566 lines
22 KiB
YAML
566 lines
22 KiB
YAML
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.6.2
|
|
creationTimestamp: null
|
|
name: middlewares.traefik.containo.us
|
|
spec:
|
|
group: traefik.containo.us
|
|
names:
|
|
kind: Middleware
|
|
listKind: MiddlewareList
|
|
plural: middlewares
|
|
singular: middleware
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Middleware is a specification for a Middleware resource.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: MiddlewareSpec holds the Middleware configuration.
|
|
properties:
|
|
addPrefix:
|
|
description: AddPrefix holds the AddPrefix configuration.
|
|
properties:
|
|
prefix:
|
|
type: string
|
|
type: object
|
|
basicAuth:
|
|
description: BasicAuth holds the HTTP basic authentication configuration.
|
|
properties:
|
|
headerField:
|
|
type: string
|
|
realm:
|
|
type: string
|
|
removeHeader:
|
|
type: boolean
|
|
secret:
|
|
type: string
|
|
type: object
|
|
buffering:
|
|
description: Buffering holds the request/response buffering configuration.
|
|
properties:
|
|
maxRequestBodyBytes:
|
|
format: int64
|
|
type: integer
|
|
maxResponseBodyBytes:
|
|
format: int64
|
|
type: integer
|
|
memRequestBodyBytes:
|
|
format: int64
|
|
type: integer
|
|
memResponseBodyBytes:
|
|
format: int64
|
|
type: integer
|
|
retryExpression:
|
|
type: string
|
|
type: object
|
|
chain:
|
|
description: Chain holds a chain of middlewares.
|
|
properties:
|
|
middlewares:
|
|
items:
|
|
description: MiddlewareRef is a ref to the Middleware resources.
|
|
properties:
|
|
name:
|
|
type: string
|
|
namespace:
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
type: array
|
|
type: object
|
|
circuitBreaker:
|
|
description: CircuitBreaker holds the circuit breaker configuration.
|
|
properties:
|
|
expression:
|
|
type: string
|
|
type: object
|
|
compress:
|
|
description: Compress holds the compress configuration.
|
|
properties:
|
|
excludedContentTypes:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
contentType:
|
|
description: ContentType middleware - or rather its unique `autoDetect`
|
|
option - specifies whether to let the `Content-Type` header, if
|
|
it has not been set by the backend, be automatically set to a value
|
|
derived from the contents of the response. As a proxy, the default
|
|
behavior should be to leave the header alone, regardless of what
|
|
the backend did with it. However, the historic default was to always
|
|
auto-detect and set the header if it was nil, and it is going to
|
|
be kept that way in order to support users currently relying on
|
|
it. This middleware exists to enable the correct behavior until
|
|
at least the default one can be changed in a future version.
|
|
properties:
|
|
autoDetect:
|
|
type: boolean
|
|
type: object
|
|
digestAuth:
|
|
description: DigestAuth holds the Digest HTTP authentication configuration.
|
|
properties:
|
|
headerField:
|
|
type: string
|
|
realm:
|
|
type: string
|
|
removeHeader:
|
|
type: boolean
|
|
secret:
|
|
type: string
|
|
type: object
|
|
errors:
|
|
description: ErrorPage holds the custom error page configuration.
|
|
properties:
|
|
query:
|
|
type: string
|
|
service:
|
|
description: Service defines an upstream to proxy traffic.
|
|
properties:
|
|
kind:
|
|
enum:
|
|
- Service
|
|
- TraefikService
|
|
type: string
|
|
name:
|
|
description: Name is a reference to a Kubernetes Service object
|
|
(for a load-balancer of servers), or to a TraefikService
|
|
object (service load-balancer, mirroring, etc). The differentiation
|
|
between the two is specified in the Kind field.
|
|
type: string
|
|
namespace:
|
|
type: string
|
|
passHostHeader:
|
|
type: boolean
|
|
port:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
x-kubernetes-int-or-string: true
|
|
responseForwarding:
|
|
description: ResponseForwarding holds configuration for the
|
|
forward of the response.
|
|
properties:
|
|
flushInterval:
|
|
type: string
|
|
type: object
|
|
scheme:
|
|
type: string
|
|
serversTransport:
|
|
type: string
|
|
sticky:
|
|
description: Sticky holds the sticky configuration.
|
|
properties:
|
|
cookie:
|
|
description: Cookie holds the sticky configuration based
|
|
on cookie.
|
|
properties:
|
|
httpOnly:
|
|
type: boolean
|
|
name:
|
|
type: string
|
|
sameSite:
|
|
type: string
|
|
secure:
|
|
type: boolean
|
|
type: object
|
|
type: object
|
|
strategy:
|
|
type: string
|
|
weight:
|
|
description: Weight should only be specified when Name references
|
|
a TraefikService object (and to be precise, one that embeds
|
|
a Weighted Round Robin).
|
|
type: integer
|
|
required:
|
|
- name
|
|
type: object
|
|
status:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
forwardAuth:
|
|
description: ForwardAuth holds the http forward authentication configuration.
|
|
properties:
|
|
address:
|
|
type: string
|
|
authRequestHeaders:
|
|
items:
|
|
type: string
|
|
type: array
|
|
authResponseHeaders:
|
|
items:
|
|
type: string
|
|
type: array
|
|
authResponseHeadersRegex:
|
|
type: string
|
|
tls:
|
|
description: ClientTLS holds TLS specific configurations as client.
|
|
properties:
|
|
caOptional:
|
|
type: boolean
|
|
caSecret:
|
|
type: string
|
|
certSecret:
|
|
type: string
|
|
insecureSkipVerify:
|
|
type: boolean
|
|
type: object
|
|
trustForwardHeader:
|
|
type: boolean
|
|
type: object
|
|
headers:
|
|
description: Headers holds the custom header configuration.
|
|
properties:
|
|
accessControlAllowCredentials:
|
|
description: AccessControlAllowCredentials is only valid if true.
|
|
false is ignored.
|
|
type: boolean
|
|
accessControlAllowHeaders:
|
|
description: AccessControlAllowHeaders must be used in response
|
|
to a preflight request with Access-Control-Request-Headers set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
accessControlAllowMethods:
|
|
description: AccessControlAllowMethods must be used in response
|
|
to a preflight request with Access-Control-Request-Method set.
|
|
items:
|
|
type: string
|
|
type: array
|
|
accessControlAllowOriginList:
|
|
description: AccessControlAllowOriginList is a list of allowable
|
|
origins. Can also be a wildcard origin "*".
|
|
items:
|
|
type: string
|
|
type: array
|
|
accessControlAllowOriginListRegex:
|
|
description: AccessControlAllowOriginListRegex is a list of allowable
|
|
origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
|
|
items:
|
|
type: string
|
|
type: array
|
|
accessControlExposeHeaders:
|
|
description: AccessControlExposeHeaders sets valid headers for
|
|
the response.
|
|
items:
|
|
type: string
|
|
type: array
|
|
accessControlMaxAge:
|
|
description: AccessControlMaxAge sets the time that a preflight
|
|
request may be cached.
|
|
format: int64
|
|
type: integer
|
|
addVaryHeader:
|
|
description: AddVaryHeader controls if the Vary header is automatically
|
|
added/updated when the AccessControlAllowOriginList is set.
|
|
type: boolean
|
|
allowedHosts:
|
|
items:
|
|
type: string
|
|
type: array
|
|
browserXssFilter:
|
|
type: boolean
|
|
contentSecurityPolicy:
|
|
type: string
|
|
contentTypeNosniff:
|
|
type: boolean
|
|
customBrowserXSSValue:
|
|
type: string
|
|
customFrameOptionsValue:
|
|
type: string
|
|
customRequestHeaders:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
customResponseHeaders:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
featurePolicy:
|
|
description: 'Deprecated: use PermissionsPolicy instead.'
|
|
type: string
|
|
forceSTSHeader:
|
|
type: boolean
|
|
frameDeny:
|
|
type: boolean
|
|
hostsProxyHeaders:
|
|
items:
|
|
type: string
|
|
type: array
|
|
isDevelopment:
|
|
type: boolean
|
|
permissionsPolicy:
|
|
type: string
|
|
publicKey:
|
|
type: string
|
|
referrerPolicy:
|
|
type: string
|
|
sslForceHost:
|
|
description: 'Deprecated: use RedirectRegex instead.'
|
|
type: boolean
|
|
sslHost:
|
|
description: 'Deprecated: use RedirectRegex instead.'
|
|
type: string
|
|
sslProxyHeaders:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
sslRedirect:
|
|
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
|
instead.'
|
|
type: boolean
|
|
sslTemporaryRedirect:
|
|
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
|
instead.'
|
|
type: boolean
|
|
stsIncludeSubdomains:
|
|
type: boolean
|
|
stsPreload:
|
|
type: boolean
|
|
stsSeconds:
|
|
format: int64
|
|
type: integer
|
|
type: object
|
|
inFlightReq:
|
|
description: InFlightReq limits the number of requests being processed
|
|
and served concurrently.
|
|
properties:
|
|
amount:
|
|
format: int64
|
|
type: integer
|
|
sourceCriterion:
|
|
description: SourceCriterion defines what criterion is used to
|
|
group requests as originating from a common source. If none
|
|
are set, the default is to use the request's remote address
|
|
field. All fields are mutually exclusive.
|
|
properties:
|
|
ipStrategy:
|
|
description: IPStrategy holds the ip strategy configuration.
|
|
properties:
|
|
depth:
|
|
type: integer
|
|
excludedIPs:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
requestHeaderName:
|
|
type: string
|
|
requestHost:
|
|
type: boolean
|
|
type: object
|
|
type: object
|
|
ipWhiteList:
|
|
description: IPWhiteList holds the ip white list configuration.
|
|
properties:
|
|
ipStrategy:
|
|
description: IPStrategy holds the ip strategy configuration.
|
|
properties:
|
|
depth:
|
|
type: integer
|
|
excludedIPs:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
sourceRange:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
passTLSClientCert:
|
|
description: PassTLSClientCert holds the TLS client cert headers configuration.
|
|
properties:
|
|
info:
|
|
description: TLSClientCertificateInfo holds the client TLS certificate
|
|
info configuration.
|
|
properties:
|
|
issuer:
|
|
description: TLSCLientCertificateDNInfo holds the client TLS
|
|
certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739
|
|
properties:
|
|
commonName:
|
|
type: boolean
|
|
country:
|
|
type: boolean
|
|
domainComponent:
|
|
type: boolean
|
|
locality:
|
|
type: boolean
|
|
organization:
|
|
type: boolean
|
|
province:
|
|
type: boolean
|
|
serialNumber:
|
|
type: boolean
|
|
type: object
|
|
notAfter:
|
|
type: boolean
|
|
notBefore:
|
|
type: boolean
|
|
sans:
|
|
type: boolean
|
|
serialNumber:
|
|
type: boolean
|
|
subject:
|
|
description: TLSCLientCertificateDNInfo holds the client TLS
|
|
certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739
|
|
properties:
|
|
commonName:
|
|
type: boolean
|
|
country:
|
|
type: boolean
|
|
domainComponent:
|
|
type: boolean
|
|
locality:
|
|
type: boolean
|
|
organization:
|
|
type: boolean
|
|
province:
|
|
type: boolean
|
|
serialNumber:
|
|
type: boolean
|
|
type: object
|
|
type: object
|
|
pem:
|
|
type: boolean
|
|
type: object
|
|
plugin:
|
|
additionalProperties:
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
rateLimit:
|
|
description: RateLimit holds the rate limiting configuration for a
|
|
given router.
|
|
properties:
|
|
average:
|
|
format: int64
|
|
type: integer
|
|
burst:
|
|
format: int64
|
|
type: integer
|
|
period:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
x-kubernetes-int-or-string: true
|
|
sourceCriterion:
|
|
description: SourceCriterion defines what criterion is used to
|
|
group requests as originating from a common source. If none
|
|
are set, the default is to use the request's remote address
|
|
field. All fields are mutually exclusive.
|
|
properties:
|
|
ipStrategy:
|
|
description: IPStrategy holds the ip strategy configuration.
|
|
properties:
|
|
depth:
|
|
type: integer
|
|
excludedIPs:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
requestHeaderName:
|
|
type: string
|
|
requestHost:
|
|
type: boolean
|
|
type: object
|
|
type: object
|
|
redirectRegex:
|
|
description: RedirectRegex holds the redirection configuration.
|
|
properties:
|
|
permanent:
|
|
type: boolean
|
|
regex:
|
|
type: string
|
|
replacement:
|
|
type: string
|
|
type: object
|
|
redirectScheme:
|
|
description: RedirectScheme holds the scheme redirection configuration.
|
|
properties:
|
|
permanent:
|
|
type: boolean
|
|
port:
|
|
type: string
|
|
scheme:
|
|
type: string
|
|
type: object
|
|
replacePath:
|
|
description: ReplacePath holds the ReplacePath configuration.
|
|
properties:
|
|
path:
|
|
type: string
|
|
type: object
|
|
replacePathRegex:
|
|
description: ReplacePathRegex holds the ReplacePathRegex configuration.
|
|
properties:
|
|
regex:
|
|
type: string
|
|
replacement:
|
|
type: string
|
|
type: object
|
|
retry:
|
|
description: Retry holds the retry configuration.
|
|
properties:
|
|
attempts:
|
|
type: integer
|
|
initialInterval:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
stripPrefix:
|
|
description: StripPrefix holds the StripPrefix configuration.
|
|
properties:
|
|
forceSlash:
|
|
type: boolean
|
|
prefixes:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
stripPrefixRegex:
|
|
description: StripPrefixRegex holds the StripPrefixRegex configuration.
|
|
properties:
|
|
regex:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
required:
|
|
- metadata
|
|
- spec
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|