homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update to go1.22

Browse source 
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
This commit is contained in:
Ludovic Fernandez 2024-02-07 17:14:07 +01:00 committed by GitHub
parent e11ff98608
commit d5cb9b50f4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
56 changed files with 4189 additions and 3419 deletions
Download patch file Download diff file Expand all files Collapse all files

505
docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
View file

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
controller-gen.kubebuilder.io/version: v0.14.0
name: middlewares.traefik.io
spec:
group: traefik.io
@ -17,18 +17,24 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: 'Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/'
description: |-
Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@ -36,33 +42,37 @@ spec:
description: MiddlewareSpec defines the desired state of a Middleware.
properties:
addPrefix:
description: 'AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding
it. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/'
description: |-
AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding it.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/
properties:
prefix:
description: Prefix is the string to add before the current path
in the requested URL. It should include a leading slash (/).
description: |-
Prefix is the string to add before the current path in the requested URL.
It should include a leading slash (/).
type: string
type: object
basicAuth:
description: 'BasicAuth holds the basic auth middleware configuration.
description: |-
BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/'
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/
properties:
headerField:
description: 'HeaderField defines a header field to store the
authenticated user. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield'
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield
type: string
realm:
description: 'Realm allows the protected resources on a server
to be partitioned into a set of protection spaces, each with
its own authentication scheme. Default: traefik.'
description: |-
Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
Default: traefik.
type: string
removeHeader:
description: 'RemoveHeader sets the removeHeader option to true
to remove the authorization header before forwarding the request
to your service. Default: false.'
description: |-
RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.
Default: false.
type: boolean
secret:
description: Secret is the name of the referenced Kubernetes Secret
@ -70,48 +80,49 @@ spec:
type: string
type: object
buffering:
description: 'Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can
be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes'
description: |-
Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can be forwarded to backends.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes
properties:
maxRequestBodyBytes:
description: 'MaxRequestBodyBytes defines the maximum allowed
body size for the request (in bytes). If the request exceeds
the allowed size, it is not forwarded to the service, and the
client gets a 413 (Request Entity Too Large) response. Default:
0 (no maximum).'
description: |-
MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
Default: 0 (no maximum).
format: int64
type: integer
maxResponseBodyBytes:
description: 'MaxResponseBodyBytes defines the maximum allowed
response size from the service (in bytes). If the response exceeds
the allowed size, it is not forwarded to the client. The client
gets a 500 (Internal Server Error) response instead. Default:
0 (no maximum).'
description: |-
MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes).
If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead.
Default: 0 (no maximum).
format: int64
type: integer
memRequestBodyBytes:
description: 'MemRequestBodyBytes defines the threshold (in bytes)
from which the request will be buffered on disk instead of in
memory. Default: 1048576 (1Mi).'
description: |-
MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory.
Default: 1048576 (1Mi).
format: int64
type: integer
memResponseBodyBytes:
description: 'MemResponseBodyBytes defines the threshold (in bytes)
from which the response will be buffered on disk instead of
in memory. Default: 1048576 (1Mi).'
description: |-
MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory.
Default: 1048576 (1Mi).
format: int64
type: integer
retryExpression:
description: 'RetryExpression defines the retry conditions. It
is a logical combination of functions with operators AND (&&)
and OR (||). More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression'
description: |-
RetryExpression defines the retry conditions.
It is a logical combination of functions with operators AND (&&) and OR (||).
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression
type: string
type: object
chain:
description: 'Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other
pieces of middleware. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/'
description: |-
Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/
properties:
middlewares:
description: Middlewares is the list of MiddlewareRef which composes
@ -163,9 +174,10 @@ spec:
x-kubernetes-int-or-string: true
type: object
compress:
description: 'Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the
client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/'
description: |-
Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip compression.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/
properties:
excludedContentTypes:
description: ExcludedContentTypes defines the list of content
@ -175,40 +187,40 @@ spec:
type: string
type: array
minResponseBodyBytes:
description: 'MinResponseBodyBytes defines the minimum amount
of bytes a response body must have to be compressed. Default:
1024.'
description: |-
MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
Default: 1024.
type: integer
type: object
contentType:
description: ContentType holds the content-type middleware configuration.
This middleware exists to enable the correct behavior until at least
the default one can be changed in a future version.
description: |-
ContentType holds the content-type middleware configuration.
This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
properties:
autoDetect:
description: AutoDetect specifies whether to let the `Content-Type`
header, if it has not been set by the backend, be automatically
set to a value derived from the contents of the response. As
a proxy, the default behavior should be to leave the header
alone, regardless of what the backend did with it. However,
the historic default was to always auto-detect and set the header
if it was nil, and it is going to be kept that way in order
to support users currently relying on it.
description: |-
AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
be automatically set to a value derived from the contents of the response.
As a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it.
However, the historic default was to always auto-detect and set the header if it was nil,
and it is going to be kept that way in order to support users currently relying on it.
type: boolean
type: object
digestAuth:
description: 'DigestAuth holds the digest auth middleware configuration.
description: |-
DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/'
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/
properties:
headerField:
description: 'HeaderField defines a header field to store the
authenticated user. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield'
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield
type: string
realm:
description: 'Realm allows the protected resources on a server
to be partitioned into a set of protection spaces, each with
its own authentication scheme. Default: traefik.'
description: |-
Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
Default: traefik.
type: string
removeHeader:
description: RemoveHeader defines whether to remove the authorization
@ -220,18 +232,20 @@ spec:
type: string
type: object
errors:
description: 'ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according
to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/'
description: |-
ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/
properties:
query:
description: Query defines the URL for the error page (hosted
by service). The {status} variable can be used in order to insert
the status code in the URL.
description: |-
Query defines the URL for the error page (hosted by service).
The {status} variable can be used in order to insert the status code in the URL.
type: string
service:
description: 'Service defines the reference to a Kubernetes Service
that will serve the error page. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service'
description: |-
Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service
properties:
kind:
description: Kind defines the kind of the Service.
@ -240,31 +254,32 @@ spec:
- TraefikService
type: string
name:
description: Name defines the name of the referenced Kubernetes
Service or TraefikService. The differentiation between the
two is specified in the Kind field.
description: |-
Name defines the name of the referenced Kubernetes Service or TraefikService.
The differentiation between the two is specified in the Kind field.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService.
type: string
nativeLB:
description: NativeLB controls, when creating the load-balancer,
whether the LB's children are directly the pods IPs or if
the only child is the Kubernetes Service clusterIP. The
Kubernetes Service itself does load-balance to the pods.
description: |-
NativeLB controls, when creating the load-balancer,
whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
The Kubernetes Service itself does load-balance to the pods.
By default, NativeLB is false.
type: boolean
passHostHeader:
description: PassHostHeader defines whether the client Host
header is forwarded to the upstream Kubernetes Service.
description: |-
PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
description: Port defines the port of a Kubernetes Service.
description: |-
Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
@ -273,29 +288,29 @@ spec:
client.
properties:
flushInterval:
description: 'FlushInterval defines the interval, in milliseconds,
in between flushes to the client while copying the response
body. A negative value means to flush immediately after
each write to the client. This configuration is ignored
when ReverseProxy recognizes a response as a streaming
response; for such responses, writes are flushed to
the client immediately. Default: 100ms'
description: |-
FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
A negative value means to flush immediately after each write to the client.
This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
for such responses, writes are flushed to the client immediately.
Default: 100ms
type: string
type: object
scheme:
description: Scheme defines the scheme to use for the request
to the upstream Kubernetes Service. It defaults to https
when Kubernetes Service port is 443, http otherwise.
description: |-
Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
It defaults to https when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
description: ServersTransport defines the name of ServersTransport
resource to use. It allows to configure the transport between
Traefik and your servers. Can only be used on a Kubernetes
Service.
description: |-
ServersTransport defines the name of ServersTransport resource to use.
It allows to configure the transport between Traefik and your servers.
Can only be used on a Kubernetes Service.
type: string
sticky:
description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions'
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -308,8 +323,9 @@ spec:
description: Name defines the Cookie name.
type: string
sameSite:
description: 'SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
description: |-
SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
type: string
secure:
description: Secure defines whether the cookie can
@ -319,40 +335,42 @@ spec:
type: object
type: object
strategy:
description: Strategy defines the load balancing strategy
between the servers. RoundRobin is the only supported value
at the moment.
description: |-
Strategy defines the load balancing strategy between the servers.
RoundRobin is the only supported value at the moment.
type: string
weight:
description: Weight defines the weight and should only be
specified when Name references a TraefikService object (and
to be precise, one that embeds a Weighted Round Robin).
description: |-
Weight defines the weight and should only be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
status:
description: Status defines which status or range of statuses
should result in an error page. It can be either a status code
as a number (500), as multiple comma-separated numbers (500,502),
as ranges by separating two codes with a dash (500-599), or
a combination of the two (404,418,500-599).
description: |-
Status defines which status or range of statuses should result in an error page.
It can be either a status code as a number (500),
as multiple comma-separated numbers (500,502),
as ranges by separating two codes with a dash (500-599),
or a combination of the two (404,418,500-599).
items:
type: string
type: array
type: object
forwardAuth:
description: 'ForwardAuth holds the forward auth middleware configuration.
description: |-
ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/'
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/
properties:
address:
description: Address defines the authentication server address.
type: string
authRequestHeaders:
description: AuthRequestHeaders defines the list of the headers
to copy from the request to the authentication server. If not
set or empty then all request headers are passed.
description: |-
AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
If not set or empty then all request headers are passed.
items:
type: string
type: array
@ -364,10 +382,9 @@ spec:
type: string
type: array
authResponseHeadersRegex:
description: 'AuthResponseHeadersRegex defines the regex to match
headers to copy from the authentication server response and
set on forwarded request, after stripping all headers that match
the regex. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex'
description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex
type: string
tls:
description: TLS defines the configuration used to secure the
@ -376,14 +393,14 @@ spec:
caOptional:
type: boolean
caSecret:
description: CASecret is the name of the referenced Kubernetes
Secret containing the CA to validate the server certificate.
description: |-
CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate.
The CA certificate is extracted from key `tls.ca` or `ca.crt`.
type: string
certSecret:
description: CertSecret is the name of the referenced Kubernetes
Secret containing the client certificate. The client certificate
is extracted from the keys `tls.crt` and `tls.key`.
description: |-
CertSecret is the name of the referenced Kubernetes Secret containing the client certificate.
The client certificate is extracted from the keys `tls.crt` and `tls.key`.
type: string
insecureSkipVerify:
description: InsecureSkipVerify defines whether the server
@ -396,9 +413,10 @@ spec:
type: boolean
type: object
headers:
description: 'Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers. More
info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders'
description: |-
Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders
properties:
accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the
@ -463,12 +481,14 @@ spec:
header with the nosniff value.
type: boolean
customBrowserXSSValue:
description: CustomBrowserXSSValue defines the X-XSS-Protection
header value. This overrides the BrowserXssFilter option.
description: |-
CustomBrowserXSSValue defines the X-XSS-Protection header value.
This overrides the BrowserXssFilter option.
type: string
customFrameOptionsValue:
description: CustomFrameOptionsValue defines the X-Frame-Options
header value. This overrides the FrameDeny option.
description: |-
CustomFrameOptionsValue defines the X-Frame-Options header value.
This overrides the FrameDeny option.
type: string
customRequestHeaders:
additionalProperties:
@ -500,25 +520,25 @@ spec:
type: string
type: array
isDevelopment:
description: IsDevelopment defines whether to mitigate the unwanted
effects of the AllowedHosts, SSL, and STS options when developing.
Usually testing takes place using HTTP, not HTTPS, and on localhost,
not your production domain. If you would like your development
environment to mimic production with complete Host blocking,
SSL redirects, and STS headers, leave this as false.
description: |-
IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing.
Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain.
If you would like your development environment to mimic production with complete Host blocking, SSL redirects,
and STS headers, leave this as false.
type: boolean
permissionsPolicy:
description: PermissionsPolicy defines the Permissions-Policy
header value. This allows sites to control browser features.
description: |-
PermissionsPolicy defines the Permissions-Policy header value.
This allows sites to control browser features.
type: string
publicKey:
description: PublicKey is the public key that implements HPKP
to prevent MITM attacks with forged certificates.
type: string
referrerPolicy:
description: ReferrerPolicy defines the Referrer-Policy header
value. This allows sites to control whether browsers forward
the Referer header to other sites.
description: |-
ReferrerPolicy defines the Referrer-Policy header value.
This allows sites to control whether browsers forward the Referer header to other sites.
type: string
sslForceHost:
description: 'Deprecated: use RedirectRegex instead.'
@ -529,10 +549,9 @@ spec:
sslProxyHeaders:
additionalProperties:
type: string
description: 'SSLProxyHeaders defines the header keys with associated
values that would indicate a valid HTTPS request. It can be
useful when using other proxies (example: "X-Forwarded-Proto":
"https").'
description: |-
SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
type: object
sslRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
@ -551,33 +570,35 @@ spec:
to the Strict-Transport-Security header.
type: boolean
stsSeconds:
description: STSSeconds defines the max-age of the Strict-Transport-Security
header. If set to 0, the header is not set.
description: |-
STSSeconds defines the max-age of the Strict-Transport-Security header.
If set to 0, the header is not set.
format: int64
type: integer
type: object
inFlightReq:
description: 'InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and
served concurrently. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/'
description: |-
InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and served concurrently.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/
properties:
amount:
description: Amount defines the maximum amount of allowed simultaneous
in-flight request. The middleware responds with HTTP 429 Too
Many Requests if there are already amount requests in progress
(based on the same sourceCriterion strategy).
description: |-
Amount defines the maximum amount of allowed simultaneous in-flight request.
The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
format: int64
type: integer
sourceCriterion:
description: 'SourceCriterion defines what criterion is used to
group requests as originating from a common source. If several
strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost. More
info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion'
description: |-
SourceCriterion defines what criterion is used to group requests as originating from a common source.
If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion
properties:
ipStrategy:
description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy'
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -603,13 +624,15 @@ spec:
type: object
type: object
ipAllowList:
description: 'IPAllowList holds the IP allowlist middleware configuration.
description: |-
IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/'
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/
properties:
ipStrategy:
description: 'IPStrategy holds the IP strategy configuration used
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy'
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -631,14 +654,16 @@ spec:
type: array
type: object
ipWhiteList:
description: 'IPWhiteList holds the IP whitelist middleware configuration.
description: |-
IPWhiteList holds the IP whitelist middleware configuration.
This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
Deprecated: please use IPAllowList instead.'
Deprecated: please use IPAllowList instead.
properties:
ipStrategy:
description: 'IPStrategy holds the IP strategy configuration used
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy'
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -660,9 +685,10 @@ spec:
type: array
type: object
passTLSClientCert:
description: 'PassTLSClientCert holds the pass TLS client cert middleware
configuration. This middleware adds the selected data from the passed
client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/'
description: |-
PassTLSClientCert holds the pass TLS client cert middleware configuration.
This middleware adds the selected data from the passed client TLS certificate to a header.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/
properties:
info:
description: Info selects the specific client certificate details
@ -763,46 +789,48 @@ spec:
plugin:
additionalProperties:
x-kubernetes-preserve-unknown-fields: true
description: 'Plugin defines the middleware plugin configuration.
More info: https://doc.traefik.io/traefik/plugins/'
description: |-
Plugin defines the middleware plugin configuration.
More info: https://doc.traefik.io/traefik/plugins/
type: object
rateLimit:
description: 'RateLimit holds the rate limit configuration. This middleware
ensures that services will receive a fair amount of requests, and
allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/'
description: |-
RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/
properties:
average:
description: Average is the maximum rate, by default in requests/s,
allowed for the given source. It defaults to 0, which means
no rate limiting. The rate is actually defined by dividing Average
by Period. So for a rate below 1req/s, one needs to define a
Period larger than a second.
description: |-
Average is the maximum rate, by default in requests/s, allowed for the given source.
It defaults to 0, which means no rate limiting.
The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
one needs to define a Period larger than a second.
format: int64
type: integer
burst:
description: Burst is the maximum number of requests allowed to
arrive in the same arbitrarily small period of time. It defaults
to 1.
description: |-
Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
It defaults to 1.
format: int64
type: integer
period:
anyOf:
- type: integer
- type: string
description: 'Period, in combination with Average, defines the
actual maximum rate, such as: r = Average / Period. It defaults
to a second.'
description: |-
Period, in combination with Average, defines the actual maximum rate, such as:
r = Average / Period. It defaults to a second.
x-kubernetes-int-or-string: true
sourceCriterion:
description: SourceCriterion defines what criterion is used to
group requests as originating from a common source. If several
strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the request's remote
address field (as an ipStrategy).
description: |-
SourceCriterion defines what criterion is used to group requests as originating from a common source.
If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the request's remote address field (as an ipStrategy).
properties:
ipStrategy:
description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy'
description: |-
IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
@ -828,9 +856,10 @@ spec:
type: object
type: object
redirectRegex:
description: 'RedirectRegex holds the redirect regex middleware configuration.
description: |-
RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex'
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex
properties:
permanent:
description: Permanent defines whether the redirection is permanent
@ -846,9 +875,10 @@ spec:
type: string
type: object
redirectScheme:
description: 'RedirectScheme holds the redirect scheme middleware
configuration. This middleware redirects requests from a scheme/port
to another. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/'
description: |-
RedirectScheme holds the redirect scheme middleware configuration.
This middleware redirects requests from a scheme/port to another.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/
properties:
permanent:
description: Permanent defines whether the redirection is permanent
@ -862,9 +892,10 @@ spec:
type: string
type: object
replacePath:
description: 'ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the
original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/'
description: |-
ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/
properties:
path:
description: Path defines the path to use as replacement in the
@ -872,9 +903,10 @@ spec:
type: string
type: object
replacePathRegex:
description: 'ReplacePathRegex holds the replace path regex middleware
configuration. This middleware replaces the path of a URL using
regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/'
description: |-
ReplacePathRegex holds the replace path regex middleware configuration.
This middleware replaces the path of a URL using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/
properties:
regex:
description: Regex defines the regular expression used to match
@ -886,11 +918,11 @@ spec:
type: string
type: object
retry:
description: 'Retry holds the retry middleware configuration. This
middleware reissues requests a given number of times to a backend
server if that server does not reply. As soon as the server answers,
the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/'
description: |-
Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/
properties:
attempts:
description: Attempts defines how many times the request should
@ -900,22 +932,24 @@ spec:
anyOf:
- type: integer
- type: string
description: InitialInterval defines the first wait time in the
exponential backoff series. The maximum interval is calculated
as twice the initialInterval. If unspecified, requests will
be retried immediately. The value of initialInterval should
be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
description: |-
InitialInterval defines the first wait time in the exponential backoff series.
The maximum interval is calculated as twice the initialInterval.
If unspecified, requests will be retried immediately.
The value of initialInterval should be provided in seconds or as a valid duration format,
see https://pkg.go.dev/time#ParseDuration.
x-kubernetes-int-or-string: true
type: object
stripPrefix:
description: 'StripPrefix holds the strip prefix middleware configuration.
description: |-
StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/'
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/
properties:
forceSlash:
description: 'ForceSlash ensures that the resulting stripped path
is not the empty string, by replacing it with / when necessary.
Default: true.'
description: |-
ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
Default: true.
type: boolean
prefixes:
description: Prefixes defines the prefixes to strip from the request
@ -925,9 +959,10 @@ spec:
type: array
type: object
stripPrefixRegex:
description: 'StripPrefixRegex holds the strip prefix regex middleware
configuration. This middleware removes the matching prefixes from
the URL path. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/'
description: |-
StripPrefixRegex holds the strip prefix regex middleware configuration.
This middleware removes the matching prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/
properties:
regex:
description: Regex defines the regular expression to match the