Commit new Chart releases for TrueCharts
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
parent
0108923e71
commit
a6f20ae192
|
@ -0,0 +1,99 @@
|
||||||
|
**Important:**
|
||||||
|
*for the complete changelog, please refer to the website*
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [traefik-18.0.11](https://github.com/truecharts/charts/compare/traefik-18.0.10...traefik-18.0.11) (2023-06-09)
|
||||||
|
|
||||||
|
### Fix
|
||||||
|
|
||||||
|
- ensure CRDs are correctly added to traefik
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [traefik-18.0.10](https://github.com/truecharts/charts/compare/traefik-18.0.9...traefik-18.0.10) (2023-06-07)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
- update helm general non-major ([#9457](https://github.com/truecharts/charts/issues/9457))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [traefik-18.0.9](https://github.com/truecharts/charts/compare/traefik-18.0.8...traefik-18.0.9) (2023-06-07)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
- update helm general non-major ([#9423](https://github.com/truecharts/charts/issues/9423))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [traefik-18.0.8](https://github.com/truecharts/charts/compare/traefik-18.0.7...traefik-18.0.8) (2023-06-04)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
- update helm general non-major ([#9393](https://github.com/truecharts/charts/issues/9393))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [traefik-18.0.7](https://github.com/truecharts/charts/compare/traefik-18.0.6...traefik-18.0.7) (2023-05-28)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
- move ingressclass under ingress section and hide behind expert button ([#9225](https://github.com/truecharts/charts/issues/9225))
|
||||||
|
|
||||||
|
### Feat
|
||||||
|
|
||||||
|
- hide advanced ingress options behind checbox ([#9203](https://github.com/truecharts/charts/issues/9203))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [traefik-18.0.6](https://github.com/truecharts/charts/compare/traefik-18.0.5...traefik-18.0.6) (2023-05-27)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
- update helm general non-major ([#9197](https://github.com/truecharts/charts/issues/9197))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [traefik-18.0.5](https://github.com/truecharts/charts/compare/traefik-18.0.4...traefik-18.0.5) (2023-05-26)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
- update helm general non-major ([#9156](https://github.com/truecharts/charts/issues/9156))
|
||||||
|
- bump traefik version
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [traefik-18.0.4](https://github.com/truecharts/charts/compare/traefik-18.0.3...traefik-18.0.4) (2023-05-26)
|
||||||
|
|
||||||
|
### Fix
|
||||||
|
|
||||||
|
- fix context on middlewares ([#9174](https://github.com/truecharts/charts/issues/9174))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [traefik-18.0.3](https://github.com/truecharts/charts/compare/traefik-18.0.1...traefik-18.0.3) (2023-05-25)
|
||||||
|
|
||||||
|
### Fix
|
||||||
|
|
||||||
|
- remove duplicate `-Release.Name` when ingressClass is enabled ([#9145](https://github.com/truecharts/charts/issues/9145))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## [traefik-18.0.3](https://github.com/truecharts/charts/compare/traefik-18.0.1...traefik-18.0.3) (2023-05-25)
|
||||||
|
|
||||||
|
### Fix
|
||||||
|
|
||||||
|
- remove duplicate `-Release.Name` when ingressClass is enabled ([#9145](https://github.com/truecharts/charts/issues/9145))
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,31 @@
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: "2.10.1"
|
||||||
|
dependencies:
|
||||||
|
- name: common
|
||||||
|
repository: https://library-charts.truecharts.org
|
||||||
|
version: 12.13.0
|
||||||
|
deprecated: false
|
||||||
|
description: Traefik is a flexible reverse proxy and Ingress Provider.
|
||||||
|
home: https://truecharts.org/charts/enterprise/traefik
|
||||||
|
icon: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png
|
||||||
|
keywords:
|
||||||
|
- traefik
|
||||||
|
- ingress
|
||||||
|
kubeVersion: ">=1.16.0-0"
|
||||||
|
maintainers:
|
||||||
|
- email: info@truecharts.org
|
||||||
|
name: TrueCharts
|
||||||
|
url: https://truecharts.org
|
||||||
|
name: traefik
|
||||||
|
sources:
|
||||||
|
- https://github.com/truecharts/charts/tree/master/charts/enterprise/traefik
|
||||||
|
- https://github.com/traefik/traefik
|
||||||
|
- https://github.com/traefik/traefik-helm-chart
|
||||||
|
- https://traefik.io/
|
||||||
|
type: application
|
||||||
|
version: 18.0.11
|
||||||
|
annotations:
|
||||||
|
truecharts.org/catagories: |
|
||||||
|
- network
|
||||||
|
truecharts.org/SCALE-support: "true"
|
||||||
|
truecharts.org/grade: U
|
|
@ -0,0 +1,106 @@
|
||||||
|
Business Source License 1.1
|
||||||
|
|
||||||
|
Parameters
|
||||||
|
|
||||||
|
Licensor: The TrueCharts Project, it's owner and it's contributors
|
||||||
|
Licensed Work: The TrueCharts "Traefik" Helm Chart
|
||||||
|
Additional Use Grant: You may use the licensed work in production, as long
|
||||||
|
as it is directly sourced from a TrueCharts provided
|
||||||
|
official repository, catalog or source. You may also make private
|
||||||
|
modification to the directly sourced licenced work,
|
||||||
|
when used in production.
|
||||||
|
|
||||||
|
The following cases are, due to their nature, also
|
||||||
|
defined as 'production use' and explicitly prohibited:
|
||||||
|
- Bundling, including or displaying the licensed work
|
||||||
|
with(in) another work intended for production use,
|
||||||
|
with the apparent intend of facilitating and/or
|
||||||
|
promoting production use by third parties in
|
||||||
|
violation of this license.
|
||||||
|
|
||||||
|
Change Date: 2050-01-01
|
||||||
|
|
||||||
|
Change License: 3-clause BSD license
|
||||||
|
|
||||||
|
For information about alternative licensing arrangements for the Software,
|
||||||
|
please contact: legal@truecharts.org
|
||||||
|
|
||||||
|
Notice
|
||||||
|
|
||||||
|
The Business Source License (this document, or the “License”) is not an Open
|
||||||
|
Source license. However, the Licensed Work will eventually be made available
|
||||||
|
under an Open Source License, as stated in this License.
|
||||||
|
|
||||||
|
License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
|
||||||
|
“Business Source License” is a trademark of MariaDB Corporation Ab.
|
||||||
|
|
||||||
|
-----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
Business Source License 1.1
|
||||||
|
|
||||||
|
Terms
|
||||||
|
|
||||||
|
The Licensor hereby grants you the right to copy, modify, create derivative
|
||||||
|
works, redistribute, and make non-production use of the Licensed Work. The
|
||||||
|
Licensor may make an Additional Use Grant, above, permitting limited
|
||||||
|
production use.
|
||||||
|
|
||||||
|
Effective on the Change Date, or the fourth anniversary of the first publicly
|
||||||
|
available distribution of a specific version of the Licensed Work under this
|
||||||
|
License, whichever comes first, the Licensor hereby grants you rights under
|
||||||
|
the terms of the Change License, and the rights granted in the paragraph
|
||||||
|
above terminate.
|
||||||
|
|
||||||
|
If your use of the Licensed Work does not comply with the requirements
|
||||||
|
currently in effect as described in this License, you must purchase a
|
||||||
|
commercial license from the Licensor, its affiliated entities, or authorized
|
||||||
|
resellers, or you must refrain from using the Licensed Work.
|
||||||
|
|
||||||
|
All copies of the original and modified Licensed Work, and derivative works
|
||||||
|
of the Licensed Work, are subject to this License. This License applies
|
||||||
|
separately for each version of the Licensed Work and the Change Date may vary
|
||||||
|
for each version of the Licensed Work released by Licensor.
|
||||||
|
|
||||||
|
You must conspicuously display this License on each original or modified copy
|
||||||
|
of the Licensed Work. If you receive the Licensed Work in original or
|
||||||
|
modified form from a third party, the terms and conditions set forth in this
|
||||||
|
License apply to your use of that work.
|
||||||
|
|
||||||
|
Any use of the Licensed Work in violation of this License will automatically
|
||||||
|
terminate your rights under this License for the current and all other
|
||||||
|
versions of the Licensed Work.
|
||||||
|
|
||||||
|
This License does not grant you any right in any trademark or logo of
|
||||||
|
Licensor or its affiliates (provided that you may use a trademark or logo of
|
||||||
|
Licensor as expressly required by this License).
|
||||||
|
|
||||||
|
TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
|
||||||
|
AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
|
||||||
|
EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
|
||||||
|
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
|
||||||
|
TITLE.
|
||||||
|
|
||||||
|
MariaDB hereby grants you permission to use this License’s text to license
|
||||||
|
your works, and to refer to it using the trademark “Business Source License”,
|
||||||
|
as long as you comply with the Covenants of Licensor below.
|
||||||
|
|
||||||
|
Covenants of Licensor
|
||||||
|
|
||||||
|
In consideration of the right to use this License’s text and the “Business
|
||||||
|
Source License” name and trademark, Licensor covenants to MariaDB, and to all
|
||||||
|
other recipients of the licensed work to be provided by Licensor:
|
||||||
|
|
||||||
|
1. To specify as the Change License the GPL Version 2.0 or any later version,
|
||||||
|
or a license that is compatible with GPL Version 2.0 or a later version,
|
||||||
|
where “compatible” means that software provided under the Change License can
|
||||||
|
be included in a program with software provided under GPL Version 2.0 or a
|
||||||
|
later version. Licensor may specify additional Change Licenses without
|
||||||
|
limitation.
|
||||||
|
|
||||||
|
2. To either: (a) specify an additional grant of rights to use that does not
|
||||||
|
impose any additional restriction on the right granted in this License, as
|
||||||
|
the Additional Use Grant; or (b) insert the text “None”.
|
||||||
|
|
||||||
|
3. To specify a Change Date.
|
||||||
|
|
||||||
|
4. Not to modify this License in any other way.
|
|
@ -0,0 +1,27 @@
|
||||||
|
# README
|
||||||
|
|
||||||
|
## General Info
|
||||||
|
|
||||||
|
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
|
||||||
|
However only installations using the TrueNAS SCALE Apps system are supported.
|
||||||
|
|
||||||
|
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/)
|
||||||
|
|
||||||
|
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
|
||||||
|
|
||||||
|
|
||||||
|
## Support
|
||||||
|
|
||||||
|
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ).
|
||||||
|
- See the [Website](https://truecharts.org)
|
||||||
|
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||||
|
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Sponsor TrueCharts
|
||||||
|
|
||||||
|
TrueCharts can only exist due to the incredible effort of our staff.
|
||||||
|
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
||||||
|
|
||||||
|
*All Rights Reserved - The TrueCharts Project*
|
|
@ -0,0 +1,9 @@
|
||||||
|
|
||||||
|
|
||||||
|
## [traefik-18.0.11](https://github.com/truecharts/charts/compare/traefik-18.0.10...traefik-18.0.11) (2023-06-09)
|
||||||
|
|
||||||
|
### Fix
|
||||||
|
|
||||||
|
- ensure CRDs are correctly added to traefik
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
Traefik is a flexible reverse proxy and Ingress Provider.
|
||||||
|
|
||||||
|
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/traefik](https://truecharts.org/charts/enterprise/traefik)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
TrueCharts can only exist due to the incredible effort of our staff.
|
||||||
|
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
Binary file not shown.
|
@ -0,0 +1,275 @@
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
controller-gen.kubebuilder.io/version: v0.6.2
|
||||||
|
creationTimestamp: null
|
||||||
|
name: ingressroutes.traefik.io
|
||||||
|
spec:
|
||||||
|
group: traefik.io
|
||||||
|
names:
|
||||||
|
kind: IngressRoute
|
||||||
|
listKind: IngressRouteList
|
||||||
|
plural: ingressroutes
|
||||||
|
singular: ingressroute
|
||||||
|
scope: Namespaced
|
||||||
|
versions:
|
||||||
|
- name: v1alpha1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
description: 'APIVersion defines the versioned schema of this representation
|
||||||
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: 'Kind is a string value representing the REST resource this
|
||||||
|
object represents. Servers may infer this from the endpoint the client
|
||||||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||||
|
type: string
|
||||||
|
metadata:
|
||||||
|
type: object
|
||||||
|
spec:
|
||||||
|
description: IngressRouteSpec defines the desired state of IngressRoute.
|
||||||
|
properties:
|
||||||
|
entryPoints:
|
||||||
|
description: 'EntryPoints defines the list of entry point names to
|
||||||
|
bind to. Entry points have to be configured in the static configuration.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
|
||||||
|
Default: all.'
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
routes:
|
||||||
|
description: Routes defines the list of routes.
|
||||||
|
items:
|
||||||
|
description: Route holds the HTTP route configuration.
|
||||||
|
properties:
|
||||||
|
kind:
|
||||||
|
description: Kind defines the kind of the route. Rule is the
|
||||||
|
only supported kind.
|
||||||
|
enum:
|
||||||
|
- Rule
|
||||||
|
type: string
|
||||||
|
match:
|
||||||
|
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule'
|
||||||
|
type: string
|
||||||
|
middlewares:
|
||||||
|
description: 'Middlewares defines the list of references to
|
||||||
|
Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware'
|
||||||
|
items:
|
||||||
|
description: MiddlewareRef is a reference to a Middleware
|
||||||
|
resource.
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
description: Name defines the name of the referenced Middleware
|
||||||
|
resource.
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: Namespace defines the namespace of the referenced
|
||||||
|
Middleware resource.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
priority:
|
||||||
|
description: 'Priority defines the router''s priority. More
|
||||||
|
info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority'
|
||||||
|
type: integer
|
||||||
|
services:
|
||||||
|
description: Services defines the list of Service. It can contain
|
||||||
|
any combination of TraefikService and/or reference to a Kubernetes
|
||||||
|
Service.
|
||||||
|
items:
|
||||||
|
description: Service defines an upstream HTTP service to proxy
|
||||||
|
traffic to.
|
||||||
|
properties:
|
||||||
|
kind:
|
||||||
|
description: Kind defines the kind of the Service.
|
||||||
|
enum:
|
||||||
|
- Service
|
||||||
|
- TraefikService
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: Name defines the name of the referenced Kubernetes
|
||||||
|
Service or TraefikService. The differentiation between
|
||||||
|
the two is specified in the Kind field.
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: Namespace defines the namespace of the referenced
|
||||||
|
Kubernetes Service or TraefikService.
|
||||||
|
type: string
|
||||||
|
nativeLB:
|
||||||
|
description: NativeLB controls, when creating the load-balancer,
|
||||||
|
whether the LB's children are directly the pods IPs
|
||||||
|
or if the only child is the Kubernetes Service clusterIP.
|
||||||
|
The Kubernetes Service itself does load-balance to the
|
||||||
|
pods. By default, NativeLB is false.
|
||||||
|
type: boolean
|
||||||
|
passHostHeader:
|
||||||
|
description: PassHostHeader defines whether the client
|
||||||
|
Host header is forwarded to the upstream Kubernetes
|
||||||
|
Service. By default, passHostHeader is true.
|
||||||
|
type: boolean
|
||||||
|
port:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
description: Port defines the port of a Kubernetes Service.
|
||||||
|
This can be a reference to a named port.
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
responseForwarding:
|
||||||
|
description: ResponseForwarding defines how Traefik forwards
|
||||||
|
the response from the upstream Kubernetes Service to
|
||||||
|
the client.
|
||||||
|
properties:
|
||||||
|
flushInterval:
|
||||||
|
description: 'FlushInterval defines the interval,
|
||||||
|
in milliseconds, in between flushes to the client
|
||||||
|
while copying the response body. A negative value
|
||||||
|
means to flush immediately after each write to the
|
||||||
|
client. This configuration is ignored when ReverseProxy
|
||||||
|
recognizes a response as a streaming response; for
|
||||||
|
such responses, writes are flushed to the client
|
||||||
|
immediately. Default: 100ms'
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
scheme:
|
||||||
|
description: Scheme defines the scheme to use for the
|
||||||
|
request to the upstream Kubernetes Service. It defaults
|
||||||
|
to https when Kubernetes Service port is 443, http otherwise.
|
||||||
|
type: string
|
||||||
|
serversTransport:
|
||||||
|
description: ServersTransport defines the name of ServersTransport
|
||||||
|
resource to use. It allows to configure the transport
|
||||||
|
between Traefik and your servers. Can only be used on
|
||||||
|
a Kubernetes Service.
|
||||||
|
type: string
|
||||||
|
sticky:
|
||||||
|
description: 'Sticky defines the sticky sessions configuration.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
|
||||||
|
properties:
|
||||||
|
cookie:
|
||||||
|
description: Cookie defines the sticky cookie configuration.
|
||||||
|
properties:
|
||||||
|
httpOnly:
|
||||||
|
description: HTTPOnly defines whether the cookie
|
||||||
|
can be accessed by client-side APIs, such as
|
||||||
|
JavaScript.
|
||||||
|
type: boolean
|
||||||
|
name:
|
||||||
|
description: Name defines the Cookie name.
|
||||||
|
type: string
|
||||||
|
sameSite:
|
||||||
|
description: 'SameSite defines the same site policy.
|
||||||
|
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||||
|
type: string
|
||||||
|
secure:
|
||||||
|
description: Secure defines whether the cookie
|
||||||
|
can only be transmitted over an encrypted connection
|
||||||
|
(i.e. HTTPS).
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
strategy:
|
||||||
|
description: Strategy defines the load balancing strategy
|
||||||
|
between the servers. RoundRobin is the only supported
|
||||||
|
value at the moment.
|
||||||
|
type: string
|
||||||
|
weight:
|
||||||
|
description: Weight defines the weight and should only
|
||||||
|
be specified when Name references a TraefikService object
|
||||||
|
(and to be precise, one that embeds a Weighted Round
|
||||||
|
Robin).
|
||||||
|
type: integer
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
required:
|
||||||
|
- kind
|
||||||
|
- match
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
tls:
|
||||||
|
description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls'
|
||||||
|
properties:
|
||||||
|
certResolver:
|
||||||
|
description: 'CertResolver defines the name of the certificate
|
||||||
|
resolver to use. Cert resolvers have to be configured in the
|
||||||
|
static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
|
||||||
|
type: string
|
||||||
|
domains:
|
||||||
|
description: 'Domains defines the list of domains that will be
|
||||||
|
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
|
||||||
|
items:
|
||||||
|
description: Domain holds a domain name with SANs.
|
||||||
|
properties:
|
||||||
|
main:
|
||||||
|
description: Main defines the main domain name.
|
||||||
|
type: string
|
||||||
|
sans:
|
||||||
|
description: SANs defines the subject alternative domain
|
||||||
|
names.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
options:
|
||||||
|
description: 'Options defines the reference to a TLSOption, that
|
||||||
|
specifies the parameters of the TLS connection. If not defined,
|
||||||
|
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
description: 'Name defines the name of the referenced TLSOption.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: 'Namespace defines the namespace of the referenced
|
||||||
|
TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
secretName:
|
||||||
|
description: SecretName is the name of the referenced Kubernetes
|
||||||
|
Secret to specify the certificate details.
|
||||||
|
type: string
|
||||||
|
store:
|
||||||
|
description: Store defines the reference to the TLSStore, that
|
||||||
|
will be used to store certificates. Please note that only `default`
|
||||||
|
TLSStore can be used.
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
description: 'Name defines the name of the referenced TLSStore.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: 'Namespace defines the namespace of the referenced
|
||||||
|
TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- routes
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- metadata
|
||||||
|
- spec
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
status:
|
||||||
|
acceptedNames:
|
||||||
|
kind: ""
|
||||||
|
plural: ""
|
||||||
|
conditions: []
|
||||||
|
storedVersions: []
|
|
@ -0,0 +1,218 @@
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
controller-gen.kubebuilder.io/version: v0.6.2
|
||||||
|
creationTimestamp: null
|
||||||
|
name: ingressroutetcps.traefik.io
|
||||||
|
spec:
|
||||||
|
group: traefik.io
|
||||||
|
names:
|
||||||
|
kind: IngressRouteTCP
|
||||||
|
listKind: IngressRouteTCPList
|
||||||
|
plural: ingressroutetcps
|
||||||
|
singular: ingressroutetcp
|
||||||
|
scope: Namespaced
|
||||||
|
versions:
|
||||||
|
- name: v1alpha1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
description: 'APIVersion defines the versioned schema of this representation
|
||||||
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: 'Kind is a string value representing the REST resource this
|
||||||
|
object represents. Servers may infer this from the endpoint the client
|
||||||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||||
|
type: string
|
||||||
|
metadata:
|
||||||
|
type: object
|
||||||
|
spec:
|
||||||
|
description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
|
||||||
|
properties:
|
||||||
|
entryPoints:
|
||||||
|
description: 'EntryPoints defines the list of entry point names to
|
||||||
|
bind to. Entry points have to be configured in the static configuration.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
|
||||||
|
Default: all.'
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
routes:
|
||||||
|
description: Routes defines the list of routes.
|
||||||
|
items:
|
||||||
|
description: RouteTCP holds the TCP route configuration.
|
||||||
|
properties:
|
||||||
|
match:
|
||||||
|
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1'
|
||||||
|
type: string
|
||||||
|
middlewares:
|
||||||
|
description: Middlewares defines the list of references to MiddlewareTCP
|
||||||
|
resources.
|
||||||
|
items:
|
||||||
|
description: ObjectReference is a generic reference to a Traefik
|
||||||
|
resource.
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
description: Name defines the name of the referenced Traefik
|
||||||
|
resource.
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: Namespace defines the namespace of the referenced
|
||||||
|
Traefik resource.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
priority:
|
||||||
|
description: 'Priority defines the router''s priority. More
|
||||||
|
info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1'
|
||||||
|
type: integer
|
||||||
|
services:
|
||||||
|
description: Services defines the list of TCP services.
|
||||||
|
items:
|
||||||
|
description: ServiceTCP defines an upstream TCP service to
|
||||||
|
proxy traffic to.
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
description: Name defines the name of the referenced Kubernetes
|
||||||
|
Service.
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: Namespace defines the namespace of the referenced
|
||||||
|
Kubernetes Service.
|
||||||
|
type: string
|
||||||
|
nativeLB:
|
||||||
|
description: NativeLB controls, when creating the load-balancer,
|
||||||
|
whether the LB's children are directly the pods IPs
|
||||||
|
or if the only child is the Kubernetes Service clusterIP.
|
||||||
|
The Kubernetes Service itself does load-balance to the
|
||||||
|
pods. By default, NativeLB is false.
|
||||||
|
type: boolean
|
||||||
|
port:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
description: Port defines the port of a Kubernetes Service.
|
||||||
|
This can be a reference to a named port.
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
proxyProtocol:
|
||||||
|
description: 'ProxyProtocol defines the PROXY protocol
|
||||||
|
configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol'
|
||||||
|
properties:
|
||||||
|
version:
|
||||||
|
description: Version defines the PROXY Protocol version
|
||||||
|
to use.
|
||||||
|
type: integer
|
||||||
|
type: object
|
||||||
|
terminationDelay:
|
||||||
|
description: TerminationDelay defines the deadline that
|
||||||
|
the proxy sets, after one of its connected peers indicates
|
||||||
|
it has closed the writing capability of its connection,
|
||||||
|
to close the reading capability as well, hence fully
|
||||||
|
terminating the connection. It is a duration in milliseconds,
|
||||||
|
defaulting to 100. A negative value means an infinite
|
||||||
|
deadline (i.e. the reading capability is never closed).
|
||||||
|
type: integer
|
||||||
|
weight:
|
||||||
|
description: Weight defines the weight used when balancing
|
||||||
|
requests between multiple Kubernetes Service.
|
||||||
|
type: integer
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
- port
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
required:
|
||||||
|
- match
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
tls:
|
||||||
|
description: 'TLS defines the TLS configuration on a layer 4 / TCP
|
||||||
|
Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1'
|
||||||
|
properties:
|
||||||
|
certResolver:
|
||||||
|
description: 'CertResolver defines the name of the certificate
|
||||||
|
resolver to use. Cert resolvers have to be configured in the
|
||||||
|
static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
|
||||||
|
type: string
|
||||||
|
domains:
|
||||||
|
description: 'Domains defines the list of domains that will be
|
||||||
|
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
|
||||||
|
items:
|
||||||
|
description: Domain holds a domain name with SANs.
|
||||||
|
properties:
|
||||||
|
main:
|
||||||
|
description: Main defines the main domain name.
|
||||||
|
type: string
|
||||||
|
sans:
|
||||||
|
description: SANs defines the subject alternative domain
|
||||||
|
names.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
options:
|
||||||
|
description: 'Options defines the reference to a TLSOption, that
|
||||||
|
specifies the parameters of the TLS connection. If not defined,
|
||||||
|
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
description: Name defines the name of the referenced Traefik
|
||||||
|
resource.
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: Namespace defines the namespace of the referenced
|
||||||
|
Traefik resource.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
passthrough:
|
||||||
|
description: Passthrough defines whether a TLS router will terminate
|
||||||
|
the TLS connection.
|
||||||
|
type: boolean
|
||||||
|
secretName:
|
||||||
|
description: SecretName is the name of the referenced Kubernetes
|
||||||
|
Secret to specify the certificate details.
|
||||||
|
type: string
|
||||||
|
store:
|
||||||
|
description: Store defines the reference to the TLSStore, that
|
||||||
|
will be used to store certificates. Please note that only `default`
|
||||||
|
TLSStore can be used.
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
description: Name defines the name of the referenced Traefik
|
||||||
|
resource.
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: Namespace defines the namespace of the referenced
|
||||||
|
Traefik resource.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- routes
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- metadata
|
||||||
|
- spec
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
status:
|
||||||
|
acceptedNames:
|
||||||
|
kind: ""
|
||||||
|
plural: ""
|
||||||
|
conditions: []
|
||||||
|
storedVersions: []
|
|
@ -0,0 +1,105 @@
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
controller-gen.kubebuilder.io/version: v0.6.2
|
||||||
|
creationTimestamp: null
|
||||||
|
name: ingressrouteudps.traefik.io
|
||||||
|
spec:
|
||||||
|
group: traefik.io
|
||||||
|
names:
|
||||||
|
kind: IngressRouteUDP
|
||||||
|
listKind: IngressRouteUDPList
|
||||||
|
plural: ingressrouteudps
|
||||||
|
singular: ingressrouteudp
|
||||||
|
scope: Namespaced
|
||||||
|
versions:
|
||||||
|
- name: v1alpha1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
description: 'APIVersion defines the versioned schema of this representation
|
||||||
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: 'Kind is a string value representing the REST resource this
|
||||||
|
object represents. Servers may infer this from the endpoint the client
|
||||||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||||
|
type: string
|
||||||
|
metadata:
|
||||||
|
type: object
|
||||||
|
spec:
|
||||||
|
description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
|
||||||
|
properties:
|
||||||
|
entryPoints:
|
||||||
|
description: 'EntryPoints defines the list of entry point names to
|
||||||
|
bind to. Entry points have to be configured in the static configuration.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
|
||||||
|
Default: all.'
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
routes:
|
||||||
|
description: Routes defines the list of routes.
|
||||||
|
items:
|
||||||
|
description: RouteUDP holds the UDP route configuration.
|
||||||
|
properties:
|
||||||
|
services:
|
||||||
|
description: Services defines the list of UDP services.
|
||||||
|
items:
|
||||||
|
description: ServiceUDP defines an upstream UDP service to
|
||||||
|
proxy traffic to.
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
description: Name defines the name of the referenced Kubernetes
|
||||||
|
Service.
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: Namespace defines the namespace of the referenced
|
||||||
|
Kubernetes Service.
|
||||||
|
type: string
|
||||||
|
nativeLB:
|
||||||
|
description: NativeLB controls, when creating the load-balancer,
|
||||||
|
whether the LB's children are directly the pods IPs
|
||||||
|
or if the only child is the Kubernetes Service clusterIP.
|
||||||
|
The Kubernetes Service itself does load-balance to the
|
||||||
|
pods. By default, NativeLB is false.
|
||||||
|
type: boolean
|
||||||
|
port:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
description: Port defines the port of a Kubernetes Service.
|
||||||
|
This can be a reference to a named port.
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
weight:
|
||||||
|
description: Weight defines the weight used when balancing
|
||||||
|
requests between multiple Kubernetes Service.
|
||||||
|
type: integer
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
- port
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
required:
|
||||||
|
- routes
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- metadata
|
||||||
|
- spec
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
status:
|
||||||
|
acceptedNames:
|
||||||
|
kind: ""
|
||||||
|
plural: ""
|
||||||
|
conditions: []
|
||||||
|
storedVersions: []
|
|
@ -0,0 +1,924 @@
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
controller-gen.kubebuilder.io/version: v0.6.2
|
||||||
|
creationTimestamp: null
|
||||||
|
name: middlewares.traefik.io
|
||||||
|
spec:
|
||||||
|
group: traefik.io
|
||||||
|
names:
|
||||||
|
kind: Middleware
|
||||||
|
listKind: MiddlewareList
|
||||||
|
plural: middlewares
|
||||||
|
singular: middleware
|
||||||
|
scope: Namespaced
|
||||||
|
versions:
|
||||||
|
- name: v1alpha1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
description: 'Middleware is the CRD implementation of a Traefik Middleware.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/'
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
description: 'APIVersion defines the versioned schema of this representation
|
||||||
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: 'Kind is a string value representing the REST resource this
|
||||||
|
object represents. Servers may infer this from the endpoint the client
|
||||||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||||
|
type: string
|
||||||
|
metadata:
|
||||||
|
type: object
|
||||||
|
spec:
|
||||||
|
description: MiddlewareSpec defines the desired state of a Middleware.
|
||||||
|
properties:
|
||||||
|
addPrefix:
|
||||||
|
description: 'AddPrefix holds the add prefix middleware configuration.
|
||||||
|
This middleware updates the path of a request before forwarding
|
||||||
|
it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/'
|
||||||
|
properties:
|
||||||
|
prefix:
|
||||||
|
description: Prefix is the string to add before the current path
|
||||||
|
in the requested URL. It should include a leading slash (/).
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
basicAuth:
|
||||||
|
description: 'BasicAuth holds the basic auth middleware configuration.
|
||||||
|
This middleware restricts access to your services to known users.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/'
|
||||||
|
properties:
|
||||||
|
headerField:
|
||||||
|
description: 'HeaderField defines a header field to store the
|
||||||
|
authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
|
||||||
|
type: string
|
||||||
|
realm:
|
||||||
|
description: 'Realm allows the protected resources on a server
|
||||||
|
to be partitioned into a set of protection spaces, each with
|
||||||
|
its own authentication scheme. Default: traefik.'
|
||||||
|
type: string
|
||||||
|
removeHeader:
|
||||||
|
description: 'RemoveHeader sets the removeHeader option to true
|
||||||
|
to remove the authorization header before forwarding the request
|
||||||
|
to your service. Default: false.'
|
||||||
|
type: boolean
|
||||||
|
secret:
|
||||||
|
description: Secret is the name of the referenced Kubernetes Secret
|
||||||
|
containing user credentials.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
buffering:
|
||||||
|
description: 'Buffering holds the buffering middleware configuration.
|
||||||
|
This middleware retries or limits the size of requests that can
|
||||||
|
be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes'
|
||||||
|
properties:
|
||||||
|
maxRequestBodyBytes:
|
||||||
|
description: 'MaxRequestBodyBytes defines the maximum allowed
|
||||||
|
body size for the request (in bytes). If the request exceeds
|
||||||
|
the allowed size, it is not forwarded to the service, and the
|
||||||
|
client gets a 413 (Request Entity Too Large) response. Default:
|
||||||
|
0 (no maximum).'
|
||||||
|
format: int64
|
||||||
|
type: integer
|
||||||
|
maxResponseBodyBytes:
|
||||||
|
description: 'MaxResponseBodyBytes defines the maximum allowed
|
||||||
|
response size from the service (in bytes). If the response exceeds
|
||||||
|
the allowed size, it is not forwarded to the client. The client
|
||||||
|
gets a 500 (Internal Server Error) response instead. Default:
|
||||||
|
0 (no maximum).'
|
||||||
|
format: int64
|
||||||
|
type: integer
|
||||||
|
memRequestBodyBytes:
|
||||||
|
description: 'MemRequestBodyBytes defines the threshold (in bytes)
|
||||||
|
from which the request will be buffered on disk instead of in
|
||||||
|
memory. Default: 1048576 (1Mi).'
|
||||||
|
format: int64
|
||||||
|
type: integer
|
||||||
|
memResponseBodyBytes:
|
||||||
|
description: 'MemResponseBodyBytes defines the threshold (in bytes)
|
||||||
|
from which the response will be buffered on disk instead of
|
||||||
|
in memory. Default: 1048576 (1Mi).'
|
||||||
|
format: int64
|
||||||
|
type: integer
|
||||||
|
retryExpression:
|
||||||
|
description: 'RetryExpression defines the retry conditions. It
|
||||||
|
is a logical combination of functions with operators AND (&&)
|
||||||
|
and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression'
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
chain:
|
||||||
|
description: 'Chain holds the configuration of the chain middleware.
|
||||||
|
This middleware enables to define reusable combinations of other
|
||||||
|
pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/'
|
||||||
|
properties:
|
||||||
|
middlewares:
|
||||||
|
description: Middlewares is the list of MiddlewareRef which composes
|
||||||
|
the chain.
|
||||||
|
items:
|
||||||
|
description: MiddlewareRef is a reference to a Middleware resource.
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
description: Name defines the name of the referenced Middleware
|
||||||
|
resource.
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: Namespace defines the namespace of the referenced
|
||||||
|
Middleware resource.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
circuitBreaker:
|
||||||
|
description: CircuitBreaker holds the circuit breaker configuration.
|
||||||
|
properties:
|
||||||
|
checkPeriod:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
description: CheckPeriod is the interval between successive checks
|
||||||
|
of the circuit breaker condition (when in standby state).
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
expression:
|
||||||
|
description: Expression is the condition that triggers the tripped
|
||||||
|
state.
|
||||||
|
type: string
|
||||||
|
fallbackDuration:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
description: FallbackDuration is the duration for which the circuit
|
||||||
|
breaker will wait before trying to recover (from a tripped state).
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
recoveryDuration:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
description: RecoveryDuration is the duration for which the circuit
|
||||||
|
breaker will try to recover (as soon as it is in recovering
|
||||||
|
state).
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
type: object
|
||||||
|
compress:
|
||||||
|
description: 'Compress holds the compress middleware configuration.
|
||||||
|
This middleware compresses responses before sending them to the
|
||||||
|
client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/'
|
||||||
|
properties:
|
||||||
|
excludedContentTypes:
|
||||||
|
description: ExcludedContentTypes defines the list of content
|
||||||
|
types to compare the Content-Type header of the incoming requests
|
||||||
|
and responses before compressing.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
minResponseBodyBytes:
|
||||||
|
description: 'MinResponseBodyBytes defines the minimum amount
|
||||||
|
of bytes a response body must have to be compressed. Default:
|
||||||
|
1024.'
|
||||||
|
type: integer
|
||||||
|
type: object
|
||||||
|
contentType:
|
||||||
|
description: ContentType holds the content-type middleware configuration.
|
||||||
|
This middleware exists to enable the correct behavior until at least
|
||||||
|
the default one can be changed in a future version.
|
||||||
|
properties:
|
||||||
|
autoDetect:
|
||||||
|
description: AutoDetect specifies whether to let the `Content-Type`
|
||||||
|
header, if it has not been set by the backend, be automatically
|
||||||
|
set to a value derived from the contents of the response. As
|
||||||
|
a proxy, the default behavior should be to leave the header
|
||||||
|
alone, regardless of what the backend did with it. However,
|
||||||
|
the historic default was to always auto-detect and set the header
|
||||||
|
if it was nil, and it is going to be kept that way in order
|
||||||
|
to support users currently relying on it.
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
digestAuth:
|
||||||
|
description: 'DigestAuth holds the digest auth middleware configuration.
|
||||||
|
This middleware restricts access to your services to known users.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/'
|
||||||
|
properties:
|
||||||
|
headerField:
|
||||||
|
description: 'HeaderField defines a header field to store the
|
||||||
|
authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
|
||||||
|
type: string
|
||||||
|
realm:
|
||||||
|
description: 'Realm allows the protected resources on a server
|
||||||
|
to be partitioned into a set of protection spaces, each with
|
||||||
|
its own authentication scheme. Default: traefik.'
|
||||||
|
type: string
|
||||||
|
removeHeader:
|
||||||
|
description: RemoveHeader defines whether to remove the authorization
|
||||||
|
header before forwarding the request to the backend.
|
||||||
|
type: boolean
|
||||||
|
secret:
|
||||||
|
description: Secret is the name of the referenced Kubernetes Secret
|
||||||
|
containing user credentials.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
errors:
|
||||||
|
description: 'ErrorPage holds the custom error middleware configuration.
|
||||||
|
This middleware returns a custom page in lieu of the default, according
|
||||||
|
to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/'
|
||||||
|
properties:
|
||||||
|
query:
|
||||||
|
description: Query defines the URL for the error page (hosted
|
||||||
|
by service). The {status} variable can be used in order to insert
|
||||||
|
the status code in the URL.
|
||||||
|
type: string
|
||||||
|
service:
|
||||||
|
description: 'Service defines the reference to a Kubernetes Service
|
||||||
|
that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service'
|
||||||
|
properties:
|
||||||
|
kind:
|
||||||
|
description: Kind defines the kind of the Service.
|
||||||
|
enum:
|
||||||
|
- Service
|
||||||
|
- TraefikService
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: Name defines the name of the referenced Kubernetes
|
||||||
|
Service or TraefikService. The differentiation between the
|
||||||
|
two is specified in the Kind field.
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: Namespace defines the namespace of the referenced
|
||||||
|
Kubernetes Service or TraefikService.
|
||||||
|
type: string
|
||||||
|
nativeLB:
|
||||||
|
description: NativeLB controls, when creating the load-balancer,
|
||||||
|
whether the LB's children are directly the pods IPs or if
|
||||||
|
the only child is the Kubernetes Service clusterIP. The
|
||||||
|
Kubernetes Service itself does load-balance to the pods.
|
||||||
|
By default, NativeLB is false.
|
||||||
|
type: boolean
|
||||||
|
passHostHeader:
|
||||||
|
description: PassHostHeader defines whether the client Host
|
||||||
|
header is forwarded to the upstream Kubernetes Service.
|
||||||
|
By default, passHostHeader is true.
|
||||||
|
type: boolean
|
||||||
|
port:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
description: Port defines the port of a Kubernetes Service.
|
||||||
|
This can be a reference to a named port.
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
responseForwarding:
|
||||||
|
description: ResponseForwarding defines how Traefik forwards
|
||||||
|
the response from the upstream Kubernetes Service to the
|
||||||
|
client.
|
||||||
|
properties:
|
||||||
|
flushInterval:
|
||||||
|
description: 'FlushInterval defines the interval, in milliseconds,
|
||||||
|
in between flushes to the client while copying the response
|
||||||
|
body. A negative value means to flush immediately after
|
||||||
|
each write to the client. This configuration is ignored
|
||||||
|
when ReverseProxy recognizes a response as a streaming
|
||||||
|
response; for such responses, writes are flushed to
|
||||||
|
the client immediately. Default: 100ms'
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
scheme:
|
||||||
|
description: Scheme defines the scheme to use for the request
|
||||||
|
to the upstream Kubernetes Service. It defaults to https
|
||||||
|
when Kubernetes Service port is 443, http otherwise.
|
||||||
|
type: string
|
||||||
|
serversTransport:
|
||||||
|
description: ServersTransport defines the name of ServersTransport
|
||||||
|
resource to use. It allows to configure the transport between
|
||||||
|
Traefik and your servers. Can only be used on a Kubernetes
|
||||||
|
Service.
|
||||||
|
type: string
|
||||||
|
sticky:
|
||||||
|
description: 'Sticky defines the sticky sessions configuration.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
|
||||||
|
properties:
|
||||||
|
cookie:
|
||||||
|
description: Cookie defines the sticky cookie configuration.
|
||||||
|
properties:
|
||||||
|
httpOnly:
|
||||||
|
description: HTTPOnly defines whether the cookie can
|
||||||
|
be accessed by client-side APIs, such as JavaScript.
|
||||||
|
type: boolean
|
||||||
|
name:
|
||||||
|
description: Name defines the Cookie name.
|
||||||
|
type: string
|
||||||
|
sameSite:
|
||||||
|
description: 'SameSite defines the same site policy.
|
||||||
|
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||||
|
type: string
|
||||||
|
secure:
|
||||||
|
description: Secure defines whether the cookie can
|
||||||
|
only be transmitted over an encrypted connection
|
||||||
|
(i.e. HTTPS).
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
strategy:
|
||||||
|
description: Strategy defines the load balancing strategy
|
||||||
|
between the servers. RoundRobin is the only supported value
|
||||||
|
at the moment.
|
||||||
|
type: string
|
||||||
|
weight:
|
||||||
|
description: Weight defines the weight and should only be
|
||||||
|
specified when Name references a TraefikService object (and
|
||||||
|
to be precise, one that embeds a Weighted Round Robin).
|
||||||
|
type: integer
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
status:
|
||||||
|
description: Status defines which status or range of statuses
|
||||||
|
should result in an error page. It can be either a status code
|
||||||
|
as a number (500), as multiple comma-separated numbers (500,502),
|
||||||
|
as ranges by separating two codes with a dash (500-599), or
|
||||||
|
a combination of the two (404,418,500-599).
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
forwardAuth:
|
||||||
|
description: 'ForwardAuth holds the forward auth middleware configuration.
|
||||||
|
This middleware delegates the request authentication to a Service.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/'
|
||||||
|
properties:
|
||||||
|
address:
|
||||||
|
description: Address defines the authentication server address.
|
||||||
|
type: string
|
||||||
|
authRequestHeaders:
|
||||||
|
description: AuthRequestHeaders defines the list of the headers
|
||||||
|
to copy from the request to the authentication server. If not
|
||||||
|
set or empty then all request headers are passed.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
authResponseHeaders:
|
||||||
|
description: AuthResponseHeaders defines the list of headers to
|
||||||
|
copy from the authentication server response and set on forwarded
|
||||||
|
request, replacing any existing conflicting headers.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
authResponseHeadersRegex:
|
||||||
|
description: 'AuthResponseHeadersRegex defines the regex to match
|
||||||
|
headers to copy from the authentication server response and
|
||||||
|
set on forwarded request, after stripping all headers that match
|
||||||
|
the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex'
|
||||||
|
type: string
|
||||||
|
tls:
|
||||||
|
description: TLS defines the configuration used to secure the
|
||||||
|
connection to the authentication server.
|
||||||
|
properties:
|
||||||
|
caOptional:
|
||||||
|
type: boolean
|
||||||
|
caSecret:
|
||||||
|
description: CASecret is the name of the referenced Kubernetes
|
||||||
|
Secret containing the CA to validate the server certificate.
|
||||||
|
The CA certificate is extracted from key `tls.ca` or `ca.crt`.
|
||||||
|
type: string
|
||||||
|
certSecret:
|
||||||
|
description: CertSecret is the name of the referenced Kubernetes
|
||||||
|
Secret containing the client certificate. The client certificate
|
||||||
|
is extracted from the keys `tls.crt` and `tls.key`.
|
||||||
|
type: string
|
||||||
|
insecureSkipVerify:
|
||||||
|
description: InsecureSkipVerify defines whether the server
|
||||||
|
certificates should be validated.
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
trustForwardHeader:
|
||||||
|
description: 'TrustForwardHeader defines whether to trust (ie:
|
||||||
|
forward) all X-Forwarded-* headers.'
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
headers:
|
||||||
|
description: 'Headers holds the headers middleware configuration.
|
||||||
|
This middleware manages the requests and responses headers. More
|
||||||
|
info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders'
|
||||||
|
properties:
|
||||||
|
accessControlAllowCredentials:
|
||||||
|
description: AccessControlAllowCredentials defines whether the
|
||||||
|
request can include user credentials.
|
||||||
|
type: boolean
|
||||||
|
accessControlAllowHeaders:
|
||||||
|
description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
|
||||||
|
values sent in preflight response.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
accessControlAllowMethods:
|
||||||
|
description: AccessControlAllowMethods defines the Access-Control-Request-Method
|
||||||
|
values sent in preflight response.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
accessControlAllowOriginList:
|
||||||
|
description: AccessControlAllowOriginList is a list of allowable
|
||||||
|
origins. Can also be a wildcard origin "*".
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
accessControlAllowOriginListRegex:
|
||||||
|
description: AccessControlAllowOriginListRegex is a list of allowable
|
||||||
|
origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
accessControlExposeHeaders:
|
||||||
|
description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
|
||||||
|
values sent in preflight response.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
accessControlMaxAge:
|
||||||
|
description: AccessControlMaxAge defines the time that a preflight
|
||||||
|
request may be cached.
|
||||||
|
format: int64
|
||||||
|
type: integer
|
||||||
|
addVaryHeader:
|
||||||
|
description: AddVaryHeader defines whether the Vary header is
|
||||||
|
automatically added/updated when the AccessControlAllowOriginList
|
||||||
|
is set.
|
||||||
|
type: boolean
|
||||||
|
allowedHosts:
|
||||||
|
description: AllowedHosts defines the fully qualified list of
|
||||||
|
allowed domain names.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
browserXssFilter:
|
||||||
|
description: BrowserXSSFilter defines whether to add the X-XSS-Protection
|
||||||
|
header with the value 1; mode=block.
|
||||||
|
type: boolean
|
||||||
|
contentSecurityPolicy:
|
||||||
|
description: ContentSecurityPolicy defines the Content-Security-Policy
|
||||||
|
header value.
|
||||||
|
type: string
|
||||||
|
contentTypeNosniff:
|
||||||
|
description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
|
||||||
|
header with the nosniff value.
|
||||||
|
type: boolean
|
||||||
|
customBrowserXSSValue:
|
||||||
|
description: CustomBrowserXSSValue defines the X-XSS-Protection
|
||||||
|
header value. This overrides the BrowserXssFilter option.
|
||||||
|
type: string
|
||||||
|
customFrameOptionsValue:
|
||||||
|
description: CustomFrameOptionsValue defines the X-Frame-Options
|
||||||
|
header value. This overrides the FrameDeny option.
|
||||||
|
type: string
|
||||||
|
customRequestHeaders:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
description: CustomRequestHeaders defines the header names and
|
||||||
|
values to apply to the request.
|
||||||
|
type: object
|
||||||
|
customResponseHeaders:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
description: CustomResponseHeaders defines the header names and
|
||||||
|
values to apply to the response.
|
||||||
|
type: object
|
||||||
|
featurePolicy:
|
||||||
|
description: 'Deprecated: use PermissionsPolicy instead.'
|
||||||
|
type: string
|
||||||
|
forceSTSHeader:
|
||||||
|
description: ForceSTSHeader defines whether to add the STS header
|
||||||
|
even when the connection is HTTP.
|
||||||
|
type: boolean
|
||||||
|
frameDeny:
|
||||||
|
description: FrameDeny defines whether to add the X-Frame-Options
|
||||||
|
header with the DENY value.
|
||||||
|
type: boolean
|
||||||
|
hostsProxyHeaders:
|
||||||
|
description: HostsProxyHeaders defines the header keys that may
|
||||||
|
hold a proxied hostname value for the request.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
isDevelopment:
|
||||||
|
description: IsDevelopment defines whether to mitigate the unwanted
|
||||||
|
effects of the AllowedHosts, SSL, and STS options when developing.
|
||||||
|
Usually testing takes place using HTTP, not HTTPS, and on localhost,
|
||||||
|
not your production domain. If you would like your development
|
||||||
|
environment to mimic production with complete Host blocking,
|
||||||
|
SSL redirects, and STS headers, leave this as false.
|
||||||
|
type: boolean
|
||||||
|
permissionsPolicy:
|
||||||
|
description: PermissionsPolicy defines the Permissions-Policy
|
||||||
|
header value. This allows sites to control browser features.
|
||||||
|
type: string
|
||||||
|
publicKey:
|
||||||
|
description: PublicKey is the public key that implements HPKP
|
||||||
|
to prevent MITM attacks with forged certificates.
|
||||||
|
type: string
|
||||||
|
referrerPolicy:
|
||||||
|
description: ReferrerPolicy defines the Referrer-Policy header
|
||||||
|
value. This allows sites to control whether browsers forward
|
||||||
|
the Referer header to other sites.
|
||||||
|
type: string
|
||||||
|
sslForceHost:
|
||||||
|
description: 'Deprecated: use RedirectRegex instead.'
|
||||||
|
type: boolean
|
||||||
|
sslHost:
|
||||||
|
description: 'Deprecated: use RedirectRegex instead.'
|
||||||
|
type: string
|
||||||
|
sslProxyHeaders:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
description: 'SSLProxyHeaders defines the header keys with associated
|
||||||
|
values that would indicate a valid HTTPS request. It can be
|
||||||
|
useful when using other proxies (example: "X-Forwarded-Proto":
|
||||||
|
"https").'
|
||||||
|
type: object
|
||||||
|
sslRedirect:
|
||||||
|
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
||||||
|
instead.'
|
||||||
|
type: boolean
|
||||||
|
sslTemporaryRedirect:
|
||||||
|
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
||||||
|
instead.'
|
||||||
|
type: boolean
|
||||||
|
stsIncludeSubdomains:
|
||||||
|
description: STSIncludeSubdomains defines whether the includeSubDomains
|
||||||
|
directive is appended to the Strict-Transport-Security header.
|
||||||
|
type: boolean
|
||||||
|
stsPreload:
|
||||||
|
description: STSPreload defines whether the preload flag is appended
|
||||||
|
to the Strict-Transport-Security header.
|
||||||
|
type: boolean
|
||||||
|
stsSeconds:
|
||||||
|
description: STSSeconds defines the max-age of the Strict-Transport-Security
|
||||||
|
header. If set to 0, the header is not set.
|
||||||
|
format: int64
|
||||||
|
type: integer
|
||||||
|
type: object
|
||||||
|
inFlightReq:
|
||||||
|
description: 'InFlightReq holds the in-flight request middleware configuration.
|
||||||
|
This middleware limits the number of requests being processed and
|
||||||
|
served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/'
|
||||||
|
properties:
|
||||||
|
amount:
|
||||||
|
description: Amount defines the maximum amount of allowed simultaneous
|
||||||
|
in-flight request. The middleware responds with HTTP 429 Too
|
||||||
|
Many Requests if there are already amount requests in progress
|
||||||
|
(based on the same sourceCriterion strategy).
|
||||||
|
format: int64
|
||||||
|
type: integer
|
||||||
|
sourceCriterion:
|
||||||
|
description: 'SourceCriterion defines what criterion is used to
|
||||||
|
group requests as originating from a common source. If several
|
||||||
|
strategies are defined at the same time, an error will be raised.
|
||||||
|
If none are set, the default is to use the requestHost. More
|
||||||
|
info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion'
|
||||||
|
properties:
|
||||||
|
ipStrategy:
|
||||||
|
description: 'IPStrategy holds the IP strategy configuration
|
||||||
|
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
|
||||||
|
properties:
|
||||||
|
depth:
|
||||||
|
description: Depth tells Traefik to use the X-Forwarded-For
|
||||||
|
header and take the IP located at the depth position
|
||||||
|
(starting from the right).
|
||||||
|
type: integer
|
||||||
|
excludedIPs:
|
||||||
|
description: ExcludedIPs configures Traefik to scan the
|
||||||
|
X-Forwarded-For header and select the first IP not in
|
||||||
|
the list.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
requestHeaderName:
|
||||||
|
description: RequestHeaderName defines the name of the header
|
||||||
|
used to group incoming requests.
|
||||||
|
type: string
|
||||||
|
requestHost:
|
||||||
|
description: RequestHost defines whether to consider the request
|
||||||
|
Host as the source.
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
ipWhiteList:
|
||||||
|
description: 'IPWhiteList holds the IP whitelist middleware configuration.
|
||||||
|
This middleware accepts / refuses requests based on the client IP.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/'
|
||||||
|
properties:
|
||||||
|
ipStrategy:
|
||||||
|
description: 'IPStrategy holds the IP strategy configuration used
|
||||||
|
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
|
||||||
|
properties:
|
||||||
|
depth:
|
||||||
|
description: Depth tells Traefik to use the X-Forwarded-For
|
||||||
|
header and take the IP located at the depth position (starting
|
||||||
|
from the right).
|
||||||
|
type: integer
|
||||||
|
excludedIPs:
|
||||||
|
description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
|
||||||
|
header and select the first IP not in the list.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
sourceRange:
|
||||||
|
description: SourceRange defines the set of allowed IPs (or ranges
|
||||||
|
of allowed IPs by using CIDR notation).
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
passTLSClientCert:
|
||||||
|
description: 'PassTLSClientCert holds the pass TLS client cert middleware
|
||||||
|
configuration. This middleware adds the selected data from the passed
|
||||||
|
client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/'
|
||||||
|
properties:
|
||||||
|
info:
|
||||||
|
description: Info selects the specific client certificate details
|
||||||
|
you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
|
||||||
|
properties:
|
||||||
|
issuer:
|
||||||
|
description: Issuer defines the client certificate issuer
|
||||||
|
details to add to the X-Forwarded-Tls-Client-Cert-Info header.
|
||||||
|
properties:
|
||||||
|
commonName:
|
||||||
|
description: CommonName defines whether to add the organizationalUnit
|
||||||
|
information into the issuer.
|
||||||
|
type: boolean
|
||||||
|
country:
|
||||||
|
description: Country defines whether to add the country
|
||||||
|
information into the issuer.
|
||||||
|
type: boolean
|
||||||
|
domainComponent:
|
||||||
|
description: DomainComponent defines whether to add the
|
||||||
|
domainComponent information into the issuer.
|
||||||
|
type: boolean
|
||||||
|
locality:
|
||||||
|
description: Locality defines whether to add the locality
|
||||||
|
information into the issuer.
|
||||||
|
type: boolean
|
||||||
|
organization:
|
||||||
|
description: Organization defines whether to add the organization
|
||||||
|
information into the issuer.
|
||||||
|
type: boolean
|
||||||
|
province:
|
||||||
|
description: Province defines whether to add the province
|
||||||
|
information into the issuer.
|
||||||
|
type: boolean
|
||||||
|
serialNumber:
|
||||||
|
description: SerialNumber defines whether to add the serialNumber
|
||||||
|
information into the issuer.
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
notAfter:
|
||||||
|
description: NotAfter defines whether to add the Not After
|
||||||
|
information from the Validity part.
|
||||||
|
type: boolean
|
||||||
|
notBefore:
|
||||||
|
description: NotBefore defines whether to add the Not Before
|
||||||
|
information from the Validity part.
|
||||||
|
type: boolean
|
||||||
|
sans:
|
||||||
|
description: Sans defines whether to add the Subject Alternative
|
||||||
|
Name information from the Subject Alternative Name part.
|
||||||
|
type: boolean
|
||||||
|
serialNumber:
|
||||||
|
description: SerialNumber defines whether to add the client
|
||||||
|
serialNumber information.
|
||||||
|
type: boolean
|
||||||
|
subject:
|
||||||
|
description: Subject defines the client certificate subject
|
||||||
|
details to add to the X-Forwarded-Tls-Client-Cert-Info header.
|
||||||
|
properties:
|
||||||
|
commonName:
|
||||||
|
description: CommonName defines whether to add the organizationalUnit
|
||||||
|
information into the subject.
|
||||||
|
type: boolean
|
||||||
|
country:
|
||||||
|
description: Country defines whether to add the country
|
||||||
|
information into the subject.
|
||||||
|
type: boolean
|
||||||
|
domainComponent:
|
||||||
|
description: DomainComponent defines whether to add the
|
||||||
|
domainComponent information into the subject.
|
||||||
|
type: boolean
|
||||||
|
locality:
|
||||||
|
description: Locality defines whether to add the locality
|
||||||
|
information into the subject.
|
||||||
|
type: boolean
|
||||||
|
organization:
|
||||||
|
description: Organization defines whether to add the organization
|
||||||
|
information into the subject.
|
||||||
|
type: boolean
|
||||||
|
organizationalUnit:
|
||||||
|
description: OrganizationalUnit defines whether to add
|
||||||
|
the organizationalUnit information into the subject.
|
||||||
|
type: boolean
|
||||||
|
province:
|
||||||
|
description: Province defines whether to add the province
|
||||||
|
information into the subject.
|
||||||
|
type: boolean
|
||||||
|
serialNumber:
|
||||||
|
description: SerialNumber defines whether to add the serialNumber
|
||||||
|
information into the subject.
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
pem:
|
||||||
|
description: PEM sets the X-Forwarded-Tls-Client-Cert header with
|
||||||
|
the certificate.
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
plugin:
|
||||||
|
additionalProperties:
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
description: 'Plugin defines the middleware plugin configuration.
|
||||||
|
More info: https://doc.traefik.io/traefik/plugins/'
|
||||||
|
type: object
|
||||||
|
rateLimit:
|
||||||
|
description: 'RateLimit holds the rate limit configuration. This middleware
|
||||||
|
ensures that services will receive a fair amount of requests, and
|
||||||
|
allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/'
|
||||||
|
properties:
|
||||||
|
average:
|
||||||
|
description: Average is the maximum rate, by default in requests/s,
|
||||||
|
allowed for the given source. It defaults to 0, which means
|
||||||
|
no rate limiting. The rate is actually defined by dividing Average
|
||||||
|
by Period. So for a rate below 1req/s, one needs to define a
|
||||||
|
Period larger than a second.
|
||||||
|
format: int64
|
||||||
|
type: integer
|
||||||
|
burst:
|
||||||
|
description: Burst is the maximum number of requests allowed to
|
||||||
|
arrive in the same arbitrarily small period of time. It defaults
|
||||||
|
to 1.
|
||||||
|
format: int64
|
||||||
|
type: integer
|
||||||
|
period:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
description: 'Period, in combination with Average, defines the
|
||||||
|
actual maximum rate, such as: r = Average / Period. It defaults
|
||||||
|
to a second.'
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
sourceCriterion:
|
||||||
|
description: SourceCriterion defines what criterion is used to
|
||||||
|
group requests as originating from a common source. If several
|
||||||
|
strategies are defined at the same time, an error will be raised.
|
||||||
|
If none are set, the default is to use the request's remote
|
||||||
|
address field (as an ipStrategy).
|
||||||
|
properties:
|
||||||
|
ipStrategy:
|
||||||
|
description: 'IPStrategy holds the IP strategy configuration
|
||||||
|
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
|
||||||
|
properties:
|
||||||
|
depth:
|
||||||
|
description: Depth tells Traefik to use the X-Forwarded-For
|
||||||
|
header and take the IP located at the depth position
|
||||||
|
(starting from the right).
|
||||||
|
type: integer
|
||||||
|
excludedIPs:
|
||||||
|
description: ExcludedIPs configures Traefik to scan the
|
||||||
|
X-Forwarded-For header and select the first IP not in
|
||||||
|
the list.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
requestHeaderName:
|
||||||
|
description: RequestHeaderName defines the name of the header
|
||||||
|
used to group incoming requests.
|
||||||
|
type: string
|
||||||
|
requestHost:
|
||||||
|
description: RequestHost defines whether to consider the request
|
||||||
|
Host as the source.
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
redirectRegex:
|
||||||
|
description: 'RedirectRegex holds the redirect regex middleware configuration.
|
||||||
|
This middleware redirects a request using regex matching and replacement.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex'
|
||||||
|
properties:
|
||||||
|
permanent:
|
||||||
|
description: Permanent defines whether the redirection is permanent
|
||||||
|
(301).
|
||||||
|
type: boolean
|
||||||
|
regex:
|
||||||
|
description: Regex defines the regex used to match and capture
|
||||||
|
elements from the request URL.
|
||||||
|
type: string
|
||||||
|
replacement:
|
||||||
|
description: Replacement defines how to modify the URL to have
|
||||||
|
the new target URL.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
redirectScheme:
|
||||||
|
description: 'RedirectScheme holds the redirect scheme middleware
|
||||||
|
configuration. This middleware redirects requests from a scheme/port
|
||||||
|
to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/'
|
||||||
|
properties:
|
||||||
|
permanent:
|
||||||
|
description: Permanent defines whether the redirection is permanent
|
||||||
|
(301).
|
||||||
|
type: boolean
|
||||||
|
port:
|
||||||
|
description: Port defines the port of the new URL.
|
||||||
|
type: string
|
||||||
|
scheme:
|
||||||
|
description: Scheme defines the scheme of the new URL.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
replacePath:
|
||||||
|
description: 'ReplacePath holds the replace path middleware configuration.
|
||||||
|
This middleware replaces the path of the request URL and store the
|
||||||
|
original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/'
|
||||||
|
properties:
|
||||||
|
path:
|
||||||
|
description: Path defines the path to use as replacement in the
|
||||||
|
request URL.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
replacePathRegex:
|
||||||
|
description: 'ReplacePathRegex holds the replace path regex middleware
|
||||||
|
configuration. This middleware replaces the path of a URL using
|
||||||
|
regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/'
|
||||||
|
properties:
|
||||||
|
regex:
|
||||||
|
description: Regex defines the regular expression used to match
|
||||||
|
and capture the path from the request URL.
|
||||||
|
type: string
|
||||||
|
replacement:
|
||||||
|
description: Replacement defines the replacement path format,
|
||||||
|
which can include captured variables.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
retry:
|
||||||
|
description: 'Retry holds the retry middleware configuration. This
|
||||||
|
middleware reissues requests a given number of times to a backend
|
||||||
|
server if that server does not reply. As soon as the server answers,
|
||||||
|
the middleware stops retrying, regardless of the response status.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/'
|
||||||
|
properties:
|
||||||
|
attempts:
|
||||||
|
description: Attempts defines how many times the request should
|
||||||
|
be retried.
|
||||||
|
type: integer
|
||||||
|
initialInterval:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
description: InitialInterval defines the first wait time in the
|
||||||
|
exponential backoff series. The maximum interval is calculated
|
||||||
|
as twice the initialInterval. If unspecified, requests will
|
||||||
|
be retried immediately. The value of initialInterval should
|
||||||
|
be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
type: object
|
||||||
|
stripPrefix:
|
||||||
|
description: 'StripPrefix holds the strip prefix middleware configuration.
|
||||||
|
This middleware removes the specified prefixes from the URL path.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/'
|
||||||
|
properties:
|
||||||
|
forceSlash:
|
||||||
|
description: 'ForceSlash ensures that the resulting stripped path
|
||||||
|
is not the empty string, by replacing it with / when necessary.
|
||||||
|
Default: true.'
|
||||||
|
type: boolean
|
||||||
|
prefixes:
|
||||||
|
description: Prefixes defines the prefixes to strip from the request
|
||||||
|
URL.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
stripPrefixRegex:
|
||||||
|
description: 'StripPrefixRegex holds the strip prefix regex middleware
|
||||||
|
configuration. This middleware removes the matching prefixes from
|
||||||
|
the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/'
|
||||||
|
properties:
|
||||||
|
regex:
|
||||||
|
description: Regex defines the regular expression to match the
|
||||||
|
path prefix from the request URL.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- metadata
|
||||||
|
- spec
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
status:
|
||||||
|
acceptedNames:
|
||||||
|
kind: ""
|
||||||
|
plural: ""
|
||||||
|
conditions: []
|
||||||
|
storedVersions: []
|
|
@ -0,0 +1,72 @@
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
controller-gen.kubebuilder.io/version: v0.6.2
|
||||||
|
creationTimestamp: null
|
||||||
|
name: middlewaretcps.traefik.io
|
||||||
|
spec:
|
||||||
|
group: traefik.io
|
||||||
|
names:
|
||||||
|
kind: MiddlewareTCP
|
||||||
|
listKind: MiddlewareTCPList
|
||||||
|
plural: middlewaretcps
|
||||||
|
singular: middlewaretcp
|
||||||
|
scope: Namespaced
|
||||||
|
versions:
|
||||||
|
- name: v1alpha1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/'
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
description: 'APIVersion defines the versioned schema of this representation
|
||||||
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: 'Kind is a string value representing the REST resource this
|
||||||
|
object represents. Servers may infer this from the endpoint the client
|
||||||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||||
|
type: string
|
||||||
|
metadata:
|
||||||
|
type: object
|
||||||
|
spec:
|
||||||
|
description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
|
||||||
|
properties:
|
||||||
|
inFlightConn:
|
||||||
|
description: InFlightConn defines the InFlightConn middleware configuration.
|
||||||
|
properties:
|
||||||
|
amount:
|
||||||
|
description: Amount defines the maximum amount of allowed simultaneous
|
||||||
|
connections. The middleware closes the connection if there are
|
||||||
|
already amount connections opened.
|
||||||
|
format: int64
|
||||||
|
type: integer
|
||||||
|
type: object
|
||||||
|
ipWhiteList:
|
||||||
|
description: IPWhiteList defines the IPWhiteList middleware configuration.
|
||||||
|
properties:
|
||||||
|
sourceRange:
|
||||||
|
description: SourceRange defines the allowed IPs (or ranges of
|
||||||
|
allowed IPs by using CIDR notation).
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- metadata
|
||||||
|
- spec
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
status:
|
||||||
|
acceptedNames:
|
||||||
|
kind: ""
|
||||||
|
plural: ""
|
||||||
|
conditions: []
|
||||||
|
storedVersions: []
|
|
@ -0,0 +1,128 @@
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
controller-gen.kubebuilder.io/version: v0.6.2
|
||||||
|
creationTimestamp: null
|
||||||
|
name: serverstransports.traefik.io
|
||||||
|
spec:
|
||||||
|
group: traefik.io
|
||||||
|
names:
|
||||||
|
kind: ServersTransport
|
||||||
|
listKind: ServersTransportList
|
||||||
|
plural: serverstransports
|
||||||
|
singular: serverstransport
|
||||||
|
scope: Namespaced
|
||||||
|
versions:
|
||||||
|
- name: v1alpha1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
description: 'ServersTransport is the CRD implementation of a ServersTransport.
|
||||||
|
If no serversTransport is specified, the default@internal will be used.
|
||||||
|
The default@internal serversTransport is created from the static configuration.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1'
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
description: 'APIVersion defines the versioned schema of this representation
|
||||||
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: 'Kind is a string value representing the REST resource this
|
||||||
|
object represents. Servers may infer this from the endpoint the client
|
||||||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||||
|
type: string
|
||||||
|
metadata:
|
||||||
|
type: object
|
||||||
|
spec:
|
||||||
|
description: ServersTransportSpec defines the desired state of a ServersTransport.
|
||||||
|
properties:
|
||||||
|
certificatesSecrets:
|
||||||
|
description: CertificatesSecrets defines a list of secret storing
|
||||||
|
client certificates for mTLS.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
disableHTTP2:
|
||||||
|
description: DisableHTTP2 disables HTTP/2 for connections with backend
|
||||||
|
servers.
|
||||||
|
type: boolean
|
||||||
|
forwardingTimeouts:
|
||||||
|
description: ForwardingTimeouts defines the timeouts for requests
|
||||||
|
forwarded to the backend servers.
|
||||||
|
properties:
|
||||||
|
dialTimeout:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
description: DialTimeout is the amount of time to wait until a
|
||||||
|
connection to a backend server can be established.
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
idleConnTimeout:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
description: IdleConnTimeout is the maximum period for which an
|
||||||
|
idle HTTP keep-alive connection will remain open before closing
|
||||||
|
itself.
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
pingTimeout:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
description: PingTimeout is the timeout after which the HTTP/2
|
||||||
|
connection will be closed if a response to ping is not received.
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
readIdleTimeout:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
description: ReadIdleTimeout is the timeout after which a health
|
||||||
|
check using ping frame will be carried out if no frame is received
|
||||||
|
on the HTTP/2 connection.
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
responseHeaderTimeout:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
description: ResponseHeaderTimeout is the amount of time to wait
|
||||||
|
for a server's response headers after fully writing the request
|
||||||
|
(including its body, if any).
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
type: object
|
||||||
|
insecureSkipVerify:
|
||||||
|
description: InsecureSkipVerify disables SSL certificate verification.
|
||||||
|
type: boolean
|
||||||
|
maxIdleConnsPerHost:
|
||||||
|
description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
|
||||||
|
to keep per-host.
|
||||||
|
type: integer
|
||||||
|
peerCertURI:
|
||||||
|
description: PeerCertURI defines the peer cert URI used to match against
|
||||||
|
SAN URI during the peer certificate verification.
|
||||||
|
type: string
|
||||||
|
rootCAsSecrets:
|
||||||
|
description: RootCAsSecrets defines a list of CA secret used to validate
|
||||||
|
self-signed certificate.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
serverName:
|
||||||
|
description: ServerName defines the server name used to contact the
|
||||||
|
server.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- metadata
|
||||||
|
- spec
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
status:
|
||||||
|
acceptedNames:
|
||||||
|
kind: ""
|
||||||
|
plural: ""
|
||||||
|
conditions: []
|
||||||
|
storedVersions: []
|
|
@ -0,0 +1,113 @@
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
controller-gen.kubebuilder.io/version: v0.6.2
|
||||||
|
creationTimestamp: null
|
||||||
|
name: tlsoptions.traefik.io
|
||||||
|
spec:
|
||||||
|
group: traefik.io
|
||||||
|
names:
|
||||||
|
kind: TLSOption
|
||||||
|
listKind: TLSOptionList
|
||||||
|
plural: tlsoptions
|
||||||
|
singular: tlsoption
|
||||||
|
scope: Namespaced
|
||||||
|
versions:
|
||||||
|
- name: v1alpha1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
|
||||||
|
allowing to configure some parameters of the TLS connection. More info:
|
||||||
|
https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
description: 'APIVersion defines the versioned schema of this representation
|
||||||
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: 'Kind is a string value representing the REST resource this
|
||||||
|
object represents. Servers may infer this from the endpoint the client
|
||||||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||||
|
type: string
|
||||||
|
metadata:
|
||||||
|
type: object
|
||||||
|
spec:
|
||||||
|
description: TLSOptionSpec defines the desired state of a TLSOption.
|
||||||
|
properties:
|
||||||
|
alpnProtocols:
|
||||||
|
description: 'ALPNProtocols defines the list of supported application
|
||||||
|
level protocols for the TLS handshake, in order of preference. More
|
||||||
|
info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols'
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
cipherSuites:
|
||||||
|
description: 'CipherSuites defines the list of supported cipher suites
|
||||||
|
for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites'
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
clientAuth:
|
||||||
|
description: ClientAuth defines the server's policy for TLS Client
|
||||||
|
Authentication.
|
||||||
|
properties:
|
||||||
|
clientAuthType:
|
||||||
|
description: ClientAuthType defines the client authentication
|
||||||
|
type to apply.
|
||||||
|
enum:
|
||||||
|
- NoClientCert
|
||||||
|
- RequestClientCert
|
||||||
|
- RequireAnyClientCert
|
||||||
|
- VerifyClientCertIfGiven
|
||||||
|
- RequireAndVerifyClientCert
|
||||||
|
type: string
|
||||||
|
secretNames:
|
||||||
|
description: SecretNames defines the names of the referenced Kubernetes
|
||||||
|
Secret storing certificate details.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
curvePreferences:
|
||||||
|
description: 'CurvePreferences defines the preferred elliptic curves
|
||||||
|
in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences'
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
maxVersion:
|
||||||
|
description: 'MaxVersion defines the maximum TLS version that Traefik
|
||||||
|
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
|
||||||
|
VersionTLS13. Default: None.'
|
||||||
|
type: string
|
||||||
|
minVersion:
|
||||||
|
description: 'MinVersion defines the minimum TLS version that Traefik
|
||||||
|
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
|
||||||
|
VersionTLS13. Default: VersionTLS10.'
|
||||||
|
type: string
|
||||||
|
preferServerCipherSuites:
|
||||||
|
description: 'PreferServerCipherSuites defines whether the server
|
||||||
|
chooses a cipher suite among his own instead of among the client''s.
|
||||||
|
It is enabled automatically when minVersion or maxVersion is set.
|
||||||
|
Deprecated: https://github.com/golang/go/issues/45430'
|
||||||
|
type: boolean
|
||||||
|
sniStrict:
|
||||||
|
description: SniStrict defines whether Traefik allows connections
|
||||||
|
from clients connections that do not specify a server_name extension.
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- metadata
|
||||||
|
- spec
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
status:
|
||||||
|
acceptedNames:
|
||||||
|
kind: ""
|
||||||
|
plural: ""
|
||||||
|
conditions: []
|
||||||
|
storedVersions: []
|
|
@ -0,0 +1,99 @@
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
controller-gen.kubebuilder.io/version: v0.6.2
|
||||||
|
creationTimestamp: null
|
||||||
|
name: tlsstores.traefik.io
|
||||||
|
spec:
|
||||||
|
group: traefik.io
|
||||||
|
names:
|
||||||
|
kind: TLSStore
|
||||||
|
listKind: TLSStoreList
|
||||||
|
plural: tlsstores
|
||||||
|
singular: tlsstore
|
||||||
|
scope: Namespaced
|
||||||
|
versions:
|
||||||
|
- name: v1alpha1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
|
||||||
|
the time being, only the TLSStore named default is supported. This means
|
||||||
|
that you cannot have two stores that are named default in different Kubernetes
|
||||||
|
namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores'
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
description: 'APIVersion defines the versioned schema of this representation
|
||||||
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: 'Kind is a string value representing the REST resource this
|
||||||
|
object represents. Servers may infer this from the endpoint the client
|
||||||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||||
|
type: string
|
||||||
|
metadata:
|
||||||
|
type: object
|
||||||
|
spec:
|
||||||
|
description: TLSStoreSpec defines the desired state of a TLSStore.
|
||||||
|
properties:
|
||||||
|
certificates:
|
||||||
|
description: Certificates is a list of secret names, each secret holding
|
||||||
|
a key/certificate pair to add to the store.
|
||||||
|
items:
|
||||||
|
description: Certificate holds a secret name for the TLSStore resource.
|
||||||
|
properties:
|
||||||
|
secretName:
|
||||||
|
description: SecretName is the name of the referenced Kubernetes
|
||||||
|
Secret to specify the certificate details.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- secretName
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
defaultCertificate:
|
||||||
|
description: DefaultCertificate defines the default certificate configuration.
|
||||||
|
properties:
|
||||||
|
secretName:
|
||||||
|
description: SecretName is the name of the referenced Kubernetes
|
||||||
|
Secret to specify the certificate details.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- secretName
|
||||||
|
type: object
|
||||||
|
defaultGeneratedCert:
|
||||||
|
description: DefaultGeneratedCert defines the default generated certificate
|
||||||
|
configuration.
|
||||||
|
properties:
|
||||||
|
domain:
|
||||||
|
description: Domain is the domain definition for the DefaultCertificate.
|
||||||
|
properties:
|
||||||
|
main:
|
||||||
|
description: Main defines the main domain name.
|
||||||
|
type: string
|
||||||
|
sans:
|
||||||
|
description: SANs defines the subject alternative domain names.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
resolver:
|
||||||
|
description: Resolver is the name of the resolver that will be
|
||||||
|
used to issue the DefaultCertificate.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- metadata
|
||||||
|
- spec
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
status:
|
||||||
|
acceptedNames:
|
||||||
|
kind: ""
|
||||||
|
plural: ""
|
||||||
|
conditions: []
|
||||||
|
storedVersions: []
|
|
@ -0,0 +1,402 @@
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
controller-gen.kubebuilder.io/version: v0.6.2
|
||||||
|
creationTimestamp: null
|
||||||
|
name: traefikservices.traefik.io
|
||||||
|
spec:
|
||||||
|
group: traefik.io
|
||||||
|
names:
|
||||||
|
kind: TraefikService
|
||||||
|
listKind: TraefikServiceList
|
||||||
|
plural: traefikservices
|
||||||
|
singular: traefikservice
|
||||||
|
scope: Namespaced
|
||||||
|
versions:
|
||||||
|
- name: v1alpha1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
description: 'TraefikService is the CRD implementation of a Traefik Service.
|
||||||
|
TraefikService object allows to: - Apply weight to Services on load-balancing
|
||||||
|
- Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice'
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
description: 'APIVersion defines the versioned schema of this representation
|
||||||
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: 'Kind is a string value representing the REST resource this
|
||||||
|
object represents. Servers may infer this from the endpoint the client
|
||||||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||||
|
type: string
|
||||||
|
metadata:
|
||||||
|
type: object
|
||||||
|
spec:
|
||||||
|
description: TraefikServiceSpec defines the desired state of a TraefikService.
|
||||||
|
properties:
|
||||||
|
mirroring:
|
||||||
|
description: Mirroring defines the Mirroring service configuration.
|
||||||
|
properties:
|
||||||
|
kind:
|
||||||
|
description: Kind defines the kind of the Service.
|
||||||
|
enum:
|
||||||
|
- Service
|
||||||
|
- TraefikService
|
||||||
|
type: string
|
||||||
|
maxBodySize:
|
||||||
|
description: MaxBodySize defines the maximum size allowed for
|
||||||
|
the body of the request. If the body is larger, the request
|
||||||
|
is not mirrored. Default value is -1, which means unlimited
|
||||||
|
size.
|
||||||
|
format: int64
|
||||||
|
type: integer
|
||||||
|
mirrors:
|
||||||
|
description: Mirrors defines the list of mirrors where Traefik
|
||||||
|
will duplicate the traffic.
|
||||||
|
items:
|
||||||
|
description: MirrorService holds the mirror configuration.
|
||||||
|
properties:
|
||||||
|
kind:
|
||||||
|
description: Kind defines the kind of the Service.
|
||||||
|
enum:
|
||||||
|
- Service
|
||||||
|
- TraefikService
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: Name defines the name of the referenced Kubernetes
|
||||||
|
Service or TraefikService. The differentiation between
|
||||||
|
the two is specified in the Kind field.
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: Namespace defines the namespace of the referenced
|
||||||
|
Kubernetes Service or TraefikService.
|
||||||
|
type: string
|
||||||
|
nativeLB:
|
||||||
|
description: NativeLB controls, when creating the load-balancer,
|
||||||
|
whether the LB's children are directly the pods IPs or
|
||||||
|
if the only child is the Kubernetes Service clusterIP.
|
||||||
|
The Kubernetes Service itself does load-balance to the
|
||||||
|
pods. By default, NativeLB is false.
|
||||||
|
type: boolean
|
||||||
|
passHostHeader:
|
||||||
|
description: PassHostHeader defines whether the client Host
|
||||||
|
header is forwarded to the upstream Kubernetes Service.
|
||||||
|
By default, passHostHeader is true.
|
||||||
|
type: boolean
|
||||||
|
percent:
|
||||||
|
description: 'Percent defines the part of the traffic to
|
||||||
|
mirror. Supported values: 0 to 100.'
|
||||||
|
type: integer
|
||||||
|
port:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
description: Port defines the port of a Kubernetes Service.
|
||||||
|
This can be a reference to a named port.
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
responseForwarding:
|
||||||
|
description: ResponseForwarding defines how Traefik forwards
|
||||||
|
the response from the upstream Kubernetes Service to the
|
||||||
|
client.
|
||||||
|
properties:
|
||||||
|
flushInterval:
|
||||||
|
description: 'FlushInterval defines the interval, in
|
||||||
|
milliseconds, in between flushes to the client while
|
||||||
|
copying the response body. A negative value means
|
||||||
|
to flush immediately after each write to the client.
|
||||||
|
This configuration is ignored when ReverseProxy recognizes
|
||||||
|
a response as a streaming response; for such responses,
|
||||||
|
writes are flushed to the client immediately. Default:
|
||||||
|
100ms'
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
scheme:
|
||||||
|
description: Scheme defines the scheme to use for the request
|
||||||
|
to the upstream Kubernetes Service. It defaults to https
|
||||||
|
when Kubernetes Service port is 443, http otherwise.
|
||||||
|
type: string
|
||||||
|
serversTransport:
|
||||||
|
description: ServersTransport defines the name of ServersTransport
|
||||||
|
resource to use. It allows to configure the transport
|
||||||
|
between Traefik and your servers. Can only be used on
|
||||||
|
a Kubernetes Service.
|
||||||
|
type: string
|
||||||
|
sticky:
|
||||||
|
description: 'Sticky defines the sticky sessions configuration.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
|
||||||
|
properties:
|
||||||
|
cookie:
|
||||||
|
description: Cookie defines the sticky cookie configuration.
|
||||||
|
properties:
|
||||||
|
httpOnly:
|
||||||
|
description: HTTPOnly defines whether the cookie
|
||||||
|
can be accessed by client-side APIs, such as JavaScript.
|
||||||
|
type: boolean
|
||||||
|
name:
|
||||||
|
description: Name defines the Cookie name.
|
||||||
|
type: string
|
||||||
|
sameSite:
|
||||||
|
description: 'SameSite defines the same site policy.
|
||||||
|
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||||
|
type: string
|
||||||
|
secure:
|
||||||
|
description: Secure defines whether the cookie can
|
||||||
|
only be transmitted over an encrypted connection
|
||||||
|
(i.e. HTTPS).
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
strategy:
|
||||||
|
description: Strategy defines the load balancing strategy
|
||||||
|
between the servers. RoundRobin is the only supported
|
||||||
|
value at the moment.
|
||||||
|
type: string
|
||||||
|
weight:
|
||||||
|
description: Weight defines the weight and should only be
|
||||||
|
specified when Name references a TraefikService object
|
||||||
|
(and to be precise, one that embeds a Weighted Round Robin).
|
||||||
|
type: integer
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
name:
|
||||||
|
description: Name defines the name of the referenced Kubernetes
|
||||||
|
Service or TraefikService. The differentiation between the two
|
||||||
|
is specified in the Kind field.
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: Namespace defines the namespace of the referenced
|
||||||
|
Kubernetes Service or TraefikService.
|
||||||
|
type: string
|
||||||
|
nativeLB:
|
||||||
|
description: NativeLB controls, when creating the load-balancer,
|
||||||
|
whether the LB's children are directly the pods IPs or if the
|
||||||
|
only child is the Kubernetes Service clusterIP. The Kubernetes
|
||||||
|
Service itself does load-balance to the pods. By default, NativeLB
|
||||||
|
is false.
|
||||||
|
type: boolean
|
||||||
|
passHostHeader:
|
||||||
|
description: PassHostHeader defines whether the client Host header
|
||||||
|
is forwarded to the upstream Kubernetes Service. By default,
|
||||||
|
passHostHeader is true.
|
||||||
|
type: boolean
|
||||||
|
port:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
description: Port defines the port of a Kubernetes Service. This
|
||||||
|
can be a reference to a named port.
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
responseForwarding:
|
||||||
|
description: ResponseForwarding defines how Traefik forwards the
|
||||||
|
response from the upstream Kubernetes Service to the client.
|
||||||
|
properties:
|
||||||
|
flushInterval:
|
||||||
|
description: 'FlushInterval defines the interval, in milliseconds,
|
||||||
|
in between flushes to the client while copying the response
|
||||||
|
body. A negative value means to flush immediately after
|
||||||
|
each write to the client. This configuration is ignored
|
||||||
|
when ReverseProxy recognizes a response as a streaming response;
|
||||||
|
for such responses, writes are flushed to the client immediately.
|
||||||
|
Default: 100ms'
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
scheme:
|
||||||
|
description: Scheme defines the scheme to use for the request
|
||||||
|
to the upstream Kubernetes Service. It defaults to https when
|
||||||
|
Kubernetes Service port is 443, http otherwise.
|
||||||
|
type: string
|
||||||
|
serversTransport:
|
||||||
|
description: ServersTransport defines the name of ServersTransport
|
||||||
|
resource to use. It allows to configure the transport between
|
||||||
|
Traefik and your servers. Can only be used on a Kubernetes Service.
|
||||||
|
type: string
|
||||||
|
sticky:
|
||||||
|
description: 'Sticky defines the sticky sessions configuration.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
|
||||||
|
properties:
|
||||||
|
cookie:
|
||||||
|
description: Cookie defines the sticky cookie configuration.
|
||||||
|
properties:
|
||||||
|
httpOnly:
|
||||||
|
description: HTTPOnly defines whether the cookie can be
|
||||||
|
accessed by client-side APIs, such as JavaScript.
|
||||||
|
type: boolean
|
||||||
|
name:
|
||||||
|
description: Name defines the Cookie name.
|
||||||
|
type: string
|
||||||
|
sameSite:
|
||||||
|
description: 'SameSite defines the same site policy. More
|
||||||
|
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||||
|
type: string
|
||||||
|
secure:
|
||||||
|
description: Secure defines whether the cookie can only
|
||||||
|
be transmitted over an encrypted connection (i.e. HTTPS).
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
strategy:
|
||||||
|
description: Strategy defines the load balancing strategy between
|
||||||
|
the servers. RoundRobin is the only supported value at the moment.
|
||||||
|
type: string
|
||||||
|
weight:
|
||||||
|
description: Weight defines the weight and should only be specified
|
||||||
|
when Name references a TraefikService object (and to be precise,
|
||||||
|
one that embeds a Weighted Round Robin).
|
||||||
|
type: integer
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
weighted:
|
||||||
|
description: Weighted defines the Weighted Round Robin configuration.
|
||||||
|
properties:
|
||||||
|
services:
|
||||||
|
description: Services defines the list of Kubernetes Service and/or
|
||||||
|
TraefikService to load-balance, with weight.
|
||||||
|
items:
|
||||||
|
description: Service defines an upstream HTTP service to proxy
|
||||||
|
traffic to.
|
||||||
|
properties:
|
||||||
|
kind:
|
||||||
|
description: Kind defines the kind of the Service.
|
||||||
|
enum:
|
||||||
|
- Service
|
||||||
|
- TraefikService
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: Name defines the name of the referenced Kubernetes
|
||||||
|
Service or TraefikService. The differentiation between
|
||||||
|
the two is specified in the Kind field.
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
description: Namespace defines the namespace of the referenced
|
||||||
|
Kubernetes Service or TraefikService.
|
||||||
|
type: string
|
||||||
|
nativeLB:
|
||||||
|
description: NativeLB controls, when creating the load-balancer,
|
||||||
|
whether the LB's children are directly the pods IPs or
|
||||||
|
if the only child is the Kubernetes Service clusterIP.
|
||||||
|
The Kubernetes Service itself does load-balance to the
|
||||||
|
pods. By default, NativeLB is false.
|
||||||
|
type: boolean
|
||||||
|
passHostHeader:
|
||||||
|
description: PassHostHeader defines whether the client Host
|
||||||
|
header is forwarded to the upstream Kubernetes Service.
|
||||||
|
By default, passHostHeader is true.
|
||||||
|
type: boolean
|
||||||
|
port:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
description: Port defines the port of a Kubernetes Service.
|
||||||
|
This can be a reference to a named port.
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
responseForwarding:
|
||||||
|
description: ResponseForwarding defines how Traefik forwards
|
||||||
|
the response from the upstream Kubernetes Service to the
|
||||||
|
client.
|
||||||
|
properties:
|
||||||
|
flushInterval:
|
||||||
|
description: 'FlushInterval defines the interval, in
|
||||||
|
milliseconds, in between flushes to the client while
|
||||||
|
copying the response body. A negative value means
|
||||||
|
to flush immediately after each write to the client.
|
||||||
|
This configuration is ignored when ReverseProxy recognizes
|
||||||
|
a response as a streaming response; for such responses,
|
||||||
|
writes are flushed to the client immediately. Default:
|
||||||
|
100ms'
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
scheme:
|
||||||
|
description: Scheme defines the scheme to use for the request
|
||||||
|
to the upstream Kubernetes Service. It defaults to https
|
||||||
|
when Kubernetes Service port is 443, http otherwise.
|
||||||
|
type: string
|
||||||
|
serversTransport:
|
||||||
|
description: ServersTransport defines the name of ServersTransport
|
||||||
|
resource to use. It allows to configure the transport
|
||||||
|
between Traefik and your servers. Can only be used on
|
||||||
|
a Kubernetes Service.
|
||||||
|
type: string
|
||||||
|
sticky:
|
||||||
|
description: 'Sticky defines the sticky sessions configuration.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
|
||||||
|
properties:
|
||||||
|
cookie:
|
||||||
|
description: Cookie defines the sticky cookie configuration.
|
||||||
|
properties:
|
||||||
|
httpOnly:
|
||||||
|
description: HTTPOnly defines whether the cookie
|
||||||
|
can be accessed by client-side APIs, such as JavaScript.
|
||||||
|
type: boolean
|
||||||
|
name:
|
||||||
|
description: Name defines the Cookie name.
|
||||||
|
type: string
|
||||||
|
sameSite:
|
||||||
|
description: 'SameSite defines the same site policy.
|
||||||
|
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||||
|
type: string
|
||||||
|
secure:
|
||||||
|
description: Secure defines whether the cookie can
|
||||||
|
only be transmitted over an encrypted connection
|
||||||
|
(i.e. HTTPS).
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
strategy:
|
||||||
|
description: Strategy defines the load balancing strategy
|
||||||
|
between the servers. RoundRobin is the only supported
|
||||||
|
value at the moment.
|
||||||
|
type: string
|
||||||
|
weight:
|
||||||
|
description: Weight defines the weight and should only be
|
||||||
|
specified when Name references a TraefikService object
|
||||||
|
(and to be precise, one that embeds a Weighted Round Robin).
|
||||||
|
type: integer
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
sticky:
|
||||||
|
description: 'Sticky defines whether sticky sessions are enabled.
|
||||||
|
More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
|
||||||
|
properties:
|
||||||
|
cookie:
|
||||||
|
description: Cookie defines the sticky cookie configuration.
|
||||||
|
properties:
|
||||||
|
httpOnly:
|
||||||
|
description: HTTPOnly defines whether the cookie can be
|
||||||
|
accessed by client-side APIs, such as JavaScript.
|
||||||
|
type: boolean
|
||||||
|
name:
|
||||||
|
description: Name defines the Cookie name.
|
||||||
|
type: string
|
||||||
|
sameSite:
|
||||||
|
description: 'SameSite defines the same site policy. More
|
||||||
|
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||||
|
type: string
|
||||||
|
secure:
|
||||||
|
description: Secure defines whether the cookie can only
|
||||||
|
be transmitted over an encrypted connection (i.e. HTTPS).
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- metadata
|
||||||
|
- spec
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
status:
|
||||||
|
acceptedNames:
|
||||||
|
kind: ""
|
||||||
|
plural: ""
|
||||||
|
conditions: []
|
||||||
|
storedVersions: []
|
|
@ -0,0 +1,416 @@
|
||||||
|
image:
|
||||||
|
repository: tccr.io/truecharts/traefik
|
||||||
|
tag: 2.10.1@sha256:049aece2d3e7eddabed1e2e4c4bd03ceba372d3b9f461386b262b6cb69369fcf
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
manifestManager:
|
||||||
|
enabled: true
|
||||||
|
workload:
|
||||||
|
main:
|
||||||
|
replicas: 2
|
||||||
|
strategy: RollingUpdate
|
||||||
|
podSpec:
|
||||||
|
containers:
|
||||||
|
main:
|
||||||
|
args: []
|
||||||
|
probes:
|
||||||
|
# -- Liveness probe configuration
|
||||||
|
# @default -- See below
|
||||||
|
liveness:
|
||||||
|
# -- sets the probe type when not using a custom probe
|
||||||
|
# @default -- "TCP"
|
||||||
|
type: tcp
|
||||||
|
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
||||||
|
# @default -- "/"
|
||||||
|
# path: "/ping"
|
||||||
|
|
||||||
|
# -- Redainess probe configuration
|
||||||
|
# @default -- See below
|
||||||
|
readiness:
|
||||||
|
# -- sets the probe type when not using a custom probe
|
||||||
|
# @default -- "TCP"
|
||||||
|
type: tcp
|
||||||
|
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
||||||
|
# @default -- "/"
|
||||||
|
# path: "/ping"
|
||||||
|
|
||||||
|
# -- Startup probe configuration
|
||||||
|
# @default -- See below
|
||||||
|
startup:
|
||||||
|
# -- sets the probe type when not using a custom probe
|
||||||
|
# @default -- "TCP"
|
||||||
|
type: tcp
|
||||||
|
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
||||||
|
# @default -- "/"
|
||||||
|
# path: "/ping"
|
||||||
|
|
||||||
|
# -- Options for all pods
|
||||||
|
# Can be overruled per pod
|
||||||
|
podOptions:
|
||||||
|
automountServiceAccountToken: true
|
||||||
|
|
||||||
|
# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
|
||||||
|
ingressClass:
|
||||||
|
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
|
||||||
|
enabled: false
|
||||||
|
isDefaultClass: false
|
||||||
|
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
|
||||||
|
fallbackApiVersion: ""
|
||||||
|
|
||||||
|
# -- Create an IngressRoute for the dashboard
|
||||||
|
ingressRoute:
|
||||||
|
dashboard:
|
||||||
|
enabled: true
|
||||||
|
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
|
||||||
|
annotations: {}
|
||||||
|
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
|
||||||
|
labels: {}
|
||||||
|
#
|
||||||
|
# -- Configure providers
|
||||||
|
providers:
|
||||||
|
kubernetesCRD:
|
||||||
|
enabled: true
|
||||||
|
namespaces:
|
||||||
|
[]
|
||||||
|
# - "default"
|
||||||
|
kubernetesIngress:
|
||||||
|
enabled: true
|
||||||
|
# labelSelector: environment=production,method=traefik
|
||||||
|
namespaces:
|
||||||
|
[]
|
||||||
|
# - "default"
|
||||||
|
# IP used for Kubernetes Ingress endpoints
|
||||||
|
publishedService:
|
||||||
|
enabled: true
|
||||||
|
# Published Kubernetes Service to copy status from. Format: namespace/servicename
|
||||||
|
# By default this Traefik service
|
||||||
|
# pathOverride: ""
|
||||||
|
|
||||||
|
# -- Logs
|
||||||
|
# https://docs.traefik.io/observability/logs/
|
||||||
|
logs:
|
||||||
|
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
|
||||||
|
general:
|
||||||
|
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
|
||||||
|
level: ERROR
|
||||||
|
# -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format
|
||||||
|
format: common
|
||||||
|
access:
|
||||||
|
# To enable access logs
|
||||||
|
enabled: false
|
||||||
|
# To write the logs in an asynchronous fashion, specify a bufferingSize option.
|
||||||
|
# This option represents the number of log lines Traefik will keep in memory before writing
|
||||||
|
# them to the selected output. In some cases, this option can greatly help performances.
|
||||||
|
# bufferingSize: 100
|
||||||
|
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
|
||||||
|
filters:
|
||||||
|
{}
|
||||||
|
# statuscodes: "200,300-302"
|
||||||
|
# retryattempts: true
|
||||||
|
# minduration: 10ms
|
||||||
|
# Fields
|
||||||
|
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
|
||||||
|
fields:
|
||||||
|
general:
|
||||||
|
defaultmode: keep
|
||||||
|
names:
|
||||||
|
{}
|
||||||
|
# Examples:
|
||||||
|
# ClientUsername: drop
|
||||||
|
headers:
|
||||||
|
defaultmode: drop
|
||||||
|
names:
|
||||||
|
{}
|
||||||
|
# Examples:
|
||||||
|
# User-Agent: redact
|
||||||
|
# Authorization: drop
|
||||||
|
# Content-Type: keep
|
||||||
|
# -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format
|
||||||
|
format: common
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
type: servicemonitor
|
||||||
|
endpoints:
|
||||||
|
- port: metrics
|
||||||
|
path: /metrics
|
||||||
|
targetSelector: metrics
|
||||||
|
|
||||||
|
globalArguments:
|
||||||
|
- "--global.checknewversion"
|
||||||
|
|
||||||
|
##
|
||||||
|
# -- Additional arguments to be passed at Traefik's binary
|
||||||
|
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
|
||||||
|
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
|
||||||
|
additionalArguments:
|
||||||
|
- "--serverstransport.insecureskipverify=true"
|
||||||
|
- "--providers.kubernetesingress.allowexternalnameservices=true"
|
||||||
|
|
||||||
|
# -- TLS Options to be created as TLSOption CRDs
|
||||||
|
# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options
|
||||||
|
# Example:
|
||||||
|
tlsOptions:
|
||||||
|
default:
|
||||||
|
sniStrict: false
|
||||||
|
minVersion: VersionTLS12
|
||||||
|
curvePreferences:
|
||||||
|
- CurveP521
|
||||||
|
- CurveP384
|
||||||
|
cipherSuites:
|
||||||
|
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||||
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||||
|
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
||||||
|
- TLS_AES_128_GCM_SHA256
|
||||||
|
- TLS_AES_256_GCM_SHA384
|
||||||
|
- TLS_CHACHA20_POLY1305_SHA256
|
||||||
|
|
||||||
|
# -- Options for the main traefik service, where the entrypoints traffic comes from
|
||||||
|
# from.
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
type: LoadBalancer
|
||||||
|
ports:
|
||||||
|
main:
|
||||||
|
port: 9000
|
||||||
|
targetPort: 9000
|
||||||
|
protocol: http
|
||||||
|
# -- Forwarded Headers should never be enabled on Main entrypoint
|
||||||
|
forwardedHeaders:
|
||||||
|
enabled: false
|
||||||
|
# -- Proxy Protocol should never be enabled on Main entrypoint
|
||||||
|
proxyProtocol:
|
||||||
|
enabled: false
|
||||||
|
tcp:
|
||||||
|
enabled: true
|
||||||
|
type: LoadBalancer
|
||||||
|
ports:
|
||||||
|
web:
|
||||||
|
enabled: true
|
||||||
|
port: 9080
|
||||||
|
protocol: http
|
||||||
|
redirectTo: websecure
|
||||||
|
# Options: Empty, 0 (ingore), or positive int
|
||||||
|
# redirectPort:
|
||||||
|
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
|
||||||
|
forwardedHeaders:
|
||||||
|
enabled: false
|
||||||
|
# -- List of trusted IP and CIDR references
|
||||||
|
trustedIPs: []
|
||||||
|
# -- Trust all forwarded headers
|
||||||
|
insecureMode: false
|
||||||
|
# -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
|
||||||
|
proxyProtocol:
|
||||||
|
enabled: false
|
||||||
|
# -- Only IPs in trustedIPs will lead to remote client address replacement
|
||||||
|
trustedIPs: []
|
||||||
|
# -- Trust every incoming connection
|
||||||
|
insecureMode: false
|
||||||
|
websecure:
|
||||||
|
enabled: true
|
||||||
|
port: 9443
|
||||||
|
protocol: https
|
||||||
|
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
|
||||||
|
forwardedHeaders:
|
||||||
|
enabled: false
|
||||||
|
# -- List of trusted IP and CIDR references
|
||||||
|
trustedIPs: []
|
||||||
|
# -- Trust all forwarded headers
|
||||||
|
insecureMode: false
|
||||||
|
# -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
|
||||||
|
proxyProtocol:
|
||||||
|
enabled: false
|
||||||
|
# -- Only IPs in trustedIPs will lead to remote client address replacement
|
||||||
|
trustedIPs: []
|
||||||
|
# -- Trust every incoming connection
|
||||||
|
insecureMode: false
|
||||||
|
# tcpexample:
|
||||||
|
# enabled: true
|
||||||
|
# targetPort: 9443
|
||||||
|
# protocol: tcp
|
||||||
|
# tls:
|
||||||
|
# enabled: false
|
||||||
|
# # this is the name of a TLSOption definition
|
||||||
|
# options: ""
|
||||||
|
# certResolver: ""
|
||||||
|
# domains: []
|
||||||
|
# # - main: example.com
|
||||||
|
# # sans:
|
||||||
|
# # - foo.example.com
|
||||||
|
# # - bar.example.com
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
port: 9180
|
||||||
|
targetPort: 9180
|
||||||
|
protocol: http
|
||||||
|
# -- Forwarded Headers should never be enabled on Metrics entrypoint
|
||||||
|
forwardedHeaders:
|
||||||
|
enabled: false
|
||||||
|
# -- Proxy Protocol should never be enabled on Metrics entrypoint
|
||||||
|
proxyProtocol:
|
||||||
|
enabled: false
|
||||||
|
# udp:
|
||||||
|
# enabled: false
|
||||||
|
|
||||||
|
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
|
||||||
|
rbac:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
primary: true
|
||||||
|
clusterWide: true
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- services
|
||||||
|
- endpoints
|
||||||
|
- secrets
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- extensions
|
||||||
|
- networking.k8s.io
|
||||||
|
resources:
|
||||||
|
- ingresses
|
||||||
|
- ingressclasses
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- extensions
|
||||||
|
- networking.k8s.io
|
||||||
|
resources:
|
||||||
|
- ingresses/status
|
||||||
|
verbs:
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- traefik.containo.us
|
||||||
|
- traefik.io
|
||||||
|
resources:
|
||||||
|
- middlewares
|
||||||
|
- middlewaretcps
|
||||||
|
- ingressroutes
|
||||||
|
- traefikservices
|
||||||
|
- ingressroutetcps
|
||||||
|
- ingressrouteudps
|
||||||
|
- tlsoptions
|
||||||
|
- tlsstores
|
||||||
|
- serverstransports
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
|
||||||
|
# -- The service account the pods will use to interact with the Kubernetes API
|
||||||
|
serviceAccount:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
primary: true
|
||||||
|
|
||||||
|
# -- SCALE Middleware Handlers
|
||||||
|
middlewares:
|
||||||
|
basicAuth: []
|
||||||
|
# - name: basicauthexample
|
||||||
|
# users:
|
||||||
|
# - username: testuser
|
||||||
|
# password: testpassword
|
||||||
|
forwardAuth: []
|
||||||
|
# - name: forwardAuthexample
|
||||||
|
# address: https://auth.example.com/
|
||||||
|
# authResponseHeaders:
|
||||||
|
# - X-Secret
|
||||||
|
# - X-Auth-User
|
||||||
|
# authRequestHeaders:
|
||||||
|
# - "Accept"
|
||||||
|
# - "X-CustomHeader"
|
||||||
|
# authResponseHeadersRegex: "^X-"
|
||||||
|
# trustForwardHeader: true
|
||||||
|
chain: []
|
||||||
|
# - name: chainname
|
||||||
|
# middlewares:
|
||||||
|
# - name: compress
|
||||||
|
redirectScheme: []
|
||||||
|
# - name: redirectSchemeName
|
||||||
|
# scheme: https
|
||||||
|
# permanent: true
|
||||||
|
rateLimit: []
|
||||||
|
# - name: rateLimitName
|
||||||
|
# average: 300
|
||||||
|
# burst: 200
|
||||||
|
redirectRegex: []
|
||||||
|
# - name: redirectRegexName
|
||||||
|
# regex: putregexhere
|
||||||
|
# replacement: replacementurlhere
|
||||||
|
# permanent: false
|
||||||
|
stripPrefixRegex: []
|
||||||
|
# - name: stripPrefixRegexName
|
||||||
|
# regex: []
|
||||||
|
ipWhiteList: []
|
||||||
|
# - name: ipWhiteListName
|
||||||
|
# sourceRange: []
|
||||||
|
# ipStrategy:
|
||||||
|
# depth: 2
|
||||||
|
# excludedIPs: []
|
||||||
|
themeParkVersion: v1.3.0
|
||||||
|
themePark: []
|
||||||
|
# - name: themeParkName
|
||||||
|
# -- Supported apps, lower case name
|
||||||
|
# -- https://docs.theme-park.dev/themes
|
||||||
|
# app: appnamehere
|
||||||
|
# -- Supported themes, lower case name
|
||||||
|
# -- https://docs.theme-park.dev/themes/APPNAMEHERE
|
||||||
|
# -- https://docs.theme-park.dev/community-themes
|
||||||
|
# theme: themenamehere
|
||||||
|
# -- https://theme-park.dev or a self hosted url
|
||||||
|
# baseUrl: https://theme-park.dev
|
||||||
|
realIPVersion: v1.0.3
|
||||||
|
# Sets X-Real-Ip with an IP from the X-Forwarded-For or
|
||||||
|
# Cf-Connecting-Ip (If from Cloudflare)
|
||||||
|
# Evaluation of those headers will go from last to first
|
||||||
|
realIP: []
|
||||||
|
# - name: realIPName
|
||||||
|
# -- The real IP will be the first one that is
|
||||||
|
# -- not included in any of the CIDRs passed here
|
||||||
|
# excludedNetworks:
|
||||||
|
# - 1.1.1.1/24
|
||||||
|
addPrefix: []
|
||||||
|
# - name: addPrefixName
|
||||||
|
# prefix: "/foo"
|
||||||
|
geoBlockVersion: v0.2.4
|
||||||
|
geoBlock: []
|
||||||
|
# -- https://github.com/PascalMinder/geoblock
|
||||||
|
# - name: geoBlockName
|
||||||
|
# allowLocalRequests: true
|
||||||
|
# logLocalRequests: false
|
||||||
|
# logAllowedRequests: false
|
||||||
|
# logApiRequests: false
|
||||||
|
# api: https://get.geojs.io/v1/ip/country/{ip}
|
||||||
|
# apiTimeoutMs: 500
|
||||||
|
# cacheSize: 25
|
||||||
|
# forceMonthlyUpdate: true
|
||||||
|
# allowUnknownCountries: false
|
||||||
|
# unknownCountryApiResponse: nil
|
||||||
|
# blackListMode: false
|
||||||
|
# countries:
|
||||||
|
# - RU
|
||||||
|
|
||||||
|
portalhook:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
plugins:
|
||||||
|
enabled: true
|
||||||
|
mountPath: "/plugins-storage"
|
||||||
|
type: emptyDir
|
||||||
|
|
||||||
|
portal:
|
||||||
|
open:
|
||||||
|
enabled: true
|
||||||
|
path: /dashboard/
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1 @@
|
||||||
|
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
|
@ -0,0 +1,182 @@
|
||||||
|
{{/* Define the args */}}
|
||||||
|
{{- define "traefik.args" -}}
|
||||||
|
args:
|
||||||
|
{{/* merge all ports */}}
|
||||||
|
{{- $ports := dict }}
|
||||||
|
{{- range $.Values.service }}
|
||||||
|
{{- range $name, $value := .ports }}
|
||||||
|
{{- $_ := set $ports $name $value }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{/* start of actual arguments */}}
|
||||||
|
{{- with .Values.globalArguments }}
|
||||||
|
{{- range . }}
|
||||||
|
- {{ . | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- range $name, $config := $ports }}
|
||||||
|
{{- if $config }}
|
||||||
|
{{- if or ( eq $config.protocol "http" ) ( eq $config.protocol "https" ) ( eq $config.protocol "tcp" ) }}
|
||||||
|
{{- $_ := set $config "protocol" "tcp" }}
|
||||||
|
{{- end }}
|
||||||
|
- "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
- "--api.dashboard=true"
|
||||||
|
- "--ping=true"
|
||||||
|
{{- if .Values.traefikMetrics }}
|
||||||
|
{{- if .Values.traefikMetrics.datadog }}
|
||||||
|
- "--metrics.datadog=true"
|
||||||
|
- "--metrics.datadog.address={{ .Values.traefikMetrics.datadog.address }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.traefikMetrics.influxdb }}
|
||||||
|
- "--metrics.influxdb=true"
|
||||||
|
- "--metrics.influxdb.address={{ .Values.traefikMetrics.influxdb.address }}"
|
||||||
|
- "--metrics.influxdb.protocol={{ .Values.traefikMetrics.influxdb.protocol }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.traefikMetrics.statsd }}
|
||||||
|
- "--metrics.statsd=true"
|
||||||
|
- "--metrics.statsd.address={{ .Values.traefikMetrics.statsd.address }}"
|
||||||
|
{{- if or .Values.traefikMetrics.prometheus }}
|
||||||
|
- "--metrics.prometheus=true"
|
||||||
|
- "--metrics.prometheus.entrypoint=metrics"
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if or .Values.metrics.main.enabled }}
|
||||||
|
- "--metrics.prometheus=true"
|
||||||
|
- "--metrics.prometheus.entrypoint=metrics"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.providers.kubernetesCRD.enabled }}
|
||||||
|
- "--providers.kubernetescrd"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.providers.kubernetesIngress.enabled }}
|
||||||
|
- "--providers.kubernetesingress"
|
||||||
|
{{- if .Values.providers.kubernetesIngress.publishedService.enabled }}
|
||||||
|
- "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.providers.kubernetesIngress.labelSelector }}
|
||||||
|
- "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
|
||||||
|
{{- if .Values.providers.kubernetesCRD.enabled }}
|
||||||
|
- "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.providers.kubernetesIngress.enabled }}
|
||||||
|
- "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if $.Values.ingressClass.enabled }}
|
||||||
|
- "--providers.kubernetesingress.ingressclass={{ .Release.Name }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- range $entrypoint, $config := $ports }}
|
||||||
|
{{/* add args for proxyProtocol support */}}
|
||||||
|
{{- if $config.proxyProtocol }}
|
||||||
|
{{- if $config.proxyProtocol.enabled }}
|
||||||
|
{{- if $config.proxyProtocol.insecureMode }}
|
||||||
|
- "--entrypoints.{{ $entrypoint }}.proxyProtocol.insecure"
|
||||||
|
{{- end }}
|
||||||
|
{{- if not ( empty $config.proxyProtocol.trustedIPs ) }}
|
||||||
|
- "--entrypoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{/* add args for forwardedHeaders support */}}
|
||||||
|
{{- if $config.forwardedHeaders.enabled }}
|
||||||
|
{{- if not ( empty $config.forwardedHeaders.trustedIPs ) }}
|
||||||
|
- "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- if $config.forwardedHeaders.insecureMode }}
|
||||||
|
- "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure"
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{/* end forwardedHeaders configuration */}}
|
||||||
|
{{- if $config.redirectTo }}
|
||||||
|
{{- $toPort := index $ports $config.redirectTo }}
|
||||||
|
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}"
|
||||||
|
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
|
||||||
|
{{- else if $config.redirectPort }}
|
||||||
|
{{ if gt $config.redirectPort 0.0 }}
|
||||||
|
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $config.redirectPort }}"
|
||||||
|
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if or ( $config.tls ) ( eq $config.protocol "https" ) }}
|
||||||
|
{{- if or ( $config.tls.enabled ) ( eq $config.protocol "https" ) }}
|
||||||
|
- "--entrypoints.{{ $entrypoint }}.http.tls=true"
|
||||||
|
{{- if $config.tls.options }}
|
||||||
|
- "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- if $config.tls.certResolver }}
|
||||||
|
- "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- if $config.tls.domains }}
|
||||||
|
{{- range $index, $domain := $config.tls.domains }}
|
||||||
|
{{- if $domain.main }}
|
||||||
|
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- if $domain.sans }}
|
||||||
|
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.logs }}
|
||||||
|
- "--log.format={{ .general.format }}"
|
||||||
|
{{- if ne .general.level "ERROR" }}
|
||||||
|
- "--log.level={{ .general.level | upper }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .access.enabled }}
|
||||||
|
- "--accesslog=true"
|
||||||
|
- "--accesslog.format={{ .access.format }}"
|
||||||
|
{{- if .access.bufferingsize }}
|
||||||
|
- "--accesslog.bufferingsize={{ .access.bufferingsize }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .access.filters }}
|
||||||
|
{{- if .access.filters.statuscodes }}
|
||||||
|
- "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .access.filters.retryattempts }}
|
||||||
|
- "--accesslog.filters.retryattempts"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .access.filters.minduration }}
|
||||||
|
- "--accesslog.filters.minduration={{ .access.filters.minduration }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
- "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}"
|
||||||
|
{{- range $fieldname, $fieldaction := .access.fields.general.names }}
|
||||||
|
- "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}"
|
||||||
|
{{- end }}
|
||||||
|
- "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}"
|
||||||
|
{{- range $fieldname, $fieldaction := .access.fields.headers.names }}
|
||||||
|
- "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{/* theme.park */}}
|
||||||
|
{{- if .Values.middlewares.themePark }}
|
||||||
|
- "--experimental.plugins.traefik-themepark.modulename=github.com/packruler/traefik-themepark"
|
||||||
|
- "--experimental.plugins.traefik-themepark.version={{ .Values.middlewares.themeParkVersion }}"
|
||||||
|
{{- end }}
|
||||||
|
{{/* End of theme.park */}}
|
||||||
|
{{/* GeoBlock */}}
|
||||||
|
{{- if .Values.middlewares.geoBlock }}
|
||||||
|
- "--experimental.plugins.GeoBlock.modulename=github.com/PascalMinder/geoblock"
|
||||||
|
- "--experimental.plugins.GeoBlock.version={{ .Values.middlewares.geoBlockVersion }}"
|
||||||
|
{{- end }}
|
||||||
|
{{/* End of GeoBlock */}}
|
||||||
|
{{/* RealIP */}}
|
||||||
|
{{- if .Values.middlewares.realIP }}
|
||||||
|
- "--experimental.plugins.traefik-real-ip.modulename=github.com/soulbalz/traefik-real-ip"
|
||||||
|
- "--experimental.plugins.traefik-real-ip.version={{ .Values.middlewares.realIPVersion }}"
|
||||||
|
{{- end }}
|
||||||
|
{{/* End of RealIP */}}
|
||||||
|
{{- with .Values.additionalArguments }}
|
||||||
|
{{- range . }}
|
||||||
|
- {{ . | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,22 @@
|
||||||
|
{{/*
|
||||||
|
Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice.
|
||||||
|
By convention this will simply use the <namespace>/<service-name> to match the name of the
|
||||||
|
service generated.
|
||||||
|
Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride`
|
||||||
|
*/}}
|
||||||
|
{{- define "providers.kubernetesIngress.publishedServicePath" -}}
|
||||||
|
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
|
||||||
|
{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}}
|
||||||
|
{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }}
|
||||||
|
{{- print $servicePath | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Construct a comma-separated list of whitelisted namespaces
|
||||||
|
*/}}
|
||||||
|
{{- define "providers.kubernetesIngress.namespaces" -}}
|
||||||
|
{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- define "providers.kubernetesCRD.namespaces" -}}
|
||||||
|
{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,24 @@
|
||||||
|
{{/* Define the ingressClass */}}
|
||||||
|
{{- define "traefik.ingressClass" -}}
|
||||||
|
---
|
||||||
|
{{ if $.Values.ingressClass.enabled }}
|
||||||
|
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }}
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }}
|
||||||
|
apiVersion: networking.k8s.io/v1beta1
|
||||||
|
{{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }}
|
||||||
|
apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }}
|
||||||
|
{{- else }}
|
||||||
|
{{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }}
|
||||||
|
{{- end }}
|
||||||
|
kind: IngressClass
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }}
|
||||||
|
labels:
|
||||||
|
{{- include "tc.v1.common.lib.metadata.allLabels" . | nindent 4 }}
|
||||||
|
name: {{ .Release.Name }}
|
||||||
|
spec:
|
||||||
|
controller: traefik.io/ingress-controller
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,34 @@
|
||||||
|
{{/* Define the ingressRoute */}}
|
||||||
|
{{- define "traefik.ingressRoute" -}}
|
||||||
|
{{ if .Values.ingressRoute.dashboard.enabled }}
|
||||||
|
|
||||||
|
{{- $ingressRouteLabels := .Values.ingressRoute.dashboard.labels -}}
|
||||||
|
{{- $ingressRouteAnnotations := .Values.ingressRoute.dashboard.annotations -}}
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: IngressRoute
|
||||||
|
metadata:
|
||||||
|
name: {{ include "tc.v1.common.lib.chart.names.fullname" . }}-dashboard
|
||||||
|
{{- $labels := (mustMerge ($ingressRouteLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
|
||||||
|
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
|
||||||
|
labels:
|
||||||
|
{{- . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $annotations := (mustMerge ($ingressRouteAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
|
||||||
|
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
|
||||||
|
annotations:
|
||||||
|
{{- . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
spec:
|
||||||
|
entryPoints:
|
||||||
|
- main
|
||||||
|
routes:
|
||||||
|
- match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
|
||||||
|
kind: Rule
|
||||||
|
services:
|
||||||
|
- name: api@internal
|
||||||
|
kind: TraefikService
|
||||||
|
{{ end }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,22 @@
|
||||||
|
{{/* Define the portalHook */}}
|
||||||
|
{{- define "traefik.portalhook" -}}
|
||||||
|
{{- if .Values.portalhook.enabled }}
|
||||||
|
---
|
||||||
|
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary "portalhook" (printf "portalhook-%v" .Release.Name ) $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
data:
|
||||||
|
{{- $ports := dict }}
|
||||||
|
{{- range $.Values.service }}
|
||||||
|
{{- range $name, $value := .ports }}
|
||||||
|
{{- $_ := set $ports $name $value }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- range $name, $value := $ports }}
|
||||||
|
{{ $name }}: {{ $value.port | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,12 @@
|
||||||
|
{{/* Define the tlsOptions */}}
|
||||||
|
{{- define "traefik.tlsOptions" -}}
|
||||||
|
{{- range $name, $config := .Values.tlsOptions }}
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: TLSOption
|
||||||
|
metadata:
|
||||||
|
name: {{ $name }}
|
||||||
|
spec:
|
||||||
|
{{- toYaml $config | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,23 @@
|
||||||
|
{{/* Make sure all variables are set properly */}}
|
||||||
|
{{- include "tc.v1.common.loader.init" . }}
|
||||||
|
|
||||||
|
{{- $newArgs := (include "traefik.args" . | fromYaml) }}
|
||||||
|
{{- $_ := set .Values "newArgs" $newArgs -}}
|
||||||
|
{{- $mergedargs := concat $.Values.workload.main.podSpec.containers.main.args .Values.newArgs.args }}
|
||||||
|
{{- $_ := set $.Values.workload.main.podSpec.containers.main "args" $mergedargs -}}
|
||||||
|
|
||||||
|
{{- include "traefik.portalhook" . }}
|
||||||
|
{{- include "traefik.tlsOptions" . }}
|
||||||
|
{{- include "traefik.ingressRoute" . }}
|
||||||
|
{{- include "traefik.ingressClass" . }}
|
||||||
|
|
||||||
|
{{- with .Values.ingress -}}
|
||||||
|
{{- with .main -}}
|
||||||
|
{{- if .enabled -}}
|
||||||
|
{{- $_ := set $.Values.portal.open.override "protocol" "https" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/* Render the templates */}}
|
||||||
|
{{ include "tc.v1.common.loader.apply" . }}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{{- $values := .Values }}
|
||||||
|
|
||||||
|
{{- range $index, $middlewareData := .Values.middlewares.addPrefix }}
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
addPrefix:
|
||||||
|
prefix: {{ $middlewareData.prefix }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,58 @@
|
||||||
|
{{- $values := .Values }}
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
compress: {}
|
||||||
|
---
|
||||||
|
# Here, an average of 300 requests per second is allowed.
|
||||||
|
# In addition, a burst of 200 requests is allowed.
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
rateLimit:
|
||||||
|
average: 600
|
||||||
|
burst: 400
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
headers:
|
||||||
|
accessControlAllowMethods:
|
||||||
|
- GET
|
||||||
|
- OPTIONS
|
||||||
|
- HEAD
|
||||||
|
- PUT
|
||||||
|
accessControlMaxAge: 100
|
||||||
|
stsSeconds: 63072000
|
||||||
|
# stsIncludeSubdomains: false
|
||||||
|
# stsPreload: false
|
||||||
|
forceSTSHeader: true
|
||||||
|
contentTypeNosniff: true
|
||||||
|
browserXssFilter: true
|
||||||
|
referrerPolicy: same-origin
|
||||||
|
customRequestHeaders:
|
||||||
|
X-Forwarded-Proto: "https"
|
||||||
|
customResponseHeaders:
|
||||||
|
server: ''
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-chain-basic" $.Release.Name) "chain-basic" $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
chain:
|
||||||
|
middlewares:
|
||||||
|
- name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }}
|
||||||
|
- name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }}
|
||||||
|
- name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }}
|
|
@ -0,0 +1,31 @@
|
||||||
|
{{- $values := .Values }}
|
||||||
|
|
||||||
|
{{ range $index, $middlewareData := .Values.middlewares.basicAuth }}
|
||||||
|
---
|
||||||
|
{{- $users := list }}
|
||||||
|
{{- range $index, $userdata := $middlewareData.users }}
|
||||||
|
{{- $users = append $users (htpasswd $userdata.username $userdata.password) }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{printf "%v-%v" $middlewareData.name "secret" }}
|
||||||
|
namespace: tc-system
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
users: |
|
||||||
|
{{- range $index, $user := $users }}
|
||||||
|
{{ printf "%s" $user }}
|
||||||
|
{{- end }}
|
||||||
|
---
|
||||||
|
# Declaring the user list
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
basicAuth:
|
||||||
|
secret: {{ printf "%v-%v" $middlewareData.name "secret" }}
|
||||||
|
{{ end }}
|
|
@ -0,0 +1,21 @@
|
||||||
|
{{- $values := .Values }}
|
||||||
|
{{- $namespace := "tc-system" }}
|
||||||
|
{{- if $.Values.ingressClass.enabled }}
|
||||||
|
{{- $namespace := ( printf "tc-system-%s" .Release.Name ) }}
|
||||||
|
{{- end }}
|
||||||
|
{{ range $index, $middlewareData := .Values.middlewares.chain }}
|
||||||
|
|
||||||
|
---
|
||||||
|
# Declaring the user list
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
chain:
|
||||||
|
middlewares:
|
||||||
|
{{ range $index, $middleware := .middlewares }}
|
||||||
|
- name: {{ printf "%v-%v@%v" $namespace $middleware "kubernetescrd" }}
|
||||||
|
{{ end }}
|
||||||
|
{{ end }}
|
|
@ -0,0 +1,31 @@
|
||||||
|
{{- $values := .Values }}
|
||||||
|
|
||||||
|
{{ range $index, $middlewareData := .Values.middlewares.forwardAuth }}
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
forwardAuth:
|
||||||
|
address: {{ $middlewareData.address }}
|
||||||
|
{{- with $middlewareData.authResponseHeaders }}
|
||||||
|
authResponseHeaders:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with $middlewareData.authRequestHeaders }}
|
||||||
|
authRequestHeaders:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if $middlewareData.authResponseHeadersRegex }}
|
||||||
|
authResponseHeadersRegex: {{ $middlewareData.authResponseHeadersRegex }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if $middlewareData.trustForwardHeader }}
|
||||||
|
trustForwardHeader: true
|
||||||
|
{{- end }}
|
||||||
|
{{- with $middlewareData.tls }}
|
||||||
|
tls:
|
||||||
|
insecureSkipVerify: {{ .insecureSkipVerify | default false }}
|
||||||
|
{{- end }}
|
||||||
|
{{ end }}
|
|
@ -0,0 +1,32 @@
|
||||||
|
{{- $values := .Values }}
|
||||||
|
|
||||||
|
{{- range $index, $middlewareData := .Values.middlewares.geoBlock }}
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
plugin:
|
||||||
|
GeoBlock:
|
||||||
|
allowLocalRequests: {{ $middlewareData.allowLocalRequests }}
|
||||||
|
logLocalRequests: {{ $middlewareData.logLocalRequests }}
|
||||||
|
logAllowedRequests: {{ $middlewareData.logAllowedRequests }}
|
||||||
|
logApiRequests: {{ $middlewareData.logApiRequests }}
|
||||||
|
api: {{ $middlewareData.api }}
|
||||||
|
apiTimeoutMs: {{ $middlewareData.apiTimeoutMs }}
|
||||||
|
cacheSize: {{ $middlewareData.cacheSize }}
|
||||||
|
forceMonthlyUpdate: {{ $middlewareData.forceMonthlyUpdate }}
|
||||||
|
allowUnknownCountries: {{ $middlewareData.allowUnknownCountries }}
|
||||||
|
unknownCountryApiResponse: {{ $middlewareData.unknownCountryApiResponse }}
|
||||||
|
blackListMode: {{ $middlewareData.blackListMode }}
|
||||||
|
{{- if not $middlewareData.countries }}
|
||||||
|
{{- fail "You have to define at least one country..." }}
|
||||||
|
{{- end }}
|
||||||
|
countries:
|
||||||
|
{{- range $middlewareData.countries }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,30 @@
|
||||||
|
{{- $values := .Values }}
|
||||||
|
|
||||||
|
{{ range $index, $middlewareData := .Values.middlewares.ipWhiteList }}
|
||||||
|
|
||||||
|
---
|
||||||
|
# Declaring the user list
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
ipWhiteList:
|
||||||
|
sourceRange:
|
||||||
|
{{- range $middlewareData.sourceRange }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if $middlewareData.ipStrategy }}
|
||||||
|
ipStrategy:
|
||||||
|
{{- if $middlewareData.ipStrategy.depth }}
|
||||||
|
depth: {{ $middlewareData.ipStrategy.depth }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if $middlewareData.ipStrategy.excludedIPs }}
|
||||||
|
excludedIPs:
|
||||||
|
{{- range $middlewareData.ipStrategy.excludedIPs }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{ end }}
|
|
@ -0,0 +1,16 @@
|
||||||
|
{{- $values := .Values }}
|
||||||
|
|
||||||
|
{{ range $index, $middlewareData := .Values.middlewares.rateLimit }}
|
||||||
|
|
||||||
|
---
|
||||||
|
# Declaring the user list
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
rateLimit:
|
||||||
|
average: {{ $middlewareData.average }}
|
||||||
|
burst: {{ $middlewareData.burst }}
|
||||||
|
{{ end }}
|
|
@ -0,0 +1,18 @@
|
||||||
|
{{- $values := .Values }}
|
||||||
|
|
||||||
|
{{- range $index, $middlewareData := .Values.middlewares.realIP }}
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
plugin:
|
||||||
|
traefik-real-ip:
|
||||||
|
excludednets:
|
||||||
|
{{- range $middlewareData.excludedNetworks }}
|
||||||
|
- {{ . | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,16 @@
|
||||||
|
{{- $values := .Values }}
|
||||||
|
|
||||||
|
{{ range $index, $middlewareData := .Values.middlewares.redirectScheme }}
|
||||||
|
|
||||||
|
---
|
||||||
|
# Declaring the user list
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
redirectScheme:
|
||||||
|
scheme: {{ $middlewareData.scheme }}
|
||||||
|
permanent: {{ $middlewareData.permanent }}
|
||||||
|
{{ end }}
|
|
@ -0,0 +1,17 @@
|
||||||
|
{{- $values := .Values }}
|
||||||
|
|
||||||
|
{{ range $index, $middlewareData := .Values.middlewares.redirectRegex }}
|
||||||
|
|
||||||
|
---
|
||||||
|
# Declaring the user list
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
redirectRegex:
|
||||||
|
regex: {{ $middlewareData.regex | quote }}
|
||||||
|
replacement: {{ $middlewareData.replacement | quote }}
|
||||||
|
permanent: {{ $middlewareData.permanent }}
|
||||||
|
{{ end }}
|
|
@ -0,0 +1,17 @@
|
||||||
|
{{- $values := .Values }}
|
||||||
|
|
||||||
|
|
||||||
|
{{ range $index, $middlewareData := .Values.middlewares.stripPrefixRegex }}
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
stripPrefixRegex:
|
||||||
|
regex:
|
||||||
|
{{- range $middlewareData.regex }}
|
||||||
|
- {{ . | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{ end }}
|
|
@ -0,0 +1,26 @@
|
||||||
|
{{- $values := .Values }}
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-chain") "tc-opencors-chain" $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
chain:
|
||||||
|
middlewares:
|
||||||
|
- name: {{ ternary (printf "%v-%v" $.Release.Name "basic-ratelimit") "basic-ratelimit" $.Values.ingressClass.enabled }}
|
||||||
|
- name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }}
|
||||||
|
- name: {{ ternary (printf "%v-%v" $.Release.Name "compress") "compress" $.Values.ingressClass.enabled }}
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-chain") "tc-closedcors-chain" $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
chain:
|
||||||
|
middlewares:
|
||||||
|
- name: {{ ternary (printf "%v-%v" $.Release.Name "basic-ratelimit") "basic-ratelimit" $.Values.ingressClass.enabled }}
|
||||||
|
- name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }}
|
||||||
|
- name: {{ ternary (printf "%v-%v" $.Release.Name "compress") "compress" $.Values.ingressClass.enabled }}
|
|
@ -0,0 +1,59 @@
|
||||||
|
{{- $values := .Values }}
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
headers:
|
||||||
|
accessControlAllowHeaders:
|
||||||
|
- '*'
|
||||||
|
accessControlAllowMethods:
|
||||||
|
- GET
|
||||||
|
- OPTIONS
|
||||||
|
- HEAD
|
||||||
|
- PUT
|
||||||
|
- POST
|
||||||
|
accessControlAllowOriginList:
|
||||||
|
- '*'
|
||||||
|
accessControlMaxAge: 100
|
||||||
|
browserXssFilter: true
|
||||||
|
contentTypeNosniff: true
|
||||||
|
customRequestHeaders:
|
||||||
|
X-Forwarded-Proto: https
|
||||||
|
customResponseHeaders:
|
||||||
|
server: ""
|
||||||
|
forceSTSHeader: true
|
||||||
|
referrerPolicy: same-origin
|
||||||
|
sslForceHost: true
|
||||||
|
sslRedirect: true
|
||||||
|
stsSeconds: 63072000
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
headers:
|
||||||
|
accessControlAllowMethods:
|
||||||
|
- GET
|
||||||
|
- OPTIONS
|
||||||
|
- HEAD
|
||||||
|
- PUT
|
||||||
|
accessControlMaxAge: 100
|
||||||
|
sslRedirect: true
|
||||||
|
stsSeconds: 63072000
|
||||||
|
# stsIncludeSubdomains: false
|
||||||
|
# stsPreload: false
|
||||||
|
forceSTSHeader: true
|
||||||
|
contentTypeNosniff: true
|
||||||
|
browserXssFilter: true
|
||||||
|
sslForceHost: true
|
||||||
|
referrerPolicy: same-origin
|
||||||
|
customRequestHeaders:
|
||||||
|
X-Forwarded-Proto: "https"
|
||||||
|
customResponseHeaders:
|
||||||
|
server: ''
|
|
@ -0,0 +1,22 @@
|
||||||
|
{{- $values := .Values }}
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-redirectregex-dav") "tc-nextcloud-redirectregex-dav" $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
redirectRegex:
|
||||||
|
regex: "https://(.*)/.well-known/(card|cal)dav"
|
||||||
|
replacement: "https://${1}/remote.php/dav/"
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-chain") "tc-nextcloud-chain" $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
chain:
|
||||||
|
middlewares:
|
||||||
|
- name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-redirectregex-dav") "tc-nextcloud-redirectregex-dav" $.Values.ingressClass.enabled }}
|
|
@ -0,0 +1,23 @@
|
||||||
|
{{- $values := .Values }}
|
||||||
|
|
||||||
|
{{- range $index, $middlewareData := .Values.middlewares.themePark }}
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||||
|
namespace: tc-system
|
||||||
|
spec:
|
||||||
|
plugin:
|
||||||
|
traefik-themepark:
|
||||||
|
app: {{ $middlewareData.appName }}
|
||||||
|
theme: {{ $middlewareData.themeName }}
|
||||||
|
baseUrl: {{ $middlewareData.baseUrl }}
|
||||||
|
{{- if $middlewareData.addons }}
|
||||||
|
addons:
|
||||||
|
{{- range $middlewareData.addons }}
|
||||||
|
- {{ . | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
Loading…
Reference in New Issue