diff --git a/docs/content/reference/routing-configuration/kubernetes/crd/http/ingressroute.md b/docs/content/reference/routing-configuration/kubernetes/crd/http/ingressroute.md
index 29a89e5da..9356189d0 100644
--- a/docs/content/reference/routing-configuration/kubernetes/crd/http/ingressroute.md
+++ b/docs/content/reference/routing-configuration/kubernetes/crd/http/ingressroute.md
@@ -87,37 +87,8 @@ spec:
| `routes[n].`
`observability.`
`accesslogs` | Defines whether the route will produce [access-logs](../../../../install-configuration/observability/logs-and-accesslogs.md). See [here](../../../http/router/observability.md) for more information. | false | No |
| `routes[n].`
`observability.`
`metrics` | Defines whether the route will produce [metrics](../../../../install-configuration/observability/metrics.md). See [here](../../../http/router/observability.md) for more information. | false | No |
| `routes[n].`
`observability.`
`tracing` | Defines whether the route will produce [traces](../../../../install-configuration/observability/tracing.md). See [here](../../../http/router/observability.md) for more information. | false | No |
-| `routes[n].`
`services` | List of any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/).
More information [here](#externalname-service). | | No |
-| `routes[n].`
`services[m].`
`kind` | Kind of the service targeted.
Two values allowed:
- **Service**: Kubernetes Service
**TraefikService**: Traefik Service.
More information [here](#externalname-service). | "Service" | No |
-| `routes[n].`
`services[m].`
`name` | Service name.
The character `@` is not authorized.
More information [here](#middleware). | | Yes |
-| `routes[n].`
`services[m].`
`namespace` | Service namespace.
Can be empty if the service belongs to the same namespace as the IngressRoute.
More information [here](#externalname-service). | | No |
-| `routes[n].`
`services[m].`
`port` | Service port (number or port name).
Evaluated only if the kind is **Service**. | | No |
-| `routes[n].`
`services[m].`
`responseForwarding.`
`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.
A negative value means to flush immediately after each write to the client.
This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.
Evaluated only if the kind is **Service**. | 100ms | No |
-| `routes[n].`
`services[m].`
`scheme` | Scheme to use for the request to the upstream Kubernetes Service.
Evaluated only if the kind is **Service**. | "http"
"https" if `port` is 443 or contains the string *https*. | No |
-| `routes[n].`
`services[m].`
`serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and your servers.
Evaluated only if the kind is **Service**. | "" | No |
-| | Forward client Host header to server.
Evaluated only if the kind is **Service**. | true | No |
-| `routes[n].`
`services[m].`
`healthCheck.scheme` | Server URL scheme for the health check endpoint.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
-| `routes[n].`
`services[m].`
`healthCheck.mode` | Health check mode.
If defined to grpc, will use the gRPC health check protocol to probe the server.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "http" | No |
-| `routes[n].`
`services[m].`
`healthCheck.path` | Server URL path for the health check endpoint.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
-| `routes[n].`
`services[m].`
`healthCheck.interval` | Frequency of the health check calls for healthy targets.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "100ms" | No |
-| `routes[n].`
`services[m].`
`healthCheck.unhealthyInterval` | Frequency of the health check calls for unhealthy targets.
When not defined, it defaults to the `interval` value.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "100ms" | No |
-| `routes[n].`
`services[m].`
`healthCheck.method` | HTTP method for the health check endpoint.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "GET" | No |
-| `routes[n].`
`services[m].`
`healthCheck.status` | Expected HTTP status code of the response to the health check request.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.
If not set, expect a status between 200 and 399.
Evaluated only if the kind is **Service**. | | No |
-| `routes[n].`
`services[m].`
`healthCheck.port` | URL port for the health check endpoint.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | | No |
-| `routes[n].`
`services[m].`
`healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "5s" | No |
-| `routes[n].`
`services[m].`
`healthCheck.hostname` | Value in the Host header of the health check request.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
-| `routes[n].`
`services[m].`
`healthCheck.`
`followRedirect` | Follow the redirections during the healtchcheck.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | true | No |
-| | Map of header to send to the health check endpoint
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service)). | | No |
-| `routes[n].`
`services[m].`
`sticky.`
`cookie.name` | Name of the cookie used for the stickiness.
When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.
On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.
If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).
Evaluated only if the kind is **Service**. | "" | No |
-| `routes[n].`
`services[m].`
`sticky.`
`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.
Evaluated only if the kind is **Service**. | false | No |
-| `routes[n].`
`services[m].`
`sticky.`
`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).
Evaluated only if the kind is **Service**. | false | No |
-| `routes[n].`
`services[m].`
`sticky.`
`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy
Allowed values:
-`none`
-`lax`
`strict`
Evaluated only if the kind is **Service**. | "" | No |
-| `routes[n].`
`services[m].`
`sticky.`
`cookie.maxAge` | Number of seconds until the cookie expires.
Negative number, the cookie expires immediately.
0, the cookie never expires.
Evaluated only if the kind is **Service**. | 0 | No |
-| `routes[n].`
`services[m].`
`strategy` | Load balancing strategy between the servers.
RoundRobin is the only supported value yet.
Evaluated only if the kind is **Service**. | "RoundRobin" | No |
-| `routes[n].`
`services[m].`
`weight` | Service weight.
To use only to refer to WRR TraefikService | "" | No |
-| `routes[n].`
`services[m].`
`nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.
Evaluated only if the kind is **Service**. | false | No |
-| `routes[n].`
`services[m].`
`nodePortLB` | Use the nodePort IP address when the service type is NodePort.
It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.
Evaluated only if the kind is **Service**. | false | No |
| `tls` | TLS configuration.
Can be an empty value(`{}`):
A self signed is generated in such a case
(or the [default certificate](tlsstore.md) is used if it is defined.) | | No |
+| `routes[n].`
`services` | List of any combination of [TraefikService](./traefikservice.md) and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/).
Exhaustive list of option in the [`Service`](./service.md#configuration-options) documentation. | | No |
| `tls.secretName` | [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the same namesapce as the `IngressRoute`) | "" | No |
| `tls.`
`options.name` | Name of the [`TLSOption`](tlsoption.md) to use.
More information [here](#tls-options). | "" | No |
| `tls.`
`options.namespace` | Namespace of the [`TLSOption`](tlsoption.md) to use. | "" | No |
@@ -126,113 +97,6 @@ spec:
| `tls.`
`domains[n].main` | Main domain name | "" | Yes |
| `tls.`
`domains[n].sans` | List of alternative domains (SANs) | | No |
-### ExternalName Service
-
-Traefik backends creation needs a port to be set, however Kubernetes [ExternalName Service](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) could be defined without any port. Accordingly, Traefik supports defining a port in two ways:
-
-- only on `IngressRoute` service
-- on both sides, you'll be warned if the ports don't match, and the `IngressRoute` service port is used
-
-Thus, in case of two sides port definition, Traefik expects a match between ports.
-
-=== "Ports defined on Resource"
-
- ```yaml tab="IngressRoute"
- apiVersion: traefik.io/v1alpha1
- kind: IngressRoute
- metadata:
- name: test.route
- namespace: apps
-
- spec:
- entryPoints:
- - foo
- routes:
- - match: Host(`example.net`)
- kind: Rule
- services:
- - name: external-svc
- port: 80
- ```
-
- ```yaml tab="Service ExternalName"
- apiVersion: v1
- kind: Service
- metadata:
- name: external-svc
- namespace: apps
-
- spec:
- externalName: external.domain
- type: ExternalName
- ```
-
-=== "Port defined on the Service"
-
- ```yaml tab="IngressRoute"
- apiVersion: traefik.io/v1alpha1
- kind: IngressRoute
- metadata:
- name: test.route
- namespace: apps
-
- spec:
- entryPoints:
- - foo
- routes:
- - match: Host(`example.net`)
- kind: Rule
- services:
- - name: external-svc
- ```
-
- ```yaml tab="Service ExternalName"
- apiVersion: v1
- kind: Service
- metadata:
- name: external-svc
- namespace: apps
-
- spec:
- externalName: external.domain
- type: ExternalName
- ports:
- - port: 80
- ```
-
-=== "Port defined on both sides"
-
- ```yaml tab="IngressRoute"
- apiVersion: traefik.io/v1alpha1
- kind: IngressRoute
- metadata:
- name: test.route
- namespace: apps
-
- spec:
- entryPoints:
- - foo
- routes:
- - match: Host(`example.net`)
- kind: Rule
- services:
- - name: external-svc
- port: 80
- ```
-
- ```yaml tab="Service ExternalName"
- apiVersion: v1
- kind: Service
- metadata:
- name: external-svc
- namespace: apps
-
- spec:
- externalName: external.domain
- type: ExternalName
- ports:
- - port: 80
- ```
### Middleware
@@ -282,109 +146,6 @@ same namespace as the IngressRoute)
- `Service` (default value): to reference a [Kubernetes Service](https://kubernetes.io/docs/concepts/services-networking/service/)
- `TraefikService`: to reference an object [`TraefikService`](../http/traefikservice.md)
-### Port Definition
-
-Traefik backends creation needs a port to be set, however Kubernetes [ExternalName Service](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) could be defined without any port. Accordingly, Traefik supports defining a port in two ways:
-
-- only on `IngressRoute` service
-- on both sides, you'll be warned if the ports don't match, and the `IngressRoute` service port is used
-
-Thus, in case of two sides port definition, Traefik expects a match between ports.
-
-??? example
-
- ```yaml tab="IngressRoute"
- ---
- apiVersion: traefik.io/v1alpha1
- kind: IngressRoute
- metadata:
- name: test.route
- namespace: default
-
- spec:
- entryPoints:
- - foo
-
- routes:
- - match: Host(`example.net`)
- kind: Rule
- services:
- - name: external-svc
- port: 80
-
- ---
- apiVersion: v1
- kind: Service
- metadata:
- name: external-svc
- namespace: default
- spec:
- externalName: external.domain
- type: ExternalName
- ```
-
- ```yaml tab="ExternalName Service"
- ---
- apiVersion: traefik.io/v1alpha1
- kind: IngressRoute
- metadata:
- name: test.route
- namespace: default
-
- spec:
- entryPoints:
- - foo
-
- routes:
- - match: Host(`example.net`)
- kind: Rule
- services:
- - name: external-svc
-
- ---
- apiVersion: v1
- kind: Service
- metadata:
- name: external-svc
- namespace: default
- spec:
- externalName: external.domain
- type: ExternalName
- ports:
- - port: 80
- ```
-
- ```yaml tab="Both sides"
- ---
- apiVersion: traefik.io/v1alpha1
- kind: IngressRoute
- metadata:
- name: test.route
- namespace: default
-
- spec:
- entryPoints:
- - foo
-
- routes:
- - match: Host(`example.net`)
- kind: Rule
- services:
- - name: external-svc
- port: 80
-
- ---
- apiVersion: v1
- kind: Service
- metadata:
- name: external-svc
- namespace: default
- spec:
- externalName: external.domain
- type: ExternalName
- ports:
- - port: 80
- ```
### TLS Options
@@ -455,108 +216,3 @@ TLS options references, a conflict occurs, such as in the example below.
If that happens, both mappings are discarded, and the host name
(`example.net` in the example) for these routers gets associated with
the default TLS options instead.
-
-### Load Balancing
-
-You can declare and use Kubernetes Service load balancing as detailed below:
-
-```yaml tab="IngressRoute"
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
- name: ingressroutebar
- namespace: default
-
-spec:
- entryPoints:
- - web
- routes:
- - match: Host(`example.com`) && PathPrefix(`/foo`)
- kind: Rule
- services:
- - name: svc1
- namespace: default
- - name: svc2
- namespace: default
-```
-
-```yaml tab="K8s Service"
-apiVersion: v1
-kind: Service
-metadata:
- name: svc1
- namespace: default
-
-spec:
- ports:
- - name: http
- port: 80
- selector:
- app: traefiklabs
- task: app1
----
-apiVersion: v1
-kind: Service
-metadata:
- name: svc2
- namespace: default
-
-spec:
- ports:
- - name: http
- port: 80
- selector:
- app: traefiklabs
- task: app2
-```
-
-!!! important "Kubernetes Service Native Load-Balancing"
-
- To avoid creating the server load-balancer with the pod IPs and use Kubernetes Service clusterIP directly,
- one should set the service `NativeLB` option to true.
- Please note that, by default, Traefik reuses the established connections to the backends for performance purposes. This can prevent the requests load balancing between the replicas from behaving as one would expect when the option is set.
- By default, `NativeLB` is false.
-
- ??? example "Example"
-
- ```yaml
- ---
- apiVersion: traefik.io/v1alpha1
- kind: IngressRoute
- metadata:
- name: test.route
- namespace: default
-
- spec:
- entryPoints:
- - foo
-
- routes:
- - match: Host(`example.net`)
- kind: Rule
- services:
- - name: svc
- port: 80
- # Here, nativeLB instructs to build the server load-balancer with the Kubernetes Service clusterIP only.
- nativeLB: true
-
- ---
- apiVersion: v1
- kind: Service
- metadata:
- name: svc
- namespace: default
- spec:
- type: ClusterIP
- ...
- ```
-
-### Configuring Backend Protocol
-
-There are 3 ways to configure the backend protocol for communication between Traefik and your pods:
-
-- Setting the scheme explicitly (http/https/h2c)
-- Configuring the name of the kubernetes service port to start with https (https)
-- Setting the kubernetes service port to use port 443 (https)
-
-If you do not configure the above, Traefik will assume an http connection.
diff --git a/docs/content/reference/routing-configuration/kubernetes/crd/http/service.md b/docs/content/reference/routing-configuration/kubernetes/crd/http/service.md
new file mode 100644
index 000000000..14de09555
--- /dev/null
+++ b/docs/content/reference/routing-configuration/kubernetes/crd/http/service.md
@@ -0,0 +1,430 @@
+---
+title: "Kubernetes Service"
+description: "A Service is a not Traefik CRD, it allows you to describe the Service option in an IngressRoute or a Traefik Service."
+---
+
+`Service` is the implementation of a [Traefik HTTP service](../../../http/load-balancing/service.md).
+
+There is no dedicated CRD, a `Service` is part of:
+
+- [`IngressRoute`](./ingressroute.md)
+- [`TraefikService`](./traefikservice.md)
+
+Note that, before creating `IngressRoute` or `TraefikService` objects, you need to apply the [Traefik Kubernetes CRDs](https://doc.traefik.io/traefik/reference/dynamic-configuration/kubernetes-crd/#definitions) to your Kubernetes cluster.
+
+This registers the Traefik-specific resources.
+
+## Configuration Example
+
+You can declare a `Service` either as part of an `IngressRoute` or a `TraefikService` as detailed below:
+
+```yaml tab="IngressRoute"
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+ name: test-name
+ namespace: apps
+spec:
+ entryPoints:
+ - web
+ routes:
+ - kind: Rule
+ # Rule on the Host
+ match: Host(`test.example.com`)
+ services:
+ # Target a Kubernetes Service
+ - kind: Service
+ name: foo
+ namespace: apps
+ # Customize the connection between Traefik and the backend
+ passHostHeader: true
+ port: 80
+ responseForwarding:
+ flushInterval: 1ms
+ scheme: https
+ sticky:
+ cookie:
+ httpOnly: true
+ name: cookie
+ secure: true
+ strategy: RoundRobin
+```
+
+```yaml tab="TraefikService"
+apiVersion: traefik.io/v1alpha1
+kind: TraefikService
+metadata:
+ name: wrr1
+ namespace: apps
+
+spec:
+ weighted:
+ services:
+ # Target a Kubernetes Service
+ - kind: Service
+ name: foo
+ namespace: apps
+ # Customize the connection between Traefik and the backend
+ passHostHeader: true
+ port: 80
+ responseForwarding:
+ flushInterval: 1ms
+ scheme: https
+ sticky:
+ cookie:
+ httpOnly: true
+ name: cookie
+ secure: true
+ strategy: RoundRobin
+```
+
+## Configuration Options
+
+| Field | Description | Default | Required |
+|:---------------------------------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------|:---------|
+| `kind` | Kind of the service targeted.
Two values allowed:
- **Service**: Kubernetes Service
**TraefikService**: Traefik Service.
More information [here](#externalname-service). | "Service" | No |
+| `name` | Service name.
The character `@` is not authorized.
More information [here](#middleware). | | Yes |
+| `namespace` | Service namespace.
Can be empty if the service belongs to the same namespace as the IngressRoute.
More information [here](#externalname-service). | | No |
+| `port` | Service port (number or port name).
Evaluated only if the kind is **Service**. | | No |
+| `responseForwarding.`
`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.
A negative value means to flush immediately after each write to the client.
This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.
Evaluated only if the kind is **Service**. | 100ms | No |
+| `scheme` | Scheme to use for the request to the upstream Kubernetes Service.
Evaluated only if the kind is **Service**. | "http"
"https" if `port` is 443 or contains the string *https*. | No |
+| `serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and your servers.
Evaluated only if the kind is **Service**. | "" | No |
+| | Forward client Host header to server.
Evaluated only if the kind is **Service**. | true | No |
+| `healthCheck.scheme` | Server URL scheme for the health check endpoint.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
+| `healthCheck.mode` | Health check mode.
If defined to grpc, will use the gRPC health check protocol to probe the server.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "http" | No |
+| `healthCheck.path` | Server URL path for the health check endpoint.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
+| `healthCheck.interval` | Frequency of the health check calls for healthy targets.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "100ms" | No |
+| `healthCheck.unhealthyInterval` | Frequency of the health check calls for unhealthy targets.
When not defined, it defaults to the `interval` value.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "100ms" | No |
+| `healthCheck.method` | HTTP method for the health check endpoint.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "GET" | No |
+| `healthCheck.status` | Expected HTTP status code of the response to the health check request.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.
If not set, expect a status between 200 and 399.
Evaluated only if the kind is **Service**. | | No |
+| `healthCheck.port` | URL port for the health check endpoint.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | | No |
+| `healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "5s" | No |
+| `healthCheck.hostname` | Value in the Host header of the health check request.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
+| `healthCheck.`
`followRedirect` | Follow the redirections during the healtchcheck.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | true | No |
+| | Map of header to send to the health check endpoint
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service)). | | No |
+| `sticky.`
`cookie.name` | Name of the cookie used for the stickiness.
When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.
On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.
If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).
Evaluated only if the kind is **Service**. | "" | No |
+| `sticky.`
`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.
Evaluated only if the kind is **Service**. | false | No |
+| `sticky.`
`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).
Evaluated only if the kind is **Service**. | false | No |
+| `sticky.`
`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy
Allowed values:
-`none`
-`lax`
`strict`
Evaluated only if the kind is **Service**. | "" | No |
+| `sticky.`
`cookie.maxAge` | Number of seconds until the cookie expires.
Negative number, the cookie expires immediately.
0, the cookie never expires.
Evaluated only if the kind is **Service**. | 0 | No |
+| `strategy` | Load balancing strategy between the servers.
RoundRobin is the only supported value yet.
Evaluated only if the kind is **Service**. | "RoundRobin" | No |
+| `nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.
Evaluated only if the kind is **Service**. | false | No |
+| `nodePortLB` | Use the nodePort IP address when the service type is NodePort.
It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.
Evaluated only if the kind is **Service**. | false | No |
+
+
+### ExternalName Service
+
+Traefik backends creation needs a port to be set, however Kubernetes [ExternalName Service](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) could be defined without any port. Accordingly, Traefik supports defining a port in two ways:
+
+- only on `IngressRoute` service
+- on both sides, you'll be warned if the ports don't match, and the `IngressRoute` service port is used
+
+Thus, in case of two sides port definition, Traefik expects a match between ports.
+
+=== "Ports defined on Resource"
+
+ ```yaml tab="IngressRoute"
+ apiVersion: traefik.io/v1alpha1
+ kind: IngressRoute
+ metadata:
+ name: test.route
+ namespace: apps
+
+ spec:
+ entryPoints:
+ - foo
+ routes:
+ - match: Host(`example.net`)
+ kind: Rule
+ services:
+ - name: external-svc
+ port: 80
+ ```
+
+ ```yaml tab="Service ExternalName"
+ apiVersion: v1
+ kind: Service
+ metadata:
+ name: external-svc
+ namespace: apps
+
+ spec:
+ externalName: external.domain
+ type: ExternalName
+ ```
+
+=== "Port defined on the Service"
+
+ ```yaml tab="IngressRoute"
+ apiVersion: traefik.io/v1alpha1
+ kind: IngressRoute
+ metadata:
+ name: test.route
+ namespace: apps
+
+ spec:
+ entryPoints:
+ - foo
+ routes:
+ - match: Host(`example.net`)
+ kind: Rule
+ services:
+ - name: external-svc
+ ```
+
+ ```yaml tab="Service ExternalName"
+ apiVersion: v1
+ kind: Service
+ metadata:
+ name: external-svc
+ namespace: apps
+
+ spec:
+ externalName: external.domain
+ type: ExternalName
+ ports:
+ - port: 80
+ ```
+
+=== "Port defined on both sides"
+
+ ```yaml tab="IngressRoute"
+ apiVersion: traefik.io/v1alpha1
+ kind: IngressRoute
+ metadata:
+ name: test.route
+ namespace: apps
+
+ spec:
+ entryPoints:
+ - foo
+ routes:
+ - match: Host(`example.net`)
+ kind: Rule
+ services:
+ - name: external-svc
+ port: 80
+ ```
+
+ ```yaml tab="Service ExternalName"
+ apiVersion: v1
+ kind: Service
+ metadata:
+ name: external-svc
+ namespace: apps
+
+ spec:
+ externalName: external.domain
+ type: ExternalName
+ ports:
+ - port: 80
+ ```
+
+### Port Definition
+
+Traefik backends creation needs a port to be set, however Kubernetes [ExternalName Service](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) could be defined without any port. Accordingly, Traefik supports defining a port in two ways:
+
+- only on `IngressRoute` service
+- on both sides, you'll be warned if the ports don't match, and the `IngressRoute` service port is used
+
+Thus, in case of two sides port definition, Traefik expects a match between ports.
+
+??? example
+
+ ```yaml tab="IngressRoute"
+ ---
+ apiVersion: traefik.io/v1alpha1
+ kind: IngressRoute
+ metadata:
+ name: test.route
+ namespace: default
+
+ spec:
+ entryPoints:
+ - foo
+
+ routes:
+ - match: Host(`example.net`)
+ kind: Rule
+ services:
+ - name: external-svc
+ port: 80
+
+ ---
+ apiVersion: v1
+ kind: Service
+ metadata:
+ name: external-svc
+ namespace: default
+ spec:
+ externalName: external.domain
+ type: ExternalName
+ ```
+
+ ```yaml tab="ExternalName Service"
+ ---
+ apiVersion: traefik.io/v1alpha1
+ kind: IngressRoute
+ metadata:
+ name: test.route
+ namespace: default
+
+ spec:
+ entryPoints:
+ - foo
+
+ routes:
+ - match: Host(`example.net`)
+ kind: Rule
+ services:
+ - name: external-svc
+
+ ---
+ apiVersion: v1
+ kind: Service
+ metadata:
+ name: external-svc
+ namespace: default
+ spec:
+ externalName: external.domain
+ type: ExternalName
+ ports:
+ - port: 80
+ ```
+
+ ```yaml tab="Both sides"
+ ---
+ apiVersion: traefik.io/v1alpha1
+ kind: IngressRoute
+ metadata:
+ name: test.route
+ namespace: default
+
+ spec:
+ entryPoints:
+ - foo
+
+ routes:
+ - match: Host(`example.net`)
+ kind: Rule
+ services:
+ - name: external-svc
+ port: 80
+
+ ---
+ apiVersion: v1
+ kind: Service
+ metadata:
+ name: external-svc
+ namespace: default
+ spec:
+ externalName: external.domain
+ type: ExternalName
+ ports:
+ - port: 80
+ ```
+
+### Load Balancing
+
+You can declare and use Kubernetes Service load balancing as detailed below:
+
+```yaml tab="IngressRoute"
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+ name: ingressroutebar
+ namespace: default
+
+spec:
+ entryPoints:
+ - web
+ routes:
+ - match: Host(`example.com`) && PathPrefix(`/foo`)
+ kind: Rule
+ services:
+ - name: svc1
+ namespace: default
+ - name: svc2
+ namespace: default
+```
+
+```yaml tab="K8s Service"
+apiVersion: v1
+kind: Service
+metadata:
+ name: svc1
+ namespace: default
+
+spec:
+ ports:
+ - name: http
+ port: 80
+ selector:
+ app: traefiklabs
+ task: app1
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: svc2
+ namespace: default
+
+spec:
+ ports:
+ - name: http
+ port: 80
+ selector:
+ app: traefiklabs
+ task: app2
+```
+
+!!! important "Kubernetes Service Native Load-Balancing"
+
+ To avoid creating the server load-balancer with the pod IPs and use Kubernetes Service clusterIP directly,
+ one should set the service `NativeLB` option to true.
+ Please note that, by default, Traefik reuses the established connections to the backends for performance purposes. This can prevent the requests load balancing between the replicas from behaving as one would expect when the option is set.
+ By default, `NativeLB` is false.
+
+ ??? example "Example"
+
+ ```yaml
+ ---
+ apiVersion: traefik.io/v1alpha1
+ kind: IngressRoute
+ metadata:
+ name: test.route
+ namespace: default
+
+ spec:
+ entryPoints:
+ - foo
+
+ routes:
+ - match: Host(`example.net`)
+ kind: Rule
+ services:
+ - name: svc
+ port: 80
+ # Here, nativeLB instructs to build the server load-balancer with the Kubernetes Service clusterIP only.
+ nativeLB: true
+
+ ---
+ apiVersion: v1
+ kind: Service
+ metadata:
+ name: svc
+ namespace: default
+ spec:
+ type: ClusterIP
+ ...
+ ```
+
+### Configuring Backend Protocol
+
+There are 3 ways to configure the backend protocol for communication between Traefik and your pods:
+
+- Setting the scheme explicitly (http/https/h2c)
+- Configuring the name of the kubernetes service port to start with https (https)
+- Setting the kubernetes service port to use port 443 (https)
+
+If you do not configure the above, Traefik will assume an http connection.
diff --git a/docs/content/reference/routing-configuration/kubernetes/crd/http/traefikservice.md b/docs/content/reference/routing-configuration/kubernetes/crd/http/traefikservice.md
index 2cdf94c9c..5ffec45cc 100644
--- a/docs/content/reference/routing-configuration/kubernetes/crd/http/traefikservice.md
+++ b/docs/content/reference/routing-configuration/kubernetes/crd/http/traefikservice.md
@@ -150,36 +150,8 @@ data:
| Field | Description | Default | Required |
|:---------------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------|:---------|
-| `services` | List of any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/).
. | | No |
-| `services[m].`
`kind` | Kind of the service targeted.
Two values allowed:
- **Service**: Kubernetes Service
- **TraefikService**: Traefik Service. | "" | No |
-| `services[m].`
`name` | Service name.
The character `@` is not authorized. | "" | Yes |
-| `services[m].`
`namespace` | Service namespace. | "" | No |
-| `services[m].`
`port` | Service port (number or port name).
Evaluated only if the kind is **Service**. | "" | No |
-| `services[m].`
`responseForwarding.`
`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.
A negative value means to flush immediately after each write to the client.
This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.
Evaluated only if the kind is **Service**. | 100ms | No |
-| `services[m].`
`scheme` | Scheme to use for the request to the upstream Kubernetes Service.
Evaluated only if the kind is **Service**. | "http"
"https" if `port` is 443 or contains the string *https*. | No |
-| `services[m].`
`serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and your servers.
Evaluated only if the kind is **Service**. | "" | No |
-| | Forward client Host header to server.
Evaluated only if the kind is **Service**. | true | No |
-| `services[m].`
`healthCheck.scheme` | Server URL scheme for the health check endpoint.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No |
-| `services[m].`
`healthCheck.mode` | Health check mode.
If defined to grpc, will use the gRPC health check protocol to probe the server.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "http" | No |
-| `services[m].`
`healthCheck.path` | Server URL path for the health check endpoint.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No |
-| `services[m].`
`healthCheck.interval` | Frequency of the health check calls for healthy targets.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName]`ExternalName`. | "100ms" | No |
-| `services[m].`
`healthCheck.unhealthyInterval` | Frequency of the health check calls for unhealthy targets.
When not defined, it defaults to the `interval` value.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName]`ExternalName`. | "100ms" | No |
-| `services[m].`
`healthCheck.method` | HTTP method for the health check endpoint.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "GET" | No |
-| `services[m].`
`healthCheck.status` | Expected HTTP status code of the response to the health check request.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.
If not set, expect a status between 200 and 399.
Evaluated only if the kind is **Service**. | | No |
-| `services[m].`
`healthCheck.port` | URL port for the health check endpoint.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | | No |
-| `services[m].`
`healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "5s" | No |
-| `services[m].`
`healthCheck.hostname` | Value in the Host header of the health check request.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No |
-| `services[m].`
`healthCheck.`
`followRedirect` | Follow the redirections during the healtchcheck.
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | true | No |
-| | Map of header to send to the health check endpoint
Evaluated only if the kind is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | | No |
-| `services[m].`
`sticky.`
`cookie.name` | Name of the cookie used for the stickiness.
Evaluated only if the kind is **Service**. | Abbreviation of a sha1
(ex: `_1d52e`). | No |
-| `services[m].`
`sticky.`
`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.
Evaluated only if the kind is **Service**. | false | No |
-| `services[m].`
`sticky.`
`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).
Evaluated only if the kind is **Service**. | false | No |
-| `services[m].`
`sticky.`
`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.
Allowed values:
-`none`
-`lax`
`strict`
Evaluated only if the kind is **Service**. | "" | No |
-| `services[m].`
`sticky.`
`cookie.maxAge` | Number of seconds until the cookie expires.
Negative number, the cookie expires immediately.
0, the cookie never expires.
Evaluated only if the kind is **Service**. | 0 | No |
-| `services[m].`
`strategy` | Load balancing strategy between the servers.
RoundRobin is the only supported value yet.
Evaluated only if the kind is **Service**. | "RoundRobin" | No |
-| `services[m].`
`weight` | Service weight.
To use only to refer to WRR TraefikService | "" | No |
-| `services[m].`
`nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.
Evaluated only if the kind is **Service**. | false | No |
-| `services[m].`
`nodePortLB` | Use the nodePort IP address when the service type is NodePort.
It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.
Evaluated only if the kind is **Service**. | false | No |
+| `services` | List of any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/).
. Exhaustive list of option in the [`Service`](./service.md#configuration-options) documentation. | | No |
+| `services[m].weight` | Service weight. | "" | No |
| `sticky.`
`cookie.name` | Name of the cookie used for the stickiness at the WRR service level.
When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.
On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.
If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).
More information about WRR stickiness [here](#stickiness-on-multiple-levels) | Abbreviation of a sha1
(ex: `_1d52e`). | No |
| `sticky.`
`cookie.httpOnly` | Allow the cookie used for the stickiness at the WRR service level to be accessed by client-side APIs, such as JavaScript.
More information about WRR stickiness [here](#stickiness-on-multiple-levels) | false | No |
| `sticky.`
`cookie.secure` | Allow the cookie used for the stickiness at the WRR service level to be only transmitted over an encrypted connection (i.e. HTTPS).
More information about WRR stickiness [here](#stickiness-on-multiple-levels) | false | No |
@@ -305,6 +277,8 @@ spec:
mirroring:
name: svc1 # svc1 receives 100% of the traffic
port: 80
+ mirrorBody: true # Set to false by default
+ maxBodySize: 1M
mirrors:
- name: svc2 # svc2 receives a copy of 20% of this traffic
port: 80
@@ -367,73 +341,31 @@ spec:
### Configuration Options
-!!!note "Main and mirrored services"
+#### Main Service Options
- The main service properties are set as the option root level.
+The main service properties are set as the option root level.
- The mirrored services properties are set in the `mirrors` list.
+The main service provides the same options as a [`Service`](./service.md).
+
+The exhaustive list of the service options is described in the [`Service`](./service.md#configuration-options) documentation.
+The mirror main service dedicated option are described below.
| Field | Description | Default | Required |
|:--------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------|:---------|
-| `kind` | Kind of the main service.
Two values allowed:
- **Service**: Kubernetes Service
- **TraefikService**: Traefik Service.
More information [here](#services) | "" | No |
-| `name` | Main service name.
The character `@` is not authorized. | "" | Yes |
-| `namespace` | Main service namespace.
More information [here](#services). | "" | No |
-| `port` | Main service port (number or port name).
Evaluated only if the kind of the main service is **Service**. | "" | No |
-| `responseForwarding.`
`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.
A negative value means to flush immediately after each write to the client.
This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.
Evaluated only if the kind of the main service is **Service**. | 100ms | No |
-| `scheme` | Scheme to use for the request to the upstream Kubernetes Service.
Evaluated only if the kind of the main service is **Service**. | "http"
"https" if `port` is 443 or contains the string *https*. | No |
-| `serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and the main service's servers.
Evaluated only if the kind of the main service is **Service**. | "" | No |
-| | Forward client Host header to main service's server.
Evaluated only if the kind of the main service is **Service**. | true | No |
-| `healthCheck.scheme` | Server URL scheme for the health check endpoint.
Evaluated only if the kind of the main service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
-| `healthCheck.mode` | Health check mode.
If defined to grpc, will use the gRPC health check protocol to probe the server.
Evaluated only if the kind of the main service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "http" | No |
-| `healthCheck.path` | Server URL path for the health check endpoint.
Evaluated only if the kind of the main service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
-| `healthCheck.interval` | Frequency of the health check calls for healthy targets.
Evaluated only if the kind of the main service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
-| `healthCheck.unhealthyInterval` | Frequency of the health check calls for unhealthy targets.
When not defined, it defaults to the `interval` value.
Evaluated only if the kind of the main service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
-| `healthCheck.method` | HTTP method for the health check endpoint.
Evaluated only if the kind of the main service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "GET" | No |
-| `healthCheck.status` | Expected HTTP status code of the response to the health check request.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.
If not set, expect a status between 200 and 399.
Evaluated only if the kind of the main service is **Service**. | | No |
-| `healthCheck.port` | URL port for the health check endpoint.
Evaluated only if the kind of the main service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
-| `healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.
Evaluated only if the kind of the main service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "5s" | No |
-| `healthCheck.hostname` | Value in the Host header of the health check request.
Evaluated only if the kind of the main service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
-| `healthCheck.`
`followRedirect` | Follow the redirections during the healtchcheck.
Evaluated only if the kind of the main service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | true | No |
-| | Map of header to send to the health check endpoint
Evaluated only if the kind of the main service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
-| `sticky.`
`cookie.name` | Name of the cookie used for the stickiness on the main service.
Evaluated only if the kind of the main service is **Service**. | Abbreviation of a sha1
(ex: `_1d52e`). | No |
-| `sticky.`
`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.
Evaluated only if the kind of the main service is **Service**. | false | No |
-| `sticky.`
`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).
Evaluated only if the kind of the main service is **Service**. | false | No |
-| `sticky.`
`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.
Allowed values:
-`none`
-`lax`
`strict`
Evaluated only if the kind of the main service is **Service**. | "" | No |
-| `sticky.`
`cookie.maxAge` | Number of seconds until the cookie expires.
Negative number, the cookie expires immediately.
0, the cookie never expires.
Evaluated only if the kind of the main service is **Service**. | 0 | No |
-| `strategy` | Load balancing strategy between the main service's servers.
RoundRobin is the only supported value yet.
Evaluated only if the kind of the main service is **Service**. | "RoundRobin" | No |
-| `weight` | Service weight.
To use only to refer to WRR TraefikService | "" | No |
-| `nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.
Evaluated only if the kind of the main service is **Service**. | false | No |
-| `nodePortLB` | Use the nodePort IP address when the service type is NodePort.
It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.
Evaluated only if the kind of the main service is **Service**. | false | No |
-| `maxBodySize` | Maximum size allowed for the body of the request.
If the body is larger, the request is not mirrored.
-1 means unlimited size. | -1 | No |
-| `mirrors` | List of mirrored services to target.
It can be any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/).
More information [here](#services). | | No |
-| `mirrors[m].`
`kind` | Kind of the mirrored service targeted.
Two values allowed:
- **Service**: Kubernetes Service
- **TraefikService**: Traefik Service.
More information [here](#services) | "" | No |
-| `mirrors[m].`
`name` | Mirrored service name.
The character `@` is not authorized. | "" | Yes |
-| `mirrors[m].`
`namespace` | Mirrored service namespace.
More information [here](#services). | "" | No |
-| `mirrors[m].`
`port` | Mirrored service port (number or port name).
Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
-| `mirrors[m].`
`percent` | Part of the traffic to mirror in percent (from 0 to 100) | 0 | No |
-| `mirrors[m].`
`responseForwarding.`
`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.
A negative value means to flush immediately after each write to the client.
This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.
Evaluated only if the kind of the mirrored service is **Service**. | 100ms | No |
-| `mirrors[m].`
`scheme` | Scheme to use for the request to the mirrored service.
Evaluated only if the kind of the mirrored service is **Service**. | "http"
"https" if `port` is 443 or contains the string *https*. | No |
-| `mirrors[m].`
`serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and the mirrored service servers.
Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
-| | Forward client Host header to the mirrored service servers.
Evaluated only if the kind of the mirrored service is **Service**. | true | No |
-| `mirrors[m].`
`healthCheck.scheme` | Server URL scheme for the health check endpoint.
Evaluated only if the kind of the mirrored service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
-| `mirrors[m].`
`healthCheck.mode` | Health check mode.
If defined to grpc, will use the gRPC health check protocol to probe the server.
Evaluated only if the kind of the mirrored service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "http" | No |
-| `mirrors[m].`
`healthCheck.path` | Server URL path for the health check endpoint.
Evaluated only if the kind of the mirrored service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
-| `mirrors[m].`
`healthCheck.interval` | Frequency of the health check calls.
Evaluated only if the kind of the mirrored service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
-| `mirrors[m].`
`healthCheck.unhealthyInterval` | Frequency of the health check calls for unhealthy targets.
When not defined, it defaults to the `interval` value.
Evaluated only if the kind of the mirrored service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
-| `mirrors[m].`
`healthCheck.method` | HTTP method for the health check endpoint.
Evaluated only if the kind of the mirrored service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "GET" | No |
-| `mirrors[m].`
`healthCheck.status` | Expected HTTP status code of the response to the health check request.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.
If not set, expect a status between 200 and 399.
Evaluated only if the kind of the mirrored service is **Service**. | | No |
-| `mirrors[m].`
`healthCheck.port` | URL port for the health check endpoint.
Evaluated only if the kind of the mirrored service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
-| `mirrors[m].`
`healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.
Evaluated only if the kind of the mirrored service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "5s" | No |
-| `mirrors[m].`
`healthCheck.hostname` | Value in the Host header of the health check request.
Evaluated only if the kind of the mirrored service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
-| `mirrors[m].`
`healthCheck.`
`followRedirect` | Follow the redirections during the healtchcheck.
Evaluated only if the kind of the mirrored service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | true | No |
-| | Map of header to send to the health check endpoint
Evaluated only if the kind of the mirrored service is **Service**.
Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
-| `mirrors[m].`
`sticky.`
`cookie.name` | Name of the cookie used for the stickiness.
When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.
On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.
If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).
Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
-| `mirrors[m].`
`sticky.`
`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.
Evaluated only if the kind of the mirrored service is **Service**. | false | No |
-| `mirrors[m].`
`sticky.`
`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).
Evaluated only if the kind of the mirrored service is **Service**. | false | No |
-| `mirrors[m].`
`sticky.`
`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.
Allowed values:
-`none`
-`lax`
`strict`
Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
-| `mirrors[m].`
`sticky.`
`cookie.maxAge` | Number of seconds until the cookie expires.
Negative number, the cookie expires immediately.
0, the cookie never expires.
Evaluated only if the kind of the mirrored service is **Service**. | 0 | No |
-| `mirrors[m].`
`strategy` | Load balancing strategy between the servers.
RoundRobin is the only supported value yet.
Evaluated only if the kind of the mirrored service is **Service**. | "RoundRobin" | No |
-| `mirrors[m].`
`weight` | Service weight.
To use only to refer to WRR TraefikService | "" | No |
-| `mirrors[m].`
`nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.
Evaluated only if the kind of the mirrored service is **Service**. | false | No |
-| `mirrors[m].`
`nodePortLB` | Use the nodePort IP address when the service type is NodePort.
It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.
Evaluated only if the kind of the mirrored service is **Service**. | false | No |
| `mirrorBody` | Defines whether the request body should be mirrored. | true | No |
+| `maxBodySize` | Maximum size allowed for the body of the request.
If the body is larger, the request is not mirrored.
-1 means unlimited size. | -1 | No |
+| `mirrors` | List of mirrored services to target.
It can be any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/).
Exhaustive list of option in the [`Service`](./service.md#configuration-options) documentation. | | Yes |
+
+#### Mirrored Services Options
+
+The mirrored services properties are set in the `mirrors` list.
+
+A mirrored service provides the same options as a [`Service`](./service.md).
+
+The exhaustive list of the service options is described in the [`Service`](./service.md#configuration-options) documentation.
+The mirrorerd service dedicated option are described below.
+
+
+| Field | Description | Default | Required |
+|:--------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------|:---------|
+| `mirrors[m].percent` | Traffic percentage to route to the service. | 0 | No |
diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml
index 297c90f26..addb2f0ea 100644
--- a/docs/mkdocs.yml
+++ b/docs/mkdocs.yml
@@ -325,6 +325,7 @@ nav:
- 'Kubernetes CRD' :
- 'HTTP' :
- 'IngressRoute' : 'reference/routing-configuration/kubernetes/crd/http/ingressroute.md'
+ - 'Service' : 'reference/routing-configuration/kubernetes/crd/http/service.md'
- 'TraefikService' : 'reference/routing-configuration/kubernetes/crd/http/traefikservice.md'
- 'ServersTransport' : 'reference/routing-configuration/kubernetes/crd/http/serverstransport.md'
- 'Middleware' : 'reference/routing-configuration/kubernetes/crd/http/middleware.md'