homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch v3.0 into master

Browse source
This commit is contained in:
Fernandez Ludovic 2024-04-03 20:30:13 +02:00
commit 1ffbffb26a
326 changed files with 8850 additions and 9322 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/content/contributing/maintainers.md
View file

@ -21,6 +21,8 @@ description: "Traefik Proxy is an open source software with a thriving community
* Harold Ozouf [@jspdown](https://github.com/jspdown)
* Tom Moulard [@tommoulard](https://github.com/tommoulard)
* Landry Benguigui [@lbenguigui](https://github.com/lbenguigui)
* Simon Delicata [@sdelicata](https://github.com/sdelicata)
* Baptiste Mayelle [@youkoulayley](https://github.com/youkoulayley)
## Past Maintainers

3
docs/content/deprecation/releases.md
View file

@ -6,7 +6,8 @@ Below is a non-exhaustive list of versions and their maintenance status:
| Version | Release Date | Active Support | Security Support |
|---------|--------------|--------------------|------------------|
| 2.10 | Apr 24, 2023 | Yes | Yes |
| 2.11 | Feb 12, 2024 | Yes | Yes |
| 2.10 | Apr 24, 2023 | Ended Feb 12, 2024 | No |
| 2.9 | Oct 03, 2022 | Ended Apr 24, 2023 | No |
| 2.8 | Jun 29, 2022 | Ended Oct 03, 2022 | No |
| 2.7 | May 24, 2022 | Ended Jun 29, 2022 | No |

11
docs/content/https/acme.md
View file

@ -294,6 +294,12 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
LEGO_DISABLE_CNAME_SUPPORT=true
```
!!! warning "Multiple DNS Challenge provider"
Multiple DNS challenge provider are not supported with Traefik, but you can use `CNAME` to handle that.
For example, if you have `example.org` (account foo) and `example.com` (account bar) you can create a CNAME on `example.org` called `_acme-challenge.example.org` pointing to `challenge.example.com`.
This way, you can obtain certificates for `example.com` with the `foo` account.
!!! important
A `provider` is mandatory.
@ -331,6 +337,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns) |
| [ConoHa](https://www.conoha.jp) | `conoha` | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/conoha) |
| [Constellix](https://constellix.com) | `constellix` | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/constellix) |
| [CPanel and WHM](https://cpanel.net/) | `cpanel` | `CPANEL_MODE`, `CPANEL_USERNAME`, `CPANEL_TOKEN`, `CPANEL_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/cpanel) |
| [Derak Cloud](https://derak.cloud/) | `derak` | `DERAK_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/derak) |
| [deSEC](https://desec.io) | `desec` | `DESEC_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/desec) |
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) |
@ -352,7 +359,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
| [Freemyip.com](https://freemyip.com) | `freemyip` | `FREEMYIP_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip) |
| [G-Core](https://gcore.com/dns/) | `gcore` | `GCORE_PERMANENT_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/gcore) |
| [Gandi v5](https://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
| [Gandi v5](https://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_PERSONAL_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandi) |
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | [Additional configuration](https://go-acme.github.io/lego/dns/glesys) |
| [GoDaddy](https://www.godaddy.com) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy) |
@ -381,6 +388,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [Liquid Web](https://www.liquidweb.com/) | `liquidweb` | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb) |
| [Loopia](https://loopia.com/) | `loopia` | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER` | [Additional configuration](https://go-acme.github.io/lego/dns/loopia) |
| [LuaDNS](https://luadns.com) | `luadns` | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/luadns) |
| [Mail-in-a-Box](https://mailinabox.email) | `mailinabox` | `MAILINABOX_EMAIL`, `MAILINABOX_PASSWORD`, `MAILINABOX_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/mailinabox) |
| [Metaname](https://metaname.net) | `metaname` | `METANAME_ACCOUNT_REFERENCE`, `METANAME_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/metaname) |
| [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp) |
| [Mythic Beasts](https://www.mythic-beasts.com) | `mythicbeasts` | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts) |
@ -412,6 +420,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [Scaleway](https://www.scaleway.com) | `scaleway` | `SCALEWAY_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway) |
| [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) |
| [Servercow](https://servercow.de) | `servercow` | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/servercow) |
| [Shellrent](https://www.shellrent.com) | `shellrent` | `SHELLRENT_USERNAME`, `SHELLRENT_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/shellrent) |
| [Simply.com](https://www.simply.com/en/domains/) | `simply` | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/simply) |
| [Sonic](https://www.sonic.com/) | `sonic` | `SONIC_USER_ID`, `SONIC_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/sonic) |
| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath) |

30
docs/content/migration/v2-to-v3.md
View file

@ -92,6 +92,34 @@ Docker provider `tls.CAOptional` option has been removed in v3, as TLS client au
The `tls.caOptional` option should be removed from the Docker provider static configuration.
### Kubernetes Gateway API
#### Experimental Channel Resources (TLSRoute and TCPRoute)
In v3, the Kubernetes Gateway API provider does not enable support for the experimental channel API resources by default.
##### Remediation
The `experimentalChannel` option should be used to enable the support for the experimental channel API resources.
??? example "An example usage of the Kubernetes Gateway API provider with experimental channel support enabled"
```yaml tab="File (YAML)"
providers:
kubernetesGateway:
experimentalChannel: true
```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
experimentalChannel = true
# ...
```
```bash tab="CLI"
--providers.kubernetesgateway.experimentalchannel=true
```
### Experimental Configuration
#### HTTP3
@ -334,7 +362,7 @@ The `endpoint.tls.caOptional` option should be removed from the Nomad provider s
### Rancher v1 Provider
In v3, the Rancher v1 provider has been removed because Rancher v1 is [no longer actively maintaned](https://rancher.com/docs/os/v1.x/en/support/),
In v3, the Rancher v1 provider has been removed because Rancher v1 is [no longer actively maintained](https://rancher.com/docs/os/v1.x/en/support/),
and Rancher v2 is supported as a standard Kubernetes provider.
??? example "An example of Traefik v2 Rancher v1 configuration"

17
docs/content/migration/v2.md
View file

@ -563,3 +563,20 @@ To enable these ciphers, please set the option `CipherSuites` in your [TLS confi
> (https://go.dev/doc/go1.22#crypto/tls)
To enable TLS 1.0, please set the option `MinVersion` to `VersionTLS10` in your [TLS configuration](https://doc.traefik.io/traefik/https/tls/#cipher-suites) or set the environment variable `GODEBUG=tls10server=1`.
## v2.11.1
### Maximum Router Priority Value
Before v2.11.1, the maximum user-defined router priority value is:
- `MaxInt32` for 32-bit platforms,
- `MaxInt64` for 64-bit platforms.
Please check out the [go documentation](https://pkg.go.dev/math#pkg-constants) for more information.
In v2.11.1, Traefik reserves a range of priorities for its internal routers and now,
the maximum user-defined router priority value is:
- `(MaxInt32 - 1000)` for 32-bit platforms,
- `(MaxInt64 - 1000)` for 64-bit platforms.

59
docs/content/observability/metrics/overview.md
View file

@ -12,7 +12,8 @@ Traefik supports these metrics backends:
- [Prometheus](./prometheus.md)
- [StatsD](./statsd.md)
Traefik Proxy hosts an official Grafana dashboard for both [on-premises](https://grafana.com/grafana/dashboards/17346) and [Kubernetes](https://grafana.com/grafana/dashboards/17347) deployments.
Traefik Proxy hosts an official Grafana dashboard for both [on-premises](https://grafana.com/grafana/dashboards/17346)
and [Kubernetes](https://grafana.com/grafana/dashboards/17347) deployments.
## Common Options
@ -29,7 +30,7 @@ metrics:
```toml tab="File (TOML)"
[metrics]
addInternals = true
addInternals = true
```
```bash tab="CLI"
@ -85,10 +86,10 @@ traefik_tls_certs_not_after
Here is a comprehensive list of labels that are provided by the global metrics:
| Label | Description | example |
|---------------|----------------------------------------|----------------------|
| `entrypoint` | Entrypoint that handled the connection | "example_entrypoint" |
| `protocol` | Connection protocol | "TCP" |
| Label | Description | example |
|--------------|----------------------------------------|----------------------|
| `entrypoint` | Entrypoint that handled the connection | "example_entrypoint" |
| `protocol` | Connection protocol | "TCP" |
## HTTP Metrics
@ -281,3 +282,49 @@ Here is a comprehensive list of labels that are provided by the metrics:
If the HTTP method verb on a request is not one defined in the set of common methods for [`HTTP/1.1`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods)
or the [`PRI`](https://datatracker.ietf.org/doc/html/rfc7540#section-11.6) verb (for `HTTP/2`),
then the value for the method label becomes `EXTENSION_METHOD`.
## Semantic Conventions for HTTP Metrics
Traefik Proxy follows [official OTLP semantic conventions v1.23.1](https://github.com/open-telemetry/semantic-conventions/blob/v1.23.1/docs/http/http-metrics.md).
### HTTP Server
| Metric | Type | [Labels](#labels) | Description |
|-------------------------------|-----------|------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------|
| http.server.request.duration | Histogram | `error.type`, `http.request.method`, `http.response.status_code`, `network.protocol.name`, `server.address`, `server.port`, `url.scheme` | Duration of HTTP server requests |
#### Labels
Here is a comprehensive list of labels that are provided by the metrics:
| Label | Description | example |
|-----------------------------|--------------------------------------------------------------|---------------|
| `error.type` | Describes a class of error the operation ended with | "500" |
| `http.request.method` | HTTP request method | "GET" |
| `http.response.status_code` | HTTP response status code | "200" |
| `network.protocol.name` | OSI application layer or non-OSI equivalent | "http/1.1" |
| `network.protocol.version` | Version of the protocol specified in `network.protocol.name` | "1.1" |
| `server.address` | Name of the local HTTP server that received the request | "example.com" |
| `server.port` | Port of the local HTTP server that received the request | "80" |
| `url.scheme` | The URI scheme component identifying the used protocol | "http" |
### HTTP Client
| Metric | Type | [Labels](#labels) | Description |
|-------------------------------|-----------|------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------|
| http.client.request.duration | Histogram | `error.type`, `http.request.method`, `http.response.status_code`, `network.protocol.name`, `server.address`, `server.port`, `url.scheme` | Duration of HTTP client requests |
#### Labels
Here is a comprehensive list of labels that are provided by the metrics:
| Label | Description | example |
|-----------------------------|--------------------------------------------------------------|---------------|
| `error.type` | Describes a class of error the operation ended with | "500" |
| `http.request.method` | HTTP request method | "GET" |
| `http.response.status_code` | HTTP response status code | "200" |
| `network.protocol.name` | OSI application layer or non-OSI equivalent | "http/1.1" |
| `network.protocol.version` | Version of the protocol specified in `network.protocol.name` | "1.1" |
| `server.address` | Name of the local HTTP server that received the request | "example.com" |
| `server.port` | Port of the local HTTP server that received the request | "80" |
| `url.scheme` | The URI scheme component identifying the used protocol | "http" |

2
docs/content/observability/metrics/prometheus.md
View file

@ -235,4 +235,4 @@ traefik_entrypoint_requests_total{code="200",entrypoint="web",method="GET",proto
// For incoming requests, the Host header is promoted to the
// Request.Host field and removed from the Header map.
As a workaround, to obtain the Host of a request as a label, one should use instead the `X-Forwarded-For` header.
As a workaround, to obtain the Host of a request as a label, one should use instead the `X-Forwarded-Host` header.

2
docs/content/observability/metrics/statsd.md
View file

@ -69,7 +69,7 @@ metrics:
_Optional, Default=false_
Enable metrics on entry points.
Enable metrics on routers.
```yaml tab="File (YAML)"
metrics:

44
docs/content/observability/tracing/overview.md
View file

@ -116,3 +116,47 @@ tracing:
--tracing.globalAttributes.attr1=foo
--tracing.globalAttributes.attr2=bar
```
#### `capturedRequestHeaders`
_Optional, Default=empty_
Defines the list of request headers to add as attributes.
It applies to client and server kind spans.
```yaml tab="File (YAML)"
tracing:
capturedRequestHeaders:
- X-CustomHeader
```
```toml tab="File (TOML)"
[tracing]
capturedRequestHeaders = ["X-CustomHeader"]
```
```bash tab="CLI"
--tracing.capturedRequestHeaders[0]=X-CustomHeader
```
#### `capturedResponseHeaders`
_Optional, Default=empty_
Defines the list of response headers to add as attributes.
It applies to client and server kind spans.
```yaml tab="File (YAML)"
tracing:
capturedResponseHeaders:
- X-CustomHeader
```
```toml tab="File (TOML)"
[tracing]
capturedResponseHeaders = ["X-CustomHeader"]
```
```bash tab="CLI"
--tracing.capturedResponseHeaders[0]=X-CustomHeader
```

26
docs/content/providers/consul-catalog.md
View file

@ -714,6 +714,32 @@ providers:
# ...
```
### `strictChecks`
_Optional, Default="passing,warning"_
Define which [Consul Service health checks](https://developer.hashicorp.com/consul/docs/services/usage/checks#define-initial-health-check-status) are allowed to take on traffic.
```yaml tab="File (YAML)"
providers:
consulCatalog:
strictChecks:
- "passing"
- "warning"
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
strictChecks = ["passing", "warning"]
# ...
```
```bash tab="CLI"
--providers.consulcatalog.strictChecks=passing,warning
# ...
```
### `watch`
_Optional, Default=false_

4
docs/content/providers/docker.md
View file

@ -192,9 +192,9 @@ See the [Docker API Access](#docker-api-access) section for more information.
??? example "Using SSH"
Using Docker 18.09+ you can connect Traefik to daemon using SSH
Using Docker 18.09+ you can connect Traefik to daemon using SSH.
We specify the SSH host and user in Traefik's configuration file.
Note that is server requires public keys for authentication you must have those accessible for user who runs Traefik.
Note that if the server requires public keys for authentication, you must have them accessible for the user running Traefik.
```yaml tab="File (YAML)"
providers:

25
docs/content/providers/kubernetes-gateway.md
View file

@ -14,7 +14,7 @@ The Gateway API project is part of Kubernetes, working under SIG-NETWORK.
The Kubernetes Gateway provider is a Traefik implementation of the [Gateway API](https://gateway-api.sigs.k8s.io/)
specifications from the Kubernetes Special Interest Groups (SIGs).
This provider is proposed as an experimental feature and partially supports the Gateway API [v0.4.0](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v0.4.0) specification.
This provider is proposed as an experimental feature and partially supports Gateway API [v1.0.0](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.0.0) specification.
!!! warning "Enabling The Experimental Kubernetes Gateway Provider"
@ -212,6 +212,29 @@ providers:
--providers.kubernetesgateway.namespaces=default,production
```
### `experimentalChannel`
_Optional, Default: false_
Toggles support for the Experimental Channel resources ([Gateway API release channels documentation](https://gateway-api.sigs.k8s.io/concepts/versioning/#release-channels)).
This option currently enables support for `TCPRoute` and `TLSRoute`.
```yaml tab="File (YAML)"
providers:
kubernetesGateway:
experimentalChannel: true
```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
experimentalChannel = true
# ...
```
```bash tab="CLI"
--providers.kubernetesgateway.experimentalchannel=true
```
### `labelselector`
_Optional, Default: ""_

6
docs/content/reference/dynamic-configuration/docker-labels.yml
View file

@ -225,6 +225,12 @@
- "traefik.tcp.services.tcpservice01.loadbalancer.terminationdelay=42"
- "traefik.tcp.services.tcpservice01.loadbalancer.server.port=foobar"
- "traefik.tcp.services.tcpservice01.loadbalancer.server.tls=true"
- "traefik.tls.stores.store0.defaultgeneratedcert.domain.main=foobar"
- "traefik.tls.stores.store0.defaultgeneratedcert.domain.sans=foobar, foobar"
- "traefik.tls.stores.store0.defaultgeneratedcert.resolver=foobar"
- "traefik.tls.stores.store1.defaultgeneratedcert.domain.main=foobar"
- "traefik.tls.stores.store1.defaultgeneratedcert.domain.sans=foobar, foobar"
- "traefik.tls.stores.store1.defaultgeneratedcert.resolver=foobar"
- "traefik.udp.routers.udprouter0.entrypoints=foobar, foobar"
- "traefik.udp.routers.udprouter0.service=foobar"
- "traefik.udp.routers.udprouter1.entrypoints=foobar, foobar"

16
docs/content/reference/static-configuration/cli-ref.md
View file

@ -139,7 +139,7 @@ Default middlewares for the routers linked to the entry point.
Applies a permanent redirection. (Default: ```true```)
`--entrypoints.<name>.http.redirections.entrypoint.priority`:
Priority of the generated router. (Default: ```2147483646```)
Priority of the generated router. (Default: ```9223372036854775806```)
`--entrypoints.<name>.http.redirections.entrypoint.scheme`:
Scheme used for the redirection. (Default: ```https```)
@ -337,7 +337,7 @@ Enable metrics on routers. (Default: ```false```)
Enable metrics on services. (Default: ```true```)
`--metrics.otlp.explicitboundaries`:
Boundaries for latency metrics. (Default: ```0.005000, 0.010000, 0.025000, 0.050000, 0.100000, 0.250000, 0.500000, 1.000000, 2.500000, 5.000000, 10.000000```)
Boundaries for latency metrics. (Default: ```0.005000, 0.010000, 0.025000, 0.050000, 0.075000, 0.100000, 0.250000, 0.500000, 0.750000, 1.000000, 2.500000, 5.000000, 7.500000, 10.000000```)
`--metrics.otlp.grpc.endpoint`:
Sets the gRPC endpoint (host:port) of the collector. (Default: ```localhost:4317```)
@ -537,6 +537,9 @@ Name of the Traefik service in Consul Catalog (needs to be registered via the or
`--providers.consulcatalog.stale`:
Use stale consistency for catalog reads. (Default: ```false```)
`--providers.consulcatalog.strictchecks`:
A list of service health statuses to allow taking traffic. (Default: ```passing, warning```)
`--providers.consulcatalog.watch`:
Watch Consul API events. (Default: ```false```)
@ -726,6 +729,9 @@ Kubernetes certificate authority file path (not needed for in-cluster client).
`--providers.kubernetesgateway.endpoint`:
Kubernetes server endpoint (required for external cluster client).
`--providers.kubernetesgateway.experimentalchannel`:
Toggles Experimental Channel resources support (TCPRoute, TLSRoute...). (Default: ```false```)
`--providers.kubernetesgateway.labelselector`:
Kubernetes label selector to select specific GatewayClasses.
@ -1014,6 +1020,12 @@ OpenTracing configuration. (Default: ```false```)
`--tracing.addinternals`:
Enables tracing for internal services (ping, dashboard, etc...). (Default: ```false```)
`--tracing.capturedrequestheaders`:
Request headers to add as attributes for server and client spans.
`--tracing.capturedresponseheaders`:
Response headers to add as attributes for server and client spans.
`--tracing.globalattributes.<name>`:
Defines additional attributes (key:value) on all spans.

16
docs/content/reference/static-configuration/env-ref.md
View file

@ -148,7 +148,7 @@ Default middlewares for the routers linked to the entry point.
Applies a permanent redirection. (Default: ```true```)
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_REDIRECTIONS_ENTRYPOINT_PRIORITY`:
Priority of the generated router. (Default: ```2147483646```)
Priority of the generated router. (Default: ```9223372036854775806```)
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME`:
Scheme used for the redirection. (Default: ```https```)
@ -337,7 +337,7 @@ Enable metrics on routers. (Default: ```false```)
Enable metrics on services. (Default: ```true```)
`TRAEFIK_METRICS_OTLP_EXPLICITBOUNDARIES`:
Boundaries for latency metrics. (Default: ```0.005000, 0.010000, 0.025000, 0.050000, 0.100000, 0.250000, 0.500000, 1.000000, 2.500000, 5.000000, 10.000000```)
Boundaries for latency metrics. (Default: ```0.005000, 0.010000, 0.025000, 0.050000, 0.075000, 0.100000, 0.250000, 0.500000, 0.750000, 1.000000, 2.500000, 5.000000, 7.500000, 10.000000```)
`TRAEFIK_METRICS_OTLP_GRPC_ENDPOINT`:
Sets the gRPC endpoint (host:port) of the collector. (Default: ```localhost:4317```)
@ -513,6 +513,9 @@ Name of the Traefik service in Consul Catalog (needs to be registered via the or
`TRAEFIK_PROVIDERS_CONSULCATALOG_STALE`:
Use stale consistency for catalog reads. (Default: ```false```)
`TRAEFIK_PROVIDERS_CONSULCATALOG_STRICTCHECKS`:
A list of service health statuses to allow taking traffic. (Default: ```passing, warning```)
`TRAEFIK_PROVIDERS_CONSULCATALOG_WATCH`:
Watch Consul API events. (Default: ```false```)
@ -726,6 +729,9 @@ Kubernetes certificate authority file path (not needed for in-cluster client).
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_ENDPOINT`:
Kubernetes server endpoint (required for external cluster client).
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_EXPERIMENTALCHANNEL`:
Toggles Experimental Channel resources support (TCPRoute, TLSRoute...). (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_LABELSELECTOR`:
Kubernetes label selector to select specific GatewayClasses.
@ -1014,6 +1020,12 @@ OpenTracing configuration. (Default: ```false```)
`TRAEFIK_TRACING_ADDINTERNALS`:
Enables tracing for internal services (ping, dashboard, etc...). (Default: ```false```)
`TRAEFIK_TRACING_CAPTUREDREQUESTHEADERS`:
Request headers to add as attributes for server and client spans.
`TRAEFIK_TRACING_CAPTUREDRESPONSEHEADERS`:
Response headers to add as attributes for server and client spans.
`TRAEFIK_TRACING_GLOBALATTRIBUTES_<NAME>`:
Defines additional attributes (key:value) on all spans.

4
docs/content/reference/static-configuration/file.toml
View file

@ -146,6 +146,7 @@
namespaces = ["foobar", "foobar"]
labelSelector = "foobar"
throttleDuration = "42s"
experimentalChannel = true
[providers.rest]
insecure = true
[providers.consulCatalog]
@ -161,6 +162,7 @@
connectByDefault = true
serviceName = "foobar"
watch = true
strictChecks = ["foobar", "foobar"]
namespaces = ["foobar", "foobar"]
[providers.consulCatalog.endpoint]
address = "foobar"
@ -379,6 +381,8 @@
[tracing]
serviceName = "foobar"
capturedRequestHeaders = ["foobar", "foobar"]
capturedResponseHeaders = ["foobar", "foobar"]
sampleRate = 42.0
addInternals = true
[tracing.globalAttributes]

10
docs/content/reference/static-configuration/file.yaml
View file

@ -163,6 +163,7 @@ providers:
- foobar
labelSelector: foobar
throttleDuration: 42s
experimentalChannel: true
rest:
insecure: true
consulCatalog:
@ -192,6 +193,9 @@ providers:
connectByDefault: true
serviceName: foobar
watch: true
strictChecks:
- foobar
- foobar
namespaces:
- foobar
- foobar
@ -415,6 +419,12 @@ tracing:
globalAttributes:
name0: foobar
name1: foobar
capturedRequestHeaders:
- foobar
- foobar
capturedResponseHeaders:
- foobar
- foobar
sampleRate: 42
addInternals: true
otlp:

86
docs/content/routing/entrypoints.md
View file

@ -702,29 +702,29 @@ _Optional, Default=0_
The maximum number of requests Traefik can handle before sending a `Connection: Close` header to the client (for HTTP2, Traefik sends a GOAWAY). Zero means no limit.
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
name:
address: ":8888"
transport:
keepAliveMaxRequests: 42
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
name:
address: ":8888"
transport:
keepAliveMaxRequests: 42
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
keepAliveMaxRequests = 42
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
keepAliveMaxRequests = 42
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.keepAliveMaxRequests=42
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.keepAliveMaxRequests=42
```
#### `keepAliveMaxTime`
@ -732,29 +732,29 @@ _Optional, Default=0s_
The maximum duration Traefik can handle requests before sending a `Connection: Close` header to the client (for HTTP2, Traefik sends a GOAWAY). Zero means no limit.
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
name:
address: ":8888"
transport:
keepAliveMaxTime: 42s
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
name:
address: ":8888"
transport:
keepAliveMaxTime: 42s
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
keepAliveMaxTime = 42s
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
keepAliveMaxTime = 42s
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.keepAliveMaxTime=42s
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.keepAliveMaxTime=42s
```
### ProxyProtocol
@ -972,7 +972,7 @@ This section is a convenience to enable (permanent) redirecting of all incoming
??? info "`entryPoint.priority`"
_Optional, Default=MaxInt32-1 (2147483646)_
_Optional, Default=MaxInt-1_
Priority of the generated router.

2
docs/content/routing/providers/kubernetes-crd.md
View file

@ -374,7 +374,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
| [4] | `routes[n].priority` | Defines the [priority](../routers/index.md#priority) to disambiguate rules of the same length, for route matching |
| [5] | `routes[n].middlewares` | List of reference to [Middleware](#kind-middleware) |
| [6] | `middlewares[n].name` | Defines the [Middleware](#kind-middleware) name |
| [7] | `middlewares[n].namespace` | Defines the [Middleware](#kind-middleware) namespace |
| [7] | `middlewares[n].namespace` | Defines the [Middleware](#kind-middleware) namespace. It can be omitted when the Middleware is in the IngressRoute namespace. |
| [8] | `routes[n].services` | List of any combination of [TraefikService](#kind-traefikservice) and reference to a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) (See below for `ExternalName Service` setup) |
| [9] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
| [10] | `services[n].serversTransport` | Defines the reference to a [ServersTransport](#kind-serverstransport). The ServersTransport namespace is assumed to be the [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace (see [ServersTransport reference](#serverstransport-reference)). |

65
docs/content/routing/providers/kubernetes-gateway.md
View file

@ -5,7 +5,8 @@ description: "The Kubernetes Gateway API can be used as a provider for routing a
# Traefik & Kubernetes
The Kubernetes Gateway API, The Experimental Way. {: .subtitle }
The Kubernetes Gateway API, The Experimental Way.
{: .subtitle }
## Configuration Examples
@ -240,29 +241,49 @@ Kubernetes cluster before creating `HTTPRoute` objects.
- name: api@internal
group: traefik.io # [18]
kind: TraefikService # [19]
- filters: # [20]
- type: ExtensionRef # [21]
extensionRef: # [22]
group: traefik.io # [23]
kind: Middleware # [24]
name: my-middleware # [25]
- type: RequestRedirect # [26]
requestRedirect: # [27]
scheme: https # [28]
statusCode: 301 # [29]
```
| Ref | Attribute | Description |
|------|---------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `parentRefs` | References the resources (usually Gateways) that a Route wants to be attached to. |
| [2] | `name` | Name of the referent. |
| [3] | `namespace` | Namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. |
| [4] | `sectionName` | Name of a section within the target resource (the Listener name). |
| [5] | `hostnames` | A set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request. |
| [6] | `rules` | A list of HTTP matchers, filters and actions. |
| [7] | `matches` | Conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. |
| [8] | `path` | An HTTP request path matcher. If this field is not specified, a default prefix match on the "/" path is provided. |
| [9] | `type` | Type of match against the path Value (supported types: `Exact`, `Prefix`). |
| [10] | `value` | The value of the HTTP path to match against. |
| [11] | `headers` | Conditions to select a HTTP route by matching HTTP request headers. |
| [12] | `type` | Type of match for the HTTP request header match against the `values` (supported types: `Exact`). |
| [13] | `value` | A map of HTTP Headers to be matched. It MUST contain at least one entry. |
| [14] | `backendRefs` | Defines the backend(s) where matching requests should be sent. |
| [15] | `name` | The name of the referent service. |
| [16] | `weight` | The proportion of traffic forwarded to a targetRef, computed as weight/(sum of all weights in targetRefs). |
| [17] | `port` | The port of the referent service. |
| [18] | `group` | Group is the group of the referent. Only `traefik.io` and `gateway.networking.k8s.io` values are supported. |
| [19] | `kind` | Kind is kind of the referent. Only `TraefikService` and `Service` values are supported. |
| Ref | Attribute | Description |
|------|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `parentRefs` | References the resources (usually Gateways) that a Route wants to be attached to. |
| [2] | `name` | Name of the referent. |
| [3] | `namespace` | Namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. |
| [4] | `sectionName` | Name of a section within the target resource (the Listener name). |
| [5] | `hostnames` | A set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request. |
| [6] | `rules` | A list of HTTP matchers, filters and actions. |
| [7] | `matches` | Conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. |
| [8] | `path` | An HTTP request path matcher. If this field is not specified, a default prefix match on the "/" path is provided. |
| [9] | `type` | Type of match against the path Value (supported types: `Exact`, `Prefix`). |
| [10] | `value` | The value of the HTTP path to match against. |
| [11] | `headers` | Conditions to select a HTTP route by matching HTTP request headers. |
| [12] | `name` | Name of the HTTP header to be matched. |
| [13] | `value` | Value of HTTP Header to be matched. |
| [14] | `backendRefs` | Defines the backend(s) where matching requests should be sent. |
| [15] | `name` | The name of the referent service. |
| [16] | `weight` | The proportion of traffic forwarded to a targetRef, computed as weight/(sum of all weights in targetRefs). |
| [17] | `port` | The port of the referent service. |
| [18] | `group` | Group is the group of the referent. Only `traefik.io` and `gateway.networking.k8s.io` values are supported. |
| [19] | `kind` | Kind is kind of the referent. Only `TraefikService` and `Service` values are supported. |
| [20] | `filters` | Defines the filters (middlewares) applied to the route. |
| [21] | `type` | Defines the type of filter; ExtensionRef is used for configuring custom HTTP filters. |
| [22] | `extensionRef` | Configuration of the custom HTTP filter. |
| [23] | `group` | Group of the kubernetes object to reference. |
| [24] | `kind` | Kind of the kubernetes object to reference. |
| [25] | `name` | Name of the kubernetes object to reference. |
| [26] | `type` | Defines the type of filter; RequestRedirect redirects a request to another location. |
| [27] | `requestRedirect` | Configuration of redirect filter. |
| [28] | `scheme` | Scheme is the scheme to be used in the value of the Location header in the response. |
| [29] | `statusCode` | StatusCode is the HTTP status code to be used in response. |
### Kind: `TCPRoute`

16
docs/content/routing/routers/index.md
View file

@ -442,6 +442,14 @@ The priority is directly equal to the length of the rule, and so the longest len
A value of `0` for the priority is ignored: `priority = 0` means that the default rules length sorting is used.
??? warning "Maximum Value"
Traefik reserves a range of priorities for its internal routers,
the maximum user-defined router priority value is:
- `(MaxInt32 - 1000)` for 32-bit platforms,
- `(MaxInt64 - 1000)` for 64-bit platforms.
??? info "How default priorities are computed"
```yaml tab="File (YAML)"
@ -1148,6 +1156,14 @@ The priority is directly equal to the length of the rule, and so the longest len
A value of `0` for the priority is ignored: `priority = 0` means that the default rules length sorting is used.
??? warning "Maximum Value"
Traefik reserves a range of priorities for its internal routers,
the maximum user-defined router priority value is:
- `(MaxInt32 - 1000)` for 32-bit platforms,
- `(MaxInt64 - 1000)` for 64-bit platforms.
??? info "How default priorities are computed"
```yaml tab="File (YAML)"

2
docs/content/routing/services/index.md
View file

@ -784,7 +784,7 @@ spec:
#### `peerCertURI`
_Optional, Default=false_
_Optional, Default=""_
`peerCertURI` defines the URI used to match against SAN URIs during the server's certificate verification.