shaba/traefik
1
0
Fork 0
mirror of https://github.com/containous/traefik.git synced 2025-10-03 01:44:23 +03:00
Code Releases Activity

Compare commits

base: shaba:v3.1.6
Branches Tags
shaba:master shaba:v3.5 shaba:v2.5 shaba:v2.11 shaba:v3.4 shaba:v3.3 shaba:v3.2 shaba:v3.1 shaba:v3.0 shaba:v1.0 shaba:v1.1 shaba:v1.2 shaba:v1.3 shaba:v1.4 shaba:v2.10 shaba:v1.5 shaba:v1.6 shaba:v1.7 shaba:v2.0 shaba:v2.1 shaba:v2.2 shaba:v2.6 shaba:v2.7 shaba:v2.8 shaba:v2.9 shaba:v2.3 shaba:v2.4
shaba:v3.5.3 shaba:v3.5.2 shaba:v3.5.1 shaba:v2.11.29 shaba:v3.5.0 shaba:v3.4.5 shaba:v2.11.28 shaba:v3.5.0-rc2 shaba:v3.4.4 shaba:v2.11.27 shaba:v3.5.0-rc1 shaba:v3.4.3 shaba:v3.4.2 shaba:v2.11.26 shaba:v3.4.1 shaba:v2.11.25 shaba:v3.4.0 shaba:v3.3.7 shaba:v3.4.0-rc2 shaba:v3.3.6 shaba:v2.11.24 shaba:v2.11.23 shaba:v3.4.0-rc1 shaba:v3.3.5 shaba:v2.11.22 shaba:v3.3.4 shaba:v2.11.21 shaba:v3.3.3 shaba:v2.11.20 shaba:v2.11.19 shaba:v3.3.2 shaba:v2.11.18 shaba:v3.3.1 shaba:v3.2.5 shaba:v3.3.0 shaba:v3.2.4 shaba:v2.11.17 shaba:v3.3.0-rc2 shaba:v3.3.0-rc1 shaba:v3.2.3 shaba:v2.11.16 shaba:v3.2.2 shaba:v2.11.15 shaba:v3.2.1 shaba:v2.11.14 shaba:v3.2.0 shaba:v3.1.7 shaba:v2.11.13 shaba:v3.2.0-rc2 shaba:v3.1.6 shaba:v2.11.12 shaba:v3.2.0-rc1 shaba:v3.1.5 shaba:v2.11.11 shaba:v3.1.4 shaba:v2.11.10 shaba:v3.1.3 shaba:v2.11.9 shaba:v3.1.2 shaba:v2.11.8 shaba:v3.1.1 shaba:v2.11.7 shaba:v3.1.0 shaba:v3.1.0-rc3 shaba:v3.0.4 shaba:v2.11.6 shaba:v3.1.0-rc2 shaba:v3.1.0-rc1 shaba:v3.0.3 shaba:v2.11.5 shaba:v3.0.2 shaba:v2.11.4 shaba:v3.0.1 shaba:v2.11.3 shaba:v3.0.0 shaba:v3.0.0-rc5 shaba:v2.11.2 shaba:v3.0.0-rc4 shaba:v2.11.1 shaba:v3.0.0-rc3 shaba:v3.0.0-rc2 shaba:v3.0.0-rc1 shaba:v2.11.0 shaba:v2.11.0-rc2 shaba:v2.11.0-rc1 shaba:v2.10.7 shaba:v3.0.0-beta5 shaba:v2.10.6 shaba:v3.0.0-beta4 shaba:v2.10.5 shaba:v2.10.4 shaba:v3.0.0-beta3 shaba:v2.10.3 shaba:v2.10.2 shaba:v2.10.1 shaba:v2.10.0 shaba:v2.10.0-rc2 shaba:v2.9.10 shaba:v2.10.0-rc1 shaba:v2.9.9 shaba:v2.9.8 shaba:v2.9.7 shaba:v3.0.0-beta2 shaba:v2.9.6 shaba:v3.0.0-beta1 shaba:v2.9.5 shaba:v2.9.4 shaba:v2.9.3 shaba:v2.9.2 shaba:v2.9.1 shaba:v2.9.0-rc5 shaba:v2.8.8 shaba:v2.8.7 shaba:v2.9.0-rc4 shaba:v2.8.6 shaba:v2.9.0-rc3 shaba:v2.9.0-rc2 shaba:v2.9.0-rc1 shaba:v2.8.5 shaba:v2.8.4 shaba:v2.8.3 shaba:v2.8.2 shaba:v2.8.1 shaba:v2.8.0 shaba:v2.7.3 shaba:v2.8.0-rc2 shaba:v2.7.2 shaba:v2.8.0-rc1 shaba:v2.7.1 shaba:v2.7.0 shaba:v2.6.7 shaba:v2.6.6 shaba:v2.6.5 shaba:v2.6.4 shaba:v2.7.0-rc2 shaba:v2.6.3 shaba:v2.7.0-rc1 shaba:v2.6.2 shaba:v2.6.1 shaba:v2.6.0 shaba:v2.6.0-rc3 shaba:v2.5.7 shaba:v2.6.0-rc2 shaba:v2.5.6 shaba:v2.6.0-rc1 shaba:v1.7.34 shaba:v2.5.5 shaba:v2.5.4 shaba:v1.7.33 shaba:v1.7.32 shaba:v1.7.31 shaba:v2.5.3 shaba:v2.5.2 shaba:v2.5.1 shaba:v2.5.0 shaba:v2.4.14 shaba:v2.5.0-rc6 shaba:v2.5.0-rc5 shaba:v2.5.0-rc4 shaba:v2.4.13 shaba:v2.4.12 shaba:v2.5.0-rc3 shaba:v2.4.11 shaba:v2.4.10 shaba:v2.5.0-rc2 shaba:v2.5.0-rc1 shaba:v2.4.9 shaba:v1.7.30 shaba:v1.7.29 shaba:v2.4.8 shaba:v2.4.7 shaba:v2.4.6 shaba:v2.4.5 shaba:v2.4.4 shaba:v2.4.3 shaba:v2.4.2 shaba:v2.4.1 shaba:v2.4.0 shaba:v1.7.28 shaba:v1.7.27 shaba:v2.4.0-rc2 shaba:v2.3.7 shaba:v2.3.6 shaba:v2.4.0-rc1 shaba:v2.3.5 shaba:v2.3.4 shaba:v2.3.3 shaba:v2.3.2 shaba:v2.3.1 shaba:v2.3.0 shaba:v2.3.0-rc7 shaba:v2.3.0-rc6 shaba:v2.3.0-rc5 shaba:v2.2.11 shaba:v2.2.10 shaba:v2.3.0-rc4 shaba:v2.3.0-rc3 shaba:v2.2.8 shaba:v1.7.26 shaba:v2.2.7 shaba:v2.2.6 shaba:v2.3.0-rc2 shaba:v2.3.0-rc1 shaba:v1.7.25 shaba:v2.2.5 shaba:v2.2.4 shaba:v2.2.3 shaba:v2.2.2 shaba:v2.2.1 shaba:v2.2.0 shaba:v1.7.24 shaba:v2.1.9 shaba:v1.7.23 shaba:v2.2.0-rc4 shaba:v2.1.8 shaba:v2.2.0-rc3 shaba:v2.1.7 shaba:v1.7.22 shaba:v2.2.0-rc2 shaba:v2.2.0-rc1 shaba:v2.1.6 shaba:v2.1.5 shaba:v1.7.21 shaba:v2.1.4 shaba:v2.1.3 shaba:v2.1.2 shaba:v2.1.1 shaba:v2.1.0 shaba:v1.7.20 shaba:v2.0.7 shaba:v2.1.0-rc3 shaba:v2.0.6 shaba:v2.1.0-rc2 shaba:v2.1.0-rc1 shaba:v2.0.5 shaba:v2.0.4 shaba:v2.0.3 shaba:v1.7.19 shaba:v2.0.2 shaba:v2.0.1 shaba:v1.7.18 shaba:v1.7.17 shaba:v2.0.0 shaba:v2.0.0-rc4 shaba:v1.7.16 shaba:v1.7.15 shaba:v2.0.0-rc3 shaba:v2.0.0-rc2 shaba:v2.0.0-rc1 shaba:v1.7.14 shaba:v1.7.13 shaba:v2.0.0-beta1 shaba:v2.0.0-alpha8 shaba:v2.0.0-alpha7 shaba:v2.0.0-alpha6 shaba:v2.0.0-alpha5 shaba:v1.7.12 shaba:v1.7.11 shaba:v2.0.0-alpha4 shaba:v2.0.0-alpha3 shaba:v1.7.10 shaba:v2.0.0-alpha2 shaba:v2.0.0-alpha1 shaba:v1.7.9 shaba:v1.7.8 shaba:v1.7.7 shaba:v1.7.6 shaba:v1.7.5 shaba:v1.7.4 shaba:v1.7.3 shaba:v1.7.2 shaba:v1.7.1 shaba:v1.7.0 shaba:v1.7.0-rc5 shaba:v1.7.0-rc4 shaba:v1.6.6 shaba:v1.7.0-rc3 shaba:v1.7.0-rc2 shaba:v1.6.5 shaba:v1.7.0-rc1 shaba:v1.6.4 shaba:v1.6.3 shaba:v1.6.2 shaba:v1.6.1 shaba:v1.6.0 shaba:v1.6.0-rc6 shaba:v1.6.0-rc5 shaba:v1.6.0-rc4 shaba:v1.6.0-rc3 shaba:v1.6.0-rc2 shaba:v1.6.0-rc1 shaba:v1.5.4 shaba:v1.5.3 shaba:v1.5.2 shaba:v1.5.1 shaba:v1.5.0 shaba:v1.5.0-rc5 shaba:v1.5.0-rc4 shaba:v1.4.6 shaba:v1.5.0-rc3 shaba:v1.5.0-rc2 shaba:v1.4.5 shaba:v1.5.0-rc1 shaba:v1.4.4 shaba:v1.4.3 shaba:v1.4.2 shaba:v1.4.1 shaba:v1.4.0 shaba:v1.4.0-rc5 shaba:v1.4.0-rc4 shaba:v1.4.0-rc3 shaba:v1.4.0-rc2 shaba:v1.3.8 shaba:v1.4.0-rc1 shaba:v1.3.7 shaba:v1.3.6 shaba:v1.3.5 shaba:v1.3.4 shaba:v1.3.3 shaba:v1.3.2 shaba:v1.3.1 shaba:v1.3.0 shaba:v1.3.0-rc3 shaba:v1.3.0-rc2 shaba:v1.3.0-rc1 shaba:v1.2.3 shaba:v1.2.2 shaba:v1.2.1 shaba:v1.2.0 shaba:v1.2.0-rc2 shaba:v1.2.0-rc1 shaba:v1.1.2 shaba:v1.1.1 shaba:v1.1.0 shaba:v1.1.0-rc4 shaba:v1.1.0-rc3 shaba:v1.1.0-rc2 shaba:v1.1.0-rc1 shaba:v1.0.3 shaba:v1.0.2 shaba:v1.0.1 shaba:v1.0.0 shaba:v1.0.0-rc3 shaba:v1.0.0-rc2 shaba:v1.0.0-rc1 shaba:v1.0.0-beta.809 shaba:v1.0.0-beta.804 shaba:v1.0.0-beta.794 shaba:v1.0.0-beta.784 shaba:v1.0.0-beta.771 shaba:v1.0.0-beta.767 shaba:v1.0.0-beta.756 shaba:v1.0.0-beta.754 shaba:v1.0.0-beta.744 shaba:v1.0.0-beta.732 shaba:v1.0.0-beta.723 shaba:v1.0.0-beta.721 shaba:v1.0.0-beta.712 shaba:v1.0.0-beta.704 shaba:v1.0.0-beta.695 shaba:v1.0.0-beta.692 shaba:v1.0.0-beta.682 shaba:v1.0.0-beta.676 shaba:v1.0.0-beta.673 shaba:v1.0.0-beta.666 shaba:v1.0.0-beta.652 shaba:v1.0.0-beta.644 shaba:v1.0.0-beta.621 shaba:v1.0.0-beta.614 shaba:v1.0.0-beta.610 shaba:v1.0.0-beta.601 shaba:v1.0.0-beta.582 shaba:v1.0.0-beta.576 shaba:v1.0.0-beta.573 shaba:v1.0.0-beta.555 shaba:v1.0.0-beta.548 shaba:v1.0.0-beta.545 shaba:v1.0.0-beta.524 shaba:v1.0.0-beta.513 shaba:v1.0.0-beta.508 shaba:v1.0.0-beta.505 shaba:v1.0.0-beta.484 shaba:v1.0.0-beta.481 shaba:v1.0.0-beta.475 shaba:v1.0.0-beta.470 shaba:v1.0.0-beta.453 shaba:v1.0.0-beta.442 shaba:v1.0.0-beta.440 shaba:v1.0.0-beta.436 shaba:v1.0.0-beta.433 shaba:v1.0.0-beta.427 shaba:v1.0.0-beta.421 shaba:v1.0.0-beta.416 shaba:v1.0.0-beta.408 shaba:v1.0.0-beta.404 shaba:v1.0.0-beta.395 shaba:v1.0.0-beta.392 shaba:v1.0.0-beta.374 shaba:v1.0.0-beta.366 shaba:v1.0.0-beta.355 shaba:v1.0.0-beta.352 shaba:v1.0.0-beta.341 shaba:v1.0.0-beta.339 shaba:v1.0.0-beta.324 shaba:v1.0.0-beta.300 shaba:v1.0.0-beta.291 shaba:v1.0.0-beta.289 shaba:v1.0.0-beta.287 shaba:v1.0.0-beta.280 shaba:v1.0.0-beta.277 shaba:v1.0.0-beta.254 shaba:v1.0.0-beta.247 shaba:v1.0.0-beta.224 shaba:v1.0.0-beta.220 shaba:v1.0.0-beta.212 shaba:v1.0.0-beta.211 shaba:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 shaba:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 shaba:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb shaba:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f shaba:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e shaba:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 shaba:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 shaba:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e shaba:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b shaba:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a shaba:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b shaba:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e shaba:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d shaba:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d shaba:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 shaba:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff shaba:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb shaba:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 shaba:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b shaba:v1.0.alpha.522 shaba:v1.0.alpha.516 shaba:v1.0.alpha.506 shaba:v1.0.alpha.481 shaba:v1.0.alpha.477 shaba:v1.0.alpha.471 shaba:v1.0.alpha.469 shaba:v1.0.alpha.463 shaba:v1.0.alpha.450 shaba:v1.0.alpha.443 shaba:v1.0.alpha.439 shaba:v1.0.alpha.425 shaba:v1.0.alpha.421 shaba:v1.0.alpha.418 shaba:v1.0.alpha.412 shaba:v1.0.alpha.404 shaba:v1.0.alpha.392 shaba:v1.0.alpha.374 shaba:v1.0.alpha.367 shaba:v1.0.alpha.364 shaba:v1.0.alpha.361 shaba:v1.0.alpha.358 shaba:v1.0.alpha.357 shaba:v1.0.alpha.341 shaba:v1.0.alpha.338 shaba:v1.0.alpha.336 shaba:v1.0.alpha.333 shaba:v1.0.alpha.329 shaba:v1.0.alpha.311 shaba:v1.0.alpha.306 shaba:v1.0.alpha.302 shaba:v1.0.alpha.291 shaba:v1.0.alpha.290 shaba:v1.0.alpha.288 shaba:v1.0.alpha.285 shaba:v1.0.alpha.275 shaba:v1.0.alpha.274 shaba:v1.0.alpha.273 shaba:v1.0.alpha.272 shaba:v1.0.alpha.271 shaba:v1.0.alpha.270 shaba:v1.0.alpha.268 shaba:v1.0.alpha.269 shaba:v1.0.alpha.267 shaba:v1.0.alpha.266 shaba:v1.0.alpha.263 shaba:v1.0.alpha.257 shaba:v1.0.alpha.256 shaba:v1.0.alpha.251 shaba:v1.0.alpha.252 shaba:v1.0.alpha.250 shaba:v1.0.alpha.249 shaba:v1.0.alpha.247 shaba:v1.0.alpha.228 shaba:v1.0.alpha.217 shaba:v1.0.alpha.216 shaba:v1.0.alpha.215 shaba:v1.0.alpha.212 shaba:v1.0.alpha.200 shaba:v1.0.alpha.186 shaba:v1.0.alpha.182 shaba:v1.0.alpha.178 shaba:v1.0.alpha.176 shaba:v1.0.alpha.171 shaba:v1.0.alpha.170 shaba:v1.0.alpha.164 shaba:v1.0.alpha.157 shaba:v1.0
...
compare: shaba:v3.2.0-rc1
Branches Tags
shaba:v3.5 shaba:v2.5 shaba:master shaba:v2.11 shaba:v3.4 shaba:v3.3 shaba:v3.2 shaba:v3.1 shaba:v3.0 shaba:v1.0 shaba:v1.1 shaba:v1.2 shaba:v1.3 shaba:v1.4 shaba:v2.10 shaba:v1.5 shaba:v1.6 shaba:v1.7 shaba:v2.0 shaba:v2.1 shaba:v2.2 shaba:v2.6 shaba:v2.7 shaba:v2.8 shaba:v2.9 shaba:v2.3 shaba:v2.4
shaba:v3.5.3 shaba:v3.5.2 shaba:v3.5.1 shaba:v2.11.29 shaba:v3.5.0 shaba:v3.4.5 shaba:v2.11.28 shaba:v3.5.0-rc2 shaba:v3.4.4 shaba:v2.11.27 shaba:v3.5.0-rc1 shaba:v3.4.3 shaba:v3.4.2 shaba:v2.11.26 shaba:v3.4.1 shaba:v2.11.25 shaba:v3.4.0 shaba:v3.3.7 shaba:v3.4.0-rc2 shaba:v3.3.6 shaba:v2.11.24 shaba:v2.11.23 shaba:v3.4.0-rc1 shaba:v3.3.5 shaba:v2.11.22 shaba:v3.3.4 shaba:v2.11.21 shaba:v3.3.3 shaba:v2.11.20 shaba:v2.11.19 shaba:v3.3.2 shaba:v2.11.18 shaba:v3.3.1 shaba:v3.2.5 shaba:v3.3.0 shaba:v3.2.4 shaba:v2.11.17 shaba:v3.3.0-rc2 shaba:v3.3.0-rc1 shaba:v3.2.3 shaba:v2.11.16 shaba:v3.2.2 shaba:v2.11.15 shaba:v3.2.1 shaba:v2.11.14 shaba:v3.2.0 shaba:v3.1.7 shaba:v2.11.13 shaba:v3.2.0-rc2 shaba:v3.1.6 shaba:v2.11.12 shaba:v3.2.0-rc1 shaba:v3.1.5 shaba:v2.11.11 shaba:v3.1.4 shaba:v2.11.10 shaba:v3.1.3 shaba:v2.11.9 shaba:v3.1.2 shaba:v2.11.8 shaba:v3.1.1 shaba:v2.11.7 shaba:v3.1.0 shaba:v3.1.0-rc3 shaba:v3.0.4 shaba:v2.11.6 shaba:v3.1.0-rc2 shaba:v3.1.0-rc1 shaba:v3.0.3 shaba:v2.11.5 shaba:v3.0.2 shaba:v2.11.4 shaba:v3.0.1 shaba:v2.11.3 shaba:v3.0.0 shaba:v3.0.0-rc5 shaba:v2.11.2 shaba:v3.0.0-rc4 shaba:v2.11.1 shaba:v3.0.0-rc3 shaba:v3.0.0-rc2 shaba:v3.0.0-rc1 shaba:v2.11.0 shaba:v2.11.0-rc2 shaba:v2.11.0-rc1 shaba:v2.10.7 shaba:v3.0.0-beta5 shaba:v2.10.6 shaba:v3.0.0-beta4 shaba:v2.10.5 shaba:v2.10.4 shaba:v3.0.0-beta3 shaba:v2.10.3 shaba:v2.10.2 shaba:v2.10.1 shaba:v2.10.0 shaba:v2.10.0-rc2 shaba:v2.9.10 shaba:v2.10.0-rc1 shaba:v2.9.9 shaba:v2.9.8 shaba:v2.9.7 shaba:v3.0.0-beta2 shaba:v2.9.6 shaba:v3.0.0-beta1 shaba:v2.9.5 shaba:v2.9.4 shaba:v2.9.3 shaba:v2.9.2 shaba:v2.9.1 shaba:v2.9.0-rc5 shaba:v2.8.8 shaba:v2.8.7 shaba:v2.9.0-rc4 shaba:v2.8.6 shaba:v2.9.0-rc3 shaba:v2.9.0-rc2 shaba:v2.9.0-rc1 shaba:v2.8.5 shaba:v2.8.4 shaba:v2.8.3 shaba:v2.8.2 shaba:v2.8.1 shaba:v2.8.0 shaba:v2.7.3 shaba:v2.8.0-rc2 shaba:v2.7.2 shaba:v2.8.0-rc1 shaba:v2.7.1 shaba:v2.7.0 shaba:v2.6.7 shaba:v2.6.6 shaba:v2.6.5 shaba:v2.6.4 shaba:v2.7.0-rc2 shaba:v2.6.3 shaba:v2.7.0-rc1 shaba:v2.6.2 shaba:v2.6.1 shaba:v2.6.0 shaba:v2.6.0-rc3 shaba:v2.5.7 shaba:v2.6.0-rc2 shaba:v2.5.6 shaba:v2.6.0-rc1 shaba:v1.7.34 shaba:v2.5.5 shaba:v2.5.4 shaba:v1.7.33 shaba:v1.7.32 shaba:v1.7.31 shaba:v2.5.3 shaba:v2.5.2 shaba:v2.5.1 shaba:v2.5.0 shaba:v2.4.14 shaba:v2.5.0-rc6 shaba:v2.5.0-rc5 shaba:v2.5.0-rc4 shaba:v2.4.13 shaba:v2.4.12 shaba:v2.5.0-rc3 shaba:v2.4.11 shaba:v2.4.10 shaba:v2.5.0-rc2 shaba:v2.5.0-rc1 shaba:v2.4.9 shaba:v1.7.30 shaba:v1.7.29 shaba:v2.4.8 shaba:v2.4.7 shaba:v2.4.6 shaba:v2.4.5 shaba:v2.4.4 shaba:v2.4.3 shaba:v2.4.2 shaba:v2.4.1 shaba:v2.4.0 shaba:v1.7.28 shaba:v1.7.27 shaba:v2.4.0-rc2 shaba:v2.3.7 shaba:v2.3.6 shaba:v2.4.0-rc1 shaba:v2.3.5 shaba:v2.3.4 shaba:v2.3.3 shaba:v2.3.2 shaba:v2.3.1 shaba:v2.3.0 shaba:v2.3.0-rc7 shaba:v2.3.0-rc6 shaba:v2.3.0-rc5 shaba:v2.2.11 shaba:v2.2.10 shaba:v2.3.0-rc4 shaba:v2.3.0-rc3 shaba:v2.2.8 shaba:v1.7.26 shaba:v2.2.7 shaba:v2.2.6 shaba:v2.3.0-rc2 shaba:v2.3.0-rc1 shaba:v1.7.25 shaba:v2.2.5 shaba:v2.2.4 shaba:v2.2.3 shaba:v2.2.2 shaba:v2.2.1 shaba:v2.2.0 shaba:v1.7.24 shaba:v2.1.9 shaba:v1.7.23 shaba:v2.2.0-rc4 shaba:v2.1.8 shaba:v2.2.0-rc3 shaba:v2.1.7 shaba:v1.7.22 shaba:v2.2.0-rc2 shaba:v2.2.0-rc1 shaba:v2.1.6 shaba:v2.1.5 shaba:v1.7.21 shaba:v2.1.4 shaba:v2.1.3 shaba:v2.1.2 shaba:v2.1.1 shaba:v2.1.0 shaba:v1.7.20 shaba:v2.0.7 shaba:v2.1.0-rc3 shaba:v2.0.6 shaba:v2.1.0-rc2 shaba:v2.1.0-rc1 shaba:v2.0.5 shaba:v2.0.4 shaba:v2.0.3 shaba:v1.7.19 shaba:v2.0.2 shaba:v2.0.1 shaba:v1.7.18 shaba:v1.7.17 shaba:v2.0.0 shaba:v2.0.0-rc4 shaba:v1.7.16 shaba:v1.7.15 shaba:v2.0.0-rc3 shaba:v2.0.0-rc2 shaba:v2.0.0-rc1 shaba:v1.7.14 shaba:v1.7.13 shaba:v2.0.0-beta1 shaba:v2.0.0-alpha8 shaba:v2.0.0-alpha7 shaba:v2.0.0-alpha6 shaba:v2.0.0-alpha5 shaba:v1.7.12 shaba:v1.7.11 shaba:v2.0.0-alpha4 shaba:v2.0.0-alpha3 shaba:v1.7.10 shaba:v2.0.0-alpha2 shaba:v2.0.0-alpha1 shaba:v1.7.9 shaba:v1.7.8 shaba:v1.7.7 shaba:v1.7.6 shaba:v1.7.5 shaba:v1.7.4 shaba:v1.7.3 shaba:v1.7.2 shaba:v1.7.1 shaba:v1.7.0 shaba:v1.7.0-rc5 shaba:v1.7.0-rc4 shaba:v1.6.6 shaba:v1.7.0-rc3 shaba:v1.7.0-rc2 shaba:v1.6.5 shaba:v1.7.0-rc1 shaba:v1.6.4 shaba:v1.6.3 shaba:v1.6.2 shaba:v1.6.1 shaba:v1.6.0 shaba:v1.6.0-rc6 shaba:v1.6.0-rc5 shaba:v1.6.0-rc4 shaba:v1.6.0-rc3 shaba:v1.6.0-rc2 shaba:v1.6.0-rc1 shaba:v1.5.4 shaba:v1.5.3 shaba:v1.5.2 shaba:v1.5.1 shaba:v1.5.0 shaba:v1.5.0-rc5 shaba:v1.5.0-rc4 shaba:v1.4.6 shaba:v1.5.0-rc3 shaba:v1.5.0-rc2 shaba:v1.4.5 shaba:v1.5.0-rc1 shaba:v1.4.4 shaba:v1.4.3 shaba:v1.4.2 shaba:v1.4.1 shaba:v1.4.0 shaba:v1.4.0-rc5 shaba:v1.4.0-rc4 shaba:v1.4.0-rc3 shaba:v1.4.0-rc2 shaba:v1.3.8 shaba:v1.4.0-rc1 shaba:v1.3.7 shaba:v1.3.6 shaba:v1.3.5 shaba:v1.3.4 shaba:v1.3.3 shaba:v1.3.2 shaba:v1.3.1 shaba:v1.3.0 shaba:v1.3.0-rc3 shaba:v1.3.0-rc2 shaba:v1.3.0-rc1 shaba:v1.2.3 shaba:v1.2.2 shaba:v1.2.1 shaba:v1.2.0 shaba:v1.2.0-rc2 shaba:v1.2.0-rc1 shaba:v1.1.2 shaba:v1.1.1 shaba:v1.1.0 shaba:v1.1.0-rc4 shaba:v1.1.0-rc3 shaba:v1.1.0-rc2 shaba:v1.1.0-rc1 shaba:v1.0.3 shaba:v1.0.2 shaba:v1.0.1 shaba:v1.0.0 shaba:v1.0.0-rc3 shaba:v1.0.0-rc2 shaba:v1.0.0-rc1 shaba:v1.0.0-beta.809 shaba:v1.0.0-beta.804 shaba:v1.0.0-beta.794 shaba:v1.0.0-beta.784 shaba:v1.0.0-beta.771 shaba:v1.0.0-beta.767 shaba:v1.0.0-beta.756 shaba:v1.0.0-beta.754 shaba:v1.0.0-beta.744 shaba:v1.0.0-beta.732 shaba:v1.0.0-beta.723 shaba:v1.0.0-beta.721 shaba:v1.0.0-beta.712 shaba:v1.0.0-beta.704 shaba:v1.0.0-beta.695 shaba:v1.0.0-beta.692 shaba:v1.0.0-beta.682 shaba:v1.0.0-beta.676 shaba:v1.0.0-beta.673 shaba:v1.0.0-beta.666 shaba:v1.0.0-beta.652 shaba:v1.0.0-beta.644 shaba:v1.0.0-beta.621 shaba:v1.0.0-beta.614 shaba:v1.0.0-beta.610 shaba:v1.0.0-beta.601 shaba:v1.0.0-beta.582 shaba:v1.0.0-beta.576 shaba:v1.0.0-beta.573 shaba:v1.0.0-beta.555 shaba:v1.0.0-beta.548 shaba:v1.0.0-beta.545 shaba:v1.0.0-beta.524 shaba:v1.0.0-beta.513 shaba:v1.0.0-beta.508 shaba:v1.0.0-beta.505 shaba:v1.0.0-beta.484 shaba:v1.0.0-beta.481 shaba:v1.0.0-beta.475 shaba:v1.0.0-beta.470 shaba:v1.0.0-beta.453 shaba:v1.0.0-beta.442 shaba:v1.0.0-beta.440 shaba:v1.0.0-beta.436 shaba:v1.0.0-beta.433 shaba:v1.0.0-beta.427 shaba:v1.0.0-beta.421 shaba:v1.0.0-beta.416 shaba:v1.0.0-beta.408 shaba:v1.0.0-beta.404 shaba:v1.0.0-beta.395 shaba:v1.0.0-beta.392 shaba:v1.0.0-beta.374 shaba:v1.0.0-beta.366 shaba:v1.0.0-beta.355 shaba:v1.0.0-beta.352 shaba:v1.0.0-beta.341 shaba:v1.0.0-beta.339 shaba:v1.0.0-beta.324 shaba:v1.0.0-beta.300 shaba:v1.0.0-beta.291 shaba:v1.0.0-beta.289 shaba:v1.0.0-beta.287 shaba:v1.0.0-beta.280 shaba:v1.0.0-beta.277 shaba:v1.0.0-beta.254 shaba:v1.0.0-beta.247 shaba:v1.0.0-beta.224 shaba:v1.0.0-beta.220 shaba:v1.0.0-beta.212 shaba:v1.0.0-beta.211 shaba:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 shaba:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 shaba:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb shaba:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f shaba:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e shaba:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 shaba:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 shaba:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e shaba:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b shaba:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a shaba:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b shaba:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e shaba:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d shaba:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d shaba:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 shaba:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff shaba:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb shaba:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 shaba:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b shaba:v1.0.alpha.522 shaba:v1.0.alpha.516 shaba:v1.0.alpha.506 shaba:v1.0.alpha.481 shaba:v1.0.alpha.477 shaba:v1.0.alpha.471 shaba:v1.0.alpha.469 shaba:v1.0.alpha.463 shaba:v1.0.alpha.450 shaba:v1.0.alpha.443 shaba:v1.0.alpha.439 shaba:v1.0.alpha.425 shaba:v1.0.alpha.421 shaba:v1.0.alpha.418 shaba:v1.0.alpha.412 shaba:v1.0.alpha.404 shaba:v1.0.alpha.392 shaba:v1.0.alpha.374 shaba:v1.0.alpha.367 shaba:v1.0.alpha.364 shaba:v1.0.alpha.361 shaba:v1.0.alpha.358 shaba:v1.0.alpha.357 shaba:v1.0.alpha.341 shaba:v1.0.alpha.338 shaba:v1.0.alpha.336 shaba:v1.0.alpha.333 shaba:v1.0.alpha.329 shaba:v1.0.alpha.311 shaba:v1.0.alpha.306 shaba:v1.0.alpha.302 shaba:v1.0.alpha.291 shaba:v1.0.alpha.290 shaba:v1.0.alpha.288 shaba:v1.0.alpha.285 shaba:v1.0.alpha.275 shaba:v1.0.alpha.274 shaba:v1.0.alpha.273 shaba:v1.0.alpha.272 shaba:v1.0.alpha.271 shaba:v1.0.alpha.270 shaba:v1.0.alpha.268 shaba:v1.0.alpha.269 shaba:v1.0.alpha.267 shaba:v1.0.alpha.266 shaba:v1.0.alpha.263 shaba:v1.0.alpha.257 shaba:v1.0.alpha.256 shaba:v1.0.alpha.251 shaba:v1.0.alpha.252 shaba:v1.0.alpha.250 shaba:v1.0.alpha.249 shaba:v1.0.alpha.247 shaba:v1.0.alpha.228 shaba:v1.0.alpha.217 shaba:v1.0.alpha.216 shaba:v1.0.alpha.215 shaba:v1.0.alpha.212 shaba:v1.0.alpha.200 shaba:v1.0.alpha.186 shaba:v1.0.alpha.182 shaba:v1.0.alpha.178 shaba:v1.0.alpha.176 shaba:v1.0.alpha.171 shaba:v1.0.alpha.170 shaba:v1.0.alpha.164 shaba:v1.0.alpha.157 shaba:v1.0

34 Commits
v3.1.6 ... v3.2.0-rc1

Author SHA1 Message Date
Romain
a7502c8700 Prepare Release v3.2.0-rc1 2024-10-02 16:24:04 +02:00
kevinpollet
54c3afd760 Merge branch v3.1 into master 2024-10-02 15:32:09 +02:00
Romain
373095f1a8 Support NativeLB option in GatewayAPI provider 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2024-10-02 10:34:04 +02:00
Kevin Pollet
d317cd90fc Support HTTPRoute destination port matching 2024-09-27 12:12:05 +02:00
Carlos Martell
eccfcc0924 feat: allow setting service.name for OTLP metrics 2024-09-27 11:58:05 +02:00
Kevin Pollet
7bb181dfa0 Bump sigs.k8s.io/gateway-api to v1.2.0-rc2 2024-09-27 11:02:04 +02:00
Dan Everton
fbf6757ce9 Support for watching instead of polling Nomad 2024-09-26 15:56:04 +02:00
Kevin Pollet
f8a78b3b25 Introduce a fast proxy mode to improve HTTP/1.1 performances with backends 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
 2024-09-26 11:00:05 +02:00
Romain
a6db1cac37 Update sigs.k8s.io/gateway-api to v1.2.0-rc1 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2024-09-26 09:12:04 +02:00
Michal Kralik
312ebb17ab Add support for ipv6 subnet in ipStrategy 2024-09-24 18:04:05 +02:00
kevinpollet
a398536688 Merge branch v3.1 into master 2024-09-20 09:51:54 +02:00
Romain
42e1f2c9b1 Add supported features to the Gateway API GatewayClass status 2024-09-17 16:40:04 +02:00
Romain
1ebd12ff82 Add support for Gateway API BackendTLSPolicies 2024-09-17 10:50:04 +02:00
Lucas Rodriguez
9750bbc353 Configurable max request header size 2024-09-16 11:30:04 +02:00
Ludovic Fernandez
ac1dad3d14 Add support for custom CA certificates by certificate resolver 2024-09-09 17:24:04 +02:00
Romain
e222d5cb2f Add support for backend protocol selection in HTTP and GRPC routes 2024-09-09 10:08:08 +02:00
Michael
9dc2155e63 Fix sync docker images latest tag 2024-09-06 09:56:03 +02:00
Michael
c2cb4fac10 Sync docker images from docker hub to ghcr 2024-09-05 10:02:04 +02:00
weijiany
e8335a94a4 Record trace id and EntryPoint span id into access log 2024-09-03 16:40:04 +02:00
Romain
3eb7ecce19 Improve Kubernetes GatewayAPI TCPRoute and TLSRoute support 2024-09-03 12:10:04 +02:00
mmatur
0b34e0cdcb Merge current v3.1 into master 2024-09-03 10:31:10 +02:00
Matteo Paier
eb99c8c785 Add mirrorBody option to HTTP mirroring 2024-09-02 16:36:06 +02:00
Romain
51f7f610c9 Add versioning for Gateway API Conformance Test Report 2024-08-30 17:14:03 +02:00
Kevin Pollet
5ed972ccd8 Support GRPC routes 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2024-08-30 10:36:06 +02:00
Emrio
6b3167d03e Remove same email requirement for certresolvers 2024-08-29 11:36:05 +02:00
mmatur
8dc9607db7 Merge current v3.1 into master 2024-08-29 10:09:18 +02:00
Kevin Pollet
12a37346a4 Support ResponseHeaderModifier filter 2024-08-12 11:34:04 +02:00
Luke Rindels
78079377e8 Add 30 day certificatesDuration step 2024-08-08 10:22:05 +02:00
Wolfgang Ellsässer
75881359ab Add encodings option to the compression middleware 2024-08-07 16:20:04 +02:00
kevinpollet
b611f967b7 Merge branch v3.1 into master 2024-08-06 16:38:39 +02:00
July
bd93e224de Support HTTP BasicAuth for docker and swarm endpoint 2024-08-01 14:26:04 +02:00
mmatur
e8324132f9 Merge current v3.1 into master 2024-07-30 15:54:24 +02:00
GaleHuang
957a5f5e73 feat: forwardAuth support LogUserHeader 2024-07-29 14:30:05 +02:00
romain
87db3300d3 Merge current v3.1 into master 2024-07-16 09:38:17 +02:00
183 changed files with 24794 additions and 13094 deletions
Expand all files Collapse all files

26
.github/workflows/sync-docker-images.yaml vendored Normal file
View File

@@ -0,0 +1,26 @@
name: Sync Docker Images
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *" # Run every day
jobs:
sync:
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
if: github.repository == 'traefik/traefik'
steps:
- uses: actions/checkout@v4
- uses: imjasonh/setup-crane@v0.4
- name: Sync
run: |
EXCLUDED_TAGS="1.7.9-alpine v1.0.0-beta.392 v1.0.0-beta.404 v1.0.0-beta.704 v1.0.0-rc1 v1.7.9-alpine"
EXCLUDED_REGEX=$(echo $EXCLUDED_TAGS | sed 's/ /|/g')
diff <(crane ls traefik) <(crane ls ghcr.io/traefik/traefik) | grep '^<' | awk '{print $2}' | while read -r tag; do [[ "$tag" =~ ^($EXCLUDED_REGEX)$ ]] || (echo "Processing image: traefik:$tag"; crane cp "traefik:$tag" "ghcr.io/traefik/traefik:$tag"); done
crane cp traefik:latest ghcr.io/traefik/traefik:latest

6
.github/workflows/test-conformance.yaml vendored
View File

@@ -33,5 +33,7 @@ jobs:
- name: Avoid generating webui
run: touch webui/static/index.html
- name: K8s Gateway API conformance test
run: make test-gateway-api-conformance
- name: K8s Gateway API conformance test and report
run: |
make test-gateway-api-conformance
git diff --exit-code

2
.gitignore vendored
View File

@@ -19,4 +19,4 @@ plugins-storage/
plugins-local/
traefik_changelog.md
integration/tailscale.secret
integration/conformance-reports/
integration/conformance-reports/**/experimental-dev-default-report.yaml

6
.golangci.yml
View File

@@ -229,7 +229,7 @@ issues:
text: 'struct-tag: unknown option ''inline'' in JSON tag'
linters:
- revive
- path: pkg/server/service/bufferpool.go
- path: pkg/proxy/httputil/bufferpool.go
text: 'SA6002: argument should be pointer-like to avoid allocations'
- path: pkg/server/middleware/middlewares.go
text: "Function 'buildConstructor' has too many statements"
@@ -283,3 +283,7 @@ issues:
- path: pkg/provider/acme/local_store.go
linters:
- musttag
- path: pkg/types/metrics.go
linters:
- goconst

2
.semaphore/semaphore.yml
View File

@@ -46,7 +46,7 @@ blocks:
- name: GH_VERSION
value: 2.32.1
- name: CODENAME
value: "comte"
value: "munster"
prologue:
commands:
- export VERSION=${SEMAPHORE_GIT_TAG_NAME}

28
CHANGELOG.md
View File

@@ -1,3 +1,31 @@
## [v3.2.0-rc1](https://github.com/traefik/traefik/tree/v3.2.0-rc1) (2024-10-02)
[All Commits](https://github.com/traefik/traefik/compare/v3.1.0-rc1...v3.2.0-rc1)
**Enhancements:**
- **[acme]** Remove same email requirement for certresolvers ([#11019](https://github.com/traefik/traefik/pull/11019) by [Emrio](https://github.com/Emrio))
- **[acme]** Add support for custom CA certificates by certificate resolver ([#10816](https://github.com/traefik/traefik/pull/10816) by [ldez](https://github.com/ldez))
- **[acme]** Add 30 day certificatesDuration step ([#10970](https://github.com/traefik/traefik/pull/10970) by [luker983](https://github.com/luker983))
- **[docker]** Support HTTP BasicAuth for docker and swarm endpoint ([#10776](https://github.com/traefik/traefik/pull/10776) by [985492783](https://github.com/985492783))
- **[k8s,k8s/gatewayapi]** Add supported features to the Gateway API GatewayClass status ([#11056](https://github.com/traefik/traefik/pull/11056) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Update sigs.k8s.io/gateway-api to v1.2.0-rc1 ([#11124](https://github.com/traefik/traefik/pull/11124) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Add support for backend protocol selection in HTTP and GRPC routes ([#11051](https://github.com/traefik/traefik/pull/11051) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Improve Kubernetes GatewayAPI TCPRoute and TLSRoute support ([#11042](https://github.com/traefik/traefik/pull/11042) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Support HTTPRoute destination port matching ([#11134](https://github.com/traefik/traefik/pull/11134) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s,k8s/gatewayapi]** Bump sigs.k8s.io/gateway-api to v1.2.0-rc2 ([#11131](https://github.com/traefik/traefik/pull/11131) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s,k8s/gatewayapi]** Add support for Gateway API BackendTLSPolicies ([#11009](https://github.com/traefik/traefik/pull/11009) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Support NativeLB option in GatewayAPI provider ([#11147](https://github.com/traefik/traefik/pull/11147) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Support ResponseHeaderModifier filter ([#10987](https://github.com/traefik/traefik/pull/10987) by [kevinpollet](https://github.com/kevinpollet))
- **[k8s,k8s/gatewayapi]** Support GRPC routes ([#10975](https://github.com/traefik/traefik/pull/10975) by [kevinpollet](https://github.com/kevinpollet))
- **[metrics,otel]** Allow setting service.name for OTLP metrics ([#10917](https://github.com/traefik/traefik/pull/10917) by [cmartell-at-ocp](https://github.com/cmartell-at-ocp))
- **[middleware,accesslogs]** Record trace id and EntryPoint span id into access log ([#10921](https://github.com/traefik/traefik/pull/10921) by [weijiany](https://github.com/weijiany))
- **[middleware,authentication]** Support LogUserHeader with forwardAuth middleware ([#10833](https://github.com/traefik/traefik/pull/10833) by [GaleHuang](https://github.com/GaleHuang))
- **[middleware]** Add encodings option to the compression middleware ([#10943](https://github.com/traefik/traefik/pull/10943) by [wollomatic](https://github.com/wollomatic))
- **[middleware]** Add support for ipv6 subnet in ipStrategy ([#9747](https://github.com/traefik/traefik/pull/9747) by [michal-kralik](https://github.com/michal-kralik))
- **[nomad]** Support for watching instead of polling Nomad ([#10997](https://github.com/traefik/traefik/pull/10997) by [deverton-godaddy](https://github.com/deverton-godaddy))
- **[server,performance]** Introduce a fast proxy mode to improve HTTP/1.1 performances with backends ([#11122](https://github.com/traefik/traefik/pull/11122) by [kevinpollet](https://github.com/kevinpollet))
- **[server]** Configurable max request header size ([#10995](https://github.com/traefik/traefik/pull/10995) by [lucasrod16](https://github.com/lucasrod16))
- **[service]** Add mirrorBody option to HTTP mirroring ([#11032](https://github.com/traefik/traefik/pull/11032) by [MatteoPaier](https://github.com/MatteoPaier))
## [v3.1.5](https://github.com/traefik/traefik/tree/v3.1.5) (2024-10-02)
[All Commits](https://github.com/traefik/traefik/compare/v3.1.4...v3.1.5)

3
Makefile
View File

@@ -103,7 +103,8 @@ test-integration: binary
.PHONY: test-gateway-api-conformance
#? test-gateway-api-conformance: Run the conformance tests
test-gateway-api-conformance: build-image-dirty
GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -v -test.run K8sConformanceSuite -k8sConformance $(TESTFLAGS)
# In case of a new Minor/Major version, the k8sConformanceTraefikVersion needs to be updated.
GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -v -test.run K8sConformanceSuite -k8sConformance -k8sConformanceTraefikVersion="v3.2" $(TESTFLAGS)
.PHONY: test-ui-unit
#? test-ui-unit: Run the unit tests for the webui

15
cmd/traefik/traefik.go
View File

@@ -37,6 +37,8 @@ import (
"github.com/traefik/traefik/v3/pkg/provider/aggregator"
"github.com/traefik/traefik/v3/pkg/provider/tailscale"
"github.com/traefik/traefik/v3/pkg/provider/traefik"
"github.com/traefik/traefik/v3/pkg/proxy"
"github.com/traefik/traefik/v3/pkg/proxy/httputil"
"github.com/traefik/traefik/v3/pkg/safe"
"github.com/traefik/traefik/v3/pkg/server"
"github.com/traefik/traefik/v3/pkg/server/middleware"
@@ -281,10 +283,16 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
log.Info().Msg("Successfully obtained SPIFFE SVID.")
}
roundTripperManager := service.NewRoundTripperManager(spiffeX509Source)
transportManager := service.NewTransportManager(spiffeX509Source)
var proxyBuilder service.ProxyBuilder = httputil.NewProxyBuilder(transportManager, semConvMetricRegistry)
if staticConfiguration.Experimental != nil && staticConfiguration.Experimental.FastProxy != nil {
proxyBuilder = proxy.NewSmartBuilder(transportManager, proxyBuilder, *staticConfiguration.Experimental.FastProxy)
}
dialerManager := tcp.NewDialerManager(spiffeX509Source)
acmeHTTPHandler := getHTTPChallengeHandler(acmeProviders, httpChallengeProvider)
managerFactory := service.NewManagerFactory(*staticConfiguration, routinesPool, observabilityMgr, roundTripperManager, acmeHTTPHandler)
managerFactory := service.NewManagerFactory(*staticConfiguration, routinesPool, observabilityMgr, transportManager, proxyBuilder, acmeHTTPHandler)
// Router factory
@@ -318,7 +326,8 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
// Server Transports
watcher.AddListener(func(conf dynamic.Configuration) {
roundTripperManager.Update(conf.HTTP.ServersTransports)
transportManager.Update(conf.HTTP.ServersTransports)
proxyBuilder.Update(conf.HTTP.ServersTransports)
dialerManager.Update(conf.TCP.ServersTransports)
})

2
docs/content/contributing/submitting-pull-requests.md
View File

@@ -91,6 +91,8 @@ You must run these local verifications before you submit your pull request to pr
Your PR will not be reviewed until these are green on the CI.
* `make generate`
* `make generate-crd`
* `make test-gateway-api-conformance`
* `make validate`
* `make pull-images`
* `make test`

2
docs/content/getting-started/configuration-overview.md
View File

@@ -79,7 +79,7 @@ traefik --help
# or
docker run traefik[:version] --help
# ex: docker run traefik:v3.1 --help
# ex: docker run traefik:v3.2 --help
```
Check the [CLI reference](../reference/static-configuration/cli.md "Link to CLI reference overview") for an overview about all available arguments.

8
docs/content/getting-started/install-traefik.md
View File

@@ -16,12 +16,12 @@ You can install Traefik with the following flavors:
Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file:
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.1/traefik.sample.yml)
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.1/traefik.sample.toml)
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.2/traefik.sample.yml)
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.2/traefik.sample.toml)
```shell
docker run -d -p 8080:8080 -p 80:80 \
-v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.1
-v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.2
```
For more details, go to the [Docker provider documentation](../providers/docker.md)
@@ -29,7 +29,7 @@ For more details, go to the [Docker provider documentation](../providers/docker.
!!! tip
* Prefer a fixed version than the latest that could be an unexpected version.
ex: `traefik:v3.1`
ex: `traefik:v3.2`
* Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine).
* Any orchestrator using docker images can fetch the official Traefik docker image.

2
docs/content/getting-started/quick-start-with-kubernetes.md
View File

@@ -154,7 +154,7 @@ spec:
serviceAccountName: traefik-account
containers:
- name: traefik
image: traefik:v3.1
image: traefik:v3.2
args:
- --api.insecure
- --providers.kubernetesingress

2
docs/content/getting-started/quick-start.md
View File

@@ -20,7 +20,7 @@ version: '3'
services:
reverse-proxy:
# The official v3 Traefik docker image
image: traefik:v3.1
image: traefik:v3.2
# Enables the web UI and tells Traefik to listen to docker
command: --api.insecure=true --providers.docker
ports:

104
docs/content/https/acme.md
View File

@@ -621,6 +621,7 @@ It defaults to `2160` (90 days) to follow Let's Encrypt certificates' duration.
|----------------------|-------------------|-------------------------|
| >= 1 year | 4 months | 1 week |
| >= 90 days | 30 days | 1 day |
| >= 30 days | 10 days | 12 hours |
| >= 7 days | 1 day | 1 hour |
| >= 24 hours | 6 hours | 10 min |
| < 24 hours | 20 min | 1 min |
@@ -708,6 +709,109 @@ certificatesResolvers:
# ...
```
### `caCertificates`
_Optional, Default=[]_
The `caCertificates` option specifies the paths to PEM encoded CA Certificates that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list.
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
acme:
# ...
caCertificates:
- path/certificates1.pem
- path/certificates2.pem
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
caCertificates = [ "path/certificates1.pem", "path/certificates2.pem" ]
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.caCertificates="path/certificates1.pem,path/certificates2.pem"
# ...
```
??? note "LEGO Environment Variable"
It can be defined globally by using the environment variable `LEGO_CA_CERTIFICATES`.
This environment variable is neither a fallback nor an override of the configuration option.
### `caSystemCertPool`
_Optional, Default=false_
The `caSystemCertPool` option defines if the certificates pool must use a copy of the system cert pool.
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
acme:
# ...
caSystemCertPool: true
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
caSystemCertPool = true
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.caSystemCertPool=true
# ...
```
??? note "LEGO Environment Variable"
It can be defined globally by using the environment variable `LEGO_CA_SYSTEM_CERT_POOL`.
`LEGO_CA_SYSTEM_CERT_POOL` is ignored if `LEGO_CA_CERTIFICATES` is not set or empty.
This environment variable is neither a fallback nor an override of the configuration option.
### `caServerName`
_Optional, Default=""_
The `caServerName` option specifies the CA server name that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list.
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
acme:
# ...
caServerName: "my-server"
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
caServerName = "my-server"
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.caServerName="my-server"
# ...
```
??? note "LEGO Environment Variable"
It can be defined globally by using the environment variable `LEGO_CA_SERVER_NAME`.
`LEGO_CA_SERVER_NAME` is ignored if `LEGO_CA_CERTIFICATES` is not set or empty.
This environment variable is neither a fallback nor an override of the configuration option.
## Fallback
If Let's Encrypt is not reachable, the following certificates will apply:

45
docs/content/middlewares/http/compress.md
View File

@@ -255,3 +255,48 @@ http:
[http.middlewares.test-compress.compress]
defaultEncoding = "gzip"
```
### `encodings`
_Optional, Default="zstd, br, gzip"_
`encodings` specifies the list of supported compression encodings.
At least one encoding value must be specified, and valid entries are `zstd` (Zstandard), `br` (Brotli), and `gzip` (Gzip).
The order of the list also sets the priority, the top entry has the highest priority.
```yaml tab="Docker & Swarm"
labels:
- "traefik.http.middlewares.test-compress.compress.encodings=zstd,br"
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: test-compress
spec:
compress:
encodings:
- zstd
- br
```
```yaml tab="Consul Catalog"
- "traefik.http.middlewares.test-compress.compress.encodings=zstd,br"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-compress:
compress:
encodings:
- zstd
- br
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-compress.compress]
encodings = ["zstd","br"]
```

41
docs/content/middlewares/http/forwardauth.md
View File

@@ -571,3 +571,44 @@ http:
[http.middlewares.test-auth.forwardAuth.tls]
insecureSkipVerify: true
```
### `headerField`
_Optional_
You can define a header field to store the authenticated user using the `headerField`option.
```yaml tab="Docker & Swarm"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.headerField=X-WebAuth-User"
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: test-auth
spec:
forwardAuth:
# ...
headerField: X-WebAuth-User
```
```json tab="Consul Catalog"
- "traefik.http.middlewares.test-auth.forwardauth.headerField=X-WebAuth-User"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-auth:
forwardAuth:
# ...
headerField: "X-WebAuth-User"
```
```toml tab="File (TOML)"
[http.middlewares.test-auth.forwardAuth]
# ...
headerField = "X-WebAuth-User"
```

62
docs/content/middlewares/http/inflightreq.md
View File

@@ -101,7 +101,7 @@ If none are set, the default is to use the `requestHost`.
#### `sourceCriterion.ipStrategy`
The `ipStrategy` option defines two parameters that configures how Traefik determines the client IP: `depth`, and `excludedIPs`.
The `ipStrategy` option defines three parameters that configures how Traefik determines the client IP: `depth`, `excludedIPs` and `ipv6Subnet`.
!!! important "As a middleware, InFlightReq happens before the actual proxying to the backend takes place. In addition, the previous network hop only gets appended to `X-Forwarded-For` during the last stages of proxying, i.e. after it has already passed through the middleware. Therefore, during InFlightReq, as the previous network hop is not yet present in `X-Forwarded-For`, it cannot be used and/or relied upon."
@@ -112,6 +112,9 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and select
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP is empty.
- `depth` is ignored if its value is less than or equal to 0.
If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.
!!! example "Example of Depth & X-Forwarded-For"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).
@@ -218,6 +221,63 @@ http:
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
##### `ipStrategy.ipv6Subnet`
This strategy applies to `Depth` and `RemoteAddr` strategy only.
If `ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
This is useful for grouping IPv6 addresses into subnets to prevent bypassing this middleware by obtaining a new IPv6.
- `ipv6Subnet` is ignored if its value is outside of 0-128 interval
!!! example "Example of ipv6Subnet"
If `ipv6Subnet` is provided, the IP is transformed in the following way.
| `IP` | `ipv6Subnet` | clientIP |
|---------------------------|--------------|-----------------------|
| `"::abcd:1111:2222:3333"` | `64` | `"::0:0:0:0"` |
| `"::abcd:1111:2222:3333"` | `80` | `"::abcd:0:0:0:0"` |
| `"::abcd:1111:2222:3333"` | `96` | `"::abcd:1111:0:0:0"` |
```yaml tab="Docker & Swarm"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.ipv6Subnet=64"
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: test-inflightreq
spec:
inFlightReq:
sourceCriterion:
ipStrategy:
ipv6Subnet: 64
```
```yaml tab="Consul Catalog"
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.ipv6Subnet=64"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-inflightreq:
inFlightReq:
sourceCriterion:
ipStrategy:
ipv6Subnet: 64
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion.ipStrategy]
ipv6Subnet = 64
```
#### `sourceCriterion.requestHeaderName`
Name of the header used to group incoming requests.

60
docs/content/middlewares/http/ipallowlist.md
View File

@@ -75,6 +75,9 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
- `depth` is ignored if its value is less than or equal to 0.
If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.
!!! example "Examples of Depth & X-Forwarded-For"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used is `"12.0.0.1"` (`depth=2`).
@@ -204,3 +207,60 @@ http:
[http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
#### `ipStrategy.ipv6Subnet`
This strategy applies to `Depth` and `RemoteAddr` strategy only.
If `ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
This is useful for grouping IPv6 addresses into subnets to prevent bypassing this middleware by obtaining a new IPv6.
- `ipv6Subnet` is ignored if its value is outside of 0-128 interval
!!! example "Example of ipv6Subnet"
If `ipv6Subnet` is provided, the IP is transformed in the following way.
| `IP` | `ipv6Subnet` | clientIP |
|---------------------------|--------------|-----------------------|
| `"::abcd:1111:2222:3333"` | `64` | `"::0:0:0:0"` |
| `"::abcd:1111:2222:3333"` | `80` | `"::abcd:0:0:0:0"` |
| `"::abcd:1111:2222:3333"` | `96` | `"::abcd:1111:0:0:0"` |
```yaml tab="Docker & Swarm"
labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcecriterion.ipstrategy.ipv6Subnet=64"
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: test-ipallowlist
spec:
ipallowlist:
sourceCriterion:
ipStrategy:
ipv6Subnet: 64
```
```yaml tab="Consul Catalog"
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcecriterion.ipstrategy.ipv6Subnet=64"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-ipallowlist:
ipallowlist:
sourceCriterion:
ipStrategy:
ipv6Subnet: 64
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ipallowlist.ipallowlist]
[http.middlewares.test-ipallowlist.ipallowlist.sourceCriterion.ipStrategy]
ipv6Subnet = 64
```

60
docs/content/middlewares/http/ipwhitelist.md
View File

@@ -81,6 +81,9 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
- `depth` is ignored if its value is less than or equal to 0.
If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.
!!! example "Examples of Depth & X-Forwarded-For"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used for the whitelisting is `"12.0.0.1"` (`depth=2`).
@@ -210,3 +213,60 @@ http:
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
#### `ipStrategy.ipv6Subnet`
This strategy applies to `Depth` and `RemoteAddr` strategy only.
If `ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
This is useful for grouping IPv6 addresses into subnets to prevent bypassing this middleware by obtaining a new IPv6.
- `ipv6Subnet` is ignored if its value is outside of 0-128 interval
!!! example "Example of ipv6Subnet"
If `ipv6Subnet` is provided, the IP is transformed in the following way.
| `IP` | `ipv6Subnet` | clientIP |
|---------------------------|--------------|-----------------------|
| `"::abcd:1111:2222:3333"` | `64` | `"::0:0:0:0"` |
| `"::abcd:1111:2222:3333"` | `80` | `"::abcd:0:0:0:0"` |
| `"::abcd:1111:2222:3333"` | `96` | `"::abcd:1111:0:0:0"` |
```yaml tab="Docker & Swarm"
labels:
- "traefik.http.middlewares.test-ipWhiteList.ipWhiteList.sourcecriterion.ipstrategy.ipv6Subnet=64"
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: test-ipWhiteList
spec:
ipWhiteList:
sourceCriterion:
ipStrategy:
ipv6Subnet: 64
```
```yaml tab="Consul Catalog"
- "traefik.http.middlewares.test-ipWhiteList.ipWhiteList.sourcecriterion.ipstrategy.ipv6Subnet=64"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-ipWhiteList:
ipWhiteList:
sourceCriterion:
ipStrategy:
ipv6Subnet: 64
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ipWhiteList.ipWhiteList]
[http.middlewares.test-ipWhiteList.ipWhiteList.sourceCriterion.ipStrategy]
ipv6Subnet = 64
```

62
docs/content/middlewares/http/ratelimit.md
View File

@@ -211,7 +211,7 @@ If none are set, the default is to use the request's remote address field (as an
#### `sourceCriterion.ipStrategy`
The `ipStrategy` option defines two parameters that configures how Traefik determines the client IP: `depth`, and `excludedIPs`.
The `ipStrategy` option defines three parameters that configures how Traefik determines the client IP: `depth`, `excludedIPs` and `ipv6Subnet`.
!!! important "As a middleware, rate-limiting happens before the actual proxying to the backend takes place. In addition, the previous network hop only gets appended to `X-Forwarded-For` during the last stages of proxying, i.e. after it has already passed through rate-limiting. Therefore, during rate-limiting, as the previous network hop is not yet present in `X-Forwarded-For`, it cannot be found and/or relied upon."
@@ -222,6 +222,9 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and select
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP is empty.
- `depth` is ignored if its value is less than or equal to 0.
If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.
!!! example "Example of Depth & X-Forwarded-For"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).
@@ -355,6 +358,63 @@ http:
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
##### `ipStrategy.ipv6Subnet`
This strategy applies to `Depth` and `RemoteAddr` strategy only.
If `ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
This is useful for grouping IPv6 addresses into subnets to prevent bypassing this middleware by obtaining a new IPv6.
- `ipv6Subnet` is ignored if its value is outside of 0-128 interval
!!! example "Example of ipv6Subnet"
If `ipv6Subnet` is provided, the IP is transformed in the following way.
| `IP` | `ipv6Subnet` | clientIP |
|---------------------------|--------------|-----------------------|
| `"::abcd:1111:2222:3333"` | `64` | `"::0:0:0:0"` |
| `"::abcd:1111:2222:3333"` | `80` | `"::abcd:0:0:0:0"` |
| `"::abcd:1111:2222:3333"` | `96` | `"::abcd:1111:0:0:0"` |
```yaml tab="Docker & Swarm"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.ipv6Subnet=64"
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: test-ratelimit
spec:
ratelimit:
sourceCriterion:
ipStrategy:
ipv6Subnet: 64
```
```yaml tab="Consul Catalog"
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.ipv6Subnet=64"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-ratelimit:
ratelimit:
sourceCriterion:
ipStrategy:
ipv6Subnet: 64
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.ratelimit]
[http.middlewares.test-ratelimit.ratelimit.sourceCriterion.ipStrategy]
ipv6Subnet = 64
```
#### `sourceCriterion.requestHeaderName`
Name of the header used to group incoming requests.

59
docs/content/migration/v3.md
View File

@@ -75,3 +75,62 @@ To configure `kubernetesgateway`, please check out the [KubernetesGateway Provid
The Kubernetes Ingress provider option `disableIngressClassLookup` has been deprecated in v3.1.1, and will be removed in the next major version.
Please use the `disableClusterScopeResources` option instead to avoid cluster scope resources discovery (IngressClass, Nodes).
## v3.1 to v3.2
### Kubernetes Gateway Provider Standard Channel
Starting with v3.2, the Kubernetes Gateway Provider now supports [GRPCRoute](https://gateway-api.sigs.k8s.io/api-types/grpcroute/).
Therefore, in the corresponding RBACs (see [KubernetesGateway](../reference/dynamic-configuration/kubernetes-gateway.md#rbac) provider RBACs),
the `grcroutes` and `grpcroutes/status` rights have to be added.
```yaml
...
- apiGroups:
- gateway.networking.k8s.io
resources:
- grpcroutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- grpcroutes/status
verbs:
- update
...
```
### Kubernetes Gateway Provider Experimental Channel
!!! warning "Breaking changes"
Because of a breaking change introduced in Kubernetes Gateway [v1.2.0-rc1](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.2.0-rc1),
Traefik v3.2 only supports Kubernetes Gateway v1.2.x when experimental channel features are enabled.
Starting with v3.2, the Kubernetes Gateway Provider now supports [BackendTLSPolicy](https://gateway-api.sigs.k8s.io/api-types/backendtlspolicy/).
Therefore, in the corresponding RBACs (see [KubernetesGateway](../reference/dynamic-configuration/kubernetes-gateway.md#rbac) provider RBACs),
the `backendtlspolicies` and `backendtlspolicies/status` rights have to be added.
```yaml
...
- apiGroups:
- gateway.networking.k8s.io
resources:
- backendtlspolicies
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- backendtlspolicies/status
verbs:
- update
...
```

4
docs/content/observability/access-logs.md
View File

@@ -252,6 +252,8 @@ accessLog:
| `TLSVersion` | The TLS version used by the connection (e.g. `1.2`) (if connection is TLS). |
| `TLSCipher` | The TLS cipher used by the connection (e.g. `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`) (if connection is TLS) |
| `TLSClientSubject` | The string representation of the TLS client certificate's Subject (e.g. `CN=username,O=organization`) |
| `TraceId` | A consistent identifier for tracking requests across services, including upstream ones managed by Traefik, shown as a 32-hex digit string |
| `SpanId` | A unique identifier for Traefiks root span (EntryPoint) within a request trace, formatted as a 16-hex digit string. |
## Log Rotation
@@ -277,7 +279,7 @@ version: "3.7"
services:
traefik:
image: traefik:v3.1
image: traefik:v3.2
environment:
- TZ=US/Alaska
command:

22
docs/content/observability/metrics/opentelemetry.md
View File

@@ -139,6 +139,28 @@ metrics:
--metrics.otlp.pushInterval=10s
```
#### `serviceName`
_Optional, Default="traefik"_
OTEL service name to use.
```yaml tab="File (YAML)"
metrics:
otlp:
serviceName: name
```
```toml tab="File (TOML)"
[metrics]
[metrics.otlp]
serviceName = "name"
```
```bash tab="CLI"
--metrics.otlp.serviceName=name
```
### HTTP configuration
_Optional_

97
docs/content/providers/docker.md
View File

@@ -134,6 +134,7 @@ You can specify which Docker API Endpoint to use with the directive [`endpoint`]
- Accounting at container level, by exposing the socket on a another container than Traefik's.
- Accounting at kernel level, by enforcing kernel calls with mechanisms like [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux), to only allows an identified set of actions for Traefik's process (or the "socket exposer" process).
- SSH public key authentication (SSH is supported with Docker > 18.09)
- Authentication using HTTP Basic authentication through an HTTP proxy that exposes the Docker daemon socket.
??? info "More Resources and Examples"
@@ -165,7 +166,7 @@ See the [Docker API Access](#docker-api-access) section for more information.
services:
traefik:
image: traefik:v3.1 # The official v3 Traefik docker image
image: traefik:v3.2 # The official v3 Traefik docker image
ports:
- "80:80"
volumes:
@@ -216,6 +217,50 @@ See the [Docker API Access](#docker-api-access) section for more information.
# ...
```
??? example "Using HTTP"
Using Docker Engine API you can connect Traefik to remote daemon using HTTP.
```yaml tab="File (YAML)"
providers:
docker:
endpoint: "http://127.0.0.1:2375"
# ...
```
```toml tab="File (TOML)"
[providers.docker]
endpoint = "http://127.0.0.1:2375"
# ...
```
```bash tab="CLI"
--providers.docker.endpoint=http://127.0.0.1:2375
# ...
```
??? example "Using TCP"
Using Docker Engine API you can connect Traefik to remote daemon using TCP.
```yaml tab="File (YAML)"
providers:
docker:
endpoint: "tcp://127.0.0.1:2375"
# ...
```
```toml tab="File (TOML)"
[providers.docker]
endpoint = "tcp://127.0.0.1:2375"
# ...
```
```bash tab="CLI"
--providers.docker.endpoint=tcp://127.0.0.1:2375
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -231,6 +276,56 @@ providers:
--providers.docker.endpoint=unix:///var/run/docker.sock
```
### `username`
_Optional, Default=""_
Defines the username for Basic HTTP authentication.
This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.
```yaml tab="File (YAML)"
providers:
docker:
username: foo
# ...
```
```toml tab="File (TOML)"
[providers.docker]
username = "foo"
# ...
```
```bash tab="CLI"
--providers.docker.username="foo"
# ...
```
### `password`
_Optional, Default=""_
Defines the password for Basic HTTP authentication.
This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.
```yaml tab="File (YAML)"
providers:
docker:
password: foo
# ...
```
```toml tab="File (TOML)"
[providers.docker]
password = "foo"
# ...
```
```bash tab="CLI"
--providers.docker.password="foo"
# ...
```
### `useBindPortIP`
_Optional, Default=false_

4
docs/content/providers/kubernetes-crd.md
View File

@@ -31,10 +31,10 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku
```bash
# Install Traefik Resource Definitions:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
# Install RBAC for Traefik:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
```
## Resource Configuration

2
docs/content/providers/kubernetes-gateway.md
View File

@@ -34,7 +34,7 @@ For more details, check out the conformance [report](https://github.com/kubernet
```bash
# Install Traefik RBACs.
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml
```
3. Deploy Traefik and enable the `kubernetesGateway` provider in the static configuration as detailed below:

2
docs/content/providers/kubernetes-ingress.md
View File

@@ -526,6 +526,6 @@ providers:
### Further
To learn more about the various aspects of the Ingress specification that Traefik supports,
many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v3.1/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v3.2/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
{!traefik-for-business-applications.md!}

58
docs/content/providers/nomad.md
View File

@@ -56,6 +56,8 @@ _Optional, Default=15s_
Defines the polling interval.
!!! note "This option is ignored when the [watch](#watch) mode is enabled."
```yaml tab="File (YAML)"
providers:
nomad:
@@ -74,6 +76,62 @@ providers:
# ...
```
### `watch`
_Optional, Default=false_
Enables the watch mode to refresh the configuration on a per-event basis.
```yaml tab="File (YAML)"
providers:
nomad:
watch: true
# ...
```
```toml tab="File (TOML)"
[providers.nomad]
watch = true
# ...
```
```bash tab="CLI"
--providers.nomad.watch
# ...
```
### `throttleDuration`
_Optional, Default=0s_
The `throttleDuration` option defines how often the provider is allowed to handle service events from Nomad.
This prevents a Nomad cluster that updates many times per second from continuously changing your Traefik configuration.
If left empty, the provider does not apply any throttling and does not drop any Nomad service events.
The value of `throttleDuration` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
!!! warning "This option is only compatible with the [watch](#watch) mode."
```yaml tab="File (YAML)"
providers:
nomad:
throttleDuration: 2s
# ...
```
```toml tab="File (TOML)"
[providers.nomad]
throttleDuration = "2s"
# ...
```
```bash tab="CLI"
--providers.nomad.throttleDuration=2s
# ...
```
### `prefix`
_required, Default="traefik"_

97
docs/content/providers/swarm.md
View File

@@ -151,6 +151,7 @@ You can specify which Docker API Endpoint to use with the directive [`endpoint`]
It allows scheduling of Traefik on worker nodes, with only the "socket exposer" container on the manager nodes.
- Accounting at kernel level, by enforcing kernel calls with mechanisms like [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux), to only allows an identified set of actions for Traefik's process (or the "socket exposer" process).
- SSH public key authentication (SSH is supported with Docker > 18.09)
- Authentication using HTTP Basic authentication through an HTTP proxy that exposes the Docker daemon socket.
??? info "More Resources and Examples"
@@ -211,7 +212,7 @@ See the [Docker Swarm API Access](#docker-api-access) section for more informati
services:
traefik:
image: traefik:v3.1 # The official v3 Traefik docker image
image: traefik:v3.2 # The official v3 Traefik docker image
ports:
- "80:80"
volumes:
@@ -262,6 +263,50 @@ See the [Docker Swarm API Access](#docker-api-access) section for more informati
# ...
```
??? example "Using HTTP"
Using Docker Engine API you can connect Traefik to remote daemon using HTTP.
```yaml tab="File (YAML)"
providers:
swarm:
endpoint: "http://127.0.0.1:2375"
# ...
```
```toml tab="File (TOML)"
[providers.swarm]
swarm = "http://127.0.0.1:2375"
# ...
```
```bash tab="CLI"
--providers.swarm.endpoint=http://127.0.0.1:2375
# ...
```
??? example "Using TCP"
Using Docker Engine API you can connect Traefik to remote daemon using TCP.
```yaml tab="File (YAML)"
providers:
swarm:
endpoint: "tcp://127.0.0.1:2375"
# ...
```
```toml tab="File (TOML)"
[providers.swarm]
swarm = "tcp://127.0.0.1:2375"
# ...
```
```bash tab="CLI"
--providers.swarm.endpoint=tcp://127.0.0.1:2375
# ...
```
```yaml tab="File (YAML)"
providers:
swarm:
@@ -277,6 +322,56 @@ providers:
--providers.swarm.endpoint=unix:///var/run/docker.sock
```
### `username`
_Optional, Default=""_
Defines the username for Basic HTTP authentication.
This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.
```yaml tab="File (YAML)"
providers:
swarm:
username: foo
# ...
```
```toml tab="File (TOML)"
[providers.swarm]
username = "foo"
# ...
```
```bash tab="CLI"
--providers.swarm.username="foo"
# ...
```
### `password`
_Optional, Default=""_
Defines the password for Basic HTTP authentication.
This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.
```yaml tab="File (YAML)"
providers:
swarm:
password: foo
# ...
```
```toml tab="File (TOML)"
[providers.swarm]
password = "foo"
# ...
```
```bash tab="CLI"
--providers.swarm.password="foo"
# ...
```
### `useBindPortIP`
_Optional, Default=false_

6
docs/content/reference/dynamic-configuration/docker-labels.yml
View File

@@ -19,6 +19,7 @@
- "traefik.http.middlewares.middleware05.circuitbreaker.responsecode=42"
- "traefik.http.middlewares.middleware06.compress=true"
- "traefik.http.middlewares.middleware06.compress.defaultencoding=foobar"
- "traefik.http.middlewares.middleware06.compress.encodings=foobar, foobar"
- "traefik.http.middlewares.middleware06.compress.excludedcontenttypes=foobar, foobar"
- "traefik.http.middlewares.middleware06.compress.includedcontenttypes=foobar, foobar"
- "traefik.http.middlewares.middleware06.compress.minresponsebodybytes=42"
@@ -37,6 +38,7 @@
- "traefik.http.middlewares.middleware10.forwardauth.authrequestheaders=foobar, foobar"
- "traefik.http.middlewares.middleware10.forwardauth.authresponseheaders=foobar, foobar"
- "traefik.http.middlewares.middleware10.forwardauth.authresponseheadersregex=foobar"
- "traefik.http.middlewares.middleware10.forwardauth.headerfield=foobar"
- "traefik.http.middlewares.middleware10.forwardauth.tls.ca=foobar"
- "traefik.http.middlewares.middleware10.forwardauth.tls.caoptional=true"
- "traefik.http.middlewares.middleware10.forwardauth.tls.cert=foobar"
@@ -83,15 +85,18 @@
- "traefik.http.middlewares.middleware13.ipallowlist.ipstrategy=true"
- "traefik.http.middlewares.middleware13.ipallowlist.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware13.ipallowlist.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware13.ipallowlist.ipstrategy.ipv6subnet=42"
- "traefik.http.middlewares.middleware13.ipallowlist.rejectstatuscode=42"
- "traefik.http.middlewares.middleware13.ipallowlist.sourcerange=foobar, foobar"
- "traefik.http.middlewares.middleware14.ipwhitelist.ipstrategy=true"
- "traefik.http.middlewares.middleware14.ipwhitelist.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware14.ipwhitelist.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware14.ipwhitelist.ipstrategy.ipv6subnet=42"
- "traefik.http.middlewares.middleware14.ipwhitelist.sourcerange=foobar, foobar"
- "traefik.http.middlewares.middleware15.inflightreq.amount=42"
- "traefik.http.middlewares.middleware15.inflightreq.sourcecriterion.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware15.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware15.inflightreq.sourcecriterion.ipstrategy.ipv6subnet=42"
- "traefik.http.middlewares.middleware15.inflightreq.sourcecriterion.requestheadername=foobar"
- "traefik.http.middlewares.middleware15.inflightreq.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.middleware16.passtlsclientcert.info.issuer.commonname=true"
@@ -123,6 +128,7 @@
- "traefik.http.middlewares.middleware18.ratelimit.period=42s"
- "traefik.http.middlewares.middleware18.ratelimit.sourcecriterion.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware18.ratelimit.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware18.ratelimit.sourcecriterion.ipstrategy.ipv6subnet=42"
- "traefik.http.middlewares.middleware18.ratelimit.sourcecriterion.requestheadername=foobar"
- "traefik.http.middlewares.middleware18.ratelimit.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.middleware19.redirectregex.permanent=true"

7
docs/content/reference/dynamic-configuration/file.toml
View File

@@ -82,6 +82,7 @@
[http.services.Service03]
[http.services.Service03.mirroring]
service = "foobar"
mirrorBody = true
maxBodySize = 42
[[http.services.Service03.mirroring.mirrors]]
@@ -143,6 +144,7 @@
excludedContentTypes = ["foobar", "foobar"]
includedContentTypes = ["foobar", "foobar"]
minResponseBodyBytes = 42
encodings = ["foobar", "foobar"]
defaultEncoding = "foobar"
[http.middlewares.Middleware07]
[http.middlewares.Middleware07.contentType]
@@ -167,6 +169,7 @@
authResponseHeadersRegex = "foobar"
authRequestHeaders = ["foobar", "foobar"]
addAuthCookiesToResponse = ["foobar", "foobar"]
headerField = "foobar"
[http.middlewares.Middleware10.forwardAuth.tls]
ca = "foobar"
cert = "foobar"
@@ -224,12 +227,14 @@
[http.middlewares.Middleware13.ipAllowList.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
ipv6Subnet = 42
[http.middlewares.Middleware14]
[http.middlewares.Middleware14.ipWhiteList]
sourceRange = ["foobar", "foobar"]
[http.middlewares.Middleware14.ipWhiteList.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
ipv6Subnet = 42
[http.middlewares.Middleware15]
[http.middlewares.Middleware15.inFlightReq]
amount = 42
@@ -239,6 +244,7 @@
[http.middlewares.Middleware15.inFlightReq.sourceCriterion.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
ipv6Subnet = 42
[http.middlewares.Middleware16]
[http.middlewares.Middleware16.passTLSClientCert]
pem = true
@@ -283,6 +289,7 @@
[http.middlewares.Middleware18.rateLimit.sourceCriterion.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
ipv6Subnet = 42
[http.middlewares.Middleware19]
[http.middlewares.Middleware19.redirectRegex]
regex = "foobar"

9
docs/content/reference/dynamic-configuration/file.yaml
View File

@@ -89,6 +89,7 @@ http:
Service03:
mirroring:
service: foobar
mirrorBody: true
maxBodySize: 42
mirrors:
- name: foobar
@@ -152,6 +153,9 @@ http:
- foobar
- foobar
minResponseBodyBytes: 42
encodings:
- foobar
- foobar
defaultEncoding: foobar
Middleware07:
contentType:
@@ -192,6 +196,7 @@ http:
addAuthCookiesToResponse:
- foobar
- foobar
headerField: foobar
Middleware11:
grpcWeb:
allowOrigins:
@@ -262,6 +267,7 @@ http:
excludedIPs:
- foobar
- foobar
ipv6Subnet: 42
rejectStatusCode: 42
Middleware14:
ipWhiteList:
@@ -273,6 +279,7 @@ http:
excludedIPs:
- foobar
- foobar
ipv6Subnet: 42
Middleware15:
inFlightReq:
amount: 42
@@ -282,6 +289,7 @@ http:
excludedIPs:
- foobar
- foobar
ipv6Subnet: 42
requestHeaderName: foobar
requestHost: true
Middleware16:
@@ -328,6 +336,7 @@ http:
excludedIPs:
- foobar
- foobar
ipv6Subnet: 42
requestHeaderName: foobar
requestHost: true
Middleware19:

177
docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
View File

@@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all.
items:
type: string
@@ -63,12 +63,12 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule
type: string
middlewares:
description: |-
Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware
items:
description: MiddlewareRef is a reference to a Middleware
resource.
@@ -88,7 +88,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority
type: integer
services:
description: |-
@@ -229,7 +229,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -277,7 +277,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax
type: string
required:
- kind
@@ -287,18 +287,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@@ -317,17 +317,17 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties:
name:
description: |-
Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
type: string
required:
- name
@@ -344,12 +344,12 @@ spec:
name:
description: |-
Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
type: string
required:
- name
@@ -409,7 +409,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all.
items:
type: string
@@ -422,7 +422,7 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1
type: string
middlewares:
description: Middlewares defines the list of references to MiddlewareTCP
@@ -446,7 +446,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1
type: integer
services:
description: Services defines the list of TCP services.
@@ -487,7 +487,7 @@ spec:
proxyProtocol:
description: |-
ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
properties:
version:
description: Version defines the PROXY Protocol version
@@ -525,7 +525,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1
type: string
required:
- match
@@ -534,18 +534,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@@ -564,7 +564,7 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties:
name:
description: Name defines the name of the referenced Traefik
@@ -656,7 +656,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all.
items:
type: string
@@ -743,7 +743,7 @@ spec:
openAPIV3Schema:
description: |-
Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/
properties:
apiVersion:
description: |-
@@ -769,7 +769,7 @@ spec:
description: |-
AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding it.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/
properties:
prefix:
description: |-
@@ -781,12 +781,12 @@ spec:
description: |-
BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
type: string
realm:
description: |-
@@ -807,7 +807,7 @@ spec:
description: |-
Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can be forwarded to backends.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes
properties:
maxRequestBodyBytes:
description: |-
@@ -839,14 +839,14 @@ spec:
description: |-
RetryExpression defines the retry conditions.
It is a logical combination of functions with operators AND (&&) and OR (||).
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression
type: string
type: object
chain:
description: |-
Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/
properties:
middlewares:
description: Middlewares is the list of MiddlewareRef which composes
@@ -904,14 +904,20 @@ spec:
compress:
description: |-
Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip compression.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/
properties:
defaultEncoding:
description: DefaultEncoding specifies the default encoding if
the `Accept-Encoding` header is not in the request or contains
a wildcard (`*`).
type: string
encodings:
description: Encodings defines the list of supported compression
algorithms.
items:
type: string
type: array
excludedContentTypes:
description: |-
ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
@@ -948,12 +954,12 @@ spec:
description: |-
DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
type: string
realm:
description: |-
@@ -973,7 +979,7 @@ spec:
description: |-
ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/
properties:
query:
description: |-
@@ -983,7 +989,7 @@ spec:
service:
description: |-
Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service
properties:
healthCheck:
description: Healthcheck defines health checks for ExternalName
@@ -1116,7 +1122,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -1174,7 +1180,7 @@ spec:
description: |-
ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
properties:
addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies
@@ -1202,7 +1208,7 @@ spec:
authResponseHeadersRegex:
description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
type: string
tls:
description: TLS defines the configuration used to secure the
@@ -1249,7 +1255,7 @@ spec:
description: |-
Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders
properties:
accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the
@@ -1420,7 +1426,7 @@ spec:
description: |-
InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and served concurrently.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/
properties:
amount:
description: |-
@@ -1433,12 +1439,12 @@ spec:
SourceCriterion defines what criterion is used to group requests as originating from a common source.
If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@@ -1452,6 +1458,12 @@ spec:
items:
type: string
type: array
ipv6Subnet:
description: IPv6Subnet configures Traefik to consider
all IPv6 addresses from the defined subnet as originating
from the same IP. Applies to RemoteAddrStrategy and
DepthStrategy.
type: integer
type: object
requestHeaderName:
description: RequestHeaderName defines the name of the header
@@ -1467,12 +1479,12 @@ spec:
description: |-
IPAllowList holds the IP allowlist middleware configuration.
This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@@ -1485,6 +1497,11 @@ spec:
items:
type: string
type: array
ipv6Subnet:
description: IPv6Subnet configures Traefik to consider all
IPv6 addresses from the defined subnet as originating from
the same IP. Applies to RemoteAddrStrategy and DepthStrategy.
type: integer
type: object
rejectStatusCode:
description: |-
@@ -1504,7 +1521,7 @@ spec:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@@ -1517,6 +1534,11 @@ spec:
items:
type: string
type: array
ipv6Subnet:
description: IPv6Subnet configures Traefik to consider all
IPv6 addresses from the defined subnet as originating from
the same IP. Applies to RemoteAddrStrategy and DepthStrategy.
type: integer
type: object
sourceRange:
description: SourceRange defines the set of allowed IPs (or ranges
@@ -1529,7 +1551,7 @@ spec:
description: |-
PassTLSClientCert holds the pass TLS client cert middleware configuration.
This middleware adds the selected data from the passed client TLS certificate to a header.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/
properties:
info:
description: Info selects the specific client certificate details
@@ -1638,7 +1660,7 @@ spec:
description: |-
RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/
properties:
average:
description: |-
@@ -1671,7 +1693,7 @@ spec:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@@ -1685,6 +1707,12 @@ spec:
items:
type: string
type: array
ipv6Subnet:
description: IPv6Subnet configures Traefik to consider
all IPv6 addresses from the defined subnet as originating
from the same IP. Applies to RemoteAddrStrategy and
DepthStrategy.
type: integer
type: object
requestHeaderName:
description: RequestHeaderName defines the name of the header
@@ -1700,7 +1728,7 @@ spec:
description: |-
RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex
properties:
permanent:
description: Permanent defines whether the redirection is permanent
@@ -1719,7 +1747,7 @@ spec:
description: |-
RedirectScheme holds the redirect scheme middleware configuration.
This middleware redirects requests from a scheme/port to another.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/
properties:
permanent:
description: Permanent defines whether the redirection is permanent
@@ -1736,7 +1764,7 @@ spec:
description: |-
ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/
properties:
path:
description: Path defines the path to use as replacement in the
@@ -1747,7 +1775,7 @@ spec:
description: |-
ReplacePathRegex holds the replace path regex middleware configuration.
This middleware replaces the path of a URL using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/
properties:
regex:
description: Regex defines the regular expression used to match
@@ -1763,7 +1791,7 @@ spec:
Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
properties:
attempts:
description: Attempts defines how many times the request should
@@ -1785,7 +1813,7 @@ spec:
description: |-
StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/
properties:
forceSlash:
description: |-
@@ -1804,7 +1832,7 @@ spec:
description: |-
StripPrefixRegex holds the strip prefix regex middleware configuration.
This middleware removes the matching prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/
properties:
regex:
description: Regex defines the regular expression to match the
@@ -1841,7 +1869,7 @@ spec:
openAPIV3Schema:
description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/
properties:
apiVersion:
description: |-
@@ -1877,7 +1905,7 @@ spec:
description: |-
IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@@ -1891,7 +1919,7 @@ spec:
IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@@ -1930,7 +1958,7 @@ spec:
ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1
properties:
apiVersion:
description: |-
@@ -2069,7 +2097,7 @@ spec:
ServersTransportTCP is the CRD implementation of a TCPServersTransport.
If no tcpServersTransport is specified, a default one named default@internal will be used.
The default@internal tcpServersTransport can be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3
properties:
apiVersion:
description: |-
@@ -2187,7 +2215,7 @@ spec:
openAPIV3Schema:
description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties:
apiVersion:
description: |-
@@ -2212,14 +2240,14 @@ spec:
alpnProtocols:
description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols
items:
type: string
type: array
cipherSuites:
description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites
items:
type: string
type: array
@@ -2247,7 +2275,7 @@ spec:
curvePreferences:
description: |-
CurvePreferences defines the preferred elliptic curves in a specific order.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences
items:
type: string
type: array
@@ -2303,7 +2331,7 @@ spec:
TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores
properties:
apiVersion:
description: |-
@@ -2401,7 +2429,7 @@ spec:
TraefikService object allows to:
- Apply weight to Services on load-balancing
- Mirror traffic on services
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice
properties:
apiVersion:
description: |-
@@ -2500,6 +2528,11 @@ spec:
Default value is -1, which means unlimited size.
format: int64
type: integer
mirrorBody:
description: |-
MirrorBody defines whether the body of the request should be mirrored.
Default value is true.
type: boolean
mirrors:
description: Mirrors defines the list of mirrors where Traefik
will duplicate the traffic.
@@ -2642,7 +2675,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -2749,7 +2782,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -2932,7 +2965,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -2979,7 +3012,7 @@ spec:
sticky:
description: |-
Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
properties:
cookie:
description: Cookie defines the sticky cookie configuration.

1
docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml
View File

@@ -63,6 +63,7 @@ spec:
mirroring:
name: wrr2
kind: TraefikService
mirrorBody: true
# Optional
maxBodySize: 2000000000
mirrors:

8
docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml
View File

@@ -16,6 +16,7 @@ rules:
resources:
- services
- secrets
- configmaps
verbs:
- get
- list
@@ -33,9 +34,11 @@ rules:
- gatewayclasses
- gateways
- httproutes
- referencegrants
- grpcroutes
- tcproutes
- tlsroutes
- referencegrants
- backendtlspolicies
verbs:
- get
- list
@@ -46,8 +49,11 @@ rules:
- gatewayclasses/status
- gateways/status
- httproutes/status
- grpcroutes/status
- tcproutes/status
- tlsroutes/status
- referencegrants/status
- backendtlspolicies/status
verbs:
- update

2
docs/content/reference/dynamic-configuration/kubernetes-gateway-traefik-lb-svc.yml
View File

@@ -25,7 +25,7 @@ spec:
serviceAccountName: traefik-controller
containers:
- name: traefik
image: traefik:v3.1
image: traefik:v3.2
args:
- --entryPoints.web.address=:80
- --entryPoints.websecure.address=:443

8
docs/content/reference/dynamic-configuration/kv-ref.md
View File

@@ -22,6 +22,8 @@ THIS FILE MUST NOT BE EDITED BY HAND
| `traefik/http/middlewares/Middleware05/circuitBreaker/recoveryDuration` | `42s` |
| `traefik/http/middlewares/Middleware05/circuitBreaker/responseCode` | `42` |
| `traefik/http/middlewares/Middleware06/compress/defaultEncoding` | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/encodings/0` | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/encodings/1` | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/0` | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/1` | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/includedContentTypes/0` | `foobar` |
@@ -46,6 +48,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/0` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/1` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeadersRegex` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/headerField` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/ca` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/caOptional` | `true` |
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/cert` | `foobar` |
@@ -100,18 +103,21 @@ THIS FILE MUST NOT BE EDITED BY HAND
| `traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/depth` | `42` |
| `traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/excludedIPs/0` | `foobar` |
| `traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/excludedIPs/1` | `foobar` |
| `traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/ipv6Subnet` | `42` |
| `traefik/http/middlewares/Middleware13/ipAllowList/rejectStatusCode` | `42` |
| `traefik/http/middlewares/Middleware13/ipAllowList/sourceRange/0` | `foobar` |
| `traefik/http/middlewares/Middleware13/ipAllowList/sourceRange/1` | `foobar` |
| `traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/depth` | `42` |
| `traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/excludedIPs/0` | `foobar` |
| `traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/excludedIPs/1` | `foobar` |
| `traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/ipv6Subnet` | `42` |
| `traefik/http/middlewares/Middleware14/ipWhiteList/sourceRange/0` | `foobar` |
| `traefik/http/middlewares/Middleware14/ipWhiteList/sourceRange/1` | `foobar` |
| `traefik/http/middlewares/Middleware15/inFlightReq/amount` | `42` |
| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` |
| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` |
| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/ipv6Subnet` | `42` |
| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/requestHeaderName` | `foobar` |
| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/requestHost` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/commonName` | `true` |
@@ -144,6 +150,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/depth` | `42` |
| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/ipv6Subnet` | `42` |
| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/requestHeaderName` | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/requestHost` | `true` |
| `traefik/http/middlewares/Middleware19/redirectRegex/permanent` | `true` |
@@ -261,6 +268,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/secure` | `true` |
| `traefik/http/services/Service03/mirroring/healthCheck` | `` |
| `traefik/http/services/Service03/mirroring/maxBodySize` | `42` |
| `traefik/http/services/Service03/mirroring/mirrorBody` | `true` |
| `traefik/http/services/Service03/mirroring/mirrors/0/name` | `foobar` |
| `traefik/http/services/Service03/mirroring/mirrors/0/percent` | `42` |
| `traefik/http/services/Service03/mirroring/mirrors/1/name` | `foobar` |

28
docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml
View File

@@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all.
items:
type: string
@@ -63,12 +63,12 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule
type: string
middlewares:
description: |-
Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware
items:
description: MiddlewareRef is a reference to a Middleware
resource.
@@ -88,7 +88,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority
type: integer
services:
description: |-
@@ -229,7 +229,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -277,7 +277,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax
type: string
required:
- kind
@@ -287,18 +287,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@@ -317,17 +317,17 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties:
name:
description: |-
Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
type: string
required:
- name
@@ -344,12 +344,12 @@ spec:
name:
description: |-
Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
type: string
required:
- name

18
docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml
View File

@@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all.
items:
type: string
@@ -56,7 +56,7 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1
type: string
middlewares:
description: Middlewares defines the list of references to MiddlewareTCP
@@ -80,7 +80,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1
type: integer
services:
description: Services defines the list of TCP services.
@@ -121,7 +121,7 @@ spec:
proxyProtocol:
description: |-
ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
properties:
version:
description: Version defines the PROXY Protocol version
@@ -159,7 +159,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1
type: string
required:
- match
@@ -168,18 +168,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@@ -198,7 +198,7 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties:
name:
description: Name defines the name of the referenced Traefik

2
docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml
View File

@@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all.
items:
type: string

94
docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
View File

@@ -19,7 +19,7 @@ spec:
openAPIV3Schema:
description: |-
Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/
properties:
apiVersion:
description: |-
@@ -45,7 +45,7 @@ spec:
description: |-
AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding it.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/
properties:
prefix:
description: |-
@@ -57,12 +57,12 @@ spec:
description: |-
BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
type: string
realm:
description: |-
@@ -83,7 +83,7 @@ spec:
description: |-
Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can be forwarded to backends.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes
properties:
maxRequestBodyBytes:
description: |-
@@ -115,14 +115,14 @@ spec:
description: |-
RetryExpression defines the retry conditions.
It is a logical combination of functions with operators AND (&&) and OR (||).
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression
type: string
type: object
chain:
description: |-
Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/
properties:
middlewares:
description: Middlewares is the list of MiddlewareRef which composes
@@ -180,14 +180,20 @@ spec:
compress:
description: |-
Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip compression.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/
properties:
defaultEncoding:
description: DefaultEncoding specifies the default encoding if
the `Accept-Encoding` header is not in the request or contains
a wildcard (`*`).
type: string
encodings:
description: Encodings defines the list of supported compression
algorithms.
items:
type: string
type: array
excludedContentTypes:
description: |-
ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
@@ -224,12 +230,12 @@ spec:
description: |-
DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
type: string
realm:
description: |-
@@ -249,7 +255,7 @@ spec:
description: |-
ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/
properties:
query:
description: |-
@@ -259,7 +265,7 @@ spec:
service:
description: |-
Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service
properties:
healthCheck:
description: Healthcheck defines health checks for ExternalName
@@ -392,7 +398,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -450,7 +456,7 @@ spec:
description: |-
ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
properties:
addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies
@@ -478,7 +484,7 @@ spec:
authResponseHeadersRegex:
description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
type: string
tls:
description: TLS defines the configuration used to secure the
@@ -525,7 +531,7 @@ spec:
description: |-
Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders
properties:
accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the
@@ -696,7 +702,7 @@ spec:
description: |-
InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and served concurrently.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/
properties:
amount:
description: |-
@@ -709,12 +715,12 @@ spec:
SourceCriterion defines what criterion is used to group requests as originating from a common source.
If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@@ -728,6 +734,12 @@ spec:
items:
type: string
type: array
ipv6Subnet:
description: IPv6Subnet configures Traefik to consider
all IPv6 addresses from the defined subnet as originating
from the same IP. Applies to RemoteAddrStrategy and
DepthStrategy.
type: integer
type: object
requestHeaderName:
description: RequestHeaderName defines the name of the header
@@ -743,12 +755,12 @@ spec:
description: |-
IPAllowList holds the IP allowlist middleware configuration.
This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@@ -761,6 +773,11 @@ spec:
items:
type: string
type: array
ipv6Subnet:
description: IPv6Subnet configures Traefik to consider all
IPv6 addresses from the defined subnet as originating from
the same IP. Applies to RemoteAddrStrategy and DepthStrategy.
type: integer
type: object
rejectStatusCode:
description: |-
@@ -780,7 +797,7 @@ spec:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@@ -793,6 +810,11 @@ spec:
items:
type: string
type: array
ipv6Subnet:
description: IPv6Subnet configures Traefik to consider all
IPv6 addresses from the defined subnet as originating from
the same IP. Applies to RemoteAddrStrategy and DepthStrategy.
type: integer
type: object
sourceRange:
description: SourceRange defines the set of allowed IPs (or ranges
@@ -805,7 +827,7 @@ spec:
description: |-
PassTLSClientCert holds the pass TLS client cert middleware configuration.
This middleware adds the selected data from the passed client TLS certificate to a header.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/
properties:
info:
description: Info selects the specific client certificate details
@@ -914,7 +936,7 @@ spec:
description: |-
RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/
properties:
average:
description: |-
@@ -947,7 +969,7 @@ spec:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@@ -961,6 +983,12 @@ spec:
items:
type: string
type: array
ipv6Subnet:
description: IPv6Subnet configures Traefik to consider
all IPv6 addresses from the defined subnet as originating
from the same IP. Applies to RemoteAddrStrategy and
DepthStrategy.
type: integer
type: object
requestHeaderName:
description: RequestHeaderName defines the name of the header
@@ -976,7 +1004,7 @@ spec:
description: |-
RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex
properties:
permanent:
description: Permanent defines whether the redirection is permanent
@@ -995,7 +1023,7 @@ spec:
description: |-
RedirectScheme holds the redirect scheme middleware configuration.
This middleware redirects requests from a scheme/port to another.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/
properties:
permanent:
description: Permanent defines whether the redirection is permanent
@@ -1012,7 +1040,7 @@ spec:
description: |-
ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/
properties:
path:
description: Path defines the path to use as replacement in the
@@ -1023,7 +1051,7 @@ spec:
description: |-
ReplacePathRegex holds the replace path regex middleware configuration.
This middleware replaces the path of a URL using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/
properties:
regex:
description: Regex defines the regular expression used to match
@@ -1039,7 +1067,7 @@ spec:
Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
properties:
attempts:
description: Attempts defines how many times the request should
@@ -1061,7 +1089,7 @@ spec:
description: |-
StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/
properties:
forceSlash:
description: |-
@@ -1080,7 +1108,7 @@ spec:
description: |-
StripPrefixRegex holds the strip prefix regex middleware configuration.
This middleware removes the matching prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/
properties:
regex:
description: Regex defines the regular expression to match the

6
docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml
View File

@@ -19,7 +19,7 @@ spec:
openAPIV3Schema:
description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/
properties:
apiVersion:
description: |-
@@ -55,7 +55,7 @@ spec:
description: |-
IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@@ -69,7 +69,7 @@ spec:
IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of

2
docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml
View File

@@ -21,7 +21,7 @@ spec:
ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1
properties:
apiVersion:
description: |-

2
docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml
View File

@@ -21,7 +21,7 @@ spec:
ServersTransportTCP is the CRD implementation of a TCPServersTransport.
If no tcpServersTransport is specified, a default one named default@internal will be used.
The default@internal tcpServersTransport can be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3
properties:
apiVersion:
description: |-

8
docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml
View File

@@ -19,7 +19,7 @@ spec:
openAPIV3Schema:
description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties:
apiVersion:
description: |-
@@ -44,14 +44,14 @@ spec:
alpnProtocols:
description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols
items:
type: string
type: array
cipherSuites:
description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites
items:
type: string
type: array
@@ -79,7 +79,7 @@ spec:
curvePreferences:
description: |-
CurvePreferences defines the preferred elliptic curves in a specific order.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences
items:
type: string
type: array

2
docs/content/reference/dynamic-configuration/traefik.io_tlsstores.yaml
View File

@@ -21,7 +21,7 @@ spec:
TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores
properties:
apiVersion:
description: |-

15
docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml
View File

@@ -22,7 +22,7 @@ spec:
TraefikService object allows to:
- Apply weight to Services on load-balancing
- Mirror traffic on services
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice
properties:
apiVersion:
description: |-
@@ -121,6 +121,11 @@ spec:
Default value is -1, which means unlimited size.
format: int64
type: integer
mirrorBody:
description: |-
MirrorBody defines whether the body of the request should be mirrored.
Default value is true.
type: boolean
mirrors:
description: Mirrors defines the list of mirrors where Traefik
will duplicate the traffic.
@@ -263,7 +268,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -370,7 +375,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -553,7 +558,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -600,7 +605,7 @@ spec:
sticky:
description: |-
Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
properties:
cookie:
description: Cookie defines the sticky cookie configuration.

42
docs/content/reference/static-configuration/cli-ref.md
View File

@@ -57,9 +57,18 @@ Activate API directly on the entryPoint named traefik. (Default: ```false```)
`--certificatesresolvers.<name>`:
Certificates resolvers configuration. (Default: ```false```)
`--certificatesresolvers.<name>.acme.cacertificates`:
Specify the paths to PEM encoded CA Certificates that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list.
`--certificatesresolvers.<name>.acme.caserver`:
CA server to use. (Default: ```https://acme-v02.api.letsencrypt.org/directory```)
`--certificatesresolvers.<name>.acme.caservername`:
Specify the CA server name that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list.
`--certificatesresolvers.<name>.acme.casystemcertpool`:
Define if the certificates pool must use a copy of the system cert pool. (Default: ```false```)
`--certificatesresolvers.<name>.acme.certificatesduration`:
Certificates' duration in hours. (Default: ```2160```)
@@ -138,6 +147,9 @@ HTTP configuration.
`--entrypoints.<name>.http.encodequerysemicolons`:
Defines whether request query semicolons should be URLEncoded. (Default: ```false```)
`--entrypoints.<name>.http.maxheaderbytes`:
Maximum size of request headers in bytes. (Default: ```1048576```)
`--entrypoints.<name>.http.middlewares`:
Default middlewares for the routers linked to the entry point.
@@ -216,6 +228,12 @@ WriteTimeout is the maximum duration before timing out writes of the response. I
`--entrypoints.<name>.udp.timeout`:
Timeout defines how long to wait on an idle session before releasing the related resources. (Default: ```3```)
`--experimental.fastproxy`:
Enable the FastProxy implementation. (Default: ```false```)
`--experimental.fastproxy.debug`:
Enable debug mode for the FastProxy implementation. (Default: ```false```)
`--experimental.kubernetesgateway`:
(Deprecated) Allow the Kubernetes gateway api provider usage. (Default: ```false```)
@@ -411,6 +429,9 @@ TLS key
`--metrics.otlp.pushinterval`:
Period between calls to collect a checkpoint. (Default: ```10```)
`--metrics.otlp.servicename`:
OTEL service name to use. (Default: ```traefik```)
`--metrics.prometheus`:
Prometheus metrics exporter type. (Default: ```false```)
@@ -597,6 +618,9 @@ Client timeout for HTTP connections. (Default: ```0```)
`--providers.docker.network`:
Default Docker network used.
`--providers.docker.password`:
Password for Basic HTTP authentication.
`--providers.docker.tls.ca`:
TLS CA
@@ -612,6 +636,9 @@ TLS key
`--providers.docker.usebindportip`:
Use the ip address from the bound port, rather than from the inner network. (Default: ```false```)
`--providers.docker.username`:
Username for Basic HTTP authentication.
`--providers.docker.watch`:
Watch Docker events. (Default: ```true```)
@@ -774,6 +801,9 @@ Kubernetes label selector to select specific GatewayClasses.
`--providers.kubernetesgateway.namespaces`:
Kubernetes namespaces.
`--providers.kubernetesgateway.nativelbbydefault`:
Defines whether to use Native Kubernetes load-balancing by default. (Default: ```false```)
`--providers.kubernetesgateway.statusaddress.hostname`:
Hostname used for Kubernetes Gateway status address.
@@ -894,6 +924,12 @@ Interval for polling Nomad API. (Default: ```15```)
`--providers.nomad.stale`:
Use stale consistency for catalog reads. (Default: ```false```)
`--providers.nomad.throttleduration`:
Watch throttle duration. (Default: ```0```)
`--providers.nomad.watch`:
Watch Nomad Service events. (Default: ```false```)
`--providers.plugin.<name>`:
Plugins configuration.
@@ -981,6 +1017,9 @@ Client timeout for HTTP connections. (Default: ```0```)
`--providers.swarm.network`:
Default Docker network used.
`--providers.swarm.password`:
Password for Basic HTTP authentication.
`--providers.swarm.refreshseconds`:
Polling interval for swarm mode. (Default: ```15```)
@@ -999,6 +1038,9 @@ TLS key
`--providers.swarm.usebindportip`:
Use the ip address from the bound port, rather than from the inner network. (Default: ```false```)
`--providers.swarm.username`:
Username for Basic HTTP authentication.
`--providers.swarm.watch`:
Watch Docker events. (Default: ```true```)

42
docs/content/reference/static-configuration/env-ref.md
View File

@@ -57,9 +57,18 @@ Activate API directly on the entryPoint named traefik. (Default: ```false```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>`:
Certificates resolvers configuration. (Default: ```false```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_CACERTIFICATES`:
Specify the paths to PEM encoded CA Certificates that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list.
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_CASERVER`:
CA server to use. (Default: ```https://acme-v02.api.letsencrypt.org/directory```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_CASERVERNAME`:
Specify the CA server name that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list.
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_CASYSTEMCERTPOOL`:
Define if the certificates pool must use a copy of the system cert pool. (Default: ```false```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_CERTIFICATESDURATION`:
Certificates' duration in hours. (Default: ```2160```)
@@ -147,6 +156,9 @@ UDP port to advertise, on which HTTP/3 is available. (Default: ```0```)
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_ENCODEQUERYSEMICOLONS`:
Defines whether request query semicolons should be URLEncoded. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_MAXHEADERBYTES`:
Maximum size of request headers in bytes. (Default: ```1048576```)
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_MIDDLEWARES`:
Default middlewares for the routers linked to the entry point.
@@ -216,6 +228,12 @@ WriteTimeout is the maximum duration before timing out writes of the response. I
`TRAEFIK_ENTRYPOINTS_<NAME>_UDP_TIMEOUT`:
Timeout defines how long to wait on an idle session before releasing the related resources. (Default: ```3```)
`TRAEFIK_EXPERIMENTAL_FASTPROXY`:
Enable the FastProxy implementation. (Default: ```false```)
`TRAEFIK_EXPERIMENTAL_FASTPROXY_DEBUG`:
Enable debug mode for the FastProxy implementation. (Default: ```false```)
`TRAEFIK_EXPERIMENTAL_KUBERNETESGATEWAY`:
(Deprecated) Allow the Kubernetes gateway api provider usage. (Default: ```false```)
@@ -411,6 +429,9 @@ TLS key
`TRAEFIK_METRICS_OTLP_PUSHINTERVAL`:
Period between calls to collect a checkpoint. (Default: ```10```)
`TRAEFIK_METRICS_OTLP_SERVICENAME`:
OTEL service name to use. (Default: ```traefik```)
`TRAEFIK_METRICS_PROMETHEUS`:
Prometheus metrics exporter type. (Default: ```false```)
@@ -597,6 +618,9 @@ Client timeout for HTTP connections. (Default: ```0```)
`TRAEFIK_PROVIDERS_DOCKER_NETWORK`:
Default Docker network used.
`TRAEFIK_PROVIDERS_DOCKER_PASSWORD`:
Password for Basic HTTP authentication.
`TRAEFIK_PROVIDERS_DOCKER_TLS_CA`:
TLS CA
@@ -612,6 +636,9 @@ TLS key
`TRAEFIK_PROVIDERS_DOCKER_USEBINDPORTIP`:
Use the ip address from the bound port, rather than from the inner network. (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_USERNAME`:
Username for Basic HTTP authentication.
`TRAEFIK_PROVIDERS_DOCKER_WATCH`:
Watch Docker events. (Default: ```true```)
@@ -774,6 +801,9 @@ Kubernetes label selector to select specific GatewayClasses.
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_NAMESPACES`:
Kubernetes namespaces.
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_NATIVELBBYDEFAULT`:
Defines whether to use Native Kubernetes load-balancing by default. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_STATUSADDRESS_HOSTNAME`:
Hostname used for Kubernetes Gateway status address.
@@ -894,6 +924,12 @@ Interval for polling Nomad API. (Default: ```15```)
`TRAEFIK_PROVIDERS_NOMAD_STALE`:
Use stale consistency for catalog reads. (Default: ```false```)
`TRAEFIK_PROVIDERS_NOMAD_THROTTLEDURATION`:
Watch throttle duration. (Default: ```0```)
`TRAEFIK_PROVIDERS_NOMAD_WATCH`:
Watch Nomad Service events. (Default: ```false```)
`TRAEFIK_PROVIDERS_PLUGIN_<NAME>`:
Plugins configuration.
@@ -981,6 +1017,9 @@ Client timeout for HTTP connections. (Default: ```0```)
`TRAEFIK_PROVIDERS_SWARM_NETWORK`:
Default Docker network used.
`TRAEFIK_PROVIDERS_SWARM_PASSWORD`:
Password for Basic HTTP authentication.
`TRAEFIK_PROVIDERS_SWARM_REFRESHSECONDS`:
Polling interval for swarm mode. (Default: ```15```)
@@ -999,6 +1038,9 @@ TLS key
`TRAEFIK_PROVIDERS_SWARM_USEBINDPORTIP`:
Use the ip address from the bound port, rather than from the inner network. (Default: ```false```)
`TRAEFIK_PROVIDERS_SWARM_USERNAME`:
Username for Basic HTTP authentication.
`TRAEFIK_PROVIDERS_SWARM_WATCH`:
Watch Docker events. (Default: ```true```)

17
docs/content/reference/static-configuration/file.toml
View File

@@ -53,6 +53,7 @@
[entryPoints.EntryPoint0.http]
middlewares = ["foobar", "foobar"]
encodeQuerySemicolons = true
maxHeaderBytes = 42
[entryPoints.EntryPoint0.http.redirections]
[entryPoints.EntryPoint0.http.redirections.entryPoint]
to = "foobar"
@@ -87,6 +88,8 @@
useBindPortIP = true
watch = true
defaultRule = "foobar"
username = "foobar"
password = "foobar"
endpoint = "foobar"
httpClientTimeout = "42s"
[providers.docker.tls]
@@ -102,6 +105,8 @@
useBindPortIP = true
watch = true
defaultRule = "foobar"
username = "foobar"
password = "foobar"
endpoint = "foobar"
httpClientTimeout = "42s"
refreshSeconds = "42s"
@@ -153,6 +158,7 @@
labelSelector = "foobar"
throttleDuration = "42s"
experimentalChannel = true
nativeLBByDefault = true
[providers.kubernetesGateway.statusAddress]
ip = "foobar"
hostname = "foobar"
@@ -198,6 +204,8 @@
exposedByDefault = true
refreshInterval = "42s"
allowEmptyServices = true
watch = true
throttleDuration = "42s"
namespaces = ["foobar", "foobar"]
[providers.nomad.endpoint]
address = "foobar"
@@ -335,6 +343,7 @@
addServicesLabels = true
explicitBoundaries = [42.0, 42.0]
pushInterval = "42s"
serviceName = "foobar"
[metrics.otlp.grpc]
endpoint = "foobar"
insecure = true
@@ -439,6 +448,9 @@
storage = "foobar"
keyType = "foobar"
certificatesDuration = 42
caCertificates = ["foobar", "foobar"]
caSystemCertPool = true
caServerName = "foobar"
[certificatesResolvers.CertificateResolver0.acme.eab]
kid = "foobar"
hmacEncoded = "foobar"
@@ -459,6 +471,9 @@
storage = "foobar"
keyType = "foobar"
certificatesDuration = 42
caCertificates = ["foobar", "foobar"]
caSystemCertPool = true
caServerName = "foobar"
[certificatesResolvers.CertificateResolver1.acme.eab]
kid = "foobar"
hmacEncoded = "foobar"
@@ -498,6 +513,8 @@
[experimental.localPlugins.LocalDescriptor1.settings]
envs = ["foobar", "foobar"]
mounts = ["foobar", "foobar"]
[experimental.fastProxy]
debug = true
[core]
defaultRuleSyntax = "foobar"

21
docs/content/reference/static-configuration/file.yaml
View File

@@ -84,6 +84,7 @@ entryPoints:
- foobar
- foobar
encodeQuerySemicolons: true
maxHeaderBytes: 42
http2:
maxConcurrentStreams: 42
http3:
@@ -100,6 +101,8 @@ providers:
useBindPortIP: true
watch: true
defaultRule: foobar
username: foobar
password: foobar
endpoint: foobar
tls:
ca: foobar
@@ -115,6 +118,8 @@ providers:
useBindPortIP: true
watch: true
defaultRule: foobar
username: foobar
password: foobar
endpoint: foobar
tls:
ca: foobar
@@ -178,6 +183,7 @@ providers:
service:
name: foobar
namespace: foobar
nativeLBByDefault: true
rest:
insecure: true
consulCatalog:
@@ -231,6 +237,8 @@ providers:
exposedByDefault: true
refreshInterval: 42s
allowEmptyServices: true
watch: true
throttleDuration: 42s
namespaces:
- foobar
- foobar
@@ -395,6 +403,7 @@ metrics:
- 42
- 42
pushInterval: 42s
serviceName: foobar
ping:
entryPoint: foobar
manualRouting: true
@@ -483,6 +492,11 @@ certificatesResolvers:
kid: foobar
hmacEncoded: foobar
certificatesDuration: 42
caCertificates:
- foobar
- foobar
caSystemCertPool: true
caServerName: foobar
dnsChallenge:
provider: foobar
delayBeforeCheck: 42s
@@ -505,6 +519,11 @@ certificatesResolvers:
kid: foobar
hmacEncoded: foobar
certificatesDuration: 42
caCertificates:
- foobar
- foobar
caSystemCertPool: true
caServerName: foobar
dnsChallenge:
provider: foobar
delayBeforeCheck: 42s
@@ -557,6 +576,8 @@ experimental:
mounts:
- foobar
- foobar
fastProxy:
debug: true
kubernetesGateway: true
core:
defaultRuleSyntax: foobar

2
docs/content/routing/providers/kubernetes-crd.md
View File

@@ -48,7 +48,7 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v3.1
image: traefik:v3.2
args:
- --log.level=DEBUG
- --api

152
docs/content/routing/providers/kubernetes-gateway.md
View File

@@ -277,6 +277,158 @@ X-Forwarded-Server: traefik-6b66d45748-ns8mt
X-Real-Ip: 10.42.1.0
```
### GRPC
The `GRPCRoute` is an extended resource in the Gateway API specification, designed to define how GRPC traffic should be routed within a Kubernetes cluster.
It allows the specification of routing rules that direct GRPC requests to the appropriate Kubernetes backend services.
For more details on the resource and concepts, check out the Kubernetes Gateway API [documentation](https://gateway-api.sigs.k8s.io/api-types/grpcroute/).
For example, the following manifests configure an echo backend and its corresponding `GRPCRoute`,
reachable through the [deployed `Gateway`](#deploying-a-gateway) at the `echo.localhost:80` address.
```yaml tab="GRPCRoute"
---
apiVersion: gateway.networking.k8s.io/v1
kind: GRPCRoute
metadata:
name: echo
namespace: default
spec:
parentRefs:
- name: traefik
sectionName: http
kind: Gateway
hostnames:
- echo.localhost
rules:
- matches:
- method:
type: Exact
service: grpc.reflection.v1alpha.ServerReflection
- method:
type: Exact
service: gateway_api_conformance.echo_basic.grpcecho.GrpcEcho
method: Echo
backendRefs:
- name: echo
namespace: default
port: 3000
```
```yaml tab="Echo deployment"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: echo
namespace: default
spec:
selector:
matchLabels:
app: echo
template:
metadata:
labels:
app: echo
spec:
containers:
- name: echo-basic
image: gcr.io/k8s-staging-gateway-api/echo-basic
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: GRPC_ECHO_SERVER
value: "1"
---
apiVersion: v1
kind: Service
metadata:
name: echo
namespace: default
spec:
selector:
app: echo
ports:
- port: 3000
```
Once everything is deployed, sending a GRPC request to the HTTP endpoint should return the following responses:
```shell
$ grpcurl -plaintext echo.localhost:80 gateway_api_conformance.echo_basic.grpcecho.GrpcEcho/Echo
{
"assertions": {
"fullyQualifiedMethod": "/gateway_api_conformance.echo_basic.grpcecho.GrpcEcho/Echo",
"headers": [
{
"key": "x-real-ip",
"value": "10.42.2.0"
},
{
"key": "x-forwarded-server",
"value": "traefik-74b4cf85d8-nkqqf"
},
{
"key": "x-forwarded-port",
"value": "80"
},
{
"key": "x-forwarded-for",
"value": "10.42.2.0"
},
{
"key": "grpc-accept-encoding",
"value": "gzip"
},
{
"key": "user-agent",
"value": "grpcurl/1.9.1 grpc-go/1.61.0"
},
{
"key": "content-type",
"value": "application/grpc"
},
{
"key": "x-forwarded-host",
"value": "echo.localhost:80"
},
{
"key": ":authority",
"value": "echo.localhost:80"
},
{
"key": "accept-encoding",
"value": "gzip"
},
{
"key": "x-forwarded-proto",
"value": "http"
}
],
"authority": "echo.localhost:80",
"context": {
"namespace": "default",
"pod": "echo-78f76675cf-9k7rf"
}
}
}
```
### TCP
!!! info "Experimental Channel"

6
docs/content/routing/providers/kubernetes-ingress.md
View File

@@ -130,7 +130,7 @@ which in turn will create the resulting routers, services, handlers, etc.
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v3.1
image: traefik:v3.2
args:
- --entryPoints.web.address=:80
- --providers.kubernetesingress
@@ -543,7 +543,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v3.1
image: traefik:v3.2
args:
- --entryPoints.websecure.address=:443
- --entryPoints.websecure.http.tls
@@ -736,7 +736,7 @@ For more options, please refer to the available [annotations](#on-ingress).
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v3.1
image: traefik:v3.2
args:
- --entryPoints.websecure.address=:443
- --providers.kubernetesingress

7
docs/content/routing/services/index.md
View File

@@ -1207,6 +1207,7 @@ http:
The mirroring is able to mirror requests sent to a service to other services.
Please note that by default the whole request is buffered in memory while it is being mirrored.
See the maxBodySize option in the example below for how to modify this behaviour.
You can also omit the request body by setting the mirrorBody option to `false`.
!!! info "Supported Providers"
@@ -1219,6 +1220,9 @@ http:
mirrored-api:
mirroring:
service: appv1
# mirrorBody defines whether the request body should be mirrored.
# Default value is true.
mirrorBody: false
# maxBodySize is the maximum size allowed for the body of the request.
# If the body is larger, the request is not mirrored.
# Default value is -1, which means unlimited size.
@@ -1248,6 +1252,9 @@ http:
# If the body is larger, the request is not mirrored.
# Default value is -1, which means unlimited size.
maxBodySize = 1024
# mirrorBody defines whether the request body should be mirrored.
# Default value is true.
mirrorBody = false
[[http.services.mirrored-api.mirroring.mirrors]]
name = "appv2"
percent = 10

2
docs/content/user-guides/crd-acme/03-deployments.yml
View File

@@ -26,7 +26,7 @@ spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v3.1
image: traefik:v3.2
args:
- --api.insecure
- --accesslog

12
docs/content/user-guides/crd-acme/index.md
View File

@@ -49,10 +49,10 @@ and the RBAC authorization resources which will be referenced through the `servi
```bash
# Install Traefik Resource Definitions:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
# Install RBAC for Traefik:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
```
### Services
@@ -60,7 +60,7 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/con
Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/traefik/whoami).
```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/02-services.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/02-services.yml
```
```yaml
@@ -73,7 +73,7 @@ Next, the deployments, i.e. the actual pods behind the services.
Again, one pod for Traefik, and one for the whoami app.
```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/03-deployments.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/03-deployments.yml
```
```yaml
@@ -100,7 +100,7 @@ Look it up.
We can now finally apply the actual ingressRoutes, with:
```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/04-ingressroutes.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/04-ingressroutes.yml
```
```yaml
@@ -126,7 +126,7 @@ Nowadays, TLS v1.0 and v1.1 are deprecated.
In order to force TLS v1.2 or later on all your IngressRoute, you can define the `default` TLSOption:
```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/user-guides/crd-acme/05-tlsoption.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.2/docs/content/user-guides/crd-acme/05-tlsoption.yml
```
```yaml

2
docs/content/user-guides/crd-acme/k3s.yml
View File

@@ -26,5 +26,5 @@ node:
- K3S_CLUSTER_SECRET=somethingtotallyrandom
volumes:
# this is where you would place a alternative traefik image (saved as a .tar file with
# 'docker save'), if you want to use it, instead of the traefik:v3.1 image.
# 'docker save'), if you want to use it, instead of the traefik:v3.2 image.
- /somewhere/on/your/host/custom-image:/var/lib/rancher/k3s/agent/images

2
docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml
View File

@@ -3,7 +3,7 @@ version: "3.3"
services:
traefik:
image: "traefik:v3.1"
image: "traefik:v3.2"
container_name: "traefik"
command:
#- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/acme-dns/docker-compose_secrets.yml
View File

@@ -13,7 +13,7 @@ secrets:
services:
traefik:
image: "traefik:v3.1"
image: "traefik:v3.2"
container_name: "traefik"
command:
#- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/acme-http/docker-compose.yml
View File

@@ -3,7 +3,7 @@ version: "3.3"
services:
traefik:
image: "traefik:v3.1"
image: "traefik:v3.2"
container_name: "traefik"
command:
#- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/acme-tls/docker-compose.yml
View File

@@ -3,7 +3,7 @@ version: "3.3"
services:
traefik:
image: "traefik:v3.1"
image: "traefik:v3.2"
container_name: "traefik"
command:
#- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/basic-example/docker-compose.yml
View File

@@ -3,7 +3,7 @@ version: "3.3"
services:
traefik:
image: "traefik:v3.1"
image: "traefik:v3.2"
container_name: "traefik"
command:
#- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/basic-example/index.md
View File

@@ -31,7 +31,7 @@ Create a `docker-compose.yml` file with the following content:
services:
traefik:
image: "traefik:v3.1"
image: "traefik:v3.2"
...
networks:
- traefiknet

41
docs/content/user-guides/fastproxy.md Normal file
View File

@@ -0,0 +1,41 @@
---
title: "Traefik FastProxy Experimental Configuration"
description: "This section of the Traefik Proxy documentation explains how to use the new FastProxy option."
---
# Traefik FastProxy Experimental Configuration
## Overview
This guide provides instructions on how to configure and use the new experimental `fastProxy` static configuration option in Traefik.
The `fastProxy` option introduces a high-performance reverse proxy designed to enhance the performance of routing.
!!! info "Limitations"
Please note that the new fast proxy implementation does not work with HTTP/2.
This means that when a H2C or HTTPS request with [HTTP2 enabled](../routing/services/index.md#disablehttp2) is sent to a backend, the fallback proxy is the regular one.
Additionnaly, observability features like tracing and OTEL semconv metrics are not supported for the moment.
!!! warning "Experimental"
The `fastProxy` option is currently experimental and subject to change in future releases.
Use with caution in production environments.
### Enabling FastProxy
The fastProxy option is a static configuration parameter.
To enable it, you need to configure it in your Traefik static configuration
```yaml tab="File (YAML)"
experimental:
fastProxy: {}
```
```toml tab="File (TOML)"
[experimental.fastProxy]
```
```bash tab="CLI"
--experimental.fastProxy
```

1
docs/mkdocs.yml
View File

@@ -163,6 +163,7 @@ nav:
- 'Overview': 'observability/tracing/overview.md'
- 'OpenTelemetry': 'observability/tracing/opentelemetry.md'
- 'User Guides':
- 'FastProxy': 'user-guides/fastproxy.md'
- 'Kubernetes and Let''s Encrypt': 'user-guides/crd-acme/index.md'
- 'gRPC Examples': 'user-guides/grpc.md'
- 'Docker':

45
go.mod
View File

@@ -6,7 +6,8 @@ require (
github.com/BurntSushi/toml v1.4.0
github.com/Masterminds/sprig/v3 v3.2.3
github.com/abbot/go-http-auth v0.0.0-00010101000000-000000000000 // No tag on the repo.
github.com/andybalholm/brotli v1.0.6
github.com/andybalholm/brotli v1.1.0
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
github.com/aws/aws-sdk-go v1.44.327
github.com/cenkalti/backoff/v4 v4.3.0
github.com/containous/alice v0.0.0-20181107144136-d83ebdd94cbd // No tag on the repo.
@@ -40,7 +41,7 @@ require (
github.com/kvtools/valkeyrie v1.0.0
github.com/kvtools/zookeeper v1.0.2
github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f // No tag on the repo.
github.com/miekg/dns v1.1.59
github.com/miekg/dns v1.1.62
github.com/mitchellh/copystructure v1.2.0
github.com/mitchellh/hashstructure v1.0.0
github.com/mitchellh/mapstructure v1.5.0
@@ -48,7 +49,7 @@ require (
github.com/pires/go-proxyproto v0.6.1
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // No tag on the repo.
github.com/prometheus/client_golang v1.19.1
github.com/prometheus/client_model v0.5.0
github.com/prometheus/client_model v0.6.1
github.com/quic-go/quic-go v0.47.0
github.com/rs/zerolog v1.29.0
github.com/sirupsen/logrus v1.9.3
@@ -67,6 +68,7 @@ require (
github.com/traefik/yaegi v0.16.1
github.com/unrolled/render v1.0.2
github.com/unrolled/secure v1.0.9
github.com/valyala/fasthttp v1.55.0
github.com/vulcand/oxy/v2 v2.0.0
github.com/vulcand/predicate v1.2.0
go.opentelemetry.io/collector/pdata v1.10.0
@@ -88,17 +90,17 @@ require (
golang.org/x/text v0.18.0
golang.org/x/time v0.5.0
golang.org/x/tools v0.25.0
google.golang.org/grpc v1.64.1
google.golang.org/grpc v1.66.2
gopkg.in/natefinch/lumberjack.v2 v2.2.1
gopkg.in/yaml.v3 v3.0.1
k8s.io/api v0.30.0
k8s.io/apiextensions-apiserver v0.30.0
k8s.io/apimachinery v0.30.0
k8s.io/client-go v0.30.0
k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 // No tag on the repo.
k8s.io/api v0.31.1
k8s.io/apiextensions-apiserver v0.31.1
k8s.io/apimachinery v0.31.1
k8s.io/client-go v0.31.1
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // No tag on the repo.
mvdan.cc/xurls/v2 v2.5.0
sigs.k8s.io/controller-runtime v0.18.0
sigs.k8s.io/gateway-api v1.1.0
sigs.k8s.io/gateway-api v1.2.0-rc2
sigs.k8s.io/yaml v1.4.0
)
@@ -153,7 +155,7 @@ require (
github.com/beorn7/perks v1.0.1 // indirect
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
github.com/bytedance/sonic v1.10.0 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/civo/civogo v0.3.11 // indirect
github.com/cloudflare/cloudflare-go v0.97.0 // indirect
github.com/containerd/containerd v1.7.20 // indirect
@@ -171,11 +173,11 @@ require (
github.com/dnsimple/dnsimple-go v1.7.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/emicklei/go-restful/v3 v3.12.0 // indirect
github.com/evanphx/json-patch v5.7.0+incompatible // indirect
github.com/evanphx/json-patch/v5 v5.9.0 // indirect
github.com/exoscale/egoscale v0.102.3 // indirect
github.com/fatih/color v1.16.0 // indirect
github.com/fatih/color v1.17.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
github.com/ghodss/yaml v1.0.0 // indirect
github.com/gin-gonic/gin v1.9.1 // indirect
github.com/go-errors/errors v1.0.1 // indirect
@@ -252,7 +254,7 @@ require (
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/patternmatcher v0.6.0 // indirect
github.com/moby/spdystream v0.2.0 // indirect
github.com/moby/spdystream v0.4.0 // indirect
github.com/moby/sys/sequential v0.5.0 // indirect
github.com/moby/sys/user v0.2.0 // indirect
github.com/moby/term v0.5.0 // indirect
@@ -285,7 +287,7 @@ require (
github.com/pkg/errors v0.9.1 // indirect
github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
github.com/pquerna/otp v1.4.0 // indirect
github.com/prometheus/common v0.48.0 // indirect
github.com/prometheus/common v0.55.0 // indirect
github.com/prometheus/procfs v0.15.1 // indirect
github.com/quic-go/qpack v0.5.1 // indirect
github.com/redis/go-redis/v9 v9.2.1 // indirect
@@ -315,17 +317,19 @@ require (
github.com/tklauser/numcpus v0.6.1 // indirect
github.com/transip/gotransip/v6 v6.23.0 // indirect
github.com/ultradns/ultradns-go-sdk v1.6.1-20231103022937-8589b6a // indirect
github.com/valyala/bytebufferpool v1.0.0 // indirect
github.com/vinyldns/go-vinyldns v0.9.16 // indirect
github.com/vultr/govultr/v3 v3.9.0 // indirect
github.com/x448/float16 v0.8.4 // indirect
github.com/yandex-cloud/go-genproto v0.0.0-20240318083951-4fe6125f286e // indirect
github.com/yandex-cloud/go-sdk v0.0.0-20240318084659-dfa50323a0b4 // indirect
github.com/yusufpapurcu/wmi v1.2.3 // indirect
github.com/zeebo/errs v1.2.2 // indirect
go.etcd.io/etcd/api/v3 v3.5.10 // indirect
go.etcd.io/etcd/client/pkg/v3 v3.5.10 // indirect
go.etcd.io/etcd/client/v3 v3.5.10 // indirect
go.etcd.io/etcd/api/v3 v3.5.14 // indirect
go.etcd.io/etcd/client/pkg/v3 v3.5.14 // indirect
go.etcd.io/etcd/client/v3 v3.5.14 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
go.opentelemetry.io/contrib/propagators/aws v1.28.0 // indirect
go.opentelemetry.io/contrib/propagators/b3 v1.28.0 // indirect
go.opentelemetry.io/contrib/propagators/jaeger v1.28.0 // indirect
@@ -346,13 +350,14 @@ require (
google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
google.golang.org/protobuf v1.34.2 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/h2non/gock.v1 v1.0.16 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/ns1/ns1-go.v2 v2.9.1 // indirect
gopkg.in/square/go-jose.v2 v2.5.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
k8s.io/klog/v2 v2.120.1 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 // indirect
nhooyr.io/websocket v1.8.7 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect

85
go.sum
View File

@@ -98,8 +98,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF
github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/aliyun/alibaba-cloud-sdk-go v1.62.712 h1:lM7JnA9dEdDFH9XOgRNQMDTQnOjlLkDTNA7c0aWTQ30=
github.com/aliyun/alibaba-cloud-sdk-go v1.62.712/go.mod h1:SOSDHfe1kX91v3W5QiBsWSLqeLxImobbMX1mxrFHsVQ=
github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI=
github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
@@ -166,8 +166,8 @@ github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyY
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=
github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d h1:77cEq6EriyTZ0g/qfRdp61a3Uu/AWrgIq2s0ClJV1g0=
@@ -276,8 +276,8 @@ github.com/exoscale/egoscale v0.102.3/go.mod h1:RPf2Gah6up+6kAEayHTQwqapzXlm93f0
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
@@ -290,6 +290,8 @@ github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4
github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
github.com/getkin/kin-openapi v0.61.0/go.mod h1:7Yn5whZr5kJi6t+kShccXS8ae1APpYTW6yheSwk8Yi4=
@@ -701,8 +703,8 @@ github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3N
github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
github.com/miekg/dns v1.1.47/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
github.com/miekg/dns v1.1.59 h1:C9EXc/UToRwKLhK5wKU/I4QVsBUc8kE6MkHBkeypWZs=
github.com/miekg/dns v1.1.59/go.mod h1:nZpewl5p6IvctfgrckopVx2OlSEHPRO/U4SYkRklrEk=
github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ=
github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ=
github.com/mimuret/golang-iij-dpf v0.9.1 h1:Gj6EhHJkOhr+q2RnvRPJsPMcjuVnWPSccEHyoEehU34=
github.com/mimuret/golang-iij-dpf v0.9.1/go.mod h1:sl9KyOkESib9+KRD3HaGpgi1xk7eoN2+d96LCLsME2M=
github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
@@ -734,8 +736,8 @@ github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3N
github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk=
github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8=
github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=
github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo=
github.com/moby/sys/user v0.2.0 h1:OnpapJsRp25vkhw8TFG6OLJODNh/3rEwRWtJ3kakwRM=
@@ -854,15 +856,15 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=
github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc=
github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
@@ -1039,7 +1041,10 @@ github.com/unrolled/secure v1.0.9 h1:BWRuEb1vDrBFFDdbCnKkof3gZ35I/bnHGyt0LB0TNyQ
github.com/unrolled/secure v1.0.9/go.mod h1:fO+mEan+FLB0CdEnHf6Q4ZZVNqG+5fuLFnP8p0BXDPI=
github.com/urfave/negroni v1.0.0 h1:kIimOitoypq34K7TG7DUaJ9kq/N4Ofuwi1sjz0KipXc=
github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4=
github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
github.com/valyala/fasthttp v1.55.0 h1:Zkefzgt6a7+bVKHnu/YaYSOPfNYNisSVBo/unVCf8k8=
github.com/valyala/fasthttp v1.55.0/go.mod h1:NkY9JtkrpPKmgwV3HTaS2HWaJss9RSIsRVfcxxoHiOM=
github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
github.com/vinyldns/go-vinyldns v0.9.16 h1:GZJStDkcCk1F1AcRc64LuuMh+ENL8pHA0CVd4ulRMcQ=
@@ -1050,6 +1055,8 @@ github.com/vulcand/predicate v1.2.0 h1:uFsW1gcnnR7R+QTID+FVcs0sSYlIGntoGOTb3rQJt
github.com/vulcand/predicate v1.2.0/go.mod h1:VipoNYXny6c8N381zGUWkjuuNHiRbeAZhE7Qm9c+2GA=
github.com/vultr/govultr/v3 v3.9.0 h1:63V/22mpfquRA5DenJ9EF0VozHg0k+X4dhUWcDXHPyc=
github.com/vultr/govultr/v3 v3.9.0/go.mod h1:Rd8ebpXm7jxH3MDmhnEs+zrlYW212ouhx+HeUMfHm2o=
github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
@@ -1067,20 +1074,20 @@ github.com/yusufpapurcu/wmi v1.2.3/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQ
github.com/zeebo/errs v1.2.2 h1:5NFypMTuSdoySVTqlNs1dEoU21QVamMQJxW/Fii5O7g=
github.com/zeebo/errs v1.2.2/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4=
go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
go.etcd.io/etcd/api/v3 v3.5.10 h1:szRajuUUbLyppkhs9K6BRtjY37l66XQQmw7oZRANE4k=
go.etcd.io/etcd/api/v3 v3.5.10/go.mod h1:TidfmT4Uycad3NM/o25fG3J07odo4GBB9hoxaodFCtI=
go.etcd.io/etcd/client/pkg/v3 v3.5.10 h1:kfYIdQftBnbAq8pUWFXfpuuxFSKzlmM5cSn76JByiT0=
go.etcd.io/etcd/client/pkg/v3 v3.5.10/go.mod h1:DYivfIviIuQ8+/lCq4vcxuseg2P2XbHygkKwFo9fc8U=
go.etcd.io/etcd/client/v3 v3.5.10 h1:W9TXNZ+oB3MCd/8UjxHTWK5J9Nquw9fQBLJd5ne5/Ao=
go.etcd.io/etcd/client/v3 v3.5.10/go.mod h1:RVeBnDz2PUEZqTpgqwAtUd8nAPf5kjyFyND7P1VkOKc=
go.etcd.io/etcd/api/v3 v3.5.14 h1:vHObSCxyB9zlF60w7qzAdTcGaglbJOpSj1Xj9+WGxq0=
go.etcd.io/etcd/api/v3 v3.5.14/go.mod h1:BmtWcRlQvwa1h3G2jvKYwIQy4PkHlDej5t7uLMUdJUU=
go.etcd.io/etcd/client/pkg/v3 v3.5.14 h1:SaNH6Y+rVEdxfpA2Jr5wkEvN6Zykme5+YnbCkxvuWxQ=
go.etcd.io/etcd/client/pkg/v3 v3.5.14/go.mod h1:8uMgAokyG1czCtIdsq+AGyYQMvpIKnSvPjFMunkgeZI=
go.etcd.io/etcd/client/v3 v3.5.14 h1:CWfRs4FDaDoSz81giL7zPpZH2Z35tbOrAJkkjMqOupg=
go.etcd.io/etcd/client/v3 v3.5.14/go.mod h1:k3XfdV/VIHy/97rqWjoUzrj9tk7GgJGH9J8L4dNXmAk=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
go.opentelemetry.io/collector/pdata v1.10.0 h1:oLyPLGvPTQrcRT64ZVruwvmH/u3SHTfNo01pteS4WOE=
go.opentelemetry.io/collector/pdata v1.10.0/go.mod h1:IHxHsp+Jq/xfjORQMDJjSH6jvedOSTOyu3nbxqhWSYE=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg=
go.opentelemetry.io/contrib/propagators/autoprop v0.53.0 h1:4zaVLcJ5mvYw0vlk63TX62qS4qty/4jAY1BKZ1usu18=
go.opentelemetry.io/contrib/propagators/autoprop v0.53.0/go.mod h1:RPlvYtxp5D8PKnRzyPM+rwMQrvzdlfA49Sgworkg7aQ=
go.opentelemetry.io/contrib/propagators/aws v1.28.0 h1:acyTl4oyin/iLr5Nz3u7p/PKHUbLh42w/fqg9LblExk=
@@ -1439,8 +1446,8 @@ google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG
google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA=
google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0=
google.golang.org/grpc v1.66.2 h1:3QdXkuq3Bkh7w+ywLdLvM56cmGvQHUMZpiCzt6Rqaoo=
google.golang.org/grpc v1.66.2/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y=
google.golang.org/grpc/examples v0.0.0-20201130180447-c456688b1860/go.mod h1:Ly7ZA/ARzg8fnPU9TyZIxoz33sEUuWX7txiqs8lPTgE=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -1466,6 +1473,8 @@ gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
gopkg.in/h2non/gentleman.v1 v1.0.4/go.mod h1:JYuHVdFzS4MKOXe0o+chKJ4hCe6tqKKw9XH9YP6WFrg=
gopkg.in/h2non/gock.v1 v1.0.15/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdODlynE=
@@ -1510,20 +1519,20 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA=
k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE=
k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs=
k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y=
k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA=
k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ=
k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY=
k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU=
k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI=
k8s.io/apiextensions-apiserver v0.31.1 h1:L+hwULvXx+nvTYX/MKM3kKMZyei+UiSXQWciX/N6E40=
k8s.io/apiextensions-apiserver v0.31.1/go.mod h1:tWMPR3sgW+jsl2xm9v7lAyRF1rYEK71i9G5dRtkknoQ=
k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U=
k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0=
k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg=
k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 h1:Q8Z7VlGhcJgBHJHYugJ/K/7iB8a2eSxCyxdVjJp+lLY=
k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 h1:ao5hUqGhsqdm+bYbjH/pRkCs0unBGe9UyDahzs9zQzQ=
k8s.io/utils v0.0.0-20240423183400-0849a56e8f22/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
mvdan.cc/xurls/v2 v2.5.0 h1:lyBNOm8Wo71UknhUs4QTFUNNMyxy2JEIaKKo0RWOh+8=
mvdan.cc/xurls/v2 v2.5.0/go.mod h1:yQgaGQ1rFtJUzkmKiHYSSfuQxqfYmd//X6PxvholpeE=
nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g=
@@ -1533,8 +1542,8 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8
rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME=
sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw=
sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM=
sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWUTrRs=
sigs.k8s.io/gateway-api v1.2.0-rc2 h1:v7V7JzaBuzwOLWWyyqlkqiqBi3ANBuZGV+uyyKzwmE8=
sigs.k8s.io/gateway-api v1.2.0-rc2/go.mod h1:EpNfEXNjiYfUJypf0eZ0P5iXA9ekSGWaS1WgPaM42X0=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=

67
integration/conformance-reports/v1.2.0-rc2/experimental-v3.2-default-report.yaml Normal file
View File

@@ -0,0 +1,67 @@
apiVersion: gateway.networking.k8s.io/v1
date: '-'
gatewayAPIChannel: experimental
gatewayAPIVersion: v1.2.0-rc2
implementation:
contact:
- '@traefik/maintainers'
organization: traefik
project: traefik
url: https://traefik.io/
version: v3.2
kind: ConformanceReport
mode: default
profiles:
- core:
result: success
statistics:
Failed: 0
Passed: 12
Skipped: 0
name: GATEWAY-GRPC
summary: Core tests succeeded.
- core:
result: success
statistics:
Failed: 0
Passed: 33
Skipped: 0
extended:
result: success
statistics:
Failed: 0
Passed: 13
Skipped: 0
supportedFeatures:
- GatewayPort8080
- HTTPRouteBackendProtocolH2C
- HTTPRouteBackendProtocolWebSocket
- HTTPRouteDestinationPortMatching
- HTTPRouteHostRewrite
- HTTPRouteMethodMatching
- HTTPRoutePathRedirect
- HTTPRoutePathRewrite
- HTTPRoutePortRedirect
- HTTPRouteQueryParamMatching
- HTTPRouteResponseHeaderModification
- HTTPRouteSchemeRedirect
unsupportedFeatures:
- GatewayHTTPListenerIsolation
- GatewayInfrastructurePropagation
- GatewayStaticAddresses
- HTTPRouteBackendRequestHeaderModification
- HTTPRouteBackendTimeout
- HTTPRouteParentRefPort
- HTTPRouteRequestMirror
- HTTPRouteRequestMultipleMirrors
- HTTPRouteRequestTimeout
name: GATEWAY-HTTP
summary: Core tests succeeded. Extended tests succeeded.
- core:
result: success
statistics:
Failed: 0
Passed: 11
Skipped: 0
name: GATEWAY-TLS
summary: Core tests succeeded.

14974
integration/fixtures/k8s-conformance/00-experimental-v1.2.0-rc2.yml Normal file
View File

File diff suppressed because it is too large Load Diff

5
integration/fixtures/k8s-conformance/01-rbac.yml
View File

@@ -16,6 +16,7 @@ rules:
resources:
- services
- secrets
- configmaps
verbs:
- get
- list
@@ -34,9 +35,11 @@ rules:
- gatewayclasses
- gateways
- httproutes
- grpcroutes
- tcproutes
- tlsroutes
- referencegrants
- backendtlspolicies
verbs:
- get
- list
@@ -47,9 +50,11 @@ rules:
- gatewayclasses/status
- gateways/status
- httproutes/status
- grpcroutes/status
- tcproutes/status
- tlsroutes/status
- referencegrants/status
- backendtlspolicies/status
verbs:
- update

0
integration/fixtures/k8s-conformance/00-experimental-v1.1.0.yml → integration/fixtures/k8s/00-experimental-v1.1.0.yml
View File

11236
integration/fixtures/k8s/01-gateway-api-crd.yml
View File

File diff suppressed because it is too large Load Diff

177
integration/fixtures/k8s/01-traefik-crd.yml
View File

@@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all.
items:
type: string
@@ -63,12 +63,12 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule
type: string
middlewares:
description: |-
Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-middleware
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware
items:
description: MiddlewareRef is a reference to a Middleware
resource.
@@ -88,7 +88,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority
type: integer
services:
description: |-
@@ -229,7 +229,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -277,7 +277,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax
type: string
required:
- kind
@@ -287,18 +287,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@@ -317,17 +317,17 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties:
name:
description: |-
Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption
type: string
required:
- name
@@ -344,12 +344,12 @@ spec:
name:
description: |-
Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore
type: string
required:
- name
@@ -409,7 +409,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all.
items:
type: string
@@ -422,7 +422,7 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rule_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1
type: string
middlewares:
description: Middlewares defines the list of references to MiddlewareTCP
@@ -446,7 +446,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#priority_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1
type: integer
services:
description: Services defines the list of TCP services.
@@ -487,7 +487,7 @@ spec:
proxyProtocol:
description: |-
ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
properties:
version:
description: Version defines the PROXY Protocol version
@@ -525,7 +525,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#rulesyntax_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1
type: string
required:
- match
@@ -534,18 +534,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#tls_1
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.1/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@@ -564,7 +564,7 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties:
name:
description: Name defines the name of the referenced Traefik
@@ -656,7 +656,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/
Default: all.
items:
type: string
@@ -743,7 +743,7 @@ spec:
openAPIV3Schema:
description: |-
Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/overview/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/
properties:
apiVersion:
description: |-
@@ -769,7 +769,7 @@ spec:
description: |-
AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding it.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/
properties:
prefix:
description: |-
@@ -781,12 +781,12 @@ spec:
description: |-
BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
type: string
realm:
description: |-
@@ -807,7 +807,7 @@ spec:
description: |-
Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can be forwarded to backends.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes
properties:
maxRequestBodyBytes:
description: |-
@@ -839,14 +839,14 @@ spec:
description: |-
RetryExpression defines the retry conditions.
It is a logical combination of functions with operators AND (&&) and OR (||).
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression
type: string
type: object
chain:
description: |-
Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/chain/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/
properties:
middlewares:
description: Middlewares is the list of MiddlewareRef which composes
@@ -904,14 +904,20 @@ spec:
compress:
description: |-
Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip compression.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/
properties:
defaultEncoding:
description: DefaultEncoding specifies the default encoding if
the `Accept-Encoding` header is not in the request or contains
a wildcard (`*`).
type: string
encodings:
description: Encodings defines the list of supported compression
algorithms.
items:
type: string
type: array
excludedContentTypes:
description: |-
ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
@@ -948,12 +954,12 @@ spec:
description: |-
DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
type: string
realm:
description: |-
@@ -973,7 +979,7 @@ spec:
description: |-
ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/
properties:
query:
description: |-
@@ -983,7 +989,7 @@ spec:
service:
description: |-
Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/errorpages/#service
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service
properties:
healthCheck:
description: Healthcheck defines health checks for ExternalName
@@ -1116,7 +1122,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -1174,7 +1180,7 @@ spec:
description: |-
ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
properties:
addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies
@@ -1202,7 +1208,7 @@ spec:
authResponseHeadersRegex:
description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
type: string
tls:
description: TLS defines the configuration used to secure the
@@ -1249,7 +1255,7 @@ spec:
description: |-
Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders
properties:
accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the
@@ -1420,7 +1426,7 @@ spec:
description: |-
InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and served concurrently.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/
properties:
amount:
description: |-
@@ -1433,12 +1439,12 @@ spec:
SourceCriterion defines what criterion is used to group requests as originating from a common source.
If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@@ -1452,6 +1458,12 @@ spec:
items:
type: string
type: array
ipv6Subnet:
description: IPv6Subnet configures Traefik to consider
all IPv6 addresses from the defined subnet as originating
from the same IP. Applies to RemoteAddrStrategy and
DepthStrategy.
type: integer
type: object
requestHeaderName:
description: RequestHeaderName defines the name of the header
@@ -1467,12 +1479,12 @@ spec:
description: |-
IPAllowList holds the IP allowlist middleware configuration.
This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/
properties:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@@ -1485,6 +1497,11 @@ spec:
items:
type: string
type: array
ipv6Subnet:
description: IPv6Subnet configures Traefik to consider all
IPv6 addresses from the defined subnet as originating from
the same IP. Applies to RemoteAddrStrategy and DepthStrategy.
type: integer
type: object
rejectStatusCode:
description: |-
@@ -1504,7 +1521,7 @@ spec:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@@ -1517,6 +1534,11 @@ spec:
items:
type: string
type: array
ipv6Subnet:
description: IPv6Subnet configures Traefik to consider all
IPv6 addresses from the defined subnet as originating from
the same IP. Applies to RemoteAddrStrategy and DepthStrategy.
type: integer
type: object
sourceRange:
description: SourceRange defines the set of allowed IPs (or ranges
@@ -1529,7 +1551,7 @@ spec:
description: |-
PassTLSClientCert holds the pass TLS client cert middleware configuration.
This middleware adds the selected data from the passed client TLS certificate to a header.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/
properties:
info:
description: Info selects the specific client certificate details
@@ -1638,7 +1660,7 @@ spec:
description: |-
RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ratelimit/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/
properties:
average:
description: |-
@@ -1671,7 +1693,7 @@ spec:
ipStrategy:
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@@ -1685,6 +1707,12 @@ spec:
items:
type: string
type: array
ipv6Subnet:
description: IPv6Subnet configures Traefik to consider
all IPv6 addresses from the defined subnet as originating
from the same IP. Applies to RemoteAddrStrategy and
DepthStrategy.
type: integer
type: object
requestHeaderName:
description: RequestHeaderName defines the name of the header
@@ -1700,7 +1728,7 @@ spec:
description: |-
RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex
properties:
permanent:
description: Permanent defines whether the redirection is permanent
@@ -1719,7 +1747,7 @@ spec:
description: |-
RedirectScheme holds the redirect scheme middleware configuration.
This middleware redirects requests from a scheme/port to another.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/
properties:
permanent:
description: Permanent defines whether the redirection is permanent
@@ -1736,7 +1764,7 @@ spec:
description: |-
ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/
properties:
path:
description: Path defines the path to use as replacement in the
@@ -1747,7 +1775,7 @@ spec:
description: |-
ReplacePathRegex holds the replace path regex middleware configuration.
This middleware replaces the path of a URL using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/
properties:
regex:
description: Regex defines the regular expression used to match
@@ -1763,7 +1791,7 @@ spec:
Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
properties:
attempts:
description: Attempts defines how many times the request should
@@ -1785,7 +1813,7 @@ spec:
description: |-
StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/
properties:
forceSlash:
description: |-
@@ -1804,7 +1832,7 @@ spec:
description: |-
StripPrefixRegex holds the strip prefix regex middleware configuration.
This middleware removes the matching prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/
properties:
regex:
description: Regex defines the regular expression to match the
@@ -1841,7 +1869,7 @@ spec:
openAPIV3Schema:
description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/overview/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/
properties:
apiVersion:
description: |-
@@ -1877,7 +1905,7 @@ spec:
description: |-
IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@@ -1891,7 +1919,7 @@ spec:
IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipwhitelist/
More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@@ -1930,7 +1958,7 @@ spec:
ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_1
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1
properties:
apiVersion:
description: |-
@@ -2069,7 +2097,7 @@ spec:
ServersTransportTCP is the CRD implementation of a TCPServersTransport.
If no tcpServersTransport is specified, a default one named default@internal will be used.
The default@internal tcpServersTransport can be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#serverstransport_3
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3
properties:
apiVersion:
description: |-
@@ -2187,7 +2215,7 @@ spec:
openAPIV3Schema:
description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options
properties:
apiVersion:
description: |-
@@ -2212,14 +2240,14 @@ spec:
alpnProtocols:
description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#alpn-protocols
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols
items:
type: string
type: array
cipherSuites:
description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#cipher-suites
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites
items:
type: string
type: array
@@ -2247,7 +2275,7 @@ spec:
curvePreferences:
description: |-
CurvePreferences defines the preferred elliptic curves in a specific order.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#curve-preferences
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences
items:
type: string
type: array
@@ -2303,7 +2331,7 @@ spec:
TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v3.1/https/tls/#certificates-stores
More info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores
properties:
apiVersion:
description: |-
@@ -2401,7 +2429,7 @@ spec:
TraefikService object allows to:
- Apply weight to Services on load-balancing
- Mirror traffic on services
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-traefikservice
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice
properties:
apiVersion:
description: |-
@@ -2500,6 +2528,11 @@ spec:
Default value is -1, which means unlimited size.
format: int64
type: integer
mirrorBody:
description: |-
MirrorBody defines whether the body of the request should be mirrored.
Default value is true.
type: boolean
mirrors:
description: Mirrors defines the list of mirrors where Traefik
will duplicate the traffic.
@@ -2642,7 +2675,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -2749,7 +2782,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -2932,7 +2965,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.1/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -2979,7 +3012,7 @@ spec:
sticky:
description: |-
Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
More info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
properties:
cookie:
description: Cookie defines the sticky cookie configuration.

14
integration/fixtures/mirror.toml
View File

@@ -28,6 +28,10 @@
service = "mirrorWithMaxBody"
rule = "Path(`/whoamiWithMaxBody`)"
[http.routers.router3]
service = "mirrorWithoutBody"
rule = "Path(`/whoamiWithoutBody`)"
[http.services]
[http.services.mirror.mirroring]
@@ -49,6 +53,16 @@
name = "mirror2"
percent = 50
[http.services.mirrorWithoutBody.mirroring]
service = "service1"
mirrorBody = false
[[http.services.mirrorWithoutBody.mirroring.mirrors]]
name = "mirror1"
percent = 10
[[http.services.mirrorWithoutBody.mirroring.mirrors]]
name = "mirror2"
percent = 50
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]

35
integration/fixtures/simple_fastproxy.toml Normal file
View File

@@ -0,0 +1,35 @@
[global]
checkNewVersion = false
sendAnonymousUsage = false
[log]
level = "DEBUG"
noColor = true
[entryPoints]
[entryPoints.web]
address = ":8000"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"
[experimental]
[experimental.fastProxy]
debug = true
## dynamic configuration ##
[http.routers]
[http.routers.router1]
entrypoints = ["web"]
service = "service1"
rule = "PathPrefix(`/`)"
[http.services]
[http.services.service1]
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]
url = "{{ .Server }}"

25
integration/fixtures/simple_max_header_size.toml Normal file
View File

@@ -0,0 +1,25 @@
[global]
checkNewVersion = false
sendAnonymousUsage = false
[entryPoints]
[entryPoints.web]
address = ":8000"
[entryPoints.web.http]
maxHeaderBytes = 1310720
[providers.file]
filename = "{{ .SelfFilename }}"
## dynamic configuration ##
[http.routers]
[http.routers.test-router]
entryPoints = ["web"]
service = "test-service"
rule = "Host(`127.0.0.1`)"
[http.services]
[http.services.test-service]
[[http.services.test-service.loadBalancer.servers]]
url = "{{ .TestServer }}"

7
integration/integration_test.go
View File

@@ -36,9 +36,10 @@ import (
)
var (
showLog = flag.Bool("tlog", false, "always show Traefik logs")
k8sConformance = flag.Bool("k8sConformance", false, "run K8s Gateway API conformance test")
k8sConformanceRunTest = flag.String("k8sConformanceRunTest", "", "run a specific K8s Gateway API conformance test")
showLog = flag.Bool("tlog", false, "always show Traefik logs")
k8sConformance = flag.Bool("k8sConformance", false, "run K8s Gateway API conformance test")
k8sConformanceRunTest = flag.String("k8sConformanceRunTest", "", "run a specific K8s Gateway API conformance test")
k8sConformanceTraefikVersion = flag.String("k8sConformanceTraefikVersion", "dev", "specify the Traefik version for the K8s Gateway API conformance report")
)
const tailscaleSecretFilePath = "tailscale.secret"

52
integration/k8s_conformance_test.go
View File

@@ -8,6 +8,7 @@ import (
"os"
"path/filepath"
"slices"
"strings"
"testing"
"time"
@@ -17,10 +18,11 @@ import (
"github.com/testcontainers/testcontainers-go/modules/k3s"
"github.com/testcontainers/testcontainers-go/network"
"github.com/traefik/traefik/v3/integration/try"
"github.com/traefik/traefik/v3/pkg/version"
"github.com/traefik/traefik/v3/pkg/provider/kubernetes/gateway"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
"k8s.io/apimachinery/pkg/util/sets"
kclientset "k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd"
"sigs.k8s.io/controller-runtime/pkg/client"
klog "sigs.k8s.io/controller-runtime/pkg/log"
@@ -33,7 +35,6 @@ import (
"sigs.k8s.io/gateway-api/conformance/tests"
"sigs.k8s.io/gateway-api/conformance/utils/config"
ksuite "sigs.k8s.io/gateway-api/conformance/utils/suite"
"sigs.k8s.io/gateway-api/pkg/features"
"sigs.k8s.io/yaml"
)
@@ -50,6 +51,7 @@ type K8sConformanceSuite struct {
k3sContainer *k3s.K3sContainer
kubeClient client.Client
restConfig *rest.Config
clientSet *kclientset.Clientset
}
@@ -86,9 +88,9 @@ func (s *K8sConformanceSuite) SetupSuite() {
s.T().Fatal("Traefik image is not present")
}
s.k3sContainer, err = k3s.RunContainer(ctx,
testcontainers.WithImage(k3sImage),
k3s.WithManifest("./fixtures/k8s-conformance/00-experimental-v1.1.0.yml"),
s.k3sContainer, err = k3s.Run(ctx,
k3sImage,
k3s.WithManifest("./fixtures/k8s-conformance/00-experimental-v1.2.0-rc2.yml"),
k3s.WithManifest("./fixtures/k8s-conformance/01-rbac.yml"),
k3s.WithManifest("./fixtures/k8s-conformance/02-traefik.yml"),
network.WithNetwork(nil, s.network),
@@ -111,17 +113,17 @@ func (s *K8sConformanceSuite) SetupSuite() {
s.T().Fatal(err)
}
restConfig, err := clientcmd.RESTConfigFromKubeConfig(kubeConfigYaml)
s.restConfig, err = clientcmd.RESTConfigFromKubeConfig(kubeConfigYaml)
if err != nil {
s.T().Fatalf("Error loading Kubernetes config: %v", err)
}
s.kubeClient, err = client.New(restConfig, client.Options{})
s.kubeClient, err = client.New(s.restConfig, client.Options{})
if err != nil {
s.T().Fatalf("Error initializing Kubernetes client: %v", err)
}
s.clientSet, err = kclientset.NewForConfig(restConfig)
s.clientSet, err = kclientset.NewForConfig(s.restConfig)
if err != nil {
s.T().Fatalf("Error initializing Kubernetes REST client: %v", err)
}
@@ -183,6 +185,7 @@ func (s *K8sConformanceSuite) TestK8sGatewayAPIConformance() {
GatewayClassName: "traefik",
Debug: true,
CleanupBaseResources: true,
RestConfig: s.restConfig,
TimeoutConfig: config.DefaultTimeoutConfig(),
ManifestFS: []fs.FS{&conformance.Manifests},
EnableAllSupportedFeatures: false,
@@ -191,22 +194,15 @@ func (s *K8sConformanceSuite) TestK8sGatewayAPIConformance() {
Organization: "traefik",
Project: "traefik",
URL: "https://traefik.io/",
Version: version.Version,
Version: *k8sConformanceTraefikVersion,
Contact: []string{"@traefik/maintainers"},
},
ConformanceProfiles: sets.New(ksuite.GatewayHTTPConformanceProfileName),
SupportedFeatures: sets.New(
features.SupportGateway,
features.SupportGatewayPort8080,
features.SupportHTTPRoute,
features.SupportHTTPRouteQueryParamMatching,
features.SupportHTTPRouteMethodMatching,
features.SupportHTTPRoutePortRedirect,
features.SupportHTTPRouteSchemeRedirect,
features.SupportHTTPRouteHostRewrite,
features.SupportHTTPRoutePathRewrite,
features.SupportHTTPRoutePathRedirect,
ConformanceProfiles: sets.New(
ksuite.GatewayHTTPConformanceProfileName,
ksuite.GatewayGRPCConformanceProfileName,
ksuite.GatewayTLSConformanceProfileName,
),
SupportedFeatures: sets.New(gateway.SupportedFeatures()...),
})
require.NoError(s.T(), err)
@@ -218,12 +214,22 @@ func (s *K8sConformanceSuite) TestK8sGatewayAPIConformance() {
report, err := cSuite.Report()
require.NoError(s.T(), err, "failed generating conformance report")
// Ignore report date to avoid diff with CI job.
// However, we can track the date of the report thanks to the commit.
// TODO: to publish this report automatically, we have to figure out how to handle the date diff.
report.Date = "-"
// Ordering profile reports for the serialized report to be comparable.
slices.SortFunc(report.ProfileReports, func(a, b v1.ProfileReport) int {
return strings.Compare(a.Name, b.Name)
})
rawReport, err := yaml.Marshal(report)
require.NoError(s.T(), err)
s.T().Logf("Conformance report:\n%s", string(rawReport))
require.NoError(s.T(), os.MkdirAll("./conformance-reports", 0o755))
outFile := filepath.Join("conformance-reports", fmt.Sprintf("%s-%s-%s-report.yaml", report.GatewayAPIChannel, report.Version, report.Mode))
require.NoError(s.T(), os.MkdirAll("./conformance-reports/"+report.GatewayAPIVersion, 0o755))
outFile := filepath.Join("conformance-reports/"+report.GatewayAPIVersion, fmt.Sprintf("%s-%s-%s-report.yaml", report.GatewayAPIChannel, report.Version, report.Mode))
require.NoError(s.T(), os.WriteFile(outFile, rawReport, 0o600))
s.T().Logf("Report written to: %s", outFile)
}

126
integration/simple_test.go
View File

@@ -65,6 +65,32 @@ func (s *SimpleSuite) TestSimpleDefaultConfig() {
require.NoError(s.T(), err)
}
func (s *SimpleSuite) TestSimpleFastProxy() {
var callCount int
srv1 := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
assert.Contains(s.T(), req.Header, "X-Traefik-Fast-Proxy")
callCount++
}))
defer srv1.Close()
file := s.adaptFile("fixtures/simple_fastproxy.toml", struct {
Server string
}{
Server: srv1.URL,
})
s.traefikCmd(withConfigFile(file), "--log.level=DEBUG")
// wait for traefik
err := try.GetRequest("http://127.0.0.1:8080/api/rawdata", 10*time.Second, try.BodyContains("127.0.0.1"))
require.NoError(s.T(), err)
err = try.GetRequest("http://127.0.0.1:8000/", time.Second)
require.NoError(s.T(), err)
assert.GreaterOrEqual(s.T(), 1, callCount)
}
func (s *SimpleSuite) TestWithWebConfig() {
s.cmdTraefik(withConfigFile("fixtures/simple_web.toml"))
@@ -1004,8 +1030,13 @@ func (s *SimpleSuite) TestMirrorWithBody() {
_, err = rand.Read(body5)
require.NoError(s.T(), err)
verifyBody := func(req *http.Request) {
// forceOkResponse is used to avoid errors when Content-Length is set but no body is received
verifyBody := func(req *http.Request, canBodyBeEmpty bool) (forceOkResponse bool) {
b, _ := io.ReadAll(req.Body)
if canBodyBeEmpty && req.Header.Get("NoBody") == "true" {
require.Empty(s.T(), b)
return true
}
switch req.Header.Get("Size") {
case "20":
require.Equal(s.T(), body20, b)
@@ -1014,20 +1045,25 @@ func (s *SimpleSuite) TestMirrorWithBody() {
default:
s.T().Fatal("Size header not present")
}
return false
}
main := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
verifyBody(req)
verifyBody(req, false)
atomic.AddInt32(&count, 1)
}))
mirror1 := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
verifyBody(req)
if verifyBody(req, true) {
rw.WriteHeader(http.StatusOK)
}
atomic.AddInt32(&countMirror1, 1)
}))
mirror2 := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
verifyBody(req)
if verifyBody(req, true) {
rw.WriteHeader(http.StatusOK)
}
atomic.AddInt32(&countMirror2, 1)
}))
@@ -1104,6 +1140,28 @@ func (s *SimpleSuite) TestMirrorWithBody() {
assert.Equal(s.T(), int32(10), countTotal)
assert.Equal(s.T(), int32(0), val1)
assert.Equal(s.T(), int32(0), val2)
atomic.StoreInt32(&count, 0)
atomic.StoreInt32(&countMirror1, 0)
atomic.StoreInt32(&countMirror2, 0)
req, err = http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/whoamiWithoutBody", bytes.NewBuffer(body20))
require.NoError(s.T(), err)
req.Header.Set("Size", "20")
req.Header.Set("NoBody", "true")
for range 10 {
response, err := http.DefaultClient.Do(req)
require.NoError(s.T(), err)
assert.Equal(s.T(), http.StatusOK, response.StatusCode)
}
countTotal = atomic.LoadInt32(&count)
val1 = atomic.LoadInt32(&countMirror1)
val2 = atomic.LoadInt32(&countMirror2)
assert.Equal(s.T(), int32(10), countTotal)
assert.Equal(s.T(), int32(1), val1)
assert.Equal(s.T(), int32(5), val2)
}
func (s *SimpleSuite) TestMirrorCanceled() {
@@ -1479,3 +1537,63 @@ func (s *SimpleSuite) TestDenyFragment() {
require.NoError(s.T(), err)
assert.Equal(s.T(), http.StatusBadRequest, resp.StatusCode)
}
func (s *SimpleSuite) TestMaxHeaderBytes() {
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
})
listener, err := net.Listen("tcp", "127.0.0.1:9000")
require.NoError(s.T(), err)
ts := &httptest.Server{
Listener: listener,
Config: &http.Server{
Handler: handler,
MaxHeaderBytes: 1.25 * 1024 * 1024, // 1.25 MB
},
}
ts.Start()
defer ts.Close()
// The test server and traefik config file both specify a max request header size of 1.25 MB.
file := s.adaptFile("fixtures/simple_max_header_size.toml", struct {
TestServer string
}{ts.URL})
s.traefikCmd(withConfigFile(file))
testCases := []struct {
name string
headerSize int
expectedStatus int
}{
{
name: "1.25MB header",
headerSize: int(1.25 * 1024 * 1024),
expectedStatus: http.StatusOK,
},
{
name: "1.5MB header",
headerSize: int(1.5 * 1024 * 1024),
expectedStatus: http.StatusRequestHeaderFieldsTooLarge,
},
{
name: "500KB header",
headerSize: int(500 * 1024),
expectedStatus: http.StatusOK,
},
}
for _, test := range testCases {
s.Run(test.name, func() {
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000", nil)
require.NoError(s.T(), err)
req.Header.Set("X-Large-Header", strings.Repeat("A", test.headerSize))
err = try.Request(req, 2*time.Second, try.StatusCodeIs(test.expectedStatus))
require.NoError(s.T(), err)
})
}
}

32
integration/testdata/rawdata-gateway.json vendored
View File

@@ -34,7 +34,7 @@
"entryPoints": [
"web"
],
"service": "default-http-app-1-my-gateway-web-0-wrr",
"service": "default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06-wrr",
"rule": "Host(`foo.com`) \u0026\u0026 Path(`/bar`)",
"ruleSyntax": "v3",
"priority": 100008,
@@ -47,7 +47,7 @@
"entryPoints": [
"websecure"
],
"service": "default-http-app-1-my-https-gateway-websecure-0-wrr",
"service": "default-http-app-1-my-https-gateway-websecure-0-1c0cf64bde37d9d0df06-wrr",
"rule": "Host(`foo.com`) \u0026\u0026 Path(`/bar`)",
"ruleSyntax": "v3",
"priority": 100008,
@@ -96,7 +96,7 @@
"dashboard@internal"
]
},
"default-http-app-1-my-gateway-web-0-wrr@kubernetesgateway": {
"default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06-wrr@kubernetesgateway": {
"weighted": {
"services": [
{
@@ -110,7 +110,7 @@
"default-http-app-1-my-gateway-web-0-1c0cf64bde37d9d0df06@kubernetesgateway"
]
},
"default-http-app-1-my-https-gateway-websecure-0-wrr@kubernetesgateway": {
"default-http-app-1-my-https-gateway-websecure-0-1c0cf64bde37d9d0df06-wrr@kubernetesgateway": {
"weighted": {
"services": [
{
@@ -150,11 +150,11 @@
}
},
"tcpRouters": {
"default-tcp-app-1-my-tcp-gateway-footcp@kubernetesgateway": {
"default-tcp-app-1-my-tcp-gateway-footcp-0-e3b0c44298fc1c149afb@kubernetesgateway": {
"entryPoints": [
"footcp"
],
"service": "default-tcp-app-1-my-tcp-gateway-footcp-wrr-0",
"service": "default-tcp-app-1-my-tcp-gateway-footcp-0-e3b0c44298fc1c149afb-wrr",
"rule": "HostSNI(`*`)",
"ruleSyntax": "v3",
"priority": -1,
@@ -163,11 +163,11 @@
"footcp"
]
},
"default-tcp-app-1-my-tls-gateway-footlsterminate@kubernetesgateway": {
"default-tcp-app-1-my-tls-gateway-footlsterminate-0-e3b0c44298fc1c149afb@kubernetesgateway": {
"entryPoints": [
"footlsterminate"
],
"service": "default-tcp-app-1-my-tls-gateway-footlsterminate-wrr-0",
"service": "default-tcp-app-1-my-tls-gateway-footlsterminate-0-e3b0c44298fc1c149afb-wrr",
"rule": "HostSNI(`*`)",
"ruleSyntax": "v3",
"priority": -1,
@@ -179,11 +179,11 @@
"footlsterminate"
]
},
"default-tls-app-1-my-tls-gateway-footlspassthrough-2279fe75c5156dc5eb26@kubernetesgateway": {
"default-tls-app-1-my-tls-gateway-footlspassthrough-0-e3b0c44298fc1c149afb@kubernetesgateway": {
"entryPoints": [
"footlspassthrough"
],
"service": "default-tls-app-1-my-tls-gateway-footlspassthrough-2279fe75c5156dc5eb26-wrr-0",
"service": "default-tls-app-1-my-tls-gateway-footlspassthrough-0-e3b0c44298fc1c149afb-wrr",
"rule": "HostSNI(`foo.bar`)",
"ruleSyntax": "v3",
"priority": 18,
@@ -197,7 +197,7 @@
}
},
"tcpServices": {
"default-tcp-app-1-my-tcp-gateway-footcp-wrr-0@kubernetesgateway": {
"default-tcp-app-1-my-tcp-gateway-footcp-0-e3b0c44298fc1c149afb-wrr@kubernetesgateway": {
"weighted": {
"services": [
{
@@ -208,10 +208,10 @@
},
"status": "enabled",
"usedBy": [
"default-tcp-app-1-my-tcp-gateway-footcp@kubernetesgateway"
"default-tcp-app-1-my-tcp-gateway-footcp-0-e3b0c44298fc1c149afb@kubernetesgateway"
]
},
"default-tcp-app-1-my-tls-gateway-footlsterminate-wrr-0@kubernetesgateway": {
"default-tcp-app-1-my-tls-gateway-footlsterminate-0-e3b0c44298fc1c149afb-wrr@kubernetesgateway": {
"weighted": {
"services": [
{
@@ -222,10 +222,10 @@
},
"status": "enabled",
"usedBy": [
"default-tcp-app-1-my-tls-gateway-footlsterminate@kubernetesgateway"
"default-tcp-app-1-my-tls-gateway-footlsterminate-0-e3b0c44298fc1c149afb@kubernetesgateway"
]
},
"default-tls-app-1-my-tls-gateway-footlspassthrough-2279fe75c5156dc5eb26-wrr-0@kubernetesgateway": {
"default-tls-app-1-my-tls-gateway-footlspassthrough-0-e3b0c44298fc1c149afb-wrr@kubernetesgateway": {
"weighted": {
"services": [
{
@@ -236,7 +236,7 @@
},
"status": "enabled",
"usedBy": [
"default-tls-app-1-my-tls-gateway-footlspassthrough-2279fe75c5156dc5eb26@kubernetesgateway"
"default-tls-app-1-my-tls-gateway-footlspassthrough-0-e3b0c44298fc1c149afb@kubernetesgateway"
]
},
"default-whoamitcp-8080@kubernetesgateway": {

48
pkg/cli/deprecation.go
View File

@@ -194,7 +194,7 @@ func (c *configuration) deprecationNotice(logger zerolog.Logger) bool {
if c.Pilot != nil {
incompatible = true
logger.Error().Msg("Pilot configuration has been removed in v3, please remove all Pilot-related static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#pilot")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#pilot")
}
incompatibleExperimental := c.Experimental.deprecationNotice(logger)
@@ -227,13 +227,13 @@ func (p *providers) deprecationNotice(logger zerolog.Logger) bool {
if p.Marathon != nil {
incompatible = true
logger.Error().Msg("Marathon provider has been removed in v3, please remove all Marathon-related static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#marathon-provider")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#marathon-provider")
}
if p.Rancher != nil {
incompatible = true
logger.Error().Msg("Rancher provider has been removed in v3, please remove all Rancher-related static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#rancher-v1-provider")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#rancher-v1-provider")
}
dockerIncompatible := p.Docker.deprecationNotice(logger)
@@ -275,14 +275,14 @@ func (d *docker) deprecationNotice(logger zerolog.Logger) bool {
if d.SwarmMode != nil {
incompatible = true
logger.Error().Msg("Docker provider `swarmMode` option has been removed in v3, please use the Swarm Provider instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#docker-docker-swarm")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#docker-docker-swarm")
}
if d.TLS != nil && d.TLS.CAOptional != nil {
incompatible = true
logger.Error().Msg("Docker provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional")
}
return incompatible
@@ -323,7 +323,7 @@ func (e *etcd) deprecationNotice(logger zerolog.Logger) bool {
incompatible = true
logger.Error().Msg("ETCD provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_3")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_3")
}
return incompatible
@@ -344,7 +344,7 @@ func (r *redis) deprecationNotice(logger zerolog.Logger) bool {
incompatible = true
logger.Error().Msg("Redis provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_4")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_4")
}
return incompatible
@@ -365,14 +365,14 @@ func (c *consul) deprecationNotice(logger zerolog.Logger) bool {
if c.Namespace != nil {
incompatible = true
logger.Error().Msg("Consul provider `namespace` option has been removed, please use the `namespaces` option instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#consul-provider")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#consul-provider")
}
if c.TLS != nil && c.TLS.CAOptional != nil {
incompatible = true
logger.Error().Msg("Consul provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_1")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_1")
}
return incompatible
@@ -397,14 +397,14 @@ func (c *consulCatalog) deprecationNotice(logger zerolog.Logger) bool {
if c.Namespace != nil {
incompatible = true
logger.Error().Msg("ConsulCatalog provider `namespace` option has been removed, please use the `namespaces` option instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#consulcatalog-provider")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#consulcatalog-provider")
}
if c.Endpoint != nil && c.Endpoint.TLS != nil && c.Endpoint.TLS.CAOptional != nil {
incompatible = true
logger.Error().Msg("ConsulCatalog provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#endpointtlscaoptional")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#endpointtlscaoptional")
}
return incompatible
@@ -425,14 +425,14 @@ func (n *nomad) deprecationNotice(logger zerolog.Logger) bool {
if n.Namespace != nil {
incompatible = true
logger.Error().Msg("Nomad provider `namespace` option has been removed, please use the `namespaces` option instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#nomad-provider")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#nomad-provider")
}
if n.Endpoint != nil && n.Endpoint.TLS != nil && n.Endpoint.TLS.CAOptional != nil {
incompatible = true
logger.Error().Msg("Nomad provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#endpointtlscaoptional_1")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#endpointtlscaoptional_1")
}
return incompatible
@@ -453,7 +453,7 @@ func (h *http) deprecationNotice(logger zerolog.Logger) bool {
incompatible = true
logger.Error().Msg("HTTP provider `tls.CAOptional` option has been removed in v3, as TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634)." +
"Please remove all occurrences from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tlscaoptional_2")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tlscaoptional_2")
}
return incompatible
@@ -471,7 +471,7 @@ func (i *ingress) deprecationNotice(logger zerolog.Logger) {
if i.DisableIngressClassLookup != nil {
logger.Error().Msg("Kubernetes Ingress provider `disableIngressClassLookup` option has been deprecated in v3.1, and will be removed in the next major version." +
"Please use the `disableClusterScopeResources` option instead." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v3/#ingressclasslookup")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v3/#ingressclasslookup")
}
}
@@ -488,7 +488,7 @@ func (e *experimental) deprecationNotice(logger zerolog.Logger) bool {
if e.HTTP3 != nil {
logger.Error().Msg("HTTP3 is not an experimental feature in v3 and the associated enablement has been removed." +
"Please remove its usage from the static configuration for Traefik to start." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3-details/#http3")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3-details/#http3")
return true
}
@@ -496,7 +496,7 @@ func (e *experimental) deprecationNotice(logger zerolog.Logger) bool {
if e.KubernetesGateway != nil {
logger.Error().Msg("KubernetesGateway provider is not an experimental feature starting with v3.1." +
"Please remove its usage from the static configuration." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v3/#gateway-api-kubernetesgateway-provider")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v3/#gateway-api-kubernetesgateway-provider")
}
return false
@@ -520,49 +520,49 @@ func (t *tracing) deprecationNotice(logger zerolog.Logger) bool {
if t.SpanNameLimit != nil {
incompatible = true
logger.Error().Msg("SpanNameLimit option for Tracing has been removed in v3, as Span names are now of a fixed length." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
}
if t.Jaeger != nil {
incompatible = true
logger.Error().Msg("Jaeger Tracing backend has been removed in v3, please remove all Jaeger-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
}
if t.Zipkin != nil {
incompatible = true
logger.Error().Msg("Zipkin Tracing backend has been removed in v3, please remove all Zipkin-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
}
if t.Datadog != nil {
incompatible = true
logger.Error().Msg("Datadog Tracing backend has been removed in v3, please remove all Datadog-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
}
if t.Instana != nil {
incompatible = true
logger.Error().Msg("Instana Tracing backend has been removed in v3, please remove all Instana-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
}
if t.Haystack != nil {
incompatible = true
logger.Error().Msg("Haystack Tracing backend has been removed in v3, please remove all Haystack-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
}
if t.Elastic != nil {
incompatible = true
logger.Error().Msg("Elastic Tracing backend has been removed in v3, please remove all Elastic-related Tracing static configuration for Traefik to start." +
"In v3, Open Telemetry replaces specific tracing backend implementations, and an collector/exporter can be used to export metrics in a vendor specific format." +
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.1/migration/v2-to-v3/#tracing")
"For more information please read the migration guide: https://doc.traefik.io/traefik/v3.2/migration/v2-to-v3/#tracing")
}
return incompatible

14
pkg/config/dynamic/http_config.go
View File

@@ -7,6 +7,7 @@ import (
ptypes "github.com/traefik/paerser/types"
traefiktls "github.com/traefik/traefik/v3/pkg/tls"
"github.com/traefik/traefik/v3/pkg/types"
"google.golang.org/grpc/codes"
)
const (
@@ -80,6 +81,7 @@ type RouterTLSConfig struct {
// Mirroring holds the Mirroring configuration.
type Mirroring struct {
Service string `json:"service,omitempty" toml:"service,omitempty" yaml:"service,omitempty" export:"true"`
MirrorBody *bool `json:"mirrorBody,omitempty" toml:"mirrorBody,omitempty" yaml:"mirrorBody,omitempty" export:"true"`
MaxBodySize *int64 `json:"maxBodySize,omitempty" toml:"maxBodySize,omitempty" yaml:"maxBodySize,omitempty" export:"true"`
Mirrors []MirrorService `json:"mirrors,omitempty" toml:"mirrors,omitempty" yaml:"mirrors,omitempty" export:"true"`
HealthCheck *HealthCheck `json:"healthCheck,omitempty" toml:"healthCheck,omitempty" yaml:"healthCheck,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"`
@@ -87,6 +89,8 @@ type Mirroring struct {
// SetDefaults Default values for a WRRService.
func (m *Mirroring) SetDefaults() {
defaultMirrorBody := true
m.MirrorBody = &defaultMirrorBody
var defaultMaxBodySize int64 = -1
m.MaxBodySize = &defaultMaxBodySize
}
@@ -132,6 +136,9 @@ type WRRService struct {
// Status defines an HTTP status code that should be returned when calling the service.
// This is required by the Gateway API implementation which expects specific HTTP status to be returned.
Status *int `json:"-" toml:"-" yaml:"-" label:"-" file:"-"`
// GRPCStatus defines a GRPC status code that should be returned when calling the service.
// This is required by the Gateway API implementation which expects specific GRPC status to be returned.
GRPCStatus *GRPCStatus `json:"-" toml:"-" yaml:"-" label:"-" file:"-"`
}
// SetDefaults Default values for a WRRService.
@@ -142,6 +149,13 @@ func (w *WRRService) SetDefaults() {
// +k8s:deepcopy-gen=true
type GRPCStatus struct {
Code codes.Code `json:"code,omitempty" toml:"code,omitempty" yaml:"code,omitempty" export:"true"`
Msg string `json:"msg,omitempty" toml:"msg,omitempty" yaml:"msg,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
// Sticky holds the sticky configuration.
type Sticky struct {
// Cookie defines the sticky cookie configuration.

57
pkg/config/dynamic/middleware_test.go Normal file
View File

@@ -0,0 +1,57 @@
package dynamic
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func Test_GetStrategy_ipv6Subnet(t *testing.T) {
testCases := []struct {
desc string
expectError bool
ipv6Subnet *int
}{
{
desc: "Nil subnet",
},
{
desc: "Zero subnet",
expectError: true,
ipv6Subnet: intPtr(0),
},
{
desc: "Subnet greater that 128",
expectError: true,
ipv6Subnet: intPtr(129),
},
{
desc: "Valid subnet",
ipv6Subnet: intPtr(128),
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
strategy := IPStrategy{
IPv6Subnet: test.ipv6Subnet,
}
get, err := strategy.Get()
if test.expectError {
require.Error(t, err)
assert.Nil(t, get)
} else {
require.NoError(t, err)
assert.NotNil(t, get)
}
})
}
}
func intPtr(value int) *int {
return &value
}

91
pkg/config/dynamic/middlewares.go
View File

@@ -1,6 +1,7 @@
package dynamic
import (
"fmt"
"net/http"
"time"
@@ -40,10 +41,11 @@ type Middleware struct {
Plugin map[string]PluginConf `json:"plugin,omitempty" toml:"plugin,omitempty" yaml:"plugin,omitempty" export:"true"`
// Gateway API HTTPRoute filters middlewares.
RequestHeaderModifier *RequestHeaderModifier `json:"requestHeaderModifier,omitempty" toml:"-" yaml:"-" label:"-" file:"-" kv:"-" export:"true"`
RequestRedirect *RequestRedirect `json:"requestRedirect,omitempty" toml:"-" yaml:"-" label:"-" file:"-" kv:"-" export:"true"`
URLRewrite *URLRewrite `json:"URLRewrite,omitempty" toml:"-" yaml:"-" label:"-" file:"-" kv:"-" export:"true"`
// Gateway API filter middlewares.
RequestHeaderModifier *HeaderModifier `json:"requestHeaderModifier,omitempty" toml:"-" yaml:"-" label:"-" file:"-" kv:"-" export:"true"`
ResponseHeaderModifier *HeaderModifier `json:"responseHeaderModifier,omitempty" toml:"-" yaml:"-" label:"-" file:"-" kv:"-" export:"true"`
RequestRedirect *RequestRedirect `json:"requestRedirect,omitempty" toml:"-" yaml:"-" label:"-" file:"-" kv:"-" export:"true"`
URLRewrite *URLRewrite `json:"URLRewrite,omitempty" toml:"-" yaml:"-" label:"-" file:"-" kv:"-" export:"true"`
}
// +k8s:deepcopy-gen=true
@@ -71,7 +73,7 @@ type ContentType struct {
// AddPrefix holds the add prefix middleware configuration.
// This middleware updates the path of a request before forwarding it.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/addprefix/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/
type AddPrefix struct {
// Prefix is the string to add before the current path in the requested URL.
// It should include a leading slash (/).
@@ -82,7 +84,7 @@ type AddPrefix struct {
// BasicAuth holds the basic auth middleware configuration.
// This middleware restricts access to your services to known users.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
type BasicAuth struct {
// Users is an array of authorized users.
// Each user must be declared using the name:hashed-password format.
@@ -97,7 +99,7 @@ type BasicAuth struct {
// Default: false.
RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"`
// HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
}
@@ -105,7 +107,7 @@ type BasicAuth struct {
// Buffering holds the buffering middleware configuration.
// This middleware retries or limits the size of requests that can be forwarded to backends.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#maxrequestbodybytes
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes
type Buffering struct {
// MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
// If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
@@ -123,7 +125,7 @@ type Buffering struct {
MemResponseBodyBytes int64 `json:"memResponseBodyBytes,omitempty" toml:"memResponseBodyBytes,omitempty" yaml:"memResponseBodyBytes,omitempty" export:"true"`
// RetryExpression defines the retry conditions.
// It is a logical combination of functions with operators AND (&&) and OR (||).
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/buffering/#retryexpression
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression
RetryExpression string `json:"retryExpression,omitempty" toml:"retryExpression,omitempty" yaml:"retryExpression,omitempty" export:"true"`
}
@@ -140,7 +142,7 @@ type Chain struct {
// CircuitBreaker holds the circuit breaker middleware configuration.
// This middleware protects the system from stacking requests to unhealthy services, resulting in cascading failures.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/circuitbreaker/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/circuitbreaker/
type CircuitBreaker struct {
// Expression defines the expression that, once matched, opens the circuit breaker and applies the fallback mechanism instead of calling the services.
Expression string `json:"expression,omitempty" toml:"expression,omitempty" yaml:"expression,omitempty" export:"true"`
@@ -165,8 +167,7 @@ func (c *CircuitBreaker) SetDefaults() {
// +k8s:deepcopy-gen=true
// Compress holds the compress middleware configuration.
// This middleware compresses responses before sending them to the client, using gzip compression.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/compress/
// This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
type Compress struct {
// ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
// `application/grpc` is always excluded.
@@ -176,15 +177,21 @@ type Compress struct {
// MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
// Default: 1024.
MinResponseBodyBytes int `json:"minResponseBodyBytes,omitempty" toml:"minResponseBodyBytes,omitempty" yaml:"minResponseBodyBytes,omitempty" export:"true"`
// Encodings defines the list of supported compression algorithms.
Encodings []string `json:"encodings,omitempty" toml:"encodings,omitempty" yaml:"encodings,omitempty" export:"true"`
// DefaultEncoding specifies the default encoding if the `Accept-Encoding` header is not in the request or contains a wildcard (`*`).
DefaultEncoding string `json:"defaultEncoding,omitempty" toml:"defaultEncoding,omitempty" yaml:"defaultEncoding,omitempty" export:"true"`
}
func (c *Compress) SetDefaults() {
c.Encodings = []string{"zstd", "br", "gzip"}
}
// +k8s:deepcopy-gen=true
// DigestAuth holds the digest auth middleware configuration.
// This middleware restricts access to your services to known users.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/digestauth/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
type DigestAuth struct {
// Users defines the authorized users.
// Each user should be declared using the name:realm:encoded-password format.
@@ -197,7 +204,7 @@ type DigestAuth struct {
// Default: traefik.
Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"`
// HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/basicauth/#headerfield
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
}
@@ -223,7 +230,7 @@ type ErrorPage struct {
// ForwardAuth holds the forward auth middleware configuration.
// This middleware delegates the request authentication to a Service.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
type ForwardAuth struct {
// Address defines the authentication server address.
Address string `json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"`
@@ -234,13 +241,16 @@ type ForwardAuth struct {
// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
AuthResponseHeaders []string `json:"authResponseHeaders,omitempty" toml:"authResponseHeaders,omitempty" yaml:"authResponseHeaders,omitempty" export:"true"`
// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/forwardauth/#authresponseheadersregex
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty" toml:"authResponseHeadersRegex,omitempty" yaml:"authResponseHeadersRegex,omitempty" export:"true"`
// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
// If not set or empty then all request headers are passed.
AuthRequestHeaders []string `json:"authRequestHeaders,omitempty" toml:"authRequestHeaders,omitempty" yaml:"authRequestHeaders,omitempty" export:"true"`
// AddAuthCookiesToResponse defines the list of cookies to copy from the authentication server response to the response.
AddAuthCookiesToResponse []string `json:"addAuthCookiesToResponse,omitempty" toml:"addAuthCookiesToResponse,omitempty" yaml:"addAuthCookiesToResponse,omitempty" export:"true"`
// HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#headerfield
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
@@ -261,7 +271,7 @@ type ClientTLS struct {
// Headers holds the headers middleware configuration.
// This middleware manages the requests and responses headers.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/headers/#customrequestheaders
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders
type Headers struct {
// CustomRequestHeaders defines the header names and values to apply to the request.
CustomRequestHeaders map[string]string `json:"customRequestHeaders,omitempty" toml:"customRequestHeaders,omitempty" yaml:"customRequestHeaders,omitempty" export:"true"`
@@ -390,12 +400,14 @@ func (h *Headers) HasSecureHeadersDefined() bool {
// +k8s:deepcopy-gen=true
// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/#ipstrategy
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
type IPStrategy struct {
// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
// ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.
ExcludedIPs []string `json:"excludedIPs,omitempty" toml:"excludedIPs,omitempty" yaml:"excludedIPs,omitempty"`
// IPv6Subnet configures Traefik to consider all IPv6 addresses from the defined subnet as originating from the same IP. Applies to RemoteAddrStrategy and DepthStrategy.
IPv6Subnet *int `json:"ipv6Subnet,omitempty" toml:"ipv6Subnet,omitempty" yaml:"ipv6Subnet,omitempty"`
// TODO(mpl): I think we should make RemoteAddr an explicit field. For one thing, it would yield better documentation.
}
@@ -409,8 +421,13 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
}
if s.Depth > 0 {
if s.IPv6Subnet != nil && (*s.IPv6Subnet <= 0 || *s.IPv6Subnet > 128) {
return nil, fmt.Errorf("invalid IPv6 subnet %d value, should be greater to 0 and lower or equal to 128", *s.IPv6Subnet)
}
return &ip.DepthStrategy{
Depth: s.Depth,
Depth: s.Depth,
IPv6Subnet: s.IPv6Subnet,
}, nil
}
@@ -424,14 +441,20 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
}, nil
}
return &ip.RemoteAddrStrategy{}, nil
if s.IPv6Subnet != nil && (*s.IPv6Subnet <= 0 || *s.IPv6Subnet > 128) {
return nil, fmt.Errorf("invalid IPv6 subnet %d value, should be greater to 0 and lower or equal to 128", *s.IPv6Subnet)
}
return &ip.RemoteAddrStrategy{
IPv6Subnet: s.IPv6Subnet,
}, nil
}
// +k8s:deepcopy-gen=true
// IPWhiteList holds the IP whitelist middleware configuration.
// This middleware limits allowed requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipwhitelist/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipwhitelist/
// Deprecated: please use IPAllowList instead.
type IPWhiteList struct {
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). Required.
@@ -443,7 +466,7 @@ type IPWhiteList struct {
// IPAllowList holds the IP allowlist middleware configuration.
// This middleware limits allowed requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/ipallowlist/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/
type IPAllowList struct {
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
@@ -457,7 +480,7 @@ type IPAllowList struct {
// InFlightReq holds the in-flight request middleware configuration.
// This middleware limits the number of requests being processed and served concurrently.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/
type InFlightReq struct {
// Amount defines the maximum amount of allowed simultaneous in-flight request.
// The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
@@ -465,7 +488,7 @@ type InFlightReq struct {
// SourceCriterion defines what criterion is used to group requests as originating from a common source.
// If several strategies are defined at the same time, an error will be raised.
// If none are set, the default is to use the requestHost.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/inflightreq/#sourcecriterion
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion
SourceCriterion *SourceCriterion `json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true"`
}
@@ -473,7 +496,7 @@ type InFlightReq struct {
// PassTLSClientCert holds the pass TLS client cert middleware configuration.
// This middleware adds the selected data from the passed client TLS certificate to a header.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/passtlsclientcert/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/
type PassTLSClientCert struct {
// PEM sets the X-Forwarded-Tls-Client-Cert header with the certificate.
PEM bool `json:"pem,omitempty" toml:"pem,omitempty" yaml:"pem,omitempty" export:"true"`
@@ -529,7 +552,7 @@ func (r *RateLimit) SetDefaults() {
// RedirectRegex holds the redirect regex middleware configuration.
// This middleware redirects a request using regex matching and replacement.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectregex/#regex
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex
type RedirectRegex struct {
// Regex defines the regex used to match and capture elements from the request URL.
Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty"`
@@ -543,7 +566,7 @@ type RedirectRegex struct {
// RedirectScheme holds the redirect scheme middleware configuration.
// This middleware redirects requests from a scheme/port to another.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/redirectscheme/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/
type RedirectScheme struct {
// Scheme defines the scheme of the new URL.
Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
@@ -557,7 +580,7 @@ type RedirectScheme struct {
// ReplacePath holds the replace path middleware configuration.
// This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepath/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/
type ReplacePath struct {
// Path defines the path to use as replacement in the request URL.
Path string `json:"path,omitempty" toml:"path,omitempty" yaml:"path,omitempty" export:"true"`
@@ -567,7 +590,7 @@ type ReplacePath struct {
// ReplacePathRegex holds the replace path regex middleware configuration.
// This middleware replaces the path of a URL using regex matching and replacement.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/replacepathregex/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/
type ReplacePathRegex struct {
// Regex defines the regular expression used to match and capture the path from the request URL.
Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
@@ -580,7 +603,7 @@ type ReplacePathRegex struct {
// Retry holds the retry middleware configuration.
// This middleware reissues requests a given number of times to a backend server if that server does not reply.
// As soon as the server answers, the middleware stops retrying, regardless of the response status.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/retry/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
type Retry struct {
// Attempts defines how many times the request should be retried.
Attempts int `json:"attempts,omitempty" toml:"attempts,omitempty" yaml:"attempts,omitempty" export:"true"`
@@ -596,7 +619,7 @@ type Retry struct {
// StripPrefix holds the strip prefix middleware configuration.
// This middleware removes the specified prefixes from the URL path.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefix/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/
type StripPrefix struct {
// Prefixes defines the prefixes to strip from the request URL.
Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"`
@@ -611,7 +634,7 @@ type StripPrefix struct {
// StripPrefixRegex holds the strip prefix regex middleware configuration.
// This middleware removes the matching prefixes from the URL path.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/http/stripprefixregex/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/
type StripPrefixRegex struct {
// Regex defines the regular expression to match the path prefix from the request URL.
Regex []string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
@@ -686,8 +709,8 @@ type Users []string
// +k8s:deepcopy-gen=true
// RequestHeaderModifier holds the request header modifier configuration.
type RequestHeaderModifier struct {
// HeaderModifier holds the request/response header modifier configuration.
type HeaderModifier struct {
Set map[string]string `json:"set,omitempty"`
Add map[string]string `json:"add,omitempty"`
Remove []string `json:"remove,omitempty"`

2
pkg/config/dynamic/tcp_config.go
View File

@@ -125,7 +125,7 @@ type TCPServer struct {
// +k8s:deepcopy-gen=true
// ProxyProtocol holds the PROXY Protocol configuration.
// More info: https://doc.traefik.io/traefik/v3.1/routing/services/#proxy-protocol
// More info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol
type ProxyProtocol struct {
// Version defines the PROXY Protocol version to use.
Version int `json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"`

4
pkg/config/dynamic/tcp_middlewares.go
View File

@@ -15,7 +15,7 @@ type TCPMiddleware struct {
// TCPInFlightConn holds the TCP InFlightConn middleware configuration.
// This middleware prevents services from being overwhelmed with high load,
// by limiting the number of allowed simultaneous connections for one IP.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/inflightconn/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/inflightconn/
type TCPInFlightConn struct {
// Amount defines the maximum amount of allowed simultaneous connections.
// The middleware closes the connection if there are already amount connections opened.
@@ -35,7 +35,7 @@ type TCPIPWhiteList struct {
// TCPIPAllowList holds the TCP IPAllowList middleware configuration.
// This middleware limits allowed requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v3.1/middlewares/tcp/ipallowlist/
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/
type TCPIPAllowList struct {
// SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`

113
pkg/config/dynamic/zz_generated.deepcopy.go
View File

@@ -158,6 +158,11 @@ func (in *Compress) DeepCopyInto(out *Compress) {
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Encodings != nil {
in, out := &in.Encodings, &out.Encodings
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
@@ -389,6 +394,22 @@ func (in *ForwardingTimeouts) DeepCopy() *ForwardingTimeouts {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GRPCStatus) DeepCopyInto(out *GRPCStatus) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCStatus.
func (in *GRPCStatus) DeepCopy() *GRPCStatus {
if in == nil {
return nil
}
out := new(GRPCStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GrpcWeb) DeepCopyInto(out *GrpcWeb) {
*out = *in
@@ -501,6 +522,41 @@ func (in *HTTPConfiguration) DeepCopy() *HTTPConfiguration {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *HeaderModifier) DeepCopyInto(out *HeaderModifier) {
*out = *in
if in.Set != nil {
in, out := &in.Set, &out.Set
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.Add != nil {
in, out := &in.Add, &out.Add
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.Remove != nil {
in, out := &in.Remove, &out.Remove
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderModifier.
func (in *HeaderModifier) DeepCopy() *HeaderModifier {
if in == nil {
return nil
}
out := new(HeaderModifier)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Headers) DeepCopyInto(out *Headers) {
*out = *in
@@ -648,6 +704,11 @@ func (in *IPStrategy) DeepCopyInto(out *IPStrategy) {
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.IPv6Subnet != nil {
in, out := &in.IPv6Subnet, &out.IPv6Subnet
*out = new(int)
**out = **in
}
return
}
@@ -861,7 +922,12 @@ func (in *Middleware) DeepCopyInto(out *Middleware) {
}
if in.RequestHeaderModifier != nil {
in, out := &in.RequestHeaderModifier, &out.RequestHeaderModifier
*out = new(RequestHeaderModifier)
*out = new(HeaderModifier)
(*in).DeepCopyInto(*out)
}
if in.ResponseHeaderModifier != nil {
in, out := &in.ResponseHeaderModifier, &out.ResponseHeaderModifier
*out = new(HeaderModifier)
(*in).DeepCopyInto(*out)
}
if in.RequestRedirect != nil {
@@ -906,6 +972,11 @@ func (in *MirrorService) DeepCopy() *MirrorService {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Mirroring) DeepCopyInto(out *Mirroring) {
*out = *in
if in.MirrorBody != nil {
in, out := &in.MirrorBody, &out.MirrorBody
*out = new(bool)
**out = **in
}
if in.MaxBodySize != nil {
in, out := &in.MaxBodySize, &out.MaxBodySize
*out = new(int64)
@@ -1082,41 +1153,6 @@ func (in *ReplacePathRegex) DeepCopy() *ReplacePathRegex {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *RequestHeaderModifier) DeepCopyInto(out *RequestHeaderModifier) {
*out = *in
if in.Set != nil {
in, out := &in.Set, &out.Set
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.Add != nil {
in, out := &in.Add, &out.Add
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
if in.Remove != nil {
in, out := &in.Remove, &out.Remove
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestHeaderModifier.
func (in *RequestHeaderModifier) DeepCopy() *RequestHeaderModifier {
if in == nil {
return nil
}
out := new(RequestHeaderModifier)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *RequestRedirect) DeepCopyInto(out *RequestRedirect) {
*out = *in
@@ -2274,6 +2310,11 @@ func (in *WRRService) DeepCopyInto(out *WRRService) {
*out = new(int)
**out = **in
}
if in.GRPCStatus != nil {
in, out := &in.GRPCStatus, &out.GRPCStatus
*out = new(GRPCStatus)
**out = **in
}
return
}

26
pkg/config/label/label_test.go
View File

@@ -90,10 +90,12 @@ func TestDecodeConfiguration(t *testing.T) {
"traefik.http.middlewares.Middleware8.headers.stsseconds": "42",
"traefik.http.middlewares.Middleware9.ipallowlist.ipstrategy.depth": "42",
"traefik.http.middlewares.Middleware9.ipallowlist.ipstrategy.excludedips": "foobar, fiibar",
"traefik.http.middlewares.Middleware9.ipallowlist.ipstrategy.ipv6subnet": "42",
"traefik.http.middlewares.Middleware9.ipallowlist.sourcerange": "foobar, fiibar",
"traefik.http.middlewares.Middleware10.inflightreq.amount": "42",
"traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.depth": "42",
"traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, fiibar",
"traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.ipstrategy.ipv6subnet": "42",
"traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.requestheadername": "foobar",
"traefik.http.middlewares.Middleware10.inflightreq.sourcecriterion.requesthost": "true",
"traefik.http.middlewares.Middleware11.passtlsclientcert.info.notafter": "true",
@@ -123,6 +125,7 @@ func TestDecodeConfiguration(t *testing.T) {
"traefik.http.middlewares.Middleware12.ratelimit.sourcecriterion.requesthost": "true",
"traefik.http.middlewares.Middleware12.ratelimit.sourcecriterion.ipstrategy.depth": "42",
"traefik.http.middlewares.Middleware12.ratelimit.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
"traefik.http.middlewares.Middleware12.ratelimit.sourcecriterion.ipstrategy.ipv6subnet": "42",
"traefik.http.middlewares.Middleware13.redirectregex.permanent": "true",
"traefik.http.middlewares.Middleware13.redirectregex.regex": "foobar",
"traefik.http.middlewares.Middleware13.redirectregex.replacement": "foobar",
@@ -137,6 +140,7 @@ func TestDecodeConfiguration(t *testing.T) {
"traefik.http.middlewares.Middleware17.stripprefix.prefixes": "foobar, fiibar",
"traefik.http.middlewares.Middleware17.stripprefix.forceslash": "true",
"traefik.http.middlewares.Middleware18.stripprefixregex.regex": "foobar, fiibar",
"traefik.http.middlewares.Middleware19.compress.encodings": "foobar, fiibar",
"traefik.http.middlewares.Middleware19.compress.minresponsebodybytes": "42",
"traefik.http.middlewares.Middleware20.plugin.tomato.aaa": "foo1",
"traefik.http.middlewares.Middleware20.plugin.tomato.bbb": "foo2",
@@ -391,6 +395,7 @@ func TestDecodeConfiguration(t *testing.T) {
IPStrategy: &dynamic.IPStrategy{
Depth: 42,
ExcludedIPs: []string{"foobar", "fiibar"},
IPv6Subnet: intPtr(42),
},
RequestHeaderName: "foobar",
RequestHost: true,
@@ -436,6 +441,7 @@ func TestDecodeConfiguration(t *testing.T) {
IPStrategy: &dynamic.IPStrategy{
Depth: 42,
ExcludedIPs: []string{"foobar", "foobar"},
IPv6Subnet: intPtr(42),
},
RequestHeaderName: "foobar",
RequestHost: true,
@@ -493,6 +499,10 @@ func TestDecodeConfiguration(t *testing.T) {
"Middleware19": {
Compress: &dynamic.Compress{
MinResponseBodyBytes: 42,
Encodings: []string{
"foobar",
"fiibar",
},
},
},
"Middleware2": {
@@ -643,6 +653,7 @@ func TestDecodeConfiguration(t *testing.T) {
"foobar",
"fiibar",
},
IPv6Subnet: intPtr(42),
},
},
},
@@ -908,6 +919,7 @@ func TestEncodeConfiguration(t *testing.T) {
IPStrategy: &dynamic.IPStrategy{
Depth: 42,
ExcludedIPs: []string{"foobar", "fiibar"},
IPv6Subnet: intPtr(42),
},
RequestHeaderName: "foobar",
RequestHost: true,
@@ -952,6 +964,7 @@ func TestEncodeConfiguration(t *testing.T) {
IPStrategy: &dynamic.IPStrategy{
Depth: 42,
ExcludedIPs: []string{"foobar", "foobar"},
IPv6Subnet: intPtr(42),
},
RequestHeaderName: "foobar",
RequestHost: true,
@@ -1009,6 +1022,10 @@ func TestEncodeConfiguration(t *testing.T) {
"Middleware19": {
Compress: &dynamic.Compress{
MinResponseBodyBytes: 42,
Encodings: []string{
"foobar",
"fiibar",
},
},
},
"Middleware2": {
@@ -1167,6 +1184,7 @@ func TestEncodeConfiguration(t *testing.T) {
"foobar",
"fiibar",
},
IPv6Subnet: intPtr(42),
},
},
},
@@ -1329,11 +1347,13 @@ func TestEncodeConfiguration(t *testing.T) {
"traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds": "42",
"traefik.HTTP.Middlewares.Middleware9.IPAllowList.IPStrategy.Depth": "42",
"traefik.HTTP.Middlewares.Middleware9.IPAllowList.IPStrategy.ExcludedIPs": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware9.IPAllowList.IPStrategy.IPv6Subnet": "42",
"traefik.HTTP.Middlewares.Middleware9.IPAllowList.RejectStatusCode": "0",
"traefik.HTTP.Middlewares.Middleware9.IPAllowList.SourceRange": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware10.InFlightReq.Amount": "42",
"traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.Depth": "42",
"traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.ExcludedIPs": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.IPStrategy.IPv6Subnet": "42",
"traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.RequestHeaderName": "foobar",
"traefik.HTTP.Middlewares.Middleware10.InFlightReq.SourceCriterion.RequestHost": "true",
"traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.NotAfter": "true",
@@ -1363,6 +1383,7 @@ func TestEncodeConfiguration(t *testing.T) {
"traefik.HTTP.Middlewares.Middleware12.RateLimit.SourceCriterion.RequestHost": "true",
"traefik.HTTP.Middlewares.Middleware12.RateLimit.SourceCriterion.IPStrategy.Depth": "42",
"traefik.HTTP.Middlewares.Middleware12.RateLimit.SourceCriterion.IPStrategy.ExcludedIPs": "foobar, foobar",
"traefik.HTTP.Middlewares.Middleware12.RateLimit.SourceCriterion.IPStrategy.IPv6Subnet": "42",
"traefik.HTTP.Middlewares.Middleware13.RedirectRegex.Regex": "foobar",
"traefik.HTTP.Middlewares.Middleware13.RedirectRegex.Replacement": "foobar",
"traefik.HTTP.Middlewares.Middleware13.RedirectRegex.Permanent": "true",
@@ -1377,6 +1398,7 @@ func TestEncodeConfiguration(t *testing.T) {
"traefik.HTTP.Middlewares.Middleware17.StripPrefix.Prefixes": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware17.StripPrefix.ForceSlash": "true",
"traefik.HTTP.Middlewares.Middleware18.StripPrefixRegex.Regex": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware19.Compress.Encodings": "foobar, fiibar",
"traefik.HTTP.Middlewares.Middleware19.Compress.MinResponseBodyBytes": "42",
"traefik.HTTP.Middlewares.Middleware20.Plugin.tomato.aaa": "foo1",
"traefik.HTTP.Middlewares.Middleware20.Plugin.tomato.bbb": "foo2",
@@ -1476,3 +1498,7 @@ func TestEncodeConfiguration(t *testing.T) {
}
assert.Equal(t, expected, labels)
}
func intPtr(value int) *int {
return &value
}

9
pkg/config/static/entrypoints.go
View File

@@ -3,6 +3,7 @@ package static
import (
"fmt"
"math"
"net/http"
"strings"
ptypes "github.com/traefik/paerser/types"
@@ -54,6 +55,8 @@ func (ep *EntryPoint) SetDefaults() {
ep.ForwardedHeaders = &ForwardedHeaders{}
ep.UDP = &UDPConfig{}
ep.UDP.SetDefaults()
ep.HTTP = HTTPConfig{}
ep.HTTP.SetDefaults()
ep.HTTP2 = &HTTP2Config{}
ep.HTTP2.SetDefaults()
}
@@ -64,6 +67,12 @@ type HTTPConfig struct {
Middlewares []string `description:"Default middlewares for the routers linked to the entry point." json:"middlewares,omitempty" toml:"middlewares,omitempty" yaml:"middlewares,omitempty" export:"true"`
TLS *TLSConfig `description:"Default TLS configuration for the routers linked to the entry point." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
EncodeQuerySemicolons bool `description:"Defines whether request query semicolons should be URLEncoded." json:"encodeQuerySemicolons,omitempty" toml:"encodeQuerySemicolons,omitempty" yaml:"encodeQuerySemicolons,omitempty"`
MaxHeaderBytes int `description:"Maximum size of request headers in bytes." json:"maxHeaderBytes,omitempty" toml:"maxHeaderBytes,omitempty" yaml:"maxHeaderBytes,omitempty" export:"true"`
}
// SetDefaults sets the default values.
func (c *HTTPConfig) SetDefaults() {
c.MaxHeaderBytes = http.DefaultMaxHeaderBytes
}
// HTTP2Config is the HTTP2 configuration of an entry point.

7
pkg/config/static/experimental.go
View File

@@ -7,6 +7,13 @@ type Experimental struct {
Plugins map[string]plugins.Descriptor `description:"Plugins configuration." json:"plugins,omitempty" toml:"plugins,omitempty" yaml:"plugins,omitempty" export:"true"`
LocalPlugins map[string]plugins.LocalDescriptor `description:"Local plugins configuration." json:"localPlugins,omitempty" toml:"localPlugins,omitempty" yaml:"localPlugins,omitempty" export:"true"`
FastProxy *FastProxyConfig `description:"Enable the FastProxy implementation." json:"fastProxy,omitempty" toml:"fastProxy,omitempty" yaml:"fastProxy,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
// Deprecated: KubernetesGateway provider is not an experimental feature starting with v3.1. Please remove its usage from the static configuration.
KubernetesGateway bool `description:"(Deprecated) Allow the Kubernetes gateway api provider usage." json:"kubernetesGateway,omitempty" toml:"kubernetesGateway,omitempty" yaml:"kubernetesGateway,omitempty" export:"true"`
}
// FastProxyConfig holds the FastProxy configuration.
type FastProxyConfig struct {
Debug bool `description:"Enable debug mode for the FastProxy implementation." json:"debug,omitempty" toml:"debug,omitempty" yaml:"debug,omitempty" export:"true"`
}

6
pkg/config/static/static_config.go
View File

@@ -317,7 +317,6 @@ func (c *Configuration) initACMEProvider() {
// ValidateConfiguration validate that configuration is coherent.
func (c *Configuration) ValidateConfiguration() error {
var acmeEmail string
for name, resolver := range c.CertificatesResolvers {
if resolver.ACME != nil && resolver.Tailscale != nil {
return fmt.Errorf("unable to initialize certificates resolver %q, as ACME and Tailscale providers are mutually exclusive", name)
@@ -330,11 +329,6 @@ func (c *Configuration) ValidateConfiguration() error {
if len(resolver.ACME.Storage) == 0 {
return fmt.Errorf("unable to initialize certificates resolver %q with no storage location for the certificates", name)
}
if acmeEmail != "" && resolver.ACME.Email != acmeEmail {
return fmt.Errorf("unable to initialize certificates resolver %q, as all ACME resolvers must use the same email", name)
}
acmeEmail = resolver.ACME.Email
}
if c.Core != nil {

44
pkg/ip/strategy.go
View File

@@ -3,6 +3,7 @@ package ip
import (
"net"
"net/http"
"net/netip"
"strings"
)
@@ -16,7 +17,10 @@ type Strategy interface {
}
// RemoteAddrStrategy a strategy that always return the remote address.
type RemoteAddrStrategy struct{}
type RemoteAddrStrategy struct {
// IPv6Subnet instructs the strategy to return the first IP of the subnet where IP belongs.
IPv6Subnet *int
}
// GetIP returns the selected IP.
func (s *RemoteAddrStrategy) GetIP(req *http.Request) string {
@@ -24,15 +28,22 @@ func (s *RemoteAddrStrategy) GetIP(req *http.Request) string {
if err != nil {
return req.RemoteAddr
}
if s.IPv6Subnet != nil {
return getIPv6SubnetIP(ip, *s.IPv6Subnet)
}
return ip
}
// DepthStrategy a strategy based on the depth inside the X-Forwarded-For from right to left.
type DepthStrategy struct {
Depth int
// IPv6Subnet instructs the strategy to return the first IP of the subnet where IP belongs.
IPv6Subnet *int
}
// GetIP return the selected IP.
// GetIP returns the selected IP.
func (s *DepthStrategy) GetIP(req *http.Request) string {
xff := req.Header.Get(xForwardedFor)
xffs := strings.Split(xff, ",")
@@ -40,7 +51,14 @@ func (s *DepthStrategy) GetIP(req *http.Request) string {
if len(xffs) < s.Depth {
return ""
}
return strings.TrimSpace(xffs[len(xffs)-s.Depth])
ip := strings.TrimSpace(xffs[len(xffs)-s.Depth])
if s.IPv6Subnet != nil {
return getIPv6SubnetIP(ip, *s.IPv6Subnet)
}
return ip
}
// PoolStrategy is a strategy based on an IP Checker.
@@ -72,3 +90,23 @@ func (s *PoolStrategy) GetIP(req *http.Request) string {
return ""
}
// getIPv6SubnetIP returns the IPv6 subnet IP.
// It returns the original IP when it is not an IPv6, or if parsing the IP has failed with an error.
func getIPv6SubnetIP(ip string, ipv6Subnet int) string {
addr, err := netip.ParseAddr(ip)
if err != nil {
return ip
}
if !addr.Is6() {
return ip
}
prefix, err := addr.Prefix(ipv6Subnet)
if err != nil {
return ip
}
return prefix.Addr().String()
}

90
pkg/ip/strategy_test.go
View File

@@ -9,23 +9,81 @@ import (
"github.com/stretchr/testify/require"
)
const (
ipv6Basic = "::abcd:ffff:c0a8:1"
ipv6BracketsPort = "[::abcd:ffff:c0a8:1]:80"
ipv6BracketsZonePort = "[::abcd:ffff:c0a8:1%1]:80"
)
func TestRemoteAddrStrategy_GetIP(t *testing.T) {
testCases := []struct {
desc string
expected string
desc string
expected string
remoteAddr string
ipv6Subnet *int
}{
// Valid IP format
{
desc: "Use RemoteAddr",
desc: "Use RemoteAddr, ipv4",
expected: "192.0.2.1",
},
{
desc: "Use RemoteAddr, ipv6 brackets with port, no IPv6 subnet",
remoteAddr: ipv6BracketsPort,
expected: "::abcd:ffff:c0a8:1",
},
{
desc: "Use RemoteAddr, ipv6 brackets with zone and port, no IPv6 subnet",
remoteAddr: ipv6BracketsZonePort,
expected: "::abcd:ffff:c0a8:1%1",
},
// Invalid IPv6 format
{
desc: "Use RemoteAddr, ipv6 basic, missing brackets, no IPv6 subnet",
remoteAddr: ipv6Basic,
expected: ipv6Basic,
},
// Valid IP format with subnet
{
desc: "Use RemoteAddr, ipv4, ignore subnet",
expected: "192.0.2.1",
ipv6Subnet: intPtr(24),
},
{
desc: "Use RemoteAddr, ipv6 brackets with port, subnet",
remoteAddr: ipv6BracketsPort,
expected: "::abcd:0:0:0",
ipv6Subnet: intPtr(80),
},
{
desc: "Use RemoteAddr, ipv6 brackets with zone and port, subnet",
remoteAddr: ipv6BracketsZonePort,
expected: "::abcd:0:0:0",
ipv6Subnet: intPtr(80),
},
// Valid IP, invalid subnet
{
desc: "Use RemoteAddr, ipv6 brackets with port, invalid subnet",
remoteAddr: ipv6BracketsPort,
expected: "::abcd:ffff:c0a8:1",
ipv6Subnet: intPtr(500),
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
strategy := RemoteAddrStrategy{}
strategy := RemoteAddrStrategy{
IPv6Subnet: test.ipv6Subnet,
}
req := httptest.NewRequest(http.MethodGet, "http://127.0.0.1", nil)
if test.remoteAddr != "" {
req.RemoteAddr = test.remoteAddr
}
actual := strategy.GetIP(req)
assert.Equal(t, test.expected, actual)
})
@@ -38,6 +96,7 @@ func TestDepthStrategy_GetIP(t *testing.T) {
depth int
xForwardedFor string
expected string
ipv6Subnet *int
}{
{
desc: "Use depth",
@@ -57,13 +116,30 @@ func TestDepthStrategy_GetIP(t *testing.T) {
xForwardedFor: "10.0.0.2,10.0.0.1",
expected: "10.0.0.2",
},
{
desc: "Use depth with IPv4 subnet",
depth: 2,
xForwardedFor: "10.0.0.3,10.0.0.2,10.0.0.1",
expected: "10.0.0.2",
ipv6Subnet: intPtr(80),
},
{
desc: "Use depth with IPv6 subnet",
depth: 2,
xForwardedFor: "10.0.0.3," + ipv6Basic + ",10.0.0.1",
expected: "::abcd:0:0:0",
ipv6Subnet: intPtr(80),
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
strategy := DepthStrategy{Depth: test.depth}
strategy := DepthStrategy{
Depth: test.depth,
IPv6Subnet: test.ipv6Subnet,
}
req := httptest.NewRequest(http.MethodGet, "http://127.0.0.1", nil)
req.Header.Set(xForwardedFor, test.xForwardedFor)
actual := strategy.GetIP(req)
@@ -121,3 +197,7 @@ func TestTrustedIPsStrategy_GetIP(t *testing.T) {
})
}
}
func intPtr(value int) *int {
return &value
}

2
pkg/metrics/opentelemetry.go
View File

@@ -207,7 +207,7 @@ func newOpenTelemetryMeterProvider(ctx context.Context, config *types.OTLP) (*sd
}
res, err := resource.New(ctx,
resource.WithAttributes(semconv.ServiceNameKey.String("traefik")),
resource.WithAttributes(semconv.ServiceNameKey.String(config.ServiceName)),
resource.WithAttributes(semconv.ServiceVersionKey.String(version.Version)),
resource.WithFromEnv(),
resource.WithTelemetrySDK(),

307
pkg/metrics/opentelemetry_test.go
View File

@@ -282,151 +282,174 @@ func TestOpenTelemetry_GaugeCollectorSet(t *testing.T) {
}
func TestOpenTelemetry(t *testing.T) {
c := make(chan *string, 5)
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
gzr, err := gzip.NewReader(r.Body)
require.NoError(t, err)
body, err := io.ReadAll(gzr)
require.NoError(t, err)
req := pmetricotlp.NewExportRequest()
err = req.UnmarshalProto(body)
require.NoError(t, err)
marshalledReq, err := json.Marshal(req)
require.NoError(t, err)
bodyStr := string(marshalledReq)
c <- &bodyStr
w.WriteHeader(http.StatusOK)
}))
t.Cleanup(func() {
StopOpenTelemetry()
ts.Close()
})
var cfg types.OTLP
(&cfg).SetDefaults()
cfg.AddRoutersLabels = true
cfg.HTTP = &types.OtelHTTP{
Endpoint: ts.URL,
}
cfg.PushInterval = ptypes.Duration(10 * time.Millisecond)
registry := RegisterOpenTelemetry(context.Background(), &cfg)
require.NotNil(t, registry)
if !registry.IsEpEnabled() || !registry.IsRouterEnabled() || !registry.IsSvcEnabled() {
t.Fatalf("registry should return true for IsEnabled(), IsRouterEnabled() and IsSvcEnabled()")
tests := []struct {
desc string
serviceName string
}{
{
desc: "default",
},
{
desc: "custom-service-name",
serviceName: "custom-service-name",
},
}
expected := []string{
`({"key":"service.name","value":{"stringValue":"traefik"}})`,
`({"key":"service.version","value":{"stringValue":"` + version.Version + `"}})`,
for _, test := range tests {
t.Run(test.desc, func(t *testing.T) {
c := make(chan *string, 5)
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
gzr, err := gzip.NewReader(r.Body)
require.NoError(t, err)
body, err := io.ReadAll(gzr)
require.NoError(t, err)
req := pmetricotlp.NewExportRequest()
err = req.UnmarshalProto(body)
require.NoError(t, err)
marshalledReq, err := json.Marshal(req)
require.NoError(t, err)
bodyStr := string(marshalledReq)
c <- &bodyStr
w.WriteHeader(http.StatusOK)
}))
t.Cleanup(func() {
StopOpenTelemetry()
ts.Close()
})
var cfg types.OTLP
(&cfg).SetDefaults()
cfg.AddRoutersLabels = true
cfg.HTTP = &types.OtelHTTP{
Endpoint: ts.URL,
}
cfg.PushInterval = ptypes.Duration(10 * time.Millisecond)
wantServiceName := "traefik"
if test.serviceName != "" {
cfg.ServiceName = test.serviceName
wantServiceName = test.serviceName
}
registry := RegisterOpenTelemetry(context.Background(), &cfg)
require.NotNil(t, registry)
if !registry.IsEpEnabled() || !registry.IsRouterEnabled() || !registry.IsSvcEnabled() {
t.Fatalf("registry should return true for IsEnabled(), IsRouterEnabled() and IsSvcEnabled()")
}
expected := []string{
`({"key":"service.name","value":{"stringValue":"` + wantServiceName + `"}})`,
`({"key":"service.version","value":{"stringValue":"` + version.Version + `"}})`,
}
tryAssertMessage(t, c, expected)
// TODO: the len of startUnixNano is no supposed to be 20, it should be 19
expectedConfig := []string{
`({"name":"traefik_config_reloads_total","description":"Config reloads","unit":"1","sum":{"dataPoints":\[{"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_config_last_reload_success","description":"Last config reload success","unit":"ms","gauge":{"dataPoints":\[{"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\]}})`,
`({"name":"traefik_open_connections","description":"How many open connections exist, by entryPoint and protocol","unit":"1","gauge":{"dataPoints":\[{"attributes":\[{"key":"entrypoint","value":{"stringValue":"test"}},{"key":"protocol","value":{"stringValue":"TCP"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\]}})`,
}
registry.ConfigReloadsCounter().Add(1)
registry.LastConfigReloadSuccessGauge().Set(1)
registry.OpenConnectionsGauge().With("entrypoint", "test", "protocol", "TCP").Set(1)
tryAssertMessage(t, c, expectedConfig)
expectedTLSCerts := []string{
`({"name":"traefik_tls_certs_not_after","description":"Certificate expiration timestamp","unit":"ms","gauge":{"dataPoints":\[{"attributes":\[{"key":"key","value":{"stringValue":"value"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\]}})`,
}
registry.TLSCertsNotAfterTimestampGauge().With("key", "value").Set(1)
tryAssertMessage(t, c, expectedTLSCerts)
expectedEntryPoints := []string{
`({"name":"traefik_entrypoint_requests_total","description":"How many HTTP requests processed on an entrypoint, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"200"}},{"key":"entrypoint","value":{"stringValue":"test1"}},{"key":"method","value":{"stringValue":"GET"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_entrypoint_requests_tls_total","description":"How many HTTP requests with TLS processed on an entrypoint, partitioned by TLS Version and TLS cipher Used.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"entrypoint","value":{"stringValue":"test2"}},{"key":"tls_cipher","value":{"stringValue":"bar"}},{"key":"tls_version","value":{"stringValue":"foo"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_entrypoint_request_duration_seconds","description":"How long it took to process the request on an entrypoint, partitioned by status code, protocol, and method.","unit":"ms","histogram":{"dataPoints":\[{"attributes":\[{"key":"entrypoint","value":{"stringValue":"test3"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","count":"1","sum":10000,"bucketCounts":\["0","0","0","0","0","0","0","0","0","0","0","0","0","0","1"\],"explicitBounds":\[0.005,0.01,0.025,0.05,0.075,0.1,0.25,0.5,0.75,1,2.5,5,7.5,10\],"min":10000,"max":10000}\],"aggregationTemporality":2}})`,
`({"name":"traefik_entrypoint_requests_bytes_total","description":"The total size of requests in bytes handled by an entrypoint, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"200"}},{"key":"entrypoint","value":{"stringValue":"test1"}},{"key":"method","value":{"stringValue":"GET"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_entrypoint_responses_bytes_total","description":"The total size of responses in bytes handled by an entrypoint, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"200"}},{"key":"entrypoint","value":{"stringValue":"test1"}},{"key":"method","value":{"stringValue":"GET"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
}
registry.EntryPointReqsCounter().With(nil, "entrypoint", "test1", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet).Add(1)
registry.EntryPointReqsTLSCounter().With("entrypoint", "test2", "tls_version", "foo", "tls_cipher", "bar").Add(1)
registry.EntryPointReqDurationHistogram().With("entrypoint", "test3").Observe(10000)
registry.EntryPointReqsBytesCounter().With("entrypoint", "test1", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet).Add(1)
registry.EntryPointRespsBytesCounter().With("entrypoint", "test1", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet).Add(1)
tryAssertMessage(t, c, expectedEntryPoints)
expectedRouters := []string{
`({"name":"traefik_router_requests_total","description":"How many HTTP requests are processed on a router, partitioned by service, status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"(?:200|404)"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"router","value":{"stringValue":"RouterReqsCounter"}},{"key":"service","value":{"stringValue":"test"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1},{"attributes":\[{"key":"code","value":{"stringValue":"(?:200|404)"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"router","value":{"stringValue":"RouterReqsCounter"}},{"key":"service","value":{"stringValue":"test"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_router_requests_tls_total","description":"How many HTTP requests with TLS are processed on a router, partitioned by service, TLS Version, and TLS cipher Used.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"router","value":{"stringValue":"demo"}},{"key":"service","value":{"stringValue":"test"}},{"key":"tls_cipher","value":{"stringValue":"bar"}},{"key":"tls_version","value":{"stringValue":"foo"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_router_request_duration_seconds","description":"How long it took to process the request on a router, partitioned by service, status code, protocol, and method.","unit":"ms","histogram":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"200"}},{"key":"router","value":{"stringValue":"demo"}},{"key":"service","value":{"stringValue":"test"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","count":"1","sum":10000,"bucketCounts":\["0","0","0","0","0","0","0","0","0","0","0","0","0","0","1"\],"explicitBounds":\[0.005,0.01,0.025,0.05,0.075,0.1,0.25,0.5,0.75,1,2.5,5,7.5,10\],"min":10000,"max":10000}\],"aggregationTemporality":2}})`,
`({"name":"traefik_router_requests_bytes_total","description":"The total size of requests in bytes handled by a router, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"404"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"router","value":{"stringValue":"RouterReqsCounter"}},{"key":"service","value":{"stringValue":"test"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_router_responses_bytes_total","description":"The total size of responses in bytes handled by a router, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"404"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"router","value":{"stringValue":"RouterReqsCounter"}},{"key":"service","value":{"stringValue":"test"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
}
registry.RouterReqsCounter().With(nil, "router", "RouterReqsCounter", "service", "test", "code", strconv.Itoa(http.StatusNotFound), "method", http.MethodGet).Add(1)
registry.RouterReqsCounter().With(nil, "router", "RouterReqsCounter", "service", "test", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet).Add(1)
registry.RouterReqsTLSCounter().With("router", "demo", "service", "test", "tls_version", "foo", "tls_cipher", "bar").Add(1)
registry.RouterReqDurationHistogram().With("router", "demo", "service", "test", "code", strconv.Itoa(http.StatusOK)).Observe(10000)
registry.RouterReqsBytesCounter().With("router", "RouterReqsCounter", "service", "test", "code", strconv.Itoa(http.StatusNotFound), "method", http.MethodGet).Add(1)
registry.RouterRespsBytesCounter().With("router", "RouterReqsCounter", "service", "test", "code", strconv.Itoa(http.StatusNotFound), "method", http.MethodGet).Add(1)
tryAssertMessage(t, c, expectedRouters)
expectedServices := []string{
`({"name":"traefik_service_requests_total","description":"How many HTTP requests processed on a service, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"(?:200|404)"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"service","value":{"stringValue":"ServiceReqsCounter"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1},{"attributes":\[{"key":"code","value":{"stringValue":"(?:200|404)"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"service","value":{"stringValue":"ServiceReqsCounter"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_service_requests_tls_total","description":"How many HTTP requests with TLS processed on a service, partitioned by TLS version and TLS cipher.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"service","value":{"stringValue":"test"}},{"key":"tls_cipher","value":{"stringValue":"bar"}},{"key":"tls_version","value":{"stringValue":"foo"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_service_request_duration_seconds","description":"How long it took to process the request on a service, partitioned by status code, protocol, and method.","unit":"ms","histogram":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"200"}},{"key":"service","value":{"stringValue":"test"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","count":"1","sum":10000,"bucketCounts":\["0","0","0","0","0","0","0","0","0","0","0","0","0","0","1"\],"explicitBounds":\[0.005,0.01,0.025,0.05,0.075,0.1,0.25,0.5,0.75,1,2.5,5,7.5,10\],"min":10000,"max":10000}\],"aggregationTemporality":2}})`,
`({"name":"traefik_service_server_up","description":"service server is up, described by gauge value of 0 or 1.","unit":"1","gauge":{"dataPoints":\[{"attributes":\[{"key":"service","value":{"stringValue":"test"}},{"key":"url","value":{"stringValue":"http://127.0.0.1"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\]}})`,
`({"name":"traefik_service_requests_bytes_total","description":"The total size of requests in bytes received by a service, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"404"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"service","value":{"stringValue":"ServiceReqsCounter"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_service_responses_bytes_total","description":"The total size of responses in bytes returned by a service, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"404"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"service","value":{"stringValue":"ServiceReqsCounter"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
}
registry.ServiceReqsCounter().With(nil, "service", "ServiceReqsCounter", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet).Add(1)
registry.ServiceReqsCounter().With(nil, "service", "ServiceReqsCounter", "code", strconv.Itoa(http.StatusNotFound), "method", http.MethodGet).Add(1)
registry.ServiceReqsTLSCounter().With("service", "test", "tls_version", "foo", "tls_cipher", "bar").Add(1)
registry.ServiceReqDurationHistogram().With("service", "test", "code", strconv.Itoa(http.StatusOK)).Observe(10000)
registry.ServiceServerUpGauge().With("service", "test", "url", "http://127.0.0.1").Set(1)
registry.ServiceReqsBytesCounter().With("service", "ServiceReqsCounter", "code", strconv.Itoa(http.StatusNotFound), "method", http.MethodGet).Add(1)
registry.ServiceRespsBytesCounter().With("service", "ServiceReqsCounter", "code", strconv.Itoa(http.StatusNotFound), "method", http.MethodGet).Add(1)
tryAssertMessage(t, c, expectedServices)
expectedServicesRetries := []string{
`({"attributes":\[{"key":"service","value":{"stringValue":"foobar"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1})`,
`({"attributes":\[{"key":"service","value":{"stringValue":"test"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":2})`,
}
registry.ServiceRetriesCounter().With("service", "test").Add(1)
registry.ServiceRetriesCounter().With("service", "test").Add(1)
registry.ServiceRetriesCounter().With("service", "foobar").Add(1)
tryAssertMessage(t, c, expectedServicesRetries)
// We cannot rely on the previous expected pattern,
// because this pattern was for matching only one dataPoint in the histogram,
// and as soon as the EntryPointReqDurationHistogram.Observe is called,
// it adds a new dataPoint to the histogram.
expectedEntryPointReqDuration := []string{
`({"attributes":\[{"key":"entrypoint","value":{"stringValue":"myEntrypoint"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","count":"2","sum":30000,"bucketCounts":\["0","0","0","0","0","0","0","0","0","0","0","0","0","0","2"\],"explicitBounds":\[0.005,0.01,0.025,0.05,0.075,0.1,0.25,0.5,0.75,1,2.5,5,7.5,10\],"min":10000,"max":20000})`,
}
registry.EntryPointReqDurationHistogram().With("entrypoint", "myEntrypoint").Observe(10000)
registry.EntryPointReqDurationHistogram().With("entrypoint", "myEntrypoint").Observe(20000)
tryAssertMessage(t, c, expectedEntryPointReqDuration)
})
}
tryAssertMessage(t, c, expected)
// TODO: the len of startUnixNano is no supposed to be 20, it should be 19
expectedConfig := []string{
`({"name":"traefik_config_reloads_total","description":"Config reloads","unit":"1","sum":{"dataPoints":\[{"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_config_last_reload_success","description":"Last config reload success","unit":"ms","gauge":{"dataPoints":\[{"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\]}})`,
`({"name":"traefik_open_connections","description":"How many open connections exist, by entryPoint and protocol","unit":"1","gauge":{"dataPoints":\[{"attributes":\[{"key":"entrypoint","value":{"stringValue":"test"}},{"key":"protocol","value":{"stringValue":"TCP"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\]}})`,
}
registry.ConfigReloadsCounter().Add(1)
registry.LastConfigReloadSuccessGauge().Set(1)
registry.OpenConnectionsGauge().With("entrypoint", "test", "protocol", "TCP").Set(1)
tryAssertMessage(t, c, expectedConfig)
expectedTLSCerts := []string{
`({"name":"traefik_tls_certs_not_after","description":"Certificate expiration timestamp","unit":"ms","gauge":{"dataPoints":\[{"attributes":\[{"key":"key","value":{"stringValue":"value"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\]}})`,
}
registry.TLSCertsNotAfterTimestampGauge().With("key", "value").Set(1)
tryAssertMessage(t, c, expectedTLSCerts)
expectedEntryPoints := []string{
`({"name":"traefik_entrypoint_requests_total","description":"How many HTTP requests processed on an entrypoint, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"200"}},{"key":"entrypoint","value":{"stringValue":"test1"}},{"key":"method","value":{"stringValue":"GET"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_entrypoint_requests_tls_total","description":"How many HTTP requests with TLS processed on an entrypoint, partitioned by TLS Version and TLS cipher Used.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"entrypoint","value":{"stringValue":"test2"}},{"key":"tls_cipher","value":{"stringValue":"bar"}},{"key":"tls_version","value":{"stringValue":"foo"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_entrypoint_request_duration_seconds","description":"How long it took to process the request on an entrypoint, partitioned by status code, protocol, and method.","unit":"ms","histogram":{"dataPoints":\[{"attributes":\[{"key":"entrypoint","value":{"stringValue":"test3"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","count":"1","sum":10000,"bucketCounts":\["0","0","0","0","0","0","0","0","0","0","0","0","0","0","1"\],"explicitBounds":\[0.005,0.01,0.025,0.05,0.075,0.1,0.25,0.5,0.75,1,2.5,5,7.5,10\],"min":10000,"max":10000}\],"aggregationTemporality":2}})`,
`({"name":"traefik_entrypoint_requests_bytes_total","description":"The total size of requests in bytes handled by an entrypoint, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"200"}},{"key":"entrypoint","value":{"stringValue":"test1"}},{"key":"method","value":{"stringValue":"GET"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_entrypoint_responses_bytes_total","description":"The total size of responses in bytes handled by an entrypoint, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"200"}},{"key":"entrypoint","value":{"stringValue":"test1"}},{"key":"method","value":{"stringValue":"GET"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
}
registry.EntryPointReqsCounter().With(nil, "entrypoint", "test1", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet).Add(1)
registry.EntryPointReqsTLSCounter().With("entrypoint", "test2", "tls_version", "foo", "tls_cipher", "bar").Add(1)
registry.EntryPointReqDurationHistogram().With("entrypoint", "test3").Observe(10000)
registry.EntryPointReqsBytesCounter().With("entrypoint", "test1", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet).Add(1)
registry.EntryPointRespsBytesCounter().With("entrypoint", "test1", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet).Add(1)
tryAssertMessage(t, c, expectedEntryPoints)
expectedRouters := []string{
`({"name":"traefik_router_requests_total","description":"How many HTTP requests are processed on a router, partitioned by service, status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"(?:200|404)"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"router","value":{"stringValue":"RouterReqsCounter"}},{"key":"service","value":{"stringValue":"test"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1},{"attributes":\[{"key":"code","value":{"stringValue":"(?:200|404)"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"router","value":{"stringValue":"RouterReqsCounter"}},{"key":"service","value":{"stringValue":"test"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_router_requests_tls_total","description":"How many HTTP requests with TLS are processed on a router, partitioned by service, TLS Version, and TLS cipher Used.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"router","value":{"stringValue":"demo"}},{"key":"service","value":{"stringValue":"test"}},{"key":"tls_cipher","value":{"stringValue":"bar"}},{"key":"tls_version","value":{"stringValue":"foo"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_router_request_duration_seconds","description":"How long it took to process the request on a router, partitioned by service, status code, protocol, and method.","unit":"ms","histogram":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"200"}},{"key":"router","value":{"stringValue":"demo"}},{"key":"service","value":{"stringValue":"test"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","count":"1","sum":10000,"bucketCounts":\["0","0","0","0","0","0","0","0","0","0","0","0","0","0","1"\],"explicitBounds":\[0.005,0.01,0.025,0.05,0.075,0.1,0.25,0.5,0.75,1,2.5,5,7.5,10\],"min":10000,"max":10000}\],"aggregationTemporality":2}})`,
`({"name":"traefik_router_requests_bytes_total","description":"The total size of requests in bytes handled by a router, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"404"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"router","value":{"stringValue":"RouterReqsCounter"}},{"key":"service","value":{"stringValue":"test"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_router_responses_bytes_total","description":"The total size of responses in bytes handled by a router, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"404"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"router","value":{"stringValue":"RouterReqsCounter"}},{"key":"service","value":{"stringValue":"test"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
}
registry.RouterReqsCounter().With(nil, "router", "RouterReqsCounter", "service", "test", "code", strconv.Itoa(http.StatusNotFound), "method", http.MethodGet).Add(1)
registry.RouterReqsCounter().With(nil, "router", "RouterReqsCounter", "service", "test", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet).Add(1)
registry.RouterReqsTLSCounter().With("router", "demo", "service", "test", "tls_version", "foo", "tls_cipher", "bar").Add(1)
registry.RouterReqDurationHistogram().With("router", "demo", "service", "test", "code", strconv.Itoa(http.StatusOK)).Observe(10000)
registry.RouterReqsBytesCounter().With("router", "RouterReqsCounter", "service", "test", "code", strconv.Itoa(http.StatusNotFound), "method", http.MethodGet).Add(1)
registry.RouterRespsBytesCounter().With("router", "RouterReqsCounter", "service", "test", "code", strconv.Itoa(http.StatusNotFound), "method", http.MethodGet).Add(1)
tryAssertMessage(t, c, expectedRouters)
expectedServices := []string{
`({"name":"traefik_service_requests_total","description":"How many HTTP requests processed on a service, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"(?:200|404)"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"service","value":{"stringValue":"ServiceReqsCounter"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1},{"attributes":\[{"key":"code","value":{"stringValue":"(?:200|404)"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"service","value":{"stringValue":"ServiceReqsCounter"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_service_requests_tls_total","description":"How many HTTP requests with TLS processed on a service, partitioned by TLS version and TLS cipher.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"service","value":{"stringValue":"test"}},{"key":"tls_cipher","value":{"stringValue":"bar"}},{"key":"tls_version","value":{"stringValue":"foo"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_service_request_duration_seconds","description":"How long it took to process the request on a service, partitioned by status code, protocol, and method.","unit":"ms","histogram":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"200"}},{"key":"service","value":{"stringValue":"test"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","count":"1","sum":10000,"bucketCounts":\["0","0","0","0","0","0","0","0","0","0","0","0","0","0","1"\],"explicitBounds":\[0.005,0.01,0.025,0.05,0.075,0.1,0.25,0.5,0.75,1,2.5,5,7.5,10\],"min":10000,"max":10000}\],"aggregationTemporality":2}})`,
`({"name":"traefik_service_server_up","description":"service server is up, described by gauge value of 0 or 1.","unit":"1","gauge":{"dataPoints":\[{"attributes":\[{"key":"service","value":{"stringValue":"test"}},{"key":"url","value":{"stringValue":"http://127.0.0.1"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\]}})`,
`({"name":"traefik_service_requests_bytes_total","description":"The total size of requests in bytes received by a service, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"404"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"service","value":{"stringValue":"ServiceReqsCounter"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
`({"name":"traefik_service_responses_bytes_total","description":"The total size of responses in bytes returned by a service, partitioned by status code, protocol, and method.","unit":"1","sum":{"dataPoints":\[{"attributes":\[{"key":"code","value":{"stringValue":"404"}},{"key":"method","value":{"stringValue":"GET"}},{"key":"service","value":{"stringValue":"ServiceReqsCounter"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1}\],"aggregationTemporality":2,"isMonotonic":true}})`,
}
registry.ServiceReqsCounter().With(nil, "service", "ServiceReqsCounter", "code", strconv.Itoa(http.StatusOK), "method", http.MethodGet).Add(1)
registry.ServiceReqsCounter().With(nil, "service", "ServiceReqsCounter", "code", strconv.Itoa(http.StatusNotFound), "method", http.MethodGet).Add(1)
registry.ServiceReqsTLSCounter().With("service", "test", "tls_version", "foo", "tls_cipher", "bar").Add(1)
registry.ServiceReqDurationHistogram().With("service", "test", "code", strconv.Itoa(http.StatusOK)).Observe(10000)
registry.ServiceServerUpGauge().With("service", "test", "url", "http://127.0.0.1").Set(1)
registry.ServiceReqsBytesCounter().With("service", "ServiceReqsCounter", "code", strconv.Itoa(http.StatusNotFound), "method", http.MethodGet).Add(1)
registry.ServiceRespsBytesCounter().With("service", "ServiceReqsCounter", "code", strconv.Itoa(http.StatusNotFound), "method", http.MethodGet).Add(1)
tryAssertMessage(t, c, expectedServices)
expectedServicesRetries := []string{
`({"attributes":\[{"key":"service","value":{"stringValue":"foobar"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":1})`,
`({"attributes":\[{"key":"service","value":{"stringValue":"test"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","asDouble":2})`,
}
registry.ServiceRetriesCounter().With("service", "test").Add(1)
registry.ServiceRetriesCounter().With("service", "test").Add(1)
registry.ServiceRetriesCounter().With("service", "foobar").Add(1)
tryAssertMessage(t, c, expectedServicesRetries)
// We cannot rely on the previous expected pattern,
// because this pattern was for matching only one dataPoint in the histogram,
// and as soon as the EntryPointReqDurationHistogram.Observe is called,
// it adds a new dataPoint to the histogram.
expectedEntryPointReqDuration := []string{
`({"attributes":\[{"key":"entrypoint","value":{"stringValue":"myEntrypoint"}}\],"startTimeUnixNano":"[\d]{19}","timeUnixNano":"[\d]{19}","count":"2","sum":30000,"bucketCounts":\["0","0","0","0","0","0","0","0","0","0","0","0","0","0","2"\],"explicitBounds":\[0.005,0.01,0.025,0.05,0.075,0.1,0.25,0.5,0.75,1,2.5,5,7.5,10\],"min":10000,"max":20000})`,
}
registry.EntryPointReqDurationHistogram().With("entrypoint", "myEntrypoint").Observe(10000)
registry.EntryPointReqDurationHistogram().With("entrypoint", "myEntrypoint").Observe(20000)
tryAssertMessage(t, c, expectedEntryPointReqDuration)
}
func assertMessage(t *testing.T, msg string, expected []string) {

5
pkg/middlewares/accesslog/logdata.go
View File

@@ -77,6 +77,11 @@ const (
TLSCipher = "TLSCipher"
// TLSClientSubject is the string representation of the TLS client certificate's Subject.
TLSClientSubject = "TLSClientSubject"
// TraceID is the consistent identifier for tracking requests across services, including upstream ones managed by Traefik, shown as a 32-hex digit string.
TraceID = "TraceId"
// SpanID is the unique identifier for Traefiks root span (EntryPoint) within a request trace, formatted as a 16-hex digit string.
SpanID = "SpanId"
)
// These are written out in the default case when no config is provided to specify keys of interest.

12
pkg/middlewares/auth/forward.go
View File

@@ -13,6 +13,7 @@ import (
"github.com/traefik/traefik/v3/pkg/config/dynamic"
"github.com/traefik/traefik/v3/pkg/middlewares"
"github.com/traefik/traefik/v3/pkg/middlewares/accesslog"
"github.com/traefik/traefik/v3/pkg/middlewares/observability"
"github.com/traefik/traefik/v3/pkg/tracing"
"github.com/traefik/traefik/v3/pkg/types"
@@ -50,6 +51,7 @@ type forwardAuth struct {
trustForwardHeader bool
authRequestHeaders []string
addAuthCookiesToResponse map[string]struct{}
headerField string
}
// NewForward creates a forward auth middleware.
@@ -70,6 +72,7 @@ func NewForward(ctx context.Context, next http.Handler, config dynamic.ForwardAu
trustForwardHeader: config.TrustForwardHeader,
authRequestHeaders: config.AuthRequestHeaders,
addAuthCookiesToResponse: addAuthCookiesToResponse,
headerField: config.HeaderField,
}
// Ensure our request client does not follow redirects
@@ -169,6 +172,15 @@ func (fa *forwardAuth) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
forwardSpan.End()
}
if fa.headerField != "" {
if elems := forwardResponse.Header[http.CanonicalHeaderKey(fa.headerField)]; len(elems) > 0 {
logData := accesslog.GetLogData(req)
if logData != nil {
logData.Core[accesslog.ClientUsername] = elems[0]
}
}
}
// Pass the forward response's body and selected headers if it
// didn't return a response within the range of [200, 300).
if forwardResponse.StatusCode < http.StatusOK || forwardResponse.StatusCode >= http.StatusMultipleChoices {

30
pkg/middlewares/compress/acceptencoding.go
View File

@@ -22,13 +22,18 @@ type Encoding struct {
Weight *float64
}
func getCompressionType(acceptEncoding []string, defaultType string) string {
if defaultType == "" {
// Keeps the pre-existing default inside Traefik.
defaultType = brotliName
func getCompressionEncoding(acceptEncoding []string, defaultEncoding string, supportedEncodings []string) string {
if defaultEncoding == "" {
if slices.Contains(supportedEncodings, brotliName) {
// Keeps the pre-existing default inside Traefik if brotli is a supported encoding.
defaultEncoding = brotliName
} else if len(supportedEncodings) > 0 {
// Otherwise use the first supported encoding.
defaultEncoding = supportedEncodings[0]
}
}
encodings, hasWeight := parseAcceptEncoding(acceptEncoding)
encodings, hasWeight := parseAcceptEncoding(acceptEncoding, supportedEncodings)
if hasWeight {
if len(encodings) == 0 {
@@ -46,26 +51,26 @@ func getCompressionType(acceptEncoding []string, defaultType string) string {
}
if encoding.Type == wildcardName {
return defaultType
return defaultEncoding
}
return encoding.Type
}
for _, dt := range []string{zstdName, brotliName, gzipName} {
for _, dt := range supportedEncodings {
if slices.ContainsFunc(encodings, func(e Encoding) bool { return e.Type == dt }) {
return dt
}
}
if slices.ContainsFunc(encodings, func(e Encoding) bool { return e.Type == wildcardName }) {
return defaultType
return defaultEncoding
}
return identityName
}
func parseAcceptEncoding(acceptEncoding []string) ([]Encoding, bool) {
func parseAcceptEncoding(acceptEncoding, supportedEncodings []string) ([]Encoding, bool) {
var encodings []Encoding
var hasWeight bool
@@ -76,10 +81,9 @@ func parseAcceptEncoding(acceptEncoding []string) ([]Encoding, bool) {
continue
}
switch parsed[0] {
case zstdName, brotliName, gzipName, identityName, wildcardName:
// supported encoding
default:
if !slices.Contains(supportedEncodings, parsed[0]) &&
parsed[0] != identityName &&
parsed[0] != wildcardName {
continue
}

161
pkg/middlewares/compress/acceptencoding_test.go
View File

@@ -6,73 +6,86 @@ import (
"github.com/stretchr/testify/assert"
)
func Test_getCompressionType(t *testing.T) {
func Test_getCompressionEncoding(t *testing.T) {
testCases := []struct {
desc string
values []string
defaultType string
expected string
desc string
acceptEncoding []string
defaultEncoding string
supportedEncodings []string
expected string
}{
{
desc: "br > gzip (no weight)",
values: []string{"gzip, br"},
expected: brotliName,
desc: "br > gzip (no weight)",
acceptEncoding: []string{"gzip, br"},
expected: brotliName,
},
{
desc: "zstd > br > gzip (no weight)",
values: []string{"zstd, gzip, br"},
expected: zstdName,
desc: "zstd > br > gzip (no weight)",
acceptEncoding: []string{"zstd, gzip, br"},
expected: zstdName,
},
{
desc: "known compression type (no weight)",
values: []string{"compress, gzip"},
expected: gzipName,
desc: "known compression encoding (no weight)",
acceptEncoding: []string{"compress, gzip"},
expected: gzipName,
},
{
desc: "unknown compression type (no weight), no encoding",
values: []string{"compress, rar"},
expected: identityName,
desc: "unknown compression encoding (no weight), no encoding",
acceptEncoding: []string{"compress, rar"},
expected: identityName,
},
{
desc: "wildcard return the default compression type",
values: []string{"*"},
expected: brotliName,
desc: "wildcard return the default compression encoding",
acceptEncoding: []string{"*"},
expected: brotliName,
},
{
desc: "wildcard return the custom default compression type",
values: []string{"*"},
defaultType: "foo",
expected: "foo",
desc: "wildcard return the custom default compression encoding",
acceptEncoding: []string{"*"},
defaultEncoding: "foo",
expected: "foo",
},
{
desc: "follows weight",
values: []string{"br;q=0.8, gzip;q=1.0, *;q=0.1"},
expected: gzipName,
desc: "follows weight",
acceptEncoding: []string{"br;q=0.8, gzip;q=1.0, *;q=0.1"},
expected: gzipName,
},
{
desc: "ignore unknown compression type",
values: []string{"compress;q=1.0, gzip;q=0.5"},
expected: gzipName,
desc: "ignore unknown compression encoding",
acceptEncoding: []string{"compress;q=1.0, gzip;q=0.5"},
expected: gzipName,
},
{
desc: "fallback on non-zero compression type",
values: []string{"compress;q=1.0, gzip, identity;q=0"},
expected: gzipName,
desc: "fallback on non-zero compression encoding",
acceptEncoding: []string{"compress;q=1.0, gzip, identity;q=0"},
expected: gzipName,
},
{
desc: "not acceptable (identity)",
values: []string{"compress;q=1.0, identity;q=0"},
expected: notAcceptable,
desc: "not acceptable (identity)",
acceptEncoding: []string{"compress;q=1.0, identity;q=0"},
expected: notAcceptable,
},
{
desc: "not acceptable (wildcard)",
values: []string{"compress;q=1.0, *;q=0"},
expected: notAcceptable,
desc: "not acceptable (wildcard)",
acceptEncoding: []string{"compress;q=1.0, *;q=0"},
expected: notAcceptable,
},
{
desc: "non-zero is higher than 0",
values: []string{"gzip, *;q=0"},
expected: gzipName,
desc: "non-zero is higher than 0",
acceptEncoding: []string{"gzip, *;q=0"},
expected: gzipName,
},
{
desc: "zstd forbidden, brotli first",
acceptEncoding: []string{"zstd, gzip, br"},
supportedEncodings: []string{brotliName, gzipName},
expected: brotliName,
},
{
desc: "follows weight, ignores forbidden encoding",
acceptEncoding: []string{"br;q=0.8, gzip;q=1.0, *;q=0.1"},
supportedEncodings: []string{zstdName, brotliName},
expected: brotliName,
},
}
@@ -80,19 +93,24 @@ func Test_getCompressionType(t *testing.T) {
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
encodingType := getCompressionType(test.values, test.defaultType)
if test.supportedEncodings == nil {
test.supportedEncodings = defaultSupportedEncodings
}
assert.Equal(t, test.expected, encodingType)
encoding := getCompressionEncoding(test.acceptEncoding, test.defaultEncoding, test.supportedEncodings)
assert.Equal(t, test.expected, encoding)
})
}
}
func Test_parseAcceptEncoding(t *testing.T) {
testCases := []struct {
desc string
values []string
expected []Encoding
assertWeight assert.BoolAssertionFunc
desc string
values []string
supportedEncodings []string
expected []Encoding
assertWeight assert.BoolAssertionFunc
}{
{
desc: "weight",
@@ -105,6 +123,17 @@ func Test_parseAcceptEncoding(t *testing.T) {
},
assertWeight: assert.True,
},
{
desc: "weight with supported encodings",
values: []string{"br;q=1.0, zstd;q=0.9, gzip;q=0.8, *;q=0.1"},
supportedEncodings: []string{brotliName, gzipName},
expected: []Encoding{
{Type: brotliName, Weight: ptr[float64](1)},
{Type: gzipName, Weight: ptr(0.8)},
{Type: wildcardName, Weight: ptr(0.1)},
},
assertWeight: assert.True,
},
{
desc: "mixed",
values: []string{"zstd,gzip, br;q=1.0, *;q=0"},
@@ -116,6 +145,16 @@ func Test_parseAcceptEncoding(t *testing.T) {
},
assertWeight: assert.True,
},
{
desc: "mixed with supported encodings",
values: []string{"zstd,gzip, br;q=1.0, *;q=0"},
supportedEncodings: []string{zstdName},
expected: []Encoding{
{Type: zstdName},
{Type: wildcardName, Weight: ptr[float64](0)},
},
assertWeight: assert.True,
},
{
desc: "no weight",
values: []string{"zstd, gzip, br, *"},
@@ -127,6 +166,16 @@ func Test_parseAcceptEncoding(t *testing.T) {
},
assertWeight: assert.False,
},
{
desc: "no weight with supported encodings",
values: []string{"zstd, gzip, br, *"},
supportedEncodings: []string{"gzip"},
expected: []Encoding{
{Type: gzipName},
{Type: wildcardName},
},
assertWeight: assert.False,
},
{
desc: "weight and identity",
values: []string{"gzip;q=1.0, identity; q=0.5, *;q=0"},
@@ -137,13 +186,27 @@ func Test_parseAcceptEncoding(t *testing.T) {
},
assertWeight: assert.True,
},
{
desc: "weight and identity",
values: []string{"gzip;q=1.0, identity; q=0.5, *;q=0"},
supportedEncodings: []string{"br"},
expected: []Encoding{
{Type: identityName, Weight: ptr(0.5)},
{Type: wildcardName, Weight: ptr[float64](0)},
},
assertWeight: assert.True,
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
aes, hasWeight := parseAcceptEncoding(test.values)
if test.supportedEncodings == nil {
test.supportedEncodings = defaultSupportedEncodings
}
aes, hasWeight := parseAcceptEncoding(test.values, test.supportedEncodings)
assert.Equal(t, test.expected, aes)
test.assertWeight(t, hasWeight)

Some files were not shown because too many files have changed in this diff Show More