shaba/traefik
1
0
Fork 0
mirror of https://github.com/containous/traefik.git synced 2025-10-07 15:33:25 +03:00
Code Releases Activity

Compare commits

base: shaba:v2.5.0-rc2
Branches Tags
shaba:master shaba:v3.5 shaba:v2.11 shaba:v2.5 shaba:v3.4 shaba:v3.3 shaba:v3.2 shaba:v3.1 shaba:v3.0 shaba:v1.0 shaba:v1.1 shaba:v1.2 shaba:v1.3 shaba:v1.4 shaba:v2.10 shaba:v1.5 shaba:v1.6 shaba:v1.7 shaba:v2.0 shaba:v2.1 shaba:v2.2 shaba:v2.6 shaba:v2.7 shaba:v2.8 shaba:v2.9 shaba:v2.3 shaba:v2.4
shaba:v3.5.3 shaba:v3.5.2 shaba:v3.5.1 shaba:v2.11.29 shaba:v3.5.0 shaba:v3.4.5 shaba:v2.11.28 shaba:v3.5.0-rc2 shaba:v3.4.4 shaba:v2.11.27 shaba:v3.5.0-rc1 shaba:v3.4.3 shaba:v3.4.2 shaba:v2.11.26 shaba:v3.4.1 shaba:v2.11.25 shaba:v3.4.0 shaba:v3.3.7 shaba:v3.4.0-rc2 shaba:v3.3.6 shaba:v2.11.24 shaba:v2.11.23 shaba:v3.4.0-rc1 shaba:v3.3.5 shaba:v2.11.22 shaba:v3.3.4 shaba:v2.11.21 shaba:v3.3.3 shaba:v2.11.20 shaba:v2.11.19 shaba:v3.3.2 shaba:v2.11.18 shaba:v3.3.1 shaba:v3.2.5 shaba:v3.3.0 shaba:v3.2.4 shaba:v2.11.17 shaba:v3.3.0-rc2 shaba:v3.3.0-rc1 shaba:v3.2.3 shaba:v2.11.16 shaba:v3.2.2 shaba:v2.11.15 shaba:v3.2.1 shaba:v2.11.14 shaba:v3.2.0 shaba:v3.1.7 shaba:v2.11.13 shaba:v3.2.0-rc2 shaba:v3.1.6 shaba:v2.11.12 shaba:v3.2.0-rc1 shaba:v3.1.5 shaba:v2.11.11 shaba:v3.1.4 shaba:v2.11.10 shaba:v3.1.3 shaba:v2.11.9 shaba:v3.1.2 shaba:v2.11.8 shaba:v3.1.1 shaba:v2.11.7 shaba:v3.1.0 shaba:v3.1.0-rc3 shaba:v3.0.4 shaba:v2.11.6 shaba:v3.1.0-rc2 shaba:v3.1.0-rc1 shaba:v3.0.3 shaba:v2.11.5 shaba:v3.0.2 shaba:v2.11.4 shaba:v3.0.1 shaba:v2.11.3 shaba:v3.0.0 shaba:v3.0.0-rc5 shaba:v2.11.2 shaba:v3.0.0-rc4 shaba:v2.11.1 shaba:v3.0.0-rc3 shaba:v3.0.0-rc2 shaba:v3.0.0-rc1 shaba:v2.11.0 shaba:v2.11.0-rc2 shaba:v2.11.0-rc1 shaba:v2.10.7 shaba:v3.0.0-beta5 shaba:v2.10.6 shaba:v3.0.0-beta4 shaba:v2.10.5 shaba:v2.10.4 shaba:v3.0.0-beta3 shaba:v2.10.3 shaba:v2.10.2 shaba:v2.10.1 shaba:v2.10.0 shaba:v2.10.0-rc2 shaba:v2.9.10 shaba:v2.10.0-rc1 shaba:v2.9.9 shaba:v2.9.8 shaba:v2.9.7 shaba:v3.0.0-beta2 shaba:v2.9.6 shaba:v3.0.0-beta1 shaba:v2.9.5 shaba:v2.9.4 shaba:v2.9.3 shaba:v2.9.2 shaba:v2.9.1 shaba:v2.9.0-rc5 shaba:v2.8.8 shaba:v2.8.7 shaba:v2.9.0-rc4 shaba:v2.8.6 shaba:v2.9.0-rc3 shaba:v2.9.0-rc2 shaba:v2.9.0-rc1 shaba:v2.8.5 shaba:v2.8.4 shaba:v2.8.3 shaba:v2.8.2 shaba:v2.8.1 shaba:v2.8.0 shaba:v2.7.3 shaba:v2.8.0-rc2 shaba:v2.7.2 shaba:v2.8.0-rc1 shaba:v2.7.1 shaba:v2.7.0 shaba:v2.6.7 shaba:v2.6.6 shaba:v2.6.5 shaba:v2.6.4 shaba:v2.7.0-rc2 shaba:v2.6.3 shaba:v2.7.0-rc1 shaba:v2.6.2 shaba:v2.6.1 shaba:v2.6.0 shaba:v2.6.0-rc3 shaba:v2.5.7 shaba:v2.6.0-rc2 shaba:v2.5.6 shaba:v2.6.0-rc1 shaba:v1.7.34 shaba:v2.5.5 shaba:v2.5.4 shaba:v1.7.33 shaba:v1.7.32 shaba:v1.7.31 shaba:v2.5.3 shaba:v2.5.2 shaba:v2.5.1 shaba:v2.5.0 shaba:v2.4.14 shaba:v2.5.0-rc6 shaba:v2.5.0-rc5 shaba:v2.5.0-rc4 shaba:v2.4.13 shaba:v2.4.12 shaba:v2.5.0-rc3 shaba:v2.4.11 shaba:v2.4.10 shaba:v2.5.0-rc2 shaba:v2.5.0-rc1 shaba:v2.4.9 shaba:v1.7.30 shaba:v1.7.29 shaba:v2.4.8 shaba:v2.4.7 shaba:v2.4.6 shaba:v2.4.5 shaba:v2.4.4 shaba:v2.4.3 shaba:v2.4.2 shaba:v2.4.1 shaba:v2.4.0 shaba:v1.7.28 shaba:v1.7.27 shaba:v2.4.0-rc2 shaba:v2.3.7 shaba:v2.3.6 shaba:v2.4.0-rc1 shaba:v2.3.5 shaba:v2.3.4 shaba:v2.3.3 shaba:v2.3.2 shaba:v2.3.1 shaba:v2.3.0 shaba:v2.3.0-rc7 shaba:v2.3.0-rc6 shaba:v2.3.0-rc5 shaba:v2.2.11 shaba:v2.2.10 shaba:v2.3.0-rc4 shaba:v2.3.0-rc3 shaba:v2.2.8 shaba:v1.7.26 shaba:v2.2.7 shaba:v2.2.6 shaba:v2.3.0-rc2 shaba:v2.3.0-rc1 shaba:v1.7.25 shaba:v2.2.5 shaba:v2.2.4 shaba:v2.2.3 shaba:v2.2.2 shaba:v2.2.1 shaba:v2.2.0 shaba:v1.7.24 shaba:v2.1.9 shaba:v1.7.23 shaba:v2.2.0-rc4 shaba:v2.1.8 shaba:v2.2.0-rc3 shaba:v2.1.7 shaba:v1.7.22 shaba:v2.2.0-rc2 shaba:v2.2.0-rc1 shaba:v2.1.6 shaba:v2.1.5 shaba:v1.7.21 shaba:v2.1.4 shaba:v2.1.3 shaba:v2.1.2 shaba:v2.1.1 shaba:v2.1.0 shaba:v1.7.20 shaba:v2.0.7 shaba:v2.1.0-rc3 shaba:v2.0.6 shaba:v2.1.0-rc2 shaba:v2.1.0-rc1 shaba:v2.0.5 shaba:v2.0.4 shaba:v2.0.3 shaba:v1.7.19 shaba:v2.0.2 shaba:v2.0.1 shaba:v1.7.18 shaba:v1.7.17 shaba:v2.0.0 shaba:v2.0.0-rc4 shaba:v1.7.16 shaba:v1.7.15 shaba:v2.0.0-rc3 shaba:v2.0.0-rc2 shaba:v2.0.0-rc1 shaba:v1.7.14 shaba:v1.7.13 shaba:v2.0.0-beta1 shaba:v2.0.0-alpha8 shaba:v2.0.0-alpha7 shaba:v2.0.0-alpha6 shaba:v2.0.0-alpha5 shaba:v1.7.12 shaba:v1.7.11 shaba:v2.0.0-alpha4 shaba:v2.0.0-alpha3 shaba:v1.7.10 shaba:v2.0.0-alpha2 shaba:v2.0.0-alpha1 shaba:v1.7.9 shaba:v1.7.8 shaba:v1.7.7 shaba:v1.7.6 shaba:v1.7.5 shaba:v1.7.4 shaba:v1.7.3 shaba:v1.7.2 shaba:v1.7.1 shaba:v1.7.0 shaba:v1.7.0-rc5 shaba:v1.7.0-rc4 shaba:v1.6.6 shaba:v1.7.0-rc3 shaba:v1.7.0-rc2 shaba:v1.6.5 shaba:v1.7.0-rc1 shaba:v1.6.4 shaba:v1.6.3 shaba:v1.6.2 shaba:v1.6.1 shaba:v1.6.0 shaba:v1.6.0-rc6 shaba:v1.6.0-rc5 shaba:v1.6.0-rc4 shaba:v1.6.0-rc3 shaba:v1.6.0-rc2 shaba:v1.6.0-rc1 shaba:v1.5.4 shaba:v1.5.3 shaba:v1.5.2 shaba:v1.5.1 shaba:v1.5.0 shaba:v1.5.0-rc5 shaba:v1.5.0-rc4 shaba:v1.4.6 shaba:v1.5.0-rc3 shaba:v1.5.0-rc2 shaba:v1.4.5 shaba:v1.5.0-rc1 shaba:v1.4.4 shaba:v1.4.3 shaba:v1.4.2 shaba:v1.4.1 shaba:v1.4.0 shaba:v1.4.0-rc5 shaba:v1.4.0-rc4 shaba:v1.4.0-rc3 shaba:v1.4.0-rc2 shaba:v1.3.8 shaba:v1.4.0-rc1 shaba:v1.3.7 shaba:v1.3.6 shaba:v1.3.5 shaba:v1.3.4 shaba:v1.3.3 shaba:v1.3.2 shaba:v1.3.1 shaba:v1.3.0 shaba:v1.3.0-rc3 shaba:v1.3.0-rc2 shaba:v1.3.0-rc1 shaba:v1.2.3 shaba:v1.2.2 shaba:v1.2.1 shaba:v1.2.0 shaba:v1.2.0-rc2 shaba:v1.2.0-rc1 shaba:v1.1.2 shaba:v1.1.1 shaba:v1.1.0 shaba:v1.1.0-rc4 shaba:v1.1.0-rc3 shaba:v1.1.0-rc2 shaba:v1.1.0-rc1 shaba:v1.0.3 shaba:v1.0.2 shaba:v1.0.1 shaba:v1.0.0 shaba:v1.0.0-rc3 shaba:v1.0.0-rc2 shaba:v1.0.0-rc1 shaba:v1.0.0-beta.809 shaba:v1.0.0-beta.804 shaba:v1.0.0-beta.794 shaba:v1.0.0-beta.784 shaba:v1.0.0-beta.771 shaba:v1.0.0-beta.767 shaba:v1.0.0-beta.756 shaba:v1.0.0-beta.754 shaba:v1.0.0-beta.744 shaba:v1.0.0-beta.732 shaba:v1.0.0-beta.723 shaba:v1.0.0-beta.721 shaba:v1.0.0-beta.712 shaba:v1.0.0-beta.704 shaba:v1.0.0-beta.695 shaba:v1.0.0-beta.692 shaba:v1.0.0-beta.682 shaba:v1.0.0-beta.676 shaba:v1.0.0-beta.673 shaba:v1.0.0-beta.666 shaba:v1.0.0-beta.652 shaba:v1.0.0-beta.644 shaba:v1.0.0-beta.621 shaba:v1.0.0-beta.614 shaba:v1.0.0-beta.610 shaba:v1.0.0-beta.601 shaba:v1.0.0-beta.582 shaba:v1.0.0-beta.576 shaba:v1.0.0-beta.573 shaba:v1.0.0-beta.555 shaba:v1.0.0-beta.548 shaba:v1.0.0-beta.545 shaba:v1.0.0-beta.524 shaba:v1.0.0-beta.513 shaba:v1.0.0-beta.508 shaba:v1.0.0-beta.505 shaba:v1.0.0-beta.484 shaba:v1.0.0-beta.481 shaba:v1.0.0-beta.475 shaba:v1.0.0-beta.470 shaba:v1.0.0-beta.453 shaba:v1.0.0-beta.442 shaba:v1.0.0-beta.440 shaba:v1.0.0-beta.436 shaba:v1.0.0-beta.433 shaba:v1.0.0-beta.427 shaba:v1.0.0-beta.421 shaba:v1.0.0-beta.416 shaba:v1.0.0-beta.408 shaba:v1.0.0-beta.404 shaba:v1.0.0-beta.395 shaba:v1.0.0-beta.392 shaba:v1.0.0-beta.374 shaba:v1.0.0-beta.366 shaba:v1.0.0-beta.355 shaba:v1.0.0-beta.352 shaba:v1.0.0-beta.341 shaba:v1.0.0-beta.339 shaba:v1.0.0-beta.324 shaba:v1.0.0-beta.300 shaba:v1.0.0-beta.291 shaba:v1.0.0-beta.289 shaba:v1.0.0-beta.287 shaba:v1.0.0-beta.280 shaba:v1.0.0-beta.277 shaba:v1.0.0-beta.254 shaba:v1.0.0-beta.247 shaba:v1.0.0-beta.224 shaba:v1.0.0-beta.220 shaba:v1.0.0-beta.212 shaba:v1.0.0-beta.211 shaba:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 shaba:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 shaba:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb shaba:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f shaba:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e shaba:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 shaba:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 shaba:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e shaba:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b shaba:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a shaba:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b shaba:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e shaba:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d shaba:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d shaba:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 shaba:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff shaba:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb shaba:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 shaba:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b shaba:v1.0.alpha.522 shaba:v1.0.alpha.516 shaba:v1.0.alpha.506 shaba:v1.0.alpha.481 shaba:v1.0.alpha.477 shaba:v1.0.alpha.471 shaba:v1.0.alpha.469 shaba:v1.0.alpha.463 shaba:v1.0.alpha.450 shaba:v1.0.alpha.443 shaba:v1.0.alpha.439 shaba:v1.0.alpha.425 shaba:v1.0.alpha.421 shaba:v1.0.alpha.418 shaba:v1.0.alpha.412 shaba:v1.0.alpha.404 shaba:v1.0.alpha.392 shaba:v1.0.alpha.374 shaba:v1.0.alpha.367 shaba:v1.0.alpha.364 shaba:v1.0.alpha.361 shaba:v1.0.alpha.358 shaba:v1.0.alpha.357 shaba:v1.0.alpha.341 shaba:v1.0.alpha.338 shaba:v1.0.alpha.336 shaba:v1.0.alpha.333 shaba:v1.0.alpha.329 shaba:v1.0.alpha.311 shaba:v1.0.alpha.306 shaba:v1.0.alpha.302 shaba:v1.0.alpha.291 shaba:v1.0.alpha.290 shaba:v1.0.alpha.288 shaba:v1.0.alpha.285 shaba:v1.0.alpha.275 shaba:v1.0.alpha.274 shaba:v1.0.alpha.273 shaba:v1.0.alpha.272 shaba:v1.0.alpha.271 shaba:v1.0.alpha.270 shaba:v1.0.alpha.268 shaba:v1.0.alpha.269 shaba:v1.0.alpha.267 shaba:v1.0.alpha.266 shaba:v1.0.alpha.263 shaba:v1.0.alpha.257 shaba:v1.0.alpha.256 shaba:v1.0.alpha.251 shaba:v1.0.alpha.252 shaba:v1.0.alpha.250 shaba:v1.0.alpha.249 shaba:v1.0.alpha.247 shaba:v1.0.alpha.228 shaba:v1.0.alpha.217 shaba:v1.0.alpha.216 shaba:v1.0.alpha.215 shaba:v1.0.alpha.212 shaba:v1.0.alpha.200 shaba:v1.0.alpha.186 shaba:v1.0.alpha.182 shaba:v1.0.alpha.178 shaba:v1.0.alpha.176 shaba:v1.0.alpha.171 shaba:v1.0.alpha.170 shaba:v1.0.alpha.164 shaba:v1.0.alpha.157 shaba:v1.0
...
compare: shaba:v2.5.4
Branches Tags
shaba:v3.5 shaba:master shaba:v2.11 shaba:v2.5 shaba:v3.4 shaba:v3.3 shaba:v3.2 shaba:v3.1 shaba:v3.0 shaba:v1.0 shaba:v1.1 shaba:v1.2 shaba:v1.3 shaba:v1.4 shaba:v2.10 shaba:v1.5 shaba:v1.6 shaba:v1.7 shaba:v2.0 shaba:v2.1 shaba:v2.2 shaba:v2.6 shaba:v2.7 shaba:v2.8 shaba:v2.9 shaba:v2.3 shaba:v2.4
shaba:v3.5.3 shaba:v3.5.2 shaba:v3.5.1 shaba:v2.11.29 shaba:v3.5.0 shaba:v3.4.5 shaba:v2.11.28 shaba:v3.5.0-rc2 shaba:v3.4.4 shaba:v2.11.27 shaba:v3.5.0-rc1 shaba:v3.4.3 shaba:v3.4.2 shaba:v2.11.26 shaba:v3.4.1 shaba:v2.11.25 shaba:v3.4.0 shaba:v3.3.7 shaba:v3.4.0-rc2 shaba:v3.3.6 shaba:v2.11.24 shaba:v2.11.23 shaba:v3.4.0-rc1 shaba:v3.3.5 shaba:v2.11.22 shaba:v3.3.4 shaba:v2.11.21 shaba:v3.3.3 shaba:v2.11.20 shaba:v2.11.19 shaba:v3.3.2 shaba:v2.11.18 shaba:v3.3.1 shaba:v3.2.5 shaba:v3.3.0 shaba:v3.2.4 shaba:v2.11.17 shaba:v3.3.0-rc2 shaba:v3.3.0-rc1 shaba:v3.2.3 shaba:v2.11.16 shaba:v3.2.2 shaba:v2.11.15 shaba:v3.2.1 shaba:v2.11.14 shaba:v3.2.0 shaba:v3.1.7 shaba:v2.11.13 shaba:v3.2.0-rc2 shaba:v3.1.6 shaba:v2.11.12 shaba:v3.2.0-rc1 shaba:v3.1.5 shaba:v2.11.11 shaba:v3.1.4 shaba:v2.11.10 shaba:v3.1.3 shaba:v2.11.9 shaba:v3.1.2 shaba:v2.11.8 shaba:v3.1.1 shaba:v2.11.7 shaba:v3.1.0 shaba:v3.1.0-rc3 shaba:v3.0.4 shaba:v2.11.6 shaba:v3.1.0-rc2 shaba:v3.1.0-rc1 shaba:v3.0.3 shaba:v2.11.5 shaba:v3.0.2 shaba:v2.11.4 shaba:v3.0.1 shaba:v2.11.3 shaba:v3.0.0 shaba:v3.0.0-rc5 shaba:v2.11.2 shaba:v3.0.0-rc4 shaba:v2.11.1 shaba:v3.0.0-rc3 shaba:v3.0.0-rc2 shaba:v3.0.0-rc1 shaba:v2.11.0 shaba:v2.11.0-rc2 shaba:v2.11.0-rc1 shaba:v2.10.7 shaba:v3.0.0-beta5 shaba:v2.10.6 shaba:v3.0.0-beta4 shaba:v2.10.5 shaba:v2.10.4 shaba:v3.0.0-beta3 shaba:v2.10.3 shaba:v2.10.2 shaba:v2.10.1 shaba:v2.10.0 shaba:v2.10.0-rc2 shaba:v2.9.10 shaba:v2.10.0-rc1 shaba:v2.9.9 shaba:v2.9.8 shaba:v2.9.7 shaba:v3.0.0-beta2 shaba:v2.9.6 shaba:v3.0.0-beta1 shaba:v2.9.5 shaba:v2.9.4 shaba:v2.9.3 shaba:v2.9.2 shaba:v2.9.1 shaba:v2.9.0-rc5 shaba:v2.8.8 shaba:v2.8.7 shaba:v2.9.0-rc4 shaba:v2.8.6 shaba:v2.9.0-rc3 shaba:v2.9.0-rc2 shaba:v2.9.0-rc1 shaba:v2.8.5 shaba:v2.8.4 shaba:v2.8.3 shaba:v2.8.2 shaba:v2.8.1 shaba:v2.8.0 shaba:v2.7.3 shaba:v2.8.0-rc2 shaba:v2.7.2 shaba:v2.8.0-rc1 shaba:v2.7.1 shaba:v2.7.0 shaba:v2.6.7 shaba:v2.6.6 shaba:v2.6.5 shaba:v2.6.4 shaba:v2.7.0-rc2 shaba:v2.6.3 shaba:v2.7.0-rc1 shaba:v2.6.2 shaba:v2.6.1 shaba:v2.6.0 shaba:v2.6.0-rc3 shaba:v2.5.7 shaba:v2.6.0-rc2 shaba:v2.5.6 shaba:v2.6.0-rc1 shaba:v1.7.34 shaba:v2.5.5 shaba:v2.5.4 shaba:v1.7.33 shaba:v1.7.32 shaba:v1.7.31 shaba:v2.5.3 shaba:v2.5.2 shaba:v2.5.1 shaba:v2.5.0 shaba:v2.4.14 shaba:v2.5.0-rc6 shaba:v2.5.0-rc5 shaba:v2.5.0-rc4 shaba:v2.4.13 shaba:v2.4.12 shaba:v2.5.0-rc3 shaba:v2.4.11 shaba:v2.4.10 shaba:v2.5.0-rc2 shaba:v2.5.0-rc1 shaba:v2.4.9 shaba:v1.7.30 shaba:v1.7.29 shaba:v2.4.8 shaba:v2.4.7 shaba:v2.4.6 shaba:v2.4.5 shaba:v2.4.4 shaba:v2.4.3 shaba:v2.4.2 shaba:v2.4.1 shaba:v2.4.0 shaba:v1.7.28 shaba:v1.7.27 shaba:v2.4.0-rc2 shaba:v2.3.7 shaba:v2.3.6 shaba:v2.4.0-rc1 shaba:v2.3.5 shaba:v2.3.4 shaba:v2.3.3 shaba:v2.3.2 shaba:v2.3.1 shaba:v2.3.0 shaba:v2.3.0-rc7 shaba:v2.3.0-rc6 shaba:v2.3.0-rc5 shaba:v2.2.11 shaba:v2.2.10 shaba:v2.3.0-rc4 shaba:v2.3.0-rc3 shaba:v2.2.8 shaba:v1.7.26 shaba:v2.2.7 shaba:v2.2.6 shaba:v2.3.0-rc2 shaba:v2.3.0-rc1 shaba:v1.7.25 shaba:v2.2.5 shaba:v2.2.4 shaba:v2.2.3 shaba:v2.2.2 shaba:v2.2.1 shaba:v2.2.0 shaba:v1.7.24 shaba:v2.1.9 shaba:v1.7.23 shaba:v2.2.0-rc4 shaba:v2.1.8 shaba:v2.2.0-rc3 shaba:v2.1.7 shaba:v1.7.22 shaba:v2.2.0-rc2 shaba:v2.2.0-rc1 shaba:v2.1.6 shaba:v2.1.5 shaba:v1.7.21 shaba:v2.1.4 shaba:v2.1.3 shaba:v2.1.2 shaba:v2.1.1 shaba:v2.1.0 shaba:v1.7.20 shaba:v2.0.7 shaba:v2.1.0-rc3 shaba:v2.0.6 shaba:v2.1.0-rc2 shaba:v2.1.0-rc1 shaba:v2.0.5 shaba:v2.0.4 shaba:v2.0.3 shaba:v1.7.19 shaba:v2.0.2 shaba:v2.0.1 shaba:v1.7.18 shaba:v1.7.17 shaba:v2.0.0 shaba:v2.0.0-rc4 shaba:v1.7.16 shaba:v1.7.15 shaba:v2.0.0-rc3 shaba:v2.0.0-rc2 shaba:v2.0.0-rc1 shaba:v1.7.14 shaba:v1.7.13 shaba:v2.0.0-beta1 shaba:v2.0.0-alpha8 shaba:v2.0.0-alpha7 shaba:v2.0.0-alpha6 shaba:v2.0.0-alpha5 shaba:v1.7.12 shaba:v1.7.11 shaba:v2.0.0-alpha4 shaba:v2.0.0-alpha3 shaba:v1.7.10 shaba:v2.0.0-alpha2 shaba:v2.0.0-alpha1 shaba:v1.7.9 shaba:v1.7.8 shaba:v1.7.7 shaba:v1.7.6 shaba:v1.7.5 shaba:v1.7.4 shaba:v1.7.3 shaba:v1.7.2 shaba:v1.7.1 shaba:v1.7.0 shaba:v1.7.0-rc5 shaba:v1.7.0-rc4 shaba:v1.6.6 shaba:v1.7.0-rc3 shaba:v1.7.0-rc2 shaba:v1.6.5 shaba:v1.7.0-rc1 shaba:v1.6.4 shaba:v1.6.3 shaba:v1.6.2 shaba:v1.6.1 shaba:v1.6.0 shaba:v1.6.0-rc6 shaba:v1.6.0-rc5 shaba:v1.6.0-rc4 shaba:v1.6.0-rc3 shaba:v1.6.0-rc2 shaba:v1.6.0-rc1 shaba:v1.5.4 shaba:v1.5.3 shaba:v1.5.2 shaba:v1.5.1 shaba:v1.5.0 shaba:v1.5.0-rc5 shaba:v1.5.0-rc4 shaba:v1.4.6 shaba:v1.5.0-rc3 shaba:v1.5.0-rc2 shaba:v1.4.5 shaba:v1.5.0-rc1 shaba:v1.4.4 shaba:v1.4.3 shaba:v1.4.2 shaba:v1.4.1 shaba:v1.4.0 shaba:v1.4.0-rc5 shaba:v1.4.0-rc4 shaba:v1.4.0-rc3 shaba:v1.4.0-rc2 shaba:v1.3.8 shaba:v1.4.0-rc1 shaba:v1.3.7 shaba:v1.3.6 shaba:v1.3.5 shaba:v1.3.4 shaba:v1.3.3 shaba:v1.3.2 shaba:v1.3.1 shaba:v1.3.0 shaba:v1.3.0-rc3 shaba:v1.3.0-rc2 shaba:v1.3.0-rc1 shaba:v1.2.3 shaba:v1.2.2 shaba:v1.2.1 shaba:v1.2.0 shaba:v1.2.0-rc2 shaba:v1.2.0-rc1 shaba:v1.1.2 shaba:v1.1.1 shaba:v1.1.0 shaba:v1.1.0-rc4 shaba:v1.1.0-rc3 shaba:v1.1.0-rc2 shaba:v1.1.0-rc1 shaba:v1.0.3 shaba:v1.0.2 shaba:v1.0.1 shaba:v1.0.0 shaba:v1.0.0-rc3 shaba:v1.0.0-rc2 shaba:v1.0.0-rc1 shaba:v1.0.0-beta.809 shaba:v1.0.0-beta.804 shaba:v1.0.0-beta.794 shaba:v1.0.0-beta.784 shaba:v1.0.0-beta.771 shaba:v1.0.0-beta.767 shaba:v1.0.0-beta.756 shaba:v1.0.0-beta.754 shaba:v1.0.0-beta.744 shaba:v1.0.0-beta.732 shaba:v1.0.0-beta.723 shaba:v1.0.0-beta.721 shaba:v1.0.0-beta.712 shaba:v1.0.0-beta.704 shaba:v1.0.0-beta.695 shaba:v1.0.0-beta.692 shaba:v1.0.0-beta.682 shaba:v1.0.0-beta.676 shaba:v1.0.0-beta.673 shaba:v1.0.0-beta.666 shaba:v1.0.0-beta.652 shaba:v1.0.0-beta.644 shaba:v1.0.0-beta.621 shaba:v1.0.0-beta.614 shaba:v1.0.0-beta.610 shaba:v1.0.0-beta.601 shaba:v1.0.0-beta.582 shaba:v1.0.0-beta.576 shaba:v1.0.0-beta.573 shaba:v1.0.0-beta.555 shaba:v1.0.0-beta.548 shaba:v1.0.0-beta.545 shaba:v1.0.0-beta.524 shaba:v1.0.0-beta.513 shaba:v1.0.0-beta.508 shaba:v1.0.0-beta.505 shaba:v1.0.0-beta.484 shaba:v1.0.0-beta.481 shaba:v1.0.0-beta.475 shaba:v1.0.0-beta.470 shaba:v1.0.0-beta.453 shaba:v1.0.0-beta.442 shaba:v1.0.0-beta.440 shaba:v1.0.0-beta.436 shaba:v1.0.0-beta.433 shaba:v1.0.0-beta.427 shaba:v1.0.0-beta.421 shaba:v1.0.0-beta.416 shaba:v1.0.0-beta.408 shaba:v1.0.0-beta.404 shaba:v1.0.0-beta.395 shaba:v1.0.0-beta.392 shaba:v1.0.0-beta.374 shaba:v1.0.0-beta.366 shaba:v1.0.0-beta.355 shaba:v1.0.0-beta.352 shaba:v1.0.0-beta.341 shaba:v1.0.0-beta.339 shaba:v1.0.0-beta.324 shaba:v1.0.0-beta.300 shaba:v1.0.0-beta.291 shaba:v1.0.0-beta.289 shaba:v1.0.0-beta.287 shaba:v1.0.0-beta.280 shaba:v1.0.0-beta.277 shaba:v1.0.0-beta.254 shaba:v1.0.0-beta.247 shaba:v1.0.0-beta.224 shaba:v1.0.0-beta.220 shaba:v1.0.0-beta.212 shaba:v1.0.0-beta.211 shaba:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 shaba:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 shaba:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb shaba:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f shaba:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e shaba:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 shaba:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 shaba:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e shaba:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b shaba:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a shaba:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b shaba:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e shaba:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d shaba:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d shaba:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 shaba:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff shaba:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb shaba:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 shaba:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b shaba:v1.0.alpha.522 shaba:v1.0.alpha.516 shaba:v1.0.alpha.506 shaba:v1.0.alpha.481 shaba:v1.0.alpha.477 shaba:v1.0.alpha.471 shaba:v1.0.alpha.469 shaba:v1.0.alpha.463 shaba:v1.0.alpha.450 shaba:v1.0.alpha.443 shaba:v1.0.alpha.439 shaba:v1.0.alpha.425 shaba:v1.0.alpha.421 shaba:v1.0.alpha.418 shaba:v1.0.alpha.412 shaba:v1.0.alpha.404 shaba:v1.0.alpha.392 shaba:v1.0.alpha.374 shaba:v1.0.alpha.367 shaba:v1.0.alpha.364 shaba:v1.0.alpha.361 shaba:v1.0.alpha.358 shaba:v1.0.alpha.357 shaba:v1.0.alpha.341 shaba:v1.0.alpha.338 shaba:v1.0.alpha.336 shaba:v1.0.alpha.333 shaba:v1.0.alpha.329 shaba:v1.0.alpha.311 shaba:v1.0.alpha.306 shaba:v1.0.alpha.302 shaba:v1.0.alpha.291 shaba:v1.0.alpha.290 shaba:v1.0.alpha.288 shaba:v1.0.alpha.285 shaba:v1.0.alpha.275 shaba:v1.0.alpha.274 shaba:v1.0.alpha.273 shaba:v1.0.alpha.272 shaba:v1.0.alpha.271 shaba:v1.0.alpha.270 shaba:v1.0.alpha.268 shaba:v1.0.alpha.269 shaba:v1.0.alpha.267 shaba:v1.0.alpha.266 shaba:v1.0.alpha.263 shaba:v1.0.alpha.257 shaba:v1.0.alpha.256 shaba:v1.0.alpha.251 shaba:v1.0.alpha.252 shaba:v1.0.alpha.250 shaba:v1.0.alpha.249 shaba:v1.0.alpha.247 shaba:v1.0.alpha.228 shaba:v1.0.alpha.217 shaba:v1.0.alpha.216 shaba:v1.0.alpha.215 shaba:v1.0.alpha.212 shaba:v1.0.alpha.200 shaba:v1.0.alpha.186 shaba:v1.0.alpha.182 shaba:v1.0.alpha.178 shaba:v1.0.alpha.176 shaba:v1.0.alpha.171 shaba:v1.0.alpha.170 shaba:v1.0.alpha.164 shaba:v1.0.alpha.157 shaba:v1.0

117 Commits
v2.5.0-rc2 ... v2.5.4

Author SHA1 Message Date
Romain
95dc43ce4a Prepare release v2.5.4 2021-11-08 18:36:13 +01:00
Tom Moulard
d91eefa74f fix: TCP/UDP wrr when all servers have a weight set to 0 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2021-11-08 17:58:12 +01:00
Kevin Pollet
ffdfc13461 docs: fix typo in addRoutersLabels option title 2021-11-08 13:32:10 +01:00
kerrsmith
a13b03ef3d docs: add named groups details to Regexp Syntax section 2021-11-08 10:06:05 +01:00
Tom Moulard
69d504c905 fix: git ignore webui/static/ 2021-11-05 18:02:05 +01:00
CrispyBaguette
bda7e025a2 docs: remove link to microbadger.com 2021-11-05 17:28:06 +01:00
Ludovic Fernandez
596f04eae8 chore: update linter 2021-11-04 09:50:11 +01:00
Kevin Pollet
b39d226fb8 fix: use host's root CA set if ClientTLS ca is not defined 
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
 2021-11-03 17:38:07 +01:00
Marc Bihlmaier
20dfb91948 docs: remove quotes in certificatesresolvers CLI examples 2021-10-28 18:14:14 +02:00
Tom Moulard
e033355225 fix: do not validate shell script in node-modules folder 2021-10-27 10:34:05 +02:00
Kevin Pollet
56ed45ae70 docs: remove non-working kind config in IngressRouteTCP/UDP examples 2021-10-26 12:08:12 +02:00
Kevin Pollet
d3ff0c2cd4 fix: do not require a TLS client cert when InsecureSkipVerify is false 
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
 2021-10-26 10:54:11 +02:00
Romain
566b205758 Clarify usage for cross provider references in Kubernetes ingress annotations 2021-10-26 10:30:13 +02:00
Tom Moulard
b537ccdb0c doc: update traefik image version 2021-10-25 17:18:12 +02:00
Pedro López Mareque
d9b8435a7d feat: rename networking.k8s.io/v1beta1 to networking.k8s.io/v1 2021-10-21 09:44:12 +02:00
Pedro López Mareque
c0ba4d177f fix: sourceCriterion documentation for InFlightReq and RateLimit middlewares 2021-10-19 14:40:06 +02:00
Anton Kindblad
7377ab7b95 fix(ui): bug parsing weighted service provider name 2021-10-18 14:52:14 +02:00
Tom Moulard
207ac94ed0 Fix remove http scheme urls in documentation 2021-10-08 11:52:05 +02:00
Daniel Tomcej
fe32a7e584 fix: use EscapedPath as header value when RawPath is empty 2021-10-08 11:32:08 +02:00
Aaron Raff
25e12aee14 kubernetes: normalize middleware names in ingress route config 2021-10-07 15:40:05 +02:00
Jack Morgan
5d716f0149 Mention escaping escape characters in YAML for regex usage 2021-10-06 11:36:11 +02:00
Ludovic Fernandez
918a343557 chore: update proxyprotocol and consul 2021-10-04 17:54:10 +02:00
Ludovic Fernandez
89001ae9a4 Update go-acme/lego to v4.5.0 2021-10-01 09:20:08 +02:00
Roman Mahrer
c99221fa34 Fix typo in KV providers documentation 2021-09-29 13:22:12 +02:00
Kevin Pollet
d28bcf24e5 docs: reword tracing config descriptions to be consistent 2021-09-29 10:40:14 +02:00
KallyDev
8d739c411b Move from deprecated ioutil to os and io packages 2021-09-28 15:30:14 +02:00
Kevin Pollet
46c1600ada fix: forward request Host to errors middleware service 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2021-09-27 17:40:13 +02:00
Kevin Pollet
126b32c579 fix: add missing RequireAnyClientCert value to TLSOption CRD 2021-09-24 11:32:07 +02:00
Max Baumann
61ceb7a32c docs: replace links to French translation of k8s docs with English ones 2021-09-21 16:28:11 +02:00
Romain
c7e13eb082 Prepare release v2.5.3 2021-09-20 17:30:06 +02:00
Tom Moulard
6906a022ca Add cross namespace verification in Kubernetes CRD 2021-09-20 12:54:05 +02:00
Kevin Pollet
bda0dba131 fix: add peerCertURI config to k8s crd provider 
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
 2021-09-17 08:56:07 +02:00
Romain
76867e39ea Fix ServersTransport reference from IngressRoute service definition 
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
 2021-09-16 15:12:13 +02:00
Simon Stender Boisen
6f8e8ea252 Ensure disableHTTP2 works with k8s crd 2021-09-16 12:18:08 +02:00
Aaron Raff
8e7881094f docs: add default proxy headers 2021-09-16 11:18:12 +02:00
Ludovic Fernandez
7d09132a5c Update yaegi to v0.10.0 2021-09-16 10:20:07 +02:00
Ludovic Fernandez
6f4a7fb604 chore: upgrade linter 2021-09-16 09:16:07 +02:00
Tom Moulard
6e28db513c Metrics router fix 
Co-authored-by: Michael <michael.matur@gmail.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2021-09-15 17:26:06 +02:00
Tom Moulard
a72d124551 Fix certChan defaulting on consul catalog provider 2021-09-14 17:12:12 +02:00
Jean-Baptiste Doumenjou
55360c1eaf Add Tom Moulard in maintainers team 2021-09-14 10:42:14 +02:00
Jean-Baptiste Doumenjou
fffa413121 Fix golang doc URLs 2021-09-10 11:42:07 +02:00
Ricardo Tribaldos
c011bdfdd8 docs: fix error in example (YAML) for TCP middleware whitelist 2021-09-06 09:30:09 +02:00
Romain
871e04cb12 Prepare release v2.5.2 2021-09-02 16:46:11 +02:00
Romain
287cebb498 Fix CRDs code and manifests generation 2021-09-02 14:40:08 +02:00
Sylvain Rabot
6c8d200373 Upgrade github.com/lucas-clemente/quic-go to v0.23.0 2021-09-02 12:06:10 +02:00
Anton Gubarev
0ac6f80b50 Fix empty body error in mirror 2021-09-02 10:46:13 +02:00
Romain
2b73860ea5 Adds pathType for v1 ingresses examples 2021-09-02 10:20:12 +02:00
Romain
ddcb003b3b Bump go.elastic.co/apm version to v1.13.1 2021-09-02 09:56:11 +02:00
Romain
be52c5abb1 Fix http scheme urls in documentation 2021-08-31 18:54:06 +02:00
Romain
eb6c5fc34d Fix experimental images workflow 2021-08-30 14:24:12 +02:00
Romain
4fc16f26a3 Build experimental images 2021-08-30 12:20:14 +02:00
Romain
234d35f592 Fix alpine docker image to version 3.14 2021-08-30 11:38:12 +02:00
Roopak Venkatakrishnan
352a72a5d7 Update x/sys to support go 1.17 2021-08-25 21:00:11 +02:00
Romain
4d1ce986a6 Bumps alpine docker images to v1.14.1 2021-08-25 11:14:10 +02:00
Romain
531a8ff248 Prepare release v2.5.1 2021-08-20 18:27:12 +02:00
Romain
2644c1f598 Makes ALPN protocols configurable 2021-08-20 18:20:06 +02:00
Julien Salleyron
fa53f7ec85 Conditional CloseNotify in header middleware 2021-08-19 18:02:07 +02:00
Per Osbäck
e05574af58 Adds MiddlewareTCP CRD documentation 2021-08-19 17:00:14 +02:00
euidong
fcfc976b13 Adds ContentType to middleware's overview table 2021-08-19 15:00:11 +02:00
romain
78180a5fa7 Merge current v2.4 into v2.5 2021-08-19 11:45:19 +02:00
Romain
3445abe7ac Fix Kubernetes Gateway API documentation links 2021-08-19 11:18:11 +02:00
Romain
e0b442a48b Prepare release v2.5.0 2021-08-17 18:04:05 +02:00
Romain
bd1c84755b Update Go version to v1.17 2021-08-17 17:20:12 +02:00
Matthias Schneider
a7194e96e0 Fix dashboard title for TCP middlewares 2021-08-17 15:02:15 +02:00
romain
2bd60f9e60 Merge current v2.4 into v2.5 2021-08-17 10:05:22 +02:00
Romain
35a40c8727 Prepare release v2.4.14 2021-08-16 17:26:14 +02:00
Romain
7f62667569 Update mkdocs dependency version 2021-08-16 12:32:07 +02:00
Avtion
fd4ba585ee fix: an example code error in doc 2021-08-16 10:08:08 +02:00
mpl
81eb46e36d Prepare release v2.5.0-rc6 2021-08-13 18:04:15 +02:00
mpl
b7700e77bf Update Go version 2021-08-13 17:42:09 +02:00
Tristan Colgate-McFarlane
e73dd31619 redirect: fix comparison when explicit port request and implicit redirect port 
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
 2021-08-11 17:10:12 +02:00
Jean-Baptiste Doumenjou
187ec26d8e Merge current v2.4 into v2.5 2021-08-05 18:09:23 +02:00
Jean-Baptiste Doumenjou
ef9b79f85c Remove unwanted trailing slash in key 
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
 2021-08-05 18:02:12 +02:00
Jean-Baptiste Doumenjou
32d88a977d Avoid unauthorized midlleware cross namespace reference 
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2021-08-05 17:42:08 +02:00
Michael
547c380961 fix: change machine type for release 2021-08-05 10:08:06 +02:00
Fernandez Ludovic
848e23b489 fix: decrease semaphoreci machine type 2021-08-03 20:15:21 +02:00
mmatur
d63cb1b4d6 Prepare release v2.5.0-rc5 2021-08-03 19:58:08 +02:00
mmatur
c45de0d8bc fix: increase semaphoreci machine type 2021-08-03 19:45:33 +02:00
Jean-Baptiste Doumenjou
5c18967f06 Prepare release v2.5.0-rc4 2021-08-03 18:42:11 +02:00
Jean-Baptiste Doumenjou
e78f172f02 Merge current v2.4 into v2.5 2021-08-03 17:04:58 +02:00
mpl
4fc077a5d2 Prepare release v2.4.13 2021-07-30 16:50:07 +02:00
Romain
7f307d60c4 Kubernetes: detect changes for resources other than endpoints 2021-07-30 15:08:10 +02:00
Ludovic Fernandez
b386964abc fix: remove hop-by-hop headers define in connection header beore some middleware 
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
 2021-07-30 12:20:07 +02:00
romain
4b456f3b76 Merge current v2.4 into v2.5 2021-07-28 14:40:49 +02:00
Michael
319e3065f0 fix: upgrade k3s version 2021-07-28 14:28:11 +02:00
Michael
a48a8a97a1 fix: restore cache only once 2021-07-27 19:16:06 +02:00
Jean-Baptiste Doumenjou
8be434aaad Prepare release v2.4.12 2021-07-26 18:08:09 +02:00
mpl
d9fc775084 ratelimiter: use correct ttlSeconds value, and always call Set 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
Co-authored-by: Daniel Tomcej <daniel.tomcej@gmail.com>
 2021-07-26 17:20:27 +02:00
Tom Moulard
2d95c37ea4 Merge current v2.4 into v2.5 2021-07-23 11:26:15 +02:00
Michael
e12630ef06 feat: Add new CI system 2021-07-23 11:00:07 +02:00
Jean-Baptiste Doumenjou
48bd279311 Prepare release v2.5.0-rc3 2021-07-20 16:26:08 +02:00
romain
a5b169c563 Merge current v2.4 into v2.5 2021-07-20 14:06:13 +02:00
Romain
bc5e621683 Get Kubernetes server version early 2021-07-20 13:02:10 +02:00
Ludovic Fernandez
1e69939532 Update yaegi to v0.9.21 2021-07-20 11:58:06 +02:00
Tom Moulard
d8156ef625 Fix dashboard to display middleware details 2021-07-20 10:36:06 +02:00
Daniel Tomcej
c2c4dc9b58 Don't remove ingress config on API call failure 2021-07-19 20:06:07 +02:00
Ludovic Fernandez
ffd4e207a4 Downgrade yaegi to v0.9.19 2021-07-19 18:54:04 +02:00
romain
bd3271aff0 Merge current v2.4 into v2.5 2021-07-19 15:18:38 +02:00
Romain
0664f5a9ca Fix KV reference documentation 2021-07-19 14:54:14 +02:00
Tom Moulard
c515ace328 Library change for compress middleware to increase performance 2021-07-19 10:22:14 +02:00
Daniel Tomcej
8d4620dc53 check if defaultcertificate is defined in store 2021-07-19 09:58:14 +02:00
Jean-Baptiste Doumenjou
16f65f669b Update Gateway API version to v0.3.0 
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
 2021-07-15 17:20:08 +02:00
Romain
2a2f7f783f Prepare release v2.4.11 2021-07-15 16:48:11 +02:00
Ludovic Fernandez
6ae50389e6 Update code generator for plugin's dyn conf 2021-07-15 15:58:08 +02:00
Jean-Baptiste Doumenjou
87fd51d7ec Fix migration guide 2021-07-15 14:40:13 +02:00
Mohammad Gufran
7e43e5615e Add Support for Consul Connect 
Co-authored-by: Florian Apolloner <apollo13@users.noreply.github.com>
 2021-07-15 14:02:11 +02:00
Jean-Baptiste Doumenjou
985f8778e9 fix doc verify script (#8266) 2021-07-15 00:09:51 +02:00
romain
3a180e2afc Merge current v2.4 into v2.5 2021-07-13 18:12:29 +02:00
Jean-Baptiste Doumenjou
2f47bb0df6 Prepare release v2.4.10 2021-07-13 16:54:08 +02:00
Daniel Tomcej
7e0f0d9d11 Ignore http 1.0 request host missing errors 2021-07-13 15:30:20 +02:00
Jean-Baptiste Doumenjou
e1f5866989 Detect certificates content modifications 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
 2021-07-13 14:14:35 +02:00
Daniel Tomcej
3c1ed0d9b2 Disable ExternalName Services by default on Kubernetes providers 2021-07-13 12:54:09 +02:00
Daniel Tomcej
10ab39c33b Add *headers.responseModifier CloseNotify() 2021-07-13 12:28:07 +02:00
Daniel Tomcej
3072354ca5 Disable Cross-Namespace by default for IngressRoute provider 2021-07-13 10:48:05 +02:00
Romain
14499cd6e5 Fix: Add dedicated integration tests targets for CI 2021-07-12 18:32:10 +02:00
Ludovic Fernandez
5d3dc3348e accesslog: multiple times the same header name. 2021-07-09 14:22:13 +02:00
Tom Moulard
f8db285d5d Update generated and reference doc for plugins 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2021-06-29 17:02:13 +02:00
253 changed files with 10255 additions and 3703 deletions
Expand all files Collapse all files

4
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@@ -3,11 +3,11 @@ PLEASE READ THIS MESSAGE.
Documentation fixes or enhancements:
- for Traefik v1: use branch v1.7
- for Traefik v2: use branch v2.4
- for Traefik v2: use branch v2.5
Bug fixes:
- for Traefik v1: use branch v1.7
- for Traefik v2: use branch v2.4
- for Traefik v2: use branch v2.5
Enhancements:
- for Traefik v1: we only accept bug fixes

82
.github/workflows/build.yaml vendored Normal file
View File

@@ -0,0 +1,82 @@
name: Build Binaries
on:
pull_request:
branches:
- '*'
env:
GO_VERSION: 1.17
CGO_ENABLED: 0
PRE_TARGET: ""
jobs:
build-webui:
runs-on: ubuntu-20.04
steps:
- name: Check out code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Build webui
run: |
make generate-webui
tar czvf webui.tar.gz ./static/
- name: Artifact webui
uses: actions/upload-artifact@v2
with:
name: webui.tar.gz
path: webui.tar.gz
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ ubuntu-20.04, macos-latest, windows-latest ]
needs:
- build-webui
defaults:
run:
working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
steps:
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}
- name: Check out code
uses: actions/checkout@v2
with:
path: go/src/github.com/traefik/traefik
fetch-depth: 0
- name: Cache Go modules
uses: actions/cache@v2
with:
path: |
~/go/pkg/mod
~/.cache/go-build
~/Library/Caches/go-build
'%LocalAppData%\go-build'
key: ${{ runner.os }}-build-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-build-go-
- name: Installing dependencies
run: go install github.com/containous/go-bindata/go-bindata@v1.0.0
- name: Artifact webui
uses: actions/download-artifact@v2
with:
name: webui.tar.gz
path: ${{ github.workspace }}/go/src/github.com/traefik/traefik
- name: Untar webui
run: tar xvf webui.tar.gz
- name: Build
run: make binary

5
.github/workflows/check_doc.yml vendored
View File

@@ -2,15 +2,16 @@ name: Check Documentation
on:
pull_request:
branches:
- '*'
jobs:
docs:
name: Check, verify and build documentation
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
steps:
- name: Check out code
uses: actions/checkout@v2
with:

10
.github/workflows/documentation.yml vendored
View File

@@ -6,18 +6,18 @@ on:
- master
- v*
env:
STRUCTOR_VERSION: v1.11.2
MIXTUS_VERSION: v0.4.1
jobs:
docs:
name: Doc Process
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
if: github.repository == 'traefik/traefik'
env:
STRUCTOR_VERSION: v1.11.2
MIXTUS_VERSION: v0.4.1
steps:
- name: Check out code
uses: actions/checkout@v2
with:

37
.github/workflows/experimental.yaml vendored Normal file
View File

@@ -0,0 +1,37 @@
name: Build experimental image on branch
on:
push:
branches:
- master
- v*
jobs:
experimental:
if: github.repository == 'traefik/traefik'
name: Build experimental image on branch
runs-on: ubuntu-20.04
steps:
# https://github.com/marketplace/actions/checkout
- name: Check out code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Branch name
run: echo ${GITHUB_REF##*/}
- name: Build docker experimental image
run: docker build -t traefik/traefik:experimental-${GITHUB_REF##*/} -f exp.Dockerfile .
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Push to Docker Hub
run: docker push traefik/traefik:experimental-${GITHUB_REF##*/}

46
.github/workflows/test-unit.yaml vendored Normal file
View File

@@ -0,0 +1,46 @@
name: Test Unit
on:
pull_request:
branches:
- '*'
env:
GO_VERSION: 1.17
PRE_TARGET: ""
jobs:
test-unit:
runs-on: ubuntu-20.04
defaults:
run:
working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
steps:
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}
- name: Check out code
uses: actions/checkout@v2
with:
path: go/src/github.com/traefik/traefik
fetch-depth: 0
- name: Cache Go modules
uses: actions/cache@v2
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-test-unit-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-test-unit-go-
- name: Installing dependencies
run: go install github.com/containous/go-bindata/go-bindata@v1.0.0
- name: Tests
run: make test-unit

100
.github/workflows/validate.yaml vendored Normal file
View File

@@ -0,0 +1,100 @@
name: Validate
on:
pull_request:
branches:
- '*'
env:
GO_VERSION: 1.17
GOLANGCI_LINT_VERSION: v1.43.0
MISSSPELL_VERSION: v0.3.4
PRE_TARGET: ""
jobs:
validate:
runs-on: ubuntu-20.04
defaults:
run:
working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
steps:
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}
- name: Check out code
uses: actions/checkout@v2
with:
path: go/src/github.com/traefik/traefik
fetch-depth: 0
- name: Cache Go modules
uses: actions/cache@v2
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-validate-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-validate-go-
- name: Installing dependencies
run: go install github.com/containous/go-bindata/go-bindata@v1.0.0
- name: Install golangci-lint ${{ env.GOLANGCI_LINT_VERSION }}
run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
- name: Install missspell ${{ env.MISSSPELL_VERSION }}
run: curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | sh -s -- -b $(go env GOPATH)/bin ${MISSSPELL_VERSION}
- name: Validate
run: make validate
validate-generate:
runs-on: ubuntu-20.04
defaults:
run:
working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
steps:
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}
- name: Check out code
uses: actions/checkout@v2
with:
path: go/src/github.com/traefik/traefik
fetch-depth: 0
- name: Cache Go modules
uses: actions/cache@v2
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-validate-generate-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-validate-generate-go-
- name: Installing dependencies
run: go install github.com/containous/go-bindata/go-bindata@v1.0.0
- name: go generate
run: |
go generate
git diff --exit-code
- name: go mod tidy
run: |
go mod tidy
git diff --exit-code
- name: make generate-crd
run: |
make generate-crd
git diff --exit-code

1
.gitignore vendored
View File

@@ -5,6 +5,7 @@
.DS_Store
/dist
/webui/.tmp/
/webui/static/
/site/
/docs/site/
/static/

7
.golangci.toml
View File

@@ -16,9 +16,6 @@
[linters-settings.gocyclo]
min-complexity = 14.0
[linters-settings.maligned]
suggest-new = true
[linters-settings.goconst]
min-len = 3.0
min-occurrences = 4.0
@@ -99,6 +96,10 @@
"godox", # Too strict
"forcetypeassert", # Too strict
"tagliatelle", # Not compatible with current tags.
"varnamelen", # not relevant
"nilnil", # not relevant
"ireturn", # not relevant
"contextcheck", # too many false-positive
]
[issues]

100
.semaphore/semaphore.yml Normal file
View File

@@ -0,0 +1,100 @@
version: v1.0
name: Traefik
agent:
machine:
type: e1-standard-4
os_image: ubuntu1804
fail_fast:
stop:
when: "branch != 'master'"
auto_cancel:
queued:
when: "branch != 'master'"
running:
when: "branch != 'master'"
global_job_config:
prologue:
commands:
- curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin"
- sudo semgo go1.17
- export "GOPATH=$(go env GOPATH)"
- export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}"
- export "PATH=${GOPATH}/bin:${PATH}"
- mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin"
- export GOPROXY=https://proxy.golang.org,direct
- curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.43.0
- curl -sfL https://install.goreleaser.com/github.com/goreleaser/goreleaser.sh | bash -s -- -b "${GOPATH}/bin"
- go install github.com/containous/go-bindata/go-bindata@v1.0.0
- checkout
- cache restore traefik-$(checksum go.sum)
blocks:
- name: Test Integration Container
dependencies: []
run:
when: "branch =~ '.*' OR pull_request =~'.*'"
task:
jobs:
- name: Test Integration Container
commands:
- make pull-images
- mkdir -p static # Avoid to generate webui
- PRE_TARGET="" make binary
- make test-integration-container
- df -h
epilogue:
always:
commands:
- cache store traefik-$(checksum go.sum) $HOME/go/pkg/mod
- name: Test Integration Host
dependencies: []
run:
when: "branch =~ '.*' OR pull_request =~'.*'"
task:
env_vars:
- name: PRE_TARGET
value: ""
jobs:
- name: Test Integration Host
commands:
- mkdir -p static # Avoid to generate webui
- make test-integration-host
epilogue:
always:
commands:
- cache store traefik-$(checksum go.sum) $HOME/go/pkg/mod
- name: Release
dependencies: []
run:
when: "tag =~ '.*'"
task:
agent:
machine:
type: e1-standard-8
os_image: ubuntu1804
secrets:
- name: traefik
env_vars:
- name: GH_VERSION
value: 1.12.1
- name: CODENAME
value: "livarot"
- name: PRE_TARGET
value: ""
prologue:
commands:
- export VERSION=${SEMAPHORE_GIT_TAG_NAME}
- curl -sSL -o /tmp/gh_${GH_VERSION}_linux_amd64.tar.gz https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_amd64.tar.gz
- tar -zxvf /tmp/gh_${GH_VERSION}_linux_amd64.tar.gz -C /tmp
- sudo mv /tmp/gh_${GH_VERSION}_linux_amd64/bin/gh /usr/local/bin/gh
jobs:
- name: Release
commands:
- make release-packages
- gh release create ${SEMAPHORE_GIT_TAG_NAME} ./dist/traefik*.* --repo traefik/traefik --title ${SEMAPHORE_GIT_TAG_NAME} --notes ${SEMAPHORE_GIT_TAG_NAME}
- ./script/deploy.sh

4
.semaphoreci/cleanup.sh
View File

@@ -1,4 +0,0 @@
#!/usr/bin/env bash
set -e
sudo rm -rf static

20
.semaphoreci/golang.sh
View File

@@ -1,20 +0,0 @@
#!/usr/bin/env bash
set -e
curl -O https://dl.google.com/go/go"${GO_VERSION}".linux-amd64.tar.gz
tar -xvf go"${GO_VERSION}".linux-amd64.tar.gz
rm -rf go"${GO_VERSION}".linux-amd64.tar.gz
sudo mkdir -p /usr/local/golang/"${GO_VERSION}"/go
sudo mv go /usr/local/golang/"${GO_VERSION}"/
sudo rm /usr/local/bin/go
sudo chmod +x /usr/local/golang/"${GO_VERSION}"/go/bin/go
sudo ln -s /usr/local/golang/"${GO_VERSION}"/go/bin/go /usr/local/bin/go
export GOROOT="/usr/local/golang/${GO_VERSION}/go"
export GOTOOLDIR="/usr/local/golang/${GO_VERSION}/go/pkg/tool/linux_amd64"
go version

6
.semaphoreci/job1.sh
View File

@@ -1,6 +0,0 @@
#!/usr/bin/env bash
set -e
if [ -n "$SHOULD_TEST" ]; then ci_retry make pull-images; fi
if [ -n "$SHOULD_TEST" ]; then ci_retry make test-integration; fi

8
.semaphoreci/job2.sh
View File

@@ -1,8 +0,0 @@
#!/usr/bin/env bash
set -e
ci_retry make validate
if [ -n "$SHOULD_TEST" ]; then ci_retry make test-unit; fi
if [ -n "$SHOULD_TEST" ]; then make -j"${N_MAKE_JOBS}" crossbinary-default-parallel; fi

35
.semaphoreci/setup.sh
View File

@@ -1,35 +0,0 @@
# For personnal CI
# mv /home/runner/workspace/src/github.com/<username>/ /home/runner/workspace/src/github.com/traefik/
# cd /home/runner/workspace/src/github.com/traefik/traefik/
for s in apache2 cassandra elasticsearch memcached mysql mongod postgresql sphinxsearch rethinkdb rabbitmq-server redis-server; do sudo service $s stop; done
sudo swapoff -a
sudo dd if=/dev/zero of=/swapfile bs=1M count=3072
sudo mkswap /swapfile
sudo swapon /swapfile
sudo rm -rf /home/runner/.rbenv
sudo rm -rf /usr/local/golang/{1.4.3,1.5.4,1.6.4,1.7.6,1.8.6,1.9.7,1.10.3,1.11}
#export DOCKER_VERSION=18.06.3
source .semaphoreci/vars
if [ -z "${PULL_REQUEST_NUMBER}" ]; then SHOULD_TEST="-*-"; else TEMP_STORAGE=$(curl --silent https://patch-diff.githubusercontent.com/raw/traefik/traefik/pull/${PULL_REQUEST_NUMBER}.diff | patch --dry-run -p1 -R || true); fi
echo ${SHOULD_TEST}
if [ -n "$TEMP_STORAGE" ]; then SHOULD_TEST=$(echo "$TEMP_STORAGE" | grep -Ev '(.md|.yaml|.yml)' || :); fi
echo ${TEMP_STORAGE}
echo ${SHOULD_TEST}
#if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq update; fi
#if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install docker-ce=${DOCKER_VERSION}*; fi
if [ -n "$SHOULD_TEST" ]; then docker version; fi
export GO_VERSION=1.13
if [ -f "./go.mod" ]; then GO_VERSION="$(grep '^go .*' go.mod | awk '{print $2}')"; export GO_VERSION; fi
#if [ "${GO_VERSION}" == '1.15' ]; then export GO_VERSION=1.15rc2; fi
echo "Selected Go version: ${GO_VERSION}"
if [ -f "./.semaphoreci/golang.sh" ]; then ./.semaphoreci/golang.sh; fi
if [ -f "./.semaphoreci/golang.sh" ]; then export GOROOT="/usr/local/golang/${GO_VERSION}/go"; fi
if [ -f "./.semaphoreci/golang.sh" ]; then export GOTOOLDIR="/usr/local/golang/${GO_VERSION}/go/pkg/tool/linux_amd64"; fi
go version
if [ -f "./go.mod" ]; then export GO111MODULE=on; fi
if [ -f "./go.mod" ]; then export GOPROXY=https://proxy.golang.org; fi
if [ -f "./go.mod" ]; then go mod download; fi
df

36
.semaphoreci/vars
View File

@@ -1,36 +0,0 @@
#!/usr/bin/env bash
set -e
export REPO='traefik/traefik'
if VERSION=$(git describe --exact-match --abbrev=0 --tags);
then
export VERSION
else
export VERSION=''
fi
export CODENAME=brie
export N_MAKE_JOBS=2
function ci_retry {
local NRETRY=3
local NSLEEP=5
local n=0
until [ $n -ge $NRETRY ]
do
"$@" && break
n=$((n+1))
echo "${*} failed, attempt ${n}/${NRETRY}"
sleep $NSLEEP
done
[ $n -lt $NRETRY ]
}
export -f ci_retry

49
.travis.yml
View File

@@ -1,49 +0,0 @@
sudo: required
dist: trusty
git:
depth: false
services:
- docker
env:
global:
- REPO=$TRAVIS_REPO_SLUG
- VERSION=$TRAVIS_TAG
- CODENAME=brie
- GO111MODULE=on
script:
- echo "Skipping tests... (Tests are executed on SemaphoreCI)"
before_deploy:
- >
if ! [ "$BEFORE_DEPLOY_RUN" ]; then
export BEFORE_DEPLOY_RUN=1;
sudo -E apt-get -yq update;
sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install docker-ce=${DOCKER_VERSION}*;
docker version;
echo "${DOCKERHUB_PASSWORD}" | docker login -u "${DOCKERHUB_USERNAME}" --password-stdin;
make build-image;
if [ "$TRAVIS_TAG" ]; then
make release-packages;
fi;
fi
deploy:
- provider: releases
api_key: ${GITHUB_TOKEN}
file: dist/traefik*
skip_cleanup: true
file_glob: true
on:
repo: traefik/traefik
tags: true
- provider: script
script: sh script/deploy.sh
skip_cleanup: true
on:
repo: traefik/traefik
tags: true

BIN
.travis/traefiker_rsa.enc
View File

Binary file not shown.

258
CHANGELOG.md
View File

@@ -1,3 +1,261 @@
## [v2.5.4](https://github.com/traefik/traefik/tree/v2.5.4) (2021-11-08)
[All Commits](https://github.com/traefik/traefik/compare/v2.5.3...v2.5.4)
**Bug fixes:**
- **[acme]** Update go-acme/lego to v4.5.0 ([#8481](https://github.com/traefik/traefik/pull/8481) by [ldez](https://github.com/ldez))
- **[k8s/crd,k8s]** fix: add missing RequireAnyClientCert value to TLSOption CRD ([#8464](https://github.com/traefik/traefik/pull/8464) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s/crd,k8s]** fix: normalize middleware names in ingress route config ([#8484](https://github.com/traefik/traefik/pull/8484) by [aaronraff](https://github.com/aaronraff))
- **[middleware,provider,tls]** fix: do not require a TLS client cert when InsecureSkipVerify is false ([#8525](https://github.com/traefik/traefik/pull/8525) by [kevinpollet](https://github.com/kevinpollet))
- **[middleware,tls]** fix: use host&#39;s root CA set if ClientTLS ca is not defined ([#8545](https://github.com/traefik/traefik/pull/8545) by [kevinpollet](https://github.com/kevinpollet))
- **[middleware]** fix: forward request Host to errors middleware service ([#8460](https://github.com/traefik/traefik/pull/8460) by [kevinpollet](https://github.com/kevinpollet))
- **[middleware]** fix: use EscapedPath as header value when RawPath is empty ([#8251](https://github.com/traefik/traefik/pull/8251) by [dtomcej](https://github.com/dtomcej))
- **[tcp,udp]** fix: TCP/UDP wrr when all servers have a weight set to 0 ([#8553](https://github.com/traefik/traefik/pull/8553) by [tomMoulard](https://github.com/tomMoulard))
- **[webui]** fix: bug parsing weighted service provider name ([#8522](https://github.com/traefik/traefik/pull/8522) by [cocoanton](https://github.com/cocoanton))
**Documentation:**
- **[acme]** docs: remove quotes in certificatesresolvers CLI examples ([#8544](https://github.com/traefik/traefik/pull/8544) by [rdxmb](https://github.com/rdxmb))
- **[k8s/ingress,k8s]** docs: clarify usage for cross provider references in Kubernetes ingress annotations ([#8536](https://github.com/traefik/traefik/pull/8536) by [rtribotte](https://github.com/rtribotte))
- **[k8s/ingress]** docs: networking.k8s.io/v1beta1 to networking.k8s.io/v1 ([#8523](https://github.com/traefik/traefik/pull/8523) by [pmareke](https://github.com/pmareke))
- **[k8s]** docs: replace links to French translation of k8s docs with English ones ([#8457](https://github.com/traefik/traefik/pull/8457) by [FoseFx](https://github.com/FoseFx))
- **[k8s]** docs: remove non-working kind config in IngressRouteTCP/UDP examples ([#8538](https://github.com/traefik/traefik/pull/8538) by [kevinpollet](https://github.com/kevinpollet))
- **[kv]** docs: fix typo in KV providers documentation ([#8477](https://github.com/traefik/traefik/pull/8477) by [rondoe](https://github.com/rondoe))
- **[metrics]** docs: fix typo in addRoutersLabels option title ([#8561](https://github.com/traefik/traefik/pull/8561) by [kevinpollet](https://github.com/kevinpollet))
- **[middleware]** fix: sourceCriterion documentation for InFlightReq and RateLimit middlewares ([#8524](https://github.com/traefik/traefik/pull/8524) by [pmareke](https://github.com/pmareke))
- **[middleware]** Mention escaping escape characters in YAML for regex usage ([#8496](https://github.com/traefik/traefik/pull/8496) by [JackMorganNZ](https://github.com/JackMorganNZ))
- **[rules]** docs: add named groups details to Regexp Syntax section ([#8559](https://github.com/traefik/traefik/pull/8559) by [kerrsmith](https://github.com/kerrsmith))
- **[tracing]** docs: reword tracing config descriptions to be consistent ([#8473](https://github.com/traefik/traefik/pull/8473) by [kevinpollet](https://github.com/kevinpollet))
- docs: remove link to microbadger.com ([#8555](https://github.com/traefik/traefik/pull/8555) by [CrispyBaguette](https://github.com/CrispyBaguette))
- docs: remove http scheme urls in documentation ([#8507](https://github.com/traefik/traefik/pull/8507) by [tomMoulard](https://github.com/tomMoulard))
- docs: update traefik image version ([#8533](https://github.com/traefik/traefik/pull/8533) by [tomMoulard](https://github.com/tomMoulard))
## [v2.5.3](https://github.com/traefik/traefik/tree/v2.5.3) (2021-09-20)
[All Commits](https://github.com/traefik/traefik/compare/v2.5.2...v2.5.3)
**Bug fixes:**
- **[consulcatalog]** Fix certChan defaulting on consul catalog provider ([#8439](https://github.com/traefik/traefik/pull/8439) by [tomMoulard](https://github.com/tomMoulard))
- **[k8s/crd,k8s]** Fix peerCertURI config for k8s crd provider ([#8454](https://github.com/traefik/traefik/pull/8454) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s/crd,k8s]** Ensure disableHTTP2 works with k8s crd ([#8448](https://github.com/traefik/traefik/pull/8448) by [ssboisen](https://github.com/ssboisen))
- **[k8s/crd,k8s]** Fix ServersTransport reference from IngressRoute service definition ([#8431](https://github.com/traefik/traefik/pull/8431) by [rtribotte](https://github.com/rtribotte))
- **[k8s/crd,k8s]** Add cross namespace verification in Kubernetes CRD ([#8422](https://github.com/traefik/traefik/pull/8422) by [tomMoulard](https://github.com/tomMoulard))
- **[metrics]** Fix Prometheus router&#39;s metrics ([#8425](https://github.com/traefik/traefik/pull/8425) by [tomMoulard](https://github.com/tomMoulard))
- **[plugins]** Update yaegi to v0.10.0 ([#8452](https://github.com/traefik/traefik/pull/8452) by [ldez](https://github.com/ldez))
**Documentation:**
- **[middleware,file]** Fix TCP middleware whitelist example ([#8421](https://github.com/traefik/traefik/pull/8421) by [tribal2](https://github.com/tribal2))
- **[middleware]** Add default proxy headers list ([#8418](https://github.com/traefik/traefik/pull/8418) by [aaronraff](https://github.com/aaronraff))
- Add Tom Moulard in maintainers team ([#8442](https://github.com/traefik/traefik/pull/8442) by [jbdoumenjou](https://github.com/jbdoumenjou))
- Fix golang doc URLs ([#8434](https://github.com/traefik/traefik/pull/8434) by [jbdoumenjou](https://github.com/jbdoumenjou))
## [v2.5.2](https://github.com/traefik/traefik/tree/v2.5.2) (2021-09-02)
[All Commits](https://github.com/traefik/traefik/compare/v2.5.1...v2.5.2)
**Bug fixes:**
- **[http3]** Upgrade github.com/lucas-clemente/quic-go to v0.23.0 ([#8413](https://github.com/traefik/traefik/pull/8413) by [sylr](https://github.com/sylr))
- **[middleware]** Fix empty body error for mirroring middleware ([#8381](https://github.com/traefik/traefik/pull/8381) by [antgubarev](https://github.com/antgubarev))
- **[tracing]** Bump go.elastic.co/apm version to v1.13.1 ([#8399](https://github.com/traefik/traefik/pull/8399) by [rtribotte](https://github.com/rtribotte))
- Update x/sys to support go 1.17 ([#8368](https://github.com/traefik/traefik/pull/8368) by [roopakv](https://github.com/roopakv))
- Bump Alpine docker image version from 3.11 to 3.14 for official Traefik images
**Documentation:**
- **[k8s/ingress,k8s]** Adds pathType for v1 ingresses examples ([#8392](https://github.com/traefik/traefik/pull/8392) by [rtribotte](https://github.com/rtribotte))
- Fix http scheme urls in documentation ([#8395](https://github.com/traefik/traefik/pull/8395) by [rtribotte](https://github.com/rtribotte))
## [v2.5.1](https://github.com/traefik/traefik/tree/v2.5.1) (2021-08-20)
[All Commits](https://github.com/traefik/traefik/compare/v2.5.0...v2.5.1)
**Bug fixes:**
- **[middleware,http3]** Conditional CloseNotify in header middleware ([#8374](https://github.com/traefik/traefik/pull/8374) by [juliens](https://github.com/juliens))
- **[tls,tcp,k8s/crd,k8s]** Makes ALPN protocols configurable ([#8383](https://github.com/traefik/traefik/pull/8383) by [rtribotte](https://github.com/rtribotte))
**Documentation:**
- **[k8s]** Adds MiddlewareTCP CRD documentation ([#8369](https://github.com/traefik/traefik/pull/8369) by [perosb](https://github.com/perosb))
- **[middleware]** Adds ContentType to middleware&#39;s overview table ([#8350](https://github.com/traefik/traefik/pull/8350) by [euidong](https://github.com/euidong))
## [v2.5.0](https://github.com/traefik/traefik/tree/v2.5.0) (2021-08-17)
[All Commits](https://github.com/traefik/traefik/compare/v2.4.0-rc1...v2.5.0)
**Enhancements:**
- **[consulcatalog]** Add Support for Consul Connect ([#7407](https://github.com/traefik/traefik/pull/7407) by [Gufran](https://github.com/Gufran))
- Update Go version ([#8355](https://github.com/traefik/traefik/pull/8355) by [mpl](https://github.com/mpl))
- **[file]** Update sprig to v3.2.0 ([#7746](https://github.com/traefik/traefik/pull/7746) by [sirlatrom](https://github.com/sirlatrom))
- **[healthcheck]** Healthcheck: add support at the load-balancers of services level ([#8057](https://github.com/traefik/traefik/pull/8057) by [mpl](https://github.com/mpl))
- **[http3]** Upgrade github.com/lucas-clemente/quic-go ([#8076](https://github.com/traefik/traefik/pull/8076) by [sylr](https://github.com/sylr))
- **[http3]** Add HTTP3 support (experimental) ([#7724](https://github.com/traefik/traefik/pull/7724) by [juliens](https://github.com/juliens))
- **[k8s,k8s/gatewayapi]** Add wildcard hostname rule to kubernetes gateway ([#7963](https://github.com/traefik/traefik/pull/7963) by [jberger](https://github.com/jberger))
- **[k8s,k8s/gatewayapi]** Add support for TCPRoute and TLSRoute ([#8054](https://github.com/traefik/traefik/pull/8054) by [tomMoulard](https://github.com/tomMoulard))
- **[k8s,k8s/gatewayapi]** Allow crossprovider service reference ([#7774](https://github.com/traefik/traefik/pull/7774) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[k8s/crd,k8s]** Add named port support to Kubernetes IngressRoute CRDs ([#7668](https://github.com/traefik/traefik/pull/7668) by [Cirrith](https://github.com/Cirrith))
- **[k8s/crd,k8s]** Improve kubernetes external name service support for UDP ([#7773](https://github.com/traefik/traefik/pull/7773) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s/crd,k8s]** Upgrade the CRD version from apiextensions.k8s.io/v1beta1 to apiextensions.k8s.io/v1 ([#7815](https://github.com/traefik/traefik/pull/7815) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[k8s/ingress,k8s/crd,k8s]** Ignore empty endpoint changes ([#7646](https://github.com/traefik/traefik/pull/7646) by [hensur](https://github.com/hensur))
- **[k8s/ingress,k8s]** Upgrade Ingress Handling to work with networkingv1/Ingress ([#7549](https://github.com/traefik/traefik/pull/7549) by [SantoDE](https://github.com/SantoDE))
- **[k8s/ingress,k8s]** Filter ingress class resources by name ([#7915](https://github.com/traefik/traefik/pull/7915) by [tomMoulard](https://github.com/tomMoulard))
- **[k8s/ingress,k8s]** Add k8s provider option to create services without endpoints ([#7593](https://github.com/traefik/traefik/pull/7593) by [Lucaber](https://github.com/Lucaber))
- **[k8s/ingress,k8s]** Upgrade IngressClass to use v1 over v1Beta on Kube 1.19+ ([#8089](https://github.com/traefik/traefik/pull/8089) by [SantoDE](https://github.com/SantoDE))
- **[k8s/ingress,k8s]** Add ServersTransport annotation to k8s ingress provider ([#8084](https://github.com/traefik/traefik/pull/8084) by [wdullaer](https://github.com/wdullaer))
- **[logs,middleware]** Add TLS version and cipher to the accessLog ([#7478](https://github.com/traefik/traefik/pull/7478) by [na4ma4](https://github.com/na4ma4))
- **[metrics]** Add TLS certs expiration metric ([#6924](https://github.com/traefik/traefik/pull/6924) by [sylr](https://github.com/sylr))
- **[metrics]** Allow to define datadogs metrics endpoint with env vars ([#7968](https://github.com/traefik/traefik/pull/7968) by [sylr](https://github.com/sylr))
- **[middleware,metrics]** Add router metrics ([#7510](https://github.com/traefik/traefik/pull/7510) by [jorge07](https://github.com/jorge07))
- **[middleware,tcp]** Add TCP Middlewares support ([#7813](https://github.com/traefik/traefik/pull/7813) by [rtribotte](https://github.com/rtribotte))
- **[middleware]** Removes headers middleware options ([#8161](https://github.com/traefik/traefik/pull/8161) by [tomMoulard](https://github.com/tomMoulard))
- **[middleware]** Headers: add `permissionsPolicy` and deprecate `featurePolicy` ([#8200](https://github.com/traefik/traefik/pull/8200) by [WLun001](https://github.com/WLun001))
- **[middleware]** Deprecates ssl redirect headers middleware options ([#8160](https://github.com/traefik/traefik/pull/8160) by [tomMoulard](https://github.com/tomMoulard))
- **[plugins]** Local private plugins. ([#8224](https://github.com/traefik/traefik/pull/8224) by [ldez](https://github.com/ldez))
- **[provider,plugins]** Add plugin&#39;s support for provider ([#7794](https://github.com/traefik/traefik/pull/7794) by [ldez](https://github.com/ldez))
- **[rules]** Support not in rules definition ([#8164](https://github.com/traefik/traefik/pull/8164) by [juliens](https://github.com/juliens))
- **[rules]** Add routing IP rule matcher ([#8169](https://github.com/traefik/traefik/pull/8169) by [tomMoulard](https://github.com/tomMoulard))
- **[server]** Improve host name resolution for TCP proxy ([#7971](https://github.com/traefik/traefik/pull/7971) by [H-M-H](https://github.com/H-M-H))
- **[server]** Add ability to disable HTTP/2 in dynamic config ([#7645](https://github.com/traefik/traefik/pull/7645) by [jcuzzi](https://github.com/jcuzzi))
- **[sticky-session]** Add a mechanism to format the sticky cookie value ([#8103](https://github.com/traefik/traefik/pull/8103) by [tomMoulard](https://github.com/tomMoulard))
- **[tls]** Mutualize TLS version and cipher code ([#7779](https://github.com/traefik/traefik/pull/7779) by [rtribotte](https://github.com/rtribotte))
- **[tls,k8s/crd,k8s]** Improve CA certificate loading from kubernetes secret ([#7789](https://github.com/traefik/traefik/pull/7789) by [rio](https://github.com/rio))
- **[tls]** Do not build a default certificate for ACME challenges store ([#7833](https://github.com/traefik/traefik/pull/7833) by [rkojedzinszky](https://github.com/rkojedzinszky))
- **[tracing]** Use Datadog tracer environment variables to setup default config ([#7721](https://github.com/traefik/traefik/pull/7721) by [GianOrtiz](https://github.com/GianOrtiz))
- **[tracing]** Update Elastic APM from 1.7.0 to 1.11.0 ([#8187](https://github.com/traefik/traefik/pull/8187) by [afitzek](https://github.com/afitzek))
- **[tracing]** Override jaeger configuration with env variables ([#8198](https://github.com/traefik/traefik/pull/8198) by [mmatur](https://github.com/mmatur))
- **[udp]** Add udp timeout configuration ([#6982](https://github.com/traefik/traefik/pull/6982) by [Lindenk](https://github.com/Lindenk))
**Bug fixes:**
- **[k8s,k8s/gatewayapi]** Update Gateway API version to v0.3.0 ([#8253](https://github.com/traefik/traefik/pull/8253) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[k8s]** Kubernetes: detect changes for resources other than endpoints ([#8313](https://github.com/traefik/traefik/pull/8313) by [rtribotte](https://github.com/rtribotte))
- **[middleware]** Library change for compress middleware to increase performance ([#8245](https://github.com/traefik/traefik/pull/8245) by [tomMoulard](https://github.com/tomMoulard))
- **[plugins]** Update yaegi to v0.9.21 ([#8285](https://github.com/traefik/traefik/pull/8285) by [ldez](https://github.com/ldez))
- **[plugins]** Downgrade yaegi to v0.9.19 ([#8282](https://github.com/traefik/traefik/pull/8282) by [ldez](https://github.com/ldez))
- **[webui]** Fix dashboard to display middleware details ([#8284](https://github.com/traefik/traefik/pull/8284) by [tomMoulard](https://github.com/tomMoulard))
- **[webui]** Fix dashboard title for TCP middlewares ([#8339](https://github.com/traefik/traefik/pull/8339) by [mschneider82](https://github.com/mschneider82))
- **[k8s]** Remove logging of changed object with cast ([#8128](https://github.com/traefik/traefik/pull/8128) by [hensur](https://github.com/hensur))
**Documentation:**
- Fix KV reference documentation ([#8280](https://github.com/traefik/traefik/pull/8280) by [rtribotte](https://github.com/rtribotte))
- Fix migration guide ([#8269](https://github.com/traefik/traefik/pull/8269) by [jbdoumenjou](https://github.com/jbdoumenjou))
- Update generated and reference doc for plugins ([#8236](https://github.com/traefik/traefik/pull/8236) by [tomMoulard](https://github.com/tomMoulard))
- **[k8s/crd]** Fix: regenerate crd ([#8114](https://github.com/traefik/traefik/pull/8114) by [tomMoulard](https://github.com/tomMoulard))
- **[k8s]** Clarify doc for ingressclass name in k8s 1.18+ ([#7944](https://github.com/traefik/traefik/pull/7944) by [tomMoulard](https://github.com/tomMoulard))
- Update documentation references ([#8202](https://github.com/traefik/traefik/pull/8202) by [rtribotte](https://github.com/rtribotte))
**Misc:**
- Merge current v2.4 into v2.5 ([#8333](https://github.com/traefik/traefik/pull/8333) by [jbdoumenjou](https://github.com/jbdoumenjou))
- Merge current v2.4 into v2.5 ([#8325](https://github.com/traefik/traefik/pull/8325) by [jbdoumenjou](https://github.com/jbdoumenjou))
- Merge current v2.4 into v2.5 ([#8314](https://github.com/traefik/traefik/pull/8314) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.4 into v2.5 ([#8296](https://github.com/traefik/traefik/pull/8296) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.4 into v2.5 ([#8287](https://github.com/traefik/traefik/pull/8287) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.4 into v2.5 ([#8281](https://github.com/traefik/traefik/pull/8281) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.4 into v2.5 ([#8263](https://github.com/traefik/traefik/pull/8263) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.4 into master ([#8232](https://github.com/traefik/traefik/pull/8232) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.4 into master ([#8210](https://github.com/traefik/traefik/pull/8210) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.4 into master ([#8105](https://github.com/traefik/traefik/pull/8105) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.4 into master ([#8087](https://github.com/traefik/traefik/pull/8087) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.4 into master ([#8068](https://github.com/traefik/traefik/pull/8068) by [jbdoumenjou](https://github.com/jbdoumenjou))
- Merge current v2.4 into master ([#8058](https://github.com/traefik/traefik/pull/8058) by [jbdoumenjou](https://github.com/jbdoumenjou))
- Merge current v2.4 into master ([#8024](https://github.com/traefik/traefik/pull/8024) by [jbdoumenjou](https://github.com/jbdoumenjou))
- Merge current v2.4 into master ([#7969](https://github.com/traefik/traefik/pull/7969) by [jbdoumenjou](https://github.com/jbdoumenjou))
- Merge current v2.4 into master ([#7921](https://github.com/traefik/traefik/pull/7921) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.4 into master ([#7901](https://github.com/traefik/traefik/pull/7901) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.4 into master ([#7859](https://github.com/traefik/traefik/pull/7859) by [jbdoumenjou](https://github.com/jbdoumenjou))
- Merge current v2.4 into master ([#7795](https://github.com/traefik/traefik/pull/7795) by [kevinpollet](https://github.com/kevinpollet))
- Merge current v2.4 into master ([#8221](https://github.com/traefik/traefik/pull/8221) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.4 into master ([#7781](https://github.com/traefik/traefik/pull/7781) by [kevinpollet](https://github.com/kevinpollet))
- Merge current v2.4 into master ([#7766](https://github.com/traefik/traefik/pull/7766) by [ldez](https://github.com/ldez))
- Merge current v2.4 into master ([#7761](https://github.com/traefik/traefik/pull/7761) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.4 into master ([#7748](https://github.com/traefik/traefik/pull/7748) by [kevinpollet](https://github.com/kevinpollet))
- Merge current v2.4 into master ([#7728](https://github.com/traefik/traefik/pull/7728) by [mmatur](https://github.com/mmatur))
## [v2.4.14](https://github.com/traefik/traefik/tree/v2.4.14) (2021-08-16)
[All Commits](https://github.com/traefik/traefik/compare/v2.4.13...v2.4.14)
**Bug fixes:**
- **[k8s/crd,k8s]** Avoid unauthorized middleware cross namespace reference ([#8322](https://github.com/traefik/traefik/pull/8322) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[kv]** Remove unwanted trailing slash in key ([#8335](https://github.com/traefik/traefik/pull/8335) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[middleware]** Redirect: fix comparison when explicit port request and implicit redirect port ([#8348](https://github.com/traefik/traefik/pull/8348) by [tcolgate](https://github.com/tcolgate))
**Documentation:**
- **[kv]** Fix a router&#39;s entryPoint definition example for KV provider ([#8357](https://github.com/traefik/traefik/pull/8357) by [avtion](https://github.com/avtion))
## [v2.5.0-rc6](https://github.com/traefik/traefik/tree/v2.5.0-rc6) (2021-08-13)
[All Commits](https://github.com/traefik/traefik/compare/v2.5.0-rc5...v2.5.0-rc6)
**Enhancements:**
- Update Go version ([#8355](https://github.com/traefik/traefik/pull/8355) by [mpl](https://github.com/mpl))
**Misc:**
- Merge current v2.4 into v2.5 ([#8333](https://github.com/traefik/traefik/pull/8333) by [jbdoumenjou](https://github.com/jbdoumenjou))
## [v2.5.0-rc5](https://github.com/traefik/traefik/tree/v2.5.0-rc5) (2021-08-03)
[All Commits](https://github.com/traefik/traefik/compare/v2.5.0-rc3...v2.5.0-rc5)
**Bug fixes:**
- **[k8s]** Kubernetes: detect changes for resources other than endpoints ([#8313](https://github.com/traefik/traefik/pull/8313) by [rtribotte](https://github.com/rtribotte))
**Misc:**
- Merge current v2.4 into v2.5 ([#8325](https://github.com/traefik/traefik/pull/8325) by [jbdoumenjou](https://github.com/jbdoumenjou))
- Merge current v2.4 into v2.5 ([#8314](https://github.com/traefik/traefik/pull/8314) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.4 into v2.5 ([#8296](https://github.com/traefik/traefik/pull/8296) by [tomMoulard](https://github.com/tomMoulard))
## [v2.5.0-rc4](https://github.com/traefik/traefik/tree/v2.5.0-rc4) (2021-08-03)
Release canceled.
## [v2.4.13](https://github.com/traefik/traefik/tree/v2.4.13) (2021-07-30)
[All Commits](https://github.com/traefik/traefik/compare/v2.4.12...v2.4.13)
**Bug fixes:**
- **[authentication,middleware]** Remove hop-by-hop headers defined in connection header before some middleware ([#8319](https://github.com/traefik/traefik/pull/8319) by [ldez](https://github.com/ldez))
## [v2.4.12](https://github.com/traefik/traefik/tree/v2.4.12) (2021-07-26)
[All Commits](https://github.com/traefik/traefik/compare/v2.4.11...v2.4.12)
**Bug fixes:**
- **[k8s,k8s/ingress]** Get Kubernetes server version early ([#8286](https://github.com/traefik/traefik/pull/8286) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/ingress]** Don&#39;t remove ingress config on API call failure ([#8185](https://github.com/traefik/traefik/pull/8185) by [dtomcej](https://github.com/dtomcej))
- **[middleware]** Ratelimiter: use correct ttlSeconds value, and always call Set ([#8254](https://github.com/traefik/traefik/pull/8254) by [mpl](https://github.com/mpl))
- **[tls]** Check if defaultcertificate is defined in store ([#8274](https://github.com/traefik/traefik/pull/8274) by [dtomcej](https://github.com/dtomcej))
## [v2.5.0-rc3](https://github.com/traefik/traefik/tree/v2.5.0-rc3) (2021-07-20)
[All Commits](https://github.com/traefik/traefik/compare/v2.5.0-rc2...v2.5.0-rc3)
**Enhancements:**
- **[consulcatalog]** Add Support for Consul Connect ([#7407](https://github.com/traefik/traefik/pull/7407) by [Gufran](https://github.com/Gufran))
**Bug fixes:**
- **[k8s,k8s/gatewayapi]** Update Gateway API version to v0.3.0 ([#8253](https://github.com/traefik/traefik/pull/8253) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[middleware]** Library change for compress middleware to increase performance ([#8245](https://github.com/traefik/traefik/pull/8245) by [tomMoulard](https://github.com/tomMoulard))
- **[plugins]** Update yaegi to v0.9.21 ([#8285](https://github.com/traefik/traefik/pull/8285) by [ldez](https://github.com/ldez))
- **[plugins]** Downgrade yaegi to v0.9.19 ([#8282](https://github.com/traefik/traefik/pull/8282) by [ldez](https://github.com/ldez))
- **[webui]** Fix dashboard to display middleware details ([#8284](https://github.com/traefik/traefik/pull/8284) by [tomMoulard](https://github.com/tomMoulard))
**Documentation:**
- Fix KV reference documentation ([#8280](https://github.com/traefik/traefik/pull/8280) by [rtribotte](https://github.com/rtribotte))
- Fix migration guide ([#8269](https://github.com/traefik/traefik/pull/8269) by [jbdoumenjou](https://github.com/jbdoumenjou))
- Update generated and reference doc for plugins ([#8236](https://github.com/traefik/traefik/pull/8236) by [tomMoulard](https://github.com/tomMoulard))
**Misc:**
- Merge current v2.4 into v2.5 ([#8263](https://github.com/traefik/traefik/pull/8263) by [rtribotte](https://github.com/rtribotte))
## [v2.4.11](https://github.com/traefik/traefik/tree/v2.4.11) (2021-07-15)
[All Commits](https://github.com/traefik/traefik/compare/v2.4.9...v2.4.11)
**Bug fixes:**
- **[k8s,k8s/crd,k8s/ingress]** Disable ExternalName Services by default on Kubernetes providers ([#8261](https://github.com/traefik/traefik/pull/8261) by [dtomcej](https://github.com/dtomcej))
- **[k8s,k8s/crd,k8s/ingress]** Fix: malformed Kubernetes resource names and references in tests ([#8226](https://github.com/traefik/traefik/pull/8226) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/crd]** Disable Cross-Namespace by default for IngressRoute provider ([#8260](https://github.com/traefik/traefik/pull/8260) by [dtomcej](https://github.com/dtomcej))
- **[logs,middleware]** Accesslog: support multiple values for a given header ([#8258](https://github.com/traefik/traefik/pull/8258) by [ldez](https://github.com/ldez))
- **[logs]** Ignore http 1.0 request host missing errors ([#8252](https://github.com/traefik/traefik/pull/8252) by [dtomcej](https://github.com/dtomcej))
- **[middleware]** Headers Middleware: support http.CloseNotifier interface ([#8238](https://github.com/traefik/traefik/pull/8238) by [dtomcej](https://github.com/dtomcej))
- **[tls]** Detect certificates content modifications ([#8243](https://github.com/traefik/traefik/pull/8243) by [jbdoumenjou](https://github.com/jbdoumenjou))
**Documentation:**
- **[middleware,k8s]** Fix invalid subdomain ([#8212](https://github.com/traefik/traefik/pull/8212) by [WLun001](https://github.com/WLun001))
- Add the list of available provider names ([#8225](https://github.com/traefik/traefik/pull/8225) by [WLun001](https://github.com/WLun001))
- Fix maintainers-guidelines page title ([#8216](https://github.com/traefik/traefik/pull/8216) by [kubopanda](https://github.com/kubopanda))
- Typos in contributing section ([#8215](https://github.com/traefik/traefik/pull/8215) by [kubopanda](https://github.com/kubopanda))
## [v2.4.10](https://github.com/traefik/traefik/tree/v2.4.10) (2021-07-13)
[All Commits](https://github.com/traefik/traefik/compare/v2.4.9...v2.4.10)
Release canceled.
## [v2.5.0-rc2](https://github.com/traefik/traefik/tree/v2.5.0-rc2) (2021-06-28)
[All Commits](https://github.com/traefik/traefik/compare/v2.4.0-rc1...v2.5.0-rc2)

27
Makefile
View File

@@ -58,8 +58,9 @@ build-webui-image:
docker build -t traefik-webui --build-arg ARG_PLATFORM_URL=$(PLATFORM_URL) -f webui/Dockerfile webui
## Generate WebUI
generate-webui: build-webui-image
generate-webui:
if [ ! -d "static" ]; then \
$(MAKE) build-webui-image; \
mkdir -p static; \
docker run --rm -v "$$PWD/static":'/src/static' traefik-webui npm run build:nc; \
docker run --rm -v "$$PWD/static":'/src/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ../static; \
@@ -92,8 +93,16 @@ pull-images:
grep --no-filename -E '^\s+image:' ./integration/resources/compose/*.yml | awk '{print $$2}' | sort | uniq | xargs -P 6 -n 1 docker pull
## Run the integration tests
test-integration: $(PRE_TARGET)
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK),TEST_CONTAINER=1) ./script/make.sh generate binary test-integration
test-integration: $(PRE_TARGET) binary
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK),TEST_CONTAINER=1) ./script/make.sh test-integration
TEST_HOST=1 ./script/make.sh test-integration
## Run the container integration tests
test-integration-container: $(PRE_TARGET) binary
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK),TEST_CONTAINER=1) ./script/make.sh test-integration
## Run the host integration tests
test-integration-host: $(PRE_TARGET) binary
TEST_HOST=1 ./script/make.sh test-integration
## Validate code and docs
@@ -131,26 +140,26 @@ docs-serve:
docs-pull-images:
make -C ./docs docs-pull-images
## Generate CRD clientset
## Generate CRD clientset and CRD manifests
generate-crd:
./script/update-generated-crd-code.sh
@$(CURDIR)/script/code-gen.sh
## Generate code from dynamic configuration https://github.com/traefik/genconf
generate-genconf:
go run ./cmd/internal/gen/
## Create packages for the release
release-packages: generate-webui build-dev-image
release-packages: generate-webui $(PRE_TARGET)
rm -rf dist
$(DOCKER_RUN_TRAEFIK_NOTTY) goreleaser release --skip-publish --timeout="90m"
$(DOCKER_RUN_TRAEFIK_NOTTY) tar cfz dist/traefik-${VERSION}.src.tar.gz \
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK_NOTTY)) goreleaser release --skip-publish --timeout="90m"
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK_NOTTY)) tar cfz dist/traefik-${VERSION}.src.tar.gz \
--exclude-vcs \
--exclude .idea \
--exclude .travis \
--exclude .semaphoreci \
--exclude .github \
--exclude dist .
$(DOCKER_RUN_TRAEFIK_NOTTY) chown -R $(shell id -u):$(shell id -g) dist/
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK_NOTTY)) chown -R $(shell id -u):$(shell id -g) dist/
## Format the Code
fmt:

2
README.md
View File

@@ -63,7 +63,7 @@ _(But if you'd rather configure some of your routes manually, Traefik supports t
- Keeps access logs (JSON, CLF)
- Fast
- Exposes a Rest API
- Packaged as a single binary file (made with :heart: with go) and available as a [tiny](https://microbadger.com/images/traefik) [official](https://hub.docker.com/r/_/traefik/) docker image
- Packaged as a single binary file (made with :heart: with go) and available as an [official](https://hub.docker.com/r/_/traefik/) docker image
## Supported Backends

2
SECURITY.md
View File

@@ -1,6 +1,6 @@
# Security Policy
We strongly advise you to register your Traefik instances to [Pilot](http://pilot.traefik.io) to be notified of security advisories that apply to your Traefik version.
We strongly advise you to register your Traefik instances to [Pilot](https://pilot.traefik.io) to be notified of security advisories that apply to your Traefik version.
You can also join our security mailing list to be aware of the latest announcements from our security team.
You can subscribe sending a mail to security+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/security).

4
build.Dockerfile
View File

@@ -1,4 +1,4 @@
FROM golang:1.16-alpine
FROM golang:1.17-alpine
RUN apk --update upgrade \
&& apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
@@ -19,7 +19,7 @@ RUN mkdir -p /usr/local/bin \
&& chmod +x /usr/local/bin/go-bindata
# Download golangci-lint binary to bin folder in $GOPATH
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.41.1
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.43.0
# Download misspell binary to bin folder in $GOPATH
RUN curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.3.4

36
cmd/internal/gen/centrifuge.go
View File

@@ -12,6 +12,7 @@ import (
"os"
"path"
"path/filepath"
"reflect"
"sort"
"strings"
@@ -183,15 +184,15 @@ func (c Centrifuge) writeStruct(name string, obj *types.Struct, rootPkg string,
continue
}
values, ok := lookupTagValue(obj.Tag(i), "json")
if len(values) > 0 && values[0] == "-" {
continue
}
b.WriteString(fmt.Sprintf("\t%s %s", field.Name(), fType))
tags := obj.Tag(i)
if tags != "" {
tg := extractJSONTag(tags)
if tg != `json:"-"` {
b.WriteString(fmt.Sprintf(" `%s`", tg))
}
if ok {
b.WriteString(fmt.Sprintf(" `json:\"%s\"`", strings.Join(values, ",")))
}
b.WriteString("\n")
@@ -202,16 +203,19 @@ func (c Centrifuge) writeStruct(name string, obj *types.Struct, rootPkg string,
return b.String()
}
func extractJSONTag(value string) string {
fields := strings.Fields(value)
for _, field := range fields {
if strings.HasPrefix(field, `json:"`) {
return field
}
func lookupTagValue(raw, key string) ([]string, bool) {
value, ok := reflect.StructTag(raw).Lookup(key)
if !ok {
return nil, ok
}
return ""
values := strings.Split(value, ",")
if len(values) < 1 {
return nil, true
}
return values, true
}
func extractPackage(t types.Type) string {
@@ -254,7 +258,7 @@ type fileWriter struct {
}
func (f fileWriter) Write(files map[string]*File) error {
err := os.MkdirAll(f.baseDir, 0755)
err := os.MkdirAll(f.baseDir, 0o755)
if err != nil {
return err
}

4
cmd/internal/gen/main.go
View File

@@ -4,8 +4,8 @@ import (
"fmt"
"go/build"
"go/types"
"io/ioutil"
"log"
"os"
"path"
"path/filepath"
"strings"
@@ -83,7 +83,7 @@ func run(dest string) error {
return err
}
return ioutil.WriteFile(filepath.Join(dest, "marshaler.go"), []byte(fmt.Sprintf(marsh, destPkg)), 0666)
return os.WriteFile(filepath.Join(dest, "marshaler.go"), []byte(fmt.Sprintf(marsh, destPkg)), 0o666)
}
func cleanType(typ types.Type, base string) string {

2
docs/check.Dockerfile
View File

@@ -1,5 +1,5 @@
FROM alpine:3.13 as alpine
FROM alpine:3.14 as alpine
RUN apk --no-cache --no-progress add \
libcurl \

2
docs/content/contributing/documentation.md
View File

@@ -29,7 +29,7 @@ docker run --rm -v /home/user/go/github/traefik/traefik:/mkdocs -p 8000:8000 tr
!!! tip "Default URL"
Your local documentation server will run by default on [http://127.0.0.1:8000](http://127.0.0.1:8000).
Your local documentation server will run by default on <http://127.0.0.1:8000>.
If you only want to build the documentation without serving it locally, you can use the following command:

1
docs/content/contributing/maintainers.md
View File

@@ -19,6 +19,7 @@
* Romain Tribotté [@rtribotte](https://github.com/rtribotte)
* Kevin Pollet [@kevinpollet](https://github.com/kevinpollet)
* Harold Ozouf [@jspdown](https://github.com/jspdown)
* Tom Moulard [@tommoulard](https://github.com/tommoulard)
## Maintainer's Guidelines

28
docs/content/getting-started/faq.md
View File

@@ -124,3 +124,31 @@ http:
If there is a need for a response code other than a `503` and/or a custom message,
the principle of the above example above (a catchall router) still stands,
but the `unavailable` service should be adapted to fit such a need.
## Why Is My TLS Certificate Not Reloaded When Its Contents Change?
With the file provider,
a configuration update is only triggered when one of the [watched](../providers/file.md#provider-configuration) configuration files is modified.
Which is why, when a certificate is defined by path,
and the actual contents of this certificate change,
a configuration update is _not_ triggered.
To take into account the new certificate contents, the update of the dynamic configuration must be forced.
One way to achieve that, is to trigger a file notification,
for example, by using the `touch` command on the configuration file.
## What Are the Forwarded Headers When Proxying HTTP Requests?
By default, the following headers are automatically added when proxying requests:
| Property | HTTP Header |
|---------------------------|----------------------------|
| Client's IP | X-Forwarded-For, X-Real-Ip |
| Host | X-Forwarded-Host |
| Port | X-Forwarded-Port |
| Protocol | X-Forwarded-Proto |
| Proxy Server's Hostname | X-Forwarded-Server |
For more details,
please check out the [forwarded header](../routing/entrypoints.md#forwarded-headers) documentation.

10
docs/content/getting-started/install-traefik.md
View File

@@ -11,8 +11,8 @@ You can install Traefik with the following flavors:
Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file:
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.4/traefik.sample.yml)
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.4/traefik.sample.toml)
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.5/traefik.sample.yml)
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.5/traefik.sample.toml)
```bash
docker run -d -p 8080:8080 -p 80:80 \
@@ -24,7 +24,7 @@ For more details, go to the [Docker provider documentation](../providers/docker.
!!! tip
* Prefer a fixed version than the latest that could be an unexpected version.
ex: `traefik:v2.1.4`
ex: `traefik:v2.5`
* Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine).
* Any orchestrator using docker images can fetch the official Traefik docker image.
@@ -101,13 +101,13 @@ helm install traefik traefik/traefik
This HelmChart does not expose the Traefik dashboard by default, for security concerns.
Thus, there are multiple ways to expose the dashboard.
For instance, the dashboard access could be achieved through a port-forward :
For instance, the dashboard access could be achieved through a port-forward:
```shell
kubectl port-forward $(kubectl get pods --selector "app.kubernetes.io/name=traefik" --output=name) 9000:9000
```
Accessible with the url: http://127.0.0.1:9000/dashboard/
It can then be reached at: `http://127.0.0.1:9000/dashboard/`
Another way would be to apply your own configuration, for instance,
by defining and applying an IngressRoute CRD (`kubectl apply -f dashboard.yaml`):

6
docs/content/getting-started/quick-start.md
View File

@@ -36,7 +36,7 @@ Start your `reverse-proxy` with the following command:
docker-compose up -d reverse-proxy
```
You can open a browser and go to [http://localhost:8080/api/rawdata](http://localhost:8080/api/rawdata) to see Traefik's API rawdata (we'll go back there once we have launched a service in step 2).
You can open a browser and go to `http://localhost:8080/api/rawdata` to see Traefik's API rawdata (we'll go back there once we have launched a service in step 2).
## Traefik Detects New Services and Creates the Route for You
@@ -61,7 +61,7 @@ Start the `whoami` service with the following command:
docker-compose up -d whoami
```
Go back to your browser ([http://localhost:8080/api/rawdata](http://localhost:8080/api/rawdata)) and see that Traefik has automatically detected the new container and updated its own configuration.
Go back to your browser (`http://localhost:8080/api/rawdata`) and see that Traefik has automatically detected the new container and updated its own configuration.
When Traefik detects new services, it creates the corresponding routes so you can call them ... _let's see!_ (Here, we're using curl)
@@ -85,7 +85,7 @@ Run more instances of your `whoami` service with the following command:
docker-compose up -d --scale whoami=2
```
Go back to your browser ([http://localhost:8080/api/rawdata](http://localhost:8080/api/rawdata)) and see that Traefik has automatically detected the new instance of the container.
Go back to your browser (`http://localhost:8080/api/rawdata`) and see that Traefik has automatically detected the new instance of the container.
Finally, see that Traefik load-balances between the two instances of your service by running the following command twice:

30
docs/content/https/acme.md
View File

@@ -284,6 +284,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
|-------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|
| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) |
| [Alibaba Cloud](https://www.alibabacloud.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/alidns) |
| [all-inkl](https://all-inkl.com) | `allinkl` | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl) |
| [ArvanCloud](https://www.arvancloud.com/en) | `arvancloud` | `ARVANCLOUD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud) |
| [Auroradns](https://www.pcextreme.com/dns-health-checks) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns) |
| [Autodns](https://www.internetx.com/domains/autodns/) | `autodns` | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/autodns) |
@@ -292,15 +293,15 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat) |
| [Checkdomain](https://www.checkdomain.de/) | `checkdomain` | `CHECKDOMAIN_TOKEN`, | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/) |
| [CloudDNS](https://vshosting.eu/) | `clouddns` | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns) |
| [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns) |
| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare) |
| [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns) |
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns) |
| [ConoHa](https://www.conoha.jp) | `conoha` | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/conoha) |
| [Constellix](https://constellix.com) | `constellix` | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/constellix) |
| [deSEC](https://desec.io) | `desec` | `DESEC_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/desec) |
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) |
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple) |
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy) |
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple) |
| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod) |
| [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/dode) |
| [Domeneshop](https://domene.shop) | `domeneshop` | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop) |
@@ -310,21 +311,25 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [Dynu](https://www.dynu.com) | `dynu` | `DYNU_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dynu) |
| [EasyDNS](https://easydns.com/) | `easydns` | `EASYDNS_TOKEN`, `EASYDNS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/easydns) |
| [EdgeDNS](https://www.akamai.com/) | `edgedns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
| External Program | `exec` | `EXEC_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/exec) |
| [Epik](https://www.epik.com) | `epik` | `EPIK_SIGNATURE` | [Additional configuration](https://go-acme.github.io/lego/dns/epik) |
| [Exoscale](https://www.exoscale.com) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale) |
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
| [Freemyip.com](https://freemyip.com) | `freemyip` | `FREEMYIP_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip) |
| [G-Core Lab](https://gcorelabs.com/dns/) | `gcore` | `GCORE_PERMANENT_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/gcore) |
| [Gandi v5](https://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandi) |
| [Gandi v5](http://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | [Additional configuration](https://go-acme.github.io/lego/dns/glesys) |
| [GoDaddy](https://godaddy.com/) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy) |
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud) |
| [Hetzner](https://hetzner.com) | `hetzner` | `HETZNER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner) |
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) |
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
| [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) |
| [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) |
| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/) | `ibmcloud` | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud) |
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) |
| [Infoblox](https://www.infoblox.com/) | `infoblox` | `INFOBLOX_USER`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox) |
| [Infomaniak](https://www.infomaniak.com) | `infomaniak` | `INFOMANIAK_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak) |
| [Internet.bs](https://internetbs.net) | `internetbs` | `INTERNET_BS_API_KEY`, `INTERNET_BS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/internetbs) |
| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/inwx) |
| [ionos](https://ionos.com/) | `ionos` | `IONOS_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ionos) |
| [Joker.com](https://joker.com) | `joker` | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/joker) |
@@ -333,28 +338,28 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [Liquid Web](https://www.liquidweb.com/) | `liquidweb` | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb) |
| [Loopia](https://loopia.com/) | `loopia` | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER` | [Additional configuration](https://go-acme.github.io/lego/dns/loopia) |
| [LuaDNS](https://luadns.com) | `luadns` | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/luadns) |
| manual | `manual` | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>. | |
| [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp) |
| [Mythic Beasts](https://www.mythic-beasts.com) | `mythicbeasts` | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts) |
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap) |
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom) |
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap) |
| [Namesilo](https://www.namesilo.com/) | `namesilo` | `NAMESILO_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo) |
| [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/netcup) |
| [Netlify](https://www.netlify.com) | `netlify` | `NETLIFY_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/netlify) |
| [Nicmanager](https://www.nicmanager.com) | `nicmanager` | `NICMANAGER_API_EMAIL`, `NICMANAGER_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/nicmanager) |
| [NIFCloud](https://cloud.nifty.com/service/dns.htm) | `nifcloud` | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud) |
| [Njalla](https://njal.la) | `njalla` | `NJALLA_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/njalla) |
| [NS1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ns1) |
| [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/otc) |
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) |
| [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) |
| [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) |
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) |
| [Porkbun](https://porkbun.com/) | `porkbun` | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun) |
| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/pdns) |
| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace) |
| [reg.ru](https://www.reg.ru) | `regru` | `REGRU_USERNAME`, `REGRU_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/regru) |
| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136) |
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | [Additional configuration](https://go-acme.github.io/lego/dns/route53) |
| [RimuHosting](https://rimuhosting.com) | `rimuhosting` | `RIMUHOSTING_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting) |
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | [Additional configuration](https://go-acme.github.io/lego/dns/route53) |
| [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud) |
| [Scaleway](https://www.scaleway.com) | `scaleway` | `SCALEWAY_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway) |
| [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) |
@@ -372,6 +377,9 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [Yandex](https://yandex.com) | `yandex` | `YANDEX_PDD_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex) |
| [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee) |
| [Zonomi](https://zonomi.com) | `zonomi` | `ZONOMI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi) |
| External Program | `exec` | `EXEC_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/exec) |
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
| manual | `manual` | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>. | |
[^1]: more information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/)
[^2]: [providing_credentials_to_your_application](https://cloud.google.com/docs/authentication/production)
@@ -552,7 +560,7 @@ certificatesResolvers:
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.preferredChain="ISRG Root X1"
--certificatesresolvers.myresolver.acme.preferredChain=ISRG Root X1
# ...
```
@@ -580,7 +588,7 @@ certificatesResolvers:
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.keyType="RSA4096"
--certificatesresolvers.myresolver.acme.keyType=RSA4096
# ...
```

41
docs/content/https/tls.md
View File

@@ -399,6 +399,47 @@ spec:
preferServerCipherSuites: true
```
### ALPN Protocols
_Optional, Default="h2, http/1.1, acme-tls/1"_
This option allows to specify the list of supported application level protocols for the TLS handshake,
in order of preference.
If the client supports ALPN, the selected protocol will be one from this list,
and the connection will fail if there is no mutually supported protocol.
```yaml tab="File (YAML)"
# Dynamic configuration
tls:
options:
default:
alpnProtocols:
- http/1.1
- h2
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
alpnProtocols = ["http/1.1", "h2"]
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: default
namespace: default
spec:
alpnProtocols:
- http/1.1
- h2
```
### Client Authentication (mTLS)
Traefik supports mutual authentication, through the `clientAuth` section.

6
docs/content/middlewares/http/errorpages.md
View File

@@ -8,6 +8,7 @@ It Has Never Been Easier to Say That Something Went Wrong
The ErrorPage middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
!!! important
The error page itself is _not_ hosted by Traefik.
## Configuration Examples
@@ -112,6 +113,11 @@ The service that will serve the new requested error page.
In Kubernetes, you need to reference a Kubernetes Service instead of a Traefik service.
!!! info "Host Header"
By default, the client `Host` header value is forwarded to the configured error [service](#service).
To forward the `Host` value corresponding to the configured error service URL, the [passHostHeader](../../../routing/services/#pass-host-header) option must be set to `false`.
### `query`
The URL for the error page (hosted by `service`). You can use the `{status}` variable in the `query` option in order to insert the status code in the URL.

9
docs/content/middlewares/http/forwardauth.md
View File

@@ -284,6 +284,12 @@ http:
authResponseHeadersRegex = "^X-"
```
!!! tip
Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
When defining a regular expression within YAML, any escaped character needs to be escaped twice: `example\.com` needs to be written as `example\\.com`.
### `authRequestHeaders`
The `authRequestHeaders` option is the list of the headers to copy from the request to the authentication server.
@@ -347,7 +353,8 @@ The `tls` option is the TLS configuration from Traefik to the authentication ser
#### `tls.ca`
Certificate Authority used for the secured connection to the authentication server.
Certificate Authority used for the secured connection to the authentication server,
defaults to the system bundle.
```yaml tab="Docker"
labels:

6
docs/content/middlewares/http/headers.md
View File

@@ -7,6 +7,8 @@ Managing Request/Response headers
The Headers middleware manages the headers of requests and responses.
A set of forwarded headers are automatically added by default. See the [FAQ](../../getting-started/faq.md#what-are-the-forwarded-headers-when-proxying-http-requests) for more information.
## Configuration Examples
### Adding Headers to the Request and the Response
@@ -331,7 +333,9 @@ It allows all origins that contain any match of a regular expression in the `acc
!!! tip
Regular expressions can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
When defining a regular expression within YAML, any escaped character needs to be escaped twice: `example\.com` needs to be written as `example\\.com`.
### `accessControlExposeHeaders`

2
docs/content/middlewares/http/inflightreq.md
View File

@@ -115,7 +115,7 @@ http:
### `sourceCriterion`
The `sourceCriterion` option defines what criterion is used to group requests as originating from a common source.
The precedence order is `ipStrategy`, then `requestHeaderName`, then `requestHost`.
If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the `requestHost`.
#### `sourceCriterion.ipStrategy`

39
docs/content/middlewares/http/overview.md
View File

@@ -126,24 +126,25 @@ http:
| Middleware | Purpose | Area |
|-------------------------------------------|---------------------------------------------------|-----------------------------|
| [AddPrefix](addprefix.md) | Add a Path Prefix | Path Modifier |
| [BasicAuth](basicauth.md) | Basic auth mechanism | Security, Authentication |
| [AddPrefix](addprefix.md) | Adds a Path Prefix | Path Modifier |
| [BasicAuth](basicauth.md) | Adds Basic Authentication | Security, Authentication |
| [Buffering](buffering.md) | Buffers the request/response | Request Lifecycle |
| [Chain](chain.md) | Combine multiple pieces of middleware | Middleware tool |
| [CircuitBreaker](circuitbreaker.md) | Stop calling unhealthy services | Request Lifecycle |
| [Compress](compress.md) | Compress the response | Content Modifier |
| [Chain](chain.md) | Combines multiple pieces of middleware | Misc |
| [CircuitBreaker](circuitbreaker.md) | Prevents calling unhealthy services | Request Lifecycle |
| [Compress](compress.md) | Compresses the response | Content Modifier |
| [ContentType](contenttype.md) | Handles Content-Type auto-detection | Misc |
| [DigestAuth](digestauth.md) | Adds Digest Authentication | Security, Authentication |
| [Errors](errorpages.md) | Define custom error pages | Request Lifecycle |
| [ForwardAuth](forwardauth.md) | Authentication delegation | Security, Authentication |
| [Headers](headers.md) | Add / Update headers | Security |
| [IPWhiteList](ipwhitelist.md) | Limit the allowed client IPs | Security, Request lifecycle |
| [InFlightReq](inflightreq.md) | Limit the number of simultaneous connections | Security, Request lifecycle |
| [PassTLSClientCert](passtlsclientcert.md) | Adding Client Certificates in a Header | Security |
| [RateLimit](ratelimit.md) | Limit the call frequency | Security, Request lifecycle |
| [RedirectScheme](redirectscheme.md) | Redirect easily the client elsewhere | Request lifecycle |
| [RedirectRegex](redirectregex.md) | Redirect the client elsewhere | Request lifecycle |
| [ReplacePath](replacepath.md) | Change the path of the request | Path Modifier |
| [ReplacePathRegex](replacepathregex.md) | Change the path of the request | Path Modifier |
| [Retry](retry.md) | Automatically retry the request in case of errors | Request lifecycle |
| [StripPrefix](stripprefix.md) | Change the path of the request | Path Modifier |
| [StripPrefixRegex](stripprefixregex.md) | Change the path of the request | Path Modifier |
| [Errors](errorpages.md) | Defines custom error pages | Request Lifecycle |
| [ForwardAuth](forwardauth.md) | Delegates Authentication | Security, Authentication |
| [Headers](headers.md) | Adds / Updates headers | Security |
| [IPWhiteList](ipwhitelist.md) | Limits the allowed client IPs | Security, Request lifecycle |
| [InFlightReq](inflightreq.md) | Limits the number of simultaneous connections | Security, Request lifecycle |
| [PassTLSClientCert](passtlsclientcert.md) | Adds Client Certificates in a Header | Security |
| [RateLimit](ratelimit.md) | Limits the call frequency | Security, Request lifecycle |
| [RedirectScheme](redirectscheme.md) | Redirects based on scheme | Request lifecycle |
| [RedirectRegex](redirectregex.md) | Redirects based on regex | Request lifecycle |
| [ReplacePath](replacepath.md) | Changes the path of the request | Path Modifier |
| [ReplacePathRegex](replacepathregex.md) | Changes the path of the request | Path Modifier |
| [Retry](retry.md) | Automatically retries in case of error | Request lifecycle |
| [StripPrefix](stripprefix.md) | Changes the path of the request | Path Modifier |
| [StripPrefixRegex](stripprefixregex.md) | Changes the path of the request | Path Modifier |

2
docs/content/middlewares/http/ratelimit.md
View File

@@ -250,7 +250,7 @@ http:
### `sourceCriterion`
The `sourceCriterion` option defines what criterion is used to group requests as originating from a common source.
The precedence order is `ipStrategy`, then `requestHeaderName`, then `requestHost`.
If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the request's remote address field (as an `ipStrategy`).
#### `sourceCriterion.ipStrategy`

10
docs/content/middlewares/http/redirectregex.md
View File

@@ -73,10 +73,6 @@ http:
## Configuration Options
!!! tip
Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
### `permanent`
Set the `permanent` option to `true` to apply a permanent redirection.
@@ -85,6 +81,12 @@ Set the `permanent` option to `true` to apply a permanent redirection.
The `regex` option is the regular expression to match and capture elements from the request URL.
!!! tip
Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
When defining a regular expression within YAML, any escaped character needs to be escaped twice: `example\.com` needs to be written as `example\\.com`.
### `replacement`
The `replacement` option defines how to modify the URL to have the new target URL.

4
docs/content/middlewares/http/replacepathregex.md
View File

@@ -79,7 +79,9 @@ The ReplacePathRegex middleware will:
!!! tip
Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or [Regex101](https://regex101.com/r/58sIgx/2).
Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
When defining a regular expression within YAML, any escaped character needs to be escaped twice: `example\.com` needs to be written as `example\\.com`.
### `regex`

10
docs/content/middlewares/http/stripprefixregex.md
View File

@@ -67,11 +67,13 @@ The StripPrefixRegex middleware strips the matching path prefix and stores it in
The `regex` option is the regular expression to match the path prefix from the request URL.
!!! tip
Regular expressions can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
For instance, `/products` also matches `/products/shoes` and `/products/shirts`.
If your backend is serving assets (e.g., images or JavaScript files), it can use the `X-Forwarded-Prefix` header to properly construct relative URLs.
Using the previous example, the backend should return `/products/shoes/image.png` (and not `/images.png`, which Traefik would likely not be able to associate with the same backend).
!!! tip
Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
When defining a regular expression within YAML, any escaped character needs to be escaped twice: `example\.com` needs to be written as `example\\.com`.

2
docs/content/middlewares/tcp/ipwhitelist.md
View File

@@ -51,7 +51,7 @@ labels:
```yaml tab="File (YAML)"
# Accepts request from defined IP
http:
tcp:
middlewares:
test-ipwhitelist:
ipWhiteList:

39
docs/content/migration/v2.md
View File

@@ -179,7 +179,7 @@ To enable HTTPS, it is not sufficient anymore to only rely on a TLS section in t
#### Expose an Ingress on 80 and 443
Define the default TLS configuration on the HTTPS entry point.
Define the default TLS configuration on the HTTPS entry point.
```yaml tab="Ingress"
kind: Ingress
@@ -335,7 +335,7 @@ The file parser has been changed, since v2.3 the unknown options/fields in a dyn
### IngressClass
In `v2.3`, the support of `IngressClass`, which is available since Kubernetes version `1.18`, has been introduced.
In order to be able to use this new resource the [Kubernetes RBAC](../reference/dynamic-configuration/kubernetes-crd.md#rbac) must be updated.
In order to be able to use this new resource the [Kubernetes RBAC](../reference/dynamic-configuration/kubernetes-crd.md#rbac) must be updated.
## v2.3 to v2.4
@@ -350,7 +350,7 @@ It is therefore necessary to update [RBAC](../reference/dynamic-configuration/ku
In `v2.4.8`, we introduced a new check on domain names used in HTTP router rule `Host` and `HostRegexp` expressions,
and in TCP router rule `HostSNI` expression.
This check ensures that provided domain names don't contain non-ASCII characters.
This check ensures that provided domain names don't contain non-ASCII characters.
If not, an error is raised, and the associated router will be shown as invalid in the dashboard.
This new behavior is intended to show what was failing silently previously and to help troubleshooting configuration issues.
@@ -365,12 +365,23 @@ For more information, please read the [HTTP routers rule](../routing/routers/ind
In `v2.4.9`, we changed span error to log only server errors (>= 500).
## v2.4.9 to v2.4.10
### K8S CrossNamespace
In `v2.4.10`, the default value for `allowCrossNamespace` has been changed to `false`.
### K8S ExternalName Service
In `v2.4.10`, by default, it is no longer authorized to reference Kubernetes ExternalName services.
To allow it, the `allowExternalNameServices` option should be set to `true`.
## v2.4 to v2.5
### Kubernetes CRD
In `v2.5`, the [Traefik CRDs](../reference/dynamic-configuration/kubernetes-crd.md#definitions) have been updated to support the new API version `apiextensions.k8s.io/v1`.
As required by `apiextensions.k8s.io/v1`, we have included the OpenAPI validation schema.
In `v2.5`, the [Traefik CRDs](../reference/dynamic-configuration/kubernetes-crd.md#definitions) have been updated to support the new API version `apiextensions.k8s.io/v1`.
As required by `apiextensions.k8s.io/v1`, we have included the OpenAPI validation schema.
After deploying the new [Traefik CRDs](../reference/dynamic-configuration/kubernetes-crd.md#definitions), the resources will be validated only on creation or update.
@@ -387,8 +398,6 @@ The `extensions/v1beta1` API Version should now be replaced either by `networkin
The support of the `networking.k8s.io/v1beta1` API Version will stop in Kubernetes v1.22.
## v2.5 to v2.6
### Headers middleware: ssl redirect options
`sslRedirect`, `sslTemporaryRedirect`, `sslHost` and `sslForceHost` are deprecated in Traefik v2.5.
@@ -399,4 +408,18 @@ For more advanced use cases, you can use either the [RedirectScheme middleware](
### Headers middleware: accessControlAllowOrigin
`accessControlAllowOrigin` is no longer supported.
`accessControlAllowOrigin` is no longer supported in Traefik v2.5.
### X.509 CommonName Deprecation Bis
Following up on the deprecation started [previously](#x509-commonname-deprecation),
as the `x509ignoreCN=0` value for the `GODEBUG` is [deprecated in Go 1.17](https://tip.golang.org/doc/go1.17#crypto/x509),
the legacy behavior related to the CommonName field can not be enabled at all anymore.
## v2.5.3 to v2.5.4
### Errors middleware
In `v2.5.4`, when the errors service is configured with the [`PassHostHeader`](../routing/services/index.md#pass-host-header) option to `true` (default),
the forwarded Host header value is now set to the client request Host value and not `0.0.0.0`.
Check out the [Errors middleware](../middlewares/http/errorpages.md#service) documentation for more details.

2
docs/content/observability/access-logs.md
View File

@@ -247,7 +247,7 @@ version: "3.7"
services:
traefik:
image: traefik:v2.2
image: traefik:v2.5
environment:
- TZ=US/Alaska
command:

2
docs/content/observability/metrics/datadog.md
View File

@@ -59,7 +59,7 @@ metrics:
```bash tab="CLI"
--metrics.datadog.addEntryPointsLabels=true
```
#### `AddRoutersLabels`
#### `addRoutersLabels`
_Optional, Default=false_

2
docs/content/observability/metrics/influxdb.md
View File

@@ -170,7 +170,7 @@ metrics:
--metrics.influxdb.addEntryPointsLabels=true
```
#### `AddRoutersLabels`
#### `addRoutersLabels`
_Optional, Default=false_

2
docs/content/observability/metrics/prometheus.md
View File

@@ -64,7 +64,7 @@ metrics:
--metrics.prometheus.addEntryPointsLabels=true
```
#### `AddRoutersLabels`
#### `addRoutersLabels`
_Optional, Default=false_

2
docs/content/observability/metrics/statsd.md
View File

@@ -60,7 +60,7 @@ metrics:
--metrics.statsd.addEntryPointsLabels=true
```
#### `AddRoutersLabels`
#### `addRoutersLabels`
_Optional, Default=false_

11
docs/content/observability/tracing/datadog.md
View File

@@ -1,6 +1,6 @@
# Datadog
To enable the Datadog:
To enable the Datadog tracer:
```yaml tab="File (YAML)"
tracing:
@@ -20,7 +20,7 @@ tracing:
_Required, Default="127.0.0.1:8126"_
Local Agent Host Port instructs reporter to send spans to datadog-tracing-agent at this address.
Local Agent Host Port instructs the reporter to send spans to the Datadog Agent at this address (host:port).
```yaml tab="File (YAML)"
tracing:
@@ -42,7 +42,7 @@ tracing:
_Optional, Default=false_
Enable Datadog debug.
Enables Datadog debug.
```yaml tab="File (YAML)"
tracing:
@@ -64,7 +64,7 @@ tracing:
_Optional, Default=empty_
Apply shared tag in a form of Key:Value to all the traces.
Applies a shared key:value tag on all spans.
```yaml tab="File (YAML)"
tracing:
@@ -86,7 +86,8 @@ tracing:
_Optional, Default=false_
Enable priority sampling. When using distributed tracing,
Enables priority sampling.
When using distributed tracing,
this option must be enabled in order to get all the parts of a distributed trace sampled.
```yaml tab="File (YAML)"

8
docs/content/observability/tracing/elastic.md
View File

@@ -1,6 +1,6 @@
# Elastic
To enable the Elastic:
To enable the Elastic tracer:
```yaml tab="File (YAML)"
tracing:
@@ -20,7 +20,7 @@ tracing:
_Optional, Default="http://localhost:8200"_
APM ServerURL is the URL of the Elastic APM server.
URL of the Elastic APM server.
```yaml tab="File (YAML)"
tracing:
@@ -42,7 +42,7 @@ tracing:
_Optional, Default=""_
APM Secret Token is the token used to connect to Elastic APM Server.
Token used to connect to Elastic APM Server.
```yaml tab="File (YAML)"
tracing:
@@ -64,7 +64,7 @@ tracing:
_Optional, Default=""_
APM Service Environment is the name of the environment Traefik is deployed in, e.g. `production` or `staging`.
Environment's name where Traefik is deployed in, e.g. `production` or `staging`.
```yaml tab="File (YAML)"
tracing:

21
docs/content/observability/tracing/haystack.md
View File

@@ -1,6 +1,6 @@
# Haystack
To enable the Haystack:
To enable the Haystack tracer:
```yaml tab="File (YAML)"
tracing:
@@ -18,9 +18,9 @@ tracing:
#### `localAgentHost`
_Require, Default="127.0.0.1"_
_Required, Default="127.0.0.1"_
Local Agent Host instructs reporter to send spans to haystack-agent at this address.
Local Agent Host instructs reporter to send spans to the Haystack Agent at this address.
```yaml tab="File (YAML)"
tracing:
@@ -40,9 +40,9 @@ tracing:
#### `localAgentPort`
_Require, Default=35000_
_Required, Default=35000_
Local Agent port instructs reporter to send spans to the haystack-agent at this port.
Local Agent Port instructs reporter to send spans to the Haystack Agent at this port.
```yaml tab="File (YAML)"
tracing:
@@ -64,7 +64,7 @@ tracing:
_Optional, Default=empty_
Apply shared tag in a form of Key:Value to all the traces.
Applies shared key:value tag on all spans.
```yaml tab="File (YAML)"
tracing:
@@ -86,7 +86,7 @@ tracing:
_Optional, Default=empty_
Specifies the header name that will be used to store the trace ID.
Sets the header name used to store the trace ID.
```yaml tab="File (YAML)"
tracing:
@@ -108,7 +108,7 @@ tracing:
_Optional, Default=empty_
Specifies the header name that will be used to store the parent ID.
Sets the header name used to store the parent ID.
```yaml tab="File (YAML)"
tracing:
@@ -130,7 +130,7 @@ tracing:
_Optional, Default=empty_
Specifies the header name that will be used to store the span ID.
Sets the header name used to store the span ID.
```yaml tab="File (YAML)"
tracing:
@@ -152,7 +152,7 @@ tracing:
_Optional, Default=empty_
Specifies the header name prefix that will be used to store baggage items in a map.
Sets the header name prefix used to store baggage items in a map.
```yaml tab="File (YAML)"
tracing:
@@ -166,7 +166,6 @@ tracing:
baggagePrefixHeaderName = "sample"
```
```bash tab="CLI"
--tracing.haystack.baggagePrefixHeaderName=sample
```

16
docs/content/observability/tracing/instana.md
View File

@@ -1,6 +1,6 @@
# Instana
To enable the Instana:
To enable the Instana tracer:
```yaml tab="File (YAML)"
tracing:
@@ -18,9 +18,9 @@ tracing:
#### `localAgentHost`
_Require, Default="127.0.0.1"_
_Required, Default="127.0.0.1"_
Local Agent Host instructs reporter to send spans to instana-agent at this address.
Local Agent Host instructs reporter to send spans to the Instana Agent at this address.
```yaml tab="File (YAML)"
tracing:
@@ -40,9 +40,9 @@ tracing:
#### `localAgentPort`
_Require, Default=42699_
_Required, Default=42699_
Local Agent port instructs reporter to send spans to the instana-agent at this port.
Local Agent port instructs reporter to send spans to the Instana Agent listening on this port.
```yaml tab="File (YAML)"
tracing:
@@ -62,11 +62,11 @@ tracing:
#### `logLevel`
_Require, Default="info"_
_Required, Default="info"_
Set Instana tracer log level.
Sets Instana tracer log level.
Valid values for logLevel field are:
Valid values are:
- `error`
- `warn`

35
docs/content/observability/tracing/jaeger.md
View File

@@ -1,6 +1,6 @@
# Jaeger
To enable the Jaeger:
To enable the Jaeger tracer:
```yaml tab="File (YAML)"
tracing:
@@ -27,7 +27,7 @@ tracing:
_Required, Default="http://localhost:5778/sampling"_
Sampling Server URL is the address of jaeger-agent's HTTP sampling server.
Address of the Jaeger Agent HTTP sampling server.
```yaml tab="File (YAML)"
tracing:
@@ -49,7 +49,13 @@ tracing:
_Required, Default="const"_
Sampling Type specifies the type of the sampler: `const`, `probabilistic`, `rateLimiting`.
Type of the sampler.
Valid values are:
- `const`
- `probabilistic`
- `rateLimiting`
```yaml tab="File (YAML)"
tracing:
@@ -71,9 +77,9 @@ tracing:
_Required, Default=1.0_
Sampling Param is a value passed to the sampler.
Value passed to the sampler.
Valid values for Param field are:
Valid values are:
- for `const` sampler, 0 or 1 for always false/true respectively
- for `probabilistic` sampler, a probability between 0 and 1
@@ -99,7 +105,7 @@ tracing:
_Required, Default="127.0.0.1:6831"_
Local Agent Host Port instructs reporter to send spans to jaeger-agent at this address.
Local Agent Host Port instructs the reporter to send spans to the Jaeger Agent at this address (host:port).
```yaml tab="File (YAML)"
tracing:
@@ -121,7 +127,7 @@ tracing:
_Optional, Default=false_
Generate 128-bit trace IDs, compatible with OpenCensus.
Generates 128 bits trace IDs, compatible with OpenCensus.
```yaml tab="File (YAML)"
tracing:
@@ -143,8 +149,9 @@ tracing:
_Required, Default="jaeger"_
Set the propagation header type.
This can be either:
Sets the propagation header type.
Valid values are:
- `jaeger`, jaeger's default trace header.
- `b3`, compatible with OpenZipkin
@@ -169,7 +176,7 @@ tracing:
_Required, Default="uber-trace-id"_
Trace Context Header Name is the http header name used to propagate tracing context.
HTTP header name used to propagate tracing context.
This must be in lower-case to avoid mismatches when decoding incoming headers.
```yaml tab="File (YAML)"
@@ -192,7 +199,7 @@ tracing:
_Optional, Default=true_
Disable the UDP connection helper that periodically re-resolves the agent's hostname and reconnects if there was a change.
Disables the UDP connection helper that periodically re-resolves the agent's hostname and reconnects if there was a change.
Enabling the re-resolving of UDP address make the client more robust in Kubernetes deployments.
```yaml tab="File (YAML)"
@@ -216,7 +223,7 @@ tracing:
_Optional, Default=""_
Collector Endpoint instructs reporter to send spans to jaeger-collector at this URL.
Collector Endpoint instructs the reporter to send spans to the Jaeger Collector at this URL.
```yaml tab="File (YAML)"
tracing:
@@ -239,7 +246,7 @@ tracing:
_Optional, Default=""_
User instructs reporter to include a user for basic http authentication when sending spans to jaeger-collector.
User instructs the reporter to include a user for basic HTTP authentication when sending spans to the Jaeger Collector.
```yaml tab="File (YAML)"
tracing:
@@ -262,7 +269,7 @@ tracing:
_Optional, Default=""_
Password instructs reporter to include a password for basic http authentication when sending spans to jaeger-collector.
Password instructs the reporter to include a password for basic HTTP authentication when sending spans to the Jaeger Collector.
```yaml tab="File (YAML)"
tracing:

10
docs/content/observability/tracing/zipkin.md
View File

@@ -1,6 +1,6 @@
# Zipkin
To enable the Zipkin:
To enable the Zipkin tracer:
```yaml tab="File (YAML)"
tracing:
@@ -20,7 +20,7 @@ tracing:
_Required, Default="http://localhost:9411/api/v2/spans"_
Zipkin HTTP endpoint used to send data.
HTTP endpoint used to send data.
```yaml tab="File (YAML)"
tracing:
@@ -42,7 +42,7 @@ tracing:
_Optional, Default=false_
Use Zipkin SameSpan RPC style traces.
Uses SameSpan RPC style traces.
```yaml tab="File (YAML)"
tracing:
@@ -64,7 +64,7 @@ tracing:
_Optional, Default=true_
Use Zipkin 128 bit trace IDs.
Uses 128 bits trace IDs.
```yaml tab="File (YAML)"
tracing:
@@ -86,7 +86,7 @@ tracing:
_Required, Default=1.0_
The rate between 0.0 and 1.0 of requests to trace.
The proportion of requests to trace, specified between 0.0 and 1.0.
```yaml tab="File (YAML)"
tracing:

82
docs/content/providers/consul-catalog.md
View File

@@ -368,7 +368,8 @@ Defines TLS options for Consul server endpoint.
_Optional_
`ca` is the path to the CA certificate used for Consul communication, defaults to the system bundle if not specified.
Certificate Authority used for the secure connection to Consul,
defaults to the system bundle.
```yaml tab="File (YAML)"
providers:
@@ -531,8 +532,8 @@ _Optional, Default=```Host(`{{ normalize .Name }}`)```_
The default host rule for all services.
For a given service, if no routing rule was defined by a tag, it is defined by this `defaultRule` instead.
The `defaultRule` must be set to a valid [Go template](https://golang.org/pkg/text/template/),
and can include [sprig template functions](http://masterminds.github.io/sprig/).
The `defaultRule` must be set to a valid [Go template](https://pkg.go.dev/text/template/),
and can include [sprig template functions](https://masterminds.github.io/sprig/).
The service name can be accessed with the `Name` identifier,
and the template has access to all the labels (i.e. tags beginning with the `prefix`) defined on this service.
@@ -556,6 +557,81 @@ providers:
# ...
```
### `connectAware`
_Optional, Default=false_
Enable Consul Connect support.
If set to `true`, Traefik will be enabled to communicate with Connect services.
```toml tab="File (TOML)"
[providers.consulCatalog]
connectAware = true
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
connectAware: true
# ...
```
```bash tab="CLI"
--providers.consulcatalog.connectAware=true
# ...
```
### `connectByDefault`
_Optional, Default=false_
Consider every service as Connect capable by default.
If set to `true`, Traefik will consider every Consul Catalog service to be Connect capable by default.
The option can be overridden on an instance basis with the `traefik.consulcatalog.connect` tag.
```toml tab="File (TOML)"
[providers.consulCatalog]
connectByDefault = true
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
connectByDefault: true
# ...
```
```bash tab="CLI"
--providers.consulcatalog.connectByDefault=true
# ...
```
### `serviceName`
_Optional, Default="traefik"_
Name of the Traefik service in Consul Catalog.
```toml tab="File (TOML)"
[providers.consulCatalog]
serviceName = "test"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
serviceName: test
# ...
```
```bash tab="CLI"
--providers.consulcatalog.serviceName=test
# ...
```
### `constraints`
_Optional, Default=""_

5
docs/content/providers/consul.md
View File

@@ -64,7 +64,7 @@ Defines a username to connect to Consul with.
providers:
consul:
# ...
usename: "foo"
username: "foo"
```
```toml tab="File (TOML)"
@@ -106,7 +106,8 @@ _Optional_
#### `tls.ca`
Certificate Authority used for the secure connection to Consul.
Certificate Authority used for the secure connection to Consul,
defaults to the system bundle.
```yaml tab="File (YAML)"
providers:

7
docs/content/providers/docker.md
View File

@@ -427,8 +427,8 @@ _Optional, Default=```Host(`{{ normalize .Name }}`)```_
The `defaultRule` option defines what routing rule to apply to a container if no rule is defined by a label.
It must be a valid [Go template](https://golang.org/pkg/text/template/), and can use
[sprig template functions](http://masterminds.github.io/sprig/).
It must be a valid [Go template](https://pkg.go.dev/text/template/), and can use
[sprig template functions](https://masterminds.github.io/sprig/).
The container service name can be accessed with the `Name` identifier,
and the template has access to all the labels defined on this container.
@@ -615,7 +615,8 @@ _Optional_
#### `tls.ca`
Certificate Authority used for the secure connection to Docker.
Certificate Authority used for the secure connection to Docker,
defaults to the system bundle.
```yaml tab="File (YAML)"
providers:

4
docs/content/providers/ecs.md
View File

@@ -138,8 +138,8 @@ _Optional, Default=```Host(`{{ normalize .Name }}`)```_
The `defaultRule` option defines what routing rule to apply to a container if no rule is defined by a label.
It must be a valid [Go template](https://golang.org/pkg/text/template/), and can use
[sprig template functions](http://masterminds.github.io/sprig/).
It must be a valid [Go template](https://pkg.go.dev/text/template/), and can use
[sprig template functions](https://masterminds.github.io/sprig/).
The container service name can be accessed with the `Name` identifier,
and the template has access to all the labels defined on this container.

5
docs/content/providers/etcd.md
View File

@@ -64,7 +64,7 @@ Defines a username with which to connect to etcd.
providers:
etcd:
# ...
usename: "foo"
username: "foo"
```
```toml tab="File (TOML)"
@@ -106,7 +106,8 @@ _Optional_
#### `tls.ca`
Certificate Authority used for the secure connection to etcd.
Certificate Authority used for the secure connection to etcd,
defaults to the system bundle.
```yaml tab="File (YAML)"
providers:

4
docs/content/providers/file.md
View File

@@ -198,8 +198,8 @@ providers:
Templating does not work in the Traefik main static configuration file.
Traefik supports using Go templating to automatically generate repetitive sections of configuration files.
These sections must be a valid [Go template](https://golang.org/pkg/text/template/), and can use
[sprig template functions](http://masterminds.github.io/sprig/).
These sections must be a valid [Go template](https://pkg.go.dev/text/template/), and can use
[sprig template functions](https://masterminds.github.io/sprig/).
To illustrate, it is possible to easily define multiple routers, services, and TLS certificates as described in the following examples:

3
docs/content/providers/http.md
View File

@@ -78,7 +78,8 @@ _Optional_
#### `tls.ca`
Certificate Authority used for the secure connection to the configured endpoint.
Certificate Authority used for the secure connection to the configured endpoint,
defaults to the system bundle.
```yaml tab="File (YAML)"
providers:

39
docs/content/providers/kubernetes-crd.md
View File

@@ -62,7 +62,7 @@ Previous versions of Traefik used a [KV store](https://doc.traefik.io/traefik/v1
If you need Let's Encrypt with HA in a Kubernetes environment, we recommend using [Traefik Enterprise](https://traefik.io/traefik-enterprise/), which includes distributed Let's Encrypt as a supported feature.
If you want to keep using Traefik Proxy, high availability for Let's Encrypt can be achieved by using a Certificate Controller such as [Cert-Manager](https://docs.cert-manager.io/en/latest/index.html).
If you want to keep using Traefik Proxy, high availability for Let's Encrypt can be achieved by using a Certificate Controller such as [Cert-Manager](https://cert-manager.io/docs/).
When using Cert-Manager to manage certificates, it creates secrets in your namespaces that can be referenced as TLS secrets in your [ingress objects](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls).
When using the Traefik Kubernetes CRD Provider, unfortunately Cert-Manager cannot yet interface directly with the CRDs.
A workaround is to enable the [Kubernetes Ingress provider](./kubernetes-ingress.md) to allow Cert-Manager to create ingress objects to complete the challenges.
@@ -266,29 +266,48 @@ providers:
### `allowCrossNamespace`
_Optional, Default: true_
_Optional, Default: false_
If the parameter is set to `false`, IngressRoutes are not able to reference any resources in other namespaces than theirs.
!!! warning "Deprecation"
Please note that the default value for this option will be set to `false` in a future version.
If the parameter is set to `true`, IngressRoutes are able to reference resources in other namespaces than theirs.
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
allowCrossNamespace: false
allowCrossNamespace: true
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
allowCrossNamespace = false
allowCrossNamespace = true
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.allowCrossNamespace=false
--providers.kubernetescrd.allowCrossNamespace=true
```
### `allowExternalNameServices`
_Optional, Default: false_
If the parameter is set to `true`, IngressRoutes are able to reference ExternalName services.
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
allowExternalNameServices: true
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
allowExternalNameServices = true
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.allowexternalnameservices=true
```
## Full Example

12
docs/content/providers/kubernetes-gateway.md
View File

@@ -9,7 +9,7 @@ The Gateway API project is part of Kubernetes, working under SIG-NETWORK.
The Kubernetes Gateway provider is a Traefik implementation of the [Gateway API](https://gateway-api.sigs.k8s.io/)
specifications from the Kubernetes Special Interest Groups (SIGs).
This provider is proposed as an experimental feature and partially supports the Gateway API [v0.2.0](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v0.2.0) specification.
This provider is proposed as an experimental feature and partially supports the Gateway API [v0.3.0](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v0.3.0) specification.
!!! warning "Enabling The Experimental Kubernetes Gateway Provider"
@@ -73,17 +73,17 @@ This provider is proposed as an experimental feature and partially supports the
The Kubernetes Gateway API project provides several guides on how to use the APIs.
These guides can help you to go further than the example above.
The [getting started guide](https://gateway-api.sigs.k8s.io/guides/getting-started/) details how to install the CRDs from their repository.
The [getting started guide](https://gateway-api.sigs.k8s.io/v1alpha1/guides/getting-started/) details how to install the CRDs from their repository.
!!! note ""
Keep in mind that the Traefik Gateway provider only supports the `v0.2.0`.
Keep in mind that the Traefik Gateway provider only supports the `v0.3.0` (v1alpha1).
For now, the Traefik Gateway Provider can be used while following the below guides:
* [Simple Gateway](https://gateway-api.sigs.k8s.io/guides/simple-gateway/)
* [HTTP routing](https://gateway-api.sigs.k8s.io/guides/http-routing/)
* [TLS](https://gateway-api.sigs.k8s.io/guides/tls/)
* [Simple Gateway](https://gateway-api.sigs.k8s.io/v1alpha1/guides/simple-gateway/)
* [HTTP routing](https://gateway-api.sigs.k8s.io/v1alpha1/guides/http-routing/)
* [TLS](https://gateway-api.sigs.k8s.io/v1alpha1/guides/tls/)
## Resource Configuration

88
docs/content/providers/kubernetes-ingress.md
View File

@@ -36,10 +36,10 @@ and derives the corresponding dynamic configuration from it,
which in turn creates the resulting routers, services, handlers, etc.
```yaml tab="Ingress"
apiVersion: networking.k8s.io/v1
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: "foo"
name: foo
namespace: production
spec:
@@ -48,20 +48,26 @@ spec:
http:
paths:
- path: /bar
pathType: Exact
backend:
serviceName: service1
servicePort: 80
service:
name: service1
port:
number: 80
- path: /foo
pathType: Exact
backend:
serviceName: service1
servicePort: 80
service:
name: service1
port:
number: 80
```
```yaml tab="Ingress Kubernetes v1.19+"
```yaml tab="Ingress v1beta1 (deprecated)"
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: "foo"
name: foo
namespace: production
spec:
@@ -71,16 +77,12 @@ spec:
paths:
- path: /bar
backend:
service:
name: service1
port:
number: 80
serviceName: service1
servicePort: 80
- path: /foo
backend:
service:
name: service1
port:
number: 80
serviceName: service1
servicePort: 80
```
## LetsEncrypt Support with the Ingress Provider
@@ -102,7 +104,7 @@ If you need Let's Encrypt with high availability in a Kubernetes environment,
we recommend using [Traefik Enterprise](https://traefik.io/traefik-enterprise/) which includes distributed Let's Encrypt as a supported feature.
If you want to keep using Traefik Proxy,
LetsEncrypt HA can be achieved by using a Certificate Controller such as [Cert-Manager](https://docs.cert-manager.io/en/latest/index.html).
LetsEncrypt HA can be achieved by using a Certificate Controller such as [Cert-Manager](https://cert-manager.io/docs/).
When using Cert-Manager to manage certificates,
it creates secrets in your namespaces that can be referenced as TLS secrets in your [ingress objects](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls).
@@ -270,19 +272,19 @@ Otherwise, Ingresses missing the annotation, having an empty value, or the value
```
```yaml tab="Ingress"
apiVersion: "networking.k8s.io/v1beta1"
kind: "Ingress"
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: "example-ingress"
name: example-ingress
spec:
ingressClassName: "traefik-lb"
ingressClassName: traefik-lb
rules:
- host: "*.example.com"
http:
paths:
- path: "/example"
- path: /example
backend:
serviceName: "example-service"
serviceName: example-service
servicePort: 80
```
@@ -301,20 +303,21 @@ Otherwise, Ingresses missing the annotation, having an empty value, or the value
```
```yaml tab="Ingress"
apiVersion: "networking.k8s.io/v1"
kind: "Ingress"
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: "example-ingress"
name: example-ingress
spec:
ingressClassName: "traefik-lb"
ingressClassName: traefik-lb
rules:
- host: "*.example.com"
http:
paths:
- path: "/example"
- path: /example
pathType: Exact
backend:
service:
name: "example-service"
name: example-service
port:
number: 80
```
@@ -464,7 +467,30 @@ providers:
Allow the creation of services if there are no endpoints available.
This results in `503` http responses instead of `404`.
### `allowExternalNameServices`
_Optional, Default: false_
If the parameter is set to `true`, Ingresses are able to reference ExternalName services.
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
allowExternalNameServices: true
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
allowExternalNameServices = true
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.allowexternalnameservices=true
```
### Further
To learn more about the various aspects of the Ingress specification that Traefik supports,
many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v2.4/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v2.5/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.

7
docs/content/providers/marathon.md
View File

@@ -113,8 +113,8 @@ The default host rule for all services.
For a given application, if no routing rule was defined by a label, it is defined by this `defaultRule` instead.
It must be a valid [Go template](https://golang.org/pkg/text/template/),
and can include [sprig template functions](http://masterminds.github.io/sprig/).
It must be a valid [Go template](https://pkg.go.dev/text/template/),
and can include [sprig template functions](https://masterminds.github.io/sprig/).
The app ID can be accessed with the `Name` identifier,
and the template has access to all the labels defined on this Marathon application.
@@ -406,7 +406,8 @@ _Optional_
#### `tls.ca`
Certificate Authority used for the secure connection to Marathon.
Certificate Authority used for the secure connection to Marathon,
defaults to the system bundle.
```yaml tab="File (YAML)"
providers:

4
docs/content/providers/rancher.md
View File

@@ -95,8 +95,8 @@ The default host rule for all services.
The `defaultRule` option defines what routing rule to apply to a container if no rule is defined by a label.
It must be a valid [Go template](https://golang.org/pkg/text/template/), and can use
[sprig template functions](http://masterminds.github.io/sprig/).
It must be a valid [Go template](https://pkg.go.dev/text/template/), and can use
[sprig template functions](https://masterminds.github.io/sprig/).
The service name can be accessed with the `Name` identifier,
and the template has access to all the labels defined on this container.

5
docs/content/providers/redis.md
View File

@@ -64,7 +64,7 @@ Defines a username to connect with Redis.
providers:
redis:
# ...
usename: "foo"
username: "foo"
```
```toml tab="File (TOML)"
@@ -106,7 +106,8 @@ _Optional_
#### `tls.ca`
Certificate Authority used for the secure connection to Redis.
Certificate Authority used for the secure connection to Redis,
defaults to the system bundle.
```yaml tab="File (YAML)"
providers:

5
docs/content/providers/zookeeper.md
View File

@@ -64,7 +64,7 @@ Defines a username to connect with ZooKeeper.
providers:
zooKeeper:
# ...
usename: "foo"
username: "foo"
```
```toml tab="File (TOML)"
@@ -106,7 +106,8 @@ _Optional_
#### `tls.ca`
Certificate Authority used for the secure connection to ZooKeeper.
Certificate Authority used for the secure connection to ZooKeeper,
defaults to the system bundle.
```yaml tab="File (YAML)"
providers:

1
docs/content/reference/dynamic-configuration/consul-catalog.yml
View File

@@ -1 +1,2 @@
- "traefik.enable=true"
- "traefik.consulcatalog.connect=true"

4
docs/content/reference/dynamic-configuration/file.toml
View File

@@ -278,6 +278,7 @@
rootCAs = ["foobar", "foobar"]
maxIdleConnsPerHost = 42
disableHTTP2 = true
peerCertURI = "foobar"
[[http.serversTransports.ServersTransport0.certificates]]
certFile = "foobar"
@@ -296,6 +297,7 @@
rootCAs = ["foobar", "foobar"]
maxIdleConnsPerHost = 42
disableHTTP2 = true
peerCertURI = "foobar"
[[http.serversTransports.ServersTransport1.certificates]]
certFile = "foobar"
@@ -419,6 +421,7 @@
curvePreferences = ["foobar", "foobar"]
sniStrict = true
preferServerCipherSuites = true
alpnProtocols = ["foobar", "foobar"]
[tls.options.Options0.clientAuth]
caFiles = ["foobar", "foobar"]
clientAuthType = "foobar"
@@ -429,6 +432,7 @@
curvePreferences = ["foobar", "foobar"]
sniStrict = true
preferServerCipherSuites = true
alpnProtocols = ["foobar", "foobar"]
[tls.options.Options1.clientAuth]
caFiles = ["foobar", "foobar"]
clientAuthType = "foobar"

8
docs/content/reference/dynamic-configuration/file.yaml
View File

@@ -329,6 +329,7 @@ http:
responseHeaderTimeout: 42s
idleConnTimeout: 42s
disableHTTP2: true
peerCertURI: foobar
ServersTransport1:
serverName: foobar
insecureSkipVerify: true
@@ -346,6 +347,7 @@ http:
responseHeaderTimeout: 42s
idleConnTimeout: 42s
disableHTTP2: true
peerCertURI: foobar
tcp:
routers:
TCPRouter0:
@@ -468,6 +470,9 @@ tls:
clientAuthType: foobar
sniStrict: true
preferServerCipherSuites: true
alpnProtocols:
- foobar
- foobar
Options1:
minVersion: foobar
maxVersion: foobar
@@ -484,6 +489,9 @@ tls:
clientAuthType: foobar
sniStrict: true
preferServerCipherSuites: true
alpnProtocols:
- foobar
- foobar
stores:
Store0:
defaultCertificate:

1
docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
View File

@@ -2,6 +2,7 @@
--8<-- "content/reference/dynamic-configuration/traefik.containo.us_ingressroutetcps.yaml"
--8<-- "content/reference/dynamic-configuration/traefik.containo.us_ingressrouteudps.yaml"
--8<-- "content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml"
--8<-- "content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml"
--8<-- "content/reference/dynamic-configuration/traefik.containo.us_serverstransports.yaml"
--8<-- "content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml"
--8<-- "content/reference/dynamic-configuration/traefik.containo.us_tlsstores.yaml"

4
docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
View File

@@ -1,5 +1,5 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
@@ -48,8 +48,8 @@ rules:
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller

3
docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml
View File

@@ -194,6 +194,9 @@ spec:
clientAuthType: RequireAndVerifyClientCert
sniStrict: true
preferServerCipherSuites: true
alpnProtocols:
- foobar
- foobar
---
apiVersion: traefik.containo.us/v1alpha1

2
docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml
View File

@@ -38,8 +38,8 @@ rules:
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: gateway-controller

6
docs/content/reference/dynamic-configuration/kv-ref.md
View File

@@ -174,6 +174,7 @@
| `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/responseHeaderTimeout` | `42s` |
| `traefik/http/serversTransports/ServersTransport0/insecureSkipVerify` | `true` |
| `traefik/http/serversTransports/ServersTransport0/maxIdleConnsPerHost` | `42` |
| `traefik/http/serversTransports/ServersTransport0/peerCertURI` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/rootCAs/0` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/rootCAs/1` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/serverName` | `foobar` |
@@ -187,6 +188,7 @@
| `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/responseHeaderTimeout` | `42s` |
| `traefik/http/serversTransports/ServersTransport1/insecureSkipVerify` | `true` |
| `traefik/http/serversTransports/ServersTransport1/maxIdleConnsPerHost` | `42` |
| `traefik/http/serversTransports/ServersTransport1/peerCertURI` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/rootCAs/0` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/rootCAs/1` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/serverName` | `foobar` |
@@ -272,6 +274,8 @@
| `traefik/tls/certificates/1/keyFile` | `foobar` |
| `traefik/tls/certificates/1/stores/0` | `foobar` |
| `traefik/tls/certificates/1/stores/1` | `foobar` |
| `traefik/tls/options/Options0/alpnProtocols/0` | `foobar` |
| `traefik/tls/options/Options0/alpnProtocols/1` | `foobar` |
| `traefik/tls/options/Options0/cipherSuites/0` | `foobar` |
| `traefik/tls/options/Options0/cipherSuites/1` | `foobar` |
| `traefik/tls/options/Options0/clientAuth/caFiles/0` | `foobar` |
@@ -283,6 +287,8 @@
| `traefik/tls/options/Options0/minVersion` | `foobar` |
| `traefik/tls/options/Options0/preferServerCipherSuites` | `true` |
| `traefik/tls/options/Options0/sniStrict` | `true` |
| `traefik/tls/options/Options1/alpnProtocols/0` | `foobar` |
| `traefik/tls/options/Options1/alpnProtocols/1` | `foobar` |
| `traefik/tls/options/Options1/cipherSuites/0` | `foobar` |
| `traefik/tls/options/Options1/cipherSuites/1` | `foobar` |
| `traefik/tls/options/Options1/clientAuth/caFiles/0` | `foobar` |

84
docs/content/reference/dynamic-configuration/networking.x-k8s.io_gatewayclasses.yaml
View File

@@ -4,12 +4,14 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
controller-gen.kubebuilder.io/version: v0.5.0
creationTimestamp: null
name: gatewayclasses.networking.x-k8s.io
spec:
group: networking.x-k8s.io
names:
categories:
- gateway-api
kind: GatewayClass
listKind: GatewayClassList
plural: gatewayclasses
@@ -22,16 +24,25 @@ spec:
- jsonPath: .spec.controller
name: Controller
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: "GatewayClass describes a class of Gateways available to the user for creating Gateway resources. \n GatewayClass is a Cluster level resource."
description: "GatewayClass describes a class of Gateways available to the
user for creating Gateway resources. \n GatewayClass is a Cluster level
resource."
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
@@ -39,11 +50,23 @@ spec:
description: Spec defines the desired state of GatewayClass.
properties:
controller:
description: "Controller is a domain/path string that indicates the controller that is managing Gateways of this class. \n Example: \"acme.io/gateway-controller\". \n This field is not mutable and cannot be empty. \n The format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). \n Support: Core"
description: "Controller is a domain/path string that indicates the
controller that is managing Gateways of this class. \n Example:
\"acme.io/gateway-controller\". \n This field is not mutable and
cannot be empty. \n The format of this field is DOMAIN \"/\" PATH,
where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
\n Support: Core"
maxLength: 253
type: string
parametersRef:
description: "ParametersRef is a reference to a resource that contains the configuration parameters corresponding to the GatewayClass. This is optional if the controller does not require any additional configuration. \n ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, or an implementation-specific custom resource. The resource can be cluster-scoped or namespace-scoped. \n If the referent cannot be found, the GatewayClass's \"InvalidParameters\" status condition will be true. \n Support: Custom"
description: "ParametersRef is a reference to a resource that contains
the configuration parameters corresponding to the GatewayClass.
This is optional if the controller does not require any additional
configuration. \n ParametersRef can reference a standard Kubernetes
resource, i.e. ConfigMap, or an implementation-specific custom resource.
The resource can be cluster-scoped or namespace-scoped. \n If the
referent cannot be found, the GatewayClass's \"InvalidParameters\"
status condition will be true. \n Support: Custom"
properties:
group:
description: Group is the group of the referent.
@@ -61,13 +84,16 @@ spec:
minLength: 1
type: string
namespace:
description: Namespace is the namespace of the referent. This field is required when scope is set to "Namespace" and ignored when scope is set to "Cluster".
description: Namespace is the namespace of the referent. This
field is required when scope is set to "Namespace" and ignored
when scope is set to "Cluster".
maxLength: 253
minLength: 1
type: string
scope:
default: Cluster
description: Scope represents if the referent is a Cluster or Namespace scoped resource. This may be set to "Cluster" or "Namespace".
description: Scope represents if the referent is a Cluster or
Namespace scoped resource. This may be set to "Cluster" or "Namespace".
enum:
- Cluster
- Namespace
@@ -97,25 +123,49 @@ spec:
reason: Waiting
status: "False"
type: Admitted
description: "Conditions is the current status from the controller for this GatewayClass. \n Controllers should prefer to publish conditions using values of GatewayClassConditionType for the type of each Condition."
description: "Conditions is the current status from the controller
for this GatewayClass. \n Controllers should prefer to publish conditions
using values of GatewayClassConditionType for the type of each Condition."
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are:
\"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
\ // +patchStrategy=merge // +listType=map // +listMapKey=type
\ Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
\n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
@@ -128,7 +178,11 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string

395
docs/content/reference/dynamic-configuration/networking.x-k8s.io_gateways.yaml
View File

@@ -4,12 +4,14 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
controller-gen.kubebuilder.io/version: v0.5.0
creationTimestamp: null
name: gateways.networking.x-k8s.io
spec:
group: networking.x-k8s.io
names:
categories:
- gateway-api
kind: Gateway
listKind: GatewayList
plural: gateways
@@ -22,16 +24,28 @@ spec:
- jsonPath: .spec.gatewayClassName
name: Class
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: "Gateway represents an instantiation of a service-traffic handling infrastructure by binding Listeners to a set of IP addresses. \n Implementations should add the `gateway-exists-finalizer.networking.x-k8s.io` finalizer on the associated GatewayClass whenever Gateway(s) is running. This ensures that a GatewayClass associated with a Gateway(s) is not deleted while in use."
description: "Gateway represents an instantiation of a service-traffic handling
infrastructure by binding Listeners to a set of IP addresses. \n Implementations
should add the `gateway-exists-finalizer.networking.x-k8s.io` finalizer
on the associated GatewayClass whenever Gateway(s) is running. This ensures
that a GatewayClass associated with a Gateway(s) is not deleted while in
use."
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
@@ -39,9 +53,18 @@ spec:
description: Spec defines the desired state of Gateway.
properties:
addresses:
description: "Addresses requested for this gateway. This is optional and behavior can depend on the GatewayClass. If a value is set in the spec and the requested address is invalid, the GatewayClass MUST indicate this in the associated entry in GatewayStatus.Addresses. \n If no Addresses are specified, the GatewayClass may schedule the Gateway in an implementation-defined manner, assigning an appropriate set of Addresses. \n The GatewayClass MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway. \n Support: Core"
description: "Addresses requested for this gateway. This is optional
and behavior can depend on the GatewayClass. If a value is set in
the spec and the requested address is invalid, the GatewayClass
MUST indicate this in the associated entry in GatewayStatus.Addresses.
\n If no Addresses are specified, the GatewayClass may schedule
the Gateway in an implementation-defined manner, assigning an appropriate
set of Addresses. \n The GatewayClass MUST bind all Listeners to
every GatewayAddress that it assigns to the Gateway. \n Support:
Core"
items:
description: GatewayAddress describes an address that can be bound to a Gateway.
description: GatewayAddress describes an address that can be bound
to a Gateway.
properties:
type:
default: IPAddress
@@ -51,7 +74,9 @@ spec:
- NamedAddress
type: string
value:
description: "Value of the address. The validity of the values will depend on the type and support by the controller. \n Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
description: "Value of the address. The validity of the values
will depend on the type and support by the controller. \n
Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
maxLength: 253
minLength: 1
type: string
@@ -61,70 +86,186 @@ spec:
maxItems: 16
type: array
gatewayClassName:
description: GatewayClassName used for this Gateway. This is the name of a GatewayClass resource.
description: GatewayClassName used for this Gateway. This is the name
of a GatewayClass resource.
maxLength: 253
minLength: 1
type: string
listeners:
description: "Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway's addresses. At least one Listener MUST be specified. \n An implementation MAY group Listeners by Port and then collapse each group of Listeners into a single Listener if the implementation determines that the Listeners in the group are \"compatible\". An implementation MAY also group together and collapse compatible Listeners belonging to different Gateways. \n For example, an implementation might consider Listeners to be compatible with each other if all of the following conditions are met: \n 1. Either each Listener within the group specifies the \"HTTP\" Protocol or each Listener within the group specifies either the \"HTTPS\" or \"TLS\" Protocol. \n 2. Each Listener within the group specifies a Hostname that is unique within the group. \n 3. As a special case, one Listener within a group may omit Hostname, in which case this Listener matches when no other Listener matches. \n If the implementation does collapse compatible Listeners, the hostname provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming hostname MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, exact matches must be processed before wildcard matches. \n If this field specifies multiple Listeners that have the same Port value but are not compatible, the implementation must raise a \"Conflicted\" condition in the Listener status. \n Support: Core"
description: "Listeners associated with this Gateway. Listeners define
logical endpoints that are bound on this Gateway's addresses. At
least one Listener MUST be specified. \n An implementation MAY group
Listeners by Port and then collapse each group of Listeners into
a single Listener if the implementation determines that the Listeners
in the group are \"compatible\". An implementation MAY also group
together and collapse compatible Listeners belonging to different
Gateways. \n For example, an implementation might consider Listeners
to be compatible with each other if all of the following conditions
are met: \n 1. Either each Listener within the group specifies the
\"HTTP\" Protocol or each Listener within the group specifies
either the \"HTTPS\" or \"TLS\" Protocol. \n 2. Each Listener
within the group specifies a Hostname that is unique within the
group. \n 3. As a special case, one Listener within a group may
omit Hostname, in which case this Listener matches when no other
Listener matches. \n If the implementation does collapse compatible
Listeners, the hostname provided in the incoming client request
MUST be matched to a Listener to find the correct set of Routes.
The incoming hostname MUST be matched using the Hostname field for
each Listener in order of most to least specific. That is, exact
matches must be processed before wildcard matches. \n If this field
specifies multiple Listeners that have the same Port value but are
not compatible, the implementation must raise a \"Conflicted\" condition
in the Listener status. \n Support: Core"
items:
description: Listener embodies the concept of a logical endpoint where a Gateway can accept network connections. Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. This will be enforced by a validating webhook.
description: Listener embodies the concept of a logical endpoint
where a Gateway can accept network connections. Each listener
in a Gateway must have a unique combination of Hostname, Port,
and Protocol. This will be enforced by a validating webhook.
properties:
hostname:
description: "Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, \"\", or `*`, all hostnames are matched. This field can be omitted for protocols that don't require hostname based matching. \n Hostname is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the \"host\" part of the URI as defined in the RFC: \n 1. IP literals are not allowed. 2. The `:` delimiter is not respected because ports are not allowed. \n Hostname can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`). The wildcard character `*` must appear by itself as the first DNS label and matches only a single label. \n Support: Core"
description: "Hostname specifies the virtual hostname to match
for protocol types that define this concept. When unspecified,
\"\", or `*`, all hostnames are matched. This field can be
omitted for protocols that don't require hostname based matching.
\n Hostname is the fully qualified domain name of a network
host, as defined by RFC 3986. Note the following deviations
from the \"host\" part of the URI as defined in the RFC: \n
1. IP literals are not allowed. 2. The `:` delimiter is not
respected because ports are not allowed. \n Hostname can be
\"precise\" which is a domain name without the terminating
dot of a network host (e.g. \"foo.example.com\") or \"wildcard\",
which is a domain name prefixed with a single wildcard label
(e.g. `*.example.com`). The wildcard character `*` must appear
by itself as the first DNS label and matches only a single
label. \n Support: Core"
maxLength: 253
minLength: 1
type: string
port:
description: "Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules. \n Support: Core"
description: "Port is the network port. Multiple listeners may
use the same port, subject to the Listener compatibility rules.
\n Support: Core"
format: int32
maximum: 65535
minimum: 1
type: integer
protocol:
description: "Protocol specifies the network protocol this listener expects to receive. The GatewayClass MUST apply the Hostname match appropriately for each protocol: \n * For the \"TLS\" protocol, the Hostname match MUST be applied to the [SNI](https://tools.ietf.org/html/rfc6066#section-3) server name offered by the client. * For the \"HTTP\" protocol, the Hostname match MUST be applied to the host portion of the [effective request URI](https://tools.ietf.org/html/rfc7230#section-5.5) or the [:authority pseudo-header](https://tools.ietf.org/html/rfc7540#section-8.1.2.3) * For the \"HTTPS\" protocol, the Hostname match MUST be applied at both the TLS and HTTP protocol layers. \n Support: Core"
description: "Protocol specifies the network protocol this listener
expects to receive. The GatewayClass MUST apply the Hostname
match appropriately for each protocol: \n * For the \"TLS\"
protocol, the Hostname match MUST be applied to the [SNI](https://tools.ietf.org/html/rfc6066#section-3)
\ server name offered by the client. * For the \"HTTP\" protocol,
the Hostname match MUST be applied to the host portion of
the [effective request URI](https://tools.ietf.org/html/rfc7230#section-5.5)
\ or the [:authority pseudo-header](https://tools.ietf.org/html/rfc7540#section-8.1.2.3)
* For the \"HTTPS\" protocol, the Hostname match MUST be applied
at both the TLS and HTTP protocol layers. \n Support: Core"
type: string
routes:
description: "Routes specifies a schema for associating routes with the Listener using selectors. A Route is a resource capable of servicing a request and allows a cluster operator to expose a cluster resource (i.e. Service) by externally-reachable URL, load-balance traffic and terminate SSL/TLS. Typically, a route is a \"HTTPRoute\" or \"TCPRoute\" in group \"networking.x-k8s.io\", however, an implementation may support other types of resources. \n The Routes selector MUST select a set of objects that are compatible with the application protocol specified in the Protocol field. \n Although a client request may technically match multiple route rules, only one rule may ultimately receive the request. Matching precedence MUST be determined in order of the following criteria: \n * The most specific match. For example, the most specific HTTPRoute match is determined by the longest matching combination of hostname and path. * The oldest Route based on creation timestamp. For example, a Route with a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over a Route with a creation timestamp of \"2020-09-08 01:02:04\". * If everything else is equivalent, the Route appearing first in alphabetical order (namespace/name) should be given precedence. For example, foo/bar is given precedence over foo/baz. \n All valid portions of a Route selected by this field should be supported. Invalid portions of a Route can be ignored (sometimes that will mean the full Route). If a portion of a Route transitions from valid to invalid, support for that portion of the Route should be dropped to ensure consistency. For example, even if a filter specified by a Route is invalid, the rest of the Route should still be supported. \n Support: Core"
description: "Routes specifies a schema for associating routes
with the Listener using selectors. A Route is a resource capable
of servicing a request and allows a cluster operator to expose
a cluster resource (i.e. Service) by externally-reachable
URL, load-balance traffic and terminate SSL/TLS. Typically,
a route is a \"HTTPRoute\" or \"TCPRoute\" in group \"networking.x-k8s.io\",
however, an implementation may support other types of resources.
\n The Routes selector MUST select a set of objects that are
compatible with the application protocol specified in the
Protocol field. \n Although a client request may technically
match multiple route rules, only one rule may ultimately receive
the request. Matching precedence MUST be determined in order
of the following criteria: \n * The most specific match. For
example, the most specific HTTPRoute match is determined
by the longest matching combination of hostname and path.
* The oldest Route based on creation timestamp. For example,
a Route with a creation timestamp of \"2020-09-08 01:02:03\"
is given precedence over a Route with a creation timestamp
of \"2020-09-08 01:02:04\". * If everything else is equivalent,
the Route appearing first in alphabetical order (namespace/name)
should be given precedence. For example, foo/bar is given
precedence over foo/baz. \n All valid portions of a Route
selected by this field should be supported. Invalid portions
of a Route can be ignored (sometimes that will mean the full
Route). If a portion of a Route transitions from valid to
invalid, support for that portion of the Route should be dropped
to ensure consistency. For example, even if a filter specified
by a Route is invalid, the rest of the Route should still
be supported. \n Support: Core"
properties:
group:
default: networking.x-k8s.io
description: "Group is the group of the route resource to select. Omitting the value or specifying the empty string indicates the networking.x-k8s.io API group. For example, use the following to select an HTTPRoute: \n routes: kind: HTTPRoute \n Otherwise, if an alternative API group is desired, specify the desired group: \n routes: group: acme.io kind: FooRoute \n Support: Core"
description: "Group is the group of the route resource to
select. Omitting the value or specifying the empty string
indicates the networking.x-k8s.io API group. For example,
use the following to select an HTTPRoute: \n routes: kind:
HTTPRoute \n Otherwise, if an alternative API group is
desired, specify the desired group: \n routes: group:
acme.io kind: FooRoute \n Support: Core"
maxLength: 253
minLength: 1
type: string
kind:
description: "Kind is the kind of the route resource to select. \n Kind MUST correspond to kinds of routes that are compatible with the application protocol specified in the Listener's Protocol field. \n If an implementation does not support or recognize this resource type, it SHOULD set the \"ResolvedRefs\" condition to false for this listener with the \"InvalidRoutesRef\" reason. \n Support: Core"
description: "Kind is the kind of the route resource to
select. \n Kind MUST correspond to kinds of routes that
are compatible with the application protocol specified
in the Listener's Protocol field. \n If an implementation
does not support or recognize this resource type, it SHOULD
set the \"ResolvedRefs\" condition to false for this listener
with the \"InvalidRoutesRef\" reason. \n Support: Core"
type: string
namespaces:
default:
from: Same
description: "Namespaces indicates in which namespaces Routes should be selected for this Gateway. This is restricted to the namespace of this Gateway by default. \n Support: Core"
description: "Namespaces indicates in which namespaces Routes
should be selected for this Gateway. This is restricted
to the namespace of this Gateway by default. \n Support:
Core"
properties:
from:
default: Same
description: "From indicates where Routes will be selected for this Gateway. Possible values are: * All: Routes in all namespaces may be used by this Gateway. * Selector: Routes in namespaces selected by the selector may be used by this Gateway. * Same: Only Routes in the same namespace may be used by this Gateway. \n Support: Core"
description: "From indicates where Routes will be selected
for this Gateway. Possible values are: * All: Routes
in all namespaces may be used by this Gateway. * Selector:
Routes in namespaces selected by the selector may
be used by this Gateway. * Same: Only Routes in
the same namespace may be used by this Gateway. \n
Support: Core"
enum:
- All
- Selector
- Same
type: string
selector:
description: "Selector must be specified when From is set to \"Selector\". In that case, only Routes in Namespaces matching this Selector will be selected by this Gateway. This field is ignored for other values of \"From\". \n Support: Core"
description: "Selector must be specified when From is
set to \"Selector\". In that case, only Routes in
Namespaces matching this Selector will be selected
by this Gateway. This field is ignored for other values
of \"From\". \n Support: Core"
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
@@ -136,26 +277,46 @@ spec:
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
type: object
selector:
description: "Selector specifies a set of route labels used for selecting routes to associate with the Gateway. If this Selector is defined, only routes matching the Selector are associated with the Gateway. An empty Selector matches all routes. \n Support: Core"
description: "Selector specifies a set of route labels used
for selecting routes to associate with the Gateway. If
this Selector is defined, only routes matching the Selector
are associated with the Gateway. An empty Selector matches
all routes. \n Support: Core"
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
@@ -167,17 +328,37 @@ spec:
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
required:
- kind
type: object
tls:
description: "TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \"HTTPS\" or \"TLS\" and ignored otherwise. \n The association of SNIs to Certificate defined in GatewayTLSConfig is defined based on the Hostname field for this listener. \n The GatewayClass MUST use the longest matching SNI out of all available certificates for any TLS handshake. \n Support: Core"
description: "TLS is the TLS configuration for the Listener.
This field is required if the Protocol field is \"HTTPS\"
or \"TLS\" and ignored otherwise. \n The association of SNIs
to Certificate defined in GatewayTLSConfig is defined based
on the Hostname field for this listener. \n The GatewayClass
MUST use the longest matching SNI out of all available certificates
for any TLS handshake. \n Support: Core"
properties:
certificateRef:
description: "CertificateRef is the reference to Kubernetes object that contain a TLS certificate and private key. This certificate MUST be used for TLS handshakes for the domain this GatewayTLSConfig is associated with. \n This field is required when mode is set to \"Terminate\" (default) and optional otherwise. \n If an entry in this list omits or specifies the empty string for both the group and the resource, the resource defaults to \"secrets\". An implementation may support other resources (for example, resource \"mycertificates\" in group \"networking.acme.io\"). \n Support: Core (Kubernetes Secrets) \n Support: Implementation-specific (Other resource types)"
description: "CertificateRef is a reference to a Kubernetes
object that contains a TLS certificate and private key.
This certificate is used to establish a TLS handshake
for requests that match the hostname of the associated
listener. The referenced object MUST reside in the same
namespace as Gateway. \n This field is required when mode
is set to \"Terminate\" (default) and optional otherwise.
\n CertificateRef can reference a standard Kubernetes
resource, i.e. Secret, or an implementation-specific custom
resource. \n Support: Core (Kubernetes Secrets) \n Support:
Implementation-specific (Other resource types)"
properties:
group:
description: Group is the group of the referent.
@@ -201,7 +382,16 @@ spec:
type: object
mode:
default: Terminate
description: "Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes: - Terminate: The TLS session between the downstream client and the Gateway is terminated at the Gateway. This mode requires certificateRef to be set. - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway can't decipher the TLS stream except for the ClientHello message of the TLS protocol. CertificateRef field is ignored in this mode. \n Support: Core"
description: "Mode defines the TLS behavior for the TLS
session initiated by the client. There are two possible
modes: - Terminate: The TLS session between the downstream
client and the Gateway is terminated at the Gateway.
This mode requires certificateRef to be set. - Passthrough:
The TLS session is NOT terminated by the Gateway. This
\ implies that the Gateway can't decipher the TLS stream
except for the ClientHello message of the TLS protocol.
\ CertificateRef field is ignored in this mode. \n Support:
Core"
enum:
- Terminate
- Passthrough
@@ -209,16 +399,29 @@ spec:
options:
additionalProperties:
type: string
description: "Options are a list of key/value pairs to give extended options to the provider. \n There variation among providers as to how ciphersuites are expressed. If there is a common subset for expressing ciphers then it will make sense to loft that as a core API construct. \n Support: Implementation-specific"
description: "Options are a list of key/value pairs to give
extended options to the provider. \n There variation among
providers as to how ciphersuites are expressed. If there
is a common subset for expressing ciphers then it will
make sense to loft that as a core API construct. \n Support:
Implementation-specific"
type: object
routeOverride:
default:
certificate: Deny
description: "RouteOverride dictates if TLS settings can be configured via Routes or not. \n CertificateRef must be defined even if `routeOverride.certificate` is set to 'Allow' as it will be used as the default certificate for the listener. \n Support: Core"
description: "RouteOverride dictates if TLS settings can
be configured via Routes or not. \n CertificateRef must
be defined even if `routeOverride.certificate` is set
to 'Allow' as it will be used as the default certificate
for the listener. \n Support: Core"
properties:
certificate:
default: Deny
description: "Certificate dictates if TLS certificates can be configured via Routes. If set to 'Allow', a TLS certificate for a hostname defined in a Route takes precedence over the certificate defined in Gateway. \n Support: Core"
description: "Certificate dictates if TLS certificates
can be configured via Routes. If set to 'Allow', a
TLS certificate for a hostname defined in a Route
takes precedence over the certificate defined in Gateway.
\n Support: Core"
enum:
- Allow
- Deny
@@ -248,9 +451,13 @@ spec:
description: Status defines the current state of Gateway.
properties:
addresses:
description: "Addresses lists the IP addresses that have actually been bound to the Gateway. These addresses may differ from the addresses in the Spec, e.g. if the Gateway automatically assigns an address from a reserved pool. \n These addresses should all be of type \"IPAddress\"."
description: "Addresses lists the IP addresses that have actually
been bound to the Gateway. These addresses may differ from the addresses
in the Spec, e.g. if the Gateway automatically assigns an address
from a reserved pool. \n These addresses should all be of type \"IPAddress\"."
items:
description: GatewayAddress describes an address that can be bound to a Gateway.
description: GatewayAddress describes an address that can be bound
to a Gateway.
properties:
type:
default: IPAddress
@@ -260,7 +467,9 @@ spec:
- NamedAddress
type: string
value:
description: "Value of the address. The validity of the values will depend on the type and support by the controller. \n Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
description: "Value of the address. The validity of the values
will depend on the type and support by the controller. \n
Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
maxLength: 253
minLength: 1
type: string
@@ -276,25 +485,52 @@ spec:
reason: NotReconciled
status: "False"
type: Scheduled
description: "Conditions describe the current conditions of the Gateway. \n Implementations should prefer to express Gateway conditions using the `GatewayConditionType` and `GatewayConditionReason` constants so that operators and tools can converge on a common vocabulary to describe Gateway state. \n Known condition types are: \n * \"Scheduled\" * \"Ready\""
description: "Conditions describe the current conditions of the Gateway.
\n Implementations should prefer to express Gateway conditions using
the `GatewayConditionType` and `GatewayConditionReason` constants
so that operators and tools can converge on a common vocabulary
to describe Gateway state. \n Known condition types are: \n * \"Scheduled\"
* \"Ready\""
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are:
\"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
\ // +patchStrategy=merge // +listType=map // +listMapKey=type
\ Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
\n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
@@ -307,7 +543,11 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -324,43 +564,75 @@ spec:
- type
x-kubernetes-list-type: map
listeners:
description: Listeners provide status for each unique listener port defined in the Spec.
description: Listeners provide status for each unique listener port
defined in the Spec.
items:
description: ListenerStatus is the status associated with a Listener.
properties:
conditions:
description: Conditions describe the current condition of this listener.
description: Conditions describe the current condition of this
listener.
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
description: "Condition contains details for one aspect of
the current state of this API Resource. --- This struct
is intended for direct use as an array at the field path
.status.conditions. For example, type FooStatus struct{
\ // Represents the observations of a foo's current state.
\ // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type
\ // +patchStrategy=merge // +listType=map //
+listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
\n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should
be when the underlying condition changed. If that is
not known, then using the time when the API field changed
is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance,
if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the
current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
description: reason contains a programmatic identifier
indicating the reason for the condition's last transition.
Producers of specific condition types may define expected
values and meanings for this field, and whether the
values are considered a guaranteed API. The value should
be a CamelCase string. This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
description: status of the condition, one of True, False,
Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across
resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability
to deconflict is important. The regex it matches is
(dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -377,18 +649,21 @@ spec:
- type
x-kubernetes-list-type: map
hostname:
description: Hostname is the Listener hostname value for which this message is reporting the status.
description: Hostname is the Listener hostname value for which
this message is reporting the status.
maxLength: 253
minLength: 1
type: string
port:
description: Port is the unique Listener port value for which this message is reporting the status.
description: Port is the unique Listener port value for which
this message is reporting the status.
format: int32
maximum: 65535
minimum: 1
type: integer
protocol:
description: Protocol is the Listener protocol value for which this message is reporting the status.
description: Protocol is the Listener protocol value for which
this message is reporting the status.
type: string
required:
- conditions

559
docs/content/reference/dynamic-configuration/networking.x-k8s.io_httproutes.yaml
View File

@@ -4,12 +4,14 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
controller-gen.kubebuilder.io/version: v0.5.0
creationTimestamp: null
name: httproutes.networking.x-k8s.io
spec:
group: networking.x-k8s.io
names:
categories:
- gateway-api
kind: HTTPRoute
listKind: HTTPRouteList
plural: httproutes
@@ -20,16 +22,23 @@ spec:
- jsonPath: .spec.hostnames
name: Hostnames
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: HTTPRoute is the Schema for the HTTPRoute resource.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
@@ -43,16 +52,24 @@ spec:
properties:
allow:
default: SameNamespace
description: 'Allow indicates which Gateways will be allowed to use this route. Possible values are: * All: Gateways in any namespace can use this route. * FromList: Only Gateways specified in GatewayRefs may use this route. * SameNamespace: Only Gateways in the same namespace may use this route.'
description: 'Allow indicates which Gateways will be allowed to
use this route. Possible values are: * All: Gateways in any
namespace can use this route. * FromList: Only Gateways specified
in GatewayRefs may use this route. * SameNamespace: Only Gateways
in the same namespace may use this route.'
enum:
- All
- FromList
- SameNamespace
type: string
gatewayRefs:
description: GatewayRefs must be specified when Allow is set to "FromList". In that case, only Gateways referenced in this list will be allowed to use this route. This field is ignored for other values of "Allow".
description: GatewayRefs must be specified when Allow is set to
"FromList". In that case, only Gateways referenced in this list
will be allowed to use this route. This field is ignored for
other values of "Allow".
items:
description: GatewayReference identifies a Gateway in a specified namespace.
description: GatewayReference identifies a Gateway in a specified
namespace.
properties:
name:
description: Name is the name of the referent.
@@ -71,9 +88,29 @@ spec:
type: array
type: object
hostnames:
description: "Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request. Hostname is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the \"host\" part of the URI as defined in the RFC: \n 1. IPs are not allowed. 2. The `:` delimiter is not respected because ports are not allowed. \n Incoming requests are matched against the hostnames before the HTTPRoute rules. If no hostname is specified, traffic is routed based on the HTTPRouteRules. \n Hostname can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`). The wildcard character `*` must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == `*`). Requests will be matched against the Host field in the following order: \n 1. If Host is precise, the request matches this rule if the HTTP Host header is equal to Host. 2. If Host is a wildcard, then the request matches this rule if the HTTP Host header is to equal to the suffix (removing the first label) of the wildcard rule. \n Support: Core"
description: "Hostnames defines a set of hostname that should match
against the HTTP Host header to select a HTTPRoute to process the
request. Hostname is the fully qualified domain name of a network
host, as defined by RFC 3986. Note the following deviations from
the \"host\" part of the URI as defined in the RFC: \n 1. IPs are
not allowed. 2. The `:` delimiter is not respected because ports
are not allowed. \n Incoming requests are matched against the hostnames
before the HTTPRoute rules. If no hostname is specified, traffic
is routed based on the HTTPRouteRules. \n Hostname can be \"precise\"
which is a domain name without the terminating dot of a network
host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
name prefixed with a single wildcard label (e.g. `*.example.com`).
The wildcard character `*` must appear by itself as the first DNS
label and matches only a single label. You cannot have a wildcard
label by itself (e.g. Host == `*`). Requests will be matched against
the Host field in the following order: \n 1. If Host is precise,
the request matches this rule if the HTTP Host header is equal
to Host. 2. If Host is a wildcard, then the request matches this
rule if the HTTP Host header is to equal to the suffix (removing
the first label) of the wildcard rule. \n Support: Core"
items:
description: Hostname is used to specify a hostname that should be matched.
description: Hostname is used to specify a hostname that should
be matched.
maxLength: 253
minLength: 1
type: string
@@ -87,15 +124,40 @@ spec:
value: /
description: Rules are a list of HTTP matchers, filters and actions.
items:
description: HTTPRouteRule defines semantics for matching an HTTP request based on conditions, optionally executing additional processing steps, and forwarding the request to an API object.
description: HTTPRouteRule defines semantics for matching an HTTP
request based on conditions, optionally executing additional processing
steps, and forwarding the request to an API object.
properties:
filters:
description: "Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or custom conformance. \n Support: Core"
description: "Filters define the filters that are applied to
requests that match this rule. \n The effects of ordering
of multiple behaviors are currently unspecified. This can
change in the future based on feedback during the alpha stage.
\n Conformance-levels at this level are defined based on the
type of filter: \n - ALL core filters MUST be supported by
all implementations. - Implementers are encouraged to support
extended filters. - Implementation-specific custom filters
have no API guarantees across implementations. \n Specifying
a core filter multiple times has unspecified or custom conformance.
\n Support: Core"
items:
description: 'HTTPRouteFilter defines additional processing steps that must be completed during the request or response lifecycle. HTTPRouteFilters are meant as an extension point to express additional processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter. TODO(hbagdi): re-render CRDs once controller-tools supports union tags: - https://github.com/kubernetes-sigs/controller-tools/pull/298 - https://github.com/kubernetes-sigs/controller-tools/issues/461'
description: 'HTTPRouteFilter defines additional processing
steps that must be completed during the request or response
lifecycle. HTTPRouteFilters are meant as an extension point
to express additional processing that may be done in Gateway
implementations. Some examples include request or response
modification, implementing authentication strategies, rate-limiting,
and traffic shaping. API guarantee/conformance is defined
based on the type of the filter. TODO(hbagdi): re-render
CRDs once controller-tools supports union tags: - https://github.com/kubernetes-sigs/controller-tools/pull/298
- https://github.com/kubernetes-sigs/controller-tools/issues/461'
properties:
extensionRef:
description: "ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.acme.io\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific"
description: "ExtensionRef is an optional, implementation-specific
extension to the \"filter\" behavior. For example,
resource \"myroutefilter\" in group \"networking.acme.io\").
ExtensionRef MUST NOT be used for core and extended
filters. \n Support: Implementation-specific"
properties:
group:
description: Group is the group of the referent.
@@ -118,15 +180,30 @@ spec:
- name
type: object
requestHeaderModifier:
description: "RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core"
description: "RequestHeaderModifier defines a schema for
a filter that modifies request headers. \n Support:
Core"
properties:
add:
additionalProperties:
type: string
description: "Add adds the given header (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: {\"my-header\": \"bar\"} \n Output: GET /foo HTTP/1.1 my-header: foo my-header: bar \n Support: Extended"
description: "Add adds the given header (name, value)
to the request before the action. It appends to
any existing values associated with the header name.
\n Input: GET /foo HTTP/1.1 my-header: foo \n
Config: add: {\"my-header\": \"bar\"} \n Output:
\ GET /foo HTTP/1.1 my-header: foo my-header:
bar \n Support: Extended"
type: object
remove:
description: "Remove the given header(s) from the HTTP request before the action. The value of RemoveHeader is a list of HTTP header names. Note that the header names are case-insensitive [RFC-2616 4.2]. \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar \n Support: Extended"
description: "Remove the given header(s) from the
HTTP request before the action. The value of RemoveHeader
is a list of HTTP header names. Note that the header
names are case-insensitive [RFC-2616 4.2]. \n Input:
\ GET /foo HTTP/1.1 my-header1: foo my-header2:
bar my-header3: baz \n Config: remove: [\"my-header1\",
\"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
bar \n Support: Extended"
items:
type: string
maxItems: 16
@@ -134,14 +211,28 @@ spec:
set:
additionalProperties:
type: string
description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: {\"my-header\": \"bar\"} \n Output: GET /foo HTTP/1.1 my-header: bar \n Support: Extended"
description: "Set overwrites the request with the
given header (name, value) before the action. \n
Input: GET /foo HTTP/1.1 my-header: foo \n Config:
\ set: {\"my-header\": \"bar\"} \n Output: GET
/foo HTTP/1.1 my-header: bar \n Support: Extended"
type: object
type: object
requestMirror:
description: "RequestMirror defines a schema for a filter that mirrors requests. \n Support: Extended"
description: "RequestMirror defines a schema for a filter
that mirrors requests. \n Support: Extended"
properties:
backendRef:
description: "BackendRef is a local object reference to mirror matched requests to. If both BackendRef and ServiceName are specified, ServiceName will be given precedence. \n If the referent cannot be found, the rule is not included in the route. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n Support: Custom"
description: "BackendRef is a local object reference
to mirror matched requests to. If both BackendRef
and ServiceName are specified, ServiceName will
be given precedence. \n If the referent cannot be
found, the rule is not included in the route. The
controller should raise the \"ResolvedRefs\" condition
on the Gateway with the \"DegradedRoutes\" reason.
The gateway status for this route should be updated
with a condition that describes the error more specifically.
\n Support: Custom"
properties:
group:
description: Group is the group of the referent.
@@ -164,18 +255,51 @@ spec:
- name
type: object
port:
description: "Port specifies the destination port number to use for the backend referenced by the ServiceName or BackendRef field. \n If unspecified, the destination port in the request is used when forwarding to a backendRef or serviceName."
description: "Port specifies the destination port
number to use for the backend referenced by the
ServiceName or BackendRef field. \n If unspecified,
the destination port in the request is used when
forwarding to a backendRef or serviceName."
format: int32
maximum: 65535
minimum: 1
type: integer
serviceName:
description: "ServiceName refers to the name of the Service to mirror matched requests to. When specified, this takes the place of BackendRef. If both BackendRef and ServiceName are specified, ServiceName will be given precedence. \n If the referent cannot be found, the rule is not included in the route. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n Support: Core"
description: "ServiceName refers to the name of the
Service to mirror matched requests to. When specified,
this takes the place of BackendRef. If both BackendRef
and ServiceName are specified, ServiceName will
be given precedence. \n If the referent cannot be
found, the rule is not included in the route. The
controller should raise the \"ResolvedRefs\" condition
on the Gateway with the \"DegradedRoutes\" reason.
The gateway status for this route should be updated
with a condition that describes the error more specifically.
\n Support: Core"
maxLength: 253
type: string
type: object
type:
description: "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Custom: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior."
description: "Type identifies the type of filter to apply.
As with other API fields, types are classified into
three conformance levels: \n - Core: Filter types and
their corresponding configuration defined by \"Support:
Core\" in this package, e.g. \"RequestHeaderModifier\".
All implementations must support core filters. \n
- Extended: Filter types and their corresponding configuration
defined by \"Support: Extended\" in this package,
e.g. \"RequestMirror\". Implementers are encouraged
to support extended filters. \n - Custom: Filters that
are defined and supported by specific vendors. In
the future, filters showing convergence in behavior
across multiple implementations will be considered
for inclusion in extended or core conformance levels.
Filter-specific configuration for such filters is
specified using the ExtensionRef field. `Type` should
be set to \"ExtensionRef\" for custom filters. \n
Implementers are encouraged to define custom implementation
types to extend the core API with implementation-specific
behavior."
enum:
- RequestHeaderModifier
- RequestMirror
@@ -187,12 +311,25 @@ spec:
maxItems: 16
type: array
forwardTo:
description: ForwardTo defines the backend(s) where matching requests should be sent. If unspecified, the rule performs no forwarding. If unspecified and no filters are specified that would result in a response being sent, a 503 error code is returned.
description: ForwardTo defines the backend(s) where matching
requests should be sent. If unspecified, the rule performs
no forwarding. If unspecified and no filters are specified
that would result in a response being sent, a 503 error code
is returned.
items:
description: HTTPRouteForwardTo defines how a HTTPRoute should forward a request.
description: HTTPRouteForwardTo defines how a HTTPRoute should
forward a request.
properties:
backendRef:
description: "BackendRef is a reference to a backend to forward matched requests to. If both BackendRef and ServiceName are specified, ServiceName will be given precedence. \n If the referent cannot be found, the route must be dropped from the Gateway. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n Support: Custom"
description: "BackendRef is a reference to a backend to
forward matched requests to. If both BackendRef and
ServiceName are specified, ServiceName will be given
precedence. \n If the referent cannot be found, the
route must be dropped from the Gateway. The controller
should raise the \"ResolvedRefs\" condition on the Gateway
with the \"DegradedRoutes\" reason. The gateway status
for this route should be updated with a condition that
describes the error more specifically. \n Support: Custom"
properties:
group:
description: Group is the group of the referent.
@@ -215,12 +352,31 @@ spec:
- name
type: object
filters:
description: "Filters defined at this-level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Custom (For broader support of filters, use the Filters field in HTTPRouteRule.)"
description: "Filters defined at this-level should be
executed if and only if the request is being forwarded
to the backend defined here. \n Support: Custom (For
broader support of filters, use the Filters field in
HTTPRouteRule.)"
items:
description: 'HTTPRouteFilter defines additional processing steps that must be completed during the request or response lifecycle. HTTPRouteFilters are meant as an extension point to express additional processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter. TODO(hbagdi): re-render CRDs once controller-tools supports union tags: - https://github.com/kubernetes-sigs/controller-tools/pull/298 - https://github.com/kubernetes-sigs/controller-tools/issues/461'
description: 'HTTPRouteFilter defines additional processing
steps that must be completed during the request or
response lifecycle. HTTPRouteFilters are meant as
an extension point to express additional processing
that may be done in Gateway implementations. Some
examples include request or response modification,
implementing authentication strategies, rate-limiting,
and traffic shaping. API guarantee/conformance is
defined based on the type of the filter. TODO(hbagdi):
re-render CRDs once controller-tools supports union
tags: - https://github.com/kubernetes-sigs/controller-tools/pull/298
- https://github.com/kubernetes-sigs/controller-tools/issues/461'
properties:
extensionRef:
description: "ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.acme.io\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific"
description: "ExtensionRef is an optional, implementation-specific
extension to the \"filter\" behavior. For example,
resource \"myroutefilter\" in group \"networking.acme.io\").
ExtensionRef MUST NOT be used for core and extended
filters. \n Support: Implementation-specific"
properties:
group:
description: Group is the group of the referent.
@@ -243,15 +399,32 @@ spec:
- name
type: object
requestHeaderModifier:
description: "RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core"
description: "RequestHeaderModifier defines a schema
for a filter that modifies request headers. \n
Support: Core"
properties:
add:
additionalProperties:
type: string
description: "Add adds the given header (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: {\"my-header\": \"bar\"} \n Output: GET /foo HTTP/1.1 my-header: foo my-header: bar \n Support: Extended"
description: "Add adds the given header (name,
value) to the request before the action. It
appends to any existing values associated
with the header name. \n Input: GET /foo
HTTP/1.1 my-header: foo \n Config: add:
{\"my-header\": \"bar\"} \n Output: GET
/foo HTTP/1.1 my-header: foo my-header:
bar \n Support: Extended"
type: object
remove:
description: "Remove the given header(s) from the HTTP request before the action. The value of RemoveHeader is a list of HTTP header names. Note that the header names are case-insensitive [RFC-2616 4.2]. \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar \n Support: Extended"
description: "Remove the given header(s) from
the HTTP request before the action. The value
of RemoveHeader is a list of HTTP header names.
Note that the header names are case-insensitive
[RFC-2616 4.2]. \n Input: GET /foo HTTP/1.1
\ my-header1: foo my-header2: bar my-header3:
baz \n Config: remove: [\"my-header1\",
\"my-header3\"] \n Output: GET /foo HTTP/1.1
\ my-header2: bar \n Support: Extended"
items:
type: string
maxItems: 16
@@ -259,14 +432,30 @@ spec:
set:
additionalProperties:
type: string
description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: {\"my-header\": \"bar\"} \n Output: GET /foo HTTP/1.1 my-header: bar \n Support: Extended"
description: "Set overwrites the request with
the given header (name, value) before the
action. \n Input: GET /foo HTTP/1.1 my-header:
foo \n Config: set: {\"my-header\": \"bar\"}
\n Output: GET /foo HTTP/1.1 my-header:
bar \n Support: Extended"
type: object
type: object
requestMirror:
description: "RequestMirror defines a schema for a filter that mirrors requests. \n Support: Extended"
description: "RequestMirror defines a schema for
a filter that mirrors requests. \n Support: Extended"
properties:
backendRef:
description: "BackendRef is a local object reference to mirror matched requests to. If both BackendRef and ServiceName are specified, ServiceName will be given precedence. \n If the referent cannot be found, the rule is not included in the route. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n Support: Custom"
description: "BackendRef is a local object reference
to mirror matched requests to. If both BackendRef
and ServiceName are specified, ServiceName
will be given precedence. \n If the referent
cannot be found, the rule is not included
in the route. The controller should raise
the \"ResolvedRefs\" condition on the Gateway
with the \"DegradedRoutes\" reason. The gateway
status for this route should be updated with
a condition that describes the error more
specifically. \n Support: Custom"
properties:
group:
description: Group is the group of the referent.
@@ -289,18 +478,54 @@ spec:
- name
type: object
port:
description: "Port specifies the destination port number to use for the backend referenced by the ServiceName or BackendRef field. \n If unspecified, the destination port in the request is used when forwarding to a backendRef or serviceName."
description: "Port specifies the destination
port number to use for the backend referenced
by the ServiceName or BackendRef field. \n
If unspecified, the destination port in the
request is used when forwarding to a backendRef
or serviceName."
format: int32
maximum: 65535
minimum: 1
type: integer
serviceName:
description: "ServiceName refers to the name of the Service to mirror matched requests to. When specified, this takes the place of BackendRef. If both BackendRef and ServiceName are specified, ServiceName will be given precedence. \n If the referent cannot be found, the rule is not included in the route. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n Support: Core"
description: "ServiceName refers to the name
of the Service to mirror matched requests
to. When specified, this takes the place of
BackendRef. If both BackendRef and ServiceName
are specified, ServiceName will be given precedence.
\n If the referent cannot be found, the rule
is not included in the route. The controller
should raise the \"ResolvedRefs\" condition
on the Gateway with the \"DegradedRoutes\"
reason. The gateway status for this route
should be updated with a condition that describes
the error more specifically. \n Support: Core"
maxLength: 253
type: string
type: object
type:
description: "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Custom: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior."
description: "Type identifies the type of filter
to apply. As with other API fields, types are
classified into three conformance levels: \n -
Core: Filter types and their corresponding configuration
defined by \"Support: Core\" in this package,
e.g. \"RequestHeaderModifier\". All implementations
must support core filters. \n - Extended: Filter
types and their corresponding configuration defined
by \"Support: Extended\" in this package, e.g.
\"RequestMirror\". Implementers are encouraged
to support extended filters. \n - Custom: Filters
that are defined and supported by specific vendors.
\ In the future, filters showing convergence
in behavior across multiple implementations
will be considered for inclusion in extended or
core conformance levels. Filter-specific configuration
for such filters is specified using the ExtensionRef
field. `Type` should be set to \"ExtensionRef\"
for custom filters. \n Implementers are encouraged
to define custom implementation types to extend
the core API with implementation-specific behavior."
enum:
- RequestHeaderModifier
- RequestMirror
@@ -312,18 +537,53 @@ spec:
maxItems: 16
type: array
port:
description: "Port specifies the destination port number to use for the backend referenced by the ServiceName or BackendRef field. If unspecified, the destination port in the request is used when forwarding to a backendRef or serviceName. \n Support: Core"
description: "Port specifies the destination port number
to use for the backend referenced by the ServiceName
or BackendRef field. If unspecified, the destination
port in the request is used when forwarding to a backendRef
or serviceName. \n Support: Core"
format: int32
maximum: 65535
minimum: 1
type: integer
serviceName:
description: "ServiceName refers to the name of the Service to forward matched requests to. When specified, this takes the place of BackendRef. If both BackendRef and ServiceName are specified, ServiceName will be given precedence. \n If the referent cannot be found, the route must be dropped from the Gateway. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n The protocol to use should be specified with the AppProtocol field on Service resources. This field was introduced in Kubernetes 1.18. If using an earlier version of Kubernetes, a `networking.x-k8s.io/app-protocol` annotation on the BackendPolicy resource may be used to define the protocol. If the AppProtocol field is available, this annotation should not be used. The AppProtocol field, when populated, takes precedence over the annotation in the BackendPolicy resource. For custom backends, it is encouraged to add a semantically-equivalent field in the Custom Resource Definition. \n Support: Core"
description: "ServiceName refers to the name of the Service
to forward matched requests to. When specified, this
takes the place of BackendRef. If both BackendRef and
ServiceName are specified, ServiceName will be given
precedence. \n If the referent cannot be found, the
route must be dropped from the Gateway. The controller
should raise the \"ResolvedRefs\" condition on the Gateway
with the \"DegradedRoutes\" reason. The gateway status
for this route should be updated with a condition that
describes the error more specifically. \n The protocol
to use should be specified with the AppProtocol field
on Service resources. This field was introduced in Kubernetes
1.18. If using an earlier version of Kubernetes, a `networking.x-k8s.io/app-protocol`
annotation on the BackendPolicy resource may be used
to define the protocol. If the AppProtocol field is
available, this annotation should not be used. The AppProtocol
field, when populated, takes precedence over the annotation
in the BackendPolicy resource. For custom backends,
it is encouraged to add a semantically-equivalent field
in the Custom Resource Definition. \n Support: Core"
maxLength: 253
type: string
weight:
default: 1
description: "Weight specifies the proportion of HTTP requests forwarded to the backend referenced by the ServiceName or BackendRef field. This is computed as weight/(sum of all weights in this ForwardTo list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support: Core"
description: "Weight specifies the proportion of HTTP
requests forwarded to the backend referenced by the
ServiceName or BackendRef field. This is computed as
weight/(sum of all weights in this ForwardTo list).
For non-zero values, there may be some epsilon from
the exact proportion defined here depending on the precision
an implementation supports. Weight is not a percentage
and the sum of weights does not need to equal 100. \n
If only one backend is specified and it has a weight
greater than 0, 100% of the traffic is forwarded to
that backend. If weight is set to 0, no traffic should
be forwarded for this entry. If unspecified, weight
defaults to 1. \n Support: Core"
format: int32
maximum: 1000000
minimum: 0
@@ -336,12 +596,55 @@ spec:
- path:
type: Prefix
value: /
description: "Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: values: version: \"2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request should satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: \"2\"` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n A client request may match multiple HTTP route rules. Matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The longest matching hostname. * The longest matching path. * The largest number of header matches * The oldest Route based on creation timestamp. For example, a Route with a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over a Route with a creation timestamp of \"2020-09-08 01:02:04\". * The Route appearing first in alphabetical order (namespace/name) for example, foo/bar is given precedence over foo/baz."
description: "Matches define conditions used for matching the
rule against incoming HTTP requests. Each match is independent,
i.e. this rule will be matched if **any** one of the matches
is satisfied. \n For example, take the following matches configuration:
\n ``` matches: - path: value: \"/foo\" headers: values:
\ version: \"2\" - path: value: \"/v2/foo\" ``` \n
For a request to match against this rule, a request should
satisfy EITHER of the two conditions: \n - path prefixed with
`/foo` AND contains the header `version: \"2\"` - path prefix
of `/v2/foo` \n See the documentation for HTTPRouteMatch on
how to specify multiple match conditions that should be ANDed
together. \n If no matches are specified, the default is a
prefix path match on \"/\", which has the effect of matching
every HTTP request. \n Each client request MUST map to a maximum
of one route rule. If a request matches multiple rules, matching
precedence MUST be determined in order of the following criteria,
continuing on ties: \n * The longest matching hostname. *
The longest matching path. * The largest number of header
matches. \n If ties still exist across multiple Routes, matching
precedence MUST be determined in order of the following criteria,
continuing on ties: \n * The oldest Route based on creation
timestamp. For example, a Route with a creation timestamp
of \"2020-09-08 01:02:03\" is given precedence over a Route
with a creation timestamp of \"2020-09-08 01:02:04\". * The
Route appearing first in alphabetical order by \"<namespace>/<name>\".
For example, foo/bar is given precedence over foo/baz. \n
If ties still exist within the Route that has been given precedence,
matching precedence MUST be granted to the first matching
rule meeting the above criteria."
items:
description: "HTTPRouteMatch defines the predicate used to match requests to a given action. Multiple match types are ANDed together, i.e. the match will evaluate to true only if all conditions are satisfied. \n For example, the match below will match a HTTP request only if its path starts with `/foo` AND it contains the `version: \"1\"` header: \n ``` match: path: value: \"/foo\" headers: values: version: \"1\" ```"
description: "HTTPRouteMatch defines the predicate used to
match requests to a given action. Multiple match types are
ANDed together, i.e. the match will evaluate to true only
if all conditions are satisfied. \n For example, the match
below will match a HTTP request only if its path starts
with `/foo` AND it contains the `version: \"1\"` header:
\n ``` match: path: value: \"/foo\" headers: values:
\ version: \"1\" ```"
properties:
extensionRef:
description: "ExtensionRef is an optional, implementation-specific extension to the \"match\" behavior. For example, resource \"myroutematcher\" in group \"networking.acme.io\". If the referent cannot be found, the rule is not included in the route. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n Support: Custom"
description: "ExtensionRef is an optional, implementation-specific
extension to the \"match\" behavior. For example, resource
\"myroutematcher\" in group \"networking.acme.io\".
If the referent cannot be found, the rule is not included
in the route. The controller should raise the \"ResolvedRefs\"
condition on the Gateway with the \"DegradedRoutes\"
reason. The gateway status for this route should be
updated with a condition that describes the error more
specifically. \n Support: Custom"
properties:
group:
description: Group is the group of the referent.
@@ -368,7 +671,15 @@ spec:
properties:
type:
default: Exact
description: "Type specifies how to match against the value of the header. \n Support: Core (Exact) \n Support: Custom (RegularExpression, ImplementationSpecific) \n Since RegularExpression PathType has custom conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect. \n HTTP Header name matching MUST be case-insensitive (RFC 2616 - section 4.2)."
description: "Type specifies how to match against
the value of the header. \n Support: Core (Exact)
\n Support: Custom (RegularExpression, ImplementationSpecific)
\n Since RegularExpression PathType has custom conformance,
implementations can support POSIX, PCRE or any other
dialects of regular expressions. Please read the
implementation's documentation to determine the
supported dialect. \n HTTP Header name matching
MUST be case-insensitive (RFC 2616 - section 4.2)."
enum:
- Exact
- RegularExpression
@@ -377,7 +688,14 @@ spec:
values:
additionalProperties:
type: string
description: "Values is a map of HTTP Headers to be matched. It MUST contain at least one entry. \n The HTTP header field name to match is the map key, and the value of the HTTP header is the map value. HTTP header field name matching MUST be case-insensitive. \n Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route."
description: "Values is a map of HTTP Headers to be
matched. It MUST contain at least one entry. \n
The HTTP header field name to match is the map key,
and the value of the HTTP header is the map value.
HTTP header field name matching MUST be case-insensitive.
\n Multiple match values are ANDed together, meaning,
a request must match all the specified headers to
select the route."
type: object
required:
- values
@@ -386,11 +704,20 @@ spec:
default:
type: Prefix
value: /
description: Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the "/" path is provided.
description: Path specifies a HTTP request path matcher.
If this field is not specified, a default prefix match
on the "/" path is provided.
properties:
type:
default: Prefix
description: "Type specifies how to match against the path Value. \n Support: Core (Exact, Prefix) \n Support: Custom (RegularExpression, ImplementationSpecific) \n Since RegularExpression PathType has custom conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect."
description: "Type specifies how to match against
the path Value. \n Support: Core (Exact, Prefix)
\n Support: Custom (RegularExpression, ImplementationSpecific)
\n Since RegularExpression PathType has custom conformance,
implementations can support POSIX, PCRE or any other
dialects of regular expressions. Please read the
implementation's documentation to determine the
supported dialect."
enum:
- Exact
- Prefix
@@ -398,11 +725,46 @@ spec:
- ImplementationSpecific
type: string
value:
default: /
description: Value of the HTTP path to match against.
minLength: 1
type: string
type: object
queryParams:
description: QueryParams specifies a HTTP query parameter
matcher.
properties:
type:
default: Exact
description: "Type specifies how to match against
the value of the query parameter. \n Support: Extended
(Exact) \n Support: Custom (RegularExpression, ImplementationSpecific)
\n Since RegularExpression QueryParamMatchType has
custom conformance, implementations can support
POSIX, PCRE or any other dialects of regular expressions.
Please read the implementation's documentation to
determine the supported dialect."
enum:
- Exact
- RegularExpression
- ImplementationSpecific
type: string
values:
additionalProperties:
type: string
description: "Values is a map of HTTP query parameters
to be matched. It MUST contain at least one entry.
\n The query parameter name to match is the map
key, and the value of the query parameter is the
map value. \n Multiple match values are ANDed together,
meaning, a request must match all the specified
query parameters to select the route. \n HTTP query
parameter matching MUST be case-sensitive for both
keys and values. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
\n Note that the query parameter key MUST always
be an exact match by string comparison."
type: object
required:
- value
- values
type: object
type: object
maxItems: 8
@@ -411,10 +773,31 @@ spec:
maxItems: 16
type: array
tls:
description: "TLS defines the TLS certificate to use for Hostnames defined in this Route. This configuration only takes effect if the AllowRouteOverride field is set to true in the associated Gateway resource. \n Collisions can happen if multiple HTTPRoutes define a TLS certificate for the same hostname. In such a case, conflict resolution guiding principles apply, specifically, if hostnames are same and two different certificates are specified then the certificate in the oldest resource wins. \n Please note that HTTP Route-selection takes place after the TLS Handshake (ClientHello). Due to this, TLS certificate defined here will take precedence even if the request has the potential to match multiple routes (in case multiple HTTPRoutes share the same hostname). \n Support: Core"
description: "TLS defines the TLS certificate to use for Hostnames
defined in this Route. This configuration only takes effect if the
AllowRouteOverride field is set to true in the associated Gateway
resource. \n Collisions can happen if multiple HTTPRoutes define
a TLS certificate for the same hostname. In such a case, conflict
resolution guiding principles apply, specifically, if hostnames
are same and two different certificates are specified then the certificate
in the oldest resource wins. \n Please note that HTTP Route-selection
takes place after the TLS Handshake (ClientHello). Due to this,
TLS certificate defined here will take precedence even if the request
has the potential to match multiple routes (in case multiple HTTPRoutes
share the same hostname). \n Support: Core"
properties:
certificateRef:
description: "CertificateRef refers to a Kubernetes object that contains a TLS certificate and private key. This certificate MUST be used for TLS handshakes for the domain this RouteTLSConfig is associated with. If an entry in this list omits or specifies the empty string for both the group and kind, the resource defaults to \"secrets\". An implementation may support other resources (for example, resource \"mycertificates\" in group \"networking.acme.io\"). \n Support: Core (Kubernetes Secrets) \n Support: Implementation-specific (Other resource types)"
description: "CertificateRef is a reference to a Kubernetes object
that contains a TLS certificate and private key. This certificate
is used to establish a TLS handshake for requests that match
the hostname of the associated HTTPRoute. The referenced object
MUST reside in the same namespace as HTTPRoute. \n This field
is required when the TLS configuration mode of the associated
Gateway listener is set to \"Passthrough\". \n CertificateRef
can reference a standard Kubernetes resource, i.e. Secret, or
an implementation-specific custom resource. \n Support: Core
(Kubernetes Secrets) \n Support: Implementation-specific (Other
resource types)"
properties:
group:
description: Group is the group of the referent.
@@ -444,43 +827,87 @@ spec:
description: Status defines the current state of HTTPRoute.
properties:
gateways:
description: "Gateways is a list of Gateways that are associated with the route, and the status of the route with respect to each Gateway. When a Gateway selects this route, the controller that manages the Gateway must add an entry to this list when the controller first sees the route and should update the entry as appropriate when the route is modified. \n A maximum of 100 Gateways will be represented in this list. If this list is full, there may be additional Gateways using this Route that are not included in the list. An empty list means the route has not been admitted by any Gateway."
description: "Gateways is a list of Gateways that are associated with
the route, and the status of the route with respect to each Gateway.
When a Gateway selects this route, the controller that manages the
Gateway must add an entry to this list when the controller first
sees the route and should update the entry as appropriate when the
route is modified. \n A maximum of 100 Gateways will be represented
in this list. If this list is full, there may be additional Gateways
using this Route that are not included in the list. An empty list
means the route has not been admitted by any Gateway."
items:
description: RouteGatewayStatus describes the status of a route with respect to an associated Gateway.
description: RouteGatewayStatus describes the status of a route
with respect to an associated Gateway.
properties:
conditions:
description: Conditions describes the status of the route with respect to the Gateway. The "Admitted" condition must always be specified by controllers to indicate whether the route has been admitted or rejected by the Gateway, and why. Note that the route's availability is also subject to the Gateway's own status conditions and listener status.
description: Conditions describes the status of the route with
respect to the Gateway. The "Admitted" condition must always
be specified by controllers to indicate whether the route
has been admitted or rejected by the Gateway, and why. Note
that the route's availability is also subject to the Gateway's
own status conditions and listener status.
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
description: "Condition contains details for one aspect of
the current state of this API Resource. --- This struct
is intended for direct use as an array at the field path
.status.conditions. For example, type FooStatus struct{
\ // Represents the observations of a foo's current state.
\ // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type
\ // +patchStrategy=merge // +listType=map //
+listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
\n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should
be when the underlying condition changed. If that is
not known, then using the time when the API field changed
is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance,
if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the
current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
description: reason contains a programmatic identifier
indicating the reason for the condition's last transition.
Producers of specific condition types may define expected
values and meanings for this field, and whether the
values are considered a guaranteed API. The value should
be a CamelCase string. This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
description: status of the condition, one of True, False,
Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across
resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability
to deconflict is important. The regex it matches is
(dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -497,8 +924,18 @@ spec:
- type
x-kubernetes-list-type: map
gatewayRef:
description: GatewayRef is a reference to a Gateway object that is associated with the route.
description: GatewayRef is a reference to a Gateway object that
is associated with the route.
properties:
controller:
description: "Controller is a domain/path string that indicates
the controller implementing the Gateway. This corresponds
with the controller field on GatewayClass. \n Example:
\"acme.io/gateway-controller\". \n The format of this
field is DOMAIN \"/\" PATH, where DOMAIN and PATH are
valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)."
maxLength: 253
type: string
name:
description: Name is the name of the referent.
maxLength: 253

201
docs/content/reference/dynamic-configuration/networking.x-k8s.io_tcproutes.yaml
View File

@@ -4,28 +4,38 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
controller-gen.kubebuilder.io/version: v0.5.0
creationTimestamp: null
name: tcproutes.networking.x-k8s.io
spec:
group: networking.x-k8s.io
names:
categories:
- gateway-api
kind: TCPRoute
listKind: TCPRouteList
plural: tcproutes
singular: tcproute
scope: Namespaced
versions:
- name: v1alpha1
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: TCPRoute is the Schema for the TCPRoute resource.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
@@ -39,16 +49,24 @@ spec:
properties:
allow:
default: SameNamespace
description: 'Allow indicates which Gateways will be allowed to use this route. Possible values are: * All: Gateways in any namespace can use this route. * FromList: Only Gateways specified in GatewayRefs may use this route. * SameNamespace: Only Gateways in the same namespace may use this route.'
description: 'Allow indicates which Gateways will be allowed to
use this route. Possible values are: * All: Gateways in any
namespace can use this route. * FromList: Only Gateways specified
in GatewayRefs may use this route. * SameNamespace: Only Gateways
in the same namespace may use this route.'
enum:
- All
- FromList
- SameNamespace
type: string
gatewayRefs:
description: GatewayRefs must be specified when Allow is set to "FromList". In that case, only Gateways referenced in this list will be allowed to use this route. This field is ignored for other values of "Allow".
description: GatewayRefs must be specified when Allow is set to
"FromList". In that case, only Gateways referenced in this list
will be allowed to use this route. This field is ignored for
other values of "Allow".
items:
description: GatewayReference identifies a Gateway in a specified namespace.
description: GatewayReference identifies a Gateway in a specified
namespace.
properties:
name:
description: Name is the name of the referent.
@@ -72,12 +90,22 @@ spec:
description: TCPRouteRule is the configuration for a given rule.
properties:
forwardTo:
description: ForwardTo defines the backend(s) where matching requests should be sent.
description: ForwardTo defines the backend(s) where matching
requests should be sent.
items:
description: RouteForwardTo defines how a Route should forward a request.
description: RouteForwardTo defines how a Route should forward
a request.
properties:
backendRef:
description: "BackendRef is a reference to a backend to forward matched requests to. If both BackendRef and ServiceName are specified, ServiceName will be given precedence. \n If the referent cannot be found, the rule is not included in the route. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n Support: Custom"
description: "BackendRef is a reference to a backend to
forward matched requests to. If both BackendRef and
ServiceName are specified, ServiceName will be given
precedence. \n If the referent cannot be found, the
rule is not included in the route. The controller should
raise the \"ResolvedRefs\" condition on the Gateway
with the \"DegradedRoutes\" reason. The gateway status
for this route should be updated with a condition that
describes the error more specifically. \n Support: Custom"
properties:
group:
description: Group is the group of the referent.
@@ -100,18 +128,53 @@ spec:
- name
type: object
port:
description: "Port specifies the destination port number to use for the backend referenced by the ServiceName or BackendRef field. If unspecified, the destination port in the request is used when forwarding to a backendRef or serviceName. \n Support: Core"
description: "Port specifies the destination port number
to use for the backend referenced by the ServiceName
or BackendRef field. If unspecified, the destination
port in the request is used when forwarding to a backendRef
or serviceName. \n Support: Core"
format: int32
maximum: 65535
minimum: 1
type: integer
serviceName:
description: "ServiceName refers to the name of the Service to forward matched requests to. When specified, this takes the place of BackendRef. If both BackendRef and ServiceName are specified, ServiceName will be given precedence. \n If the referent cannot be found, the rule is not included in the route. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n The protocol to use is defined using AppProtocol field (introduced in Kubernetes 1.18) in the Service resource. In the absence of the AppProtocol field a `networking.x-k8s.io/app-protocol` annotation on the BackendPolicy resource may be used to define the protocol. If the AppProtocol field is available, this annotation should not be used. The AppProtocol field, when populated, takes precedence over the annotation in the BackendPolicy resource. For custom backends, it is encouraged to add a semantically-equivalent field in the Custom Resource Definition. \n Support: Core"
description: "ServiceName refers to the name of the Service
to forward matched requests to. When specified, this
takes the place of BackendRef. If both BackendRef and
ServiceName are specified, ServiceName will be given
precedence. \n If the referent cannot be found, the
rule is not included in the route. The controller should
raise the \"ResolvedRefs\" condition on the Gateway
with the \"DegradedRoutes\" reason. The gateway status
for this route should be updated with a condition that
describes the error more specifically. \n The protocol
to use is defined using AppProtocol field (introduced
in Kubernetes 1.18) in the Service resource. In the
absence of the AppProtocol field a `networking.x-k8s.io/app-protocol`
annotation on the BackendPolicy resource may be used
to define the protocol. If the AppProtocol field is
available, this annotation should not be used. The AppProtocol
field, when populated, takes precedence over the annotation
in the BackendPolicy resource. For custom backends,
it is encouraged to add a semantically-equivalent field
in the Custom Resource Definition. \n Support: Core"
maxLength: 253
type: string
weight:
default: 1
description: "Weight specifies the proportion of HTTP requests forwarded to the backend referenced by the ServiceName or BackendRef field. This is computed as weight/(sum of all weights in this ForwardTo list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support: Extended"
description: "Weight specifies the proportion of HTTP
requests forwarded to the backend referenced by the
ServiceName or BackendRef field. This is computed as
weight/(sum of all weights in this ForwardTo list).
For non-zero values, there may be some epsilon from
the exact proportion defined here depending on the precision
an implementation supports. Weight is not a percentage
and the sum of weights does not need to equal 100. \n
If only one backend is specified and it has a weight
greater than 0, 100% of the traffic is forwarded to
that backend. If weight is set to 0, no traffic should
be forwarded for this entry. If unspecified, weight
defaults to 1. \n Support: Extended"
format: int32
maximum: 1000000
minimum: 0
@@ -121,12 +184,42 @@ spec:
minItems: 1
type: array
matches:
description: Matches define conditions used for matching the rule against incoming TCP connections. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. If unspecified, all requests from the associated gateway TCP listener will match.
description: "Matches define conditions used for matching the
rule against incoming TCP connections. Each match is independent,
i.e. this rule will be matched if **any** one of the matches
is satisfied. If unspecified (i.e. empty), this Rule will
match all requests for the associated Listener. \n Each client
request MUST map to a maximum of one route rule. If a request
matches multiple rules, matching precedence MUST be determined
in order of the following criteria, continuing on ties: \n
* The most specific match specified by ExtensionRef. Each
implementation that supports ExtensionRef may have different
ways of determining the specificity of the referenced extension.
\n If ties still exist across multiple Routes, matching precedence
MUST be determined in order of the following criteria, continuing
on ties: \n * The oldest Route based on creation timestamp.
For example, a Route with a creation timestamp of \"2020-09-08
01:02:03\" is given precedence over a Route with a creation
timestamp of \"2020-09-08 01:02:04\". * The Route appearing
first in alphabetical order by \"<namespace>/<name>\". For
example, foo/bar is given precedence over foo/baz. \n If
ties still exist within the Route that has been given precedence,
matching precedence MUST be granted to the first matching
rule meeting the above criteria."
items:
description: TCPRouteMatch defines the predicate used to match connections to a given action.
description: TCPRouteMatch defines the predicate used to match
connections to a given action.
properties:
extensionRef:
description: "ExtensionRef is an optional, implementation-specific extension to the \"match\" behavior. For example, resource \"mytcproutematcher\" in group \"networking.acme.io\". If the referent cannot be found, the rule is not included in the route. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n Support: Custom"
description: "ExtensionRef is an optional, implementation-specific
extension to the \"match\" behavior. For example, resource
\"mytcproutematcher\" in group \"networking.acme.io\".
If the referent cannot be found, the rule is not included
in the route. The controller should raise the \"ResolvedRefs\"
condition on the Gateway with the \"DegradedRoutes\"
reason. The gateway status for this route should be
updated with a condition that describes the error more
specifically. \n Support: Custom"
properties:
group:
description: Group is the group of the referent.
@@ -164,43 +257,87 @@ spec:
description: Status defines the current state of TCPRoute.
properties:
gateways:
description: "Gateways is a list of Gateways that are associated with the route, and the status of the route with respect to each Gateway. When a Gateway selects this route, the controller that manages the Gateway must add an entry to this list when the controller first sees the route and should update the entry as appropriate when the route is modified. \n A maximum of 100 Gateways will be represented in this list. If this list is full, there may be additional Gateways using this Route that are not included in the list. An empty list means the route has not been admitted by any Gateway."
description: "Gateways is a list of Gateways that are associated with
the route, and the status of the route with respect to each Gateway.
When a Gateway selects this route, the controller that manages the
Gateway must add an entry to this list when the controller first
sees the route and should update the entry as appropriate when the
route is modified. \n A maximum of 100 Gateways will be represented
in this list. If this list is full, there may be additional Gateways
using this Route that are not included in the list. An empty list
means the route has not been admitted by any Gateway."
items:
description: RouteGatewayStatus describes the status of a route with respect to an associated Gateway.
description: RouteGatewayStatus describes the status of a route
with respect to an associated Gateway.
properties:
conditions:
description: Conditions describes the status of the route with respect to the Gateway. The "Admitted" condition must always be specified by controllers to indicate whether the route has been admitted or rejected by the Gateway, and why. Note that the route's availability is also subject to the Gateway's own status conditions and listener status.
description: Conditions describes the status of the route with
respect to the Gateway. The "Admitted" condition must always
be specified by controllers to indicate whether the route
has been admitted or rejected by the Gateway, and why. Note
that the route's availability is also subject to the Gateway's
own status conditions and listener status.
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
description: "Condition contains details for one aspect of
the current state of this API Resource. --- This struct
is intended for direct use as an array at the field path
.status.conditions. For example, type FooStatus struct{
\ // Represents the observations of a foo's current state.
\ // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type
\ // +patchStrategy=merge // +listType=map //
+listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
\n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should
be when the underlying condition changed. If that is
not known, then using the time when the API field changed
is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance,
if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the
current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
description: reason contains a programmatic identifier
indicating the reason for the condition's last transition.
Producers of specific condition types may define expected
values and meanings for this field, and whether the
values are considered a guaranteed API. The value should
be a CamelCase string. This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
description: status of the condition, one of True, False,
Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across
resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability
to deconflict is important. The regex it matches is
(dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -217,8 +354,18 @@ spec:
- type
x-kubernetes-list-type: map
gatewayRef:
description: GatewayRef is a reference to a Gateway object that is associated with the route.
description: GatewayRef is a reference to a Gateway object that
is associated with the route.
properties:
controller:
description: "Controller is a domain/path string that indicates
the controller implementing the Gateway. This corresponds
with the controller field on GatewayClass. \n Example:
\"acme.io/gateway-controller\". \n The format of this
field is DOMAIN \"/\" PATH, where DOMAIN and PATH are
valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)."
maxLength: 253
type: string
name:
description: Name is the name of the referent.
maxLength: 253

234
docs/content/reference/dynamic-configuration/networking.x-k8s.io_tlsroutes.yaml
View File

@@ -4,28 +4,42 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
controller-gen.kubebuilder.io/version: v0.5.0
creationTimestamp: null
name: tlsroutes.networking.x-k8s.io
spec:
group: networking.x-k8s.io
names:
categories:
- gateway-api
kind: TLSRoute
listKind: TLSRouteList
plural: tlsroutes
singular: tlsroute
scope: Namespaced
versions:
- name: v1alpha1
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: "The TLSRoute resource is similar to TCPRoute, but can be configured to match against TLS-specific metadata. This allows more flexibility in matching streams for a given TLS listener. \n If you need to forward traffic to a single target for a TLS listener, you could choose to use a TCPRoute with a TLS listener."
description: "The TLSRoute resource is similar to TCPRoute, but can be configured
to match against TLS-specific metadata. This allows more flexibility in
matching streams for a given TLS listener. \n If you need to forward traffic
to a single target for a TLS listener, you could choose to use a TCPRoute
with a TLS listener."
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
@@ -39,16 +53,24 @@ spec:
properties:
allow:
default: SameNamespace
description: 'Allow indicates which Gateways will be allowed to use this route. Possible values are: * All: Gateways in any namespace can use this route. * FromList: Only Gateways specified in GatewayRefs may use this route. * SameNamespace: Only Gateways in the same namespace may use this route.'
description: 'Allow indicates which Gateways will be allowed to
use this route. Possible values are: * All: Gateways in any
namespace can use this route. * FromList: Only Gateways specified
in GatewayRefs may use this route. * SameNamespace: Only Gateways
in the same namespace may use this route.'
enum:
- All
- FromList
- SameNamespace
type: string
gatewayRefs:
description: GatewayRefs must be specified when Allow is set to "FromList". In that case, only Gateways referenced in this list will be allowed to use this route. This field is ignored for other values of "Allow".
description: GatewayRefs must be specified when Allow is set to
"FromList". In that case, only Gateways referenced in this list
will be allowed to use this route. This field is ignored for
other values of "Allow".
items:
description: GatewayReference identifies a Gateway in a specified namespace.
description: GatewayReference identifies a Gateway in a specified
namespace.
properties:
name:
description: Name is the name of the referent.
@@ -72,12 +94,22 @@ spec:
description: TLSRouteRule is the configuration for a given rule.
properties:
forwardTo:
description: ForwardTo defines the backend(s) where matching requests should be sent.
description: ForwardTo defines the backend(s) where matching
requests should be sent.
items:
description: RouteForwardTo defines how a Route should forward a request.
description: RouteForwardTo defines how a Route should forward
a request.
properties:
backendRef:
description: "BackendRef is a reference to a backend to forward matched requests to. If both BackendRef and ServiceName are specified, ServiceName will be given precedence. \n If the referent cannot be found, the rule is not included in the route. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n Support: Custom"
description: "BackendRef is a reference to a backend to
forward matched requests to. If both BackendRef and
ServiceName are specified, ServiceName will be given
precedence. \n If the referent cannot be found, the
rule is not included in the route. The controller should
raise the \"ResolvedRefs\" condition on the Gateway
with the \"DegradedRoutes\" reason. The gateway status
for this route should be updated with a condition that
describes the error more specifically. \n Support: Custom"
properties:
group:
description: Group is the group of the referent.
@@ -100,18 +132,53 @@ spec:
- name
type: object
port:
description: "Port specifies the destination port number to use for the backend referenced by the ServiceName or BackendRef field. If unspecified, the destination port in the request is used when forwarding to a backendRef or serviceName. \n Support: Core"
description: "Port specifies the destination port number
to use for the backend referenced by the ServiceName
or BackendRef field. If unspecified, the destination
port in the request is used when forwarding to a backendRef
or serviceName. \n Support: Core"
format: int32
maximum: 65535
minimum: 1
type: integer
serviceName:
description: "ServiceName refers to the name of the Service to forward matched requests to. When specified, this takes the place of BackendRef. If both BackendRef and ServiceName are specified, ServiceName will be given precedence. \n If the referent cannot be found, the rule is not included in the route. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n The protocol to use is defined using AppProtocol field (introduced in Kubernetes 1.18) in the Service resource. In the absence of the AppProtocol field a `networking.x-k8s.io/app-protocol` annotation on the BackendPolicy resource may be used to define the protocol. If the AppProtocol field is available, this annotation should not be used. The AppProtocol field, when populated, takes precedence over the annotation in the BackendPolicy resource. For custom backends, it is encouraged to add a semantically-equivalent field in the Custom Resource Definition. \n Support: Core"
description: "ServiceName refers to the name of the Service
to forward matched requests to. When specified, this
takes the place of BackendRef. If both BackendRef and
ServiceName are specified, ServiceName will be given
precedence. \n If the referent cannot be found, the
rule is not included in the route. The controller should
raise the \"ResolvedRefs\" condition on the Gateway
with the \"DegradedRoutes\" reason. The gateway status
for this route should be updated with a condition that
describes the error more specifically. \n The protocol
to use is defined using AppProtocol field (introduced
in Kubernetes 1.18) in the Service resource. In the
absence of the AppProtocol field a `networking.x-k8s.io/app-protocol`
annotation on the BackendPolicy resource may be used
to define the protocol. If the AppProtocol field is
available, this annotation should not be used. The AppProtocol
field, when populated, takes precedence over the annotation
in the BackendPolicy resource. For custom backends,
it is encouraged to add a semantically-equivalent field
in the Custom Resource Definition. \n Support: Core"
maxLength: 253
type: string
weight:
default: 1
description: "Weight specifies the proportion of HTTP requests forwarded to the backend referenced by the ServiceName or BackendRef field. This is computed as weight/(sum of all weights in this ForwardTo list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support: Extended"
description: "Weight specifies the proportion of HTTP
requests forwarded to the backend referenced by the
ServiceName or BackendRef field. This is computed as
weight/(sum of all weights in this ForwardTo list).
For non-zero values, there may be some epsilon from
the exact proportion defined here depending on the precision
an implementation supports. Weight is not a percentage
and the sum of weights does not need to equal 100. \n
If only one backend is specified and it has a weight
greater than 0, 100% of the traffic is forwarded to
that backend. If weight is set to 0, no traffic should
be forwarded for this entry. If unspecified, weight
defaults to 1. \n Support: Extended"
format: int32
maximum: 1000000
minimum: 0
@@ -121,12 +188,45 @@ spec:
minItems: 1
type: array
matches:
description: Matches define conditions used for matching the rule against an incoming TLS handshake. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. If unspecified, all requests from the associated gateway TLS listener will match.
description: "Matches define conditions used for matching the
rule against incoming TLS connections. Each match is independent,
i.e. this rule will be matched if **any** one of the matches
is satisfied. If unspecified (i.e. empty), this Rule will
match all requests for the associated Listener. \n Each client
request MUST map to a maximum of one route rule. If a request
matches multiple rules, matching precedence MUST be determined
in order of the following criteria, continuing on ties: \n
* The longest matching SNI. * The longest matching precise
SNI (without a wildcard). This means that \"b.example.com\"
should be given precedence over \"*.example.com\". * The most
specific match specified by ExtensionRef. Each implementation
\ that supports ExtensionRef may have different ways of determining
the specificity of the referenced extension. \n If ties
still exist across multiple Routes, matching precedence MUST
be determined in order of the following criteria, continuing
on ties: \n * The oldest Route based on creation timestamp.
For example, a Route with a creation timestamp of \"2020-09-08
01:02:03\" is given precedence over a Route with a creation
timestamp of \"2020-09-08 01:02:04\". * The Route appearing
first in alphabetical order by \"<namespace>/<name>\". For
example, foo/bar is given precedence over foo/baz. \n If
ties still exist within the Route that has been given precedence,
matching precedence MUST be granted to the first matching
rule meeting the above criteria."
items:
description: TLSRouteMatch defines the predicate used to match connections to a given action.
description: TLSRouteMatch defines the predicate used to match
connections to a given action.
properties:
extensionRef:
description: "ExtensionRef is an optional, implementation-specific extension to the \"match\" behavior. For example, resource \"mytlsroutematcher\" in group \"networking.acme.io\". If the referent cannot be found, the rule is not included in the route. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n Support: Custom"
description: "ExtensionRef is an optional, implementation-specific
extension to the \"match\" behavior. For example, resource
\"mytlsroutematcher\" in group \"networking.acme.io\".
If the referent cannot be found, the rule is not included
in the route. The controller should raise the \"ResolvedRefs\"
condition on the Gateway with the \"DegradedRoutes\"
reason. The gateway status for this route should be
updated with a condition that describes the error more
specifically. \n Support: Custom"
properties:
group:
description: Group is the group of the referent.
@@ -149,9 +249,29 @@ spec:
- name
type: object
snis:
description: "SNIs defines a set of SNI names that should match against the SNI attribute of TLS ClientHello message in TLS handshake. \n SNI can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`). The wildcard character `*` must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == `*`). \n Requests will be matched against the Host field in the following order: \n 1. If SNI is precise, the request matches this rule if the SNI in ClientHello is equal to one of the defined SNIs. 2. If SNI is a wildcard, then the request matches this rule if the SNI is to equal to the suffix (removing the first label) of the wildcard rule. 3. If SNIs is unspecified, all requests associated with the gateway TLS listener will match. This can be used to define a default backend for a TLS listener. \n Support: Core"
description: "SNIs defines a set of SNI names that should
match against the SNI attribute of TLS ClientHello message
in TLS handshake. \n SNI can be \"precise\" which is
a domain name without the terminating dot of a network
host (e.g. \"foo.example.com\") or \"wildcard\", which
is a domain name prefixed with a single wildcard label
(e.g. `*.example.com`). The wildcard character `*` must
appear by itself as the first DNS label and matches
only a single label. You cannot have a wildcard label
by itself (e.g. Host == `*`). \n Requests will be matched
against the Host field in the following order: \n 1.
If SNI is precise, the request matches this rule if
the SNI in ClientHello is equal to one of the defined
SNIs. 2. If SNI is a wildcard, then the request matches
this rule if the SNI is to equal to the suffix (removing
the first label) of the wildcard rule. 3. If SNIs
is unspecified, all requests associated with the gateway
TLS listener will match. This can be used to define
a default backend for a TLS listener. \n Support:
Core"
items:
description: Hostname is used to specify a hostname that should be matched.
description: Hostname is used to specify a hostname
that should be matched.
maxLength: 253
minLength: 1
type: string
@@ -173,43 +293,87 @@ spec:
description: Status defines the current state of TLSRoute.
properties:
gateways:
description: "Gateways is a list of Gateways that are associated with the route, and the status of the route with respect to each Gateway. When a Gateway selects this route, the controller that manages the Gateway must add an entry to this list when the controller first sees the route and should update the entry as appropriate when the route is modified. \n A maximum of 100 Gateways will be represented in this list. If this list is full, there may be additional Gateways using this Route that are not included in the list. An empty list means the route has not been admitted by any Gateway."
description: "Gateways is a list of Gateways that are associated with
the route, and the status of the route with respect to each Gateway.
When a Gateway selects this route, the controller that manages the
Gateway must add an entry to this list when the controller first
sees the route and should update the entry as appropriate when the
route is modified. \n A maximum of 100 Gateways will be represented
in this list. If this list is full, there may be additional Gateways
using this Route that are not included in the list. An empty list
means the route has not been admitted by any Gateway."
items:
description: RouteGatewayStatus describes the status of a route with respect to an associated Gateway.
description: RouteGatewayStatus describes the status of a route
with respect to an associated Gateway.
properties:
conditions:
description: Conditions describes the status of the route with respect to the Gateway. The "Admitted" condition must always be specified by controllers to indicate whether the route has been admitted or rejected by the Gateway, and why. Note that the route's availability is also subject to the Gateway's own status conditions and listener status.
description: Conditions describes the status of the route with
respect to the Gateway. The "Admitted" condition must always
be specified by controllers to indicate whether the route
has been admitted or rejected by the Gateway, and why. Note
that the route's availability is also subject to the Gateway's
own status conditions and listener status.
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
description: "Condition contains details for one aspect of
the current state of this API Resource. --- This struct
is intended for direct use as an array at the field path
.status.conditions. For example, type FooStatus struct{
\ // Represents the observations of a foo's current state.
\ // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type
\ // +patchStrategy=merge // +listType=map //
+listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
\n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should
be when the underlying condition changed. If that is
not known, then using the time when the API field changed
is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance,
if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the
current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
description: reason contains a programmatic identifier
indicating the reason for the condition's last transition.
Producers of specific condition types may define expected
values and meanings for this field, and whether the
values are considered a guaranteed API. The value should
be a CamelCase string. This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
description: status of the condition, one of True, False,
Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across
resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability
to deconflict is important. The regex it matches is
(dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -226,8 +390,18 @@ spec:
- type
x-kubernetes-list-type: map
gatewayRef:
description: GatewayRef is a reference to a Gateway object that is associated with the route.
description: GatewayRef is a reference to a Gateway object that
is associated with the route.
properties:
controller:
description: "Controller is a domain/path string that indicates
the controller implementing the Gateway. This corresponds
with the controller field on GatewayClass. \n Example:
\"acme.io/gateway-controller\". \n The format of this
field is DOMAIN \"/\" PATH, where DOMAIN and PATH are
valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)."
maxLength: 253
type: string
name:
description: Name is the name of the referent.
maxLength: 253

2
docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutes.yaml
View File

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: ingressroutes.traefik.containo.us
spec:

2
docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutetcps.yaml
View File

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: ingressroutetcps.traefik.containo.us
spec:

2
docs/content/reference/dynamic-configuration/traefik.containo.us_ingressrouteudps.yaml
View File

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: ingressrouteudps.traefik.containo.us
spec:

9
docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml
View File

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: middlewares.traefik.containo.us
spec:
@@ -299,6 +299,7 @@ spec:
type: string
type: object
featurePolicy:
description: 'Deprecated: use PermissionsPolicy instead.'
type: string
forceSTSHeader:
type: boolean
@@ -310,6 +311,8 @@ spec:
type: array
isDevelopment:
type: boolean
permissionsPolicy:
type: string
publicKey:
type: string
referrerPolicy:
@@ -395,7 +398,7 @@ spec:
info configuration.
properties:
issuer:
description: TLSCLientCertificateDNInfo holds the client TLS
description: TLSClientCertificateDNInfo holds the client TLS
certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739
properties:
commonName:
@@ -422,7 +425,7 @@ spec:
serialNumber:
type: boolean
subject:
description: TLSCLientCertificateDNInfo holds the client TLS
description: TLSClientCertificateDNInfo holds the client TLS
certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739
properties:
commonName:

2
docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml
View File

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: middlewaretcps.traefik.containo.us
spec:

6
docs/content/reference/dynamic-configuration/traefik.containo.us_serverstransports.yaml
View File

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: serverstransports.traefik.containo.us
spec:
@@ -78,6 +78,10 @@ spec:
description: If non-zero, controls the maximum idle (keep-alive) to
keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.
type: integer
peerCertURI:
description: URI used to match against SAN URI during the peer certificate
verification.
type: string
rootCAsSecrets:
description: Add cert file for self-signed certificate.
items:

7
docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml
View File

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: tlsoptions.traefik.containo.us
spec:
@@ -36,6 +36,10 @@ spec:
spec:
description: TLSOptionSpec configures TLS for an entry point.
properties:
alpnProtocols:
items:
type: string
type: array
cipherSuites:
items:
type: string
@@ -50,6 +54,7 @@ spec:
enum:
- NoClientCert
- RequestClientCert
- RequireAnyClientCert
- VerifyClientCertIfGiven
- RequireAndVerifyClientCert
type: string

2
docs/content/reference/dynamic-configuration/traefik.containo.us_tlsstores.yaml
View File

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: tlsstores.traefik.containo.us
spec:

2
docs/content/reference/dynamic-configuration/traefik.containo.us_traefikservices.yaml
View File

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: traefikservices.traefik.containo.us
spec:

97
docs/content/reference/static-configuration/cli-ref.md
View File

@@ -174,18 +174,18 @@ WriteTimeout is the maximum duration before timing out writes of the response. I
`--entrypoints.<name>.udp.timeout`:
Timeout defines how long to wait on an idle session before releasing the related resources. (Default: ```3```)
`--experimental.devplugin.gopath`:
plugin's GOPATH.
`--experimental.devplugin.modulename`:
plugin's module name.
`--experimental.http3`:
Enable HTTP3. (Default: ```false```)
`--experimental.kubernetesgateway`:
Allow the Kubernetes gateway api provider usage. (Default: ```false```)
`--experimental.localplugins.<name>`:
Local plugins configuration. (Default: ```false```)
`--experimental.localplugins.<name>.modulename`:
plugin's module name.
`--experimental.plugins.<name>.modulename`:
plugin's module name.
@@ -369,6 +369,12 @@ Enable ConsulCatalog backend with default settings. (Default: ```false```)
`--providers.consulcatalog.cache`:
Use local agent caching for catalog reads. (Default: ```false```)
`--providers.consulcatalog.connectaware`:
Enable Consul Connect support. (Default: ```false```)
`--providers.consulcatalog.connectbydefault`:
Consider every service as Connect capable by default. (Default: ```false```)
`--providers.consulcatalog.constraints`:
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
@@ -376,7 +382,7 @@ Constraints is an expression that Traefik matches against the container's labels
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`--providers.consulcatalog.endpoint.address`:
The address of the Consul server (Default: ```127.0.0.1:8500```)
The address of the Consul server
`--providers.consulcatalog.endpoint.datacenter`:
Data center to use. If not provided, the default agent data center is used
@@ -423,6 +429,9 @@ Interval for check Consul API. Default 15s (Default: ```15```)
`--providers.consulcatalog.requireconsistent`:
Forces the read to be fully consistent. (Default: ```false```)
`--providers.consulcatalog.servicename`:
Name of the Traefik service in Consul Catalog (needs to be registered via the orchestrator or manually). (Default: ```traefik```)
`--providers.consulcatalog.stale`:
Use stale consistency for catalog reads. (Default: ```false```)
@@ -577,7 +586,10 @@ TLS key
Enable Kubernetes backend with default settings. (Default: ```false```)
`--providers.kubernetescrd.allowcrossnamespace`:
Allow cross namespace resource reference. (Default: ```true```)
Allow cross namespace resource reference. (Default: ```false```)
`--providers.kubernetescrd.allowexternalnameservices`:
Allow ExternalName services. (Default: ```false```)
`--providers.kubernetescrd.certauthfilepath`:
Kubernetes certificate authority file path (not needed for in-cluster client).
@@ -627,6 +639,9 @@ Enable Kubernetes backend with default settings. (Default: ```false```)
`--providers.kubernetesingress.allowemptyservices`:
Allow creation of services without endpoints. (Default: ```false```)
`--providers.kubernetesingress.allowexternalnameservices`:
Allow ExternalName services. (Default: ```false```)
`--providers.kubernetesingress.certauthfilepath`:
Kubernetes certificate authority file path (not needed for in-cluster client).
@@ -844,76 +859,76 @@ OpenTracing configuration. (Default: ```false```)
Settings for Datadog. (Default: ```false```)
`--tracing.datadog.bagageprefixheadername`:
Specifies the header name prefix that will be used to store baggage items in a map.
Sets the header name prefix used to store baggage items in a map.
`--tracing.datadog.debug`:
Enable Datadog debug. (Default: ```false```)
Enables Datadog debug. (Default: ```false```)
`--tracing.datadog.globaltag`:
Key:Value tag to be set on all the spans.
Sets a key:value tag on all spans.
`--tracing.datadog.localagenthostport`:
Set datadog-agent's host:port that the reporter will used. (Default: ```localhost:8126```)
Sets the Datadog Agent host:port. (Default: ```localhost:8126```)
`--tracing.datadog.parentidheadername`:
Specifies the header name that will be used to store the parent ID.
Sets the header name used to store the parent ID.
`--tracing.datadog.prioritysampling`:
Enable priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled. (Default: ```false```)
Enables priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled. (Default: ```false```)
`--tracing.datadog.samplingpriorityheadername`:
Specifies the header name that will be used to store the sampling priority.
Sets the header name used to store the sampling priority.
`--tracing.datadog.traceidheadername`:
Specifies the header name that will be used to store the trace ID.
Sets the header name used to store the trace ID.
`--tracing.elastic`:
Settings for Elastic. (Default: ```false```)
`--tracing.elastic.secrettoken`:
Set the token used to connect to Elastic APM Server.
Sets the token used to connect to Elastic APM Server.
`--tracing.elastic.serverurl`:
Set the URL of the Elastic APM server.
Sets the URL of the Elastic APM server.
`--tracing.elastic.serviceenvironment`:
Set the name of the environment Traefik is deployed in, e.g. 'production' or 'staging'.
Sets the name of the environment Traefik is deployed in, e.g. 'production' or 'staging'.
`--tracing.haystack`:
Settings for Haystack. (Default: ```false```)
`--tracing.haystack.baggageprefixheadername`:
Specifies the header name prefix that will be used to store baggage items in a map.
Sets the header name prefix used to store baggage items in a map.
`--tracing.haystack.globaltag`:
Key:Value tag to be set on all the spans.
Sets a key:value tag on all spans.
`--tracing.haystack.localagenthost`:
Set haystack-agent's host that the reporter will used. (Default: ```127.0.0.1```)
Sets the Haystack Agent host. (Default: ```127.0.0.1```)
`--tracing.haystack.localagentport`:
Set haystack-agent's port that the reporter will used. (Default: ```35000```)
Sets the Haystack Agent port. (Default: ```35000```)
`--tracing.haystack.parentidheadername`:
Specifies the header name that will be used to store the parent ID.
Sets the header name used to store the parent ID.
`--tracing.haystack.spanidheadername`:
Specifies the header name that will be used to store the span ID.
Sets the header name used to store the span ID.
`--tracing.haystack.traceidheadername`:
Specifies the header name that will be used to store the trace ID.
Sets the header name used to store the trace ID.
`--tracing.instana`:
Settings for Instana. (Default: ```false```)
`--tracing.instana.localagenthost`:
Set instana-agent's host that the reporter will used.
Sets the Instana Agent host.
`--tracing.instana.localagentport`:
Set instana-agent's port that the reporter will used. (Default: ```42699```)
Sets the Instana Agent port used. (Default: ```42699```)
`--tracing.instana.loglevel`:
Set instana-agent's log level. ('error','warn','info','debug') (Default: ```info```)
Sets the log level for the Instana tracer. ('error','warn','info','debug') (Default: ```info```)
`--tracing.jaeger`:
Settings for Jaeger. (Default: ```false```)
@@ -928,28 +943,28 @@ Password for basic http authentication when sending spans to jaeger-collector.
User for basic http authentication when sending spans to jaeger-collector.
`--tracing.jaeger.disableattemptreconnecting`:
Disable the periodic re-resolution of the agent's hostname and reconnection if there was a change. (Default: ```true```)
Disables the periodic re-resolution of the agent's hostname and reconnection if there was a change. (Default: ```true```)
`--tracing.jaeger.gen128bit`:
Generate 128 bit span IDs. (Default: ```false```)
Generates 128 bits span IDs. (Default: ```false```)
`--tracing.jaeger.localagenthostport`:
Set jaeger-agent's host:port that the reporter will used. (Default: ```127.0.0.1:6831```)
Sets the Jaeger Agent host:port. (Default: ```127.0.0.1:6831```)
`--tracing.jaeger.propagation`:
Which propagation format to use (jaeger/b3). (Default: ```jaeger```)
Sets the propagation format (jaeger/b3). (Default: ```jaeger```)
`--tracing.jaeger.samplingparam`:
Set the sampling parameter. (Default: ```1.000000```)
Sets the sampling parameter. (Default: ```1.000000```)
`--tracing.jaeger.samplingserverurl`:
Set the sampling server url. (Default: ```http://localhost:5778/sampling```)
Sets the sampling server URL. (Default: ```http://localhost:5778/sampling```)
`--tracing.jaeger.samplingtype`:
Set the sampling type. (Default: ```const```)
Sets the sampling type. (Default: ```const```)
`--tracing.jaeger.tracecontextheadername`:
Set the header to use for the trace-id. (Default: ```uber-trace-id```)
Sets the header name used to store the trace ID. (Default: ```uber-trace-id```)
`--tracing.servicename`:
Set the name for this service. (Default: ```traefik```)
@@ -961,13 +976,13 @@ Set the maximum character limit for Span names (default 0 = no limit). (Default:
Settings for Zipkin. (Default: ```false```)
`--tracing.zipkin.httpendpoint`:
HTTP Endpoint to report traces to. (Default: ```http://localhost:9411/api/v2/spans```)
Sets the HTTP Endpoint to report traces to. (Default: ```http://localhost:9411/api/v2/spans```)
`--tracing.zipkin.id128bit`:
Use Zipkin 128 bit root span IDs. (Default: ```true```)
Uses 128 bits root span IDs. (Default: ```true```)
`--tracing.zipkin.samespan`:
Use Zipkin SameSpan RPC style traces. (Default: ```false```)
Uses SameSpan RPC style traces. (Default: ```false```)
`--tracing.zipkin.samplerate`:
The rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```)
Sets the rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```)

97
docs/content/reference/static-configuration/env-ref.md
View File

@@ -174,18 +174,18 @@ WriteTimeout is the maximum duration before timing out writes of the response. I
`TRAEFIK_ENTRYPOINTS_<NAME>_UDP_TIMEOUT`:
Timeout defines how long to wait on an idle session before releasing the related resources. (Default: ```3```)
`TRAEFIK_EXPERIMENTAL_DEVPLUGIN_GOPATH`:
plugin's GOPATH.
`TRAEFIK_EXPERIMENTAL_DEVPLUGIN_MODULENAME`:
plugin's module name.
`TRAEFIK_EXPERIMENTAL_HTTP3`:
Enable HTTP3. (Default: ```false```)
`TRAEFIK_EXPERIMENTAL_KUBERNETESGATEWAY`:
Allow the Kubernetes gateway api provider usage. (Default: ```false```)
`TRAEFIK_EXPERIMENTAL_LOCALPLUGINS_<NAME>`:
Local plugins configuration. (Default: ```false```)
`TRAEFIK_EXPERIMENTAL_LOCALPLUGINS_<NAME>_MODULENAME`:
plugin's module name.
`TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_MODULENAME`:
plugin's module name.
@@ -342,6 +342,12 @@ Enable ConsulCatalog backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_CONSULCATALOG_CACHE`:
Use local agent caching for catalog reads. (Default: ```false```)
`TRAEFIK_PROVIDERS_CONSULCATALOG_CONNECTAWARE`:
Enable Consul Connect support. (Default: ```false```)
`TRAEFIK_PROVIDERS_CONSULCATALOG_CONNECTBYDEFAULT`:
Consider every service as Connect capable by default. (Default: ```false```)
`TRAEFIK_PROVIDERS_CONSULCATALOG_CONSTRAINTS`:
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
@@ -349,7 +355,7 @@ Constraints is an expression that Traefik matches against the container's labels
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_ADDRESS`:
The address of the Consul server (Default: ```127.0.0.1:8500```)
The address of the Consul server
`TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_DATACENTER`:
Data center to use. If not provided, the default agent data center is used
@@ -396,6 +402,9 @@ Interval for check Consul API. Default 15s (Default: ```15```)
`TRAEFIK_PROVIDERS_CONSULCATALOG_REQUIRECONSISTENT`:
Forces the read to be fully consistent. (Default: ```false```)
`TRAEFIK_PROVIDERS_CONSULCATALOG_SERVICENAME`:
Name of the Traefik service in Consul Catalog (needs to be registered via the orchestrator or manually). (Default: ```traefik```)
`TRAEFIK_PROVIDERS_CONSULCATALOG_STALE`:
Use stale consistency for catalog reads. (Default: ```false```)
@@ -577,7 +586,10 @@ TLS key
Enable Kubernetes backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD_ALLOWCROSSNAMESPACE`:
Allow cross namespace resource reference. (Default: ```true```)
Allow cross namespace resource reference. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD_ALLOWEXTERNALNAMESERVICES`:
Allow ExternalName services. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD_CERTAUTHFILEPATH`:
Kubernetes certificate authority file path (not needed for in-cluster client).
@@ -627,6 +639,9 @@ Enable Kubernetes backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS_ALLOWEMPTYSERVICES`:
Allow creation of services without endpoints. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS_ALLOWEXTERNALNAMESERVICES`:
Allow ExternalName services. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS_CERTAUTHFILEPATH`:
Kubernetes certificate authority file path (not needed for in-cluster client).
@@ -844,76 +859,76 @@ OpenTracing configuration. (Default: ```false```)
Settings for Datadog. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_BAGAGEPREFIXHEADERNAME`:
Specifies the header name prefix that will be used to store baggage items in a map.
Sets the header name prefix used to store baggage items in a map.
`TRAEFIK_TRACING_DATADOG_DEBUG`:
Enable Datadog debug. (Default: ```false```)
Enables Datadog debug. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_GLOBALTAG`:
Key:Value tag to be set on all the spans.
Sets a key:value tag on all spans.
`TRAEFIK_TRACING_DATADOG_LOCALAGENTHOSTPORT`:
Set datadog-agent's host:port that the reporter will used. (Default: ```localhost:8126```)
Sets the Datadog Agent host:port. (Default: ```localhost:8126```)
`TRAEFIK_TRACING_DATADOG_PARENTIDHEADERNAME`:
Specifies the header name that will be used to store the parent ID.
Sets the header name used to store the parent ID.
`TRAEFIK_TRACING_DATADOG_PRIORITYSAMPLING`:
Enable priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled. (Default: ```false```)
Enables priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_SAMPLINGPRIORITYHEADERNAME`:
Specifies the header name that will be used to store the sampling priority.
Sets the header name used to store the sampling priority.
`TRAEFIK_TRACING_DATADOG_TRACEIDHEADERNAME`:
Specifies the header name that will be used to store the trace ID.
Sets the header name used to store the trace ID.
`TRAEFIK_TRACING_ELASTIC`:
Settings for Elastic. (Default: ```false```)
`TRAEFIK_TRACING_ELASTIC_SECRETTOKEN`:
Set the token used to connect to Elastic APM Server.
Sets the token used to connect to Elastic APM Server.
`TRAEFIK_TRACING_ELASTIC_SERVERURL`:
Set the URL of the Elastic APM server.
Sets the URL of the Elastic APM server.
`TRAEFIK_TRACING_ELASTIC_SERVICEENVIRONMENT`:
Set the name of the environment Traefik is deployed in, e.g. 'production' or 'staging'.
Sets the name of the environment Traefik is deployed in, e.g. 'production' or 'staging'.
`TRAEFIK_TRACING_HAYSTACK`:
Settings for Haystack. (Default: ```false```)
`TRAEFIK_TRACING_HAYSTACK_BAGGAGEPREFIXHEADERNAME`:
Specifies the header name prefix that will be used to store baggage items in a map.
Sets the header name prefix used to store baggage items in a map.
`TRAEFIK_TRACING_HAYSTACK_GLOBALTAG`:
Key:Value tag to be set on all the spans.
Sets a key:value tag on all spans.
`TRAEFIK_TRACING_HAYSTACK_LOCALAGENTHOST`:
Set haystack-agent's host that the reporter will used. (Default: ```127.0.0.1```)
Sets the Haystack Agent host. (Default: ```127.0.0.1```)
`TRAEFIK_TRACING_HAYSTACK_LOCALAGENTPORT`:
Set haystack-agent's port that the reporter will used. (Default: ```35000```)
Sets the Haystack Agent port. (Default: ```35000```)
`TRAEFIK_TRACING_HAYSTACK_PARENTIDHEADERNAME`:
Specifies the header name that will be used to store the parent ID.
Sets the header name used to store the parent ID.
`TRAEFIK_TRACING_HAYSTACK_SPANIDHEADERNAME`:
Specifies the header name that will be used to store the span ID.
Sets the header name used to store the span ID.
`TRAEFIK_TRACING_HAYSTACK_TRACEIDHEADERNAME`:
Specifies the header name that will be used to store the trace ID.
Sets the header name used to store the trace ID.
`TRAEFIK_TRACING_INSTANA`:
Settings for Instana. (Default: ```false```)
`TRAEFIK_TRACING_INSTANA_LOCALAGENTHOST`:
Set instana-agent's host that the reporter will used.
Sets the Instana Agent host.
`TRAEFIK_TRACING_INSTANA_LOCALAGENTPORT`:
Set instana-agent's port that the reporter will used. (Default: ```42699```)
Sets the Instana Agent port used. (Default: ```42699```)
`TRAEFIK_TRACING_INSTANA_LOGLEVEL`:
Set instana-agent's log level. ('error','warn','info','debug') (Default: ```info```)
Sets the log level for the Instana tracer. ('error','warn','info','debug') (Default: ```info```)
`TRAEFIK_TRACING_JAEGER`:
Settings for Jaeger. (Default: ```false```)
@@ -928,28 +943,28 @@ Password for basic http authentication when sending spans to jaeger-collector.
User for basic http authentication when sending spans to jaeger-collector.
`TRAEFIK_TRACING_JAEGER_DISABLEATTEMPTRECONNECTING`:
Disable the periodic re-resolution of the agent's hostname and reconnection if there was a change. (Default: ```true```)
Disables the periodic re-resolution of the agent's hostname and reconnection if there was a change. (Default: ```true```)
`TRAEFIK_TRACING_JAEGER_GEN128BIT`:
Generate 128 bit span IDs. (Default: ```false```)
Generates 128 bits span IDs. (Default: ```false```)
`TRAEFIK_TRACING_JAEGER_LOCALAGENTHOSTPORT`:
Set jaeger-agent's host:port that the reporter will used. (Default: ```127.0.0.1:6831```)
Sets the Jaeger Agent host:port. (Default: ```127.0.0.1:6831```)
`TRAEFIK_TRACING_JAEGER_PROPAGATION`:
Which propagation format to use (jaeger/b3). (Default: ```jaeger```)
Sets the propagation format (jaeger/b3). (Default: ```jaeger```)
`TRAEFIK_TRACING_JAEGER_SAMPLINGPARAM`:
Set the sampling parameter. (Default: ```1.000000```)
Sets the sampling parameter. (Default: ```1.000000```)
`TRAEFIK_TRACING_JAEGER_SAMPLINGSERVERURL`:
Set the sampling server url. (Default: ```http://localhost:5778/sampling```)
Sets the sampling server URL. (Default: ```http://localhost:5778/sampling```)
`TRAEFIK_TRACING_JAEGER_SAMPLINGTYPE`:
Set the sampling type. (Default: ```const```)
Sets the sampling type. (Default: ```const```)
`TRAEFIK_TRACING_JAEGER_TRACECONTEXTHEADERNAME`:
Set the header to use for the trace-id. (Default: ```uber-trace-id```)
Sets the header name used to store the trace ID. (Default: ```uber-trace-id```)
`TRAEFIK_TRACING_SERVICENAME`:
Set the name for this service. (Default: ```traefik```)
@@ -961,13 +976,13 @@ Set the maximum character limit for Span names (default 0 = no limit). (Default:
Settings for Zipkin. (Default: ```false```)
`TRAEFIK_TRACING_ZIPKIN_HTTPENDPOINT`:
HTTP Endpoint to report traces to. (Default: ```http://localhost:9411/api/v2/spans```)
Sets the HTTP Endpoint to report traces to. (Default: ```http://localhost:9411/api/v2/spans```)
`TRAEFIK_TRACING_ZIPKIN_ID128BIT`:
Use Zipkin 128 bit root span IDs. (Default: ```true```)
Uses 128 bits root span IDs. (Default: ```true```)
`TRAEFIK_TRACING_ZIPKIN_SAMESPAN`:
Use Zipkin SameSpan RPC style traces. (Default: ```false```)
Uses SameSpan RPC style traces. (Default: ```false```)
`TRAEFIK_TRACING_ZIPKIN_SAMPLERATE`:
The rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```)
Sets the rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```)

11
docs/content/reference/static-configuration/file.toml
View File

@@ -226,6 +226,9 @@
cert = "foobar"
key = "foobar"
insecureSkipVerify = true
[providers.plugin]
[providers.plugin.Descriptor0]
[providers.plugin.Descriptor1]
[api]
insecure = true
@@ -398,6 +401,8 @@
[experimental.plugins.Descriptor1]
moduleName = "foobar"
version = "foobar"
[experimental.devPlugin]
goPath = "foobar"
moduleName = "foobar"
[experimental.localPlugins]
[experimental.localPlugins.Descriptor0]
moduleName = "foobar"
[experimental.localPlugins.Descriptor1]
moduleName = "foobar"

11
docs/content/reference/static-configuration/file.yaml
View File

@@ -248,6 +248,9 @@ providers:
cert: foobar
key: foobar
insecureSkipVerify: true
plugin:
Descriptor0: {}
Descriptor1: {}
api:
insecure: true
dashboard: true
@@ -418,6 +421,8 @@ experimental:
Descriptor1:
moduleName: foobar
version: foobar
devPlugin:
goPath: foobar
moduleName: foobar
localPlugins:
Descriptor0:
moduleName: foobar
Descriptor1:
moduleName: foobar

10
docs/content/routing/providers/consul-catalog.md
View File

@@ -454,6 +454,16 @@ You can tell Traefik to consider (or not) the service by setting `traefik.enable
This option overrides the value of `exposedByDefault`.
#### `traefik.consulcatalog.connect`
```yaml
traefik.consulcatalog.connect=true
```
You can tell Traefik to consider (or not) the service as a Connect capable one by setting `traefik.consulcatalog.connect` to true or false.
This option overrides the value of `connectByDefault`.
#### Port Lookup
Traefik is capable of detecting the port to use, by following the default consul Catalog flow.

245
docs/content/routing/providers/kubernetes-crd.md
View File

@@ -131,7 +131,6 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
- tcpep
routes:
- match: HostSNI(`bar`)
kind: Rule
services:
- name: whoamitcp
port: 8080
@@ -147,8 +146,7 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
entryPoints:
- udpep
routes:
- kind: Rule
services:
- services:
- name: whoamiudp
port: 8080
```
@@ -295,9 +293,10 @@ You can find an excerpt of the available custom resources in the table below:
| Kind | Purpose | Concept Behind |
|--------------------------------------------|--------------------------------------------------------------------|----------------------------------------------------------------|
| [IngressRoute](#kind-ingressroute) | HTTP Routing | [HTTP router](../routers/index.md#configuring-http-routers) |
| [Middleware](#kind-middleware) | Tweaks the HTTP requests before they are sent to your service | [HTTP Middlewares](../../middlewares/overview.md) |
| [Middleware](#kind-middleware) | Tweaks the HTTP requests before they are sent to your service | [HTTP Middlewares](../../middlewares/http/overview.md) |
| [TraefikService](#kind-traefikservice) | Abstraction for HTTP loadbalancing/mirroring | [HTTP service](../services/index.md#configuring-http-services) |
| [IngressRouteTCP](#kind-ingressroutetcp) | TCP Routing | [TCP router](../routers/index.md#configuring-tcp-routers) |
| [MiddlewareTCP](#kind-middlewaretcp) | Tweaks the TCP requests before they are sent to your service | [TCP Middlewares](../../middlewares/tcp/overview.md) |
| [IngressRouteUDP](#kind-ingressrouteudp) | UDP Routing | [UDP router](../routers/index.md#configuring-udp-routers) |
| [TLSOptions](#kind-tlsoption) | Allows to configure some parameters of the TLS connection | [TLSOptions](../../https/tls.md#tls-options) |
| [TLSStores](#kind-tlsstore) | Allows to configure the default TLS store | [TLSStores](../../https/tls.md#certificates-stores) |
@@ -336,7 +335,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
responseForwarding:
flushInterval: 1ms
scheme: https
serversTransport: transport
serversTransport: transport # [10]
sticky:
cookie:
httpOnly: true
@@ -345,39 +344,40 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
sameSite: none
strategy: RoundRobin
weight: 10
tls: # [10]
secretName: supersecret # [11]
options: # [12]
name: opt # [13]
namespace: default # [14]
certResolver: foo # [15]
domains: # [16]
- main: example.net # [17]
sans: # [18]
tls: # [11]
secretName: supersecret # [12]
options: # [13]
name: opt # [14]
namespace: default # [15]
certResolver: foo # [16]
domains: # [17]
- main: example.net # [18]
sans: # [19]
- a.example.net
- b.example.net
```
| Ref | Attribute | Purpose |
|------|------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `entryPoints` | List of [entry points](../routers/index.md#entrypoints) names |
| [2] | `routes` | List of routes |
| [3] | `routes[n].match` | Defines the [rule](../routers/index.md#rule) corresponding to an underlying router. |
| [4] | `routes[n].priority` | [Disambiguate](../routers/index.md#priority) rules of the same length, for route matching |
| [5] | `routes[n].middlewares` | List of reference to [Middleware](#kind-middleware) |
| [6] | `middlewares[n].name` | Defines the [Middleware](#kind-middleware) name |
| [7] | `middlewares[n].namespace` | Defines the [Middleware](#kind-middleware) namespace |
| [8] | `routes[n].services` | List of any combination of [TraefikService](#kind-traefikservice) and reference to a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) (See below for `ExternalName Service` setup) |
| [9] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
| [10] | `tls` | Defines [TLS](../routers/index.md#tls) certificate configuration |
| [11] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
| [12] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
| [13] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name |
| [14] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
| [15] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver) |
| [16] | `tls.domains` | List of [domains](../routers/index.md#domains) |
| [17] | `domains[n].main` | Defines the main domain name |
| [18] | `domains[n].sans` | List of SANs (alternative domains) |
| Ref | Attribute | Purpose |
|------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `entryPoints` | List of [entry points](../routers/index.md#entrypoints) names |
| [2] | `routes` | List of routes |
| [3] | `routes[n].match` | Defines the [rule](../routers/index.md#rule) corresponding to an underlying router. |
| [4] | `routes[n].priority` | [Disambiguate](../routers/index.md#priority) rules of the same length, for route matching |
| [5] | `routes[n].middlewares` | List of reference to [Middleware](#kind-middleware) |
| [6] | `middlewares[n].name` | Defines the [Middleware](#kind-middleware) name |
| [7] | `middlewares[n].namespace` | Defines the [Middleware](#kind-middleware) namespace |
| [8] | `routes[n].services` | List of any combination of [TraefikService](#kind-traefikservice) and reference to a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) (See below for `ExternalName Service` setup) |
| [9] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
| [10] | `services[n].serversTransport` | Defines the reference to a [ServersTransport](#kind-serverstransport). The ServersTransport namespace is assumed to be the [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace (see [ServersTransport reference](#serverstransport-reference)). |
| [11] | `tls` | Defines [TLS](../routers/index.md#tls) certificate configuration |
| [12] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
| [13] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
| [14] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name |
| [15] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
| [16] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver) |
| [17] | `tls.domains` | List of [domains](../routers/index.md#domains) |
| [18] | `domains[n].main` | Defines the main domain name |
| [19] | `domains[n].sans` | List of SANs (alternative domains) |
??? example "Declaring an IngressRoute"
@@ -475,7 +475,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
!!! important "Using Kubernetes ExternalName Service"
Traefik backends creation needs a port to be set, however Kubernetes [ExternalName Service](https://kubernetes.io/fr/docs/concepts/services-networking/service/#externalname) could be defined without any port.
Traefik backends creation needs a port to be set, however Kubernetes [ExternalName Service](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) could be defined without any port.
Accordingly, Traefik supports defining a port in two ways:
- only on `IngressRoute` service
@@ -580,7 +580,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
### Kind: `Middleware`
`Middleware` is the CRD implementation of a [Traefik middleware](../../middlewares/overview.md).
`Middleware` is the CRD implementation of a [Traefik middleware](../../middlewares/http/overview.md).
Register the `Middleware` [kind](../../reference/dynamic-configuration/kubernetes-crd.md#definitions) in the Kubernetes cluster before creating `Middleware` objects or referencing middlewares in the [`IngressRoute`](#kind-ingressroute) objects.
@@ -628,7 +628,7 @@ Register the `Middleware` [kind](../../reference/dynamic-configuration/kubernete
Additionally, when you want to reference a Middleware from the CRD Provider,
you have to append the namespace of the resource in the resource-name as Traefik appends the namespace internally automatically.
More information about available middlewares in the dedicated [middlewares section](../../middlewares/overview.md).
More information about available middlewares in the dedicated [middlewares section](../../middlewares/http/overview.md).
### Kind: `TraefikService`
@@ -1088,25 +1088,28 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
- footcp
routes: # [2]
- match: HostSNI(`*`) # [3]
services: # [4]
- name: foo # [5]
port: 8080 # [6]
weight: 10 # [7]
terminationDelay: 400 # [8]
proxyProtocol: # [9]
version: 1 # [10]
tls: # [11]
secretName: supersecret # [12]
options: # [13]
name: opt # [14]
namespace: default # [15]
certResolver: foo # [16]
domains: # [17]
- main: example.net # [18]
sans: # [19]
middlewares:
- name: middleware1 # [4]
namespace: default # [5]
services: # [6]
- name: foo # [7]
port: 8080 # [8]
weight: 10 # [9]
terminationDelay: 400 # [10]
proxyProtocol: # [11]
version: 1 # [12]
tls: # [13]
secretName: supersecret # [14]
options: # [15]
name: opt # [16]
namespace: default # [17]
certResolver: foo # [18]
domains: # [19]
- main: example.net # [20]
sans: # [21]
- a.example.net
- b.example.net
passthrough: false # [20]
passthrough: false # [22]
```
| Ref | Attribute | Purpose |
@@ -1114,23 +1117,25 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
| [1] | `entryPoints` | List of [entrypoints](../routers/index.md#entrypoints_1) names |
| [2] | `routes` | List of routes |
| [3] | `routes[n].match` | Defines the [rule](../routers/index.md#rule_1) corresponding to an underlying router |
| [4] | `routes[n].services` | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions (See below for `ExternalName Service` setup) |
| [5] | `services[n].name` | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) |
| [6] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
| [7] | `services[n].weight` | Defines the weight to apply to the server load balancing |
| [8] | `services[n].terminationDelay` | corresponds to the deadline that the proxy sets, after one of its connected peers indicates it has closed the writing capability of its connection, to close the reading capability as well, hence fully terminating the connection. It is a duration in milliseconds, defaulting to 100. A negative value means an infinite deadline (i.e. the reading capability is never closed). |
| [9] | `proxyProtocol` | Defines the [PROXY protocol](../services/index.md#proxy-protocol) configuration |
| [10] | `version` | Defines the [PROXY protocol](../services/index.md#proxy-protocol) version |
| [11] | `tls` | Defines [TLS](../routers/index.md#tls_1) certificate configuration |
| [12] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
| [13] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
| [14] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name |
| [15] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
| [16] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver_1) |
| [17] | `tls.domains` | List of [domains](../routers/index.md#domains_1) |
| [18] | `domains[n].main` | Defines the main domain name |
| [19] | `domains[n].sans` | List of SANs (alternative domains) |
| [20] | `tls.passthrough` | If `true`, delegates the TLS termination to the backend |
| [4] | `middlewares[n].name` | Defines the [MiddlewareTCP](#kind-middlewaretcp) name |
| [5] | `middlewares[n].namespace` | Defines the [MiddlewareTCP](#kind-middlewaretcp) namespace |
| [6] | `routes[n].services` | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions (See below for `ExternalName Service` setup) |
| [7] | `services[n].name` | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) |
| [8] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
| [9] | `services[n].weight` | Defines the weight to apply to the server load balancing |
| [10] | `services[n].terminationDelay` | corresponds to the deadline that the proxy sets, after one of its connected peers indicates it has closed the writing capability of its connection, to close the reading capability as well, hence fully terminating the connection. It is a duration in milliseconds, defaulting to 100. A negative value means an infinite deadline (i.e. the reading capability is never closed). |
| [11] | `proxyProtocol` | Defines the [PROXY protocol](../services/index.md#proxy-protocol) configuration |
| [12] | `version` | Defines the [PROXY protocol](../services/index.md#proxy-protocol) version |
| [13] | `tls` | Defines [TLS](../routers/index.md#tls_1) certificate configuration |
| [14] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
| [15] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
| [16] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name |
| [17] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
| [18] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver_1) |
| [19] | `tls.domains` | List of [domains](../routers/index.md#domains_1) |
| [20] | `domains[n].main` | Defines the main domain name |
| [21] | `domains[n].sans` | List of SANs (alternative domains) |
| [22] | `tls.passthrough` | If `true`, delegates the TLS termination to the backend |
??? example "Declaring an IngressRouteTCP"
@@ -1193,7 +1198,7 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
!!! important "Using Kubernetes ExternalName Service"
Traefik backends creation needs a port to be set, however Kubernetes [ExternalName Service](https://kubernetes.io/fr/docs/concepts/services-networking/service/#externalname) could be defined without any port.
Traefik backends creation needs a port to be set, however Kubernetes [ExternalName Service](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) could be defined without any port.
Accordingly, Traefik supports defining a port in two ways:
- only on `IngressRouteTCP` service
@@ -1217,7 +1222,6 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
routes:
- match: HostSNI(`*`)
kind: Rule
services:
- name: external-svc
port: 80
@@ -1247,7 +1251,6 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
routes:
- match: HostSNI(`*`)
kind: Rule
services:
- name: external-svc
port: 80
@@ -1265,6 +1268,57 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
- port: 80
```
### Kind: `MiddlewareTCP`
`MiddlewareTCP` is the CRD implementation of a [Traefik TCP middleware](../../middlewares/tcp/overview.md).
Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubernetes-crd.md#definitions) in the Kubernetes cluster before creating `MiddlewareTCP` objects or referencing TCP middlewares in the [`IngressRouteTCP`](#kind-ingressroutetcp) objects.
??? "Declaring and Referencing a MiddlewareTCP "
```yaml tab="Middleware"
apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP
metadata:
name: ipwhitelist
spec:
ipWhiteList:
sourceRange:
- 127.0.0.1/32
- 192.168.1.7
```
```yaml tab="IngressRoute"
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
spec:
entryPoints:
- web
routes:
- match: Host(`example.com`) && PathPrefix(`/whitelist`)
kind: Rule
services:
- name: whoami
port: 80
middlewares:
- name: ipwhitelist
namespace: foo
```
!!! important "Cross-provider namespace"
As Kubernetes also has its own notion of namespace, one should not confuse the kubernetes namespace of a resource
(in the reference to the middleware) with the [provider namespace](../../providers/overview.md#provider-namespace),
when the definition of the TCP middleware comes from another provider.
In this context, specifying a namespace when referring to the resource does not make any sense, and will be ignored.
Additionally, when you want to reference a MiddlewareTCP from the CRD Provider,
you have to append the namespace of the resource in the resource-name as Traefik appends the namespace internally automatically.
More information about available TCP middlewares in the dedicated [middlewares section](../../middlewares/tcp/overview.md).
### Kind `IngressRouteUDP`
`IngressRouteUDP` is the CRD implementation of a [Traefik UDP router](../routers/index.md#configuring-udp-routers).
@@ -1321,7 +1375,7 @@ Register the `IngressRouteUDP` [kind](../../reference/dynamic-configuration/kube
!!! important "Using Kubernetes ExternalName Service"
Traefik backends creation needs a port to be set, however Kubernetes [ExternalName Service](https://kubernetes.io/fr/docs/concepts/services-networking/service/#externalname) could be defined without any port.
Traefik backends creation needs a port to be set, however Kubernetes [ExternalName Service](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) could be defined without any port.
Accordingly, Traefik supports defining a port in two ways:
- only on `IngressRouteUDP` service
@@ -1449,6 +1503,8 @@ or referencing TLS options in the [`IngressRoute`](#kind-ingressroute) / [`Ingre
- secret-ca2
clientAuthType: VerifyClientCertIfGiven # [7]
sniStrict: true # [8]
alpnProtocols: # [9]
- foobar
```
| Ref | Attribute | Purpose |
@@ -1461,6 +1517,7 @@ or referencing TLS options in the [`IngressRoute`](#kind-ingressroute) / [`Ingre
| [6] | `clientAuth.secretNames` | list of names of the referenced Kubernetes [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/) (in TLSOption namespace). The secret must contain a certificate under either a `tls.ca` or a `ca.crt` key. |
| [7] | `clientAuth.clientAuthType` | defines the client authentication type to apply. The available values are: `NoClientCert`, `RequestClientCert`, `VerifyClientCertIfGiven` and `RequireAndVerifyClientCert` |
| [8] | `sniStrict` | if `true`, Traefik won't allow connections from clients connections that do not specify a server_name extension |
| [9] | `alpnProtocols` | List of supported [application level protocols](../../https/tls.md#alpn-protocols) for the TLS handshake, in order of preference. |
!!! info "CA Secret"
@@ -1627,7 +1684,7 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
!!! info "ServersTransport Attributes"
```yaml tab="TLSStore"
```yaml tab="ServersTransport"
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
@@ -1648,19 +1705,23 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
dialTimeout: 42s # [7]
responseHeaderTimeout: 42s # [8]
idleConnTimeout: 42s # [9]
peerCertURI: foobar # [10]
disableHTTP2: true # [11]
```
| Ref | Attribute | Purpose |
|-----|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `serverName` | ServerName used to contact the server. |
| [2] | `insecureSkipVerify` | Disable SSL certificate verification. |
| [3] | `rootCAsSecrets` | Add cert file for self-signed certificate. The secret must contain a certificate under either a tls.ca or a ca.crt key. |
| [4] | `certificatesSecrets` | Certificates for mTLS. |
| [5] | `maxIdleConnsPerHost` | If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, `defaultMaxIdleConnsPerHost` is used. |
| [6] | `forwardingTimeouts` | Timeouts for requests forwarded to the backend servers. |
| [7] | `dialTimeout` | The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. |
| [8] | `responseHeaderTimeout` | The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. |
| [9] | `idleConnTimeout` | The maximum period for which an idle HTTP keep-alive connection will remain open before closing itself. |
| Ref | Attribute | Purpose |
|------|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `serverName` | ServerName used to contact the server. |
| [2] | `insecureSkipVerify` | Controls whether the server's certificate chain and host name is verified. |
| [3] | `rootCAsSecrets` | Defines the set of root certificate authorities to use when verifying server certificates. The secret must contain a certificate under either a tls.ca or a ca.crt key. |
| [4] | `certificatesSecrets` | Certificates to present to the server for mTLS. |
| [5] | `maxIdleConnsPerHost` | Controls the maximum idle (keep-alive) connections to keep per-host. If zero, `defaultMaxIdleConnsPerHost` is used. |
| [6] | `forwardingTimeouts` | Timeouts for requests forwarded to the servers. |
| [7] | `dialTimeout` | The amount of time to wait until a connection to a server can be established. If zero, no timeout exists. |
| [8] | `responseHeaderTimeout` | The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. |
| [9] | `idleConnTimeout` | The maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout exists. |
| [10] | `peerCertURI` | URI used to match against SAN URIs during the server's certificate verification. |
| [11] | `disableHTTP2` | Disables HTTP/2 for connections with servers. |
!!! info "CA Secret"
@@ -1699,6 +1760,16 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
serversTransport: mytransport
```
#### ServersTransport reference
By default, the referenced ServersTransport CRD must be defined in the same [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace.
To reference a ServersTransport CRD from another namespace,
the value must be of form `namespace-name@kubernetescrd`,
and the [cross-namespace](../../../providers/kubernetes-crd/#allowcrossnamespace) option must be enabled.
If the ServersTransport CRD is defined in another provider the cross-provider format `name@provider` should be used.
## Further
Also see the [full example](../../user-guides/crd-acme/index.md) with Let's Encrypt.

14
docs/content/routing/providers/kubernetes-gateway.md
View File

@@ -35,16 +35,16 @@ You can find an excerpt of the supported Kubernetes Gateway API resources in the
| Kind | Purpose | Concept Behind |
|------------------------------------|---------------------------------------------------------------------------|--------------------------------------------------------------------------------------|
| [GatewayClass](#kind-gatewayclass) | Defines a set of Gateways that share a common configuration and behaviour | [GatewayClass](https://gateway-api.sigs.k8s.io/api-types/gatewayclass) |
| [Gateway](#kind-gateway) | Describes how traffic can be translated to Services within the cluster | [Gateway](https://gateway-api.sigs.k8s.io/api-types/gateway) |
| [HTTPRoute](#kind-httproute) | HTTP rules for mapping requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/api-types/httproute) |
| [TCPRoute](#kind-tcproute) | Allows mapping TCP requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/concepts/api-overview/#httptcpfooroute) |
| [TLSRoute](#kind-tlsroute) | Allows mapping TLS requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/concepts/api-overview/#httptcpfooroute) |
| [GatewayClass](#kind-gatewayclass) | Defines a set of Gateways that share a common configuration and behaviour | [GatewayClass](https://gateway-api.sigs.k8s.io/v1alpha1/api-types/gatewayclass) |
| [Gateway](#kind-gateway) | Describes how traffic can be translated to Services within the cluster | [Gateway](https://gateway-api.sigs.k8s.io/v1alpha1/api-types/gateway) |
| [HTTPRoute](#kind-httproute) | HTTP rules for mapping requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/v1alpha1/api-types/httproute) |
| [TCPRoute](#kind-tcproute) | Allows mapping TCP requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/concepts/api-overview/#tcproute-and-udproute)|
| [TLSRoute](#kind-tlsroute) | Allows mapping TLS requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/concepts/api-overview/#tcproute-and-udproute)|
### Kind: `GatewayClass`
`GatewayClass` is cluster-scoped resource defined by the infrastructure provider. This resource represents a class of Gateways that can be instantiated.
More details on the GatewayClass [official documentation](https://gateway-api.sigs.k8s.io/api-types/gatewayclass/).
More details on the GatewayClass [official documentation](https://gateway-api.sigs.k8s.io/v1alpha1/api-types/gatewayclass/).
The `GatewayClass` should be declared by the infrastructure provider, otherwise please register the `GatewayClass`
[definition](../../reference/dynamic-configuration/kubernetes-gateway.md#definitions) in the Kubernetes cluster before
@@ -67,7 +67,7 @@ creating `GatewayClass` objects.
A `Gateway` is 1:1 with the life cycle of the configuration of infrastructure. When a user creates a Gateway,
some load balancing infrastructure is provisioned or configured by the GatewayClass controller.
More details on the Gateway [official documentation](https://gateway-api.sigs.k8s.io/api-types/gateway/).
More details on the Gateway [official documentation](https://gateway-api.sigs.k8s.io/v1alpha1/api-types/gateway/).
Register the `Gateway` [definition](../../reference/dynamic-configuration/kubernetes-gateway.md#definitions) in the
Kubernetes cluster before creating `Gateway` objects.

286
docs/content/routing/providers/kubernetes-ingress.md
View File

@@ -15,8 +15,8 @@ which in turn will create the resulting routers, services, handlers, etc.
```yaml tab="RBAC"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
@@ -48,8 +48,8 @@ which in turn will create the resulting routers, services, handlers, etc.
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
@@ -63,8 +63,37 @@ which in turn will create the resulting routers, services, handlers, etc.
```
```yaml tab="Ingress"
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myingress
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
rules:
- host: example.com
http:
paths:
- path: /bar
pathType: Exact
backend:
service:
name: whoami
port:
number: 80
- path: /foo
pathType: Exact
backend:
service:
name: whoami
port:
number: 80
```
```yaml tab="Ingress v1beta1 (deprecated)"
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: myingress
annotations:
@@ -84,34 +113,7 @@ which in turn will create the resulting routers, services, handlers, etc.
serviceName: whoami
servicePort: 80
```
```yaml tab="Ingress Kubernetes v1.19+"
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: myingress
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
rules:
- host: example.com
http:
paths:
- path: /bar
backend:
service:
name: whoami
port:
number: 80
- path: /foo
backend:
service:
name: whoami
port:
number: 80
```
```yaml tab="Traefik"
apiVersion: v1
kind: ServiceAccount
@@ -119,8 +121,8 @@ which in turn will create the resulting routers, services, handlers, etc.
name: traefik-ingress-controller
---
kind: Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik
labels:
@@ -164,8 +166,8 @@ which in turn will create the resulting routers, services, handlers, etc.
```
```yaml tab="Whoami"
kind: Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: whoami
labels:
@@ -207,6 +209,11 @@ which in turn will create the resulting routers, services, handlers, etc.
## Annotations
!!! warning "Referencing resources in annotations"
In an annotation, when referencing a resource defined by another provider,
the [provider namespace syntax](../../providers/overview.md#provider-namespace) must be used.
#### On Ingress
??? info "`traefik.ingress.kubernetes.io/router.entrypoints`"
@@ -222,7 +229,7 @@ which in turn will create the resulting routers, services, handlers, etc.
See [middlewares](../routers/index.md#middlewares) and [middlewares overview](../../middlewares/overview.md) for more information.
```yaml
traefik.ingress.kubernetes.io/router.middlewares: auth@file,prefix@kubernetescrd,cb@file
traefik.ingress.kubernetes.io/router.middlewares: auth@file,default-prefix@kubernetescrd
```
??? info "`traefik.ingress.kubernetes.io/router.priority`"
@@ -235,7 +242,7 @@ which in turn will create the resulting routers, services, handlers, etc.
??? info "`traefik.ingress.kubernetes.io/router.pathmatcher`"
Overrides the default router rule type used for a path.
Overrides the default router rule type used for a path.
Only path-related matcher name can be specified: `Path`, `PathPrefix`.
Default `PathPrefix`
@@ -281,7 +288,7 @@ which in turn will create the resulting routers, services, handlers, etc.
See [options](../routers/index.md#options) for more information.
```yaml
traefik.ingress.kubernetes.io/router.tls.options: foobar
traefik.ingress.kubernetes.io/router.tls.options: foobar@file
```
#### On Service
@@ -399,8 +406,8 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
```yaml tab="RBAC"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
@@ -432,8 +439,8 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
@@ -447,8 +454,37 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
```
```yaml tab="Ingress"
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myingress
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
rules:
- host: example.com
http:
paths:
- path: /bar
pathType: Exact
backend:
service:
name: whoami
port:
number: 80
- path: /foo
pathType: Exact
backend:
service:
name: whoami
port:
number: 80
```
```yaml tab="Ingress v1beta1 (deprecated)"
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: myingress
annotations:
@@ -468,34 +504,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
serviceName: whoami
servicePort: 80
```
```yaml tab="Ingress Kubernetes v1.19+"
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: myingress
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
rules:
- host: example.com
http:
paths:
- path: /bar
backend:
service:
name: whoami
port:
number: 80
- path: /foo
backend:
service:
name: whoami
port:
number: 80
```
```yaml tab="Traefik"
apiVersion: v1
kind: ServiceAccount
@@ -503,8 +512,8 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
name: traefik-ingress-controller
---
kind: Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik
labels:
@@ -549,8 +558,8 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
```
```yaml tab="Whoami"
kind: Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: whoami
labels:
@@ -604,8 +613,8 @@ For more options, please refer to the available [annotations](#on-ingress).
```yaml tab="RBAC"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
@@ -637,8 +646,8 @@ For more options, please refer to the available [annotations](#on-ingress).
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
@@ -652,8 +661,38 @@ For more options, please refer to the available [annotations](#on-ingress).
```
```yaml tab="Ingress"
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myingress
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: true
spec:
rules:
- host: example.com
http:
paths:
- path: /bar
pathType: Exact
backend:
service:
name: whoami
port:
number: 80
- path: /foo
pathType: Exact
backend:
service:
name: whoami
port:
number: 80
```
```yaml tab="Ingress v1beta1 (deprecated)"
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: myingress
annotations:
@@ -674,35 +713,7 @@ For more options, please refer to the available [annotations](#on-ingress).
serviceName: whoami
servicePort: 80
```
```yaml tab="Ingress Kubernetes v1.19+"
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: myingress
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: true
spec:
rules:
- host: example.com
http:
paths:
- path: /bar
backend:
service:
name: whoami
port:
number: 80
- path: /foo
backend:
service:
name: whoami
port:
number: 80
```
```yaml tab="Traefik"
apiVersion: v1
kind: ServiceAccount
@@ -710,8 +721,8 @@ For more options, please refer to the available [annotations](#on-ingress).
name: traefik-ingress-controller
---
kind: Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik
labels:
@@ -755,8 +766,8 @@ For more options, please refer to the available [annotations](#on-ingress).
```
```yaml tab="Whoami"
kind: Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: whoami
labels:
@@ -801,8 +812,34 @@ For more options, please refer to the available [annotations](#on-ingress).
??? example "Using a secret"
```yaml tab="Ingress"
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: foo
namespace: production
spec:
rules:
- host: example.net
http:
paths:
- path: /bar
pathType: Exact
backend:
service:
name: service1
port:
number: 80
# Only selects which certificate(s) should be loaded from the secret, in order to terminate TLS.
# Doesn't enable TLS for that ingress (hence for the underlying router).
# Please see the TLS annotations on ingress made for that purpose.
tls:
- secretName: supersecret
```
```yaml tab="Ingress v1beta1 (deprecated)"
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: foo
namespace: production
@@ -823,31 +860,6 @@ For more options, please refer to the available [annotations](#on-ingress).
- secretName: supersecret
```
```yaml tab="Ingress Kubernetes v1.19+"
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: foo
namespace: production
spec:
rules:
- host: example.net
http:
paths:
- path: /bar
backend:
service:
name: service1
port:
number: 80
# Only selects which certificate(s) should be loaded from the secret, in order to terminate TLS.
# Doesn't enable TLS for that ingress (hence for the underlying router).
# Please see the TLS annotations on ingress made for that purpose.
tls:
- secretName: supersecret
```
```yaml tab="Secret"
apiVersion: v1
kind: Secret
@@ -893,18 +905,6 @@ and will connect via TLS automatically.
Ingresses can be created that look like the following:
```yaml tab="Ingress"
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: cheese
spec:
defaultBackend:
serviceName: stilton
serverPort: 80
```
```yaml tab="Ingress Kubernetes v1.19+"
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
@@ -918,6 +918,18 @@ spec:
number: 80
```
```yaml tab="Ingress v1beta1 (deprecated)"
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: cheese
spec:
defaultBackend:
serviceName: stilton
serverPort: 80
```
This ingress follows the Global Default Backend property of ingresses.
This will allow users to create a "default router" that will match all unmatched requests.

4
docs/content/routing/providers/kv.md
View File

@@ -28,8 +28,8 @@ A Story of key & values
| Key (Path) | Value |
|-----------------------------------------------|-------------|
| `traefik.http.routers.myrouter.entrypoints/0` | `web` |
| `traefik.http.routers.myrouter.entrypoints/1` | `websecure` |
| `traefik/http/routers/myrouter/entrypoints/0` | `web` |
| `traefik/http/routers/myrouter/entrypoints/1` | `websecure` |
??? info "`traefik/http/routers/<router_name>/middlewares`"

Some files were not shown because too many files have changed in this diff Show More