Kubernetes Configuration Reference

Dynamic configuration with Kubernetes Custom Resource

Deprecated apiextensions.k8s.io/v1beta1 CRD

The apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in Kubernetes v1.16+ and will be removed in v1.22+.

For Kubernetes v1.16+, please use the Traefik apiextensions.k8s.io/v1 CRDs instead.

Definitions

apiextensions.k8s.io/v1 (Kubernetes v1.16+)

  1. ---
  2. apiVersion: apiextensions.k8s.io/v1
  3. kind: CustomResourceDefinition
  4. metadata:
  5. annotations:
  6. controller-gen.kubebuilder.io/version: v0.6.2
  7. creationTimestamp: null
  8. name: ingressroutes.traefik.containo.us
  9. spec:
  10. group: traefik.containo.us
  11. names:
  12. kind: IngressRoute
  13. listKind: IngressRouteList
  14. plural: ingressroutes
  15. singular: ingressroute
  16. scope: Namespaced
  17. versions:
  18. - name: v1alpha1
  19. schema:
  20. openAPIV3Schema:
  21. description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
  22. properties:
  23. apiVersion:
  24. description: 'APIVersion defines the versioned schema of this representation
  25. of an object. Servers should convert recognized schemas to the latest
  26. internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
  27. type: string
  28. kind:
  29. description: 'Kind is a string value representing the REST resource this
  30. object represents. Servers may infer this from the endpoint the client
  31. submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
  32. type: string
  33. metadata:
  34. type: object
  35. spec:
  36. description: IngressRouteSpec defines the desired state of IngressRoute.
  37. properties:
  38. entryPoints:
  39. description: 'EntryPoints defines the list of entry point names to
  40. bind to. Entry points have to be configured in the static configuration.
  41. More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
  42. Default: all.'
  43. items:
  44. type: string
  45. type: array
  46. routes:
  47. description: Routes defines the list of routes.
  48. items:
  49. description: Route holds the HTTP route configuration.
  50. properties:
  51. kind:
  52. description: Kind defines the kind of the route. Rule is the
  53. only supported kind.
  54. enum:
  55. - Rule
  56. type: string
  57. match:
  58. description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule'
  59. type: string
  60. middlewares:
  61. description: 'Middlewares defines the list of references to
  62. Middleware resources. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-middleware'
  63. items:
  64. description: MiddlewareRef is a reference to a Middleware
  65. resource.
  66. properties:
  67. name:
  68. description: Name defines the name of the referenced Middleware
  69. resource.
  70. type: string
  71. namespace:
  72. description: Namespace defines the namespace of the referenced
  73. Middleware resource.
  74. type: string
  75. required:
  76. - name
  77. type: object
  78. type: array
  79. priority:
  80. description: 'Priority defines the router''s priority. More
  81. info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority'
  82. type: integer
  83. services:
  84. description: Services defines the list of Service. It can contain
  85. any combination of TraefikService and/or reference to a Kubernetes
  86. Service.
  87. items:
  88. description: Service defines an upstream HTTP service to proxy
  89. traffic to.
  90. properties:
  91. kind:
  92. description: Kind defines the kind of the Service.
  93. enum:
  94. - Service
  95. - TraefikService
  96. type: string
  97. name:
  98. description: Name defines the name of the referenced Kubernetes
  99. Service or TraefikService. The differentiation between
  100. the two is specified in the Kind field.
  101. type: string
  102. namespace:
  103. description: Namespace defines the namespace of the referenced
  104. Kubernetes Service or TraefikService.
  105. type: string
  106. passHostHeader:
  107. description: PassHostHeader defines whether the client
  108. Host header is forwarded to the upstream Kubernetes
  109. Service. By default, passHostHeader is true.
  110. type: boolean
  111. port:
  112. anyOf:
  113. - type: integer
  114. - type: string
  115. description: Port defines the port of a Kubernetes Service.
  116. This can be a reference to a named port.
  117. x-kubernetes-int-or-string: true
  118. responseForwarding:
  119. description: ResponseForwarding defines how Traefik forwards
  120. the response from the upstream Kubernetes Service to
  121. the client.
  122. properties:
  123. flushInterval:
  124. description: 'FlushInterval defines the interval,
  125. in milliseconds, in between flushes to the client
  126. while copying the response body. A negative value
  127. means to flush immediately after each write to the
  128. client. This configuration is ignored when ReverseProxy
  129. recognizes a response as a streaming response; for
  130. such responses, writes are flushed to the client
  131. immediately. Default: 100ms'
  132. type: string
  133. type: object
  134. scheme:
  135. description: Scheme defines the scheme to use for the
  136. request to the upstream Kubernetes Service. It defaults
  137. to https when Kubernetes Service port is 443, http otherwise.
  138. type: string
  139. serversTransport:
  140. description: ServersTransport defines the name of ServersTransport
  141. resource to use. It allows to configure the transport
  142. between Traefik and your servers. Can only be used on
  143. a Kubernetes Service.
  144. type: string
  145. sticky:
  146. description: 'Sticky defines the sticky sessions configuration.
  147. More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
  148. properties:
  149. cookie:
  150. description: Cookie defines the sticky cookie configuration.
  151. properties:
  152. httpOnly:
  153. description: HTTPOnly defines whether the cookie
  154. can be accessed by client-side APIs, such as
  155. JavaScript.
  156. type: boolean
  157. name:
  158. description: Name defines the Cookie name.
  159. type: string
  160. sameSite:
  161. description: 'SameSite defines the same site policy.
  162. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
  163. type: string
  164. secure:
  165. description: Secure defines whether the cookie
  166. can only be transmitted over an encrypted connection
  167. (i.e. HTTPS).
  168. type: boolean
  169. type: object
  170. type: object
  171. strategy:
  172. description: Strategy defines the load balancing strategy
  173. between the servers. RoundRobin is the only supported
  174. value at the moment.
  175. type: string
  176. weight:
  177. description: Weight defines the weight and should only
  178. be specified when Name references a TraefikService object
  179. (and to be precise, one that embeds a Weighted Round
  180. Robin).
  181. type: integer
  182. required:
  183. - name
  184. type: object
  185. type: array
  186. required:
  187. - kind
  188. - match
  189. type: object
  190. type: array
  191. tls:
  192. description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls'
  193. properties:
  194. certResolver:
  195. description: 'CertResolver defines the name of the certificate
  196. resolver to use. Cert resolvers have to be configured in the
  197. static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers'
  198. type: string
  199. domains:
  200. description: 'Domains defines the list of domains that will be
  201. used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains'
  202. items:
  203. description: Domain holds a domain name with SANs.
  204. properties:
  205. main:
  206. description: Main defines the main domain name.
  207. type: string
  208. sans:
  209. description: SANs defines the subject alternative domain
  210. names.
  211. items:
  212. type: string
  213. type: array
  214. type: object
  215. type: array
  216. options:
  217. description: 'Options defines the reference to a TLSOption, that
  218. specifies the parameters of the TLS connection. If not defined,
  219. the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
  220. properties:
  221. name:
  222. description: 'Name defines the name of the referenced TLSOption.
  223. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption'
  224. type: string
  225. namespace:
  226. description: 'Namespace defines the namespace of the referenced
  227. TLSOption. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption'
  228. type: string
  229. required:
  230. - name
  231. type: object
  232. secretName:
  233. description: SecretName is the name of the referenced Kubernetes
  234. Secret to specify the certificate details.
  235. type: string
  236. store:
  237. description: Store defines the reference to the TLSStore, that
  238. will be used to store certificates. Please note that only `default`
  239. TLSStore can be used.
  240. properties:
  241. name:
  242. description: 'Name defines the name of the referenced TLSStore.
  243. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore'
  244. type: string
  245. namespace:
  246. description: 'Namespace defines the namespace of the referenced
  247. TLSStore. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore'
  248. type: string
  249. required:
  250. - name
  251. type: object
  252. type: object
  253. required:
  254. - routes
  255. type: object
  256. required:
  257. - metadata
  258. - spec
  259. type: object
  260. served: true
  261. storage: true
  262. status:
  263. acceptedNames:
  264. kind: ""
  265. plural: ""
  266. conditions: []
  267. storedVersions: []
  268. ---
  269. apiVersion: apiextensions.k8s.io/v1
  270. kind: CustomResourceDefinition
  271. metadata:
  272. annotations:
  273. controller-gen.kubebuilder.io/version: v0.6.2
  274. creationTimestamp: null
  275. name: ingressroutetcps.traefik.containo.us
  276. spec:
  277. group: traefik.containo.us
  278. names:
  279. kind: IngressRouteTCP
  280. listKind: IngressRouteTCPList
  281. plural: ingressroutetcps
  282. singular: ingressroutetcp
  283. scope: Namespaced
  284. versions:
  285. - name: v1alpha1
  286. schema:
  287. openAPIV3Schema:
  288. description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
  289. properties:
  290. apiVersion:
  291. description: 'APIVersion defines the versioned schema of this representation
  292. of an object. Servers should convert recognized schemas to the latest
  293. internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
  294. type: string
  295. kind:
  296. description: 'Kind is a string value representing the REST resource this
  297. object represents. Servers may infer this from the endpoint the client
  298. submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
  299. type: string
  300. metadata:
  301. type: object
  302. spec:
  303. description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
  304. properties:
  305. entryPoints:
  306. description: 'EntryPoints defines the list of entry point names to
  307. bind to. Entry points have to be configured in the static configuration.
  308. More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
  309. Default: all.'
  310. items:
  311. type: string
  312. type: array
  313. routes:
  314. description: Routes defines the list of routes.
  315. items:
  316. description: RouteTCP holds the TCP route configuration.
  317. properties:
  318. match:
  319. description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule_1'
  320. type: string
  321. middlewares:
  322. description: Middlewares defines the list of references to MiddlewareTCP
  323. resources.
  324. items:
  325. description: ObjectReference is a generic reference to a Traefik
  326. resource.
  327. properties:
  328. name:
  329. description: Name defines the name of the referenced Traefik
  330. resource.
  331. type: string
  332. namespace:
  333. description: Namespace defines the namespace of the referenced
  334. Traefik resource.
  335. type: string
  336. required:
  337. - name
  338. type: object
  339. type: array
  340. priority:
  341. description: 'Priority defines the router''s priority. More
  342. info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority_1'
  343. type: integer
  344. services:
  345. description: Services defines the list of TCP services.
  346. items:
  347. description: ServiceTCP defines an upstream TCP service to
  348. proxy traffic to.
  349. properties:
  350. name:
  351. description: Name defines the name of the referenced Kubernetes
  352. Service.
  353. type: string
  354. namespace:
  355. description: Namespace defines the namespace of the referenced
  356. Kubernetes Service.
  357. type: string
  358. port:
  359. anyOf:
  360. - type: integer
  361. - type: string
  362. description: Port defines the port of a Kubernetes Service.
  363. This can be a reference to a named port.
  364. x-kubernetes-int-or-string: true
  365. proxyProtocol:
  366. description: 'ProxyProtocol defines the PROXY protocol
  367. configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/services/#proxy-protocol'
  368. properties:
  369. version:
  370. description: Version defines the PROXY Protocol version
  371. to use.
  372. type: integer
  373. type: object
  374. terminationDelay:
  375. description: TerminationDelay defines the deadline that
  376. the proxy sets, after one of its connected peers indicates
  377. it has closed the writing capability of its connection,
  378. to close the reading capability as well, hence fully
  379. terminating the connection. It is a duration in milliseconds,
  380. defaulting to 100. A negative value means an infinite
  381. deadline (i.e. the reading capability is never closed).
  382. type: integer
  383. weight:
  384. description: Weight defines the weight used when balancing
  385. requests between multiple Kubernetes Service.
  386. type: integer
  387. required:
  388. - name
  389. - port
  390. type: object
  391. type: array
  392. required:
  393. - match
  394. type: object
  395. type: array
  396. tls:
  397. description: 'TLS defines the TLS configuration on a layer 4 / TCP
  398. Route. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls_1'
  399. properties:
  400. certResolver:
  401. description: 'CertResolver defines the name of the certificate
  402. resolver to use. Cert resolvers have to be configured in the
  403. static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers'
  404. type: string
  405. domains:
  406. description: 'Domains defines the list of domains that will be
  407. used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains'
  408. items:
  409. description: Domain holds a domain name with SANs.
  410. properties:
  411. main:
  412. description: Main defines the main domain name.
  413. type: string
  414. sans:
  415. description: SANs defines the subject alternative domain
  416. names.
  417. items:
  418. type: string
  419. type: array
  420. type: object
  421. type: array
  422. options:
  423. description: 'Options defines the reference to a TLSOption, that
  424. specifies the parameters of the TLS connection. If not defined,
  425. the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
  426. properties:
  427. name:
  428. description: Name defines the name of the referenced Traefik
  429. resource.
  430. type: string
  431. namespace:
  432. description: Namespace defines the namespace of the referenced
  433. Traefik resource.
  434. type: string
  435. required:
  436. - name
  437. type: object
  438. passthrough:
  439. description: Passthrough defines whether a TLS router will terminate
  440. the TLS connection.
  441. type: boolean
  442. secretName:
  443. description: SecretName is the name of the referenced Kubernetes
  444. Secret to specify the certificate details.
  445. type: string
  446. store:
  447. description: Store defines the reference to the TLSStore, that
  448. will be used to store certificates. Please note that only `default`
  449. TLSStore can be used.
  450. properties:
  451. name:
  452. description: Name defines the name of the referenced Traefik
  453. resource.
  454. type: string
  455. namespace:
  456. description: Namespace defines the namespace of the referenced
  457. Traefik resource.
  458. type: string
  459. required:
  460. - name
  461. type: object
  462. type: object
  463. required:
  464. - routes
  465. type: object
  466. required:
  467. - metadata
  468. - spec
  469. type: object
  470. served: true
  471. storage: true
  472. status:
  473. acceptedNames:
  474. kind: ""
  475. plural: ""
  476. conditions: []
  477. storedVersions: []
  478. ---
  479. apiVersion: apiextensions.k8s.io/v1
  480. kind: CustomResourceDefinition
  481. metadata:
  482. annotations:
  483. controller-gen.kubebuilder.io/version: v0.6.2
  484. creationTimestamp: null
  485. name: ingressrouteudps.traefik.containo.us
  486. spec:
  487. group: traefik.containo.us
  488. names:
  489. kind: IngressRouteUDP
  490. listKind: IngressRouteUDPList
  491. plural: ingressrouteudps
  492. singular: ingressrouteudp
  493. scope: Namespaced
  494. versions:
  495. - name: v1alpha1
  496. schema:
  497. openAPIV3Schema:
  498. description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
  499. properties:
  500. apiVersion:
  501. description: 'APIVersion defines the versioned schema of this representation
  502. of an object. Servers should convert recognized schemas to the latest
  503. internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
  504. type: string
  505. kind:
  506. description: 'Kind is a string value representing the REST resource this
  507. object represents. Servers may infer this from the endpoint the client
  508. submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
  509. type: string
  510. metadata:
  511. type: object
  512. spec:
  513. description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
  514. properties:
  515. entryPoints:
  516. description: 'EntryPoints defines the list of entry point names to
  517. bind to. Entry points have to be configured in the static configuration.
  518. More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
  519. Default: all.'
  520. items:
  521. type: string
  522. type: array
  523. routes:
  524. description: Routes defines the list of routes.
  525. items:
  526. description: RouteUDP holds the UDP route configuration.
  527. properties:
  528. services:
  529. description: Services defines the list of UDP services.
  530. items:
  531. description: ServiceUDP defines an upstream UDP service to
  532. proxy traffic to.
  533. properties:
  534. name:
  535. description: Name defines the name of the referenced Kubernetes
  536. Service.
  537. type: string
  538. namespace:
  539. description: Namespace defines the namespace of the referenced
  540. Kubernetes Service.
  541. type: string
  542. port:
  543. anyOf:
  544. - type: integer
  545. - type: string
  546. description: Port defines the port of a Kubernetes Service.
  547. This can be a reference to a named port.
  548. x-kubernetes-int-or-string: true
  549. weight:
  550. description: Weight defines the weight used when balancing
  551. requests between multiple Kubernetes Service.
  552. type: integer
  553. required:
  554. - name
  555. - port
  556. type: object
  557. type: array
  558. type: object
  559. type: array
  560. required:
  561. - routes
  562. type: object
  563. required:
  564. - metadata
  565. - spec
  566. type: object
  567. served: true
  568. storage: true
  569. status:
  570. acceptedNames:
  571. kind: ""
  572. plural: ""
  573. conditions: []
  574. storedVersions: []
  575. ---
  576. apiVersion: apiextensions.k8s.io/v1
  577. kind: CustomResourceDefinition
  578. metadata:
  579. annotations:
  580. controller-gen.kubebuilder.io/version: v0.6.2
  581. creationTimestamp: null
  582. name: middlewares.traefik.containo.us
  583. spec:
  584. group: traefik.containo.us
  585. names:
  586. kind: Middleware
  587. listKind: MiddlewareList
  588. plural: middlewares
  589. singular: middleware
  590. scope: Namespaced
  591. versions:
  592. - name: v1alpha1
  593. schema:
  594. openAPIV3Schema:
  595. description: 'Middleware is the CRD implementation of a Traefik Middleware.
  596. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/overview/'
  597. properties:
  598. apiVersion:
  599. description: 'APIVersion defines the versioned schema of this representation
  600. of an object. Servers should convert recognized schemas to the latest
  601. internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
  602. type: string
  603. kind:
  604. description: 'Kind is a string value representing the REST resource this
  605. object represents. Servers may infer this from the endpoint the client
  606. submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
  607. type: string
  608. metadata:
  609. type: object
  610. spec:
  611. description: MiddlewareSpec defines the desired state of a Middleware.
  612. properties:
  613. addPrefix:
  614. description: 'AddPrefix holds the add prefix middleware configuration.
  615. This middleware updates the path of a request before forwarding
  616. it. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/addprefix/'
  617. properties:
  618. prefix:
  619. description: Prefix is the string to add before the current path
  620. in the requested URL. It should include a leading slash (/).
  621. type: string
  622. type: object
  623. basicAuth:
  624. description: 'BasicAuth holds the basic auth middleware configuration.
  625. This middleware restricts access to your services to known users.
  626. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/'
  627. properties:
  628. headerField:
  629. description: 'HeaderField defines a header field to store the
  630. authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield'
  631. type: string
  632. realm:
  633. description: 'Realm allows the protected resources on a server
  634. to be partitioned into a set of protection spaces, each with
  635. its own authentication scheme. Default: traefik.'
  636. type: string
  637. removeHeader:
  638. description: 'RemoveHeader sets the removeHeader option to true
  639. to remove the authorization header before forwarding the request
  640. to your service. Default: false.'
  641. type: boolean
  642. secret:
  643. description: Secret is the name of the referenced Kubernetes Secret
  644. containing user credentials.
  645. type: string
  646. type: object
  647. buffering:
  648. description: 'Buffering holds the buffering middleware configuration.
  649. This middleware retries or limits the size of requests that can
  650. be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#maxrequestbodybytes'
  651. properties:
  652. maxRequestBodyBytes:
  653. description: 'MaxRequestBodyBytes defines the maximum allowed
  654. body size for the request (in bytes). If the request exceeds
  655. the allowed size, it is not forwarded to the service, and the
  656. client gets a 413 (Request Entity Too Large) response. Default:
  657. 0 (no maximum).'
  658. format: int64
  659. type: integer
  660. maxResponseBodyBytes:
  661. description: 'MaxResponseBodyBytes defines the maximum allowed
  662. response size from the service (in bytes). If the response exceeds
  663. the allowed size, it is not forwarded to the client. The client
  664. gets a 500 (Internal Server Error) response instead. Default:
  665. 0 (no maximum).'
  666. format: int64
  667. type: integer
  668. memRequestBodyBytes:
  669. description: 'MemRequestBodyBytes defines the threshold (in bytes)
  670. from which the request will be buffered on disk instead of in
  671. memory. Default: 1048576 (1Mi).'
  672. format: int64
  673. type: integer
  674. memResponseBodyBytes:
  675. description: 'MemResponseBodyBytes defines the threshold (in bytes)
  676. from which the response will be buffered on disk instead of
  677. in memory. Default: 1048576 (1Mi).'
  678. format: int64
  679. type: integer
  680. retryExpression:
  681. description: 'RetryExpression defines the retry conditions. It
  682. is a logical combination of functions with operators AND (&&)
  683. and OR (||). More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#retryexpression'
  684. type: string
  685. type: object
  686. chain:
  687. description: 'Chain holds the configuration of the chain middleware.
  688. This middleware enables to define reusable combinations of other
  689. pieces of middleware. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/chain/'
  690. properties:
  691. middlewares:
  692. description: Middlewares is the list of MiddlewareRef which composes
  693. the chain.
  694. items:
  695. description: MiddlewareRef is a reference to a Middleware resource.
  696. properties:
  697. name:
  698. description: Name defines the name of the referenced Middleware
  699. resource.
  700. type: string
  701. namespace:
  702. description: Namespace defines the namespace of the referenced
  703. Middleware resource.
  704. type: string
  705. required:
  706. - name
  707. type: object
  708. type: array
  709. type: object
  710. circuitBreaker:
  711. description: CircuitBreaker holds the circuit breaker configuration.
  712. properties:
  713. checkPeriod:
  714. anyOf:
  715. - type: integer
  716. - type: string
  717. description: CheckPeriod is the interval between successive checks
  718. of the circuit breaker condition (when in standby state).
  719. x-kubernetes-int-or-string: true
  720. expression:
  721. description: Expression is the condition that triggers the tripped
  722. state.
  723. type: string
  724. fallbackDuration:
  725. anyOf:
  726. - type: integer
  727. - type: string
  728. description: FallbackDuration is the duration for which the circuit
  729. breaker will wait before trying to recover (from a tripped state).
  730. x-kubernetes-int-or-string: true
  731. recoveryDuration:
  732. anyOf:
  733. - type: integer
  734. - type: string
  735. description: RecoveryDuration is the duration for which the circuit
  736. breaker will try to recover (as soon as it is in recovering
  737. state).
  738. x-kubernetes-int-or-string: true
  739. type: object
  740. compress:
  741. description: 'Compress holds the compress middleware configuration.
  742. This middleware compresses responses before sending them to the
  743. client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/compress/'
  744. properties:
  745. excludedContentTypes:
  746. description: ExcludedContentTypes defines the list of content
  747. types to compare the Content-Type header of the incoming requests
  748. and responses before compressing.
  749. items:
  750. type: string
  751. type: array
  752. minResponseBodyBytes:
  753. description: 'MinResponseBodyBytes defines the minimum amount
  754. of bytes a response body must have to be compressed. Default:
  755. 1024.'
  756. type: integer
  757. type: object
  758. contentType:
  759. description: ContentType holds the content-type middleware configuration.
  760. This middleware exists to enable the correct behavior until at least
  761. the default one can be changed in a future version.
  762. properties:
  763. autoDetect:
  764. description: AutoDetect specifies whether to let the `Content-Type`
  765. header, if it has not been set by the backend, be automatically
  766. set to a value derived from the contents of the response. As
  767. a proxy, the default behavior should be to leave the header
  768. alone, regardless of what the backend did with it. However,
  769. the historic default was to always auto-detect and set the header
  770. if it was nil, and it is going to be kept that way in order
  771. to support users currently relying on it.
  772. type: boolean
  773. type: object
  774. digestAuth:
  775. description: 'DigestAuth holds the digest auth middleware configuration.
  776. This middleware restricts access to your services to known users.
  777. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/digestauth/'
  778. properties:
  779. headerField:
  780. description: 'HeaderField defines a header field to store the
  781. authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield'
  782. type: string
  783. realm:
  784. description: 'Realm allows the protected resources on a server
  785. to be partitioned into a set of protection spaces, each with
  786. its own authentication scheme. Default: traefik.'
  787. type: string
  788. removeHeader:
  789. description: RemoveHeader defines whether to remove the authorization
  790. header before forwarding the request to the backend.
  791. type: boolean
  792. secret:
  793. description: Secret is the name of the referenced Kubernetes Secret
  794. containing user credentials.
  795. type: string
  796. type: object
  797. errors:
  798. description: 'ErrorPage holds the custom error middleware configuration.
  799. This middleware returns a custom page in lieu of the default, according
  800. to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/'
  801. properties:
  802. query:
  803. description: Query defines the URL for the error page (hosted
  804. by service). The {status} variable can be used in order to insert
  805. the status code in the URL.
  806. type: string
  807. service:
  808. description: 'Service defines the reference to a Kubernetes Service
  809. that will serve the error page. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/#service'
  810. properties:
  811. kind:
  812. description: Kind defines the kind of the Service.
  813. enum:
  814. - Service
  815. - TraefikService
  816. type: string
  817. name:
  818. description: Name defines the name of the referenced Kubernetes
  819. Service or TraefikService. The differentiation between the
  820. two is specified in the Kind field.
  821. type: string
  822. namespace:
  823. description: Namespace defines the namespace of the referenced
  824. Kubernetes Service or TraefikService.
  825. type: string
  826. passHostHeader:
  827. description: PassHostHeader defines whether the client Host
  828. header is forwarded to the upstream Kubernetes Service.
  829. By default, passHostHeader is true.
  830. type: boolean
  831. port:
  832. anyOf:
  833. - type: integer
  834. - type: string
  835. description: Port defines the port of a Kubernetes Service.
  836. This can be a reference to a named port.
  837. x-kubernetes-int-or-string: true
  838. responseForwarding:
  839. description: ResponseForwarding defines how Traefik forwards
  840. the response from the upstream Kubernetes Service to the
  841. client.
  842. properties:
  843. flushInterval:
  844. description: 'FlushInterval defines the interval, in milliseconds,
  845. in between flushes to the client while copying the response
  846. body. A negative value means to flush immediately after
  847. each write to the client. This configuration is ignored
  848. when ReverseProxy recognizes a response as a streaming
  849. response; for such responses, writes are flushed to
  850. the client immediately. Default: 100ms'
  851. type: string
  852. type: object
  853. scheme:
  854. description: Scheme defines the scheme to use for the request
  855. to the upstream Kubernetes Service. It defaults to https
  856. when Kubernetes Service port is 443, http otherwise.
  857. type: string
  858. serversTransport:
  859. description: ServersTransport defines the name of ServersTransport
  860. resource to use. It allows to configure the transport between
  861. Traefik and your servers. Can only be used on a Kubernetes
  862. Service.
  863. type: string
  864. sticky:
  865. description: 'Sticky defines the sticky sessions configuration.
  866. More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
  867. properties:
  868. cookie:
  869. description: Cookie defines the sticky cookie configuration.
  870. properties:
  871. httpOnly:
  872. description: HTTPOnly defines whether the cookie can
  873. be accessed by client-side APIs, such as JavaScript.
  874. type: boolean
  875. name:
  876. description: Name defines the Cookie name.
  877. type: string
  878. sameSite:
  879. description: 'SameSite defines the same site policy.
  880. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
  881. type: string
  882. secure:
  883. description: Secure defines whether the cookie can
  884. only be transmitted over an encrypted connection
  885. (i.e. HTTPS).
  886. type: boolean
  887. type: object
  888. type: object
  889. strategy:
  890. description: Strategy defines the load balancing strategy
  891. between the servers. RoundRobin is the only supported value
  892. at the moment.
  893. type: string
  894. weight:
  895. description: Weight defines the weight and should only be
  896. specified when Name references a TraefikService object (and
  897. to be precise, one that embeds a Weighted Round Robin).
  898. type: integer
  899. required:
  900. - name
  901. type: object
  902. status:
  903. description: Status defines which status or range of statuses
  904. should result in an error page. It can be either a status code
  905. as a number (500), as multiple comma-separated numbers (500,502),
  906. as ranges by separating two codes with a dash (500-599), or
  907. a combination of the two (404,418,500-599).
  908. items:
  909. type: string
  910. type: array
  911. type: object
  912. forwardAuth:
  913. description: 'ForwardAuth holds the forward auth middleware configuration.
  914. This middleware delegates the request authentication to a Service.
  915. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/'
  916. properties:
  917. address:
  918. description: Address defines the authentication server address.
  919. type: string
  920. authRequestHeaders:
  921. description: AuthRequestHeaders defines the list of the headers
  922. to copy from the request to the authentication server. If not
  923. set or empty then all request headers are passed.
  924. items:
  925. type: string
  926. type: array
  927. authResponseHeaders:
  928. description: AuthResponseHeaders defines the list of headers to
  929. copy from the authentication server response and set on forwarded
  930. request, replacing any existing conflicting headers.
  931. items:
  932. type: string
  933. type: array
  934. authResponseHeadersRegex:
  935. description: 'AuthResponseHeadersRegex defines the regex to match
  936. headers to copy from the authentication server response and
  937. set on forwarded request, after stripping all headers that match
  938. the regex. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/#authresponseheadersregex'
  939. type: string
  940. tls:
  941. description: TLS defines the configuration used to secure the
  942. connection to the authentication server.
  943. properties:
  944. caOptional:
  945. type: boolean
  946. caSecret:
  947. description: CASecret is the name of the referenced Kubernetes
  948. Secret containing the CA to validate the server certificate.
  949. The CA certificate is extracted from key `tls.ca` or `ca.crt`.
  950. type: string
  951. certSecret:
  952. description: CertSecret is the name of the referenced Kubernetes
  953. Secret containing the client certificate. The client certificate
  954. is extracted from the keys `tls.crt` and `tls.key`.
  955. type: string
  956. insecureSkipVerify:
  957. description: InsecureSkipVerify defines whether the server
  958. certificates should be validated.
  959. type: boolean
  960. type: object
  961. trustForwardHeader:
  962. description: 'TrustForwardHeader defines whether to trust (ie:
  963. forward) all X-Forwarded-* headers.'
  964. type: boolean
  965. type: object
  966. headers:
  967. description: 'Headers holds the headers middleware configuration.
  968. This middleware manages the requests and responses headers. More
  969. info: https://doc.traefik.io/traefik/v2.9/middlewares/http/headers/#customrequestheaders'
  970. properties:
  971. accessControlAllowCredentials:
  972. description: AccessControlAllowCredentials defines whether the
  973. request can include user credentials.
  974. type: boolean
  975. accessControlAllowHeaders:
  976. description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
  977. values sent in preflight response.
  978. items:
  979. type: string
  980. type: array
  981. accessControlAllowMethods:
  982. description: AccessControlAllowMethods defines the Access-Control-Request-Method
  983. values sent in preflight response.
  984. items:
  985. type: string
  986. type: array
  987. accessControlAllowOriginList:
  988. description: AccessControlAllowOriginList is a list of allowable
  989. origins. Can also be a wildcard origin "*".
  990. items:
  991. type: string
  992. type: array
  993. accessControlAllowOriginListRegex:
  994. description: AccessControlAllowOriginListRegex is a list of allowable
  995. origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
  996. items:
  997. type: string
  998. type: array
  999. accessControlExposeHeaders:
  1000. description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
  1001. values sent in preflight response.
  1002. items:
  1003. type: string
  1004. type: array
  1005. accessControlMaxAge:
  1006. description: AccessControlMaxAge defines the time that a preflight
  1007. request may be cached.
  1008. format: int64
  1009. type: integer
  1010. addVaryHeader:
  1011. description: AddVaryHeader defines whether the Vary header is
  1012. automatically added/updated when the AccessControlAllowOriginList
  1013. is set.
  1014. type: boolean
  1015. allowedHosts:
  1016. description: AllowedHosts defines the fully qualified list of
  1017. allowed domain names.
  1018. items:
  1019. type: string
  1020. type: array
  1021. browserXssFilter:
  1022. description: BrowserXSSFilter defines whether to add the X-XSS-Protection
  1023. header with the value 1; mode=block.
  1024. type: boolean
  1025. contentSecurityPolicy:
  1026. description: ContentSecurityPolicy defines the Content-Security-Policy
  1027. header value.
  1028. type: string
  1029. contentTypeNosniff:
  1030. description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
  1031. header with the nosniff value.
  1032. type: boolean
  1033. customBrowserXSSValue:
  1034. description: CustomBrowserXSSValue defines the X-XSS-Protection
  1035. header value. This overrides the BrowserXssFilter option.
  1036. type: string
  1037. customFrameOptionsValue:
  1038. description: CustomFrameOptionsValue defines the X-Frame-Options
  1039. header value. This overrides the FrameDeny option.
  1040. type: string
  1041. customRequestHeaders:
  1042. additionalProperties:
  1043. type: string
  1044. description: CustomRequestHeaders defines the header names and
  1045. values to apply to the request.
  1046. type: object
  1047. customResponseHeaders:
  1048. additionalProperties:
  1049. type: string
  1050. description: CustomResponseHeaders defines the header names and
  1051. values to apply to the response.
  1052. type: object
  1053. featurePolicy:
  1054. description: 'Deprecated: use PermissionsPolicy instead.'
  1055. type: string
  1056. forceSTSHeader:
  1057. description: ForceSTSHeader defines whether to add the STS header
  1058. even when the connection is HTTP.
  1059. type: boolean
  1060. frameDeny:
  1061. description: FrameDeny defines whether to add the X-Frame-Options
  1062. header with the DENY value.
  1063. type: boolean
  1064. hostsProxyHeaders:
  1065. description: HostsProxyHeaders defines the header keys that may
  1066. hold a proxied hostname value for the request.
  1067. items:
  1068. type: string
  1069. type: array
  1070. isDevelopment:
  1071. description: IsDevelopment defines whether to mitigate the unwanted
  1072. effects of the AllowedHosts, SSL, and STS options when developing.
  1073. Usually testing takes place using HTTP, not HTTPS, and on localhost,
  1074. not your production domain. If you would like your development
  1075. environment to mimic production with complete Host blocking,
  1076. SSL redirects, and STS headers, leave this as false.
  1077. type: boolean
  1078. permissionsPolicy:
  1079. description: PermissionsPolicy defines the Permissions-Policy
  1080. header value. This allows sites to control browser features.
  1081. type: string
  1082. publicKey:
  1083. description: PublicKey is the public key that implements HPKP
  1084. to prevent MITM attacks with forged certificates.
  1085. type: string
  1086. referrerPolicy:
  1087. description: ReferrerPolicy defines the Referrer-Policy header
  1088. value. This allows sites to control whether browsers forward
  1089. the Referer header to other sites.
  1090. type: string
  1091. sslForceHost:
  1092. description: 'Deprecated: use RedirectRegex instead.'
  1093. type: boolean
  1094. sslHost:
  1095. description: 'Deprecated: use RedirectRegex instead.'
  1096. type: string
  1097. sslProxyHeaders:
  1098. additionalProperties:
  1099. type: string
  1100. description: 'SSLProxyHeaders defines the header keys with associated
  1101. values that would indicate a valid HTTPS request. It can be
  1102. useful when using other proxies (example: "X-Forwarded-Proto":
  1103. "https").'
  1104. type: object
  1105. sslRedirect:
  1106. description: 'Deprecated: use EntryPoint redirection or RedirectScheme
  1107. instead.'
  1108. type: boolean
  1109. sslTemporaryRedirect:
  1110. description: 'Deprecated: use EntryPoint redirection or RedirectScheme
  1111. instead.'
  1112. type: boolean
  1113. stsIncludeSubdomains:
  1114. description: STSIncludeSubdomains defines whether the includeSubDomains
  1115. directive is appended to the Strict-Transport-Security header.
  1116. type: boolean
  1117. stsPreload:
  1118. description: STSPreload defines whether the preload flag is appended
  1119. to the Strict-Transport-Security header.
  1120. type: boolean
  1121. stsSeconds:
  1122. description: STSSeconds defines the max-age of the Strict-Transport-Security
  1123. header. If set to 0, the header is not set.
  1124. format: int64
  1125. type: integer
  1126. type: object
  1127. inFlightReq:
  1128. description: 'InFlightReq holds the in-flight request middleware configuration.
  1129. This middleware limits the number of requests being processed and
  1130. served concurrently. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/'
  1131. properties:
  1132. amount:
  1133. description: Amount defines the maximum amount of allowed simultaneous
  1134. in-flight request. The middleware responds with HTTP 429 Too
  1135. Many Requests if there are already amount requests in progress
  1136. (based on the same sourceCriterion strategy).
  1137. format: int64
  1138. type: integer
  1139. sourceCriterion:
  1140. description: 'SourceCriterion defines what criterion is used to
  1141. group requests as originating from a common source. If several
  1142. strategies are defined at the same time, an error will be raised.
  1143. If none are set, the default is to use the requestHost. More
  1144. info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/#sourcecriterion'
  1145. properties:
  1146. ipStrategy:
  1147. description: 'IPStrategy holds the IP strategy configuration
  1148. used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
  1149. properties:
  1150. depth:
  1151. description: Depth tells Traefik to use the X-Forwarded-For
  1152. header and take the IP located at the depth position
  1153. (starting from the right).
  1154. type: integer
  1155. excludedIPs:
  1156. description: ExcludedIPs configures Traefik to scan the
  1157. X-Forwarded-For header and select the first IP not in
  1158. the list.
  1159. items:
  1160. type: string
  1161. type: array
  1162. type: object
  1163. requestHeaderName:
  1164. description: RequestHeaderName defines the name of the header
  1165. used to group incoming requests.
  1166. type: string
  1167. requestHost:
  1168. description: RequestHost defines whether to consider the request
  1169. Host as the source.
  1170. type: boolean
  1171. type: object
  1172. type: object
  1173. ipWhiteList:
  1174. description: 'IPWhiteList holds the IP whitelist middleware configuration.
  1175. This middleware accepts / refuses requests based on the client IP.
  1176. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/'
  1177. properties:
  1178. ipStrategy:
  1179. description: 'IPStrategy holds the IP strategy configuration used
  1180. by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
  1181. properties:
  1182. depth:
  1183. description: Depth tells Traefik to use the X-Forwarded-For
  1184. header and take the IP located at the depth position (starting
  1185. from the right).
  1186. type: integer
  1187. excludedIPs:
  1188. description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
  1189. header and select the first IP not in the list.
  1190. items:
  1191. type: string
  1192. type: array
  1193. type: object
  1194. sourceRange:
  1195. description: SourceRange defines the set of allowed IPs (or ranges
  1196. of allowed IPs by using CIDR notation).
  1197. items:
  1198. type: string
  1199. type: array
  1200. type: object
  1201. passTLSClientCert:
  1202. description: 'PassTLSClientCert holds the pass TLS client cert middleware
  1203. configuration. This middleware adds the selected data from the passed
  1204. client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/passtlsclientcert/'
  1205. properties:
  1206. info:
  1207. description: Info selects the specific client certificate details
  1208. you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
  1209. properties:
  1210. issuer:
  1211. description: Issuer defines the client certificate issuer
  1212. details to add to the X-Forwarded-Tls-Client-Cert-Info header.
  1213. properties:
  1214. commonName:
  1215. description: CommonName defines whether to add the organizationalUnit
  1216. information into the issuer.
  1217. type: boolean
  1218. country:
  1219. description: Country defines whether to add the country
  1220. information into the issuer.
  1221. type: boolean
  1222. domainComponent:
  1223. description: DomainComponent defines whether to add the
  1224. domainComponent information into the issuer.
  1225. type: boolean
  1226. locality:
  1227. description: Locality defines whether to add the locality
  1228. information into the issuer.
  1229. type: boolean
  1230. organization:
  1231. description: Organization defines whether to add the organization
  1232. information into the issuer.
  1233. type: boolean
  1234. province:
  1235. description: Province defines whether to add the province
  1236. information into the issuer.
  1237. type: boolean
  1238. serialNumber:
  1239. description: SerialNumber defines whether to add the serialNumber
  1240. information into the issuer.
  1241. type: boolean
  1242. type: object
  1243. notAfter:
  1244. description: NotAfter defines whether to add the Not After
  1245. information from the Validity part.
  1246. type: boolean
  1247. notBefore:
  1248. description: NotBefore defines whether to add the Not Before
  1249. information from the Validity part.
  1250. type: boolean
  1251. sans:
  1252. description: Sans defines whether to add the Subject Alternative
  1253. Name information from the Subject Alternative Name part.
  1254. type: boolean
  1255. serialNumber:
  1256. description: SerialNumber defines whether to add the client
  1257. serialNumber information.
  1258. type: boolean
  1259. subject:
  1260. description: Subject defines the client certificate subject
  1261. details to add to the X-Forwarded-Tls-Client-Cert-Info header.
  1262. properties:
  1263. commonName:
  1264. description: CommonName defines whether to add the organizationalUnit
  1265. information into the subject.
  1266. type: boolean
  1267. country:
  1268. description: Country defines whether to add the country
  1269. information into the subject.
  1270. type: boolean
  1271. domainComponent:
  1272. description: DomainComponent defines whether to add the
  1273. domainComponent information into the subject.
  1274. type: boolean
  1275. locality:
  1276. description: Locality defines whether to add the locality
  1277. information into the subject.
  1278. type: boolean
  1279. organization:
  1280. description: Organization defines whether to add the organization
  1281. information into the subject.
  1282. type: boolean
  1283. organizationalUnit:
  1284. description: OrganizationalUnit defines whether to add
  1285. the organizationalUnit information into the subject.
  1286. type: boolean
  1287. province:
  1288. description: Province defines whether to add the province
  1289. information into the subject.
  1290. type: boolean
  1291. serialNumber:
  1292. description: SerialNumber defines whether to add the serialNumber
  1293. information into the subject.
  1294. type: boolean
  1295. type: object
  1296. type: object
  1297. pem:
  1298. description: PEM sets the X-Forwarded-Tls-Client-Cert header with
  1299. the certificate.
  1300. type: boolean
  1301. type: object
  1302. plugin:
  1303. additionalProperties:
  1304. x-kubernetes-preserve-unknown-fields: true
  1305. description: 'Plugin defines the middleware plugin configuration.
  1306. More info: https://doc.traefik.io/traefik/plugins/'
  1307. type: object
  1308. rateLimit:
  1309. description: 'RateLimit holds the rate limit configuration. This middleware
  1310. ensures that services will receive a fair amount of requests, and
  1311. allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ratelimit/'
  1312. properties:
  1313. average:
  1314. description: Average is the maximum rate, by default in requests/s,
  1315. allowed for the given source. It defaults to 0, which means
  1316. no rate limiting. The rate is actually defined by dividing Average
  1317. by Period. So for a rate below 1req/s, one needs to define a
  1318. Period larger than a second.
  1319. format: int64
  1320. type: integer
  1321. burst:
  1322. description: Burst is the maximum number of requests allowed to
  1323. arrive in the same arbitrarily small period of time. It defaults
  1324. to 1.
  1325. format: int64
  1326. type: integer
  1327. period:
  1328. anyOf:
  1329. - type: integer
  1330. - type: string
  1331. description: 'Period, in combination with Average, defines the
  1332. actual maximum rate, such as: r = Average / Period. It defaults
  1333. to a second.'
  1334. x-kubernetes-int-or-string: true
  1335. sourceCriterion:
  1336. description: SourceCriterion defines what criterion is used to
  1337. group requests as originating from a common source. If several
  1338. strategies are defined at the same time, an error will be raised.
  1339. If none are set, the default is to use the request's remote
  1340. address field (as an ipStrategy).
  1341. properties:
  1342. ipStrategy:
  1343. description: 'IPStrategy holds the IP strategy configuration
  1344. used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
  1345. properties:
  1346. depth:
  1347. description: Depth tells Traefik to use the X-Forwarded-For
  1348. header and take the IP located at the depth position
  1349. (starting from the right).
  1350. type: integer
  1351. excludedIPs:
  1352. description: ExcludedIPs configures Traefik to scan the
  1353. X-Forwarded-For header and select the first IP not in
  1354. the list.
  1355. items:
  1356. type: string
  1357. type: array
  1358. type: object
  1359. requestHeaderName:
  1360. description: RequestHeaderName defines the name of the header
  1361. used to group incoming requests.
  1362. type: string
  1363. requestHost:
  1364. description: RequestHost defines whether to consider the request
  1365. Host as the source.
  1366. type: boolean
  1367. type: object
  1368. type: object
  1369. redirectRegex:
  1370. description: 'RedirectRegex holds the redirect regex middleware configuration.
  1371. This middleware redirects a request using regex matching and replacement.
  1372. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectregex/#regex'
  1373. properties:
  1374. permanent:
  1375. description: Permanent defines whether the redirection is permanent
  1376. (301).
  1377. type: boolean
  1378. regex:
  1379. description: Regex defines the regex used to match and capture
  1380. elements from the request URL.
  1381. type: string
  1382. replacement:
  1383. description: Replacement defines how to modify the URL to have
  1384. the new target URL.
  1385. type: string
  1386. type: object
  1387. redirectScheme:
  1388. description: 'RedirectScheme holds the redirect scheme middleware
  1389. configuration. This middleware redirects requests from a scheme/port
  1390. to another. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectscheme/'
  1391. properties:
  1392. permanent:
  1393. description: Permanent defines whether the redirection is permanent
  1394. (301).
  1395. type: boolean
  1396. port:
  1397. description: Port defines the port of the new URL.
  1398. type: string
  1399. scheme:
  1400. description: Scheme defines the scheme of the new URL.
  1401. type: string
  1402. type: object
  1403. replacePath:
  1404. description: 'ReplacePath holds the replace path middleware configuration.
  1405. This middleware replaces the path of the request URL and store the
  1406. original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepath/'
  1407. properties:
  1408. path:
  1409. description: Path defines the path to use as replacement in the
  1410. request URL.
  1411. type: string
  1412. type: object
  1413. replacePathRegex:
  1414. description: 'ReplacePathRegex holds the replace path regex middleware
  1415. configuration. This middleware replaces the path of a URL using
  1416. regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepathregex/'
  1417. properties:
  1418. regex:
  1419. description: Regex defines the regular expression used to match
  1420. and capture the path from the request URL.
  1421. type: string
  1422. replacement:
  1423. description: Replacement defines the replacement path format,
  1424. which can include captured variables.
  1425. type: string
  1426. type: object
  1427. retry:
  1428. description: 'Retry holds the retry middleware configuration. This
  1429. middleware reissues requests a given number of times to a backend
  1430. server if that server does not reply. As soon as the server answers,
  1431. the middleware stops retrying, regardless of the response status.
  1432. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/retry/'
  1433. properties:
  1434. attempts:
  1435. description: Attempts defines how many times the request should
  1436. be retried.
  1437. type: integer
  1438. initialInterval:
  1439. anyOf:
  1440. - type: integer
  1441. - type: string
  1442. description: InitialInterval defines the first wait time in the
  1443. exponential backoff series. The maximum interval is calculated
  1444. as twice the initialInterval. If unspecified, requests will
  1445. be retried immediately. The value of initialInterval should
  1446. be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
  1447. x-kubernetes-int-or-string: true
  1448. type: object
  1449. stripPrefix:
  1450. description: 'StripPrefix holds the strip prefix middleware configuration.
  1451. This middleware removes the specified prefixes from the URL path.
  1452. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
  1453. properties:
  1454. forceSlash:
  1455. description: 'ForceSlash ensures that the resulting stripped path
  1456. is not the empty string, by replacing it with / when necessary.
  1457. Default: true.'
  1458. type: boolean
  1459. prefixes:
  1460. description: Prefixes defines the prefixes to strip from the request
  1461. URL.
  1462. items:
  1463. type: string
  1464. type: array
  1465. type: object
  1466. stripPrefixRegex:
  1467. description: 'StripPrefixRegex holds the strip prefix regex middleware
  1468. configuration. This middleware removes the matching prefixes from
  1469. the URL path. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefixregex/'
  1470. properties:
  1471. regex:
  1472. description: Regex defines the regular expression to match the
  1473. path prefix from the request URL.
  1474. items:
  1475. type: string
  1476. type: array
  1477. type: object
  1478. type: object
  1479. required:
  1480. - metadata
  1481. - spec
  1482. type: object
  1483. served: true
  1484. storage: true
  1485. status:
  1486. acceptedNames:
  1487. kind: ""
  1488. plural: ""
  1489. conditions: []
  1490. storedVersions: []
  1491. ---
  1492. apiVersion: apiextensions.k8s.io/v1
  1493. kind: CustomResourceDefinition
  1494. metadata:
  1495. annotations:
  1496. controller-gen.kubebuilder.io/version: v0.6.2
  1497. creationTimestamp: null
  1498. name: middlewaretcps.traefik.containo.us
  1499. spec:
  1500. group: traefik.containo.us
  1501. names:
  1502. kind: MiddlewareTCP
  1503. listKind: MiddlewareTCPList
  1504. plural: middlewaretcps
  1505. singular: middlewaretcp
  1506. scope: Namespaced
  1507. versions:
  1508. - name: v1alpha1
  1509. schema:
  1510. openAPIV3Schema:
  1511. description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
  1512. More info: https://doc.traefik.io/traefik/v2.9/middlewares/overview/'
  1513. properties:
  1514. apiVersion:
  1515. description: 'APIVersion defines the versioned schema of this representation
  1516. of an object. Servers should convert recognized schemas to the latest
  1517. internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
  1518. type: string
  1519. kind:
  1520. description: 'Kind is a string value representing the REST resource this
  1521. object represents. Servers may infer this from the endpoint the client
  1522. submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
  1523. type: string
  1524. metadata:
  1525. type: object
  1526. spec:
  1527. description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
  1528. properties:
  1529. inFlightConn:
  1530. description: InFlightConn defines the InFlightConn middleware configuration.
  1531. properties:
  1532. amount:
  1533. description: Amount defines the maximum amount of allowed simultaneous
  1534. connections. The middleware closes the connection if there are
  1535. already amount connections opened.
  1536. format: int64
  1537. type: integer
  1538. type: object
  1539. ipWhiteList:
  1540. description: IPWhiteList defines the IPWhiteList middleware configuration.
  1541. properties:
  1542. sourceRange:
  1543. description: SourceRange defines the allowed IPs (or ranges of
  1544. allowed IPs by using CIDR notation).
  1545. items:
  1546. type: string
  1547. type: array
  1548. type: object
  1549. type: object
  1550. required:
  1551. - metadata
  1552. - spec
  1553. type: object
  1554. served: true
  1555. storage: true
  1556. status:
  1557. acceptedNames:
  1558. kind: ""
  1559. plural: ""
  1560. conditions: []
  1561. storedVersions: []
  1562. ---
  1563. apiVersion: apiextensions.k8s.io/v1
  1564. kind: CustomResourceDefinition
  1565. metadata:
  1566. annotations:
  1567. controller-gen.kubebuilder.io/version: v0.6.2
  1568. creationTimestamp: null
  1569. name: serverstransports.traefik.containo.us
  1570. spec:
  1571. group: traefik.containo.us
  1572. names:
  1573. kind: ServersTransport
  1574. listKind: ServersTransportList
  1575. plural: serverstransports
  1576. singular: serverstransport
  1577. scope: Namespaced
  1578. versions:
  1579. - name: v1alpha1
  1580. schema:
  1581. openAPIV3Schema:
  1582. description: 'ServersTransport is the CRD implementation of a ServersTransport.
  1583. If no serversTransport is specified, the [email protected] will be used.
  1584. The [email protected] serversTransport is created from the static configuration.
  1585. More info: https://doc.traefik.io/traefik/v2.9/routing/services/#serverstransport_1'
  1586. properties:
  1587. apiVersion:
  1588. description: 'APIVersion defines the versioned schema of this representation
  1589. of an object. Servers should convert recognized schemas to the latest
  1590. internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
  1591. type: string
  1592. kind:
  1593. description: 'Kind is a string value representing the REST resource this
  1594. object represents. Servers may infer this from the endpoint the client
  1595. submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
  1596. type: string
  1597. metadata:
  1598. type: object
  1599. spec:
  1600. description: ServersTransportSpec defines the desired state of a ServersTransport.
  1601. properties:
  1602. certificatesSecrets:
  1603. description: CertificatesSecrets defines a list of secret storing
  1604. client certificates for mTLS.
  1605. items:
  1606. type: string
  1607. type: array
  1608. disableHTTP2:
  1609. description: DisableHTTP2 disables HTTP/2 for connections with backend
  1610. servers.
  1611. type: boolean
  1612. forwardingTimeouts:
  1613. description: ForwardingTimeouts defines the timeouts for requests
  1614. forwarded to the backend servers.
  1615. properties:
  1616. dialTimeout:
  1617. anyOf:
  1618. - type: integer
  1619. - type: string
  1620. description: DialTimeout is the amount of time to wait until a
  1621. connection to a backend server can be established.
  1622. x-kubernetes-int-or-string: true
  1623. idleConnTimeout:
  1624. anyOf:
  1625. - type: integer
  1626. - type: string
  1627. description: IdleConnTimeout is the maximum period for which an
  1628. idle HTTP keep-alive connection will remain open before closing
  1629. itself.
  1630. x-kubernetes-int-or-string: true
  1631. pingTimeout:
  1632. anyOf:
  1633. - type: integer
  1634. - type: string
  1635. description: PingTimeout is the timeout after which the HTTP/2
  1636. connection will be closed if a response to ping is not received.
  1637. x-kubernetes-int-or-string: true
  1638. readIdleTimeout:
  1639. anyOf:
  1640. - type: integer
  1641. - type: string
  1642. description: ReadIdleTimeout is the timeout after which a health
  1643. check using ping frame will be carried out if no frame is received
  1644. on the HTTP/2 connection.
  1645. x-kubernetes-int-or-string: true
  1646. responseHeaderTimeout:
  1647. anyOf:
  1648. - type: integer
  1649. - type: string
  1650. description: ResponseHeaderTimeout is the amount of time to wait
  1651. for a server's response headers after fully writing the request
  1652. (including its body, if any).
  1653. x-kubernetes-int-or-string: true
  1654. type: object
  1655. insecureSkipVerify:
  1656. description: InsecureSkipVerify disables SSL certificate verification.
  1657. type: boolean
  1658. maxIdleConnsPerHost:
  1659. description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
  1660. to keep per-host.
  1661. type: integer
  1662. peerCertURI:
  1663. description: PeerCertURI defines the peer cert URI used to match against
  1664. SAN URI during the peer certificate verification.
  1665. type: string
  1666. rootCAsSecrets:
  1667. description: RootCAsSecrets defines a list of CA secret used to validate
  1668. self-signed certificate.
  1669. items:
  1670. type: string
  1671. type: array
  1672. serverName:
  1673. description: ServerName defines the server name used to contact the
  1674. server.
  1675. type: string
  1676. type: object
  1677. required:
  1678. - metadata
  1679. - spec
  1680. type: object
  1681. served: true
  1682. storage: true
  1683. status:
  1684. acceptedNames:
  1685. kind: ""
  1686. plural: ""
  1687. conditions: []
  1688. storedVersions: []
  1689. ---
  1690. apiVersion: apiextensions.k8s.io/v1
  1691. kind: CustomResourceDefinition
  1692. metadata:
  1693. annotations:
  1694. controller-gen.kubebuilder.io/version: v0.6.2
  1695. creationTimestamp: null
  1696. name: tlsoptions.traefik.containo.us
  1697. spec:
  1698. group: traefik.containo.us
  1699. names:
  1700. kind: TLSOption
  1701. listKind: TLSOptionList
  1702. plural: tlsoptions
  1703. singular: tlsoption
  1704. scope: Namespaced
  1705. versions:
  1706. - name: v1alpha1
  1707. schema:
  1708. openAPIV3Schema:
  1709. description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
  1710. allowing to configure some parameters of the TLS connection. More info:
  1711. https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
  1712. properties:
  1713. apiVersion:
  1714. description: 'APIVersion defines the versioned schema of this representation
  1715. of an object. Servers should convert recognized schemas to the latest
  1716. internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
  1717. type: string
  1718. kind:
  1719. description: 'Kind is a string value representing the REST resource this
  1720. object represents. Servers may infer this from the endpoint the client
  1721. submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
  1722. type: string
  1723. metadata:
  1724. type: object
  1725. spec:
  1726. description: TLSOptionSpec defines the desired state of a TLSOption.
  1727. properties:
  1728. alpnProtocols:
  1729. description: 'ALPNProtocols defines the list of supported application
  1730. level protocols for the TLS handshake, in order of preference. More
  1731. info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols'
  1732. items:
  1733. type: string
  1734. type: array
  1735. cipherSuites:
  1736. description: 'CipherSuites defines the list of supported cipher suites
  1737. for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#cipher-suites'
  1738. items:
  1739. type: string
  1740. type: array
  1741. clientAuth:
  1742. description: ClientAuth defines the server's policy for TLS Client
  1743. Authentication.
  1744. properties:
  1745. clientAuthType:
  1746. description: ClientAuthType defines the client authentication
  1747. type to apply.
  1748. enum:
  1749. - NoClientCert
  1750. - RequestClientCert
  1751. - RequireAnyClientCert
  1752. - VerifyClientCertIfGiven
  1753. - RequireAndVerifyClientCert
  1754. type: string
  1755. secretNames:
  1756. description: SecretNames defines the names of the referenced Kubernetes
  1757. Secret storing certificate details.
  1758. items:
  1759. type: string
  1760. type: array
  1761. type: object
  1762. curvePreferences:
  1763. description: 'CurvePreferences defines the preferred elliptic curves
  1764. in a specific order. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#curve-preferences'
  1765. items:
  1766. type: string
  1767. type: array
  1768. maxVersion:
  1769. description: 'MaxVersion defines the maximum TLS version that Traefik
  1770. will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
  1771. VersionTLS13. Default: None.'
  1772. type: string
  1773. minVersion:
  1774. description: 'MinVersion defines the minimum TLS version that Traefik
  1775. will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
  1776. VersionTLS13. Default: VersionTLS10.'
  1777. type: string
  1778. preferServerCipherSuites:
  1779. description: 'PreferServerCipherSuites defines whether the server
  1780. chooses a cipher suite among his own instead of among the client''s.
  1781. It is enabled automatically when minVersion or maxVersion is set.
  1782. Deprecated: https://github.com/golang/go/issues/45430'
  1783. type: boolean
  1784. sniStrict:
  1785. description: SniStrict defines whether Traefik allows connections
  1786. from clients connections that do not specify a server_name extension.
  1787. type: boolean
  1788. type: object
  1789. required:
  1790. - metadata
  1791. - spec
  1792. type: object
  1793. served: true
  1794. storage: true
  1795. status:
  1796. acceptedNames:
  1797. kind: ""
  1798. plural: ""
  1799. conditions: []
  1800. storedVersions: []
  1801. ---
  1802. apiVersion: apiextensions.k8s.io/v1
  1803. kind: CustomResourceDefinition
  1804. metadata:
  1805. annotations:
  1806. controller-gen.kubebuilder.io/version: v0.6.2
  1807. creationTimestamp: null
  1808. name: tlsstores.traefik.containo.us
  1809. spec:
  1810. group: traefik.containo.us
  1811. names:
  1812. kind: TLSStore
  1813. listKind: TLSStoreList
  1814. plural: tlsstores
  1815. singular: tlsstore
  1816. scope: Namespaced
  1817. versions:
  1818. - name: v1alpha1
  1819. schema:
  1820. openAPIV3Schema:
  1821. description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
  1822. the time being, only the TLSStore named default is supported. This means
  1823. that you cannot have two stores that are named default in different Kubernetes
  1824. namespaces. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#certificates-stores'
  1825. properties:
  1826. apiVersion:
  1827. description: 'APIVersion defines the versioned schema of this representation
  1828. of an object. Servers should convert recognized schemas to the latest
  1829. internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
  1830. type: string
  1831. kind:
  1832. description: 'Kind is a string value representing the REST resource this
  1833. object represents. Servers may infer this from the endpoint the client
  1834. submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
  1835. type: string
  1836. metadata:
  1837. type: object
  1838. spec:
  1839. description: TLSStoreSpec defines the desired state of a TLSStore.
  1840. properties:
  1841. certificates:
  1842. description: Certificates is a list of secret names, each secret holding
  1843. a key/certificate pair to add to the store.
  1844. items:
  1845. description: Certificate holds a secret name for the TLSStore resource.
  1846. properties:
  1847. secretName:
  1848. description: SecretName is the name of the referenced Kubernetes
  1849. Secret to specify the certificate details.
  1850. type: string
  1851. required:
  1852. - secretName
  1853. type: object
  1854. type: array
  1855. defaultCertificate:
  1856. description: DefaultCertificate defines the default certificate configuration.
  1857. properties:
  1858. secretName:
  1859. description: SecretName is the name of the referenced Kubernetes
  1860. Secret to specify the certificate details.
  1861. type: string
  1862. required:
  1863. - secretName
  1864. type: object
  1865. defaultGeneratedCert:
  1866. description: DefaultGeneratedCert defines the default generated certificate
  1867. configuration.
  1868. properties:
  1869. domain:
  1870. description: Domain is the domain definition for the DefaultCertificate.
  1871. properties:
  1872. main:
  1873. description: Main defines the main domain name.
  1874. type: string
  1875. sans:
  1876. description: SANs defines the subject alternative domain names.
  1877. items:
  1878. type: string
  1879. type: array
  1880. type: object
  1881. resolver:
  1882. description: Resolver is the name of the resolver that will be
  1883. used to issue the DefaultCertificate.
  1884. type: string
  1885. type: object
  1886. type: object
  1887. required:
  1888. - metadata
  1889. - spec
  1890. type: object
  1891. served: true
  1892. storage: true
  1893. status:
  1894. acceptedNames:
  1895. kind: ""
  1896. plural: ""
  1897. conditions: []
  1898. storedVersions: []
  1899. ---
  1900. apiVersion: apiextensions.k8s.io/v1
  1901. kind: CustomResourceDefinition
  1902. metadata:
  1903. annotations:
  1904. controller-gen.kubebuilder.io/version: v0.6.2
  1905. creationTimestamp: null
  1906. name: traefikservices.traefik.containo.us
  1907. spec:
  1908. group: traefik.containo.us
  1909. names:
  1910. kind: TraefikService
  1911. listKind: TraefikServiceList
  1912. plural: traefikservices
  1913. singular: traefikservice
  1914. scope: Namespaced
  1915. versions:
  1916. - name: v1alpha1
  1917. schema:
  1918. openAPIV3Schema:
  1919. description: 'TraefikService is the CRD implementation of a Traefik Service.
  1920. TraefikService object allows to: - Apply weight to Services on load-balancing
  1921. - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-traefikservice'
  1922. properties:
  1923. apiVersion:
  1924. description: 'APIVersion defines the versioned schema of this representation
  1925. of an object. Servers should convert recognized schemas to the latest
  1926. internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
  1927. type: string
  1928. kind:
  1929. description: 'Kind is a string value representing the REST resource this
  1930. object represents. Servers may infer this from the endpoint the client
  1931. submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
  1932. type: string
  1933. metadata:
  1934. type: object
  1935. spec:
  1936. description: TraefikServiceSpec defines the desired state of a TraefikService.
  1937. properties:
  1938. mirroring:
  1939. description: Mirroring defines the Mirroring service configuration.
  1940. properties:
  1941. kind:
  1942. description: Kind defines the kind of the Service.
  1943. enum:
  1944. - Service
  1945. - TraefikService
  1946. type: string
  1947. maxBodySize:
  1948. description: MaxBodySize defines the maximum size allowed for
  1949. the body of the request. If the body is larger, the request
  1950. is not mirrored. Default value is -1, which means unlimited
  1951. size.
  1952. format: int64
  1953. type: integer
  1954. mirrors:
  1955. description: Mirrors defines the list of mirrors where Traefik
  1956. will duplicate the traffic.
  1957. items:
  1958. description: MirrorService holds the mirror configuration.
  1959. properties:
  1960. kind:
  1961. description: Kind defines the kind of the Service.
  1962. enum:
  1963. - Service
  1964. - TraefikService
  1965. type: string
  1966. name:
  1967. description: Name defines the name of the referenced Kubernetes
  1968. Service or TraefikService. The differentiation between
  1969. the two is specified in the Kind field.
  1970. type: string
  1971. namespace:
  1972. description: Namespace defines the namespace of the referenced
  1973. Kubernetes Service or TraefikService.
  1974. type: string
  1975. passHostHeader:
  1976. description: PassHostHeader defines whether the client Host
  1977. header is forwarded to the upstream Kubernetes Service.
  1978. By default, passHostHeader is true.
  1979. type: boolean
  1980. percent:
  1981. description: 'Percent defines the part of the traffic to
  1982. mirror. Supported values: 0 to 100.'
  1983. type: integer
  1984. port:
  1985. anyOf:
  1986. - type: integer
  1987. - type: string
  1988. description: Port defines the port of a Kubernetes Service.
  1989. This can be a reference to a named port.
  1990. x-kubernetes-int-or-string: true
  1991. responseForwarding:
  1992. description: ResponseForwarding defines how Traefik forwards
  1993. the response from the upstream Kubernetes Service to the
  1994. client.
  1995. properties:
  1996. flushInterval:
  1997. description: 'FlushInterval defines the interval, in
  1998. milliseconds, in between flushes to the client while
  1999. copying the response body. A negative value means
  2000. to flush immediately after each write to the client.
  2001. This configuration is ignored when ReverseProxy recognizes
  2002. a response as a streaming response; for such responses,
  2003. writes are flushed to the client immediately. Default:
  2004. 100ms'
  2005. type: string
  2006. type: object
  2007. scheme:
  2008. description: Scheme defines the scheme to use for the request
  2009. to the upstream Kubernetes Service. It defaults to https
  2010. when Kubernetes Service port is 443, http otherwise.
  2011. type: string
  2012. serversTransport:
  2013. description: ServersTransport defines the name of ServersTransport
  2014. resource to use. It allows to configure the transport
  2015. between Traefik and your servers. Can only be used on
  2016. a Kubernetes Service.
  2017. type: string
  2018. sticky:
  2019. description: 'Sticky defines the sticky sessions configuration.
  2020. More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
  2021. properties:
  2022. cookie:
  2023. description: Cookie defines the sticky cookie configuration.
  2024. properties:
  2025. httpOnly:
  2026. description: HTTPOnly defines whether the cookie
  2027. can be accessed by client-side APIs, such as JavaScript.
  2028. type: boolean
  2029. name:
  2030. description: Name defines the Cookie name.
  2031. type: string
  2032. sameSite:
  2033. description: 'SameSite defines the same site policy.
  2034. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
  2035. type: string
  2036. secure:
  2037. description: Secure defines whether the cookie can
  2038. only be transmitted over an encrypted connection
  2039. (i.e. HTTPS).
  2040. type: boolean
  2041. type: object
  2042. type: object
  2043. strategy:
  2044. description: Strategy defines the load balancing strategy
  2045. between the servers. RoundRobin is the only supported
  2046. value at the moment.
  2047. type: string
  2048. weight:
  2049. description: Weight defines the weight and should only be
  2050. specified when Name references a TraefikService object
  2051. (and to be precise, one that embeds a Weighted Round Robin).
  2052. type: integer
  2053. required:
  2054. - name
  2055. type: object
  2056. type: array
  2057. name:
  2058. description: Name defines the name of the referenced Kubernetes
  2059. Service or TraefikService. The differentiation between the two
  2060. is specified in the Kind field.
  2061. type: string
  2062. namespace:
  2063. description: Namespace defines the namespace of the referenced
  2064. Kubernetes Service or TraefikService.
  2065. type: string
  2066. passHostHeader:
  2067. description: PassHostHeader defines whether the client Host header
  2068. is forwarded to the upstream Kubernetes Service. By default,
  2069. passHostHeader is true.
  2070. type: boolean
  2071. port:
  2072. anyOf:
  2073. - type: integer
  2074. - type: string
  2075. description: Port defines the port of a Kubernetes Service. This
  2076. can be a reference to a named port.
  2077. x-kubernetes-int-or-string: true
  2078. responseForwarding:
  2079. description: ResponseForwarding defines how Traefik forwards the
  2080. response from the upstream Kubernetes Service to the client.
  2081. properties:
  2082. flushInterval:
  2083. description: 'FlushInterval defines the interval, in milliseconds,
  2084. in between flushes to the client while copying the response
  2085. body. A negative value means to flush immediately after
  2086. each write to the client. This configuration is ignored
  2087. when ReverseProxy recognizes a response as a streaming response;
  2088. for such responses, writes are flushed to the client immediately.
  2089. Default: 100ms'
  2090. type: string
  2091. type: object
  2092. scheme:
  2093. description: Scheme defines the scheme to use for the request
  2094. to the upstream Kubernetes Service. It defaults to https when
  2095. Kubernetes Service port is 443, http otherwise.
  2096. type: string
  2097. serversTransport:
  2098. description: ServersTransport defines the name of ServersTransport
  2099. resource to use. It allows to configure the transport between
  2100. Traefik and your servers. Can only be used on a Kubernetes Service.
  2101. type: string
  2102. sticky:
  2103. description: 'Sticky defines the sticky sessions configuration.
  2104. More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
  2105. properties:
  2106. cookie:
  2107. description: Cookie defines the sticky cookie configuration.
  2108. properties:
  2109. httpOnly:
  2110. description: HTTPOnly defines whether the cookie can be
  2111. accessed by client-side APIs, such as JavaScript.
  2112. type: boolean
  2113. name:
  2114. description: Name defines the Cookie name.
  2115. type: string
  2116. sameSite:
  2117. description: 'SameSite defines the same site policy. More
  2118. info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
  2119. type: string
  2120. secure:
  2121. description: Secure defines whether the cookie can only
  2122. be transmitted over an encrypted connection (i.e. HTTPS).
  2123. type: boolean
  2124. type: object
  2125. type: object
  2126. strategy:
  2127. description: Strategy defines the load balancing strategy between
  2128. the servers. RoundRobin is the only supported value at the moment.
  2129. type: string
  2130. weight:
  2131. description: Weight defines the weight and should only be specified
  2132. when Name references a TraefikService object (and to be precise,
  2133. one that embeds a Weighted Round Robin).
  2134. type: integer
  2135. required:
  2136. - name
  2137. type: object
  2138. weighted:
  2139. description: Weighted defines the Weighted Round Robin configuration.
  2140. properties:
  2141. services:
  2142. description: Services defines the list of Kubernetes Service and/or
  2143. TraefikService to load-balance, with weight.
  2144. items:
  2145. description: Service defines an upstream HTTP service to proxy
  2146. traffic to.
  2147. properties:
  2148. kind:
  2149. description: Kind defines the kind of the Service.
  2150. enum:
  2151. - Service
  2152. - TraefikService
  2153. type: string
  2154. name:
  2155. description: Name defines the name of the referenced Kubernetes
  2156. Service or TraefikService. The differentiation between
  2157. the two is specified in the Kind field.
  2158. type: string
  2159. namespace:
  2160. description: Namespace defines the namespace of the referenced
  2161. Kubernetes Service or TraefikService.
  2162. type: string
  2163. passHostHeader:
  2164. description: PassHostHeader defines whether the client Host
  2165. header is forwarded to the upstream Kubernetes Service.
  2166. By default, passHostHeader is true.
  2167. type: boolean
  2168. port:
  2169. anyOf:
  2170. - type: integer
  2171. - type: string
  2172. description: Port defines the port of a Kubernetes Service.
  2173. This can be a reference to a named port.
  2174. x-kubernetes-int-or-string: true
  2175. responseForwarding:
  2176. description: ResponseForwarding defines how Traefik forwards
  2177. the response from the upstream Kubernetes Service to the
  2178. client.
  2179. properties:
  2180. flushInterval:
  2181. description: 'FlushInterval defines the interval, in
  2182. milliseconds, in between flushes to the client while
  2183. copying the response body. A negative value means
  2184. to flush immediately after each write to the client.
  2185. This configuration is ignored when ReverseProxy recognizes
  2186. a response as a streaming response; for such responses,
  2187. writes are flushed to the client immediately. Default:
  2188. 100ms'
  2189. type: string
  2190. type: object
  2191. scheme:
  2192. description: Scheme defines the scheme to use for the request
  2193. to the upstream Kubernetes Service. It defaults to https
  2194. when Kubernetes Service port is 443, http otherwise.
  2195. type: string
  2196. serversTransport:
  2197. description: ServersTransport defines the name of ServersTransport
  2198. resource to use. It allows to configure the transport
  2199. between Traefik and your servers. Can only be used on
  2200. a Kubernetes Service.
  2201. type: string
  2202. sticky:
  2203. description: 'Sticky defines the sticky sessions configuration.
  2204. More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
  2205. properties:
  2206. cookie:
  2207. description: Cookie defines the sticky cookie configuration.
  2208. properties:
  2209. httpOnly:
  2210. description: HTTPOnly defines whether the cookie
  2211. can be accessed by client-side APIs, such as JavaScript.
  2212. type: boolean
  2213. name:
  2214. description: Name defines the Cookie name.
  2215. type: string
  2216. sameSite:
  2217. description: 'SameSite defines the same site policy.
  2218. More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
  2219. type: string
  2220. secure:
  2221. description: Secure defines whether the cookie can
  2222. only be transmitted over an encrypted connection
  2223. (i.e. HTTPS).
  2224. type: boolean
  2225. type: object
  2226. type: object
  2227. strategy:
  2228. description: Strategy defines the load balancing strategy
  2229. between the servers. RoundRobin is the only supported
  2230. value at the moment.
  2231. type: string
  2232. weight:
  2233. description: Weight defines the weight and should only be
  2234. specified when Name references a TraefikService object
  2235. (and to be precise, one that embeds a Weighted Round Robin).
  2236. type: integer
  2237. required:
  2238. - name
  2239. type: object
  2240. type: array
  2241. sticky:
  2242. description: 'Sticky defines whether sticky sessions are enabled.
  2243. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
  2244. properties:
  2245. cookie:
  2246. description: Cookie defines the sticky cookie configuration.
  2247. properties:
  2248. httpOnly:
  2249. description: HTTPOnly defines whether the cookie can be
  2250. accessed by client-side APIs, such as JavaScript.
  2251. type: boolean
  2252. name:
  2253. description: Name defines the Cookie name.
  2254. type: string
  2255. sameSite:
  2256. description: 'SameSite defines the same site policy. More
  2257. info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
  2258. type: string
  2259. secure:
  2260. description: Secure defines whether the cookie can only
  2261. be transmitted over an encrypted connection (i.e. HTTPS).
  2262. type: boolean
  2263. type: object
  2264. type: object
  2265. type: object
  2266. type: object
  2267. required:
  2268. - metadata
  2269. - spec
  2270. type: object
  2271. served: true
  2272. storage: true
  2273. status:
  2274. acceptedNames:
  2275. kind: ""
  2276. plural: ""
  2277. conditions: []
  2278. storedVersions: []

apiextensions.k8s.io/v1beta1 (Deprecated)

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ingressroutes.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: IngressRoute
    plural: ingressroutes
    singular: ingressroute
  scope: Namespaced

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: middlewares.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: Middleware
    plural: middlewares
    singular: middleware
  scope: Namespaced

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: middlewaretcps.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: MiddlewareTCP
    plural: middlewaretcps
    singular: middlewaretcp
  scope: Namespaced

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ingressroutetcps.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: IngressRouteTCP
    plural: ingressroutetcps
    singular: ingressroutetcp
  scope: Namespaced

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ingressrouteudps.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: IngressRouteUDP
    plural: ingressrouteudps
    singular: ingressrouteudp
  scope: Namespaced

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: tlsoptions.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: TLSOption
    plural: tlsoptions
    singular: tlsoption
  scope: Namespaced

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: tlsstores.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: TLSStore
    plural: tlsstores
    singular: tlsstore
  scope: Namespaced

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: traefikservices.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: TraefikService
    plural: traefikservices
    singular: traefikservice
  scope: Namespaced

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: serverstransports.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: ServersTransport
    plural: serverstransports
    singular: serverstransport
  scope: Namespaced

Resources

apiVersion: traefik.containo.us/v1alpha1
kind: TraefikService
metadata:
  name: wrr2
  namespace: default

spec:
  weighted:
    services:
      - name: s1
        weight: 1
        port: 80
        # Optional, as it is the default value
        kind: Service
      - name: s3
        weight: 1
        port: 80

---
apiVersion: traefik.containo.us/v1alpha1
kind: TraefikService
metadata:
  name: wrr1
  namespace: default

spec:
  weighted:
    services:
      - name: wrr2
        kind: TraefikService
        weight: 1
      - name: s3
        weight: 1
        port: 80

---
apiVersion: traefik.containo.us/v1alpha1
kind: TraefikService
metadata:
  name: mirror1
  namespace: default

spec:
  mirroring:
    name: s1
    port: 80
    mirrors:
      - name: s3
        percent: 20
        port: 80
      - name: mirror2
        kind: TraefikService
        percent: 20

---
apiVersion: traefik.containo.us/v1alpha1
kind: TraefikService
metadata:
  name: mirror2
  namespace: default

spec:
  mirroring:
    name: wrr2
    kind: TraefikService
    # Optional
    maxBodySize: 2000000000
    mirrors:
      - name: s2
        # Optional, as it is the default value
        kind: Service
        percent: 20
        port: 80

---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ingressroute

spec:
  entryPoints:
    - web
    - websecure
  routes:
    - match: Host(`example.net`) && PathPrefix(`/bar`)
      kind: Rule
      priority: 12
      # defining several services is possible and allowed, but for now the servers of
      # all the services (for a given route) get merged altogether under the same
      # load-balancing strategy.
      services:
        - name: s1
          port: 80
          # strategy defines the load balancing strategy between the servers. It defaults
          # to Round Robin, and for now only Round Robin is supported anyway.
          strategy: RoundRobin
        - name: s2
          port: 433
          serversTransport: mytransport
    - match: PathPrefix(`/misc`)
      kind: Rule
      services:
        - name: s3
          port: 80
      middlewares:
        - name: stripprefix
        - name: addprefix
    - match: PathPrefix(`/misc`)
      kind: Rule
      services:
        - name: s3
          # Optional, as it is the default value
          kind: Service
          port: 8443
          # scheme allow to override the scheme for the service. (ex: https or h2c)
          scheme: https
    - match: PathPrefix(`/lb`)
      kind: Rule
      services:
        - name: wrr1
          kind: TraefikService
    - match: PathPrefix(`/mirrored`)
      kind: Rule
      services:
        - name: mirror1
          kind: TraefikService
  # use an empty tls object for TLS with Let's Encrypt
  tls:
    secretName: supersecret
    options:
      name: my-tls-option
      namespace: default

---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  name: ingressroutetcp.crd
  namespace: default

spec:
  entryPoints:
    - footcp
  routes:
    - match: HostSNI(`example.com`)
      services:
        - name: whoamitcp
          port: 8080
      middlewares:
        - name: ipwhitelist
  tls:
    secretName: foosecret
    passthrough: false
    options:
      name: my-tls-option
      namespace: default

---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteUDP
metadata:
  name: ingressrouteudp.crd
  namespace: default

spec:
  entryPoints:
    - footcp
  routes:
    - services:
        - name: whoamiudp
          port: 8080

---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
  name: tlsoption
  namespace: default

spec:
  minVersion: foobar
  maxVersion: foobar
  cipherSuites:
    - foobar
    - foobar
  curvePreferences:
    - foobar
    - foobar
  clientAuth:
    secretNames:
      - foobar
      - foobar
    clientAuthType: RequireAndVerifyClientCert
  sniStrict: true
  preferServerCipherSuites: true
  alpnProtocols:
    - foobar
    - foobar

---
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
  name: mytransport
  namespace: default

spec:
  serverName: foobar
  insecureSkipVerify: true
  rootCAsSecrets:
    - foobar
    - foobar
  certificatesSecrets:
    - foobar
    - foobar
  maxIdleConnsPerHost: 1
  forwardingTimeouts:
    dialTimeout: 42s
    responseHeaderTimeout: 42s
    idleConnTimeout: 42s
  disableHTTP2: true

RBAC

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: traefik-ingress-controller

rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - networking.k8s.io
    resources:
      - ingresses
      - ingressclasses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - networking.k8s.io
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - traefik.containo.us
    resources:
      - middlewares
      - middlewaretcps
      - ingressroutes
      - traefikservices
      - ingressroutetcps
      - ingressrouteudps
      - tlsoptions
      - tlsstores
      - serverstransports
    verbs:
      - get
      - list
      - watch

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: traefik-ingress-controller

roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
subjects:
  - kind: ServiceAccount
    name: traefik-ingress-controller
    namespace: default