Add an anchor on the options names.
This commit is contained in:
Nicolas Mengin
GitHub
parent
0b240ca97a
commit
c294b87a45
83 changed files with 2893 additions and 2586 deletions
|
|
@ -76,55 +76,55 @@ spec:
|
|||
|
||||
| Field | Description | Default | Required |
|
||||
|:---------------------------------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------|:---------|
|
||||
| `entryPoints` | List of [entry points](../../../../install-configuration/entrypoints.md) names.<br />If not specified, HTTP routers will accept requests from all EntryPoints in the list of default EntryPoints. | | No |
|
||||
| `routes` | List of routes. | | Yes |
|
||||
| `routes[n].kind` | Kind of router matching, only `Rule` is allowed yet. | "Rule" | No |
|
||||
| `routes[n].match` | Defines the [rule](../../../http/router/rules-and-priority.md#rules) corresponding to an underlying router. | | Yes |
|
||||
| `routes[n].priority` | Defines the [priority](../../../http/router/rules-and-priority.md#priority-calculation) to disambiguate rules of the same length, for route matching.<br />If not set, the priority is directly equal to the length of the rule, and so the longest length has the highest priority.<br />A value of `0` for the priority is ignored, the default rules length sorting is used. | 0 | No |
|
||||
| `routes[n].middlewares` | List of middlewares to attach to the IngressRoute. <br />More information [here](#middleware). | "" | No |
|
||||
| `routes[n].`<br />`middlewares[m].`<br />`name` | Middleware name.<br />The character `@` is not authorized. <br />More information [here](#middleware). | | Yes |
|
||||
| `routes[n].`<br />`middlewares[m].`<br />`namespace` | Middleware namespace.<br />Can be empty if the middleware belongs to the same namespace as the IngressRoute. <br />More information [here](#middleware). | | No |
|
||||
| `routes[n].`<br />`observability.`<br />`accesslogs` | Defines whether the route will produce [access-logs](../../../../install-configuration/observability/logs-and-accesslogs.md). See [here](../../../http/router/observability.md) for more information. | false | No |
|
||||
| `routes[n].`<br />`observability.`<br />`metrics` | Defines whether the route will produce [metrics](../../../../install-configuration/observability/metrics.md). See [here](../../../http/router/observability.md) for more information. | false | No |
|
||||
| `routes[n].`<br />`observability.`<br />`tracing` | Defines whether the route will produce [traces](../../../../install-configuration/observability/tracing.md). See [here](../../../http/router/observability.md) for more information. | false | No |
|
||||
| `routes[n].`<br />`services` | List of any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). <br />More information [here](#externalname-service). | | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`kind` | Kind of the service targeted.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br /> **TraefikService**: Traefik Service.<br />More information [here](#externalname-service). | "Service" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`name` | Service name.<br />The character `@` is not authorized. <br />More information [here](#middleware). | | Yes |
|
||||
| `routes[n].`<br />`services[m].`<br />`namespace` | Service namespace.<br />Can be empty if the service belongs to the same namespace as the IngressRoute. <br />More information [here](#externalname-service). | | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`port` | Service port (number or port name).<br />Evaluated only if the kind is **Service**. | | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`responseForwarding.`<br />`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind is **Service**. | 100ms | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`scheme` | Scheme to use for the request to the upstream Kubernetes Service.<br />Evaluated only if the kind is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and your servers.<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`passHostHeader` | Forward client Host header to server.<br />Evaluated only if the kind is **Service**. | true | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.scheme` | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.mode` | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "http" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.path` | Server URL path for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.interval` | Frequency of the health check calls for healthy targets.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "100ms" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.unhealthyInterval` | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "100ms" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.method` | HTTP method for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "GET" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.status` | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind is **Service**. | | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.port` | URL port for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "5s" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.hostname` | Value in the Host header of the health check request.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.`<br />`followRedirect` | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | true | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`healthCheck.headers` | Map of header to send to the health check endpoint<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service)). | | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness.<br />When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.<br />On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.<br />If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind is **Service**. | 0 | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`strategy` | Load balancing strategy between the servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind is **Service**. | "RoundRobin" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`weight` | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br /> Evaluated only if the kind is **Service**. | false | No |
|
||||
| `routes[n].`<br />`services[m].`<br />`nodePortLB` | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `tls` | TLS configuration.<br />Can be an empty value(`{}`):<br />A self signed is generated in such a case<br />(or the [default certificate](tlsstore.md) is used if it is defined.) | | No |
|
||||
| `tls.secretName` | [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the same namesapce as the `IngressRoute`) | "" | No |
|
||||
| `tls.`<br />`options.name` | Name of the [`TLSOption`](tlsoption.md) to use.<br />More information [here](#tls-options). | "" | No |
|
||||
| `tls.`<br />`options.namespace` | Namespace of the [`TLSOption`](tlsoption.md) to use. | "" | No |
|
||||
| `tls.certResolver` | Name of the [Certificate Resolver](../../../../install-configuration/tls/certificate-resolvers/overview.md) to use to generate automatic TLS certificates. | "" | No |
|
||||
| `tls.domains` | List of domains to serve using the certificates generates (one `tls.domain`= one certificate).<br />More information in the [dedicated section](../../../../install-configuration/tls/certificate-resolvers/acme.md#domain-definition). | | No |
|
||||
| `tls.`<br />`domains[n].main` | Main domain name | "" | Yes |
|
||||
| `tls.`<br />`domains[n].sans` | List of alternative domains (SANs) | | No |
|
||||
| <a id="entryPoints" href="#entryPoints" title="#entryPoints">`entryPoints`</a> | List of [entry points](../../../../install-configuration/entrypoints.md) names.<br />If not specified, HTTP routers will accept requests from all EntryPoints in the list of default EntryPoints. | | No |
|
||||
| <a id="routes" href="#routes" title="#routes">`routes`</a> | List of routes. | | Yes |
|
||||
| <a id="routesn-kind" href="#routesn-kind" title="#routesn-kind">`routes[n].kind`</a> | Kind of router matching, only `Rule` is allowed yet. | "Rule" | No |
|
||||
| <a id="routesn-match" href="#routesn-match" title="#routesn-match">`routes[n].match`</a> | Defines the [rule](../../../http/router/rules-and-priority.md#rules) corresponding to an underlying router. | | Yes |
|
||||
| <a id="routesn-priority" href="#routesn-priority" title="#routesn-priority">`routes[n].priority`</a> | Defines the [priority](../../../http/router/rules-and-priority.md#priority-calculation) to disambiguate rules of the same length, for route matching.<br />If not set, the priority is directly equal to the length of the rule, and so the longest length has the highest priority.<br />A value of `0` for the priority is ignored, the default rules length sorting is used. | 0 | No |
|
||||
| <a id="routesn-middlewares" href="#routesn-middlewares" title="#routesn-middlewares">`routes[n].middlewares`</a> | List of middlewares to attach to the IngressRoute. <br />More information [here](#middleware). | "" | No |
|
||||
| <a id="routesn-middlewaresm-name" href="#routesn-middlewaresm-name" title="#routesn-middlewaresm-name">`routes[n].`<br />`middlewares[m].`<br />`name`</a> | Middleware name.<br />The character `@` is not authorized. <br />More information [here](#middleware). | | Yes |
|
||||
| <a id="routesn-middlewaresm-namespace" href="#routesn-middlewaresm-namespace" title="#routesn-middlewaresm-namespace">`routes[n].`<br />`middlewares[m].`<br />`namespace`</a> | Middleware namespace.<br />Can be empty if the middleware belongs to the same namespace as the IngressRoute. <br />More information [here](#middleware). | | No |
|
||||
| <a id="routesn-observability-accesslogs" href="#routesn-observability-accesslogs" title="#routesn-observability-accesslogs">`routes[n].`<br />`observability.`<br />`accesslogs`</a> | Defines whether the route will produce [access-logs](../../../../install-configuration/observability/logs-and-accesslogs.md). See [here](../../../http/router/observability.md) for more information. | false | No |
|
||||
| <a id="routesn-observability-metrics" href="#routesn-observability-metrics" title="#routesn-observability-metrics">`routes[n].`<br />`observability.`<br />`metrics`</a> | Defines whether the route will produce [metrics](../../../../install-configuration/observability/metrics.md). See [here](../../../http/router/observability.md) for more information. | false | No |
|
||||
| <a id="routesn-observability-tracing" href="#routesn-observability-tracing" title="#routesn-observability-tracing">`routes[n].`<br />`observability.`<br />`tracing`</a> | Defines whether the route will produce [traces](../../../../install-configuration/observability/tracing.md). See [here](../../../http/router/observability.md) for more information. | false | No |
|
||||
| <a id="routesn-services" href="#routesn-services" title="#routesn-services">`routes[n].`<br />`services`</a> | List of any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). <br />More information [here](#externalname-service). | | No |
|
||||
| <a id="routesn-servicesm-kind" href="#routesn-servicesm-kind" title="#routesn-servicesm-kind">`routes[n].`<br />`services[m].`<br />`kind`</a> | Kind of the service targeted.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br /> **TraefikService**: Traefik Service.<br />More information [here](#externalname-service). | "Service" | No |
|
||||
| <a id="routesn-servicesm-name" href="#routesn-servicesm-name" title="#routesn-servicesm-name">`routes[n].`<br />`services[m].`<br />`name`</a> | Service name.<br />The character `@` is not authorized. <br />More information [here](#middleware). | | Yes |
|
||||
| <a id="routesn-servicesm-namespace" href="#routesn-servicesm-namespace" title="#routesn-servicesm-namespace">`routes[n].`<br />`services[m].`<br />`namespace`</a> | Service namespace.<br />Can be empty if the service belongs to the same namespace as the IngressRoute. <br />More information [here](#externalname-service). | | No |
|
||||
| <a id="routesn-servicesm-port" href="#routesn-servicesm-port" title="#routesn-servicesm-port">`routes[n].`<br />`services[m].`<br />`port`</a> | Service port (number or port name).<br />Evaluated only if the kind is **Service**. | | No |
|
||||
| <a id="routesn-servicesm-responseForwarding-flushInterval" href="#routesn-servicesm-responseForwarding-flushInterval" title="#routesn-servicesm-responseForwarding-flushInterval">`routes[n].`<br />`services[m].`<br />`responseForwarding.`<br />`flushInterval`</a> | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind is **Service**. | 100ms | No |
|
||||
| <a id="routesn-servicesm-scheme" href="#routesn-servicesm-scheme" title="#routesn-servicesm-scheme">`routes[n].`<br />`services[m].`<br />`scheme`</a> | Scheme to use for the request to the upstream Kubernetes Service.<br />Evaluated only if the kind is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
|
||||
| <a id="routesn-servicesm-serversTransport" href="#routesn-servicesm-serversTransport" title="#routesn-servicesm-serversTransport">`routes[n].`<br />`services[m].`<br />`serversTransport`</a> | Name of ServersTransport resource to use to configure the transport between Traefik and your servers.<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| <a id="routesn-servicesm-passHostHeader" href="#routesn-servicesm-passHostHeader" title="#routesn-servicesm-passHostHeader">`routes[n].`<br />`services[m].`<br />`passHostHeader`</a> | Forward client Host header to server.<br />Evaluated only if the kind is **Service**. | true | No |
|
||||
| <a id="routesn-servicesm-healthCheck-scheme" href="#routesn-servicesm-healthCheck-scheme" title="#routesn-servicesm-healthCheck-scheme">`routes[n].`<br />`services[m].`<br />`healthCheck.scheme`</a> | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
|
||||
| <a id="routesn-servicesm-healthCheck-mode" href="#routesn-servicesm-healthCheck-mode" title="#routesn-servicesm-healthCheck-mode">`routes[n].`<br />`services[m].`<br />`healthCheck.mode`</a> | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "http" | No |
|
||||
| <a id="routesn-servicesm-healthCheck-path" href="#routesn-servicesm-healthCheck-path" title="#routesn-servicesm-healthCheck-path">`routes[n].`<br />`services[m].`<br />`healthCheck.path`</a> | Server URL path for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
|
||||
| <a id="routesn-servicesm-healthCheck-interval" href="#routesn-servicesm-healthCheck-interval" title="#routesn-servicesm-healthCheck-interval">`routes[n].`<br />`services[m].`<br />`healthCheck.interval`</a> | Frequency of the health check calls for healthy targets.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "100ms" | No |
|
||||
| <a id="routesn-servicesm-healthCheck-unhealthyInterval" href="#routesn-servicesm-healthCheck-unhealthyInterval" title="#routesn-servicesm-healthCheck-unhealthyInterval">`routes[n].`<br />`services[m].`<br />`healthCheck.unhealthyInterval`</a> | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "100ms" | No |
|
||||
| <a id="routesn-servicesm-healthCheck-method" href="#routesn-servicesm-healthCheck-method" title="#routesn-servicesm-healthCheck-method">`routes[n].`<br />`services[m].`<br />`healthCheck.method`</a> | HTTP method for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "GET" | No |
|
||||
| <a id="routesn-servicesm-healthCheck-status" href="#routesn-servicesm-healthCheck-status" title="#routesn-servicesm-healthCheck-status">`routes[n].`<br />`services[m].`<br />`healthCheck.status`</a> | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind is **Service**. | | No |
|
||||
| <a id="routesn-servicesm-healthCheck-port" href="#routesn-servicesm-healthCheck-port" title="#routesn-servicesm-healthCheck-port">`routes[n].`<br />`services[m].`<br />`healthCheck.port`</a> | URL port for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | | No |
|
||||
| <a id="routesn-servicesm-healthCheck-timeout" href="#routesn-servicesm-healthCheck-timeout" title="#routesn-servicesm-healthCheck-timeout">`routes[n].`<br />`services[m].`<br />`healthCheck.timeout`</a> | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "5s" | No |
|
||||
| <a id="routesn-servicesm-healthCheck-hostname" href="#routesn-servicesm-healthCheck-hostname" title="#routesn-servicesm-healthCheck-hostname">`routes[n].`<br />`services[m].`<br />`healthCheck.hostname`</a> | Value in the Host header of the health check request.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
|
||||
| <a id="routesn-servicesm-healthCheck-followRedirect" href="#routesn-servicesm-healthCheck-followRedirect" title="#routesn-servicesm-healthCheck-followRedirect">`routes[n].`<br />`services[m].`<br />`healthCheck.`<br />`followRedirect`</a> | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | true | No |
|
||||
| <a id="routesn-servicesm-healthCheck-headers" href="#routesn-servicesm-healthCheck-headers" title="#routesn-servicesm-healthCheck-headers">`routes[n].`<br />`services[m].`<br />`healthCheck.headers`</a> | Map of header to send to the health check endpoint<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service)). | | No |
|
||||
| <a id="routesn-servicesm-sticky-cookie-name" href="#routesn-servicesm-sticky-cookie-name" title="#routesn-servicesm-sticky-cookie-name">`routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.name`</a> | Name of the cookie used for the stickiness.<br />When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.<br />On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.<br />If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| <a id="routesn-servicesm-sticky-cookie-httpOnly" href="#routesn-servicesm-sticky-cookie-httpOnly" title="#routesn-servicesm-sticky-cookie-httpOnly">`routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.httpOnly`</a> | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| <a id="routesn-servicesm-sticky-cookie-secure" href="#routesn-servicesm-sticky-cookie-secure" title="#routesn-servicesm-sticky-cookie-secure">`routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.secure`</a> | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| <a id="routesn-servicesm-sticky-cookie-sameSite" href="#routesn-servicesm-sticky-cookie-sameSite" title="#routesn-servicesm-sticky-cookie-sameSite">`routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.sameSite`</a> | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| <a id="routesn-servicesm-sticky-cookie-maxAge" href="#routesn-servicesm-sticky-cookie-maxAge" title="#routesn-servicesm-sticky-cookie-maxAge">`routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.maxAge`</a> | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind is **Service**. | 0 | No |
|
||||
| <a id="routesn-servicesm-strategy" href="#routesn-servicesm-strategy" title="#routesn-servicesm-strategy">`routes[n].`<br />`services[m].`<br />`strategy`</a> | Load balancing strategy between the servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind is **Service**. | "RoundRobin" | No |
|
||||
| <a id="routesn-servicesm-weight" href="#routesn-servicesm-weight" title="#routesn-servicesm-weight">`routes[n].`<br />`services[m].`<br />`weight`</a> | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
|
||||
| <a id="routesn-servicesm-nativeLB" href="#routesn-servicesm-nativeLB" title="#routesn-servicesm-nativeLB">`routes[n].`<br />`services[m].`<br />`nativeLB`</a> | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br /> Evaluated only if the kind is **Service**. | false | No |
|
||||
| <a id="routesn-servicesm-nodePortLB" href="#routesn-servicesm-nodePortLB" title="#routesn-servicesm-nodePortLB">`routes[n].`<br />`services[m].`<br />`nodePortLB`</a> | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| <a id="tls" href="#tls" title="#tls">`tls`</a> | TLS configuration.<br />Can be an empty value(`{}`):<br />A self signed is generated in such a case<br />(or the [default certificate](tlsstore.md) is used if it is defined.) | | No |
|
||||
| <a id="tls-secretName" href="#tls-secretName" title="#tls-secretName">`tls.secretName`</a> | [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the same namesapce as the `IngressRoute`) | "" | No |
|
||||
| <a id="tls-options-name" href="#tls-options-name" title="#tls-options-name">`tls.`<br />`options.name`</a> | Name of the [`TLSOption`](tlsoption.md) to use.<br />More information [here](#tls-options). | "" | No |
|
||||
| <a id="tls-options-namespace" href="#tls-options-namespace" title="#tls-options-namespace">`tls.`<br />`options.namespace`</a> | Namespace of the [`TLSOption`](tlsoption.md) to use. | "" | No |
|
||||
| <a id="tls-certResolver" href="#tls-certResolver" title="#tls-certResolver">`tls.certResolver`</a> | Name of the [Certificate Resolver](../../../../install-configuration/tls/certificate-resolvers/overview.md) to use to generate automatic TLS certificates. | "" | No |
|
||||
| <a id="tls-domains" href="#tls-domains" title="#tls-domains">`tls.domains`</a> | List of domains to serve using the certificates generates (one `tls.domain`= one certificate).<br />More information in the [dedicated section](../../../../install-configuration/tls/certificate-resolvers/acme.md#domain-definition). | | No |
|
||||
| <a id="tls-domainsn-main" href="#tls-domainsn-main" title="#tls-domainsn-main">`tls.`<br />`domains[n].main`</a> | Main domain name | "" | Yes |
|
||||
| <a id="tls-domainsn-sans" href="#tls-domainsn-sans" title="#tls-domainsn-sans">`tls.`<br />`domains[n].sans`</a> | List of alternative domains (SANs) | | No |
|
||||
|
||||
### ExternalName Service
|
||||
|
||||
|
|
|
|||
|
|
@ -55,18 +55,18 @@ spec:
|
|||
|
||||
| Field | Description | Default | Required |
|
||||
|:------|:----------------------------------------------------------|:---------------------|:---------|
|
||||
| `serverstransport.`<br />`serverName` | Defines the server name that will be used for SNI. | | No |
|
||||
| `serverstransport.`<br />`insecureSkipVerify` | Controls whether the server's certificate chain and host name is verified. | false | No |
|
||||
| `serverstransport.`<br />`rootcas` | Set of root certificate authorities to use when verifying server certificates. (for mTLS connections). | | No |
|
||||
| `serverstransport.`<br />`certificatesSecrets` | Certificates to present to the server for mTLS. | | No |
|
||||
| `serverstransport.`<br />`maxIdleConnsPerHost` | Maximum idle (keep-alive) connections to keep per-host. | 200 | No |
|
||||
| `serverstransport.`<br />`disableHTTP2` | Disables HTTP/2 for connections with servers. | false | No |
|
||||
| `serverstransport.`<br />`peerCertURI` | Defines the URI used to match against SAN URIs during the server's certificate verification. | "" | No |
|
||||
| `serverstransport.`<br />`forwardingTimeouts.dialTimeout` | Amount of time to wait until a connection to a server can be established.<br />Zero means no timeout. | 30s | No |
|
||||
| `serverstransport.`<br />`forwardingTimeouts.responseHeaderTimeout` | Amount of time to wait for a server's response headers after fully writing the request (including its body, if any).<br />Zero means no timeout | 0s | No |
|
||||
| `serverstransport.`<br />`forwardingTimeouts.idleConnTimeout` | Maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.<br />Zero means no timeout. | 90s | No |
|
||||
| `serverstransport.`<br />`spiffe.ids` | Allow SPIFFE IDs.<br />This takes precedence over the SPIFFE TrustDomain. | | No |
|
||||
| `serverstransport.`<br />`spiffe.trustDomain` | Allow SPIFFE trust domain. | "" | No |
|
||||
| <a id="serverstransport-serverName" href="#serverstransport-serverName" title="#serverstransport-serverName">`serverstransport.`<br />`serverName`</a> | Defines the server name that will be used for SNI. | | No |
|
||||
| <a id="serverstransport-insecureSkipVerify" href="#serverstransport-insecureSkipVerify" title="#serverstransport-insecureSkipVerify">`serverstransport.`<br />`insecureSkipVerify`</a> | Controls whether the server's certificate chain and host name is verified. | false | No |
|
||||
| <a id="serverstransport-rootcas" href="#serverstransport-rootcas" title="#serverstransport-rootcas">`serverstransport.`<br />`rootcas`</a> | Set of root certificate authorities to use when verifying server certificates. (for mTLS connections). | | No |
|
||||
| <a id="serverstransport-certificatesSecrets" href="#serverstransport-certificatesSecrets" title="#serverstransport-certificatesSecrets">`serverstransport.`<br />`certificatesSecrets`</a> | Certificates to present to the server for mTLS. | | No |
|
||||
| <a id="serverstransport-maxIdleConnsPerHost" href="#serverstransport-maxIdleConnsPerHost" title="#serverstransport-maxIdleConnsPerHost">`serverstransport.`<br />`maxIdleConnsPerHost`</a> | Maximum idle (keep-alive) connections to keep per-host. | 200 | No |
|
||||
| <a id="serverstransport-disableHTTP2" href="#serverstransport-disableHTTP2" title="#serverstransport-disableHTTP2">`serverstransport.`<br />`disableHTTP2`</a> | Disables HTTP/2 for connections with servers. | false | No |
|
||||
| <a id="serverstransport-peerCertURI" href="#serverstransport-peerCertURI" title="#serverstransport-peerCertURI">`serverstransport.`<br />`peerCertURI`</a> | Defines the URI used to match against SAN URIs during the server's certificate verification. | "" | No |
|
||||
| <a id="serverstransport-forwardingTimeouts-dialTimeout" href="#serverstransport-forwardingTimeouts-dialTimeout" title="#serverstransport-forwardingTimeouts-dialTimeout">`serverstransport.`<br />`forwardingTimeouts.dialTimeout`</a> | Amount of time to wait until a connection to a server can be established.<br />Zero means no timeout. | 30s | No |
|
||||
| <a id="serverstransport-forwardingTimeouts-responseHeaderTimeout" href="#serverstransport-forwardingTimeouts-responseHeaderTimeout" title="#serverstransport-forwardingTimeouts-responseHeaderTimeout">`serverstransport.`<br />`forwardingTimeouts.responseHeaderTimeout`</a> | Amount of time to wait for a server's response headers after fully writing the request (including its body, if any).<br />Zero means no timeout | 0s | No |
|
||||
| <a id="serverstransport-forwardingTimeouts-idleConnTimeout" href="#serverstransport-forwardingTimeouts-idleConnTimeout" title="#serverstransport-forwardingTimeouts-idleConnTimeout">`serverstransport.`<br />`forwardingTimeouts.idleConnTimeout`</a> | Maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.<br />Zero means no timeout. | 90s | No |
|
||||
| <a id="serverstransport-spiffe-ids" href="#serverstransport-spiffe-ids" title="#serverstransport-spiffe-ids">`serverstransport.`<br />`spiffe.ids`</a> | Allow SPIFFE IDs.<br />This takes precedence over the SPIFFE TrustDomain. | | No |
|
||||
| <a id="serverstransport-spiffe-trustDomain" href="#serverstransport-spiffe-trustDomain" title="#serverstransport-spiffe-trustDomain">`serverstransport.`<br />`spiffe.trustDomain`</a> | Allow SPIFFE trust domain. | "" | No |
|
||||
|
||||
!!! note "CA Secret"
|
||||
The CA secret must contain a base64 encoded certificate under either a tls.ca or a ca.crt key.
|
||||
|
|
|
|||
|
|
@ -48,15 +48,15 @@ spec:
|
|||
|
||||
| Field | Description | Default | Required |
|
||||
|:----------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------|:---------|
|
||||
| `minVersion` | Minimum TLS version that is acceptable. | "VersionTLS12" | No |
|
||||
| `maxVersion` | Maximum TLS version that is acceptable.<br />We do not recommend setting this option to disable TLS 1.3. | | No |
|
||||
| `cipherSuites` | List of supported [cipher suites](https://godoc.org/crypto/tls#pkg-constants) for TLS versions up to TLS 1.2.<br />[Cipher suites defined for TLS 1.2 and below cannot be used in TLS 1.3, and vice versa.](https://tools.ietf.org/html/rfc8446)<br />With TLS 1.3, [the cipher suites are not configurable](https://golang.org/doc/go1.12#tls_1_3) (all supported cipher suites are safe in this case). | | No |
|
||||
| `curvePreferences` | List of the elliptic curves references that will be used in an ECDHE handshake.<br />Use curves names from [`crypto`](https://godoc.org/crypto/tls#CurveID) or the [RFC](https://tools.ietf.org/html/rfc8446#section-4.2.7).<br />See [CurveID](https://godoc.org/crypto/tls#CurveID) for more information. | | No |
|
||||
| `clientAuth.secretNames` | Client Authentication (mTLS) option.<br />List of names of the referenced Kubernetes [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/) (in TLSOption namespace).<br /> The secret must contain a certificate under either a `tls.ca` or a `ca.crt` key. | | No |
|
||||
| `clientAuth.clientAuthType` | Client Authentication (mTLS) option.<br />Client authentication type to apply. Available values [here](#client-authentication-mtls). | | No |
|
||||
| `sniStrict` | Allow rejecting connections from clients connections that do not specify a server_name extension.<br />The [default certificate](../../../http/tls/tls-certificates.md#default-certificate) is never served is the option is enabled. | false | No |
|
||||
| `alpnProtocols` | List of supported application level protocols for the TLS handshake, in order of preference.<br />If the client supports ALPN, the selected protocol will be one from this list, and the connection will fail if there is no mutually supported protocol. | "h2, http/1.1, acme-tls/1" | No |
|
||||
| `disableSessiontTickets` | Allow disabling the use of session tickets, forcing every client to perform a full TLS handshake instead of resuming sessions. | false | No |
|
||||
| <a id="minVersion" href="#minVersion" title="#minVersion">`minVersion`</a> | Minimum TLS version that is acceptable. | "VersionTLS12" | No |
|
||||
| <a id="maxVersion" href="#maxVersion" title="#maxVersion">`maxVersion`</a> | Maximum TLS version that is acceptable.<br />We do not recommend setting this option to disable TLS 1.3. | | No |
|
||||
| <a id="cipherSuites" href="#cipherSuites" title="#cipherSuites">`cipherSuites`</a> | List of supported [cipher suites](https://godoc.org/crypto/tls#pkg-constants) for TLS versions up to TLS 1.2.<br />[Cipher suites defined for TLS 1.2 and below cannot be used in TLS 1.3, and vice versa.](https://tools.ietf.org/html/rfc8446)<br />With TLS 1.3, [the cipher suites are not configurable](https://golang.org/doc/go1.12#tls_1_3) (all supported cipher suites are safe in this case). | | No |
|
||||
| <a id="curvePreferences" href="#curvePreferences" title="#curvePreferences">`curvePreferences`</a> | List of the elliptic curves references that will be used in an ECDHE handshake.<br />Use curves names from [`crypto`](https://godoc.org/crypto/tls#CurveID) or the [RFC](https://tools.ietf.org/html/rfc8446#section-4.2.7).<br />See [CurveID](https://godoc.org/crypto/tls#CurveID) for more information. | | No |
|
||||
| <a id="clientAuth-secretNames" href="#clientAuth-secretNames" title="#clientAuth-secretNames">`clientAuth.secretNames`</a> | Client Authentication (mTLS) option.<br />List of names of the referenced Kubernetes [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/) (in TLSOption namespace).<br /> The secret must contain a certificate under either a `tls.ca` or a `ca.crt` key. | | No |
|
||||
| <a id="clientAuth-clientAuthType" href="#clientAuth-clientAuthType" title="#clientAuth-clientAuthType">`clientAuth.clientAuthType`</a> | Client Authentication (mTLS) option.<br />Client authentication type to apply. Available values [here](#client-authentication-mtls). | | No |
|
||||
| <a id="sniStrict" href="#sniStrict" title="#sniStrict">`sniStrict`</a> | Allow rejecting connections from clients connections that do not specify a server_name extension.<br />The [default certificate](../../../http/tls/tls-certificates.md#default-certificate) is never served is the option is enabled. | false | No |
|
||||
| <a id="alpnProtocols" href="#alpnProtocols" title="#alpnProtocols">`alpnProtocols`</a> | List of supported application level protocols for the TLS handshake, in order of preference.<br />If the client supports ALPN, the selected protocol will be one from this list, and the connection will fail if there is no mutually supported protocol. | "h2, http/1.1, acme-tls/1" | No |
|
||||
| <a id="disableSessiontTickets" href="#disableSessiontTickets" title="#disableSessiontTickets">`disableSessiontTickets`</a> | Allow disabling the use of session tickets, forcing every client to perform a full TLS handshake instead of resuming sessions. | false | No |
|
||||
|
||||
### Client Authentication (mTLS)
|
||||
|
||||
|
|
@ -78,6 +78,6 @@ The default behavior is summed up in the table below:
|
|||
|
||||
| Configuration | Behavior |
|
||||
|:--------------------------|:------------------------------------------------------------|
|
||||
| No `default` TLS Option | Default internal set of TLS Options by default. |
|
||||
| One `default` TLS Option | Custom TLS Options applied by default. |
|
||||
| Many `default` TLS Option | Error log + Default internal set of TLS Options by default. |
|
||||
| <a id="No-default-TLS-Option" href="#No-default-TLS-Option" title="#No-default-TLS-Option">No `default` TLS Option</a> | Default internal set of TLS Options by default. |
|
||||
| <a id="One-default-TLS-Option" href="#One-default-TLS-Option" title="#One-default-TLS-Option">One `default` TLS Option</a> | Custom TLS Options applied by default. |
|
||||
| <a id="Many-default-TLS-Option" href="#Many-default-TLS-Option" title="#Many-default-TLS-Option">Many `default` TLS Option</a> | Error log + Default internal set of TLS Options by default. |
|
||||
|
|
|
|||
|
|
@ -29,11 +29,11 @@ spec:
|
|||
|
||||
| Field | Description | Required |
|
||||
|:---------------------------------------|:-------------------------|:---------|
|
||||
| `certificates[n].secretName` | List of Kubernetes [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/), each of them holding a key/certificate pair to add to the store. | No |
|
||||
| `defaultCertificate.secretName` | Name of the Kubernetes [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) served for connections without a SNI, or without a matching domain. If no default certificate is provided, Traefik will use the generated one. Do not use if the option `defaultGeneratedCert` is set. | No |
|
||||
| `defaultGeneratedCert.resolver` | Name of the ACME resolver to use to generate the default certificate.<br /> Do not use if the option `defaultCertificate` is set. | No |
|
||||
| `defaultGeneratedCert.domain.main` | Main domain used to generate the default certificate.<br /> Do not use if the option `defaultCertificate` is set. | No |
|
||||
| `defaultGeneratedCert.domain.sans` | List of [Subject Alternative Name](https://en.wikipedia.org/wiki/Subject_Alternative_Name) used to generate the default certificate.<br /> Do not use if the option `defaultCertificate` is set. | No |
|
||||
| <a id="certificatesn-secretName" href="#certificatesn-secretName" title="#certificatesn-secretName">`certificates[n].secretName`</a> | List of Kubernetes [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/), each of them holding a key/certificate pair to add to the store. | No |
|
||||
| <a id="defaultCertificate-secretName" href="#defaultCertificate-secretName" title="#defaultCertificate-secretName">`defaultCertificate.secretName`</a> | Name of the Kubernetes [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) served for connections without a SNI, or without a matching domain. If no default certificate is provided, Traefik will use the generated one. Do not use if the option `defaultGeneratedCert` is set. | No |
|
||||
| <a id="defaultGeneratedCert-resolver" href="#defaultGeneratedCert-resolver" title="#defaultGeneratedCert-resolver">`defaultGeneratedCert.resolver`</a> | Name of the ACME resolver to use to generate the default certificate.<br /> Do not use if the option `defaultCertificate` is set. | No |
|
||||
| <a id="defaultGeneratedCert-domain-main" href="#defaultGeneratedCert-domain-main" title="#defaultGeneratedCert-domain-main">`defaultGeneratedCert.domain.main`</a> | Main domain used to generate the default certificate.<br /> Do not use if the option `defaultCertificate` is set. | No |
|
||||
| <a id="defaultGeneratedCert-domain-sans" href="#defaultGeneratedCert-domain-sans" title="#defaultGeneratedCert-domain-sans">`defaultGeneratedCert.domain.sans`</a> | List of [Subject Alternative Name](https://en.wikipedia.org/wiki/Subject_Alternative_Name) used to generate the default certificate.<br /> Do not use if the option `defaultCertificate` is set. | No |
|
||||
|
||||
!!! note "DefaultCertificate vs DefaultGeneratedCert"
|
||||
If both `defaultCertificate` and `defaultGeneratedCert` are set, the TLS certificate contained in `defaultCertificate.secretName` is served. The ACME default certificate is not generated.
|
||||
|
|
|
|||
|
|
@ -150,41 +150,41 @@ data:
|
|||
|
||||
| Field | Description | Default | Required |
|
||||
|:---------------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------|:---------|
|
||||
| `services` | List of any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). <br />. | | No |
|
||||
| `services[m].`<br />`kind` | Kind of the service targeted.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br /> - **TraefikService**: Traefik Service. | "" | No |
|
||||
| `services[m].`<br />`name` | Service name.<br />The character `@` is not authorized. | "" | Yes |
|
||||
| `services[m].`<br />`namespace` | Service namespace. | "" | No |
|
||||
| `services[m].`<br />`port` | Service port (number or port name).<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| `services[m].`<br />`responseForwarding.`<br />`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind is **Service**. | 100ms | No |
|
||||
| `services[m].`<br />`scheme` | Scheme to use for the request to the upstream Kubernetes Service.<br />Evaluated only if the kind is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
|
||||
| `services[m].`<br />`serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and your servers.<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| `services[m].`<br />`passHostHeader` | Forward client Host header to server.<br />Evaluated only if the kind is **Service**. | true | No |
|
||||
| `services[m].`<br />`healthCheck.scheme` | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No |
|
||||
| `services[m].`<br />`healthCheck.mode` | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "http" | No |
|
||||
| `services[m].`<br />`healthCheck.path` | Server URL path for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No |
|
||||
| `services[m].`<br />`healthCheck.interval` | Frequency of the health check calls for healthy targets.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName]`ExternalName`. | "100ms" | No |
|
||||
| `services[m].`<br />`healthCheck.unhealthyInterval` | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName]`ExternalName`. | "100ms" | No |
|
||||
| `services[m].`<br />`healthCheck.method` | HTTP method for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "GET" | No |
|
||||
| `services[m].`<br />`healthCheck.status` | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind is **Service**. | | No |
|
||||
| `services[m].`<br />`healthCheck.port` | URL port for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | | No |
|
||||
| `services[m].`<br />`healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "5s" | No |
|
||||
| `services[m].`<br />`healthCheck.hostname` | Value in the Host header of the health check request.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No |
|
||||
| `services[m].`<br />`healthCheck.`<br />`followRedirect` | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | true | No |
|
||||
| `services[m].`<br />`healthCheck.headers` | Map of header to send to the health check endpoint<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | | No |
|
||||
| `services[m].`<br />`sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness.<br />Evaluated only if the kind is **Service**. | Abbreviation of a sha1<br />(ex: `_1d52e`). | No |
|
||||
| `services[m].`<br />`sticky.`<br />`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `services[m].`<br />`sticky.`<br />`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `services[m].`<br />`sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| `services[m].`<br />`sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind is **Service**. | 0 | No |
|
||||
| `services[m].`<br />`strategy` | Load balancing strategy between the servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind is **Service**. | "RoundRobin" | No |
|
||||
| `services[m].`<br />`weight` | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
|
||||
| `services[m].`<br />`nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `services[m].`<br />`nodePortLB` | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| `sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness at the WRR service level.<br />When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.<br />On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.<br />If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | Abbreviation of a sha1<br />(ex: `_1d52e`). | No |
|
||||
| `sticky.`<br />`cookie.httpOnly` | Allow the cookie used for the stickiness at the WRR service level to be accessed by client-side APIs, such as JavaScript.<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | false | No |
|
||||
| `sticky.`<br />`cookie.secure` | Allow the cookie used for the stickiness at the WRR service level to be only transmitted over an encrypted connection (i.e. HTTPS).<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | false | No |
|
||||
| `sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy for the cookie used for the stickiness at the WRR service level.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | "" | No |
|
||||
| `sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie used for the stickiness at the WRR service level expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires. | 0 | No |
|
||||
| <a id="services" href="#services" title="#services">`services`</a> | List of any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). <br />. | | No |
|
||||
| <a id="servicesm-kind" href="#servicesm-kind" title="#servicesm-kind">`services[m].`<br />`kind`</a> | Kind of the service targeted.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br /> - **TraefikService**: Traefik Service. | "" | No |
|
||||
| <a id="servicesm-name" href="#servicesm-name" title="#servicesm-name">`services[m].`<br />`name`</a> | Service name.<br />The character `@` is not authorized. | "" | Yes |
|
||||
| <a id="servicesm-namespace" href="#servicesm-namespace" title="#servicesm-namespace">`services[m].`<br />`namespace`</a> | Service namespace. | "" | No |
|
||||
| <a id="servicesm-port" href="#servicesm-port" title="#servicesm-port">`services[m].`<br />`port`</a> | Service port (number or port name).<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| <a id="servicesm-responseForwarding-flushInterval" href="#servicesm-responseForwarding-flushInterval" title="#servicesm-responseForwarding-flushInterval">`services[m].`<br />`responseForwarding.`<br />`flushInterval`</a> | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind is **Service**. | 100ms | No |
|
||||
| <a id="servicesm-scheme" href="#servicesm-scheme" title="#servicesm-scheme">`services[m].`<br />`scheme`</a> | Scheme to use for the request to the upstream Kubernetes Service.<br />Evaluated only if the kind is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
|
||||
| <a id="servicesm-serversTransport" href="#servicesm-serversTransport" title="#servicesm-serversTransport">`services[m].`<br />`serversTransport`</a> | Name of ServersTransport resource to use to configure the transport between Traefik and your servers.<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| <a id="servicesm-passHostHeader" href="#servicesm-passHostHeader" title="#servicesm-passHostHeader">`services[m].`<br />`passHostHeader`</a> | Forward client Host header to server.<br />Evaluated only if the kind is **Service**. | true | No |
|
||||
| <a id="servicesm-healthCheck-scheme" href="#servicesm-healthCheck-scheme" title="#servicesm-healthCheck-scheme">`services[m].`<br />`healthCheck.scheme`</a> | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No |
|
||||
| <a id="servicesm-healthCheck-mode" href="#servicesm-healthCheck-mode" title="#servicesm-healthCheck-mode">`services[m].`<br />`healthCheck.mode`</a> | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "http" | No |
|
||||
| <a id="servicesm-healthCheck-path" href="#servicesm-healthCheck-path" title="#servicesm-healthCheck-path">`services[m].`<br />`healthCheck.path`</a> | Server URL path for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No |
|
||||
| <a id="servicesm-healthCheck-interval" href="#servicesm-healthCheck-interval" title="#servicesm-healthCheck-interval">`services[m].`<br />`healthCheck.interval`</a> | Frequency of the health check calls for healthy targets.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName]`ExternalName`. | "100ms" | No |
|
||||
| <a id="servicesm-healthCheck-unhealthyInterval" href="#servicesm-healthCheck-unhealthyInterval" title="#servicesm-healthCheck-unhealthyInterval">`services[m].`<br />`healthCheck.unhealthyInterval`</a> | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName]`ExternalName`. | "100ms" | No |
|
||||
| <a id="servicesm-healthCheck-method" href="#servicesm-healthCheck-method" title="#servicesm-healthCheck-method">`services[m].`<br />`healthCheck.method`</a> | HTTP method for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "GET" | No |
|
||||
| <a id="servicesm-healthCheck-status" href="#servicesm-healthCheck-status" title="#servicesm-healthCheck-status">`services[m].`<br />`healthCheck.status`</a> | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind is **Service**. | | No |
|
||||
| <a id="servicesm-healthCheck-port" href="#servicesm-healthCheck-port" title="#servicesm-healthCheck-port">`services[m].`<br />`healthCheck.port`</a> | URL port for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | | No |
|
||||
| <a id="servicesm-healthCheck-timeout" href="#servicesm-healthCheck-timeout" title="#servicesm-healthCheck-timeout">`services[m].`<br />`healthCheck.timeout`</a> | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "5s" | No |
|
||||
| <a id="servicesm-healthCheck-hostname" href="#servicesm-healthCheck-hostname" title="#servicesm-healthCheck-hostname">`services[m].`<br />`healthCheck.hostname`</a> | Value in the Host header of the health check request.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No |
|
||||
| <a id="servicesm-healthCheck-followRedirect" href="#servicesm-healthCheck-followRedirect" title="#servicesm-healthCheck-followRedirect">`services[m].`<br />`healthCheck.`<br />`followRedirect`</a> | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | true | No |
|
||||
| <a id="servicesm-healthCheck-headers" href="#servicesm-healthCheck-headers" title="#servicesm-healthCheck-headers">`services[m].`<br />`healthCheck.headers`</a> | Map of header to send to the health check endpoint<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | | No |
|
||||
| <a id="servicesm-sticky-cookie-name" href="#servicesm-sticky-cookie-name" title="#servicesm-sticky-cookie-name">`services[m].`<br />`sticky.`<br />`cookie.name`</a> | Name of the cookie used for the stickiness.<br />Evaluated only if the kind is **Service**. | Abbreviation of a sha1<br />(ex: `_1d52e`). | No |
|
||||
| <a id="servicesm-sticky-cookie-httpOnly" href="#servicesm-sticky-cookie-httpOnly" title="#servicesm-sticky-cookie-httpOnly">`services[m].`<br />`sticky.`<br />`cookie.httpOnly`</a> | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| <a id="servicesm-sticky-cookie-secure" href="#servicesm-sticky-cookie-secure" title="#servicesm-sticky-cookie-secure">`services[m].`<br />`sticky.`<br />`cookie.secure`</a> | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| <a id="servicesm-sticky-cookie-sameSite" href="#servicesm-sticky-cookie-sameSite" title="#servicesm-sticky-cookie-sameSite">`services[m].`<br />`sticky.`<br />`cookie.sameSite`</a> | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind is **Service**. | "" | No |
|
||||
| <a id="servicesm-sticky-cookie-maxAge" href="#servicesm-sticky-cookie-maxAge" title="#servicesm-sticky-cookie-maxAge">`services[m].`<br />`sticky.`<br />`cookie.maxAge`</a> | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind is **Service**. | 0 | No |
|
||||
| <a id="servicesm-strategy" href="#servicesm-strategy" title="#servicesm-strategy">`services[m].`<br />`strategy`</a> | Load balancing strategy between the servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind is **Service**. | "RoundRobin" | No |
|
||||
| <a id="servicesm-weight" href="#servicesm-weight" title="#servicesm-weight">`services[m].`<br />`weight`</a> | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
|
||||
| <a id="servicesm-nativeLB" href="#servicesm-nativeLB" title="#servicesm-nativeLB">`services[m].`<br />`nativeLB`</a> | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| <a id="servicesm-nodePortLB" href="#servicesm-nodePortLB" title="#servicesm-nodePortLB">`services[m].`<br />`nodePortLB`</a> | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind is **Service**. | false | No |
|
||||
| <a id="sticky-cookie-name" href="#sticky-cookie-name" title="#sticky-cookie-name">`sticky.`<br />`cookie.name`</a> | Name of the cookie used for the stickiness at the WRR service level.<br />When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.<br />On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.<br />If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | Abbreviation of a sha1<br />(ex: `_1d52e`). | No |
|
||||
| <a id="sticky-cookie-httpOnly" href="#sticky-cookie-httpOnly" title="#sticky-cookie-httpOnly">`sticky.`<br />`cookie.httpOnly`</a> | Allow the cookie used for the stickiness at the WRR service level to be accessed by client-side APIs, such as JavaScript.<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | false | No |
|
||||
| <a id="sticky-cookie-secure" href="#sticky-cookie-secure" title="#sticky-cookie-secure">`sticky.`<br />`cookie.secure`</a> | Allow the cookie used for the stickiness at the WRR service level to be only transmitted over an encrypted connection (i.e. HTTPS).<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | false | No |
|
||||
| <a id="sticky-cookie-sameSite" href="#sticky-cookie-sameSite" title="#sticky-cookie-sameSite">`sticky.`<br />`cookie.sameSite`</a> | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy for the cookie used for the stickiness at the WRR service level.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | "" | No |
|
||||
| <a id="sticky-cookie-maxAge" href="#sticky-cookie-maxAge" title="#sticky-cookie-maxAge">`sticky.`<br />`cookie.maxAge`</a> | Number of seconds until the cookie used for the stickiness at the WRR service level expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires. | 0 | No |
|
||||
|
||||
#### Stickiness on multiple levels
|
||||
|
||||
|
|
@ -375,65 +375,65 @@ spec:
|
|||
|
||||
| Field | Description | Default | Required |
|
||||
|:--------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------|:---------|
|
||||
| `kind` | Kind of the main service.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br />- **TraefikService**: Traefik Service.<br />More information [here](#services) | "" | No |
|
||||
| `name` | Main service name.<br />The character `@` is not authorized. | "" | Yes |
|
||||
| `namespace` | Main service namespace.<br />More information [here](#services). | "" | No |
|
||||
| `port` | Main service port (number or port name).<br />Evaluated only if the kind of the main service is **Service**. | "" | No |
|
||||
| `responseForwarding.`<br />`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind of the main service is **Service**. | 100ms | No |
|
||||
| `scheme` | Scheme to use for the request to the upstream Kubernetes Service.<br />Evaluated only if the kind of the main service is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
|
||||
| `serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and the main service's servers.<br />Evaluated only if the kind of the main service is **Service**. | "" | No |
|
||||
| `passHostHeader` | Forward client Host header to main service's server.<br />Evaluated only if the kind of the main service is **Service**. | true | No |
|
||||
| `healthCheck.scheme` | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| `healthCheck.mode` | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "http" | No |
|
||||
| `healthCheck.path` | Server URL path for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| `healthCheck.interval` | Frequency of the health check calls for healthy targets.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
|
||||
| `healthCheck.unhealthyInterval` | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
|
||||
| `healthCheck.method` | HTTP method for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "GET" | No |
|
||||
| `healthCheck.status` | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind of the main service is **Service**. | | No |
|
||||
| `healthCheck.port` | URL port for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
|
||||
| `healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "5s" | No |
|
||||
| `healthCheck.hostname` | Value in the Host header of the health check request.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| `healthCheck.`<br />`followRedirect` | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | true | No |
|
||||
| `healthCheck.headers` | Map of header to send to the health check endpoint<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
|
||||
| `sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness on the main service.<br />Evaluated only if the kind of the main service is **Service**. | Abbreviation of a sha1<br />(ex: `_1d52e`). | No |
|
||||
| `sticky.`<br />`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind of the main service is **Service**. | false | No |
|
||||
| `sticky.`<br />`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind of the main service is **Service**. | false | No |
|
||||
| `sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind of the main service is **Service**. | "" | No |
|
||||
| `sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind of the main service is **Service**. | 0 | No |
|
||||
| `strategy` | Load balancing strategy between the main service's servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind of the main service is **Service**. | "RoundRobin" | No |
|
||||
| `weight` | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
|
||||
| `nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br />Evaluated only if the kind of the main service is **Service**. | false | No |
|
||||
| `nodePortLB` | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind of the main service is **Service**. | false | No |
|
||||
| `maxBodySize` | Maximum size allowed for the body of the request.<br />If the body is larger, the request is not mirrored.<br />-1 means unlimited size. | -1 | No |
|
||||
| `mirrors` | List of mirrored services to target.<br /> It can be any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). <br />More information [here](#services). | | No |
|
||||
| `mirrors[m].`<br />`kind` | Kind of the mirrored service targeted.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br />- **TraefikService**: Traefik Service.<br />More information [here](#services) | "" | No |
|
||||
| `mirrors[m].`<br />`name` | Mirrored service name.<br />The character `@` is not authorized. | "" | Yes |
|
||||
| `mirrors[m].`<br />`namespace` | Mirrored service namespace.<br />More information [here](#services). | "" | No |
|
||||
| `mirrors[m].`<br />`port` | Mirrored service port (number or port name).<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
|
||||
| `mirrors[m].`<br />`percent` | Part of the traffic to mirror in percent (from 0 to 100) | 0 | No |
|
||||
| `mirrors[m].`<br />`responseForwarding.`<br />`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind of the mirrored service is **Service**. | 100ms | No |
|
||||
| `mirrors[m].`<br />`scheme` | Scheme to use for the request to the mirrored service.<br />Evaluated only if the kind of the mirrored service is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
|
||||
| `mirrors[m].`<br />`serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and the mirrored service servers.<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
|
||||
| `mirrors[m].`<br />`passHostHeader` | Forward client Host header to the mirrored service servers.<br />Evaluated only if the kind of the mirrored service is **Service**. | true | No |
|
||||
| `mirrors[m].`<br />`healthCheck.scheme` | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.mode` | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "http" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.path` | Server URL path for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.interval` | Frequency of the health check calls.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.unhealthyInterval` | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.method` | HTTP method for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "GET" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.status` | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind of the mirrored service is **Service**. | | No |
|
||||
| `mirrors[m].`<br />`healthCheck.port` | URL port for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
|
||||
| `mirrors[m].`<br />`healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "5s" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.hostname` | Value in the Host header of the health check request.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| `mirrors[m].`<br />`healthCheck.`<br />`followRedirect` | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | true | No |
|
||||
| `mirrors[m].`<br />`healthCheck.headers` | Map of header to send to the health check endpoint<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
|
||||
| `mirrors[m].`<br />`sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness.<br />When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.<br />On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.<br />If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
|
||||
| `mirrors[m].`<br />`sticky.`<br />`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
|
||||
| `mirrors[m].`<br />`sticky.`<br />`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
|
||||
| `mirrors[m].`<br />`sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
|
||||
| `mirrors[m].`<br />`sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind of the mirrored service is **Service**. | 0 | No |
|
||||
| `mirrors[m].`<br />`strategy` | Load balancing strategy between the servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind of the mirrored service is **Service**. | "RoundRobin" | No |
|
||||
| `mirrors[m].`<br />`weight` | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
|
||||
| `mirrors[m].`<br />`nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
|
||||
| `mirrors[m].`<br />`nodePortLB` | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
|
||||
| `mirrorBody` | Defines whether the request body should be mirrored. | true | No |
|
||||
| <a id="kind" href="#kind" title="#kind">`kind`</a> | Kind of the main service.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br />- **TraefikService**: Traefik Service.<br />More information [here](#services) | "" | No |
|
||||
| <a id="name" href="#name" title="#name">`name`</a> | Main service name.<br />The character `@` is not authorized. | "" | Yes |
|
||||
| <a id="namespace" href="#namespace" title="#namespace">`namespace`</a> | Main service namespace.<br />More information [here](#services). | "" | No |
|
||||
| <a id="port" href="#port" title="#port">`port`</a> | Main service port (number or port name).<br />Evaluated only if the kind of the main service is **Service**. | "" | No |
|
||||
| <a id="responseForwarding-flushInterval" href="#responseForwarding-flushInterval" title="#responseForwarding-flushInterval">`responseForwarding.`<br />`flushInterval`</a> | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind of the main service is **Service**. | 100ms | No |
|
||||
| <a id="scheme" href="#scheme" title="#scheme">`scheme`</a> | Scheme to use for the request to the upstream Kubernetes Service.<br />Evaluated only if the kind of the main service is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
|
||||
| <a id="serversTransport" href="#serversTransport" title="#serversTransport">`serversTransport`</a> | Name of ServersTransport resource to use to configure the transport between Traefik and the main service's servers.<br />Evaluated only if the kind of the main service is **Service**. | "" | No |
|
||||
| <a id="passHostHeader" href="#passHostHeader" title="#passHostHeader">`passHostHeader`</a> | Forward client Host header to main service's server.<br />Evaluated only if the kind of the main service is **Service**. | true | No |
|
||||
| <a id="healthCheck-scheme" href="#healthCheck-scheme" title="#healthCheck-scheme">`healthCheck.scheme`</a> | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| <a id="healthCheck-mode" href="#healthCheck-mode" title="#healthCheck-mode">`healthCheck.mode`</a> | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "http" | No |
|
||||
| <a id="healthCheck-path" href="#healthCheck-path" title="#healthCheck-path">`healthCheck.path`</a> | Server URL path for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| <a id="healthCheck-interval" href="#healthCheck-interval" title="#healthCheck-interval">`healthCheck.interval`</a> | Frequency of the health check calls for healthy targets.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
|
||||
| <a id="healthCheck-unhealthyInterval" href="#healthCheck-unhealthyInterval" title="#healthCheck-unhealthyInterval">`healthCheck.unhealthyInterval`</a> | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
|
||||
| <a id="healthCheck-method" href="#healthCheck-method" title="#healthCheck-method">`healthCheck.method`</a> | HTTP method for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "GET" | No |
|
||||
| <a id="healthCheck-status" href="#healthCheck-status" title="#healthCheck-status">`healthCheck.status`</a> | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind of the main service is **Service**. | | No |
|
||||
| <a id="healthCheck-port" href="#healthCheck-port" title="#healthCheck-port">`healthCheck.port`</a> | URL port for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
|
||||
| <a id="healthCheck-timeout" href="#healthCheck-timeout" title="#healthCheck-timeout">`healthCheck.timeout`</a> | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "5s" | No |
|
||||
| <a id="healthCheck-hostname" href="#healthCheck-hostname" title="#healthCheck-hostname">`healthCheck.hostname`</a> | Value in the Host header of the health check request.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| <a id="healthCheck-followRedirect" href="#healthCheck-followRedirect" title="#healthCheck-followRedirect">`healthCheck.`<br />`followRedirect`</a> | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | true | No |
|
||||
| <a id="healthCheck-headers" href="#healthCheck-headers" title="#healthCheck-headers">`healthCheck.headers`</a> | Map of header to send to the health check endpoint<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
|
||||
| <a id="sticky-cookie-name-2" href="#sticky-cookie-name-2" title="#sticky-cookie-name-2">`sticky.`<br />`cookie.name`</a> | Name of the cookie used for the stickiness on the main service.<br />Evaluated only if the kind of the main service is **Service**. | Abbreviation of a sha1<br />(ex: `_1d52e`). | No |
|
||||
| <a id="sticky-cookie-httpOnly-2" href="#sticky-cookie-httpOnly-2" title="#sticky-cookie-httpOnly-2">`sticky.`<br />`cookie.httpOnly`</a> | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind of the main service is **Service**. | false | No |
|
||||
| <a id="sticky-cookie-secure-2" href="#sticky-cookie-secure-2" title="#sticky-cookie-secure-2">`sticky.`<br />`cookie.secure`</a> | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind of the main service is **Service**. | false | No |
|
||||
| <a id="sticky-cookie-sameSite-2" href="#sticky-cookie-sameSite-2" title="#sticky-cookie-sameSite-2">`sticky.`<br />`cookie.sameSite`</a> | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind of the main service is **Service**. | "" | No |
|
||||
| <a id="sticky-cookie-maxAge-2" href="#sticky-cookie-maxAge-2" title="#sticky-cookie-maxAge-2">`sticky.`<br />`cookie.maxAge`</a> | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind of the main service is **Service**. | 0 | No |
|
||||
| <a id="strategy" href="#strategy" title="#strategy">`strategy`</a> | Load balancing strategy between the main service's servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind of the main service is **Service**. | "RoundRobin" | No |
|
||||
| <a id="weight" href="#weight" title="#weight">`weight`</a> | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
|
||||
| <a id="nativeLB" href="#nativeLB" title="#nativeLB">`nativeLB`</a> | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br />Evaluated only if the kind of the main service is **Service**. | false | No |
|
||||
| <a id="nodePortLB" href="#nodePortLB" title="#nodePortLB">`nodePortLB`</a> | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind of the main service is **Service**. | false | No |
|
||||
| <a id="maxBodySize" href="#maxBodySize" title="#maxBodySize">`maxBodySize`</a> | Maximum size allowed for the body of the request.<br />If the body is larger, the request is not mirrored.<br />-1 means unlimited size. | -1 | No |
|
||||
| <a id="mirrors" href="#mirrors" title="#mirrors">`mirrors`</a> | List of mirrored services to target.<br /> It can be any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). <br />More information [here](#services). | | No |
|
||||
| <a id="mirrorsm-kind" href="#mirrorsm-kind" title="#mirrorsm-kind">`mirrors[m].`<br />`kind`</a> | Kind of the mirrored service targeted.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br />- **TraefikService**: Traefik Service.<br />More information [here](#services) | "" | No |
|
||||
| <a id="mirrorsm-name" href="#mirrorsm-name" title="#mirrorsm-name">`mirrors[m].`<br />`name`</a> | Mirrored service name.<br />The character `@` is not authorized. | "" | Yes |
|
||||
| <a id="mirrorsm-namespace" href="#mirrorsm-namespace" title="#mirrorsm-namespace">`mirrors[m].`<br />`namespace`</a> | Mirrored service namespace.<br />More information [here](#services). | "" | No |
|
||||
| <a id="mirrorsm-port" href="#mirrorsm-port" title="#mirrorsm-port">`mirrors[m].`<br />`port`</a> | Mirrored service port (number or port name).<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
|
||||
| <a id="mirrorsm-percent" href="#mirrorsm-percent" title="#mirrorsm-percent">`mirrors[m].`<br />`percent`</a> | Part of the traffic to mirror in percent (from 0 to 100) | 0 | No |
|
||||
| <a id="mirrorsm-responseForwarding-flushInterval" href="#mirrorsm-responseForwarding-flushInterval" title="#mirrorsm-responseForwarding-flushInterval">`mirrors[m].`<br />`responseForwarding.`<br />`flushInterval`</a> | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind of the mirrored service is **Service**. | 100ms | No |
|
||||
| <a id="mirrorsm-scheme" href="#mirrorsm-scheme" title="#mirrorsm-scheme">`mirrors[m].`<br />`scheme`</a> | Scheme to use for the request to the mirrored service.<br />Evaluated only if the kind of the mirrored service is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
|
||||
| <a id="mirrorsm-serversTransport" href="#mirrorsm-serversTransport" title="#mirrorsm-serversTransport">`mirrors[m].`<br />`serversTransport`</a> | Name of ServersTransport resource to use to configure the transport between Traefik and the mirrored service servers.<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
|
||||
| <a id="mirrorsm-passHostHeader" href="#mirrorsm-passHostHeader" title="#mirrorsm-passHostHeader">`mirrors[m].`<br />`passHostHeader`</a> | Forward client Host header to the mirrored service servers.<br />Evaluated only if the kind of the mirrored service is **Service**. | true | No |
|
||||
| <a id="mirrorsm-healthCheck-scheme" href="#mirrorsm-healthCheck-scheme" title="#mirrorsm-healthCheck-scheme">`mirrors[m].`<br />`healthCheck.scheme`</a> | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| <a id="mirrorsm-healthCheck-mode" href="#mirrorsm-healthCheck-mode" title="#mirrorsm-healthCheck-mode">`mirrors[m].`<br />`healthCheck.mode`</a> | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "http" | No |
|
||||
| <a id="mirrorsm-healthCheck-path" href="#mirrorsm-healthCheck-path" title="#mirrorsm-healthCheck-path">`mirrors[m].`<br />`healthCheck.path`</a> | Server URL path for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| <a id="mirrorsm-healthCheck-interval" href="#mirrorsm-healthCheck-interval" title="#mirrorsm-healthCheck-interval">`mirrors[m].`<br />`healthCheck.interval`</a> | Frequency of the health check calls.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
|
||||
| <a id="mirrorsm-healthCheck-unhealthyInterval" href="#mirrorsm-healthCheck-unhealthyInterval" title="#mirrorsm-healthCheck-unhealthyInterval">`mirrors[m].`<br />`healthCheck.unhealthyInterval`</a> | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
|
||||
| <a id="mirrorsm-healthCheck-method" href="#mirrorsm-healthCheck-method" title="#mirrorsm-healthCheck-method">`mirrors[m].`<br />`healthCheck.method`</a> | HTTP method for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "GET" | No |
|
||||
| <a id="mirrorsm-healthCheck-status" href="#mirrorsm-healthCheck-status" title="#mirrorsm-healthCheck-status">`mirrors[m].`<br />`healthCheck.status`</a> | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind of the mirrored service is **Service**. | | No |
|
||||
| <a id="mirrorsm-healthCheck-port" href="#mirrorsm-healthCheck-port" title="#mirrorsm-healthCheck-port">`mirrors[m].`<br />`healthCheck.port`</a> | URL port for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
|
||||
| <a id="mirrorsm-healthCheck-timeout" href="#mirrorsm-healthCheck-timeout" title="#mirrorsm-healthCheck-timeout">`mirrors[m].`<br />`healthCheck.timeout`</a> | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "5s" | No |
|
||||
| <a id="mirrorsm-healthCheck-hostname" href="#mirrorsm-healthCheck-hostname" title="#mirrorsm-healthCheck-hostname">`mirrors[m].`<br />`healthCheck.hostname`</a> | Value in the Host header of the health check request.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
|
||||
| <a id="mirrorsm-healthCheck-followRedirect" href="#mirrorsm-healthCheck-followRedirect" title="#mirrorsm-healthCheck-followRedirect">`mirrors[m].`<br />`healthCheck.`<br />`followRedirect`</a> | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | true | No |
|
||||
| <a id="mirrorsm-healthCheck-headers" href="#mirrorsm-healthCheck-headers" title="#mirrorsm-healthCheck-headers">`mirrors[m].`<br />`healthCheck.headers`</a> | Map of header to send to the health check endpoint<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
|
||||
| <a id="mirrorsm-sticky-cookie-name" href="#mirrorsm-sticky-cookie-name" title="#mirrorsm-sticky-cookie-name">`mirrors[m].`<br />`sticky.`<br />`cookie.name`</a> | Name of the cookie used for the stickiness.<br />When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.<br />On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.<br />If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
|
||||
| <a id="mirrorsm-sticky-cookie-httpOnly" href="#mirrorsm-sticky-cookie-httpOnly" title="#mirrorsm-sticky-cookie-httpOnly">`mirrors[m].`<br />`sticky.`<br />`cookie.httpOnly`</a> | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
|
||||
| <a id="mirrorsm-sticky-cookie-secure" href="#mirrorsm-sticky-cookie-secure" title="#mirrorsm-sticky-cookie-secure">`mirrors[m].`<br />`sticky.`<br />`cookie.secure`</a> | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
|
||||
| <a id="mirrorsm-sticky-cookie-sameSite" href="#mirrorsm-sticky-cookie-sameSite" title="#mirrorsm-sticky-cookie-sameSite">`mirrors[m].`<br />`sticky.`<br />`cookie.sameSite`</a> | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
|
||||
| <a id="mirrorsm-sticky-cookie-maxAge" href="#mirrorsm-sticky-cookie-maxAge" title="#mirrorsm-sticky-cookie-maxAge">`mirrors[m].`<br />`sticky.`<br />`cookie.maxAge`</a> | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind of the mirrored service is **Service**. | 0 | No |
|
||||
| <a id="mirrorsm-strategy" href="#mirrorsm-strategy" title="#mirrorsm-strategy">`mirrors[m].`<br />`strategy`</a> | Load balancing strategy between the servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind of the mirrored service is **Service**. | "RoundRobin" | No |
|
||||
| <a id="mirrorsm-weight" href="#mirrorsm-weight" title="#mirrorsm-weight">`mirrors[m].`<br />`weight`</a> | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
|
||||
| <a id="mirrorsm-nativeLB" href="#mirrorsm-nativeLB" title="#mirrorsm-nativeLB">`mirrors[m].`<br />`nativeLB`</a> | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
|
||||
| <a id="mirrorsm-nodePortLB" href="#mirrorsm-nodePortLB" title="#mirrorsm-nodePortLB">`mirrors[m].`<br />`nodePortLB`</a> | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
|
||||
| <a id="mirrorBody" href="#mirrorBody" title="#mirrorBody">`mirrorBody`</a> | Defines whether the request body should be mirrored. | true | No |
|
||||
|
|
|
|||
|
|
@ -57,31 +57,61 @@ spec:
|
|||
|
||||
## Configuration Options
|
||||
|
||||
<<<<<<< HEAD
|
||||
| Field | Description | Default | Required |
|
||||
|-----------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|----------|
|
||||
| `entryPoints` | List of entrypoints names. | | No |
|
||||
| `routes` | List of routes. | | Yes |
|
||||
| `routes[n].match` | Defines the [rule](../../../tcp/router/rules-and-priority.md#rules) of the underlying router. | | Yes |
|
||||
| `routes[n].priority` | Defines the [priority](../../../tcp/router/rules-and-priority.md#priority) to disambiguate rules of the same length, for route matching. | | No |
|
||||
| `routes[n].middlewares[n].name` | Defines the [MiddlewareTCP](./middlewaretcp.md) name. | | Yes |
|
||||
| `routes[n].middlewares[n].namespace` | Defines the [MiddlewareTCP](./middlewaretcp.md) namespace. | "" | No |
|
||||
| `routes[n].services` | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions. | | No |
|
||||
| `routes[n].services[n].name` | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). | | Yes |
|
||||
| `routes[n].services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. | | Yes |
|
||||
| `routes[n].services[n].weight` | Defines the weight to apply to the server load balancing. | 1 | No |
|
||||
| `routes[n].services[n].serversTransport` | Defines the [ServersTransportTCP](./serverstransporttcp.md).<br />The `ServersTransport` namespace is assumed to be the [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace. | | No |
|
||||
| `routes[n].services[n].nativeLB` | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. See [here](#nativelb) for more information. | false | No |
|
||||
| `routes[n].services[n].nodePortLB` | Controls, when creating the load-balancer, whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is `NodePort`. It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. | false | No |
|
||||
| `tls` | Defines [TLS](../../../../install-configuration/tls/certificate-resolvers/overview.md) certificate configuration. | | No |
|
||||
| `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace). | "" | No |
|
||||
| `tls.options` | Defines the reference to a [TLSOption](../http/tlsoption.md). | "" | No |
|
||||
| `tls.options.name` | Defines the [TLSOption](../http/tlsoption.md) name. | "" | No |
|
||||
| `tls.options.namespace` | Defines the [TLSOption](../http/tlsoption.md) namespace. | "" | No |
|
||||
| `tls.certResolver` | Defines the reference to a [CertResolver](../../../../install-configuration/tls/certificate-resolvers/overview.md). | "" | No |
|
||||
| `tls.domains` | List of domains. | "" | No |
|
||||
| `tls.domains[n].main` | Defines the main domain name. | "" | No |
|
||||
| `tls.domains[n].sans` | List of SANs (alternative domains). | "" | No |
|
||||
| `tls.passthrough` | If `true`, delegates the TLS termination to the backend. | false | No |
|
||||
| <a id="entryPoints" href="#entryPoints" title="#entryPoints">`entryPoints`</a> | List of entrypoints names. | | No |
|
||||
| <a id="routes" href="#routes" title="#routes">`routes`</a> | List of routes. | | Yes |
|
||||
| <a id="routesn-match" href="#routesn-match" title="#routesn-match">`routes[n].match`</a> | Defines the [rule](../../../tcp/router/rules-and-priority.md#rules) of the underlying router. | | Yes |
|
||||
| <a id="routesn-priority" href="#routesn-priority" title="#routesn-priority">`routes[n].priority`</a> | Defines the [priority](../../../tcp/router/rules-and-priority.md#priority) to disambiguate rules of the same length, for route matching. | | No |
|
||||
| <a id="routesn-middlewaresn-name" href="#routesn-middlewaresn-name" title="#routesn-middlewaresn-name">`routes[n].middlewares[n].name`</a> | Defines the [MiddlewareTCP](./middlewaretcp.md) name. | | Yes |
|
||||
| <a id="routesn-middlewaresn-namespace" href="#routesn-middlewaresn-namespace" title="#routesn-middlewaresn-namespace">`routes[n].middlewares[n].namespace`</a> | Defines the [MiddlewareTCP](./middlewaretcp.md) namespace. | "" | No |
|
||||
| <a id="routesn-services" href="#routesn-services" title="#routesn-services">`routes[n].services`</a> | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions. | | No |
|
||||
| <a id="routesn-servicesn-name" href="#routesn-servicesn-name" title="#routesn-servicesn-name">`routes[n].services[n].name`</a> | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). | | Yes |
|
||||
| <a id="routesn-servicesn-port" href="#routesn-servicesn-port" title="#routesn-servicesn-port">`routes[n].services[n].port`</a> | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. | | Yes |
|
||||
| <a id="routesn-servicesn-weight" href="#routesn-servicesn-weight" title="#routesn-servicesn-weight">`routes[n].services[n].weight`</a> | Defines the weight to apply to the server load balancing. | 1 | No |
|
||||
| <a id="routesn-servicesn-serversTransport" href="#routesn-servicesn-serversTransport" title="#routesn-servicesn-serversTransport">`routes[n].services[n].serversTransport`</a> | Defines the [ServersTransportTCP](./serverstransporttcp.md).<br />The `ServersTransport` namespace is assumed to be the [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace. | | No |
|
||||
| <a id="routesn-servicesn-nativeLB" href="#routesn-servicesn-nativeLB" title="#routesn-servicesn-nativeLB">`routes[n].services[n].nativeLB`</a> | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. See [here](#nativelb) for more information. | false | No |
|
||||
| <a id="routesn-servicesn-nodePortLB" href="#routesn-servicesn-nodePortLB" title="#routesn-servicesn-nodePortLB">`routes[n].services[n].nodePortLB`</a> | Controls, when creating the load-balancer, whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is `NodePort`. It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. | false | No |
|
||||
| <a id="tls" href="#tls" title="#tls">`tls`</a> | Defines [TLS](../../../../install-configuration/tls/certificate-resolvers/overview.md) certificate configuration. | | No |
|
||||
| <a id="tls-secretName" href="#tls-secretName" title="#tls-secretName">`tls.secretName`</a> | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace). | "" | No |
|
||||
| <a id="tls-options" href="#tls-options" title="#tls-options">`tls.options`</a> | Defines the reference to a [TLSOption](../http/tlsoption.md). | "" | No |
|
||||
| <a id="tls-options-name" href="#tls-options-name" title="#tls-options-name">`tls.options.name`</a> | Defines the [TLSOption](../http/tlsoption.md) name. | "" | No |
|
||||
| <a id="tls-options-namespace" href="#tls-options-namespace" title="#tls-options-namespace">`tls.options.namespace`</a> | Defines the [TLSOption](../http/tlsoption.md) namespace. | "" | No |
|
||||
| <a id="tls-certResolver" href="#tls-certResolver" title="#tls-certResolver">`tls.certResolver`</a> | Defines the reference to a [CertResolver](../../../../install-configuration/tls/certificate-resolvers/overview.md). | "" | No |
|
||||
| <a id="tls-domains" href="#tls-domains" title="#tls-domains">`tls.domains`</a> | List of domains. | "" | No |
|
||||
| <a id="tls-domainsn-main" href="#tls-domainsn-main" title="#tls-domainsn-main">`tls.domains[n].main`</a> | Defines the main domain name. | "" | No |
|
||||
| <a id="tls-domainsn-sans" href="#tls-domainsn-sans" title="#tls-domainsn-sans">`tls.domains[n].sans`</a> | List of SANs (alternative domains). | "" | No |
|
||||
| <a id="tls-passthrough" href="#tls-passthrough" title="#tls-passthrough">`tls.passthrough`</a> | If `true`, delegates the TLS termination to the backend. | false | No |
|
||||
=======
|
||||
| Field | Description | Default | Required |
|
||||
|-------------------------------------|-----------------------------|-------------------------------------------|-----------------------|
|
||||
| <a id="entryPoints" href="#entryPoints" title="#entryPoints">`entryPoints`</a> | List of entrypoints names. | | No |
|
||||
| <a id="routes" href="#routes" title="#routes">`routes`</a> | List of routes. | | Yes |
|
||||
| <a id="routesn-match" href="#routesn-match" title="#routesn-match">`routes[n].match`</a> | Defines the [rule](../../../tcp/router/rules-and-priority.md#rules) of the underlying router. | | Yes |
|
||||
| <a id="routesn-priority" href="#routesn-priority" title="#routesn-priority">`routes[n].priority`</a> | Defines the [priority](../../../tcp/router/rules-and-priority.md#priority) to disambiguate rules of the same length, for route matching. | | No |
|
||||
| <a id="routesn-middlewaresn-name" href="#routesn-middlewaresn-name" title="#routesn-middlewaresn-name">`routes[n].middlewares[n].name`</a> | Defines the [MiddlewareTCP](./middlewaretcp.md) name. | | Yes |
|
||||
| <a id="routesn-middlewaresn-namespace" href="#routesn-middlewaresn-namespace" title="#routesn-middlewaresn-namespace">`routes[n].middlewares[n].namespace`</a> | Defines the [MiddlewareTCP](./middlewaretcp.md) namespace. | ""| No|
|
||||
| <a id="routesn-services" href="#routesn-services" title="#routesn-services">`routes[n].services`</a> | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions. | | No |
|
||||
| <a id="routesn-servicesn-name" href="#routesn-servicesn-name" title="#routesn-servicesn-name">`routes[n].services[n].name`</a> | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). | | Yes |
|
||||
| <a id="routesn-servicesn-port" href="#routesn-servicesn-port" title="#routesn-servicesn-port">`routes[n].services[n].port`</a> | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port.| | Yes |
|
||||
| <a id="routesn-servicesn-weight" href="#routesn-servicesn-weight" title="#routesn-servicesn-weight">`routes[n].services[n].weight`</a> | Defines the weight to apply to the server load balancing. | 1 | No |
|
||||
| <a id="routesn-servicesn-proxyProtocol" href="#routesn-servicesn-proxyProtocol" title="#routesn-servicesn-proxyProtocol">`routes[n].services[n].proxyProtocol`</a> | Defines the [PROXY protocol](../../../../install-configuration/entrypoints.md#proxyprotocol-and-load-balancers) configuration. | | No |
|
||||
| <a id="routesn-servicesn-proxyProtocol-version" href="#routesn-servicesn-proxyProtocol-version" title="#routesn-servicesn-proxyProtocol-version">`routes[n].services[n].proxyProtocol.version`</a> | Defines the [PROXY protocol](../../../../install-configuration/entrypoints.md#proxyprotocol-and-load-balancers) version. | | No |
|
||||
| <a id="routesn-servicesn-serversTransport" href="#routesn-servicesn-serversTransport" title="#routesn-servicesn-serversTransport">`routes[n].services[n].serversTransport`</a> | Defines the [ServersTransportTCP](./serverstransporttcp.md).<br />The `ServersTransport` namespace is assumed to be the [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace. | | No |
|
||||
| <a id="routesn-servicesn-nativeLB" href="#routesn-servicesn-nativeLB" title="#routesn-servicesn-nativeLB">`routes[n].services[n].nativeLB`</a> | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. See [here](#nativelb) for more information. | false | No |
|
||||
| <a id="routesn-servicesn-nodePortLB" href="#routesn-servicesn-nodePortLB" title="#routesn-servicesn-nodePortLB">`routes[n].services[n].nodePortLB`</a> | Controls, when creating the load-balancer, whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is `NodePort`. It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. | false | No |
|
||||
| <a id="tls" href="#tls" title="#tls">`tls`</a> | Defines [TLS](../../../../install-configuration/tls/certificate-resolvers/overview.md) certificate configuration. | | No |
|
||||
| <a id="tls-secretName" href="#tls-secretName" title="#tls-secretName">`tls.secretName`</a> | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace). | "" | No |
|
||||
| <a id="tls-options" href="#tls-options" title="#tls-options">`tls.options`</a> | Defines the reference to a [TLSOption](../http/tlsoption.md). | "" | No |
|
||||
| <a id="tls-options-name" href="#tls-options-name" title="#tls-options-name">`tls.options.name`</a> | Defines the [TLSOption](../http/tlsoption.md) name. | "" | No |
|
||||
| <a id="tls-options-namespace" href="#tls-options-namespace" title="#tls-options-namespace">`tls.options.namespace`</a> | Defines the [TLSOption](../http/tlsoption.md) namespace. | "" | No |
|
||||
| <a id="tls-certResolver" href="#tls-certResolver" title="#tls-certResolver">`tls.certResolver`</a> | Defines the reference to a [CertResolver](../../../../install-configuration/tls/certificate-resolvers/overview.md). | "" | No |
|
||||
| <a id="tls-domains" href="#tls-domains" title="#tls-domains">`tls.domains`</a> | List of domains. | "" | No |
|
||||
| <a id="tls-domainsn-main" href="#tls-domainsn-main" title="#tls-domainsn-main">`tls.domains[n].main`</a> | Defines the main domain name. | "" | No |
|
||||
| <a id="tls-domainsn-sans" href="#tls-domainsn-sans" title="#tls-domainsn-sans">`tls.domains[n].sans`</a> | List of SANs (alternative domains). | "" | No |
|
||||
| <a id="tls-passthrough" href="#tls-passthrough" title="#tls-passthrough">`tls.passthrough`</a> | If `true`, delegates the TLS termination to the backend. | false | No |
|
||||
>>>>>>> 9c932124f (Add anchors in reference tables)
|
||||
|
||||
### ExternalName Service
|
||||
|
||||
|
|
|
|||
|
|
@ -41,16 +41,16 @@ spec:
|
|||
|
||||
| Field | Description | Default | Required |
|
||||
|---------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|----------|
|
||||
| `dialTimeout` | The amount of time to wait until a connection to a server can be established. If zero, no timeout exists. | 30s | No |
|
||||
| `dialKeepAlive` | The interval between keep-alive probes for an active network connection.<br />If this option is set to zero, keep-alive probes are sent with a default value (currently 15 seconds),<br />if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field.<br />If negative, keep-alive probes are turned off. | 15s | No |
|
||||
| `proxyProtocol` | Defines the Proxy Protocol configuration. An empty `proxyProtocol` section enables Proxy Protocol version 2. | | No |
|
||||
| `proxyProtocol.version` | Traefik supports PROXY Protocol version 1 and 2 on TCP Services. | | No |
|
||||
| `terminationDelay` | Defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability. | 100ms | No |
|
||||
| `tls.serverName` | ServerName used to contact the server. | "" | No |
|
||||
| `tls.insecureSkipVerify` | Controls whether the server's certificate chain and host name is verified. | false | No |
|
||||
| `tls.peerCertURI` | Defines the URI used to match against SAN URIs during the server's certificate verification. | "" | No |
|
||||
| `tls.rootCAsSecrets` | Defines the set of root certificate authorities to use when verifying server certificates.<br />The CA secret must contain a base64 encoded certificate under either a `tls.ca` or a `ca.crt` key. | "" | No |
|
||||
| `tls.certificatesSecrets` | Certificates to present to the server for mTLS. | "" | No |
|
||||
| `spiffe` | Configures [SPIFFE](../../../../install-configuration/tls/spiffe.md) options. | "" | No |
|
||||
| `spiffe.ids` | Defines the allowed SPIFFE IDs. This takes precedence over the SPIFFE `trustDomain`. | "" | No |
|
||||
| `spiffe.trustDomain` | Defines the allowed SPIFFE trust domain. | "" | No |
|
||||
| <a id="dialTimeout" href="#dialTimeout" title="#dialTimeout">`dialTimeout`</a> | The amount of time to wait until a connection to a server can be established. If zero, no timeout exists. | 30s | No |
|
||||
| <a id="dialKeepAlive" href="#dialKeepAlive" title="#dialKeepAlive">`dialKeepAlive`</a> | The interval between keep-alive probes for an active network connection.<br />If this option is set to zero, keep-alive probes are sent with a default value (currently 15 seconds),<br />if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field.<br />If negative, keep-alive probes are turned off. | 15s | No |
|
||||
| <a id="proxyProtocol" href="#proxyProtocol" title="#proxyProtocol">`proxyProtocol`</a> | Defines the Proxy Protocol configuration. An empty `proxyProtocol` section enables Proxy Protocol version 2. | | No |
|
||||
| <a id="proxyProtocol-version" href="#proxyProtocol-version" title="#proxyProtocol-version">`proxyProtocol.version`</a> | Traefik supports PROXY Protocol version 1 and 2 on TCP Services. | | No |
|
||||
| <a id="terminationDelay" href="#terminationDelay" title="#terminationDelay">`terminationDelay`</a> | Defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability. | 100ms | No |
|
||||
| <a id="tls-serverName" href="#tls-serverName" title="#tls-serverName">`tls.serverName`</a> | ServerName used to contact the server. | "" | No |
|
||||
| <a id="tls-insecureSkipVerify" href="#tls-insecureSkipVerify" title="#tls-insecureSkipVerify">`tls.insecureSkipVerify`</a> | Controls whether the server's certificate chain and host name is verified. | false | No |
|
||||
| <a id="tls-peerCertURI" href="#tls-peerCertURI" title="#tls-peerCertURI">`tls.peerCertURI`</a> | Defines the URI used to match against SAN URIs during the server's certificate verification. | "" | No |
|
||||
| <a id="tls-rootCAsSecrets" href="#tls-rootCAsSecrets" title="#tls-rootCAsSecrets">`tls.rootCAsSecrets`</a> | Defines the set of root certificate authorities to use when verifying server certificates.<br />The CA secret must contain a base64 encoded certificate under either a `tls.ca` or a `ca.crt` key. | "" | No |
|
||||
| <a id="tls-certificatesSecrets" href="#tls-certificatesSecrets" title="#tls-certificatesSecrets">`tls.certificatesSecrets`</a> | Certificates to present to the server for mTLS. | "" | No |
|
||||
| <a id="spiffe" href="#spiffe" title="#spiffe">`spiffe`</a> | Configures [SPIFFE](../../../../install-configuration/tls/spiffe.md) options. | "" | No |
|
||||
| <a id="spiffe-ids" href="#spiffe-ids" title="#spiffe-ids">`spiffe.ids`</a> | Defines the allowed SPIFFE IDs. This takes precedence over the SPIFFE `trustDomain`. | "" | No |
|
||||
| <a id="spiffe-trustDomain" href="#spiffe-trustDomain" title="#spiffe-trustDomain">`spiffe.trustDomain`</a> | Defines the allowed SPIFFE trust domain. | "" | No |
|
||||
|
|
|
|||
|
|
@ -32,14 +32,14 @@ spec:
|
|||
|
||||
| Field | Description | Default | Required |
|
||||
|------------------------------------|-----------------------------|-------------------------------------------|-----------------------|
|
||||
| `entryPoints` | List of entrypoints names. | | No |
|
||||
| ` routes ` | List of routes. | | Yes |
|
||||
| `routes[n].services` | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions. See [here](#externalname-service) for `ExternalName Service` setup. | | No |
|
||||
| `services[n].name` | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). | | Yes |
|
||||
| `routes[n].services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port.| | Yes |
|
||||
| `routes[n].services[n].weight` | Defines the weight to apply to the server load balancing. | 1 | No |
|
||||
| `routes[n].services[n].nativeLB` | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. | false | No |
|
||||
| `routes[n].services[n].nodePortLB` | Controls, when creating the load-balancer, whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort. It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. See [here](#nativelb) for more information. | false | No |
|
||||
| <a id="entryPoints" href="#entryPoints" title="#entryPoints">`entryPoints`</a> | List of entrypoints names. | | No |
|
||||
| <a id="routes" href="#routes" title="#routes">` routes `</a> | List of routes. | | Yes |
|
||||
| <a id="routesn-services" href="#routesn-services" title="#routesn-services">`routes[n].services`</a> | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions. See [here](#externalname-service) for `ExternalName Service` setup. | | No |
|
||||
| <a id="servicesn-name" href="#servicesn-name" title="#servicesn-name">`services[n].name`</a> | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). | | Yes |
|
||||
| <a id="routesn-servicesn-port" href="#routesn-servicesn-port" title="#routesn-servicesn-port">`routes[n].services[n].port`</a> | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port.| | Yes |
|
||||
| <a id="routesn-servicesn-weight" href="#routesn-servicesn-weight" title="#routesn-servicesn-weight">`routes[n].services[n].weight`</a> | Defines the weight to apply to the server load balancing. | 1 | No |
|
||||
| <a id="routesn-servicesn-nativeLB" href="#routesn-servicesn-nativeLB" title="#routesn-servicesn-nativeLB">`routes[n].services[n].nativeLB`</a> | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. | false | No |
|
||||
| <a id="routesn-servicesn-nodePortLB" href="#routesn-servicesn-nodePortLB" title="#routesn-servicesn-nodePortLB">`routes[n].services[n].nodePortLB`</a> | Controls, when creating the load-balancer, whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort. It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. See [here](#nativelb) for more information. | false | No |
|
||||
|
||||
### ExternalName Service
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue