Improve CEL validation on Ingress CRD resources

2025-03-06 14:48:04 +00:00 · 2025-03-06 14:48:04 +00:00 · c166a41c99
commit c166a41c99
parent 740b4cfd25
21 changed files with 282 additions and 0 deletions
--- a/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml
@ -63,6 +63,7 @@ spec:
                    - type: string
                    description: DialTimeout is the amount of time to wait until a
                      connection to a backend server can be established.
+                    pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
                    x-kubernetes-int-or-string: true
                  idleConnTimeout:
                    anyOf:
@ -71,6 +72,7 @@ spec:
                    description: IdleConnTimeout is the maximum period for which an
                      idle HTTP keep-alive connection will remain open before closing
                      itself.
+                    pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
                    x-kubernetes-int-or-string: true
                  pingTimeout:
                    anyOf:
@ -78,6 +80,7 @@ spec:
                    - type: string
                    description: PingTimeout is the timeout after which the HTTP/2
                      connection will be closed if a response to ping is not received.
+                    pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
                    x-kubernetes-int-or-string: true
                  readIdleTimeout:
                    anyOf:
@ -86,6 +89,7 @@ spec:
                    description: ReadIdleTimeout is the timeout after which a health
                      check using ping frame will be carried out if no frame is received
                      on the HTTP/2 connection.
+                    pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
                    x-kubernetes-int-or-string: true
                  responseHeaderTimeout:
                    anyOf:
@ -94,6 +98,7 @@ spec:
                    description: ResponseHeaderTimeout is the amount of time to wait
                      for a server's response headers after fully writing the request
                      (including its body, if any).
+                    pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
                    x-kubernetes-int-or-string: true
                type: object
              insecureSkipVerify:
@ -102,6 +107,7 @@ spec:
              maxIdleConnsPerHost:
                description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
                  to keep per-host.
+                minimum: 0
                type: integer
              peerCertURI:
                description: PeerCertURI defines the peer cert URI used to match against