shaba/traefik
1
0
Fork 0
mirror of https://github.com/containous/traefik.git synced 2025-03-11 16:58:23 +03:00
Code Releases Activity

Improve CEL validation on Ingress CRD resources

Browse Source
This commit is contained in:
Michel Loiseleur 2025-03-06 14:48:04 +00:00 committed by GitHub
parent 740b4cfd25
commit c166a41c99
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
21 changed files with 282 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
View File

@ -102,6 +102,7 @@ spec:
description: |- description: |-
Priority defines the router's priority. Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority
maximum: 9223372036854775000
type: integer type: integer
services: services:
description: |- description: |-
@ -276,6 +277,10 @@ spec:
description: |- description: |-
SameSite defines the same site policy. SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string type: string
secure: secure:
description: Secure defines whether the cookie description: Secure defines whether the cookie
@ -288,11 +293,14 @@ spec:
description: |- description: |-
Strategy defines the load balancing strategy between the servers. Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment. RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string type: string
weight: weight:
description: |- description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -470,6 +478,7 @@ spec:
description: |- description: |-
Priority defines the router's priority. Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority_1 More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority_1
maximum: 9223372036854775000
type: integer type: integer
services: services:
description: Services defines the list of TCP services. description: Services defines the list of TCP services.
@ -515,6 +524,8 @@ spec:
version: version:
description: Version defines the PROXY Protocol version description: Version defines the PROXY Protocol version
to use. to use.
maximum: 2
minimum: 1
type: integer type: integer
type: object type: object
serversTransport: serversTransport:
@ -539,6 +550,7 @@ spec:
weight: weight:
description: Weight defines the weight used when balancing description: Weight defines the weight used when balancing
requests between multiple Kubernetes Service. requests between multiple Kubernetes Service.
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -549,6 +561,9 @@ spec:
description: |- description: |-
Syntax defines the router's rule syntax. Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#rulesyntax_1 More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#rulesyntax_1
enum:
- v3
- v2
type: string type: string
required: required:
- match - match
@ -728,6 +743,7 @@ spec:
weight: weight:
description: Weight defines the weight used when balancing description: Weight defines the weight used when balancing
requests between multiple Kubernetes Service. requests between multiple Kubernetes Service.
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -799,6 +815,9 @@ spec:
Prefix is the string to add before the current path in the requested URL. Prefix is the string to add before the current path in the requested URL.
It should include a leading slash (/). It should include a leading slash (/).
type: string type: string
x-kubernetes-validations:
- message: must start with a '/'
rule: self.startsWith('/')
type: object type: object
basicAuth: basicAuth:
description: |- description: |-
@ -899,6 +918,7 @@ spec:
- type: string - type: string
description: CheckPeriod is the interval between successive checks description: CheckPeriod is the interval between successive checks
of the circuit breaker condition (when in standby state). of the circuit breaker condition (when in standby state).
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
expression: expression:
description: Expression is the condition that triggers the tripped description: Expression is the condition that triggers the tripped
@ -918,10 +938,13 @@ spec:
description: RecoveryDuration is the duration for which the circuit description: RecoveryDuration is the duration for which the circuit
breaker will try to recover (as soon as it is in recovering breaker will try to recover (as soon as it is in recovering
state). state).
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseCode: responseCode:
description: ResponseCode is the status code that the circuit description: ResponseCode is the status code that the circuit
breaker will return while it is in the open state. breaker will return while it is in the open state.
maximum: 599
minimum: 100
type: integer type: integer
type: object type: object
compress: compress:
@ -959,6 +982,7 @@ spec:
description: |- description: |-
MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
Default: 1024. Default: 1024.
minimum: 0
type: integer type: integer
type: object type: object
contentType: contentType:
@ -1180,6 +1204,10 @@ spec:
description: |- description: |-
SameSite defines the same site policy. SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string type: string
secure: secure:
description: Secure defines whether the cookie can description: Secure defines whether the cookie can
@ -1192,11 +1220,14 @@ spec:
description: |- description: |-
Strategy defines the load balancing strategy between the servers. Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment. RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string type: string
weight: weight:
description: |- description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -1209,6 +1240,7 @@ spec:
as ranges by separating two codes with a dash (500-599), as ranges by separating two codes with a dash (500-599),
or a combination of the two (404,418,500-599). or a combination of the two (404,418,500-599).
items: items:
pattern: ^([0-5][0-9]{2}[,-]?)+$
type: string type: string
type: array type: array
statusRewrites: statusRewrites:
@ -1487,6 +1519,7 @@ spec:
STSSeconds defines the max-age of the Strict-Transport-Security header. STSSeconds defines the max-age of the Strict-Transport-Security header.
If set to 0, the header is not set. If set to 0, the header is not set.
format: int64 format: int64
minimum: 0
type: integer type: integer
type: object type: object
inFlightReq: inFlightReq:
@ -1500,6 +1533,7 @@ spec:
Amount defines the maximum amount of allowed simultaneous in-flight request. Amount defines the maximum amount of allowed simultaneous in-flight request.
The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
format: int64 format: int64
minimum: 0
type: integer type: integer
sourceCriterion: sourceCriterion:
description: |- description: |-
@ -1517,6 +1551,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position header and take the IP located at the depth position
(starting from the right). (starting from the right).
minimum: 0
type: integer type: integer
excludedIPs: excludedIPs:
description: ExcludedIPs configures Traefik to scan the description: ExcludedIPs configures Traefik to scan the
@ -1557,6 +1592,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position (starting header and take the IP located at the depth position (starting
from the right). from the right).
minimum: 0
type: integer type: integer
excludedIPs: excludedIPs:
description: ExcludedIPs configures Traefik to scan the X-Forwarded-For description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
@ -1594,6 +1630,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position (starting header and take the IP located at the depth position (starting
from the right). from the right).
minimum: 0
type: integer type: integer
excludedIPs: excludedIPs:
description: ExcludedIPs configures Traefik to scan the X-Forwarded-For description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
@ -1736,12 +1773,14 @@ spec:
The rate is actually defined by dividing Average by Period. So for a rate below 1req/s, The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
one needs to define a Period larger than a second. one needs to define a Period larger than a second.
format: int64 format: int64
minimum: 0
type: integer type: integer
burst: burst:
description: |- description: |-
Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time. Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
It defaults to 1. It defaults to 1.
format: int64 format: int64
minimum: 0
type: integer type: integer
period: period:
anyOf: anyOf:
@ -1766,6 +1805,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position header and take the IP located at the depth position
(starting from the right). (starting from the right).
minimum: 0
type: integer type: integer
excludedIPs: excludedIPs:
description: ExcludedIPs configures Traefik to scan the description: ExcludedIPs configures Traefik to scan the
@ -1863,6 +1903,7 @@ spec:
attempts: attempts:
description: Attempts defines how many times the request should description: Attempts defines how many times the request should
be retried. be retried.
minimum: 0
type: integer type: integer
initialInterval: initialInterval:
anyOf: anyOf:
@ -1874,6 +1915,7 @@ spec:
If unspecified, requests will be retried immediately. If unspecified, requests will be retried immediately.
The value of initialInterval should be provided in seconds or as a valid duration format, The value of initialInterval should be provided in seconds or as a valid duration format,
see https://pkg.go.dev/time#ParseDuration. see https://pkg.go.dev/time#ParseDuration.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
type: object type: object
stripPrefix: stripPrefix:
@ -1966,6 +2008,7 @@ spec:
Amount defines the maximum amount of allowed simultaneous connections. Amount defines the maximum amount of allowed simultaneous connections.
The middleware closes the connection if there are already amount connections opened. The middleware closes the connection if there are already amount connections opened.
format: int64 format: int64
minimum: 0
type: integer type: integer
type: object type: object
ipAllowList: ipAllowList:
@ -2067,6 +2110,7 @@ spec:
- type: string - type: string
description: DialTimeout is the amount of time to wait until a description: DialTimeout is the amount of time to wait until a
connection to a backend server can be established. connection to a backend server can be established.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
idleConnTimeout: idleConnTimeout:
anyOf: anyOf:
@ -2075,6 +2119,7 @@ spec:
description: IdleConnTimeout is the maximum period for which an description: IdleConnTimeout is the maximum period for which an
idle HTTP keep-alive connection will remain open before closing idle HTTP keep-alive connection will remain open before closing
itself. itself.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
pingTimeout: pingTimeout:
anyOf: anyOf:
@ -2082,6 +2127,7 @@ spec:
- type: string - type: string
description: PingTimeout is the timeout after which the HTTP/2 description: PingTimeout is the timeout after which the HTTP/2
connection will be closed if a response to ping is not received. connection will be closed if a response to ping is not received.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
readIdleTimeout: readIdleTimeout:
anyOf: anyOf:
@ -2090,6 +2136,7 @@ spec:
description: ReadIdleTimeout is the timeout after which a health description: ReadIdleTimeout is the timeout after which a health
check using ping frame will be carried out if no frame is received check using ping frame will be carried out if no frame is received
on the HTTP/2 connection. on the HTTP/2 connection.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseHeaderTimeout: responseHeaderTimeout:
anyOf: anyOf:
@ -2098,6 +2145,7 @@ spec:
description: ResponseHeaderTimeout is the amount of time to wait description: ResponseHeaderTimeout is the amount of time to wait
for a server's response headers after fully writing the request for a server's response headers after fully writing the request
(including its body, if any). (including its body, if any).
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
type: object type: object
insecureSkipVerify: insecureSkipVerify:
@ -2106,6 +2154,7 @@ spec:
maxIdleConnsPerHost: maxIdleConnsPerHost:
description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
to keep per-host. to keep per-host.
minimum: 0
type: integer type: integer
peerCertURI: peerCertURI:
description: PeerCertURI defines the peer cert URI used to match against description: PeerCertURI defines the peer cert URI used to match against
@ -2196,6 +2245,7 @@ spec:
the protocol and operating system. Network protocols or operating the protocol and operating system. Network protocols or operating
systems that do not support keep-alives ignore this field. If negative, systems that do not support keep-alives ignore this field. If negative,
keep-alive probes are disabled. keep-alive probes are disabled.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
dialTimeout: dialTimeout:
anyOf: anyOf:
@ -2203,6 +2253,7 @@ spec:
- type: string - type: string
description: DialTimeout is the amount of time to wait until a connection description: DialTimeout is the amount of time to wait until a connection
to a backend server can be established. to a backend server can be established.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
terminationDelay: terminationDelay:
anyOf: anyOf:
@ -2211,6 +2262,7 @@ spec:
description: TerminationDelay defines the delay to wait before fully description: TerminationDelay defines the delay to wait before fully
terminating the connection, after one connected peer has closed terminating the connection, after one connected peer has closed
its writing capability. its writing capability.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
tls: tls:
description: TLS defines the TLS configuration description: TLS defines the TLS configuration
@ -2775,6 +2827,10 @@ spec:
description: |- description: |-
SameSite defines the same site policy. SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string type: string
secure: secure:
description: Secure defines whether the cookie can description: Secure defines whether the cookie can
@ -2787,11 +2843,14 @@ spec:
description: |- description: |-
Strategy defines the load balancing strategy between the servers. Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment. RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string type: string
weight: weight:
description: |- description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -2893,6 +2952,10 @@ spec:
description: |- description: |-
SameSite defines the same site policy. SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string type: string
secure: secure:
description: Secure defines whether the cookie can only description: Secure defines whether the cookie can only
@ -2904,11 +2967,14 @@ spec:
description: |- description: |-
Strategy defines the load balancing strategy between the servers. Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment. RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string type: string
weight: weight:
description: |- description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -3087,6 +3153,10 @@ spec:
description: |- description: |-
SameSite defines the same site policy. SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string type: string
secure: secure:
description: Secure defines whether the cookie can description: Secure defines whether the cookie can
@ -3099,11 +3169,14 @@ spec:
description: |- description: |-
Strategy defines the load balancing strategy between the servers. Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment. RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string type: string
weight: weight:
description: |- description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -3145,6 +3218,10 @@ spec:
description: |- description: |-
SameSite defines the same site policy. SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string type: string
secure: secure:
description: Secure defines whether the cookie can only description: Secure defines whether the cookie can only

1
docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml
View File

@ -0,0 +1 @@

8
docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml
View File

@ -102,6 +102,7 @@ spec:
description: |- description: |-
Priority defines the router's priority. Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority
maximum: 9223372036854775000
type: integer type: integer
services: services:
description: |- description: |-
@ -276,6 +277,10 @@ spec:
description: |- description: |-
SameSite defines the same site policy. SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string type: string
secure: secure:
description: Secure defines whether the cookie description: Secure defines whether the cookie
@ -288,11 +293,14 @@ spec:
description: |- description: |-
Strategy defines the load balancing strategy between the servers. Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment. RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string type: string
weight: weight:
description: |- description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer type: integer
required: required:
- name - name

7
docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml
View File

@ -81,6 +81,7 @@ spec:
description: |- description: |-
Priority defines the router's priority. Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority_1 More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority_1
maximum: 9223372036854775000
type: integer type: integer
services: services:
description: Services defines the list of TCP services. description: Services defines the list of TCP services.
@ -126,6 +127,8 @@ spec:
version: version:
description: Version defines the PROXY Protocol version description: Version defines the PROXY Protocol version
to use. to use.
maximum: 2
minimum: 1
type: integer type: integer
type: object type: object
serversTransport: serversTransport:
@ -150,6 +153,7 @@ spec:
weight: weight:
description: Weight defines the weight used when balancing description: Weight defines the weight used when balancing
requests between multiple Kubernetes Service. requests between multiple Kubernetes Service.
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -160,6 +164,9 @@ spec:
description: |- description: |-
Syntax defines the router's rule syntax. Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#rulesyntax_1 More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#rulesyntax_1
enum:
- v3
- v2
type: string type: string
required: required:
- match - match

1
docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml
View File

@ -92,6 +92,7 @@ spec:
weight: weight:
description: Weight defines the weight used when balancing description: Weight defines the weight used when balancing
requests between multiple Kubernetes Service. requests between multiple Kubernetes Service.
minimum: 0
type: integer type: integer
required: required:
- name - name

26
docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
View File

@ -52,6 +52,9 @@ spec:
Prefix is the string to add before the current path in the requested URL. Prefix is the string to add before the current path in the requested URL.
It should include a leading slash (/). It should include a leading slash (/).
type: string type: string
x-kubernetes-validations:
- message: must start with a '/'
rule: self.startsWith('/')
type: object type: object
basicAuth: basicAuth:
description: |- description: |-
@ -152,6 +155,7 @@ spec:
- type: string - type: string
description: CheckPeriod is the interval between successive checks description: CheckPeriod is the interval between successive checks
of the circuit breaker condition (when in standby state). of the circuit breaker condition (when in standby state).
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
expression: expression:
description: Expression is the condition that triggers the tripped description: Expression is the condition that triggers the tripped
@ -171,10 +175,13 @@ spec:
description: RecoveryDuration is the duration for which the circuit description: RecoveryDuration is the duration for which the circuit
breaker will try to recover (as soon as it is in recovering breaker will try to recover (as soon as it is in recovering
state). state).
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseCode: responseCode:
description: ResponseCode is the status code that the circuit description: ResponseCode is the status code that the circuit
breaker will return while it is in the open state. breaker will return while it is in the open state.
maximum: 599
minimum: 100
type: integer type: integer
type: object type: object
compress: compress:
@ -212,6 +219,7 @@ spec:
description: |- description: |-
MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
Default: 1024. Default: 1024.
minimum: 0
type: integer type: integer
type: object type: object
contentType: contentType:
@ -433,6 +441,10 @@ spec:
description: |- description: |-
SameSite defines the same site policy. SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string type: string
secure: secure:
description: Secure defines whether the cookie can description: Secure defines whether the cookie can
@ -445,11 +457,14 @@ spec:
description: |- description: |-
Strategy defines the load balancing strategy between the servers. Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment. RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string type: string
weight: weight:
description: |- description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -462,6 +477,7 @@ spec:
as ranges by separating two codes with a dash (500-599), as ranges by separating two codes with a dash (500-599),
or a combination of the two (404,418,500-599). or a combination of the two (404,418,500-599).
items: items:
pattern: ^([0-5][0-9]{2}[,-]?)+$
type: string type: string
type: array type: array
statusRewrites: statusRewrites:
@ -740,6 +756,7 @@ spec:
STSSeconds defines the max-age of the Strict-Transport-Security header. STSSeconds defines the max-age of the Strict-Transport-Security header.
If set to 0, the header is not set. If set to 0, the header is not set.
format: int64 format: int64
minimum: 0
type: integer type: integer
type: object type: object
inFlightReq: inFlightReq:
@ -753,6 +770,7 @@ spec:
Amount defines the maximum amount of allowed simultaneous in-flight request. Amount defines the maximum amount of allowed simultaneous in-flight request.
The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
format: int64 format: int64
minimum: 0
type: integer type: integer
sourceCriterion: sourceCriterion:
description: |- description: |-
@ -770,6 +788,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position header and take the IP located at the depth position
(starting from the right). (starting from the right).
minimum: 0
type: integer type: integer
excludedIPs: excludedIPs:
description: ExcludedIPs configures Traefik to scan the description: ExcludedIPs configures Traefik to scan the
@ -810,6 +829,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position (starting header and take the IP located at the depth position (starting
from the right). from the right).
minimum: 0
type: integer type: integer
excludedIPs: excludedIPs:
description: ExcludedIPs configures Traefik to scan the X-Forwarded-For description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
@ -847,6 +867,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position (starting header and take the IP located at the depth position (starting
from the right). from the right).
minimum: 0
type: integer type: integer
excludedIPs: excludedIPs:
description: ExcludedIPs configures Traefik to scan the X-Forwarded-For description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
@ -989,12 +1010,14 @@ spec:
The rate is actually defined by dividing Average by Period. So for a rate below 1req/s, The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
one needs to define a Period larger than a second. one needs to define a Period larger than a second.
format: int64 format: int64
minimum: 0
type: integer type: integer
burst: burst:
description: |- description: |-
Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time. Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
It defaults to 1. It defaults to 1.
format: int64 format: int64
minimum: 0
type: integer type: integer
period: period:
anyOf: anyOf:
@ -1019,6 +1042,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position header and take the IP located at the depth position
(starting from the right). (starting from the right).
minimum: 0
type: integer type: integer
excludedIPs: excludedIPs:
description: ExcludedIPs configures Traefik to scan the description: ExcludedIPs configures Traefik to scan the
@ -1116,6 +1140,7 @@ spec:
attempts: attempts:
description: Attempts defines how many times the request should description: Attempts defines how many times the request should
be retried. be retried.
minimum: 0
type: integer type: integer
initialInterval: initialInterval:
anyOf: anyOf:
@ -1127,6 +1152,7 @@ spec:
If unspecified, requests will be retried immediately. If unspecified, requests will be retried immediately.
The value of initialInterval should be provided in seconds or as a valid duration format, The value of initialInterval should be provided in seconds or as a valid duration format,
see https://pkg.go.dev/time#ParseDuration. see https://pkg.go.dev/time#ParseDuration.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
type: object type: object
stripPrefix: stripPrefix:

1
docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml
View File

@ -49,6 +49,7 @@ spec:
Amount defines the maximum amount of allowed simultaneous connections. Amount defines the maximum amount of allowed simultaneous connections.
The middleware closes the connection if there are already amount connections opened. The middleware closes the connection if there are already amount connections opened.
format: int64 format: int64
minimum: 0
type: integer type: integer
type: object type: object
ipAllowList: ipAllowList:

6
docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml
View File

@ -63,6 +63,7 @@ spec:
- type: string - type: string
description: DialTimeout is the amount of time to wait until a description: DialTimeout is the amount of time to wait until a
connection to a backend server can be established. connection to a backend server can be established.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
idleConnTimeout: idleConnTimeout:
anyOf: anyOf:
@ -71,6 +72,7 @@ spec:
description: IdleConnTimeout is the maximum period for which an description: IdleConnTimeout is the maximum period for which an
idle HTTP keep-alive connection will remain open before closing idle HTTP keep-alive connection will remain open before closing
itself. itself.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
pingTimeout: pingTimeout:
anyOf: anyOf:
@ -78,6 +80,7 @@ spec:
- type: string - type: string
description: PingTimeout is the timeout after which the HTTP/2 description: PingTimeout is the timeout after which the HTTP/2
connection will be closed if a response to ping is not received. connection will be closed if a response to ping is not received.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
readIdleTimeout: readIdleTimeout:
anyOf: anyOf:
@ -86,6 +89,7 @@ spec:
description: ReadIdleTimeout is the timeout after which a health description: ReadIdleTimeout is the timeout after which a health
check using ping frame will be carried out if no frame is received check using ping frame will be carried out if no frame is received
on the HTTP/2 connection. on the HTTP/2 connection.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseHeaderTimeout: responseHeaderTimeout:
anyOf: anyOf:
@ -94,6 +98,7 @@ spec:
description: ResponseHeaderTimeout is the amount of time to wait description: ResponseHeaderTimeout is the amount of time to wait
for a server's response headers after fully writing the request for a server's response headers after fully writing the request
(including its body, if any). (including its body, if any).
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
type: object type: object
insecureSkipVerify: insecureSkipVerify:
@ -102,6 +107,7 @@ spec:
maxIdleConnsPerHost: maxIdleConnsPerHost:
description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
to keep per-host. to keep per-host.
minimum: 0
type: integer type: integer
peerCertURI: peerCertURI:
description: PeerCertURI defines the peer cert URI used to match against description: PeerCertURI defines the peer cert URI used to match against

3
docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml
View File

@ -53,6 +53,7 @@ spec:
the protocol and operating system. Network protocols or operating the protocol and operating system. Network protocols or operating
systems that do not support keep-alives ignore this field. If negative, systems that do not support keep-alives ignore this field. If negative,
keep-alive probes are disabled. keep-alive probes are disabled.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
dialTimeout: dialTimeout:
anyOf: anyOf:
@ -60,6 +61,7 @@ spec:
- type: string - type: string
description: DialTimeout is the amount of time to wait until a connection description: DialTimeout is the amount of time to wait until a connection
to a backend server can be established. to a backend server can be established.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
terminationDelay: terminationDelay:
anyOf: anyOf:
@ -68,6 +70,7 @@ spec:
description: TerminationDelay defines the delay to wait before fully description: TerminationDelay defines the delay to wait before fully
terminating the connection, after one connected peer has closed terminating the connection, after one connected peer has closed
its writing capability. its writing capability.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
tls: tls:
description: TLS defines the TLS configuration description: TLS defines the TLS configuration

25
docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml
View File

@ -301,6 +301,10 @@ spec:
description: |- description: |-
SameSite defines the same site policy. SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string type: string
secure: secure:
description: Secure defines whether the cookie can description: Secure defines whether the cookie can
@ -313,11 +317,14 @@ spec:
description: |- description: |-
Strategy defines the load balancing strategy between the servers. Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment. RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string type: string
weight: weight:
description: |- description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -419,6 +426,10 @@ spec:
description: |- description: |-
SameSite defines the same site policy. SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string type: string
secure: secure:
description: Secure defines whether the cookie can only description: Secure defines whether the cookie can only
@ -430,11 +441,14 @@ spec:
description: |- description: |-
Strategy defines the load balancing strategy between the servers. Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment. RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string type: string
weight: weight:
description: |- description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -613,6 +627,10 @@ spec:
description: |- description: |-
SameSite defines the same site policy. SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string type: string
secure: secure:
description: Secure defines whether the cookie can description: Secure defines whether the cookie can
@ -625,11 +643,14 @@ spec:
description: |- description: |-
Strategy defines the load balancing strategy between the servers. Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment. RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string type: string
weight: weight:
description: |- description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -671,6 +692,10 @@ spec:
description: |- description: |-
SameSite defines the same site policy. SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string type: string
secure: secure:
description: Secure defines whether the cookie can only description: Secure defines whether the cookie can only

77
integration/fixtures/k8s/01-traefik-crd.yml
View File

@ -102,6 +102,7 @@ spec:
description: |- description: |-
Priority defines the router's priority. Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority
maximum: 9223372036854775000
type: integer type: integer
services: services:
description: |- description: |-
@ -276,6 +277,10 @@ spec:
description: |- description: |-
SameSite defines the same site policy. SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string type: string
secure: secure:
description: Secure defines whether the cookie description: Secure defines whether the cookie
@ -288,11 +293,14 @@ spec:
description: |- description: |-
Strategy defines the load balancing strategy between the servers. Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment. RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string type: string
weight: weight:
description: |- description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -470,6 +478,7 @@ spec:
description: |- description: |-
Priority defines the router's priority. Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority_1 More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority_1
maximum: 9223372036854775000
type: integer type: integer
services: services:
description: Services defines the list of TCP services. description: Services defines the list of TCP services.
@ -515,6 +524,8 @@ spec:
version: version:
description: Version defines the PROXY Protocol version description: Version defines the PROXY Protocol version
to use. to use.
maximum: 2
minimum: 1
type: integer type: integer
type: object type: object
serversTransport: serversTransport:
@ -539,6 +550,7 @@ spec:
weight: weight:
description: Weight defines the weight used when balancing description: Weight defines the weight used when balancing
requests between multiple Kubernetes Service. requests between multiple Kubernetes Service.
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -549,6 +561,9 @@ spec:
description: |- description: |-
Syntax defines the router's rule syntax. Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#rulesyntax_1 More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#rulesyntax_1
enum:
- v3
- v2
type: string type: string
required: required:
- match - match
@ -728,6 +743,7 @@ spec:
weight: weight:
description: Weight defines the weight used when balancing description: Weight defines the weight used when balancing
requests between multiple Kubernetes Service. requests between multiple Kubernetes Service.
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -799,6 +815,9 @@ spec:
Prefix is the string to add before the current path in the requested URL. Prefix is the string to add before the current path in the requested URL.
It should include a leading slash (/). It should include a leading slash (/).
type: string type: string
x-kubernetes-validations:
- message: must start with a '/'
rule: self.startsWith('/')
type: object type: object
basicAuth: basicAuth:
description: |- description: |-
@ -899,6 +918,7 @@ spec:
- type: string - type: string
description: CheckPeriod is the interval between successive checks description: CheckPeriod is the interval between successive checks
of the circuit breaker condition (when in standby state). of the circuit breaker condition (when in standby state).
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
expression: expression:
description: Expression is the condition that triggers the tripped description: Expression is the condition that triggers the tripped
@ -918,10 +938,13 @@ spec:
description: RecoveryDuration is the duration for which the circuit description: RecoveryDuration is the duration for which the circuit
breaker will try to recover (as soon as it is in recovering breaker will try to recover (as soon as it is in recovering
state). state).
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseCode: responseCode:
description: ResponseCode is the status code that the circuit description: ResponseCode is the status code that the circuit
breaker will return while it is in the open state. breaker will return while it is in the open state.
maximum: 599
minimum: 100
type: integer type: integer
type: object type: object
compress: compress:
@ -959,6 +982,7 @@ spec:
description: |- description: |-
MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
Default: 1024. Default: 1024.
minimum: 0
type: integer type: integer
type: object type: object
contentType: contentType:
@ -1180,6 +1204,10 @@ spec:
description: |- description: |-
SameSite defines the same site policy. SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string type: string
secure: secure:
description: Secure defines whether the cookie can description: Secure defines whether the cookie can
@ -1192,11 +1220,14 @@ spec:
description: |- description: |-
Strategy defines the load balancing strategy between the servers. Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment. RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string type: string
weight: weight:
description: |- description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -1209,6 +1240,7 @@ spec:
as ranges by separating two codes with a dash (500-599), as ranges by separating two codes with a dash (500-599),
or a combination of the two (404,418,500-599). or a combination of the two (404,418,500-599).
items: items:
pattern: ^([0-5][0-9]{2}[,-]?)+$
type: string type: string
type: array type: array
statusRewrites: statusRewrites:
@ -1487,6 +1519,7 @@ spec:
STSSeconds defines the max-age of the Strict-Transport-Security header. STSSeconds defines the max-age of the Strict-Transport-Security header.
If set to 0, the header is not set. If set to 0, the header is not set.
format: int64 format: int64
minimum: 0
type: integer type: integer
type: object type: object
inFlightReq: inFlightReq:
@ -1500,6 +1533,7 @@ spec:
Amount defines the maximum amount of allowed simultaneous in-flight request. Amount defines the maximum amount of allowed simultaneous in-flight request.
The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
format: int64 format: int64
minimum: 0
type: integer type: integer
sourceCriterion: sourceCriterion:
description: |- description: |-
@ -1517,6 +1551,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position header and take the IP located at the depth position
(starting from the right). (starting from the right).
minimum: 0
type: integer type: integer
excludedIPs: excludedIPs:
description: ExcludedIPs configures Traefik to scan the description: ExcludedIPs configures Traefik to scan the
@ -1557,6 +1592,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position (starting header and take the IP located at the depth position (starting
from the right). from the right).
minimum: 0
type: integer type: integer
excludedIPs: excludedIPs:
description: ExcludedIPs configures Traefik to scan the X-Forwarded-For description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
@ -1594,6 +1630,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position (starting header and take the IP located at the depth position (starting
from the right). from the right).
minimum: 0
type: integer type: integer
excludedIPs: excludedIPs:
description: ExcludedIPs configures Traefik to scan the X-Forwarded-For description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
@ -1736,12 +1773,14 @@ spec:
The rate is actually defined by dividing Average by Period. So for a rate below 1req/s, The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
one needs to define a Period larger than a second. one needs to define a Period larger than a second.
format: int64 format: int64
minimum: 0
type: integer type: integer
burst: burst:
description: |- description: |-
Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time. Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
It defaults to 1. It defaults to 1.
format: int64 format: int64
minimum: 0
type: integer type: integer
period: period:
anyOf: anyOf:
@ -1766,6 +1805,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position header and take the IP located at the depth position
(starting from the right). (starting from the right).
minimum: 0
type: integer type: integer
excludedIPs: excludedIPs:
description: ExcludedIPs configures Traefik to scan the description: ExcludedIPs configures Traefik to scan the
@ -1863,6 +1903,7 @@ spec:
attempts: attempts:
description: Attempts defines how many times the request should description: Attempts defines how many times the request should
be retried. be retried.
minimum: 0
type: integer type: integer
initialInterval: initialInterval:
anyOf: anyOf:
@ -1874,6 +1915,7 @@ spec:
If unspecified, requests will be retried immediately. If unspecified, requests will be retried immediately.
The value of initialInterval should be provided in seconds or as a valid duration format, The value of initialInterval should be provided in seconds or as a valid duration format,
see https://pkg.go.dev/time#ParseDuration. see https://pkg.go.dev/time#ParseDuration.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
type: object type: object
stripPrefix: stripPrefix:
@ -1966,6 +2008,7 @@ spec:
Amount defines the maximum amount of allowed simultaneous connections. Amount defines the maximum amount of allowed simultaneous connections.
The middleware closes the connection if there are already amount connections opened. The middleware closes the connection if there are already amount connections opened.
format: int64 format: int64
minimum: 0
type: integer type: integer
type: object type: object
ipAllowList: ipAllowList:
@ -2067,6 +2110,7 @@ spec:
- type: string - type: string
description: DialTimeout is the amount of time to wait until a description: DialTimeout is the amount of time to wait until a
connection to a backend server can be established. connection to a backend server can be established.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
idleConnTimeout: idleConnTimeout:
anyOf: anyOf:
@ -2075,6 +2119,7 @@ spec:
description: IdleConnTimeout is the maximum period for which an description: IdleConnTimeout is the maximum period for which an
idle HTTP keep-alive connection will remain open before closing idle HTTP keep-alive connection will remain open before closing
itself. itself.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
pingTimeout: pingTimeout:
anyOf: anyOf:
@ -2082,6 +2127,7 @@ spec:
- type: string - type: string
description: PingTimeout is the timeout after which the HTTP/2 description: PingTimeout is the timeout after which the HTTP/2
connection will be closed if a response to ping is not received. connection will be closed if a response to ping is not received.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
readIdleTimeout: readIdleTimeout:
anyOf: anyOf:
@ -2090,6 +2136,7 @@ spec:
description: ReadIdleTimeout is the timeout after which a health description: ReadIdleTimeout is the timeout after which a health
check using ping frame will be carried out if no frame is received check using ping frame will be carried out if no frame is received
on the HTTP/2 connection. on the HTTP/2 connection.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
responseHeaderTimeout: responseHeaderTimeout:
anyOf: anyOf:
@ -2098,6 +2145,7 @@ spec:
description: ResponseHeaderTimeout is the amount of time to wait description: ResponseHeaderTimeout is the amount of time to wait
for a server's response headers after fully writing the request for a server's response headers after fully writing the request
(including its body, if any). (including its body, if any).
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
type: object type: object
insecureSkipVerify: insecureSkipVerify:
@ -2106,6 +2154,7 @@ spec:
maxIdleConnsPerHost: maxIdleConnsPerHost:
description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
to keep per-host. to keep per-host.
minimum: 0
type: integer type: integer
peerCertURI: peerCertURI:
description: PeerCertURI defines the peer cert URI used to match against description: PeerCertURI defines the peer cert URI used to match against
@ -2196,6 +2245,7 @@ spec:
the protocol and operating system. Network protocols or operating the protocol and operating system. Network protocols or operating
systems that do not support keep-alives ignore this field. If negative, systems that do not support keep-alives ignore this field. If negative,
keep-alive probes are disabled. keep-alive probes are disabled.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
dialTimeout: dialTimeout:
anyOf: anyOf:
@ -2203,6 +2253,7 @@ spec:
- type: string - type: string
description: DialTimeout is the amount of time to wait until a connection description: DialTimeout is the amount of time to wait until a connection
to a backend server can be established. to a backend server can be established.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
terminationDelay: terminationDelay:
anyOf: anyOf:
@ -2211,6 +2262,7 @@ spec:
description: TerminationDelay defines the delay to wait before fully description: TerminationDelay defines the delay to wait before fully
terminating the connection, after one connected peer has closed terminating the connection, after one connected peer has closed
its writing capability. its writing capability.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
tls: tls:
description: TLS defines the TLS configuration description: TLS defines the TLS configuration
@ -2775,6 +2827,10 @@ spec:
description: |- description: |-
SameSite defines the same site policy. SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string type: string
secure: secure:
description: Secure defines whether the cookie can description: Secure defines whether the cookie can
@ -2787,11 +2843,14 @@ spec:
description: |- description: |-
Strategy defines the load balancing strategy between the servers. Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment. RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string type: string
weight: weight:
description: |- description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -2893,6 +2952,10 @@ spec:
description: |- description: |-
SameSite defines the same site policy. SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string type: string
secure: secure:
description: Secure defines whether the cookie can only description: Secure defines whether the cookie can only
@ -2904,11 +2967,14 @@ spec:
description: |- description: |-
Strategy defines the load balancing strategy between the servers. Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment. RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string type: string
weight: weight:
description: |- description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -3087,6 +3153,10 @@ spec:
description: |- description: |-
SameSite defines the same site policy. SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string type: string
secure: secure:
description: Secure defines whether the cookie can description: Secure defines whether the cookie can
@ -3099,11 +3169,14 @@ spec:
description: |- description: |-
Strategy defines the load balancing strategy between the servers. Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment. RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string type: string
weight: weight:
description: |- description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin). (and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer type: integer
required: required:
- name - name
@ -3145,6 +3218,10 @@ spec:
description: |- description: |-
SameSite defines the same site policy. SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string type: string
secure: secure:
description: Secure defines whether the cookie can only description: Secure defines whether the cookie can only

1
pkg/config/dynamic/http_config.go
View File

@ -190,6 +190,7 @@ type Cookie struct {
HTTPOnly bool `json:"httpOnly,omitempty" toml:"httpOnly,omitempty" yaml:"httpOnly,omitempty" export:"true"` HTTPOnly bool `json:"httpOnly,omitempty" toml:"httpOnly,omitempty" yaml:"httpOnly,omitempty" export:"true"`
// SameSite defines the same site policy. // SameSite defines the same site policy.
// More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite // More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
// +kubebuilder:validation:Enum=none;lax;strict
SameSite string `json:"sameSite,omitempty" toml:"sameSite,omitempty" yaml:"sameSite,omitempty" export:"true"` SameSite string `json:"sameSite,omitempty" toml:"sameSite,omitempty" yaml:"sameSite,omitempty" export:"true"`
// MaxAge defines the number of seconds until the cookie expires. // MaxAge defines the number of seconds until the cookie expires.
// When set to a negative number, the cookie expires immediately. // When set to a negative number, the cookie expires immediately.

5
pkg/config/dynamic/middlewares.go
View File

@ -80,6 +80,7 @@ type ContentType struct {
type AddPrefix struct { type AddPrefix struct {
// Prefix is the string to add before the current path in the requested URL. // Prefix is the string to add before the current path in the requested URL.
// It should include a leading slash (/). // It should include a leading slash (/).
// +kubebuilder:validation:XValidation:message="must start with a '/'",rule="self.startsWith('/')"
Prefix string `json:"prefix,omitempty" toml:"prefix,omitempty" yaml:"prefix,omitempty" export:"true"` Prefix string `json:"prefix,omitempty" toml:"prefix,omitempty" yaml:"prefix,omitempty" export:"true"`
} }
@ -179,6 +180,7 @@ type Compress struct {
IncludedContentTypes []string `json:"includedContentTypes,omitempty" toml:"includedContentTypes,omitempty" yaml:"includedContentTypes,omitempty" export:"true"` IncludedContentTypes []string `json:"includedContentTypes,omitempty" toml:"includedContentTypes,omitempty" yaml:"includedContentTypes,omitempty" export:"true"`
// MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. // MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
// Default: 1024. // Default: 1024.
// +kubebuilder:validation:Minimum=0
MinResponseBodyBytes int `json:"minResponseBodyBytes,omitempty" toml:"minResponseBodyBytes,omitempty" yaml:"minResponseBodyBytes,omitempty" export:"true"` MinResponseBodyBytes int `json:"minResponseBodyBytes,omitempty" toml:"minResponseBodyBytes,omitempty" yaml:"minResponseBodyBytes,omitempty" export:"true"`
// Encodings defines the list of supported compression algorithms. // Encodings defines the list of supported compression algorithms.
Encodings []string `json:"encodings,omitempty" toml:"encodings,omitempty" yaml:"encodings,omitempty" export:"true"` Encodings []string `json:"encodings,omitempty" toml:"encodings,omitempty" yaml:"encodings,omitempty" export:"true"`
@ -324,6 +326,7 @@ type Headers struct {
SSLProxyHeaders map[string]string `json:"sslProxyHeaders,omitempty" toml:"sslProxyHeaders,omitempty" yaml:"sslProxyHeaders,omitempty"` SSLProxyHeaders map[string]string `json:"sslProxyHeaders,omitempty" toml:"sslProxyHeaders,omitempty" yaml:"sslProxyHeaders,omitempty"`
// STSSeconds defines the max-age of the Strict-Transport-Security header. // STSSeconds defines the max-age of the Strict-Transport-Security header.
// If set to 0, the header is not set. // If set to 0, the header is not set.
// +kubebuilder:validation:Minimum=0
STSSeconds int64 `json:"stsSeconds,omitempty" toml:"stsSeconds,omitempty" yaml:"stsSeconds,omitempty" export:"true"` STSSeconds int64 `json:"stsSeconds,omitempty" toml:"stsSeconds,omitempty" yaml:"stsSeconds,omitempty" export:"true"`
// STSIncludeSubdomains defines whether the includeSubDomains directive is appended to the Strict-Transport-Security header. // STSIncludeSubdomains defines whether the includeSubDomains directive is appended to the Strict-Transport-Security header.
STSIncludeSubdomains bool `json:"stsIncludeSubdomains,omitempty" toml:"stsIncludeSubdomains,omitempty" yaml:"stsIncludeSubdomains,omitempty" export:"true"` STSIncludeSubdomains bool `json:"stsIncludeSubdomains,omitempty" toml:"stsIncludeSubdomains,omitempty" yaml:"stsIncludeSubdomains,omitempty" export:"true"`
@ -424,6 +427,7 @@ func (h *Headers) HasSecureHeadersDefined() bool {
// More info: https://doc.traefik.io/traefik/v3.3/middlewares/http/ipallowlist/#ipstrategy // More info: https://doc.traefik.io/traefik/v3.3/middlewares/http/ipallowlist/#ipstrategy
type IPStrategy struct { type IPStrategy struct {
// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). // Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
// +kubebuilder:validation:Minimum=0
Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"` Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
// ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list. // ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.
ExcludedIPs []string `json:"excludedIPs,omitempty" toml:"excludedIPs,omitempty" yaml:"excludedIPs,omitempty"` ExcludedIPs []string `json:"excludedIPs,omitempty" toml:"excludedIPs,omitempty" yaml:"excludedIPs,omitempty"`
@ -505,6 +509,7 @@ type IPAllowList struct {
type InFlightReq struct { type InFlightReq struct {
// Amount defines the maximum amount of allowed simultaneous in-flight request. // Amount defines the maximum amount of allowed simultaneous in-flight request.
// The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). // The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
// +kubebuilder:validation:Minimum=0
Amount int64 `json:"amount,omitempty" toml:"amount,omitempty" yaml:"amount,omitempty" export:"true"` Amount int64 `json:"amount,omitempty" toml:"amount,omitempty" yaml:"amount,omitempty" export:"true"`
// SourceCriterion defines what criterion is used to group requests as originating from a common source. // SourceCriterion defines what criterion is used to group requests as originating from a common source.
// If several strategies are defined at the same time, an error will be raised. // If several strategies are defined at the same time, an error will be raised.

2
pkg/config/dynamic/tcp_config.go
View File

@ -128,6 +128,8 @@ type TCPServer struct {
// More info: https://doc.traefik.io/traefik/v3.3/routing/services/#proxy-protocol // More info: https://doc.traefik.io/traefik/v3.3/routing/services/#proxy-protocol
type ProxyProtocol struct { type ProxyProtocol struct {
// Version defines the PROXY Protocol version to use. // Version defines the PROXY Protocol version to use.
// +kubebuilder:validation:Minimum=1
// +kubebuilder:validation:Maximum=2
Version int `json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"` Version int `json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"`
} }

1
pkg/config/dynamic/tcp_middlewares.go
View File

@ -19,6 +19,7 @@ type TCPMiddleware struct {
type TCPInFlightConn struct { type TCPInFlightConn struct {
// Amount defines the maximum amount of allowed simultaneous connections. // Amount defines the maximum amount of allowed simultaneous connections.
// The middleware closes the connection if there are already amount connections opened. // The middleware closes the connection if there are already amount connections opened.
// +kubebuilder:validation:Minimum=0
Amount int64 `json:"amount,omitempty" toml:"amount,omitempty" yaml:"amount,omitempty" export:"true"` Amount int64 `json:"amount,omitempty" toml:"amount,omitempty" yaml:"amount,omitempty" export:"true"`
} }

4
pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go
View File

@ -33,6 +33,7 @@ type Route struct {
Kind string `json:"kind,omitempty"` Kind string `json:"kind,omitempty"`
// Priority defines the router's priority. // Priority defines the router's priority.
// More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority // More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority
// +kubebuilder:validation:Maximum=9223372036854774807
Priority int `json:"priority,omitempty"` Priority int `json:"priority,omitempty"`
// Syntax defines the router's rule syntax. // Syntax defines the router's rule syntax.
// More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#rulesyntax // More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#rulesyntax
@ -106,12 +107,14 @@ type LoadBalancerSpec struct {
Sticky *dynamic.Sticky `json:"sticky,omitempty"` Sticky *dynamic.Sticky `json:"sticky,omitempty"`
// Port defines the port of a Kubernetes Service. // Port defines the port of a Kubernetes Service.
// This can be a reference to a named port. // This can be a reference to a named port.
// +kubebuilder:validation:XIntOrString
Port intstr.IntOrString `json:"port,omitempty"` Port intstr.IntOrString `json:"port,omitempty"`
// Scheme defines the scheme to use for the request to the upstream Kubernetes Service. // Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
// It defaults to https when Kubernetes Service port is 443, http otherwise. // It defaults to https when Kubernetes Service port is 443, http otherwise.
Scheme string `json:"scheme,omitempty"` Scheme string `json:"scheme,omitempty"`
// Strategy defines the load balancing strategy between the servers. // Strategy defines the load balancing strategy between the servers.
// RoundRobin is the only supported value at the moment. // RoundRobin is the only supported value at the moment.
// +kubebuilder:validation:Enum=RoundRobin
Strategy string `json:"strategy,omitempty"` Strategy string `json:"strategy,omitempty"`
// PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. // PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
// By default, passHostHeader is true. // By default, passHostHeader is true.
@ -124,6 +127,7 @@ type LoadBalancerSpec struct {
ServersTransport string `json:"serversTransport,omitempty"` ServersTransport string `json:"serversTransport,omitempty"`
// Weight defines the weight and should only be specified when Name references a TraefikService object // Weight defines the weight and should only be specified when Name references a TraefikService object
// (and to be precise, one that embeds a Weighted Round Robin). // (and to be precise, one that embeds a Weighted Round Robin).
// +kubebuilder:validation:Minimum=0
Weight *int `json:"weight,omitempty"` Weight *int `json:"weight,omitempty"`
// NativeLB controls, when creating the load-balancer, // NativeLB controls, when creating the load-balancer,
// whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. // whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.

4
pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroutetcp.go
View File

@ -28,9 +28,11 @@ type RouteTCP struct {
Match string `json:"match"` Match string `json:"match"`
// Priority defines the router's priority. // Priority defines the router's priority.
// More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority_1 // More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority_1
// +kubebuilder:validation:Maximum=9223372036854774807
Priority int `json:"priority,omitempty"` Priority int `json:"priority,omitempty"`
// Syntax defines the router's rule syntax. // Syntax defines the router's rule syntax.
// More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#rulesyntax_1 // More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#rulesyntax_1
// +kubebuilder:validation:Enum=v3;v2
Syntax string `json:"syntax,omitempty"` Syntax string `json:"syntax,omitempty"`
// Services defines the list of TCP services. // Services defines the list of TCP services.
Services []ServiceTCP `json:"services,omitempty"` Services []ServiceTCP `json:"services,omitempty"`
@ -69,8 +71,10 @@ type ServiceTCP struct {
Namespace string `json:"namespace,omitempty"` Namespace string `json:"namespace,omitempty"`
// Port defines the port of a Kubernetes Service. // Port defines the port of a Kubernetes Service.
// This can be a reference to a named port. // This can be a reference to a named port.
// +kubebuilder:validation:XIntOrString
Port intstr.IntOrString `json:"port"` Port intstr.IntOrString `json:"port"`
// Weight defines the weight used when balancing requests between multiple Kubernetes Service. // Weight defines the weight used when balancing requests between multiple Kubernetes Service.
// +kubebuilder:validation:Minimum=0
Weight *int `json:"weight,omitempty"` Weight *int `json:"weight,omitempty"`
// TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates // TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates
// it has closed the writing capability of its connection, to close the reading capability as well, // it has closed the writing capability of its connection, to close the reading capability as well,

2
pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressrouteudp.go
View File

@ -30,8 +30,10 @@ type ServiceUDP struct {
Namespace string `json:"namespace,omitempty"` Namespace string `json:"namespace,omitempty"`
// Port defines the port of a Kubernetes Service. // Port defines the port of a Kubernetes Service.
// This can be a reference to a named port. // This can be a reference to a named port.
// +kubebuilder:validation:XIntOrString
Port intstr.IntOrString `json:"port"` Port intstr.IntOrString `json:"port"`
// Weight defines the weight used when balancing requests between multiple Kubernetes Service. // Weight defines the weight used when balancing requests between multiple Kubernetes Service.
// +kubebuilder:validation:Minimum=0
Weight *int `json:"weight,omitempty"` Weight *int `json:"weight,omitempty"`
// NativeLB controls, when creating the load-balancer, // NativeLB controls, when creating the load-balancer,
// whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. // whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.

14
pkg/provider/kubernetes/crd/traefikio/v1alpha1/middleware.go
View File

@ -67,6 +67,7 @@ type ErrorPage struct {
// as multiple comma-separated numbers (500,502), // as multiple comma-separated numbers (500,502),
// as ranges by separating two codes with a dash (500-599), // as ranges by separating two codes with a dash (500-599),
// or a combination of the two (404,418,500-599). // or a combination of the two (404,418,500-599).
// +kubebuilder:validation:items:Pattern=`^([0-5][0-9]{2}[,-]?)+$`
Status []string `json:"status,omitempty"` Status []string `json:"status,omitempty"`
// StatusRewrites defines a mapping of status codes that should be returned instead of the original error status codes. // StatusRewrites defines a mapping of status codes that should be returned instead of the original error status codes.
// For example: "418": 404 or "410-418": 404 // For example: "418": 404 or "410-418": 404
@ -88,12 +89,18 @@ type CircuitBreaker struct {
// Expression is the condition that triggers the tripped state. // Expression is the condition that triggers the tripped state.
Expression string `json:"expression,omitempty" toml:"expression,omitempty" yaml:"expression,omitempty" export:"true"` Expression string `json:"expression,omitempty" toml:"expression,omitempty" yaml:"expression,omitempty" export:"true"`
// CheckPeriod is the interval between successive checks of the circuit breaker condition (when in standby state). // CheckPeriod is the interval between successive checks of the circuit breaker condition (when in standby state).
// +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$"
// +kubebuilder:validation:XIntOrString
CheckPeriod *intstr.IntOrString `json:"checkPeriod,omitempty" toml:"checkPeriod,omitempty" yaml:"checkPeriod,omitempty" export:"true"` CheckPeriod *intstr.IntOrString `json:"checkPeriod,omitempty" toml:"checkPeriod,omitempty" yaml:"checkPeriod,omitempty" export:"true"`
// FallbackDuration is the duration for which the circuit breaker will wait before trying to recover (from a tripped state). // FallbackDuration is the duration for which the circuit breaker will wait before trying to recover (from a tripped state).
FallbackDuration *intstr.IntOrString `json:"fallbackDuration,omitempty" toml:"fallbackDuration,omitempty" yaml:"fallbackDuration,omitempty" export:"true"` FallbackDuration *intstr.IntOrString `json:"fallbackDuration,omitempty" toml:"fallbackDuration,omitempty" yaml:"fallbackDuration,omitempty" export:"true"`
// RecoveryDuration is the duration for which the circuit breaker will try to recover (as soon as it is in recovering state). // RecoveryDuration is the duration for which the circuit breaker will try to recover (as soon as it is in recovering state).
// +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$"
// +kubebuilder:validation:XIntOrString
RecoveryDuration *intstr.IntOrString `json:"recoveryDuration,omitempty" toml:"recoveryDuration,omitempty" yaml:"recoveryDuration,omitempty" export:"true"` RecoveryDuration *intstr.IntOrString `json:"recoveryDuration,omitempty" toml:"recoveryDuration,omitempty" yaml:"recoveryDuration,omitempty" export:"true"`
// ResponseCode is the status code that the circuit breaker will return while it is in the open state. // ResponseCode is the status code that the circuit breaker will return while it is in the open state.
// +kubebuilder:validation:Minimum=100
// +kubebuilder:validation:Maximum=599
ResponseCode int `json:"responseCode,omitempty" toml:"responseCode,omitempty" yaml:"responseCode,omitempty" export:"true"` ResponseCode int `json:"responseCode,omitempty" toml:"responseCode,omitempty" yaml:"responseCode,omitempty" export:"true"`
} }
@ -204,12 +211,15 @@ type RateLimit struct {
// It defaults to 0, which means no rate limiting. // It defaults to 0, which means no rate limiting.
// The rate is actually defined by dividing Average by Period. So for a rate below 1req/s, // The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
// one needs to define a Period larger than a second. // one needs to define a Period larger than a second.
// +kubebuilder:validation:Minimum=0
Average *int64 `json:"average,omitempty"` Average *int64 `json:"average,omitempty"`
// Period, in combination with Average, defines the actual maximum rate, such as: // Period, in combination with Average, defines the actual maximum rate, such as:
// r = Average / Period. It defaults to a second. // r = Average / Period. It defaults to a second.
// +kubebuilder:validation:XIntOrString
Period *intstr.IntOrString `json:"period,omitempty"` Period *intstr.IntOrString `json:"period,omitempty"`
// Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time. // Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
// It defaults to 1. // It defaults to 1.
// +kubebuilder:validation:Minimum=0
Burst *int64 `json:"burst,omitempty"` Burst *int64 `json:"burst,omitempty"`
// SourceCriterion defines what criterion is used to group requests as originating from a common source. // SourceCriterion defines what criterion is used to group requests as originating from a common source.
// If several strategies are defined at the same time, an error will be raised. // If several strategies are defined at the same time, an error will be raised.
@ -230,6 +240,7 @@ type Compress struct {
IncludedContentTypes []string `json:"includedContentTypes,omitempty"` IncludedContentTypes []string `json:"includedContentTypes,omitempty"`
// MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. // MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
// Default: 1024. // Default: 1024.
// +kubebuilder:validation:Minimum=0
MinResponseBodyBytes *int `json:"minResponseBodyBytes,omitempty"` MinResponseBodyBytes *int `json:"minResponseBodyBytes,omitempty"`
// Encodings defines the list of supported compression algorithms. // Encodings defines the list of supported compression algorithms.
Encodings []string `json:"encodings,omitempty"` Encodings []string `json:"encodings,omitempty"`
@ -245,12 +256,15 @@ type Compress struct {
// More info: https://doc.traefik.io/traefik/v3.3/middlewares/http/retry/ // More info: https://doc.traefik.io/traefik/v3.3/middlewares/http/retry/
type Retry struct { type Retry struct {
// Attempts defines how many times the request should be retried. // Attempts defines how many times the request should be retried.
// +kubebuilder:validation:Minimum=0
Attempts int `json:"attempts,omitempty"` Attempts int `json:"attempts,omitempty"`
// InitialInterval defines the first wait time in the exponential backoff series. // InitialInterval defines the first wait time in the exponential backoff series.
// The maximum interval is calculated as twice the initialInterval. // The maximum interval is calculated as twice the initialInterval.
// If unspecified, requests will be retried immediately. // If unspecified, requests will be retried immediately.
// The value of initialInterval should be provided in seconds or as a valid duration format, // The value of initialInterval should be provided in seconds or as a valid duration format,
// see https://pkg.go.dev/time#ParseDuration. // see https://pkg.go.dev/time#ParseDuration.
// +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$"
// +kubebuilder:validation:XIntOrString
InitialInterval intstr.IntOrString `json:"initialInterval,omitempty"` InitialInterval intstr.IntOrString `json:"initialInterval,omitempty"`
} }

11
pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go
View File

@ -36,6 +36,7 @@ type ServersTransportSpec struct {
// CertificatesSecrets defines a list of secret storing client certificates for mTLS. // CertificatesSecrets defines a list of secret storing client certificates for mTLS.
CertificatesSecrets []string `json:"certificatesSecrets,omitempty"` CertificatesSecrets []string `json:"certificatesSecrets,omitempty"`
// MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host. // MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host.
// +kubebuilder:validation:Minimum=0
MaxIdleConnsPerHost int `json:"maxIdleConnsPerHost,omitempty"` MaxIdleConnsPerHost int `json:"maxIdleConnsPerHost,omitempty"`
// ForwardingTimeouts defines the timeouts for requests forwarded to the backend servers. // ForwardingTimeouts defines the timeouts for requests forwarded to the backend servers.
ForwardingTimeouts *ForwardingTimeouts `json:"forwardingTimeouts,omitempty"` ForwardingTimeouts *ForwardingTimeouts `json:"forwardingTimeouts,omitempty"`
@ -52,14 +53,24 @@ type ServersTransportSpec struct {
// ForwardingTimeouts holds the timeout configurations for forwarding requests to the backend servers. // ForwardingTimeouts holds the timeout configurations for forwarding requests to the backend servers.
type ForwardingTimeouts struct { type ForwardingTimeouts struct {
// DialTimeout is the amount of time to wait until a connection to a backend server can be established. // DialTimeout is the amount of time to wait until a connection to a backend server can be established.
// +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$"
// +kubebuilder:validation:XIntOrString
DialTimeout *intstr.IntOrString `json:"dialTimeout,omitempty"` DialTimeout *intstr.IntOrString `json:"dialTimeout,omitempty"`
// ResponseHeaderTimeout is the amount of time to wait for a server's response headers after fully writing the request (including its body, if any). // ResponseHeaderTimeout is the amount of time to wait for a server's response headers after fully writing the request (including its body, if any).
// +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$"
// +kubebuilder:validation:XIntOrString
ResponseHeaderTimeout *intstr.IntOrString `json:"responseHeaderTimeout,omitempty"` ResponseHeaderTimeout *intstr.IntOrString `json:"responseHeaderTimeout,omitempty"`
// IdleConnTimeout is the maximum period for which an idle HTTP keep-alive connection will remain open before closing itself. // IdleConnTimeout is the maximum period for which an idle HTTP keep-alive connection will remain open before closing itself.
// +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$"
// +kubebuilder:validation:XIntOrString
IdleConnTimeout *intstr.IntOrString `json:"idleConnTimeout,omitempty"` IdleConnTimeout *intstr.IntOrString `json:"idleConnTimeout,omitempty"`
// ReadIdleTimeout is the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection. // ReadIdleTimeout is the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection.
// +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$"
// +kubebuilder:validation:XIntOrString
ReadIdleTimeout *intstr.IntOrString `json:"readIdleTimeout,omitempty"` ReadIdleTimeout *intstr.IntOrString `json:"readIdleTimeout,omitempty"`
// PingTimeout is the timeout after which the HTTP/2 connection will be closed if a response to ping is not received. // PingTimeout is the timeout after which the HTTP/2 connection will be closed if a response to ping is not received.
// +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$"
// +kubebuilder:validation:XIntOrString
PingTimeout *intstr.IntOrString `json:"pingTimeout,omitempty"` PingTimeout *intstr.IntOrString `json:"pingTimeout,omitempty"`
} }

6
pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransporttcp.go
View File

@ -28,10 +28,16 @@ type ServersTransportTCP struct {
// ServersTransportTCPSpec defines the desired state of a ServersTransportTCP. // ServersTransportTCPSpec defines the desired state of a ServersTransportTCP.
type ServersTransportTCPSpec struct { type ServersTransportTCPSpec struct {
// DialTimeout is the amount of time to wait until a connection to a backend server can be established. // DialTimeout is the amount of time to wait until a connection to a backend server can be established.
// +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$"
// +kubebuilder:validation:XIntOrString
DialTimeout *intstr.IntOrString `json:"dialTimeout,omitempty"` DialTimeout *intstr.IntOrString `json:"dialTimeout,omitempty"`
// DialKeepAlive is the interval between keep-alive probes for an active network connection. If zero, keep-alive probes are sent with a default value (currently 15 seconds), if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field. If negative, keep-alive probes are disabled. // DialKeepAlive is the interval between keep-alive probes for an active network connection. If zero, keep-alive probes are sent with a default value (currently 15 seconds), if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field. If negative, keep-alive probes are disabled.
// +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$"
// +kubebuilder:validation:XIntOrString
DialKeepAlive *intstr.IntOrString `json:"dialKeepAlive,omitempty"` DialKeepAlive *intstr.IntOrString `json:"dialKeepAlive,omitempty"`
// TerminationDelay defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability. // TerminationDelay defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability.
// +kubebuilder:validation:Pattern="^([0-9]+(ns|us|µs|ms|s|m|h)?)+$"
// +kubebuilder:validation:XIntOrString
TerminationDelay *intstr.IntOrString `json:"terminationDelay,omitempty"` TerminationDelay *intstr.IntOrString `json:"terminationDelay,omitempty"`
// TLS defines the TLS configuration // TLS defines the TLS configuration
TLS *TLSClientConfig `description:"Defines the TLS configuration." json:"tls,omitempty"` TLS *TLSClientConfig `description:"Defines the TLS configuration." json:"tls,omitempty"`