefik/pull/10778) by [kevinpollet](https://github.com/kevinpollet))
- **[middleware,metrics,tracing]** Upgrade to OpenTelemetry Semantic Conventions v1.26.0 ([#10850](https://github.com/traefik/traefik/pull/10850) by [mmatur](https://github.com/mmatur))
**Documentation:**
- **[k8s,k8s/gatewayapi]** Fix the Kubernetes GatewayAPI documentation ([#10844](https://github.com/traefik/traefik/pull/10844) by [nmengin](https://github.com/nmengin))
**Misc:**
- Merge current v3.0 into master ([#10853](https://github.com/traefik/traefik/pull/10853) by [mmatur](https://github.com/mmatur))
- Merge current v3.0 into master ([#10811](https://github.com/traefik/traefik/pull/10811) by [mmatur](https://github.com/mmatur))
- Merge current v3.0 into master ([#10789](https://github.com/traefik/traefik/pull/10789) by [ldez](https://github.com/ldez))
- Merge current v3.0 into master ([#10750](https://github.com/traefik/traefik/pull/10750) by [kevinpollet](https://github.com/kevinpollet))
- Merge current v3.0 into master ([#10655](https://github.com/traefik/traefik/pull/10655) by [ldez](https://github.com/ldez))
- Merge current v3.0 into master ([#10567](https://github.com/traefik/traefik/pull/10567) by [ldez](https://github.com/ldez))
- Merge current v3.0 into master ([#10418](https://github.com/traefik/traefik/pull/10418) by [mmatur](https://github.com/mmatur))
- Merge current v3.0 into master ([#10040](https://github.com/traefik/traefik/pull/10040) by [mmatur](https://github.com/mmatur))
## [v3.0.3](https://github.com/traefik/traefik/tree/v3.0.3) (2024-06-18) ## [v3.0.3](https://github.com/traefik/traefik/tree/v3.0.3) (2024-06-18)
[All Commits](https://github.com/traefik/traefik/compare/v3.0.2...v3.0.3) [All Commits](https://github.com/traefik/traefik/compare/v3.0.2...v3.0.3)

14
cmd/traefik/traefik.go
View file

@ -46,6 +46,7 @@ import (
"github.com/traefik/traefik/v3/pkg/tracing" "github.com/traefik/traefik/v3/pkg/tracing"
"github.com/traefik/traefik/v3/pkg/types" "github.com/traefik/traefik/v3/pkg/types"
"github.com/traefik/traefik/v3/pkg/version" "github.com/traefik/traefik/v3/pkg/version"
"golang.org/x/exp/maps"
) )
func main() { func main() {
@ -224,10 +225,21 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
} }
// Plugins // Plugins
pluginLogger := log.Ctx(ctx).With().Logger()
hasPlugins := staticConfiguration.Experimental != nil && (staticConfiguration.Experimental.Plugins != nil || staticConfiguration.Experimental.LocalPlugins != nil)
if hasPlugins {
pluginsList := maps.Keys(staticConfiguration.Experimental.Plugins)
pluginsList = append(pluginsList, maps.Keys(staticConfiguration.Experimental.LocalPlugins)...)
pluginLogger = pluginLogger.With().Strs("plugins", pluginsList).Logger()
pluginLogger.Info().Msg("Loading plugins...")
}
pluginBuilder, err := createPluginBuilder(staticConfiguration) pluginBuilder, err := createPluginBuilder(staticConfiguration)
if err != nil { if err != nil {
log.Error().Err(err).Msg("Plugins are disabled because an error has occurred.") pluginLogger.Err(err).Msg("Plugins are disabled because an error has occurred.")
} else if hasPlugins {
pluginLogger.Info().Msg("Plugins loaded.")
} }
// Providers plugins // Providers plugins

2
docs/content/getting-started/configuration-overview.md
View file

@ -79,7 +79,7 @@ traefik --help
# or # or
docker run traefik[:version] --help docker run traefik[:version] --help
# ex: docker run traefik:v3.0 --help # ex: docker run traefik:v3.1 --help
``` ```
Check the [CLI reference](../reference/static-configuration/cli.md "Link to CLI reference overview") for an overview about all available arguments. Check the [CLI reference](../reference/static-configuration/cli.md "Link to CLI reference overview") for an overview about all available arguments.

8
docs/content/getting-started/install-traefik.md
View file

@ -16,12 +16,12 @@ You can install Traefik with the following flavors:
Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file: Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file:
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.0/traefik.sample.yml) * [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.1/traefik.sample.yml)
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.0/traefik.sample.toml) * [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.1/traefik.sample.toml)
```shell ```shell
docker run -d -p 8080:8080 -p 80:80 \ docker run -d -p 8080:8080 -p 80:80 \
-v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.0 -v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.1
``` ```
For more details, go to the [Docker provider documentation](../providers/docker.md) For more details, go to the [Docker provider documentation](../providers/docker.md)
@ -29,7 +29,7 @@ For more details, go to the [Docker provider documentation](../providers/docker.
!!! tip !!! tip
* Prefer a fixed version than the latest that could be an unexpected version. * Prefer a fixed version than the latest that could be an unexpected version.
ex: `traefik:v3.0` ex: `traefik:v3.1`
* Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine). * Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine).
* Any orchestrator using docker images can fetch the official Traefik docker image. * Any orchestrator using docker images can fetch the official Traefik docker image.

2
docs/content/getting-started/quick-start-with-kubernetes.md
View file

@ -136,7 +136,7 @@ spec:
serviceAccountName: traefik-account serviceAccountName: traefik-account
containers: containers:
- name: traefik - name: traefik
image: traefik:v3.0 image: traefik:v3.1
args: args:
- --api.insecure - --api.insecure
- --providers.kubernetesingress - --providers.kubernetesingress

2
docs/content/getting-started/quick-start.md
View file

@ -20,7 +20,7 @@ version: '3'
services: services:
reverse-proxy: reverse-proxy:
# The official v3 Traefik docker image # The official v3 Traefik docker image
image: traefik:v3.0 image: traefik:v3.1
# Enables the web UI and tells Traefik to listen to docker # Enables the web UI and tells Traefik to listen to docker
command: --api.insecure=true --providers.docker command: --api.insecure=true --providers.docker
ports: ports:

16
docs/content/includes/traefik-for-business-applications.md
View file

@ -1,14 +1,10 @@
--- ---
!!! question "Using Traefik for Business Applications?" !!! question "Using Traefik OSS in Production? Consider Adding Advanced Capabilities."
If you are using Traefik in your organization, consider our enterprise-grade solutions: Add API Gateway or API Management capabilities seamlessly to your existing Traefik deployments.
No rip and replace. No learning curve.
- API Management - [Explore our API Gateway](https://traefik.io/traefik-hub-api-gateway/)
[Explore](https://traefik.io/solutions/api-management/) // [Watch Demo Video](https://info.traefik.io/watch-traefik-hub-demo) - [Explore our API Management](https://traefik.io/traefik-hub/)
- API Gateway - [Get 24/7/365 Commercial Support for Traefik OSS](https://info.traefik.io/request-commercial-support)
[Explore](https://traefik.io/solutions/api-gateway/) // [Watch Demo Video](https://info.traefik.io/watch-traefikee-demo)
- Ingress Controller
[Kubernetes](https://traefik.io/solutions/kubernetes-ingress/) // [Docker Swarm](https://traefik.io/solutions/docker-swarm-ingress/)
These tools help businesses discover, deploy, secure, and manage microservices and APIs easily, at scale, across any environment.

6
docs/content/index.md
View file

@ -24,8 +24,6 @@ Developing Traefik, our main goal is to make it effortless to use, and we're sur
!!! info !!! info
Join our user friendly and active [Community Forum](https://community.traefik.io "Link to Traefik Community Forum") to discuss, learn, and connect with the traefik community. Join our user friendly and active [Community Forum](https://community.traefik.io "Link to Traefik Community Forum") to discuss, learn, and connect with the Traefik community.
Using Traefik in your organization? Consider [Traefik Enterprise](https://traefik.io/traefik-enterprise/ "Lino to Traefik Enterprise"), our unified API Gateway and Ingress that simplifies the discovery, security, and deployment of APIs and microservices across any environment. Using Traefik OSS in Production? Add enterprise-grade API Gateway and API Management capabilities to your existing deployments seamlessly. No rip and replace. No learning curve. Learn more from [this short video](https://info.traefik.io/traefik-upgrade-walkthrough)
See it in action in [this short video walkthrough](https://info.traefik.io/watch-traefikee-demo "Link to video walkthrough").

2
docs/content/observability/access-logs.md
View file

@ -275,7 +275,7 @@ version: "3.7"
services: services:
traefik: traefik:
image: traefik:v3.0 image: traefik:v3.1
environment: environment:
- TZ=US/Alaska - TZ=US/Alaska
command: command:

2
docs/content/observability/tracing/opentelemetry.md
View file

@ -5,6 +5,8 @@ description: "Traefik supports several tracing backends, including OpenTelemetry
# OpenTelemetry # OpenTelemetry
Traefik Proxy follows [official OpenTelemetry semantic conventions v1.26.0](https://github.com/open-telemetry/semantic-conventions/blob/v1.26.0/docs/http/http-spans.md).
To enable the OpenTelemetry tracer: To enable the OpenTelemetry tracer:
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"

25
docs/content/observability/tracing/overview.md
View file

@ -160,3 +160,28 @@ tracing:
```bash tab="CLI" ```bash tab="CLI"
--tracing.capturedResponseHeaders[0]=X-CustomHeader --tracing.capturedResponseHeaders[0]=X-CustomHeader
``` ```
#### `safeQueryParams`
_Optional, Default={}_
By default, all query parameters are redacted.
Defines the list of query parameters to not redact.
```yaml tab="File (YAML)"
tracing:
otlp:
safeQueryParams:
- bar
- buz
```
```toml tab="File (TOML)"
[tracing]
[tracing.otlp]
safeQueryParams = ["bar", "buz"]
```
```bash tab="CLI"
--tracing.otlp.safeQueryParams=bar,buz
```

2
docs/content/providers/docker.md
View file

@ -163,7 +163,7 @@ See the [Docker API Access](#docker-api-access) section for more information.
services: services:
traefik: traefik:
image: traefik:v3.0 # The official v3 Traefik docker image image: traefik:v3.1 # The official v3 Traefik docker image
ports: ports:
- "80:80" - "80:80"
volumes: volumes:

4
docs/content/providers/kubernetes-crd.md
View file

@ -31,10 +31,10 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku
```bash ```bash
# Install Traefik Resource Definitions: # Install Traefik Resource Definitions:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
# Install RBAC for Traefik: # Install RBAC for Traefik:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
``` ```
## Resource Configuration ## Resource Configuration

29
docs/content/providers/kubernetes-gateway.md
View file

@ -5,7 +5,7 @@ description: "Learn how to use the Kubernetes Gateway API as a provider for conf
# Traefik & Kubernetes with Gateway API # Traefik & Kubernetes with Gateway API
The Kubernetes Gateway API, The Experimental Way. The Kubernetes Gateway API Controller.
{: .subtitle } {: .subtitle }
Gateway API is the evolution of Kubernetes APIs that relate to `Services`, such as `Ingress`. Gateway API is the evolution of Kubernetes APIs that relate to `Services`, such as `Ingress`.
@ -14,32 +14,7 @@ The Gateway API project is part of Kubernetes, working under SIG-NETWORK.
The Kubernetes Gateway provider is a Traefik implementation of the [Gateway API](https://gateway-api.sigs.k8s.io/) The Kubernetes Gateway provider is a Traefik implementation of the [Gateway API](https://gateway-api.sigs.k8s.io/)
specifications from the Kubernetes Special Interest Groups (SIGs). specifications from the Kubernetes Special Interest Groups (SIGs).
This provider is proposed as an experimental feature and partially supports Gateway API [v1.0.0](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.0.0) specification. This provider supports Gateway API [v1.1.0](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.1.0) specification.
!!! warning "Enabling The Experimental Kubernetes Gateway Provider"
Since this provider is still experimental, it needs to be activated in the experimental section of the static configuration.
```yaml tab="File (YAML)"
experimental:
kubernetesGateway: true
providers:
kubernetesGateway: {}
#...
```
```toml tab="File (TOML)"
[experimental]
kubernetesGateway = true
[providers.kubernetesGateway]
#...
```
```bash tab="CLI"
--experimental.kubernetesgateway=true --providers.kubernetesgateway=true #...
```
## Requirements ## Requirements

2
docs/content/providers/kubernetes-ingress.md
View file

@ -494,6 +494,6 @@ providers:
### Further ### Further
To learn more about the various aspects of the Ingress specification that Traefik supports, To learn more about the various aspects of the Ingress specification that Traefik supports,
many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v3.0/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository. many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v3.1/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
{!traefik-for-business-applications.md!} {!traefik-for-business-applications.md!}

2
docs/content/providers/swarm.md
View file

@ -209,7 +209,7 @@ See the [Docker Swarm API Access](#docker-api-access) section for more informati
services: services:
traefik: traefik:
image: traefik:v3.0 # The official v3 Traefik docker image image: traefik:v3.1 # The official v3 Traefik docker image
ports: ports:
- "80:80" - "80:80"
volumes: volumes:

142
docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
View file

@ -43,7 +43,7 @@ spec:
description: |- description: |-
EntryPoints defines the list of entry point names to bind to. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
Default: all. Default: all.
items: items:
type: string type: string
@ -63,12 +63,12 @@ spec:
match: match:
description: |- description: |-
Match defines the router's rule. Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
type: string type: string
middlewares: middlewares:
description: |- description: |-
Middlewares defines the list of references to Middleware resources. Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
items: items:
description: MiddlewareRef is a reference to a Middleware description: MiddlewareRef is a reference to a Middleware
resource. resource.
@ -88,7 +88,7 @@ spec:
priority: priority:
description: |- description: |-
Priority defines the router's priority. Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
type: integer type: integer
services: services:
description: |- description: |-
@ -229,7 +229,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -277,7 +277,7 @@ spec:
syntax: syntax:
description: |- description: |-
Syntax defines the router's rule syntax. Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
type: string type: string
required: required:
- kind - kind
@ -287,18 +287,18 @@ spec:
tls: tls:
description: |- description: |-
TLS defines the TLS configuration. TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
properties: properties:
certResolver: certResolver:
description: |- description: |-
CertResolver defines the name of the certificate resolver to use. CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration. Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
type: string type: string
domains: domains:
description: |- description: |-
Domains defines the list of domains that will be used to issue certificates. Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@ -317,17 +317,17 @@ spec:
description: |- description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used. If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
properties: properties:
name: name:
description: |- description: |-
Name defines the name of the referenced TLSOption. Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
type: string type: string
namespace: namespace:
description: |- description: |-
Namespace defines the namespace of the referenced TLSOption. Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
type: string type: string
required: required:
- name - name
@ -344,12 +344,12 @@ spec:
name: name:
description: |- description: |-
Name defines the name of the referenced TLSStore. Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
type: string type: string
namespace: namespace:
description: |- description: |-
Namespace defines the namespace of the referenced TLSStore. Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
type: string type: string
required: required:
- name - name
@ -409,7 +409,7 @@ spec:
description: |- description: |-
EntryPoints defines the list of entry point names to bind to. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
Default: all. Default: all.
items: items:
type: string type: string
@ -422,7 +422,7 @@ spec:
match: match:
description: |- description: |-
Match defines the router's rule. Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1 More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
type: string type: string
middlewares: middlewares:
description: Middlewares defines the list of references to MiddlewareTCP description: Middlewares defines the list of references to MiddlewareTCP
@ -446,7 +446,7 @@ spec:
priority: priority:
description: |- description: |-
Priority defines the router's priority. Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1 More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
type: integer type: integer
services: services:
description: Services defines the list of TCP services. description: Services defines the list of TCP services.
@ -487,7 +487,7 @@ spec:
proxyProtocol: proxyProtocol:
description: |- description: |-
ProxyProtocol defines the PROXY protocol configuration. ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
properties: properties:
version: version:
description: Version defines the PROXY Protocol version description: Version defines the PROXY Protocol version
@ -525,7 +525,7 @@ spec:
syntax: syntax:
description: |- description: |-
Syntax defines the router's rule syntax. Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1 More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
type: string type: string
required: required:
- match - match
@ -534,18 +534,18 @@ spec:
tls: tls:
description: |- description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route. TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1 More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
properties: properties:
certResolver: certResolver:
description: |- description: |-
CertResolver defines the name of the certificate resolver to use. CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration. Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
type: string type: string
domains: domains:
description: |- description: |-
Domains defines the list of domains that will be used to issue certificates. Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@ -564,7 +564,7 @@ spec:
description: |- description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used. If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
properties: properties:
name: name:
description: Name defines the name of the referenced Traefik description: Name defines the name of the referenced Traefik
@ -656,7 +656,7 @@ spec:
description: |- description: |-
EntryPoints defines the list of entry point names to bind to. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
Default: all. Default: all.
items: items:
type: string type: string
@ -743,7 +743,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: |- description: |-
Middleware is the CRD implementation of a Traefik Middleware. Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -769,7 +769,7 @@ spec:
description: |- description: |-
AddPrefix holds the add prefix middleware configuration. AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding it. This middleware updates the path of a request before forwarding it.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
properties: properties:
prefix: prefix:
description: |- description: |-
@ -781,12 +781,12 @@ spec:
description: |- description: |-
BasicAuth holds the basic auth middleware configuration. BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
properties: properties:
headerField: headerField:
description: |- description: |-
HeaderField defines a header field to store the authenticated user. HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
type: string type: string
realm: realm:
description: |- description: |-
@ -807,7 +807,7 @@ spec:
description: |- description: |-
Buffering holds the buffering middleware configuration. Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can be forwarded to backends. This middleware retries or limits the size of requests that can be forwarded to backends.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
properties: properties:
maxRequestBodyBytes: maxRequestBodyBytes:
description: |- description: |-
@ -839,14 +839,14 @@ spec:
description: |- description: |-
RetryExpression defines the retry conditions. RetryExpression defines the retry conditions.
It is a logical combination of functions with operators AND (&&) and OR (||). It is a logical combination of functions with operators AND (&&) and OR (||).
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
type: string type: string
type: object type: object
chain: chain:
description: |- description: |-
Chain holds the configuration of the chain middleware. Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware. This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
properties: properties:
middlewares: middlewares:
description: Middlewares is the list of MiddlewareRef which composes description: Middlewares is the list of MiddlewareRef which composes
@ -905,7 +905,7 @@ spec:
description: |- description: |-
Compress holds the compress middleware configuration. Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip compression. This middleware compresses responses before sending them to the client, using gzip compression.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
properties: properties:
defaultEncoding: defaultEncoding:
description: DefaultEncoding specifies the default encoding if description: DefaultEncoding specifies the default encoding if
@ -948,12 +948,12 @@ spec:
description: |- description: |-
DigestAuth holds the digest auth middleware configuration. DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
properties: properties:
headerField: headerField:
description: |- description: |-
HeaderField defines a header field to store the authenticated user. HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
type: string type: string
realm: realm:
description: |- description: |-
@ -973,7 +973,7 @@ spec:
description: |- description: |-
ErrorPage holds the custom error middleware configuration. ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
properties: properties:
query: query:
description: |- description: |-
@ -983,7 +983,7 @@ spec:
service: service:
description: |- description: |-
Service defines the reference to a Kubernetes Service that will serve the error page. Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
properties: properties:
healthCheck: healthCheck:
description: Healthcheck defines health checks for ExternalName description: Healthcheck defines health checks for ExternalName
@ -1116,7 +1116,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -1174,7 +1174,7 @@ spec:
description: |- description: |-
ForwardAuth holds the forward auth middleware configuration. ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service. This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
properties: properties:
addAuthCookiesToResponse: addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies description: AddAuthCookiesToResponse defines the list of cookies
@ -1202,7 +1202,7 @@ spec:
authResponseHeadersRegex: authResponseHeadersRegex:
description: |- description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
type: string type: string
tls: tls:
description: TLS defines the configuration used to secure the description: TLS defines the configuration used to secure the
@ -1249,7 +1249,7 @@ spec:
description: |- description: |-
Headers holds the headers middleware configuration. Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers. This middleware manages the requests and responses headers.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
properties: properties:
accessControlAllowCredentials: accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the description: AccessControlAllowCredentials defines whether the
@ -1420,7 +1420,7 @@ spec:
description: |- description: |-
InFlightReq holds the in-flight request middleware configuration. InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and served concurrently. This middleware limits the number of requests being processed and served concurrently.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
properties: properties:
amount: amount:
description: |- description: |-
@ -1433,12 +1433,12 @@ spec:
SourceCriterion defines what criterion is used to group requests as originating from a common source. SourceCriterion defines what criterion is used to group requests as originating from a common source.
If several strategies are defined at the same time, an error will be raised. If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost. If none are set, the default is to use the requestHost.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
properties: properties:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1467,12 +1467,12 @@ spec:
description: |- description: |-
IPAllowList holds the IP allowlist middleware configuration. IPAllowList holds the IP allowlist middleware configuration.
This middleware limits allowed requests based on the client IP. This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
properties: properties:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1504,7 +1504,7 @@ spec:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1529,7 +1529,7 @@ spec:
description: |- description: |-
PassTLSClientCert holds the pass TLS client cert middleware configuration. PassTLSClientCert holds the pass TLS client cert middleware configuration.
This middleware adds the selected data from the passed client TLS certificate to a header. This middleware adds the selected data from the passed client TLS certificate to a header.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
properties: properties:
info: info:
description: Info selects the specific client certificate details description: Info selects the specific client certificate details
@ -1638,7 +1638,7 @@ spec:
description: |- description: |-
RateLimit holds the rate limit configuration. RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
properties: properties:
average: average:
description: |- description: |-
@ -1671,7 +1671,7 @@ spec:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1700,7 +1700,7 @@ spec:
description: |- description: |-
RedirectRegex holds the redirect regex middleware configuration. RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement. This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@ -1719,7 +1719,7 @@ spec:
description: |- description: |-
RedirectScheme holds the redirect scheme middleware configuration. RedirectScheme holds the redirect scheme middleware configuration.
This middleware redirects requests from a scheme/port to another. This middleware redirects requests from a scheme/port to another.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@ -1736,7 +1736,7 @@ spec:
description: |- description: |-
ReplacePath holds the replace path middleware configuration. ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
properties: properties:
path: path:
description: Path defines the path to use as replacement in the description: Path defines the path to use as replacement in the
@ -1747,7 +1747,7 @@ spec:
description: |- description: |-
ReplacePathRegex holds the replace path regex middleware configuration. ReplacePathRegex holds the replace path regex middleware configuration.
This middleware replaces the path of a URL using regex matching and replacement. This middleware replaces the path of a URL using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
properties: properties:
regex: regex:
description: Regex defines the regular expression used to match description: Regex defines the regular expression used to match
@ -1763,7 +1763,7 @@ spec:
Retry holds the retry middleware configuration. Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply. This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status. As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
properties: properties:
attempts: attempts:
description: Attempts defines how many times the request should description: Attempts defines how many times the request should
@ -1785,7 +1785,7 @@ spec:
description: |- description: |-
StripPrefix holds the strip prefix middleware configuration. StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path. This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
properties: properties:
forceSlash: forceSlash:
description: |- description: |-
@ -1804,7 +1804,7 @@ spec:
description: |- description: |-
StripPrefixRegex holds the strip prefix regex middleware configuration. StripPrefixRegex holds the strip prefix regex middleware configuration.
This middleware removes the matching prefixes from the URL path. This middleware removes the matching prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
properties: properties:
regex: regex:
description: Regex defines the regular expression to match the description: Regex defines the regular expression to match the
@ -1841,7 +1841,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: |- description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -1877,7 +1877,7 @@ spec:
description: |- description: |-
IPAllowList defines the IPAllowList middleware configuration. IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP. This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of
@ -1891,7 +1891,7 @@ spec:
IPWhiteList defines the IPWhiteList middleware configuration. IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP. This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead. Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of
@ -1930,7 +1930,7 @@ spec:
ServersTransport is the CRD implementation of a ServersTransport. ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used. If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration. The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1 More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2069,7 +2069,7 @@ spec:
ServersTransportTCP is the CRD implementation of a TCPServersTransport. ServersTransportTCP is the CRD implementation of a TCPServersTransport.
If no tcpServersTransport is specified, a default one named default@internal will be used. If no tcpServersTransport is specified, a default one named default@internal will be used.
The default@internal tcpServersTransport can be configured in the static configuration. The default@internal tcpServersTransport can be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3 More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2187,7 +2187,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: |- description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2212,14 +2212,14 @@ spec:
alpnProtocols: alpnProtocols:
description: |- description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
items: items:
type: string type: string
type: array type: array
cipherSuites: cipherSuites:
description: |- description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
items: items:
type: string type: string
type: array type: array
@ -2247,7 +2247,7 @@ spec:
curvePreferences: curvePreferences:
description: |- description: |-
CurvePreferences defines the preferred elliptic curves in a specific order. CurvePreferences defines the preferred elliptic curves in a specific order.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
items: items:
type: string type: string
type: array type: array
@ -2303,7 +2303,7 @@ spec:
TLSStore is the CRD implementation of a Traefik TLS Store. TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported. For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces. This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2401,7 +2401,7 @@ spec:
TraefikService object allows to: TraefikService object allows to:
- Apply weight to Services on load-balancing - Apply weight to Services on load-balancing
- Mirror traffic on services - Mirror traffic on services
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2642,7 +2642,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -2749,7 +2749,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -2932,7 +2932,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -2979,7 +2979,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines whether sticky sessions are enabled. Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.

2
docs/content/reference/dynamic-configuration/kubernetes-gateway-traefik-lb-svc.yml
View file

@ -25,7 +25,7 @@ spec:
serviceAccountName: traefik-controller serviceAccountName: traefik-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v3.0 image: traefik:v3.1
args: args:
- --entryPoints.web.address=:80 - --entryPoints.web.address=:80
- --entryPoints.websecure.address=:443 - --entryPoints.websecure.address=:443

28
docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml
View file

@ -43,7 +43,7 @@ spec:
description: |- description: |-
EntryPoints defines the list of entry point names to bind to. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
Default: all. Default: all.
items: items:
type: string type: string
@ -63,12 +63,12 @@ spec:
match: match:
description: |- description: |-
Match defines the router's rule. Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
type: string type: string
middlewares: middlewares:
description: |- description: |-
Middlewares defines the list of references to Middleware resources. Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
items: items:
description: MiddlewareRef is a reference to a Middleware description: MiddlewareRef is a reference to a Middleware
resource. resource.
@ -88,7 +88,7 @@ spec:
priority: priority:
description: |- description: |-
Priority defines the router's priority. Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
type: integer type: integer
services: services:
description: |- description: |-
@ -229,7 +229,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -277,7 +277,7 @@ spec:
syntax: syntax:
description: |- description: |-
Syntax defines the router's rule syntax. Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
type: string type: string
required: required:
- kind - kind
@ -287,18 +287,18 @@ spec:
tls: tls:
description: |- description: |-
TLS defines the TLS configuration. TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
properties: properties:
certResolver: certResolver:
description: |- description: |-
CertResolver defines the name of the certificate resolver to use. CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration. Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
type: string type: string
domains: domains:
description: |- description: |-
Domains defines the list of domains that will be used to issue certificates. Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@ -317,17 +317,17 @@ spec:
description: |- description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used. If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
properties: properties:
name: name:
description: |- description: |-
Name defines the name of the referenced TLSOption. Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
type: string type: string
namespace: namespace:
description: |- description: |-
Namespace defines the namespace of the referenced TLSOption. Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
type: string type: string
required: required:
- name - name
@ -344,12 +344,12 @@ spec:
name: name:
description: |- description: |-
Name defines the name of the referenced TLSStore. Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
type: string type: string
namespace: namespace:
description: |- description: |-
Namespace defines the namespace of the referenced TLSStore. Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
type: string type: string
required: required:
- name - name

18
docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml
View file

@ -43,7 +43,7 @@ spec:
description: |- description: |-
EntryPoints defines the list of entry point names to bind to. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
Default: all. Default: all.
items: items:
type: string type: string
@ -56,7 +56,7 @@ spec:
match: match:
description: |- description: |-
Match defines the router's rule. Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1 More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
type: string type: string
middlewares: middlewares:
description: Middlewares defines the list of references to MiddlewareTCP description: Middlewares defines the list of references to MiddlewareTCP
@ -80,7 +80,7 @@ spec:
priority: priority:
description: |- description: |-
Priority defines the router's priority. Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1 More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
type: integer type: integer
services: services:
description: Services defines the list of TCP services. description: Services defines the list of TCP services.
@ -121,7 +121,7 @@ spec:
proxyProtocol: proxyProtocol:
description: |- description: |-
ProxyProtocol defines the PROXY protocol configuration. ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
properties: properties:
version: version:
description: Version defines the PROXY Protocol version description: Version defines the PROXY Protocol version
@ -159,7 +159,7 @@ spec:
syntax: syntax:
description: |- description: |-
Syntax defines the router's rule syntax. Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1 More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
type: string type: string
required: required:
- match - match
@ -168,18 +168,18 @@ spec:
tls: tls:
description: |- description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route. TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1 More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
properties: properties:
certResolver: certResolver:
description: |- description: |-
CertResolver defines the name of the certificate resolver to use. CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration. Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
type: string type: string
domains: domains:
description: |- description: |-
Domains defines the list of domains that will be used to issue certificates. Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@ -198,7 +198,7 @@ spec:
description: |- description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used. If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
properties: properties:
name: name:
description: Name defines the name of the referenced Traefik description: Name defines the name of the referenced Traefik

2
docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml
View file

@ -43,7 +43,7 @@ spec:
description: |- description: |-
EntryPoints defines the list of entry point names to bind to. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
Default: all. Default: all.
items: items:
type: string type: string

64
docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
View file

@ -19,7 +19,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: |- description: |-
Middleware is the CRD implementation of a Traefik Middleware. Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -45,7 +45,7 @@ spec:
description: |- description: |-
AddPrefix holds the add prefix middleware configuration. AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding it. This middleware updates the path of a request before forwarding it.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
properties: properties:
prefix: prefix:
description: |- description: |-
@ -57,12 +57,12 @@ spec:
description: |- description: |-
BasicAuth holds the basic auth middleware configuration. BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
properties: properties:
headerField: headerField:
description: |- description: |-
HeaderField defines a header field to store the authenticated user. HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
type: string type: string
realm: realm:
description: |- description: |-
@ -83,7 +83,7 @@ spec:
description: |- description: |-
Buffering holds the buffering middleware configuration. Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can be forwarded to backends. This middleware retries or limits the size of requests that can be forwarded to backends.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
properties: properties:
maxRequestBodyBytes: maxRequestBodyBytes:
description: |- description: |-
@ -115,14 +115,14 @@ spec:
description: |- description: |-
RetryExpression defines the retry conditions. RetryExpression defines the retry conditions.
It is a logical combination of functions with operators AND (&&) and OR (||). It is a logical combination of functions with operators AND (&&) and OR (||).
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
type: string type: string
type: object type: object
chain: chain:
description: |- description: |-
Chain holds the configuration of the chain middleware. Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware. This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
properties: properties:
middlewares: middlewares:
description: Middlewares is the list of MiddlewareRef which composes description: Middlewares is the list of MiddlewareRef which composes
@ -181,7 +181,7 @@ spec:
description: |- description: |-
Compress holds the compress middleware configuration. Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip compression. This middleware compresses responses before sending them to the client, using gzip compression.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
properties: properties:
defaultEncoding: defaultEncoding:
description: DefaultEncoding specifies the default encoding if description: DefaultEncoding specifies the default encoding if
@ -224,12 +224,12 @@ spec:
description: |- description: |-
DigestAuth holds the digest auth middleware configuration. DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
properties: properties:
headerField: headerField:
description: |- description: |-
HeaderField defines a header field to store the authenticated user. HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
type: string type: string
realm: realm:
description: |- description: |-
@ -249,7 +249,7 @@ spec:
description: |- description: |-
ErrorPage holds the custom error middleware configuration. ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
properties: properties:
query: query:
description: |- description: |-
@ -259,7 +259,7 @@ spec:
service: service:
description: |- description: |-
Service defines the reference to a Kubernetes Service that will serve the error page. Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
properties: properties:
healthCheck: healthCheck:
description: Healthcheck defines health checks for ExternalName description: Healthcheck defines health checks for ExternalName
@ -392,7 +392,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -450,7 +450,7 @@ spec:
description: |- description: |-
ForwardAuth holds the forward auth middleware configuration. ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service. This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
properties: properties:
addAuthCookiesToResponse: addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies description: AddAuthCookiesToResponse defines the list of cookies
@ -478,7 +478,7 @@ spec:
authResponseHeadersRegex: authResponseHeadersRegex:
description: |- description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
type: string type: string
tls: tls:
description: TLS defines the configuration used to secure the description: TLS defines the configuration used to secure the
@ -525,7 +525,7 @@ spec:
description: |- description: |-
Headers holds the headers middleware configuration. Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers. This middleware manages the requests and responses headers.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
properties: properties:
accessControlAllowCredentials: accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the description: AccessControlAllowCredentials defines whether the
@ -696,7 +696,7 @@ spec:
description: |- description: |-
InFlightReq holds the in-flight request middleware configuration. InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and served concurrently. This middleware limits the number of requests being processed and served concurrently.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
properties: properties:
amount: amount:
description: |- description: |-
@ -709,12 +709,12 @@ spec:
SourceCriterion defines what criterion is used to group requests as originating from a common source. SourceCriterion defines what criterion is used to group requests as originating from a common source.
If several strategies are defined at the same time, an error will be raised. If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost. If none are set, the default is to use the requestHost.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
properties: properties:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -743,12 +743,12 @@ spec:
description: |- description: |-
IPAllowList holds the IP allowlist middleware configuration. IPAllowList holds the IP allowlist middleware configuration.
This middleware limits allowed requests based on the client IP. This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
properties: properties:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -780,7 +780,7 @@ spec:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -805,7 +805,7 @@ spec:
description: |- description: |-
PassTLSClientCert holds the pass TLS client cert middleware configuration. PassTLSClientCert holds the pass TLS client cert middleware configuration.
This middleware adds the selected data from the passed client TLS certificate to a header. This middleware adds the selected data from the passed client TLS certificate to a header.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
properties: properties:
info: info:
description: Info selects the specific client certificate details description: Info selects the specific client certificate details
@ -914,7 +914,7 @@ spec:
description: |- description: |-
RateLimit holds the rate limit configuration. RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
properties: properties:
average: average:
description: |- description: |-
@ -947,7 +947,7 @@ spec:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -976,7 +976,7 @@ spec:
description: |- description: |-
RedirectRegex holds the redirect regex middleware configuration. RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement. This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@ -995,7 +995,7 @@ spec:
description: |- description: |-
RedirectScheme holds the redirect scheme middleware configuration. RedirectScheme holds the redirect scheme middleware configuration.
This middleware redirects requests from a scheme/port to another. This middleware redirects requests from a scheme/port to another.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@ -1012,7 +1012,7 @@ spec:
description: |- description: |-
ReplacePath holds the replace path middleware configuration. ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
properties: properties:
path: path:
description: Path defines the path to use as replacement in the description: Path defines the path to use as replacement in the
@ -1023,7 +1023,7 @@ spec:
description: |- description: |-
ReplacePathRegex holds the replace path regex middleware configuration. ReplacePathRegex holds the replace path regex middleware configuration.
This middleware replaces the path of a URL using regex matching and replacement. This middleware replaces the path of a URL using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
properties: properties:
regex: regex:
description: Regex defines the regular expression used to match description: Regex defines the regular expression used to match
@ -1039,7 +1039,7 @@ spec:
Retry holds the retry middleware configuration. Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply. This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status. As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
properties: properties:
attempts: attempts:
description: Attempts defines how many times the request should description: Attempts defines how many times the request should
@ -1061,7 +1061,7 @@ spec:
description: |- description: |-
StripPrefix holds the strip prefix middleware configuration. StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path. This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
properties: properties:
forceSlash: forceSlash:
description: |- description: |-
@ -1080,7 +1080,7 @@ spec:
description: |- description: |-
StripPrefixRegex holds the strip prefix regex middleware configuration. StripPrefixRegex holds the strip prefix regex middleware configuration.
This middleware removes the matching prefixes from the URL path. This middleware removes the matching prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
properties: properties:
regex: regex:
description: Regex defines the regular expression to match the description: Regex defines the regular expression to match the

6
docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml
View file

@ -19,7 +19,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: |- description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -55,7 +55,7 @@ spec:
description: |- description: |-
IPAllowList defines the IPAllowList middleware configuration. IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP. This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of
@ -69,7 +69,7 @@ spec:
IPWhiteList defines the IPWhiteList middleware configuration. IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP. This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead. Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of

2
docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml
View file

@ -21,7 +21,7 @@ spec:
ServersTransport is the CRD implementation of a ServersTransport. ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used. If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration. The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1 More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
properties: properties:
apiVersion: apiVersion:
description: |- description: |-

2
docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml
View file

@ -21,7 +21,7 @@ spec:
ServersTransportTCP is the CRD implementation of a TCPServersTransport. ServersTransportTCP is the CRD implementation of a TCPServersTransport.
If no tcpServersTransport is specified, a default one named default@internal will be used. If no tcpServersTransport is specified, a default one named default@internal will be used.
The default@internal tcpServersTransport can be configured in the static configuration. The default@internal tcpServersTransport can be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3 More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
properties: properties:
apiVersion: apiVersion:
description: |- description: |-

8
docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml
View file

@ -19,7 +19,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: |- description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -44,14 +44,14 @@ spec:
alpnProtocols: alpnProtocols:
description: |- description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
items: items:
type: string type: string
type: array type: array
cipherSuites: cipherSuites:
description: |- description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
items: items:
type: string type: string
type: array type: array
@ -79,7 +79,7 @@ spec:
curvePreferences: curvePreferences:
description: |- description: |-
CurvePreferences defines the preferred elliptic curves in a specific order. CurvePreferences defines the preferred elliptic curves in a specific order.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
items: items:
type: string type: string
type: array type: array

2
docs/content/reference/dynamic-configuration/traefik.io_tlsstores.yaml
View file

@ -21,7 +21,7 @@ spec:
TLSStore is the CRD implementation of a Traefik TLS Store. TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported. For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces. This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
properties: properties:
apiVersion: apiVersion:
description: |- description: |-

10
docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml
View file

@ -22,7 +22,7 @@ spec:
TraefikService object allows to: TraefikService object allows to:
- Apply weight to Services on load-balancing - Apply weight to Services on load-balancing
- Mirror traffic on services - Mirror traffic on services
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -263,7 +263,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -370,7 +370,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -553,7 +553,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -600,7 +600,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines whether sticky sessions are enabled. Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.

23
docs/content/reference/static-configuration/cli-ref.md
View file

@ -217,11 +217,29 @@ Timeout defines how long to wait on an idle session before releasing the related
Local plugins configuration. (Default: ```false```) Local plugins configuration. (Default: ```false```)
`--experimental.localplugins.<name>.modulename`: `--experimental.localplugins.<name>.modulename`:
plugin's module name. Plugin's module name.
`--experimental.localplugins.<name>.settings`:
Plugin's settings (works only for wasm plugins).
`--experimental.localplugins.<name>.settings.envs`:
Environment variables to forward to the wasm guest.
`--experimental.localplugins.<name>.settings.mounts`:
Directory to mount to the wasm guest.
`--experimental.plugins.<name>.modulename`: `--experimental.plugins.<name>.modulename`:
plugin's module name. plugin's module name.
`--experimental.plugins.<name>.settings`:
Plugin's settings (works only for wasm plugins).
`--experimental.plugins.<name>.settings.envs`:
Environment variables to forward to the wasm guest.
`--experimental.plugins.<name>.settings.mounts`:
Directory to mount to the wasm guest.
`--experimental.plugins.<name>.version`: `--experimental.plugins.<name>.version`:
plugin's version. plugin's version.
@ -1107,6 +1125,9 @@ TLS insecure skip verify (Default: ```false```)
`--tracing.otlp.http.tls.key`: `--tracing.otlp.http.tls.key`:
TLS key TLS key
`--tracing.safequeryparams`:
Query params to not redact.
`--tracing.samplerate`: `--tracing.samplerate`:
Sets the rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```) Sets the rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```)

23
docs/content/reference/static-configuration/env-ref.md
View file

@ -217,11 +217,29 @@ Timeout defines how long to wait on an idle session before releasing the related
Local plugins configuration. (Default: ```false```) Local plugins configuration. (Default: ```false```)
`TRAEFIK_EXPERIMENTAL_LOCALPLUGINS_<NAME>_MODULENAME`: `TRAEFIK_EXPERIMENTAL_LOCALPLUGINS_<NAME>_MODULENAME`:
plugin's module name. Plugin's module name.
`TRAEFIK_EXPERIMENTAL_LOCALPLUGINS_<NAME>_SETTINGS`:
Plugin's settings (works only for wasm plugins).
`TRAEFIK_EXPERIMENTAL_LOCALPLUGINS_<NAME>_SETTINGS_ENVS`:
Environment variables to forward to the wasm guest.
`TRAEFIK_EXPERIMENTAL_LOCALPLUGINS_<NAME>_SETTINGS_MOUNTS`:
Directory to mount to the wasm guest.
`TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_MODULENAME`: `TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_MODULENAME`:
plugin's module name. plugin's module name.
`TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_SETTINGS`:
Plugin's settings (works only for wasm plugins).
`TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_SETTINGS_ENVS`:
Environment variables to forward to the wasm guest.
`TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_SETTINGS_MOUNTS`:
Directory to mount to the wasm guest.
`TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_VERSION`: `TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_VERSION`:
plugin's version. plugin's version.
@ -1107,6 +1125,9 @@ TLS insecure skip verify (Default: ```false```)
`TRAEFIK_TRACING_OTLP_HTTP_TLS_KEY`: `TRAEFIK_TRACING_OTLP_HTTP_TLS_KEY`:
TLS key TLS key
`TRAEFIK_TRACING_SAFEQUERYPARAMS`:
Query params to not redact.
`TRAEFIK_TRACING_SAMPLERATE`: `TRAEFIK_TRACING_SAMPLERATE`:
Sets the rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```) Sets the rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```)

13
docs/content/reference/static-configuration/file.toml
View file

@ -392,6 +392,7 @@
serviceName = "foobar" serviceName = "foobar"
capturedRequestHeaders = ["foobar", "foobar"] capturedRequestHeaders = ["foobar", "foobar"]
capturedResponseHeaders = ["foobar", "foobar"] capturedResponseHeaders = ["foobar", "foobar"]
safeQueryParams = ["foobar", "foobar"]
sampleRate = 42.0 sampleRate = 42.0
addInternals = true addInternals = true
[tracing.globalAttributes] [tracing.globalAttributes]
@ -473,14 +474,26 @@
[experimental.plugins.Descriptor0] [experimental.plugins.Descriptor0]
moduleName = "foobar" moduleName = "foobar"
version = "foobar" version = "foobar"
[experimental.plugins.Descriptor0.settings]
envs = ["foobar", "foobar"]
mounts = ["foobar", "foobar"]
[experimental.plugins.Descriptor1] [experimental.plugins.Descriptor1]
moduleName = "foobar" moduleName = "foobar"
version = "foobar" version = "foobar"
[experimental.plugins.Descriptor1.settings]
envs = ["foobar", "foobar"]
mounts = ["foobar", "foobar"]
[experimental.localPlugins] [experimental.localPlugins]
[experimental.localPlugins.LocalDescriptor0] [experimental.localPlugins.LocalDescriptor0]
moduleName = "foobar" moduleName = "foobar"
[experimental.localPlugins.LocalDescriptor0.settings]
envs = ["foobar", "foobar"]
mounts = ["foobar", "foobar"]
[experimental.localPlugins.LocalDescriptor1] [experimental.localPlugins.LocalDescriptor1]
moduleName = "foobar" moduleName = "foobar"
[experimental.localPlugins.LocalDescriptor1.settings]
envs = ["foobar", "foobar"]
mounts = ["foobar", "foobar"]
[core] [core]
defaultRuleSyntax = "foobar" defaultRuleSyntax = "foobar"

31
docs/content/reference/static-configuration/file.yaml
View file

@ -434,6 +434,9 @@ tracing:
capturedResponseHeaders: capturedResponseHeaders:
- foobar - foobar
- foobar - foobar
safeQueryParams:
- foobar
- foobar
sampleRate: 42 sampleRate: 42
addInternals: true addInternals: true
otlp: otlp:
@ -512,14 +515,42 @@ experimental:
Descriptor0: Descriptor0:
moduleName: foobar moduleName: foobar
version: foobar version: foobar
settings:
envs:
- foobar
- foobar
mounts:
- foobar
- foobar
Descriptor1: Descriptor1:
moduleName: foobar moduleName: foobar
version: foobar version: foobar
settings:
envs:
- foobar
- foobar
mounts:
- foobar
- foobar
localPlugins: localPlugins:
LocalDescriptor0: LocalDescriptor0:
moduleName: foobar moduleName: foobar
settings:
envs:
- foobar
- foobar
mounts:
- foobar
- foobar
LocalDescriptor1: LocalDescriptor1:
moduleName: foobar moduleName: foobar
settings:
envs:
- foobar
- foobar
mounts:
- foobar
- foobar
kubernetesGateway: true kubernetesGateway: true
core: core:
defaultRuleSyntax: foobar defaultRuleSyntax: foobar

22
docs/content/routing/entrypoints.md
View file

@ -1175,3 +1175,25 @@ entryPoints:
``` ```
{!traefik-for-business-applications.md!} {!traefik-for-business-applications.md!}
## Systemd Socket Activation
Traefik supports [systemd socket activation](https://www.freedesktop.org/software/systemd/man/latest/systemd-socket-activate.html).
When a socket activation file descriptor name matches an EntryPoint name, the corresponding file descriptor will be used as the TCP listener for the matching EntryPoint.
```bash
systemd-socket-activate -l 80 -l 443 --fdname web:websecure ./traefik --entrypoints.web --entrypoints.websecure
```
!!! warning "EntryPoint Address"
When a socket activation file descriptor name matches an EntryPoint name its address configuration is ignored.
!!! warning "TCP Only"
Socket activation is not yet supported with UDP entryPoints.
!!! warning "Docker Support"
Socket activation is not supported by Docker but works with Podman containers.

2
docs/content/routing/providers/kubernetes-crd.md
View file

@ -48,7 +48,7 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
serviceAccountName: traefik-ingress-controller serviceAccountName: traefik-ingress-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v3.0 image: traefik:v3.1
args: args:
- --log.level=DEBUG - --log.level=DEBUG
- --api - --api

2
docs/content/routing/providers/kubernetes-gateway.md
View file

@ -5,7 +5,7 @@ description: "The Kubernetes Gateway API can be used as a provider for routing a
# Traefik & Kubernetes # Traefik & Kubernetes
The Kubernetes Gateway API, The Experimental Way. The Kubernetes Gateway API Controller.
{: .subtitle } {: .subtitle }
## Configuration Examples ## Configuration Examples

6
docs/content/routing/providers/kubernetes-ingress.md
View file

@ -130,7 +130,7 @@ which in turn will create the resulting routers, services, handlers, etc.
serviceAccountName: traefik-ingress-controller serviceAccountName: traefik-ingress-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v3.0 image: traefik:v3.1
args: args:
- --entryPoints.web.address=:80 - --entryPoints.web.address=:80
- --providers.kubernetesingress - --providers.kubernetesingress
@ -535,7 +535,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
serviceAccountName: traefik-ingress-controller serviceAccountName: traefik-ingress-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v3.0 image: traefik:v3.1
args: args:
- --entryPoints.websecure.address=:443 - --entryPoints.websecure.address=:443
- --entryPoints.websecure.http.tls - --entryPoints.websecure.http.tls
@ -728,7 +728,7 @@ For more options, please refer to the available [annotations](#on-ingress).
serviceAccountName: traefik-ingress-controller serviceAccountName: traefik-ingress-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v3.0 image: traefik:v3.1
args: args:
- --entryPoints.websecure.address=:443 - --entryPoints.websecure.address=:443
- --providers.kubernetesingress - --providers.kubernetesingress

2
docs/content/user-guides/crd-acme/03-deployments.yml
View file

@ -26,7 +26,7 @@ spec:
serviceAccountName: traefik-ingress-controller serviceAccountName: traefik-ingress-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v3.0 image: traefik:v3.1
args: args:
- --api.insecure - --api.insecure
- --accesslog - --accesslog

12
docs/content/user-guides/crd-acme/index.md
View file

@ -49,10 +49,10 @@ and the RBAC authorization resources which will be referenced through the `servi
```bash ```bash
# Install Traefik Resource Definitions: # Install Traefik Resource Definitions:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
# Install RBAC for Traefik: # Install RBAC for Traefik:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
``` ```
### Services ### Services
@ -60,7 +60,7 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/con
Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/traefik/whoami). Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/traefik/whoami).
```bash ```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/user-guides/crd-acme/02-services.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/02-services.yml
``` ```
```yaml ```yaml
@ -73,7 +73,7 @@ Next, the deployments, i.e. the actual pods behind the services.
Again, one pod for Traefik, and one for the whoami app. Again, one pod for Traefik, and one for the whoami app.
```bash ```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/user-guides/crd-acme/03-deployments.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/03-deployments.yml
``` ```
```yaml ```yaml
@ -100,7 +100,7 @@ Look it up.
We can now finally apply the actual ingressRoutes, with: We can now finally apply the actual ingressRoutes, with:
```bash ```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/user-guides/crd-acme/04-ingressroutes.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/04-ingressroutes.yml
``` ```
```yaml ```yaml
@ -126,7 +126,7 @@ Nowadays, TLS v1.0 and v1.1 are deprecated.
In order to force TLS v1.2 or later on all your IngressRoute, you can define the `default` TLSOption: In order to force TLS v1.2 or later on all your IngressRoute, you can define the `default` TLSOption:
```bash ```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/user-guides/crd-acme/05-tlsoption.yml kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/05-tlsoption.yml
``` ```
```yaml ```yaml

2
docs/content/user-guides/crd-acme/k3s.yml
View file

@ -26,5 +26,5 @@ node:
- K3S_CLUSTER_SECRET=somethingtotallyrandom - K3S_CLUSTER_SECRET=somethingtotallyrandom
volumes: volumes:
# this is where you would place a alternative traefik image (saved as a .tar file with # this is where you would place a alternative traefik image (saved as a .tar file with
# 'docker save'), if you want to use it, instead of the traefik:v3.0 image. # 'docker save'), if you want to use it, instead of the traefik:v3.1 image.
- /somewhere/on/your/host/custom-image:/var/lib/rancher/k3s/agent/images - /somewhere/on/your/host/custom-image:/var/lib/rancher/k3s/agent/images

2
docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml
View file

@ -3,7 +3,7 @@ version: "3.3"
services: services:
traefik: traefik:
image: "traefik:v3.0" image: "traefik:v3.1"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/acme-dns/docker-compose_secrets.yml
View file

@ -13,7 +13,7 @@ secrets:
services: services:
traefik: traefik:
image: "traefik:v3.0" image: "traefik:v3.1"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/acme-http/docker-compose.yml
View file

@ -3,7 +3,7 @@ version: "3.3"
services: services:
traefik: traefik:
image: "traefik:v3.0" image: "traefik:v3.1"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/acme-tls/docker-compose.yml
View file

@ -3,7 +3,7 @@ version: "3.3"
services: services:
traefik: traefik:
image: "traefik:v3.0" image: "traefik:v3.1"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/basic-example/docker-compose.yml
View file

@ -3,7 +3,7 @@ version: "3.3"
services: services:
traefik: traefik:
image: "traefik:v3.0" image: "traefik:v3.1"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/basic-example/index.md
View file

@ -31,7 +31,7 @@ Create a `docker-compose.yml` file with the following content:
services: services:
traefik: traefik:
image: "traefik:v3.0" image: "traefik:v3.1"
... ...
networks: networks:
- traefiknet - traefiknet

41
go.mod
View file

@ -32,6 +32,7 @@ require (
github.com/http-wasm/http-wasm-host-go v0.6.0 github.com/http-wasm/http-wasm-host-go v0.6.0
github.com/influxdata/influxdb-client-go/v2 v2.7.0 github.com/influxdata/influxdb-client-go/v2 v2.7.0
github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d
github.com/juliens/wasm-goexport v0.0.6
github.com/klauspost/compress v1.17.2 github.com/klauspost/compress v1.17.2
github.com/kvtools/consul v1.0.2 github.com/kvtools/consul v1.0.2
github.com/kvtools/etcdv3 v1.0.2 github.com/kvtools/etcdv3 v1.0.2
@ -53,12 +54,14 @@ require (
github.com/rs/zerolog v1.29.0 github.com/rs/zerolog v1.29.0
github.com/sirupsen/logrus v1.9.3 github.com/sirupsen/logrus v1.9.3
github.com/spiffe/go-spiffe/v2 v2.1.1 github.com/spiffe/go-spiffe/v2 v2.1.1
github.com/stealthrocket/wasi-go v0.8.0
github.com/stealthrocket/wazergo v0.19.1
github.com/stretchr/testify v1.9.0 github.com/stretchr/testify v1.9.0
github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154 github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154
github.com/tailscale/tscert v0.0.0-20230806124524-28a91b69a046 github.com/tailscale/tscert v0.0.0-20230806124524-28a91b69a046
github.com/testcontainers/testcontainers-go v0.30.0 github.com/testcontainers/testcontainers-go v0.30.0
github.com/testcontainers/testcontainers-go/modules/k3s v0.30.0 github.com/testcontainers/testcontainers-go/modules/k3s v0.30.0
github.com/tetratelabs/wazero v1.5.0 github.com/tetratelabs/wazero v1.7.2
github.com/tidwall/gjson v1.17.0 github.com/tidwall/gjson v1.17.0
github.com/traefik/grpc-web v0.16.0 github.com/traefik/grpc-web v0.16.0
github.com/traefik/paerser v0.2.0 github.com/traefik/paerser v0.2.0
@ -67,18 +70,18 @@ require (
github.com/unrolled/secure v1.0.9 github.com/unrolled/secure v1.0.9
github.com/vulcand/oxy/v2 v2.0.0-20230427132221-be5cf38f3c1c github.com/vulcand/oxy/v2 v2.0.0-20230427132221-be5cf38f3c1c
github.com/vulcand/predicate v1.2.0 github.com/vulcand/predicate v1.2.0
go.opentelemetry.io/collector/pdata v1.2.0 go.opentelemetry.io/collector/pdata v1.10.0
go.opentelemetry.io/contrib/propagators/autoprop v0.52.0 go.opentelemetry.io/contrib/propagators/autoprop v0.52.0
go.opentelemetry.io/otel v1.27.0 go.opentelemetry.io/otel v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.27.0 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.27.0 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
go.opentelemetry.io/otel/metric v1.27.0 go.opentelemetry.io/otel/metric v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
go.opentelemetry.io/otel/sdk v1.27.0 go.opentelemetry.io/otel/sdk v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
go.opentelemetry.io/otel/sdk/metric v1.27.0 go.opentelemetry.io/otel/sdk/metric v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
go.opentelemetry.io/otel/trace v1.27.0 go.opentelemetry.io/otel/trace v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f
golang.org/x/mod v0.18.0 golang.org/x/mod v0.18.0
golang.org/x/net v0.26.0 golang.org/x/net v0.26.0
@ -96,6 +99,7 @@ require (
mvdan.cc/xurls/v2 v2.5.0 mvdan.cc/xurls/v2 v2.5.0
sigs.k8s.io/controller-runtime v0.18.0 sigs.k8s.io/controller-runtime v0.18.0
sigs.k8s.io/gateway-api v1.1.0 sigs.k8s.io/gateway-api v1.1.0
sigs.k8s.io/yaml v1.4.0
) )
require ( require (
@ -176,7 +180,7 @@ require (
github.com/go-errors/errors v1.0.1 // indirect github.com/go-errors/errors v1.0.1 // indirect
github.com/go-jose/go-jose/v4 v4.0.2 // indirect github.com/go-jose/go-jose/v4 v4.0.2 // indirect
github.com/go-logfmt/logfmt v0.5.1 // indirect github.com/go-logfmt/logfmt v0.5.1 // indirect
github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-logr/zapr v1.3.0 // indirect github.com/go-logr/zapr v1.3.0 // indirect
github.com/go-ole/go-ole v1.2.6 // indirect github.com/go-ole/go-ole v1.2.6 // indirect
@ -325,7 +329,7 @@ require (
go.opentelemetry.io/contrib/propagators/b3 v1.27.0 // indirect go.opentelemetry.io/contrib/propagators/b3 v1.27.0 // indirect
go.opentelemetry.io/contrib/propagators/jaeger v1.27.0 // indirect go.opentelemetry.io/contrib/propagators/jaeger v1.27.0 // indirect
go.opentelemetry.io/contrib/propagators/ot v1.27.0 // indirect go.opentelemetry.io/contrib/propagators/ot v1.27.0 // indirect
go.opentelemetry.io/proto/otlp v1.2.0 // indirect go.opentelemetry.io/proto/otlp v1.3.1 // indirect
go.uber.org/atomic v1.11.0 // indirect go.uber.org/atomic v1.11.0 // indirect
go.uber.org/mock v0.4.0 // indirect go.uber.org/mock v0.4.0 // indirect
go.uber.org/multierr v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect
@ -338,9 +342,9 @@ require (
golang.org/x/term v0.21.0 // indirect golang.org/x/term v0.21.0 // indirect
google.golang.org/api v0.172.0 // indirect google.golang.org/api v0.172.0 // indirect
google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240520151616-dc85e6b867a5 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d // indirect
google.golang.org/protobuf v1.34.1 // indirect google.golang.org/protobuf v1.34.2 // indirect
gopkg.in/h2non/gock.v1 v1.0.16 // indirect gopkg.in/h2non/gock.v1 v1.0.16 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect
@ -352,7 +356,6 @@ require (
nhooyr.io/websocket v1.8.7 // indirect nhooyr.io/websocket v1.8.7 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
) )
// Containous forks // Containous forks
@ -371,3 +374,5 @@ exclude github.com/tencentcloud/tencentcloud-sdk-go v3.0.83+incompatible
// https://github.com/docker/compose/blob/v2.19.0/go.mod#L12 // https://github.com/docker/compose/blob/v2.19.0/go.mod#L12
replace github.com/cucumber/godog => github.com/cucumber/godog v0.13.0 replace github.com/cucumber/godog => github.com/cucumber/godog v0.13.0
replace github.com/http-wasm/http-wasm-host-go => github.com/traefik/http-wasm-host-go v0.0.0-20240618100324-3c53dcaa1a70

78
go.sum
View file

@ -348,8 +348,8 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG
github.com/go-logfmt/logfmt v0.5.1 h1:otpy5pqBCBZ1ng9RQ0dPu4PN7ba75Y/aA+UpowDyNVA= github.com/go-logfmt/logfmt v0.5.1 h1:otpy5pqBCBZ1ng9RQ0dPu4PN7ba75Y/aA+UpowDyNVA=
github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
@ -592,8 +592,6 @@ github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/J
github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY= github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY=
github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4= github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/http-wasm/http-wasm-host-go v0.6.0 h1:Vd4XvcFB3NMgWp2VLCQaiqYgLneN2lChbyN9NGoNDro=
github.com/http-wasm/http-wasm-host-go v0.6.0/go.mod h1:zQB3w+df4hryDEqBorGyA1DwPJ86LfKIASNLFuj6CuI=
github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU= github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
@ -635,6 +633,8 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
github.com/juliens/wasm-goexport v0.0.6 h1:YU0c+j0dF/HNy32vgYTA+K/6wnsZXgGc+ihl/UDw8iA=
github.com/juliens/wasm-goexport v0.0.6/go.mod h1:VTTpJVY3tIBet0Gv8r5TxdsNg0vDkkqXYm0Hp5hR42A=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213 h1:qGQQKEcAR99REcMpsXCp3lJ03zYT1PkRd3kQGPn9GVg= github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213 h1:qGQQKEcAR99REcMpsXCp3lJ03zYT1PkRd3kQGPn9GVg=
@ -1051,6 +1051,10 @@ github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5q
github.com/spf13/viper v1.7.1/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/spf13/viper v1.7.1/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
github.com/spiffe/go-spiffe/v2 v2.1.1 h1:RT9kM8MZLZIsPTH+HKQEP5yaAk3yd/VBzlINaRjXs8k= github.com/spiffe/go-spiffe/v2 v2.1.1 h1:RT9kM8MZLZIsPTH+HKQEP5yaAk3yd/VBzlINaRjXs8k=
github.com/spiffe/go-spiffe/v2 v2.1.1/go.mod h1:5qg6rpqlwIub0JAiF1UK9IMD6BpPTmvG6yfSgDBs5lg= github.com/spiffe/go-spiffe/v2 v2.1.1/go.mod h1:5qg6rpqlwIub0JAiF1UK9IMD6BpPTmvG6yfSgDBs5lg=
github.com/stealthrocket/wasi-go v0.8.0 h1:Hwnv3CUoMhhRyero9vt1vfwaYa9tu/Z5kmCW4WeAmVI=
github.com/stealthrocket/wasi-go v0.8.0/go.mod h1:PJ5oVs2E1ciOJnsTnav4nvTtEcJ4D1jUZAewS9pzuZg=
github.com/stealthrocket/wazergo v0.19.1 h1:BPrITETPgSFwiytwmToO0MbUC/+RGC39JScz1JmmG6c=
github.com/stealthrocket/wazergo v0.19.1/go.mod h1:riI0hxw4ndZA5e6z7PesHg2BtTftcZaMxRcoiGGipTs=
github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI=
@ -1086,8 +1090,8 @@ github.com/testcontainers/testcontainers-go v0.30.0 h1:jmn/XS22q4YRrcMwWg0pAwlCl
github.com/testcontainers/testcontainers-go v0.30.0/go.mod h1:K+kHNGiM5zjklKjgTtcrEetF3uhWbMUyqAQoyoh8Pf0= github.com/testcontainers/testcontainers-go v0.30.0/go.mod h1:K+kHNGiM5zjklKjgTtcrEetF3uhWbMUyqAQoyoh8Pf0=
github.com/testcontainers/testcontainers-go/modules/k3s v0.30.0 h1:Mk47J0WcLoY2ig72lPl+/w8GTPYbRCdHoWcPjV2mVr8= github.com/testcontainers/testcontainers-go/modules/k3s v0.30.0 h1:Mk47J0WcLoY2ig72lPl+/w8GTPYbRCdHoWcPjV2mVr8=
github.com/testcontainers/testcontainers-go/modules/k3s v0.30.0/go.mod h1:CNnA3717kbp5wRxz+gU/cAwX6+4+OOispIsjHmKsEWQ= github.com/testcontainers/testcontainers-go/modules/k3s v0.30.0/go.mod h1:CNnA3717kbp5wRxz+gU/cAwX6+4+OOispIsjHmKsEWQ=
github.com/tetratelabs/wazero v1.5.0 h1:Yz3fZHivfDiZFUXnWMPUoiW7s8tC1sjdBtlJn08qYa0= github.com/tetratelabs/wazero v1.7.2 h1:1+z5nXJNwMLPAWaTePFi49SSTL0IMx/i3Fg8Yc25GDc=
github.com/tetratelabs/wazero v1.5.0/go.mod h1:0U0G41+ochRKoPKCJlh0jMg1CHkyfK8kDqiirMmKY8A= github.com/tetratelabs/wazero v1.7.2/go.mod h1:ytl6Zuh20R/eROuyDaGPkp82O9C/DJfXAwJfQ3X6/7Y=
github.com/tidwall/gjson v1.17.0 h1:/Jocvlh98kcTfpN2+JzGQWQcqrPQwDrVEMApx/M5ZwM= github.com/tidwall/gjson v1.17.0 h1:/Jocvlh98kcTfpN2+JzGQWQcqrPQwDrVEMApx/M5ZwM=
github.com/tidwall/gjson v1.17.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/gjson v1.17.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
@ -1103,6 +1107,8 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/traefik/grpc-web v0.16.0 h1:eeUWZaFg6ZU0I9dWOYE2D5qkNzRBmXzzuRlxdltascY= github.com/traefik/grpc-web v0.16.0 h1:eeUWZaFg6ZU0I9dWOYE2D5qkNzRBmXzzuRlxdltascY=
github.com/traefik/grpc-web v0.16.0/go.mod h1:2ttniSv7pTgBWIU2HZLokxRfFX3SA60c/DTmQQgVml4= github.com/traefik/grpc-web v0.16.0/go.mod h1:2ttniSv7pTgBWIU2HZLokxRfFX3SA60c/DTmQQgVml4=
github.com/traefik/http-wasm-host-go v0.0.0-20240618100324-3c53dcaa1a70 h1:I+oBnV0orhmasb87yaX54tOAfqrV9+yKoQ1Cum5mq8w=
github.com/traefik/http-wasm-host-go v0.0.0-20240618100324-3c53dcaa1a70/go.mod h1:zQB3w+df4hryDEqBorGyA1DwPJ86LfKIASNLFuj6CuI=
github.com/traefik/paerser v0.2.0 h1:zqCLGSXoNlcBd+mzqSCLjon/I6phqIjeJL2xFB2ysgQ= github.com/traefik/paerser v0.2.0 h1:zqCLGSXoNlcBd+mzqSCLjon/I6phqIjeJL2xFB2ysgQ=
github.com/traefik/paerser v0.2.0/go.mod h1:afzaVcgF8A+MpTnPG4wBr4whjanCSYA6vK5RwaYVtRc= github.com/traefik/paerser v0.2.0/go.mod h1:afzaVcgF8A+MpTnPG4wBr4whjanCSYA6vK5RwaYVtRc=
github.com/traefik/yaegi v0.16.1 h1:f1De3DVJqIDKmnasUF6MwmWv1dSEEat0wcpXhD2On3E= github.com/traefik/yaegi v0.16.1 h1:f1De3DVJqIDKmnasUF6MwmWv1dSEEat0wcpXhD2On3E=
@ -1176,8 +1182,8 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
go.opentelemetry.io/collector/pdata v1.2.0 h1:N6VdyEFYJyoHIKqHd0F372eNVD5b+AbH0ZQf7Z2jJ9I= go.opentelemetry.io/collector/pdata v1.10.0 h1:oLyPLGvPTQrcRT64ZVruwvmH/u3SHTfNo01pteS4WOE=
go.opentelemetry.io/collector/pdata v1.2.0/go.mod h1:mKXb6527Syb8PT4P9CZOJNbkuHOHjjGTZNNwSKESJhc= go.opentelemetry.io/collector/pdata v1.10.0/go.mod h1:IHxHsp+Jq/xfjORQMDJjSH6jvedOSTOyu3nbxqhWSYE=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
go.opentelemetry.io/contrib/propagators/autoprop v0.52.0 h1:xyRih6jMB0vroMSRdBE+uyKx20BclB/bybJt/LaCxmY= go.opentelemetry.io/contrib/propagators/autoprop v0.52.0 h1:xyRih6jMB0vroMSRdBE+uyKx20BclB/bybJt/LaCxmY=
@ -1190,29 +1196,29 @@ go.opentelemetry.io/contrib/propagators/jaeger v1.27.0 h1:tJPpZAEsihJgRTnXrPjY3r
go.opentelemetry.io/contrib/propagators/jaeger v1.27.0/go.mod h1:5uPAMHJnlTktQbCCdWSX5PfK8CocD25mycIsZV/iFiU= go.opentelemetry.io/contrib/propagators/jaeger v1.27.0/go.mod h1:5uPAMHJnlTktQbCCdWSX5PfK8CocD25mycIsZV/iFiU=
go.opentelemetry.io/contrib/propagators/ot v1.27.0 h1:xFPqk7ntRR87dqvl6RfeHiq9UlE8mPSuL6Dtr/zysL8= go.opentelemetry.io/contrib/propagators/ot v1.27.0 h1:xFPqk7ntRR87dqvl6RfeHiq9UlE8mPSuL6Dtr/zysL8=
go.opentelemetry.io/contrib/propagators/ot v1.27.0/go.mod h1:nVLTPrDlSZPoVdeWRmpWBwxA73TYL6XLkC4bj72jvmg= go.opentelemetry.io/contrib/propagators/ot v1.27.0/go.mod h1:nVLTPrDlSZPoVdeWRmpWBwxA73TYL6XLkC4bj72jvmg=
go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg= go.opentelemetry.io/otel v1.27.1-0.20240624175855-921eb701b175 h1:2aQYN3ZllvztGtSIFNT2xGMrwsbPkGXj0O+KgPVsq5A=
go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ= go.opentelemetry.io/otel v1.27.1-0.20240624175855-921eb701b175/go.mod h1:sAYY1kDqq6Qgmu9OdUrtIhBJAVKevM27kmSzEkEyyBg=
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.27.0 h1:bFgvUr3/O4PHj3VQcFEuYKvRZJX1SJDQ+11JXuSB3/w= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.27.1-0.20240624175855-921eb701b175 h1:awu+mcY8Zh17gkaxch+AY59ZEeZHsct61kce/JUa/Ho=
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.27.0/go.mod h1:xJntEd2KL6Qdg5lwp97HMLQDVeAhrYxmzFseAMDPQ8I= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.27.1-0.20240624175855-921eb701b175/go.mod h1:wwHMT54YgLNroOkp4+XK7PRqCez5DtQayTBR9Wf1CEA=
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.27.0 h1:CIHWikMsN3wO+wq1Tp5VGdVRTcON+DmOJSfDjXypKOc= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.27.1-0.20240624175855-921eb701b175 h1:nNu+y3xs12BTRqNVciOBdq1bwUpqHJFs26lhXXnO8/0=
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.27.0/go.mod h1:TNupZ6cxqyFEpLXAZW7On+mLFL0/g0TE3unIYL91xWc= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.27.1-0.20240624175855-921eb701b175/go.mod h1:/TESptXGTu8vZX8i19t1TSU4PGo9+gT9pGK/UNAea9I=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 h1:R9DE4kQ4k+YtfLI2ULwX82VtNQ2J8yZmA7ZIF/D+7Mc= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.1-0.20240624175855-921eb701b175 h1:ihrS8VlMvzPDy1QJ9yIsrKpcso6XnADVrj33wWxRG6k=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0/go.mod h1:OQFyQVrDlbe+R7xrEyDr/2Wr67Ol0hRUgsfA+V5A95s= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.1-0.20240624175855-921eb701b175/go.mod h1:O6p37S657iklDAWQZrzkHeyOooL0TRG7ADP6jZ1RpF8=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.1-0.20240624175855-921eb701b175 h1:qk6WZWPTf1MDvgLRCECyzbUzugNp2Ybc11fnrj6L/t4=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.1-0.20240624175855-921eb701b175/go.mod h1:A5CvQA6TBgKbMXLU3YrV9WB2m5xQYB50/PLkW1nJA8k=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.0 h1:QY7/0NeRPKlzusf40ZE4t1VlMKbqSNT7cJRYzWuja0s= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.1-0.20240624175855-921eb701b175 h1:l47wCNFvbEdVi0U3Ojf5yD6QhrNjuK2N46N9tiCzpNE=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.0/go.mod h1:HVkSiDhTM9BoUJU8qE6j2eSWLLXvi1USXjyd2BXT8PY= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.1-0.20240624175855-921eb701b175/go.mod h1:vS4rxlVsjAdnvN34PmMKVPKZdQrKVxRw6Tz6qQ+NsY8=
go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik= go.opentelemetry.io/otel/metric v1.27.1-0.20240624175855-921eb701b175 h1:YGLAewt2Wr/DFRQI6OjqqZ31B+CO3W1bcDWhsIL7r98=
go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak= go.opentelemetry.io/otel/metric v1.27.1-0.20240624175855-921eb701b175/go.mod h1:YHVa4iPQFl9x0kF/Pxk1MYAbroRbl7zK+vT34w7VsCA=
go.opentelemetry.io/otel/sdk v1.27.0 h1:mlk+/Y1gLPLn84U4tI8d3GNJmGT/eXe3ZuOXN9kTWmI= go.opentelemetry.io/otel/sdk v1.27.1-0.20240624175855-921eb701b175 h1:QdXgh+39hJwRYYQ3OgcI4SMawt/rPBgmQdtZYGxzdq8=
go.opentelemetry.io/otel/sdk v1.27.0/go.mod h1:Ha9vbLwJE6W86YstIywK2xFfPjbWlCuwPtMkKdz/Y4A= go.opentelemetry.io/otel/sdk v1.27.1-0.20240624175855-921eb701b175/go.mod h1:Ru3JMbgJMftQARx7nhi0IJotnL2n8bv61IOrAgFpd+s=
go.opentelemetry.io/otel/sdk/metric v1.27.0 h1:5uGNOlpXi+Hbo/DRoI31BSb1v+OGcpv2NemcCrOL8gI= go.opentelemetry.io/otel/sdk/metric v1.27.1-0.20240624175855-921eb701b175 h1:GYxFdqdupCe5BEORUuWvNMRKeZliRLK8INKCgGzYLRA=
go.opentelemetry.io/otel/sdk/metric v1.27.0/go.mod h1:we7jJVrYN2kh3mVBlswtPU22K0SA+769l93J6bsyvqw= go.opentelemetry.io/otel/sdk/metric v1.27.1-0.20240624175855-921eb701b175/go.mod h1:SRwqsyIihvNIPKOVe1CqC4owsJX2vv63U5op9Axd4fI=
go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw= go.opentelemetry.io/otel/trace v1.27.1-0.20240624175855-921eb701b175 h1:1y2KlY7+gTBn4GZa2yMKqgcb4H2KIOrBSSrG4esCC3g=
go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= go.opentelemetry.io/otel/trace v1.27.1-0.20240624175855-921eb701b175/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4=
go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
@ -1541,10 +1547,10 @@ google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98/go.mod h1:FWY/as6D
google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY= google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY=
google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo= google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo=
google.golang.org/genproto/googleapis/api v0.0.0-20240520151616-dc85e6b867a5 h1:P8OJ/WCl/Xo4E4zoe4/bifHpSmmKwARqyqE4nW6J2GQ= google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d h1:Aqf0fiIdUQEj0Gn9mKFFXoQfTTEaNopWpfVyYADxiSg=
google.golang.org/genproto/googleapis/api v0.0.0-20240520151616-dc85e6b867a5/go.mod h1:RGnPtTG7r4i8sPlNyDeikXF99hMM+hN6QMm4ooG9g2g= google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Od4k8V1LQSizPRUK4OzZ7TBE/20k+jPczUDAEyvn69Y=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 h1:AgADTJarZTBqgjiUzRgfaBchgYB3/WFTC80GPwsMcRI= google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d h1:k3zyW3BYYR30e8v3x0bTDdE9vpYFjZHK+HcyqkrppWk=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM=
@ -1582,8 +1588,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

142
integration/fixtures/k8s/01-traefik-crd.yml
View file

@ -43,7 +43,7 @@ spec:
description: |- description: |-
EntryPoints defines the list of entry point names to bind to. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
Default: all. Default: all.
items: items:
type: string type: string
@ -63,12 +63,12 @@ spec:
match: match:
description: |- description: |-
Match defines the router's rule. Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
type: string type: string
middlewares: middlewares:
description: |- description: |-
Middlewares defines the list of references to Middleware resources. Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
items: items:
description: MiddlewareRef is a reference to a Middleware description: MiddlewareRef is a reference to a Middleware
resource. resource.
@ -88,7 +88,7 @@ spec:
priority: priority:
description: |- description: |-
Priority defines the router's priority. Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
type: integer type: integer
services: services:
description: |- description: |-
@ -229,7 +229,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -277,7 +277,7 @@ spec:
syntax: syntax:
description: |- description: |-
Syntax defines the router's rule syntax. Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
type: string type: string
required: required:
- kind - kind
@ -287,18 +287,18 @@ spec:
tls: tls:
description: |- description: |-
TLS defines the TLS configuration. TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
properties: properties:
certResolver: certResolver:
description: |- description: |-
CertResolver defines the name of the certificate resolver to use. CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration. Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
type: string type: string
domains: domains:
description: |- description: |-
Domains defines the list of domains that will be used to issue certificates. Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@ -317,17 +317,17 @@ spec:
description: |- description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used. If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
properties: properties:
name: name:
description: |- description: |-
Name defines the name of the referenced TLSOption. Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
type: string type: string
namespace: namespace:
description: |- description: |-
Namespace defines the namespace of the referenced TLSOption. Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
type: string type: string
required: required:
- name - name
@ -344,12 +344,12 @@ spec:
name: name:
description: |- description: |-
Name defines the name of the referenced TLSStore. Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
type: string type: string
namespace: namespace:
description: |- description: |-
Namespace defines the namespace of the referenced TLSStore. Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
type: string type: string
required: required:
- name - name
@ -409,7 +409,7 @@ spec:
description: |- description: |-
EntryPoints defines the list of entry point names to bind to. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
Default: all. Default: all.
items: items:
type: string type: string
@ -422,7 +422,7 @@ spec:
match: match:
description: |- description: |-
Match defines the router's rule. Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1 More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
type: string type: string
middlewares: middlewares:
description: Middlewares defines the list of references to MiddlewareTCP description: Middlewares defines the list of references to MiddlewareTCP
@ -446,7 +446,7 @@ spec:
priority: priority:
description: |- description: |-
Priority defines the router's priority. Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1 More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
type: integer type: integer
services: services:
description: Services defines the list of TCP services. description: Services defines the list of TCP services.
@ -487,7 +487,7 @@ spec:
proxyProtocol: proxyProtocol:
description: |- description: |-
ProxyProtocol defines the PROXY protocol configuration. ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
properties: properties:
version: version:
description: Version defines the PROXY Protocol version description: Version defines the PROXY Protocol version
@ -525,7 +525,7 @@ spec:
syntax: syntax:
description: |- description: |-
Syntax defines the router's rule syntax. Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1 More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
type: string type: string
required: required:
- match - match
@ -534,18 +534,18 @@ spec:
tls: tls:
description: |- description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route. TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1 More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
properties: properties:
certResolver: certResolver:
description: |- description: |-
CertResolver defines the name of the certificate resolver to use. CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration. Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
type: string type: string
domains: domains:
description: |- description: |-
Domains defines the list of domains that will be used to issue certificates. Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@ -564,7 +564,7 @@ spec:
description: |- description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used. If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
properties: properties:
name: name:
description: Name defines the name of the referenced Traefik description: Name defines the name of the referenced Traefik
@ -656,7 +656,7 @@ spec:
description: |- description: |-
EntryPoints defines the list of entry point names to bind to. EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
Default: all. Default: all.
items: items:
type: string type: string
@ -743,7 +743,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: |- description: |-
Middleware is the CRD implementation of a Traefik Middleware. Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -769,7 +769,7 @@ spec:
description: |- description: |-
AddPrefix holds the add prefix middleware configuration. AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding it. This middleware updates the path of a request before forwarding it.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
properties: properties:
prefix: prefix:
description: |- description: |-
@ -781,12 +781,12 @@ spec:
description: |- description: |-
BasicAuth holds the basic auth middleware configuration. BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
properties: properties:
headerField: headerField:
description: |- description: |-
HeaderField defines a header field to store the authenticated user. HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
type: string type: string
realm: realm:
description: |- description: |-
@ -807,7 +807,7 @@ spec:
description: |- description: |-
Buffering holds the buffering middleware configuration. Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can be forwarded to backends. This middleware retries or limits the size of requests that can be forwarded to backends.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
properties: properties:
maxRequestBodyBytes: maxRequestBodyBytes:
description: |- description: |-
@ -839,14 +839,14 @@ spec:
description: |- description: |-
RetryExpression defines the retry conditions. RetryExpression defines the retry conditions.
It is a logical combination of functions with operators AND (&&) and OR (||). It is a logical combination of functions with operators AND (&&) and OR (||).
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
type: string type: string
type: object type: object
chain: chain:
description: |- description: |-
Chain holds the configuration of the chain middleware. Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware. This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
properties: properties:
middlewares: middlewares:
description: Middlewares is the list of MiddlewareRef which composes description: Middlewares is the list of MiddlewareRef which composes
@ -905,7 +905,7 @@ spec:
description: |- description: |-
Compress holds the compress middleware configuration. Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip compression. This middleware compresses responses before sending them to the client, using gzip compression.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
properties: properties:
defaultEncoding: defaultEncoding:
description: DefaultEncoding specifies the default encoding if description: DefaultEncoding specifies the default encoding if
@ -948,12 +948,12 @@ spec:
description: |- description: |-
DigestAuth holds the digest auth middleware configuration. DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
properties: properties:
headerField: headerField:
description: |- description: |-
HeaderField defines a header field to store the authenticated user. HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
type: string type: string
realm: realm:
description: |- description: |-
@ -973,7 +973,7 @@ spec:
description: |- description: |-
ErrorPage holds the custom error middleware configuration. ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
properties: properties:
query: query:
description: |- description: |-
@ -983,7 +983,7 @@ spec:
service: service:
description: |- description: |-
Service defines the reference to a Kubernetes Service that will serve the error page. Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
properties: properties:
healthCheck: healthCheck:
description: Healthcheck defines health checks for ExternalName description: Healthcheck defines health checks for ExternalName
@ -1116,7 +1116,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -1174,7 +1174,7 @@ spec:
description: |- description: |-
ForwardAuth holds the forward auth middleware configuration. ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service. This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
properties: properties:
addAuthCookiesToResponse: addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies description: AddAuthCookiesToResponse defines the list of cookies
@ -1202,7 +1202,7 @@ spec:
authResponseHeadersRegex: authResponseHeadersRegex:
description: |- description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
type: string type: string
tls: tls:
description: TLS defines the configuration used to secure the description: TLS defines the configuration used to secure the
@ -1249,7 +1249,7 @@ spec:
description: |- description: |-
Headers holds the headers middleware configuration. Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers. This middleware manages the requests and responses headers.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
properties: properties:
accessControlAllowCredentials: accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the description: AccessControlAllowCredentials defines whether the
@ -1420,7 +1420,7 @@ spec:
description: |- description: |-
InFlightReq holds the in-flight request middleware configuration. InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and served concurrently. This middleware limits the number of requests being processed and served concurrently.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
properties: properties:
amount: amount:
description: |- description: |-
@ -1433,12 +1433,12 @@ spec:
SourceCriterion defines what criterion is used to group requests as originating from a common source. SourceCriterion defines what criterion is used to group requests as originating from a common source.
If several strategies are defined at the same time, an error will be raised. If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost. If none are set, the default is to use the requestHost.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
properties: properties:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1467,12 +1467,12 @@ spec:
description: |- description: |-
IPAllowList holds the IP allowlist middleware configuration. IPAllowList holds the IP allowlist middleware configuration.
This middleware limits allowed requests based on the client IP. This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
properties: properties:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1504,7 +1504,7 @@ spec:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1529,7 +1529,7 @@ spec:
description: |- description: |-
PassTLSClientCert holds the pass TLS client cert middleware configuration. PassTLSClientCert holds the pass TLS client cert middleware configuration.
This middleware adds the selected data from the passed client TLS certificate to a header. This middleware adds the selected data from the passed client TLS certificate to a header.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
properties: properties:
info: info:
description: Info selects the specific client certificate details description: Info selects the specific client certificate details
@ -1638,7 +1638,7 @@ spec:
description: |- description: |-
RateLimit holds the rate limit configuration. RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
properties: properties:
average: average:
description: |- description: |-
@ -1671,7 +1671,7 @@ spec:
ipStrategy: ipStrategy:
description: |- description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@ -1700,7 +1700,7 @@ spec:
description: |- description: |-
RedirectRegex holds the redirect regex middleware configuration. RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement. This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@ -1719,7 +1719,7 @@ spec:
description: |- description: |-
RedirectScheme holds the redirect scheme middleware configuration. RedirectScheme holds the redirect scheme middleware configuration.
This middleware redirects requests from a scheme/port to another. This middleware redirects requests from a scheme/port to another.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@ -1736,7 +1736,7 @@ spec:
description: |- description: |-
ReplacePath holds the replace path middleware configuration. ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
properties: properties:
path: path:
description: Path defines the path to use as replacement in the description: Path defines the path to use as replacement in the
@ -1747,7 +1747,7 @@ spec:
description: |- description: |-
ReplacePathRegex holds the replace path regex middleware configuration. ReplacePathRegex holds the replace path regex middleware configuration.
This middleware replaces the path of a URL using regex matching and replacement. This middleware replaces the path of a URL using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
properties: properties:
regex: regex:
description: Regex defines the regular expression used to match description: Regex defines the regular expression used to match
@ -1763,7 +1763,7 @@ spec:
Retry holds the retry middleware configuration. Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply. This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status. As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
properties: properties:
attempts: attempts:
description: Attempts defines how many times the request should description: Attempts defines how many times the request should
@ -1785,7 +1785,7 @@ spec:
description: |- description: |-
StripPrefix holds the strip prefix middleware configuration. StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path. This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
properties: properties:
forceSlash: forceSlash:
description: |- description: |-
@ -1804,7 +1804,7 @@ spec:
description: |- description: |-
StripPrefixRegex holds the strip prefix regex middleware configuration. StripPrefixRegex holds the strip prefix regex middleware configuration.
This middleware removes the matching prefixes from the URL path. This middleware removes the matching prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
properties: properties:
regex: regex:
description: Regex defines the regular expression to match the description: Regex defines the regular expression to match the
@ -1841,7 +1841,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: |- description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -1877,7 +1877,7 @@ spec:
description: |- description: |-
IPAllowList defines the IPAllowList middleware configuration. IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP. This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of
@ -1891,7 +1891,7 @@ spec:
IPWhiteList defines the IPWhiteList middleware configuration. IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP. This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead. Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/ More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of
@ -1930,7 +1930,7 @@ spec:
ServersTransport is the CRD implementation of a ServersTransport. ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used. If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration. The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1 More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2069,7 +2069,7 @@ spec:
ServersTransportTCP is the CRD implementation of a TCPServersTransport. ServersTransportTCP is the CRD implementation of a TCPServersTransport.
If no tcpServersTransport is specified, a default one named default@internal will be used. If no tcpServersTransport is specified, a default one named default@internal will be used.
The default@internal tcpServersTransport can be configured in the static configuration. The default@internal tcpServersTransport can be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3 More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2187,7 +2187,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: |- description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2212,14 +2212,14 @@ spec:
alpnProtocols: alpnProtocols:
description: |- description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
items: items:
type: string type: string
type: array type: array
cipherSuites: cipherSuites:
description: |- description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
items: items:
type: string type: string
type: array type: array
@ -2247,7 +2247,7 @@ spec:
curvePreferences: curvePreferences:
description: |- description: |-
CurvePreferences defines the preferred elliptic curves in a specific order. CurvePreferences defines the preferred elliptic curves in a specific order.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
items: items:
type: string type: string
type: array type: array
@ -2303,7 +2303,7 @@ spec:
TLSStore is the CRD implementation of a Traefik TLS Store. TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported. For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces. This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2401,7 +2401,7 @@ spec:
TraefikService object allows to: TraefikService object allows to:
- Apply weight to Services on load-balancing - Apply weight to Services on load-balancing
- Mirror traffic on services - Mirror traffic on services
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
@ -2642,7 +2642,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -2749,7 +2749,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -2932,7 +2932,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines the sticky sessions configuration. Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@ -2979,7 +2979,7 @@ spec:
sticky: sticky:
description: |- description: |-
Sticky defines whether sticky sessions are enabled. Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.

4
integration/k8s_conformance_test.go
View file

@ -18,7 +18,6 @@ import (
"github.com/testcontainers/testcontainers-go/network" "github.com/testcontainers/testcontainers-go/network"
"github.com/traefik/traefik/v3/integration/try" "github.com/traefik/traefik/v3/integration/try"
"github.com/traefik/traefik/v3/pkg/version" "github.com/traefik/traefik/v3/pkg/version"
"gopkg.in/yaml.v3"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
"k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
kclientset "k8s.io/client-go/kubernetes" kclientset "k8s.io/client-go/kubernetes"
@ -35,6 +34,7 @@ import (
"sigs.k8s.io/gateway-api/conformance/utils/config" "sigs.k8s.io/gateway-api/conformance/utils/config"
ksuite "sigs.k8s.io/gateway-api/conformance/utils/suite" ksuite "sigs.k8s.io/gateway-api/conformance/utils/suite"
"sigs.k8s.io/gateway-api/pkg/features" "sigs.k8s.io/gateway-api/pkg/features"
"sigs.k8s.io/yaml"
) )
const ( const (
@ -230,7 +230,7 @@ func (s *K8sConformanceSuite) TestK8sGatewayAPIConformance() {
s.T().Logf("Conformance report:\n%s", string(rawReport)) s.T().Logf("Conformance report:\n%s", string(rawReport))
require.NoError(s.T(), os.MkdirAll("./conformance-reports", 0o755)) require.NoError(s.T(), os.MkdirAll("./conformance-reports", 0o755))
outFile := filepath.Join("conformance-reports", fmt.Sprintf("traefik-traefik-%d.yaml", time.Now().UnixNano())) outFile := filepath.Join("conformance-reports", fmt.Sprintf("%s-%s-%s-report.yaml", report.GatewayAPIChannel, report.Version, report.Mode))
require.NoError(s.T(), os.WriteFile(outFile, rawReport, 0o600)) require.NoError(s.T(), os.WriteFile(outFile, rawReport, 0o600))
s.T().Logf("Report written to: %s", outFile) s.T().Logf("Report written to: %s", outFile)
} }

2
integration/resources/compose/tracing.yml
View file

@ -7,7 +7,7 @@ services:
volumes: volumes:
- ./fixtures/tracing/tempo.yaml:/etc/tempo.yaml - ./fixtures/tracing/tempo.yaml:/etc/tempo.yaml
otel-collector: otel-collector:
image: otel/opentelemetry-collector-contrib:0.89.0 image: otel/opentelemetry-collector-contrib:0.103.0
volumes: volumes:
- ./fixtures/tracing/otel-collector-config.yaml:/etc/otelcol-contrib/config.yaml - ./fixtures/tracing/otel-collector-config.yaml:/etc/otelcol-contrib/config.yaml
whoami: whoami:

463
integration/tracing_test.go
View file

@ -2,7 +2,9 @@ package integration
import ( import (
"encoding/json" "encoding/json"
"fmt"
"io" "io"
"net"
"net/http" "net/http"
"net/url" "net/url"
"os" "os"
@ -96,27 +98,46 @@ func (s *TracingSuite) TestOpentelemetryBasic_HTTP() {
{ {
"batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik", "batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik",
"batches.0.scopeSpans.0.spans.0.name": "EntryPoint", "batches.0.scopeSpans.0.spans.0.name": "ReverseProxy",
"batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_SERVER", "batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_CLIENT",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET", "batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"entry_point\").value.stringValue": "web", "batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.protocol.version\").value.stringValue": "1.1",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.path\").value.stringValue": "/basic", "batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.full\").value.stringValue": fmt.Sprintf("http://%s/basic", net.JoinHostPort(s.whoamiIP, "80")),
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "200", "batches.0.scopeSpans.0.spans.0.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.address\").value.stringValue": s.whoamiIP,
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.port\").value.intValue": "80",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.address\").value.stringValue": s.whoamiIP,
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.port\").value.intValue": "80",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
"batches.0.scopeSpans.0.spans.1.name": "Router", "batches.0.scopeSpans.0.spans.1.name": "Metrics",
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.router.name\").value.stringValue": "router0@file", "batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-service",
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.service.name\").value.stringValue": "service0@file",
"batches.0.scopeSpans.0.spans.2.name": "Service", "batches.0.scopeSpans.0.spans.2.name": "Service",
"batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.service.name\").value.stringValue": "service0@file", "batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.service.name\").value.stringValue": "service0@file",
"batches.0.scopeSpans.0.spans.3.name": "ReverseProxy", "batches.0.scopeSpans.0.spans.3.name": "Router",
"batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_CLIENT", "batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"url.scheme\").value.stringValue": "http", "batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.service.name\").value.stringValue": "service0@file",
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"http.response.status_code\").value.intValue": "200", "batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.router.name\").value.stringValue": "router0@file",
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1", "batches.0.scopeSpans.0.spans.3.attributes.#(key=\"http.route\").value.stringValue": "Path(`/basic`)",
"batches.0.scopeSpans.0.spans.4.name": "Metrics",
"batches.0.scopeSpans.0.spans.4.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-entrypoint",
"batches.0.scopeSpans.0.spans.5.name": "EntryPoint",
"batches.0.scopeSpans.0.spans.5.kind": "SPAN_KIND_SERVER",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"entry_point\").value.stringValue": "web",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"url.path\").value.stringValue": "/basic",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"url.query\").value.stringValue": "",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"server.address\").value.stringValue": "127.0.0.1:8000",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"network.peer.address\").value.stringValue": "127.0.0.1",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
}, },
} }
@ -145,27 +166,35 @@ func (s *TracingSuite) TestOpentelemetryBasic_gRPC() {
{ {
"batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik", "batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik",
"batches.0.scopeSpans.0.spans.0.name": "EntryPoint", "batches.0.scopeSpans.0.spans.0.name": "ReverseProxy",
"batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_SERVER", "batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_CLIENT",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET", "batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"entry_point\").value.stringValue": "web", "batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.protocol.version\").value.stringValue": "1.1",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.path\").value.stringValue": "/basic", "batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.full\").value.stringValue": fmt.Sprintf("http://%s/basic", net.JoinHostPort(s.whoamiIP, "80")),
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "200", "batches.0.scopeSpans.0.spans.0.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.address\").value.stringValue": s.whoamiIP,
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.port\").value.intValue": "80",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.address\").value.stringValue": s.whoamiIP,
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.port\").value.intValue": "80",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
"batches.0.scopeSpans.0.spans.1.name": "Router", "batches.0.scopeSpans.0.spans.1.name": "Metrics",
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.router.name\").value.stringValue": "router0@file", "batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-service",
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.service.name\").value.stringValue": "service0@file",
"batches.0.scopeSpans.0.spans.2.name": "Service", "batches.0.scopeSpans.0.spans.2.name": "Service",
"batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.service.name\").value.stringValue": "service0@file", "batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.service.name\").value.stringValue": "service0@file",
"batches.0.scopeSpans.0.spans.3.name": "ReverseProxy", "batches.0.scopeSpans.0.spans.3.name": "Router",
"batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_CLIENT", "batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"url.scheme\").value.stringValue": "http", "batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.service.name\").value.stringValue": "service0@file",
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"http.response.status_code\").value.intValue": "200", "batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.router.name\").value.stringValue": "router0@file",
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1", "batches.0.scopeSpans.0.spans.3.attributes.#(key=\"http.route\").value.stringValue": "Path(`/basic`)",
"batches.0.scopeSpans.0.spans.4.name": "Metrics",
"batches.0.scopeSpans.0.spans.4.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-entrypoint",
}, },
} }
@ -215,54 +244,75 @@ func (s *TracingSuite) TestOpentelemetryRateLimit() {
{ {
"batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik", "batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik",
"batches.0.scopeSpans.0.spans.0.name": "EntryPoint", "batches.0.scopeSpans.0.spans.0.name": "RateLimiter",
"batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_SERVER", "batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET", "batches.0.scopeSpans.0.spans.0.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "ratelimit-1@file",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"entry_point\").value.stringValue": "web",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.path\").value.stringValue": "/ratelimit",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
"batches.0.scopeSpans.0.spans.1.name": "Router", "batches.0.scopeSpans.0.spans.1.name": "Retry",
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.router.name\").value.stringValue": "router1@file", "batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.service.name\").value.stringValue": "service1@file",
"batches.0.scopeSpans.0.spans.2.name": "Retry", "batches.0.scopeSpans.0.spans.2.name": "RateLimiter",
"batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file", "batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "ratelimit-1@file",
"batches.0.scopeSpans.0.spans.3.name": "RateLimiter", "batches.0.scopeSpans.0.spans.3.name": "Retry",
"batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "ratelimit-1@file", "batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"http.request.resend_count\").value.intValue": "1",
"batches.0.scopeSpans.0.spans.4.name": "Service", "batches.0.scopeSpans.0.spans.4.name": "RateLimiter",
"batches.0.scopeSpans.0.spans.4.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.4.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"traefik.service.name\").value.stringValue": "service1@file", "batches.0.scopeSpans.0.spans.4.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "ratelimit-1@file",
"batches.0.scopeSpans.0.spans.5.name": "ReverseProxy", "batches.0.scopeSpans.0.spans.5.name": "Retry",
"batches.0.scopeSpans.0.spans.5.kind": "SPAN_KIND_CLIENT", "batches.0.scopeSpans.0.spans.5.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"url.scheme\").value.stringValue": "http", "batches.0.scopeSpans.0.spans.5.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"http.response.status_code\").value.intValue": "200", "batches.0.scopeSpans.0.spans.5.attributes.#(key=\"http.request.resend_count\").value.intValue": "2",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
"batches.0.scopeSpans.0.spans.6.name": "Router",
"batches.0.scopeSpans.0.spans.6.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"traefik.service.name\").value.stringValue": "service1@file",
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"traefik.router.name\").value.stringValue": "router1@file",
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"http.route\").value.stringValue": "Path(`/ratelimit`)",
"batches.0.scopeSpans.0.spans.7.name": "Metrics",
"batches.0.scopeSpans.0.spans.7.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-entrypoint",
"batches.0.scopeSpans.0.spans.8.name": "EntryPoint",
"batches.0.scopeSpans.0.spans.8.kind": "SPAN_KIND_SERVER",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"entry_point\").value.stringValue": "web",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"url.path\").value.stringValue": "/ratelimit",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"url.query\").value.stringValue": "",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"server.address\").value.stringValue": "127.0.0.1:8000",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"network.peer.address\").value.stringValue": "127.0.0.1",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"http.response.status_code\").value.intValue": "429",
}, },
{ {
"batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik", "batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik",
"batches.0.scopeSpans.0.spans.0.name": "EntryPoint", "batches.0.scopeSpans.0.spans.0.name": "ReverseProxy",
"batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_SERVER", "batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_CLIENT",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET", "batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"entry_point\").value.stringValue": "web", "batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.protocol.version\").value.stringValue": "1.1",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.path\").value.stringValue": "/ratelimit", "batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.full\").value.stringValue": fmt.Sprintf("http://%s/ratelimit", net.JoinHostPort(s.whoamiIP, "80")),
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "429", "batches.0.scopeSpans.0.spans.0.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.address\").value.stringValue": s.whoamiIP,
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.port\").value.intValue": "80",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.address\").value.stringValue": s.whoamiIP,
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.port\").value.intValue": "80",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
"batches.0.scopeSpans.0.spans.1.name": "Router", "batches.0.scopeSpans.0.spans.1.name": "Metrics",
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.router.name\").value.stringValue": "router1@file", "batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-service",
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.service.name\").value.stringValue": "service1@file",
"batches.0.scopeSpans.0.spans.2.name": "Retry", "batches.0.scopeSpans.0.spans.2.name": "Service",
"batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file", "batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.service.name\").value.stringValue": "service1@file",
"batches.0.scopeSpans.0.spans.3.name": "RateLimiter", "batches.0.scopeSpans.0.spans.3.name": "RateLimiter",
"batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_INTERNAL",
@ -271,20 +321,27 @@ func (s *TracingSuite) TestOpentelemetryRateLimit() {
"batches.0.scopeSpans.0.spans.4.name": "Retry", "batches.0.scopeSpans.0.spans.4.name": "Retry",
"batches.0.scopeSpans.0.spans.4.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.4.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file", "batches.0.scopeSpans.0.spans.4.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"http.resend_count\").value.intValue": "1",
"batches.0.scopeSpans.0.spans.5.name": "RateLimiter", "batches.0.scopeSpans.0.spans.5.name": "Router",
"batches.0.scopeSpans.0.spans.5.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.5.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "ratelimit-1@file", "batches.0.scopeSpans.0.spans.5.attributes.#(key=\"traefik.service.name\").value.stringValue": "service1@file",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"traefik.router.name\").value.stringValue": "router1@file",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"http.route\").value.stringValue": "Path(`/ratelimit`)",
"batches.0.scopeSpans.0.spans.6.name": "Retry", "batches.0.scopeSpans.0.spans.6.name": "Metrics",
"batches.0.scopeSpans.0.spans.6.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.6.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file", "batches.0.scopeSpans.0.spans.6.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-entrypoint",
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"http.resend_count\").value.intValue": "2",
"batches.0.scopeSpans.0.spans.7.name": "RateLimiter", "batches.0.scopeSpans.0.spans.7.name": "EntryPoint",
"batches.0.scopeSpans.0.spans.7.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.7.kind": "SPAN_KIND_SERVER",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "ratelimit-1@file", "batches.0.scopeSpans.0.spans.7.attributes.#(key=\"entry_point\").value.stringValue": "web",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"url.path\").value.stringValue": "/ratelimit",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"url.query\").value.stringValue": "",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"server.address\").value.stringValue": "127.0.0.1:8000",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"network.peer.address\").value.stringValue": "127.0.0.1",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
}, },
} }
@ -312,60 +369,102 @@ func (s *TracingSuite) TestOpentelemetryRetry() {
{ {
"batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik", "batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik",
"batches.0.scopeSpans.0.spans.0.name": "EntryPoint", "batches.0.scopeSpans.0.spans.0.name": "ReverseProxy",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET", "batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_CLIENT",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.path\").value.stringValue": "/retry", "batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "502", "batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.protocol.version\").value.stringValue": "1.1",
"batches.0.scopeSpans.0.spans.0.status.code": "STATUS_CODE_ERROR", "batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.full\").value.stringValue": fmt.Sprintf("http://%s/retry", net.JoinHostPort(s.whoamiIP, "81")),
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.address\").value.stringValue": s.whoamiIP,
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.port\").value.intValue": "81",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.address\").value.stringValue": s.whoamiIP,
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.port\").value.intValue": "81",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "502",
"batches.0.scopeSpans.0.spans.0.status.code": "STATUS_CODE_ERROR",
"batches.0.scopeSpans.0.spans.1.name": "Router", "batches.0.scopeSpans.0.spans.1.name": "Metrics",
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.service.name\").value.stringValue": "service2@file", "batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-service",
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.router.name\").value.stringValue": "router2@file",
"batches.0.scopeSpans.0.spans.2.name": "Retry", "batches.0.scopeSpans.0.spans.2.name": "Service",
"batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file", "batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.service.name\").value.stringValue": "service2@file",
"batches.0.scopeSpans.0.spans.3.name": "Service", "batches.0.scopeSpans.0.spans.3.name": "Retry",
"batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.service.name\").value.stringValue": "service2@file", "batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
"batches.0.scopeSpans.0.spans.4.name": "ReverseProxy", "batches.0.scopeSpans.0.spans.4.name": "ReverseProxy",
"batches.0.scopeSpans.0.spans.4.kind": "SPAN_KIND_CLIENT", "batches.0.scopeSpans.0.spans.4.kind": "SPAN_KIND_CLIENT",
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"url.scheme\").value.stringValue": "http", "batches.0.scopeSpans.0.spans.4.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"http.response.status_code\").value.intValue": "502", "batches.0.scopeSpans.0.spans.4.attributes.#(key=\"network.protocol.version\").value.stringValue": "1.1",
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1", "batches.0.scopeSpans.0.spans.4.attributes.#(key=\"url.full\").value.stringValue": fmt.Sprintf("http://%s/retry", net.JoinHostPort(s.whoamiIP, "81")),
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"network.peer.address\").value.stringValue": s.whoamiIP,
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"network.peer.port\").value.intValue": "81",
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"server.address\").value.stringValue": s.whoamiIP,
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"server.port\").value.intValue": "81",
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"http.response.status_code\").value.intValue": "502",
"batches.0.scopeSpans.0.spans.4.status.code": "STATUS_CODE_ERROR",
"batches.0.scopeSpans.0.spans.5.name": "Retry", "batches.0.scopeSpans.0.spans.5.name": "Metrics",
"batches.0.scopeSpans.0.spans.5.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.5.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file", "batches.0.scopeSpans.0.spans.5.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-service",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"http.resend_count\").value.intValue": "1",
"batches.0.scopeSpans.0.spans.6.name": "Service", "batches.0.scopeSpans.0.spans.6.name": "Service",
"batches.0.scopeSpans.0.spans.6.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.6.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"traefik.service.name\").value.stringValue": "service2@file", "batches.0.scopeSpans.0.spans.6.attributes.#(key=\"traefik.service.name\").value.stringValue": "service2@file",
"batches.0.scopeSpans.0.spans.7.name": "ReverseProxy", "batches.0.scopeSpans.0.spans.7.name": "Retry",
"batches.0.scopeSpans.0.spans.7.kind": "SPAN_KIND_CLIENT", "batches.0.scopeSpans.0.spans.7.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"url.scheme\").value.stringValue": "http", "batches.0.scopeSpans.0.spans.7.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"http.response.status_code\").value.intValue": "502", "batches.0.scopeSpans.0.spans.7.attributes.#(key=\"http.request.resend_count\").value.intValue": "1",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
"batches.0.scopeSpans.0.spans.8.name": "Retry", "batches.0.scopeSpans.0.spans.8.name": "ReverseProxy",
"batches.0.scopeSpans.0.spans.8.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.8.kind": "SPAN_KIND_CLIENT",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file", "batches.0.scopeSpans.0.spans.8.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"http.resend_count\").value.intValue": "2", "batches.0.scopeSpans.0.spans.8.attributes.#(key=\"network.protocol.version\").value.stringValue": "1.1",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"url.full\").value.stringValue": fmt.Sprintf("http://%s/retry", net.JoinHostPort(s.whoamiIP, "81")),
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"network.peer.address\").value.stringValue": s.whoamiIP,
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"network.peer.port\").value.intValue": "81",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"server.address\").value.stringValue": s.whoamiIP,
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"server.port\").value.intValue": "81",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"http.response.status_code\").value.intValue": "502",
"batches.0.scopeSpans.0.spans.8.status.code": "STATUS_CODE_ERROR",
"batches.0.scopeSpans.0.spans.9.name": "Service", "batches.0.scopeSpans.0.spans.9.name": "Metrics",
"batches.0.scopeSpans.0.spans.9.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.9.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.9.attributes.#(key=\"traefik.service.name\").value.stringValue": "service2@file", "batches.0.scopeSpans.0.spans.9.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-service",
"batches.0.scopeSpans.0.spans.10.name": "ReverseProxy", "batches.0.scopeSpans.0.spans.10.name": "Service",
"batches.0.scopeSpans.0.spans.10.kind": "SPAN_KIND_CLIENT", "batches.0.scopeSpans.0.spans.10.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.10.attributes.#(key=\"url.scheme\").value.stringValue": "http", "batches.0.scopeSpans.0.spans.10.attributes.#(key=\"traefik.service.name\").value.stringValue": "service2@file",
"batches.0.scopeSpans.0.spans.10.attributes.#(key=\"http.response.status_code\").value.intValue": "502",
"batches.0.scopeSpans.0.spans.10.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1", "batches.0.scopeSpans.0.spans.11.name": "Retry",
"batches.0.scopeSpans.0.spans.11.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.11.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
"batches.0.scopeSpans.0.spans.11.attributes.#(key=\"http.request.resend_count\").value.intValue": "2",
"batches.0.scopeSpans.0.spans.12.name": "Router",
"batches.0.scopeSpans.0.spans.12.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.12.attributes.#(key=\"traefik.service.name\").value.stringValue": "service2@file",
"batches.0.scopeSpans.0.spans.12.attributes.#(key=\"traefik.router.name\").value.stringValue": "router2@file",
"batches.0.scopeSpans.0.spans.13.name": "Metrics",
"batches.0.scopeSpans.0.spans.13.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.13.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-entrypoint",
"batches.0.scopeSpans.0.spans.14.name": "EntryPoint",
"batches.0.scopeSpans.0.spans.14.kind": "SPAN_KIND_SERVER",
"batches.0.scopeSpans.0.spans.14.attributes.#(key=\"entry_point\").value.stringValue": "web",
"batches.0.scopeSpans.0.spans.14.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
"batches.0.scopeSpans.0.spans.14.attributes.#(key=\"url.path\").value.stringValue": "/retry",
"batches.0.scopeSpans.0.spans.14.attributes.#(key=\"url.query\").value.stringValue": "",
"batches.0.scopeSpans.0.spans.14.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
"batches.0.scopeSpans.0.spans.14.attributes.#(key=\"server.address\").value.stringValue": "127.0.0.1:8000",
"batches.0.scopeSpans.0.spans.14.attributes.#(key=\"network.peer.address\").value.stringValue": "127.0.0.1",
"batches.0.scopeSpans.0.spans.14.attributes.#(key=\"http.response.status_code\").value.intValue": "502",
}, },
} }
@ -393,21 +492,131 @@ func (s *TracingSuite) TestOpentelemetryAuth() {
{ {
"batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik", "batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik",
"batches.0.scopeSpans.0.spans.0.name": "EntryPoint", "batches.0.scopeSpans.0.spans.0.name": "BasicAuth",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET", "batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.path\").value.stringValue": "/auth", "batches.0.scopeSpans.0.spans.0.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "basic-auth@file",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "401", "batches.0.scopeSpans.0.spans.0.status.message": "Authentication failed",
"batches.0.scopeSpans.0.spans.0.status.code": "STATUS_CODE_ERROR",
"batches.0.scopeSpans.0.spans.1.name": "Router", "batches.0.scopeSpans.0.spans.1.name": "Retry",
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.router.name\").value.stringValue": "router3@file", "batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.service.name\").value.stringValue": "service3@file",
"batches.0.scopeSpans.0.spans.2.name": "BasicAuth",
"batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file", "batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "basic-auth@file",
"batches.0.scopeSpans.0.spans.2.status.message": "Authentication failed",
"batches.0.scopeSpans.0.spans.2.status.code": "STATUS_CODE_ERROR",
"batches.0.scopeSpans.0.spans.3.name": "Retry",
"batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"http.request.resend_count\").value.intValue": "1",
"batches.0.scopeSpans.0.spans.4.name": "BasicAuth",
"batches.0.scopeSpans.0.spans.4.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "basic-auth@file",
"batches.0.scopeSpans.0.spans.4.status.message": "Authentication failed",
"batches.0.scopeSpans.0.spans.4.status.code": "STATUS_CODE_ERROR",
"batches.0.scopeSpans.0.spans.5.name": "Retry",
"batches.0.scopeSpans.0.spans.5.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"http.request.resend_count\").value.intValue": "2",
"batches.0.scopeSpans.0.spans.6.name": "Router",
"batches.0.scopeSpans.0.spans.6.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"traefik.service.name\").value.stringValue": "service3@file",
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"traefik.router.name\").value.stringValue": "router3@file",
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"http.route\").value.stringValue": "Path(`/auth`)",
"batches.0.scopeSpans.0.spans.7.name": "Metrics",
"batches.0.scopeSpans.0.spans.7.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-entrypoint",
"batches.0.scopeSpans.0.spans.8.name": "EntryPoint",
"batches.0.scopeSpans.0.spans.8.kind": "SPAN_KIND_SERVER",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"entry_point\").value.stringValue": "web",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"url.path\").value.stringValue": "/auth",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"url.query\").value.stringValue": "",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"server.address\").value.stringValue": "127.0.0.1:8000",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"network.peer.address\").value.stringValue": "127.0.0.1",
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"http.response.status_code\").value.intValue": "401",
},
}
s.checkTraceContent(contains)
}
func (s *TracingSuite) TestOpentelemetrySafeURL() {
file := s.adaptFile("fixtures/tracing/simple-opentelemetry.toml", TracingTemplate{
WhoamiIP: s.whoamiIP,
WhoamiPort: s.whoamiPort,
IP: s.otelCollectorIP,
})
defer os.Remove(file)
s.traefikCmd(withConfigFile(file))
// wait for traefik
err := try.GetRequest("http://127.0.0.1:8080/api/rawdata", time.Second, try.BodyContains("basic-auth"))
require.NoError(s.T(), err)
err = try.GetRequest("http://test:test@127.0.0.1:8000/auth?api_key=powpow", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK))
require.NoError(s.T(), err)
contains := []map[string]string{
{
"batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik",
"batches.0.scopeSpans.0.spans.0.name": "ReverseProxy",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.full\").value.stringValue": fmt.Sprintf("http://REDACTED:REDACTED@%s/auth?api_key=REDACTED", net.JoinHostPort(s.whoamiIP, "80")),
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.address\").value.stringValue": s.whoamiIP,
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.port\").value.intValue": "80",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.address\").value.stringValue": s.whoamiIP,
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.port\").value.intValue": "80",
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
"batches.0.scopeSpans.0.spans.1.name": "Metrics",
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-service",
"batches.0.scopeSpans.0.spans.2.name": "Service",
"batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.service.name\").value.stringValue": "service3@file",
"batches.0.scopeSpans.0.spans.3.name": "BasicAuth",
"batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_INTERNAL", "batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "basic-auth@file", "batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "basic-auth@file",
"batches.0.scopeSpans.0.spans.4.name": "Retry",
"batches.0.scopeSpans.0.spans.4.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
"batches.0.scopeSpans.0.spans.5.name": "Router",
"batches.0.scopeSpans.0.spans.5.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"traefik.service.name\").value.stringValue": "service3@file",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"traefik.router.name\").value.stringValue": "router3@file",
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"http.route\").value.stringValue": "Path(`/auth`)",
"batches.0.scopeSpans.0.spans.6.name": "Metrics",
"batches.0.scopeSpans.0.spans.6.kind": "SPAN_KIND_INTERNAL",
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-entrypoint",
"batches.0.scopeSpans.0.spans.7.name": "EntryPoint",
"batches.0.scopeSpans.0.spans.7.kind": "SPAN_KIND_SERVER",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"entry_point\").value.stringValue": "web",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"url.path\").value.stringValue": "/auth",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"url.query\").value.stringValue": "api_key=REDACTED",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"server.address\").value.stringValue": "127.0.0.1:8000",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"network.peer.address\").value.stringValue": "127.0.0.1",
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
}, },
} }
@ -517,12 +726,22 @@ func (s *TracingSuite) checkTraceContent(expectedJSON []map[string]string) {
contents = append(contents, string(content)) contents = append(contents, string(content))
} }
var missingElements []string
for _, expected := range expectedJSON { for _, expected := range expectedJSON {
containsAll(expected, contents) missingElements = append(missingElements, contains(expected, contents)...)
} }
log.Printf("Contents: [%s]\n", strings.Join(contents, ","))
for _, element := range missingElements {
log.Printf("Missing elements:\n%s\n", element)
}
require.Empty(s.T(), missingElements)
} }
func containsAll(expectedJSON map[string]string, contents []string) { func contains(expectedJSON map[string]string, contents []string) []string {
var missingElements []string
for k, v := range expectedJSON { for k, v := range expectedJSON {
found := false found := false
for _, content := range contents { for _, content := range contents {
@ -531,12 +750,12 @@ func containsAll(expectedJSON map[string]string, contents []string) {
break break
} }
} }
if !found { if !found {
log.Info().Msgf("[" + strings.Join(contents, ",") + "]") missingElements = append(missingElements, "Key: "+k+", Value: "+v)
log.Error().Msgf("missing element: \nKey: %q\nValue: %q ", k, v)
} }
} }
return missingElements
} }
// TraceResponse contains a list of traces. // TraceResponse contains a list of traces.

46
pkg/cli/deprecation.go
View file

@ -194,7 +194,7 @@ func (c *configuration) deprecationNotice(logger zerolog.Logger) bool {
if c.Pilot != nil { if c.Pilot != nil {
incompatible = true incompatible = true
logger.Error().Msg("Pilot configuration has been removed in v3, please remove all Pilot-related static configuration for Traefik to start." + logger.Error().Msg("Pilot configuration has been removed in v3, please remove all Pilot-related static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#pilot") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#pilot")
} }
incompatibleExperimental := c.Experimental.deprecationNotice(logger) incompatibleExperimental := c.Experimental.deprecationNotice(logger)
@ -226,13 +226,13 @@ func (p *providers) deprecationNotice(logger zerolog.Logger) bool {
if p.Marathon != nil { if p.Marathon != nil {
incompatible = true incompatible = true
logger.Error().Msg("Marathon provider has been removed in v3, please remove all Marathon-related static configuration for Traefik to start." + logger.Error().Msg("Marathon provider has been removed in v3, please remove all Marathon-related static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#marathon-provider") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#marathon-provider")
} }
if p.Rancher != nil { if p.Rancher != nil {
incompatible = true incompatible = true
logger.Error().Msg("Rancher provider has been removed in v3, please remove all Rancher-related static configuration for Traefik to start." + logger.Error().Msg("Rancher provider has been removed in v3, please remove all Rancher-related static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#rancher-v1-provider") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#rancher-v1-provider")
} }
dockerIncompatible := p.Docker.deprecationNotice(logger) dockerIncompatible := p.Docker.deprecationNotice(logger)
@ -273,14 +273,14 @@ func (d *docker) deprecationNotice(logger zerolog.Logger) bool {
if d.SwarmMode != nil { if d.SwarmMode != nil {
incompatible = true incompatible = true
logger.Error().Msg("Docker provider `swarmMode` option has been removed in v3, please use the Swarm Provider instead." + logger.Error().Msg("Docker provider `swarmMode` option has been removed in v3, please use the Swarm Provider instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#docker-docker-swarm") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#docker-docker-swarm")
} }
if d.TLS != nil && d.TLS.CAOptional != nil { if d.TLS != nil && d.TLS.CAOptional != nil {
incompatible = true incompatible = true
logger.Error().Msg("Docker provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + logger.Error().Msg("Docker provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." + "Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional")
} }
return incompatible return incompatible
@ -321,7 +321,7 @@ func (e *etcd) deprecationNotice(logger zerolog.Logger) bool {
incompatible = true incompatible = true
logger.Error().Msg("ETCD provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + logger.Error().Msg("ETCD provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." + "Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional_3") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_3")
} }
return incompatible return incompatible
@ -342,7 +342,7 @@ func (r *redis) deprecationNotice(logger zerolog.Logger) bool {
incompatible = true incompatible = true
logger.Error().Msg("Redis provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + logger.Error().Msg("Redis provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." + "Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional_4") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_4")
} }
return incompatible return incompatible
@ -363,14 +363,14 @@ func (c *consul) deprecationNotice(logger zerolog.Logger) bool {
if c.Namespace != nil { if c.Namespace != nil {
incompatible = true incompatible = true
logger.Error().Msg("Consul provider `namespace` option has been removed, please use the `namespaces` option instead." + logger.Error().Msg("Consul provider `namespace` option has been removed, please use the `namespaces` option instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#consul-provider") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#consul-provider")
} }
if c.TLS != nil && c.TLS.CAOptional != nil { if c.TLS != nil && c.TLS.CAOptional != nil {
incompatible = true incompatible = true
logger.Error().Msg("Consul provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + logger.Error().Msg("Consul provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." + "Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional_1") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_1")
} }
return incompatible return incompatible
@ -395,14 +395,14 @@ func (c *consulCatalog) deprecationNotice(logger zerolog.Logger) bool {
if c.Namespace != nil { if c.Namespace != nil {
incompatible = true incompatible = true
logger.Error().Msg("ConsulCatalog provider `namespace` option has been removed, please use the `namespaces` option instead." + logger.Error().Msg("ConsulCatalog provider `namespace` option has been removed, please use the `namespaces` option instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#consulcatalog-provider") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#consulcatalog-provider")
} }
if c.Endpoint != nil && c.Endpoint.TLS != nil && c.Endpoint.TLS.CAOptional != nil { if c.Endpoint != nil && c.Endpoint.TLS != nil && c.Endpoint.TLS.CAOptional != nil {
incompatible = true incompatible = true
logger.Error().Msg("ConsulCatalog provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + logger.Error().Msg("ConsulCatalog provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." + "Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#endpointtlscaoptional") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#endpointtlscaoptional")
} }
return incompatible return incompatible
@ -423,14 +423,14 @@ func (n *nomad) deprecationNotice(logger zerolog.Logger) bool {
if n.Namespace != nil { if n.Namespace != nil {
incompatible = true incompatible = true
logger.Error().Msg("Nomad provider `namespace` option has been removed, please use the `namespaces` option instead." + logger.Error().Msg("Nomad provider `namespace` option has been removed, please use the `namespaces` option instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#nomad-provider") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#nomad-provider")
} }
if n.Endpoint != nil && n.Endpoint.TLS != nil && n.Endpoint.TLS.CAOptional != nil { if n.Endpoint != nil && n.Endpoint.TLS != nil && n.Endpoint.TLS.CAOptional != nil {
incompatible = true incompatible = true
logger.Error().Msg("Nomad provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + logger.Error().Msg("Nomad provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." + "Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#endpointtlscaoptional_1") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#endpointtlscaoptional_1")
} }
return incompatible return incompatible
@ -451,7 +451,7 @@ func (h *http) deprecationNotice(logger zerolog.Logger) bool {
incompatible = true incompatible = true
logger.Error().Msg("HTTP provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." + logger.Error().Msg("HTTP provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." + "Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional_2") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_2")
} }
return incompatible return incompatible
@ -470,7 +470,7 @@ func (e *experimental) deprecationNotice(logger zerolog.Logger) bool {
if e.HTTP3 != nil { if e.HTTP3 != nil {
logger.Error().Msg("HTTP3 is not an experimental feature in v3 and the associated enablement has been removed." + logger.Error().Msg("HTTP3 is not an experimental feature in v3 and the associated enablement has been removed." +
"Please remove its usage from the static configuration for Traefik to start." + "Please remove its usage from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3-details/#http3") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3-details/#http3")
return true return true
} }
@ -478,7 +478,7 @@ func (e *experimental) deprecationNotice(logger zerolog.Logger) bool {
if e.KubernetesGateway != nil { if e.KubernetesGateway != nil {
logger.Error().Msg("KubernetesGateway provider is not an experimental feature starting with v3.1." + logger.Error().Msg("KubernetesGateway provider is not an experimental feature starting with v3.1." +
"Please remove its usage from the static configuration." + "Please remove its usage from the static configuration." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v3/#gateway-api-kubernetesgateway-provider") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v3/#gateway-api-kubernetesgateway-provider")
} }
return false return false
@ -502,49 +502,49 @@ func (t *tracing) deprecationNotice(logger zerolog.Logger) bool {
if t.SpanNameLimit != nil { if t.SpanNameLimit != nil {
incompatible = true incompatible = true
logger.Error().Msg("SpanNameLimit option for Tracing has been removed in v3, as Span names are now of a fixed length." + logger.Error().Msg("SpanNameLimit option for Tracing has been removed in v3, as Span names are now of a fixed length." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
} }
if t.Jaeger != nil { if t.Jaeger != nil {
incompatible = true incompatible = true
logger.Error().Msg("Jaeger Tracing backend has been removed in v3, please remove all Jaeger-related Tracing static configuration for Traefik to start." + logger.Error().Msg("Jaeger Tracing backend has been removed in v3, please remove all Jaeger-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." + "In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
} }
if t.Zipkin != nil { if t.Zipkin != nil {
incompatible = true incompatible = true
logger.Error().Msg("Zipkin Tracing backend has been removed in v3, please remove all Zipkin-related Tracing static configuration for Traefik to start." + logger.Error().Msg("Zipkin Tracing backend has been removed in v3, please remove all Zipkin-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." + "In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
} }
if t.Datadog != nil { if t.Datadog != nil {
incompatible = true incompatible = true
logger.Error().Msg("Datadog Tracing backend has been removed in v3, please remove all Datadog-related Tracing static configuration for Traefik to start." + logger.Error().Msg("Datadog Tracing backend has been removed in v3, please remove all Datadog-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." + "In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
} }
if t.Instana != nil { if t.Instana != nil {
incompatible = true incompatible = true
logger.Error().Msg("Instana Tracing backend has been removed in v3, please remove all Instana-related Tracing static configuration for Traefik to start." + logger.Error().Msg("Instana Tracing backend has been removed in v3, please remove all Instana-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." + "In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
} }
if t.Haystack != nil { if t.Haystack != nil {
incompatible = true incompatible = true
logger.Error().Msg("Haystack Tracing backend has been removed in v3, please remove all Haystack-related Tracing static configuration for Traefik to start." + logger.Error().Msg("Haystack Tracing backend has been removed in v3, please remove all Haystack-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." + "In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
} }
if t.Elastic != nil { if t.Elastic != nil {
incompatible = true incompatible = true
logger.Error().Msg("Elastic Tracing backend has been removed in v3, please remove all Elastic-related Tracing static configuration for Traefik to start." + logger.Error().Msg("Elastic Tracing backend has been removed in v3, please remove all Elastic-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." + "In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing") "For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
} }
return incompatible return incompatible

50
pkg/config/dynamic/middlewares.go
View file

@ -71,7 +71,7 @@ type ContentType struct {
// AddPrefix holds the add prefix middleware configuration. // AddPrefix holds the add prefix middleware configuration.
// This middleware updates the path of a request before forwarding it. // This middleware updates the path of a request before forwarding it.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
type AddPrefix struct { type AddPrefix struct {
// Prefix is the string to add before the current path in the requested URL. // Prefix is the string to add before the current path in the requested URL.
// It should include a leading slash (/). // It should include a leading slash (/).
@ -82,7 +82,7 @@ type AddPrefix struct {
// BasicAuth holds the basic auth middleware configuration. // BasicAuth holds the basic auth middleware configuration.
// This middleware restricts access to your services to known users. // This middleware restricts access to your services to known users.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
type BasicAuth struct { type BasicAuth struct {
// Users is an array of authorized users. // Users is an array of authorized users.
// Each user must be declared using the name:hashed-password format. // Each user must be declared using the name:hashed-password format.
@ -97,7 +97,7 @@ type BasicAuth struct {
// Default: false. // Default: false.
RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"` RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"`
// HeaderField defines a header field to store the authenticated user. // HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"` HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
} }
@ -105,7 +105,7 @@ type BasicAuth struct {
// Buffering holds the buffering middleware configuration. // Buffering holds the buffering middleware configuration.
// This middleware retries or limits the size of requests that can be forwarded to backends. // This middleware retries or limits the size of requests that can be forwarded to backends.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
type Buffering struct { type Buffering struct {
// MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes). // MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
// If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response. // If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
@ -123,7 +123,7 @@ type Buffering struct {
MemResponseBodyBytes int64 `json:"memResponseBodyBytes,omitempty" toml:"memResponseBodyBytes,omitempty" yaml:"memResponseBodyBytes,omitempty" export:"true"` MemResponseBodyBytes int64 `json:"memResponseBodyBytes,omitempty" toml:"memResponseBodyBytes,omitempty" yaml:"memResponseBodyBytes,omitempty" export:"true"`
// RetryExpression defines the retry conditions. // RetryExpression defines the retry conditions.
// It is a logical combination of functions with operators AND (&&) and OR (||). // It is a logical combination of functions with operators AND (&&) and OR (||).
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
RetryExpression string `json:"retryExpression,omitempty" toml:"retryExpression,omitempty" yaml:"retryExpression,omitempty" export:"true"` RetryExpression string `json:"retryExpression,omitempty" toml:"retryExpression,omitempty" yaml:"retryExpression,omitempty" export:"true"`
} }
@ -140,7 +140,7 @@ type Chain struct {
// CircuitBreaker holds the circuit breaker middleware configuration. // CircuitBreaker holds the circuit breaker middleware configuration.
// This middleware protects the system from stacking requests to unhealthy services, resulting in cascading failures. // This middleware protects the system from stacking requests to unhealthy services, resulting in cascading failures.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/circuitbreaker/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/circuitbreaker/
type CircuitBreaker struct { type CircuitBreaker struct {
// Expression defines the expression that, once matched, opens the circuit breaker and applies the fallback mechanism instead of calling the services. // Expression defines the expression that, once matched, opens the circuit breaker and applies the fallback mechanism instead of calling the services.
Expression string `json:"expression,omitempty" toml:"expression,omitempty" yaml:"expression,omitempty" export:"true"` Expression string `json:"expression,omitempty" toml:"expression,omitempty" yaml:"expression,omitempty" export:"true"`
@ -166,7 +166,7 @@ func (c *CircuitBreaker) SetDefaults() {
// Compress holds the compress middleware configuration. // Compress holds the compress middleware configuration.
// This middleware compresses responses before sending them to the client, using gzip compression. // This middleware compresses responses before sending them to the client, using gzip compression.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
type Compress struct { type Compress struct {
// ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing. // ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
// `application/grpc` is always excluded. // `application/grpc` is always excluded.
@ -184,7 +184,7 @@ type Compress struct {
// DigestAuth holds the digest auth middleware configuration. // DigestAuth holds the digest auth middleware configuration.
// This middleware restricts access to your services to known users. // This middleware restricts access to your services to known users.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
type DigestAuth struct { type DigestAuth struct {
// Users defines the authorized users. // Users defines the authorized users.
// Each user should be declared using the name:realm:encoded-password format. // Each user should be declared using the name:realm:encoded-password format.
@ -197,7 +197,7 @@ type DigestAuth struct {
// Default: traefik. // Default: traefik.
Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"` Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"`
// HeaderField defines a header field to store the authenticated user. // HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"` HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
} }
@ -223,7 +223,7 @@ type ErrorPage struct {
// ForwardAuth holds the forward auth middleware configuration. // ForwardAuth holds the forward auth middleware configuration.
// This middleware delegates the request authentication to a Service. // This middleware delegates the request authentication to a Service.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
type ForwardAuth struct { type ForwardAuth struct {
// Address defines the authentication server address. // Address defines the authentication server address.
Address string `json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"` Address string `json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"`
@ -234,7 +234,7 @@ type ForwardAuth struct {
// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers. // AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
AuthResponseHeaders []string `json:"authResponseHeaders,omitempty" toml:"authResponseHeaders,omitempty" yaml:"authResponseHeaders,omitempty" export:"true"` AuthResponseHeaders []string `json:"authResponseHeaders,omitempty" toml:"authResponseHeaders,omitempty" yaml:"authResponseHeaders,omitempty" export:"true"`
// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. // AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty" toml:"authResponseHeadersRegex,omitempty" yaml:"authResponseHeadersRegex,omitempty" export:"true"` AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty" toml:"authResponseHeadersRegex,omitempty" yaml:"authResponseHeadersRegex,omitempty" export:"true"`
// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server. // AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
// If not set or empty then all request headers are passed. // If not set or empty then all request headers are passed.
@ -261,7 +261,7 @@ type ClientTLS struct {
// Headers holds the headers middleware configuration. // Headers holds the headers middleware configuration.
// This middleware manages the requests and responses headers. // This middleware manages the requests and responses headers.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
type Headers struct { type Headers struct {
// CustomRequestHeaders defines the header names and values to apply to the request. // CustomRequestHeaders defines the header names and values to apply to the request.
CustomRequestHeaders map[string]string `json:"customRequestHeaders,omitempty" toml:"customRequestHeaders,omitempty" yaml:"customRequestHeaders,omitempty" export:"true"` CustomRequestHeaders map[string]string `json:"customRequestHeaders,omitempty" toml:"customRequestHeaders,omitempty" yaml:"customRequestHeaders,omitempty" export:"true"`
@ -390,7 +390,7 @@ func (h *Headers) HasSecureHeadersDefined() bool {
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. // IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
type IPStrategy struct { type IPStrategy struct {
// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). // Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"` Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
@ -431,7 +431,7 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
// IPWhiteList holds the IP whitelist middleware configuration. // IPWhiteList holds the IP whitelist middleware configuration.
// This middleware limits allowed requests based on the client IP. // This middleware limits allowed requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipwhitelist/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipwhitelist/
// Deprecated: please use IPAllowList instead. // Deprecated: please use IPAllowList instead.
type IPWhiteList struct { type IPWhiteList struct {
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). Required. // SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). Required.
@ -443,7 +443,7 @@ type IPWhiteList struct {
// IPAllowList holds the IP allowlist middleware configuration. // IPAllowList holds the IP allowlist middleware configuration.
// This middleware limits allowed requests based on the client IP. // This middleware limits allowed requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
type IPAllowList struct { type IPAllowList struct {
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). // SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"` SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
@ -457,7 +457,7 @@ type IPAllowList struct {
// InFlightReq holds the in-flight request middleware configuration. // InFlightReq holds the in-flight request middleware configuration.
// This middleware limits the number of requests being processed and served concurrently. // This middleware limits the number of requests being processed and served concurrently.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
type InFlightReq struct { type InFlightReq struct {
// Amount defines the maximum amount of allowed simultaneous in-flight request. // Amount defines the maximum amount of allowed simultaneous in-flight request.
// The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). // The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
@ -465,7 +465,7 @@ type InFlightReq struct {
// SourceCriterion defines what criterion is used to group requests as originating from a common source. // SourceCriterion defines what criterion is used to group requests as originating from a common source.
// If several strategies are defined at the same time, an error will be raised. // If several strategies are defined at the same time, an error will be raised.
// If none are set, the default is to use the requestHost. // If none are set, the default is to use the requestHost.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
SourceCriterion *SourceCriterion `json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true"` SourceCriterion *SourceCriterion `json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true"`
} }
@ -473,7 +473,7 @@ type InFlightReq struct {
// PassTLSClientCert holds the pass TLS client cert middleware configuration. // PassTLSClientCert holds the pass TLS client cert middleware configuration.
// This middleware adds the selected data from the passed client TLS certificate to a header. // This middleware adds the selected data from the passed client TLS certificate to a header.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
type PassTLSClientCert struct { type PassTLSClientCert struct {
// PEM sets the X-Forwarded-Tls-Client-Cert header with the certificate. // PEM sets the X-Forwarded-Tls-Client-Cert header with the certificate.
PEM bool `json:"pem,omitempty" toml:"pem,omitempty" yaml:"pem,omitempty" export:"true"` PEM bool `json:"pem,omitempty" toml:"pem,omitempty" yaml:"pem,omitempty" export:"true"`
@ -529,7 +529,7 @@ func (r *RateLimit) SetDefaults() {
// RedirectRegex holds the redirect regex middleware configuration. // RedirectRegex holds the redirect regex middleware configuration.
// This middleware redirects a request using regex matching and replacement. // This middleware redirects a request using regex matching and replacement.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
type RedirectRegex struct { type RedirectRegex struct {
// Regex defines the regex used to match and capture elements from the request URL. // Regex defines the regex used to match and capture elements from the request URL.
Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty"` Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty"`
@ -543,7 +543,7 @@ type RedirectRegex struct {
// RedirectScheme holds the redirect scheme middleware configuration. // RedirectScheme holds the redirect scheme middleware configuration.
// This middleware redirects requests from a scheme/port to another. // This middleware redirects requests from a scheme/port to another.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
type RedirectScheme struct { type RedirectScheme struct {
// Scheme defines the scheme of the new URL. // Scheme defines the scheme of the new URL.
Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"` Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
@ -557,7 +557,7 @@ type RedirectScheme struct {
// ReplacePath holds the replace path middleware configuration. // ReplacePath holds the replace path middleware configuration.
// This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. // This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
type ReplacePath struct { type ReplacePath struct {
// Path defines the path to use as replacement in the request URL. // Path defines the path to use as replacement in the request URL.
Path string `json:"path,omitempty" toml:"path,omitempty" yaml:"path,omitempty" export:"true"` Path string `json:"path,omitempty" toml:"path,omitempty" yaml:"path,omitempty" export:"true"`
@ -567,7 +567,7 @@ type ReplacePath struct {
// ReplacePathRegex holds the replace path regex middleware configuration. // ReplacePathRegex holds the replace path regex middleware configuration.
// This middleware replaces the path of a URL using regex matching and replacement. // This middleware replaces the path of a URL using regex matching and replacement.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
type ReplacePathRegex struct { type ReplacePathRegex struct {
// Regex defines the regular expression used to match and capture the path from the request URL. // Regex defines the regular expression used to match and capture the path from the request URL.
Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"` Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
@ -580,7 +580,7 @@ type ReplacePathRegex struct {
// Retry holds the retry middleware configuration. // Retry holds the retry middleware configuration.
// This middleware reissues requests a given number of times to a backend server if that server does not reply. // This middleware reissues requests a given number of times to a backend server if that server does not reply.
// As soon as the server answers, the middleware stops retrying, regardless of the response status. // As soon as the server answers, the middleware stops retrying, regardless of the response status.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
type Retry struct { type Retry struct {
// Attempts defines how many times the request should be retried. // Attempts defines how many times the request should be retried.
Attempts int `json:"attempts,omitempty" toml:"attempts,omitempty" yaml:"attempts,omitempty" export:"true"` Attempts int `json:"attempts,omitempty" toml:"attempts,omitempty" yaml:"attempts,omitempty" export:"true"`
@ -596,7 +596,7 @@ type Retry struct {
// StripPrefix holds the strip prefix middleware configuration. // StripPrefix holds the strip prefix middleware configuration.
// This middleware removes the specified prefixes from the URL path. // This middleware removes the specified prefixes from the URL path.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
type StripPrefix struct { type StripPrefix struct {
// Prefixes defines the prefixes to strip from the request URL. // Prefixes defines the prefixes to strip from the request URL.
Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"` Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"`
@ -611,7 +611,7 @@ type StripPrefix struct {
// StripPrefixRegex holds the strip prefix regex middleware configuration. // StripPrefixRegex holds the strip prefix regex middleware configuration.
// This middleware removes the matching prefixes from the URL path. // This middleware removes the matching prefixes from the URL path.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
type StripPrefixRegex struct { type StripPrefixRegex struct {
// Regex defines the regular expression to match the path prefix from the request URL. // Regex defines the regular expression to match the path prefix from the request URL.
Regex []string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"` Regex []string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`

2
pkg/config/dynamic/tcp_config.go
View file

@ -125,7 +125,7 @@ type TCPServer struct {
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// ProxyProtocol holds the PROXY Protocol configuration. // ProxyProtocol holds the PROXY Protocol configuration.
// More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol // More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
type ProxyProtocol struct { type ProxyProtocol struct {
// Version defines the PROXY Protocol version to use. // Version defines the PROXY Protocol version to use.
Version int `json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"` Version int `json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"`

4
pkg/config/dynamic/tcp_middlewares.go
View file

@ -15,7 +15,7 @@ type TCPMiddleware struct {
// TCPInFlightConn holds the TCP InFlightConn middleware configuration. // TCPInFlightConn holds the TCP InFlightConn middleware configuration.
// This middleware prevents services from being overwhelmed with high load, // This middleware prevents services from being overwhelmed with high load,
// by limiting the number of allowed simultaneous connections for one IP. // by limiting the number of allowed simultaneous connections for one IP.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/inflightconn/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/inflightconn/
type TCPInFlightConn struct { type TCPInFlightConn struct {
// Amount defines the maximum amount of allowed simultaneous connections. // Amount defines the maximum amount of allowed simultaneous connections.
// The middleware closes the connection if there are already amount connections opened. // The middleware closes the connection if there are already amount connections opened.
@ -35,7 +35,7 @@ type TCPIPWhiteList struct {
// TCPIPAllowList holds the TCP IPAllowList middleware configuration. // TCPIPAllowList holds the TCP IPAllowList middleware configuration.
// This middleware limits allowed requests based on the client IP. // This middleware limits allowed requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
type TCPIPAllowList struct { type TCPIPAllowList struct {
// SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation). // SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"` SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`

1
pkg/config/static/static_config.go
View file

@ -201,6 +201,7 @@ type Tracing struct {
GlobalAttributes map[string]string `description:"Defines additional attributes (key:value) on all spans." json:"globalAttributes,omitempty" toml:"globalAttributes,omitempty" yaml:"globalAttributes,omitempty" export:"true"` GlobalAttributes map[string]string `description:"Defines additional attributes (key:value) on all spans." json:"globalAttributes,omitempty" toml:"globalAttributes,omitempty" yaml:"globalAttributes,omitempty" export:"true"`
CapturedRequestHeaders []string `description:"Request headers to add as attributes for server and client spans." json:"capturedRequestHeaders,omitempty" toml:"capturedRequestHeaders,omitempty" yaml:"capturedRequestHeaders,omitempty" export:"true"` CapturedRequestHeaders []string `description:"Request headers to add as attributes for server and client spans." json:"capturedRequestHeaders,omitempty" toml:"capturedRequestHeaders,omitempty" yaml:"capturedRequestHeaders,omitempty" export:"true"`
CapturedResponseHeaders []string `description:"Response headers to add as attributes for server and client spans." json:"capturedResponseHeaders,omitempty" toml:"capturedResponseHeaders,omitempty" yaml:"capturedResponseHeaders,omitempty" export:"true"` CapturedResponseHeaders []string `description:"Response headers to add as attributes for server and client spans." json:"capturedResponseHeaders,omitempty" toml:"capturedResponseHeaders,omitempty" yaml:"capturedResponseHeaders,omitempty" export:"true"`
SafeQueryParams []string `description:"Query params to not redact." json:"safeQueryParams,omitempty" toml:"safeQueryParams,omitempty" yaml:"safeQueryParams,omitempty" export:"true"`
SampleRate float64 `description:"Sets the rate between 0.0 and 1.0 of requests to trace." json:"sampleRate,omitempty" toml:"sampleRate,omitempty" yaml:"sampleRate,omitempty" export:"true"` SampleRate float64 `description:"Sets the rate between 0.0 and 1.0 of requests to trace." json:"sampleRate,omitempty" toml:"sampleRate,omitempty" yaml:"sampleRate,omitempty" export:"true"`
AddInternals bool `description:"Enables tracing for internal services (ping, dashboard, etc...)." json:"addInternals,omitempty" toml:"addInternals,omitempty" yaml:"addInternals,omitempty" export:"true"` AddInternals bool `description:"Enables tracing for internal services (ping, dashboard, etc...)." json:"addInternals,omitempty" toml:"addInternals,omitempty" yaml:"addInternals,omitempty" export:"true"`

10
pkg/metrics/opentelemetry.go
View file

@ -20,7 +20,7 @@ import (
"go.opentelemetry.io/otel/metric" "go.opentelemetry.io/otel/metric"
sdkmetric "go.opentelemetry.io/otel/sdk/metric" sdkmetric "go.opentelemetry.io/otel/sdk/metric"
"go.opentelemetry.io/otel/sdk/resource" "go.opentelemetry.io/otel/sdk/resource"
semconv "go.opentelemetry.io/otel/semconv/v1.21.0" semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
"google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials"
"google.golang.org/grpc/encoding/gzip" "google.golang.org/grpc/encoding/gzip"
) )
@ -58,16 +58,16 @@ func NewSemConvMetricRegistry(ctx context.Context, config *types.OTLP) (*SemConv
meter := otel.Meter("github.com/traefik/traefik", meter := otel.Meter("github.com/traefik/traefik",
metric.WithInstrumentationVersion(version.Version)) metric.WithInstrumentationVersion(version.Version))
httpServerRequestDuration, err := meter.Float64Histogram("http.server.request.duration", httpServerRequestDuration, err := meter.Float64Histogram(semconv.HTTPServerRequestDurationName,
metric.WithDescription("Duration of HTTP server requests."), metric.WithDescription(semconv.HTTPServerRequestDurationDescription),
metric.WithUnit("s"), metric.WithUnit("s"),
metric.WithExplicitBucketBoundaries(config.ExplicitBoundaries...)) metric.WithExplicitBucketBoundaries(config.ExplicitBoundaries...))
if err != nil { if err != nil {
return nil, fmt.Errorf("can't build httpServerRequestDuration histogram: %w", err) return nil, fmt.Errorf("can't build httpServerRequestDuration histogram: %w", err)
} }
httpClientRequestDuration, err := meter.Float64Histogram("http.client.request.duration", httpClientRequestDuration, err := meter.Float64Histogram(semconv.HTTPClientRequestDurationName,
metric.WithDescription("Duration of HTTP client requests."), metric.WithDescription(semconv.HTTPClientRequestDurationDescription),
metric.WithUnit("s"), metric.WithUnit("s"),
metric.WithExplicitBucketBoundaries(config.ExplicitBoundaries...)) metric.WithExplicitBucketBoundaries(config.ExplicitBoundaries...))
if err != nil { if err != nil {

4
pkg/middlewares/auth/forward_test.go
View file

@ -513,7 +513,7 @@ func TestForwardAuthTracing(t *testing.T) {
attribute.String("url.scheme", "http"), attribute.String("url.scheme", "http"),
attribute.String("user_agent.original", ""), attribute.String("user_agent.original", ""),
attribute.String("network.peer.address", "127.0.0.1"), attribute.String("network.peer.address", "127.0.0.1"),
attribute.String("network.peer.port", serverPort), attribute.Int64("network.peer.port", int64(serverPortInt)),
attribute.String("server.address", "127.0.0.1"), attribute.String("server.address", "127.0.0.1"),
attribute.Int64("server.port", int64(serverPortInt)), attribute.Int64("server.port", int64(serverPortInt)),
attribute.StringSlice("http.request.header.x-foo", []string{"foo", "bar"}), attribute.StringSlice("http.request.header.x-foo", []string{"foo", "bar"}),
@ -546,7 +546,7 @@ func TestForwardAuthTracing(t *testing.T) {
otel.SetTextMapPropagator(autoprop.NewTextMapPropagator()) otel.SetTextMapPropagator(autoprop.NewTextMapPropagator())
mockTracer := &mockTracer{} mockTracer := &mockTracer{}
tracer := tracing.NewTracer(mockTracer, []string{"X-Foo"}, []string{"X-Bar"}) tracer := tracing.NewTracer(mockTracer, []string{"X-Foo"}, []string{"X-Bar"}, []string{"q"})
initialCtx, initialSpan := tracer.Start(req.Context(), "initial") initialCtx, initialSpan := tracer.Start(req.Context(), "initial")
defer initialSpan.End() defer initialSpan.End()
req = req.WithContext(initialCtx) req = req.WithContext(initialCtx)

6
pkg/middlewares/observability/entrypoint.go
View file

@ -14,7 +14,7 @@ import (
"github.com/traefik/traefik/v3/pkg/tracing" "github.com/traefik/traefik/v3/pkg/tracing"
"go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/attribute"
"go.opentelemetry.io/otel/metric" "go.opentelemetry.io/otel/metric"
semconv "go.opentelemetry.io/otel/semconv/v1.21.0" semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
"go.opentelemetry.io/otel/trace" "go.opentelemetry.io/otel/trace"
"go.opentelemetry.io/otel/trace/noop" "go.opentelemetry.io/otel/trace/noop"
) )
@ -35,7 +35,7 @@ type entryPointTracing struct {
func WrapEntryPointHandler(ctx context.Context, tracer *tracing.Tracer, semConvMetricRegistry *metrics.SemConvMetricsRegistry, entryPointName string) alice.Constructor { func WrapEntryPointHandler(ctx context.Context, tracer *tracing.Tracer, semConvMetricRegistry *metrics.SemConvMetricsRegistry, entryPointName string) alice.Constructor {
return func(next http.Handler) (http.Handler, error) { return func(next http.Handler) (http.Handler, error) {
if tracer == nil { if tracer == nil {
tracer = tracing.NewTracer(noop.Tracer{}, nil, nil) tracer = tracing.NewTracer(noop.Tracer{}, nil, nil, nil)
} }
return newEntryPoint(ctx, tracer, semConvMetricRegistry, entryPointName, next), nil return newEntryPoint(ctx, tracer, semConvMetricRegistry, entryPointName, next), nil
@ -47,7 +47,7 @@ func newEntryPoint(ctx context.Context, tracer *tracing.Tracer, semConvMetricReg
middlewares.GetLogger(ctx, "tracing", entryPointTypeName).Debug().Msg("Creating middleware") middlewares.GetLogger(ctx, "tracing", entryPointTypeName).Debug().Msg("Creating middleware")
if tracer == nil { if tracer == nil {
tracer = tracing.NewTracer(noop.Tracer{}, nil, nil) tracer = tracing.NewTracer(noop.Tracer{}, nil, nil, nil)
} }
return &entryPointTracing{ return &entryPointTracing{

9
pkg/middlewares/observability/entrypoint_test.go
View file

@ -42,15 +42,14 @@ func TestEntryPointMiddleware_tracing(t *testing.T) {
attribute.String("network.protocol.version", "1.1"), attribute.String("network.protocol.version", "1.1"),
attribute.Int64("http.request.body.size", int64(0)), attribute.Int64("http.request.body.size", int64(0)),
attribute.String("url.path", "/search"), attribute.String("url.path", "/search"),
attribute.String("url.query", "q=Opentelemetry"), attribute.String("url.query", "q=Opentelemetry&token=REDACTED"),
attribute.String("url.scheme", "http"), attribute.String("url.scheme", "http"),
attribute.String("user_agent.original", "entrypoint-test"), attribute.String("user_agent.original", "entrypoint-test"),
attribute.String("server.address", "www.test.com"), attribute.String("server.address", "www.test.com"),
attribute.String("network.peer.address", "10.0.0.1"), attribute.String("network.peer.address", "10.0.0.1"),
attribute.String("network.peer.port", "1234"),
attribute.String("client.address", "10.0.0.1"), attribute.String("client.address", "10.0.0.1"),
attribute.Int64("client.port", int64(1234)), attribute.Int64("client.port", int64(1234)),
attribute.String("client.socket.address", ""), attribute.Int64("network.peer.port", int64(1234)),
attribute.StringSlice("http.request.header.x-foo", []string{"foo", "bar"}), attribute.StringSlice("http.request.header.x-foo", []string{"foo", "bar"}),
attribute.Int64("http.response.status_code", int64(404)), attribute.Int64("http.response.status_code", int64(404)),
attribute.StringSlice("http.response.header.x-bar", []string{"foo", "bar"}), attribute.StringSlice("http.response.header.x-bar", []string{"foo", "bar"}),
@ -61,7 +60,7 @@ func TestEntryPointMiddleware_tracing(t *testing.T) {
for _, test := range testCases { for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) { t.Run(test.desc, func(t *testing.T) {
req := httptest.NewRequest(http.MethodGet, "http://www.test.com/search?q=Opentelemetry", nil) req := httptest.NewRequest(http.MethodGet, "http://www.test.com/search?q=Opentelemetry&token=123", nil)
rw := httptest.NewRecorder() rw := httptest.NewRecorder()
req.RemoteAddr = "10.0.0.1:1234" req.RemoteAddr = "10.0.0.1:1234"
req.Header.Set("User-Agent", "entrypoint-test") req.Header.Set("User-Agent", "entrypoint-test")
@ -77,7 +76,7 @@ func TestEntryPointMiddleware_tracing(t *testing.T) {
tracer := &mockTracer{} tracer := &mockTracer{}
handler := newEntryPoint(context.Background(), tracing.NewTracer(tracer, []string{"X-Foo"}, []string{"X-Bar"}), nil, test.entryPoint, next) handler := newEntryPoint(context.Background(), tracing.NewTracer(tracer, []string{"X-Foo"}, []string{"X-Bar"}, []string{"q"}), nil, test.entryPoint, next)
handler.ServeHTTP(rw, req) handler.ServeHTTP(rw, req)
for _, span := range tracer.spans { for _, span := range tracer.spans {

2
pkg/middlewares/observability/router.go
View file

@ -9,7 +9,7 @@ import (
"github.com/traefik/traefik/v3/pkg/middlewares" "github.com/traefik/traefik/v3/pkg/middlewares"
"github.com/traefik/traefik/v3/pkg/tracing" "github.com/traefik/traefik/v3/pkg/tracing"
"go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/attribute"
semconv "go.opentelemetry.io/otel/semconv/v1.21.0" semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
"go.opentelemetry.io/otel/trace" "go.opentelemetry.io/otel/trace"
) )

4
pkg/middlewares/retry/retry.go
View file

@ -16,7 +16,7 @@ import (
"github.com/traefik/traefik/v3/pkg/middlewares" "github.com/traefik/traefik/v3/pkg/middlewares"
"github.com/traefik/traefik/v3/pkg/tracing" "github.com/traefik/traefik/v3/pkg/tracing"
"go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/attribute"
semconv "go.opentelemetry.io/otel/semconv/v1.21.0" semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
"go.opentelemetry.io/otel/trace" "go.opentelemetry.io/otel/trace"
) )
@ -95,7 +95,7 @@ func (r *retry) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
currentSpan.SetAttributes(attribute.String("traefik.middleware.name", r.name)) currentSpan.SetAttributes(attribute.String("traefik.middleware.name", r.name))
// Only add the attribute "http.resend_count" defined by semantic conventions starting from second attempt. // Only add the attribute "http.resend_count" defined by semantic conventions starting from second attempt.
if attempts > 1 { if attempts > 1 {
currentSpan.SetAttributes(semconv.HTTPResendCount(attempts - 1)) currentSpan.SetAttributes(semconv.HTTPRequestResendCount(attempts - 1))
} }
req = req.WithContext(tracingCtx) req = req.WithContext(tracingCtx)

8
pkg/plugins/builder.go
View file

@ -52,7 +52,7 @@ func NewBuilder(client *Client, plugins map[string]Descriptor, localPlugins map[
switch manifest.Type { switch manifest.Type {
case typeMiddleware: case typeMiddleware:
middleware, err := newMiddlewareBuilder(logCtx, client.GoPath(), manifest, desc.ModuleName) middleware, err := newMiddlewareBuilder(logCtx, client.GoPath(), manifest, desc.ModuleName, desc.Settings)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -87,7 +87,7 @@ func NewBuilder(client *Client, plugins map[string]Descriptor, localPlugins map[
switch manifest.Type { switch manifest.Type {
case typeMiddleware: case typeMiddleware:
middleware, err := newMiddlewareBuilder(logCtx, localGoPath, manifest, desc.ModuleName) middleware, err := newMiddlewareBuilder(logCtx, localGoPath, manifest, desc.ModuleName, desc.Settings)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -128,7 +128,7 @@ func (b Builder) Build(pName string, config map[string]interface{}, middlewareNa
return nil, fmt.Errorf("unknown plugin type: %s", pName) return nil, fmt.Errorf("unknown plugin type: %s", pName)
} }
func newMiddlewareBuilder(ctx context.Context, goPath string, manifest *Manifest, moduleName string) (middlewareBuilder, error) { func newMiddlewareBuilder(ctx context.Context, goPath string, manifest *Manifest, moduleName string, settings Settings) (middlewareBuilder, error) {
switch manifest.Runtime { switch manifest.Runtime {
case runtimeWasm: case runtimeWasm:
wasmPath, err := getWasmPath(manifest) wasmPath, err := getWasmPath(manifest)
@ -136,7 +136,7 @@ func newMiddlewareBuilder(ctx context.Context, goPath string, manifest *Manifest
return nil, fmt.Errorf("wasm path: %w", err) return nil, fmt.Errorf("wasm path: %w", err)
} }
return newWasmMiddlewareBuilder(goPath, moduleName, wasmPath), nil return newWasmMiddlewareBuilder(goPath, moduleName, wasmPath, settings)
case runtimeYaegi, "": case runtimeYaegi, "":
i, err := newInterpreter(ctx, goPath, manifest.Import) i, err := newInterpreter(ctx, goPath, manifest.Import)

91
pkg/plugins/middlewarewasm.go
View file

@ -8,20 +8,38 @@ import (
"os" "os"
"path/filepath" "path/filepath"
"reflect" "reflect"
"strings"
"github.com/http-wasm/http-wasm-host-go/handler" "github.com/http-wasm/http-wasm-host-go/handler"
wasm "github.com/http-wasm/http-wasm-host-go/handler/nethttp" wasm "github.com/http-wasm/http-wasm-host-go/handler/nethttp"
"github.com/juliens/wasm-goexport/host"
"github.com/tetratelabs/wazero" "github.com/tetratelabs/wazero"
"github.com/traefik/traefik/v3/pkg/logs" "github.com/traefik/traefik/v3/pkg/logs"
"github.com/traefik/traefik/v3/pkg/middlewares" "github.com/traefik/traefik/v3/pkg/middlewares"
) )
type wasmMiddlewareBuilder struct { type wasmMiddlewareBuilder struct {
path string path string
cache wazero.CompilationCache
settings Settings
} }
func newWasmMiddlewareBuilder(goPath string, moduleName, wasmPath string) *wasmMiddlewareBuilder { func newWasmMiddlewareBuilder(goPath, moduleName, wasmPath string, settings Settings) (*wasmMiddlewareBuilder, error) {
return &wasmMiddlewareBuilder{path: filepath.Join(goPath, "src", moduleName, wasmPath)} ctx := context.Background()
path := filepath.Join(goPath, "src", moduleName, wasmPath)
cache := wazero.NewCompilationCache()
code, err := os.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("loading Wasm binary: %w", err)
}
rt := wazero.NewRuntimeWithConfig(ctx, wazero.NewRuntimeConfig().WithCompilationCache(cache))
if _, err = rt.CompileModule(ctx, code); err != nil {
return nil, fmt.Errorf("compiling guest module: %w", err)
}
return &wasmMiddlewareBuilder{path: path, cache: cache, settings: settings}, nil
} }
func (b wasmMiddlewareBuilder) newMiddleware(config map[string]interface{}, middlewareName string) (pluginMiddleware, error) { func (b wasmMiddlewareBuilder) newMiddleware(config map[string]interface{}, middlewareName string) (pluginMiddleware, error) {
@ -33,15 +51,64 @@ func (b wasmMiddlewareBuilder) newMiddleware(config map[string]interface{}, midd
} }
func (b wasmMiddlewareBuilder) newHandler(ctx context.Context, next http.Handler, cfg reflect.Value, middlewareName string) (http.Handler, error) { func (b wasmMiddlewareBuilder) newHandler(ctx context.Context, next http.Handler, cfg reflect.Value, middlewareName string) (http.Handler, error) {
h, applyCtx, err := b.buildMiddleware(ctx, next, cfg, middlewareName)
if err != nil {
return nil, fmt.Errorf("building Wasm middleware: %w", err)
}
return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
h.ServeHTTP(rw, req.WithContext(applyCtx(req.Context())))
}), nil
}
func (b *wasmMiddlewareBuilder) buildMiddleware(ctx context.Context, next http.Handler, cfg reflect.Value, middlewareName string) (http.Handler, func(ctx context.Context) context.Context, error) {
code, err := os.ReadFile(b.path) code, err := os.ReadFile(b.path)
if err != nil { if err != nil {
return nil, fmt.Errorf("loading Wasm binary: %w", err) return nil, nil, fmt.Errorf("loading binary: %w", err)
}
rt := host.NewRuntime(wazero.NewRuntimeWithConfig(ctx, wazero.NewRuntimeConfig().WithCompilationCache(b.cache)))
guestModule, err := rt.CompileModule(ctx, code)
if err != nil {
return nil, nil, fmt.Errorf("compiling guest module: %w", err)
}
applyCtx, err := InstantiateHost(ctx, rt, guestModule, b.settings)
if err != nil {
return nil, nil, fmt.Errorf("instantiating host module: %w", err)
} }
logger := middlewares.GetLogger(ctx, middlewareName, "wasm") logger := middlewares.GetLogger(ctx, middlewareName, "wasm")
config := wazero.NewModuleConfig().WithSysWalltime()
for _, env := range b.settings.Envs {
config.WithEnv(env, os.Getenv(env))
}
if len(b.settings.Mounts) > 0 {
fsConfig := wazero.NewFSConfig()
for _, mount := range b.settings.Mounts {
withDir := fsConfig.WithDirMount
prefix, readOnly := strings.CutSuffix(mount, ":ro")
if readOnly {
withDir = fsConfig.WithReadOnlyDirMount
}
parts := strings.Split(prefix, ":")
switch {
case len(parts) == 1:
withDir(parts[0], parts[0])
case len(parts) == 2:
withDir(parts[0], parts[1])
default:
return nil, nil, fmt.Errorf("invalid directory %q", mount)
}
}
config.WithFSConfig(fsConfig)
}
opts := []handler.Option{ opts := []handler.Option{
handler.ModuleConfig(wazero.NewModuleConfig().WithSysWalltime()), handler.ModuleConfig(config),
handler.Logger(logs.NewWasmLogger(logger)), handler.Logger(logs.NewWasmLogger(logger)),
} }
@ -49,23 +116,27 @@ func (b wasmMiddlewareBuilder) newHandler(ctx context.Context, next http.Handler
if i != nil { if i != nil {
config, ok := i.(map[string]interface{}) config, ok := i.(map[string]interface{})
if !ok { if !ok {
return nil, fmt.Errorf("could not type assert config: %T", i) return nil, nil, fmt.Errorf("could not type assert config: %T", i)
} }
data, err := json.Marshal(config) data, err := json.Marshal(config)
if err != nil { if err != nil {
return nil, fmt.Errorf("marshaling config: %w", err) return nil, nil, fmt.Errorf("marshaling config: %w", err)
} }
opts = append(opts, handler.GuestConfig(data)) opts = append(opts, handler.GuestConfig(data))
} }
mw, err := wasm.NewMiddleware(context.Background(), code, opts...) opts = append(opts, handler.Runtime(func(ctx context.Context) (wazero.Runtime, error) {
return rt, nil
}))
mw, err := wasm.NewMiddleware(applyCtx(ctx), code, opts...)
if err != nil { if err != nil {
return nil, err return nil, nil, fmt.Errorf("creating middleware: %w", err)
} }
return mw.NewHandler(ctx, next), nil return mw.NewHandler(ctx, next), applyCtx, nil
} }
// WasmMiddleware is an HTTP handler plugin wrapper. // WasmMiddleware is an HTTP handler plugin wrapper.

13
pkg/plugins/types.go
View file

@ -10,6 +10,11 @@ const (
typeProvider = "provider" typeProvider = "provider"
) )
type Settings struct {
Envs []string `description:"Environment variables to forward to the wasm guest." json:"envs,omitempty" toml:"envs,omitempty" yaml:"envs,omitempty"`
Mounts []string `description:"Directory to mount to the wasm guest." json:"mounts,omitempty" toml:"mounts,omitempty" yaml:"mounts,omitempty"`
}
// Descriptor The static part of a plugin configuration. // Descriptor The static part of a plugin configuration.
type Descriptor struct { type Descriptor struct {
// ModuleName (required) // ModuleName (required)
@ -17,12 +22,18 @@ type Descriptor struct {
// Version (required) // Version (required)
Version string `description:"plugin's version." json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"` Version string `description:"plugin's version." json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"`
// Settings (optional)
Settings Settings `description:"Plugin's settings (works only for wasm plugins)." json:"settings,omitempty" toml:"settings,omitempty" yaml:"settings,omitempty" export:"true"`
} }
// LocalDescriptor The static part of a local plugin configuration. // LocalDescriptor The static part of a local plugin configuration.
type LocalDescriptor struct { type LocalDescriptor struct {
// ModuleName (required) // ModuleName (required)
ModuleName string `description:"plugin's module name." json:"moduleName,omitempty" toml:"moduleName,omitempty" yaml:"moduleName,omitempty" export:"true"` ModuleName string `description:"Plugin's module name." json:"moduleName,omitempty" toml:"moduleName,omitempty" yaml:"moduleName,omitempty" export:"true"`
// Settings (optional)
Settings Settings `description:"Plugin's settings (works only for wasm plugins)." json:"settings,omitempty" toml:"settings,omitempty" yaml:"settings,omitempty" export:"true"`
} }
// Manifest The plugin manifest. // Manifest The plugin manifest.

59
pkg/plugins/wasip.go Normal file
View file

@ -0,0 +1,59 @@
//go:build !windows
package plugins
import (
"context"
"fmt"
"os"
"github.com/stealthrocket/wasi-go/imports"
wazergo_wasip1 "github.com/stealthrocket/wasi-go/imports/wasi_snapshot_preview1"
"github.com/stealthrocket/wazergo"
"github.com/tetratelabs/wazero"
wazero_wasip1 "github.com/tetratelabs/wazero/imports/wasi_snapshot_preview1"
)
type ContextApplier func(ctx context.Context) context.Context
// InstantiateHost instantiates the Host module according to the guest requirements (for now only SocketExtensions).
func InstantiateHost(ctx context.Context, runtime wazero.Runtime, mod wazero.CompiledModule, settings Settings) (ContextApplier, error) {
if extension := imports.DetectSocketsExtension(mod); extension != nil {
envs := []string{}
for _, env := range settings.Envs {
envs = append(envs, fmt.Sprintf("%s=%s", env, os.Getenv(env)))
}
builder := imports.NewBuilder().WithSocketsExtension("auto", mod)
if len(envs) > 0 {
builder.WithEnv(envs...)
}
if len(settings.Mounts) > 0 {
builder.WithDirs(settings.Mounts...)
}
ctx, sys, err := builder.Instantiate(ctx, runtime)
if err != nil {
return nil, err
}
inst, err := wazergo.Instantiate(ctx, runtime, wazergo_wasip1.NewHostModule(*extension), wazergo_wasip1.WithWASI(sys))
if err != nil {
return nil, fmt.Errorf("wazergo instantiation: %w", err)
}
return func(ctx context.Context) context.Context {
return wazergo.WithModuleInstance(ctx, inst)
}, nil
}
_, err := wazero_wasip1.Instantiate(ctx, runtime)
if err != nil {
return nil, fmt.Errorf("wazero instantiation: %w", err)
}
return func(ctx context.Context) context.Context {
return ctx
}, nil
}

18
pkg/plugins/wasip_windows.go Normal file
View file

@ -0,0 +1,18 @@
//go:build windows
package plugins
import (
"context"
"github.com/tetratelabs/wazero"
)
type ContextApplier func(ctx context.Context) context.Context
// InstantiateHost instantiates the Host module.
func InstantiateHost(ctx context.Context, runtime wazero.Runtime, mod wazero.CompiledModule, settings Settings) (ContextApplier, error) {
return func(ctx context.Context) context.Context {
return ctx
}, nil
}

30
pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go
View file

@ -13,75 +13,75 @@ type IngressRouteSpec struct {
Routes []Route `json:"routes"` Routes []Route `json:"routes"`
// EntryPoints defines the list of entry point names to bind to. // EntryPoints defines the list of entry point names to bind to.
// Entry points have to be configured in the static configuration. // Entry points have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ // More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
// Default: all. // Default: all.
EntryPoints []string `json:"entryPoints,omitempty"` EntryPoints []string `json:"entryPoints,omitempty"`
// TLS defines the TLS configuration. // TLS defines the TLS configuration.
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
TLS *TLS `json:"tls,omitempty"` TLS *TLS `json:"tls,omitempty"`
} }
// Route holds the HTTP route configuration. // Route holds the HTTP route configuration.
type Route struct { type Route struct {
// Match defines the router's rule. // Match defines the router's rule.
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
Match string `json:"match"` Match string `json:"match"`
// Kind defines the kind of the route. // Kind defines the kind of the route.
// Rule is the only supported kind. // Rule is the only supported kind.
// +kubebuilder:validation:Enum=Rule // +kubebuilder:validation:Enum=Rule
Kind string `json:"kind"` Kind string `json:"kind"`
// Priority defines the router's priority. // Priority defines the router's priority.
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
Priority int `json:"priority,omitempty"` Priority int `json:"priority,omitempty"`
// Syntax defines the router's rule syntax. // Syntax defines the router's rule syntax.
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
Syntax string `json:"syntax,omitempty"` Syntax string `json:"syntax,omitempty"`
// Services defines the list of Service. // Services defines the list of Service.
// It can contain any combination of TraefikService and/or reference to a Kubernetes Service. // It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
Services []Service `json:"services,omitempty"` Services []Service `json:"services,omitempty"`
// Middlewares defines the list of references to Middleware resources. // Middlewares defines the list of references to Middleware resources.
// More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware // More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
Middlewares []MiddlewareRef `json:"middlewares,omitempty"` Middlewares []MiddlewareRef `json:"middlewares,omitempty"`
} }
// TLS holds the TLS configuration. // TLS holds the TLS configuration.
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
type TLS struct { type TLS struct {
// SecretName is the name of the referenced Kubernetes Secret to specify the certificate details. // SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
SecretName string `json:"secretName,omitempty"` SecretName string `json:"secretName,omitempty"`
// Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. // Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
// If not defined, the `default` TLSOption is used. // If not defined, the `default` TLSOption is used.
// More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options // More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
Options *TLSOptionRef `json:"options,omitempty"` Options *TLSOptionRef `json:"options,omitempty"`
// Store defines the reference to the TLSStore, that will be used to store certificates. // Store defines the reference to the TLSStore, that will be used to store certificates.
// Please note that only `default` TLSStore can be used. // Please note that only `default` TLSStore can be used.
Store *TLSStoreRef `json:"store,omitempty"` Store *TLSStoreRef `json:"store,omitempty"`
// CertResolver defines the name of the certificate resolver to use. // CertResolver defines the name of the certificate resolver to use.
// Cert resolvers have to be configured in the static configuration. // Cert resolvers have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers // More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
CertResolver string `json:"certResolver,omitempty"` CertResolver string `json:"certResolver,omitempty"`
// Domains defines the list of domains that will be used to issue certificates. // Domains defines the list of domains that will be used to issue certificates.
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
Domains []types.Domain `json:"domains,omitempty"` Domains []types.Domain `json:"domains,omitempty"`
} }
// TLSOptionRef is a reference to a TLSOption resource. // TLSOptionRef is a reference to a TLSOption resource.
type TLSOptionRef struct { type TLSOptionRef struct {
// Name defines the name of the referenced TLSOption. // Name defines the name of the referenced TLSOption.
// More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption // More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
Name string `json:"name"` Name string `json:"name"`
// Namespace defines the namespace of the referenced TLSOption. // Namespace defines the namespace of the referenced TLSOption.
// More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption // More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
Namespace string `json:"namespace,omitempty"` Namespace string `json:"namespace,omitempty"`
} }
// TLSStoreRef is a reference to a TLSStore resource. // TLSStoreRef is a reference to a TLSStore resource.
type TLSStoreRef struct { type TLSStoreRef struct {
// Name defines the name of the referenced TLSStore. // Name defines the name of the referenced TLSStore.
// More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore // More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
Name string `json:"name"` Name string `json:"name"`
// Namespace defines the namespace of the referenced TLSStore. // Namespace defines the namespace of the referenced TLSStore.
// More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore // More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
Namespace string `json:"namespace,omitempty"` Namespace string `json:"namespace,omitempty"`
} }
@ -98,7 +98,7 @@ type LoadBalancerSpec struct {
// Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. // Namespace defines the namespace of the referenced Kubernetes Service or TraefikService.
Namespace string `json:"namespace,omitempty"` Namespace string `json:"namespace,omitempty"`
// Sticky defines the sticky sessions configuration. // Sticky defines the sticky sessions configuration.
// More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions // More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
Sticky *dynamic.Sticky `json:"sticky,omitempty"` Sticky *dynamic.Sticky `json:"sticky,omitempty"`
// Port defines the port of a Kubernetes Service. // Port defines the port of a Kubernetes Service.
// This can be a reference to a named port. // This can be a reference to a named port.

20
pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroutetcp.go
View file

@ -13,24 +13,24 @@ type IngressRouteTCPSpec struct {
Routes []RouteTCP `json:"routes"` Routes []RouteTCP `json:"routes"`
// EntryPoints defines the list of entry point names to bind to. // EntryPoints defines the list of entry point names to bind to.
// Entry points have to be configured in the static configuration. // Entry points have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ // More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
// Default: all. // Default: all.
EntryPoints []string `json:"entryPoints,omitempty"` EntryPoints []string `json:"entryPoints,omitempty"`
// TLS defines the TLS configuration on a layer 4 / TCP Route. // TLS defines the TLS configuration on a layer 4 / TCP Route.
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1 // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
TLS *TLSTCP `json:"tls,omitempty"` TLS *TLSTCP `json:"tls,omitempty"`
} }
// RouteTCP holds the TCP route configuration. // RouteTCP holds the TCP route configuration.
type RouteTCP struct { type RouteTCP struct {
// Match defines the router's rule. // Match defines the router's rule.
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1 // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
Match string `json:"match"` Match string `json:"match"`
// Priority defines the router's priority. // Priority defines the router's priority.
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1 // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
Priority int `json:"priority,omitempty"` Priority int `json:"priority,omitempty"`
// Syntax defines the router's rule syntax. // Syntax defines the router's rule syntax.
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1 // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
Syntax string `json:"syntax,omitempty"` Syntax string `json:"syntax,omitempty"`
// Services defines the list of TCP services. // Services defines the list of TCP services.
Services []ServiceTCP `json:"services,omitempty"` Services []ServiceTCP `json:"services,omitempty"`
@ -39,7 +39,7 @@ type RouteTCP struct {
} }
// TLSTCP holds the TLS configuration for an IngressRouteTCP. // TLSTCP holds the TLS configuration for an IngressRouteTCP.
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1 // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
type TLSTCP struct { type TLSTCP struct {
// SecretName is the name of the referenced Kubernetes Secret to specify the certificate details. // SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
SecretName string `json:"secretName,omitempty"` SecretName string `json:"secretName,omitempty"`
@ -47,17 +47,17 @@ type TLSTCP struct {
Passthrough bool `json:"passthrough,omitempty"` Passthrough bool `json:"passthrough,omitempty"`
// Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. // Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
// If not defined, the `default` TLSOption is used. // If not defined, the `default` TLSOption is used.
// More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options // More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
Options *ObjectReference `json:"options,omitempty"` Options *ObjectReference `json:"options,omitempty"`
// Store defines the reference to the TLSStore, that will be used to store certificates. // Store defines the reference to the TLSStore, that will be used to store certificates.
// Please note that only `default` TLSStore can be used. // Please note that only `default` TLSStore can be used.
Store *ObjectReference `json:"store,omitempty"` Store *ObjectReference `json:"store,omitempty"`
// CertResolver defines the name of the certificate resolver to use. // CertResolver defines the name of the certificate resolver to use.
// Cert resolvers have to be configured in the static configuration. // Cert resolvers have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers // More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
CertResolver string `json:"certResolver,omitempty"` CertResolver string `json:"certResolver,omitempty"`
// Domains defines the list of domains that will be used to issue certificates. // Domains defines the list of domains that will be used to issue certificates.
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains // More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
Domains []types.Domain `json:"domains,omitempty"` Domains []types.Domain `json:"domains,omitempty"`
} }
@ -80,7 +80,7 @@ type ServiceTCP struct {
// Deprecated: TerminationDelay is not supported APIVersion traefik.io/v1, please use ServersTransport to configure the TerminationDelay instead. // Deprecated: TerminationDelay is not supported APIVersion traefik.io/v1, please use ServersTransport to configure the TerminationDelay instead.
TerminationDelay *int `json:"terminationDelay,omitempty"` TerminationDelay *int `json:"terminationDelay,omitempty"`
// ProxyProtocol defines the PROXY protocol configuration. // ProxyProtocol defines the PROXY protocol configuration.
// More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol // More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
ProxyProtocol *dynamic.ProxyProtocol `json:"proxyProtocol,omitempty"` ProxyProtocol *dynamic.ProxyProtocol `json:"proxyProtocol,omitempty"`
// ServersTransport defines the name of ServersTransportTCP resource to use. // ServersTransport defines the name of ServersTransportTCP resource to use.
// It allows to configure the transport between Traefik and your servers. // It allows to configure the transport between Traefik and your servers.

2
pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressrouteudp.go
View file

@ -11,7 +11,7 @@ type IngressRouteUDPSpec struct {
Routes []RouteUDP `json:"routes"` Routes []RouteUDP `json:"routes"`
// EntryPoints defines the list of entry point names to bind to. // EntryPoints defines the list of entry point names to bind to.
// Entry points have to be configured in the static configuration. // Entry points have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ // More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
// Default: all. // Default: all.
EntryPoints []string `json:"entryPoints,omitempty"` EntryPoints []string `json:"entryPoints,omitempty"`
} }

24
pkg/provider/kubernetes/crd/traefikio/v1alpha1/middleware.go
View file

@ -12,7 +12,7 @@ import (
// +kubebuilder:storageversion // +kubebuilder:storageversion
// Middleware is the CRD implementation of a Traefik Middleware. // Middleware is the CRD implementation of a Traefik Middleware.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
type Middleware struct { type Middleware struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
// Standard object's metadata. // Standard object's metadata.
@ -60,7 +60,7 @@ type MiddlewareSpec struct {
// ErrorPage holds the custom error middleware configuration. // ErrorPage holds the custom error middleware configuration.
// This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. // This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
type ErrorPage struct { type ErrorPage struct {
// Status defines which status or range of statuses should result in an error page. // Status defines which status or range of statuses should result in an error page.
// It can be either a status code as a number (500), // It can be either a status code as a number (500),
@ -69,7 +69,7 @@ type ErrorPage struct {
// or a combination of the two (404,418,500-599). // or a combination of the two (404,418,500-599).
Status []string `json:"status,omitempty"` Status []string `json:"status,omitempty"`
// Service defines the reference to a Kubernetes Service that will serve the error page. // Service defines the reference to a Kubernetes Service that will serve the error page.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
Service Service `json:"service,omitempty"` Service Service `json:"service,omitempty"`
// Query defines the URL for the error page (hosted by service). // Query defines the URL for the error page (hosted by service).
// The {status} variable can be used in order to insert the status code in the URL. // The {status} variable can be used in order to insert the status code in the URL.
@ -96,7 +96,7 @@ type CircuitBreaker struct {
// Chain holds the configuration of the chain middleware. // Chain holds the configuration of the chain middleware.
// This middleware enables to define reusable combinations of other pieces of middleware. // This middleware enables to define reusable combinations of other pieces of middleware.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
type Chain struct { type Chain struct {
// Middlewares is the list of MiddlewareRef which composes the chain. // Middlewares is the list of MiddlewareRef which composes the chain.
Middlewares []MiddlewareRef `json:"middlewares,omitempty"` Middlewares []MiddlewareRef `json:"middlewares,omitempty"`
@ -106,7 +106,7 @@ type Chain struct {
// BasicAuth holds the basic auth middleware configuration. // BasicAuth holds the basic auth middleware configuration.
// This middleware restricts access to your services to known users. // This middleware restricts access to your services to known users.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
type BasicAuth struct { type BasicAuth struct {
// Secret is the name of the referenced Kubernetes Secret containing user credentials. // Secret is the name of the referenced Kubernetes Secret containing user credentials.
Secret string `json:"secret,omitempty"` Secret string `json:"secret,omitempty"`
@ -117,7 +117,7 @@ type BasicAuth struct {
// Default: false. // Default: false.
RemoveHeader bool `json:"removeHeader,omitempty"` RemoveHeader bool `json:"removeHeader,omitempty"`
// HeaderField defines a header field to store the authenticated user. // HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
HeaderField string `json:"headerField,omitempty"` HeaderField string `json:"headerField,omitempty"`
} }
@ -125,7 +125,7 @@ type BasicAuth struct {
// DigestAuth holds the digest auth middleware configuration. // DigestAuth holds the digest auth middleware configuration.
// This middleware restricts access to your services to known users. // This middleware restricts access to your services to known users.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
type DigestAuth struct { type DigestAuth struct {
// Secret is the name of the referenced Kubernetes Secret containing user credentials. // Secret is the name of the referenced Kubernetes Secret containing user credentials.
Secret string `json:"secret,omitempty"` Secret string `json:"secret,omitempty"`
@ -135,7 +135,7 @@ type DigestAuth struct {
// Default: traefik. // Default: traefik.
Realm string `json:"realm,omitempty"` Realm string `json:"realm,omitempty"`
// HeaderField defines a header field to store the authenticated user. // HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
HeaderField string `json:"headerField,omitempty"` HeaderField string `json:"headerField,omitempty"`
} }
@ -143,7 +143,7 @@ type DigestAuth struct {
// ForwardAuth holds the forward auth middleware configuration. // ForwardAuth holds the forward auth middleware configuration.
// This middleware delegates the request authentication to a Service. // This middleware delegates the request authentication to a Service.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
type ForwardAuth struct { type ForwardAuth struct {
// Address defines the authentication server address. // Address defines the authentication server address.
Address string `json:"address,omitempty"` Address string `json:"address,omitempty"`
@ -152,7 +152,7 @@ type ForwardAuth struct {
// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers. // AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
AuthResponseHeaders []string `json:"authResponseHeaders,omitempty"` AuthResponseHeaders []string `json:"authResponseHeaders,omitempty"`
// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. // AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty"` AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty"`
// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server. // AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
// If not set or empty then all request headers are passed. // If not set or empty then all request headers are passed.
@ -182,7 +182,7 @@ type ClientTLS struct {
// RateLimit holds the rate limit configuration. // RateLimit holds the rate limit configuration.
// This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. // This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
type RateLimit struct { type RateLimit struct {
// Average is the maximum rate, by default in requests/s, allowed for the given source. // Average is the maximum rate, by default in requests/s, allowed for the given source.
// It defaults to 0, which means no rate limiting. // It defaults to 0, which means no rate limiting.
@ -206,7 +206,7 @@ type RateLimit struct {
// Retry holds the retry middleware configuration. // Retry holds the retry middleware configuration.
// This middleware reissues requests a given number of times to a backend server if that server does not reply. // This middleware reissues requests a given number of times to a backend server if that server does not reply.
// As soon as the server answers, the middleware stops retrying, regardless of the response status. // As soon as the server answers, the middleware stops retrying, regardless of the response status.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
type Retry struct { type Retry struct {
// Attempts defines how many times the request should be retried. // Attempts defines how many times the request should be retried.
Attempts int `json:"attempts,omitempty"` Attempts int `json:"attempts,omitempty"`

6
pkg/provider/kubernetes/crd/traefikio/v1alpha1/middlewaretcp.go
View file

@ -9,7 +9,7 @@ import (
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. // MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
type MiddlewareTCP struct { type MiddlewareTCP struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
// Standard object's metadata. // Standard object's metadata.
@ -28,11 +28,11 @@ type MiddlewareTCPSpec struct {
// IPWhiteList defines the IPWhiteList middleware configuration. // IPWhiteList defines the IPWhiteList middleware configuration.
// This middleware accepts/refuses connections based on the client IP. // This middleware accepts/refuses connections based on the client IP.
// Deprecated: please use IPAllowList instead. // Deprecated: please use IPAllowList instead.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"` IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"`
// IPAllowList defines the IPAllowList middleware configuration. // IPAllowList defines the IPAllowList middleware configuration.
// This middleware accepts/refuses connections based on the client IP. // This middleware accepts/refuses connections based on the client IP.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/ // More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
IPAllowList *dynamic.TCPIPAllowList `json:"ipAllowList,omitempty"` IPAllowList *dynamic.TCPIPAllowList `json:"ipAllowList,omitempty"`
} }

2
pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go
View file

@ -13,7 +13,7 @@ import (
// ServersTransport is the CRD implementation of a ServersTransport. // ServersTransport is the CRD implementation of a ServersTransport.
// If no serversTransport is specified, the default@internal will be used. // If no serversTransport is specified, the default@internal will be used.
// The default@internal serversTransport is created from the static configuration. // The default@internal serversTransport is created from the static configuration.
// More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1 // More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
type ServersTransport struct { type ServersTransport struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
// Standard object's metadata. // Standard object's metadata.

2
pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransporttcp.go
View file

@ -13,7 +13,7 @@ import (
// ServersTransportTCP is the CRD implementation of a TCPServersTransport. // ServersTransportTCP is the CRD implementation of a TCPServersTransport.
// If no tcpServersTransport is specified, a default one named default@internal will be used. // If no tcpServersTransport is specified, a default one named default@internal will be used.
// The default@internal tcpServersTransport can be configured in the static configuration. // The default@internal tcpServersTransport can be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3 // More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
type ServersTransportTCP struct { type ServersTransportTCP struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
// Standard object's metadata. // Standard object's metadata.

8
pkg/provider/kubernetes/crd/traefikio/v1alpha1/service.go
View file

@ -13,7 +13,7 @@ import (
// TraefikService object allows to: // TraefikService object allows to:
// - Apply weight to Services on load-balancing // - Apply weight to Services on load-balancing
// - Mirror traffic on services // - Mirror traffic on services
// More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice // More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
type TraefikService struct { type TraefikService struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
// Standard object's metadata. // Standard object's metadata.
@ -49,7 +49,7 @@ type TraefikServiceSpec struct {
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// Mirroring holds the mirroring service configuration. // Mirroring holds the mirroring service configuration.
// More info: https://doc.traefik.io/traefik/v3.0/routing/services/#mirroring-service // More info: https://doc.traefik.io/traefik/v3.1/routing/services/#mirroring-service
type Mirroring struct { type Mirroring struct {
LoadBalancerSpec `json:",inline"` LoadBalancerSpec `json:",inline"`
@ -75,11 +75,11 @@ type MirrorService struct {
// +k8s:deepcopy-gen=true // +k8s:deepcopy-gen=true
// WeightedRoundRobin holds the weighted round-robin configuration. // WeightedRoundRobin holds the weighted round-robin configuration.
// More info: https://doc.traefik.io/traefik/v3.0/routing/services/#weighted-round-robin-service // More info: https://doc.traefik.io/traefik/v3.1/routing/services/#weighted-round-robin-service
type WeightedRoundRobin struct { type WeightedRoundRobin struct {
// Services defines the list of Kubernetes Service and/or TraefikService to load-balance, with weight. // Services defines the list of Kubernetes Service and/or TraefikService to load-balance, with weight.
Services []Service `json:"services,omitempty"` Services []Service `json:"services,omitempty"`
// Sticky defines whether sticky sessions are enabled. // Sticky defines whether sticky sessions are enabled.
// More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing // More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
Sticky *dynamic.Sticky `json:"sticky,omitempty"` Sticky *dynamic.Sticky `json:"sticky,omitempty"`
} }

8
pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsoption.go
View file

@ -9,7 +9,7 @@ import (
// +kubebuilder:storageversion // +kubebuilder:storageversion
// TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. // TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
// More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options // More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
type TLSOption struct { type TLSOption struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
// Standard object's metadata. // Standard object's metadata.
@ -32,17 +32,17 @@ type TLSOptionSpec struct {
// Default: None. // Default: None.
MaxVersion string `json:"maxVersion,omitempty"` MaxVersion string `json:"maxVersion,omitempty"`
// CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. // CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
// More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites // More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
CipherSuites []string `json:"cipherSuites,omitempty"` CipherSuites []string `json:"cipherSuites,omitempty"`
// CurvePreferences defines the preferred elliptic curves in a specific order. // CurvePreferences defines the preferred elliptic curves in a specific order.
// More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences // More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
CurvePreferences []string `json:"curvePreferences,omitempty"` CurvePreferences []string `json:"curvePreferences,omitempty"`
// ClientAuth defines the server's policy for TLS Client Authentication. // ClientAuth defines the server's policy for TLS Client Authentication.
ClientAuth ClientAuth `json:"clientAuth,omitempty"` ClientAuth ClientAuth `json:"clientAuth,omitempty"`
// SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension. // SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
SniStrict bool `json:"sniStrict,omitempty"` SniStrict bool `json:"sniStrict,omitempty"`
// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. // ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
// More info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols // More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
ALPNProtocols []string `json:"alpnProtocols,omitempty"` ALPNProtocols []string `json:"alpnProtocols,omitempty"`
// PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's. // PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.

2
pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsstore.go
View file

@ -12,7 +12,7 @@ import (
// TLSStore is the CRD implementation of a Traefik TLS Store. // TLSStore is the CRD implementation of a Traefik TLS Store.
// For the time being, only the TLSStore named default is supported. // For the time being, only the TLSStore named default is supported.
// This means that you cannot have two stores that are named default in different Kubernetes namespaces. // This means that you cannot have two stores that are named default in different Kubernetes namespaces.
// More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores // More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
type TLSStore struct { type TLSStore struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
// Standard object's metadata. // Standard object's metadata.

16
pkg/redactor/redactor_config_test.go
View file

@ -907,18 +907,34 @@ func TestDo_staticConfiguration(t *testing.T) {
"Descriptor0": { "Descriptor0": {
ModuleName: "foobar", ModuleName: "foobar",
Version: "foobar", Version: "foobar",
Settings: plugins.Settings{
Envs: []string{"a", "b"},
Mounts: []string{"a", "b"},
},
}, },
"Descriptor1": { "Descriptor1": {
ModuleName: "foobar", ModuleName: "foobar",
Version: "foobar", Version: "foobar",
Settings: plugins.Settings{
Envs: []string{"a", "b"},
Mounts: []string{"a", "b"},
},
}, },
}, },
LocalPlugins: map[string]plugins.LocalDescriptor{ LocalPlugins: map[string]plugins.LocalDescriptor{
"Descriptor0": { "Descriptor0": {
ModuleName: "foobar", ModuleName: "foobar",
Settings: plugins.Settings{
Envs: []string{"a", "b"},
Mounts: []string{"a", "b"},
},
}, },
"Descriptor1": { "Descriptor1": {
ModuleName: "foobar", ModuleName: "foobar",
Settings: plugins.Settings{
Envs: []string{"a", "b"},
Mounts: []string{"a", "b"},
},
}, },
}, },
} }

48
pkg/redactor/testdata/anonymized-static-config.json vendored
View file

@ -388,19 +388,59 @@
"plugins": { "plugins": {
"Descriptor0": { "Descriptor0": {
"moduleName": "foobar", "moduleName": "foobar",
"version": "foobar" "version": "foobar",
"settings": {
"envs": [
"xxxx",
"xxxx"
],
"mounts": [
"xxxx",
"xxxx"
]
}
}, },
"Descriptor1": { "Descriptor1": {
"moduleName": "foobar", "moduleName": "foobar",
"version": "foobar" "version": "foobar",
"settings": {
"envs": [
"xxxx",
"xxxx"
],
"mounts": [
"xxxx",
"xxxx"
]
}
} }
}, },
"localPlugins": { "localPlugins": {
"Descriptor0": { "Descriptor0": {
"moduleName": "foobar" "moduleName": "foobar",
"settings": {
"envs": [
"xxxx",
"xxxx"
],
"mounts": [
"xxxx",
"xxxx"
]
}
}, },
"Descriptor1": { "Descriptor1": {
"moduleName": "foobar" "moduleName": "foobar",
"settings": {
"envs": [
"xxxx",
"xxxx"
],
"mounts": [
"xxxx",
"xxxx"
]
}
} }
} }
} }

48
pkg/server/server_entrypoint_tcp.go
View file

@ -48,8 +48,15 @@ const (
var ( var (
clientConnectionStates = map[string]*connState{} clientConnectionStates = map[string]*connState{}
clientConnectionStatesMu = sync.RWMutex{} clientConnectionStatesMu = sync.RWMutex{}
socketActivationListeners map[string]net.Listener
) )
func init() {
// Populates pre-defined socketActivationListeners by socket activation.
populateSocketActivationListeners()
}
type connState struct { type connState struct {
State string State string
KeepAliveState string KeepAliveState string
@ -96,6 +103,7 @@ func NewTCPEntryPoints(entryPointsConfig static.EntryPoints, hostResolverConfig
return clientConnectionStates return clientConnectionStates
})) }))
} }
serverEntryPointsTCP := make(TCPEntryPoints) serverEntryPointsTCP := make(TCPEntryPoints)
for entryPointName, config := range entryPointsConfig { for entryPointName, config := range entryPointsConfig {
protocol, err := config.GetProtocol() protocol, err := config.GetProtocol()
@ -113,7 +121,7 @@ func NewTCPEntryPoints(entryPointsConfig static.EntryPoints, hostResolverConfig
OpenConnectionsGauge(). OpenConnectionsGauge().
With("entrypoint", entryPointName, "protocol", "TCP") With("entrypoint", entryPointName, "protocol", "TCP")
serverEntryPointsTCP[entryPointName], err = NewTCPEntryPoint(ctx, config, hostResolverConfig, openConnectionsGauge) serverEntryPointsTCP[entryPointName], err = NewTCPEntryPoint(ctx, entryPointName, config, hostResolverConfig, openConnectionsGauge)
if err != nil { if err != nil {
return nil, fmt.Errorf("error while building entryPoint %s: %w", entryPointName, err) return nil, fmt.Errorf("error while building entryPoint %s: %w", entryPointName, err)
} }
@ -169,10 +177,10 @@ type TCPEntryPoint struct {
} }
// NewTCPEntryPoint creates a new TCPEntryPoint. // NewTCPEntryPoint creates a new TCPEntryPoint.
func NewTCPEntryPoint(ctx context.Context, configuration *static.EntryPoint, hostResolverConfig *types.HostResolverConfig, openConnectionsGauge gokitmetrics.Gauge) (*TCPEntryPoint, error) { func NewTCPEntryPoint(ctx context.Context, name string, config *static.EntryPoint, hostResolverConfig *types.HostResolverConfig, openConnectionsGauge gokitmetrics.Gauge) (*TCPEntryPoint, error) {
tracker := newConnectionTracker(openConnectionsGauge) tracker := newConnectionTracker(openConnectionsGauge)
listener, err := buildListener(ctx, configuration) listener, err := buildListener(ctx, name, config)
if err != nil { if err != nil {
return nil, fmt.Errorf("error preparing server: %w", err) return nil, fmt.Errorf("error preparing server: %w", err)
} }
@ -181,19 +189,19 @@ func NewTCPEntryPoint(ctx context.Context, configuration *static.EntryPoint, hos
reqDecorator := requestdecorator.New(hostResolverConfig) reqDecorator := requestdecorator.New(hostResolverConfig)
httpServer, err := createHTTPServer(ctx, listener, configuration, true, reqDecorator) httpServer, err := createHTTPServer(ctx, listener, config, true, reqDecorator)
if err != nil { if err != nil {
return nil, fmt.Errorf("error preparing http server: %w", err) return nil, fmt.Errorf("error preparing http server: %w", err)
} }
rt.SetHTTPForwarder(httpServer.Forwarder) rt.SetHTTPForwarder(httpServer.Forwarder)
httpsServer, err := createHTTPServer(ctx, listener, configuration, false, reqDecorator) httpsServer, err := createHTTPServer(ctx, listener, config, false, reqDecorator)
if err != nil { if err != nil {
return nil, fmt.Errorf("error preparing https server: %w", err) return nil, fmt.Errorf("error preparing https server: %w", err)
} }
h3Server, err := newHTTP3Server(ctx, configuration, httpsServer) h3Server, err := newHTTP3Server(ctx, config, httpsServer)
if err != nil { if err != nil {
return nil, fmt.Errorf("error preparing http3 server: %w", err) return nil, fmt.Errorf("error preparing http3 server: %w", err)
} }
@ -206,7 +214,7 @@ func NewTCPEntryPoint(ctx context.Context, configuration *static.EntryPoint, hos
return &TCPEntryPoint{ return &TCPEntryPoint{
listener: listener, listener: listener,
switcher: tcpSwitcher, switcher: tcpSwitcher,
transportConfiguration: configuration.Transport, transportConfiguration: config.Transport,
tracker: tracker, tracker: tracker,
httpServer: httpServer, httpServer: httpServer,
httpsServer: httpsServer, httpsServer: httpsServer,
@ -460,17 +468,29 @@ func buildProxyProtocolListener(ctx context.Context, entryPoint *static.EntryPoi
return proxyListener, nil return proxyListener, nil
} }
func buildListener(ctx context.Context, entryPoint *static.EntryPoint) (net.Listener, error) { func buildListener(ctx context.Context, name string, config *static.EntryPoint) (net.Listener, error) {
listenConfig := newListenConfig(entryPoint) var listener net.Listener
listener, err := listenConfig.Listen(ctx, "tcp", entryPoint.GetAddress()) var err error
if err != nil {
return nil, fmt.Errorf("error opening listener: %w", err) // if we have predefined listener from socket activation
if ln, ok := socketActivationListeners[name]; ok {
listener = ln
} else {
if len(socketActivationListeners) > 0 {
log.Warn().Str("name", name).Msg("Unable to find socket activation listener for entryPoint")
}
listenConfig := newListenConfig(config)
listener, err = listenConfig.Listen(ctx, "tcp", config.GetAddress())
if err != nil {
return nil, fmt.Errorf("error opening listener: %w", err)
}
} }
listener = tcpKeepAliveListener{listener.(*net.TCPListener)} listener = tcpKeepAliveListener{listener.(*net.TCPListener)}
if entryPoint.ProxyProtocol != nil { if config.ProxyProtocol != nil {
listener, err = buildProxyProtocolListener(ctx, entryPoint, listener) listener, err = buildProxyProtocolListener(ctx, config, listener)
if err != nil { if err != nil {
return nil, fmt.Errorf("error creating proxy protocol listener: %w", err) return nil, fmt.Errorf("error creating proxy protocol listener: %w", err)
} }

2
pkg/server/server_entrypoint_tcp_http3_test.go
View file

@ -85,7 +85,7 @@ func TestHTTP3AdvertisedPort(t *testing.T) {
epConfig := &static.EntryPointsTransport{} epConfig := &static.EntryPointsTransport{}
epConfig.SetDefaults() epConfig.SetDefaults()
entryPoint, err := NewTCPEntryPoint(context.Background(), &static.EntryPoint{ entryPoint, err := NewTCPEntryPoint(context.Background(), "", &static.EntryPoint{
Address: "127.0.0.1:8090", Address: "127.0.0.1:8090",
Transport: epConfig, Transport: epConfig,
ForwardedHeaders: &static.ForwardedHeaders{}, ForwardedHeaders: &static.ForwardedHeaders{},

10
pkg/server/server_entrypoint_tcp_test.go
View file

@ -72,7 +72,7 @@ func testShutdown(t *testing.T, router *tcprouter.Router) {
epConfig.RespondingTimeouts.ReadTimeout = ptypes.Duration(5 * time.Second) epConfig.RespondingTimeouts.ReadTimeout = ptypes.Duration(5 * time.Second)
epConfig.RespondingTimeouts.WriteTimeout = ptypes.Duration(5 * time.Second) epConfig.RespondingTimeouts.WriteTimeout = ptypes.Duration(5 * time.Second)
entryPoint, err := NewTCPEntryPoint(context.Background(), &static.EntryPoint{ entryPoint, err := NewTCPEntryPoint(context.Background(), "", &static.EntryPoint{
// We explicitly use an IPV4 address because on Alpine, with an IPV6 address // We explicitly use an IPV4 address because on Alpine, with an IPV6 address
// there seems to be shenanigans related to properly cleaning up file descriptors // there seems to be shenanigans related to properly cleaning up file descriptors
Address: "127.0.0.1:0", Address: "127.0.0.1:0",
@ -159,7 +159,7 @@ func TestReadTimeoutWithoutFirstByte(t *testing.T) {
epConfig.SetDefaults() epConfig.SetDefaults()
epConfig.RespondingTimeouts.ReadTimeout = ptypes.Duration(2 * time.Second) epConfig.RespondingTimeouts.ReadTimeout = ptypes.Duration(2 * time.Second)
entryPoint, err := NewTCPEntryPoint(context.Background(), &static.EntryPoint{ entryPoint, err := NewTCPEntryPoint(context.Background(), "", &static.EntryPoint{
Address: ":0", Address: ":0",
Transport: epConfig, Transport: epConfig,
ForwardedHeaders: &static.ForwardedHeaders{}, ForwardedHeaders: &static.ForwardedHeaders{},
@ -196,7 +196,7 @@ func TestReadTimeoutWithFirstByte(t *testing.T) {
epConfig.SetDefaults() epConfig.SetDefaults()
epConfig.RespondingTimeouts.ReadTimeout = ptypes.Duration(2 * time.Second) epConfig.RespondingTimeouts.ReadTimeout = ptypes.Duration(2 * time.Second)
entryPoint, err := NewTCPEntryPoint(context.Background(), &static.EntryPoint{ entryPoint, err := NewTCPEntryPoint(context.Background(), "", &static.EntryPoint{
Address: ":0", Address: ":0",
Transport: epConfig, Transport: epConfig,
ForwardedHeaders: &static.ForwardedHeaders{}, ForwardedHeaders: &static.ForwardedHeaders{},
@ -236,7 +236,7 @@ func TestKeepAliveMaxRequests(t *testing.T) {
epConfig.SetDefaults() epConfig.SetDefaults()
epConfig.KeepAliveMaxRequests = 3 epConfig.KeepAliveMaxRequests = 3
entryPoint, err := NewTCPEntryPoint(context.Background(), &static.EntryPoint{ entryPoint, err := NewTCPEntryPoint(context.Background(), "", &static.EntryPoint{
Address: ":0", Address: ":0",
Transport: epConfig, Transport: epConfig,
ForwardedHeaders: &static.ForwardedHeaders{}, ForwardedHeaders: &static.ForwardedHeaders{},
@ -282,7 +282,7 @@ func TestKeepAliveMaxTime(t *testing.T) {
epConfig.SetDefaults() epConfig.SetDefaults()
epConfig.KeepAliveMaxTime = ptypes.Duration(time.Millisecond) epConfig.KeepAliveMaxTime = ptypes.Duration(time.Millisecond)
entryPoint, err := NewTCPEntryPoint(context.Background(), &static.EntryPoint{ entryPoint, err := NewTCPEntryPoint(context.Background(), "", &static.EntryPoint{
Address: ":0", Address: ":0",
Transport: epConfig, Transport: epConfig,
ForwardedHeaders: &static.ForwardedHeaders{}, ForwardedHeaders: &static.ForwardedHeaders{},

2
pkg/server/service/observability_roundtripper.go
View file

@ -14,7 +14,7 @@ import (
"github.com/traefik/traefik/v3/pkg/tracing" "github.com/traefik/traefik/v3/pkg/tracing"
"go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/attribute"
"go.opentelemetry.io/otel/metric" "go.opentelemetry.io/otel/metric"
semconv "go.opentelemetry.io/otel/semconv/v1.21.0" semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
"go.opentelemetry.io/otel/trace" "go.opentelemetry.io/otel/trace"
) )

24
pkg/server/socket_activation_unix.go Normal file
View file

@ -0,0 +1,24 @@
//go:build !windows
package server
import (
"net"
"github.com/coreos/go-systemd/activation"
"github.com/rs/zerolog/log"
)
func populateSocketActivationListeners() {
listenersWithName, _ := activation.ListenersWithNames()
socketActivationListeners = make(map[string]net.Listener)
for name, lns := range listenersWithName {
if len(lns) != 1 {
log.Error().Str("listenersName", name).Msg("Socket activation listeners must have one and only one listener per name")
continue
}
socketActivationListeners[name] = lns[0]
}
}

5
pkg/server/socket_activation_windows.go Normal file
View file

@ -0,0 +1,5 @@
//go:build windows
package server
func populateSocketActivationListeners() {}

2
pkg/tracing/opentelemetry/opentelemetry.go
View file

@ -18,7 +18,7 @@ import (
"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp" "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp"
"go.opentelemetry.io/otel/sdk/resource" "go.opentelemetry.io/otel/sdk/resource"
sdktrace "go.opentelemetry.io/otel/sdk/trace" sdktrace "go.opentelemetry.io/otel/sdk/trace"
semconv "go.opentelemetry.io/otel/semconv/v1.21.0" semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
"go.opentelemetry.io/otel/trace" "go.opentelemetry.io/otel/trace"
"google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials"
"google.golang.org/grpc/encoding/gzip" "google.golang.org/grpc/encoding/gzip"

80
pkg/tracing/tracing.go
View file

@ -6,6 +6,8 @@ import (
"io" "io"
"net" "net"
"net/http" "net/http"
"net/url"
"slices"
"strconv" "strconv"
"strings" "strings"
@ -17,7 +19,7 @@ import (
"go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/attribute"
"go.opentelemetry.io/otel/codes" "go.opentelemetry.io/otel/codes"
"go.opentelemetry.io/otel/propagation" "go.opentelemetry.io/otel/propagation"
semconv "go.opentelemetry.io/otel/semconv/v1.21.0" semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
"go.opentelemetry.io/otel/trace" "go.opentelemetry.io/otel/trace"
) )
@ -47,7 +49,7 @@ func NewTracing(conf *static.Tracing) (*Tracer, io.Closer, error) {
return nil, nil, err return nil, nil, err
} }
return NewTracer(tr, conf.CapturedRequestHeaders, conf.CapturedResponseHeaders), closer, nil return NewTracer(tr, conf.CapturedRequestHeaders, conf.CapturedResponseHeaders, conf.SafeQueryParams), closer, nil
} }
// TracerFromContext extracts the trace.Tracer from the given context. // TracerFromContext extracts the trace.Tracer from the given context.
@ -122,14 +124,16 @@ func (t TracerProvider) Tracer(name string, options ...trace.TracerOption) trace
type Tracer struct { type Tracer struct {
trace.Tracer trace.Tracer
safeQueryParams []string
capturedRequestHeaders []string capturedRequestHeaders []string
capturedResponseHeaders []string capturedResponseHeaders []string
} }
// NewTracer builds and configures a new Tracer. // NewTracer builds and configures a new Tracer.
func NewTracer(tracer trace.Tracer, capturedRequestHeaders, capturedResponseHeaders []string) *Tracer { func NewTracer(tracer trace.Tracer, capturedRequestHeaders, capturedResponseHeaders, safeQueryParams []string) *Tracer {
return &Tracer{ return &Tracer{
Tracer: tracer, Tracer: tracer,
safeQueryParams: safeQueryParams,
capturedRequestHeaders: capturedRequestHeaders, capturedRequestHeaders: capturedRequestHeaders,
capturedResponseHeaders: capturedResponseHeaders, capturedResponseHeaders: capturedResponseHeaders,
} }
@ -153,37 +157,37 @@ func (t *Tracer) Start(ctx context.Context, spanName string, opts ...trace.SpanS
} }
// CaptureClientRequest used to add span attributes from the request as a Client. // CaptureClientRequest used to add span attributes from the request as a Client.
// TODO: need to update the semconv package as it does not implement fully Semantic Convention v1.23.0.
func (t *Tracer) CaptureClientRequest(span trace.Span, r *http.Request) { func (t *Tracer) CaptureClientRequest(span trace.Span, r *http.Request) {
if t == nil || span == nil || r == nil { if t == nil || span == nil || r == nil {
return return
} }
// Common attributes https://github.com/open-telemetry/semantic-conventions/blob/v1.23.0/docs/http/http-spans.md#common-attributes // Common attributes https://github.com/open-telemetry/semantic-conventions/blob/v1.26.0/docs/http/http-spans.md#common-attributes
span.SetAttributes(semconv.HTTPRequestMethodKey.String(r.Method)) span.SetAttributes(semconv.HTTPRequestMethodKey.String(r.Method))
span.SetAttributes(semconv.NetworkProtocolVersion(proto(r.Proto))) span.SetAttributes(semconv.NetworkProtocolVersion(proto(r.Proto)))
// Client attributes https://github.com/open-telemetry/semantic-conventions/blob/v1.23.0/docs/http/http-spans.md#http-client // Client attributes https://github.com/open-telemetry/semantic-conventions/blob/v1.26.0/docs/http/http-spans.md#http-client
span.SetAttributes(semconv.URLFull(r.URL.String())) sURL := t.safeURL(r.URL)
span.SetAttributes(semconv.URLScheme(r.URL.Scheme)) span.SetAttributes(semconv.URLFull(sURL.String()))
span.SetAttributes(semconv.URLScheme(sURL.Scheme))
span.SetAttributes(semconv.UserAgentOriginal(r.UserAgent())) span.SetAttributes(semconv.UserAgentOriginal(r.UserAgent()))
host, port, err := net.SplitHostPort(r.URL.Host) host, port, err := net.SplitHostPort(sURL.Host)
if err != nil { if err != nil {
span.SetAttributes(attribute.String("network.peer.address", host)) span.SetAttributes(semconv.NetworkPeerAddress(host))
span.SetAttributes(semconv.ServerAddress(r.URL.Host)) span.SetAttributes(semconv.ServerAddress(sURL.Host))
switch r.URL.Scheme { switch sURL.Scheme {
case "http": case "http":
span.SetAttributes(attribute.String("network.peer.port", "80")) span.SetAttributes(semconv.NetworkPeerPort(80))
span.SetAttributes(semconv.ServerPort(80)) span.SetAttributes(semconv.ServerPort(80))
case "https": case "https":
span.SetAttributes(attribute.String("network.peer.port", "443")) span.SetAttributes(semconv.NetworkPeerPort(443))
span.SetAttributes(semconv.ServerPort(443)) span.SetAttributes(semconv.ServerPort(443))
} }
} else { } else {
span.SetAttributes(attribute.String("network.peer.address", host)) span.SetAttributes(semconv.NetworkPeerAddress(host))
span.SetAttributes(attribute.String("network.peer.port", port))
intPort, _ := strconv.Atoi(port) intPort, _ := strconv.Atoi(port)
span.SetAttributes(semconv.NetworkPeerPort(intPort))
span.SetAttributes(semconv.ServerAddress(host)) span.SetAttributes(semconv.ServerAddress(host))
span.SetAttributes(semconv.ServerPort(intPort)) span.SetAttributes(semconv.ServerPort(intPort))
} }
@ -201,20 +205,20 @@ func (t *Tracer) CaptureClientRequest(span trace.Span, r *http.Request) {
} }
// CaptureServerRequest used to add span attributes from the request as a Server. // CaptureServerRequest used to add span attributes from the request as a Server.
// TODO: need to update the semconv package as it does not implement fully Semantic Convention v1.23.0.
func (t *Tracer) CaptureServerRequest(span trace.Span, r *http.Request) { func (t *Tracer) CaptureServerRequest(span trace.Span, r *http.Request) {
if t == nil || span == nil || r == nil { if t == nil || span == nil || r == nil {
return return
} }
// Common attributes https://github.com/open-telemetry/semantic-conventions/blob/v1.23.0/docs/http/http-spans.md#common-attributes // Common attributes https://github.com/open-telemetry/semantic-conventions/blob/v1.26.0/docs/http/http-spans.md#common-attributes
span.SetAttributes(semconv.HTTPRequestMethodKey.String(r.Method)) span.SetAttributes(semconv.HTTPRequestMethodKey.String(r.Method))
span.SetAttributes(semconv.NetworkProtocolVersion(proto(r.Proto))) span.SetAttributes(semconv.NetworkProtocolVersion(proto(r.Proto)))
// Server attributes https://github.com/open-telemetry/semantic-conventions/blob/v1.23.0/docs/http/http-spans.md#http-server-semantic-conventions sURL := t.safeURL(r.URL)
// Server attributes https://github.com/open-telemetry/semantic-conventions/blob/v1.26.0/docs/http/http-spans.md#http-server-semantic-conventions
span.SetAttributes(semconv.HTTPRequestBodySize(int(r.ContentLength))) span.SetAttributes(semconv.HTTPRequestBodySize(int(r.ContentLength)))
span.SetAttributes(semconv.URLPath(r.URL.Path)) span.SetAttributes(semconv.URLPath(sURL.Path))
span.SetAttributes(semconv.URLQuery(r.URL.RawQuery)) span.SetAttributes(semconv.URLQuery(sURL.RawQuery))
span.SetAttributes(semconv.URLScheme(r.Header.Get("X-Forwarded-Proto"))) span.SetAttributes(semconv.URLScheme(r.Header.Get("X-Forwarded-Proto")))
span.SetAttributes(semconv.UserAgentOriginal(r.UserAgent())) span.SetAttributes(semconv.UserAgentOriginal(r.UserAgent()))
span.SetAttributes(semconv.ServerAddress(r.Host)) span.SetAttributes(semconv.ServerAddress(r.Host))
@ -222,17 +226,15 @@ func (t *Tracer) CaptureServerRequest(span trace.Span, r *http.Request) {
host, port, err := net.SplitHostPort(r.RemoteAddr) host, port, err := net.SplitHostPort(r.RemoteAddr)
if err != nil { if err != nil {
span.SetAttributes(semconv.ClientAddress(r.RemoteAddr)) span.SetAttributes(semconv.ClientAddress(r.RemoteAddr))
span.SetAttributes(attribute.String("network.peer.address", r.RemoteAddr)) span.SetAttributes(semconv.NetworkPeerAddress(r.Host))
} else { } else {
span.SetAttributes(attribute.String("network.peer.address", host)) span.SetAttributes(semconv.NetworkPeerAddress(host))
span.SetAttributes(attribute.String("network.peer.port", port))
span.SetAttributes(semconv.ClientAddress(host)) span.SetAttributes(semconv.ClientAddress(host))
intPort, _ := strconv.Atoi(port) intPort, _ := strconv.Atoi(port)
span.SetAttributes(semconv.ClientPort(intPort)) span.SetAttributes(semconv.ClientPort(intPort))
span.SetAttributes(semconv.NetworkPeerPort(intPort))
} }
span.SetAttributes(semconv.ClientSocketAddress(r.Header.Get("X-Forwarded-For")))
for _, header := range t.capturedRequestHeaders { for _, header := range t.capturedRequestHeaders {
// User-agent is already part of the semantic convention as a recommended attribute. // User-agent is already part of the semantic convention as a recommended attribute.
if strings.EqualFold(header, "User-Agent") { if strings.EqualFold(header, "User-Agent") {
@ -273,6 +275,32 @@ func (t *Tracer) CaptureResponse(span trace.Span, responseHeaders http.Header, c
} }
} }
func (t *Tracer) safeURL(originalURL *url.URL) *url.URL {
if originalURL == nil {
return nil
}
redactedURL := *originalURL
// Redact password if exists.
if redactedURL.User != nil {
redactedURL.User = url.UserPassword("REDACTED", "REDACTED")
}
// Redact query parameters.
query := redactedURL.Query()
for k := range query {
if slices.Contains(t.safeQueryParams, k) {
continue
}
query.Set(k, "REDACTED")
}
redactedURL.RawQuery = query.Encode()
return &redactedURL
}
func proto(proto string) string { func proto(proto string) string {
switch proto { switch proto {
case "HTTP/1.0": case "HTTP/1.0":

57
pkg/tracing/tracing_test.go Normal file
View file

@ -0,0 +1,57 @@
package tracing
import (
"net/url"
"testing"
"github.com/stretchr/testify/assert"
)
func Test_safeFullURL(t *testing.T) {
testCases := []struct {
desc string
safeQueryParams []string
originalURL *url.URL
expectedURL *url.URL
}{
{
desc: "Nil URL",
originalURL: nil,
expectedURL: nil,
},
{
desc: "No query parameters",
originalURL: &url.URL{Scheme: "https", Host: "example.com"},
expectedURL: &url.URL{Scheme: "https", Host: "example.com"},
},
{
desc: "All query parameters redacted",
originalURL: &url.URL{Scheme: "https", Host: "example.com", RawQuery: "foo=bar&baz=qux"},
expectedURL: &url.URL{Scheme: "https", Host: "example.com", RawQuery: "baz=REDACTED&foo=REDACTED"},
},
{
desc: "Some query parameters unredacted",
safeQueryParams: []string{"foo"},
originalURL: &url.URL{Scheme: "https", Host: "example.com", RawQuery: "foo=bar&baz=qux"},
expectedURL: &url.URL{Scheme: "https", Host: "example.com", RawQuery: "baz=REDACTED&foo=bar"},
},
{
desc: "User info and some query parameters redacted",
safeQueryParams: []string{"foo"},
originalURL: &url.URL{Scheme: "https", Host: "example.com", User: url.UserPassword("username", "password"), RawQuery: "foo=bar&baz=qux"},
expectedURL: &url.URL{Scheme: "https", Host: "example.com", User: url.UserPassword("REDACTED", "REDACTED"), RawQuery: "baz=REDACTED&foo=bar"},
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
tr := NewTracer(nil, nil, nil, test.safeQueryParams)
gotURL := tr.safeURL(test.originalURL)
assert.Equal(t, test.expectedURL, gotURL)
})
}
}

10
script/gcg/traefik-rc-first.toml
View file

@ -4,14 +4,14 @@ RepositoryName = "traefik"
OutputType = "file" OutputType = "file"
FileName = "traefik_changelog.md" FileName = "traefik_changelog.md"
# example RC1 of v3.0.0-beta1 # example RC1 of v3.1.0-rc1
CurrentRef = "master" CurrentRef = "master"
PreviousRef = "v2.11.0-rc1" PreviousRef = "v3.0.0-beta3"
BaseBranch = "master" BaseBranch = "master"
FutureCurrentRefName = "v3.0.0-beta1" FutureCurrentRefName = "v3.1.0-rc1"
ThresholdPreviousRef = 10 ThresholdPreviousRef = 10000
ThresholdCurrentRef = 10 ThresholdCurrentRef = 10000
Debug = true Debug = true
DisplayLabel = true DisplayLabel = true