homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch v2.10 into v3.0

Browse source
This commit is contained in:
Fernandez Ludovic 2023-03-21 12:00:46 +01:00
commit 7875826bd9
387 changed files with 19080 additions and 976 deletions
Download patch file Download diff file Expand all files Collapse all files

306
docs/content/routing/providers/kubernetes-crd.md
View file

@ -107,7 +107,7 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
```
```yaml tab="IngressRoute"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: myingressroute
@ -125,7 +125,7 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
port: 80
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: ingressroute.tcp
@ -141,7 +141,7 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
port: 8080
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRouteUDP
metadata:
name: ingressroute.udp
@ -317,7 +317,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
!!! info "IngressRoute Attributes"
```yaml
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: foo
@ -350,15 +350,16 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
sameSite: none
strategy: RoundRobin
weight: 10
tls: # [11]
secretName: supersecret # [12]
options: # [13]
name: opt # [14]
namespace: default # [15]
certResolver: foo # [16]
domains: # [17]
- main: example.net # [18]
sans: # [19]
nativeLB: true # [11]
tls: # [12]
secretName: supersecret # [13]
options: # [14]
name: opt # [15]
namespace: default # [16]
certResolver: foo # [17]
domains: # [18]
- main: example.net # [19]
sans: # [20]
- a.example.net
- b.example.net
```
@ -375,21 +376,22 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
| [8] | `routes[n].services` | List of any combination of [TraefikService](#kind-traefikservice) and reference to a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) (See below for `ExternalName Service` setup) |
| [9] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
| [10] | `services[n].serversTransport` | Defines the reference to a [ServersTransport](#kind-serverstransport). The ServersTransport namespace is assumed to be the [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace (see [ServersTransport reference](#serverstransport-reference)). |
| [11] | `tls` | Defines [TLS](../routers/index.md#tls) certificate configuration |
| [12] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
| [13] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
| [14] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name |
| [15] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
| [16] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver) |
| [17] | `tls.domains` | List of [domains](../routers/index.md#domains) |
| [18] | `domains[n].main` | Defines the main domain name |
| [19] | `domains[n].sans` | List of SANs (alternative domains) |
| [11] | `services[n].nativeLB` | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. |
| [12] | `tls` | Defines [TLS](../routers/index.md#tls) certificate configuration |
| [13] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
| [14] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
| [15] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name |
| [16] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
| [17] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver) |
| [18] | `tls.domains` | List of [domains](../routers/index.md#domains) |
| [19] | `domains[n].main` | Defines the main domain name |
| [20] | `domains[n].sans` | List of SANs (alternative domains) |
??? example "Declaring an IngressRoute"
```yaml tab="IngressRoute"
# All resources definition must be declared
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: test-name
@ -436,7 +438,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
```yaml tab="Middlewares"
# All resources definition must be declared
# Prefixing with /foo
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: middleware1
@ -447,7 +449,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
```
```yaml tab="TLSOption"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: TLSOption
metadata:
name: opt
@ -493,7 +495,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
```yaml tab="IngressRoute"
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: test.route
@ -523,7 +525,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
```yaml tab="ExternalName Service"
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: test.route
@ -554,7 +556,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
```yaml tab="Both sides"
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: test.route
@ -591,7 +593,7 @@ More information in the dedicated server [load balancing](../services/index.md#l
!!! info "Declaring and using Kubernetes Service Load Balancing"
```yaml tab="IngressRoute"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
@ -640,6 +642,47 @@ More information in the dedicated server [load balancing](../services/index.md#l
task: app2
```
!!! important "Kubernetes Service Native Load-Balancing"
To avoid creating the server load-balancer with the pods IPs and use Kubernetes Service clusterIP directly,
one should set the service `NativeLB` option to true.
Please note that, by default, Traefik reuses the established connections to the backends for performance purposes. This can prevent the requests load balancing between the replicas from behaving as one would expect when the option is set.
By default, `NativeLB` is false.
??? example "Example"
```yaml
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: test.route
namespace: default
spec:
entryPoints:
- foo
routes:
- match: Host(`example.net`)
kind: Rule
services:
- name: svc
port: 80
# Here, nativeLB instructs to build the servers load balancer with the Kubernetes Service clusterIP only.
nativeLB: true
---
apiVersion: v1
kind: Service
metadata:
name: svc
namespace: default
spec:
type: ClusterIP
...
```
### Kind: `Middleware`
`Middleware` is the CRD implementation of a [Traefik middleware](../../middlewares/http/overview.md).
@ -649,7 +692,7 @@ Register the `Middleware` [kind](../../reference/dynamic-configuration/kubernete
??? "Declaring and Referencing a Middleware"
```yaml tab="Middleware"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: stripprefix
@ -662,7 +705,7 @@ Register the `Middleware` [kind](../../reference/dynamic-configuration/kubernete
```
```yaml tab="IngressRoute"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
@ -720,7 +763,7 @@ More information in the dedicated [Weighted Round Robin](../services/index.md#we
??? "Declaring and Using Weighted Round Robin"
```yaml tab="IngressRoute"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
@ -739,7 +782,7 @@ More information in the dedicated [Weighted Round Robin](../services/index.md#we
```
```yaml tab="Weighted Round Robin"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: TraefikService
metadata:
name: wrr1
@ -759,7 +802,7 @@ More information in the dedicated [Weighted Round Robin](../services/index.md#we
weight: 1
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: TraefikService
metadata:
name: wrr2
@ -827,7 +870,7 @@ More information in the dedicated [mirroring](../services/index.md#mirroring-ser
??? "Declaring and Using Mirroring"
```yaml tab="IngressRoute"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
@ -847,7 +890,7 @@ More information in the dedicated [mirroring](../services/index.md#mirroring-ser
```yaml tab="Mirroring k8s Service"
# Mirroring from a k8s Service
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: TraefikService
metadata:
name: mirror1
@ -868,7 +911,7 @@ More information in the dedicated [mirroring](../services/index.md#mirroring-ser
```yaml tab="Mirroring Traefik Service"
# Mirroring from a Traefik Service
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: TraefikService
metadata:
name: mirror1
@ -937,7 +980,7 @@ and there is a second level because each whoami service is a `replicaset` and is
??? "Stickiness on two load-balancing levels"
```yaml tab="IngressRoute"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
@ -956,7 +999,7 @@ and there is a second level because each whoami service is a `replicaset` and is
```
```yaml tab="Weighted Round Robin"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: TraefikService
metadata:
name: wrr1
@ -1083,7 +1126,7 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
!!! info "IngressRouteTCP Attributes"
```yaml
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: ingressroutetcpfoo
@ -1104,18 +1147,19 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
proxyProtocol: # [11]
version: 1 # [12]
serversTransport: transport # [13]
tls: # [14]
secretName: supersecret # [15]
options: # [16]
name: opt # [17]
namespace: default # [18]
certResolver: foo # [19]
domains: # [20]
- main: example.net # [21]
sans: # [22]
nativeLB: true # [14]
tls: # [15]
secretName: supersecret # [16]
options: # [17]
name: opt # [18]
namespace: default # [19]
certResolver: foo # [20]
domains: # [21]
- main: example.net # [22]
sans: # [23]
- a.example.net
- b.example.net
passthrough: false # [23]
passthrough: false # [24]
```
| Ref | Attribute | Purpose |
@ -1133,21 +1177,22 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
| [11] | `services[n].proxyProtocol` | Defines the [PROXY protocol](../services/index.md#proxy-protocol) configuration |
| [12] | `services[n].proxyProtocol.version` | Defines the [PROXY protocol](../services/index.md#proxy-protocol) version |
| [13] | `services[n].serversTransport` | Defines the reference to a [ServersTransportTCP](#kind-serverstransporttcp). The ServersTransport namespace is assumed to be the [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace (see [ServersTransport reference](#serverstransport-reference)). |
| [14] | `tls` | Defines [TLS](../routers/index.md#tls_1) certificate configuration |
| [15] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
| [16] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
| [17] | `tls.options.name` | Defines the [TLSOption](#kind-tlsoption) name |
| [18] | `tls.options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
| [19] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver_1) |
| [20] | `tls.domains` | List of [domains](../routers/index.md#domains_1) |
| [21] | `tls.domains[n].main` | Defines the main domain name |
| [22] | `tls.domains[n].sans` | List of SANs (alternative domains) |
| [23] | `tls.passthrough` | If `true`, delegates the TLS termination to the backend |
| [14] | `services[n].nativeLB` | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. |
| [15] | `tls` | Defines [TLS](../routers/index.md#tls_1) certificate configuration |
| [16] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
| [17] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
| [18] | `tls.options.name` | Defines the [TLSOption](#kind-tlsoption) name |
| [19] | `tls.options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
| [20] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver_1) |
| [21] | `tls.domains` | List of [domains](../routers/index.md#domains_1) |
| [22] | `tls.domains[n].main` | Defines the main domain name |
| [23] | `tls.domains[n].sans` | List of SANs (alternative domains) |
| [24] | `tls.passthrough` | If `true`, delegates the TLS termination to the backend |
??? example "Declaring an IngressRouteTCP"
```yaml tab="IngressRouteTCP"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: ingressroutetcpfoo
@ -1181,7 +1226,7 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
```
```yaml tab="TLSOption"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: TLSOption
metadata:
name: opt
@ -1216,7 +1261,7 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
```yaml tab="Only on IngressRouteTCP"
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: test.route
@ -1245,7 +1290,7 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
```yaml tab="On both sides"
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: test.route
@ -1274,6 +1319,45 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
- port: 80
```
!!! important "Kubernetes Service Native Load-Balancing"
To avoid creating the server load-balancer with the pods IPs and use Kubernetes Service clusterIP directly,
one should set the TCP service `NativeLB` option to true.
By default, `NativeLB` is false.
??? example "Examples"
```yaml
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: test.route
namespace: default
spec:
entryPoints:
- foo
routes:
- match: HostSNI(`*`)
services:
- name: svc
port: 80
# Here, nativeLB instructs to build the servers load balancer with the Kubernetes Service clusterIP only.
nativeLB: true
---
apiVersion: v1
kind: Service
metadata:
name: svc
namespace: default
spec:
type: ClusterIP
...
```
### Kind: `MiddlewareTCP`
`MiddlewareTCP` is the CRD implementation of a [Traefik TCP middleware](../../middlewares/tcp/overview.md).
@ -1283,7 +1367,7 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern
??? "Declaring and Referencing a MiddlewareTCP "
```yaml tab="Middleware"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: MiddlewareTCP
metadata:
name: ipallowlist
@ -1295,7 +1379,7 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern
```
```yaml tab="IngressRoute"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
@ -1334,7 +1418,7 @@ Register the `IngressRouteUDP` [kind](../../reference/dynamic-configuration/kube
!!! info "IngressRouteUDP Attributes"
```yaml
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRouteUDP
metadata:
name: ingressrouteudpfoo
@ -1347,21 +1431,23 @@ Register the `IngressRouteUDP` [kind](../../reference/dynamic-configuration/kube
- name: foo # [4]
port: 8080 # [5]
weight: 10 # [6]
nativeLB: true # [7]
```
| Ref | Attribute | Purpose |
|------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `entryPoints` | List of [entrypoints](../routers/index.md#entrypoints_1) names |
| [2] | `routes` | List of routes |
| [3] | `routes[n].services` | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions (See below for `ExternalName Service` setup) |
| [4] | `services[n].name` | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) |
| [6] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
| [7] | `services[n].weight` | Defines the weight to apply to the server load balancing |
| Ref | Attribute | Purpose |
|-----|-------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `entryPoints` | List of [entrypoints](../routers/index.md#entrypoints_1) names |
| [2] | `routes` | List of routes |
| [3] | `routes[n].services` | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions (See below for `ExternalName Service` setup) |
| [4] | `services[n].name` | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) |
| [5] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
| [6] | `services[n].weight` | Defines the weight to apply to the server load balancing |
| [7] | `services[n].nativeLB` | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. |
??? example "Declaring an IngressRouteUDP"
```yaml
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRouteUDP
metadata:
name: ingressrouteudpfoo
@ -1393,7 +1479,7 @@ Register the `IngressRouteUDP` [kind](../../reference/dynamic-configuration/kube
```yaml tab="IngressRouteUDP"
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRouteUDP
metadata:
name: test.route
@ -1421,7 +1507,7 @@ Register the `IngressRouteUDP` [kind](../../reference/dynamic-configuration/kube
```yaml tab="ExternalName Service"
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRouteUDP
metadata:
name: test.route
@ -1450,7 +1536,7 @@ Register the `IngressRouteUDP` [kind](../../reference/dynamic-configuration/kube
```yaml tab="Both sides"
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRouteUDP
metadata:
name: test.route
@ -1478,6 +1564,44 @@ Register the `IngressRouteUDP` [kind](../../reference/dynamic-configuration/kube
- port: 80
```
!!! important "Kubernetes Service Native Load-Balancing"
To avoid creating the server load-balancer with the pods IPs and use Kubernetes Service clusterIP directly,
one should set the UDP service `NativeLB` option to true.
By default, `NativeLB` is false.
??? example "Example"
```yaml
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteUDP
metadata:
name: test.route
namespace: default
spec:
entryPoints:
- foo
routes:
- services:
- name: svc
port: 80
# Here, nativeLB instructs to build the servers load balancer with the Kubernetes Service clusterIP only.
nativeLB: true
---
apiVersion: v1
kind: Service
metadata:
name: svc
namespace: default
spec:
type: ClusterIP
...
```
### Kind: `TLSOption`
`TLSOption` is the CRD implementation of a [Traefik "TLS Option"](../../https/tls.md#tls-options).
@ -1488,7 +1612,7 @@ or referencing TLS options in the [`IngressRoute`](#kind-ingressroute) / [`Ingre
!!! info "TLSOption Attributes"
```yaml tab="TLSOption"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: TLSOption
metadata:
name: mytlsoption # [1]
@ -1533,7 +1657,7 @@ or referencing TLS options in the [`IngressRoute`](#kind-ingressroute) / [`Ingre
??? example "Declaring and referencing a TLSOption"
```yaml tab="TLSOption"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: TLSOption
metadata:
name: mytlsoption
@ -1553,7 +1677,7 @@ or referencing TLS options in the [`IngressRoute`](#kind-ingressroute) / [`Ingre
```
```yaml tab="IngressRoute"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
@ -1619,7 +1743,7 @@ Register the `TLSStore` kind in the Kubernetes cluster before creating `TLSStore
!!! info "TLSStore Attributes"
```yaml tab="TLSStore"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: TLSStore
metadata:
name: default
@ -1640,7 +1764,7 @@ Register the `TLSStore` kind in the Kubernetes cluster before creating `TLSStore
??? example "Declaring and referencing a TLSStore"
```yaml tab="TLSStore"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: TLSStore
metadata:
name: default
@ -1651,7 +1775,7 @@ Register the `TLSStore` kind in the Kubernetes cluster before creating `TLSStore
```
```yaml tab="IngressRoute"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
@ -1690,7 +1814,7 @@ Register the `TLSStore` kind in the Kubernetes cluster before creating `TLSStore
!!! info "ServersTransport Attributes"
```yaml tab="ServersTransport"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
@ -1743,7 +1867,7 @@ Register the `TLSStore` kind in the Kubernetes cluster before creating `TLSStore
??? example "Declaring and referencing a ServersTransport"
```yaml tab="ServersTransport"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
@ -1755,7 +1879,7 @@ Register the `TLSStore` kind in the Kubernetes cluster before creating `TLSStore
```
```yaml tab="IngressRoute"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: testroute
@ -1794,7 +1918,7 @@ The `default@internal` serversTransportTCP is created from the [static configura
!!! info "ServersTransportTCP Attributes"
```yaml tab="ServersTransportTCP"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransportTCP
metadata:
name: mytransport
@ -1843,7 +1967,7 @@ The `default@internal` serversTransportTCP is created from the [static configura
??? example "Declaring and referencing a ServersTransportTCP"
```yaml tab="ServersTransportTCP"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransportTCP
metadata:
name: mytransport
@ -1856,7 +1980,7 @@ The `default@internal` serversTransportTCP is created from the [static configura
```
```yaml tab="IngressRouteTCP"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: testroute

76
docs/content/routing/providers/kubernetes-gateway.md
View file

@ -39,13 +39,13 @@ The Kubernetes Gateway API, The Experimental Way. {: .subtitle }
You can find an excerpt of the supported Kubernetes Gateway API resources in the table below:
| Kind | Purpose | Concept Behind |
|------------------------------------|---------------------------------------------------------------------------|--------------------------------------------------------------------------------------|
| [GatewayClass](#kind-gatewayclass) | Defines a set of Gateways that share a common configuration and behaviour | [GatewayClass](https://gateway-api.sigs.k8s.io/v1alpha2/api-types/gatewayclass) |
| [Gateway](#kind-gateway) | Describes how traffic can be translated to Services within the cluster | [Gateway](https://gateway-api.sigs.k8s.io/v1alpha2/api-types/gateway) |
| [HTTPRoute](#kind-httproute) | HTTP rules for mapping requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/v1alpha2/api-types/httproute) |
| [TCPRoute](#kind-tcproute) | Allows mapping TCP requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/v1alpha2/guides/tcp/)|
| [TLSRoute](#kind-tlsroute) | Allows mapping TLS requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/v1alpha2/guides/tls/)|
| Kind | Purpose | Concept Behind |
|------------------------------------|---------------------------------------------------------------------------|---------------------------------------------------------------------------------|
| [GatewayClass](#kind-gatewayclass) | Defines a set of Gateways that share a common configuration and behaviour | [GatewayClass](https://gateway-api.sigs.k8s.io/v1alpha2/api-types/gatewayclass) |
| [Gateway](#kind-gateway) | Describes how traffic can be translated to Services within the cluster | [Gateway](https://gateway-api.sigs.k8s.io/v1alpha2/api-types/gateway) |
| [HTTPRoute](#kind-httproute) | HTTP rules for mapping requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/v1alpha2/api-types/httproute) |
| [TCPRoute](#kind-tcproute) | Allows mapping TCP requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/v1alpha2/guides/tcp/) |
| [TLSRoute](#kind-tlsroute) | Allows mapping TLS requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/v1alpha2/guides/tls/) |
### Kind: `GatewayClass`
@ -238,7 +238,7 @@ Kubernetes cluster before creating `HTTPRoute` objects.
weight: 1 # [16]
port: 8080 # [17]
- name: api@internal
group: traefik.containo.us # [18]
group: traefik.io # [18]
kind: TraefikService # [19]
```
@ -261,7 +261,7 @@ Kubernetes cluster before creating `HTTPRoute` objects.
| [15] | `name` | The name of the referent service. |
| [16] | `weight` | The proportion of traffic forwarded to a targetRef, computed as weight/(sum of all weights in targetRefs). |
| [17] | `port` | The port of the referent service. |
| [18] | `group` | Group is the group of the referent. Only `traefik.containo.us` and `gateway.networking.k8s.io` values are supported. |
| [18] | `group` | Group is the group of the referent. Only `traefik.io`, `traefik.containo.us` and `gateway.networking.k8s.io` values are supported. |
| [19] | `kind` | Kind is kind of the referent. Only `TraefikService` and `Service` values are supported. |
### Kind: `TCPRoute`
@ -290,23 +290,23 @@ Kubernetes cluster before creating `TCPRoute` objects.
weight: 1 # [8]
port: 8080 # [9]
- name: api@internal
group: traefik.containo.us # [10]
group: traefik.io # [10]
kind: TraefikService # [11]
```
| Ref | Attribute | Description |
|------|---------------|----------------------------------------------------------------------------------------------------------------------|
| [1] | `parentRefs` | References the resources (usually Gateways) that a Route wants to be attached to. |
| [2] | `name` | Name of the referent. |
| [3] | `namespace` | Namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. |
| [4] | `sectionName` | Name of a section within the target resource (the Listener name). |
| [5] | `rules` | Rules are a list of TCP matchers and actions. |
| [6] | `backendRefs` | Defines the backend(s) where matching requests should be sent. |
| [7] | `name` | The name of the referent service. |
| [8] | `weight` | The proportion of traffic forwarded to a targetRef, computed as weight/(sum of all weights in targetRefs). |
| [9] | `port` | The port of the referent service. |
| [10] | `group` | Group is the group of the referent. Only `traefik.containo.us` and `gateway.networking.k8s.io` values are supported. |
| [11] | `kind` | Kind is kind of the referent. Only `TraefikService` and `Service` values are supported. |
| Ref | Attribute | Description |
|------|---------------|------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `parentRefs` | References the resources (usually Gateways) that a Route wants to be attached to. |
| [2] | `name` | Name of the referent. |
| [3] | `namespace` | Namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. |
| [4] | `sectionName` | Name of a section within the target resource (the Listener name). |
| [5] | `rules` | Rules are a list of TCP matchers and actions. |
| [6] | `backendRefs` | Defines the backend(s) where matching requests should be sent. |
| [7] | `name` | The name of the referent service. |
| [8] | `weight` | The proportion of traffic forwarded to a targetRef, computed as weight/(sum of all weights in targetRefs). |
| [9] | `port` | The port of the referent service. |
| [10] | `group` | Group is the group of the referent. Only `traefik.io`, `traefik.containo.us` and `gateway.networking.k8s.io` values are supported. |
| [11] | `kind` | Kind is kind of the referent. Only `TraefikService` and `Service` values are supported. |
### Kind: `TLSRoute`
@ -336,21 +336,21 @@ Kubernetes cluster before creating `TLSRoute` objects.
weight: 1 # [9]
port: 8080 # [10]
- name: api@internal
group: traefik.containo.us # [11]
group: traefik.io # [11]
kind: TraefikService # [12]
```
| Ref | Attribute | Description |
|------|---------------|----------------------------------------------------------------------------------------------------------------------|
| [1] | `parentRefs` | References the resources (usually Gateways) that a Route wants to be attached to. |
| [2] | `name` | Name of the referent. |
| [3] | `namespace` | Namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. |
| [4] | `sectionName` | Name of a section within the target resource (the Listener name). |
| [5] | `hostnames` | Defines a set of SNI names that should match against the SNI attribute of TLS ClientHello message in TLS handshake. |
| [6] | `rules` | Rules are a list of TCP matchers and actions. |
| [7] | `backendRefs` | Defines the backend(s) where matching requests should be sent. |
| [8] | `name` | The name of the referent service. |
| [9] | `weight` | The proportion of traffic forwarded to a targetRef, computed as weight/(sum of all weights in targetRefs). |
| [10] | `port` | The port of the referent service. |
| [11] | `group` | Group is the group of the referent. Only `traefik.containo.us` and `gateway.networking.k8s.io` values are supported. |
| [12] | `kind` | Kind is kind of the referent. Only `TraefikService` and `Service` values are supported. |
| Ref | Attribute | Description |
|------|---------------|------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `parentRefs` | References the resources (usually Gateways) that a Route wants to be attached to. |
| [2] | `name` | Name of the referent. |
| [3] | `namespace` | Namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. |
| [4] | `sectionName` | Name of a section within the target resource (the Listener name). |
| [5] | `hostnames` | Defines a set of SNI names that should match against the SNI attribute of TLS ClientHello message in TLS handshake. |
| [6] | `rules` | Rules are a list of TCP matchers and actions. |
| [7] | `backendRefs` | Defines the backend(s) where matching requests should be sent. |
| [8] | `name` | The name of the referent service. |
| [9] | `weight` | The proportion of traffic forwarded to a targetRef, computed as weight/(sum of all weights in targetRefs). |
| [10] | `port` | The port of the referent service. |
| [11] | `group` | Group is the group of the referent. Only `traefik.io`, `traefik.containo.us` and `gateway.networking.k8s.io` values are supported. |
| [12] | `kind` | Kind is kind of the referent. Only `TraefikService` and `Service` values are supported. |

21
docs/content/routing/providers/kubernetes-ingress.md
View file

@ -299,6 +299,17 @@ which in turn will create the resulting routers, services, handlers, etc.
#### On Service
??? info "`traefik.ingress.kubernetes.io/service.nativelb`"
Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the pods.
Please note that, by default, Traefik reuses the established connections to the backends for performance purposes. This can prevent the requests load balancing between the replicas from behaving as one would expect when the option is set.
By default, NativeLB is false.
```yaml
traefik.ingress.kubernetes.io/service.nativelb: "true"
```
??? info "`traefik.ingress.kubernetes.io/service.serversscheme`"
Overrides the default scheme.
@ -888,11 +899,15 @@ TLS certificates can be managed in Secrets objects.
### Communication Between Traefik and Pods
!!! info "It is not possible to route requests directly to [Kubernetes services](https://kubernetes.io/docs/concepts/services-networking/service/ "Link to Kubernetes service docs")"
!!! info "Routing directly to [Kubernetes services](https://kubernetes.io/docs/concepts/services-networking/service/ "Link to Kubernetes service docs")"
You can use an `ExternalName` service to forward requests to the Kubernetes service through DNS.
To route directly to the Kubernetes service,
one can use the `traefik.ingress.kubernetes.io/service.nativelb` annotation on the Kubernetes service.
It controls, when creating the load-balancer,
whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
For doing so, you have to [allow external name services](https://doc.traefik.io/traefik/providers/kubernetes-ingress/#allowexternalnameservices "Link to docs about allowing external name services").
One alternative is to use an `ExternalName` service to forward requests to the Kubernetes service through DNS.
To do so, one must [allow external name services](https://doc.traefik.io/traefik/providers/kubernetes-ingress/#allowexternalnameservices "Link to docs about allowing external name services").
Traefik automatically requests endpoint information based on the service provided in the ingress spec.
Although Traefik will connect directly to the endpoints (pods),

2
docs/content/routing/providers/kv.md
View file

@ -406,7 +406,7 @@ You can declare TCP Routers and/or Services using KV.
#### TCP Services
??? info "`traefik/tcp/services/<service_name>/loadbalancer/servers/<n>/url`"
??? info "`traefik/tcp/services/<service_name>/loadbalancer/servers/<n>/address`"
See [servers](../services/index.md#servers) for more information.

50
docs/content/routing/services/index.md
View file

@ -555,7 +555,7 @@ http:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
@ -590,7 +590,7 @@ http:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
@ -632,7 +632,7 @@ http:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
@ -665,7 +665,7 @@ http:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
@ -705,7 +705,7 @@ http:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
@ -736,7 +736,7 @@ http:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
@ -767,7 +767,7 @@ http:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
@ -807,7 +807,7 @@ http:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
@ -842,7 +842,7 @@ http:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
@ -880,7 +880,7 @@ http:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
@ -916,7 +916,7 @@ http:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
@ -950,7 +950,7 @@ http:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
@ -988,7 +988,7 @@ http:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
@ -1022,7 +1022,7 @@ http:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
@ -1661,7 +1661,7 @@ tcp:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransportTCP
metadata:
name: mytransport
@ -1695,7 +1695,7 @@ tcp:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransportTCP
metadata:
name: mytransport
@ -1735,7 +1735,7 @@ tcp:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransportTCP
metadata:
name: mytransport
@ -1767,7 +1767,7 @@ tcp:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransportTCP
metadata:
name: mytransport
@ -1799,7 +1799,7 @@ tcp:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransportTCP
metadata:
name: mytransport
@ -1836,7 +1836,7 @@ tcp:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransportTCP
metadata:
name: mytransport
@ -1880,7 +1880,7 @@ tcp:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransportTCP
metadata:
name: mytransport
@ -1915,7 +1915,7 @@ tcp:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransportTCP
metadata:
name: mytransport
@ -1957,7 +1957,7 @@ tcp:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransportTCP
metadata:
name: mytransport
@ -1998,7 +1998,7 @@ tcp:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransportTCP
metadata:
name: mytransport
@ -2033,7 +2033,7 @@ tcp:
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransportTCP
metadata:
name: mytransport