homelab/traefik
1
0
Fork 0
Code Activity

NGINX Ingress Provider

Browse source 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
This commit is contained in:
Romain 2025-06-23 18:06:04 +02:00 committed by GitHub
parent b39ee8ede5
commit 9bd5c61782
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
32 changed files with 3894 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

112
docs/content/reference/install-configuration/providers/kubernetes/kubernetes-ingress-nginx.md Normal file
View file

@ -0,0 +1,112 @@
---
title: "Traefik Kubernetes Ingress NGINX Documentation"
description: "Understand the requirements, routing configuration, and how to set up the Kubernetes Ingress NGINX provider. Read the technical documentation."
---
# Traefik & Ingresses with NGINX Annotations
The experimental Traefik Kubernetes Ingress NGINX provider is a Kubernetes Ingress controller; i.e,
it manages access to cluster services by supporting the [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) specification.
It also supports some of the [ingress-nginx](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/) annotations on ingresses to customize their behavior.
!!! warning "Ingress Discovery"
The Kubernetes Ingress NGINX provider is discovering by default all Ingresses in the cluster,
which may lead to duplicated routers if you are also using the Kubernetes Ingress provider.
We recommend to use IngressClass for the Ingresses you want to be handled by this provider,
or to use the `watchNamespace` or `watchNamespaceSelector` options to limit the discovery of Ingresses to a specific namespace or set of namespaces.
## Configuration Example
As this provider is an experimental feature, it needs to be enabled in the experimental and in the provider sections of the configuration.
You can enable the Kubernetes Ingress NGINX provider as detailed below:
```yaml tab="File (YAML)"
experimental:
kubernetesIngressNGINX: true
providers:
kubernetesIngressNGINX: {}
```
```toml tab="File (TOML)"
[experimental.kubernetesIngressNGINX]
[providers.kubernetesIngressNGINX]
```
```bash tab="CLI"
--experimental.kubernetesingressnginx=true
--providers.kubernetesingressnginx=true
```
The provider then watches for incoming ingresses events, such as the example below,
and derives the corresponding dynamic configuration from it,
which in turn creates the resulting routers, services, handlers, etc.
## Configuration Options
<!-- markdownlint-disable MD013 -->
| Field | Description | Default | Required |
|:------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.kubernetesIngressNGINX.endpoint` | Server endpoint URL.<br />More information [here](#endpoint). | "" | No |
| `providers.kubernetesIngressNGINX.token` | Bearer token used for the Kubernetes client configuration. | "" | No |
| `providers.kubernetesIngressNGINX.certAuthFilePath` | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No |
| `providers.kubernetesIngressNGINX.throttleDuration` | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No |
| `providers.kubernetesIngressNGINX.watchNamespace` | Namespace the controller watches for updates to Kubernetes objects. All namespaces are watched if this parameter is left empty. | "" | No |
| `providers.kubernetesIngressNGINX.watchNamespaceSelector` | Selector selects namespaces the controller watches for updates to Kubernetes objects. | "" | No |
| `providers.kubernetesIngressNGINX.ingressClass` | Name of the ingress class this controller satisfies. | "" | No |
| `providers.kubernetesIngressNGINX.controllerClass` | Ingress Class Controller value this controller satisfies. | "" | No |
| `providers.kubernetesIngressNGINX.watchIngressWithoutClass` | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. | false | No |
| `providers.kubernetesIngressNGINX.ingressClassByName` | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. | false | No |
| `providers.kubernetesIngressNGINX.publishService` | Service fronting the Ingress controller. Takes the form namespace/name. | "" | No |
| `providers.kubernetesIngressNGINX.publishStatusAddress` | Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies. | "" | No |
| `providers.kubernetesIngressNGINX.defaultBackendService` | Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form 'namespace/name'. | "" | No |
| `providers.kubernetesIngressNGINX.disableSvcExternalName` | Disable support for Services of type ExternalName. | false | No |
<!-- markdownlint-enable MD013 -->
### `endpoint`
The Kubernetes server endpoint URL.
When deployed into Kubernetes, Traefik reads the environment variables `KUBERNETES_SERVICE_HOST`
and `KUBERNETES_SERVICE_PORT` or `KUBECONFIG` to construct the endpoint.
The access token is looked up in `/var/run/secrets/kubernetes.io/serviceaccount/token`
and the SSL CA certificate in `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`.
Both are mounted automatically when deployed inside Kubernetes.
The endpoint may be specified to override the environment variable values inside
a cluster.
When the environment variables are not found, Traefik tries to connect to the
Kubernetes API server with an external-cluster client.
In this case, the endpoint is required.
Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes
cluster using the granted authentication and authorization of the associated kubeconfig.
```yaml tab="File (YAML)"
providers:
kubernetesIngressNGINX:
endpoint: "http://localhost:8080"
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngressNGINX]
endpoint = "http://localhost:8080"
# ...
```
```bash tab="CLI"
--providers.kubernetesingressnginx.endpoint=http://localhost:8080
```
## Routing Configuration
See the dedicated section in [routing](../../../routing-configuration/kubernetes/ingress-nginx.md).
{!traefik-for-business-applications.md!}

394
docs/content/reference/routing-configuration/kubernetes/ingress-nginx.md Normal file
View file

@ -0,0 +1,394 @@
---
title: "Traefik Kubernetes Ingress NGINX Routing Configuration"
description: "Understand the routing configuration for the Kubernetes Ingress NGINX Controller and Traefik Proxy. Read the technical documentation."
---
# Traefik & Ingresses with NGINX Annotations
The experimental Kubernetes Controller for Ingresses with NGINX annotations.
{: .subtitle }
!!! warning "Ingress Discovery"
The Kubernetes Ingress NGINX provider is discovering by default all Ingresses in the cluster,
which may lead to duplicated routers if you are also using the Kubernetes Ingress provider.
We recommend to use IngressClass for the Ingresses you want to be handled by this provider,
or to use the `watchNamespace` or `watchNamespaceSelector` options to limit the discovery of Ingresses to a specific namespace or set of namespaces.
## Routing Configuration
The Kubernetes Ingress NGINX provider watches for incoming ingresses events, such as the example below,
and derives the corresponding dynamic configuration from it,
which in turn will create the resulting routers, services, handlers, etc.
## Configuration Example
??? example "Configuring Kubernetes Ingress NGINX Controller"
```yaml tab="RBAC"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: default
```
```yaml tab="Traefik"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik
labels:
app: traefik
spec:
replicas: 1
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v3.4
args:
- --entryPoints.web.address=:80
- --providers.kubernetesingressnginx
ports:
- name: web
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: traefik
spec:
type: LoadBalancer
selector:
app: traefik
ports:
- name: web
port: 80
targetPort: 80
```
```yaml tab="Whoami"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: whoami
labels:
app: whoami
spec:
replicas: 2
selector:
matchLabels:
app: whoami
template:
metadata:
labels:
app: whoami
spec:
containers:
- name: whoami
image: traefik/whoami
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: whoami
spec:
selector:
app: whoami
ports:
- name: http
port: 80
```
```yaml tab="Ingress"
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: nginx
spec:
controller: k8s.io/ingress-nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myingress
spec:
ingressClassName: nginx
rules:
- host: whoami.localhost
http:
paths:
- path: /bar
pathType: Exact
backend:
service:
name: whoami
port:
number: 80
- path: /foo
pathType: Exact
backend:
service:
name: whoami
port:
number: 80
```
## Annotations Support
This section lists all known NGINX Ingress annotations, split between those currently implemented (with limitations if any) and those not implemented.
Limitations or behavioral differences are indicated where relevant.
!!! warning "Global configuration"
Traefik does not expose all global configuration options to control default behaviors for ingresses.
Some behaviors that are globally configurable in NGINX (such as default SSL redirect, rate limiting, or affinity) are currently not supported and cannot be overridden per-ingress as in NGINX.
### Caveats and Key Behavioral Differences
- **Authentication**: Forward auth behaves differently and session caching is not supported. NGINX supports sub-request based auth, while Traefik forwards the original request.
- **Session Affinity**: Only persistent mode is supported.
- **Leader Election**: Not supported; no cluster mode with leader election.
- **Default Backend**: Only `defaultBackend` in Ingress spec is supported; the annotation is ignored.
- **Load Balancing**: Only round_robin is supported; EWMA and IP hash are not supported.
- **CORS**: NGINX responds with all configured headers unconditionally; Traefik handles headers differently between pre-flight and regular requests.
- **TLS/Backend Protocols**: AUTO_HTTP, FCGI and some TLS options are not supported in Traefik.
- **Path Handling**: Traefik preserves trailing slashes by default; NGINX removes them unless configured otherwise.
### Supported NGINX Annotations
| Annotation | Limitations / Notes |
|-------------------------------------------------------|--------------------------------------------------------------------------------------------|
| `nginx.ingress.kubernetes.io/affinity` | |
| `nginx.ingress.kubernetes.io/affinity-mode` | Only persistent mode supported; balanced/canary not supported. |
| `nginx.ingress.kubernetes.io/auth-type` | |
| `nginx.ingress.kubernetes.io/auth-secret` | |
| `nginx.ingress.kubernetes.io/auth-secret-type` | |
| `nginx.ingress.kubernetes.io/auth-realm` | |
| `nginx.ingress.kubernetes.io/auth-url` | Only URL and response headers copy supported. Forward auth behaves differently than NGINX. |
| `nginx.ingress.kubernetes.io/auth-method` | |
| `nginx.ingress.kubernetes.io/auth-response-headers` | |
| `nginx.ingress.kubernetes.io/ssl-redirect` | Cannot opt-out per route if enabled globally. |
| `nginx.ingress.kubernetes.io/force-ssl-redirect` | Cannot opt-out per route if enabled globally. |
| `nginx.ingress.kubernetes.io/ssl-passthrough` | Some differences in SNI/default backend handling. |
| `nginx.ingress.kubernetes.io/use-regex` | |
| `nginx.ingress.kubernetes.io/session-cookie-name` | |
| `nginx.ingress.kubernetes.io/session-cookie-path` | |
| `nginx.ingress.kubernetes.io/session-cookie-domain` | |
| `nginx.ingress.kubernetes.io/session-cookie-samesite` | |
| `nginx.ingress.kubernetes.io/load-balance` | Only round_robin supported; ewma and IP hash not supported. |
| `nginx.ingress.kubernetes.io/backend-protocol` | FCGI and AUTO_HTTP not supported. |
| `nginx.ingress.kubernetes.io/enable-cors` | Partial support. |
| `nginx.ingress.kubernetes.io/cors-allow-credentials` | |
| `nginx.ingress.kubernetes.io/cors-allow-headers` | |
| `nginx.ingress.kubernetes.io/cors-allow-methods` | |
| `nginx.ingress.kubernetes.io/cors-allow-origin` | |
| `nginx.ingress.kubernetes.io/cors-max-age` | |
| `nginx.ingress.kubernetes.io/proxy-ssl-server-name` | |
| `nginx.ingress.kubernetes.io/proxy-ssl-name` | |
| `nginx.ingress.kubernetes.io/proxy-ssl-verify` | |
| `nginx.ingress.kubernetes.io/proxy-ssl-secret` | |
| `nginx.ingress.kubernetes.io/service-upstream` | |
### Unsupported NGINX Annotations
All other NGINX annotations not listed above, including but not limited to:
| Annotation | Notes |
|-----------------------------------------------------------------------------|------------------------------------------------------|
| `nginx.ingress.kubernetes.io/app-root` | Not supported. |
| `nginx.ingress.kubernetes.io/affinity-canary-behavior` | Not supported. |
| `nginx.ingress.kubernetes.io/auth-tls-secret` | Not supported. |
| `nginx.ingress.kubernetes.io/auth-tls-verify-depth` | Not supported. |
| `nginx.ingress.kubernetes.io/auth-tls-verify-client` | Not supported. |
| `nginx.ingress.kubernetes.io/auth-tls-error-page` | Not supported. |
| `nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream` | Not supported. |
| `nginx.ingress.kubernetes.io/auth-tls-match-cn` | Not supported. |
| `nginx.ingress.kubernetes.io/auth-cache-key` | Not supported. |
| `nginx.ingress.kubernetes.io/auth-cache-duration` | Not supported. |
| `nginx.ingress.kubernetes.io/auth-keepalive` | Not supported. |
| `nginx.ingress.kubernetes.io/auth-keepalive-share-vars` | Not supported. |
| `nginx.ingress.kubernetes.io/auth-keepalive-requests` | Not supported. |
| `nginx.ingress.kubernetes.io/auth-keepalive-timeout` | Not supported. |
| `nginx.ingress.kubernetes.io/auth-proxy-set-headers` | Not supported. |
| `nginx.ingress.kubernetes.io/auth-snippet` | Not supported. |
| `nginx.ingress.kubernetes.io/enable-global-auth` | Not supported. |
| `nginx.ingress.kubernetes.io/canary` | Not supported. |
| `nginx.ingress.kubernetes.io/canary-by-header` | Not supported. |
| `nginx.ingress.kubernetes.io/canary-by-header-value` | Not supported. |
| `nginx.ingress.kubernetes.io/canary-by-header-pattern` | Not supported. |
| `nginx.ingress.kubernetes.io/canary-by-cookie` | Not supported. |
| `nginx.ingress.kubernetes.io/canary-weight` | Not supported. |
| `nginx.ingress.kubernetes.io/canary-weight-total` | Not supported. |
| `nginx.ingress.kubernetes.io/client-body-buffer-size` | Not supported. |
| `nginx.ingress.kubernetes.io/configuration-snippet` | Not supported. |
| `nginx.ingress.kubernetes.io/custom-http-errors` | Not supported. |
| `nginx.ingress.kubernetes.io/disable-proxy-intercept-errors` | Not supported. |
| `nginx.ingress.kubernetes.io/default-backend` | Not supported; use `defaultBackend` in Ingress spec. |
| `nginx.ingress.kubernetes.io/limit-rate-after` | Not supported. |
| `nginx.ingress.kubernetes.io/limit-rate` | Not supported. |
| `nginx.ingress.kubernetes.io/limit-whitelist` | Not supported. |
| `nginx.ingress.kubernetes.io/limit-rps` | Not supported. |
| `nginx.ingress.kubernetes.io/limit-rpm` | Not supported. |
| `nginx.ingress.kubernetes.io/limit-burst-multiplier` | Not supported. |
| `nginx.ingress.kubernetes.io/limit-connections` | Not supported. |
| `nginx.ingress.kubernetes.io/global-rate-limit` | Not supported. |
| `nginx.ingress.kubernetes.io/global-rate-limit-window` | Not supported. |
| `nginx.ingress.kubernetes.io/global-rate-limit-key` | Not supported. |
| `nginx.ingress.kubernetes.io/global-rate-limit-ignored-cidrs` | Not supported. |
| `nginx.ingress.kubernetes.io/permanent-redirect` | Not supported. |
| `nginx.ingress.kubernetes.io/permanent-redirect-code` | Not supported. |
| `nginx.ingress.kubernetes.io/temporal-redirect` | Not supported. |
| `nginx.ingress.kubernetes.io/preserve-trailing-slash` | Not supported; Traefik preserves by default. |
| `nginx.ingress.kubernetes.io/proxy-cookie-domain` | Not supported. |
| `nginx.ingress.kubernetes.io/proxy-cookie-path` | Not supported. |
| `nginx.ingress.kubernetes.io/proxy-connect-timeout` | Not supported. |
| `nginx.ingress.kubernetes.io/proxy-send-timeout` | Not supported. |
| `nginx.ingress.kubernetes.io/proxy-read-timeout` | Not supported. |
| `nginx.ingress.kubernetes.io/proxy-next-upstream` | Not supported. |
| `nginx.ingress.kubernetes.io/proxy-next-upstream-timeout` | Not supported. |
| `nginx.ingress.kubernetes.io/proxy-next-upstream-tries` | Not supported. |
| `nginx.ingress.kubernetes.io/proxy-request-buffering` | Not supported. |
| `nginx.ingress.kubernetes.io/proxy-redirect-from` | Not supported. |
| `nginx.ingress.kubernetes.io/proxy-redirect-to` | Not supported. |
| `nginx.ingress.kubernetes.io/proxy-http-version` | Not supported. |
| `nginx.ingress.kubernetes.io/proxy-ssl-ciphers` | Not supported. |
| `nginx.ingress.kubernetes.io/proxy-ssl-verify-depth` | Not supported. |
| `nginx.ingress.kubernetes.io/proxy-ssl-protocols` | Not supported. |
| `nginx.ingress.kubernetes.io/enable-rewrite-log` | Not supported. |
| `nginx.ingress.kubernetes.io/rewrite-target` | Not supported. |
| `nginx.ingress.kubernetes.io/satisfy` | Not supported. |
| `nginx.ingress.kubernetes.io/server-alias` | Not supported. |
| `nginx.ingress.kubernetes.io/server-snippet` | Not supported. |
| `nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none` | Not supported. |
| `nginx.ingress.kubernetes.io/session-cookie-expires` | Not supported. |
| `nginx.ingress.kubernetes.io/session-cookie-change-on-failure` | Not supported. |
| `nginx.ingress.kubernetes.io/ssl-ciphers` | Not supported. |
| `nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers` | Not supported. |
| `nginx.ingress.kubernetes.io/connection-proxy-header` | Not supported. |
| `nginx.ingress.kubernetes.io/enable-access-log` | Not supported. |
| `nginx.ingress.kubernetes.io/enable-opentracing` | Not supported. |
| `nginx.ingress.kubernetes.io/opentracing-trust-incoming-span` | Not supported. |
| `nginx.ingress.kubernetes.io/enable-opentelemetry` | Not supported. |
| `nginx.ingress.kubernetes.io/opentelemetry-trust-incoming-span` | Not supported. |
| `nginx.ingress.kubernetes.io/enable-modsecurity` | Not supported. |
| `nginx.ingress.kubernetes.io/enable-owasp-core-rules` | Not supported. |
| `nginx.ingress.kubernetes.io/modsecurity-transaction-id` | Not supported. |
| `nginx.ingress.kubernetes.io/modsecurity-snippet` | Not supported. |
| `nginx.ingress.kubernetes.io/mirror-request-body` | Not supported. |
| `nginx.ingress.kubernetes.io/mirror-target` | Not supported. |
| `nginx.ingress.kubernetes.io/mirror-host` | Not supported. |
| `nginx.ingress.kubernetes.io/x-forwarded-prefix` | Not supported. |
| `nginx.ingress.kubernetes.io/upstream-hash-by` | Not supported. |
| `nginx.ingress.kubernetes.io/upstream-vhost` | Not supported. |
| `nginx.ingress.kubernetes.io/denylist-source-range` | Not supported. |
| `nginx.ingress.kubernetes.io/whitelist-source-range` | Not supported. |
| `nginx.ingress.kubernetes.io/proxy-buffering` | Not supported. |
| `nginx.ingress.kubernetes.io/proxy-buffers-number` | Not supported. |
| `nginx.ingress.kubernetes.io/proxy-buffer-size` | Not supported. |
| `nginx.ingress.kubernetes.io/proxy-max-temp-file-size` | Not supported. |
| `nginx.ingress.kubernetes.io/stream-snippet` | Not supported. |

48
docs/content/reference/static-configuration/cli-ref.md
View file

@ -339,6 +339,9 @@ Enable debug mode for the FastProxy implementation. (Default: ```false```)
`--experimental.kubernetesgateway`:
(Deprecated) Allow the Kubernetes gateway api provider usage. (Default: ```false```)
`--experimental.kubernetesingressnginx`:
Allow the Kubernetes Ingress NGINX provider usage. (Default: ```false```)
`--experimental.localplugins.<name>`:
Local plugins configuration. (Default: ```false```)
@ -1047,6 +1050,51 @@ Ingress refresh throttle duration (Default: ```0```)
`--providers.kubernetesingress.token`:
Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token.
`--providers.kubernetesingressnginx`:
Enable Kubernetes Ingress NGINX provider. (Default: ```false```)
`--providers.kubernetesingressnginx.certauthfilepath`:
Kubernetes certificate authority file path (not needed for in-cluster client).
`--providers.kubernetesingressnginx.controllerclass`:
Ingress Class Controller value this controller satisfies. (Default: ```k8s.io/ingress-nginx```)
`--providers.kubernetesingressnginx.defaultbackendservice`:
Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form 'namespace/name'.
`--providers.kubernetesingressnginx.disablesvcexternalname`:
Disable support for Services of type ExternalName. (Default: ```false```)
`--providers.kubernetesingressnginx.endpoint`:
Kubernetes server endpoint (required for external cluster client).
`--providers.kubernetesingressnginx.ingressclass`:
Name of the ingress class this controller satisfies. (Default: ```nginx```)
`--providers.kubernetesingressnginx.ingressclassbyname`:
Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. (Default: ```false```)
`--providers.kubernetesingressnginx.publishservice`:
Service fronting the Ingress controller. Takes the form 'namespace/name'.
`--providers.kubernetesingressnginx.publishstatusaddress`:
Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies.
`--providers.kubernetesingressnginx.throttleduration`:
Ingress refresh throttle duration. (Default: ```0```)
`--providers.kubernetesingressnginx.token`:
Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token.
`--providers.kubernetesingressnginx.watchingresswithoutclass`:
Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. (Default: ```false```)
`--providers.kubernetesingressnginx.watchnamespace`:
Namespace the controller watches for updates to Kubernetes objects. All namespaces are watched if this parameter is left empty.
`--providers.kubernetesingressnginx.watchnamespaceselector`:
Selector selects namespaces the controller watches for updates to Kubernetes objects.
`--providers.nomad`:
Enable Nomad backend with default settings. (Default: ```false```)

48
docs/content/reference/static-configuration/env-ref.md
View file

@ -339,6 +339,9 @@ Enable debug mode for the FastProxy implementation. (Default: ```false```)
`TRAEFIK_EXPERIMENTAL_KUBERNETESGATEWAY`:
(Deprecated) Allow the Kubernetes gateway api provider usage. (Default: ```false```)
`TRAEFIK_EXPERIMENTAL_KUBERNETESINGRESSNGINX`:
Allow the Kubernetes Ingress NGINX provider usage. (Default: ```false```)
`TRAEFIK_EXPERIMENTAL_LOCALPLUGINS_<NAME>`:
Local plugins configuration. (Default: ```false```)
@ -999,6 +1002,51 @@ Kubernetes bearer token (not needed for in-cluster client). It accepts either a
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS`:
Enable Kubernetes backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESINGRESSNGINX`:
Enable Kubernetes Ingress NGINX provider. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESINGRESSNGINX_CERTAUTHFILEPATH`:
Kubernetes certificate authority file path (not needed for in-cluster client).
`TRAEFIK_PROVIDERS_KUBERNETESINGRESSNGINX_CONTROLLERCLASS`:
Ingress Class Controller value this controller satisfies. (Default: ```k8s.io/ingress-nginx```)
`TRAEFIK_PROVIDERS_KUBERNETESINGRESSNGINX_DEFAULTBACKENDSERVICE`:
Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form 'namespace/name'.
`TRAEFIK_PROVIDERS_KUBERNETESINGRESSNGINX_DISABLESVCEXTERNALNAME`:
Disable support for Services of type ExternalName. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESINGRESSNGINX_ENDPOINT`:
Kubernetes server endpoint (required for external cluster client).
`TRAEFIK_PROVIDERS_KUBERNETESINGRESSNGINX_INGRESSCLASS`:
Name of the ingress class this controller satisfies. (Default: ```nginx```)
`TRAEFIK_PROVIDERS_KUBERNETESINGRESSNGINX_INGRESSCLASSBYNAME`:
Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESINGRESSNGINX_PUBLISHSERVICE`:
Service fronting the Ingress controller. Takes the form 'namespace/name'.
`TRAEFIK_PROVIDERS_KUBERNETESINGRESSNGINX_PUBLISHSTATUSADDRESS`:
Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies.
`TRAEFIK_PROVIDERS_KUBERNETESINGRESSNGINX_THROTTLEDURATION`:
Ingress refresh throttle duration. (Default: ```0```)
`TRAEFIK_PROVIDERS_KUBERNETESINGRESSNGINX_TOKEN`:
Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token.
`TRAEFIK_PROVIDERS_KUBERNETESINGRESSNGINX_WATCHINGRESSWITHOUTCLASS`:
Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESINGRESSNGINX_WATCHNAMESPACE`:
Namespace the controller watches for updates to Kubernetes objects. All namespaces are watched if this parameter is left empty.
`TRAEFIK_PROVIDERS_KUBERNETESINGRESSNGINX_WATCHNAMESPACESELECTOR`:
Selector selects namespaces the controller watches for updates to Kubernetes objects.
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS_ALLOWEMPTYSERVICES`:
Allow creation of services without endpoints. (Default: ```false```)

16
docs/content/reference/static-configuration/file.toml
View file

@ -143,6 +143,21 @@
ip = "foobar"
hostname = "foobar"
publishedService = "foobar"
[providers.kubernetesIngressNGINX]
endpoint = "foobar"
token = "foobar"
certAuthFilePath = "foobar"
throttleDuration = "42s"
watchNamespace = "foobar"
watchNamespaceSelector = "foobar"
ingressClass = "foobar"
controllerClass = "foobar"
watchIngressWithoutClass = true
ingressClassByName = true
publishService = "foobar"
publishStatusAddress = ["foobar", "foobar"]
defaultBackendService = "foobar"
disableSvcExternalName = true
[providers.kubernetesCRD]
endpoint = "foobar"
token = "foobar"
@ -572,6 +587,7 @@
[experimental]
abortOnPluginFailure = true
otlplogs = true
kubernetesIngressNGINX = true
kubernetesGateway = true
[experimental.plugins]
[experimental.plugins.Descriptor0]

18
docs/content/reference/static-configuration/file.yaml
View file

@ -158,6 +158,23 @@ providers:
disableClusterScopeResources: true
nativeLBByDefault: true
strictPrefixMatching: true
kubernetesIngressNGINX:
endpoint: foobar
token: foobar
certAuthFilePath: foobar
throttleDuration: 42s
watchNamespace: foobar
watchNamespaceSelector: foobar
ingressClass: foobar
controllerClass: foobar
watchIngressWithoutClass: true
ingressClassByName: true
publishService: foobar
publishStatusAddress:
- foobar
- foobar
defaultBackendService: foobar
disableSvcExternalName: true
kubernetesCRD:
endpoint: foobar
token: foobar
@ -670,6 +687,7 @@ experimental:
fastProxy:
debug: true
otlplogs: true
kubernetesIngressNGINX: true
kubernetesGateway: true
core:
defaultRuleSyntax: foobar

4
docs/mkdocs.yml
View file

@ -79,6 +79,7 @@ nav:
- 'Swarm': 'providers/swarm.md'
- 'Kubernetes IngressRoute': 'providers/kubernetes-crd.md'
- 'Kubernetes Ingress': 'providers/kubernetes-ingress.md'
- 'Kubernetes Ingress NGINX': 'reference/install-configuration/providers/kubernetes/kubernetes-ingress-nginx.md'
- 'Kubernetes Gateway API': 'providers/kubernetes-gateway.md'
- 'Consul Catalog': 'providers/consul-catalog.md'
- 'Nomad': 'providers/nomad.md'
@ -99,6 +100,7 @@ nav:
- 'Swarm': 'routing/providers/swarm.md'
- 'Kubernetes IngressRoute': 'routing/providers/kubernetes-crd.md'
- 'Kubernetes Ingress': 'routing/providers/kubernetes-ingress.md'
- 'Kubernetes Ingress NGINX': 'reference/routing-configuration/kubernetes/ingress-nginx.md'
- 'Kubernetes Gateway API': 'routing/providers/kubernetes-gateway.md'
- 'Consul Catalog': 'routing/providers/consul-catalog.md'
- 'Nomad': 'routing/providers/nomad.md'
@ -205,6 +207,7 @@ nav:
- 'Kubernetes Gateway API' : 'reference/install-configuration/providers/kubernetes/kubernetes-gateway.md'
- 'Kubernetes CRD' : 'reference/install-configuration/providers/kubernetes/kubernetes-crd.md'
- 'Kubernetes Ingress' : 'reference/install-configuration/providers/kubernetes/kubernetes-ingress.md'
- 'Kubernetes Ingress NGINX' : 'reference/install-configuration/providers/kubernetes/kubernetes-ingress-nginx.md'
- 'Docker': 'reference/install-configuration/providers/docker.md'
- 'Swarm': 'reference/install-configuration/providers/swarm.md'
- 'Hashicorp':
@ -307,6 +310,7 @@ nav:
- 'UDP' :
- 'IngressRouteUDP' : 'reference/routing-configuration/kubernetes/crd/udp/ingressrouteudp.md'
- 'Ingress' : 'reference/routing-configuration/kubernetes/ingress.md'
- 'Ingress NGINX' : 'reference/routing-configuration/kubernetes/ingress-nginx.md'
- 'Label & Tag Providers' :
- 'Docker' : 'reference/routing-configuration/other-providers/docker.md'
- 'Swarm' : 'reference/routing-configuration/other-providers/swarm.md'