Commit new Chart releases for TrueCharts
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
parent
4e06fc44d8
commit
58865e1831
|
@ -0,0 +1,99 @@
|
|||
**Important:**
|
||||
*for the complete changelog, please refer to the website*
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-21.1.0](https://github.com/truecharts/charts/compare/traefik-21.0.9...traefik-21.1.0) (2023-10-27)
|
||||
|
||||
### Feat
|
||||
|
||||
- Add traefik-plugin-rewrite-headers ([#13961](https://github.com/truecharts/charts/issues/13961))
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-21.0.9](https://github.com/truecharts/charts/compare/traefik-21.0.8...traefik-21.0.9) (2023-10-25)
|
||||
|
||||
### Chore
|
||||
|
||||
- update container image tccr.io/truecharts/traefik to v2.10.5 ([#13969](https://github.com/truecharts/charts/issues/13969))
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-21.0.8](https://github.com/truecharts/charts/compare/traefik-21.0.7...traefik-21.0.8) (2023-10-12)
|
||||
|
||||
### Chore
|
||||
|
||||
- update container image tccr.io/truecharts/traefik to v2.10.5 ([#13534](https://github.com/truecharts/charts/issues/13534))
|
||||
- run precocmit ([#13387](https://github.com/truecharts/charts/issues/13387))
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-21.0.7](https://github.com/truecharts/charts/compare/traefik-21.0.6...traefik-21.0.7) (2023-10-07)
|
||||
|
||||
### Chore
|
||||
|
||||
- update helm general non-major ([#13386](https://github.com/truecharts/charts/issues/13386))
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-21.0.6](https://github.com/truecharts/charts/compare/traefik-21.0.5...traefik-21.0.6) (2023-10-03)
|
||||
|
||||
### Fix
|
||||
|
||||
- remove required from header value
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-21.0.5](https://github.com/truecharts/charts/compare/traefik-21.0.4...traefik-21.0.5) (2023-10-03)
|
||||
|
||||
### Chore
|
||||
|
||||
- fix mid quests
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-21.0.4](https://github.com/truecharts/charts/compare/traefik-21.0.3...traefik-21.0.4) (2023-09-06)
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-21.0.3](https://github.com/truecharts/charts/compare/traefik-21.0.2...traefik-21.0.3) (2023-08-25)
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-21.0.2](https://github.com/truecharts/charts/compare/traefik-21.0.1...traefik-21.0.2) (2023-08-24)
|
||||
|
||||
### Fix
|
||||
|
||||
- load modsecurity plugin ([#11845](https://github.com/truecharts/charts/issues/11845))
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-21.0.1](https://github.com/truecharts/charts/compare/traefik-21.0.0...traefik-21.0.1) (2023-08-24)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-21.0.0](https://github.com/truecharts/charts/compare/traefik-20.0.0...traefik-21.0.0) (2023-07-31)
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-20.0.0](https://github.com/truecharts/charts/compare/traefik-19.1.0...traefik-20.0.0) (2023-07-31)
|
||||
|
||||
### Feat
|
||||
|
||||
- BREAKING CHANGE register traefik and use traefik namespace for middleware instead of tc-system ([#11086](https://github.com/truecharts/charts/issues/11086))
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
apiVersion: v2
|
||||
appVersion: "2.10.5"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 14.0.9
|
||||
deprecated: false
|
||||
description: Traefik is a flexible reverse proxy and Ingress Provider.
|
||||
home: https://truecharts.org/charts/enterprise/traefik
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png
|
||||
keywords:
|
||||
- traefik
|
||||
- ingress
|
||||
kubeVersion: ">=1.16.0-0"
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: traefik
|
||||
sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/enterprise/traefik
|
||||
- https://github.com/traefik/traefik
|
||||
- https://github.com/traefik/traefik-helm-chart
|
||||
- https://traefik.io/
|
||||
type: application
|
||||
version: 21.1.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- network
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
|
@ -0,0 +1,106 @@
|
|||
Business Source License 1.1
|
||||
|
||||
Parameters
|
||||
|
||||
Licensor: The TrueCharts Project, it's owner and it's contributors
|
||||
Licensed Work: The TrueCharts "Traefik" Helm Chart
|
||||
Additional Use Grant: You may use the licensed work in production, as long
|
||||
as it is directly sourced from a TrueCharts provided
|
||||
official repository, catalog or source. You may also make private
|
||||
modification to the directly sourced licenced work,
|
||||
when used in production.
|
||||
|
||||
The following cases are, due to their nature, also
|
||||
defined as 'production use' and explicitly prohibited:
|
||||
- Bundling, including or displaying the licensed work
|
||||
with(in) another work intended for production use,
|
||||
with the apparent intend of facilitating and/or
|
||||
promoting production use by third parties in
|
||||
violation of this license.
|
||||
|
||||
Change Date: 2050-01-01
|
||||
|
||||
Change License: 3-clause BSD license
|
||||
|
||||
For information about alternative licensing arrangements for the Software,
|
||||
please contact: legal@truecharts.org
|
||||
|
||||
Notice
|
||||
|
||||
The Business Source License (this document, or the “License”) is not an Open
|
||||
Source license. However, the Licensed Work will eventually be made available
|
||||
under an Open Source License, as stated in this License.
|
||||
|
||||
License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
|
||||
“Business Source License” is a trademark of MariaDB Corporation Ab.
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
Business Source License 1.1
|
||||
|
||||
Terms
|
||||
|
||||
The Licensor hereby grants you the right to copy, modify, create derivative
|
||||
works, redistribute, and make non-production use of the Licensed Work. The
|
||||
Licensor may make an Additional Use Grant, above, permitting limited
|
||||
production use.
|
||||
|
||||
Effective on the Change Date, or the fourth anniversary of the first publicly
|
||||
available distribution of a specific version of the Licensed Work under this
|
||||
License, whichever comes first, the Licensor hereby grants you rights under
|
||||
the terms of the Change License, and the rights granted in the paragraph
|
||||
above terminate.
|
||||
|
||||
If your use of the Licensed Work does not comply with the requirements
|
||||
currently in effect as described in this License, you must purchase a
|
||||
commercial license from the Licensor, its affiliated entities, or authorized
|
||||
resellers, or you must refrain from using the Licensed Work.
|
||||
|
||||
All copies of the original and modified Licensed Work, and derivative works
|
||||
of the Licensed Work, are subject to this License. This License applies
|
||||
separately for each version of the Licensed Work and the Change Date may vary
|
||||
for each version of the Licensed Work released by Licensor.
|
||||
|
||||
You must conspicuously display this License on each original or modified copy
|
||||
of the Licensed Work. If you receive the Licensed Work in original or
|
||||
modified form from a third party, the terms and conditions set forth in this
|
||||
License apply to your use of that work.
|
||||
|
||||
Any use of the Licensed Work in violation of this License will automatically
|
||||
terminate your rights under this License for the current and all other
|
||||
versions of the Licensed Work.
|
||||
|
||||
This License does not grant you any right in any trademark or logo of
|
||||
Licensor or its affiliates (provided that you may use a trademark or logo of
|
||||
Licensor as expressly required by this License).
|
||||
|
||||
TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
|
||||
AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
|
||||
EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
|
||||
TITLE.
|
||||
|
||||
MariaDB hereby grants you permission to use this License’s text to license
|
||||
your works, and to refer to it using the trademark “Business Source License”,
|
||||
as long as you comply with the Covenants of Licensor below.
|
||||
|
||||
Covenants of Licensor
|
||||
|
||||
In consideration of the right to use this License’s text and the “Business
|
||||
Source License” name and trademark, Licensor covenants to MariaDB, and to all
|
||||
other recipients of the licensed work to be provided by Licensor:
|
||||
|
||||
1. To specify as the Change License the GPL Version 2.0 or any later version,
|
||||
or a license that is compatible with GPL Version 2.0 or a later version,
|
||||
where “compatible” means that software provided under the Change License can
|
||||
be included in a program with software provided under GPL Version 2.0 or a
|
||||
later version. Licensor may specify additional Change Licenses without
|
||||
limitation.
|
||||
|
||||
2. To either: (a) specify an additional grant of rights to use that does not
|
||||
impose any additional restriction on the right granted in this License, as
|
||||
the Additional Use Grant; or (b) insert the text “None”.
|
||||
|
||||
3. To specify a Change Date.
|
||||
|
||||
4. Not to modify this License in any other way.
|
|
@ -0,0 +1,27 @@
|
|||
# README
|
||||
|
||||
## General Info
|
||||
|
||||
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
|
||||
However only installations using the TrueNAS SCALE Apps system are supported.
|
||||
|
||||
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/)
|
||||
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
|
||||
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
|
||||
- See the [Website](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
|
||||
|
||||
---
|
||||
|
||||
## Sponsor TrueCharts
|
||||
|
||||
TrueCharts can only exist due to the incredible effort of our staff.
|
||||
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
||||
|
||||
*All Rights Reserved - The TrueCharts Project*
|
|
@ -0,0 +1,9 @@
|
|||
|
||||
|
||||
## [traefik-21.1.0](https://github.com/truecharts/charts/compare/traefik-21.0.9...traefik-21.1.0) (2023-10-27)
|
||||
|
||||
### Feat
|
||||
|
||||
- Add traefik-plugin-rewrite-headers ([#13961](https://github.com/truecharts/charts/issues/13961))
|
||||
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
Traefik is a flexible reverse proxy and Ingress Provider.
|
||||
|
||||
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/traefik](https://truecharts.org/charts/enterprise/traefik)
|
||||
|
||||
---
|
||||
|
||||
TrueCharts can only exist due to the incredible effort of our staff.
|
||||
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
Binary file not shown.
|
@ -0,0 +1,267 @@
|
|||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: ingressroutes.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: IngressRoute
|
||||
listKind: IngressRouteList
|
||||
plural: ingressroutes
|
||||
singular: ingressroute
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: IngressRouteSpec defines the desired state of IngressRoute.
|
||||
properties:
|
||||
entryPoints:
|
||||
description: 'EntryPoints defines the list of entry point names to
|
||||
bind to. Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
|
||||
Default: all.'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
routes:
|
||||
description: Routes defines the list of routes.
|
||||
items:
|
||||
description: Route holds the HTTP route configuration.
|
||||
properties:
|
||||
kind:
|
||||
description: Kind defines the kind of the route. Rule is the
|
||||
only supported kind.
|
||||
enum:
|
||||
- Rule
|
||||
type: string
|
||||
match:
|
||||
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule'
|
||||
type: string
|
||||
middlewares:
|
||||
description: 'Middlewares defines the list of references to
|
||||
Middleware resources. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-middleware'
|
||||
items:
|
||||
description: MiddlewareRef is a reference to a Middleware
|
||||
resource.
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Middleware
|
||||
resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Middleware resource.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
priority:
|
||||
description: 'Priority defines the router''s priority. More
|
||||
info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority'
|
||||
type: integer
|
||||
services:
|
||||
description: Services defines the list of Service. It can contain
|
||||
any combination of TraefikService and/or reference to a Kubernetes
|
||||
Service.
|
||||
items:
|
||||
description: Service defines an upstream HTTP service to proxy
|
||||
traffic to.
|
||||
properties:
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service or TraefikService. The differentiation between
|
||||
the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service or TraefikService.
|
||||
type: string
|
||||
passHostHeader:
|
||||
description: PassHostHeader defines whether the client
|
||||
Host header is forwarded to the upstream Kubernetes
|
||||
Service. By default, passHostHeader is true.
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding defines how Traefik forwards
|
||||
the response from the upstream Kubernetes Service to
|
||||
the client.
|
||||
properties:
|
||||
flushInterval:
|
||||
description: 'FlushInterval defines the interval,
|
||||
in milliseconds, in between flushes to the client
|
||||
while copying the response body. A negative value
|
||||
means to flush immediately after each write to the
|
||||
client. This configuration is ignored when ReverseProxy
|
||||
recognizes a response as a streaming response; for
|
||||
such responses, writes are flushed to the client
|
||||
immediately. Default: 100ms'
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
description: Scheme defines the scheme to use for the
|
||||
request to the upstream Kubernetes Service. It defaults
|
||||
to https when Kubernetes Service port is 443, http otherwise.
|
||||
type: string
|
||||
serversTransport:
|
||||
description: ServersTransport defines the name of ServersTransport
|
||||
resource to use. It allows to configure the transport
|
||||
between Traefik and your servers. Can only be used on
|
||||
a Kubernetes Service.
|
||||
type: string
|
||||
sticky:
|
||||
description: 'Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
properties:
|
||||
httpOnly:
|
||||
description: HTTPOnly defines whether the cookie
|
||||
can be accessed by client-side APIs, such as
|
||||
JavaScript.
|
||||
type: boolean
|
||||
name:
|
||||
description: Name defines the Cookie name.
|
||||
type: string
|
||||
sameSite:
|
||||
description: 'SameSite defines the same site policy.
|
||||
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||
type: string
|
||||
secure:
|
||||
description: Secure defines whether the cookie
|
||||
can only be transmitted over an encrypted connection
|
||||
(i.e. HTTPS).
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
description: Strategy defines the load balancing strategy
|
||||
between the servers. RoundRobin is the only supported
|
||||
value at the moment.
|
||||
type: string
|
||||
weight:
|
||||
description: Weight defines the weight and should only
|
||||
be specified when Name references a TraefikService object
|
||||
(and to be precise, one that embeds a Weighted Round
|
||||
Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- kind
|
||||
- match
|
||||
type: object
|
||||
type: array
|
||||
tls:
|
||||
description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls'
|
||||
properties:
|
||||
certResolver:
|
||||
description: 'CertResolver defines the name of the certificate
|
||||
resolver to use. Cert resolvers have to be configured in the
|
||||
static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers'
|
||||
type: string
|
||||
domains:
|
||||
description: 'Domains defines the list of domains that will be
|
||||
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains'
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
main:
|
||||
description: Main defines the main domain name.
|
||||
type: string
|
||||
sans:
|
||||
description: SANs defines the subject alternative domain
|
||||
names.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
options:
|
||||
description: 'Options defines the reference to a TLSOption, that
|
||||
specifies the parameters of the TLS connection. If not defined,
|
||||
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
|
||||
properties:
|
||||
name:
|
||||
description: 'Name defines the name of the referenced TLSOption.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption'
|
||||
type: string
|
||||
namespace:
|
||||
description: 'Namespace defines the namespace of the referenced
|
||||
TLSOption. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption'
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
secretName:
|
||||
description: SecretName is the name of the referenced Kubernetes
|
||||
Secret to specify the certificate details.
|
||||
type: string
|
||||
store:
|
||||
description: Store defines the reference to the TLSStore, that
|
||||
will be used to store certificates. Please note that only `default`
|
||||
TLSStore can be used.
|
||||
properties:
|
||||
name:
|
||||
description: 'Name defines the name of the referenced TLSStore.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore'
|
||||
type: string
|
||||
namespace:
|
||||
description: 'Namespace defines the namespace of the referenced
|
||||
TLSStore. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore'
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- routes
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,211 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: ingressroutetcps.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: IngressRouteTCP
|
||||
listKind: IngressRouteTCPList
|
||||
plural: ingressroutetcps
|
||||
singular: ingressroutetcp
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
|
||||
properties:
|
||||
entryPoints:
|
||||
description: 'EntryPoints defines the list of entry point names to
|
||||
bind to. Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
|
||||
Default: all.'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
routes:
|
||||
description: Routes defines the list of routes.
|
||||
items:
|
||||
description: RouteTCP holds the TCP route configuration.
|
||||
properties:
|
||||
match:
|
||||
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule_1'
|
||||
type: string
|
||||
middlewares:
|
||||
description: Middlewares defines the list of references to MiddlewareTCP
|
||||
resources.
|
||||
items:
|
||||
description: ObjectReference is a generic reference to a Traefik
|
||||
resource.
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Traefik
|
||||
resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Traefik resource.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
priority:
|
||||
description: 'Priority defines the router''s priority. More
|
||||
info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority_1'
|
||||
type: integer
|
||||
services:
|
||||
description: Services defines the list of TCP services.
|
||||
items:
|
||||
description: ServiceTCP defines an upstream TCP service to
|
||||
proxy traffic to.
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service.
|
||||
type: string
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
proxyProtocol:
|
||||
description: 'ProxyProtocol defines the PROXY protocol
|
||||
configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/services/#proxy-protocol'
|
||||
properties:
|
||||
version:
|
||||
description: Version defines the PROXY Protocol version
|
||||
to use.
|
||||
type: integer
|
||||
type: object
|
||||
terminationDelay:
|
||||
description: TerminationDelay defines the deadline that
|
||||
the proxy sets, after one of its connected peers indicates
|
||||
it has closed the writing capability of its connection,
|
||||
to close the reading capability as well, hence fully
|
||||
terminating the connection. It is a duration in milliseconds,
|
||||
defaulting to 100. A negative value means an infinite
|
||||
deadline (i.e. the reading capability is never closed).
|
||||
type: integer
|
||||
weight:
|
||||
description: Weight defines the weight used when balancing
|
||||
requests between multiple Kubernetes Service.
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
- port
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- match
|
||||
type: object
|
||||
type: array
|
||||
tls:
|
||||
description: 'TLS defines the TLS configuration on a layer 4 / TCP
|
||||
Route. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls_1'
|
||||
properties:
|
||||
certResolver:
|
||||
description: 'CertResolver defines the name of the certificate
|
||||
resolver to use. Cert resolvers have to be configured in the
|
||||
static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers'
|
||||
type: string
|
||||
domains:
|
||||
description: 'Domains defines the list of domains that will be
|
||||
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains'
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
main:
|
||||
description: Main defines the main domain name.
|
||||
type: string
|
||||
sans:
|
||||
description: SANs defines the subject alternative domain
|
||||
names.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
options:
|
||||
description: 'Options defines the reference to a TLSOption, that
|
||||
specifies the parameters of the TLS connection. If not defined,
|
||||
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Traefik
|
||||
resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Traefik resource.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
passthrough:
|
||||
description: Passthrough defines whether a TLS router will terminate
|
||||
the TLS connection.
|
||||
type: boolean
|
||||
secretName:
|
||||
description: SecretName is the name of the referenced Kubernetes
|
||||
Secret to specify the certificate details.
|
||||
type: string
|
||||
store:
|
||||
description: Store defines the reference to the TLSStore, that
|
||||
will be used to store certificates. Please note that only `default`
|
||||
TLSStore can be used.
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Traefik
|
||||
resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Traefik resource.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- routes
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,98 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: ingressrouteudps.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: IngressRouteUDP
|
||||
listKind: IngressRouteUDPList
|
||||
plural: ingressrouteudps
|
||||
singular: ingressrouteudp
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
|
||||
properties:
|
||||
entryPoints:
|
||||
description: 'EntryPoints defines the list of entry point names to
|
||||
bind to. Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
|
||||
Default: all.'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
routes:
|
||||
description: Routes defines the list of routes.
|
||||
items:
|
||||
description: RouteUDP holds the UDP route configuration.
|
||||
properties:
|
||||
services:
|
||||
description: Services defines the list of UDP services.
|
||||
items:
|
||||
description: ServiceUDP defines an upstream UDP service to
|
||||
proxy traffic to.
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service.
|
||||
type: string
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
weight:
|
||||
description: Weight defines the weight used when balancing
|
||||
requests between multiple Kubernetes Service.
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
- port
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- routes
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,917 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: middlewares.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: Middleware
|
||||
listKind: MiddlewareList
|
||||
plural: middlewares
|
||||
singular: middleware
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'Middleware is the CRD implementation of a Traefik Middleware.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/overview/'
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: MiddlewareSpec defines the desired state of a Middleware.
|
||||
properties:
|
||||
addPrefix:
|
||||
description: 'AddPrefix holds the add prefix middleware configuration.
|
||||
This middleware updates the path of a request before forwarding
|
||||
it. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/addprefix/'
|
||||
properties:
|
||||
prefix:
|
||||
description: Prefix is the string to add before the current path
|
||||
in the requested URL. It should include a leading slash (/).
|
||||
type: string
|
||||
type: object
|
||||
basicAuth:
|
||||
description: 'BasicAuth holds the basic auth middleware configuration.
|
||||
This middleware restricts access to your services to known users.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/'
|
||||
properties:
|
||||
headerField:
|
||||
description: 'HeaderField defines a header field to store the
|
||||
authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield'
|
||||
type: string
|
||||
realm:
|
||||
description: 'Realm allows the protected resources on a server
|
||||
to be partitioned into a set of protection spaces, each with
|
||||
its own authentication scheme. Default: traefik.'
|
||||
type: string
|
||||
removeHeader:
|
||||
description: 'RemoveHeader sets the removeHeader option to true
|
||||
to remove the authorization header before forwarding the request
|
||||
to your service. Default: false.'
|
||||
type: boolean
|
||||
secret:
|
||||
description: Secret is the name of the referenced Kubernetes Secret
|
||||
containing user credentials.
|
||||
type: string
|
||||
type: object
|
||||
buffering:
|
||||
description: 'Buffering holds the buffering middleware configuration.
|
||||
This middleware retries or limits the size of requests that can
|
||||
be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#maxrequestbodybytes'
|
||||
properties:
|
||||
maxRequestBodyBytes:
|
||||
description: 'MaxRequestBodyBytes defines the maximum allowed
|
||||
body size for the request (in bytes). If the request exceeds
|
||||
the allowed size, it is not forwarded to the service, and the
|
||||
client gets a 413 (Request Entity Too Large) response. Default:
|
||||
0 (no maximum).'
|
||||
format: int64
|
||||
type: integer
|
||||
maxResponseBodyBytes:
|
||||
description: 'MaxResponseBodyBytes defines the maximum allowed
|
||||
response size from the service (in bytes). If the response exceeds
|
||||
the allowed size, it is not forwarded to the client. The client
|
||||
gets a 500 (Internal Server Error) response instead. Default:
|
||||
0 (no maximum).'
|
||||
format: int64
|
||||
type: integer
|
||||
memRequestBodyBytes:
|
||||
description: 'MemRequestBodyBytes defines the threshold (in bytes)
|
||||
from which the request will be buffered on disk instead of in
|
||||
memory. Default: 1048576 (1Mi).'
|
||||
format: int64
|
||||
type: integer
|
||||
memResponseBodyBytes:
|
||||
description: 'MemResponseBodyBytes defines the threshold (in bytes)
|
||||
from which the response will be buffered on disk instead of
|
||||
in memory. Default: 1048576 (1Mi).'
|
||||
format: int64
|
||||
type: integer
|
||||
retryExpression:
|
||||
description: 'RetryExpression defines the retry conditions. It
|
||||
is a logical combination of functions with operators AND (&&)
|
||||
and OR (||). More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#retryexpression'
|
||||
type: string
|
||||
type: object
|
||||
chain:
|
||||
description: 'Chain holds the configuration of the chain middleware.
|
||||
This middleware enables to define reusable combinations of other
|
||||
pieces of middleware. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/chain/'
|
||||
properties:
|
||||
middlewares:
|
||||
description: Middlewares is the list of MiddlewareRef which composes
|
||||
the chain.
|
||||
items:
|
||||
description: MiddlewareRef is a reference to a Middleware resource.
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Middleware
|
||||
resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Middleware resource.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
circuitBreaker:
|
||||
description: CircuitBreaker holds the circuit breaker configuration.
|
||||
properties:
|
||||
checkPeriod:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: CheckPeriod is the interval between successive checks
|
||||
of the circuit breaker condition (when in standby state).
|
||||
x-kubernetes-int-or-string: true
|
||||
expression:
|
||||
description: Expression is the condition that triggers the tripped
|
||||
state.
|
||||
type: string
|
||||
fallbackDuration:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: FallbackDuration is the duration for which the circuit
|
||||
breaker will wait before trying to recover (from a tripped state).
|
||||
x-kubernetes-int-or-string: true
|
||||
recoveryDuration:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: RecoveryDuration is the duration for which the circuit
|
||||
breaker will try to recover (as soon as it is in recovering
|
||||
state).
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
compress:
|
||||
description: 'Compress holds the compress middleware configuration.
|
||||
This middleware compresses responses before sending them to the
|
||||
client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/compress/'
|
||||
properties:
|
||||
excludedContentTypes:
|
||||
description: ExcludedContentTypes defines the list of content
|
||||
types to compare the Content-Type header of the incoming requests
|
||||
and responses before compressing.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
minResponseBodyBytes:
|
||||
description: 'MinResponseBodyBytes defines the minimum amount
|
||||
of bytes a response body must have to be compressed. Default:
|
||||
1024.'
|
||||
type: integer
|
||||
type: object
|
||||
contentType:
|
||||
description: ContentType holds the content-type middleware configuration.
|
||||
This middleware exists to enable the correct behavior until at least
|
||||
the default one can be changed in a future version.
|
||||
properties:
|
||||
autoDetect:
|
||||
description: AutoDetect specifies whether to let the `Content-Type`
|
||||
header, if it has not been set by the backend, be automatically
|
||||
set to a value derived from the contents of the response. As
|
||||
a proxy, the default behavior should be to leave the header
|
||||
alone, regardless of what the backend did with it. However,
|
||||
the historic default was to always auto-detect and set the header
|
||||
if it was nil, and it is going to be kept that way in order
|
||||
to support users currently relying on it.
|
||||
type: boolean
|
||||
type: object
|
||||
digestAuth:
|
||||
description: 'DigestAuth holds the digest auth middleware configuration.
|
||||
This middleware restricts access to your services to known users.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/digestauth/'
|
||||
properties:
|
||||
headerField:
|
||||
description: 'HeaderField defines a header field to store the
|
||||
authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield'
|
||||
type: string
|
||||
realm:
|
||||
description: 'Realm allows the protected resources on a server
|
||||
to be partitioned into a set of protection spaces, each with
|
||||
its own authentication scheme. Default: traefik.'
|
||||
type: string
|
||||
removeHeader:
|
||||
description: RemoveHeader defines whether to remove the authorization
|
||||
header before forwarding the request to the backend.
|
||||
type: boolean
|
||||
secret:
|
||||
description: Secret is the name of the referenced Kubernetes Secret
|
||||
containing user credentials.
|
||||
type: string
|
||||
type: object
|
||||
errors:
|
||||
description: 'ErrorPage holds the custom error middleware configuration.
|
||||
This middleware returns a custom page in lieu of the default, according
|
||||
to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/'
|
||||
properties:
|
||||
query:
|
||||
description: Query defines the URL for the error page (hosted
|
||||
by service). The {status} variable can be used in order to insert
|
||||
the status code in the URL.
|
||||
type: string
|
||||
service:
|
||||
description: 'Service defines the reference to a Kubernetes Service
|
||||
that will serve the error page. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/#service'
|
||||
properties:
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service or TraefikService. The differentiation between the
|
||||
two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service or TraefikService.
|
||||
type: string
|
||||
passHostHeader:
|
||||
description: PassHostHeader defines whether the client Host
|
||||
header is forwarded to the upstream Kubernetes Service.
|
||||
By default, passHostHeader is true.
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding defines how Traefik forwards
|
||||
the response from the upstream Kubernetes Service to the
|
||||
client.
|
||||
properties:
|
||||
flushInterval:
|
||||
description: 'FlushInterval defines the interval, in milliseconds,
|
||||
in between flushes to the client while copying the response
|
||||
body. A negative value means to flush immediately after
|
||||
each write to the client. This configuration is ignored
|
||||
when ReverseProxy recognizes a response as a streaming
|
||||
response; for such responses, writes are flushed to
|
||||
the client immediately. Default: 100ms'
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
description: Scheme defines the scheme to use for the request
|
||||
to the upstream Kubernetes Service. It defaults to https
|
||||
when Kubernetes Service port is 443, http otherwise.
|
||||
type: string
|
||||
serversTransport:
|
||||
description: ServersTransport defines the name of ServersTransport
|
||||
resource to use. It allows to configure the transport between
|
||||
Traefik and your servers. Can only be used on a Kubernetes
|
||||
Service.
|
||||
type: string
|
||||
sticky:
|
||||
description: 'Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
properties:
|
||||
httpOnly:
|
||||
description: HTTPOnly defines whether the cookie can
|
||||
be accessed by client-side APIs, such as JavaScript.
|
||||
type: boolean
|
||||
name:
|
||||
description: Name defines the Cookie name.
|
||||
type: string
|
||||
sameSite:
|
||||
description: 'SameSite defines the same site policy.
|
||||
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||
type: string
|
||||
secure:
|
||||
description: Secure defines whether the cookie can
|
||||
only be transmitted over an encrypted connection
|
||||
(i.e. HTTPS).
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
description: Strategy defines the load balancing strategy
|
||||
between the servers. RoundRobin is the only supported value
|
||||
at the moment.
|
||||
type: string
|
||||
weight:
|
||||
description: Weight defines the weight and should only be
|
||||
specified when Name references a TraefikService object (and
|
||||
to be precise, one that embeds a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
status:
|
||||
description: Status defines which status or range of statuses
|
||||
should result in an error page. It can be either a status code
|
||||
as a number (500), as multiple comma-separated numbers (500,502),
|
||||
as ranges by separating two codes with a dash (500-599), or
|
||||
a combination of the two (404,418,500-599).
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
forwardAuth:
|
||||
description: 'ForwardAuth holds the forward auth middleware configuration.
|
||||
This middleware delegates the request authentication to a Service.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/'
|
||||
properties:
|
||||
address:
|
||||
description: Address defines the authentication server address.
|
||||
type: string
|
||||
authRequestHeaders:
|
||||
description: AuthRequestHeaders defines the list of the headers
|
||||
to copy from the request to the authentication server. If not
|
||||
set or empty then all request headers are passed.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
authResponseHeaders:
|
||||
description: AuthResponseHeaders defines the list of headers to
|
||||
copy from the authentication server response and set on forwarded
|
||||
request, replacing any existing conflicting headers.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
authResponseHeadersRegex:
|
||||
description: 'AuthResponseHeadersRegex defines the regex to match
|
||||
headers to copy from the authentication server response and
|
||||
set on forwarded request, after stripping all headers that match
|
||||
the regex. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/#authresponseheadersregex'
|
||||
type: string
|
||||
tls:
|
||||
description: TLS defines the configuration used to secure the
|
||||
connection to the authentication server.
|
||||
properties:
|
||||
caOptional:
|
||||
type: boolean
|
||||
caSecret:
|
||||
description: CASecret is the name of the referenced Kubernetes
|
||||
Secret containing the CA to validate the server certificate.
|
||||
The CA certificate is extracted from key `tls.ca` or `ca.crt`.
|
||||
type: string
|
||||
certSecret:
|
||||
description: CertSecret is the name of the referenced Kubernetes
|
||||
Secret containing the client certificate. The client certificate
|
||||
is extracted from the keys `tls.crt` and `tls.key`.
|
||||
type: string
|
||||
insecureSkipVerify:
|
||||
description: InsecureSkipVerify defines whether the server
|
||||
certificates should be validated.
|
||||
type: boolean
|
||||
type: object
|
||||
trustForwardHeader:
|
||||
description: 'TrustForwardHeader defines whether to trust (ie:
|
||||
forward) all X-Forwarded-* headers.'
|
||||
type: boolean
|
||||
type: object
|
||||
headers:
|
||||
description: 'Headers holds the headers middleware configuration.
|
||||
This middleware manages the requests and responses headers. More
|
||||
info: https://doc.traefik.io/traefik/v2.9/middlewares/http/headers/#customrequestheaders'
|
||||
properties:
|
||||
accessControlAllowCredentials:
|
||||
description: AccessControlAllowCredentials defines whether the
|
||||
request can include user credentials.
|
||||
type: boolean
|
||||
accessControlAllowHeaders:
|
||||
description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
|
||||
values sent in preflight response.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlAllowMethods:
|
||||
description: AccessControlAllowMethods defines the Access-Control-Request-Method
|
||||
values sent in preflight response.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlAllowOriginList:
|
||||
description: AccessControlAllowOriginList is a list of allowable
|
||||
origins. Can also be a wildcard origin "*".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlAllowOriginListRegex:
|
||||
description: AccessControlAllowOriginListRegex is a list of allowable
|
||||
origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlExposeHeaders:
|
||||
description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
|
||||
values sent in preflight response.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlMaxAge:
|
||||
description: AccessControlMaxAge defines the time that a preflight
|
||||
request may be cached.
|
||||
format: int64
|
||||
type: integer
|
||||
addVaryHeader:
|
||||
description: AddVaryHeader defines whether the Vary header is
|
||||
automatically added/updated when the AccessControlAllowOriginList
|
||||
is set.
|
||||
type: boolean
|
||||
allowedHosts:
|
||||
description: AllowedHosts defines the fully qualified list of
|
||||
allowed domain names.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
browserXssFilter:
|
||||
description: BrowserXSSFilter defines whether to add the X-XSS-Protection
|
||||
header with the value 1; mode=block.
|
||||
type: boolean
|
||||
contentSecurityPolicy:
|
||||
description: ContentSecurityPolicy defines the Content-Security-Policy
|
||||
header value.
|
||||
type: string
|
||||
contentTypeNosniff:
|
||||
description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
|
||||
header with the nosniff value.
|
||||
type: boolean
|
||||
customBrowserXSSValue:
|
||||
description: CustomBrowserXSSValue defines the X-XSS-Protection
|
||||
header value. This overrides the BrowserXssFilter option.
|
||||
type: string
|
||||
customFrameOptionsValue:
|
||||
description: CustomFrameOptionsValue defines the X-Frame-Options
|
||||
header value. This overrides the FrameDeny option.
|
||||
type: string
|
||||
customRequestHeaders:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: CustomRequestHeaders defines the header names and
|
||||
values to apply to the request.
|
||||
type: object
|
||||
customResponseHeaders:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: CustomResponseHeaders defines the header names and
|
||||
values to apply to the response.
|
||||
type: object
|
||||
featurePolicy:
|
||||
description: 'Deprecated: use PermissionsPolicy instead.'
|
||||
type: string
|
||||
forceSTSHeader:
|
||||
description: ForceSTSHeader defines whether to add the STS header
|
||||
even when the connection is HTTP.
|
||||
type: boolean
|
||||
frameDeny:
|
||||
description: FrameDeny defines whether to add the X-Frame-Options
|
||||
header with the DENY value.
|
||||
type: boolean
|
||||
hostsProxyHeaders:
|
||||
description: HostsProxyHeaders defines the header keys that may
|
||||
hold a proxied hostname value for the request.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
isDevelopment:
|
||||
description: IsDevelopment defines whether to mitigate the unwanted
|
||||
effects of the AllowedHosts, SSL, and STS options when developing.
|
||||
Usually testing takes place using HTTP, not HTTPS, and on localhost,
|
||||
not your production domain. If you would like your development
|
||||
environment to mimic production with complete Host blocking,
|
||||
SSL redirects, and STS headers, leave this as false.
|
||||
type: boolean
|
||||
permissionsPolicy:
|
||||
description: PermissionsPolicy defines the Permissions-Policy
|
||||
header value. This allows sites to control browser features.
|
||||
type: string
|
||||
publicKey:
|
||||
description: PublicKey is the public key that implements HPKP
|
||||
to prevent MITM attacks with forged certificates.
|
||||
type: string
|
||||
referrerPolicy:
|
||||
description: ReferrerPolicy defines the Referrer-Policy header
|
||||
value. This allows sites to control whether browsers forward
|
||||
the Referer header to other sites.
|
||||
type: string
|
||||
sslForceHost:
|
||||
description: 'Deprecated: use RedirectRegex instead.'
|
||||
type: boolean
|
||||
sslHost:
|
||||
description: 'Deprecated: use RedirectRegex instead.'
|
||||
type: string
|
||||
sslProxyHeaders:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: 'SSLProxyHeaders defines the header keys with associated
|
||||
values that would indicate a valid HTTPS request. It can be
|
||||
useful when using other proxies (example: "X-Forwarded-Proto":
|
||||
"https").'
|
||||
type: object
|
||||
sslRedirect:
|
||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
||||
instead.'
|
||||
type: boolean
|
||||
sslTemporaryRedirect:
|
||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
||||
instead.'
|
||||
type: boolean
|
||||
stsIncludeSubdomains:
|
||||
description: STSIncludeSubdomains defines whether the includeSubDomains
|
||||
directive is appended to the Strict-Transport-Security header.
|
||||
type: boolean
|
||||
stsPreload:
|
||||
description: STSPreload defines whether the preload flag is appended
|
||||
to the Strict-Transport-Security header.
|
||||
type: boolean
|
||||
stsSeconds:
|
||||
description: STSSeconds defines the max-age of the Strict-Transport-Security
|
||||
header. If set to 0, the header is not set.
|
||||
format: int64
|
||||
type: integer
|
||||
type: object
|
||||
inFlightReq:
|
||||
description: 'InFlightReq holds the in-flight request middleware configuration.
|
||||
This middleware limits the number of requests being processed and
|
||||
served concurrently. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/'
|
||||
properties:
|
||||
amount:
|
||||
description: Amount defines the maximum amount of allowed simultaneous
|
||||
in-flight request. The middleware responds with HTTP 429 Too
|
||||
Many Requests if there are already amount requests in progress
|
||||
(based on the same sourceCriterion strategy).
|
||||
format: int64
|
||||
type: integer
|
||||
sourceCriterion:
|
||||
description: 'SourceCriterion defines what criterion is used to
|
||||
group requests as originating from a common source. If several
|
||||
strategies are defined at the same time, an error will be raised.
|
||||
If none are set, the default is to use the requestHost. More
|
||||
info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/#sourcecriterion'
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration
|
||||
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
header and take the IP located at the depth position
|
||||
(starting from the right).
|
||||
type: integer
|
||||
excludedIPs:
|
||||
description: ExcludedIPs configures Traefik to scan the
|
||||
X-Forwarded-For header and select the first IP not in
|
||||
the list.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
requestHeaderName:
|
||||
description: RequestHeaderName defines the name of the header
|
||||
used to group incoming requests.
|
||||
type: string
|
||||
requestHost:
|
||||
description: RequestHost defines whether to consider the request
|
||||
Host as the source.
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
ipWhiteList:
|
||||
description: 'IPWhiteList holds the IP whitelist middleware configuration.
|
||||
This middleware accepts / refuses requests based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/'
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration used
|
||||
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
header and take the IP located at the depth position (starting
|
||||
from the right).
|
||||
type: integer
|
||||
excludedIPs:
|
||||
description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
|
||||
header and select the first IP not in the list.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
sourceRange:
|
||||
description: SourceRange defines the set of allowed IPs (or ranges
|
||||
of allowed IPs by using CIDR notation).
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
passTLSClientCert:
|
||||
description: 'PassTLSClientCert holds the pass TLS client cert middleware
|
||||
configuration. This middleware adds the selected data from the passed
|
||||
client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/passtlsclientcert/'
|
||||
properties:
|
||||
info:
|
||||
description: Info selects the specific client certificate details
|
||||
you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
|
||||
properties:
|
||||
issuer:
|
||||
description: Issuer defines the client certificate issuer
|
||||
details to add to the X-Forwarded-Tls-Client-Cert-Info header.
|
||||
properties:
|
||||
commonName:
|
||||
description: CommonName defines whether to add the organizationalUnit
|
||||
information into the issuer.
|
||||
type: boolean
|
||||
country:
|
||||
description: Country defines whether to add the country
|
||||
information into the issuer.
|
||||
type: boolean
|
||||
domainComponent:
|
||||
description: DomainComponent defines whether to add the
|
||||
domainComponent information into the issuer.
|
||||
type: boolean
|
||||
locality:
|
||||
description: Locality defines whether to add the locality
|
||||
information into the issuer.
|
||||
type: boolean
|
||||
organization:
|
||||
description: Organization defines whether to add the organization
|
||||
information into the issuer.
|
||||
type: boolean
|
||||
province:
|
||||
description: Province defines whether to add the province
|
||||
information into the issuer.
|
||||
type: boolean
|
||||
serialNumber:
|
||||
description: SerialNumber defines whether to add the serialNumber
|
||||
information into the issuer.
|
||||
type: boolean
|
||||
type: object
|
||||
notAfter:
|
||||
description: NotAfter defines whether to add the Not After
|
||||
information from the Validity part.
|
||||
type: boolean
|
||||
notBefore:
|
||||
description: NotBefore defines whether to add the Not Before
|
||||
information from the Validity part.
|
||||
type: boolean
|
||||
sans:
|
||||
description: Sans defines whether to add the Subject Alternative
|
||||
Name information from the Subject Alternative Name part.
|
||||
type: boolean
|
||||
serialNumber:
|
||||
description: SerialNumber defines whether to add the client
|
||||
serialNumber information.
|
||||
type: boolean
|
||||
subject:
|
||||
description: Subject defines the client certificate subject
|
||||
details to add to the X-Forwarded-Tls-Client-Cert-Info header.
|
||||
properties:
|
||||
commonName:
|
||||
description: CommonName defines whether to add the organizationalUnit
|
||||
information into the subject.
|
||||
type: boolean
|
||||
country:
|
||||
description: Country defines whether to add the country
|
||||
information into the subject.
|
||||
type: boolean
|
||||
domainComponent:
|
||||
description: DomainComponent defines whether to add the
|
||||
domainComponent information into the subject.
|
||||
type: boolean
|
||||
locality:
|
||||
description: Locality defines whether to add the locality
|
||||
information into the subject.
|
||||
type: boolean
|
||||
organization:
|
||||
description: Organization defines whether to add the organization
|
||||
information into the subject.
|
||||
type: boolean
|
||||
organizationalUnit:
|
||||
description: OrganizationalUnit defines whether to add
|
||||
the organizationalUnit information into the subject.
|
||||
type: boolean
|
||||
province:
|
||||
description: Province defines whether to add the province
|
||||
information into the subject.
|
||||
type: boolean
|
||||
serialNumber:
|
||||
description: SerialNumber defines whether to add the serialNumber
|
||||
information into the subject.
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
pem:
|
||||
description: PEM sets the X-Forwarded-Tls-Client-Cert header with
|
||||
the escaped certificate.
|
||||
type: boolean
|
||||
type: object
|
||||
plugin:
|
||||
additionalProperties:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
description: 'Plugin defines the middleware plugin configuration.
|
||||
More info: https://doc.traefik.io/traefik/plugins/'
|
||||
type: object
|
||||
rateLimit:
|
||||
description: 'RateLimit holds the rate limit configuration. This middleware
|
||||
ensures that services will receive a fair amount of requests, and
|
||||
allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ratelimit/'
|
||||
properties:
|
||||
average:
|
||||
description: Average is the maximum rate, by default in requests/s,
|
||||
allowed for the given source. It defaults to 0, which means
|
||||
no rate limiting. The rate is actually defined by dividing Average
|
||||
by Period. So for a rate below 1req/s, one needs to define a
|
||||
Period larger than a second.
|
||||
format: int64
|
||||
type: integer
|
||||
burst:
|
||||
description: Burst is the maximum number of requests allowed to
|
||||
arrive in the same arbitrarily small period of time. It defaults
|
||||
to 1.
|
||||
format: int64
|
||||
type: integer
|
||||
period:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: 'Period, in combination with Average, defines the
|
||||
actual maximum rate, such as: r = Average / Period. It defaults
|
||||
to a second.'
|
||||
x-kubernetes-int-or-string: true
|
||||
sourceCriterion:
|
||||
description: SourceCriterion defines what criterion is used to
|
||||
group requests as originating from a common source. If several
|
||||
strategies are defined at the same time, an error will be raised.
|
||||
If none are set, the default is to use the request's remote
|
||||
address field (as an ipStrategy).
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration
|
||||
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
header and take the IP located at the depth position
|
||||
(starting from the right).
|
||||
type: integer
|
||||
excludedIPs:
|
||||
description: ExcludedIPs configures Traefik to scan the
|
||||
X-Forwarded-For header and select the first IP not in
|
||||
the list.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
requestHeaderName:
|
||||
description: RequestHeaderName defines the name of the header
|
||||
used to group incoming requests.
|
||||
type: string
|
||||
requestHost:
|
||||
description: RequestHost defines whether to consider the request
|
||||
Host as the source.
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
redirectRegex:
|
||||
description: 'RedirectRegex holds the redirect regex middleware configuration.
|
||||
This middleware redirects a request using regex matching and replacement.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectregex/#regex'
|
||||
properties:
|
||||
permanent:
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
(301).
|
||||
type: boolean
|
||||
regex:
|
||||
description: Regex defines the regex used to match and capture
|
||||
elements from the request URL.
|
||||
type: string
|
||||
replacement:
|
||||
description: Replacement defines how to modify the URL to have
|
||||
the new target URL.
|
||||
type: string
|
||||
type: object
|
||||
redirectScheme:
|
||||
description: 'RedirectScheme holds the redirect scheme middleware
|
||||
configuration. This middleware redirects requests from a scheme/port
|
||||
to another. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectscheme/'
|
||||
properties:
|
||||
permanent:
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
(301).
|
||||
type: boolean
|
||||
port:
|
||||
description: Port defines the port of the new URL.
|
||||
type: string
|
||||
scheme:
|
||||
description: Scheme defines the scheme of the new URL.
|
||||
type: string
|
||||
type: object
|
||||
replacePath:
|
||||
description: 'ReplacePath holds the replace path middleware configuration.
|
||||
This middleware replaces the path of the request URL and store the
|
||||
original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepath/'
|
||||
properties:
|
||||
path:
|
||||
description: Path defines the path to use as replacement in the
|
||||
request URL.
|
||||
type: string
|
||||
type: object
|
||||
replacePathRegex:
|
||||
description: 'ReplacePathRegex holds the replace path regex middleware
|
||||
configuration. This middleware replaces the path of a URL using
|
||||
regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepathregex/'
|
||||
properties:
|
||||
regex:
|
||||
description: Regex defines the regular expression used to match
|
||||
and capture the path from the request URL.
|
||||
type: string
|
||||
replacement:
|
||||
description: Replacement defines the replacement path format,
|
||||
which can include captured variables.
|
||||
type: string
|
||||
type: object
|
||||
retry:
|
||||
description: 'Retry holds the retry middleware configuration. This
|
||||
middleware reissues requests a given number of times to a backend
|
||||
server if that server does not reply. As soon as the server answers,
|
||||
the middleware stops retrying, regardless of the response status.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/retry/'
|
||||
properties:
|
||||
attempts:
|
||||
description: Attempts defines how many times the request should
|
||||
be retried.
|
||||
type: integer
|
||||
initialInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: InitialInterval defines the first wait time in the
|
||||
exponential backoff series. The maximum interval is calculated
|
||||
as twice the initialInterval. If unspecified, requests will
|
||||
be retried immediately. The value of initialInterval should
|
||||
be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
stripPrefix:
|
||||
description: 'StripPrefix holds the strip prefix middleware configuration.
|
||||
This middleware removes the specified prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
|
||||
properties:
|
||||
forceSlash:
|
||||
description: 'ForceSlash ensures that the resulting stripped path
|
||||
is not the empty string, by replacing it with / when necessary.
|
||||
Default: true.'
|
||||
type: boolean
|
||||
prefixes:
|
||||
description: Prefixes defines the prefixes to strip from the request
|
||||
URL.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
stripPrefixRegex:
|
||||
description: 'StripPrefixRegex holds the strip prefix regex middleware
|
||||
configuration. This middleware removes the matching prefixes from
|
||||
the URL path. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefixregex/'
|
||||
properties:
|
||||
regex:
|
||||
description: Regex defines the regular expression to match the
|
||||
path prefix from the request URL.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,72 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: middlewaretcps.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: MiddlewareTCP
|
||||
listKind: MiddlewareTCPList
|
||||
plural: middlewaretcps
|
||||
singular: middlewaretcp
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/overview/'
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
|
||||
properties:
|
||||
inFlightConn:
|
||||
description: InFlightConn defines the InFlightConn middleware configuration.
|
||||
properties:
|
||||
amount:
|
||||
description: Amount defines the maximum amount of allowed simultaneous
|
||||
connections. The middleware closes the connection if there are
|
||||
already amount connections opened.
|
||||
format: int64
|
||||
type: integer
|
||||
type: object
|
||||
ipWhiteList:
|
||||
description: IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
allowed IPs by using CIDR notation).
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,128 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: serverstransports.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: ServersTransport
|
||||
listKind: ServersTransportList
|
||||
plural: serverstransports
|
||||
singular: serverstransport
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'ServersTransport is the CRD implementation of a ServersTransport.
|
||||
If no serversTransport is specified, the default@internal will be used.
|
||||
The default@internal serversTransport is created from the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/routing/services/#serverstransport_1'
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: ServersTransportSpec defines the desired state of a ServersTransport.
|
||||
properties:
|
||||
certificatesSecrets:
|
||||
description: CertificatesSecrets defines a list of secret storing
|
||||
client certificates for mTLS.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
disableHTTP2:
|
||||
description: DisableHTTP2 disables HTTP/2 for connections with backend
|
||||
servers.
|
||||
type: boolean
|
||||
forwardingTimeouts:
|
||||
description: ForwardingTimeouts defines the timeouts for requests
|
||||
forwarded to the backend servers.
|
||||
properties:
|
||||
dialTimeout:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: DialTimeout is the amount of time to wait until a
|
||||
connection to a backend server can be established.
|
||||
x-kubernetes-int-or-string: true
|
||||
idleConnTimeout:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: IdleConnTimeout is the maximum period for which an
|
||||
idle HTTP keep-alive connection will remain open before closing
|
||||
itself.
|
||||
x-kubernetes-int-or-string: true
|
||||
pingTimeout:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: PingTimeout is the timeout after which the HTTP/2
|
||||
connection will be closed if a response to ping is not received.
|
||||
x-kubernetes-int-or-string: true
|
||||
readIdleTimeout:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: ReadIdleTimeout is the timeout after which a health
|
||||
check using ping frame will be carried out if no frame is received
|
||||
on the HTTP/2 connection.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseHeaderTimeout:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: ResponseHeaderTimeout is the amount of time to wait
|
||||
for a server's response headers after fully writing the request
|
||||
(including its body, if any).
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
insecureSkipVerify:
|
||||
description: InsecureSkipVerify disables SSL certificate verification.
|
||||
type: boolean
|
||||
maxIdleConnsPerHost:
|
||||
description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
|
||||
to keep per-host.
|
||||
type: integer
|
||||
peerCertURI:
|
||||
description: PeerCertURI defines the peer cert URI used to match against
|
||||
SAN URI during the peer certificate verification.
|
||||
type: string
|
||||
rootCAsSecrets:
|
||||
description: RootCAsSecrets defines a list of CA secret used to validate
|
||||
self-signed certificate.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
serverName:
|
||||
description: ServerName defines the server name used to contact the
|
||||
server.
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,113 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: tlsoptions.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: TLSOption
|
||||
listKind: TLSOptionList
|
||||
plural: tlsoptions
|
||||
singular: tlsoption
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
|
||||
allowing to configure some parameters of the TLS connection. More info:
|
||||
https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: TLSOptionSpec defines the desired state of a TLSOption.
|
||||
properties:
|
||||
alpnProtocols:
|
||||
description: 'ALPNProtocols defines the list of supported application
|
||||
level protocols for the TLS handshake, in order of preference. More
|
||||
info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
cipherSuites:
|
||||
description: 'CipherSuites defines the list of supported cipher suites
|
||||
for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#cipher-suites'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
clientAuth:
|
||||
description: ClientAuth defines the server's policy for TLS Client
|
||||
Authentication.
|
||||
properties:
|
||||
clientAuthType:
|
||||
description: ClientAuthType defines the client authentication
|
||||
type to apply.
|
||||
enum:
|
||||
- NoClientCert
|
||||
- RequestClientCert
|
||||
- RequireAnyClientCert
|
||||
- VerifyClientCertIfGiven
|
||||
- RequireAndVerifyClientCert
|
||||
type: string
|
||||
secretNames:
|
||||
description: SecretNames defines the names of the referenced Kubernetes
|
||||
Secret storing certificate details.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
curvePreferences:
|
||||
description: 'CurvePreferences defines the preferred elliptic curves
|
||||
in a specific order. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#curve-preferences'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
maxVersion:
|
||||
description: 'MaxVersion defines the maximum TLS version that Traefik
|
||||
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
|
||||
VersionTLS13. Default: None.'
|
||||
type: string
|
||||
minVersion:
|
||||
description: 'MinVersion defines the minimum TLS version that Traefik
|
||||
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
|
||||
VersionTLS13. Default: VersionTLS10.'
|
||||
type: string
|
||||
preferServerCipherSuites:
|
||||
description: 'PreferServerCipherSuites defines whether the server
|
||||
chooses a cipher suite among his own instead of among the client''s.
|
||||
It is enabled automatically when minVersion or maxVersion is set.
|
||||
Deprecated: https://github.com/golang/go/issues/45430'
|
||||
type: boolean
|
||||
sniStrict:
|
||||
description: SniStrict defines whether Traefik allows connections
|
||||
from clients connections that do not specify a server_name extension.
|
||||
type: boolean
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,99 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: tlsstores.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: TLSStore
|
||||
listKind: TLSStoreList
|
||||
plural: tlsstores
|
||||
singular: tlsstore
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
|
||||
the time being, only the TLSStore named default is supported. This means
|
||||
that you cannot have two stores that are named default in different Kubernetes
|
||||
namespaces. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#certificates-stores'
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: TLSStoreSpec defines the desired state of a TLSStore.
|
||||
properties:
|
||||
certificates:
|
||||
description: Certificates is a list of secret names, each secret holding
|
||||
a key/certificate pair to add to the store.
|
||||
items:
|
||||
description: Certificate holds a secret name for the TLSStore resource.
|
||||
properties:
|
||||
secretName:
|
||||
description: SecretName is the name of the referenced Kubernetes
|
||||
Secret to specify the certificate details.
|
||||
type: string
|
||||
required:
|
||||
- secretName
|
||||
type: object
|
||||
type: array
|
||||
defaultCertificate:
|
||||
description: DefaultCertificate defines the default certificate configuration.
|
||||
properties:
|
||||
secretName:
|
||||
description: SecretName is the name of the referenced Kubernetes
|
||||
Secret to specify the certificate details.
|
||||
type: string
|
||||
required:
|
||||
- secretName
|
||||
type: object
|
||||
defaultGeneratedCert:
|
||||
description: DefaultGeneratedCert defines the default generated certificate
|
||||
configuration.
|
||||
properties:
|
||||
domain:
|
||||
description: Domain is the domain definition for the DefaultCertificate.
|
||||
properties:
|
||||
main:
|
||||
description: Main defines the main domain name.
|
||||
type: string
|
||||
sans:
|
||||
description: SANs defines the subject alternative domain names.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
resolver:
|
||||
description: Resolver is the name of the resolver that will be
|
||||
used to issue the DefaultCertificate.
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,381 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: traefikservices.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: TraefikService
|
||||
listKind: TraefikServiceList
|
||||
plural: traefikservices
|
||||
singular: traefikservice
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'TraefikService is the CRD implementation of a Traefik Service.
|
||||
TraefikService object allows to: - Apply weight to Services on load-balancing
|
||||
- Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-traefikservice'
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: TraefikServiceSpec defines the desired state of a TraefikService.
|
||||
properties:
|
||||
mirroring:
|
||||
description: Mirroring defines the Mirroring service configuration.
|
||||
properties:
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
maxBodySize:
|
||||
description: MaxBodySize defines the maximum size allowed for
|
||||
the body of the request. If the body is larger, the request
|
||||
is not mirrored. Default value is -1, which means unlimited
|
||||
size.
|
||||
format: int64
|
||||
type: integer
|
||||
mirrors:
|
||||
description: Mirrors defines the list of mirrors where Traefik
|
||||
will duplicate the traffic.
|
||||
items:
|
||||
description: MirrorService holds the mirror configuration.
|
||||
properties:
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service or TraefikService. The differentiation between
|
||||
the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service or TraefikService.
|
||||
type: string
|
||||
passHostHeader:
|
||||
description: PassHostHeader defines whether the client Host
|
||||
header is forwarded to the upstream Kubernetes Service.
|
||||
By default, passHostHeader is true.
|
||||
type: boolean
|
||||
percent:
|
||||
description: 'Percent defines the part of the traffic to
|
||||
mirror. Supported values: 0 to 100.'
|
||||
type: integer
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding defines how Traefik forwards
|
||||
the response from the upstream Kubernetes Service to the
|
||||
client.
|
||||
properties:
|
||||
flushInterval:
|
||||
description: 'FlushInterval defines the interval, in
|
||||
milliseconds, in between flushes to the client while
|
||||
copying the response body. A negative value means
|
||||
to flush immediately after each write to the client.
|
||||
This configuration is ignored when ReverseProxy recognizes
|
||||
a response as a streaming response; for such responses,
|
||||
writes are flushed to the client immediately. Default:
|
||||
100ms'
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
description: Scheme defines the scheme to use for the request
|
||||
to the upstream Kubernetes Service. It defaults to https
|
||||
when Kubernetes Service port is 443, http otherwise.
|
||||
type: string
|
||||
serversTransport:
|
||||
description: ServersTransport defines the name of ServersTransport
|
||||
resource to use. It allows to configure the transport
|
||||
between Traefik and your servers. Can only be used on
|
||||
a Kubernetes Service.
|
||||
type: string
|
||||
sticky:
|
||||
description: 'Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
properties:
|
||||
httpOnly:
|
||||
description: HTTPOnly defines whether the cookie
|
||||
can be accessed by client-side APIs, such as JavaScript.
|
||||
type: boolean
|
||||
name:
|
||||
description: Name defines the Cookie name.
|
||||
type: string
|
||||
sameSite:
|
||||
description: 'SameSite defines the same site policy.
|
||||
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||
type: string
|
||||
secure:
|
||||
description: Secure defines whether the cookie can
|
||||
only be transmitted over an encrypted connection
|
||||
(i.e. HTTPS).
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
description: Strategy defines the load balancing strategy
|
||||
between the servers. RoundRobin is the only supported
|
||||
value at the moment.
|
||||
type: string
|
||||
weight:
|
||||
description: Weight defines the weight and should only be
|
||||
specified when Name references a TraefikService object
|
||||
(and to be precise, one that embeds a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service or TraefikService. The differentiation between the two
|
||||
is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service or TraefikService.
|
||||
type: string
|
||||
passHostHeader:
|
||||
description: PassHostHeader defines whether the client Host header
|
||||
is forwarded to the upstream Kubernetes Service. By default,
|
||||
passHostHeader is true.
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service. This
|
||||
can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding defines how Traefik forwards the
|
||||
response from the upstream Kubernetes Service to the client.
|
||||
properties:
|
||||
flushInterval:
|
||||
description: 'FlushInterval defines the interval, in milliseconds,
|
||||
in between flushes to the client while copying the response
|
||||
body. A negative value means to flush immediately after
|
||||
each write to the client. This configuration is ignored
|
||||
when ReverseProxy recognizes a response as a streaming response;
|
||||
for such responses, writes are flushed to the client immediately.
|
||||
Default: 100ms'
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
description: Scheme defines the scheme to use for the request
|
||||
to the upstream Kubernetes Service. It defaults to https when
|
||||
Kubernetes Service port is 443, http otherwise.
|
||||
type: string
|
||||
serversTransport:
|
||||
description: ServersTransport defines the name of ServersTransport
|
||||
resource to use. It allows to configure the transport between
|
||||
Traefik and your servers. Can only be used on a Kubernetes Service.
|
||||
type: string
|
||||
sticky:
|
||||
description: 'Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
properties:
|
||||
httpOnly:
|
||||
description: HTTPOnly defines whether the cookie can be
|
||||
accessed by client-side APIs, such as JavaScript.
|
||||
type: boolean
|
||||
name:
|
||||
description: Name defines the Cookie name.
|
||||
type: string
|
||||
sameSite:
|
||||
description: 'SameSite defines the same site policy. More
|
||||
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||
type: string
|
||||
secure:
|
||||
description: Secure defines whether the cookie can only
|
||||
be transmitted over an encrypted connection (i.e. HTTPS).
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
description: Strategy defines the load balancing strategy between
|
||||
the servers. RoundRobin is the only supported value at the moment.
|
||||
type: string
|
||||
weight:
|
||||
description: Weight defines the weight and should only be specified
|
||||
when Name references a TraefikService object (and to be precise,
|
||||
one that embeds a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
weighted:
|
||||
description: Weighted defines the Weighted Round Robin configuration.
|
||||
properties:
|
||||
services:
|
||||
description: Services defines the list of Kubernetes Service and/or
|
||||
TraefikService to load-balance, with weight.
|
||||
items:
|
||||
description: Service defines an upstream HTTP service to proxy
|
||||
traffic to.
|
||||
properties:
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service or TraefikService. The differentiation between
|
||||
the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service or TraefikService.
|
||||
type: string
|
||||
passHostHeader:
|
||||
description: PassHostHeader defines whether the client Host
|
||||
header is forwarded to the upstream Kubernetes Service.
|
||||
By default, passHostHeader is true.
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding defines how Traefik forwards
|
||||
the response from the upstream Kubernetes Service to the
|
||||
client.
|
||||
properties:
|
||||
flushInterval:
|
||||
description: 'FlushInterval defines the interval, in
|
||||
milliseconds, in between flushes to the client while
|
||||
copying the response body. A negative value means
|
||||
to flush immediately after each write to the client.
|
||||
This configuration is ignored when ReverseProxy recognizes
|
||||
a response as a streaming response; for such responses,
|
||||
writes are flushed to the client immediately. Default:
|
||||
100ms'
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
description: Scheme defines the scheme to use for the request
|
||||
to the upstream Kubernetes Service. It defaults to https
|
||||
when Kubernetes Service port is 443, http otherwise.
|
||||
type: string
|
||||
serversTransport:
|
||||
description: ServersTransport defines the name of ServersTransport
|
||||
resource to use. It allows to configure the transport
|
||||
between Traefik and your servers. Can only be used on
|
||||
a Kubernetes Service.
|
||||
type: string
|
||||
sticky:
|
||||
description: 'Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
properties:
|
||||
httpOnly:
|
||||
description: HTTPOnly defines whether the cookie
|
||||
can be accessed by client-side APIs, such as JavaScript.
|
||||
type: boolean
|
||||
name:
|
||||
description: Name defines the Cookie name.
|
||||
type: string
|
||||
sameSite:
|
||||
description: 'SameSite defines the same site policy.
|
||||
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||
type: string
|
||||
secure:
|
||||
description: Secure defines whether the cookie can
|
||||
only be transmitted over an encrypted connection
|
||||
(i.e. HTTPS).
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
description: Strategy defines the load balancing strategy
|
||||
between the servers. RoundRobin is the only supported
|
||||
value at the moment.
|
||||
type: string
|
||||
weight:
|
||||
description: Weight defines the weight and should only be
|
||||
specified when Name references a TraefikService object
|
||||
(and to be precise, one that embeds a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
sticky:
|
||||
description: 'Sticky defines whether sticky sessions are enabled.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
properties:
|
||||
httpOnly:
|
||||
description: HTTPOnly defines whether the cookie can be
|
||||
accessed by client-side APIs, such as JavaScript.
|
||||
type: boolean
|
||||
name:
|
||||
description: Name defines the Cookie name.
|
||||
type: string
|
||||
sameSite:
|
||||
description: 'SameSite defines the same site policy. More
|
||||
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||
type: string
|
||||
secure:
|
||||
description: Secure defines whether the cookie can only
|
||||
be transmitted over an encrypted connection (i.e. HTTPS).
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,275 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: ingressroutes.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
names:
|
||||
kind: IngressRoute
|
||||
listKind: IngressRouteList
|
||||
plural: ingressroutes
|
||||
singular: ingressroute
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: IngressRouteSpec defines the desired state of IngressRoute.
|
||||
properties:
|
||||
entryPoints:
|
||||
description: 'EntryPoints defines the list of entry point names to
|
||||
bind to. Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
|
||||
Default: all.'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
routes:
|
||||
description: Routes defines the list of routes.
|
||||
items:
|
||||
description: Route holds the HTTP route configuration.
|
||||
properties:
|
||||
kind:
|
||||
description: Kind defines the kind of the route. Rule is the
|
||||
only supported kind.
|
||||
enum:
|
||||
- Rule
|
||||
type: string
|
||||
match:
|
||||
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule'
|
||||
type: string
|
||||
middlewares:
|
||||
description: 'Middlewares defines the list of references to
|
||||
Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware'
|
||||
items:
|
||||
description: MiddlewareRef is a reference to a Middleware
|
||||
resource.
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Middleware
|
||||
resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Middleware resource.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
priority:
|
||||
description: 'Priority defines the router''s priority. More
|
||||
info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority'
|
||||
type: integer
|
||||
services:
|
||||
description: Services defines the list of Service. It can contain
|
||||
any combination of TraefikService and/or reference to a Kubernetes
|
||||
Service.
|
||||
items:
|
||||
description: Service defines an upstream HTTP service to proxy
|
||||
traffic to.
|
||||
properties:
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service or TraefikService. The differentiation between
|
||||
the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service or TraefikService.
|
||||
type: string
|
||||
nativeLB:
|
||||
description: NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs
|
||||
or if the only child is the Kubernetes Service clusterIP.
|
||||
The Kubernetes Service itself does load-balance to the
|
||||
pods. By default, NativeLB is false.
|
||||
type: boolean
|
||||
passHostHeader:
|
||||
description: PassHostHeader defines whether the client
|
||||
Host header is forwarded to the upstream Kubernetes
|
||||
Service. By default, passHostHeader is true.
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding defines how Traefik forwards
|
||||
the response from the upstream Kubernetes Service to
|
||||
the client.
|
||||
properties:
|
||||
flushInterval:
|
||||
description: 'FlushInterval defines the interval,
|
||||
in milliseconds, in between flushes to the client
|
||||
while copying the response body. A negative value
|
||||
means to flush immediately after each write to the
|
||||
client. This configuration is ignored when ReverseProxy
|
||||
recognizes a response as a streaming response; for
|
||||
such responses, writes are flushed to the client
|
||||
immediately. Default: 100ms'
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
description: Scheme defines the scheme to use for the
|
||||
request to the upstream Kubernetes Service. It defaults
|
||||
to https when Kubernetes Service port is 443, http otherwise.
|
||||
type: string
|
||||
serversTransport:
|
||||
description: ServersTransport defines the name of ServersTransport
|
||||
resource to use. It allows to configure the transport
|
||||
between Traefik and your servers. Can only be used on
|
||||
a Kubernetes Service.
|
||||
type: string
|
||||
sticky:
|
||||
description: 'Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
properties:
|
||||
httpOnly:
|
||||
description: HTTPOnly defines whether the cookie
|
||||
can be accessed by client-side APIs, such as
|
||||
JavaScript.
|
||||
type: boolean
|
||||
name:
|
||||
description: Name defines the Cookie name.
|
||||
type: string
|
||||
sameSite:
|
||||
description: 'SameSite defines the same site policy.
|
||||
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||
type: string
|
||||
secure:
|
||||
description: Secure defines whether the cookie
|
||||
can only be transmitted over an encrypted connection
|
||||
(i.e. HTTPS).
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
description: Strategy defines the load balancing strategy
|
||||
between the servers. RoundRobin is the only supported
|
||||
value at the moment.
|
||||
type: string
|
||||
weight:
|
||||
description: Weight defines the weight and should only
|
||||
be specified when Name references a TraefikService object
|
||||
(and to be precise, one that embeds a Weighted Round
|
||||
Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- kind
|
||||
- match
|
||||
type: object
|
||||
type: array
|
||||
tls:
|
||||
description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls'
|
||||
properties:
|
||||
certResolver:
|
||||
description: 'CertResolver defines the name of the certificate
|
||||
resolver to use. Cert resolvers have to be configured in the
|
||||
static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
|
||||
type: string
|
||||
domains:
|
||||
description: 'Domains defines the list of domains that will be
|
||||
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
main:
|
||||
description: Main defines the main domain name.
|
||||
type: string
|
||||
sans:
|
||||
description: SANs defines the subject alternative domain
|
||||
names.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
options:
|
||||
description: 'Options defines the reference to a TLSOption, that
|
||||
specifies the parameters of the TLS connection. If not defined,
|
||||
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
|
||||
properties:
|
||||
name:
|
||||
description: 'Name defines the name of the referenced TLSOption.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
|
||||
type: string
|
||||
namespace:
|
||||
description: 'Namespace defines the namespace of the referenced
|
||||
TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
secretName:
|
||||
description: SecretName is the name of the referenced Kubernetes
|
||||
Secret to specify the certificate details.
|
||||
type: string
|
||||
store:
|
||||
description: Store defines the reference to the TLSStore, that
|
||||
will be used to store certificates. Please note that only `default`
|
||||
TLSStore can be used.
|
||||
properties:
|
||||
name:
|
||||
description: 'Name defines the name of the referenced TLSStore.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
|
||||
type: string
|
||||
namespace:
|
||||
description: 'Namespace defines the namespace of the referenced
|
||||
TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- routes
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,218 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: ingressroutetcps.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
names:
|
||||
kind: IngressRouteTCP
|
||||
listKind: IngressRouteTCPList
|
||||
plural: ingressroutetcps
|
||||
singular: ingressroutetcp
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
|
||||
properties:
|
||||
entryPoints:
|
||||
description: 'EntryPoints defines the list of entry point names to
|
||||
bind to. Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
|
||||
Default: all.'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
routes:
|
||||
description: Routes defines the list of routes.
|
||||
items:
|
||||
description: RouteTCP holds the TCP route configuration.
|
||||
properties:
|
||||
match:
|
||||
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1'
|
||||
type: string
|
||||
middlewares:
|
||||
description: Middlewares defines the list of references to MiddlewareTCP
|
||||
resources.
|
||||
items:
|
||||
description: ObjectReference is a generic reference to a Traefik
|
||||
resource.
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Traefik
|
||||
resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Traefik resource.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
priority:
|
||||
description: 'Priority defines the router''s priority. More
|
||||
info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1'
|
||||
type: integer
|
||||
services:
|
||||
description: Services defines the list of TCP services.
|
||||
items:
|
||||
description: ServiceTCP defines an upstream TCP service to
|
||||
proxy traffic to.
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service.
|
||||
type: string
|
||||
nativeLB:
|
||||
description: NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs
|
||||
or if the only child is the Kubernetes Service clusterIP.
|
||||
The Kubernetes Service itself does load-balance to the
|
||||
pods. By default, NativeLB is false.
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
proxyProtocol:
|
||||
description: 'ProxyProtocol defines the PROXY protocol
|
||||
configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol'
|
||||
properties:
|
||||
version:
|
||||
description: Version defines the PROXY Protocol version
|
||||
to use.
|
||||
type: integer
|
||||
type: object
|
||||
terminationDelay:
|
||||
description: TerminationDelay defines the deadline that
|
||||
the proxy sets, after one of its connected peers indicates
|
||||
it has closed the writing capability of its connection,
|
||||
to close the reading capability as well, hence fully
|
||||
terminating the connection. It is a duration in milliseconds,
|
||||
defaulting to 100. A negative value means an infinite
|
||||
deadline (i.e. the reading capability is never closed).
|
||||
type: integer
|
||||
weight:
|
||||
description: Weight defines the weight used when balancing
|
||||
requests between multiple Kubernetes Service.
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
- port
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- match
|
||||
type: object
|
||||
type: array
|
||||
tls:
|
||||
description: 'TLS defines the TLS configuration on a layer 4 / TCP
|
||||
Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1'
|
||||
properties:
|
||||
certResolver:
|
||||
description: 'CertResolver defines the name of the certificate
|
||||
resolver to use. Cert resolvers have to be configured in the
|
||||
static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
|
||||
type: string
|
||||
domains:
|
||||
description: 'Domains defines the list of domains that will be
|
||||
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
main:
|
||||
description: Main defines the main domain name.
|
||||
type: string
|
||||
sans:
|
||||
description: SANs defines the subject alternative domain
|
||||
names.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
options:
|
||||
description: 'Options defines the reference to a TLSOption, that
|
||||
specifies the parameters of the TLS connection. If not defined,
|
||||
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Traefik
|
||||
resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Traefik resource.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
passthrough:
|
||||
description: Passthrough defines whether a TLS router will terminate
|
||||
the TLS connection.
|
||||
type: boolean
|
||||
secretName:
|
||||
description: SecretName is the name of the referenced Kubernetes
|
||||
Secret to specify the certificate details.
|
||||
type: string
|
||||
store:
|
||||
description: Store defines the reference to the TLSStore, that
|
||||
will be used to store certificates. Please note that only `default`
|
||||
TLSStore can be used.
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Traefik
|
||||
resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Traefik resource.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- routes
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,105 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: ingressrouteudps.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
names:
|
||||
kind: IngressRouteUDP
|
||||
listKind: IngressRouteUDPList
|
||||
plural: ingressrouteudps
|
||||
singular: ingressrouteudp
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
|
||||
properties:
|
||||
entryPoints:
|
||||
description: 'EntryPoints defines the list of entry point names to
|
||||
bind to. Entry points have to be configured in the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
|
||||
Default: all.'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
routes:
|
||||
description: Routes defines the list of routes.
|
||||
items:
|
||||
description: RouteUDP holds the UDP route configuration.
|
||||
properties:
|
||||
services:
|
||||
description: Services defines the list of UDP services.
|
||||
items:
|
||||
description: ServiceUDP defines an upstream UDP service to
|
||||
proxy traffic to.
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service.
|
||||
type: string
|
||||
nativeLB:
|
||||
description: NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs
|
||||
or if the only child is the Kubernetes Service clusterIP.
|
||||
The Kubernetes Service itself does load-balance to the
|
||||
pods. By default, NativeLB is false.
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
weight:
|
||||
description: Weight defines the weight used when balancing
|
||||
requests between multiple Kubernetes Service.
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
- port
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- routes
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,924 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: middlewares.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
names:
|
||||
kind: Middleware
|
||||
listKind: MiddlewareList
|
||||
plural: middlewares
|
||||
singular: middleware
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'Middleware is the CRD implementation of a Traefik Middleware.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/'
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: MiddlewareSpec defines the desired state of a Middleware.
|
||||
properties:
|
||||
addPrefix:
|
||||
description: 'AddPrefix holds the add prefix middleware configuration.
|
||||
This middleware updates the path of a request before forwarding
|
||||
it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/'
|
||||
properties:
|
||||
prefix:
|
||||
description: Prefix is the string to add before the current path
|
||||
in the requested URL. It should include a leading slash (/).
|
||||
type: string
|
||||
type: object
|
||||
basicAuth:
|
||||
description: 'BasicAuth holds the basic auth middleware configuration.
|
||||
This middleware restricts access to your services to known users.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/'
|
||||
properties:
|
||||
headerField:
|
||||
description: 'HeaderField defines a header field to store the
|
||||
authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
|
||||
type: string
|
||||
realm:
|
||||
description: 'Realm allows the protected resources on a server
|
||||
to be partitioned into a set of protection spaces, each with
|
||||
its own authentication scheme. Default: traefik.'
|
||||
type: string
|
||||
removeHeader:
|
||||
description: 'RemoveHeader sets the removeHeader option to true
|
||||
to remove the authorization header before forwarding the request
|
||||
to your service. Default: false.'
|
||||
type: boolean
|
||||
secret:
|
||||
description: Secret is the name of the referenced Kubernetes Secret
|
||||
containing user credentials.
|
||||
type: string
|
||||
type: object
|
||||
buffering:
|
||||
description: 'Buffering holds the buffering middleware configuration.
|
||||
This middleware retries or limits the size of requests that can
|
||||
be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes'
|
||||
properties:
|
||||
maxRequestBodyBytes:
|
||||
description: 'MaxRequestBodyBytes defines the maximum allowed
|
||||
body size for the request (in bytes). If the request exceeds
|
||||
the allowed size, it is not forwarded to the service, and the
|
||||
client gets a 413 (Request Entity Too Large) response. Default:
|
||||
0 (no maximum).'
|
||||
format: int64
|
||||
type: integer
|
||||
maxResponseBodyBytes:
|
||||
description: 'MaxResponseBodyBytes defines the maximum allowed
|
||||
response size from the service (in bytes). If the response exceeds
|
||||
the allowed size, it is not forwarded to the client. The client
|
||||
gets a 500 (Internal Server Error) response instead. Default:
|
||||
0 (no maximum).'
|
||||
format: int64
|
||||
type: integer
|
||||
memRequestBodyBytes:
|
||||
description: 'MemRequestBodyBytes defines the threshold (in bytes)
|
||||
from which the request will be buffered on disk instead of in
|
||||
memory. Default: 1048576 (1Mi).'
|
||||
format: int64
|
||||
type: integer
|
||||
memResponseBodyBytes:
|
||||
description: 'MemResponseBodyBytes defines the threshold (in bytes)
|
||||
from which the response will be buffered on disk instead of
|
||||
in memory. Default: 1048576 (1Mi).'
|
||||
format: int64
|
||||
type: integer
|
||||
retryExpression:
|
||||
description: 'RetryExpression defines the retry conditions. It
|
||||
is a logical combination of functions with operators AND (&&)
|
||||
and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression'
|
||||
type: string
|
||||
type: object
|
||||
chain:
|
||||
description: 'Chain holds the configuration of the chain middleware.
|
||||
This middleware enables to define reusable combinations of other
|
||||
pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/'
|
||||
properties:
|
||||
middlewares:
|
||||
description: Middlewares is the list of MiddlewareRef which composes
|
||||
the chain.
|
||||
items:
|
||||
description: MiddlewareRef is a reference to a Middleware resource.
|
||||
properties:
|
||||
name:
|
||||
description: Name defines the name of the referenced Middleware
|
||||
resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Middleware resource.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
circuitBreaker:
|
||||
description: CircuitBreaker holds the circuit breaker configuration.
|
||||
properties:
|
||||
checkPeriod:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: CheckPeriod is the interval between successive checks
|
||||
of the circuit breaker condition (when in standby state).
|
||||
x-kubernetes-int-or-string: true
|
||||
expression:
|
||||
description: Expression is the condition that triggers the tripped
|
||||
state.
|
||||
type: string
|
||||
fallbackDuration:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: FallbackDuration is the duration for which the circuit
|
||||
breaker will wait before trying to recover (from a tripped state).
|
||||
x-kubernetes-int-or-string: true
|
||||
recoveryDuration:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: RecoveryDuration is the duration for which the circuit
|
||||
breaker will try to recover (as soon as it is in recovering
|
||||
state).
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
compress:
|
||||
description: 'Compress holds the compress middleware configuration.
|
||||
This middleware compresses responses before sending them to the
|
||||
client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/'
|
||||
properties:
|
||||
excludedContentTypes:
|
||||
description: ExcludedContentTypes defines the list of content
|
||||
types to compare the Content-Type header of the incoming requests
|
||||
and responses before compressing.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
minResponseBodyBytes:
|
||||
description: 'MinResponseBodyBytes defines the minimum amount
|
||||
of bytes a response body must have to be compressed. Default:
|
||||
1024.'
|
||||
type: integer
|
||||
type: object
|
||||
contentType:
|
||||
description: ContentType holds the content-type middleware configuration.
|
||||
This middleware exists to enable the correct behavior until at least
|
||||
the default one can be changed in a future version.
|
||||
properties:
|
||||
autoDetect:
|
||||
description: AutoDetect specifies whether to let the `Content-Type`
|
||||
header, if it has not been set by the backend, be automatically
|
||||
set to a value derived from the contents of the response. As
|
||||
a proxy, the default behavior should be to leave the header
|
||||
alone, regardless of what the backend did with it. However,
|
||||
the historic default was to always auto-detect and set the header
|
||||
if it was nil, and it is going to be kept that way in order
|
||||
to support users currently relying on it.
|
||||
type: boolean
|
||||
type: object
|
||||
digestAuth:
|
||||
description: 'DigestAuth holds the digest auth middleware configuration.
|
||||
This middleware restricts access to your services to known users.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/'
|
||||
properties:
|
||||
headerField:
|
||||
description: 'HeaderField defines a header field to store the
|
||||
authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
|
||||
type: string
|
||||
realm:
|
||||
description: 'Realm allows the protected resources on a server
|
||||
to be partitioned into a set of protection spaces, each with
|
||||
its own authentication scheme. Default: traefik.'
|
||||
type: string
|
||||
removeHeader:
|
||||
description: RemoveHeader defines whether to remove the authorization
|
||||
header before forwarding the request to the backend.
|
||||
type: boolean
|
||||
secret:
|
||||
description: Secret is the name of the referenced Kubernetes Secret
|
||||
containing user credentials.
|
||||
type: string
|
||||
type: object
|
||||
errors:
|
||||
description: 'ErrorPage holds the custom error middleware configuration.
|
||||
This middleware returns a custom page in lieu of the default, according
|
||||
to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/'
|
||||
properties:
|
||||
query:
|
||||
description: Query defines the URL for the error page (hosted
|
||||
by service). The {status} variable can be used in order to insert
|
||||
the status code in the URL.
|
||||
type: string
|
||||
service:
|
||||
description: 'Service defines the reference to a Kubernetes Service
|
||||
that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service'
|
||||
properties:
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service or TraefikService. The differentiation between the
|
||||
two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service or TraefikService.
|
||||
type: string
|
||||
nativeLB:
|
||||
description: NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs or if
|
||||
the only child is the Kubernetes Service clusterIP. The
|
||||
Kubernetes Service itself does load-balance to the pods.
|
||||
By default, NativeLB is false.
|
||||
type: boolean
|
||||
passHostHeader:
|
||||
description: PassHostHeader defines whether the client Host
|
||||
header is forwarded to the upstream Kubernetes Service.
|
||||
By default, passHostHeader is true.
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding defines how Traefik forwards
|
||||
the response from the upstream Kubernetes Service to the
|
||||
client.
|
||||
properties:
|
||||
flushInterval:
|
||||
description: 'FlushInterval defines the interval, in milliseconds,
|
||||
in between flushes to the client while copying the response
|
||||
body. A negative value means to flush immediately after
|
||||
each write to the client. This configuration is ignored
|
||||
when ReverseProxy recognizes a response as a streaming
|
||||
response; for such responses, writes are flushed to
|
||||
the client immediately. Default: 100ms'
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
description: Scheme defines the scheme to use for the request
|
||||
to the upstream Kubernetes Service. It defaults to https
|
||||
when Kubernetes Service port is 443, http otherwise.
|
||||
type: string
|
||||
serversTransport:
|
||||
description: ServersTransport defines the name of ServersTransport
|
||||
resource to use. It allows to configure the transport between
|
||||
Traefik and your servers. Can only be used on a Kubernetes
|
||||
Service.
|
||||
type: string
|
||||
sticky:
|
||||
description: 'Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
properties:
|
||||
httpOnly:
|
||||
description: HTTPOnly defines whether the cookie can
|
||||
be accessed by client-side APIs, such as JavaScript.
|
||||
type: boolean
|
||||
name:
|
||||
description: Name defines the Cookie name.
|
||||
type: string
|
||||
sameSite:
|
||||
description: 'SameSite defines the same site policy.
|
||||
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||
type: string
|
||||
secure:
|
||||
description: Secure defines whether the cookie can
|
||||
only be transmitted over an encrypted connection
|
||||
(i.e. HTTPS).
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
description: Strategy defines the load balancing strategy
|
||||
between the servers. RoundRobin is the only supported value
|
||||
at the moment.
|
||||
type: string
|
||||
weight:
|
||||
description: Weight defines the weight and should only be
|
||||
specified when Name references a TraefikService object (and
|
||||
to be precise, one that embeds a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
status:
|
||||
description: Status defines which status or range of statuses
|
||||
should result in an error page. It can be either a status code
|
||||
as a number (500), as multiple comma-separated numbers (500,502),
|
||||
as ranges by separating two codes with a dash (500-599), or
|
||||
a combination of the two (404,418,500-599).
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
forwardAuth:
|
||||
description: 'ForwardAuth holds the forward auth middleware configuration.
|
||||
This middleware delegates the request authentication to a Service.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/'
|
||||
properties:
|
||||
address:
|
||||
description: Address defines the authentication server address.
|
||||
type: string
|
||||
authRequestHeaders:
|
||||
description: AuthRequestHeaders defines the list of the headers
|
||||
to copy from the request to the authentication server. If not
|
||||
set or empty then all request headers are passed.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
authResponseHeaders:
|
||||
description: AuthResponseHeaders defines the list of headers to
|
||||
copy from the authentication server response and set on forwarded
|
||||
request, replacing any existing conflicting headers.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
authResponseHeadersRegex:
|
||||
description: 'AuthResponseHeadersRegex defines the regex to match
|
||||
headers to copy from the authentication server response and
|
||||
set on forwarded request, after stripping all headers that match
|
||||
the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex'
|
||||
type: string
|
||||
tls:
|
||||
description: TLS defines the configuration used to secure the
|
||||
connection to the authentication server.
|
||||
properties:
|
||||
caOptional:
|
||||
type: boolean
|
||||
caSecret:
|
||||
description: CASecret is the name of the referenced Kubernetes
|
||||
Secret containing the CA to validate the server certificate.
|
||||
The CA certificate is extracted from key `tls.ca` or `ca.crt`.
|
||||
type: string
|
||||
certSecret:
|
||||
description: CertSecret is the name of the referenced Kubernetes
|
||||
Secret containing the client certificate. The client certificate
|
||||
is extracted from the keys `tls.crt` and `tls.key`.
|
||||
type: string
|
||||
insecureSkipVerify:
|
||||
description: InsecureSkipVerify defines whether the server
|
||||
certificates should be validated.
|
||||
type: boolean
|
||||
type: object
|
||||
trustForwardHeader:
|
||||
description: 'TrustForwardHeader defines whether to trust (ie:
|
||||
forward) all X-Forwarded-* headers.'
|
||||
type: boolean
|
||||
type: object
|
||||
headers:
|
||||
description: 'Headers holds the headers middleware configuration.
|
||||
This middleware manages the requests and responses headers. More
|
||||
info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders'
|
||||
properties:
|
||||
accessControlAllowCredentials:
|
||||
description: AccessControlAllowCredentials defines whether the
|
||||
request can include user credentials.
|
||||
type: boolean
|
||||
accessControlAllowHeaders:
|
||||
description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
|
||||
values sent in preflight response.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlAllowMethods:
|
||||
description: AccessControlAllowMethods defines the Access-Control-Request-Method
|
||||
values sent in preflight response.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlAllowOriginList:
|
||||
description: AccessControlAllowOriginList is a list of allowable
|
||||
origins. Can also be a wildcard origin "*".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlAllowOriginListRegex:
|
||||
description: AccessControlAllowOriginListRegex is a list of allowable
|
||||
origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlExposeHeaders:
|
||||
description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
|
||||
values sent in preflight response.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlMaxAge:
|
||||
description: AccessControlMaxAge defines the time that a preflight
|
||||
request may be cached.
|
||||
format: int64
|
||||
type: integer
|
||||
addVaryHeader:
|
||||
description: AddVaryHeader defines whether the Vary header is
|
||||
automatically added/updated when the AccessControlAllowOriginList
|
||||
is set.
|
||||
type: boolean
|
||||
allowedHosts:
|
||||
description: AllowedHosts defines the fully qualified list of
|
||||
allowed domain names.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
browserXssFilter:
|
||||
description: BrowserXSSFilter defines whether to add the X-XSS-Protection
|
||||
header with the value 1; mode=block.
|
||||
type: boolean
|
||||
contentSecurityPolicy:
|
||||
description: ContentSecurityPolicy defines the Content-Security-Policy
|
||||
header value.
|
||||
type: string
|
||||
contentTypeNosniff:
|
||||
description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
|
||||
header with the nosniff value.
|
||||
type: boolean
|
||||
customBrowserXSSValue:
|
||||
description: CustomBrowserXSSValue defines the X-XSS-Protection
|
||||
header value. This overrides the BrowserXssFilter option.
|
||||
type: string
|
||||
customFrameOptionsValue:
|
||||
description: CustomFrameOptionsValue defines the X-Frame-Options
|
||||
header value. This overrides the FrameDeny option.
|
||||
type: string
|
||||
customRequestHeaders:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: CustomRequestHeaders defines the header names and
|
||||
values to apply to the request.
|
||||
type: object
|
||||
customResponseHeaders:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: CustomResponseHeaders defines the header names and
|
||||
values to apply to the response.
|
||||
type: object
|
||||
featurePolicy:
|
||||
description: 'Deprecated: use PermissionsPolicy instead.'
|
||||
type: string
|
||||
forceSTSHeader:
|
||||
description: ForceSTSHeader defines whether to add the STS header
|
||||
even when the connection is HTTP.
|
||||
type: boolean
|
||||
frameDeny:
|
||||
description: FrameDeny defines whether to add the X-Frame-Options
|
||||
header with the DENY value.
|
||||
type: boolean
|
||||
hostsProxyHeaders:
|
||||
description: HostsProxyHeaders defines the header keys that may
|
||||
hold a proxied hostname value for the request.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
isDevelopment:
|
||||
description: IsDevelopment defines whether to mitigate the unwanted
|
||||
effects of the AllowedHosts, SSL, and STS options when developing.
|
||||
Usually testing takes place using HTTP, not HTTPS, and on localhost,
|
||||
not your production domain. If you would like your development
|
||||
environment to mimic production with complete Host blocking,
|
||||
SSL redirects, and STS headers, leave this as false.
|
||||
type: boolean
|
||||
permissionsPolicy:
|
||||
description: PermissionsPolicy defines the Permissions-Policy
|
||||
header value. This allows sites to control browser features.
|
||||
type: string
|
||||
publicKey:
|
||||
description: PublicKey is the public key that implements HPKP
|
||||
to prevent MITM attacks with forged certificates.
|
||||
type: string
|
||||
referrerPolicy:
|
||||
description: ReferrerPolicy defines the Referrer-Policy header
|
||||
value. This allows sites to control whether browsers forward
|
||||
the Referer header to other sites.
|
||||
type: string
|
||||
sslForceHost:
|
||||
description: 'Deprecated: use RedirectRegex instead.'
|
||||
type: boolean
|
||||
sslHost:
|
||||
description: 'Deprecated: use RedirectRegex instead.'
|
||||
type: string
|
||||
sslProxyHeaders:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: 'SSLProxyHeaders defines the header keys with associated
|
||||
values that would indicate a valid HTTPS request. It can be
|
||||
useful when using other proxies (example: "X-Forwarded-Proto":
|
||||
"https").'
|
||||
type: object
|
||||
sslRedirect:
|
||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
||||
instead.'
|
||||
type: boolean
|
||||
sslTemporaryRedirect:
|
||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
||||
instead.'
|
||||
type: boolean
|
||||
stsIncludeSubdomains:
|
||||
description: STSIncludeSubdomains defines whether the includeSubDomains
|
||||
directive is appended to the Strict-Transport-Security header.
|
||||
type: boolean
|
||||
stsPreload:
|
||||
description: STSPreload defines whether the preload flag is appended
|
||||
to the Strict-Transport-Security header.
|
||||
type: boolean
|
||||
stsSeconds:
|
||||
description: STSSeconds defines the max-age of the Strict-Transport-Security
|
||||
header. If set to 0, the header is not set.
|
||||
format: int64
|
||||
type: integer
|
||||
type: object
|
||||
inFlightReq:
|
||||
description: 'InFlightReq holds the in-flight request middleware configuration.
|
||||
This middleware limits the number of requests being processed and
|
||||
served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/'
|
||||
properties:
|
||||
amount:
|
||||
description: Amount defines the maximum amount of allowed simultaneous
|
||||
in-flight request. The middleware responds with HTTP 429 Too
|
||||
Many Requests if there are already amount requests in progress
|
||||
(based on the same sourceCriterion strategy).
|
||||
format: int64
|
||||
type: integer
|
||||
sourceCriterion:
|
||||
description: 'SourceCriterion defines what criterion is used to
|
||||
group requests as originating from a common source. If several
|
||||
strategies are defined at the same time, an error will be raised.
|
||||
If none are set, the default is to use the requestHost. More
|
||||
info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion'
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration
|
||||
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
header and take the IP located at the depth position
|
||||
(starting from the right).
|
||||
type: integer
|
||||
excludedIPs:
|
||||
description: ExcludedIPs configures Traefik to scan the
|
||||
X-Forwarded-For header and select the first IP not in
|
||||
the list.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
requestHeaderName:
|
||||
description: RequestHeaderName defines the name of the header
|
||||
used to group incoming requests.
|
||||
type: string
|
||||
requestHost:
|
||||
description: RequestHost defines whether to consider the request
|
||||
Host as the source.
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
ipWhiteList:
|
||||
description: 'IPWhiteList holds the IP whitelist middleware configuration.
|
||||
This middleware accepts / refuses requests based on the client IP.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/'
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration used
|
||||
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
header and take the IP located at the depth position (starting
|
||||
from the right).
|
||||
type: integer
|
||||
excludedIPs:
|
||||
description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
|
||||
header and select the first IP not in the list.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
sourceRange:
|
||||
description: SourceRange defines the set of allowed IPs (or ranges
|
||||
of allowed IPs by using CIDR notation).
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
passTLSClientCert:
|
||||
description: 'PassTLSClientCert holds the pass TLS client cert middleware
|
||||
configuration. This middleware adds the selected data from the passed
|
||||
client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/'
|
||||
properties:
|
||||
info:
|
||||
description: Info selects the specific client certificate details
|
||||
you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
|
||||
properties:
|
||||
issuer:
|
||||
description: Issuer defines the client certificate issuer
|
||||
details to add to the X-Forwarded-Tls-Client-Cert-Info header.
|
||||
properties:
|
||||
commonName:
|
||||
description: CommonName defines whether to add the organizationalUnit
|
||||
information into the issuer.
|
||||
type: boolean
|
||||
country:
|
||||
description: Country defines whether to add the country
|
||||
information into the issuer.
|
||||
type: boolean
|
||||
domainComponent:
|
||||
description: DomainComponent defines whether to add the
|
||||
domainComponent information into the issuer.
|
||||
type: boolean
|
||||
locality:
|
||||
description: Locality defines whether to add the locality
|
||||
information into the issuer.
|
||||
type: boolean
|
||||
organization:
|
||||
description: Organization defines whether to add the organization
|
||||
information into the issuer.
|
||||
type: boolean
|
||||
province:
|
||||
description: Province defines whether to add the province
|
||||
information into the issuer.
|
||||
type: boolean
|
||||
serialNumber:
|
||||
description: SerialNumber defines whether to add the serialNumber
|
||||
information into the issuer.
|
||||
type: boolean
|
||||
type: object
|
||||
notAfter:
|
||||
description: NotAfter defines whether to add the Not After
|
||||
information from the Validity part.
|
||||
type: boolean
|
||||
notBefore:
|
||||
description: NotBefore defines whether to add the Not Before
|
||||
information from the Validity part.
|
||||
type: boolean
|
||||
sans:
|
||||
description: Sans defines whether to add the Subject Alternative
|
||||
Name information from the Subject Alternative Name part.
|
||||
type: boolean
|
||||
serialNumber:
|
||||
description: SerialNumber defines whether to add the client
|
||||
serialNumber information.
|
||||
type: boolean
|
||||
subject:
|
||||
description: Subject defines the client certificate subject
|
||||
details to add to the X-Forwarded-Tls-Client-Cert-Info header.
|
||||
properties:
|
||||
commonName:
|
||||
description: CommonName defines whether to add the organizationalUnit
|
||||
information into the subject.
|
||||
type: boolean
|
||||
country:
|
||||
description: Country defines whether to add the country
|
||||
information into the subject.
|
||||
type: boolean
|
||||
domainComponent:
|
||||
description: DomainComponent defines whether to add the
|
||||
domainComponent information into the subject.
|
||||
type: boolean
|
||||
locality:
|
||||
description: Locality defines whether to add the locality
|
||||
information into the subject.
|
||||
type: boolean
|
||||
organization:
|
||||
description: Organization defines whether to add the organization
|
||||
information into the subject.
|
||||
type: boolean
|
||||
organizationalUnit:
|
||||
description: OrganizationalUnit defines whether to add
|
||||
the organizationalUnit information into the subject.
|
||||
type: boolean
|
||||
province:
|
||||
description: Province defines whether to add the province
|
||||
information into the subject.
|
||||
type: boolean
|
||||
serialNumber:
|
||||
description: SerialNumber defines whether to add the serialNumber
|
||||
information into the subject.
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
pem:
|
||||
description: PEM sets the X-Forwarded-Tls-Client-Cert header with
|
||||
the certificate.
|
||||
type: boolean
|
||||
type: object
|
||||
plugin:
|
||||
additionalProperties:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
description: 'Plugin defines the middleware plugin configuration.
|
||||
More info: https://doc.traefik.io/traefik/plugins/'
|
||||
type: object
|
||||
rateLimit:
|
||||
description: 'RateLimit holds the rate limit configuration. This middleware
|
||||
ensures that services will receive a fair amount of requests, and
|
||||
allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/'
|
||||
properties:
|
||||
average:
|
||||
description: Average is the maximum rate, by default in requests/s,
|
||||
allowed for the given source. It defaults to 0, which means
|
||||
no rate limiting. The rate is actually defined by dividing Average
|
||||
by Period. So for a rate below 1req/s, one needs to define a
|
||||
Period larger than a second.
|
||||
format: int64
|
||||
type: integer
|
||||
burst:
|
||||
description: Burst is the maximum number of requests allowed to
|
||||
arrive in the same arbitrarily small period of time. It defaults
|
||||
to 1.
|
||||
format: int64
|
||||
type: integer
|
||||
period:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: 'Period, in combination with Average, defines the
|
||||
actual maximum rate, such as: r = Average / Period. It defaults
|
||||
to a second.'
|
||||
x-kubernetes-int-or-string: true
|
||||
sourceCriterion:
|
||||
description: SourceCriterion defines what criterion is used to
|
||||
group requests as originating from a common source. If several
|
||||
strategies are defined at the same time, an error will be raised.
|
||||
If none are set, the default is to use the request's remote
|
||||
address field (as an ipStrategy).
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: 'IPStrategy holds the IP strategy configuration
|
||||
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
|
||||
properties:
|
||||
depth:
|
||||
description: Depth tells Traefik to use the X-Forwarded-For
|
||||
header and take the IP located at the depth position
|
||||
(starting from the right).
|
||||
type: integer
|
||||
excludedIPs:
|
||||
description: ExcludedIPs configures Traefik to scan the
|
||||
X-Forwarded-For header and select the first IP not in
|
||||
the list.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
requestHeaderName:
|
||||
description: RequestHeaderName defines the name of the header
|
||||
used to group incoming requests.
|
||||
type: string
|
||||
requestHost:
|
||||
description: RequestHost defines whether to consider the request
|
||||
Host as the source.
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
redirectRegex:
|
||||
description: 'RedirectRegex holds the redirect regex middleware configuration.
|
||||
This middleware redirects a request using regex matching and replacement.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex'
|
||||
properties:
|
||||
permanent:
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
(301).
|
||||
type: boolean
|
||||
regex:
|
||||
description: Regex defines the regex used to match and capture
|
||||
elements from the request URL.
|
||||
type: string
|
||||
replacement:
|
||||
description: Replacement defines how to modify the URL to have
|
||||
the new target URL.
|
||||
type: string
|
||||
type: object
|
||||
redirectScheme:
|
||||
description: 'RedirectScheme holds the redirect scheme middleware
|
||||
configuration. This middleware redirects requests from a scheme/port
|
||||
to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/'
|
||||
properties:
|
||||
permanent:
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
(301).
|
||||
type: boolean
|
||||
port:
|
||||
description: Port defines the port of the new URL.
|
||||
type: string
|
||||
scheme:
|
||||
description: Scheme defines the scheme of the new URL.
|
||||
type: string
|
||||
type: object
|
||||
replacePath:
|
||||
description: 'ReplacePath holds the replace path middleware configuration.
|
||||
This middleware replaces the path of the request URL and store the
|
||||
original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/'
|
||||
properties:
|
||||
path:
|
||||
description: Path defines the path to use as replacement in the
|
||||
request URL.
|
||||
type: string
|
||||
type: object
|
||||
replacePathRegex:
|
||||
description: 'ReplacePathRegex holds the replace path regex middleware
|
||||
configuration. This middleware replaces the path of a URL using
|
||||
regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/'
|
||||
properties:
|
||||
regex:
|
||||
description: Regex defines the regular expression used to match
|
||||
and capture the path from the request URL.
|
||||
type: string
|
||||
replacement:
|
||||
description: Replacement defines the replacement path format,
|
||||
which can include captured variables.
|
||||
type: string
|
||||
type: object
|
||||
retry:
|
||||
description: 'Retry holds the retry middleware configuration. This
|
||||
middleware reissues requests a given number of times to a backend
|
||||
server if that server does not reply. As soon as the server answers,
|
||||
the middleware stops retrying, regardless of the response status.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/'
|
||||
properties:
|
||||
attempts:
|
||||
description: Attempts defines how many times the request should
|
||||
be retried.
|
||||
type: integer
|
||||
initialInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: InitialInterval defines the first wait time in the
|
||||
exponential backoff series. The maximum interval is calculated
|
||||
as twice the initialInterval. If unspecified, requests will
|
||||
be retried immediately. The value of initialInterval should
|
||||
be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
stripPrefix:
|
||||
description: 'StripPrefix holds the strip prefix middleware configuration.
|
||||
This middleware removes the specified prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/'
|
||||
properties:
|
||||
forceSlash:
|
||||
description: 'ForceSlash ensures that the resulting stripped path
|
||||
is not the empty string, by replacing it with / when necessary.
|
||||
Default: true.'
|
||||
type: boolean
|
||||
prefixes:
|
||||
description: Prefixes defines the prefixes to strip from the request
|
||||
URL.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
stripPrefixRegex:
|
||||
description: 'StripPrefixRegex holds the strip prefix regex middleware
|
||||
configuration. This middleware removes the matching prefixes from
|
||||
the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/'
|
||||
properties:
|
||||
regex:
|
||||
description: Regex defines the regular expression to match the
|
||||
path prefix from the request URL.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,72 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: middlewaretcps.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
names:
|
||||
kind: MiddlewareTCP
|
||||
listKind: MiddlewareTCPList
|
||||
plural: middlewaretcps
|
||||
singular: middlewaretcp
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/'
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
|
||||
properties:
|
||||
inFlightConn:
|
||||
description: InFlightConn defines the InFlightConn middleware configuration.
|
||||
properties:
|
||||
amount:
|
||||
description: Amount defines the maximum amount of allowed simultaneous
|
||||
connections. The middleware closes the connection if there are
|
||||
already amount connections opened.
|
||||
format: int64
|
||||
type: integer
|
||||
type: object
|
||||
ipWhiteList:
|
||||
description: IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
allowed IPs by using CIDR notation).
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,128 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: serverstransports.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
names:
|
||||
kind: ServersTransport
|
||||
listKind: ServersTransportList
|
||||
plural: serverstransports
|
||||
singular: serverstransport
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'ServersTransport is the CRD implementation of a ServersTransport.
|
||||
If no serversTransport is specified, the default@internal will be used.
|
||||
The default@internal serversTransport is created from the static configuration.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1'
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: ServersTransportSpec defines the desired state of a ServersTransport.
|
||||
properties:
|
||||
certificatesSecrets:
|
||||
description: CertificatesSecrets defines a list of secret storing
|
||||
client certificates for mTLS.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
disableHTTP2:
|
||||
description: DisableHTTP2 disables HTTP/2 for connections with backend
|
||||
servers.
|
||||
type: boolean
|
||||
forwardingTimeouts:
|
||||
description: ForwardingTimeouts defines the timeouts for requests
|
||||
forwarded to the backend servers.
|
||||
properties:
|
||||
dialTimeout:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: DialTimeout is the amount of time to wait until a
|
||||
connection to a backend server can be established.
|
||||
x-kubernetes-int-or-string: true
|
||||
idleConnTimeout:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: IdleConnTimeout is the maximum period for which an
|
||||
idle HTTP keep-alive connection will remain open before closing
|
||||
itself.
|
||||
x-kubernetes-int-or-string: true
|
||||
pingTimeout:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: PingTimeout is the timeout after which the HTTP/2
|
||||
connection will be closed if a response to ping is not received.
|
||||
x-kubernetes-int-or-string: true
|
||||
readIdleTimeout:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: ReadIdleTimeout is the timeout after which a health
|
||||
check using ping frame will be carried out if no frame is received
|
||||
on the HTTP/2 connection.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseHeaderTimeout:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: ResponseHeaderTimeout is the amount of time to wait
|
||||
for a server's response headers after fully writing the request
|
||||
(including its body, if any).
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
insecureSkipVerify:
|
||||
description: InsecureSkipVerify disables SSL certificate verification.
|
||||
type: boolean
|
||||
maxIdleConnsPerHost:
|
||||
description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
|
||||
to keep per-host.
|
||||
type: integer
|
||||
peerCertURI:
|
||||
description: PeerCertURI defines the peer cert URI used to match against
|
||||
SAN URI during the peer certificate verification.
|
||||
type: string
|
||||
rootCAsSecrets:
|
||||
description: RootCAsSecrets defines a list of CA secret used to validate
|
||||
self-signed certificate.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
serverName:
|
||||
description: ServerName defines the server name used to contact the
|
||||
server.
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,113 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: tlsoptions.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
names:
|
||||
kind: TLSOption
|
||||
listKind: TLSOptionList
|
||||
plural: tlsoptions
|
||||
singular: tlsoption
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
|
||||
allowing to configure some parameters of the TLS connection. More info:
|
||||
https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: TLSOptionSpec defines the desired state of a TLSOption.
|
||||
properties:
|
||||
alpnProtocols:
|
||||
description: 'ALPNProtocols defines the list of supported application
|
||||
level protocols for the TLS handshake, in order of preference. More
|
||||
info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
cipherSuites:
|
||||
description: 'CipherSuites defines the list of supported cipher suites
|
||||
for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
clientAuth:
|
||||
description: ClientAuth defines the server's policy for TLS Client
|
||||
Authentication.
|
||||
properties:
|
||||
clientAuthType:
|
||||
description: ClientAuthType defines the client authentication
|
||||
type to apply.
|
||||
enum:
|
||||
- NoClientCert
|
||||
- RequestClientCert
|
||||
- RequireAnyClientCert
|
||||
- VerifyClientCertIfGiven
|
||||
- RequireAndVerifyClientCert
|
||||
type: string
|
||||
secretNames:
|
||||
description: SecretNames defines the names of the referenced Kubernetes
|
||||
Secret storing certificate details.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
curvePreferences:
|
||||
description: 'CurvePreferences defines the preferred elliptic curves
|
||||
in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
maxVersion:
|
||||
description: 'MaxVersion defines the maximum TLS version that Traefik
|
||||
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
|
||||
VersionTLS13. Default: None.'
|
||||
type: string
|
||||
minVersion:
|
||||
description: 'MinVersion defines the minimum TLS version that Traefik
|
||||
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
|
||||
VersionTLS13. Default: VersionTLS10.'
|
||||
type: string
|
||||
preferServerCipherSuites:
|
||||
description: 'PreferServerCipherSuites defines whether the server
|
||||
chooses a cipher suite among his own instead of among the client''s.
|
||||
It is enabled automatically when minVersion or maxVersion is set.
|
||||
Deprecated: https://github.com/golang/go/issues/45430'
|
||||
type: boolean
|
||||
sniStrict:
|
||||
description: SniStrict defines whether Traefik allows connections
|
||||
from clients connections that do not specify a server_name extension.
|
||||
type: boolean
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,99 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: tlsstores.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
names:
|
||||
kind: TLSStore
|
||||
listKind: TLSStoreList
|
||||
plural: tlsstores
|
||||
singular: tlsstore
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
|
||||
the time being, only the TLSStore named default is supported. This means
|
||||
that you cannot have two stores that are named default in different Kubernetes
|
||||
namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores'
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: TLSStoreSpec defines the desired state of a TLSStore.
|
||||
properties:
|
||||
certificates:
|
||||
description: Certificates is a list of secret names, each secret holding
|
||||
a key/certificate pair to add to the store.
|
||||
items:
|
||||
description: Certificate holds a secret name for the TLSStore resource.
|
||||
properties:
|
||||
secretName:
|
||||
description: SecretName is the name of the referenced Kubernetes
|
||||
Secret to specify the certificate details.
|
||||
type: string
|
||||
required:
|
||||
- secretName
|
||||
type: object
|
||||
type: array
|
||||
defaultCertificate:
|
||||
description: DefaultCertificate defines the default certificate configuration.
|
||||
properties:
|
||||
secretName:
|
||||
description: SecretName is the name of the referenced Kubernetes
|
||||
Secret to specify the certificate details.
|
||||
type: string
|
||||
required:
|
||||
- secretName
|
||||
type: object
|
||||
defaultGeneratedCert:
|
||||
description: DefaultGeneratedCert defines the default generated certificate
|
||||
configuration.
|
||||
properties:
|
||||
domain:
|
||||
description: Domain is the domain definition for the DefaultCertificate.
|
||||
properties:
|
||||
main:
|
||||
description: Main defines the main domain name.
|
||||
type: string
|
||||
sans:
|
||||
description: SANs defines the subject alternative domain names.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
resolver:
|
||||
description: Resolver is the name of the resolver that will be
|
||||
used to issue the DefaultCertificate.
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,402 @@
|
|||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: traefikservices.traefik.io
|
||||
spec:
|
||||
group: traefik.io
|
||||
names:
|
||||
kind: TraefikService
|
||||
listKind: TraefikServiceList
|
||||
plural: traefikservices
|
||||
singular: traefikservice
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'TraefikService is the CRD implementation of a Traefik Service.
|
||||
TraefikService object allows to: - Apply weight to Services on load-balancing
|
||||
- Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice'
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: TraefikServiceSpec defines the desired state of a TraefikService.
|
||||
properties:
|
||||
mirroring:
|
||||
description: Mirroring defines the Mirroring service configuration.
|
||||
properties:
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
maxBodySize:
|
||||
description: MaxBodySize defines the maximum size allowed for
|
||||
the body of the request. If the body is larger, the request
|
||||
is not mirrored. Default value is -1, which means unlimited
|
||||
size.
|
||||
format: int64
|
||||
type: integer
|
||||
mirrors:
|
||||
description: Mirrors defines the list of mirrors where Traefik
|
||||
will duplicate the traffic.
|
||||
items:
|
||||
description: MirrorService holds the mirror configuration.
|
||||
properties:
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service or TraefikService. The differentiation between
|
||||
the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service or TraefikService.
|
||||
type: string
|
||||
nativeLB:
|
||||
description: NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs or
|
||||
if the only child is the Kubernetes Service clusterIP.
|
||||
The Kubernetes Service itself does load-balance to the
|
||||
pods. By default, NativeLB is false.
|
||||
type: boolean
|
||||
passHostHeader:
|
||||
description: PassHostHeader defines whether the client Host
|
||||
header is forwarded to the upstream Kubernetes Service.
|
||||
By default, passHostHeader is true.
|
||||
type: boolean
|
||||
percent:
|
||||
description: 'Percent defines the part of the traffic to
|
||||
mirror. Supported values: 0 to 100.'
|
||||
type: integer
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding defines how Traefik forwards
|
||||
the response from the upstream Kubernetes Service to the
|
||||
client.
|
||||
properties:
|
||||
flushInterval:
|
||||
description: 'FlushInterval defines the interval, in
|
||||
milliseconds, in between flushes to the client while
|
||||
copying the response body. A negative value means
|
||||
to flush immediately after each write to the client.
|
||||
This configuration is ignored when ReverseProxy recognizes
|
||||
a response as a streaming response; for such responses,
|
||||
writes are flushed to the client immediately. Default:
|
||||
100ms'
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
description: Scheme defines the scheme to use for the request
|
||||
to the upstream Kubernetes Service. It defaults to https
|
||||
when Kubernetes Service port is 443, http otherwise.
|
||||
type: string
|
||||
serversTransport:
|
||||
description: ServersTransport defines the name of ServersTransport
|
||||
resource to use. It allows to configure the transport
|
||||
between Traefik and your servers. Can only be used on
|
||||
a Kubernetes Service.
|
||||
type: string
|
||||
sticky:
|
||||
description: 'Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
properties:
|
||||
httpOnly:
|
||||
description: HTTPOnly defines whether the cookie
|
||||
can be accessed by client-side APIs, such as JavaScript.
|
||||
type: boolean
|
||||
name:
|
||||
description: Name defines the Cookie name.
|
||||
type: string
|
||||
sameSite:
|
||||
description: 'SameSite defines the same site policy.
|
||||
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||
type: string
|
||||
secure:
|
||||
description: Secure defines whether the cookie can
|
||||
only be transmitted over an encrypted connection
|
||||
(i.e. HTTPS).
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
description: Strategy defines the load balancing strategy
|
||||
between the servers. RoundRobin is the only supported
|
||||
value at the moment.
|
||||
type: string
|
||||
weight:
|
||||
description: Weight defines the weight and should only be
|
||||
specified when Name references a TraefikService object
|
||||
(and to be precise, one that embeds a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service or TraefikService. The differentiation between the two
|
||||
is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service or TraefikService.
|
||||
type: string
|
||||
nativeLB:
|
||||
description: NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs or if the
|
||||
only child is the Kubernetes Service clusterIP. The Kubernetes
|
||||
Service itself does load-balance to the pods. By default, NativeLB
|
||||
is false.
|
||||
type: boolean
|
||||
passHostHeader:
|
||||
description: PassHostHeader defines whether the client Host header
|
||||
is forwarded to the upstream Kubernetes Service. By default,
|
||||
passHostHeader is true.
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service. This
|
||||
can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding defines how Traefik forwards the
|
||||
response from the upstream Kubernetes Service to the client.
|
||||
properties:
|
||||
flushInterval:
|
||||
description: 'FlushInterval defines the interval, in milliseconds,
|
||||
in between flushes to the client while copying the response
|
||||
body. A negative value means to flush immediately after
|
||||
each write to the client. This configuration is ignored
|
||||
when ReverseProxy recognizes a response as a streaming response;
|
||||
for such responses, writes are flushed to the client immediately.
|
||||
Default: 100ms'
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
description: Scheme defines the scheme to use for the request
|
||||
to the upstream Kubernetes Service. It defaults to https when
|
||||
Kubernetes Service port is 443, http otherwise.
|
||||
type: string
|
||||
serversTransport:
|
||||
description: ServersTransport defines the name of ServersTransport
|
||||
resource to use. It allows to configure the transport between
|
||||
Traefik and your servers. Can only be used on a Kubernetes Service.
|
||||
type: string
|
||||
sticky:
|
||||
description: 'Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
properties:
|
||||
httpOnly:
|
||||
description: HTTPOnly defines whether the cookie can be
|
||||
accessed by client-side APIs, such as JavaScript.
|
||||
type: boolean
|
||||
name:
|
||||
description: Name defines the Cookie name.
|
||||
type: string
|
||||
sameSite:
|
||||
description: 'SameSite defines the same site policy. More
|
||||
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||
type: string
|
||||
secure:
|
||||
description: Secure defines whether the cookie can only
|
||||
be transmitted over an encrypted connection (i.e. HTTPS).
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
description: Strategy defines the load balancing strategy between
|
||||
the servers. RoundRobin is the only supported value at the moment.
|
||||
type: string
|
||||
weight:
|
||||
description: Weight defines the weight and should only be specified
|
||||
when Name references a TraefikService object (and to be precise,
|
||||
one that embeds a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
weighted:
|
||||
description: Weighted defines the Weighted Round Robin configuration.
|
||||
properties:
|
||||
services:
|
||||
description: Services defines the list of Kubernetes Service and/or
|
||||
TraefikService to load-balance, with weight.
|
||||
items:
|
||||
description: Service defines an upstream HTTP service to proxy
|
||||
traffic to.
|
||||
properties:
|
||||
kind:
|
||||
description: Kind defines the kind of the Service.
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name defines the name of the referenced Kubernetes
|
||||
Service or TraefikService. The differentiation between
|
||||
the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace defines the namespace of the referenced
|
||||
Kubernetes Service or TraefikService.
|
||||
type: string
|
||||
nativeLB:
|
||||
description: NativeLB controls, when creating the load-balancer,
|
||||
whether the LB's children are directly the pods IPs or
|
||||
if the only child is the Kubernetes Service clusterIP.
|
||||
The Kubernetes Service itself does load-balance to the
|
||||
pods. By default, NativeLB is false.
|
||||
type: boolean
|
||||
passHostHeader:
|
||||
description: PassHostHeader defines whether the client Host
|
||||
header is forwarded to the upstream Kubernetes Service.
|
||||
By default, passHostHeader is true.
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Port defines the port of a Kubernetes Service.
|
||||
This can be a reference to a named port.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding defines how Traefik forwards
|
||||
the response from the upstream Kubernetes Service to the
|
||||
client.
|
||||
properties:
|
||||
flushInterval:
|
||||
description: 'FlushInterval defines the interval, in
|
||||
milliseconds, in between flushes to the client while
|
||||
copying the response body. A negative value means
|
||||
to flush immediately after each write to the client.
|
||||
This configuration is ignored when ReverseProxy recognizes
|
||||
a response as a streaming response; for such responses,
|
||||
writes are flushed to the client immediately. Default:
|
||||
100ms'
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
description: Scheme defines the scheme to use for the request
|
||||
to the upstream Kubernetes Service. It defaults to https
|
||||
when Kubernetes Service port is 443, http otherwise.
|
||||
type: string
|
||||
serversTransport:
|
||||
description: ServersTransport defines the name of ServersTransport
|
||||
resource to use. It allows to configure the transport
|
||||
between Traefik and your servers. Can only be used on
|
||||
a Kubernetes Service.
|
||||
type: string
|
||||
sticky:
|
||||
description: 'Sticky defines the sticky sessions configuration.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
properties:
|
||||
httpOnly:
|
||||
description: HTTPOnly defines whether the cookie
|
||||
can be accessed by client-side APIs, such as JavaScript.
|
||||
type: boolean
|
||||
name:
|
||||
description: Name defines the Cookie name.
|
||||
type: string
|
||||
sameSite:
|
||||
description: 'SameSite defines the same site policy.
|
||||
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||
type: string
|
||||
secure:
|
||||
description: Secure defines whether the cookie can
|
||||
only be transmitted over an encrypted connection
|
||||
(i.e. HTTPS).
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
description: Strategy defines the load balancing strategy
|
||||
between the servers. RoundRobin is the only supported
|
||||
value at the moment.
|
||||
type: string
|
||||
weight:
|
||||
description: Weight defines the weight and should only be
|
||||
specified when Name references a TraefikService object
|
||||
(and to be precise, one that embeds a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
sticky:
|
||||
description: 'Sticky defines whether sticky sessions are enabled.
|
||||
More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie defines the sticky cookie configuration.
|
||||
properties:
|
||||
httpOnly:
|
||||
description: HTTPOnly defines whether the cookie can be
|
||||
accessed by client-side APIs, such as JavaScript.
|
||||
type: boolean
|
||||
name:
|
||||
description: Name defines the Cookie name.
|
||||
type: string
|
||||
sameSite:
|
||||
description: 'SameSite defines the same site policy. More
|
||||
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
|
||||
type: string
|
||||
secure:
|
||||
description: Secure defines whether the cookie can only
|
||||
be transmitted over an encrypted connection (i.e. HTTPS).
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -0,0 +1,457 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/traefik
|
||||
tag: v2.10.5@sha256:b277733b5b8d7f9d2761813d97e161c1f64ec77960f9c06adde13868efbc8dce
|
||||
pullPolicy: IfNotPresent
|
||||
manifestManager:
|
||||
enabled: true
|
||||
workload:
|
||||
main:
|
||||
replicas: 2
|
||||
strategy: RollingUpdate
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
args: []
|
||||
probes:
|
||||
# -- Liveness probe configuration
|
||||
# @default -- See below
|
||||
liveness:
|
||||
# -- sets the probe type when not using a custom probe
|
||||
# @default -- "TCP"
|
||||
type: tcp
|
||||
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
||||
# @default -- "/"
|
||||
# path: "/ping"
|
||||
|
||||
# -- Readiness probe configuration
|
||||
# @default -- See below
|
||||
readiness:
|
||||
# -- sets the probe type when not using a custom probe
|
||||
# @default -- "TCP"
|
||||
type: tcp
|
||||
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
||||
# @default -- "/"
|
||||
# path: "/ping"
|
||||
|
||||
# -- Startup probe configuration
|
||||
# @default -- See below
|
||||
startup:
|
||||
# -- sets the probe type when not using a custom probe
|
||||
# @default -- "TCP"
|
||||
type: tcp
|
||||
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
||||
# @default -- "/"
|
||||
# path: "/ping"
|
||||
|
||||
# -- Options for all pods
|
||||
# Can be overruled per pod
|
||||
podOptions:
|
||||
automountServiceAccountToken: true
|
||||
|
||||
operator:
|
||||
register: true
|
||||
|
||||
# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
|
||||
ingressClass:
|
||||
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
|
||||
enabled: false
|
||||
isDefaultClass: false
|
||||
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
|
||||
fallbackApiVersion: ""
|
||||
|
||||
# -- Create an IngressRoute for the dashboard
|
||||
ingressRoute:
|
||||
dashboard:
|
||||
enabled: true
|
||||
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
|
||||
annotations: {}
|
||||
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
|
||||
labels: {}
|
||||
#
|
||||
# -- Configure providers
|
||||
providers:
|
||||
kubernetesCRD:
|
||||
enabled: true
|
||||
namespaces:
|
||||
[]
|
||||
# - "default"
|
||||
kubernetesIngress:
|
||||
enabled: true
|
||||
# labelSelector: environment=production,method=traefik
|
||||
namespaces:
|
||||
[]
|
||||
# - "default"
|
||||
# IP used for Kubernetes Ingress endpoints
|
||||
publishedService:
|
||||
enabled: true
|
||||
# Published Kubernetes Service to copy status from. Format: namespace/servicename
|
||||
# By default this Traefik service
|
||||
# pathOverride: ""
|
||||
|
||||
# -- Logs
|
||||
# https://docs.traefik.io/observability/logs/
|
||||
logs:
|
||||
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
|
||||
general:
|
||||
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
|
||||
level: ERROR
|
||||
# -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format
|
||||
format: common
|
||||
access:
|
||||
# To enable access logs
|
||||
enabled: false
|
||||
# To write the logs in an asynchronous fashion, specify a bufferingSize option.
|
||||
# This option represents the number of log lines Traefik will keep in memory before writing
|
||||
# them to the selected output. In some cases, this option can greatly help performances.
|
||||
# bufferingSize: 100
|
||||
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
|
||||
filters:
|
||||
{}
|
||||
# statuscodes: "200,300-302"
|
||||
# retryattempts: true
|
||||
# minduration: 10ms
|
||||
# Fields
|
||||
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
|
||||
fields:
|
||||
general:
|
||||
defaultmode: keep
|
||||
names:
|
||||
{}
|
||||
# Examples:
|
||||
# ClientUsername: drop
|
||||
headers:
|
||||
defaultmode: drop
|
||||
names:
|
||||
{}
|
||||
# Examples:
|
||||
# User-Agent: redact
|
||||
# Authorization: drop
|
||||
# Content-Type: keep
|
||||
# -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format
|
||||
format: common
|
||||
|
||||
metrics:
|
||||
main:
|
||||
enabled: false
|
||||
type: servicemonitor
|
||||
endpoints:
|
||||
- port: metrics
|
||||
path: /metrics
|
||||
targetSelector: metrics
|
||||
|
||||
globalArguments:
|
||||
- "--global.checknewversion"
|
||||
|
||||
##
|
||||
# -- Additional arguments to be passed at Traefik's binary
|
||||
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
|
||||
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
|
||||
additionalArguments:
|
||||
- "--serverstransport.insecureskipverify=true"
|
||||
- "--providers.kubernetesingress.allowexternalnameservices=true"
|
||||
|
||||
# -- TLS Options to be created as TLSOption CRDs
|
||||
# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options
|
||||
# Example:
|
||||
tlsOptions:
|
||||
default:
|
||||
sniStrict: false
|
||||
minVersion: VersionTLS12
|
||||
curvePreferences:
|
||||
- CurveP521
|
||||
- CurveP384
|
||||
cipherSuites:
|
||||
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
||||
- TLS_AES_128_GCM_SHA256
|
||||
- TLS_AES_256_GCM_SHA384
|
||||
- TLS_CHACHA20_POLY1305_SHA256
|
||||
|
||||
# -- Options for the main traefik service, where the entrypoints traffic comes from
|
||||
# from.
|
||||
service:
|
||||
main:
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
main:
|
||||
port: 9000
|
||||
targetPort: 9000
|
||||
protocol: http
|
||||
# -- Forwarded Headers should never be enabled on Main entrypoint
|
||||
forwardedHeaders:
|
||||
enabled: false
|
||||
# -- Proxy Protocol should never be enabled on Main entrypoint
|
||||
proxyProtocol:
|
||||
enabled: false
|
||||
tcp:
|
||||
enabled: true
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
web:
|
||||
enabled: true
|
||||
port: 9080
|
||||
protocol: http
|
||||
redirectTo: websecure
|
||||
# Options: Empty, 0 (ingore), or positive int
|
||||
# redirectPort:
|
||||
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
|
||||
forwardedHeaders:
|
||||
enabled: false
|
||||
# -- List of trusted IP and CIDR references
|
||||
trustedIPs: []
|
||||
# -- Trust all forwarded headers
|
||||
insecureMode: false
|
||||
# -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
|
||||
proxyProtocol:
|
||||
enabled: false
|
||||
# -- Only IPs in trustedIPs will lead to remote client address replacement
|
||||
trustedIPs: []
|
||||
# -- Trust every incoming connection
|
||||
insecureMode: false
|
||||
websecure:
|
||||
enabled: true
|
||||
port: 9443
|
||||
protocol: https
|
||||
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
|
||||
forwardedHeaders:
|
||||
enabled: false
|
||||
# -- List of trusted IP and CIDR references
|
||||
trustedIPs: []
|
||||
# -- Trust all forwarded headers
|
||||
insecureMode: false
|
||||
# -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
|
||||
proxyProtocol:
|
||||
enabled: false
|
||||
# -- Only IPs in trustedIPs will lead to remote client address replacement
|
||||
trustedIPs: []
|
||||
# -- Trust every incoming connection
|
||||
insecureMode: false
|
||||
# tcpexample:
|
||||
# enabled: true
|
||||
# targetPort: 9443
|
||||
# protocol: tcp
|
||||
# tls:
|
||||
# enabled: false
|
||||
# # this is the name of a TLSOption definition
|
||||
# options: ""
|
||||
# certResolver: ""
|
||||
# domains: []
|
||||
# # - main: example.com
|
||||
# # sans:
|
||||
# # - foo.example.com
|
||||
# # - bar.example.com
|
||||
metrics:
|
||||
enabled: true
|
||||
type: ClusterIP
|
||||
ports:
|
||||
metrics:
|
||||
enabled: true
|
||||
port: 9180
|
||||
targetPort: 9180
|
||||
protocol: http
|
||||
# -- Forwarded Headers should never be enabled on Metrics entrypoint
|
||||
forwardedHeaders:
|
||||
enabled: false
|
||||
# -- Proxy Protocol should never be enabled on Metrics entrypoint
|
||||
proxyProtocol:
|
||||
enabled: false
|
||||
# udp:
|
||||
# enabled: false
|
||||
|
||||
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
clusterWide: true
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
- endpoints
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses
|
||||
- ingressclasses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses/status
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- traefik.containo.us
|
||||
- traefik.io
|
||||
resources:
|
||||
- middlewares
|
||||
- middlewaretcps
|
||||
- ingressroutes
|
||||
- traefikservices
|
||||
- ingressroutetcps
|
||||
- ingressrouteudps
|
||||
- tlsoptions
|
||||
- tlsstores
|
||||
- serverstransports
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
|
||||
# -- The service account the pods will use to interact with the Kubernetes API
|
||||
serviceAccount:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
|
||||
# -- SCALE Middleware Handlers
|
||||
middlewares:
|
||||
basicAuth: []
|
||||
# - name: basicauthexample
|
||||
# users:
|
||||
# - username: testuser
|
||||
# password: testpassword
|
||||
forwardAuth: []
|
||||
# - name: forwardAuthexample
|
||||
# address: https://auth.example.com/
|
||||
# authResponseHeaders:
|
||||
# - X-Secret
|
||||
# - X-Auth-User
|
||||
# authRequestHeaders:
|
||||
# - "Accept"
|
||||
# - "X-CustomHeader"
|
||||
# authResponseHeadersRegex: "^X-"
|
||||
# trustForwardHeader: true
|
||||
customRequestHeaders: []
|
||||
# - name: customRequestHeaderExample
|
||||
# headers:
|
||||
# - name: X-Custom-Header
|
||||
# value: "foobar"
|
||||
# - name: X-Header-To-Remove
|
||||
# value: ""
|
||||
customResponseHeaders: []
|
||||
# - name: customResponseHeaderExample
|
||||
# headers:
|
||||
# - name: X-Custom-Header
|
||||
# value: "foobar"
|
||||
# - name: X-Header-To-Remove
|
||||
# value: ""
|
||||
rewriteResponseHeaders: []
|
||||
# - name: rewriteResponseHeadersName
|
||||
# headers:
|
||||
# - name: "Location"
|
||||
# regex: "^http://(.+)$"
|
||||
# replacement: "https://$1"
|
||||
# - name: "Date"
|
||||
# regex: "^[^,]+,\\s*(.+)$"
|
||||
# replacement: "$1"
|
||||
customFrameOptionsValue: []
|
||||
# - name: customFrameOptionsValueExample
|
||||
# value: "SAMEORIGIN"
|
||||
buffering: []
|
||||
# - name: bufferingExample
|
||||
# maxRequestBodyBytes: 1000000
|
||||
# memRequestBodyBytes: 1000000
|
||||
# maxResponseBodyBytes: 1000000
|
||||
# memResponseBodyBytes: 1000000
|
||||
# retryExpression: "IsNetworkError() && Attempts() < 2"
|
||||
chain: []
|
||||
# - name: chainname
|
||||
# middlewares:
|
||||
# - name: compress
|
||||
redirectScheme: []
|
||||
# - name: redirectSchemeName
|
||||
# scheme: https
|
||||
# permanent: true
|
||||
rateLimit: []
|
||||
# - name: rateLimitName
|
||||
# average: 300
|
||||
# burst: 200
|
||||
redirectRegex: []
|
||||
# - name: redirectRegexName
|
||||
# regex: putregexhere
|
||||
# replacement: replacementurlhere
|
||||
# permanent: false
|
||||
stripPrefixRegex: []
|
||||
# - name: stripPrefixRegexName
|
||||
# regex: []
|
||||
ipWhiteList: []
|
||||
# - name: ipWhiteListName
|
||||
# sourceRange: []
|
||||
# ipStrategy:
|
||||
# depth: 2
|
||||
# excludedIPs: []
|
||||
themePark: []
|
||||
# - name: themeParkName
|
||||
# -- Supported apps, lower case name
|
||||
# -- https://docs.theme-park.dev/themes
|
||||
# app: appnamehere
|
||||
# -- Supported themes, lower case name
|
||||
# -- https://docs.theme-park.dev/themes/APPNAMEHERE
|
||||
# -- https://docs.theme-park.dev/community-themes
|
||||
# theme: themenamehere
|
||||
# -- https://theme-park.dev or a self hosted url
|
||||
# baseUrl: https://theme-park.dev
|
||||
# Sets X-Real-Ip with an IP from the X-Forwarded-For or
|
||||
# Cf-Connecting-Ip (If from Cloudflare)
|
||||
# Evaluation of those headers will go from last to first
|
||||
realIP: []
|
||||
# - name: realIPName
|
||||
# -- The real IP will be the first one that is
|
||||
# -- not included in any of the CIDRs passed here
|
||||
# excludedNetworks:
|
||||
# - 1.1.1.1/24
|
||||
addPrefix: []
|
||||
# - name: addPrefixName
|
||||
# prefix: "/foo"
|
||||
geoBlock: []
|
||||
# -- https://github.com/PascalMinder/geoblock
|
||||
# - name: geoBlockName
|
||||
# allowLocalRequests: true
|
||||
# logLocalRequests: false
|
||||
# logAllowedRequests: false
|
||||
# logApiRequests: false
|
||||
# api: https://get.geojs.io/v1/ip/country/{ip}
|
||||
# apiTimeoutMs: 500
|
||||
# cacheSize: 25
|
||||
# forceMonthlyUpdate: true
|
||||
# allowUnknownCountries: false
|
||||
# unknownCountryApiResponse: nil
|
||||
# blackListMode: false
|
||||
# countries:
|
||||
# - RU
|
||||
modsecurity: []
|
||||
# - name: modsecurityName
|
||||
# modSecurityUrl: modSecurity container URL
|
||||
# timeoutMillis: Configurated timeout
|
||||
# maxBodySize: maxBodySize
|
||||
## Note: body of every request will be buffered in memory while the request is in-flight
|
||||
## (i.e.: during the security check and during the request processing by traefik and the backend),
|
||||
## so you may want to tune maxBodySize depending on how much RAM you have.
|
||||
|
||||
portalhook:
|
||||
enabled: true
|
||||
|
||||
persistence:
|
||||
plugins:
|
||||
enabled: true
|
||||
mountPath: "/plugins-storage"
|
||||
type: emptyDir
|
||||
|
||||
portal:
|
||||
open:
|
||||
enabled: true
|
||||
path: /dashboard/
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1 @@
|
|||
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
|
@ -0,0 +1,194 @@
|
|||
{{/* Define the args */}}
|
||||
{{- define "traefik.args" -}}
|
||||
args:
|
||||
{{/* merge all ports */}}
|
||||
{{- $ports := dict }}
|
||||
{{- range $.Values.service }}
|
||||
{{- range $name, $value := .ports }}
|
||||
{{- $_ := set $ports $name $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* start of actual arguments */}}
|
||||
{{- with .Values.globalArguments }}
|
||||
{{- range . }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $name, $config := $ports }}
|
||||
{{- if $config }}
|
||||
{{- if or ( eq $config.protocol "http" ) ( eq $config.protocol "https" ) ( eq $config.protocol "tcp" ) }}
|
||||
{{- $_ := set $config "protocol" "tcp" }}
|
||||
{{- end }}
|
||||
- "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- "--api.dashboard=true"
|
||||
- "--ping=true"
|
||||
{{- if .Values.traefikMetrics }}
|
||||
{{- if .Values.traefikMetrics.datadog }}
|
||||
- "--metrics.datadog=true"
|
||||
- "--metrics.datadog.address={{ .Values.traefikMetrics.datadog.address }}"
|
||||
{{- end }}
|
||||
{{- if .Values.traefikMetrics.influxdb }}
|
||||
- "--metrics.influxdb=true"
|
||||
- "--metrics.influxdb.address={{ .Values.traefikMetrics.influxdb.address }}"
|
||||
- "--metrics.influxdb.protocol={{ .Values.traefikMetrics.influxdb.protocol }}"
|
||||
{{- end }}
|
||||
{{- if .Values.traefikMetrics.statsd }}
|
||||
- "--metrics.statsd=true"
|
||||
- "--metrics.statsd.address={{ .Values.traefikMetrics.statsd.address }}"
|
||||
{{- if or .Values.traefikMetrics.prometheus }}
|
||||
- "--metrics.prometheus=true"
|
||||
- "--metrics.prometheus.entrypoint=metrics"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if or .Values.metrics.main.enabled }}
|
||||
- "--metrics.prometheus=true"
|
||||
- "--metrics.prometheus.entrypoint=metrics"
|
||||
{{- end }}
|
||||
{{- if .Values.providers.kubernetesCRD.enabled }}
|
||||
- "--providers.kubernetescrd"
|
||||
{{- end }}
|
||||
{{- if .Values.providers.kubernetesIngress.enabled }}
|
||||
- "--providers.kubernetesingress"
|
||||
{{- if .Values.providers.kubernetesIngress.publishedService.enabled }}
|
||||
- "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}"
|
||||
{{- end }}
|
||||
{{- if .Values.providers.kubernetesIngress.labelSelector }}
|
||||
- "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
|
||||
{{- if .Values.providers.kubernetesCRD.enabled }}
|
||||
- "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}"
|
||||
{{- end }}
|
||||
{{- if .Values.providers.kubernetesIngress.enabled }}
|
||||
- "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if $.Values.ingressClass.enabled }}
|
||||
- "--providers.kubernetesingress.ingressclass={{ .Release.Name }}"
|
||||
{{- end }}
|
||||
{{- range $entrypoint, $config := $ports }}
|
||||
{{/* add args for proxyProtocol support */}}
|
||||
{{- if $config.proxyProtocol }}
|
||||
{{- if $config.proxyProtocol.enabled }}
|
||||
{{- if $config.proxyProtocol.insecureMode }}
|
||||
- "--entrypoints.{{ $entrypoint }}.proxyProtocol.insecure"
|
||||
{{- end }}
|
||||
{{- if not ( empty $config.proxyProtocol.trustedIPs ) }}
|
||||
- "--entrypoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* add args for forwardedHeaders support */}}
|
||||
{{- if $config.forwardedHeaders.enabled }}
|
||||
{{- if not ( empty $config.forwardedHeaders.trustedIPs ) }}
|
||||
- "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}"
|
||||
{{- end }}
|
||||
{{- if $config.forwardedHeaders.insecureMode }}
|
||||
- "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* end forwardedHeaders configuration */}}
|
||||
{{- if $config.redirectTo }}
|
||||
{{- $toPort := index $ports $config.redirectTo }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}"
|
||||
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
|
||||
{{- else if $config.redirectPort }}
|
||||
{{ if gt $config.redirectPort 0.0 }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $config.redirectPort }}"
|
||||
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if or ( $config.tls ) ( eq $config.protocol "https" ) }}
|
||||
{{- if or ( $config.tls.enabled ) ( eq $config.protocol "https" ) }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls=true"
|
||||
{{- if $config.tls.options }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
|
||||
{{- end }}
|
||||
{{- if $config.tls.certResolver }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
|
||||
{{- end }}
|
||||
{{- if $config.tls.domains }}
|
||||
{{- range $index, $domain := $config.tls.domains }}
|
||||
{{- if $domain.main }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
|
||||
{{- end }}
|
||||
{{- if $domain.sans }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.logs }}
|
||||
- "--log.format={{ .general.format }}"
|
||||
{{- if ne .general.level "ERROR" }}
|
||||
- "--log.level={{ .general.level | upper }}"
|
||||
{{- end }}
|
||||
{{- if .access.enabled }}
|
||||
- "--accesslog=true"
|
||||
- "--accesslog.format={{ .access.format }}"
|
||||
{{- if .access.bufferingsize }}
|
||||
- "--accesslog.bufferingsize={{ .access.bufferingsize }}"
|
||||
{{- end }}
|
||||
{{- if .access.filters }}
|
||||
{{- if .access.filters.statuscodes }}
|
||||
- "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}"
|
||||
{{- end }}
|
||||
{{- if .access.filters.retryattempts }}
|
||||
- "--accesslog.filters.retryattempts"
|
||||
{{- end }}
|
||||
{{- if .access.filters.minduration }}
|
||||
- "--accesslog.filters.minduration={{ .access.filters.minduration }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}"
|
||||
{{- range $fieldname, $fieldaction := .access.fields.general.names }}
|
||||
- "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}"
|
||||
{{- end }}
|
||||
- "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}"
|
||||
{{- range $fieldname, $fieldaction := .access.fields.headers.names }}
|
||||
- "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/*
|
||||
For new plugins, add them on the container also
|
||||
https://github.com/truecharts/containers/blob/master/mirror/traefik/Dockerfile
|
||||
moduleName must match on the container and here
|
||||
*/}}
|
||||
{{- if .Values.middlewares.themePark }}
|
||||
{{/* theme.park */}}
|
||||
- "--experimental.localPlugins.traefik-themepark.modulename=github.com/packruler/traefik-themepark"
|
||||
{{- end }}
|
||||
{{/* End of theme.park */}}
|
||||
{{/* GeoBlock */}}
|
||||
{{- if .Values.middlewares.geoBlock }}
|
||||
- "--experimental.localPlugins.GeoBlock.modulename=github.com/PascalMinder/geoblock"
|
||||
{{- end }}
|
||||
{{/* End of GeoBlock */}}
|
||||
{{/* RealIP */}}
|
||||
{{- if .Values.middlewares.realIP }}
|
||||
- "--experimental.localPlugins.traefik-real-ip.modulename=github.com/jramsgz/traefik-real-ip"
|
||||
{{- end }}
|
||||
{{/* End of RealIP */}}
|
||||
{{/* ModSecurity */}}
|
||||
{{- if .Values.middlewares.modsecurity }}
|
||||
- "--experimental.localPlugins.traefik-modsecurity-plugin.modulename=github.com/acouvreur/traefik-modsecurity-plugin"
|
||||
{{- end }}
|
||||
{{/* End of ModSecurity */}}
|
||||
{{/* RewriteResponseHeaders */}}
|
||||
{{- if .Values.middlewares.rewriteResponseHeaders }}
|
||||
- "--experimental.localPlugins.rewriteResponseHeaders.modulename=github.com/XciD/traefik-plugin-rewrite-headers"
|
||||
{{- end }}
|
||||
{{/* End of RewriteResponseHeaders */}}
|
||||
{{- with .Values.additionalArguments }}
|
||||
{{- range . }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,22 @@
|
|||
{{/*
|
||||
Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice.
|
||||
By convention this will simply use the <namespace>/<service-name> to match the name of the
|
||||
service generated.
|
||||
Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride`
|
||||
*/}}
|
||||
{{- define "providers.kubernetesIngress.publishedServicePath" -}}
|
||||
{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
|
||||
{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}}
|
||||
{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }}
|
||||
{{- print $servicePath | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Construct a comma-separated list of whitelisted namespaces
|
||||
*/}}
|
||||
{{- define "providers.kubernetesIngress.namespaces" -}}
|
||||
{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }}
|
||||
{{- end -}}
|
||||
{{- define "providers.kubernetesCRD.namespaces" -}}
|
||||
{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,24 @@
|
|||
{{/* Define the ingressClass */}}
|
||||
{{- define "traefik.ingressClass" -}}
|
||||
---
|
||||
{{ if $.Values.ingressClass.enabled }}
|
||||
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }}
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
{{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }}
|
||||
apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }}
|
||||
{{- else }}
|
||||
{{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }}
|
||||
{{- end }}
|
||||
kind: IngressClass
|
||||
metadata:
|
||||
annotations:
|
||||
ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }}
|
||||
labels:
|
||||
{{- include "tc.v1.common.lib.metadata.allLabels" . | nindent 4 }}
|
||||
name: {{ .Release.Name }}
|
||||
spec:
|
||||
controller: traefik.io/ingress-controller
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,34 @@
|
|||
{{/* Define the ingressRoute */}}
|
||||
{{- define "traefik.ingressRoute" -}}
|
||||
{{ if .Values.ingressRoute.dashboard.enabled }}
|
||||
|
||||
{{- $ingressRouteLabels := .Values.ingressRoute.dashboard.labels -}}
|
||||
{{- $ingressRouteAnnotations := .Values.ingressRoute.dashboard.annotations -}}
|
||||
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: {{ include "tc.v1.common.lib.chart.names.fullname" . }}-dashboard
|
||||
{{- $labels := (mustMerge ($ingressRouteLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
|
||||
labels:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- $annotations := (mustMerge ($ingressRouteAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
|
||||
{{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
|
||||
annotations:
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
spec:
|
||||
entryPoints:
|
||||
- main
|
||||
routes:
|
||||
- match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: api@internal
|
||||
kind: TraefikService
|
||||
{{ end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,24 @@
|
|||
{{/* Define the portalHook */}}
|
||||
{{- define "traefik.portalhook" -}}
|
||||
{{- if .Values.portalhook.enabled -}}
|
||||
{{- $name := "portalhook" -}}
|
||||
{{- if $.Values.ingressClass.enabled -}}
|
||||
{{- $name = printf "portalhook-%v" .Release.Name -}}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ $name }}
|
||||
data:
|
||||
{{- $ports := dict }}
|
||||
{{- range $.Values.service }}
|
||||
{{- range $name, $value := .ports }}
|
||||
{{- $_ := set $ports $name $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $name, $value := $ports }}
|
||||
{{ $name }}: {{ $value.port | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,12 @@
|
|||
{{/* Define the tlsOptions */}}
|
||||
{{- define "traefik.tlsOptions" -}}
|
||||
{{- range $name, $config := .Values.tlsOptions }}
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: TLSOption
|
||||
metadata:
|
||||
name: {{ $name }}
|
||||
spec:
|
||||
{{- toYaml $config | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,23 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "tc.v1.common.loader.init" . }}
|
||||
|
||||
{{- $newArgs := (include "traefik.args" . | fromYaml) }}
|
||||
{{- $_ := set .Values "newArgs" $newArgs -}}
|
||||
{{- $mergedargs := concat $.Values.workload.main.podSpec.containers.main.args .Values.newArgs.args }}
|
||||
{{- $_ := set $.Values.workload.main.podSpec.containers.main "args" $mergedargs -}}
|
||||
|
||||
{{- include "traefik.portalhook" . }}
|
||||
{{- include "traefik.tlsOptions" . }}
|
||||
{{- include "traefik.ingressRoute" . }}
|
||||
{{- include "traefik.ingressClass" . }}
|
||||
|
||||
{{- with .Values.ingress -}}
|
||||
{{- with .main -}}
|
||||
{{- if .enabled -}}
|
||||
{{- $_ := set $.Values.portal.open.override "protocol" "https" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "tc.v1.common.loader.apply" . }}
|
|
@ -0,0 +1,12 @@
|
|||
{{- range $index, $middlewareData := .Values.middlewares.addPrefix }}
|
||||
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
addPrefix:
|
||||
prefix: {{ $middlewareData.prefix }}
|
||||
{{- end }}
|
|
@ -0,0 +1,57 @@
|
|||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
compress: {}
|
||||
---
|
||||
# Here, an average of 300 requests per second is allowed.
|
||||
# In addition, a burst of 200 requests is allowed.
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
rateLimit:
|
||||
average: 600
|
||||
burst: 400
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
headers:
|
||||
accessControlAllowMethods:
|
||||
- GET
|
||||
- OPTIONS
|
||||
- HEAD
|
||||
- PUT
|
||||
accessControlMaxAge: 100
|
||||
stsSeconds: 63072000
|
||||
# stsIncludeSubdomains: false
|
||||
# stsPreload: false
|
||||
forceSTSHeader: true
|
||||
contentTypeNosniff: true
|
||||
browserXssFilter: true
|
||||
referrerPolicy: same-origin
|
||||
customRequestHeaders:
|
||||
X-Forwarded-Proto: "https"
|
||||
customResponseHeaders:
|
||||
server: ''
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-chain-basic" $.Release.Name) "chain-basic" $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
chain:
|
||||
middlewares:
|
||||
- name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }}
|
||||
- name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }}
|
||||
- name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }}
|
|
@ -0,0 +1,30 @@
|
|||
{{- range $index, $middlewareData := .Values.middlewares.basicAuth -}}
|
||||
|
||||
{{- $users := list -}}
|
||||
{{- range $index, $userdata := $middlewareData.users -}}
|
||||
{{- $users = append $users (htpasswd $userdata.username $userdata.password) -}}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ printf "%v-%v" $middlewareData.name "secret" }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
type: Opaque
|
||||
stringData:
|
||||
users: |
|
||||
{{- range $index, $user := $users }}
|
||||
{{ printf "%s" $user }}
|
||||
{{- end }}
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
basicAuth:
|
||||
secret: {{ printf "%v-%v" $middlewareData.name "secret" }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,26 @@
|
|||
{{- range $index, $middlewareData := .Values.middlewares.buffering }}
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
buffering: {{/* Only render if its not <nil> and has a value of 0 or greater */}}
|
||||
{{- if not (kindIs "invalid" $middlewareData.maxRequestBodyBytes) (ge ($middlewareData.maxRequestBodyBytes | int) 0) }}
|
||||
maxRequestBodyBytes: {{ $middlewareData.maxRequestBodyBytes }}
|
||||
{{- end -}}
|
||||
{{- if not (kindIs "invalid" $middlewareData.memRequestBodyBytes) (ge ($middlewareData.memRequestBodyBytes | int) 0) }}
|
||||
memRequestBodyBytes: {{ $middlewareData.memRequestBodyBytes }}
|
||||
{{- end -}}
|
||||
{{- if not (kindIs "invalid" $middlewareData.maxResponseBodyBytes) (ge ($middlewareData.maxResponseBodyBytes | int) 0) }}
|
||||
maxResponseBodyBytes: {{ $middlewareData.maxResponseBodyBytes }}
|
||||
{{- end -}}
|
||||
{{- if not (kindIs "invalid" $middlewareData.memResponseBodyBytes) (ge ($middlewareData.memResponseBodyBytes | int) 0) }}
|
||||
memResponseBodyBytes: {{ $middlewareData.memResponseBodyBytes }}
|
||||
{{- end -}}
|
||||
{{- if $middlewareData.retryExpression }}
|
||||
retryExpression: {{ $middlewareData.retryExpression | quote }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,21 @@
|
|||
{{- $values := .Values -}}
|
||||
{{- $namespace := $.Release.Namespace -}}
|
||||
{{- if $.Values.ingressClass.enabled -}}
|
||||
{{- $namespace := (printf "%v-%v" $namespace .Release.Name) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range $index, $middlewareData := .Values.middlewares.chain }}
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
chain:
|
||||
middlewares:
|
||||
{{- range $index, $middleware := .middlewares }}
|
||||
- name: {{ printf "%v-%v@%v" $namespace $middleware "kubernetescrd" }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,12 @@
|
|||
{{- range $index, $middlewareData := .Values.middlewares.customFrameOptionsValue }}
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
headers:
|
||||
customFrameOptionsValue: {{ $middlewareData.value }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,15 @@
|
|||
{{- range $index, $middlewareData := .Values.middlewares.customRequestHeaders }}
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
headers:
|
||||
customRequestHeaders:
|
||||
{{- range $index, $customRequestHeader := $middlewareData.headers }}
|
||||
{{ $customRequestHeader.name }}: {{ $customRequestHeader.value | quote }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,15 @@
|
|||
{{- range $index, $middlewareData := .Values.middlewares.customResponseHeaders }}
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
headers:
|
||||
customResponseHeaders:
|
||||
{{- range $index, $customResponseHeader := $middlewareData.headers }}
|
||||
{{ $customResponseHeader.name }}: {{ $customResponseHeader.value | quote }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,29 @@
|
|||
{{- range $index, $middlewareData := .Values.middlewares.forwardAuth }}
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
forwardAuth:
|
||||
address: {{ $middlewareData.address }}
|
||||
{{- with $middlewareData.authResponseHeaders }}
|
||||
authResponseHeaders:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- with $middlewareData.authRequestHeaders }}
|
||||
authRequestHeaders:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- if $middlewareData.authResponseHeadersRegex }}
|
||||
authResponseHeadersRegex: {{ $middlewareData.authResponseHeadersRegex }}
|
||||
{{- end -}}
|
||||
{{- if $middlewareData.trustForwardHeader }}
|
||||
trustForwardHeader: true
|
||||
{{- end -}}
|
||||
{{- with $middlewareData.tls }}
|
||||
tls:
|
||||
insecureSkipVerify: {{ .insecureSkipVerify | default false }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,29 @@
|
|||
{{- range $index, $middlewareData := .Values.middlewares.geoBlock }}
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
plugin:
|
||||
GeoBlock:
|
||||
allowLocalRequests: {{ $middlewareData.allowLocalRequests }}
|
||||
logLocalRequests: {{ $middlewareData.logLocalRequests }}
|
||||
logAllowedRequests: {{ $middlewareData.logAllowedRequests }}
|
||||
logApiRequests: {{ $middlewareData.logApiRequests }}
|
||||
api: {{ $middlewareData.api }}
|
||||
apiTimeoutMs: {{ $middlewareData.apiTimeoutMs }}
|
||||
cacheSize: {{ $middlewareData.cacheSize }}
|
||||
forceMonthlyUpdate: {{ $middlewareData.forceMonthlyUpdate }}
|
||||
allowUnknownCountries: {{ $middlewareData.allowUnknownCountries }}
|
||||
unknownCountryApiResponse: {{ $middlewareData.unknownCountryApiResponse }}
|
||||
blackListMode: {{ $middlewareData.blackListMode }}
|
||||
{{- if not $middlewareData.countries -}}
|
||||
{{- fail "You have to define at least one country..." -}}
|
||||
{{- end }}
|
||||
countries:
|
||||
{{- range $middlewareData.countries }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,27 @@
|
|||
{{- range $index, $middlewareData := .Values.middlewares.ipWhiteList }}
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
ipWhiteList:
|
||||
sourceRange:
|
||||
{{- range $middlewareData.sourceRange }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- if $middlewareData.ipStrategy }}
|
||||
ipStrategy:
|
||||
{{- if $middlewareData.ipStrategy.depth }}
|
||||
depth: {{ $middlewareData.ipStrategy.depth }}
|
||||
{{- end -}}
|
||||
{{- if $middlewareData.ipStrategy.excludedIPs }}
|
||||
excludedIPs:
|
||||
{{- range $middlewareData.ipStrategy.excludedIPs }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,14 @@
|
|||
{{- range $index, $middlewareData := .Values.middlewares.modsecurity }}
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
plugin:
|
||||
traefik-modsecurity-plugin:
|
||||
modSecurityUrl: {{ $middlewareData.modSecurityUrl }}
|
||||
timeoutMillis: {{ $middlewareData.timeoutMillis }}
|
||||
maxBodySize: {{ $middlewareData.maxBodySize }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,13 @@
|
|||
{{- range $index, $middlewareData := .Values.middlewares.rateLimit }}
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
rateLimit:
|
||||
average: {{ $middlewareData.average }}
|
||||
burst: {{ $middlewareData.burst }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,15 @@
|
|||
{{- range $index, $middlewareData := .Values.middlewares.realIP }}
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
plugin:
|
||||
traefik-real-ip:
|
||||
excludednets:
|
||||
{{- range $middlewareData.excludedNetworks }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,13 @@
|
|||
{{- range $index, $middlewareData := .Values.middlewares.redirectScheme }}
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
redirectScheme:
|
||||
scheme: {{ $middlewareData.scheme }}
|
||||
permanent: {{ $middlewareData.permanent }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,14 @@
|
|||
{{- range $index, $middlewareData := .Values.middlewares.redirectRegex }}
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
redirectRegex:
|
||||
regex: {{ $middlewareData.regex | quote }}
|
||||
replacement: {{ $middlewareData.replacement | quote }}
|
||||
permanent: {{ $middlewareData.permanent }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,17 @@
|
|||
{{- range $index, $middlewareData := .Values.middlewares.rewriteResponseHeaders }}
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
plugin:
|
||||
rewriteResponseHeaders:
|
||||
rewrites:
|
||||
{{- range $index, $rewriteResponseHeader := $middlewareData.headers }}
|
||||
- header: {{ $rewriteResponseHeader.name }}
|
||||
regex: {{ $rewriteResponseHeader.regex | quote }}
|
||||
replacement: {{ $rewriteResponseHeader.replacement | quote }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,14 @@
|
|||
{{- range $index, $middlewareData := .Values.middlewares.stripPrefixRegex }}
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
stripPrefixRegex:
|
||||
regex:
|
||||
{{- range $middlewareData.regex }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-chain") "tc-opencors-chain" $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
chain:
|
||||
middlewares:
|
||||
- name: {{ ternary (printf "%v-%v" $.Release.Name "basic-ratelimit") "basic-ratelimit" $.Values.ingressClass.enabled }}
|
||||
- name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }}
|
||||
- name: {{ ternary (printf "%v-%v" $.Release.Name "compress") "compress" $.Values.ingressClass.enabled }}
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-chain") "tc-closedcors-chain" $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
chain:
|
||||
middlewares:
|
||||
- name: {{ ternary (printf "%v-%v" $.Release.Name "basic-ratelimit") "basic-ratelimit" $.Values.ingressClass.enabled }}
|
||||
- name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }}
|
||||
- name: {{ ternary (printf "%v-%v" $.Release.Name "compress") "compress" $.Values.ingressClass.enabled }}
|
|
@ -0,0 +1,57 @@
|
|||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
headers:
|
||||
accessControlAllowHeaders:
|
||||
- '*'
|
||||
accessControlAllowMethods:
|
||||
- GET
|
||||
- OPTIONS
|
||||
- HEAD
|
||||
- PUT
|
||||
- POST
|
||||
accessControlAllowOriginList:
|
||||
- '*'
|
||||
accessControlMaxAge: 100
|
||||
browserXssFilter: true
|
||||
contentTypeNosniff: true
|
||||
customRequestHeaders:
|
||||
X-Forwarded-Proto: https
|
||||
customResponseHeaders:
|
||||
server: ""
|
||||
forceSTSHeader: true
|
||||
referrerPolicy: same-origin
|
||||
sslForceHost: true
|
||||
sslRedirect: true
|
||||
stsSeconds: 63072000
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
headers:
|
||||
accessControlAllowMethods:
|
||||
- GET
|
||||
- OPTIONS
|
||||
- HEAD
|
||||
- PUT
|
||||
accessControlMaxAge: 100
|
||||
sslRedirect: true
|
||||
stsSeconds: 63072000
|
||||
# stsIncludeSubdomains: false
|
||||
# stsPreload: false
|
||||
forceSTSHeader: true
|
||||
contentTypeNosniff: true
|
||||
browserXssFilter: true
|
||||
sslForceHost: true
|
||||
referrerPolicy: same-origin
|
||||
customRequestHeaders:
|
||||
X-Forwarded-Proto: "https"
|
||||
customResponseHeaders:
|
||||
server: ''
|
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-redirectregex-dav") "tc-nextcloud-redirectregex-dav" $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
redirectRegex:
|
||||
regex: "https://(.*)/.well-known/(card|cal)dav"
|
||||
replacement: "https://${1}/remote.php/dav/"
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-chain") "tc-nextcloud-chain" $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
chain:
|
||||
middlewares:
|
||||
- name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-redirectregex-dav") "tc-nextcloud-redirectregex-dav" $.Values.ingressClass.enabled }}
|
|
@ -0,0 +1,20 @@
|
|||
{{- range $index, $middlewareData := .Values.middlewares.themePark }}
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
plugin:
|
||||
traefik-themepark:
|
||||
app: {{ $middlewareData.appName }}
|
||||
theme: {{ $middlewareData.themeName }}
|
||||
baseUrl: {{ $middlewareData.baseUrl }}
|
||||
{{- if $middlewareData.addons }}
|
||||
addons:
|
||||
{{- range $middlewareData.addons }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
Loading…
Reference in New Issue