Merge current v2.4 into master
This commit is contained in:
commit
ce2e02b690
119 changed files with 4628 additions and 4165 deletions
|
@ -12,7 +12,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
|||
## Configuration Example
|
||||
|
||||
??? example "Configuring Kubernetes Ingress Controller"
|
||||
|
||||
|
||||
```yaml tab="RBAC"
|
||||
---
|
||||
kind: ClusterRole
|
||||
|
@ -46,7 +46,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
|||
- ingresses/status
|
||||
verbs:
|
||||
- update
|
||||
|
||||
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
|
@ -61,7 +61,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
|||
name: traefik-ingress-controller
|
||||
namespace: default
|
||||
```
|
||||
|
||||
|
||||
```yaml tab="Ingress"
|
||||
kind: Ingress
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
|
@ -69,7 +69,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
|||
name: myingress
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: web
|
||||
|
||||
|
||||
spec:
|
||||
rules:
|
||||
- host: example.com
|
||||
|
@ -117,7 +117,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
|||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: traefik-ingress-controller
|
||||
|
||||
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
|
@ -125,7 +125,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
|||
name: traefik
|
||||
labels:
|
||||
app: traefik
|
||||
|
||||
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
|
@ -146,7 +146,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
|||
ports:
|
||||
- name: web
|
||||
containerPort: 80
|
||||
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
@ -162,7 +162,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
|||
name: web
|
||||
targetPort: 80
|
||||
```
|
||||
|
||||
|
||||
```yaml tab="Whoami"
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
|
@ -171,7 +171,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
|||
labels:
|
||||
app: traefiklabs
|
||||
name: whoami
|
||||
|
||||
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
|
@ -189,13 +189,13 @@ which in turn will create the resulting routers, services, handlers, etc.
|
|||
image: traefik/whoami
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: whoami
|
||||
|
||||
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
|
@ -237,7 +237,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
|||
|
||||
Overrides the default router rule type used for a path.
|
||||
Only path-related matcher name can be specified: `Path`, `PathPrefix`.
|
||||
|
||||
|
||||
Default `PathPrefix`
|
||||
|
||||
```yaml
|
||||
|
@ -351,7 +351,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
|||
```
|
||||
|
||||
## Path Types on Kubernetes 1.18+
|
||||
|
||||
|
||||
If the Kubernetes cluster version is 1.18+,
|
||||
the new `pathType` property can be leveraged to define the rules matchers:
|
||||
|
||||
|
@ -376,14 +376,6 @@ TLS can be enabled through the [HTTP options](../entrypoints.md#tls) of an Entry
|
|||
--entrypoints.websecure.http.tls
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
# Static configuration
|
||||
[entryPoints.websecure]
|
||||
address = ":443"
|
||||
|
||||
[entryPoints.websecure.http.tls]
|
||||
```
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
# Static configuration
|
||||
entryPoints:
|
||||
|
@ -393,10 +385,18 @@ entryPoints:
|
|||
tls: {}
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
# Static configuration
|
||||
[entryPoints.websecure]
|
||||
address = ":443"
|
||||
|
||||
[entryPoints.websecure.http.tls]
|
||||
```
|
||||
|
||||
This way, any Ingress attached to this Entrypoint will have TLS termination by default.
|
||||
|
||||
??? example "Configuring Kubernetes Ingress Controller with TLS on Entrypoint"
|
||||
|
||||
|
||||
```yaml tab="RBAC"
|
||||
---
|
||||
kind: ClusterRole
|
||||
|
@ -430,7 +430,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
|
|||
- ingresses/status
|
||||
verbs:
|
||||
- update
|
||||
|
||||
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
|
@ -445,7 +445,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
|
|||
name: traefik-ingress-controller
|
||||
namespace: default
|
||||
```
|
||||
|
||||
|
||||
```yaml tab="Ingress"
|
||||
kind: Ingress
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
|
@ -453,7 +453,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
|
|||
name: myingress
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
|
||||
|
||||
spec:
|
||||
rules:
|
||||
- host: example.com
|
||||
|
@ -501,7 +501,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
|
|||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: traefik-ingress-controller
|
||||
|
||||
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
|
@ -509,7 +509,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
|
|||
name: traefik
|
||||
labels:
|
||||
app: traefik
|
||||
|
||||
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
|
@ -531,7 +531,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
|
|||
ports:
|
||||
- name: websecure
|
||||
containerPort: 443
|
||||
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
@ -547,7 +547,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
|
|||
name: websecure
|
||||
targetPort: 443
|
||||
```
|
||||
|
||||
|
||||
```yaml tab="Whoami"
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
|
@ -556,7 +556,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
|
|||
labels:
|
||||
app: traefiklabs
|
||||
name: whoami
|
||||
|
||||
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
|
@ -574,13 +574,13 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
|
|||
image: traefik/whoami
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: whoami
|
||||
|
||||
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
|
@ -597,11 +597,11 @@ To enable TLS on the underlying router created from an Ingress, one should confi
|
|||
```yaml
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
```
|
||||
|
||||
|
||||
For more options, please refer to the available [annotations](#on-ingress).
|
||||
|
||||
??? example "Configuring Kubernetes Ingress Controller with TLS"
|
||||
|
||||
|
||||
```yaml tab="RBAC"
|
||||
---
|
||||
kind: ClusterRole
|
||||
|
@ -635,7 +635,7 @@ For more options, please refer to the available [annotations](#on-ingress).
|
|||
- ingresses/status
|
||||
verbs:
|
||||
- update
|
||||
|
||||
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
|
@ -650,7 +650,7 @@ For more options, please refer to the available [annotations](#on-ingress).
|
|||
name: traefik-ingress-controller
|
||||
namespace: default
|
||||
```
|
||||
|
||||
|
||||
```yaml tab="Ingress"
|
||||
kind: Ingress
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
|
@ -659,7 +659,7 @@ For more options, please refer to the available [annotations](#on-ingress).
|
|||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.tls: true
|
||||
|
||||
|
||||
spec:
|
||||
rules:
|
||||
- host: example.com
|
||||
|
@ -708,7 +708,7 @@ For more options, please refer to the available [annotations](#on-ingress).
|
|||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: traefik-ingress-controller
|
||||
|
||||
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
|
@ -716,7 +716,7 @@ For more options, please refer to the available [annotations](#on-ingress).
|
|||
name: traefik
|
||||
labels:
|
||||
app: traefik
|
||||
|
||||
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
|
@ -737,7 +737,7 @@ For more options, please refer to the available [annotations](#on-ingress).
|
|||
ports:
|
||||
- name: websecure
|
||||
containerPort: 443
|
||||
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
@ -753,7 +753,7 @@ For more options, please refer to the available [annotations](#on-ingress).
|
|||
name: websecure
|
||||
targetPort: 443
|
||||
```
|
||||
|
||||
|
||||
```yaml tab="Whoami"
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
|
@ -762,7 +762,7 @@ For more options, please refer to the available [annotations](#on-ingress).
|
|||
labels:
|
||||
app: traefiklabs
|
||||
name: whoami
|
||||
|
||||
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
|
@ -780,13 +780,13 @@ For more options, please refer to the available [annotations](#on-ingress).
|
|||
image: traefik/whoami
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: whoami
|
||||
|
||||
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
|
@ -799,14 +799,14 @@ For more options, please refer to the available [annotations](#on-ingress).
|
|||
### Certificates Management
|
||||
|
||||
??? example "Using a secret"
|
||||
|
||||
|
||||
```yaml tab="Ingress"
|
||||
kind: Ingress
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: foo
|
||||
namespace: production
|
||||
|
||||
|
||||
spec:
|
||||
rules:
|
||||
- host: example.net
|
||||
|
@ -853,7 +853,7 @@ For more options, please refer to the available [annotations](#on-ingress).
|
|||
kind: Secret
|
||||
metadata:
|
||||
name: supersecret
|
||||
|
||||
|
||||
data:
|
||||
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
|
||||
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
|
||||
|
@ -862,7 +862,7 @@ For more options, please refer to the available [annotations](#on-ingress).
|
|||
TLS certificates can be managed in Secrets objects.
|
||||
|
||||
!!! info
|
||||
|
||||
|
||||
Only TLS certificates provided by users can be stored in Kubernetes Secrets.
|
||||
[Let's Encrypt](../../https/acme.md) certificates cannot be managed in Kubernetes Secrets yet.
|
||||
|
||||
|
@ -882,7 +882,7 @@ If either of those configuration options exist, then the backend communication p
|
|||
and will connect via TLS automatically.
|
||||
|
||||
!!! info
|
||||
|
||||
|
||||
Please note that by enabling TLS communication between traefik and your pods,
|
||||
you will have to have trusted certificates that have the proper trust chain and IP subject name.
|
||||
If this is not an option, you may need to skip TLS certificate verification.
|
||||
|
@ -922,8 +922,8 @@ This ingress follows the Global Default Backend property of ingresses.
|
|||
This will allow users to create a "default router" that will match all unmatched requests.
|
||||
|
||||
!!! info
|
||||
|
||||
|
||||
Due to Traefik's use of priorities, you may have to set this ingress priority lower than other ingresses in your environment,
|
||||
to avoid this global ingress from satisfying requests that could match other ingresses.
|
||||
|
||||
|
||||
To do this, use the `traefik.ingress.kubernetes.io/router.priority` annotation (as seen in [Annotations on Ingress](#on-ingress)) on your ingresses accordingly.
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue