homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve CEL validation on Ingress CRD resources

Browse source
This commit is contained in:
Michel Loiseleur 2025-03-06 14:48:04 +00:00 committed by GitHub
parent 740b4cfd25
commit c166a41c99
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
21 changed files with 282 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

77
docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
View file

@ -102,6 +102,7 @@ spec:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority
maximum: 9223372036854775000
type: integer
services:
description: |-
@ -276,6 +277,10 @@ spec:
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string
secure:
description: Secure defines whether the cookie
@ -288,11 +293,14 @@ spec:
description: |-
Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string
weight:
description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer
required:
- name
@ -470,6 +478,7 @@ spec:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority_1
maximum: 9223372036854775000
type: integer
services:
description: Services defines the list of TCP services.
@ -515,6 +524,8 @@ spec:
version:
description: Version defines the PROXY Protocol version
to use.
maximum: 2
minimum: 1
type: integer
type: object
serversTransport:
@ -539,6 +550,7 @@ spec:
weight:
description: Weight defines the weight used when balancing
requests between multiple Kubernetes Service.
minimum: 0
type: integer
required:
- name
@ -549,6 +561,9 @@ spec:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#rulesyntax_1
enum:
- v3
- v2
type: string
required:
- match
@ -728,6 +743,7 @@ spec:
weight:
description: Weight defines the weight used when balancing
requests between multiple Kubernetes Service.
minimum: 0
type: integer
required:
- name
@ -799,6 +815,9 @@ spec:
Prefix is the string to add before the current path in the requested URL.
It should include a leading slash (/).
type: string
x-kubernetes-validations:
- message: must start with a '/'
rule: self.startsWith('/')
type: object
basicAuth:
description: |-
@ -899,6 +918,7 @@ spec:
- type: string
description: CheckPeriod is the interval between successive checks
of the circuit breaker condition (when in standby state).
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
expression:
description: Expression is the condition that triggers the tripped
@ -918,10 +938,13 @@ spec:
description: RecoveryDuration is the duration for which the circuit
breaker will try to recover (as soon as it is in recovering
state).
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
responseCode:
description: ResponseCode is the status code that the circuit
breaker will return while it is in the open state.
maximum: 599
minimum: 100
type: integer
type: object
compress:
@ -959,6 +982,7 @@ spec:
description: |-
MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
Default: 1024.
minimum: 0
type: integer
type: object
contentType:
@ -1180,6 +1204,10 @@ spec:
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string
secure:
description: Secure defines whether the cookie can
@ -1192,11 +1220,14 @@ spec:
description: |-
Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string
weight:
description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer
required:
- name
@ -1209,6 +1240,7 @@ spec:
as ranges by separating two codes with a dash (500-599),
or a combination of the two (404,418,500-599).
items:
pattern: ^([0-5][0-9]{2}[,-]?)+$
type: string
type: array
statusRewrites:
@ -1487,6 +1519,7 @@ spec:
STSSeconds defines the max-age of the Strict-Transport-Security header.
If set to 0, the header is not set.
format: int64
minimum: 0
type: integer
type: object
inFlightReq:
@ -1500,6 +1533,7 @@ spec:
Amount defines the maximum amount of allowed simultaneous in-flight request.
The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
format: int64
minimum: 0
type: integer
sourceCriterion:
description: |-
@ -1517,6 +1551,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position
(starting from the right).
minimum: 0
type: integer
excludedIPs:
description: ExcludedIPs configures Traefik to scan the
@ -1557,6 +1592,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position (starting
from the right).
minimum: 0
type: integer
excludedIPs:
description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
@ -1594,6 +1630,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position (starting
from the right).
minimum: 0
type: integer
excludedIPs:
description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
@ -1736,12 +1773,14 @@ spec:
The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
one needs to define a Period larger than a second.
format: int64
minimum: 0
type: integer
burst:
description: |-
Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
It defaults to 1.
format: int64
minimum: 0
type: integer
period:
anyOf:
@ -1766,6 +1805,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position
(starting from the right).
minimum: 0
type: integer
excludedIPs:
description: ExcludedIPs configures Traefik to scan the
@ -1863,6 +1903,7 @@ spec:
attempts:
description: Attempts defines how many times the request should
be retried.
minimum: 0
type: integer
initialInterval:
anyOf:
@ -1874,6 +1915,7 @@ spec:
If unspecified, requests will be retried immediately.
The value of initialInterval should be provided in seconds or as a valid duration format,
see https://pkg.go.dev/time#ParseDuration.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
type: object
stripPrefix:
@ -1966,6 +2008,7 @@ spec:
Amount defines the maximum amount of allowed simultaneous connections.
The middleware closes the connection if there are already amount connections opened.
format: int64
minimum: 0
type: integer
type: object
ipAllowList:
@ -2067,6 +2110,7 @@ spec:
- type: string
description: DialTimeout is the amount of time to wait until a
connection to a backend server can be established.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
idleConnTimeout:
anyOf:
@ -2075,6 +2119,7 @@ spec:
description: IdleConnTimeout is the maximum period for which an
idle HTTP keep-alive connection will remain open before closing
itself.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
pingTimeout:
anyOf:
@ -2082,6 +2127,7 @@ spec:
- type: string
description: PingTimeout is the timeout after which the HTTP/2
connection will be closed if a response to ping is not received.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
readIdleTimeout:
anyOf:
@ -2090,6 +2136,7 @@ spec:
description: ReadIdleTimeout is the timeout after which a health
check using ping frame will be carried out if no frame is received
on the HTTP/2 connection.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
responseHeaderTimeout:
anyOf:
@ -2098,6 +2145,7 @@ spec:
description: ResponseHeaderTimeout is the amount of time to wait
for a server's response headers after fully writing the request
(including its body, if any).
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
type: object
insecureSkipVerify:
@ -2106,6 +2154,7 @@ spec:
maxIdleConnsPerHost:
description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
to keep per-host.
minimum: 0
type: integer
peerCertURI:
description: PeerCertURI defines the peer cert URI used to match against
@ -2196,6 +2245,7 @@ spec:
the protocol and operating system. Network protocols or operating
systems that do not support keep-alives ignore this field. If negative,
keep-alive probes are disabled.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
dialTimeout:
anyOf:
@ -2203,6 +2253,7 @@ spec:
- type: string
description: DialTimeout is the amount of time to wait until a connection
to a backend server can be established.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
terminationDelay:
anyOf:
@ -2211,6 +2262,7 @@ spec:
description: TerminationDelay defines the delay to wait before fully
terminating the connection, after one connected peer has closed
its writing capability.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
tls:
description: TLS defines the TLS configuration
@ -2775,6 +2827,10 @@ spec:
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string
secure:
description: Secure defines whether the cookie can
@ -2787,11 +2843,14 @@ spec:
description: |-
Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string
weight:
description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer
required:
- name
@ -2893,6 +2952,10 @@ spec:
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string
secure:
description: Secure defines whether the cookie can only
@ -2904,11 +2967,14 @@ spec:
description: |-
Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string
weight:
description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer
required:
- name
@ -3087,6 +3153,10 @@ spec:
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string
secure:
description: Secure defines whether the cookie can
@ -3099,11 +3169,14 @@ spec:
description: |-
Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string
weight:
description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer
required:
- name
@ -3145,6 +3218,10 @@ spec:
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string
secure:
description: Secure defines whether the cookie can only

1
docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml
View file

@ -0,0 +1 @@

8
docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml
View file

@ -102,6 +102,7 @@ spec:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority
maximum: 9223372036854775000
type: integer
services:
description: |-
@ -276,6 +277,10 @@ spec:
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string
secure:
description: Secure defines whether the cookie
@ -288,11 +293,14 @@ spec:
description: |-
Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string
weight:
description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer
required:
- name

7
docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml
View file

@ -81,6 +81,7 @@ spec:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#priority_1
maximum: 9223372036854775000
type: integer
services:
description: Services defines the list of TCP services.
@ -126,6 +127,8 @@ spec:
version:
description: Version defines the PROXY Protocol version
to use.
maximum: 2
minimum: 1
type: integer
type: object
serversTransport:
@ -150,6 +153,7 @@ spec:
weight:
description: Weight defines the weight used when balancing
requests between multiple Kubernetes Service.
minimum: 0
type: integer
required:
- name
@ -160,6 +164,9 @@ spec:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.3/routing/routers/#rulesyntax_1
enum:
- v3
- v2
type: string
required:
- match

1
docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml
View file

@ -92,6 +92,7 @@ spec:
weight:
description: Weight defines the weight used when balancing
requests between multiple Kubernetes Service.
minimum: 0
type: integer
required:
- name

26
docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
View file

@ -52,6 +52,9 @@ spec:
Prefix is the string to add before the current path in the requested URL.
It should include a leading slash (/).
type: string
x-kubernetes-validations:
- message: must start with a '/'
rule: self.startsWith('/')
type: object
basicAuth:
description: |-
@ -152,6 +155,7 @@ spec:
- type: string
description: CheckPeriod is the interval between successive checks
of the circuit breaker condition (when in standby state).
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
expression:
description: Expression is the condition that triggers the tripped
@ -171,10 +175,13 @@ spec:
description: RecoveryDuration is the duration for which the circuit
breaker will try to recover (as soon as it is in recovering
state).
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
responseCode:
description: ResponseCode is the status code that the circuit
breaker will return while it is in the open state.
maximum: 599
minimum: 100
type: integer
type: object
compress:
@ -212,6 +219,7 @@ spec:
description: |-
MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
Default: 1024.
minimum: 0
type: integer
type: object
contentType:
@ -433,6 +441,10 @@ spec:
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string
secure:
description: Secure defines whether the cookie can
@ -445,11 +457,14 @@ spec:
description: |-
Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string
weight:
description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer
required:
- name
@ -462,6 +477,7 @@ spec:
as ranges by separating two codes with a dash (500-599),
or a combination of the two (404,418,500-599).
items:
pattern: ^([0-5][0-9]{2}[,-]?)+$
type: string
type: array
statusRewrites:
@ -740,6 +756,7 @@ spec:
STSSeconds defines the max-age of the Strict-Transport-Security header.
If set to 0, the header is not set.
format: int64
minimum: 0
type: integer
type: object
inFlightReq:
@ -753,6 +770,7 @@ spec:
Amount defines the maximum amount of allowed simultaneous in-flight request.
The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
format: int64
minimum: 0
type: integer
sourceCriterion:
description: |-
@ -770,6 +788,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position
(starting from the right).
minimum: 0
type: integer
excludedIPs:
description: ExcludedIPs configures Traefik to scan the
@ -810,6 +829,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position (starting
from the right).
minimum: 0
type: integer
excludedIPs:
description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
@ -847,6 +867,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position (starting
from the right).
minimum: 0
type: integer
excludedIPs:
description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
@ -989,12 +1010,14 @@ spec:
The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
one needs to define a Period larger than a second.
format: int64
minimum: 0
type: integer
burst:
description: |-
Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
It defaults to 1.
format: int64
minimum: 0
type: integer
period:
anyOf:
@ -1019,6 +1042,7 @@ spec:
description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position
(starting from the right).
minimum: 0
type: integer
excludedIPs:
description: ExcludedIPs configures Traefik to scan the
@ -1116,6 +1140,7 @@ spec:
attempts:
description: Attempts defines how many times the request should
be retried.
minimum: 0
type: integer
initialInterval:
anyOf:
@ -1127,6 +1152,7 @@ spec:
If unspecified, requests will be retried immediately.
The value of initialInterval should be provided in seconds or as a valid duration format,
see https://pkg.go.dev/time#ParseDuration.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
type: object
stripPrefix:

1
docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml
View file

@ -49,6 +49,7 @@ spec:
Amount defines the maximum amount of allowed simultaneous connections.
The middleware closes the connection if there are already amount connections opened.
format: int64
minimum: 0
type: integer
type: object
ipAllowList:

6
docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml
View file

@ -63,6 +63,7 @@ spec:
- type: string
description: DialTimeout is the amount of time to wait until a
connection to a backend server can be established.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
idleConnTimeout:
anyOf:
@ -71,6 +72,7 @@ spec:
description: IdleConnTimeout is the maximum period for which an
idle HTTP keep-alive connection will remain open before closing
itself.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
pingTimeout:
anyOf:
@ -78,6 +80,7 @@ spec:
- type: string
description: PingTimeout is the timeout after which the HTTP/2
connection will be closed if a response to ping is not received.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
readIdleTimeout:
anyOf:
@ -86,6 +89,7 @@ spec:
description: ReadIdleTimeout is the timeout after which a health
check using ping frame will be carried out if no frame is received
on the HTTP/2 connection.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
responseHeaderTimeout:
anyOf:
@ -94,6 +98,7 @@ spec:
description: ResponseHeaderTimeout is the amount of time to wait
for a server's response headers after fully writing the request
(including its body, if any).
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
type: object
insecureSkipVerify:
@ -102,6 +107,7 @@ spec:
maxIdleConnsPerHost:
description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
to keep per-host.
minimum: 0
type: integer
peerCertURI:
description: PeerCertURI defines the peer cert URI used to match against

3
docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml
View file

@ -53,6 +53,7 @@ spec:
the protocol and operating system. Network protocols or operating
systems that do not support keep-alives ignore this field. If negative,
keep-alive probes are disabled.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
dialTimeout:
anyOf:
@ -60,6 +61,7 @@ spec:
- type: string
description: DialTimeout is the amount of time to wait until a connection
to a backend server can be established.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
terminationDelay:
anyOf:
@ -68,6 +70,7 @@ spec:
description: TerminationDelay defines the delay to wait before fully
terminating the connection, after one connected peer has closed
its writing capability.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
tls:
description: TLS defines the TLS configuration

25
docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml
View file

@ -301,6 +301,10 @@ spec:
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string
secure:
description: Secure defines whether the cookie can
@ -313,11 +317,14 @@ spec:
description: |-
Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string
weight:
description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer
required:
- name
@ -419,6 +426,10 @@ spec:
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string
secure:
description: Secure defines whether the cookie can only
@ -430,11 +441,14 @@ spec:
description: |-
Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string
weight:
description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer
required:
- name
@ -613,6 +627,10 @@ spec:
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string
secure:
description: Secure defines whether the cookie can
@ -625,11 +643,14 @@ spec:
description: |-
Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
enum:
- RoundRobin
type: string
weight:
description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
minimum: 0
type: integer
required:
- name
@ -671,6 +692,10 @@ spec:
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
enum:
- none
- lax
- strict
type: string
secure:
description: Secure defines whether the cookie can only