Compare commits
12 commits
fd015c5a9b
...
4b7594bc56
Author | SHA1 | Date | |
---|---|---|---|
4b7594bc56 | |||
|
b1b4e6b918 | ||
|
8cb1829698 | ||
|
2f9905061e | ||
|
0a7a6afd59 | ||
|
b577b3a6ba | ||
|
230019eccf | ||
|
2090baa938 | ||
|
b7de043991 | ||
|
9e0800f938 | ||
|
e7d1a98c5e | ||
|
2798e18e18 |
91 changed files with 1402 additions and 663 deletions
|
@ -146,6 +146,7 @@ linters-settings:
|
|||
- github.com/mailgun/multibuf
|
||||
- github.com/jaguilar/vt100
|
||||
- github.com/cucumber/godog
|
||||
- github.com/http-wasm/http-wasm-host-go
|
||||
testifylint:
|
||||
disable:
|
||||
- suite-dont-use-pkg
|
||||
|
|
|
@ -46,7 +46,7 @@ blocks:
|
|||
- name: GH_VERSION
|
||||
value: 2.32.1
|
||||
- name: CODENAME
|
||||
value: "beaufort"
|
||||
value: "comte"
|
||||
prologue:
|
||||
commands:
|
||||
- export VERSION=${SEMAPHORE_GIT_TAG_NAME}
|
||||
|
|
43
CHANGELOG.md
43
CHANGELOG.md
|
@ -1,3 +1,46 @@
|
|||
## [v3.1.0-rc1](https://github.com/traefik/traefik/tree/v3.1.0-rc1) (2024-06-27)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v3.0.0-beta3...v3.1.0-rc1)
|
||||
|
||||
**Enhancements:**
|
||||
- **[k8s,k8s/gatewayapi]** Support invalid HTTPRoute status ([#10714](https://github.com/traefik/traefik/pull/10714) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[k8s,k8s/gatewayapi]** KubernetesGateway provider is no longer experimental ([#10840](https://github.com/traefik/traefik/pull/10840) by [rtribotte](https://github.com/rtribotte))
|
||||
- **[k8s,k8s/gatewayapi]** Bump Gateway API to v1.1.0 ([#10835](https://github.com/traefik/traefik/pull/10835) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[k8s,k8s/gatewayapi]** Fix route attachments to gateways ([#10761](https://github.com/traefik/traefik/pull/10761) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[k8s,k8s/gatewayapi]** Support HTTPRoute method and query param matching ([#10815](https://github.com/traefik/traefik/pull/10815) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[k8s,k8s/gatewayapi]** Support HTTPURLRewrite filter ([#10571](https://github.com/traefik/traefik/pull/10571) by [SantoDE](https://github.com/SantoDE))
|
||||
- **[k8s,k8s/gatewayapi]** Set Gateway HTTPRoute status ([#10667](https://github.com/traefik/traefik/pull/10667) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[k8s,k8s/gatewayapi]** Support ReferenceGrant for HTTPRoute backends ([#10771](https://github.com/traefik/traefik/pull/10771) by [rtribotte](https://github.com/rtribotte))
|
||||
- **[k8s,k8s/gatewayapi]** Compute HTTPRoute priorities ([#10766](https://github.com/traefik/traefik/pull/10766) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[k8s,k8s/gatewayapi]** Support RegularExpression for path matching ([#10717](https://github.com/traefik/traefik/pull/10717) by [dmavrommatis](https://github.com/dmavrommatis))
|
||||
- **[k8s/crd,k8s]** Support HealthCheck for ExternalName services ([#10467](https://github.com/traefik/traefik/pull/10467) by [marcmognol](https://github.com/marcmognol))
|
||||
- **[k8s/ingress,k8s/crd,k8s,k8s/gatewayapi]** Migrate to EndpointSlices API ([#10664](https://github.com/traefik/traefik/pull/10664) by [jnoordsij](https://github.com/jnoordsij))
|
||||
- **[k8s/ingress,k8s/crd,k8s]** Change log level from Warning to Info when ExternalName services is enabled ([#10682](https://github.com/traefik/traefik/pull/10682) by [marcmognol](https://github.com/marcmognol))
|
||||
- **[k8s/ingress,k8s/crd,k8s]** Allow to use internal Node IPs for NodePort services ([#10278](https://github.com/traefik/traefik/pull/10278) by [jorisvergeer](https://github.com/jorisvergeer))
|
||||
- **[middleware,k8s,k8s/gatewayapi]** Improve HTTPRoute Redirect Filter with port and scheme ([#10784](https://github.com/traefik/traefik/pull/10784) by [rtribotte](https://github.com/rtribotte))
|
||||
- **[middleware,k8s,k8s/gatewayapi]** Support HTTPRoute redirect port and scheme ([#10802](https://github.com/traefik/traefik/pull/10802) by [rtribotte](https://github.com/rtribotte))
|
||||
- **[middleware]** Support Content-Security-Policy-Report-Only in the headers middleware ([#10709](https://github.com/traefik/traefik/pull/10709) by [SpecLad](https://github.com/SpecLad))
|
||||
- **[middleware]** Add support for Zstandard to the compression middleware ([#10660](https://github.com/traefik/traefik/pull/10660) by [Belphemur](https://github.com/Belphemur))
|
||||
- **[plugins]** Enhance wasm plugins ([#10829](https://github.com/traefik/traefik/pull/10829) by [juliens](https://github.com/juliens))
|
||||
- **[plugins]** Add logs for plugins load ([#10848](https://github.com/traefik/traefik/pull/10848) by [mmatur](https://github.com/mmatur))
|
||||
- **[server]** Support systemd socket-activation ([#10399](https://github.com/traefik/traefik/pull/10399) by [juliens](https://github.com/juliens))
|
||||
|
||||
**Bug fixes:**
|
||||
- **[healthcheck,k8s/crd,k8s]** Fix Healthcheck default value for ExternalName services ([#10778](https://github.com/traefik/traefik/pull/10778) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[middleware,metrics,tracing]** Upgrade to OpenTelemetry Semantic Conventions v1.26.0 ([#10850](https://github.com/traefik/traefik/pull/10850) by [mmatur](https://github.com/mmatur))
|
||||
|
||||
**Documentation:**
|
||||
- **[k8s,k8s/gatewayapi]** Fix the Kubernetes GatewayAPI documentation ([#10844](https://github.com/traefik/traefik/pull/10844) by [nmengin](https://github.com/nmengin))
|
||||
|
||||
**Misc:**
|
||||
- Merge current v3.0 into master ([#10853](https://github.com/traefik/traefik/pull/10853) by [mmatur](https://github.com/mmatur))
|
||||
- Merge current v3.0 into master ([#10811](https://github.com/traefik/traefik/pull/10811) by [mmatur](https://github.com/mmatur))
|
||||
- Merge current v3.0 into master ([#10789](https://github.com/traefik/traefik/pull/10789) by [ldez](https://github.com/ldez))
|
||||
- Merge current v3.0 into master ([#10750](https://github.com/traefik/traefik/pull/10750) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- Merge current v3.0 into master ([#10655](https://github.com/traefik/traefik/pull/10655) by [ldez](https://github.com/ldez))
|
||||
- Merge current v3.0 into master ([#10567](https://github.com/traefik/traefik/pull/10567) by [ldez](https://github.com/ldez))
|
||||
- Merge current v3.0 into master ([#10418](https://github.com/traefik/traefik/pull/10418) by [mmatur](https://github.com/mmatur))
|
||||
- Merge current v3.0 into master ([#10040](https://github.com/traefik/traefik/pull/10040) by [mmatur](https://github.com/mmatur))
|
||||
|
||||
## [v3.0.3](https://github.com/traefik/traefik/tree/v3.0.3) (2024-06-18)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v3.0.2...v3.0.3)
|
||||
|
||||
|
|
|
@ -46,6 +46,7 @@ import (
|
|||
"github.com/traefik/traefik/v3/pkg/tracing"
|
||||
"github.com/traefik/traefik/v3/pkg/types"
|
||||
"github.com/traefik/traefik/v3/pkg/version"
|
||||
"golang.org/x/exp/maps"
|
||||
)
|
||||
|
||||
func main() {
|
||||
|
@ -224,10 +225,21 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
|
|||
}
|
||||
|
||||
// Plugins
|
||||
pluginLogger := log.Ctx(ctx).With().Logger()
|
||||
hasPlugins := staticConfiguration.Experimental != nil && (staticConfiguration.Experimental.Plugins != nil || staticConfiguration.Experimental.LocalPlugins != nil)
|
||||
if hasPlugins {
|
||||
pluginsList := maps.Keys(staticConfiguration.Experimental.Plugins)
|
||||
pluginsList = append(pluginsList, maps.Keys(staticConfiguration.Experimental.LocalPlugins)...)
|
||||
|
||||
pluginLogger = pluginLogger.With().Strs("plugins", pluginsList).Logger()
|
||||
pluginLogger.Info().Msg("Loading plugins...")
|
||||
}
|
||||
|
||||
pluginBuilder, err := createPluginBuilder(staticConfiguration)
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("Plugins are disabled because an error has occurred.")
|
||||
pluginLogger.Err(err).Msg("Plugins are disabled because an error has occurred.")
|
||||
} else if hasPlugins {
|
||||
pluginLogger.Info().Msg("Plugins loaded.")
|
||||
}
|
||||
|
||||
// Providers plugins
|
||||
|
|
|
@ -79,7 +79,7 @@ traefik --help
|
|||
# or
|
||||
|
||||
docker run traefik[:version] --help
|
||||
# ex: docker run traefik:v3.0 --help
|
||||
# ex: docker run traefik:v3.1 --help
|
||||
```
|
||||
|
||||
Check the [CLI reference](../reference/static-configuration/cli.md "Link to CLI reference overview") for an overview about all available arguments.
|
||||
|
|
|
@ -16,12 +16,12 @@ You can install Traefik with the following flavors:
|
|||
|
||||
Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file:
|
||||
|
||||
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.0/traefik.sample.yml)
|
||||
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.0/traefik.sample.toml)
|
||||
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.1/traefik.sample.yml)
|
||||
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.1/traefik.sample.toml)
|
||||
|
||||
```shell
|
||||
docker run -d -p 8080:8080 -p 80:80 \
|
||||
-v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.0
|
||||
-v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.1
|
||||
```
|
||||
|
||||
For more details, go to the [Docker provider documentation](../providers/docker.md)
|
||||
|
@ -29,7 +29,7 @@ For more details, go to the [Docker provider documentation](../providers/docker.
|
|||
!!! tip
|
||||
|
||||
* Prefer a fixed version than the latest that could be an unexpected version.
|
||||
ex: `traefik:v3.0`
|
||||
ex: `traefik:v3.1`
|
||||
* Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine).
|
||||
* Any orchestrator using docker images can fetch the official Traefik docker image.
|
||||
|
||||
|
|
|
@ -136,7 +136,7 @@ spec:
|
|||
serviceAccountName: traefik-account
|
||||
containers:
|
||||
- name: traefik
|
||||
image: traefik:v3.0
|
||||
image: traefik:v3.1
|
||||
args:
|
||||
- --api.insecure
|
||||
- --providers.kubernetesingress
|
||||
|
|
|
@ -20,7 +20,7 @@ version: '3'
|
|||
services:
|
||||
reverse-proxy:
|
||||
# The official v3 Traefik docker image
|
||||
image: traefik:v3.0
|
||||
image: traefik:v3.1
|
||||
# Enables the web UI and tells Traefik to listen to docker
|
||||
command: --api.insecure=true --providers.docker
|
||||
ports:
|
||||
|
|
|
@ -1,14 +1,10 @@
|
|||
---
|
||||
|
||||
!!! question "Using Traefik for Business Applications?"
|
||||
!!! question "Using Traefik OSS in Production? Consider Adding Advanced Capabilities."
|
||||
|
||||
If you are using Traefik in your organization, consider our enterprise-grade solutions:
|
||||
Add API Gateway or API Management capabilities seamlessly to your existing Traefik deployments.
|
||||
No rip and replace. No learning curve.
|
||||
|
||||
- API Management
|
||||
[Explore](https://traefik.io/solutions/api-management/) // [Watch Demo Video](https://info.traefik.io/watch-traefik-hub-demo)
|
||||
- API Gateway
|
||||
[Explore](https://traefik.io/solutions/api-gateway/) // [Watch Demo Video](https://info.traefik.io/watch-traefikee-demo)
|
||||
- Ingress Controller
|
||||
[Kubernetes](https://traefik.io/solutions/kubernetes-ingress/) // [Docker Swarm](https://traefik.io/solutions/docker-swarm-ingress/)
|
||||
|
||||
These tools help businesses discover, deploy, secure, and manage microservices and APIs easily, at scale, across any environment.
|
||||
- [Explore our API Gateway](https://traefik.io/traefik-hub-api-gateway/)
|
||||
- [Explore our API Management](https://traefik.io/traefik-hub/)
|
||||
- [Get 24/7/365 Commercial Support for Traefik OSS](https://info.traefik.io/request-commercial-support)
|
||||
|
|
|
@ -24,8 +24,6 @@ Developing Traefik, our main goal is to make it effortless to use, and we're sur
|
|||
|
||||
!!! info
|
||||
|
||||
Join our user friendly and active [Community Forum](https://community.traefik.io "Link to Traefik Community Forum") to discuss, learn, and connect with the traefik community.
|
||||
Join our user friendly and active [Community Forum](https://community.traefik.io "Link to Traefik Community Forum") to discuss, learn, and connect with the Traefik community.
|
||||
|
||||
Using Traefik in your organization? Consider [Traefik Enterprise](https://traefik.io/traefik-enterprise/ "Lino to Traefik Enterprise"), our unified API Gateway and Ingress that simplifies the discovery, security, and deployment of APIs and microservices across any environment.
|
||||
|
||||
See it in action in [this short video walkthrough](https://info.traefik.io/watch-traefikee-demo "Link to video walkthrough").
|
||||
Using Traefik OSS in Production? Add enterprise-grade API Gateway and API Management capabilities to your existing deployments seamlessly. No rip and replace. No learning curve. Learn more from [this short video](https://info.traefik.io/traefik-upgrade-walkthrough)
|
||||
|
|
|
@ -275,7 +275,7 @@ version: "3.7"
|
|||
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v3.0
|
||||
image: traefik:v3.1
|
||||
environment:
|
||||
- TZ=US/Alaska
|
||||
command:
|
||||
|
|
|
@ -5,6 +5,8 @@ description: "Traefik supports several tracing backends, including OpenTelemetry
|
|||
|
||||
# OpenTelemetry
|
||||
|
||||
Traefik Proxy follows [official OpenTelemetry semantic conventions v1.26.0](https://github.com/open-telemetry/semantic-conventions/blob/v1.26.0/docs/http/http-spans.md).
|
||||
|
||||
To enable the OpenTelemetry tracer:
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
|
|
|
@ -160,3 +160,28 @@ tracing:
|
|||
```bash tab="CLI"
|
||||
--tracing.capturedResponseHeaders[0]=X-CustomHeader
|
||||
```
|
||||
|
||||
#### `safeQueryParams`
|
||||
|
||||
_Optional, Default={}_
|
||||
|
||||
By default, all query parameters are redacted.
|
||||
Defines the list of query parameters to not redact.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
otlp:
|
||||
safeQueryParams:
|
||||
- bar
|
||||
- buz
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[tracing]
|
||||
[tracing.otlp]
|
||||
safeQueryParams = ["bar", "buz"]
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--tracing.otlp.safeQueryParams=bar,buz
|
||||
```
|
||||
|
|
|
@ -163,7 +163,7 @@ See the [Docker API Access](#docker-api-access) section for more information.
|
|||
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v3.0 # The official v3 Traefik docker image
|
||||
image: traefik:v3.1 # The official v3 Traefik docker image
|
||||
ports:
|
||||
- "80:80"
|
||||
volumes:
|
||||
|
|
|
@ -31,10 +31,10 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku
|
|||
|
||||
```bash
|
||||
# Install Traefik Resource Definitions:
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
|
||||
|
||||
# Install RBAC for Traefik:
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
|
||||
```
|
||||
|
||||
## Resource Configuration
|
||||
|
|
|
@ -5,7 +5,7 @@ description: "Learn how to use the Kubernetes Gateway API as a provider for conf
|
|||
|
||||
# Traefik & Kubernetes with Gateway API
|
||||
|
||||
The Kubernetes Gateway API, The Experimental Way.
|
||||
The Kubernetes Gateway API Controller.
|
||||
{: .subtitle }
|
||||
|
||||
Gateway API is the evolution of Kubernetes APIs that relate to `Services`, such as `Ingress`.
|
||||
|
@ -14,32 +14,7 @@ The Gateway API project is part of Kubernetes, working under SIG-NETWORK.
|
|||
The Kubernetes Gateway provider is a Traefik implementation of the [Gateway API](https://gateway-api.sigs.k8s.io/)
|
||||
specifications from the Kubernetes Special Interest Groups (SIGs).
|
||||
|
||||
This provider is proposed as an experimental feature and partially supports Gateway API [v1.0.0](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.0.0) specification.
|
||||
|
||||
!!! warning "Enabling The Experimental Kubernetes Gateway Provider"
|
||||
|
||||
Since this provider is still experimental, it needs to be activated in the experimental section of the static configuration.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
experimental:
|
||||
kubernetesGateway: true
|
||||
|
||||
providers:
|
||||
kubernetesGateway: {}
|
||||
#...
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[experimental]
|
||||
kubernetesGateway = true
|
||||
|
||||
[providers.kubernetesGateway]
|
||||
#...
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--experimental.kubernetesgateway=true --providers.kubernetesgateway=true #...
|
||||
```
|
||||
This provider supports Gateway API [v1.1.0](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.1.0) specification.
|
||||
|
||||
## Requirements
|
||||
|
||||
|
|
|
@ -494,6 +494,6 @@ providers:
|
|||
### Further
|
||||
|
||||
To learn more about the various aspects of the Ingress specification that Traefik supports,
|
||||
many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v3.0/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
|
||||
many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v3.1/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
|
||||
|
||||
{!traefik-for-business-applications.md!}
|
||||
|
|
|
@ -209,7 +209,7 @@ See the [Docker Swarm API Access](#docker-api-access) section for more informati
|
|||
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v3.0 # The official v3 Traefik docker image
|
||||
image: traefik:v3.1 # The official v3 Traefik docker image
|
||||
ports:
|
||||
- "80:80"
|
||||
volumes:
|
||||
|
|
|
@ -43,7 +43,7 @@ spec:
|
|||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
|
@ -63,12 +63,12 @@ spec:
|
|||
match:
|
||||
description: |-
|
||||
Match defines the router's rule.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
|
||||
type: string
|
||||
middlewares:
|
||||
description: |-
|
||||
Middlewares defines the list of references to Middleware resources.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
|
||||
items:
|
||||
description: MiddlewareRef is a reference to a Middleware
|
||||
resource.
|
||||
|
@ -88,7 +88,7 @@ spec:
|
|||
priority:
|
||||
description: |-
|
||||
Priority defines the router's priority.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
|
||||
type: integer
|
||||
services:
|
||||
description: |-
|
||||
|
@ -229,7 +229,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -277,7 +277,7 @@ spec:
|
|||
syntax:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
|
||||
type: string
|
||||
required:
|
||||
- kind
|
||||
|
@ -287,18 +287,18 @@ spec:
|
|||
tls:
|
||||
description: |-
|
||||
TLS defines the TLS configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
|
||||
properties:
|
||||
certResolver:
|
||||
description: |-
|
||||
CertResolver defines the name of the certificate resolver to use.
|
||||
Cert resolvers have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
|
||||
type: string
|
||||
domains:
|
||||
description: |-
|
||||
Domains defines the list of domains that will be used to issue certificates.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
|
@ -317,17 +317,17 @@ spec:
|
|||
description: |-
|
||||
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
If not defined, the `default` TLSOption is used.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
properties:
|
||||
name:
|
||||
description: |-
|
||||
Name defines the name of the referenced TLSOption.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace defines the namespace of the referenced TLSOption.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
|
@ -344,12 +344,12 @@ spec:
|
|||
name:
|
||||
description: |-
|
||||
Name defines the name of the referenced TLSStore.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace defines the namespace of the referenced TLSStore.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
|
@ -409,7 +409,7 @@ spec:
|
|||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
|
@ -422,7 +422,7 @@ spec:
|
|||
match:
|
||||
description: |-
|
||||
Match defines the router's rule.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
|
||||
type: string
|
||||
middlewares:
|
||||
description: Middlewares defines the list of references to MiddlewareTCP
|
||||
|
@ -446,7 +446,7 @@ spec:
|
|||
priority:
|
||||
description: |-
|
||||
Priority defines the router's priority.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
|
||||
type: integer
|
||||
services:
|
||||
description: Services defines the list of TCP services.
|
||||
|
@ -487,7 +487,7 @@ spec:
|
|||
proxyProtocol:
|
||||
description: |-
|
||||
ProxyProtocol defines the PROXY protocol configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
|
||||
properties:
|
||||
version:
|
||||
description: Version defines the PROXY Protocol version
|
||||
|
@ -525,7 +525,7 @@ spec:
|
|||
syntax:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
|
||||
type: string
|
||||
required:
|
||||
- match
|
||||
|
@ -534,18 +534,18 @@ spec:
|
|||
tls:
|
||||
description: |-
|
||||
TLS defines the TLS configuration on a layer 4 / TCP Route.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
|
||||
properties:
|
||||
certResolver:
|
||||
description: |-
|
||||
CertResolver defines the name of the certificate resolver to use.
|
||||
Cert resolvers have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
|
||||
type: string
|
||||
domains:
|
||||
description: |-
|
||||
Domains defines the list of domains that will be used to issue certificates.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
|
@ -564,7 +564,7 @@ spec:
|
|||
description: |-
|
||||
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
If not defined, the `default` TLSOption is used.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Traefik
|
||||
|
@ -656,7 +656,7 @@ spec:
|
|||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
|
@ -743,7 +743,7 @@ spec:
|
|||
openAPIV3Schema:
|
||||
description: |-
|
||||
Middleware is the CRD implementation of a Traefik Middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -769,7 +769,7 @@ spec:
|
|||
description: |-
|
||||
AddPrefix holds the add prefix middleware configuration.
|
||||
This middleware updates the path of a request before forwarding it.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
|
||||
properties:
|
||||
prefix:
|
||||
description: |-
|
||||
|
@ -781,12 +781,12 @@ spec:
|
|||
description: |-
|
||||
BasicAuth holds the basic auth middleware configuration.
|
||||
This middleware restricts access to your services to known users.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
|
||||
properties:
|
||||
headerField:
|
||||
description: |-
|
||||
HeaderField defines a header field to store the authenticated user.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
type: string
|
||||
realm:
|
||||
description: |-
|
||||
|
@ -807,7 +807,7 @@ spec:
|
|||
description: |-
|
||||
Buffering holds the buffering middleware configuration.
|
||||
This middleware retries or limits the size of requests that can be forwarded to backends.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
|
||||
properties:
|
||||
maxRequestBodyBytes:
|
||||
description: |-
|
||||
|
@ -839,14 +839,14 @@ spec:
|
|||
description: |-
|
||||
RetryExpression defines the retry conditions.
|
||||
It is a logical combination of functions with operators AND (&&) and OR (||).
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
|
||||
type: string
|
||||
type: object
|
||||
chain:
|
||||
description: |-
|
||||
Chain holds the configuration of the chain middleware.
|
||||
This middleware enables to define reusable combinations of other pieces of middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
|
||||
properties:
|
||||
middlewares:
|
||||
description: Middlewares is the list of MiddlewareRef which composes
|
||||
|
@ -905,7 +905,7 @@ spec:
|
|||
description: |-
|
||||
Compress holds the compress middleware configuration.
|
||||
This middleware compresses responses before sending them to the client, using gzip compression.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
|
||||
properties:
|
||||
defaultEncoding:
|
||||
description: DefaultEncoding specifies the default encoding if
|
||||
|
@ -948,12 +948,12 @@ spec:
|
|||
description: |-
|
||||
DigestAuth holds the digest auth middleware configuration.
|
||||
This middleware restricts access to your services to known users.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
|
||||
properties:
|
||||
headerField:
|
||||
description: |-
|
||||
HeaderField defines a header field to store the authenticated user.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
type: string
|
||||
realm:
|
||||
description: |-
|
||||
|
@ -973,7 +973,7 @@ spec:
|
|||
description: |-
|
||||
ErrorPage holds the custom error middleware configuration.
|
||||
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
|
||||
properties:
|
||||
query:
|
||||
description: |-
|
||||
|
@ -983,7 +983,7 @@ spec:
|
|||
service:
|
||||
description: |-
|
||||
Service defines the reference to a Kubernetes Service that will serve the error page.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
|
||||
properties:
|
||||
healthCheck:
|
||||
description: Healthcheck defines health checks for ExternalName
|
||||
|
@ -1116,7 +1116,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -1174,7 +1174,7 @@ spec:
|
|||
description: |-
|
||||
ForwardAuth holds the forward auth middleware configuration.
|
||||
This middleware delegates the request authentication to a Service.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
|
||||
properties:
|
||||
addAuthCookiesToResponse:
|
||||
description: AddAuthCookiesToResponse defines the list of cookies
|
||||
|
@ -1202,7 +1202,7 @@ spec:
|
|||
authResponseHeadersRegex:
|
||||
description: |-
|
||||
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
type: string
|
||||
tls:
|
||||
description: TLS defines the configuration used to secure the
|
||||
|
@ -1249,7 +1249,7 @@ spec:
|
|||
description: |-
|
||||
Headers holds the headers middleware configuration.
|
||||
This middleware manages the requests and responses headers.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
|
||||
properties:
|
||||
accessControlAllowCredentials:
|
||||
description: AccessControlAllowCredentials defines whether the
|
||||
|
@ -1420,7 +1420,7 @@ spec:
|
|||
description: |-
|
||||
InFlightReq holds the in-flight request middleware configuration.
|
||||
This middleware limits the number of requests being processed and served concurrently.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
|
||||
properties:
|
||||
amount:
|
||||
description: |-
|
||||
|
@ -1433,12 +1433,12 @@ spec:
|
|||
SourceCriterion defines what criterion is used to group requests as originating from a common source.
|
||||
If several strategies are defined at the same time, an error will be raised.
|
||||
If none are set, the default is to use the requestHost.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1467,12 +1467,12 @@ spec:
|
|||
description: |-
|
||||
IPAllowList holds the IP allowlist middleware configuration.
|
||||
This middleware limits allowed requests based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1504,7 +1504,7 @@ spec:
|
|||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1529,7 +1529,7 @@ spec:
|
|||
description: |-
|
||||
PassTLSClientCert holds the pass TLS client cert middleware configuration.
|
||||
This middleware adds the selected data from the passed client TLS certificate to a header.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
|
||||
properties:
|
||||
info:
|
||||
description: Info selects the specific client certificate details
|
||||
|
@ -1638,7 +1638,7 @@ spec:
|
|||
description: |-
|
||||
RateLimit holds the rate limit configuration.
|
||||
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
|
||||
properties:
|
||||
average:
|
||||
description: |-
|
||||
|
@ -1671,7 +1671,7 @@ spec:
|
|||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1700,7 +1700,7 @@ spec:
|
|||
description: |-
|
||||
RedirectRegex holds the redirect regex middleware configuration.
|
||||
This middleware redirects a request using regex matching and replacement.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
|
||||
properties:
|
||||
permanent:
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
|
@ -1719,7 +1719,7 @@ spec:
|
|||
description: |-
|
||||
RedirectScheme holds the redirect scheme middleware configuration.
|
||||
This middleware redirects requests from a scheme/port to another.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
|
||||
properties:
|
||||
permanent:
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
|
@ -1736,7 +1736,7 @@ spec:
|
|||
description: |-
|
||||
ReplacePath holds the replace path middleware configuration.
|
||||
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
|
||||
properties:
|
||||
path:
|
||||
description: Path defines the path to use as replacement in the
|
||||
|
@ -1747,7 +1747,7 @@ spec:
|
|||
description: |-
|
||||
ReplacePathRegex holds the replace path regex middleware configuration.
|
||||
This middleware replaces the path of a URL using regex matching and replacement.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
|
||||
properties:
|
||||
regex:
|
||||
description: Regex defines the regular expression used to match
|
||||
|
@ -1763,7 +1763,7 @@ spec:
|
|||
Retry holds the retry middleware configuration.
|
||||
This middleware reissues requests a given number of times to a backend server if that server does not reply.
|
||||
As soon as the server answers, the middleware stops retrying, regardless of the response status.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
|
||||
properties:
|
||||
attempts:
|
||||
description: Attempts defines how many times the request should
|
||||
|
@ -1785,7 +1785,7 @@ spec:
|
|||
description: |-
|
||||
StripPrefix holds the strip prefix middleware configuration.
|
||||
This middleware removes the specified prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
|
||||
properties:
|
||||
forceSlash:
|
||||
description: |-
|
||||
|
@ -1804,7 +1804,7 @@ spec:
|
|||
description: |-
|
||||
StripPrefixRegex holds the strip prefix regex middleware configuration.
|
||||
This middleware removes the matching prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
|
||||
properties:
|
||||
regex:
|
||||
description: Regex defines the regular expression to match the
|
||||
|
@ -1841,7 +1841,7 @@ spec:
|
|||
openAPIV3Schema:
|
||||
description: |-
|
||||
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -1877,7 +1877,7 @@ spec:
|
|||
description: |-
|
||||
IPAllowList defines the IPAllowList middleware configuration.
|
||||
This middleware accepts/refuses connections based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
|
@ -1891,7 +1891,7 @@ spec:
|
|||
IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
This middleware accepts/refuses connections based on the client IP.
|
||||
Deprecated: please use IPAllowList instead.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
|
@ -1930,7 +1930,7 @@ spec:
|
|||
ServersTransport is the CRD implementation of a ServersTransport.
|
||||
If no serversTransport is specified, the default@internal will be used.
|
||||
The default@internal serversTransport is created from the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2069,7 +2069,7 @@ spec:
|
|||
ServersTransportTCP is the CRD implementation of a TCPServersTransport.
|
||||
If no tcpServersTransport is specified, a default one named default@internal will be used.
|
||||
The default@internal tcpServersTransport can be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2187,7 +2187,7 @@ spec:
|
|||
openAPIV3Schema:
|
||||
description: |-
|
||||
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2212,14 +2212,14 @@ spec:
|
|||
alpnProtocols:
|
||||
description: |-
|
||||
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
cipherSuites:
|
||||
description: |-
|
||||
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
|
@ -2247,7 +2247,7 @@ spec:
|
|||
curvePreferences:
|
||||
description: |-
|
||||
CurvePreferences defines the preferred elliptic curves in a specific order.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
|
@ -2303,7 +2303,7 @@ spec:
|
|||
TLSStore is the CRD implementation of a Traefik TLS Store.
|
||||
For the time being, only the TLSStore named default is supported.
|
||||
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2401,7 +2401,7 @@ spec:
|
|||
TraefikService object allows to:
|
||||
- Apply weight to Services on load-balancing
|
||||
- Mirror traffic on services
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2642,7 +2642,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -2749,7 +2749,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -2932,7 +2932,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -2979,7 +2979,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines whether sticky sessions are enabled.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
|
|
@ -25,7 +25,7 @@ spec:
|
|||
serviceAccountName: traefik-controller
|
||||
containers:
|
||||
- name: traefik
|
||||
image: traefik:v3.0
|
||||
image: traefik:v3.1
|
||||
args:
|
||||
- --entryPoints.web.address=:80
|
||||
- --entryPoints.websecure.address=:443
|
||||
|
|
|
@ -43,7 +43,7 @@ spec:
|
|||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
|
@ -63,12 +63,12 @@ spec:
|
|||
match:
|
||||
description: |-
|
||||
Match defines the router's rule.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
|
||||
type: string
|
||||
middlewares:
|
||||
description: |-
|
||||
Middlewares defines the list of references to Middleware resources.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
|
||||
items:
|
||||
description: MiddlewareRef is a reference to a Middleware
|
||||
resource.
|
||||
|
@ -88,7 +88,7 @@ spec:
|
|||
priority:
|
||||
description: |-
|
||||
Priority defines the router's priority.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
|
||||
type: integer
|
||||
services:
|
||||
description: |-
|
||||
|
@ -229,7 +229,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -277,7 +277,7 @@ spec:
|
|||
syntax:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
|
||||
type: string
|
||||
required:
|
||||
- kind
|
||||
|
@ -287,18 +287,18 @@ spec:
|
|||
tls:
|
||||
description: |-
|
||||
TLS defines the TLS configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
|
||||
properties:
|
||||
certResolver:
|
||||
description: |-
|
||||
CertResolver defines the name of the certificate resolver to use.
|
||||
Cert resolvers have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
|
||||
type: string
|
||||
domains:
|
||||
description: |-
|
||||
Domains defines the list of domains that will be used to issue certificates.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
|
@ -317,17 +317,17 @@ spec:
|
|||
description: |-
|
||||
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
If not defined, the `default` TLSOption is used.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
properties:
|
||||
name:
|
||||
description: |-
|
||||
Name defines the name of the referenced TLSOption.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace defines the namespace of the referenced TLSOption.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
|
@ -344,12 +344,12 @@ spec:
|
|||
name:
|
||||
description: |-
|
||||
Name defines the name of the referenced TLSStore.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace defines the namespace of the referenced TLSStore.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
|
|
|
@ -43,7 +43,7 @@ spec:
|
|||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
|
@ -56,7 +56,7 @@ spec:
|
|||
match:
|
||||
description: |-
|
||||
Match defines the router's rule.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
|
||||
type: string
|
||||
middlewares:
|
||||
description: Middlewares defines the list of references to MiddlewareTCP
|
||||
|
@ -80,7 +80,7 @@ spec:
|
|||
priority:
|
||||
description: |-
|
||||
Priority defines the router's priority.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
|
||||
type: integer
|
||||
services:
|
||||
description: Services defines the list of TCP services.
|
||||
|
@ -121,7 +121,7 @@ spec:
|
|||
proxyProtocol:
|
||||
description: |-
|
||||
ProxyProtocol defines the PROXY protocol configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
|
||||
properties:
|
||||
version:
|
||||
description: Version defines the PROXY Protocol version
|
||||
|
@ -159,7 +159,7 @@ spec:
|
|||
syntax:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
|
||||
type: string
|
||||
required:
|
||||
- match
|
||||
|
@ -168,18 +168,18 @@ spec:
|
|||
tls:
|
||||
description: |-
|
||||
TLS defines the TLS configuration on a layer 4 / TCP Route.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
|
||||
properties:
|
||||
certResolver:
|
||||
description: |-
|
||||
CertResolver defines the name of the certificate resolver to use.
|
||||
Cert resolvers have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
|
||||
type: string
|
||||
domains:
|
||||
description: |-
|
||||
Domains defines the list of domains that will be used to issue certificates.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
|
@ -198,7 +198,7 @@ spec:
|
|||
description: |-
|
||||
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
If not defined, the `default` TLSOption is used.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Traefik
|
||||
|
|
|
@ -43,7 +43,7 @@ spec:
|
|||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
|
|
|
@ -19,7 +19,7 @@ spec:
|
|||
openAPIV3Schema:
|
||||
description: |-
|
||||
Middleware is the CRD implementation of a Traefik Middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -45,7 +45,7 @@ spec:
|
|||
description: |-
|
||||
AddPrefix holds the add prefix middleware configuration.
|
||||
This middleware updates the path of a request before forwarding it.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
|
||||
properties:
|
||||
prefix:
|
||||
description: |-
|
||||
|
@ -57,12 +57,12 @@ spec:
|
|||
description: |-
|
||||
BasicAuth holds the basic auth middleware configuration.
|
||||
This middleware restricts access to your services to known users.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
|
||||
properties:
|
||||
headerField:
|
||||
description: |-
|
||||
HeaderField defines a header field to store the authenticated user.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
type: string
|
||||
realm:
|
||||
description: |-
|
||||
|
@ -83,7 +83,7 @@ spec:
|
|||
description: |-
|
||||
Buffering holds the buffering middleware configuration.
|
||||
This middleware retries or limits the size of requests that can be forwarded to backends.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
|
||||
properties:
|
||||
maxRequestBodyBytes:
|
||||
description: |-
|
||||
|
@ -115,14 +115,14 @@ spec:
|
|||
description: |-
|
||||
RetryExpression defines the retry conditions.
|
||||
It is a logical combination of functions with operators AND (&&) and OR (||).
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
|
||||
type: string
|
||||
type: object
|
||||
chain:
|
||||
description: |-
|
||||
Chain holds the configuration of the chain middleware.
|
||||
This middleware enables to define reusable combinations of other pieces of middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
|
||||
properties:
|
||||
middlewares:
|
||||
description: Middlewares is the list of MiddlewareRef which composes
|
||||
|
@ -181,7 +181,7 @@ spec:
|
|||
description: |-
|
||||
Compress holds the compress middleware configuration.
|
||||
This middleware compresses responses before sending them to the client, using gzip compression.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
|
||||
properties:
|
||||
defaultEncoding:
|
||||
description: DefaultEncoding specifies the default encoding if
|
||||
|
@ -224,12 +224,12 @@ spec:
|
|||
description: |-
|
||||
DigestAuth holds the digest auth middleware configuration.
|
||||
This middleware restricts access to your services to known users.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
|
||||
properties:
|
||||
headerField:
|
||||
description: |-
|
||||
HeaderField defines a header field to store the authenticated user.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
type: string
|
||||
realm:
|
||||
description: |-
|
||||
|
@ -249,7 +249,7 @@ spec:
|
|||
description: |-
|
||||
ErrorPage holds the custom error middleware configuration.
|
||||
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
|
||||
properties:
|
||||
query:
|
||||
description: |-
|
||||
|
@ -259,7 +259,7 @@ spec:
|
|||
service:
|
||||
description: |-
|
||||
Service defines the reference to a Kubernetes Service that will serve the error page.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
|
||||
properties:
|
||||
healthCheck:
|
||||
description: Healthcheck defines health checks for ExternalName
|
||||
|
@ -392,7 +392,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -450,7 +450,7 @@ spec:
|
|||
description: |-
|
||||
ForwardAuth holds the forward auth middleware configuration.
|
||||
This middleware delegates the request authentication to a Service.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
|
||||
properties:
|
||||
addAuthCookiesToResponse:
|
||||
description: AddAuthCookiesToResponse defines the list of cookies
|
||||
|
@ -478,7 +478,7 @@ spec:
|
|||
authResponseHeadersRegex:
|
||||
description: |-
|
||||
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
type: string
|
||||
tls:
|
||||
description: TLS defines the configuration used to secure the
|
||||
|
@ -525,7 +525,7 @@ spec:
|
|||
description: |-
|
||||
Headers holds the headers middleware configuration.
|
||||
This middleware manages the requests and responses headers.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
|
||||
properties:
|
||||
accessControlAllowCredentials:
|
||||
description: AccessControlAllowCredentials defines whether the
|
||||
|
@ -696,7 +696,7 @@ spec:
|
|||
description: |-
|
||||
InFlightReq holds the in-flight request middleware configuration.
|
||||
This middleware limits the number of requests being processed and served concurrently.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
|
||||
properties:
|
||||
amount:
|
||||
description: |-
|
||||
|
@ -709,12 +709,12 @@ spec:
|
|||
SourceCriterion defines what criterion is used to group requests as originating from a common source.
|
||||
If several strategies are defined at the same time, an error will be raised.
|
||||
If none are set, the default is to use the requestHost.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -743,12 +743,12 @@ spec:
|
|||
description: |-
|
||||
IPAllowList holds the IP allowlist middleware configuration.
|
||||
This middleware limits allowed requests based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -780,7 +780,7 @@ spec:
|
|||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -805,7 +805,7 @@ spec:
|
|||
description: |-
|
||||
PassTLSClientCert holds the pass TLS client cert middleware configuration.
|
||||
This middleware adds the selected data from the passed client TLS certificate to a header.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
|
||||
properties:
|
||||
info:
|
||||
description: Info selects the specific client certificate details
|
||||
|
@ -914,7 +914,7 @@ spec:
|
|||
description: |-
|
||||
RateLimit holds the rate limit configuration.
|
||||
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
|
||||
properties:
|
||||
average:
|
||||
description: |-
|
||||
|
@ -947,7 +947,7 @@ spec:
|
|||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -976,7 +976,7 @@ spec:
|
|||
description: |-
|
||||
RedirectRegex holds the redirect regex middleware configuration.
|
||||
This middleware redirects a request using regex matching and replacement.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
|
||||
properties:
|
||||
permanent:
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
|
@ -995,7 +995,7 @@ spec:
|
|||
description: |-
|
||||
RedirectScheme holds the redirect scheme middleware configuration.
|
||||
This middleware redirects requests from a scheme/port to another.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
|
||||
properties:
|
||||
permanent:
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
|
@ -1012,7 +1012,7 @@ spec:
|
|||
description: |-
|
||||
ReplacePath holds the replace path middleware configuration.
|
||||
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
|
||||
properties:
|
||||
path:
|
||||
description: Path defines the path to use as replacement in the
|
||||
|
@ -1023,7 +1023,7 @@ spec:
|
|||
description: |-
|
||||
ReplacePathRegex holds the replace path regex middleware configuration.
|
||||
This middleware replaces the path of a URL using regex matching and replacement.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
|
||||
properties:
|
||||
regex:
|
||||
description: Regex defines the regular expression used to match
|
||||
|
@ -1039,7 +1039,7 @@ spec:
|
|||
Retry holds the retry middleware configuration.
|
||||
This middleware reissues requests a given number of times to a backend server if that server does not reply.
|
||||
As soon as the server answers, the middleware stops retrying, regardless of the response status.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
|
||||
properties:
|
||||
attempts:
|
||||
description: Attempts defines how many times the request should
|
||||
|
@ -1061,7 +1061,7 @@ spec:
|
|||
description: |-
|
||||
StripPrefix holds the strip prefix middleware configuration.
|
||||
This middleware removes the specified prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
|
||||
properties:
|
||||
forceSlash:
|
||||
description: |-
|
||||
|
@ -1080,7 +1080,7 @@ spec:
|
|||
description: |-
|
||||
StripPrefixRegex holds the strip prefix regex middleware configuration.
|
||||
This middleware removes the matching prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
|
||||
properties:
|
||||
regex:
|
||||
description: Regex defines the regular expression to match the
|
||||
|
|
|
@ -19,7 +19,7 @@ spec:
|
|||
openAPIV3Schema:
|
||||
description: |-
|
||||
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -55,7 +55,7 @@ spec:
|
|||
description: |-
|
||||
IPAllowList defines the IPAllowList middleware configuration.
|
||||
This middleware accepts/refuses connections based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
|
@ -69,7 +69,7 @@ spec:
|
|||
IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
This middleware accepts/refuses connections based on the client IP.
|
||||
Deprecated: please use IPAllowList instead.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
|
|
|
@ -21,7 +21,7 @@ spec:
|
|||
ServersTransport is the CRD implementation of a ServersTransport.
|
||||
If no serversTransport is specified, the default@internal will be used.
|
||||
The default@internal serversTransport is created from the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
|
|
@ -21,7 +21,7 @@ spec:
|
|||
ServersTransportTCP is the CRD implementation of a TCPServersTransport.
|
||||
If no tcpServersTransport is specified, a default one named default@internal will be used.
|
||||
The default@internal tcpServersTransport can be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
|
|
@ -19,7 +19,7 @@ spec:
|
|||
openAPIV3Schema:
|
||||
description: |-
|
||||
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -44,14 +44,14 @@ spec:
|
|||
alpnProtocols:
|
||||
description: |-
|
||||
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
cipherSuites:
|
||||
description: |-
|
||||
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
|
@ -79,7 +79,7 @@ spec:
|
|||
curvePreferences:
|
||||
description: |-
|
||||
CurvePreferences defines the preferred elliptic curves in a specific order.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
|
|
|
@ -21,7 +21,7 @@ spec:
|
|||
TLSStore is the CRD implementation of a Traefik TLS Store.
|
||||
For the time being, only the TLSStore named default is supported.
|
||||
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
|
|
@ -22,7 +22,7 @@ spec:
|
|||
TraefikService object allows to:
|
||||
- Apply weight to Services on load-balancing
|
||||
- Mirror traffic on services
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -263,7 +263,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -370,7 +370,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -553,7 +553,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -600,7 +600,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines whether sticky sessions are enabled.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
|
|
@ -217,11 +217,29 @@ Timeout defines how long to wait on an idle session before releasing the related
|
|||
Local plugins configuration. (Default: ```false```)
|
||||
|
||||
`--experimental.localplugins.<name>.modulename`:
|
||||
plugin's module name.
|
||||
Plugin's module name.
|
||||
|
||||
`--experimental.localplugins.<name>.settings`:
|
||||
Plugin's settings (works only for wasm plugins).
|
||||
|
||||
`--experimental.localplugins.<name>.settings.envs`:
|
||||
Environment variables to forward to the wasm guest.
|
||||
|
||||
`--experimental.localplugins.<name>.settings.mounts`:
|
||||
Directory to mount to the wasm guest.
|
||||
|
||||
`--experimental.plugins.<name>.modulename`:
|
||||
plugin's module name.
|
||||
|
||||
`--experimental.plugins.<name>.settings`:
|
||||
Plugin's settings (works only for wasm plugins).
|
||||
|
||||
`--experimental.plugins.<name>.settings.envs`:
|
||||
Environment variables to forward to the wasm guest.
|
||||
|
||||
`--experimental.plugins.<name>.settings.mounts`:
|
||||
Directory to mount to the wasm guest.
|
||||
|
||||
`--experimental.plugins.<name>.version`:
|
||||
plugin's version.
|
||||
|
||||
|
@ -1107,6 +1125,9 @@ TLS insecure skip verify (Default: ```false```)
|
|||
`--tracing.otlp.http.tls.key`:
|
||||
TLS key
|
||||
|
||||
`--tracing.safequeryparams`:
|
||||
Query params to not redact.
|
||||
|
||||
`--tracing.samplerate`:
|
||||
Sets the rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```)
|
||||
|
||||
|
|
|
@ -217,11 +217,29 @@ Timeout defines how long to wait on an idle session before releasing the related
|
|||
Local plugins configuration. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_EXPERIMENTAL_LOCALPLUGINS_<NAME>_MODULENAME`:
|
||||
plugin's module name.
|
||||
Plugin's module name.
|
||||
|
||||
`TRAEFIK_EXPERIMENTAL_LOCALPLUGINS_<NAME>_SETTINGS`:
|
||||
Plugin's settings (works only for wasm plugins).
|
||||
|
||||
`TRAEFIK_EXPERIMENTAL_LOCALPLUGINS_<NAME>_SETTINGS_ENVS`:
|
||||
Environment variables to forward to the wasm guest.
|
||||
|
||||
`TRAEFIK_EXPERIMENTAL_LOCALPLUGINS_<NAME>_SETTINGS_MOUNTS`:
|
||||
Directory to mount to the wasm guest.
|
||||
|
||||
`TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_MODULENAME`:
|
||||
plugin's module name.
|
||||
|
||||
`TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_SETTINGS`:
|
||||
Plugin's settings (works only for wasm plugins).
|
||||
|
||||
`TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_SETTINGS_ENVS`:
|
||||
Environment variables to forward to the wasm guest.
|
||||
|
||||
`TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_SETTINGS_MOUNTS`:
|
||||
Directory to mount to the wasm guest.
|
||||
|
||||
`TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_VERSION`:
|
||||
plugin's version.
|
||||
|
||||
|
@ -1107,6 +1125,9 @@ TLS insecure skip verify (Default: ```false```)
|
|||
`TRAEFIK_TRACING_OTLP_HTTP_TLS_KEY`:
|
||||
TLS key
|
||||
|
||||
`TRAEFIK_TRACING_SAFEQUERYPARAMS`:
|
||||
Query params to not redact.
|
||||
|
||||
`TRAEFIK_TRACING_SAMPLERATE`:
|
||||
Sets the rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```)
|
||||
|
||||
|
|
|
@ -392,6 +392,7 @@
|
|||
serviceName = "foobar"
|
||||
capturedRequestHeaders = ["foobar", "foobar"]
|
||||
capturedResponseHeaders = ["foobar", "foobar"]
|
||||
safeQueryParams = ["foobar", "foobar"]
|
||||
sampleRate = 42.0
|
||||
addInternals = true
|
||||
[tracing.globalAttributes]
|
||||
|
@ -473,14 +474,26 @@
|
|||
[experimental.plugins.Descriptor0]
|
||||
moduleName = "foobar"
|
||||
version = "foobar"
|
||||
[experimental.plugins.Descriptor0.settings]
|
||||
envs = ["foobar", "foobar"]
|
||||
mounts = ["foobar", "foobar"]
|
||||
[experimental.plugins.Descriptor1]
|
||||
moduleName = "foobar"
|
||||
version = "foobar"
|
||||
[experimental.plugins.Descriptor1.settings]
|
||||
envs = ["foobar", "foobar"]
|
||||
mounts = ["foobar", "foobar"]
|
||||
[experimental.localPlugins]
|
||||
[experimental.localPlugins.LocalDescriptor0]
|
||||
moduleName = "foobar"
|
||||
[experimental.localPlugins.LocalDescriptor0.settings]
|
||||
envs = ["foobar", "foobar"]
|
||||
mounts = ["foobar", "foobar"]
|
||||
[experimental.localPlugins.LocalDescriptor1]
|
||||
moduleName = "foobar"
|
||||
[experimental.localPlugins.LocalDescriptor1.settings]
|
||||
envs = ["foobar", "foobar"]
|
||||
mounts = ["foobar", "foobar"]
|
||||
|
||||
[core]
|
||||
defaultRuleSyntax = "foobar"
|
||||
|
|
|
@ -434,6 +434,9 @@ tracing:
|
|||
capturedResponseHeaders:
|
||||
- foobar
|
||||
- foobar
|
||||
safeQueryParams:
|
||||
- foobar
|
||||
- foobar
|
||||
sampleRate: 42
|
||||
addInternals: true
|
||||
otlp:
|
||||
|
@ -512,14 +515,42 @@ experimental:
|
|||
Descriptor0:
|
||||
moduleName: foobar
|
||||
version: foobar
|
||||
settings:
|
||||
envs:
|
||||
- foobar
|
||||
- foobar
|
||||
mounts:
|
||||
- foobar
|
||||
- foobar
|
||||
Descriptor1:
|
||||
moduleName: foobar
|
||||
version: foobar
|
||||
settings:
|
||||
envs:
|
||||
- foobar
|
||||
- foobar
|
||||
mounts:
|
||||
- foobar
|
||||
- foobar
|
||||
localPlugins:
|
||||
LocalDescriptor0:
|
||||
moduleName: foobar
|
||||
settings:
|
||||
envs:
|
||||
- foobar
|
||||
- foobar
|
||||
mounts:
|
||||
- foobar
|
||||
- foobar
|
||||
LocalDescriptor1:
|
||||
moduleName: foobar
|
||||
settings:
|
||||
envs:
|
||||
- foobar
|
||||
- foobar
|
||||
mounts:
|
||||
- foobar
|
||||
- foobar
|
||||
kubernetesGateway: true
|
||||
core:
|
||||
defaultRuleSyntax: foobar
|
||||
|
|
|
@ -1175,3 +1175,25 @@ entryPoints:
|
|||
```
|
||||
|
||||
{!traefik-for-business-applications.md!}
|
||||
|
||||
## Systemd Socket Activation
|
||||
|
||||
Traefik supports [systemd socket activation](https://www.freedesktop.org/software/systemd/man/latest/systemd-socket-activate.html).
|
||||
|
||||
When a socket activation file descriptor name matches an EntryPoint name, the corresponding file descriptor will be used as the TCP listener for the matching EntryPoint.
|
||||
|
||||
```bash
|
||||
systemd-socket-activate -l 80 -l 443 --fdname web:websecure ./traefik --entrypoints.web --entrypoints.websecure
|
||||
```
|
||||
|
||||
!!! warning "EntryPoint Address"
|
||||
|
||||
When a socket activation file descriptor name matches an EntryPoint name its address configuration is ignored.
|
||||
|
||||
!!! warning "TCP Only"
|
||||
|
||||
Socket activation is not yet supported with UDP entryPoints.
|
||||
|
||||
!!! warning "Docker Support"
|
||||
|
||||
Socket activation is not supported by Docker but works with Podman containers.
|
||||
|
|
|
@ -48,7 +48,7 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
|
|||
serviceAccountName: traefik-ingress-controller
|
||||
containers:
|
||||
- name: traefik
|
||||
image: traefik:v3.0
|
||||
image: traefik:v3.1
|
||||
args:
|
||||
- --log.level=DEBUG
|
||||
- --api
|
||||
|
|
|
@ -5,7 +5,7 @@ description: "The Kubernetes Gateway API can be used as a provider for routing a
|
|||
|
||||
# Traefik & Kubernetes
|
||||
|
||||
The Kubernetes Gateway API, The Experimental Way.
|
||||
The Kubernetes Gateway API Controller.
|
||||
{: .subtitle }
|
||||
|
||||
## Configuration Examples
|
||||
|
|
|
@ -130,7 +130,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
|||
serviceAccountName: traefik-ingress-controller
|
||||
containers:
|
||||
- name: traefik
|
||||
image: traefik:v3.0
|
||||
image: traefik:v3.1
|
||||
args:
|
||||
- --entryPoints.web.address=:80
|
||||
- --providers.kubernetesingress
|
||||
|
@ -535,7 +535,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
|
|||
serviceAccountName: traefik-ingress-controller
|
||||
containers:
|
||||
- name: traefik
|
||||
image: traefik:v3.0
|
||||
image: traefik:v3.1
|
||||
args:
|
||||
- --entryPoints.websecure.address=:443
|
||||
- --entryPoints.websecure.http.tls
|
||||
|
@ -728,7 +728,7 @@ For more options, please refer to the available [annotations](#on-ingress).
|
|||
serviceAccountName: traefik-ingress-controller
|
||||
containers:
|
||||
- name: traefik
|
||||
image: traefik:v3.0
|
||||
image: traefik:v3.1
|
||||
args:
|
||||
- --entryPoints.websecure.address=:443
|
||||
- --providers.kubernetesingress
|
||||
|
|
|
@ -26,7 +26,7 @@ spec:
|
|||
serviceAccountName: traefik-ingress-controller
|
||||
containers:
|
||||
- name: traefik
|
||||
image: traefik:v3.0
|
||||
image: traefik:v3.1
|
||||
args:
|
||||
- --api.insecure
|
||||
- --accesslog
|
||||
|
|
|
@ -49,10 +49,10 @@ and the RBAC authorization resources which will be referenced through the `servi
|
|||
|
||||
```bash
|
||||
# Install Traefik Resource Definitions:
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
|
||||
|
||||
# Install RBAC for Traefik:
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
|
||||
```
|
||||
|
||||
### Services
|
||||
|
@ -60,7 +60,7 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/con
|
|||
Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/traefik/whoami).
|
||||
|
||||
```bash
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/user-guides/crd-acme/02-services.yml
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/02-services.yml
|
||||
```
|
||||
|
||||
```yaml
|
||||
|
@ -73,7 +73,7 @@ Next, the deployments, i.e. the actual pods behind the services.
|
|||
Again, one pod for Traefik, and one for the whoami app.
|
||||
|
||||
```bash
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/user-guides/crd-acme/03-deployments.yml
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/03-deployments.yml
|
||||
```
|
||||
|
||||
```yaml
|
||||
|
@ -100,7 +100,7 @@ Look it up.
|
|||
We can now finally apply the actual ingressRoutes, with:
|
||||
|
||||
```bash
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/user-guides/crd-acme/04-ingressroutes.yml
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/04-ingressroutes.yml
|
||||
```
|
||||
|
||||
```yaml
|
||||
|
@ -126,7 +126,7 @@ Nowadays, TLS v1.0 and v1.1 are deprecated.
|
|||
In order to force TLS v1.2 or later on all your IngressRoute, you can define the `default` TLSOption:
|
||||
|
||||
```bash
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/user-guides/crd-acme/05-tlsoption.yml
|
||||
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/05-tlsoption.yml
|
||||
```
|
||||
|
||||
```yaml
|
||||
|
|
|
@ -26,5 +26,5 @@ node:
|
|||
- K3S_CLUSTER_SECRET=somethingtotallyrandom
|
||||
volumes:
|
||||
# this is where you would place a alternative traefik image (saved as a .tar file with
|
||||
# 'docker save'), if you want to use it, instead of the traefik:v3.0 image.
|
||||
# 'docker save'), if you want to use it, instead of the traefik:v3.1 image.
|
||||
- /somewhere/on/your/host/custom-image:/var/lib/rancher/k3s/agent/images
|
||||
|
|
|
@ -3,7 +3,7 @@ version: "3.3"
|
|||
services:
|
||||
|
||||
traefik:
|
||||
image: "traefik:v3.0"
|
||||
image: "traefik:v3.1"
|
||||
container_name: "traefik"
|
||||
command:
|
||||
#- "--log.level=DEBUG"
|
||||
|
|
|
@ -13,7 +13,7 @@ secrets:
|
|||
services:
|
||||
|
||||
traefik:
|
||||
image: "traefik:v3.0"
|
||||
image: "traefik:v3.1"
|
||||
container_name: "traefik"
|
||||
command:
|
||||
#- "--log.level=DEBUG"
|
||||
|
|
|
@ -3,7 +3,7 @@ version: "3.3"
|
|||
services:
|
||||
|
||||
traefik:
|
||||
image: "traefik:v3.0"
|
||||
image: "traefik:v3.1"
|
||||
container_name: "traefik"
|
||||
command:
|
||||
#- "--log.level=DEBUG"
|
||||
|
|
|
@ -3,7 +3,7 @@ version: "3.3"
|
|||
services:
|
||||
|
||||
traefik:
|
||||
image: "traefik:v3.0"
|
||||
image: "traefik:v3.1"
|
||||
container_name: "traefik"
|
||||
command:
|
||||
#- "--log.level=DEBUG"
|
||||
|
|
|
@ -3,7 +3,7 @@ version: "3.3"
|
|||
services:
|
||||
|
||||
traefik:
|
||||
image: "traefik:v3.0"
|
||||
image: "traefik:v3.1"
|
||||
container_name: "traefik"
|
||||
command:
|
||||
#- "--log.level=DEBUG"
|
||||
|
|
|
@ -31,7 +31,7 @@ Create a `docker-compose.yml` file with the following content:
|
|||
services:
|
||||
|
||||
traefik:
|
||||
image: "traefik:v3.0"
|
||||
image: "traefik:v3.1"
|
||||
...
|
||||
networks:
|
||||
- traefiknet
|
||||
|
|
41
go.mod
41
go.mod
|
@ -32,6 +32,7 @@ require (
|
|||
github.com/http-wasm/http-wasm-host-go v0.6.0
|
||||
github.com/influxdata/influxdb-client-go/v2 v2.7.0
|
||||
github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d
|
||||
github.com/juliens/wasm-goexport v0.0.6
|
||||
github.com/klauspost/compress v1.17.2
|
||||
github.com/kvtools/consul v1.0.2
|
||||
github.com/kvtools/etcdv3 v1.0.2
|
||||
|
@ -53,12 +54,14 @@ require (
|
|||
github.com/rs/zerolog v1.29.0
|
||||
github.com/sirupsen/logrus v1.9.3
|
||||
github.com/spiffe/go-spiffe/v2 v2.1.1
|
||||
github.com/stealthrocket/wasi-go v0.8.0
|
||||
github.com/stealthrocket/wazergo v0.19.1
|
||||
github.com/stretchr/testify v1.9.0
|
||||
github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154
|
||||
github.com/tailscale/tscert v0.0.0-20230806124524-28a91b69a046
|
||||
github.com/testcontainers/testcontainers-go v0.30.0
|
||||
github.com/testcontainers/testcontainers-go/modules/k3s v0.30.0
|
||||
github.com/tetratelabs/wazero v1.5.0
|
||||
github.com/tetratelabs/wazero v1.7.2
|
||||
github.com/tidwall/gjson v1.17.0
|
||||
github.com/traefik/grpc-web v0.16.0
|
||||
github.com/traefik/paerser v0.2.0
|
||||
|
@ -67,18 +70,18 @@ require (
|
|||
github.com/unrolled/secure v1.0.9
|
||||
github.com/vulcand/oxy/v2 v2.0.0-20230427132221-be5cf38f3c1c
|
||||
github.com/vulcand/predicate v1.2.0
|
||||
go.opentelemetry.io/collector/pdata v1.2.0
|
||||
go.opentelemetry.io/collector/pdata v1.10.0
|
||||
go.opentelemetry.io/contrib/propagators/autoprop v0.52.0
|
||||
go.opentelemetry.io/otel v1.27.0
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.27.0
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.27.0
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.0
|
||||
go.opentelemetry.io/otel/metric v1.27.0
|
||||
go.opentelemetry.io/otel/sdk v1.27.0
|
||||
go.opentelemetry.io/otel/sdk/metric v1.27.0
|
||||
go.opentelemetry.io/otel/trace v1.27.0
|
||||
go.opentelemetry.io/otel v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
|
||||
go.opentelemetry.io/otel/metric v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
|
||||
go.opentelemetry.io/otel/sdk v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
|
||||
go.opentelemetry.io/otel/sdk/metric v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
|
||||
go.opentelemetry.io/otel/trace v1.27.1-0.20240624175855-921eb701b175 // For security reason we need to follow semconv v1.26.0 and we can't wait for opentelemetry-go-sdk v1.28.0.
|
||||
golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f
|
||||
golang.org/x/mod v0.18.0
|
||||
golang.org/x/net v0.26.0
|
||||
|
@ -96,6 +99,7 @@ require (
|
|||
mvdan.cc/xurls/v2 v2.5.0
|
||||
sigs.k8s.io/controller-runtime v0.18.0
|
||||
sigs.k8s.io/gateway-api v1.1.0
|
||||
sigs.k8s.io/yaml v1.4.0
|
||||
)
|
||||
|
||||
require (
|
||||
|
@ -176,7 +180,7 @@ require (
|
|||
github.com/go-errors/errors v1.0.1 // indirect
|
||||
github.com/go-jose/go-jose/v4 v4.0.2 // indirect
|
||||
github.com/go-logfmt/logfmt v0.5.1 // indirect
|
||||
github.com/go-logr/logr v1.4.1 // indirect
|
||||
github.com/go-logr/logr v1.4.2 // indirect
|
||||
github.com/go-logr/stdr v1.2.2 // indirect
|
||||
github.com/go-logr/zapr v1.3.0 // indirect
|
||||
github.com/go-ole/go-ole v1.2.6 // indirect
|
||||
|
@ -325,7 +329,7 @@ require (
|
|||
go.opentelemetry.io/contrib/propagators/b3 v1.27.0 // indirect
|
||||
go.opentelemetry.io/contrib/propagators/jaeger v1.27.0 // indirect
|
||||
go.opentelemetry.io/contrib/propagators/ot v1.27.0 // indirect
|
||||
go.opentelemetry.io/proto/otlp v1.2.0 // indirect
|
||||
go.opentelemetry.io/proto/otlp v1.3.1 // indirect
|
||||
go.uber.org/atomic v1.11.0 // indirect
|
||||
go.uber.org/mock v0.4.0 // indirect
|
||||
go.uber.org/multierr v1.11.0 // indirect
|
||||
|
@ -338,9 +342,9 @@ require (
|
|||
golang.org/x/term v0.21.0 // indirect
|
||||
google.golang.org/api v0.172.0 // indirect
|
||||
google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20240520151616-dc85e6b867a5 // indirect
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect
|
||||
google.golang.org/protobuf v1.34.1 // indirect
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d // indirect
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d // indirect
|
||||
google.golang.org/protobuf v1.34.2 // indirect
|
||||
gopkg.in/h2non/gock.v1 v1.0.16 // indirect
|
||||
gopkg.in/inf.v0 v0.9.1 // indirect
|
||||
gopkg.in/ini.v1 v1.67.0 // indirect
|
||||
|
@ -352,7 +356,6 @@ require (
|
|||
nhooyr.io/websocket v1.8.7 // indirect
|
||||
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
|
||||
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
|
||||
sigs.k8s.io/yaml v1.4.0 // indirect
|
||||
)
|
||||
|
||||
// Containous forks
|
||||
|
@ -371,3 +374,5 @@ exclude github.com/tencentcloud/tencentcloud-sdk-go v3.0.83+incompatible
|
|||
|
||||
// https://github.com/docker/compose/blob/v2.19.0/go.mod#L12
|
||||
replace github.com/cucumber/godog => github.com/cucumber/godog v0.13.0
|
||||
|
||||
replace github.com/http-wasm/http-wasm-host-go => github.com/traefik/http-wasm-host-go v0.0.0-20240618100324-3c53dcaa1a70
|
||||
|
|
78
go.sum
78
go.sum
|
@ -348,8 +348,8 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG
|
|||
github.com/go-logfmt/logfmt v0.5.1 h1:otpy5pqBCBZ1ng9RQ0dPu4PN7ba75Y/aA+UpowDyNVA=
|
||||
github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
|
||||
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
|
||||
github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
|
||||
github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
|
||||
github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
|
||||
github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
|
||||
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
|
||||
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
|
||||
github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
|
||||
|
@ -592,8 +592,6 @@ github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/J
|
|||
github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY=
|
||||
github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4=
|
||||
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
|
||||
github.com/http-wasm/http-wasm-host-go v0.6.0 h1:Vd4XvcFB3NMgWp2VLCQaiqYgLneN2lChbyN9NGoNDro=
|
||||
github.com/http-wasm/http-wasm-host-go v0.6.0/go.mod h1:zQB3w+df4hryDEqBorGyA1DwPJ86LfKIASNLFuj6CuI=
|
||||
github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
|
||||
github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
|
||||
github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
|
||||
|
@ -635,6 +633,8 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr
|
|||
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
|
||||
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
|
||||
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
|
||||
github.com/juliens/wasm-goexport v0.0.6 h1:YU0c+j0dF/HNy32vgYTA+K/6wnsZXgGc+ihl/UDw8iA=
|
||||
github.com/juliens/wasm-goexport v0.0.6/go.mod h1:VTTpJVY3tIBet0Gv8r5TxdsNg0vDkkqXYm0Hp5hR42A=
|
||||
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
|
||||
github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
|
||||
github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213 h1:qGQQKEcAR99REcMpsXCp3lJ03zYT1PkRd3kQGPn9GVg=
|
||||
|
@ -1051,6 +1051,10 @@ github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5q
|
|||
github.com/spf13/viper v1.7.1/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
|
||||
github.com/spiffe/go-spiffe/v2 v2.1.1 h1:RT9kM8MZLZIsPTH+HKQEP5yaAk3yd/VBzlINaRjXs8k=
|
||||
github.com/spiffe/go-spiffe/v2 v2.1.1/go.mod h1:5qg6rpqlwIub0JAiF1UK9IMD6BpPTmvG6yfSgDBs5lg=
|
||||
github.com/stealthrocket/wasi-go v0.8.0 h1:Hwnv3CUoMhhRyero9vt1vfwaYa9tu/Z5kmCW4WeAmVI=
|
||||
github.com/stealthrocket/wasi-go v0.8.0/go.mod h1:PJ5oVs2E1ciOJnsTnav4nvTtEcJ4D1jUZAewS9pzuZg=
|
||||
github.com/stealthrocket/wazergo v0.19.1 h1:BPrITETPgSFwiytwmToO0MbUC/+RGC39JScz1JmmG6c=
|
||||
github.com/stealthrocket/wazergo v0.19.1/go.mod h1:riI0hxw4ndZA5e6z7PesHg2BtTftcZaMxRcoiGGipTs=
|
||||
github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
|
||||
github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
|
||||
github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI=
|
||||
|
@ -1086,8 +1090,8 @@ github.com/testcontainers/testcontainers-go v0.30.0 h1:jmn/XS22q4YRrcMwWg0pAwlCl
|
|||
github.com/testcontainers/testcontainers-go v0.30.0/go.mod h1:K+kHNGiM5zjklKjgTtcrEetF3uhWbMUyqAQoyoh8Pf0=
|
||||
github.com/testcontainers/testcontainers-go/modules/k3s v0.30.0 h1:Mk47J0WcLoY2ig72lPl+/w8GTPYbRCdHoWcPjV2mVr8=
|
||||
github.com/testcontainers/testcontainers-go/modules/k3s v0.30.0/go.mod h1:CNnA3717kbp5wRxz+gU/cAwX6+4+OOispIsjHmKsEWQ=
|
||||
github.com/tetratelabs/wazero v1.5.0 h1:Yz3fZHivfDiZFUXnWMPUoiW7s8tC1sjdBtlJn08qYa0=
|
||||
github.com/tetratelabs/wazero v1.5.0/go.mod h1:0U0G41+ochRKoPKCJlh0jMg1CHkyfK8kDqiirMmKY8A=
|
||||
github.com/tetratelabs/wazero v1.7.2 h1:1+z5nXJNwMLPAWaTePFi49SSTL0IMx/i3Fg8Yc25GDc=
|
||||
github.com/tetratelabs/wazero v1.7.2/go.mod h1:ytl6Zuh20R/eROuyDaGPkp82O9C/DJfXAwJfQ3X6/7Y=
|
||||
github.com/tidwall/gjson v1.17.0 h1:/Jocvlh98kcTfpN2+JzGQWQcqrPQwDrVEMApx/M5ZwM=
|
||||
github.com/tidwall/gjson v1.17.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
|
||||
github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
|
||||
|
@ -1103,6 +1107,8 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1
|
|||
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
|
||||
github.com/traefik/grpc-web v0.16.0 h1:eeUWZaFg6ZU0I9dWOYE2D5qkNzRBmXzzuRlxdltascY=
|
||||
github.com/traefik/grpc-web v0.16.0/go.mod h1:2ttniSv7pTgBWIU2HZLokxRfFX3SA60c/DTmQQgVml4=
|
||||
github.com/traefik/http-wasm-host-go v0.0.0-20240618100324-3c53dcaa1a70 h1:I+oBnV0orhmasb87yaX54tOAfqrV9+yKoQ1Cum5mq8w=
|
||||
github.com/traefik/http-wasm-host-go v0.0.0-20240618100324-3c53dcaa1a70/go.mod h1:zQB3w+df4hryDEqBorGyA1DwPJ86LfKIASNLFuj6CuI=
|
||||
github.com/traefik/paerser v0.2.0 h1:zqCLGSXoNlcBd+mzqSCLjon/I6phqIjeJL2xFB2ysgQ=
|
||||
github.com/traefik/paerser v0.2.0/go.mod h1:afzaVcgF8A+MpTnPG4wBr4whjanCSYA6vK5RwaYVtRc=
|
||||
github.com/traefik/yaegi v0.16.1 h1:f1De3DVJqIDKmnasUF6MwmWv1dSEEat0wcpXhD2On3E=
|
||||
|
@ -1176,8 +1182,8 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
|
|||
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
|
||||
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
|
||||
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
|
||||
go.opentelemetry.io/collector/pdata v1.2.0 h1:N6VdyEFYJyoHIKqHd0F372eNVD5b+AbH0ZQf7Z2jJ9I=
|
||||
go.opentelemetry.io/collector/pdata v1.2.0/go.mod h1:mKXb6527Syb8PT4P9CZOJNbkuHOHjjGTZNNwSKESJhc=
|
||||
go.opentelemetry.io/collector/pdata v1.10.0 h1:oLyPLGvPTQrcRT64ZVruwvmH/u3SHTfNo01pteS4WOE=
|
||||
go.opentelemetry.io/collector/pdata v1.10.0/go.mod h1:IHxHsp+Jq/xfjORQMDJjSH6jvedOSTOyu3nbxqhWSYE=
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
|
||||
go.opentelemetry.io/contrib/propagators/autoprop v0.52.0 h1:xyRih6jMB0vroMSRdBE+uyKx20BclB/bybJt/LaCxmY=
|
||||
|
@ -1190,29 +1196,29 @@ go.opentelemetry.io/contrib/propagators/jaeger v1.27.0 h1:tJPpZAEsihJgRTnXrPjY3r
|
|||
go.opentelemetry.io/contrib/propagators/jaeger v1.27.0/go.mod h1:5uPAMHJnlTktQbCCdWSX5PfK8CocD25mycIsZV/iFiU=
|
||||
go.opentelemetry.io/contrib/propagators/ot v1.27.0 h1:xFPqk7ntRR87dqvl6RfeHiq9UlE8mPSuL6Dtr/zysL8=
|
||||
go.opentelemetry.io/contrib/propagators/ot v1.27.0/go.mod h1:nVLTPrDlSZPoVdeWRmpWBwxA73TYL6XLkC4bj72jvmg=
|
||||
go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg=
|
||||
go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.27.0 h1:bFgvUr3/O4PHj3VQcFEuYKvRZJX1SJDQ+11JXuSB3/w=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.27.0/go.mod h1:xJntEd2KL6Qdg5lwp97HMLQDVeAhrYxmzFseAMDPQ8I=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.27.0 h1:CIHWikMsN3wO+wq1Tp5VGdVRTcON+DmOJSfDjXypKOc=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.27.0/go.mod h1:TNupZ6cxqyFEpLXAZW7On+mLFL0/g0TE3unIYL91xWc=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 h1:R9DE4kQ4k+YtfLI2ULwX82VtNQ2J8yZmA7ZIF/D+7Mc=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0/go.mod h1:OQFyQVrDlbe+R7xrEyDr/2Wr67Ol0hRUgsfA+V5A95s=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.0 h1:QY7/0NeRPKlzusf40ZE4t1VlMKbqSNT7cJRYzWuja0s=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.0/go.mod h1:HVkSiDhTM9BoUJU8qE6j2eSWLLXvi1USXjyd2BXT8PY=
|
||||
go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik=
|
||||
go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak=
|
||||
go.opentelemetry.io/otel/sdk v1.27.0 h1:mlk+/Y1gLPLn84U4tI8d3GNJmGT/eXe3ZuOXN9kTWmI=
|
||||
go.opentelemetry.io/otel/sdk v1.27.0/go.mod h1:Ha9vbLwJE6W86YstIywK2xFfPjbWlCuwPtMkKdz/Y4A=
|
||||
go.opentelemetry.io/otel/sdk/metric v1.27.0 h1:5uGNOlpXi+Hbo/DRoI31BSb1v+OGcpv2NemcCrOL8gI=
|
||||
go.opentelemetry.io/otel/sdk/metric v1.27.0/go.mod h1:we7jJVrYN2kh3mVBlswtPU22K0SA+769l93J6bsyvqw=
|
||||
go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw=
|
||||
go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4=
|
||||
go.opentelemetry.io/otel v1.27.1-0.20240624175855-921eb701b175 h1:2aQYN3ZllvztGtSIFNT2xGMrwsbPkGXj0O+KgPVsq5A=
|
||||
go.opentelemetry.io/otel v1.27.1-0.20240624175855-921eb701b175/go.mod h1:sAYY1kDqq6Qgmu9OdUrtIhBJAVKevM27kmSzEkEyyBg=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.27.1-0.20240624175855-921eb701b175 h1:awu+mcY8Zh17gkaxch+AY59ZEeZHsct61kce/JUa/Ho=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.27.1-0.20240624175855-921eb701b175/go.mod h1:wwHMT54YgLNroOkp4+XK7PRqCez5DtQayTBR9Wf1CEA=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.27.1-0.20240624175855-921eb701b175 h1:nNu+y3xs12BTRqNVciOBdq1bwUpqHJFs26lhXXnO8/0=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.27.1-0.20240624175855-921eb701b175/go.mod h1:/TESptXGTu8vZX8i19t1TSU4PGo9+gT9pGK/UNAea9I=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.1-0.20240624175855-921eb701b175 h1:ihrS8VlMvzPDy1QJ9yIsrKpcso6XnADVrj33wWxRG6k=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.1-0.20240624175855-921eb701b175/go.mod h1:O6p37S657iklDAWQZrzkHeyOooL0TRG7ADP6jZ1RpF8=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.1-0.20240624175855-921eb701b175 h1:qk6WZWPTf1MDvgLRCECyzbUzugNp2Ybc11fnrj6L/t4=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.1-0.20240624175855-921eb701b175/go.mod h1:A5CvQA6TBgKbMXLU3YrV9WB2m5xQYB50/PLkW1nJA8k=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.1-0.20240624175855-921eb701b175 h1:l47wCNFvbEdVi0U3Ojf5yD6QhrNjuK2N46N9tiCzpNE=
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.1-0.20240624175855-921eb701b175/go.mod h1:vS4rxlVsjAdnvN34PmMKVPKZdQrKVxRw6Tz6qQ+NsY8=
|
||||
go.opentelemetry.io/otel/metric v1.27.1-0.20240624175855-921eb701b175 h1:YGLAewt2Wr/DFRQI6OjqqZ31B+CO3W1bcDWhsIL7r98=
|
||||
go.opentelemetry.io/otel/metric v1.27.1-0.20240624175855-921eb701b175/go.mod h1:YHVa4iPQFl9x0kF/Pxk1MYAbroRbl7zK+vT34w7VsCA=
|
||||
go.opentelemetry.io/otel/sdk v1.27.1-0.20240624175855-921eb701b175 h1:QdXgh+39hJwRYYQ3OgcI4SMawt/rPBgmQdtZYGxzdq8=
|
||||
go.opentelemetry.io/otel/sdk v1.27.1-0.20240624175855-921eb701b175/go.mod h1:Ru3JMbgJMftQARx7nhi0IJotnL2n8bv61IOrAgFpd+s=
|
||||
go.opentelemetry.io/otel/sdk/metric v1.27.1-0.20240624175855-921eb701b175 h1:GYxFdqdupCe5BEORUuWvNMRKeZliRLK8INKCgGzYLRA=
|
||||
go.opentelemetry.io/otel/sdk/metric v1.27.1-0.20240624175855-921eb701b175/go.mod h1:SRwqsyIihvNIPKOVe1CqC4owsJX2vv63U5op9Axd4fI=
|
||||
go.opentelemetry.io/otel/trace v1.27.1-0.20240624175855-921eb701b175 h1:1y2KlY7+gTBn4GZa2yMKqgcb4H2KIOrBSSrG4esCC3g=
|
||||
go.opentelemetry.io/otel/trace v1.27.1-0.20240624175855-921eb701b175/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4=
|
||||
go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
|
||||
go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94=
|
||||
go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A=
|
||||
go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
|
||||
go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
|
||||
go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
||||
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
||||
go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
|
||||
|
@ -1541,10 +1547,10 @@ google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98/go.mod h1:FWY/as6D
|
|||
google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
|
||||
google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY=
|
||||
google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20240520151616-dc85e6b867a5 h1:P8OJ/WCl/Xo4E4zoe4/bifHpSmmKwARqyqE4nW6J2GQ=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20240520151616-dc85e6b867a5/go.mod h1:RGnPtTG7r4i8sPlNyDeikXF99hMM+hN6QMm4ooG9g2g=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 h1:AgADTJarZTBqgjiUzRgfaBchgYB3/WFTC80GPwsMcRI=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d h1:Aqf0fiIdUQEj0Gn9mKFFXoQfTTEaNopWpfVyYADxiSg=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Od4k8V1LQSizPRUK4OzZ7TBE/20k+jPczUDAEyvn69Y=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d h1:k3zyW3BYYR30e8v3x0bTDdE9vpYFjZHK+HcyqkrppWk=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
|
||||
google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
|
||||
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
|
||||
google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM=
|
||||
|
@ -1582,8 +1588,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0
|
|||
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
|
||||
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
|
||||
google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
|
||||
google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
|
||||
google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
|
||||
google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
|
||||
google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
|
||||
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
|
|
|
@ -43,7 +43,7 @@ spec:
|
|||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
|
@ -63,12 +63,12 @@ spec:
|
|||
match:
|
||||
description: |-
|
||||
Match defines the router's rule.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
|
||||
type: string
|
||||
middlewares:
|
||||
description: |-
|
||||
Middlewares defines the list of references to Middleware resources.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
|
||||
items:
|
||||
description: MiddlewareRef is a reference to a Middleware
|
||||
resource.
|
||||
|
@ -88,7 +88,7 @@ spec:
|
|||
priority:
|
||||
description: |-
|
||||
Priority defines the router's priority.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
|
||||
type: integer
|
||||
services:
|
||||
description: |-
|
||||
|
@ -229,7 +229,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -277,7 +277,7 @@ spec:
|
|||
syntax:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
|
||||
type: string
|
||||
required:
|
||||
- kind
|
||||
|
@ -287,18 +287,18 @@ spec:
|
|||
tls:
|
||||
description: |-
|
||||
TLS defines the TLS configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
|
||||
properties:
|
||||
certResolver:
|
||||
description: |-
|
||||
CertResolver defines the name of the certificate resolver to use.
|
||||
Cert resolvers have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
|
||||
type: string
|
||||
domains:
|
||||
description: |-
|
||||
Domains defines the list of domains that will be used to issue certificates.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
|
@ -317,17 +317,17 @@ spec:
|
|||
description: |-
|
||||
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
If not defined, the `default` TLSOption is used.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
properties:
|
||||
name:
|
||||
description: |-
|
||||
Name defines the name of the referenced TLSOption.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace defines the namespace of the referenced TLSOption.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
|
@ -344,12 +344,12 @@ spec:
|
|||
name:
|
||||
description: |-
|
||||
Name defines the name of the referenced TLSStore.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
type: string
|
||||
namespace:
|
||||
description: |-
|
||||
Namespace defines the namespace of the referenced TLSStore.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
|
@ -409,7 +409,7 @@ spec:
|
|||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
|
@ -422,7 +422,7 @@ spec:
|
|||
match:
|
||||
description: |-
|
||||
Match defines the router's rule.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
|
||||
type: string
|
||||
middlewares:
|
||||
description: Middlewares defines the list of references to MiddlewareTCP
|
||||
|
@ -446,7 +446,7 @@ spec:
|
|||
priority:
|
||||
description: |-
|
||||
Priority defines the router's priority.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
|
||||
type: integer
|
||||
services:
|
||||
description: Services defines the list of TCP services.
|
||||
|
@ -487,7 +487,7 @@ spec:
|
|||
proxyProtocol:
|
||||
description: |-
|
||||
ProxyProtocol defines the PROXY protocol configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
|
||||
properties:
|
||||
version:
|
||||
description: Version defines the PROXY Protocol version
|
||||
|
@ -525,7 +525,7 @@ spec:
|
|||
syntax:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
|
||||
type: string
|
||||
required:
|
||||
- match
|
||||
|
@ -534,18 +534,18 @@ spec:
|
|||
tls:
|
||||
description: |-
|
||||
TLS defines the TLS configuration on a layer 4 / TCP Route.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
|
||||
properties:
|
||||
certResolver:
|
||||
description: |-
|
||||
CertResolver defines the name of the certificate resolver to use.
|
||||
Cert resolvers have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
|
||||
type: string
|
||||
domains:
|
||||
description: |-
|
||||
Domains defines the list of domains that will be used to issue certificates.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
|
@ -564,7 +564,7 @@ spec:
|
|||
description: |-
|
||||
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
If not defined, the `default` TLSOption is used.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Traefik
|
||||
|
@ -656,7 +656,7 @@ spec:
|
|||
description: |-
|
||||
EntryPoints defines the list of entry point names to bind to.
|
||||
Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
Default: all.
|
||||
items:
|
||||
type: string
|
||||
|
@ -743,7 +743,7 @@ spec:
|
|||
openAPIV3Schema:
|
||||
description: |-
|
||||
Middleware is the CRD implementation of a Traefik Middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -769,7 +769,7 @@ spec:
|
|||
description: |-
|
||||
AddPrefix holds the add prefix middleware configuration.
|
||||
This middleware updates the path of a request before forwarding it.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
|
||||
properties:
|
||||
prefix:
|
||||
description: |-
|
||||
|
@ -781,12 +781,12 @@ spec:
|
|||
description: |-
|
||||
BasicAuth holds the basic auth middleware configuration.
|
||||
This middleware restricts access to your services to known users.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
|
||||
properties:
|
||||
headerField:
|
||||
description: |-
|
||||
HeaderField defines a header field to store the authenticated user.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
type: string
|
||||
realm:
|
||||
description: |-
|
||||
|
@ -807,7 +807,7 @@ spec:
|
|||
description: |-
|
||||
Buffering holds the buffering middleware configuration.
|
||||
This middleware retries or limits the size of requests that can be forwarded to backends.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
|
||||
properties:
|
||||
maxRequestBodyBytes:
|
||||
description: |-
|
||||
|
@ -839,14 +839,14 @@ spec:
|
|||
description: |-
|
||||
RetryExpression defines the retry conditions.
|
||||
It is a logical combination of functions with operators AND (&&) and OR (||).
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
|
||||
type: string
|
||||
type: object
|
||||
chain:
|
||||
description: |-
|
||||
Chain holds the configuration of the chain middleware.
|
||||
This middleware enables to define reusable combinations of other pieces of middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
|
||||
properties:
|
||||
middlewares:
|
||||
description: Middlewares is the list of MiddlewareRef which composes
|
||||
|
@ -905,7 +905,7 @@ spec:
|
|||
description: |-
|
||||
Compress holds the compress middleware configuration.
|
||||
This middleware compresses responses before sending them to the client, using gzip compression.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
|
||||
properties:
|
||||
defaultEncoding:
|
||||
description: DefaultEncoding specifies the default encoding if
|
||||
|
@ -948,12 +948,12 @@ spec:
|
|||
description: |-
|
||||
DigestAuth holds the digest auth middleware configuration.
|
||||
This middleware restricts access to your services to known users.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
|
||||
properties:
|
||||
headerField:
|
||||
description: |-
|
||||
HeaderField defines a header field to store the authenticated user.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
type: string
|
||||
realm:
|
||||
description: |-
|
||||
|
@ -973,7 +973,7 @@ spec:
|
|||
description: |-
|
||||
ErrorPage holds the custom error middleware configuration.
|
||||
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
|
||||
properties:
|
||||
query:
|
||||
description: |-
|
||||
|
@ -983,7 +983,7 @@ spec:
|
|||
service:
|
||||
description: |-
|
||||
Service defines the reference to a Kubernetes Service that will serve the error page.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
|
||||
properties:
|
||||
healthCheck:
|
||||
description: Healthcheck defines health checks for ExternalName
|
||||
|
@ -1116,7 +1116,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -1174,7 +1174,7 @@ spec:
|
|||
description: |-
|
||||
ForwardAuth holds the forward auth middleware configuration.
|
||||
This middleware delegates the request authentication to a Service.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
|
||||
properties:
|
||||
addAuthCookiesToResponse:
|
||||
description: AddAuthCookiesToResponse defines the list of cookies
|
||||
|
@ -1202,7 +1202,7 @@ spec:
|
|||
authResponseHeadersRegex:
|
||||
description: |-
|
||||
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
type: string
|
||||
tls:
|
||||
description: TLS defines the configuration used to secure the
|
||||
|
@ -1249,7 +1249,7 @@ spec:
|
|||
description: |-
|
||||
Headers holds the headers middleware configuration.
|
||||
This middleware manages the requests and responses headers.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
|
||||
properties:
|
||||
accessControlAllowCredentials:
|
||||
description: AccessControlAllowCredentials defines whether the
|
||||
|
@ -1420,7 +1420,7 @@ spec:
|
|||
description: |-
|
||||
InFlightReq holds the in-flight request middleware configuration.
|
||||
This middleware limits the number of requests being processed and served concurrently.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
|
||||
properties:
|
||||
amount:
|
||||
description: |-
|
||||
|
@ -1433,12 +1433,12 @@ spec:
|
|||
SourceCriterion defines what criterion is used to group requests as originating from a common source.
|
||||
If several strategies are defined at the same time, an error will be raised.
|
||||
If none are set, the default is to use the requestHost.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1467,12 +1467,12 @@ spec:
|
|||
description: |-
|
||||
IPAllowList holds the IP allowlist middleware configuration.
|
||||
This middleware limits allowed requests based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1504,7 +1504,7 @@ spec:
|
|||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1529,7 +1529,7 @@ spec:
|
|||
description: |-
|
||||
PassTLSClientCert holds the pass TLS client cert middleware configuration.
|
||||
This middleware adds the selected data from the passed client TLS certificate to a header.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
|
||||
properties:
|
||||
info:
|
||||
description: Info selects the specific client certificate details
|
||||
|
@ -1638,7 +1638,7 @@ spec:
|
|||
description: |-
|
||||
RateLimit holds the rate limit configuration.
|
||||
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
|
||||
properties:
|
||||
average:
|
||||
description: |-
|
||||
|
@ -1671,7 +1671,7 @@ spec:
|
|||
ipStrategy:
|
||||
description: |-
|
||||
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
|
@ -1700,7 +1700,7 @@ spec:
|
|||
description: |-
|
||||
RedirectRegex holds the redirect regex middleware configuration.
|
||||
This middleware redirects a request using regex matching and replacement.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
|
||||
properties:
|
||||
permanent:
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
|
@ -1719,7 +1719,7 @@ spec:
|
|||
description: |-
|
||||
RedirectScheme holds the redirect scheme middleware configuration.
|
||||
This middleware redirects requests from a scheme/port to another.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
|
||||
properties:
|
||||
permanent:
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
|
@ -1736,7 +1736,7 @@ spec:
|
|||
description: |-
|
||||
ReplacePath holds the replace path middleware configuration.
|
||||
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
|
||||
properties:
|
||||
path:
|
||||
description: Path defines the path to use as replacement in the
|
||||
|
@ -1747,7 +1747,7 @@ spec:
|
|||
description: |-
|
||||
ReplacePathRegex holds the replace path regex middleware configuration.
|
||||
This middleware replaces the path of a URL using regex matching and replacement.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
|
||||
properties:
|
||||
regex:
|
||||
description: Regex defines the regular expression used to match
|
||||
|
@ -1763,7 +1763,7 @@ spec:
|
|||
Retry holds the retry middleware configuration.
|
||||
This middleware reissues requests a given number of times to a backend server if that server does not reply.
|
||||
As soon as the server answers, the middleware stops retrying, regardless of the response status.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
|
||||
properties:
|
||||
attempts:
|
||||
description: Attempts defines how many times the request should
|
||||
|
@ -1785,7 +1785,7 @@ spec:
|
|||
description: |-
|
||||
StripPrefix holds the strip prefix middleware configuration.
|
||||
This middleware removes the specified prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
|
||||
properties:
|
||||
forceSlash:
|
||||
description: |-
|
||||
|
@ -1804,7 +1804,7 @@ spec:
|
|||
description: |-
|
||||
StripPrefixRegex holds the strip prefix regex middleware configuration.
|
||||
This middleware removes the matching prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
|
||||
properties:
|
||||
regex:
|
||||
description: Regex defines the regular expression to match the
|
||||
|
@ -1841,7 +1841,7 @@ spec:
|
|||
openAPIV3Schema:
|
||||
description: |-
|
||||
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -1877,7 +1877,7 @@ spec:
|
|||
description: |-
|
||||
IPAllowList defines the IPAllowList middleware configuration.
|
||||
This middleware accepts/refuses connections based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
|
@ -1891,7 +1891,7 @@ spec:
|
|||
IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
This middleware accepts/refuses connections based on the client IP.
|
||||
Deprecated: please use IPAllowList instead.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/
|
||||
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
|
@ -1930,7 +1930,7 @@ spec:
|
|||
ServersTransport is the CRD implementation of a ServersTransport.
|
||||
If no serversTransport is specified, the default@internal will be used.
|
||||
The default@internal serversTransport is created from the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2069,7 +2069,7 @@ spec:
|
|||
ServersTransportTCP is the CRD implementation of a TCPServersTransport.
|
||||
If no tcpServersTransport is specified, a default one named default@internal will be used.
|
||||
The default@internal tcpServersTransport can be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2187,7 +2187,7 @@ spec:
|
|||
openAPIV3Schema:
|
||||
description: |-
|
||||
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2212,14 +2212,14 @@ spec:
|
|||
alpnProtocols:
|
||||
description: |-
|
||||
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
cipherSuites:
|
||||
description: |-
|
||||
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
|
@ -2247,7 +2247,7 @@ spec:
|
|||
curvePreferences:
|
||||
description: |-
|
||||
CurvePreferences defines the preferred elliptic curves in a specific order.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
|
@ -2303,7 +2303,7 @@ spec:
|
|||
TLSStore is the CRD implementation of a Traefik TLS Store.
|
||||
For the time being, only the TLSStore named default is supported.
|
||||
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores
|
||||
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2401,7 +2401,7 @@ spec:
|
|||
TraefikService object allows to:
|
||||
- Apply weight to Services on load-balancing
|
||||
- Mirror traffic on services
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
|
@ -2642,7 +2642,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -2749,7 +2749,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -2932,7 +2932,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
@ -2979,7 +2979,7 @@ spec:
|
|||
sticky:
|
||||
description: |-
|
||||
Sticky defines whether sticky sessions are enabled.
|
||||
More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
|
||||
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
|
|
|
@ -18,7 +18,6 @@ import (
|
|||
"github.com/testcontainers/testcontainers-go/network"
|
||||
"github.com/traefik/traefik/v3/integration/try"
|
||||
"github.com/traefik/traefik/v3/pkg/version"
|
||||
"gopkg.in/yaml.v3"
|
||||
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
kclientset "k8s.io/client-go/kubernetes"
|
||||
|
@ -35,6 +34,7 @@ import (
|
|||
"sigs.k8s.io/gateway-api/conformance/utils/config"
|
||||
ksuite "sigs.k8s.io/gateway-api/conformance/utils/suite"
|
||||
"sigs.k8s.io/gateway-api/pkg/features"
|
||||
"sigs.k8s.io/yaml"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -230,7 +230,7 @@ func (s *K8sConformanceSuite) TestK8sGatewayAPIConformance() {
|
|||
s.T().Logf("Conformance report:\n%s", string(rawReport))
|
||||
|
||||
require.NoError(s.T(), os.MkdirAll("./conformance-reports", 0o755))
|
||||
outFile := filepath.Join("conformance-reports", fmt.Sprintf("traefik-traefik-%d.yaml", time.Now().UnixNano()))
|
||||
outFile := filepath.Join("conformance-reports", fmt.Sprintf("%s-%s-%s-report.yaml", report.GatewayAPIChannel, report.Version, report.Mode))
|
||||
require.NoError(s.T(), os.WriteFile(outFile, rawReport, 0o600))
|
||||
s.T().Logf("Report written to: %s", outFile)
|
||||
}
|
||||
|
|
|
@ -7,7 +7,7 @@ services:
|
|||
volumes:
|
||||
- ./fixtures/tracing/tempo.yaml:/etc/tempo.yaml
|
||||
otel-collector:
|
||||
image: otel/opentelemetry-collector-contrib:0.89.0
|
||||
image: otel/opentelemetry-collector-contrib:0.103.0
|
||||
volumes:
|
||||
- ./fixtures/tracing/otel-collector-config.yaml:/etc/otelcol-contrib/config.yaml
|
||||
whoami:
|
||||
|
|
|
@ -2,7 +2,9 @@ package integration
|
|||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"os"
|
||||
|
@ -96,27 +98,46 @@ func (s *TracingSuite) TestOpentelemetryBasic_HTTP() {
|
|||
{
|
||||
"batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.0.name": "EntryPoint",
|
||||
"batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_SERVER",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"entry_point\").value.stringValue": "web",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.path\").value.stringValue": "/basic",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
|
||||
"batches.0.scopeSpans.0.spans.0.name": "ReverseProxy",
|
||||
"batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_CLIENT",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.protocol.version\").value.stringValue": "1.1",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.full\").value.stringValue": fmt.Sprintf("http://%s/basic", net.JoinHostPort(s.whoamiIP, "80")),
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.address\").value.stringValue": s.whoamiIP,
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.port\").value.intValue": "80",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.address\").value.stringValue": s.whoamiIP,
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.port\").value.intValue": "80",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.1.name": "Router",
|
||||
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.router.name\").value.stringValue": "router0@file",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.service.name\").value.stringValue": "service0@file",
|
||||
"batches.0.scopeSpans.0.spans.1.name": "Metrics",
|
||||
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-service",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.2.name": "Service",
|
||||
"batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.service.name\").value.stringValue": "service0@file",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.3.name": "ReverseProxy",
|
||||
"batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_CLIENT",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"url.scheme\").value.stringValue": "http",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.3.name": "Router",
|
||||
"batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.service.name\").value.stringValue": "service0@file",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.router.name\").value.stringValue": "router0@file",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"http.route\").value.stringValue": "Path(`/basic`)",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.4.name": "Metrics",
|
||||
"batches.0.scopeSpans.0.spans.4.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-entrypoint",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.5.name": "EntryPoint",
|
||||
"batches.0.scopeSpans.0.spans.5.kind": "SPAN_KIND_SERVER",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"entry_point\").value.stringValue": "web",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"url.path\").value.stringValue": "/basic",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"url.query\").value.stringValue": "",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"server.address\").value.stringValue": "127.0.0.1:8000",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"network.peer.address\").value.stringValue": "127.0.0.1",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
|
||||
},
|
||||
}
|
||||
|
||||
|
@ -145,27 +166,35 @@ func (s *TracingSuite) TestOpentelemetryBasic_gRPC() {
|
|||
{
|
||||
"batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.0.name": "EntryPoint",
|
||||
"batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_SERVER",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"entry_point\").value.stringValue": "web",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.path\").value.stringValue": "/basic",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
|
||||
"batches.0.scopeSpans.0.spans.0.name": "ReverseProxy",
|
||||
"batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_CLIENT",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.protocol.version\").value.stringValue": "1.1",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.full\").value.stringValue": fmt.Sprintf("http://%s/basic", net.JoinHostPort(s.whoamiIP, "80")),
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.address\").value.stringValue": s.whoamiIP,
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.port\").value.intValue": "80",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.address\").value.stringValue": s.whoamiIP,
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.port\").value.intValue": "80",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.1.name": "Router",
|
||||
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.router.name\").value.stringValue": "router0@file",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.service.name\").value.stringValue": "service0@file",
|
||||
"batches.0.scopeSpans.0.spans.1.name": "Metrics",
|
||||
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-service",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.2.name": "Service",
|
||||
"batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.service.name\").value.stringValue": "service0@file",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.3.name": "ReverseProxy",
|
||||
"batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_CLIENT",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"url.scheme\").value.stringValue": "http",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.3.name": "Router",
|
||||
"batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.service.name\").value.stringValue": "service0@file",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.router.name\").value.stringValue": "router0@file",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"http.route\").value.stringValue": "Path(`/basic`)",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.4.name": "Metrics",
|
||||
"batches.0.scopeSpans.0.spans.4.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-entrypoint",
|
||||
},
|
||||
}
|
||||
|
||||
|
@ -215,54 +244,75 @@ func (s *TracingSuite) TestOpentelemetryRateLimit() {
|
|||
{
|
||||
"batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.0.name": "EntryPoint",
|
||||
"batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_SERVER",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"entry_point\").value.stringValue": "web",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.path\").value.stringValue": "/ratelimit",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
|
||||
"batches.0.scopeSpans.0.spans.0.name": "RateLimiter",
|
||||
"batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "ratelimit-1@file",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.1.name": "Router",
|
||||
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.router.name\").value.stringValue": "router1@file",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.service.name\").value.stringValue": "service1@file",
|
||||
"batches.0.scopeSpans.0.spans.1.name": "Retry",
|
||||
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.2.name": "Retry",
|
||||
"batches.0.scopeSpans.0.spans.2.name": "RateLimiter",
|
||||
"batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
|
||||
"batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "ratelimit-1@file",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.3.name": "RateLimiter",
|
||||
"batches.0.scopeSpans.0.spans.3.name": "Retry",
|
||||
"batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "ratelimit-1@file",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"http.request.resend_count\").value.intValue": "1",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.4.name": "Service",
|
||||
"batches.0.scopeSpans.0.spans.4.name": "RateLimiter",
|
||||
"batches.0.scopeSpans.0.spans.4.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"traefik.service.name\").value.stringValue": "service1@file",
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "ratelimit-1@file",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.5.name": "ReverseProxy",
|
||||
"batches.0.scopeSpans.0.spans.5.kind": "SPAN_KIND_CLIENT",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"url.scheme\").value.stringValue": "http",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.5.name": "Retry",
|
||||
"batches.0.scopeSpans.0.spans.5.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"http.request.resend_count\").value.intValue": "2",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.6.name": "Router",
|
||||
"batches.0.scopeSpans.0.spans.6.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"traefik.service.name\").value.stringValue": "service1@file",
|
||||
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"traefik.router.name\").value.stringValue": "router1@file",
|
||||
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"http.route\").value.stringValue": "Path(`/ratelimit`)",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.7.name": "Metrics",
|
||||
"batches.0.scopeSpans.0.spans.7.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-entrypoint",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.8.name": "EntryPoint",
|
||||
"batches.0.scopeSpans.0.spans.8.kind": "SPAN_KIND_SERVER",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"entry_point\").value.stringValue": "web",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"url.path\").value.stringValue": "/ratelimit",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"url.query\").value.stringValue": "",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"server.address\").value.stringValue": "127.0.0.1:8000",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"network.peer.address\").value.stringValue": "127.0.0.1",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"http.response.status_code\").value.intValue": "429",
|
||||
},
|
||||
{
|
||||
"batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.0.name": "EntryPoint",
|
||||
"batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_SERVER",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"entry_point\").value.stringValue": "web",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.path\").value.stringValue": "/ratelimit",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "429",
|
||||
"batches.0.scopeSpans.0.spans.0.name": "ReverseProxy",
|
||||
"batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_CLIENT",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.protocol.version\").value.stringValue": "1.1",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.full\").value.stringValue": fmt.Sprintf("http://%s/ratelimit", net.JoinHostPort(s.whoamiIP, "80")),
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.address\").value.stringValue": s.whoamiIP,
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.port\").value.intValue": "80",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.address\").value.stringValue": s.whoamiIP,
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.port\").value.intValue": "80",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.1.name": "Router",
|
||||
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.router.name\").value.stringValue": "router1@file",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.service.name\").value.stringValue": "service1@file",
|
||||
"batches.0.scopeSpans.0.spans.1.name": "Metrics",
|
||||
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-service",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.2.name": "Retry",
|
||||
"batches.0.scopeSpans.0.spans.2.name": "Service",
|
||||
"batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
|
||||
"batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.service.name\").value.stringValue": "service1@file",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.3.name": "RateLimiter",
|
||||
"batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_INTERNAL",
|
||||
|
@ -271,20 +321,27 @@ func (s *TracingSuite) TestOpentelemetryRateLimit() {
|
|||
"batches.0.scopeSpans.0.spans.4.name": "Retry",
|
||||
"batches.0.scopeSpans.0.spans.4.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"http.resend_count\").value.intValue": "1",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.5.name": "RateLimiter",
|
||||
"batches.0.scopeSpans.0.spans.5.name": "Router",
|
||||
"batches.0.scopeSpans.0.spans.5.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "ratelimit-1@file",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"traefik.service.name\").value.stringValue": "service1@file",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"traefik.router.name\").value.stringValue": "router1@file",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"http.route\").value.stringValue": "Path(`/ratelimit`)",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.6.name": "Retry",
|
||||
"batches.0.scopeSpans.0.spans.6.name": "Metrics",
|
||||
"batches.0.scopeSpans.0.spans.6.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
|
||||
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"http.resend_count\").value.intValue": "2",
|
||||
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-entrypoint",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.7.name": "RateLimiter",
|
||||
"batches.0.scopeSpans.0.spans.7.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "ratelimit-1@file",
|
||||
"batches.0.scopeSpans.0.spans.7.name": "EntryPoint",
|
||||
"batches.0.scopeSpans.0.spans.7.kind": "SPAN_KIND_SERVER",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"entry_point\").value.stringValue": "web",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"url.path\").value.stringValue": "/ratelimit",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"url.query\").value.stringValue": "",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"server.address\").value.stringValue": "127.0.0.1:8000",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"network.peer.address\").value.stringValue": "127.0.0.1",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
|
||||
},
|
||||
}
|
||||
|
||||
|
@ -312,60 +369,102 @@ func (s *TracingSuite) TestOpentelemetryRetry() {
|
|||
{
|
||||
"batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.0.name": "EntryPoint",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.path\").value.stringValue": "/retry",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "502",
|
||||
"batches.0.scopeSpans.0.spans.0.status.code": "STATUS_CODE_ERROR",
|
||||
"batches.0.scopeSpans.0.spans.0.name": "ReverseProxy",
|
||||
"batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_CLIENT",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.protocol.version\").value.stringValue": "1.1",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.full\").value.stringValue": fmt.Sprintf("http://%s/retry", net.JoinHostPort(s.whoamiIP, "81")),
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.address\").value.stringValue": s.whoamiIP,
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.port\").value.intValue": "81",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.address\").value.stringValue": s.whoamiIP,
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.port\").value.intValue": "81",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "502",
|
||||
"batches.0.scopeSpans.0.spans.0.status.code": "STATUS_CODE_ERROR",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.1.name": "Router",
|
||||
"batches.0.scopeSpans.0.spans.1.name": "Metrics",
|
||||
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.service.name\").value.stringValue": "service2@file",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.router.name\").value.stringValue": "router2@file",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-service",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.2.name": "Retry",
|
||||
"batches.0.scopeSpans.0.spans.2.name": "Service",
|
||||
"batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
|
||||
"batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.service.name\").value.stringValue": "service2@file",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.3.name": "Service",
|
||||
"batches.0.scopeSpans.0.spans.3.name": "Retry",
|
||||
"batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.service.name\").value.stringValue": "service2@file",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.4.name": "ReverseProxy",
|
||||
"batches.0.scopeSpans.0.spans.4.kind": "SPAN_KIND_CLIENT",
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"url.scheme\").value.stringValue": "http",
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"http.response.status_code\").value.intValue": "502",
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.4.name": "ReverseProxy",
|
||||
"batches.0.scopeSpans.0.spans.4.kind": "SPAN_KIND_CLIENT",
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"network.protocol.version\").value.stringValue": "1.1",
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"url.full\").value.stringValue": fmt.Sprintf("http://%s/retry", net.JoinHostPort(s.whoamiIP, "81")),
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"network.peer.address\").value.stringValue": s.whoamiIP,
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"network.peer.port\").value.intValue": "81",
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"server.address\").value.stringValue": s.whoamiIP,
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"server.port\").value.intValue": "81",
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"http.response.status_code\").value.intValue": "502",
|
||||
"batches.0.scopeSpans.0.spans.4.status.code": "STATUS_CODE_ERROR",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.5.name": "Retry",
|
||||
"batches.0.scopeSpans.0.spans.5.name": "Metrics",
|
||||
"batches.0.scopeSpans.0.spans.5.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"http.resend_count\").value.intValue": "1",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-service",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.6.name": "Service",
|
||||
"batches.0.scopeSpans.0.spans.6.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"traefik.service.name\").value.stringValue": "service2@file",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.7.name": "ReverseProxy",
|
||||
"batches.0.scopeSpans.0.spans.7.kind": "SPAN_KIND_CLIENT",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"url.scheme\").value.stringValue": "http",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"http.response.status_code\").value.intValue": "502",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.7.name": "Retry",
|
||||
"batches.0.scopeSpans.0.spans.7.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"http.request.resend_count\").value.intValue": "1",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.8.name": "Retry",
|
||||
"batches.0.scopeSpans.0.spans.8.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"http.resend_count\").value.intValue": "2",
|
||||
"batches.0.scopeSpans.0.spans.8.name": "ReverseProxy",
|
||||
"batches.0.scopeSpans.0.spans.8.kind": "SPAN_KIND_CLIENT",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"network.protocol.version\").value.stringValue": "1.1",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"url.full\").value.stringValue": fmt.Sprintf("http://%s/retry", net.JoinHostPort(s.whoamiIP, "81")),
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"network.peer.address\").value.stringValue": s.whoamiIP,
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"network.peer.port\").value.intValue": "81",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"server.address\").value.stringValue": s.whoamiIP,
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"server.port\").value.intValue": "81",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"http.response.status_code\").value.intValue": "502",
|
||||
"batches.0.scopeSpans.0.spans.8.status.code": "STATUS_CODE_ERROR",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.9.name": "Service",
|
||||
"batches.0.scopeSpans.0.spans.9.name": "Metrics",
|
||||
"batches.0.scopeSpans.0.spans.9.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.9.attributes.#(key=\"traefik.service.name\").value.stringValue": "service2@file",
|
||||
"batches.0.scopeSpans.0.spans.9.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-service",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.10.name": "ReverseProxy",
|
||||
"batches.0.scopeSpans.0.spans.10.kind": "SPAN_KIND_CLIENT",
|
||||
"batches.0.scopeSpans.0.spans.10.attributes.#(key=\"url.scheme\").value.stringValue": "http",
|
||||
"batches.0.scopeSpans.0.spans.10.attributes.#(key=\"http.response.status_code\").value.intValue": "502",
|
||||
"batches.0.scopeSpans.0.spans.10.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.10.name": "Service",
|
||||
"batches.0.scopeSpans.0.spans.10.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.10.attributes.#(key=\"traefik.service.name\").value.stringValue": "service2@file",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.11.name": "Retry",
|
||||
"batches.0.scopeSpans.0.spans.11.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.11.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
|
||||
"batches.0.scopeSpans.0.spans.11.attributes.#(key=\"http.request.resend_count\").value.intValue": "2",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.12.name": "Router",
|
||||
"batches.0.scopeSpans.0.spans.12.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.12.attributes.#(key=\"traefik.service.name\").value.stringValue": "service2@file",
|
||||
"batches.0.scopeSpans.0.spans.12.attributes.#(key=\"traefik.router.name\").value.stringValue": "router2@file",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.13.name": "Metrics",
|
||||
"batches.0.scopeSpans.0.spans.13.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.13.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-entrypoint",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.14.name": "EntryPoint",
|
||||
"batches.0.scopeSpans.0.spans.14.kind": "SPAN_KIND_SERVER",
|
||||
"batches.0.scopeSpans.0.spans.14.attributes.#(key=\"entry_point\").value.stringValue": "web",
|
||||
"batches.0.scopeSpans.0.spans.14.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.14.attributes.#(key=\"url.path\").value.stringValue": "/retry",
|
||||
"batches.0.scopeSpans.0.spans.14.attributes.#(key=\"url.query\").value.stringValue": "",
|
||||
"batches.0.scopeSpans.0.spans.14.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.14.attributes.#(key=\"server.address\").value.stringValue": "127.0.0.1:8000",
|
||||
"batches.0.scopeSpans.0.spans.14.attributes.#(key=\"network.peer.address\").value.stringValue": "127.0.0.1",
|
||||
"batches.0.scopeSpans.0.spans.14.attributes.#(key=\"http.response.status_code\").value.intValue": "502",
|
||||
},
|
||||
}
|
||||
|
||||
|
@ -393,21 +492,131 @@ func (s *TracingSuite) TestOpentelemetryAuth() {
|
|||
{
|
||||
"batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.0.name": "EntryPoint",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.path\").value.stringValue": "/auth",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "401",
|
||||
"batches.0.scopeSpans.0.spans.0.name": "BasicAuth",
|
||||
"batches.0.scopeSpans.0.spans.0.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "basic-auth@file",
|
||||
"batches.0.scopeSpans.0.spans.0.status.message": "Authentication failed",
|
||||
"batches.0.scopeSpans.0.spans.0.status.code": "STATUS_CODE_ERROR",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.1.name": "Router",
|
||||
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.router.name\").value.stringValue": "router3@file",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.service.name\").value.stringValue": "service3@file",
|
||||
"batches.0.scopeSpans.0.spans.1.name": "Retry",
|
||||
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.2.name": "BasicAuth",
|
||||
"batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
|
||||
"batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "basic-auth@file",
|
||||
"batches.0.scopeSpans.0.spans.2.status.message": "Authentication failed",
|
||||
"batches.0.scopeSpans.0.spans.2.status.code": "STATUS_CODE_ERROR",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.3.name": "Retry",
|
||||
"batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"http.request.resend_count\").value.intValue": "1",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.4.name": "BasicAuth",
|
||||
"batches.0.scopeSpans.0.spans.4.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "basic-auth@file",
|
||||
"batches.0.scopeSpans.0.spans.4.status.message": "Authentication failed",
|
||||
"batches.0.scopeSpans.0.spans.4.status.code": "STATUS_CODE_ERROR",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.5.name": "Retry",
|
||||
"batches.0.scopeSpans.0.spans.5.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"http.request.resend_count\").value.intValue": "2",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.6.name": "Router",
|
||||
"batches.0.scopeSpans.0.spans.6.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"traefik.service.name\").value.stringValue": "service3@file",
|
||||
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"traefik.router.name\").value.stringValue": "router3@file",
|
||||
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"http.route\").value.stringValue": "Path(`/auth`)",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.7.name": "Metrics",
|
||||
"batches.0.scopeSpans.0.spans.7.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-entrypoint",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.8.name": "EntryPoint",
|
||||
"batches.0.scopeSpans.0.spans.8.kind": "SPAN_KIND_SERVER",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"entry_point\").value.stringValue": "web",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"url.path\").value.stringValue": "/auth",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"url.query\").value.stringValue": "",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"server.address\").value.stringValue": "127.0.0.1:8000",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"network.peer.address\").value.stringValue": "127.0.0.1",
|
||||
"batches.0.scopeSpans.0.spans.8.attributes.#(key=\"http.response.status_code\").value.intValue": "401",
|
||||
},
|
||||
}
|
||||
|
||||
s.checkTraceContent(contains)
|
||||
}
|
||||
|
||||
func (s *TracingSuite) TestOpentelemetrySafeURL() {
|
||||
file := s.adaptFile("fixtures/tracing/simple-opentelemetry.toml", TracingTemplate{
|
||||
WhoamiIP: s.whoamiIP,
|
||||
WhoamiPort: s.whoamiPort,
|
||||
IP: s.otelCollectorIP,
|
||||
})
|
||||
defer os.Remove(file)
|
||||
|
||||
s.traefikCmd(withConfigFile(file))
|
||||
|
||||
// wait for traefik
|
||||
err := try.GetRequest("http://127.0.0.1:8080/api/rawdata", time.Second, try.BodyContains("basic-auth"))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = try.GetRequest("http://test:test@127.0.0.1:8000/auth?api_key=powpow", 500*time.Millisecond, try.StatusCodeIs(http.StatusOK))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
contains := []map[string]string{
|
||||
{
|
||||
"batches.0.scopeSpans.0.scope.name": "github.com/traefik/traefik",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.0.name": "ReverseProxy",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"url.full\").value.stringValue": fmt.Sprintf("http://REDACTED:REDACTED@%s/auth?api_key=REDACTED", net.JoinHostPort(s.whoamiIP, "80")),
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.address\").value.stringValue": s.whoamiIP,
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"network.peer.port\").value.intValue": "80",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.address\").value.stringValue": s.whoamiIP,
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"server.port\").value.intValue": "80",
|
||||
"batches.0.scopeSpans.0.spans.0.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.1.name": "Metrics",
|
||||
"batches.0.scopeSpans.0.spans.1.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.1.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-service",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.2.name": "Service",
|
||||
"batches.0.scopeSpans.0.spans.2.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.2.attributes.#(key=\"traefik.service.name\").value.stringValue": "service3@file",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.3.name": "BasicAuth",
|
||||
"batches.0.scopeSpans.0.spans.3.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.3.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "basic-auth@file",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.4.name": "Retry",
|
||||
"batches.0.scopeSpans.0.spans.4.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.4.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "retry@file",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.5.name": "Router",
|
||||
"batches.0.scopeSpans.0.spans.5.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"traefik.service.name\").value.stringValue": "service3@file",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"traefik.router.name\").value.stringValue": "router3@file",
|
||||
"batches.0.scopeSpans.0.spans.5.attributes.#(key=\"http.route\").value.stringValue": "Path(`/auth`)",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.6.name": "Metrics",
|
||||
"batches.0.scopeSpans.0.spans.6.kind": "SPAN_KIND_INTERNAL",
|
||||
"batches.0.scopeSpans.0.spans.6.attributes.#(key=\"traefik.middleware.name\").value.stringValue": "metrics-entrypoint",
|
||||
|
||||
"batches.0.scopeSpans.0.spans.7.name": "EntryPoint",
|
||||
"batches.0.scopeSpans.0.spans.7.kind": "SPAN_KIND_SERVER",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"entry_point\").value.stringValue": "web",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"http.request.method\").value.stringValue": "GET",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"url.path\").value.stringValue": "/auth",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"url.query\").value.stringValue": "api_key=REDACTED",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"user_agent.original\").value.stringValue": "Go-http-client/1.1",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"server.address\").value.stringValue": "127.0.0.1:8000",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"network.peer.address\").value.stringValue": "127.0.0.1",
|
||||
"batches.0.scopeSpans.0.spans.7.attributes.#(key=\"http.response.status_code\").value.intValue": "200",
|
||||
},
|
||||
}
|
||||
|
||||
|
@ -517,12 +726,22 @@ func (s *TracingSuite) checkTraceContent(expectedJSON []map[string]string) {
|
|||
contents = append(contents, string(content))
|
||||
}
|
||||
|
||||
var missingElements []string
|
||||
for _, expected := range expectedJSON {
|
||||
containsAll(expected, contents)
|
||||
missingElements = append(missingElements, contains(expected, contents)...)
|
||||
}
|
||||
|
||||
log.Printf("Contents: [%s]\n", strings.Join(contents, ","))
|
||||
for _, element := range missingElements {
|
||||
log.Printf("Missing elements:\n%s\n", element)
|
||||
}
|
||||
|
||||
require.Empty(s.T(), missingElements)
|
||||
}
|
||||
|
||||
func containsAll(expectedJSON map[string]string, contents []string) {
|
||||
func contains(expectedJSON map[string]string, contents []string) []string {
|
||||
var missingElements []string
|
||||
|
||||
for k, v := range expectedJSON {
|
||||
found := false
|
||||
for _, content := range contents {
|
||||
|
@ -531,12 +750,12 @@ func containsAll(expectedJSON map[string]string, contents []string) {
|
|||
break
|
||||
}
|
||||
}
|
||||
|
||||
if !found {
|
||||
log.Info().Msgf("[" + strings.Join(contents, ",") + "]")
|
||||
log.Error().Msgf("missing element: \nKey: %q\nValue: %q ", k, v)
|
||||
missingElements = append(missingElements, "Key: "+k+", Value: "+v)
|
||||
}
|
||||
}
|
||||
|
||||
return missingElements
|
||||
}
|
||||
|
||||
// TraceResponse contains a list of traces.
|
||||
|
|
|
@ -194,7 +194,7 @@ func (c *configuration) deprecationNotice(logger zerolog.Logger) bool {
|
|||
if c.Pilot != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Pilot configuration has been removed in v3, please remove all Pilot-related static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#pilot")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#pilot")
|
||||
}
|
||||
|
||||
incompatibleExperimental := c.Experimental.deprecationNotice(logger)
|
||||
|
@ -226,13 +226,13 @@ func (p *providers) deprecationNotice(logger zerolog.Logger) bool {
|
|||
if p.Marathon != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Marathon provider has been removed in v3, please remove all Marathon-related static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#marathon-provider")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#marathon-provider")
|
||||
}
|
||||
|
||||
if p.Rancher != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Rancher provider has been removed in v3, please remove all Rancher-related static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#rancher-v1-provider")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#rancher-v1-provider")
|
||||
}
|
||||
|
||||
dockerIncompatible := p.Docker.deprecationNotice(logger)
|
||||
|
@ -273,14 +273,14 @@ func (d *docker) deprecationNotice(logger zerolog.Logger) bool {
|
|||
if d.SwarmMode != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Docker provider `swarmMode` option has been removed in v3, please use the Swarm Provider instead." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#docker-docker-swarm")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#docker-docker-swarm")
|
||||
}
|
||||
|
||||
if d.TLS != nil && d.TLS.CAOptional != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Docker provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
|
@ -321,7 +321,7 @@ func (e *etcd) deprecationNotice(logger zerolog.Logger) bool {
|
|||
incompatible = true
|
||||
logger.Error().Msg("ETCD provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional_3")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_3")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
|
@ -342,7 +342,7 @@ func (r *redis) deprecationNotice(logger zerolog.Logger) bool {
|
|||
incompatible = true
|
||||
logger.Error().Msg("Redis provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional_4")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_4")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
|
@ -363,14 +363,14 @@ func (c *consul) deprecationNotice(logger zerolog.Logger) bool {
|
|||
if c.Namespace != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Consul provider `namespace` option has been removed, please use the `namespaces` option instead." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#consul-provider")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#consul-provider")
|
||||
}
|
||||
|
||||
if c.TLS != nil && c.TLS.CAOptional != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Consul provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional_1")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_1")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
|
@ -395,14 +395,14 @@ func (c *consulCatalog) deprecationNotice(logger zerolog.Logger) bool {
|
|||
if c.Namespace != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("ConsulCatalog provider `namespace` option has been removed, please use the `namespaces` option instead." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#consulcatalog-provider")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#consulcatalog-provider")
|
||||
}
|
||||
|
||||
if c.Endpoint != nil && c.Endpoint.TLS != nil && c.Endpoint.TLS.CAOptional != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("ConsulCatalog provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#endpointtlscaoptional")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#endpointtlscaoptional")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
|
@ -423,14 +423,14 @@ func (n *nomad) deprecationNotice(logger zerolog.Logger) bool {
|
|||
if n.Namespace != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Nomad provider `namespace` option has been removed, please use the `namespaces` option instead." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#nomad-provider")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#nomad-provider")
|
||||
}
|
||||
|
||||
if n.Endpoint != nil && n.Endpoint.TLS != nil && n.Endpoint.TLS.CAOptional != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Nomad provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#endpointtlscaoptional_1")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#endpointtlscaoptional_1")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
|
@ -451,7 +451,7 @@ func (h *http) deprecationNotice(logger zerolog.Logger) bool {
|
|||
incompatible = true
|
||||
logger.Error().Msg("HTTP provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
|
||||
"Please remove all occurrences from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tlscaoptional_2")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_2")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
|
@ -470,7 +470,7 @@ func (e *experimental) deprecationNotice(logger zerolog.Logger) bool {
|
|||
if e.HTTP3 != nil {
|
||||
logger.Error().Msg("HTTP3 is not an experimental feature in v3 and the associated enablement has been removed." +
|
||||
"Please remove its usage from the static configuration for Traefik to start." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3-details/#http3")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3-details/#http3")
|
||||
|
||||
return true
|
||||
}
|
||||
|
@ -478,7 +478,7 @@ func (e *experimental) deprecationNotice(logger zerolog.Logger) bool {
|
|||
if e.KubernetesGateway != nil {
|
||||
logger.Error().Msg("KubernetesGateway provider is not an experimental feature starting with v3.1." +
|
||||
"Please remove its usage from the static configuration." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v3/#gateway-api-kubernetesgateway-provider")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v3/#gateway-api-kubernetesgateway-provider")
|
||||
}
|
||||
|
||||
return false
|
||||
|
@ -502,49 +502,49 @@ func (t *tracing) deprecationNotice(logger zerolog.Logger) bool {
|
|||
if t.SpanNameLimit != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("SpanNameLimit option for Tracing has been removed in v3, as Span names are now of a fixed length." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
if t.Jaeger != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Jaeger Tracing backend has been removed in v3, please remove all Jaeger-related Tracing static configuration for Traefik to start." +
|
||||
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
if t.Zipkin != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Zipkin Tracing backend has been removed in v3, please remove all Zipkin-related Tracing static configuration for Traefik to start." +
|
||||
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
if t.Datadog != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Datadog Tracing backend has been removed in v3, please remove all Datadog-related Tracing static configuration for Traefik to start." +
|
||||
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
if t.Instana != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Instana Tracing backend has been removed in v3, please remove all Instana-related Tracing static configuration for Traefik to start." +
|
||||
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
if t.Haystack != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Haystack Tracing backend has been removed in v3, please remove all Haystack-related Tracing static configuration for Traefik to start." +
|
||||
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
if t.Elastic != nil {
|
||||
incompatible = true
|
||||
logger.Error().Msg("Elastic Tracing backend has been removed in v3, please remove all Elastic-related Tracing static configuration for Traefik to start." +
|
||||
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#tracing")
|
||||
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
|
||||
}
|
||||
|
||||
return incompatible
|
||||
|
|
|
@ -71,7 +71,7 @@ type ContentType struct {
|
|||
|
||||
// AddPrefix holds the add prefix middleware configuration.
|
||||
// This middleware updates the path of a request before forwarding it.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
|
||||
type AddPrefix struct {
|
||||
// Prefix is the string to add before the current path in the requested URL.
|
||||
// It should include a leading slash (/).
|
||||
|
@ -82,7 +82,7 @@ type AddPrefix struct {
|
|||
|
||||
// BasicAuth holds the basic auth middleware configuration.
|
||||
// This middleware restricts access to your services to known users.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
|
||||
type BasicAuth struct {
|
||||
// Users is an array of authorized users.
|
||||
// Each user must be declared using the name:hashed-password format.
|
||||
|
@ -97,7 +97,7 @@ type BasicAuth struct {
|
|||
// Default: false.
|
||||
RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"`
|
||||
// HeaderField defines a header field to store the authenticated user.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
|
@ -105,7 +105,7 @@ type BasicAuth struct {
|
|||
|
||||
// Buffering holds the buffering middleware configuration.
|
||||
// This middleware retries or limits the size of requests that can be forwarded to backends.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
|
||||
type Buffering struct {
|
||||
// MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
|
||||
// If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
|
||||
|
@ -123,7 +123,7 @@ type Buffering struct {
|
|||
MemResponseBodyBytes int64 `json:"memResponseBodyBytes,omitempty" toml:"memResponseBodyBytes,omitempty" yaml:"memResponseBodyBytes,omitempty" export:"true"`
|
||||
// RetryExpression defines the retry conditions.
|
||||
// It is a logical combination of functions with operators AND (&&) and OR (||).
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
|
||||
RetryExpression string `json:"retryExpression,omitempty" toml:"retryExpression,omitempty" yaml:"retryExpression,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
|
@ -140,7 +140,7 @@ type Chain struct {
|
|||
|
||||
// CircuitBreaker holds the circuit breaker middleware configuration.
|
||||
// This middleware protects the system from stacking requests to unhealthy services, resulting in cascading failures.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/circuitbreaker/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/circuitbreaker/
|
||||
type CircuitBreaker struct {
|
||||
// Expression defines the expression that, once matched, opens the circuit breaker and applies the fallback mechanism instead of calling the services.
|
||||
Expression string `json:"expression,omitempty" toml:"expression,omitempty" yaml:"expression,omitempty" export:"true"`
|
||||
|
@ -166,7 +166,7 @@ func (c *CircuitBreaker) SetDefaults() {
|
|||
|
||||
// Compress holds the compress middleware configuration.
|
||||
// This middleware compresses responses before sending them to the client, using gzip compression.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
|
||||
type Compress struct {
|
||||
// ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
|
||||
// `application/grpc` is always excluded.
|
||||
|
@ -184,7 +184,7 @@ type Compress struct {
|
|||
|
||||
// DigestAuth holds the digest auth middleware configuration.
|
||||
// This middleware restricts access to your services to known users.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
|
||||
type DigestAuth struct {
|
||||
// Users defines the authorized users.
|
||||
// Each user should be declared using the name:realm:encoded-password format.
|
||||
|
@ -197,7 +197,7 @@ type DigestAuth struct {
|
|||
// Default: traefik.
|
||||
Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"`
|
||||
// HeaderField defines a header field to store the authenticated user.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
|
@ -223,7 +223,7 @@ type ErrorPage struct {
|
|||
|
||||
// ForwardAuth holds the forward auth middleware configuration.
|
||||
// This middleware delegates the request authentication to a Service.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
|
||||
type ForwardAuth struct {
|
||||
// Address defines the authentication server address.
|
||||
Address string `json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"`
|
||||
|
@ -234,7 +234,7 @@ type ForwardAuth struct {
|
|||
// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
|
||||
AuthResponseHeaders []string `json:"authResponseHeaders,omitempty" toml:"authResponseHeaders,omitempty" yaml:"authResponseHeaders,omitempty" export:"true"`
|
||||
// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty" toml:"authResponseHeadersRegex,omitempty" yaml:"authResponseHeadersRegex,omitempty" export:"true"`
|
||||
// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
|
||||
// If not set or empty then all request headers are passed.
|
||||
|
@ -261,7 +261,7 @@ type ClientTLS struct {
|
|||
|
||||
// Headers holds the headers middleware configuration.
|
||||
// This middleware manages the requests and responses headers.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
|
||||
type Headers struct {
|
||||
// CustomRequestHeaders defines the header names and values to apply to the request.
|
||||
CustomRequestHeaders map[string]string `json:"customRequestHeaders,omitempty" toml:"customRequestHeaders,omitempty" yaml:"customRequestHeaders,omitempty" export:"true"`
|
||||
|
@ -390,7 +390,7 @@ func (h *Headers) HasSecureHeadersDefined() bool {
|
|||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
|
||||
type IPStrategy struct {
|
||||
// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
|
||||
Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
|
||||
|
@ -431,7 +431,7 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
|
|||
|
||||
// IPWhiteList holds the IP whitelist middleware configuration.
|
||||
// This middleware limits allowed requests based on the client IP.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipwhitelist/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipwhitelist/
|
||||
// Deprecated: please use IPAllowList instead.
|
||||
type IPWhiteList struct {
|
||||
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). Required.
|
||||
|
@ -443,7 +443,7 @@ type IPWhiteList struct {
|
|||
|
||||
// IPAllowList holds the IP allowlist middleware configuration.
|
||||
// This middleware limits allowed requests based on the client IP.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
|
||||
type IPAllowList struct {
|
||||
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
|
||||
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
|
||||
|
@ -457,7 +457,7 @@ type IPAllowList struct {
|
|||
|
||||
// InFlightReq holds the in-flight request middleware configuration.
|
||||
// This middleware limits the number of requests being processed and served concurrently.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
|
||||
type InFlightReq struct {
|
||||
// Amount defines the maximum amount of allowed simultaneous in-flight request.
|
||||
// The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
|
||||
|
@ -465,7 +465,7 @@ type InFlightReq struct {
|
|||
// SourceCriterion defines what criterion is used to group requests as originating from a common source.
|
||||
// If several strategies are defined at the same time, an error will be raised.
|
||||
// If none are set, the default is to use the requestHost.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
|
||||
SourceCriterion *SourceCriterion `json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
|
@ -473,7 +473,7 @@ type InFlightReq struct {
|
|||
|
||||
// PassTLSClientCert holds the pass TLS client cert middleware configuration.
|
||||
// This middleware adds the selected data from the passed client TLS certificate to a header.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
|
||||
type PassTLSClientCert struct {
|
||||
// PEM sets the X-Forwarded-Tls-Client-Cert header with the certificate.
|
||||
PEM bool `json:"pem,omitempty" toml:"pem,omitempty" yaml:"pem,omitempty" export:"true"`
|
||||
|
@ -529,7 +529,7 @@ func (r *RateLimit) SetDefaults() {
|
|||
|
||||
// RedirectRegex holds the redirect regex middleware configuration.
|
||||
// This middleware redirects a request using regex matching and replacement.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
|
||||
type RedirectRegex struct {
|
||||
// Regex defines the regex used to match and capture elements from the request URL.
|
||||
Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty"`
|
||||
|
@ -543,7 +543,7 @@ type RedirectRegex struct {
|
|||
|
||||
// RedirectScheme holds the redirect scheme middleware configuration.
|
||||
// This middleware redirects requests from a scheme/port to another.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
|
||||
type RedirectScheme struct {
|
||||
// Scheme defines the scheme of the new URL.
|
||||
Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
|
||||
|
@ -557,7 +557,7 @@ type RedirectScheme struct {
|
|||
|
||||
// ReplacePath holds the replace path middleware configuration.
|
||||
// This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
|
||||
type ReplacePath struct {
|
||||
// Path defines the path to use as replacement in the request URL.
|
||||
Path string `json:"path,omitempty" toml:"path,omitempty" yaml:"path,omitempty" export:"true"`
|
||||
|
@ -567,7 +567,7 @@ type ReplacePath struct {
|
|||
|
||||
// ReplacePathRegex holds the replace path regex middleware configuration.
|
||||
// This middleware replaces the path of a URL using regex matching and replacement.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
|
||||
type ReplacePathRegex struct {
|
||||
// Regex defines the regular expression used to match and capture the path from the request URL.
|
||||
Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
|
||||
|
@ -580,7 +580,7 @@ type ReplacePathRegex struct {
|
|||
// Retry holds the retry middleware configuration.
|
||||
// This middleware reissues requests a given number of times to a backend server if that server does not reply.
|
||||
// As soon as the server answers, the middleware stops retrying, regardless of the response status.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
|
||||
type Retry struct {
|
||||
// Attempts defines how many times the request should be retried.
|
||||
Attempts int `json:"attempts,omitempty" toml:"attempts,omitempty" yaml:"attempts,omitempty" export:"true"`
|
||||
|
@ -596,7 +596,7 @@ type Retry struct {
|
|||
|
||||
// StripPrefix holds the strip prefix middleware configuration.
|
||||
// This middleware removes the specified prefixes from the URL path.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
|
||||
type StripPrefix struct {
|
||||
// Prefixes defines the prefixes to strip from the request URL.
|
||||
Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"`
|
||||
|
@ -611,7 +611,7 @@ type StripPrefix struct {
|
|||
|
||||
// StripPrefixRegex holds the strip prefix regex middleware configuration.
|
||||
// This middleware removes the matching prefixes from the URL path.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
|
||||
type StripPrefixRegex struct {
|
||||
// Regex defines the regular expression to match the path prefix from the request URL.
|
||||
Regex []string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
|
||||
|
|
|
@ -125,7 +125,7 @@ type TCPServer struct {
|
|||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// ProxyProtocol holds the PROXY Protocol configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
|
||||
type ProxyProtocol struct {
|
||||
// Version defines the PROXY Protocol version to use.
|
||||
Version int `json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"`
|
||||
|
|
|
@ -15,7 +15,7 @@ type TCPMiddleware struct {
|
|||
// TCPInFlightConn holds the TCP InFlightConn middleware configuration.
|
||||
// This middleware prevents services from being overwhelmed with high load,
|
||||
// by limiting the number of allowed simultaneous connections for one IP.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/inflightconn/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/inflightconn/
|
||||
type TCPInFlightConn struct {
|
||||
// Amount defines the maximum amount of allowed simultaneous connections.
|
||||
// The middleware closes the connection if there are already amount connections opened.
|
||||
|
@ -35,7 +35,7 @@ type TCPIPWhiteList struct {
|
|||
|
||||
// TCPIPAllowList holds the TCP IPAllowList middleware configuration.
|
||||
// This middleware limits allowed requests based on the client IP.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
|
||||
type TCPIPAllowList struct {
|
||||
// SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
|
||||
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
|
||||
|
|
|
@ -201,6 +201,7 @@ type Tracing struct {
|
|||
GlobalAttributes map[string]string `description:"Defines additional attributes (key:value) on all spans." json:"globalAttributes,omitempty" toml:"globalAttributes,omitempty" yaml:"globalAttributes,omitempty" export:"true"`
|
||||
CapturedRequestHeaders []string `description:"Request headers to add as attributes for server and client spans." json:"capturedRequestHeaders,omitempty" toml:"capturedRequestHeaders,omitempty" yaml:"capturedRequestHeaders,omitempty" export:"true"`
|
||||
CapturedResponseHeaders []string `description:"Response headers to add as attributes for server and client spans." json:"capturedResponseHeaders,omitempty" toml:"capturedResponseHeaders,omitempty" yaml:"capturedResponseHeaders,omitempty" export:"true"`
|
||||
SafeQueryParams []string `description:"Query params to not redact." json:"safeQueryParams,omitempty" toml:"safeQueryParams,omitempty" yaml:"safeQueryParams,omitempty" export:"true"`
|
||||
SampleRate float64 `description:"Sets the rate between 0.0 and 1.0 of requests to trace." json:"sampleRate,omitempty" toml:"sampleRate,omitempty" yaml:"sampleRate,omitempty" export:"true"`
|
||||
AddInternals bool `description:"Enables tracing for internal services (ping, dashboard, etc...)." json:"addInternals,omitempty" toml:"addInternals,omitempty" yaml:"addInternals,omitempty" export:"true"`
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ import (
|
|||
"go.opentelemetry.io/otel/metric"
|
||||
sdkmetric "go.opentelemetry.io/otel/sdk/metric"
|
||||
"go.opentelemetry.io/otel/sdk/resource"
|
||||
semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
|
||||
semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
|
||||
"google.golang.org/grpc/credentials"
|
||||
"google.golang.org/grpc/encoding/gzip"
|
||||
)
|
||||
|
@ -58,16 +58,16 @@ func NewSemConvMetricRegistry(ctx context.Context, config *types.OTLP) (*SemConv
|
|||
meter := otel.Meter("github.com/traefik/traefik",
|
||||
metric.WithInstrumentationVersion(version.Version))
|
||||
|
||||
httpServerRequestDuration, err := meter.Float64Histogram("http.server.request.duration",
|
||||
metric.WithDescription("Duration of HTTP server requests."),
|
||||
httpServerRequestDuration, err := meter.Float64Histogram(semconv.HTTPServerRequestDurationName,
|
||||
metric.WithDescription(semconv.HTTPServerRequestDurationDescription),
|
||||
metric.WithUnit("s"),
|
||||
metric.WithExplicitBucketBoundaries(config.ExplicitBoundaries...))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("can't build httpServerRequestDuration histogram: %w", err)
|
||||
}
|
||||
|
||||
httpClientRequestDuration, err := meter.Float64Histogram("http.client.request.duration",
|
||||
metric.WithDescription("Duration of HTTP client requests."),
|
||||
httpClientRequestDuration, err := meter.Float64Histogram(semconv.HTTPClientRequestDurationName,
|
||||
metric.WithDescription(semconv.HTTPClientRequestDurationDescription),
|
||||
metric.WithUnit("s"),
|
||||
metric.WithExplicitBucketBoundaries(config.ExplicitBoundaries...))
|
||||
if err != nil {
|
||||
|
|
|
@ -513,7 +513,7 @@ func TestForwardAuthTracing(t *testing.T) {
|
|||
attribute.String("url.scheme", "http"),
|
||||
attribute.String("user_agent.original", ""),
|
||||
attribute.String("network.peer.address", "127.0.0.1"),
|
||||
attribute.String("network.peer.port", serverPort),
|
||||
attribute.Int64("network.peer.port", int64(serverPortInt)),
|
||||
attribute.String("server.address", "127.0.0.1"),
|
||||
attribute.Int64("server.port", int64(serverPortInt)),
|
||||
attribute.StringSlice("http.request.header.x-foo", []string{"foo", "bar"}),
|
||||
|
@ -546,7 +546,7 @@ func TestForwardAuthTracing(t *testing.T) {
|
|||
otel.SetTextMapPropagator(autoprop.NewTextMapPropagator())
|
||||
|
||||
mockTracer := &mockTracer{}
|
||||
tracer := tracing.NewTracer(mockTracer, []string{"X-Foo"}, []string{"X-Bar"})
|
||||
tracer := tracing.NewTracer(mockTracer, []string{"X-Foo"}, []string{"X-Bar"}, []string{"q"})
|
||||
initialCtx, initialSpan := tracer.Start(req.Context(), "initial")
|
||||
defer initialSpan.End()
|
||||
req = req.WithContext(initialCtx)
|
||||
|
|
|
@ -14,7 +14,7 @@ import (
|
|||
"github.com/traefik/traefik/v3/pkg/tracing"
|
||||
"go.opentelemetry.io/otel/attribute"
|
||||
"go.opentelemetry.io/otel/metric"
|
||||
semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
|
||||
semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
|
||||
"go.opentelemetry.io/otel/trace"
|
||||
"go.opentelemetry.io/otel/trace/noop"
|
||||
)
|
||||
|
@ -35,7 +35,7 @@ type entryPointTracing struct {
|
|||
func WrapEntryPointHandler(ctx context.Context, tracer *tracing.Tracer, semConvMetricRegistry *metrics.SemConvMetricsRegistry, entryPointName string) alice.Constructor {
|
||||
return func(next http.Handler) (http.Handler, error) {
|
||||
if tracer == nil {
|
||||
tracer = tracing.NewTracer(noop.Tracer{}, nil, nil)
|
||||
tracer = tracing.NewTracer(noop.Tracer{}, nil, nil, nil)
|
||||
}
|
||||
|
||||
return newEntryPoint(ctx, tracer, semConvMetricRegistry, entryPointName, next), nil
|
||||
|
@ -47,7 +47,7 @@ func newEntryPoint(ctx context.Context, tracer *tracing.Tracer, semConvMetricReg
|
|||
middlewares.GetLogger(ctx, "tracing", entryPointTypeName).Debug().Msg("Creating middleware")
|
||||
|
||||
if tracer == nil {
|
||||
tracer = tracing.NewTracer(noop.Tracer{}, nil, nil)
|
||||
tracer = tracing.NewTracer(noop.Tracer{}, nil, nil, nil)
|
||||
}
|
||||
|
||||
return &entryPointTracing{
|
||||
|
|
|
@ -42,15 +42,14 @@ func TestEntryPointMiddleware_tracing(t *testing.T) {
|
|||
attribute.String("network.protocol.version", "1.1"),
|
||||
attribute.Int64("http.request.body.size", int64(0)),
|
||||
attribute.String("url.path", "/search"),
|
||||
attribute.String("url.query", "q=Opentelemetry"),
|
||||
attribute.String("url.query", "q=Opentelemetry&token=REDACTED"),
|
||||
attribute.String("url.scheme", "http"),
|
||||
attribute.String("user_agent.original", "entrypoint-test"),
|
||||
attribute.String("server.address", "www.test.com"),
|
||||
attribute.String("network.peer.address", "10.0.0.1"),
|
||||
attribute.String("network.peer.port", "1234"),
|
||||
attribute.String("client.address", "10.0.0.1"),
|
||||
attribute.Int64("client.port", int64(1234)),
|
||||
attribute.String("client.socket.address", ""),
|
||||
attribute.Int64("network.peer.port", int64(1234)),
|
||||
attribute.StringSlice("http.request.header.x-foo", []string{"foo", "bar"}),
|
||||
attribute.Int64("http.response.status_code", int64(404)),
|
||||
attribute.StringSlice("http.response.header.x-bar", []string{"foo", "bar"}),
|
||||
|
@ -61,7 +60,7 @@ func TestEntryPointMiddleware_tracing(t *testing.T) {
|
|||
|
||||
for _, test := range testCases {
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
req := httptest.NewRequest(http.MethodGet, "http://www.test.com/search?q=Opentelemetry", nil)
|
||||
req := httptest.NewRequest(http.MethodGet, "http://www.test.com/search?q=Opentelemetry&token=123", nil)
|
||||
rw := httptest.NewRecorder()
|
||||
req.RemoteAddr = "10.0.0.1:1234"
|
||||
req.Header.Set("User-Agent", "entrypoint-test")
|
||||
|
@ -77,7 +76,7 @@ func TestEntryPointMiddleware_tracing(t *testing.T) {
|
|||
|
||||
tracer := &mockTracer{}
|
||||
|
||||
handler := newEntryPoint(context.Background(), tracing.NewTracer(tracer, []string{"X-Foo"}, []string{"X-Bar"}), nil, test.entryPoint, next)
|
||||
handler := newEntryPoint(context.Background(), tracing.NewTracer(tracer, []string{"X-Foo"}, []string{"X-Bar"}, []string{"q"}), nil, test.entryPoint, next)
|
||||
handler.ServeHTTP(rw, req)
|
||||
|
||||
for _, span := range tracer.spans {
|
||||
|
|
|
@ -9,7 +9,7 @@ import (
|
|||
"github.com/traefik/traefik/v3/pkg/middlewares"
|
||||
"github.com/traefik/traefik/v3/pkg/tracing"
|
||||
"go.opentelemetry.io/otel/attribute"
|
||||
semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
|
||||
semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
|
||||
"go.opentelemetry.io/otel/trace"
|
||||
)
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ import (
|
|||
"github.com/traefik/traefik/v3/pkg/middlewares"
|
||||
"github.com/traefik/traefik/v3/pkg/tracing"
|
||||
"go.opentelemetry.io/otel/attribute"
|
||||
semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
|
||||
semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
|
||||
"go.opentelemetry.io/otel/trace"
|
||||
)
|
||||
|
||||
|
@ -95,7 +95,7 @@ func (r *retry) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
|||
currentSpan.SetAttributes(attribute.String("traefik.middleware.name", r.name))
|
||||
// Only add the attribute "http.resend_count" defined by semantic conventions starting from second attempt.
|
||||
if attempts > 1 {
|
||||
currentSpan.SetAttributes(semconv.HTTPResendCount(attempts - 1))
|
||||
currentSpan.SetAttributes(semconv.HTTPRequestResendCount(attempts - 1))
|
||||
}
|
||||
|
||||
req = req.WithContext(tracingCtx)
|
||||
|
|
|
@ -52,7 +52,7 @@ func NewBuilder(client *Client, plugins map[string]Descriptor, localPlugins map[
|
|||
|
||||
switch manifest.Type {
|
||||
case typeMiddleware:
|
||||
middleware, err := newMiddlewareBuilder(logCtx, client.GoPath(), manifest, desc.ModuleName)
|
||||
middleware, err := newMiddlewareBuilder(logCtx, client.GoPath(), manifest, desc.ModuleName, desc.Settings)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -87,7 +87,7 @@ func NewBuilder(client *Client, plugins map[string]Descriptor, localPlugins map[
|
|||
|
||||
switch manifest.Type {
|
||||
case typeMiddleware:
|
||||
middleware, err := newMiddlewareBuilder(logCtx, localGoPath, manifest, desc.ModuleName)
|
||||
middleware, err := newMiddlewareBuilder(logCtx, localGoPath, manifest, desc.ModuleName, desc.Settings)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -128,7 +128,7 @@ func (b Builder) Build(pName string, config map[string]interface{}, middlewareNa
|
|||
return nil, fmt.Errorf("unknown plugin type: %s", pName)
|
||||
}
|
||||
|
||||
func newMiddlewareBuilder(ctx context.Context, goPath string, manifest *Manifest, moduleName string) (middlewareBuilder, error) {
|
||||
func newMiddlewareBuilder(ctx context.Context, goPath string, manifest *Manifest, moduleName string, settings Settings) (middlewareBuilder, error) {
|
||||
switch manifest.Runtime {
|
||||
case runtimeWasm:
|
||||
wasmPath, err := getWasmPath(manifest)
|
||||
|
@ -136,7 +136,7 @@ func newMiddlewareBuilder(ctx context.Context, goPath string, manifest *Manifest
|
|||
return nil, fmt.Errorf("wasm path: %w", err)
|
||||
}
|
||||
|
||||
return newWasmMiddlewareBuilder(goPath, moduleName, wasmPath), nil
|
||||
return newWasmMiddlewareBuilder(goPath, moduleName, wasmPath, settings)
|
||||
|
||||
case runtimeYaegi, "":
|
||||
i, err := newInterpreter(ctx, goPath, manifest.Import)
|
||||
|
|
|
@ -8,20 +8,38 @@ import (
|
|||
"os"
|
||||
"path/filepath"
|
||||
"reflect"
|
||||
"strings"
|
||||
|
||||
"github.com/http-wasm/http-wasm-host-go/handler"
|
||||
wasm "github.com/http-wasm/http-wasm-host-go/handler/nethttp"
|
||||
"github.com/juliens/wasm-goexport/host"
|
||||
"github.com/tetratelabs/wazero"
|
||||
"github.com/traefik/traefik/v3/pkg/logs"
|
||||
"github.com/traefik/traefik/v3/pkg/middlewares"
|
||||
)
|
||||
|
||||
type wasmMiddlewareBuilder struct {
|
||||
path string
|
||||
path string
|
||||
cache wazero.CompilationCache
|
||||
settings Settings
|
||||
}
|
||||
|
||||
func newWasmMiddlewareBuilder(goPath string, moduleName, wasmPath string) *wasmMiddlewareBuilder {
|
||||
return &wasmMiddlewareBuilder{path: filepath.Join(goPath, "src", moduleName, wasmPath)}
|
||||
func newWasmMiddlewareBuilder(goPath, moduleName, wasmPath string, settings Settings) (*wasmMiddlewareBuilder, error) {
|
||||
ctx := context.Background()
|
||||
path := filepath.Join(goPath, "src", moduleName, wasmPath)
|
||||
cache := wazero.NewCompilationCache()
|
||||
|
||||
code, err := os.ReadFile(path)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("loading Wasm binary: %w", err)
|
||||
}
|
||||
|
||||
rt := wazero.NewRuntimeWithConfig(ctx, wazero.NewRuntimeConfig().WithCompilationCache(cache))
|
||||
if _, err = rt.CompileModule(ctx, code); err != nil {
|
||||
return nil, fmt.Errorf("compiling guest module: %w", err)
|
||||
}
|
||||
|
||||
return &wasmMiddlewareBuilder{path: path, cache: cache, settings: settings}, nil
|
||||
}
|
||||
|
||||
func (b wasmMiddlewareBuilder) newMiddleware(config map[string]interface{}, middlewareName string) (pluginMiddleware, error) {
|
||||
|
@ -33,15 +51,64 @@ func (b wasmMiddlewareBuilder) newMiddleware(config map[string]interface{}, midd
|
|||
}
|
||||
|
||||
func (b wasmMiddlewareBuilder) newHandler(ctx context.Context, next http.Handler, cfg reflect.Value, middlewareName string) (http.Handler, error) {
|
||||
h, applyCtx, err := b.buildMiddleware(ctx, next, cfg, middlewareName)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("building Wasm middleware: %w", err)
|
||||
}
|
||||
|
||||
return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
||||
h.ServeHTTP(rw, req.WithContext(applyCtx(req.Context())))
|
||||
}), nil
|
||||
}
|
||||
|
||||
func (b *wasmMiddlewareBuilder) buildMiddleware(ctx context.Context, next http.Handler, cfg reflect.Value, middlewareName string) (http.Handler, func(ctx context.Context) context.Context, error) {
|
||||
code, err := os.ReadFile(b.path)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("loading Wasm binary: %w", err)
|
||||
return nil, nil, fmt.Errorf("loading binary: %w", err)
|
||||
}
|
||||
|
||||
rt := host.NewRuntime(wazero.NewRuntimeWithConfig(ctx, wazero.NewRuntimeConfig().WithCompilationCache(b.cache)))
|
||||
|
||||
guestModule, err := rt.CompileModule(ctx, code)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("compiling guest module: %w", err)
|
||||
}
|
||||
|
||||
applyCtx, err := InstantiateHost(ctx, rt, guestModule, b.settings)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("instantiating host module: %w", err)
|
||||
}
|
||||
|
||||
logger := middlewares.GetLogger(ctx, middlewareName, "wasm")
|
||||
|
||||
config := wazero.NewModuleConfig().WithSysWalltime()
|
||||
for _, env := range b.settings.Envs {
|
||||
config.WithEnv(env, os.Getenv(env))
|
||||
}
|
||||
|
||||
if len(b.settings.Mounts) > 0 {
|
||||
fsConfig := wazero.NewFSConfig()
|
||||
for _, mount := range b.settings.Mounts {
|
||||
withDir := fsConfig.WithDirMount
|
||||
prefix, readOnly := strings.CutSuffix(mount, ":ro")
|
||||
if readOnly {
|
||||
withDir = fsConfig.WithReadOnlyDirMount
|
||||
}
|
||||
parts := strings.Split(prefix, ":")
|
||||
switch {
|
||||
case len(parts) == 1:
|
||||
withDir(parts[0], parts[0])
|
||||
case len(parts) == 2:
|
||||
withDir(parts[0], parts[1])
|
||||
default:
|
||||
return nil, nil, fmt.Errorf("invalid directory %q", mount)
|
||||
}
|
||||
}
|
||||
config.WithFSConfig(fsConfig)
|
||||
}
|
||||
|
||||
opts := []handler.Option{
|
||||
handler.ModuleConfig(wazero.NewModuleConfig().WithSysWalltime()),
|
||||
handler.ModuleConfig(config),
|
||||
handler.Logger(logs.NewWasmLogger(logger)),
|
||||
}
|
||||
|
||||
|
@ -49,23 +116,27 @@ func (b wasmMiddlewareBuilder) newHandler(ctx context.Context, next http.Handler
|
|||
if i != nil {
|
||||
config, ok := i.(map[string]interface{})
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("could not type assert config: %T", i)
|
||||
return nil, nil, fmt.Errorf("could not type assert config: %T", i)
|
||||
}
|
||||
|
||||
data, err := json.Marshal(config)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("marshaling config: %w", err)
|
||||
return nil, nil, fmt.Errorf("marshaling config: %w", err)
|
||||
}
|
||||
|
||||
opts = append(opts, handler.GuestConfig(data))
|
||||
}
|
||||
|
||||
mw, err := wasm.NewMiddleware(context.Background(), code, opts...)
|
||||
opts = append(opts, handler.Runtime(func(ctx context.Context) (wazero.Runtime, error) {
|
||||
return rt, nil
|
||||
}))
|
||||
|
||||
mw, err := wasm.NewMiddleware(applyCtx(ctx), code, opts...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, nil, fmt.Errorf("creating middleware: %w", err)
|
||||
}
|
||||
|
||||
return mw.NewHandler(ctx, next), nil
|
||||
return mw.NewHandler(ctx, next), applyCtx, nil
|
||||
}
|
||||
|
||||
// WasmMiddleware is an HTTP handler plugin wrapper.
|
||||
|
|
|
@ -10,6 +10,11 @@ const (
|
|||
typeProvider = "provider"
|
||||
)
|
||||
|
||||
type Settings struct {
|
||||
Envs []string `description:"Environment variables to forward to the wasm guest." json:"envs,omitempty" toml:"envs,omitempty" yaml:"envs,omitempty"`
|
||||
Mounts []string `description:"Directory to mount to the wasm guest." json:"mounts,omitempty" toml:"mounts,omitempty" yaml:"mounts,omitempty"`
|
||||
}
|
||||
|
||||
// Descriptor The static part of a plugin configuration.
|
||||
type Descriptor struct {
|
||||
// ModuleName (required)
|
||||
|
@ -17,12 +22,18 @@ type Descriptor struct {
|
|||
|
||||
// Version (required)
|
||||
Version string `description:"plugin's version." json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"`
|
||||
|
||||
// Settings (optional)
|
||||
Settings Settings `description:"Plugin's settings (works only for wasm plugins)." json:"settings,omitempty" toml:"settings,omitempty" yaml:"settings,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
// LocalDescriptor The static part of a local plugin configuration.
|
||||
type LocalDescriptor struct {
|
||||
// ModuleName (required)
|
||||
ModuleName string `description:"plugin's module name." json:"moduleName,omitempty" toml:"moduleName,omitempty" yaml:"moduleName,omitempty" export:"true"`
|
||||
ModuleName string `description:"Plugin's module name." json:"moduleName,omitempty" toml:"moduleName,omitempty" yaml:"moduleName,omitempty" export:"true"`
|
||||
|
||||
// Settings (optional)
|
||||
Settings Settings `description:"Plugin's settings (works only for wasm plugins)." json:"settings,omitempty" toml:"settings,omitempty" yaml:"settings,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
// Manifest The plugin manifest.
|
||||
|
|
59
pkg/plugins/wasip.go
Normal file
59
pkg/plugins/wasip.go
Normal file
|
@ -0,0 +1,59 @@
|
|||
//go:build !windows
|
||||
|
||||
package plugins
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"github.com/stealthrocket/wasi-go/imports"
|
||||
wazergo_wasip1 "github.com/stealthrocket/wasi-go/imports/wasi_snapshot_preview1"
|
||||
"github.com/stealthrocket/wazergo"
|
||||
"github.com/tetratelabs/wazero"
|
||||
wazero_wasip1 "github.com/tetratelabs/wazero/imports/wasi_snapshot_preview1"
|
||||
)
|
||||
|
||||
type ContextApplier func(ctx context.Context) context.Context
|
||||
|
||||
// InstantiateHost instantiates the Host module according to the guest requirements (for now only SocketExtensions).
|
||||
func InstantiateHost(ctx context.Context, runtime wazero.Runtime, mod wazero.CompiledModule, settings Settings) (ContextApplier, error) {
|
||||
if extension := imports.DetectSocketsExtension(mod); extension != nil {
|
||||
envs := []string{}
|
||||
for _, env := range settings.Envs {
|
||||
envs = append(envs, fmt.Sprintf("%s=%s", env, os.Getenv(env)))
|
||||
}
|
||||
|
||||
builder := imports.NewBuilder().WithSocketsExtension("auto", mod)
|
||||
if len(envs) > 0 {
|
||||
builder.WithEnv(envs...)
|
||||
}
|
||||
|
||||
if len(settings.Mounts) > 0 {
|
||||
builder.WithDirs(settings.Mounts...)
|
||||
}
|
||||
|
||||
ctx, sys, err := builder.Instantiate(ctx, runtime)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
inst, err := wazergo.Instantiate(ctx, runtime, wazergo_wasip1.NewHostModule(*extension), wazergo_wasip1.WithWASI(sys))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("wazergo instantiation: %w", err)
|
||||
}
|
||||
|
||||
return func(ctx context.Context) context.Context {
|
||||
return wazergo.WithModuleInstance(ctx, inst)
|
||||
}, nil
|
||||
}
|
||||
|
||||
_, err := wazero_wasip1.Instantiate(ctx, runtime)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("wazero instantiation: %w", err)
|
||||
}
|
||||
|
||||
return func(ctx context.Context) context.Context {
|
||||
return ctx
|
||||
}, nil
|
||||
}
|
18
pkg/plugins/wasip_windows.go
Normal file
18
pkg/plugins/wasip_windows.go
Normal file
|
@ -0,0 +1,18 @@
|
|||
//go:build windows
|
||||
|
||||
package plugins
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/tetratelabs/wazero"
|
||||
)
|
||||
|
||||
type ContextApplier func(ctx context.Context) context.Context
|
||||
|
||||
// InstantiateHost instantiates the Host module.
|
||||
func InstantiateHost(ctx context.Context, runtime wazero.Runtime, mod wazero.CompiledModule, settings Settings) (ContextApplier, error) {
|
||||
return func(ctx context.Context) context.Context {
|
||||
return ctx
|
||||
}, nil
|
||||
}
|
|
@ -13,75 +13,75 @@ type IngressRouteSpec struct {
|
|||
Routes []Route `json:"routes"`
|
||||
// EntryPoints defines the list of entry point names to bind to.
|
||||
// Entry points have to be configured in the static configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
// Default: all.
|
||||
EntryPoints []string `json:"entryPoints,omitempty"`
|
||||
// TLS defines the TLS configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
|
||||
TLS *TLS `json:"tls,omitempty"`
|
||||
}
|
||||
|
||||
// Route holds the HTTP route configuration.
|
||||
type Route struct {
|
||||
// Match defines the router's rule.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
|
||||
Match string `json:"match"`
|
||||
// Kind defines the kind of the route.
|
||||
// Rule is the only supported kind.
|
||||
// +kubebuilder:validation:Enum=Rule
|
||||
Kind string `json:"kind"`
|
||||
// Priority defines the router's priority.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
|
||||
Priority int `json:"priority,omitempty"`
|
||||
// Syntax defines the router's rule syntax.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
|
||||
Syntax string `json:"syntax,omitempty"`
|
||||
// Services defines the list of Service.
|
||||
// It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
|
||||
Services []Service `json:"services,omitempty"`
|
||||
// Middlewares defines the list of references to Middleware resources.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
|
||||
Middlewares []MiddlewareRef `json:"middlewares,omitempty"`
|
||||
}
|
||||
|
||||
// TLS holds the TLS configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
|
||||
type TLS struct {
|
||||
// SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
|
||||
SecretName string `json:"secretName,omitempty"`
|
||||
// Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
// If not defined, the `default` TLSOption is used.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
Options *TLSOptionRef `json:"options,omitempty"`
|
||||
// Store defines the reference to the TLSStore, that will be used to store certificates.
|
||||
// Please note that only `default` TLSStore can be used.
|
||||
Store *TLSStoreRef `json:"store,omitempty"`
|
||||
// CertResolver defines the name of the certificate resolver to use.
|
||||
// Cert resolvers have to be configured in the static configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
|
||||
CertResolver string `json:"certResolver,omitempty"`
|
||||
// Domains defines the list of domains that will be used to issue certificates.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
|
||||
Domains []types.Domain `json:"domains,omitempty"`
|
||||
}
|
||||
|
||||
// TLSOptionRef is a reference to a TLSOption resource.
|
||||
type TLSOptionRef struct {
|
||||
// Name defines the name of the referenced TLSOption.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
Name string `json:"name"`
|
||||
// Namespace defines the namespace of the referenced TLSOption.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
|
||||
Namespace string `json:"namespace,omitempty"`
|
||||
}
|
||||
|
||||
// TLSStoreRef is a reference to a TLSStore resource.
|
||||
type TLSStoreRef struct {
|
||||
// Name defines the name of the referenced TLSStore.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
Name string `json:"name"`
|
||||
// Namespace defines the namespace of the referenced TLSStore.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
|
||||
Namespace string `json:"namespace,omitempty"`
|
||||
}
|
||||
|
||||
|
@ -98,7 +98,7 @@ type LoadBalancerSpec struct {
|
|||
// Namespace defines the namespace of the referenced Kubernetes Service or TraefikService.
|
||||
Namespace string `json:"namespace,omitempty"`
|
||||
// Sticky defines the sticky sessions configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
|
||||
Sticky *dynamic.Sticky `json:"sticky,omitempty"`
|
||||
// Port defines the port of a Kubernetes Service.
|
||||
// This can be a reference to a named port.
|
||||
|
|
|
@ -13,24 +13,24 @@ type IngressRouteTCPSpec struct {
|
|||
Routes []RouteTCP `json:"routes"`
|
||||
// EntryPoints defines the list of entry point names to bind to.
|
||||
// Entry points have to be configured in the static configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
// Default: all.
|
||||
EntryPoints []string `json:"entryPoints,omitempty"`
|
||||
// TLS defines the TLS configuration on a layer 4 / TCP Route.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
|
||||
TLS *TLSTCP `json:"tls,omitempty"`
|
||||
}
|
||||
|
||||
// RouteTCP holds the TCP route configuration.
|
||||
type RouteTCP struct {
|
||||
// Match defines the router's rule.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
|
||||
Match string `json:"match"`
|
||||
// Priority defines the router's priority.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
|
||||
Priority int `json:"priority,omitempty"`
|
||||
// Syntax defines the router's rule syntax.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
|
||||
Syntax string `json:"syntax,omitempty"`
|
||||
// Services defines the list of TCP services.
|
||||
Services []ServiceTCP `json:"services,omitempty"`
|
||||
|
@ -39,7 +39,7 @@ type RouteTCP struct {
|
|||
}
|
||||
|
||||
// TLSTCP holds the TLS configuration for an IngressRouteTCP.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
|
||||
type TLSTCP struct {
|
||||
// SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
|
||||
SecretName string `json:"secretName,omitempty"`
|
||||
|
@ -47,17 +47,17 @@ type TLSTCP struct {
|
|||
Passthrough bool `json:"passthrough,omitempty"`
|
||||
// Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
|
||||
// If not defined, the `default` TLSOption is used.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
Options *ObjectReference `json:"options,omitempty"`
|
||||
// Store defines the reference to the TLSStore, that will be used to store certificates.
|
||||
// Please note that only `default` TLSStore can be used.
|
||||
Store *ObjectReference `json:"store,omitempty"`
|
||||
// CertResolver defines the name of the certificate resolver to use.
|
||||
// Cert resolvers have to be configured in the static configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
|
||||
CertResolver string `json:"certResolver,omitempty"`
|
||||
// Domains defines the list of domains that will be used to issue certificates.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
|
||||
Domains []types.Domain `json:"domains,omitempty"`
|
||||
}
|
||||
|
||||
|
@ -80,7 +80,7 @@ type ServiceTCP struct {
|
|||
// Deprecated: TerminationDelay is not supported APIVersion traefik.io/v1, please use ServersTransport to configure the TerminationDelay instead.
|
||||
TerminationDelay *int `json:"terminationDelay,omitempty"`
|
||||
// ProxyProtocol defines the PROXY protocol configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
|
||||
ProxyProtocol *dynamic.ProxyProtocol `json:"proxyProtocol,omitempty"`
|
||||
// ServersTransport defines the name of ServersTransportTCP resource to use.
|
||||
// It allows to configure the transport between Traefik and your servers.
|
||||
|
|
|
@ -11,7 +11,7 @@ type IngressRouteUDPSpec struct {
|
|||
Routes []RouteUDP `json:"routes"`
|
||||
// EntryPoints defines the list of entry point names to bind to.
|
||||
// Entry points have to be configured in the static configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
|
||||
// Default: all.
|
||||
EntryPoints []string `json:"entryPoints,omitempty"`
|
||||
}
|
||||
|
|
|
@ -12,7 +12,7 @@ import (
|
|||
// +kubebuilder:storageversion
|
||||
|
||||
// Middleware is the CRD implementation of a Traefik Middleware.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
|
||||
type Middleware struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
// Standard object's metadata.
|
||||
|
@ -60,7 +60,7 @@ type MiddlewareSpec struct {
|
|||
|
||||
// ErrorPage holds the custom error middleware configuration.
|
||||
// This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
|
||||
type ErrorPage struct {
|
||||
// Status defines which status or range of statuses should result in an error page.
|
||||
// It can be either a status code as a number (500),
|
||||
|
@ -69,7 +69,7 @@ type ErrorPage struct {
|
|||
// or a combination of the two (404,418,500-599).
|
||||
Status []string `json:"status,omitempty"`
|
||||
// Service defines the reference to a Kubernetes Service that will serve the error page.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
|
||||
Service Service `json:"service,omitempty"`
|
||||
// Query defines the URL for the error page (hosted by service).
|
||||
// The {status} variable can be used in order to insert the status code in the URL.
|
||||
|
@ -96,7 +96,7 @@ type CircuitBreaker struct {
|
|||
|
||||
// Chain holds the configuration of the chain middleware.
|
||||
// This middleware enables to define reusable combinations of other pieces of middleware.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
|
||||
type Chain struct {
|
||||
// Middlewares is the list of MiddlewareRef which composes the chain.
|
||||
Middlewares []MiddlewareRef `json:"middlewares,omitempty"`
|
||||
|
@ -106,7 +106,7 @@ type Chain struct {
|
|||
|
||||
// BasicAuth holds the basic auth middleware configuration.
|
||||
// This middleware restricts access to your services to known users.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
|
||||
type BasicAuth struct {
|
||||
// Secret is the name of the referenced Kubernetes Secret containing user credentials.
|
||||
Secret string `json:"secret,omitempty"`
|
||||
|
@ -117,7 +117,7 @@ type BasicAuth struct {
|
|||
// Default: false.
|
||||
RemoveHeader bool `json:"removeHeader,omitempty"`
|
||||
// HeaderField defines a header field to store the authenticated user.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
HeaderField string `json:"headerField,omitempty"`
|
||||
}
|
||||
|
||||
|
@ -125,7 +125,7 @@ type BasicAuth struct {
|
|||
|
||||
// DigestAuth holds the digest auth middleware configuration.
|
||||
// This middleware restricts access to your services to known users.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
|
||||
type DigestAuth struct {
|
||||
// Secret is the name of the referenced Kubernetes Secret containing user credentials.
|
||||
Secret string `json:"secret,omitempty"`
|
||||
|
@ -135,7 +135,7 @@ type DigestAuth struct {
|
|||
// Default: traefik.
|
||||
Realm string `json:"realm,omitempty"`
|
||||
// HeaderField defines a header field to store the authenticated user.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
|
||||
HeaderField string `json:"headerField,omitempty"`
|
||||
}
|
||||
|
||||
|
@ -143,7 +143,7 @@ type DigestAuth struct {
|
|||
|
||||
// ForwardAuth holds the forward auth middleware configuration.
|
||||
// This middleware delegates the request authentication to a Service.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
|
||||
type ForwardAuth struct {
|
||||
// Address defines the authentication server address.
|
||||
Address string `json:"address,omitempty"`
|
||||
|
@ -152,7 +152,7 @@ type ForwardAuth struct {
|
|||
// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
|
||||
AuthResponseHeaders []string `json:"authResponseHeaders,omitempty"`
|
||||
// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
|
||||
AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty"`
|
||||
// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
|
||||
// If not set or empty then all request headers are passed.
|
||||
|
@ -182,7 +182,7 @@ type ClientTLS struct {
|
|||
|
||||
// RateLimit holds the rate limit configuration.
|
||||
// This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
|
||||
type RateLimit struct {
|
||||
// Average is the maximum rate, by default in requests/s, allowed for the given source.
|
||||
// It defaults to 0, which means no rate limiting.
|
||||
|
@ -206,7 +206,7 @@ type RateLimit struct {
|
|||
// Retry holds the retry middleware configuration.
|
||||
// This middleware reissues requests a given number of times to a backend server if that server does not reply.
|
||||
// As soon as the server answers, the middleware stops retrying, regardless of the response status.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
|
||||
type Retry struct {
|
||||
// Attempts defines how many times the request should be retried.
|
||||
Attempts int `json:"attempts,omitempty"`
|
||||
|
|
|
@ -9,7 +9,7 @@ import (
|
|||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
|
||||
// MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
|
||||
type MiddlewareTCP struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
// Standard object's metadata.
|
||||
|
@ -28,11 +28,11 @@ type MiddlewareTCPSpec struct {
|
|||
// IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
// This middleware accepts/refuses connections based on the client IP.
|
||||
// Deprecated: please use IPAllowList instead.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
|
||||
IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"`
|
||||
// IPAllowList defines the IPAllowList middleware configuration.
|
||||
// This middleware accepts/refuses connections based on the client IP.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
|
||||
IPAllowList *dynamic.TCPIPAllowList `json:"ipAllowList,omitempty"`
|
||||
}
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ import (
|
|||
// ServersTransport is the CRD implementation of a ServersTransport.
|
||||
// If no serversTransport is specified, the default@internal will be used.
|
||||
// The default@internal serversTransport is created from the static configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
|
||||
type ServersTransport struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
// Standard object's metadata.
|
||||
|
|
|
@ -13,7 +13,7 @@ import (
|
|||
// ServersTransportTCP is the CRD implementation of a TCPServersTransport.
|
||||
// If no tcpServersTransport is specified, a default one named default@internal will be used.
|
||||
// The default@internal tcpServersTransport can be configured in the static configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
|
||||
type ServersTransportTCP struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
// Standard object's metadata.
|
||||
|
|
|
@ -13,7 +13,7 @@ import (
|
|||
// TraefikService object allows to:
|
||||
// - Apply weight to Services on load-balancing
|
||||
// - Mirror traffic on services
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
|
||||
type TraefikService struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
// Standard object's metadata.
|
||||
|
@ -49,7 +49,7 @@ type TraefikServiceSpec struct {
|
|||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// Mirroring holds the mirroring service configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/services/#mirroring-service
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#mirroring-service
|
||||
type Mirroring struct {
|
||||
LoadBalancerSpec `json:",inline"`
|
||||
|
||||
|
@ -75,11 +75,11 @@ type MirrorService struct {
|
|||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// WeightedRoundRobin holds the weighted round-robin configuration.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/services/#weighted-round-robin-service
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#weighted-round-robin-service
|
||||
type WeightedRoundRobin struct {
|
||||
// Services defines the list of Kubernetes Service and/or TraefikService to load-balance, with weight.
|
||||
Services []Service `json:"services,omitempty"`
|
||||
// Sticky defines whether sticky sessions are enabled.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
|
||||
Sticky *dynamic.Sticky `json:"sticky,omitempty"`
|
||||
}
|
||||
|
|
|
@ -9,7 +9,7 @@ import (
|
|||
// +kubebuilder:storageversion
|
||||
|
||||
// TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
|
||||
type TLSOption struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
// Standard object's metadata.
|
||||
|
@ -32,17 +32,17 @@ type TLSOptionSpec struct {
|
|||
// Default: None.
|
||||
MaxVersion string `json:"maxVersion,omitempty"`
|
||||
// CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
|
||||
CipherSuites []string `json:"cipherSuites,omitempty"`
|
||||
// CurvePreferences defines the preferred elliptic curves in a specific order.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
|
||||
CurvePreferences []string `json:"curvePreferences,omitempty"`
|
||||
// ClientAuth defines the server's policy for TLS Client Authentication.
|
||||
ClientAuth ClientAuth `json:"clientAuth,omitempty"`
|
||||
// SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
|
||||
SniStrict bool `json:"sniStrict,omitempty"`
|
||||
// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
|
||||
ALPNProtocols []string `json:"alpnProtocols,omitempty"`
|
||||
|
||||
// PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
|
||||
|
|
|
@ -12,7 +12,7 @@ import (
|
|||
// TLSStore is the CRD implementation of a Traefik TLS Store.
|
||||
// For the time being, only the TLSStore named default is supported.
|
||||
// This means that you cannot have two stores that are named default in different Kubernetes namespaces.
|
||||
// More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores
|
||||
// More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
|
||||
type TLSStore struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
// Standard object's metadata.
|
||||
|
|
|
@ -907,18 +907,34 @@ func TestDo_staticConfiguration(t *testing.T) {
|
|||
"Descriptor0": {
|
||||
ModuleName: "foobar",
|
||||
Version: "foobar",
|
||||
Settings: plugins.Settings{
|
||||
Envs: []string{"a", "b"},
|
||||
Mounts: []string{"a", "b"},
|
||||
},
|
||||
},
|
||||
"Descriptor1": {
|
||||
ModuleName: "foobar",
|
||||
Version: "foobar",
|
||||
Settings: plugins.Settings{
|
||||
Envs: []string{"a", "b"},
|
||||
Mounts: []string{"a", "b"},
|
||||
},
|
||||
},
|
||||
},
|
||||
LocalPlugins: map[string]plugins.LocalDescriptor{
|
||||
"Descriptor0": {
|
||||
ModuleName: "foobar",
|
||||
Settings: plugins.Settings{
|
||||
Envs: []string{"a", "b"},
|
||||
Mounts: []string{"a", "b"},
|
||||
},
|
||||
},
|
||||
"Descriptor1": {
|
||||
ModuleName: "foobar",
|
||||
Settings: plugins.Settings{
|
||||
Envs: []string{"a", "b"},
|
||||
Mounts: []string{"a", "b"},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
|
@ -388,19 +388,59 @@
|
|||
"plugins": {
|
||||
"Descriptor0": {
|
||||
"moduleName": "foobar",
|
||||
"version": "foobar"
|
||||
"version": "foobar",
|
||||
"settings": {
|
||||
"envs": [
|
||||
"xxxx",
|
||||
"xxxx"
|
||||
],
|
||||
"mounts": [
|
||||
"xxxx",
|
||||
"xxxx"
|
||||
]
|
||||
}
|
||||
},
|
||||
"Descriptor1": {
|
||||
"moduleName": "foobar",
|
||||
"version": "foobar"
|
||||
"version": "foobar",
|
||||
"settings": {
|
||||
"envs": [
|
||||
"xxxx",
|
||||
"xxxx"
|
||||
],
|
||||
"mounts": [
|
||||
"xxxx",
|
||||
"xxxx"
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"localPlugins": {
|
||||
"Descriptor0": {
|
||||
"moduleName": "foobar"
|
||||
"moduleName": "foobar",
|
||||
"settings": {
|
||||
"envs": [
|
||||
"xxxx",
|
||||
"xxxx"
|
||||
],
|
||||
"mounts": [
|
||||
"xxxx",
|
||||
"xxxx"
|
||||
]
|
||||
}
|
||||
},
|
||||
"Descriptor1": {
|
||||
"moduleName": "foobar"
|
||||
"moduleName": "foobar",
|
||||
"settings": {
|
||||
"envs": [
|
||||
"xxxx",
|
||||
"xxxx"
|
||||
],
|
||||
"mounts": [
|
||||
"xxxx",
|
||||
"xxxx"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -48,8 +48,15 @@ const (
|
|||
var (
|
||||
clientConnectionStates = map[string]*connState{}
|
||||
clientConnectionStatesMu = sync.RWMutex{}
|
||||
|
||||
socketActivationListeners map[string]net.Listener
|
||||
)
|
||||
|
||||
func init() {
|
||||
// Populates pre-defined socketActivationListeners by socket activation.
|
||||
populateSocketActivationListeners()
|
||||
}
|
||||
|
||||
type connState struct {
|
||||
State string
|
||||
KeepAliveState string
|
||||
|
@ -96,6 +103,7 @@ func NewTCPEntryPoints(entryPointsConfig static.EntryPoints, hostResolverConfig
|
|||
return clientConnectionStates
|
||||
}))
|
||||
}
|
||||
|
||||
serverEntryPointsTCP := make(TCPEntryPoints)
|
||||
for entryPointName, config := range entryPointsConfig {
|
||||
protocol, err := config.GetProtocol()
|
||||
|
@ -113,7 +121,7 @@ func NewTCPEntryPoints(entryPointsConfig static.EntryPoints, hostResolverConfig
|
|||
OpenConnectionsGauge().
|
||||
With("entrypoint", entryPointName, "protocol", "TCP")
|
||||
|
||||
serverEntryPointsTCP[entryPointName], err = NewTCPEntryPoint(ctx, config, hostResolverConfig, openConnectionsGauge)
|
||||
serverEntryPointsTCP[entryPointName], err = NewTCPEntryPoint(ctx, entryPointName, config, hostResolverConfig, openConnectionsGauge)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error while building entryPoint %s: %w", entryPointName, err)
|
||||
}
|
||||
|
@ -169,10 +177,10 @@ type TCPEntryPoint struct {
|
|||
}
|
||||
|
||||
// NewTCPEntryPoint creates a new TCPEntryPoint.
|
||||
func NewTCPEntryPoint(ctx context.Context, configuration *static.EntryPoint, hostResolverConfig *types.HostResolverConfig, openConnectionsGauge gokitmetrics.Gauge) (*TCPEntryPoint, error) {
|
||||
func NewTCPEntryPoint(ctx context.Context, name string, config *static.EntryPoint, hostResolverConfig *types.HostResolverConfig, openConnectionsGauge gokitmetrics.Gauge) (*TCPEntryPoint, error) {
|
||||
tracker := newConnectionTracker(openConnectionsGauge)
|
||||
|
||||
listener, err := buildListener(ctx, configuration)
|
||||
listener, err := buildListener(ctx, name, config)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error preparing server: %w", err)
|
||||
}
|
||||
|
@ -181,19 +189,19 @@ func NewTCPEntryPoint(ctx context.Context, configuration *static.EntryPoint, hos
|
|||
|
||||
reqDecorator := requestdecorator.New(hostResolverConfig)
|
||||
|
||||
httpServer, err := createHTTPServer(ctx, listener, configuration, true, reqDecorator)
|
||||
httpServer, err := createHTTPServer(ctx, listener, config, true, reqDecorator)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error preparing http server: %w", err)
|
||||
}
|
||||
|
||||
rt.SetHTTPForwarder(httpServer.Forwarder)
|
||||
|
||||
httpsServer, err := createHTTPServer(ctx, listener, configuration, false, reqDecorator)
|
||||
httpsServer, err := createHTTPServer(ctx, listener, config, false, reqDecorator)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error preparing https server: %w", err)
|
||||
}
|
||||
|
||||
h3Server, err := newHTTP3Server(ctx, configuration, httpsServer)
|
||||
h3Server, err := newHTTP3Server(ctx, config, httpsServer)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error preparing http3 server: %w", err)
|
||||
}
|
||||
|
@ -206,7 +214,7 @@ func NewTCPEntryPoint(ctx context.Context, configuration *static.EntryPoint, hos
|
|||
return &TCPEntryPoint{
|
||||
listener: listener,
|
||||
switcher: tcpSwitcher,
|
||||
transportConfiguration: configuration.Transport,
|
||||
transportConfiguration: config.Transport,
|
||||
tracker: tracker,
|
||||
httpServer: httpServer,
|
||||
httpsServer: httpsServer,
|
||||
|
@ -460,17 +468,29 @@ func buildProxyProtocolListener(ctx context.Context, entryPoint *static.EntryPoi
|
|||
return proxyListener, nil
|
||||
}
|
||||
|
||||
func buildListener(ctx context.Context, entryPoint *static.EntryPoint) (net.Listener, error) {
|
||||
listenConfig := newListenConfig(entryPoint)
|
||||
listener, err := listenConfig.Listen(ctx, "tcp", entryPoint.GetAddress())
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error opening listener: %w", err)
|
||||
func buildListener(ctx context.Context, name string, config *static.EntryPoint) (net.Listener, error) {
|
||||
var listener net.Listener
|
||||
var err error
|
||||
|
||||
// if we have predefined listener from socket activation
|
||||
if ln, ok := socketActivationListeners[name]; ok {
|
||||
listener = ln
|
||||
} else {
|
||||
if len(socketActivationListeners) > 0 {
|
||||
log.Warn().Str("name", name).Msg("Unable to find socket activation listener for entryPoint")
|
||||
}
|
||||
|
||||
listenConfig := newListenConfig(config)
|
||||
listener, err = listenConfig.Listen(ctx, "tcp", config.GetAddress())
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error opening listener: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
listener = tcpKeepAliveListener{listener.(*net.TCPListener)}
|
||||
|
||||
if entryPoint.ProxyProtocol != nil {
|
||||
listener, err = buildProxyProtocolListener(ctx, entryPoint, listener)
|
||||
if config.ProxyProtocol != nil {
|
||||
listener, err = buildProxyProtocolListener(ctx, config, listener)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error creating proxy protocol listener: %w", err)
|
||||
}
|
||||
|
|
|
@ -85,7 +85,7 @@ func TestHTTP3AdvertisedPort(t *testing.T) {
|
|||
epConfig := &static.EntryPointsTransport{}
|
||||
epConfig.SetDefaults()
|
||||
|
||||
entryPoint, err := NewTCPEntryPoint(context.Background(), &static.EntryPoint{
|
||||
entryPoint, err := NewTCPEntryPoint(context.Background(), "", &static.EntryPoint{
|
||||
Address: "127.0.0.1:8090",
|
||||
Transport: epConfig,
|
||||
ForwardedHeaders: &static.ForwardedHeaders{},
|
||||
|
|
|
@ -72,7 +72,7 @@ func testShutdown(t *testing.T, router *tcprouter.Router) {
|
|||
epConfig.RespondingTimeouts.ReadTimeout = ptypes.Duration(5 * time.Second)
|
||||
epConfig.RespondingTimeouts.WriteTimeout = ptypes.Duration(5 * time.Second)
|
||||
|
||||
entryPoint, err := NewTCPEntryPoint(context.Background(), &static.EntryPoint{
|
||||
entryPoint, err := NewTCPEntryPoint(context.Background(), "", &static.EntryPoint{
|
||||
// We explicitly use an IPV4 address because on Alpine, with an IPV6 address
|
||||
// there seems to be shenanigans related to properly cleaning up file descriptors
|
||||
Address: "127.0.0.1:0",
|
||||
|
@ -159,7 +159,7 @@ func TestReadTimeoutWithoutFirstByte(t *testing.T) {
|
|||
epConfig.SetDefaults()
|
||||
epConfig.RespondingTimeouts.ReadTimeout = ptypes.Duration(2 * time.Second)
|
||||
|
||||
entryPoint, err := NewTCPEntryPoint(context.Background(), &static.EntryPoint{
|
||||
entryPoint, err := NewTCPEntryPoint(context.Background(), "", &static.EntryPoint{
|
||||
Address: ":0",
|
||||
Transport: epConfig,
|
||||
ForwardedHeaders: &static.ForwardedHeaders{},
|
||||
|
@ -196,7 +196,7 @@ func TestReadTimeoutWithFirstByte(t *testing.T) {
|
|||
epConfig.SetDefaults()
|
||||
epConfig.RespondingTimeouts.ReadTimeout = ptypes.Duration(2 * time.Second)
|
||||
|
||||
entryPoint, err := NewTCPEntryPoint(context.Background(), &static.EntryPoint{
|
||||
entryPoint, err := NewTCPEntryPoint(context.Background(), "", &static.EntryPoint{
|
||||
Address: ":0",
|
||||
Transport: epConfig,
|
||||
ForwardedHeaders: &static.ForwardedHeaders{},
|
||||
|
@ -236,7 +236,7 @@ func TestKeepAliveMaxRequests(t *testing.T) {
|
|||
epConfig.SetDefaults()
|
||||
epConfig.KeepAliveMaxRequests = 3
|
||||
|
||||
entryPoint, err := NewTCPEntryPoint(context.Background(), &static.EntryPoint{
|
||||
entryPoint, err := NewTCPEntryPoint(context.Background(), "", &static.EntryPoint{
|
||||
Address: ":0",
|
||||
Transport: epConfig,
|
||||
ForwardedHeaders: &static.ForwardedHeaders{},
|
||||
|
@ -282,7 +282,7 @@ func TestKeepAliveMaxTime(t *testing.T) {
|
|||
epConfig.SetDefaults()
|
||||
epConfig.KeepAliveMaxTime = ptypes.Duration(time.Millisecond)
|
||||
|
||||
entryPoint, err := NewTCPEntryPoint(context.Background(), &static.EntryPoint{
|
||||
entryPoint, err := NewTCPEntryPoint(context.Background(), "", &static.EntryPoint{
|
||||
Address: ":0",
|
||||
Transport: epConfig,
|
||||
ForwardedHeaders: &static.ForwardedHeaders{},
|
||||
|
|
|
@ -14,7 +14,7 @@ import (
|
|||
"github.com/traefik/traefik/v3/pkg/tracing"
|
||||
"go.opentelemetry.io/otel/attribute"
|
||||
"go.opentelemetry.io/otel/metric"
|
||||
semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
|
||||
semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
|
||||
"go.opentelemetry.io/otel/trace"
|
||||
)
|
||||
|
||||
|
|
24
pkg/server/socket_activation_unix.go
Normal file
24
pkg/server/socket_activation_unix.go
Normal file
|
@ -0,0 +1,24 @@
|
|||
//go:build !windows
|
||||
|
||||
package server
|
||||
|
||||
import (
|
||||
"net"
|
||||
|
||||
"github.com/coreos/go-systemd/activation"
|
||||
"github.com/rs/zerolog/log"
|
||||
)
|
||||
|
||||
func populateSocketActivationListeners() {
|
||||
listenersWithName, _ := activation.ListenersWithNames()
|
||||
|
||||
socketActivationListeners = make(map[string]net.Listener)
|
||||
for name, lns := range listenersWithName {
|
||||
if len(lns) != 1 {
|
||||
log.Error().Str("listenersName", name).Msg("Socket activation listeners must have one and only one listener per name")
|
||||
continue
|
||||
}
|
||||
|
||||
socketActivationListeners[name] = lns[0]
|
||||
}
|
||||
}
|
5
pkg/server/socket_activation_windows.go
Normal file
5
pkg/server/socket_activation_windows.go
Normal file
|
@ -0,0 +1,5 @@
|
|||
//go:build windows
|
||||
|
||||
package server
|
||||
|
||||
func populateSocketActivationListeners() {}
|
|
@ -18,7 +18,7 @@ import (
|
|||
"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp"
|
||||
"go.opentelemetry.io/otel/sdk/resource"
|
||||
sdktrace "go.opentelemetry.io/otel/sdk/trace"
|
||||
semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
|
||||
semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
|
||||
"go.opentelemetry.io/otel/trace"
|
||||
"google.golang.org/grpc/credentials"
|
||||
"google.golang.org/grpc/encoding/gzip"
|
||||
|
|
|
@ -6,6 +6,8 @@ import (
|
|||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"slices"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
|
@ -17,7 +19,7 @@ import (
|
|||
"go.opentelemetry.io/otel/attribute"
|
||||
"go.opentelemetry.io/otel/codes"
|
||||
"go.opentelemetry.io/otel/propagation"
|
||||
semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
|
||||
semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
|
||||
"go.opentelemetry.io/otel/trace"
|
||||
)
|
||||
|
||||
|
@ -47,7 +49,7 @@ func NewTracing(conf *static.Tracing) (*Tracer, io.Closer, error) {
|
|||
return nil, nil, err
|
||||
}
|
||||
|
||||
return NewTracer(tr, conf.CapturedRequestHeaders, conf.CapturedResponseHeaders), closer, nil
|
||||
return NewTracer(tr, conf.CapturedRequestHeaders, conf.CapturedResponseHeaders, conf.SafeQueryParams), closer, nil
|
||||
}
|
||||
|
||||
// TracerFromContext extracts the trace.Tracer from the given context.
|
||||
|
@ -122,14 +124,16 @@ func (t TracerProvider) Tracer(name string, options ...trace.TracerOption) trace
|
|||
type Tracer struct {
|
||||
trace.Tracer
|
||||
|
||||
safeQueryParams []string
|
||||
capturedRequestHeaders []string
|
||||
capturedResponseHeaders []string
|
||||
}
|
||||
|
||||
// NewTracer builds and configures a new Tracer.
|
||||
func NewTracer(tracer trace.Tracer, capturedRequestHeaders, capturedResponseHeaders []string) *Tracer {
|
||||
func NewTracer(tracer trace.Tracer, capturedRequestHeaders, capturedResponseHeaders, safeQueryParams []string) *Tracer {
|
||||
return &Tracer{
|
||||
Tracer: tracer,
|
||||
safeQueryParams: safeQueryParams,
|
||||
capturedRequestHeaders: capturedRequestHeaders,
|
||||
capturedResponseHeaders: capturedResponseHeaders,
|
||||
}
|
||||
|
@ -153,37 +157,37 @@ func (t *Tracer) Start(ctx context.Context, spanName string, opts ...trace.SpanS
|
|||
}
|
||||
|
||||
// CaptureClientRequest used to add span attributes from the request as a Client.
|
||||
// TODO: need to update the semconv package as it does not implement fully Semantic Convention v1.23.0.
|
||||
func (t *Tracer) CaptureClientRequest(span trace.Span, r *http.Request) {
|
||||
if t == nil || span == nil || r == nil {
|
||||
return
|
||||
}
|
||||
|
||||
// Common attributes https://github.com/open-telemetry/semantic-conventions/blob/v1.23.0/docs/http/http-spans.md#common-attributes
|
||||
// Common attributes https://github.com/open-telemetry/semantic-conventions/blob/v1.26.0/docs/http/http-spans.md#common-attributes
|
||||
span.SetAttributes(semconv.HTTPRequestMethodKey.String(r.Method))
|
||||
span.SetAttributes(semconv.NetworkProtocolVersion(proto(r.Proto)))
|
||||
|
||||
// Client attributes https://github.com/open-telemetry/semantic-conventions/blob/v1.23.0/docs/http/http-spans.md#http-client
|
||||
span.SetAttributes(semconv.URLFull(r.URL.String()))
|
||||
span.SetAttributes(semconv.URLScheme(r.URL.Scheme))
|
||||
// Client attributes https://github.com/open-telemetry/semantic-conventions/blob/v1.26.0/docs/http/http-spans.md#http-client
|
||||
sURL := t.safeURL(r.URL)
|
||||
span.SetAttributes(semconv.URLFull(sURL.String()))
|
||||
span.SetAttributes(semconv.URLScheme(sURL.Scheme))
|
||||
span.SetAttributes(semconv.UserAgentOriginal(r.UserAgent()))
|
||||
|
||||
host, port, err := net.SplitHostPort(r.URL.Host)
|
||||
host, port, err := net.SplitHostPort(sURL.Host)
|
||||
if err != nil {
|
||||
span.SetAttributes(attribute.String("network.peer.address", host))
|
||||
span.SetAttributes(semconv.ServerAddress(r.URL.Host))
|
||||
switch r.URL.Scheme {
|
||||
span.SetAttributes(semconv.NetworkPeerAddress(host))
|
||||
span.SetAttributes(semconv.ServerAddress(sURL.Host))
|
||||
switch sURL.Scheme {
|
||||
case "http":
|
||||
span.SetAttributes(attribute.String("network.peer.port", "80"))
|
||||
span.SetAttributes(semconv.NetworkPeerPort(80))
|
||||
span.SetAttributes(semconv.ServerPort(80))
|
||||
case "https":
|
||||
span.SetAttributes(attribute.String("network.peer.port", "443"))
|
||||
span.SetAttributes(semconv.NetworkPeerPort(443))
|
||||
span.SetAttributes(semconv.ServerPort(443))
|
||||
}
|
||||
} else {
|
||||
span.SetAttributes(attribute.String("network.peer.address", host))
|
||||
span.SetAttributes(attribute.String("network.peer.port", port))
|
||||
span.SetAttributes(semconv.NetworkPeerAddress(host))
|
||||
intPort, _ := strconv.Atoi(port)
|
||||
span.SetAttributes(semconv.NetworkPeerPort(intPort))
|
||||
span.SetAttributes(semconv.ServerAddress(host))
|
||||
span.SetAttributes(semconv.ServerPort(intPort))
|
||||
}
|
||||
|
@ -201,20 +205,20 @@ func (t *Tracer) CaptureClientRequest(span trace.Span, r *http.Request) {
|
|||
}
|
||||
|
||||
// CaptureServerRequest used to add span attributes from the request as a Server.
|
||||
// TODO: need to update the semconv package as it does not implement fully Semantic Convention v1.23.0.
|
||||
func (t *Tracer) CaptureServerRequest(span trace.Span, r *http.Request) {
|
||||
if t == nil || span == nil || r == nil {
|
||||
return
|
||||
}
|
||||
|
||||
// Common attributes https://github.com/open-telemetry/semantic-conventions/blob/v1.23.0/docs/http/http-spans.md#common-attributes
|
||||
// Common attributes https://github.com/open-telemetry/semantic-conventions/blob/v1.26.0/docs/http/http-spans.md#common-attributes
|
||||
span.SetAttributes(semconv.HTTPRequestMethodKey.String(r.Method))
|
||||
span.SetAttributes(semconv.NetworkProtocolVersion(proto(r.Proto)))
|
||||
|
||||
// Server attributes https://github.com/open-telemetry/semantic-conventions/blob/v1.23.0/docs/http/http-spans.md#http-server-semantic-conventions
|
||||
sURL := t.safeURL(r.URL)
|
||||
// Server attributes https://github.com/open-telemetry/semantic-conventions/blob/v1.26.0/docs/http/http-spans.md#http-server-semantic-conventions
|
||||
span.SetAttributes(semconv.HTTPRequestBodySize(int(r.ContentLength)))
|
||||
span.SetAttributes(semconv.URLPath(r.URL.Path))
|
||||
span.SetAttributes(semconv.URLQuery(r.URL.RawQuery))
|
||||
span.SetAttributes(semconv.URLPath(sURL.Path))
|
||||
span.SetAttributes(semconv.URLQuery(sURL.RawQuery))
|
||||
span.SetAttributes(semconv.URLScheme(r.Header.Get("X-Forwarded-Proto")))
|
||||
span.SetAttributes(semconv.UserAgentOriginal(r.UserAgent()))
|
||||
span.SetAttributes(semconv.ServerAddress(r.Host))
|
||||
|
@ -222,17 +226,15 @@ func (t *Tracer) CaptureServerRequest(span trace.Span, r *http.Request) {
|
|||
host, port, err := net.SplitHostPort(r.RemoteAddr)
|
||||
if err != nil {
|
||||
span.SetAttributes(semconv.ClientAddress(r.RemoteAddr))
|
||||
span.SetAttributes(attribute.String("network.peer.address", r.RemoteAddr))
|
||||
span.SetAttributes(semconv.NetworkPeerAddress(r.Host))
|
||||
} else {
|
||||
span.SetAttributes(attribute.String("network.peer.address", host))
|
||||
span.SetAttributes(attribute.String("network.peer.port", port))
|
||||
span.SetAttributes(semconv.NetworkPeerAddress(host))
|
||||
span.SetAttributes(semconv.ClientAddress(host))
|
||||
intPort, _ := strconv.Atoi(port)
|
||||
span.SetAttributes(semconv.ClientPort(intPort))
|
||||
span.SetAttributes(semconv.NetworkPeerPort(intPort))
|
||||
}
|
||||
|
||||
span.SetAttributes(semconv.ClientSocketAddress(r.Header.Get("X-Forwarded-For")))
|
||||
|
||||
for _, header := range t.capturedRequestHeaders {
|
||||
// User-agent is already part of the semantic convention as a recommended attribute.
|
||||
if strings.EqualFold(header, "User-Agent") {
|
||||
|
@ -273,6 +275,32 @@ func (t *Tracer) CaptureResponse(span trace.Span, responseHeaders http.Header, c
|
|||
}
|
||||
}
|
||||
|
||||
func (t *Tracer) safeURL(originalURL *url.URL) *url.URL {
|
||||
if originalURL == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
redactedURL := *originalURL
|
||||
|
||||
// Redact password if exists.
|
||||
if redactedURL.User != nil {
|
||||
redactedURL.User = url.UserPassword("REDACTED", "REDACTED")
|
||||
}
|
||||
|
||||
// Redact query parameters.
|
||||
query := redactedURL.Query()
|
||||
for k := range query {
|
||||
if slices.Contains(t.safeQueryParams, k) {
|
||||
continue
|
||||
}
|
||||
|
||||
query.Set(k, "REDACTED")
|
||||
}
|
||||
redactedURL.RawQuery = query.Encode()
|
||||
|
||||
return &redactedURL
|
||||
}
|
||||
|
||||
func proto(proto string) string {
|
||||
switch proto {
|
||||
case "HTTP/1.0":
|
||||
|
|
57
pkg/tracing/tracing_test.go
Normal file
57
pkg/tracing/tracing_test.go
Normal file
|
@ -0,0 +1,57 @@
|
|||
package tracing
|
||||
|
||||
import (
|
||||
"net/url"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func Test_safeFullURL(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
safeQueryParams []string
|
||||
originalURL *url.URL
|
||||
expectedURL *url.URL
|
||||
}{
|
||||
{
|
||||
desc: "Nil URL",
|
||||
originalURL: nil,
|
||||
expectedURL: nil,
|
||||
},
|
||||
{
|
||||
desc: "No query parameters",
|
||||
originalURL: &url.URL{Scheme: "https", Host: "example.com"},
|
||||
expectedURL: &url.URL{Scheme: "https", Host: "example.com"},
|
||||
},
|
||||
{
|
||||
desc: "All query parameters redacted",
|
||||
originalURL: &url.URL{Scheme: "https", Host: "example.com", RawQuery: "foo=bar&baz=qux"},
|
||||
expectedURL: &url.URL{Scheme: "https", Host: "example.com", RawQuery: "baz=REDACTED&foo=REDACTED"},
|
||||
},
|
||||
{
|
||||
desc: "Some query parameters unredacted",
|
||||
safeQueryParams: []string{"foo"},
|
||||
originalURL: &url.URL{Scheme: "https", Host: "example.com", RawQuery: "foo=bar&baz=qux"},
|
||||
expectedURL: &url.URL{Scheme: "https", Host: "example.com", RawQuery: "baz=REDACTED&foo=bar"},
|
||||
},
|
||||
{
|
||||
desc: "User info and some query parameters redacted",
|
||||
safeQueryParams: []string{"foo"},
|
||||
originalURL: &url.URL{Scheme: "https", Host: "example.com", User: url.UserPassword("username", "password"), RawQuery: "foo=bar&baz=qux"},
|
||||
expectedURL: &url.URL{Scheme: "https", Host: "example.com", User: url.UserPassword("REDACTED", "REDACTED"), RawQuery: "baz=REDACTED&foo=bar"},
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
tr := NewTracer(nil, nil, nil, test.safeQueryParams)
|
||||
|
||||
gotURL := tr.safeURL(test.originalURL)
|
||||
|
||||
assert.Equal(t, test.expectedURL, gotURL)
|
||||
})
|
||||
}
|
||||
}
|
|
@ -4,14 +4,14 @@ RepositoryName = "traefik"
|
|||
OutputType = "file"
|
||||
FileName = "traefik_changelog.md"
|
||||
|
||||
# example RC1 of v3.0.0-beta1
|
||||
# example RC1 of v3.1.0-rc1
|
||||
CurrentRef = "master"
|
||||
PreviousRef = "v2.11.0-rc1"
|
||||
PreviousRef = "v3.0.0-beta3"
|
||||
BaseBranch = "master"
|
||||
FutureCurrentRefName = "v3.0.0-beta1"
|
||||
FutureCurrentRefName = "v3.1.0-rc1"
|
||||
|
||||
ThresholdPreviousRef = 10
|
||||
ThresholdCurrentRef = 10
|
||||
ThresholdPreviousRef = 10000
|
||||
ThresholdCurrentRef = 10000
|
||||
|
||||
Debug = true
|
||||
DisplayLabel = true
|
||||
|
|
Loading…
Reference in a new issue