mirrors/traefik
1
0
Fork 0
mirror of https://github.com/traefik/traefik.git synced 2025-12-15 22:41:57 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch v3.5 into master

Browse Source
This commit is contained in:
romain 2025-10-02 17:43:19 +02:00
commit a030638183
54 changed files with 635 additions and 318 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
CHANGELOG.md
View File

@ -1,3 +1,22 @@
## [v3.5.3](https://github.com/traefik/traefik/tree/v3.5.3) (2025-09-26)
[All Commits](https://github.com/traefik/traefik/compare/v3.5.2...v3.5.3)
**Bug fixes:**
- **[k8s/crd]** ServersTransport: set minimum MaxIdleConnsPerHost=-1 ([#12077](https://github.com/traefik/traefik/pull/12077) by [xe-leon](https://github.com/xe-leon))
- **[plugins]** Refactor plugins system ([#12035](https://github.com/traefik/traefik/pull/12035) by [jspdown](https://github.com/jspdown))
- **[server]** Use client conn to build the proxy protocol header ([#12069](https://github.com/traefik/traefik/pull/12069) by [rtribotte](https://github.com/rtribotte))
- **[webui]** Update hub-button-app to use a local script ([#12060](https://github.com/traefik/traefik/pull/12060) by [mdeliatf](https://github.com/mdeliatf))
**Documentation:**
- **[acme,middleware]** Fix broken links in documentation ([#12057](https://github.com/traefik/traefik/pull/12057) by [mloiseleur](https://github.com/mloiseleur))
- **[k8s]** Create Traefik Service CRD sub-resource documentation page ([#12080](https://github.com/traefik/traefik/pull/12080) by [nmengin](https://github.com/nmengin))
- **[k8s]** Fix conflict in IngressRouteTCP documentation ([#12064](https://github.com/traefik/traefik/pull/12064) by [MatBon01](https://github.com/MatBon01))
- Fix typo in rules and priority documentation ([#12089](https://github.com/traefik/traefik/pull/12089) by [Darkangeel-hd](https://github.com/Darkangeel-hd))
- Add govern section ([#12067](https://github.com/traefik/traefik/pull/12067) by [sheddy-traefik](https://github.com/sheddy-traefik))
- Fix entrypoint config examples ([#12056](https://github.com/traefik/traefik/pull/12056) by [markormesher](https://github.com/markormesher))
- Reorganize the menu entries ([#12044](https://github.com/traefik/traefik/pull/12044) by [nmengin](https://github.com/nmengin))
- Add New Secure Section to the Documentation ([#11978](https://github.com/traefik/traefik/pull/11978) by [sheddy-traefik](https://github.com/sheddy-traefik))
## [v3.5.2](https://github.com/traefik/traefik/tree/v3.5.2) (2025-09-09)
[All Commits](https://github.com/traefik/traefik/compare/v3.5.1...v3.5.2)

14
docs/content/getting-started/faq.md
View File

@ -147,13 +147,13 @@ for example, by using the `touch` command on the configuration file.
By default, the following headers are automatically added when proxying requests:
| Property | HTTP Header |
|---------------------------|----------------------------|
| Client's IP | X-Forwarded-For, X-Real-Ip |
| Host | X-Forwarded-Host |
| Port | X-Forwarded-Port |
| Protocol | X-Forwarded-Proto |
| Proxy Server's Hostname | X-Forwarded-Server |
| Property | HTTP Header |
|---------------------------|--------------------------------|
| Client's IP | `X-Forwarded-For`, `X-Real-Ip` |
| Host | `X-Forwarded-Host` |
| Port | `X-Forwarded-Port` |
| Protocol | `X-Forwarded-Proto` |
| Proxy Server's Hostname | `X-Forwarded-Server` |
For more details,
please check out the [forwarded header](../routing/entrypoints.md#forwarded-headers) documentation.

10
docs/content/middlewares/http/forwardauth.md
View File

@ -58,11 +58,11 @@ The following request properties are provided to the forward-auth target endpoin
| Property | Forward-Request Header |
|-------------------|------------------------|
| HTTP Method | X-Forwarded-Method |
| Protocol | X-Forwarded-Proto |
| Host | X-Forwarded-Host |
| Request URI | X-Forwarded-Uri |
| Source IP-Address | X-Forwarded-For |
| HTTP Method | `X-Forwarded-Method` |
| Protocol | `X-Forwarded-Proto` |
| Host | `X-Forwarded-Host` |
| Request URI | `X-Forwarded-Uri` |
| Source IP-Address | `X-Forwarded-For` |
## Configuration Options

4
docs/content/middlewares/http/inflightreq.md
View File

@ -113,7 +113,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and select
If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.
!!! example "Example of Depth & X-Forwarded-For"
!!! example "Example of Depth & `X-Forwarded-For`"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).
@ -167,7 +167,7 @@ http:
!!! important "If `depth` is specified, `excludedIPs` is ignored."
!!! example "Example of ExcludedIPs & X-Forwarded-For"
!!! example "Example of ExcludedIPs & `X-Forwarded-For`"
| `X-Forwarded-For` | `excludedIPs` | clientIP |
|-----------------------------------------|-----------------------|--------------|

46
docs/content/middlewares/http/ipallowlist.md
View File

@ -78,7 +78,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.
!!! example "Examples of Depth & X-Forwarded-For"
!!! example "Examples of Depth & `X-Forwarded-For`"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used is `"12.0.0.1"` (`depth=2`).
@ -144,7 +144,7 @@ http:
!!! important "If `depth` is specified, `excludedIPs` is ignored."
!!! example "Example of ExcludedIPs & X-Forwarded-For"
!!! example "Example of ExcludedIPs & `X-Forwarded-For`"
| `X-Forwarded-For` | `excludedIPs` | clientIP |
|-----------------------------------------|-----------------------|--------------|
@ -264,3 +264,45 @@ http:
[http.middlewares.test-ipallowlist.ipallowlist.sourceCriterion.ipStrategy]
ipv6Subnet = 64
```
### `rejectStatusCode`
The `rejectStatusCode` option sets HTTP status code for refused requests. If not set, the default is 403 (Forbidden).
```yaml tab="Docker & Swarm"
# Reject requests with a 404 rather than a 403
labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.rejectstatuscode=404"
```
```yaml tab="Kubernetes"
# Reject requests with a 404 rather than a 403
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: test-ipallowlist
spec:
ipAllowList:
rejectStatusCode: 404
```
```yaml tab="Consul Catalog"
# Reject requests with a 404 rather than a 403
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.rejectstatuscode=404"
```
```yaml tab="File (YAML)"
# Reject requests with a 404 rather than a 403
http:
middlewares:
test-ipallowlist:
ipAllowList:
rejectStatusCode: 404
```
```toml tab="File (TOML)"
# Reject requests with a 404 rather than a 403
[http.middlewares]
[http.middlewares.test-ipallowlist.ipAllowList]
rejectStatusCode = 404
```

4
docs/content/middlewares/http/ipwhitelist.md
View File

@ -82,7 +82,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.
!!! example "Examples of Depth & X-Forwarded-For"
!!! example "Examples of Depth & `X-Forwarded-For`"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used for the whitelisting is `"12.0.0.1"` (`depth=2`).
@ -148,7 +148,7 @@ http:
!!! important "If `depth` is specified, `excludedIPs` is ignored."
!!! example "Example of ExcludedIPs & X-Forwarded-For"
!!! example "Example of ExcludedIPs & `X-Forwarded-For`"
| `X-Forwarded-For` | `excludedIPs` | clientIP |
|-----------------------------------------|-----------------------|--------------|

8
docs/content/middlewares/http/ratelimit.md
View File

@ -225,7 +225,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and select
If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.
!!! example "Example of Depth & X-Forwarded-For"
!!! example "Example of Depth & `X-Forwarded-For`"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).
@ -288,7 +288,7 @@ http:
!!! example "Each IP as a distinct source"
| X-Forwarded-For | excludedIPs | clientIP |
| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` |
| `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` |
@ -298,7 +298,7 @@ http:
!!! example "Group IPs together as same source"
| X-Forwarded-For | excludedIPs | clientIP |
| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|--------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` |
@ -310,7 +310,7 @@ and the first IP that is _not_ in the pool (if any) is returned.
!!! example "Matching for clientIP"
| X-Forwarded-For | excludedIPs | clientIP |
| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,13.0.0.1"` | `"11.0.0.1"` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |

2
docs/content/middlewares/http/redirectscheme.md
View File

@ -19,7 +19,7 @@ The RedirectScheme middleware redirects the request if the request scheme is dif
When there is at least one other reverse-proxy between the client and Traefik,
the other reverse-proxy (i.e. the last hop) needs to be a [trusted](../../routing/entrypoints.md#forwarded-headers) one.
Otherwise, Traefik would clean up the X-Forwarded headers coming from this last hop,
Otherwise, Traefik would clean up the `X-Forwarded` headers coming from this last hop,
and as the RedirectScheme middleware relies on them to determine the scheme used,
it would not function as intended.

2
docs/content/migrate/v2.md
View File

@ -655,7 +655,7 @@ Please check out the [entrypoint forwarded headers connection option configurati
## v2.11.14
### X-Forwarded-Prefix
### `X-Forwarded-Prefix`
In `v2.11.14`, the `X-Forwarded-Prefix` header is now handled like the other `X-Forwarded-*` headers: Traefik removes it when it's sent from an untrusted source.
Please refer to the Forwarded headers [documentation](../routing/entrypoints.md#forwarded-headers) for more details.

2
docs/content/migrate/v3.md
View File

@ -189,7 +189,7 @@ the `backendtlspolicies` and `backendtlspolicies/status` rights have to be added
## v3.2.1
### X-Forwarded-Prefix Header Changes
### `X-Forwarded-Prefix` Header Changes
In v3.2.1, the `X-Forwarded-Prefix` header is now handled like other `X-Forwarded-*` headers - Traefik removes it when sent from untrusted sources.

114
docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
View File

@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
Default: all.
items:
type: string
@ -64,12 +64,12 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/
type: string
middlewares:
description: |-
Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-middleware
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/middleware/
items:
description: MiddlewareRef is a reference to a Middleware
resource.
@ -89,7 +89,7 @@ spec:
observability:
description: |-
Observability defines the observability configuration for a router.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#observability
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/observability/
properties:
accessLogs:
description: AccessLogs enables access logs for this router.
@ -112,7 +112,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/#priority
maximum: 9223372036854775000
type: integer
services:
@ -282,7 +282,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -352,7 +352,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/#rulesyntax
Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
type: string
required:
@ -362,18 +362,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/router/#tls
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/tls/certificate-resolvers/acme/
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@ -392,17 +392,17 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-options/
properties:
name:
description: |-
Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsoption/
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsoption/
type: string
required:
- name
@ -419,12 +419,12 @@ spec:
name:
description: |-
Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsstore/
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsstore/
type: string
required:
- name
@ -484,7 +484,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
Default: all.
items:
type: string
@ -497,7 +497,7 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/
type: string
middlewares:
description: Middlewares defines the list of references to MiddlewareTCP
@ -521,7 +521,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/#priority
maximum: 9223372036854775000
type: integer
services:
@ -563,7 +563,7 @@ spec:
proxyProtocol:
description: |-
ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#proxy-protocol
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/service/#proxy-protocol
Deprecated: ProxyProtocol will not be supported in future APIVersions, please use ServersTransport to configure ProxyProtocol instead.
properties:
version:
@ -605,7 +605,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/#rulesyntax
Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
enum:
- v3
@ -618,18 +618,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/router/#tls
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/tls/certificate-resolvers/acme/
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/tls/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@ -648,7 +648,7 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/tls/#tls-options
properties:
name:
description: Name defines the name of the referenced Traefik
@ -740,7 +740,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
Default: all.
items:
type: string
@ -828,7 +828,7 @@ spec:
openAPIV3Schema:
description: |-
Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/overview/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/overview/
properties:
apiVersion:
description: |-
@ -869,12 +869,12 @@ spec:
description: |-
BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/basicauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/basicauth/#headerfield
type: string
realm:
description: |-
@ -934,7 +934,7 @@ spec:
description: |-
Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/chain/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/chain/
properties:
middlewares:
description: Middlewares is the list of MiddlewareRef which composes
@ -997,7 +997,7 @@ spec:
description: |-
Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/compress/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/compress/
properties:
defaultEncoding:
description: DefaultEncoding specifies the default encoding if
@ -1047,12 +1047,12 @@ spec:
description: |-
DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/digestauth/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/digestauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/digestauth/#headerfield
type: string
realm:
description: |-
@ -1072,7 +1072,7 @@ spec:
description: |-
ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/errorpages/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/errorpages/
properties:
query:
description: |-
@ -1084,7 +1084,7 @@ spec:
service:
description: |-
Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/errorpages/#service
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/errorpages/#service
properties:
healthCheck:
description: Healthcheck defines health checks for ExternalName
@ -1245,7 +1245,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -1333,7 +1333,7 @@ spec:
description: |-
ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/
properties:
addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies
@ -1361,7 +1361,7 @@ spec:
authResponseHeadersRegex:
description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/#authresponseheadersregex
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/#authresponseheadersregex
type: string
forwardBody:
description: ForwardBody defines whether to send the request body
@ -1370,7 +1370,7 @@ spec:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/#headerfield
type: string
maxBodySize:
description: MaxBodySize defines the maximum body size in bytes
@ -1836,13 +1836,13 @@ spec:
x-kubernetes-preserve-unknown-fields: true
description: |-
Plugin defines the middleware plugin configuration.
More info: https://doc.traefik.io/traefik/plugins/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/overview/#community-middlewares
type: object
rateLimit:
description: |-
RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/ratelimit/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/ratelimit/
properties:
average:
description: |-
@ -2060,7 +2060,7 @@ spec:
Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/retry/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/retry/
properties:
attempts:
description: Attempts defines how many times the request should
@ -2140,7 +2140,7 @@ spec:
openAPIV3Schema:
description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/overview/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/overview/
properties:
apiVersion:
description: |-
@ -2177,7 +2177,7 @@ spec:
description: |-
IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/tcp/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/ipallowlist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@ -2191,7 +2191,7 @@ spec:
IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/tcp/ipwhitelist/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/ipwhitelist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@ -2230,7 +2230,7 @@ spec:
ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#serverstransport_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/serverstransport/
properties:
apiVersion:
description: |-
@ -2399,7 +2399,7 @@ spec:
ServersTransportTCP is the CRD implementation of a TCPServersTransport.
If no tcpServersTransport is specified, a default one named default@internal will be used.
The default@internal tcpServersTransport can be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#serverstransport_3
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/serverstransport/
properties:
apiVersion:
description: |-
@ -2553,7 +2553,7 @@ spec:
openAPIV3Schema:
description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#tls-options
properties:
apiVersion:
description: |-
@ -2578,14 +2578,14 @@ spec:
alpnProtocols:
description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#alpn-protocols
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#alpn-protocols
items:
type: string
type: array
cipherSuites:
description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#cipher-suites
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#cipher-suites
items:
type: string
type: array
@ -2613,7 +2613,7 @@ spec:
curvePreferences:
description: |-
CurvePreferences defines the preferred elliptic curves.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#curve-preferences
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#curve-preferences
items:
type: string
type: array
@ -2673,7 +2673,7 @@ spec:
TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#certificates-stores
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#certificates-stores
properties:
apiVersion:
description: |-
@ -2771,7 +2771,7 @@ spec:
TraefikService object allows to:
- Apply weight to Services on load-balancing
- Mirror traffic on services
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-traefikservice
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/traefikservice/
properties:
apiVersion:
description: |-
@ -2963,7 +2963,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -3291,7 +3291,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -3439,7 +3439,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -3672,7 +3672,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -3741,7 +3741,7 @@ spec:
sticky:
description: |-
Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/traefikservice/#stickiness-and-load-balancing
properties:
cookie:
description: Cookie defines the sticky cookie configuration.

30
docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml
View File

@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
Default: all.
items:
type: string
@ -64,12 +64,12 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/
type: string
middlewares:
description: |-
Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-middleware
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/middleware/
items:
description: MiddlewareRef is a reference to a Middleware
resource.
@ -89,7 +89,7 @@ spec:
observability:
description: |-
Observability defines the observability configuration for a router.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#observability
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/observability/
properties:
accessLogs:
description: AccessLogs enables access logs for this router.
@ -112,7 +112,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/#priority
maximum: 9223372036854775000
type: integer
services:
@ -282,7 +282,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -352,7 +352,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/#rulesyntax
Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
type: string
required:
@ -362,18 +362,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/router/#tls
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/tls/certificate-resolvers/acme/
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@ -392,17 +392,17 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-options/
properties:
name:
description: |-
Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsoption/
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsoption/
type: string
required:
- name
@ -419,12 +419,12 @@ spec:
name:
description: |-
Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsstore/
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsstore/
type: string
required:
- name

18
docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml
View File

@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
Default: all.
items:
type: string
@ -56,7 +56,7 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/
type: string
middlewares:
description: Middlewares defines the list of references to MiddlewareTCP
@ -80,7 +80,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/#priority
maximum: 9223372036854775000
type: integer
services:
@ -122,7 +122,7 @@ spec:
proxyProtocol:
description: |-
ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#proxy-protocol
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/service/#proxy-protocol
Deprecated: ProxyProtocol will not be supported in future APIVersions, please use ServersTransport to configure ProxyProtocol instead.
properties:
version:
@ -164,7 +164,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/#rulesyntax
Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
enum:
- v3
@ -177,18 +177,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/router/#tls
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/tls/certificate-resolvers/acme/
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/tls/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@ -207,7 +207,7 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/tls/#tls-options
properties:
name:
description: Name defines the name of the referenced Traefik

2
docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml
View File

@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
Default: all.
items:
type: string

32
docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
View File

@ -19,7 +19,7 @@ spec:
openAPIV3Schema:
description: |-
Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/overview/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/overview/
properties:
apiVersion:
description: |-
@ -60,12 +60,12 @@ spec:
description: |-
BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/basicauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/basicauth/#headerfield
type: string
realm:
description: |-
@ -125,7 +125,7 @@ spec:
description: |-
Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/chain/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/chain/
properties:
middlewares:
description: Middlewares is the list of MiddlewareRef which composes
@ -188,7 +188,7 @@ spec:
description: |-
Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/compress/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/compress/
properties:
defaultEncoding:
description: DefaultEncoding specifies the default encoding if
@ -238,12 +238,12 @@ spec:
description: |-
DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/digestauth/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/digestauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/digestauth/#headerfield
type: string
realm:
description: |-
@ -263,7 +263,7 @@ spec:
description: |-
ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/errorpages/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/errorpages/
properties:
query:
description: |-
@ -275,7 +275,7 @@ spec:
service:
description: |-
Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/errorpages/#service
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/errorpages/#service
properties:
healthCheck:
description: Healthcheck defines health checks for ExternalName
@ -436,7 +436,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -524,7 +524,7 @@ spec:
description: |-
ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/
properties:
addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies
@ -552,7 +552,7 @@ spec:
authResponseHeadersRegex:
description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/#authresponseheadersregex
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/#authresponseheadersregex
type: string
forwardBody:
description: ForwardBody defines whether to send the request body
@ -561,7 +561,7 @@ spec:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/#headerfield
type: string
maxBodySize:
description: MaxBodySize defines the maximum body size in bytes
@ -1027,13 +1027,13 @@ spec:
x-kubernetes-preserve-unknown-fields: true
description: |-
Plugin defines the middleware plugin configuration.
More info: https://doc.traefik.io/traefik/plugins/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/overview/#community-middlewares
type: object
rateLimit:
description: |-
RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/ratelimit/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/ratelimit/
properties:
average:
description: |-
@ -1251,7 +1251,7 @@ spec:
Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/retry/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/retry/
properties:
attempts:
description: Attempts defines how many times the request should

6
docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml
View File

@ -19,7 +19,7 @@ spec:
openAPIV3Schema:
description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/overview/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/overview/
properties:
apiVersion:
description: |-
@ -56,7 +56,7 @@ spec:
description: |-
IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/tcp/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/ipallowlist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@ -70,7 +70,7 @@ spec:
IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/tcp/ipwhitelist/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/ipwhitelist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of

2
docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml
View File

@ -21,7 +21,7 @@ spec:
ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#serverstransport_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/serverstransport/
properties:
apiVersion:
description: |-

2
docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml
View File

@ -21,7 +21,7 @@ spec:
ServersTransportTCP is the CRD implementation of a TCPServersTransport.
If no tcpServersTransport is specified, a default one named default@internal will be used.
The default@internal tcpServersTransport can be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#serverstransport_3
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/serverstransport/
properties:
apiVersion:
description: |-

8
docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml
View File

@ -19,7 +19,7 @@ spec:
openAPIV3Schema:
description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#tls-options
properties:
apiVersion:
description: |-
@ -44,14 +44,14 @@ spec:
alpnProtocols:
description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#alpn-protocols
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#alpn-protocols
items:
type: string
type: array
cipherSuites:
description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#cipher-suites
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#cipher-suites
items:
type: string
type: array
@ -79,7 +79,7 @@ spec:
curvePreferences:
description: |-
CurvePreferences defines the preferred elliptic curves.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#curve-preferences
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#curve-preferences
items:
type: string
type: array

2
docs/content/reference/dynamic-configuration/traefik.io_tlsstores.yaml
View File

@ -21,7 +21,7 @@ spec:
TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#certificates-stores
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#certificates-stores
properties:
apiVersion:
description: |-

12
docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml
View File

@ -22,7 +22,7 @@ spec:
TraefikService object allows to:
- Apply weight to Services on load-balancing
- Mirror traffic on services
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-traefikservice
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/traefikservice/
properties:
apiVersion:
description: |-
@ -214,7 +214,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -542,7 +542,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -690,7 +690,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -923,7 +923,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -992,7 +992,7 @@ spec:
sticky:
description: |-
Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/traefikservice/#stickiness-and-load-balancing
properties:
cookie:
description: Cookie defines the sticky cookie configuration.

2
docs/content/reference/install-configuration/observability/logs-and-accesslogs.md
View File

@ -201,7 +201,7 @@ The section below describes how to configure Traefik access logs using the stati
| <a id="accesslog-filters-retryAttempts" href="#accesslog-filters-retryAttempts" title="#accesslog-filters-retryAttempts">`accesslog.filters.retryAttempts`</a> | Keep the access logs when at least one retry has happened. | false | No |
| <a id="accesslog-filters-minDuration" href="#accesslog-filters-minDuration" title="#accesslog-filters-minDuration">`accesslog.filters.minDuration`</a> | Keep access logs when requests take longer than the specified duration (provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration)). | 0 | No |
| <a id="accesslog-fields-defaultMode" href="#accesslog-fields-defaultMode" title="#accesslog-fields-defaultMode">`accesslog.fields.defaultMode`</a> | Mode to apply by default to the access logs fields (`keep`, `redact` or `drop`). | keep | No |
| <a id="accesslog-fields-names" href="#accesslog-fields-names" title="#accesslog-fields-names">`accesslog.fields.names`</a> | Set the fields list to display in the access logs (format `name:mode`).<br /> Available fields list [here](#available-fields). | [ ] | No |
| <a id="accesslog-fields-names" href="#accesslog-fields-names" title="#accesslog-fields-names">`accesslog.fields.names`</a> | Set the fields list to display in the access logs (format `name:mode`).<br /> Available fields list [here](#json-format-fields). | [ ] | No |
| <a id="accesslog-fields-headers-defaultMode" href="#accesslog-fields-headers-defaultMode" title="#accesslog-fields-headers-defaultMode">`accesslog.fields.headers.defaultMode`</a> | Mode to apply by default to the access logs headers (`keep`, `redact` or `drop`). | drop | No |
| <a id="accesslog-fields-headers-names" href="#accesslog-fields-headers-names" title="#accesslog-fields-headers-names">`accesslog.fields.headers.names`</a> | Set the headers list to display in the access logs (format `name:mode`). | [ ] | No |

2
docs/content/reference/install-configuration/observability/metrics.md
View File

@ -215,7 +215,7 @@ metrics:
| Field | Description | Default | Required |
|:-----------|---------------------|:--------|:---------|
| <a id="metrics-prometheus-addInternals" href="#metrics-prometheus-addInternals" title="#metrics-prometheus-addInternals">`metrics.prometheus.addInternals`</a> | Enables metrics for internal resources (e.g.: `ping@internals`). | false | No |
| <a id="metrics-prometheus-addInternals" href="#metrics-prometheus-addInternals" title="#metrics-prometheus-addInternals">`metrics.addInternals`</a> | Enables metrics for internal resources (e.g.: `ping@internals`). | false | No |
| <a id="metrics-prometheus-addEntryPointsLabels" href="#metrics-prometheus-addEntryPointsLabels" title="#metrics-prometheus-addEntryPointsLabels">`metrics.prometheus.addEntryPointsLabels`</a> | Enable metrics on entry points. | true | No |
| <a id="metrics-prometheus-addRoutersLabels" href="#metrics-prometheus-addRoutersLabels" title="#metrics-prometheus-addRoutersLabels">`metrics.prometheus.addRoutersLabels`</a> | Enable metrics on routers. | false | No |
| <a id="metrics-prometheus-addServicesLabels" href="#metrics-prometheus-addServicesLabels" title="#metrics-prometheus-addServicesLabels">`metrics.prometheus.addServicesLabels`</a> | Enable metrics on services.| true | No |

54
docs/content/reference/install-configuration/providers/kubernetes/kubernetes-ingress.md
View File

@ -3,7 +3,7 @@ title: "Traefik Kubernetes Ingress Documentation"
description: "Understand the requirements, routing configuration, and how to set up Traefik Proxy as your Kubernetes Ingress Controller. Read the technical documentation."
---
# Traefik & Kubernetes
# Traefik & Kubernetes
The Traefik Kubernetes Ingress provider is a Kubernetes Ingress controller; i.e,
it manages access to cluster services by supporting the [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) specification.
@ -42,28 +42,29 @@ and derives the corresponding dynamic configuration from it,
which in turn creates the resulting routers, services, handlers, etc.
## Configuration Options
<!-- markdownlint-disable MD013 -->
| Field | Description | Default | Required |
|:-----------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| <a id="providers-providersThrottleDuration" href="#providers-providersThrottleDuration" title="#providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| <a id="providers-kubernetesIngress-endpoint" href="#providers-kubernetesIngress-endpoint" title="#providers-kubernetesIngress-endpoint">`providers.kubernetesIngress.endpoint`</a> | Server endpoint URL.<br />More information [here](#endpoint). | "" | No |
| <a id="providers-kubernetesIngress-token" href="#providers-kubernetesIngress-token" title="#providers-kubernetesIngress-token">`providers.kubernetesIngress.token`</a> | Bearer token used for the Kubernetes client configuration. | "" | No |
| <a id="providers-kubernetesIngress-certAuthFilePath" href="#providers-kubernetesIngress-certAuthFilePath" title="#providers-kubernetesIngress-certAuthFilePath">`providers.kubernetesIngress.certAuthFilePath`</a> | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No |
| <a id="providers-kubernetesCRD-namespaces" href="#providers-kubernetesCRD-namespaces" title="#providers-kubernetesCRD-namespaces">`providers.kubernetesCRD.namespaces`</a> | Array of namespaces to watch.<br />If left empty, watch all namespaces. | | No |
| <a id="providers-kubernetesIngress-labelselector" href="#providers-kubernetesIngress-labelselector" title="#providers-kubernetesIngress-labelselector">`providers.kubernetesIngress.labelselector`</a> | Allow filtering on Ingress objects using label selectors.<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | "" | No |
| <a id="providers-kubernetesIngress-ingressClass" href="#providers-kubernetesIngress-ingressClass" title="#providers-kubernetesIngress-ingressClass">`providers.kubernetesIngress.ingressClass`</a> | The `IngressClass` resource name or the `kubernetes.io/ingress.class` annotation value that identifies resource objects to be processed.<br />If empty, resources missing the annotation, having an empty value, or the value `traefik` are processed. | "" | No |
| <a id="providers-kubernetesIngress-disableIngressClassLookup" href="#providers-kubernetesIngress-disableIngressClassLookup" title="#providers-kubernetesIngress-disableIngressClassLookup">`providers.kubernetesIngress.disableIngressClassLookup`</a> | Prevent to discover IngressClasses in the cluster.<br />It alleviates the requirement of giving Traefik the rights to look IngressClasses up.<br />Ignore Ingresses with IngressClass.<br />Annotations are not affected by this option. | false | No |
| <a id="providers-kubernetesIngress-ingressEndpoint-hostname" href="#providers-kubernetesIngress-ingressEndpoint-hostname" title="#providers-kubernetesIngress-ingressEndpoint-hostname">`providers.kubernetesIngress.`<br />`ingressEndpoint.hostname`</a> | Hostname used for Kubernetes Ingress endpoints. | "" | No |
| <a id="providers-kubernetesIngress-ingressEndpoint-ip" href="#providers-kubernetesIngress-ingressEndpoint-ip" title="#providers-kubernetesIngress-ingressEndpoint-ip">`providers.kubernetesIngress.`<br />`ingressEndpoint.ip`</a> | This IP will get copied to the Ingress `status.loadbalancer.ip`, and currently only supports one IP value (IPv4 or IPv6). | "" | No |
| <a id="providers-kubernetesIngress-ingressEndpoint-publishedService" href="#providers-kubernetesIngress-ingressEndpoint-publishedService" title="#providers-kubernetesIngress-ingressEndpoint-publishedService">`providers.kubernetesIngress.`<br />`ingressEndpoint.publishedService`</a> | The Kubernetes service to copy status from.<br />More information [here](#ingressendpointpublishedservice). | "" | No |
| <a id="providers-kubernetesIngress-throttleDuration" href="#providers-kubernetesIngress-throttleDuration" title="#providers-kubernetesIngress-throttleDuration">`providers.kubernetesIngress.throttleDuration`</a> | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No |
| <a id="providers-kubernetesIngress-allowEmptyServices" href="#providers-kubernetesIngress-allowEmptyServices" title="#providers-kubernetesIngress-allowEmptyServices">`providers.kubernetesIngress.allowEmptyServices`</a> | Allows creating a route to reach a service that has no endpoint available.<br />It allows Traefik to handle the requests and responses targeting this service (applying middleware or observability operations) before returning a `503` HTTP Status. | false | No |
| <a id="providers-kubernetesIngress-allowCrossNamespace" href="#providers-kubernetesIngress-allowCrossNamespace" title="#providers-kubernetesIngress-allowCrossNamespace">`providers.kubernetesIngress.allowCrossNamespace`</a> | Allows the `Ingress` to reference resources in namespaces other than theirs. | false | No |
| <a id="providers-kubernetesIngress-allowExternalNameServices" href="#providers-kubernetesIngress-allowExternalNameServices" title="#providers-kubernetesIngress-allowExternalNameServices">`providers.kubernetesIngress.allowExternalNameServices`</a> | Allows the `Ingress` to reference ExternalName services. | false | No |
| <a id="providers-kubernetesIngress-nativeLBByDefault" href="#providers-kubernetesIngress-nativeLBByDefault" title="#providers-kubernetesIngress-nativeLBByDefault">`providers.kubernetesIngress.nativeLBByDefault`</a> | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik for every `Ingress` by default.<br />It can br overridden in the [`ServerTransport`](../../../../routing/services/index.md#serverstransport). | false | No |
| <a id="providers-kubernetesIngress-disableClusterScopeResources" href="#providers-kubernetesIngress-disableClusterScopeResources" title="#providers-kubernetesIngress-disableClusterScopeResources">`providers.kubernetesIngress.disableClusterScopeResources`</a> | Prevent from discovering cluster scope resources (`IngressClass` and `Nodes`).<br />By doing so, it alleviates the requirement of giving Traefik the rights to look up for cluster resources.<br />Furthermore, Traefik will not handle Ingresses with IngressClass references, therefore such Ingresses will be ignored (please note that annotations are not affected by this option).<br />This will also prevent from using the `NodePortLB` options on services. | false | No |
| <a id="providers-kubernetesIngress-strictPrefixMatching" href="#providers-kubernetesIngress-strictPrefixMatching" title="#providers-kubernetesIngress-strictPrefixMatching">`providers.kubernetesIngress.strictPrefixMatching`</a> | Make prefix matching strictly comply with the Kubernetes Ingress specification (path-element-wise matching instead of character-by-character string matching). For example, a PathPrefix of `/foo` will match `/foo`, `/foo/`, and `/foo/bar` but not `/foobar`. | false | No |
| Field | Description | Default | Required |
| :------------------------------------------------------------------ | :------------- | :------ | :------- |
| <a id="providers-providersThrottleDuration" href="#providers-providersThrottleDuration" title="#providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| <a id="providers-kubernetesIngress-endpoint" href="#providers-kubernetesIngress-endpoint" title="#providers-kubernetesIngress-endpoint">`providers.kubernetesIngress.endpoint`</a> | Server endpoint URL.<br />More information [here](#endpoint). | "" | No |
| <a id="providers-kubernetesIngress-token" href="#providers-kubernetesIngress-token" title="#providers-kubernetesIngress-token">`providers.kubernetesIngress.token`</a> | Bearer token used for the Kubernetes client configuration. | "" | No |
| <a id="providers-kubernetesIngress-certAuthFilePath" href="#providers-kubernetesIngress-certAuthFilePath" title="#providers-kubernetesIngress-certAuthFilePath">`providers.kubernetesIngress.certAuthFilePath`</a> | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No |
| <a id="providers-kubernetesIngress-namespaces" href="#providers-kubernetesIngress-namespaces" title="#providers-kubernetesIngress-namespaces">`providers.kubernetesIngress.namespaces`</a> | Array of namespaces to watch.<br />If left empty, watch all namespaces. | | No |
| <a id="providers-kubernetesIngress-labelselector" href="#providers-kubernetesIngress-labelselector" title="#providers-kubernetesIngress-labelselector">`providers.kubernetesIngress.labelselector`</a> | Allow filtering on Ingress objects using label selectors.<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | "" | No |
| <a id="providers-kubernetesIngress-ingressClass" href="#providers-kubernetesIngress-ingressClass" title="#providers-kubernetesIngress-ingressClass">`providers.kubernetesIngress.ingressClass`</a> | The `IngressClass` resource name or the `kubernetes.io/ingress.class` annotation value that identifies resource objects to be processed.<br />If empty, resources missing the annotation, having an empty value, or the value `traefik` are processed. | "" | No |
| <a id="providers-kubernetesIngress-disableIngressClassLookup" href="#providers-kubernetesIngress-disableIngressClassLookup" title="#providers-kubernetesIngress-disableIngressClassLookup">`providers.kubernetesIngress.disableIngressClassLookup`</a> | Prevent to discover IngressClasses in the cluster.<br />It alleviates the requirement of giving Traefik the rights to look IngressClasses up.<br />Ignore Ingresses with IngressClass.<br />Annotations are not affected by this option. | false | No |
| <a id="providers-kubernetesIngress-ingressEndpoint-hostname" href="#providers-kubernetesIngress-ingressEndpoint-hostname" title="#providers-kubernetesIngress-ingressEndpoint-hostname">`providers.kubernetesIngress.`<br />`ingressEndpoint.hostname`</a> | Hostname used for Kubernetes Ingress endpoints. | "" | No |
| <a id="providers-kubernetesIngress-ingressEndpoint-ip" href="#providers-kubernetesIngress-ingressEndpoint-ip" title="#providers-kubernetesIngress-ingressEndpoint-ip">`providers.kubernetesIngress.`<br />`ingressEndpoint.ip`</a> | This IP will get copied to the Ingress `status.loadbalancer.ip`, and currently only supports one IP value (IPv4 or IPv6). | "" | No |
| <a id="providers-kubernetesIngress-ingressEndpoint-publishedService" href="#providers-kubernetesIngress-ingressEndpoint-publishedService" title="#providers-kubernetesIngress-ingressEndpoint-publishedService">`providers.kubernetesIngress.`<br />`ingressEndpoint.publishedService`</a> | The Kubernetes service to copy status from.<br />More information [here](#ingressendpointpublishedservice). | "" | No |
| <a id="providers-kubernetesIngress-throttleDuration" href="#providers-kubernetesIngress-throttleDuration" title="#providers-kubernetesIngress-throttleDuration">`providers.kubernetesIngress.throttleDuration`</a> | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No |
| <a id="providers-kubernetesIngress-allowEmptyServices" href="#providers-kubernetesIngress-allowEmptyServices" title="#providers-kubernetesIngress-allowEmptyServices">`providers.kubernetesIngress.allowEmptyServices`</a> | Allows creating a route to reach a service that has no endpoint available.<br />It allows Traefik to handle the requests and responses targeting this service (applying middleware or observability operations) before returning a `503` HTTP Status. | false | No |
| <a id="providers-kubernetesIngress-allowCrossNamespace" href="#providers-kubernetesIngress-allowCrossNamespace" title="#providers-kubernetesIngress-allowCrossNamespace">`providers.kubernetesIngress.allowCrossNamespace`</a> | Allows the `Ingress` to reference resources in namespaces other than theirs. | false | No |
| <a id="providers-kubernetesIngress-allowExternalNameServices" href="#providers-kubernetesIngress-allowExternalNameServices" title="#providers-kubernetesIngress-allowExternalNameServices">`providers.kubernetesIngress.allowExternalNameServices`</a> | Allows the `Ingress` to reference ExternalName services. | false | No |
| <a id="providers-kubernetesIngress-nativeLBByDefault" href="#providers-kubernetesIngress-nativeLBByDefault" title="#providers-kubernetesIngress-nativeLBByDefault">`providers.kubernetesIngress.nativeLBByDefault`</a> | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik for every `Ingress` by default.<br />It can br overridden in the [`ServerTransport`](../../../../routing/services/index.md#serverstransport). | false | No |
| <a id="providers-kubernetesIngress-disableClusterScopeResources" href="#providers-kubernetesIngress-disableClusterScopeResources" title="#providers-kubernetesIngress-disableClusterScopeResources">`providers.kubernetesIngress.disableClusterScopeResources`</a> | Prevent from discovering cluster scope resources (`IngressClass` and `Nodes`).<br />By doing so, it alleviates the requirement of giving Traefik the rights to look up for cluster resources.<br />Furthermore, Traefik will not handle Ingresses with IngressClass references, therefore such Ingresses will be ignored (please note that annotations are not affected by this option).<br />This will also prevent from using the `NodePortLB` options on services. | false | No |
| <a id="providers-kubernetesIngress-strictPrefixMatching" href="#providers-kubernetesIngress-strictPrefixMatching" title="#providers-kubernetesIngress-strictPrefixMatching">`providers.kubernetesIngress.strictPrefixMatching`</a> | Make prefix matching strictly comply with the Kubernetes Ingress specification (path-element-wise matching instead of character-by-character string matching). For example, a PathPrefix of `/foo` will match `/foo`, `/foo/`, and `/foo/bar` but not `/foobar`. | false | No |
<!-- markdownlint-enable MD013 -->
@ -81,7 +82,7 @@ Both are mounted automatically when deployed inside Kubernetes.
The endpoint may be specified to override the environment variable values inside
a cluster.
When the environment variables are not found, Traefik tries to connect to the
When the environment variables are not found, Traefik tries to connect to the
Kubernetes API server with an external-cluster client.
In this case, the endpoint is required.
@ -105,7 +106,7 @@ providers:
--providers.kubernetesingress.endpoint=http://localhost:8080
```
### `ingressEndpoint.publishedService`
### `ingressEndpoint.publishedService`
Format: `namespace/servicename`.
@ -136,17 +137,16 @@ providers:
--providers.kubernetesingress.ingressendpoint.publishedservice=namespace/foo-service
```
## Routing Configuration
See the dedicated section in [routing](../../../../routing/providers/kubernetes-ingress.md).
## Further
To learn more about the various aspects of the Ingress specification that
To learn more about the various aspects of the Ingress specification that
Traefik supports,
many examples of Ingresses definitions are located in the test
[examples](https://github.com/traefik/traefik/tree/v3.1/pkg/provider/kubernetes/ingress/fixtures)
many examples of Ingresses definitions are located in the test
[examples](https://github.com/traefik/traefik/tree/v3.1/pkg/provider/kubernetes/ingress/fixtures)
of the Traefik repository.
{!traefik-for-business-applications.md!}

6
docs/content/reference/routing-configuration/http/middlewares/distributed-ratelimit.md
View File

@ -89,7 +89,7 @@ When the bucket is not full, on token is generated every 10 seconds (6 every 1 m
| <a id="period" href="#period" title="#period">`period`</a> | Period of time used to define the rate.<br />More information [here](#rate-and-burst).| 1s | No |
| <a id="burst" href="#burst" title="#burst">`burst`</a> | Maximum number of requests allowed to go through at the very same moment.<br />More information [here](#rate-and-burst). | 1 | No |
| <a id="denyOnError" href="#denyOnError" title="#denyOnError">`denyOnError`</a> | Forces to return a 429 error if the number of remaining requests accepted cannot be get.<br /> Set to `false`, this option allows the request to reach the backend. | true | No |
| <a id="responseHeaders" href="#responseHeaders" title="#responseHeaders">`responseHeaders`</a> | Injects the following rate limiting headers in the response:<br />- X-Rate-Limit-Remaining<br />- X-Rate-Limit-Limit<br />- X-Rate-Limit-Period<br />- X-Rate-Limit-Reset<br />The added headers indicate how many tokens are left in the bucket (in the token bucket analogy) after the reservation for the request was made. | false | No |
| <a id="responseHeaders" href="#responseHeaders" title="#responseHeaders">`responseHeaders`</a> | Injects the following rate limiting headers in the response:<br />- `X-Rate-Limit-Remaining`<br />- `X-Rate-Limit-Limit`<br />- `X-Rate-Limit-Period`<br />- `X-Rate-Limit-Reset`<br />The added headers indicate how many tokens are left in the bucket (in the token bucket analogy) after the reservation for the request was made. | false | No |
| <a id="store-redis-endpoints" href="#store-redis-endpoints" title="#store-redis-endpoints">`store.redis.endpoints`</a> | Endpoints of the Redis instances to connect to (example: `redis.traefik-hub.svc.cluster.local:6379`) | "" | Yes |
| <a id="store-redis-username" href="#store-redis-username" title="#store-redis-username">`store.redis.username`</a> | The username Traefik Hub will use to connect to Redis | "" | No |
| <a id="store-redis-password" href="#store-redis-password" title="#store-redis-password">`store.redis.password`</a> | The password Traefik Hub will use to connect to Redis | "" | No |
@ -142,7 +142,7 @@ In this case, `excludedIPs` should be set to match the list of `X-Forwarded-For
Example to use each IP as a distinct source:
| X-Forwarded-For | excludedIPs | clientIP |
| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|-----------------------|--------------|
| <a id="10-0-0-111-0-0-112-0-0-1" href="#10-0-0-111-0-0-112-0-0-1" title="#10-0-0-111-0-0-112-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1"`</a> | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` |
| <a id="10-0-0-211-0-0-112-0-0-1" href="#10-0-0-211-0-0-112-0-0-1" title="#10-0-0-211-0-0-112-0-0-1">`"10.0.0.2,11.0.0.1,12.0.0.1"`</a> | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` |
@ -151,7 +151,7 @@ Example to use each IP as a distinct source:
Example to group IPs together as same source:
| X-Forwarded-For | excludedIPs | clientIP |
| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|--------------|--------------|
| <a id="10-0-0-111-0-0-112-0-0-1-2" href="#10-0-0-111-0-0-112-0-0-1-2" title="#10-0-0-111-0-0-112-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |
| <a id="10-0-0-211-0-0-112-0-0-1-2" href="#10-0-0-211-0-0-112-0-0-1-2" title="#10-0-0-211-0-0-112-0-0-1-2">`"10.0.0.2,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |

10
docs/content/reference/routing-configuration/http/middlewares/forwardauth.md
View File

@ -87,10 +87,10 @@ The following request properties are provided to the forward-auth target endpoin
| Property | Forward-Request Header |
|-------------------|------------------------|
| <a id="HTTP-Method" href="#HTTP-Method" title="#HTTP-Method">HTTP Method</a> | X-Forwarded-Method |
| <a id="Protocol" href="#Protocol" title="#Protocol">Protocol</a> | X-Forwarded-Proto |
| <a id="Host" href="#Host" title="#Host">Host</a> | X-Forwarded-Host |
| <a id="Request-URI" href="#Request-URI" title="#Request-URI">Request URI</a> | X-Forwarded-Uri |
| <a id="Source-IP-Address" href="#Source-IP-Address" title="#Source-IP-Address">Source IP-Address</a> | X-Forwarded-For |
| <a id="HTTP-Method" href="#HTTP-Method" title="#HTTP-Method">HTTP Method</a> | `X-Forwarded-Method` |
| <a id="Protocol" href="#Protocol" title="#Protocol">Protocol</a> | `X-Forwarded-Proto` |
| <a id="Host" href="#Host" title="#Host">Host</a> | `X-Forwarded-Host` |
| <a id="Request-URI" href="#Request-URI" title="#Request-URI">Request URI</a> | `X-Forwarded-Uri` |
| <a id="Source-IP-Address" href="#Source-IP-Address" title="#Source-IP-Address">Source IP-Address</a> | `X-Forwarded-For` |
{!traefik-for-business-applications.md!}

10
docs/content/reference/routing-configuration/http/middlewares/headers.md
View File

@ -9,11 +9,11 @@ By default, the following headers are automatically added when proxying requests
| Property | HTTP Header |
|---------------------------|----------------------------|
| <a id="Clients-IP" href="#Clients-IP" title="#Clients-IP">Client's IP</a> | X-Forwarded-For, X-Real-Ip |
| <a id="Host" href="#Host" title="#Host">Host</a> | X-Forwarded-Host |
| <a id="Port" href="#Port" title="#Port">Port</a> | X-Forwarded-Port |
| <a id="Protocol" href="#Protocol" title="#Protocol">Protocol</a> | X-Forwarded-Proto |
| <a id="Proxy-Servers-Hostname" href="#Proxy-Servers-Hostname" title="#Proxy-Servers-Hostname">Proxy Server's Hostname</a> | X-Forwarded-Server |
| <a id="Clients-IP" href="#Clients-IP" title="#Clients-IP">Client's IP</a> | `X-Forwarded-For`, `X-Real-Ip` |
| <a id="Host" href="#Host" title="#Host">Host</a> | `X-Forwarded-Host` |
| <a id="Port" href="#Port" title="#Port">Port</a> | `X-Forwarded-Port` |
| <a id="Protocol" href="#Protocol" title="#Protocol">Protocol</a> | `X-Forwarded-Proto` |
| <a id="Proxy-Servers-Hostname" href="#Proxy-Servers-Hostname" title="#Proxy-Servers-Hostname">Proxy Server's Hostname</a> | `X-Forwarded-Server` |
## Configuration Examples

8
docs/content/reference/routing-configuration/http/middlewares/inflightreq.md
View File

@ -94,19 +94,19 @@ If `ipv6Subnet` is provided, the IP is transformed in the following way.
| <a id="abcd111122223333-2" href="#abcd111122223333-2" title="#abcd111122223333-2">`"::abcd:1111:2222:3333"`</a> | `80` | `"::abcd:0:0:0:0"` |
| <a id="abcd111122223333-3" href="#abcd111122223333-3" title="#abcd111122223333-3">`"::abcd:1111:2222:3333"`</a> | `96` | `"::abcd:1111:0:0:0"` |
### Example of Depth & X-Forwarded-For
### Example of Depth & `X-Forwarded-For`
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).
| X-Forwarded-For | depth | clientIP |
|-----------------------------------------|---------|--------------|
| `X-Forwarded-For` | depth | clientIP |
|-----------------------------------------|-------|--------------|
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1" href="#10-0-0-111-0-0-112-0-0-113-0-0-1" title="#10-0-0-111-0-0-112-0-0-113-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `1` | `"13.0.0.1"` |
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-2" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-2" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `3` | `"11.0.0.1"` |
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-3" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-3" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-3">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `5` | `""` |
### Example of ExcludedIPs & X-Forwarded-For
| X-Forwarded-For | excludedIPs | clientIP |
| `X-Forwarded-For` | excludedIPs | clientIP |
|-----------------------------------------|-----------------------|--------------|
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-4" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-4" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-4">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-5" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-5" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-5">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |

8
docs/content/reference/routing-configuration/http/middlewares/ipallowlist.md
View File

@ -99,19 +99,19 @@ If `ipv6Subnet` is provided, the IP is transformed in the following way.
| <a id="abcd111122223333-2" href="#abcd111122223333-2" title="#abcd111122223333-2">`"::abcd:1111:2222:3333"`</a> | `80` | `"::abcd:0:0:0:0"` |
| <a id="abcd111122223333-3" href="#abcd111122223333-3" title="#abcd111122223333-3">`"::abcd:1111:2222:3333"`</a> | `96` | `"::abcd:1111:0:0:0"` |
### Example of Depth & X-Forwarded-For
### Example of Depth & `X-Forwarded-For`
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).
| X-Forwarded-For | depth | clientIP |
| `X-Forwarded-For` | depth | clientIP |
|-----------------------------------------|---------|--------------|
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1" href="#10-0-0-111-0-0-112-0-0-113-0-0-1" title="#10-0-0-111-0-0-112-0-0-113-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `1` | `"13.0.0.1"` |
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-2" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-2" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `3` | `"11.0.0.1"` |
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-3" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-3" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-3">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `5` | `""` |
### Example of ExcludedIPs & X-Forwarded-For
### Example of ExcludedIPs & `X-Forwarded-For`
| X-Forwarded-For | excludedIPs | clientIP |
| `X-Forwarded-For` | excludedIPs | clientIP |
|-----------------------------------------|-----------------------|--------------|
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-4" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-4" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-4">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-5" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-5" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-5">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |

4
docs/content/reference/routing-configuration/http/middlewares/ratelimit.md
View File

@ -266,7 +266,7 @@ In this case, `excludedIPs` should be set to match the list of `X-Forwarded-For
Example to use each IP as a distinct source:
| X-Forwarded-For | excludedIPs | clientIP |
| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|-----------------------|--------------|
| <a id="10-0-0-111-0-0-112-0-0-1" href="#10-0-0-111-0-0-112-0-0-1" title="#10-0-0-111-0-0-112-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1"`</a> | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` |
| <a id="10-0-0-211-0-0-112-0-0-1" href="#10-0-0-211-0-0-112-0-0-1" title="#10-0-0-211-0-0-112-0-0-1">`"10.0.0.2,11.0.0.1,12.0.0.1"`</a> | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` |
@ -275,7 +275,7 @@ Example to use each IP as a distinct source:
Example to group IPs together as same source:
| X-Forwarded-For | excludedIPs | clientIP |
| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|--------------|--------------|
| <a id="10-0-0-111-0-0-112-0-0-1-2" href="#10-0-0-111-0-0-112-0-0-1-2" title="#10-0-0-111-0-0-112-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |
| <a id="10-0-0-211-0-0-112-0-0-1-2" href="#10-0-0-211-0-0-112-0-0-1-2" title="#10-0-0-211-0-0-112-0-0-1-2">`"10.0.0.2,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |

2
docs/content/reference/routing-configuration/http/middlewares/redirectscheme.md
View File

@ -10,7 +10,7 @@ The `RedirectScheme` middleware redirects the request if the request scheme is d
When there is at least one other reverse-proxy between the client and Traefik,
the other reverse-proxy (i.e. the last hop) needs to be a [trusted](../../../install-configuration/entrypoints.md#configuration-options) one.
Otherwise, Traefik would clean up the X-Forwarded headers coming from this last hop,
Otherwise, Traefik would clean up the `X-Forwarded` headers coming from this last hop,
and as the RedirectScheme middleware relies on them to determine the scheme used,
it would not function as intended.

0
docs/content/reference/routing-configuration/http/router/observability.md → docs/content/reference/routing-configuration/http/routing/observability.md
View File

96
docs/content/reference/routing-configuration/http/routing/router.md Normal file
View File

@ -0,0 +1,96 @@
---
title: "Traefik HTTP Routers Documentation"
description: "HTTP routers are responsible for connecting incoming requests to the services that can handle them. Read the technical documentation."
---
## HTTP Router
An HTTP router is in charge of connecting incoming requests to the services that can handle them. Routers analyze incoming requests based on rules, and when a match is found, forward the request through any configured middlewares to the appropriate service.
## Configuration Example
```yaml tab="Structured (YAML)"
http:
routers:
my-router:
entryPoints:
- "web"
- "websecure"
rule: "Host(`example.com`) && Path(`/api`)"
priority: 10
middlewares:
- "auth"
- "ratelimit"
tls:
certResolver: "letsencrypt"
observability:
metrics: true
accessLogs: true
tracing: true
service: my-service
```
```toml tab="Structured (TOML)"
[http.routers]
[http.routers.my-router]
entryPoints = ["web", "websecure"]
rule = "Host(`example.com`) && Path(`/api`)"
priority = 10
middlewares = ["auth", "ratelimit"]
service = "my-service"
[http.routers.my-router.tls]
certResolver = "letsencrypt"
[http.routers.my-router.observability]
metrics = true
accessLogs = true
tracing = true
```
```yaml tab="Labels"
labels:
- "traefik.http.routers.my-router.entrypoints=web,websecure"
- "traefik.http.routers.my-router.rule=Host(`example.com`) && Path(`/api`)"
- "traefik.http.routers.my-router.priority=10"
- "traefik.http.routers.my-router.middlewares=auth,ratelimit"
- "traefik.http.routers.my-router.service=my-service"
- "traefik.http.routers.my-router.tls.certresolver=letsencrypt"
- "traefik.http.routers.my-router.observability.metrics=true"
- "traefik.http.routers.my-router.observability.accessLogs=true"
- "traefik.http.routers.my-router.observability.tracing=true"
```
```json tab="Tags"
{
"Tags": [
"traefik.http.routers.my-router.entrypoints=web,websecure",
"traefik.http.routers.my-router.rule=Host(`example.com`) && Path(`/api`)",
"traefik.http.routers.my-router.priority=10",
"traefik.http.routers.my-router.middlewares=auth,ratelimit",
"traefik.http.routers.my-router.service=my-service",
"traefik.http.routers.my-router.tls.certresolver=letsencrypt",
"traefik.http.routers.my-router.observability.metrics=true",
"traefik.http.routers.my-router.observability.accessLogs=true",
"traefik.http.routers.my-router.observability.tracing=true"
]
}
```
## Configuration Options
| Field | Description | Default | Required |
|------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|----------|
| <a id="entryPoints" href="#entryPoints" title="#entryPoints">`entryPoints`</a> | The list of entry points to which the router is attached. If not specified, HTTP routers are attached to all entry points. | All entry points | No |
| <a id="rule" href="#rule" title="#rule">`rule`</a> | Rules are a set of matchers configured with values, that determine if a particular request matches specific criteria. If the rule is verified, the router becomes active, calls middlewares, and then forwards the request to the service. See [Rules & Priority](./rules-and-priority.md) for details. | | Yes |
| <a id="priority" href="#priority" title="#priority">`priority`</a> | To avoid path overlap, routes are sorted, by default, in descending order using rules length. The priority is directly equal to the length of the rule, and so the longest length has the highest priority. A value of `0` for the priority is ignored. See [Rules & Priority](./rules-and-priority.md) for details. | Rule length | No |
| <a id="middlewares" href="#middlewares" title="#middlewares">`middlewares`</a> | The list of middlewares that are applied to the router. Middlewares are applied in the order they are declared. See [Middlewares overview](../middlewares/overview.md) for available middlewares. | | No |
| <a id="tls" href="#tls" title="#tls">`tls`</a> | TLS configuration for the router. When specified, the router will only handle HTTPS requests. See [TLS overview](../tls/overview.md) for detailed TLS configuration. | | No |
| <a id="observability" href="#observability" title="#observability">`observability`</a> | Observability configuration for the router. Allows fine-grained control over access logs, metrics, and tracing per router. See [Observability](./observability.md) for details. | Inherited from entry points | No |
| <a id="service" href="#service" title="#service">`service`</a> | The name of the service that will handle the matched requests. Services can be load balancer services, weighted round robin, mirroring, or failover services. See [Service](../load-balancing/service.md) for details.| | Yes |
## Router Naming
- The character `@` is not authorized in the router name
- In provider-specific configurations (Docker, Kubernetes), router names are often auto-generated based on service names and rules

0
docs/content/reference/routing-configuration/http/router/rules-and-priority.md → docs/content/reference/routing-configuration/http/routing/rules-and-priority.md
View File

2
docs/content/reference/routing-configuration/kubernetes/crd/http/ingressroute.md
View File

@ -36,7 +36,7 @@ spec:
accessLogs: true
metrics: true
tracing: true
# Set a pirority
# Set a priority
priority: 10
services:
# Target a Kubernetes Support

2
docs/content/reference/routing-configuration/other-providers/swarm.md
View File

@ -738,7 +738,7 @@ otherwise it will randomly pick one (depending on how docker is returning them).
#### `traefik.swarm.lbswarm`
```yaml
- "traefik.docker.lbswarm=true"
- "traefik.swarm.lbswarm=true"
```
Enables Swarm's inbuilt load balancer (only relevant in Swarm Mode).

86
docs/content/reference/routing-configuration/tcp/routing/router.md Normal file
View File

@ -0,0 +1,86 @@
---
title: "Traefik TCP Routers Documentation"
description: "TCP routers are responsible for connecting incoming TCP connections to the services that can handle them. Read the technical documentation."
---
## TCP Router
A TCP router is in charge of connecting incoming TCP connections to the services that can handle them. TCP routers analyze incoming connections based on rules, and when a match is found, forward the connection through any configured middlewares to the appropriate service.
!!! note "TCP vs HTTP Routing"
If both HTTP routers and TCP routers listen to the same EntryPoint, the TCP routers will apply before the HTTP routers. If no matching route is found for the TCP routers, then the HTTP routers will take over.
## Configuration Example
```yaml tab="Structured (YAML)"
tcp:
routers:
my-tcp-router:
entryPoints:
- "tcp-ep"
- "websecure"
rule: "HostSNI(`example.com`)"
priority: 10
middlewares:
- "tcp-ipallowlist"
tls:
passthrough: false
certResolver: "letsencrypt"
service: my-tcp-service
```
```toml tab="Structured (TOML)"
[tcp.routers]
[tcp.routers.my-tcp-router]
entryPoints = ["tcp-ep", "websecure"]
rule = "HostSNI(`example.com`)"
priority = 10
middlewares = ["tcp-ipallowlist"]
service = "my-tcp-service"
[tcp.routers.my-tcp-router.tls]
passthrough = false
certResolver = "letsencrypt"
```
```yaml tab="Labels"
labels:
- "traefik.tcp.routers.my-tcp-router.entrypoints=tcp-ep,websecure"
- "traefik.tcp.routers.my-tcp-router.rule=HostSNI(`example.com`)"
- "traefik.tcp.routers.my-tcp-router.priority=10"
- "traefik.tcp.routers.my-tcp-router.middlewares=tcp-ipallowlist"
- "traefik.tcp.routers.my-tcp-router.tls.certresolver=letsencrypt"
- "traefik.tcp.routers.my-tcp-router.tls.passthrough=false"
- "traefik.tcp.routers.my-tcp-router.service=my-tcp-service"
```
```json tab="Tags"
{
"Tags": [
"traefik.tcp.routers.my-tcp-router.entrypoints=tcp-ep,websecure",
"traefik.tcp.routers.my-tcp-router.rule=HostSNI(`example.com`)",
"traefik.tcp.routers.my-tcp-router.priority=10",
"traefik.tcp.routers.my-tcp-router.middlewares=tcp-ipallowlist",
"traefik.tcp.routers.my-tcp-router.tls.certresolver=letsencrypt",
"traefik.tcp.routers.my-tcp-router.tls.passthrough=false",
"traefik.tcp.routers.my-tcp-router.service=my-tcp-service"
]
}
```
## Configuration Options
| Field | Description | Default | Required |
|------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|----------|
| <a id="entryPoints" href="#entryPoints" title="#entryPoints">`entryPoints`</a> | The list of entry points to which the router is attached. If not specified, TCP routers are attached to all TCP entry points. | All TCP entry points | No |
| <a id="rule" href="#rule" title="#rule">`rule`</a> | Rules are a set of matchers configured with values, that determine if a particular connection matches specific criteria. If the rule is verified, the router becomes active, calls middlewares, and then forwards the connection to the service. See [Rules & Priority](./rules-and-priority.md) for details. | | Yes |
| <a id="priority" href="#priority" title="#priority">`priority`</a> | To avoid rule overlap, routes are sorted, by default, in descending order using rules length. The priority is directly equal to the length of the rule, and so the longest length has the highest priority. A value of `0` for the priority is ignored. See [Rules & Priority](./rules-and-priority.md) for details. | Rule length | No |
| <a id="middlewares" href="#middlewares" title="#middlewares">`middlewares`</a> | The list of middlewares that are applied to the router. Middlewares are applied in the order they are declared. See [TCP Middlewares overview](../middlewares/overview.md) for available TCP middlewares. | | No |
| <a id="tls" href="#tls" title="#tls">`tls`</a> | TLS configuration for the router. When specified, the router will only handle TLS connections. See [TLS configuration](../tls.md) for detailed TLS options. | | No |
| <a id="service" href="#service" title="#service">`service`</a> | The name of the service that will handle the matched connections. Services can be load balancer services or weighted round robin services. See [TCP Service](../service.md) for details. | | Yes |
## Router Naming
- The character `@` is not authorized in the router name
- Router names should be descriptive and follow your naming conventions
- In provider-specific configurations (Docker, Kubernetes), router names are often auto-generated based on service names and rules

0
docs/content/reference/routing-configuration/tcp/router/rules-and-priority.md → docs/content/reference/routing-configuration/tcp/routing/rules-and-priority.md
View File

69
docs/content/reference/routing-configuration/udp/routing/router.md Normal file
View File

@ -0,0 +1,69 @@
---
title: "Traefik UDP Routers Documentation"
description: "UDP routers are responsible for connecting incoming UDP packets to the services that can handle them. Read the technical documentation."
---
## UDP Router
A UDP router is in charge of connecting incoming UDP packets to the services that can handle them. Unlike HTTP and TCP routers, UDP routers operate at the transport layer and have unique characteristics due to the connectionless nature of UDP.
!!! important "UDP Router Characteristics"
- UDP is connectionless, so there is no concept of a request URL path or Host SNI to match against
- UDP routers are essentially load-balancers that distribute packets to backend services
- UDP routers can only target UDP services (not HTTP or TCP services)
- Sessions are tracked with configurable timeouts to maintain state between client and backend
## Configuration Example
```yaml tab="Structured (YAML)"
udp:
routers:
my-udp-router:
entryPoints:
- "udp-ep"
- "dns"
service: my-udp-service
```
```toml tab="Structured (TOML)"
[udp.routers]
[udp.routers.my-udp-router]
entryPoints = ["udp-ep", "dns"]
service = "my-udp-service"
```
```yaml tab="Labels"
labels:
- "traefik.udp.routers.my-udp-router.entrypoints=udp-ep,dns"
- "traefik.udp.routers.my-udp-router.service=my-udp-service"
```
```json tab="Tags"
{
"Tags": [
"traefik.udp.routers.my-udp-router.entrypoints=udp-ep,dns",
"traefik.udp.routers.my-udp-router.service=my-udp-service"
]
}
```
## Configuration Options
| Field | Description | Default | Required |
|------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|----------|
| <a id="entryPoints" href="#entryPoints" title="#entryPoints">`entryPoints`</a> | The list of entry points to which the router is attached. If not specified, UDP routers are attached to all UDP entry points. | All UDP entry points | No |
| <a id="service" href="#service" title="#service">`service`</a> | The name of the service that will handle the matched UDP packets. UDP services are typically load balancer services that distribute packets to multiple backend servers. See [UDP Service](../service.md) for details. | | Yes |
## Sessions and Timeout
Even though UDP is connectionless, Traefik's UDP router implementation relies on sessions to maintain state about ongoing communication between clients and backends. This allows the proxy to know where to forward response packets from backends.
Each session has an associated timeout that cleans up inactive sessions after a specified duration of inactivity.
Session timeout can be configured using the `entryPoints.name.udp.timeout` option in the static configuration. See [EntryPoints documentation](../../install-configuration/entrypoints.md) for details.
## Router Naming
- The character `@` is not authorized in the router name
- Router names should be descriptive and follow your naming conventions
- In provider-specific configurations (Docker, Kubernetes), router names are often auto-generated based on service names

0
docs/content/reference/routing-configuration/udp/router/rules-priority.md → docs/content/reference/routing-configuration/udp/routing/rules-priority.md
View File

17
docs/mkdocs.yml
View File

@ -262,9 +262,10 @@ nav:
- 'Common Configuration' :
- 'Configuration Methods' : 'reference/routing-configuration/dynamic-configuration-methods.md'
- 'HTTP' :
- 'Router' :
- 'Rules & Priority' : 'reference/routing-configuration/http/router/rules-and-priority.md'
- 'Observability': 'reference/routing-configuration/http/router/observability.md'
- 'Routing' :
- 'Router' : 'reference/routing-configuration/http/routing/router.md'
- 'Rules & Priority' : 'reference/routing-configuration/http/routing/rules-and-priority.md'
- 'Observability': 'reference/routing-configuration/http/routing/observability.md'
- 'Load Balancing' :
- 'Service' : 'reference/routing-configuration/http/load-balancing/service.md'
- 'ServersTransport' : 'reference/routing-configuration/http/load-balancing/serverstransport.md'
@ -308,8 +309,9 @@ nav:
- 'StripPrefixRegex': 'reference/routing-configuration/http/middlewares/stripprefixregex.md'
- '<span class="nav-link-with-icon">WAF <img src="https://doc.traefik.io/traefik-hub/img/ps-traefik-hub-logo-light.svg" class="menu-icon" alt="Traefik Hub API Gateway"></span>' : 'reference/routing-configuration/http/middlewares/waf.md'
- 'TCP' :
- 'Router' :
- 'Rules & Priority' : 'reference/routing-configuration/tcp/router/rules-and-priority.md'
- 'Routing' :
- 'Router' : 'reference/routing-configuration/tcp/routing/router.md'
- 'Rules & Priority' : 'reference/routing-configuration/tcp/routing/rules-and-priority.md'
- 'Service' : 'reference/routing-configuration/tcp/service.md'
- 'ServersTransport' : 'reference/routing-configuration/tcp/serverstransport.md'
- 'TLS' : 'reference/routing-configuration/tcp/tls.md'
@ -318,8 +320,9 @@ nav:
- 'InFlightConn' : 'reference/routing-configuration/tcp/middlewares/inflightconn.md'
- 'IPAllowList' : 'reference/routing-configuration/tcp/middlewares/ipallowlist.md'
- 'UDP' :
- 'Router' :
- 'Rules & Priority' : 'reference/routing-configuration/udp/router/rules-priority.md'
- 'Routing' :
- 'Router' : 'reference/routing-configuration/udp/routing/router.md'
- 'Rules & Priority' : 'reference/routing-configuration/udp/routing/rules-priority.md'
- 'Service' : 'reference/routing-configuration/udp/service.md'
- 'Kubernetes':
- 'Gateway API' : 'reference/routing-configuration/kubernetes/gateway-api.md'

114
integration/fixtures/k8s/01-traefik-crd.yml
View File

@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
Default: all.
items:
type: string
@ -64,12 +64,12 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/
type: string
middlewares:
description: |-
Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-middleware
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/middleware/
items:
description: MiddlewareRef is a reference to a Middleware
resource.
@ -89,7 +89,7 @@ spec:
observability:
description: |-
Observability defines the observability configuration for a router.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#observability
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/observability/
properties:
accessLogs:
description: AccessLogs enables access logs for this router.
@ -112,7 +112,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/#priority
maximum: 9223372036854775000
type: integer
services:
@ -282,7 +282,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -352,7 +352,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/#rulesyntax
Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
type: string
required:
@ -362,18 +362,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/router/#tls
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/tls/certificate-resolvers/acme/
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@ -392,17 +392,17 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-options/
properties:
name:
description: |-
Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsoption/
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsoption/
type: string
required:
- name
@ -419,12 +419,12 @@ spec:
name:
description: |-
Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsstore/
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsstore/
type: string
required:
- name
@ -484,7 +484,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
Default: all.
items:
type: string
@ -497,7 +497,7 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/
type: string
middlewares:
description: Middlewares defines the list of references to MiddlewareTCP
@ -521,7 +521,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/#priority
maximum: 9223372036854775000
type: integer
services:
@ -563,7 +563,7 @@ spec:
proxyProtocol:
description: |-
ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#proxy-protocol
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/service/#proxy-protocol
Deprecated: ProxyProtocol will not be supported in future APIVersions, please use ServersTransport to configure ProxyProtocol instead.
properties:
version:
@ -605,7 +605,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/#rulesyntax
Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
enum:
- v3
@ -618,18 +618,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/router/#tls
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/tls/certificate-resolvers/acme/
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/tls/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@ -648,7 +648,7 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/tls/#tls-options
properties:
name:
description: Name defines the name of the referenced Traefik
@ -740,7 +740,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
Default: all.
items:
type: string
@ -828,7 +828,7 @@ spec:
openAPIV3Schema:
description: |-
Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/overview/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/overview/
properties:
apiVersion:
description: |-
@ -869,12 +869,12 @@ spec:
description: |-
BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/basicauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/basicauth/#headerfield
type: string
realm:
description: |-
@ -934,7 +934,7 @@ spec:
description: |-
Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/chain/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/chain/
properties:
middlewares:
description: Middlewares is the list of MiddlewareRef which composes
@ -997,7 +997,7 @@ spec:
description: |-
Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/compress/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/compress/
properties:
defaultEncoding:
description: DefaultEncoding specifies the default encoding if
@ -1047,12 +1047,12 @@ spec:
description: |-
DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/digestauth/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/digestauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/digestauth/#headerfield
type: string
realm:
description: |-
@ -1072,7 +1072,7 @@ spec:
description: |-
ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/errorpages/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/errorpages/
properties:
query:
description: |-
@ -1084,7 +1084,7 @@ spec:
service:
description: |-
Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/errorpages/#service
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/errorpages/#service
properties:
healthCheck:
description: Healthcheck defines health checks for ExternalName
@ -1245,7 +1245,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -1333,7 +1333,7 @@ spec:
description: |-
ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/
properties:
addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies
@ -1361,7 +1361,7 @@ spec:
authResponseHeadersRegex:
description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/#authresponseheadersregex
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/#authresponseheadersregex
type: string
forwardBody:
description: ForwardBody defines whether to send the request body
@ -1370,7 +1370,7 @@ spec:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/#headerfield
type: string
maxBodySize:
description: MaxBodySize defines the maximum body size in bytes
@ -1836,13 +1836,13 @@ spec:
x-kubernetes-preserve-unknown-fields: true
description: |-
Plugin defines the middleware plugin configuration.
More info: https://doc.traefik.io/traefik/plugins/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/overview/#community-middlewares
type: object
rateLimit:
description: |-
RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/ratelimit/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/ratelimit/
properties:
average:
description: |-
@ -2060,7 +2060,7 @@ spec:
Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/retry/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/retry/
properties:
attempts:
description: Attempts defines how many times the request should
@ -2140,7 +2140,7 @@ spec:
openAPIV3Schema:
description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/overview/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/overview/
properties:
apiVersion:
description: |-
@ -2177,7 +2177,7 @@ spec:
description: |-
IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/tcp/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/ipallowlist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@ -2191,7 +2191,7 @@ spec:
IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/tcp/ipwhitelist/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/ipwhitelist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@ -2230,7 +2230,7 @@ spec:
ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#serverstransport_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/serverstransport/
properties:
apiVersion:
description: |-
@ -2399,7 +2399,7 @@ spec:
ServersTransportTCP is the CRD implementation of a TCPServersTransport.
If no tcpServersTransport is specified, a default one named default@internal will be used.
The default@internal tcpServersTransport can be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#serverstransport_3
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/serverstransport/
properties:
apiVersion:
description: |-
@ -2553,7 +2553,7 @@ spec:
openAPIV3Schema:
description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#tls-options
properties:
apiVersion:
description: |-
@ -2578,14 +2578,14 @@ spec:
alpnProtocols:
description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#alpn-protocols
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#alpn-protocols
items:
type: string
type: array
cipherSuites:
description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#cipher-suites
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#cipher-suites
items:
type: string
type: array
@ -2613,7 +2613,7 @@ spec:
curvePreferences:
description: |-
CurvePreferences defines the preferred elliptic curves.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#curve-preferences
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#curve-preferences
items:
type: string
type: array
@ -2673,7 +2673,7 @@ spec:
TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#certificates-stores
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#certificates-stores
properties:
apiVersion:
description: |-
@ -2771,7 +2771,7 @@ spec:
TraefikService object allows to:
- Apply weight to Services on load-balancing
- Mirror traffic on services
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-traefikservice
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/traefikservice/
properties:
apiVersion:
description: |-
@ -2963,7 +2963,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -3291,7 +3291,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -3439,7 +3439,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -3672,7 +3672,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@ -3741,7 +3741,7 @@ spec:
sticky:
description: |-
Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/traefikservice/#stickiness-and-load-balancing
properties:
cookie:
description: Cookie defines the sticky cookie configuration.

32
pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroute.go
View File

@ -13,18 +13,18 @@ type IngressRouteSpec struct {
Routes []Route `json:"routes"`
// EntryPoints defines the list of entry point names to bind to.
// Entry points have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
// More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
// Default: all.
EntryPoints []string `json:"entryPoints,omitempty"`
// TLS defines the TLS configuration.
// More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/router/#tls
TLS *TLS `json:"tls,omitempty"`
}
// Route holds the HTTP route configuration.
type Route struct {
// Match defines the router's rule.
// More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/
Match string `json:"match"`
// Kind defines the kind of the route.
// Rule is the only supported kind.
@ -32,62 +32,62 @@ type Route struct {
// +kubebuilder:validation:Enum=Rule
Kind string `json:"kind,omitempty"`
// Priority defines the router's priority.
// More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/#priority
// +kubebuilder:validation:Maximum=9223372036854774807
Priority int `json:"priority,omitempty"`
// Syntax defines the router's rule syntax.
// More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/#rulesyntax
// Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
Syntax string `json:"syntax,omitempty"`
// Services defines the list of Service.
// It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
Services []Service `json:"services,omitempty"`
// Middlewares defines the list of references to Middleware resources.
// More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-middleware
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/middleware/
Middlewares []MiddlewareRef `json:"middlewares,omitempty"`
// Observability defines the observability configuration for a router.
// More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#observability
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/observability/
Observability *dynamic.RouterObservabilityConfig `json:"observability,omitempty"`
}
// TLS holds the TLS configuration.
// More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/overview/
type TLS struct {
// SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
SecretName string `json:"secretName,omitempty"`
// Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
// If not defined, the `default` TLSOption is used.
// More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-options/
Options *TLSOptionRef `json:"options,omitempty"`
// Store defines the reference to the TLSStore, that will be used to store certificates.
// Please note that only `default` TLSStore can be used.
Store *TLSStoreRef `json:"store,omitempty"`
// CertResolver defines the name of the certificate resolver to use.
// Cert resolvers have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
// More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/tls/certificate-resolvers/acme/
CertResolver string `json:"certResolver,omitempty"`
// Domains defines the list of domains that will be used to issue certificates.
// More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#domains
Domains []types.Domain `json:"domains,omitempty"`
}
// TLSOptionRef is a reference to a TLSOption resource.
type TLSOptionRef struct {
// Name defines the name of the referenced TLSOption.
// More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsoption/
Name string `json:"name"`
// Namespace defines the namespace of the referenced TLSOption.
// More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsoption/
Namespace string `json:"namespace,omitempty"`
}
// TLSStoreRef is a reference to a TLSStore resource.
type TLSStoreRef struct {
// Name defines the name of the referenced TLSStore.
// More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsstore/
Name string `json:"name"`
// Namespace defines the namespace of the referenced TLSStore.
// More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsstore/
Namespace string `json:"namespace,omitempty"`
}
@ -104,7 +104,7 @@ type LoadBalancerSpec struct {
// Namespace defines the namespace of the referenced Kubernetes Service or TraefikService.
Namespace string `json:"namespace,omitempty"`
// Sticky defines the sticky sessions configuration.
// More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
Sticky *dynamic.Sticky `json:"sticky,omitempty"`
// Port defines the port of a Kubernetes Service.
// This can be a reference to a named port.

20
pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressroutetcp.go
View File

@ -13,25 +13,25 @@ type IngressRouteTCPSpec struct {
Routes []RouteTCP `json:"routes"`
// EntryPoints defines the list of entry point names to bind to.
// Entry points have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
// More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
// Default: all.
EntryPoints []string `json:"entryPoints,omitempty"`
// TLS defines the TLS configuration on a layer 4 / TCP Route.
// More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls_1
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/router/#tls
TLS *TLSTCP `json:"tls,omitempty"`
}
// RouteTCP holds the TCP route configuration.
type RouteTCP struct {
// Match defines the router's rule.
// More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule_1
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/
Match string `json:"match"`
// Priority defines the router's priority.
// More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority_1
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/#priority
// +kubebuilder:validation:Maximum=9223372036854774807
Priority int `json:"priority,omitempty"`
// Syntax defines the router's rule syntax.
// More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax_1
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/#rulesyntax
// +kubebuilder:validation:Enum=v3;v2
// Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
Syntax string `json:"syntax,omitempty"`
@ -42,7 +42,7 @@ type RouteTCP struct {
}
// TLSTCP holds the TLS configuration for an IngressRouteTCP.
// More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls_1
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/tls/
type TLSTCP struct {
// SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
SecretName string `json:"secretName,omitempty"`
@ -50,17 +50,17 @@ type TLSTCP struct {
Passthrough bool `json:"passthrough,omitempty"`
// Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
// If not defined, the `default` TLSOption is used.
// More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/tls/#tls-options
Options *ObjectReference `json:"options,omitempty"`
// Store defines the reference to the TLSStore, that will be used to store certificates.
// Please note that only `default` TLSStore can be used.
Store *ObjectReference `json:"store,omitempty"`
// CertResolver defines the name of the certificate resolver to use.
// Cert resolvers have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
// More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/tls/certificate-resolvers/acme/
CertResolver string `json:"certResolver,omitempty"`
// Domains defines the list of domains that will be used to issue certificates.
// More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/tls/#domains
Domains []types.Domain `json:"domains,omitempty"`
}
@ -85,7 +85,7 @@ type ServiceTCP struct {
// Deprecated: TerminationDelay will not be supported in future APIVersions, please use ServersTransport to configure the TerminationDelay instead.
TerminationDelay *int `json:"terminationDelay,omitempty"`
// ProxyProtocol defines the PROXY protocol configuration.
// More info: https://doc.traefik.io/traefik/v3.5/routing/services/#proxy-protocol
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/service/#proxy-protocol
// Deprecated: ProxyProtocol will not be supported in future APIVersions, please use ServersTransport to configure ProxyProtocol instead.
ProxyProtocol *dynamic.ProxyProtocol `json:"proxyProtocol,omitempty"`
// ServersTransport defines the name of ServersTransportTCP resource to use.

2
pkg/provider/kubernetes/crd/traefikio/v1alpha1/ingressrouteudp.go
View File

@ -11,7 +11,7 @@ type IngressRouteUDPSpec struct {
Routes []RouteUDP `json:"routes"`
// EntryPoints defines the list of entry point names to bind to.
// Entry points have to be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
// More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
// Default: all.
EntryPoints []string `json:"entryPoints,omitempty"`
}

30
pkg/provider/kubernetes/crd/traefikio/v1alpha1/middleware.go
View File

@ -12,7 +12,7 @@ import (
// +kubebuilder:storageversion
// Middleware is the CRD implementation of a Traefik Middleware.
// More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/overview/
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/overview/
type Middleware struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
@ -52,7 +52,7 @@ type MiddlewareSpec struct {
ContentType *dynamic.ContentType `json:"contentType,omitempty"`
GrpcWeb *dynamic.GrpcWeb `json:"grpcWeb,omitempty"`
// Plugin defines the middleware plugin configuration.
// More info: https://doc.traefik.io/traefik/plugins/
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/overview/#community-middlewares
Plugin map[string]apiextensionv1.JSON `json:"plugin,omitempty"`
}
@ -60,7 +60,7 @@ type MiddlewareSpec struct {
// ErrorPage holds the custom error middleware configuration.
// This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
// More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/errorpages/
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/errorpages/
type ErrorPage struct {
// Status defines which status or range of statuses should result in an error page.
// It can be either a status code as a number (500),
@ -73,7 +73,7 @@ type ErrorPage struct {
// For example: "418": 404 or "410-418": 404
StatusRewrites map[string]int `json:"statusRewrites,omitempty"`
// Service defines the reference to a Kubernetes Service that will serve the error page.
// More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/errorpages/#service
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/errorpages/#service
Service Service `json:"service,omitempty"`
// Query defines the URL for the error page (hosted by service).
// The {status} variable can be used in order to insert the status code in the URL.
@ -108,7 +108,7 @@ type CircuitBreaker struct {
// Chain holds the configuration of the chain middleware.
// This middleware enables to define reusable combinations of other pieces of middleware.
// More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/chain/
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/chain/
type Chain struct {
// Middlewares is the list of MiddlewareRef which composes the chain.
Middlewares []MiddlewareRef `json:"middlewares,omitempty"`
@ -118,7 +118,7 @@ type Chain struct {
// BasicAuth holds the basic auth middleware configuration.
// This middleware restricts access to your services to known users.
// More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/basicauth/
type BasicAuth struct {
// Secret is the name of the referenced Kubernetes Secret containing user credentials.
Secret string `json:"secret,omitempty"`
@ -129,7 +129,7 @@ type BasicAuth struct {
// Default: false.
RemoveHeader bool `json:"removeHeader,omitempty"`
// HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/#headerfield
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/basicauth/#headerfield
HeaderField string `json:"headerField,omitempty"`
}
@ -137,7 +137,7 @@ type BasicAuth struct {
// DigestAuth holds the digest auth middleware configuration.
// This middleware restricts access to your services to known users.
// More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/digestauth/
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/digestauth/
type DigestAuth struct {
// Secret is the name of the referenced Kubernetes Secret containing user credentials.
Secret string `json:"secret,omitempty"`
@ -147,7 +147,7 @@ type DigestAuth struct {
// Default: traefik.
Realm string `json:"realm,omitempty"`
// HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/#headerfield
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/digestauth/#headerfield
HeaderField string `json:"headerField,omitempty"`
}
@ -155,7 +155,7 @@ type DigestAuth struct {
// ForwardAuth holds the forward auth middleware configuration.
// This middleware delegates the request authentication to a Service.
// More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/
type ForwardAuth struct {
// Address defines the authentication server address.
Address string `json:"address,omitempty"`
@ -164,7 +164,7 @@ type ForwardAuth struct {
// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
AuthResponseHeaders []string `json:"authResponseHeaders,omitempty"`
// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
// More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/#authresponseheadersregex
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/#authresponseheadersregex
AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty"`
// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
// If not set or empty then all request headers are passed.
@ -174,7 +174,7 @@ type ForwardAuth struct {
// AddAuthCookiesToResponse defines the list of cookies to copy from the authentication server response to the response.
AddAuthCookiesToResponse []string `json:"addAuthCookiesToResponse,omitempty"`
// HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/#headerfield
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/#headerfield
HeaderField string `json:"headerField,omitempty"`
// ForwardBody defines whether to send the request body to the authentication server.
ForwardBody bool `json:"forwardBody,omitempty"`
@ -201,7 +201,7 @@ type ClientTLSWithCAOptional struct {
// RateLimit holds the rate limit configuration.
// This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
// More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/ratelimit/
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/ratelimit/
type RateLimit struct {
// Average is the maximum rate, by default in requests/s, allowed for the given source.
// It defaults to 0, which means no rate limiting.
@ -286,7 +286,7 @@ type ClientTLS struct {
// Compress holds the compress middleware configuration.
// This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
// More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/compress/
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/compress/
type Compress struct {
// ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
// `application/grpc` is always excluded.
@ -308,7 +308,7 @@ type Compress struct {
// Retry holds the retry middleware configuration.
// This middleware reissues requests a given number of times to a backend server if that server does not reply.
// As soon as the server answers, the middleware stops retrying, regardless of the response status.
// More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/retry/
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/retry/
type Retry struct {
// Attempts defines how many times the request should be retried.
// +kubebuilder:validation:Minimum=0

6
pkg/provider/kubernetes/crd/traefikio/v1alpha1/middlewaretcp.go
View File

@ -9,7 +9,7 @@ import (
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
// More info: https://doc.traefik.io/traefik/v3.5/middlewares/overview/
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/overview/
type MiddlewareTCP struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
@ -28,11 +28,11 @@ type MiddlewareTCPSpec struct {
// IPWhiteList defines the IPWhiteList middleware configuration.
// This middleware accepts/refuses connections based on the client IP.
// Deprecated: please use IPAllowList instead.
// More info: https://doc.traefik.io/traefik/v3.5/middlewares/tcp/ipwhitelist/
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/ipwhitelist/
IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"`
// IPAllowList defines the IPAllowList middleware configuration.
// This middleware accepts/refuses connections based on the client IP.
// More info: https://doc.traefik.io/traefik/v3.5/middlewares/tcp/ipallowlist/
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/ipallowlist/
IPAllowList *dynamic.TCPIPAllowList `json:"ipAllowList,omitempty"`
}

2
pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransport.go
View File

@ -13,7 +13,7 @@ import (
// ServersTransport is the CRD implementation of a ServersTransport.
// If no serversTransport is specified, the default@internal will be used.
// The default@internal serversTransport is created from the static configuration.
// More info: https://doc.traefik.io/traefik/v3.5/routing/services/#serverstransport_1
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/serverstransport/
type ServersTransport struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.

2
pkg/provider/kubernetes/crd/traefikio/v1alpha1/serverstransporttcp.go
View File

@ -13,7 +13,7 @@ import (
// ServersTransportTCP is the CRD implementation of a TCPServersTransport.
// If no tcpServersTransport is specified, a default one named default@internal will be used.
// The default@internal tcpServersTransport can be configured in the static configuration.
// More info: https://doc.traefik.io/traefik/v3.5/routing/services/#serverstransport_3
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/serverstransport/
type ServersTransportTCP struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.

8
pkg/provider/kubernetes/crd/traefikio/v1alpha1/service.go
View File

@ -13,7 +13,7 @@ import (
// TraefikService object allows to:
// - Apply weight to Services on load-balancing
// - Mirror traffic on services
// More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-traefikservice
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/traefikservice/
type TraefikService struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
@ -51,7 +51,7 @@ type TraefikServiceSpec struct {
// +k8s:deepcopy-gen=true
// Mirroring holds the mirroring service configuration.
// More info: https://doc.traefik.io/traefik/v3.5/routing/services/#mirroring-service
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#mirroring
type Mirroring struct {
LoadBalancerSpec `json:",inline"`
@ -80,12 +80,12 @@ type MirrorService struct {
// +k8s:deepcopy-gen=true
// WeightedRoundRobin holds the weighted round-robin configuration.
// More info: https://doc.traefik.io/traefik/v3.5/routing/services/#weighted-round-robin-service
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#weighted-round-robin-wrr
type WeightedRoundRobin struct {
// Services defines the list of Kubernetes Service and/or TraefikService to load-balance, with weight.
Services []Service `json:"services,omitempty"`
// Sticky defines whether sticky sessions are enabled.
// More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/traefikservice/#stickiness-and-load-balancing
Sticky *dynamic.Sticky `json:"sticky,omitempty"`
}

8
pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsoption.go
View File

@ -9,7 +9,7 @@ import (
// +kubebuilder:storageversion
// TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
// More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#tls-options
type TLSOption struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
@ -32,17 +32,17 @@ type TLSOptionSpec struct {
// Default: None.
MaxVersion string `json:"maxVersion,omitempty"`
// CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
// More info: https://doc.traefik.io/traefik/v3.5/https/tls/#cipher-suites
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#cipher-suites
CipherSuites []string `json:"cipherSuites,omitempty"`
// CurvePreferences defines the preferred elliptic curves.
// More info: https://doc.traefik.io/traefik/v3.5/https/tls/#curve-preferences
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#curve-preferences
CurvePreferences []string `json:"curvePreferences,omitempty"`
// ClientAuth defines the server's policy for TLS Client Authentication.
ClientAuth ClientAuth `json:"clientAuth,omitempty"`
// SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
SniStrict bool `json:"sniStrict,omitempty"`
// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
// More info: https://doc.traefik.io/traefik/v3.5/https/tls/#alpn-protocols
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#alpn-protocols
ALPNProtocols []string `json:"alpnProtocols,omitempty"`
// DisableSessionTickets disables TLS session resumption via session tickets.
DisableSessionTickets bool `json:"disableSessionTickets,omitempty"`

2
pkg/provider/kubernetes/crd/traefikio/v1alpha1/tlsstore.go
View File

@ -12,7 +12,7 @@ import (
// TLSStore is the CRD implementation of a Traefik TLS Store.
// For the time being, only the TLSStore named default is supported.
// This means that you cannot have two stores that are named default in different Kubernetes namespaces.
// More info: https://doc.traefik.io/traefik/v3.5/https/tls/#certificates-stores
// More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#certificates-stores
type TLSStore struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.

6
script/gcg/traefik-bugfix.toml
View File

@ -4,11 +4,11 @@ RepositoryName = "traefik"
OutputType = "file"
FileName = "traefik_changelog.md"
# example new bugfix v3.5.2
# example new bugfix v3.5.3
CurrentRef = "v3.5"
PreviousRef = "v3.5.1"
PreviousRef = "v3.5.2"
BaseBranch = "v3.5"
FutureCurrentRefName = "v3.5.2"
FutureCurrentRefName = "v3.5.3"
ThresholdPreviousRef = 10
ThresholdCurrentRef = 10

4
webui/src/contexts/version.tsx
View File

@ -1,5 +1,7 @@
import { createContext, ReactNode, useEffect, useState } from 'react'
import { BASE_PATH } from 'libs/utils'
type VersionContextProps = {
showHubButton: boolean
version: string
@ -21,7 +23,7 @@ export const VersionProvider = ({ children }: VersionProviderProps) => {
useEffect(() => {
const fetchVersion = async () => {
try {
const response = await fetch('/api/version')
const response = await fetch(`${BASE_PATH}/version`)
if (!response.ok) {
throw new Error(`Network error: ${response.status}`)
}