From 6fd3608eba58173c0aad8f35c8c617e7de6e764c Mon Sep 17 00:00:00 2001 From: ffilippopoulos Date: Tue, 21 May 2024 10:19:46 +0100 Subject: [PATCH 1/2] Traefik v3 manifests fetched from upstream --- traefik/cluster/crds/Makefile | 2 +- traefik/cluster/crds/kustomization.yaml | 2 +- .../traefik/crds/kustomization.yaml | 21 - .../traefik.containo.us_ingressroutes.yaml | 275 ------ .../traefik.containo.us_ingressroutetcps.yaml | 218 ----- .../traefik.containo.us_ingressrouteudps.yaml | 105 -- .../crds/traefik.containo.us_middlewares.yaml | 924 ------------------ .../traefik.containo.us_middlewaretcps.yaml | 72 -- ...traefik.containo.us_serverstransports.yaml | 128 --- .../crds/traefik.containo.us_tlsoptions.yaml | 113 --- .../crds/traefik.containo.us_tlsstores.yaml | 99 -- .../traefik.containo.us_traefikservices.yaml | 402 -------- .../crds/traefik.io_ingressroutes.yaml | 275 ------ .../crds/traefik.io_middlewaretcps.yaml | 72 -- .../hub.traefik.io_accesscontrolpolicies.yaml | 363 +++++++ .../crds/hub.traefik.io_apiaccesses.yaml | 147 +++ .../crds/hub.traefik.io_apiportals.yaml | 101 ++ .../crds/hub.traefik.io_apiratelimits.yaml | 160 +++ .../traefik/crds/hub.traefik.io_apis.yaml | 190 ++++ .../crds/hub.traefik.io_apiversions.yaml | 195 ++++ .../crds/hub.traefik.io_edgeingresses.yaml | 115 +++ .../traefik/crds/kustomization.yaml | 20 + .../crds/traefik.io_ingressroutes.yaml | 298 ++++++ .../crds/traefik.io_ingressroutetcps.yaml | 122 ++- .../crds/traefik.io_ingressrouteudps.yaml | 49 +- .../traefik/crds/traefik.io_middlewares.yaml | 593 ++++++----- .../crds/traefik.io_middlewaretcps.yaml | 87 ++ .../crds/traefik.io_serverstransports.yaml | 45 +- .../crds/traefik.io_serverstransporttcps.yaml | 120 +++ .../traefik/crds/traefik.io_tlsoptions.yaml | 69 +- .../traefik/crds/traefik.io_tlsstores.yaml | 36 +- .../crds/traefik.io_traefikservices.yaml | 297 +++--- traefik/cluster/rbac/auth-traefik.yaml | 5 +- 33 files changed, 2486 insertions(+), 3234 deletions(-) delete mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/kustomization.yaml delete mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressroutes.yaml delete mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressroutetcps.yaml delete mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressrouteudps.yaml delete mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_middlewares.yaml delete mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_middlewaretcps.yaml delete mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_serverstransports.yaml delete mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_tlsoptions.yaml delete mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_tlsstores.yaml delete mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_traefikservices.yaml delete mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_ingressroutes.yaml delete mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_middlewaretcps.yaml create mode 100644 traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_accesscontrolpolicies.yaml create mode 100644 traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apiaccesses.yaml create mode 100644 traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apiportals.yaml create mode 100644 traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apiratelimits.yaml create mode 100644 traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apis.yaml create mode 100644 traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apiversions.yaml create mode 100644 traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_edgeingresses.yaml create mode 100644 traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/kustomization.yaml create mode 100644 traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_ingressroutes.yaml rename traefik/cluster/crds/{localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792 => localized-crds-a429dd01418a0eeeb35a84019945e211148db69b}/traefik/crds/traefik.io_ingressroutetcps.yaml (57%) rename traefik/cluster/crds/{localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792 => localized-crds-a429dd01418a0eeeb35a84019945e211148db69b}/traefik/crds/traefik.io_ingressrouteudps.yaml (65%) rename traefik/cluster/crds/{localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792 => localized-crds-a429dd01418a0eeeb35a84019945e211148db69b}/traefik/crds/traefik.io_middlewares.yaml (56%) create mode 100644 traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_middlewaretcps.yaml rename traefik/cluster/crds/{localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792 => localized-crds-a429dd01418a0eeeb35a84019945e211148db69b}/traefik/crds/traefik.io_serverstransports.yaml (74%) create mode 100644 traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_serverstransporttcps.yaml rename traefik/cluster/crds/{localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792 => localized-crds-a429dd01418a0eeeb35a84019945e211148db69b}/traefik/crds/traefik.io_tlsoptions.yaml (51%) rename traefik/cluster/crds/{localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792 => localized-crds-a429dd01418a0eeeb35a84019945e211148db69b}/traefik/crds/traefik.io_tlsstores.yaml (69%) rename traefik/cluster/crds/{localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792 => localized-crds-a429dd01418a0eeeb35a84019945e211148db69b}/traefik/crds/traefik.io_traefikservices.yaml (51%) diff --git a/traefik/cluster/crds/Makefile b/traefik/cluster/crds/Makefile index 97fb3dca..55b2c9d4 100644 --- a/traefik/cluster/crds/Makefile +++ b/traefik/cluster/crds/Makefile @@ -1,2 +1,2 @@ localize: - kustomize localize "https://github.com/traefik/traefik-helm-chart//traefik/crds?ref=62d7a9be592b552965fb690681b6f4f8865ce792" # valid for v2.10.3 + kustomize localize "https://github.com/traefik/traefik-helm-chart//traefik/crds?ref=a429dd01418a0eeeb35a84019945e211148db69b" # valid for v3.0.0 diff --git a/traefik/cluster/crds/kustomization.yaml b/traefik/cluster/crds/kustomization.yaml index b1f82cae..d1390209 100644 --- a/traefik/cluster/crds/kustomization.yaml +++ b/traefik/cluster/crds/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/ + - localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/ diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/kustomization.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/kustomization.yaml deleted file mode 100644 index 99158464..00000000 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/kustomization.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- traefik.containo.us_ingressroutes.yaml -- traefik.containo.us_ingressroutetcps.yaml -- traefik.containo.us_ingressrouteudps.yaml -- traefik.containo.us_middlewares.yaml -- traefik.containo.us_middlewaretcps.yaml -- traefik.containo.us_serverstransports.yaml -- traefik.containo.us_tlsoptions.yaml -- traefik.containo.us_tlsstores.yaml -- traefik.containo.us_traefikservices.yaml -- traefik.io_ingressroutes.yaml -- traefik.io_ingressroutetcps.yaml -- traefik.io_ingressrouteudps.yaml -- traefik.io_middlewares.yaml -- traefik.io_middlewaretcps.yaml -- traefik.io_serverstransports.yaml -- traefik.io_tlsoptions.yaml -- traefik.io_tlsstores.yaml -- traefik.io_traefikservices.yaml diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressroutes.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressroutes.yaml deleted file mode 100644 index bd137f41..00000000 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressroutes.yaml +++ /dev/null @@ -1,275 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: ingressroutes.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: IngressRoute - listKind: IngressRouteList - plural: ingressroutes - singular: ingressroute - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: IngressRoute is the CRD implementation of a Traefik HTTP Router. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IngressRouteSpec defines the desired state of IngressRoute. - properties: - entryPoints: - description: 'EntryPoints defines the list of entry point names to - bind to. Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ - Default: all.' - items: - type: string - type: array - routes: - description: Routes defines the list of routes. - items: - description: Route holds the HTTP route configuration. - properties: - kind: - description: Kind defines the kind of the route. Rule is the - only supported kind. - enum: - - Rule - type: string - match: - description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule' - type: string - middlewares: - description: 'Middlewares defines the list of references to - Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware' - items: - description: MiddlewareRef is a reference to a Middleware - resource. - properties: - name: - description: Name defines the name of the referenced Middleware - resource. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Middleware resource. - type: string - required: - - name - type: object - type: array - priority: - description: 'Priority defines the router''s priority. More - info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority' - type: integer - services: - description: Services defines the list of Service. It can contain - any combination of TraefikService and/or reference to a Kubernetes - Service. - items: - description: Service defines an upstream HTTP service to proxy - traffic to. - properties: - kind: - description: Kind defines the kind of the Service. - enum: - - Service - - TraefikService - type: string - name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between - the two is specified in the Kind field. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Kubernetes Service or TraefikService. - type: string - nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs - or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. - type: boolean - passHostHeader: - description: PassHostHeader defines whether the client - Host header is forwarded to the upstream Kubernetes - Service. By default, passHostHeader is true. - type: boolean - port: - anyOf: - - type: integer - - type: string - description: Port defines the port of a Kubernetes Service. - This can be a reference to a named port. - x-kubernetes-int-or-string: true - responseForwarding: - description: ResponseForwarding defines how Traefik forwards - the response from the upstream Kubernetes Service to - the client. - properties: - flushInterval: - description: 'FlushInterval defines the interval, - in milliseconds, in between flushes to the client - while copying the response body. A negative value - means to flush immediately after each write to the - client. This configuration is ignored when ReverseProxy - recognizes a response as a streaming response; for - such responses, writes are flushed to the client - immediately. Default: 100ms' - type: string - type: object - scheme: - description: Scheme defines the scheme to use for the - request to the upstream Kubernetes Service. It defaults - to https when Kubernetes Service port is 443, http otherwise. - type: string - serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport - between Traefik and your servers. Can only be used on - a Kubernetes Service. - type: string - sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' - properties: - cookie: - description: Cookie defines the sticky cookie configuration. - properties: - httpOnly: - description: HTTPOnly defines whether the cookie - can be accessed by client-side APIs, such as - JavaScript. - type: boolean - name: - description: Name defines the Cookie name. - type: string - sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' - type: string - secure: - description: Secure defines whether the cookie - can only be transmitted over an encrypted connection - (i.e. HTTPS). - type: boolean - type: object - type: object - strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported - value at the moment. - type: string - weight: - description: Weight defines the weight and should only - be specified when Name references a TraefikService object - (and to be precise, one that embeds a Weighted Round - Robin). - type: integer - required: - - name - type: object - type: array - required: - - kind - - match - type: object - type: array - tls: - description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls' - properties: - certResolver: - description: 'CertResolver defines the name of the certificate - resolver to use. Cert resolvers have to be configured in the - static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers' - type: string - domains: - description: 'Domains defines the list of domains that will be - used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains' - items: - description: Domain holds a domain name with SANs. - properties: - main: - description: Main defines the main domain name. - type: string - sans: - description: SANs defines the subject alternative domain - names. - items: - type: string - type: array - type: object - type: array - options: - description: 'Options defines the reference to a TLSOption, that - specifies the parameters of the TLS connection. If not defined, - the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' - properties: - name: - description: 'Name defines the name of the referenced TLSOption. - More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption' - type: string - namespace: - description: 'Namespace defines the namespace of the referenced - TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption' - type: string - required: - - name - type: object - secretName: - description: SecretName is the name of the referenced Kubernetes - Secret to specify the certificate details. - type: string - store: - description: Store defines the reference to the TLSStore, that - will be used to store certificates. Please note that only `default` - TLSStore can be used. - properties: - name: - description: 'Name defines the name of the referenced TLSStore. - More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore' - type: string - namespace: - description: 'Namespace defines the namespace of the referenced - TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore' - type: string - required: - - name - type: object - type: object - required: - - routes - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressroutetcps.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressroutetcps.yaml deleted file mode 100644 index 589fe31c..00000000 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressroutetcps.yaml +++ /dev/null @@ -1,218 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: ingressroutetcps.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: IngressRouteTCP - listKind: IngressRouteTCPList - plural: ingressroutetcps - singular: ingressroutetcp - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. - properties: - entryPoints: - description: 'EntryPoints defines the list of entry point names to - bind to. Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ - Default: all.' - items: - type: string - type: array - routes: - description: Routes defines the list of routes. - items: - description: RouteTCP holds the TCP route configuration. - properties: - match: - description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1' - type: string - middlewares: - description: Middlewares defines the list of references to MiddlewareTCP - resources. - items: - description: ObjectReference is a generic reference to a Traefik - resource. - properties: - name: - description: Name defines the name of the referenced Traefik - resource. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Traefik resource. - type: string - required: - - name - type: object - type: array - priority: - description: 'Priority defines the router''s priority. More - info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1' - type: integer - services: - description: Services defines the list of TCP services. - items: - description: ServiceTCP defines an upstream TCP service to - proxy traffic to. - properties: - name: - description: Name defines the name of the referenced Kubernetes - Service. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Kubernetes Service. - type: string - nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs - or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. - type: boolean - port: - anyOf: - - type: integer - - type: string - description: Port defines the port of a Kubernetes Service. - This can be a reference to a named port. - x-kubernetes-int-or-string: true - proxyProtocol: - description: 'ProxyProtocol defines the PROXY protocol - configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol' - properties: - version: - description: Version defines the PROXY Protocol version - to use. - type: integer - type: object - terminationDelay: - description: TerminationDelay defines the deadline that - the proxy sets, after one of its connected peers indicates - it has closed the writing capability of its connection, - to close the reading capability as well, hence fully - terminating the connection. It is a duration in milliseconds, - defaulting to 100. A negative value means an infinite - deadline (i.e. the reading capability is never closed). - type: integer - weight: - description: Weight defines the weight used when balancing - requests between multiple Kubernetes Service. - type: integer - required: - - name - - port - type: object - type: array - required: - - match - type: object - type: array - tls: - description: 'TLS defines the TLS configuration on a layer 4 / TCP - Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1' - properties: - certResolver: - description: 'CertResolver defines the name of the certificate - resolver to use. Cert resolvers have to be configured in the - static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers' - type: string - domains: - description: 'Domains defines the list of domains that will be - used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains' - items: - description: Domain holds a domain name with SANs. - properties: - main: - description: Main defines the main domain name. - type: string - sans: - description: SANs defines the subject alternative domain - names. - items: - type: string - type: array - type: object - type: array - options: - description: 'Options defines the reference to a TLSOption, that - specifies the parameters of the TLS connection. If not defined, - the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' - properties: - name: - description: Name defines the name of the referenced Traefik - resource. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Traefik resource. - type: string - required: - - name - type: object - passthrough: - description: Passthrough defines whether a TLS router will terminate - the TLS connection. - type: boolean - secretName: - description: SecretName is the name of the referenced Kubernetes - Secret to specify the certificate details. - type: string - store: - description: Store defines the reference to the TLSStore, that - will be used to store certificates. Please note that only `default` - TLSStore can be used. - properties: - name: - description: Name defines the name of the referenced Traefik - resource. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Traefik resource. - type: string - required: - - name - type: object - type: object - required: - - routes - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressrouteudps.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressrouteudps.yaml deleted file mode 100644 index c35ee4dc..00000000 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressrouteudps.yaml +++ /dev/null @@ -1,105 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: ingressrouteudps.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: IngressRouteUDP - listKind: IngressRouteUDPList - plural: ingressrouteudps - singular: ingressrouteudp - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. - properties: - entryPoints: - description: 'EntryPoints defines the list of entry point names to - bind to. Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ - Default: all.' - items: - type: string - type: array - routes: - description: Routes defines the list of routes. - items: - description: RouteUDP holds the UDP route configuration. - properties: - services: - description: Services defines the list of UDP services. - items: - description: ServiceUDP defines an upstream UDP service to - proxy traffic to. - properties: - name: - description: Name defines the name of the referenced Kubernetes - Service. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Kubernetes Service. - type: string - nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs - or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. - type: boolean - port: - anyOf: - - type: integer - - type: string - description: Port defines the port of a Kubernetes Service. - This can be a reference to a named port. - x-kubernetes-int-or-string: true - weight: - description: Weight defines the weight used when balancing - requests between multiple Kubernetes Service. - type: integer - required: - - name - - port - type: object - type: array - type: object - type: array - required: - - routes - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_middlewares.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_middlewares.yaml deleted file mode 100644 index 5e14f93f..00000000 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_middlewares.yaml +++ /dev/null @@ -1,924 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: middlewares.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: Middleware - listKind: MiddlewareList - plural: middlewares - singular: middleware - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: 'Middleware is the CRD implementation of a Traefik Middleware. - More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MiddlewareSpec defines the desired state of a Middleware. - properties: - addPrefix: - description: 'AddPrefix holds the add prefix middleware configuration. - This middleware updates the path of a request before forwarding - it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/' - properties: - prefix: - description: Prefix is the string to add before the current path - in the requested URL. It should include a leading slash (/). - type: string - type: object - basicAuth: - description: 'BasicAuth holds the basic auth middleware configuration. - This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/' - properties: - headerField: - description: 'HeaderField defines a header field to store the - authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield' - type: string - realm: - description: 'Realm allows the protected resources on a server - to be partitioned into a set of protection spaces, each with - its own authentication scheme. Default: traefik.' - type: string - removeHeader: - description: 'RemoveHeader sets the removeHeader option to true - to remove the authorization header before forwarding the request - to your service. Default: false.' - type: boolean - secret: - description: Secret is the name of the referenced Kubernetes Secret - containing user credentials. - type: string - type: object - buffering: - description: 'Buffering holds the buffering middleware configuration. - This middleware retries or limits the size of requests that can - be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes' - properties: - maxRequestBodyBytes: - description: 'MaxRequestBodyBytes defines the maximum allowed - body size for the request (in bytes). If the request exceeds - the allowed size, it is not forwarded to the service, and the - client gets a 413 (Request Entity Too Large) response. Default: - 0 (no maximum).' - format: int64 - type: integer - maxResponseBodyBytes: - description: 'MaxResponseBodyBytes defines the maximum allowed - response size from the service (in bytes). If the response exceeds - the allowed size, it is not forwarded to the client. The client - gets a 500 (Internal Server Error) response instead. Default: - 0 (no maximum).' - format: int64 - type: integer - memRequestBodyBytes: - description: 'MemRequestBodyBytes defines the threshold (in bytes) - from which the request will be buffered on disk instead of in - memory. Default: 1048576 (1Mi).' - format: int64 - type: integer - memResponseBodyBytes: - description: 'MemResponseBodyBytes defines the threshold (in bytes) - from which the response will be buffered on disk instead of - in memory. Default: 1048576 (1Mi).' - format: int64 - type: integer - retryExpression: - description: 'RetryExpression defines the retry conditions. It - is a logical combination of functions with operators AND (&&) - and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression' - type: string - type: object - chain: - description: 'Chain holds the configuration of the chain middleware. - This middleware enables to define reusable combinations of other - pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/' - properties: - middlewares: - description: Middlewares is the list of MiddlewareRef which composes - the chain. - items: - description: MiddlewareRef is a reference to a Middleware resource. - properties: - name: - description: Name defines the name of the referenced Middleware - resource. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Middleware resource. - type: string - required: - - name - type: object - type: array - type: object - circuitBreaker: - description: CircuitBreaker holds the circuit breaker configuration. - properties: - checkPeriod: - anyOf: - - type: integer - - type: string - description: CheckPeriod is the interval between successive checks - of the circuit breaker condition (when in standby state). - x-kubernetes-int-or-string: true - expression: - description: Expression is the condition that triggers the tripped - state. - type: string - fallbackDuration: - anyOf: - - type: integer - - type: string - description: FallbackDuration is the duration for which the circuit - breaker will wait before trying to recover (from a tripped state). - x-kubernetes-int-or-string: true - recoveryDuration: - anyOf: - - type: integer - - type: string - description: RecoveryDuration is the duration for which the circuit - breaker will try to recover (as soon as it is in recovering - state). - x-kubernetes-int-or-string: true - type: object - compress: - description: 'Compress holds the compress middleware configuration. - This middleware compresses responses before sending them to the - client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/' - properties: - excludedContentTypes: - description: ExcludedContentTypes defines the list of content - types to compare the Content-Type header of the incoming requests - and responses before compressing. - items: - type: string - type: array - minResponseBodyBytes: - description: 'MinResponseBodyBytes defines the minimum amount - of bytes a response body must have to be compressed. Default: - 1024.' - type: integer - type: object - contentType: - description: ContentType holds the content-type middleware configuration. - This middleware exists to enable the correct behavior until at least - the default one can be changed in a future version. - properties: - autoDetect: - description: AutoDetect specifies whether to let the `Content-Type` - header, if it has not been set by the backend, be automatically - set to a value derived from the contents of the response. As - a proxy, the default behavior should be to leave the header - alone, regardless of what the backend did with it. However, - the historic default was to always auto-detect and set the header - if it was nil, and it is going to be kept that way in order - to support users currently relying on it. - type: boolean - type: object - digestAuth: - description: 'DigestAuth holds the digest auth middleware configuration. - This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/' - properties: - headerField: - description: 'HeaderField defines a header field to store the - authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield' - type: string - realm: - description: 'Realm allows the protected resources on a server - to be partitioned into a set of protection spaces, each with - its own authentication scheme. Default: traefik.' - type: string - removeHeader: - description: RemoveHeader defines whether to remove the authorization - header before forwarding the request to the backend. - type: boolean - secret: - description: Secret is the name of the referenced Kubernetes Secret - containing user credentials. - type: string - type: object - errors: - description: 'ErrorPage holds the custom error middleware configuration. - This middleware returns a custom page in lieu of the default, according - to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/' - properties: - query: - description: Query defines the URL for the error page (hosted - by service). The {status} variable can be used in order to insert - the status code in the URL. - type: string - service: - description: 'Service defines the reference to a Kubernetes Service - that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service' - properties: - kind: - description: Kind defines the kind of the Service. - enum: - - Service - - TraefikService - type: string - name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between the - two is specified in the Kind field. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Kubernetes Service or TraefikService. - type: string - nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or if - the only child is the Kubernetes Service clusterIP. The - Kubernetes Service itself does load-balance to the pods. - By default, NativeLB is false. - type: boolean - passHostHeader: - description: PassHostHeader defines whether the client Host - header is forwarded to the upstream Kubernetes Service. - By default, passHostHeader is true. - type: boolean - port: - anyOf: - - type: integer - - type: string - description: Port defines the port of a Kubernetes Service. - This can be a reference to a named port. - x-kubernetes-int-or-string: true - responseForwarding: - description: ResponseForwarding defines how Traefik forwards - the response from the upstream Kubernetes Service to the - client. - properties: - flushInterval: - description: 'FlushInterval defines the interval, in milliseconds, - in between flushes to the client while copying the response - body. A negative value means to flush immediately after - each write to the client. This configuration is ignored - when ReverseProxy recognizes a response as a streaming - response; for such responses, writes are flushed to - the client immediately. Default: 100ms' - type: string - type: object - scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https - when Kubernetes Service port is 443, http otherwise. - type: string - serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport between - Traefik and your servers. Can only be used on a Kubernetes - Service. - type: string - sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' - properties: - cookie: - description: Cookie defines the sticky cookie configuration. - properties: - httpOnly: - description: HTTPOnly defines whether the cookie can - be accessed by client-side APIs, such as JavaScript. - type: boolean - name: - description: Name defines the Cookie name. - type: string - sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' - type: string - secure: - description: Secure defines whether the cookie can - only be transmitted over an encrypted connection - (i.e. HTTPS). - type: boolean - type: object - type: object - strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported value - at the moment. - type: string - weight: - description: Weight defines the weight and should only be - specified when Name references a TraefikService object (and - to be precise, one that embeds a Weighted Round Robin). - type: integer - required: - - name - type: object - status: - description: Status defines which status or range of statuses - should result in an error page. It can be either a status code - as a number (500), as multiple comma-separated numbers (500,502), - as ranges by separating two codes with a dash (500-599), or - a combination of the two (404,418,500-599). - items: - type: string - type: array - type: object - forwardAuth: - description: 'ForwardAuth holds the forward auth middleware configuration. - This middleware delegates the request authentication to a Service. - More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/' - properties: - address: - description: Address defines the authentication server address. - type: string - authRequestHeaders: - description: AuthRequestHeaders defines the list of the headers - to copy from the request to the authentication server. If not - set or empty then all request headers are passed. - items: - type: string - type: array - authResponseHeaders: - description: AuthResponseHeaders defines the list of headers to - copy from the authentication server response and set on forwarded - request, replacing any existing conflicting headers. - items: - type: string - type: array - authResponseHeadersRegex: - description: 'AuthResponseHeadersRegex defines the regex to match - headers to copy from the authentication server response and - set on forwarded request, after stripping all headers that match - the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex' - type: string - tls: - description: TLS defines the configuration used to secure the - connection to the authentication server. - properties: - caOptional: - type: boolean - caSecret: - description: CASecret is the name of the referenced Kubernetes - Secret containing the CA to validate the server certificate. - The CA certificate is extracted from key `tls.ca` or `ca.crt`. - type: string - certSecret: - description: CertSecret is the name of the referenced Kubernetes - Secret containing the client certificate. The client certificate - is extracted from the keys `tls.crt` and `tls.key`. - type: string - insecureSkipVerify: - description: InsecureSkipVerify defines whether the server - certificates should be validated. - type: boolean - type: object - trustForwardHeader: - description: 'TrustForwardHeader defines whether to trust (ie: - forward) all X-Forwarded-* headers.' - type: boolean - type: object - headers: - description: 'Headers holds the headers middleware configuration. - This middleware manages the requests and responses headers. More - info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders' - properties: - accessControlAllowCredentials: - description: AccessControlAllowCredentials defines whether the - request can include user credentials. - type: boolean - accessControlAllowHeaders: - description: AccessControlAllowHeaders defines the Access-Control-Request-Headers - values sent in preflight response. - items: - type: string - type: array - accessControlAllowMethods: - description: AccessControlAllowMethods defines the Access-Control-Request-Method - values sent in preflight response. - items: - type: string - type: array - accessControlAllowOriginList: - description: AccessControlAllowOriginList is a list of allowable - origins. Can also be a wildcard origin "*". - items: - type: string - type: array - accessControlAllowOriginListRegex: - description: AccessControlAllowOriginListRegex is a list of allowable - origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/). - items: - type: string - type: array - accessControlExposeHeaders: - description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers - values sent in preflight response. - items: - type: string - type: array - accessControlMaxAge: - description: AccessControlMaxAge defines the time that a preflight - request may be cached. - format: int64 - type: integer - addVaryHeader: - description: AddVaryHeader defines whether the Vary header is - automatically added/updated when the AccessControlAllowOriginList - is set. - type: boolean - allowedHosts: - description: AllowedHosts defines the fully qualified list of - allowed domain names. - items: - type: string - type: array - browserXssFilter: - description: BrowserXSSFilter defines whether to add the X-XSS-Protection - header with the value 1; mode=block. - type: boolean - contentSecurityPolicy: - description: ContentSecurityPolicy defines the Content-Security-Policy - header value. - type: string - contentTypeNosniff: - description: ContentTypeNosniff defines whether to add the X-Content-Type-Options - header with the nosniff value. - type: boolean - customBrowserXSSValue: - description: CustomBrowserXSSValue defines the X-XSS-Protection - header value. This overrides the BrowserXssFilter option. - type: string - customFrameOptionsValue: - description: CustomFrameOptionsValue defines the X-Frame-Options - header value. This overrides the FrameDeny option. - type: string - customRequestHeaders: - additionalProperties: - type: string - description: CustomRequestHeaders defines the header names and - values to apply to the request. - type: object - customResponseHeaders: - additionalProperties: - type: string - description: CustomResponseHeaders defines the header names and - values to apply to the response. - type: object - featurePolicy: - description: 'Deprecated: use PermissionsPolicy instead.' - type: string - forceSTSHeader: - description: ForceSTSHeader defines whether to add the STS header - even when the connection is HTTP. - type: boolean - frameDeny: - description: FrameDeny defines whether to add the X-Frame-Options - header with the DENY value. - type: boolean - hostsProxyHeaders: - description: HostsProxyHeaders defines the header keys that may - hold a proxied hostname value for the request. - items: - type: string - type: array - isDevelopment: - description: IsDevelopment defines whether to mitigate the unwanted - effects of the AllowedHosts, SSL, and STS options when developing. - Usually testing takes place using HTTP, not HTTPS, and on localhost, - not your production domain. If you would like your development - environment to mimic production with complete Host blocking, - SSL redirects, and STS headers, leave this as false. - type: boolean - permissionsPolicy: - description: PermissionsPolicy defines the Permissions-Policy - header value. This allows sites to control browser features. - type: string - publicKey: - description: PublicKey is the public key that implements HPKP - to prevent MITM attacks with forged certificates. - type: string - referrerPolicy: - description: ReferrerPolicy defines the Referrer-Policy header - value. This allows sites to control whether browsers forward - the Referer header to other sites. - type: string - sslForceHost: - description: 'Deprecated: use RedirectRegex instead.' - type: boolean - sslHost: - description: 'Deprecated: use RedirectRegex instead.' - type: string - sslProxyHeaders: - additionalProperties: - type: string - description: 'SSLProxyHeaders defines the header keys with associated - values that would indicate a valid HTTPS request. It can be - useful when using other proxies (example: "X-Forwarded-Proto": - "https").' - type: object - sslRedirect: - description: 'Deprecated: use EntryPoint redirection or RedirectScheme - instead.' - type: boolean - sslTemporaryRedirect: - description: 'Deprecated: use EntryPoint redirection or RedirectScheme - instead.' - type: boolean - stsIncludeSubdomains: - description: STSIncludeSubdomains defines whether the includeSubDomains - directive is appended to the Strict-Transport-Security header. - type: boolean - stsPreload: - description: STSPreload defines whether the preload flag is appended - to the Strict-Transport-Security header. - type: boolean - stsSeconds: - description: STSSeconds defines the max-age of the Strict-Transport-Security - header. If set to 0, the header is not set. - format: int64 - type: integer - type: object - inFlightReq: - description: 'InFlightReq holds the in-flight request middleware configuration. - This middleware limits the number of requests being processed and - served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/' - properties: - amount: - description: Amount defines the maximum amount of allowed simultaneous - in-flight request. The middleware responds with HTTP 429 Too - Many Requests if there are already amount requests in progress - (based on the same sourceCriterion strategy). - format: int64 - type: integer - sourceCriterion: - description: 'SourceCriterion defines what criterion is used to - group requests as originating from a common source. If several - strategies are defined at the same time, an error will be raised. - If none are set, the default is to use the requestHost. More - info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion' - properties: - ipStrategy: - description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' - properties: - depth: - description: Depth tells Traefik to use the X-Forwarded-For - header and take the IP located at the depth position - (starting from the right). - type: integer - excludedIPs: - description: ExcludedIPs configures Traefik to scan the - X-Forwarded-For header and select the first IP not in - the list. - items: - type: string - type: array - type: object - requestHeaderName: - description: RequestHeaderName defines the name of the header - used to group incoming requests. - type: string - requestHost: - description: RequestHost defines whether to consider the request - Host as the source. - type: boolean - type: object - type: object - ipWhiteList: - description: 'IPWhiteList holds the IP whitelist middleware configuration. - This middleware accepts / refuses requests based on the client IP. - More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/' - properties: - ipStrategy: - description: 'IPStrategy holds the IP strategy configuration used - by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' - properties: - depth: - description: Depth tells Traefik to use the X-Forwarded-For - header and take the IP located at the depth position (starting - from the right). - type: integer - excludedIPs: - description: ExcludedIPs configures Traefik to scan the X-Forwarded-For - header and select the first IP not in the list. - items: - type: string - type: array - type: object - sourceRange: - description: SourceRange defines the set of allowed IPs (or ranges - of allowed IPs by using CIDR notation). - items: - type: string - type: array - type: object - passTLSClientCert: - description: 'PassTLSClientCert holds the pass TLS client cert middleware - configuration. This middleware adds the selected data from the passed - client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/' - properties: - info: - description: Info selects the specific client certificate details - you want to add to the X-Forwarded-Tls-Client-Cert-Info header. - properties: - issuer: - description: Issuer defines the client certificate issuer - details to add to the X-Forwarded-Tls-Client-Cert-Info header. - properties: - commonName: - description: CommonName defines whether to add the organizationalUnit - information into the issuer. - type: boolean - country: - description: Country defines whether to add the country - information into the issuer. - type: boolean - domainComponent: - description: DomainComponent defines whether to add the - domainComponent information into the issuer. - type: boolean - locality: - description: Locality defines whether to add the locality - information into the issuer. - type: boolean - organization: - description: Organization defines whether to add the organization - information into the issuer. - type: boolean - province: - description: Province defines whether to add the province - information into the issuer. - type: boolean - serialNumber: - description: SerialNumber defines whether to add the serialNumber - information into the issuer. - type: boolean - type: object - notAfter: - description: NotAfter defines whether to add the Not After - information from the Validity part. - type: boolean - notBefore: - description: NotBefore defines whether to add the Not Before - information from the Validity part. - type: boolean - sans: - description: Sans defines whether to add the Subject Alternative - Name information from the Subject Alternative Name part. - type: boolean - serialNumber: - description: SerialNumber defines whether to add the client - serialNumber information. - type: boolean - subject: - description: Subject defines the client certificate subject - details to add to the X-Forwarded-Tls-Client-Cert-Info header. - properties: - commonName: - description: CommonName defines whether to add the organizationalUnit - information into the subject. - type: boolean - country: - description: Country defines whether to add the country - information into the subject. - type: boolean - domainComponent: - description: DomainComponent defines whether to add the - domainComponent information into the subject. - type: boolean - locality: - description: Locality defines whether to add the locality - information into the subject. - type: boolean - organization: - description: Organization defines whether to add the organization - information into the subject. - type: boolean - organizationalUnit: - description: OrganizationalUnit defines whether to add - the organizationalUnit information into the subject. - type: boolean - province: - description: Province defines whether to add the province - information into the subject. - type: boolean - serialNumber: - description: SerialNumber defines whether to add the serialNumber - information into the subject. - type: boolean - type: object - type: object - pem: - description: PEM sets the X-Forwarded-Tls-Client-Cert header with - the certificate. - type: boolean - type: object - plugin: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: 'Plugin defines the middleware plugin configuration. - More info: https://doc.traefik.io/traefik/plugins/' - type: object - rateLimit: - description: 'RateLimit holds the rate limit configuration. This middleware - ensures that services will receive a fair amount of requests, and - allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/' - properties: - average: - description: Average is the maximum rate, by default in requests/s, - allowed for the given source. It defaults to 0, which means - no rate limiting. The rate is actually defined by dividing Average - by Period. So for a rate below 1req/s, one needs to define a - Period larger than a second. - format: int64 - type: integer - burst: - description: Burst is the maximum number of requests allowed to - arrive in the same arbitrarily small period of time. It defaults - to 1. - format: int64 - type: integer - period: - anyOf: - - type: integer - - type: string - description: 'Period, in combination with Average, defines the - actual maximum rate, such as: r = Average / Period. It defaults - to a second.' - x-kubernetes-int-or-string: true - sourceCriterion: - description: SourceCriterion defines what criterion is used to - group requests as originating from a common source. If several - strategies are defined at the same time, an error will be raised. - If none are set, the default is to use the request's remote - address field (as an ipStrategy). - properties: - ipStrategy: - description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' - properties: - depth: - description: Depth tells Traefik to use the X-Forwarded-For - header and take the IP located at the depth position - (starting from the right). - type: integer - excludedIPs: - description: ExcludedIPs configures Traefik to scan the - X-Forwarded-For header and select the first IP not in - the list. - items: - type: string - type: array - type: object - requestHeaderName: - description: RequestHeaderName defines the name of the header - used to group incoming requests. - type: string - requestHost: - description: RequestHost defines whether to consider the request - Host as the source. - type: boolean - type: object - type: object - redirectRegex: - description: 'RedirectRegex holds the redirect regex middleware configuration. - This middleware redirects a request using regex matching and replacement. - More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex' - properties: - permanent: - description: Permanent defines whether the redirection is permanent - (301). - type: boolean - regex: - description: Regex defines the regex used to match and capture - elements from the request URL. - type: string - replacement: - description: Replacement defines how to modify the URL to have - the new target URL. - type: string - type: object - redirectScheme: - description: 'RedirectScheme holds the redirect scheme middleware - configuration. This middleware redirects requests from a scheme/port - to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/' - properties: - permanent: - description: Permanent defines whether the redirection is permanent - (301). - type: boolean - port: - description: Port defines the port of the new URL. - type: string - scheme: - description: Scheme defines the scheme of the new URL. - type: string - type: object - replacePath: - description: 'ReplacePath holds the replace path middleware configuration. - This middleware replaces the path of the request URL and store the - original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/' - properties: - path: - description: Path defines the path to use as replacement in the - request URL. - type: string - type: object - replacePathRegex: - description: 'ReplacePathRegex holds the replace path regex middleware - configuration. This middleware replaces the path of a URL using - regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/' - properties: - regex: - description: Regex defines the regular expression used to match - and capture the path from the request URL. - type: string - replacement: - description: Replacement defines the replacement path format, - which can include captured variables. - type: string - type: object - retry: - description: 'Retry holds the retry middleware configuration. This - middleware reissues requests a given number of times to a backend - server if that server does not reply. As soon as the server answers, - the middleware stops retrying, regardless of the response status. - More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/' - properties: - attempts: - description: Attempts defines how many times the request should - be retried. - type: integer - initialInterval: - anyOf: - - type: integer - - type: string - description: InitialInterval defines the first wait time in the - exponential backoff series. The maximum interval is calculated - as twice the initialInterval. If unspecified, requests will - be retried immediately. The value of initialInterval should - be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. - x-kubernetes-int-or-string: true - type: object - stripPrefix: - description: 'StripPrefix holds the strip prefix middleware configuration. - This middleware removes the specified prefixes from the URL path. - More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/' - properties: - forceSlash: - description: 'ForceSlash ensures that the resulting stripped path - is not the empty string, by replacing it with / when necessary. - Default: true.' - type: boolean - prefixes: - description: Prefixes defines the prefixes to strip from the request - URL. - items: - type: string - type: array - type: object - stripPrefixRegex: - description: 'StripPrefixRegex holds the strip prefix regex middleware - configuration. This middleware removes the matching prefixes from - the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/' - properties: - regex: - description: Regex defines the regular expression to match the - path prefix from the request URL. - items: - type: string - type: array - type: object - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_middlewaretcps.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_middlewaretcps.yaml deleted file mode 100644 index 85302fa8..00000000 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_middlewaretcps.yaml +++ /dev/null @@ -1,72 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: middlewaretcps.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: MiddlewareTCP - listKind: MiddlewareTCPList - plural: middlewaretcps - singular: middlewaretcp - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. - More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP. - properties: - inFlightConn: - description: InFlightConn defines the InFlightConn middleware configuration. - properties: - amount: - description: Amount defines the maximum amount of allowed simultaneous - connections. The middleware closes the connection if there are - already amount connections opened. - format: int64 - type: integer - type: object - ipWhiteList: - description: IPWhiteList defines the IPWhiteList middleware configuration. - properties: - sourceRange: - description: SourceRange defines the allowed IPs (or ranges of - allowed IPs by using CIDR notation). - items: - type: string - type: array - type: object - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_serverstransports.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_serverstransports.yaml deleted file mode 100644 index d6fc3a92..00000000 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_serverstransports.yaml +++ /dev/null @@ -1,128 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: serverstransports.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: ServersTransport - listKind: ServersTransportList - plural: serverstransports - singular: serverstransport - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: 'ServersTransport is the CRD implementation of a ServersTransport. - If no serversTransport is specified, the default@internal will be used. - The default@internal serversTransport is created from the static configuration. - More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServersTransportSpec defines the desired state of a ServersTransport. - properties: - certificatesSecrets: - description: CertificatesSecrets defines a list of secret storing - client certificates for mTLS. - items: - type: string - type: array - disableHTTP2: - description: DisableHTTP2 disables HTTP/2 for connections with backend - servers. - type: boolean - forwardingTimeouts: - description: ForwardingTimeouts defines the timeouts for requests - forwarded to the backend servers. - properties: - dialTimeout: - anyOf: - - type: integer - - type: string - description: DialTimeout is the amount of time to wait until a - connection to a backend server can be established. - x-kubernetes-int-or-string: true - idleConnTimeout: - anyOf: - - type: integer - - type: string - description: IdleConnTimeout is the maximum period for which an - idle HTTP keep-alive connection will remain open before closing - itself. - x-kubernetes-int-or-string: true - pingTimeout: - anyOf: - - type: integer - - type: string - description: PingTimeout is the timeout after which the HTTP/2 - connection will be closed if a response to ping is not received. - x-kubernetes-int-or-string: true - readIdleTimeout: - anyOf: - - type: integer - - type: string - description: ReadIdleTimeout is the timeout after which a health - check using ping frame will be carried out if no frame is received - on the HTTP/2 connection. - x-kubernetes-int-or-string: true - responseHeaderTimeout: - anyOf: - - type: integer - - type: string - description: ResponseHeaderTimeout is the amount of time to wait - for a server's response headers after fully writing the request - (including its body, if any). - x-kubernetes-int-or-string: true - type: object - insecureSkipVerify: - description: InsecureSkipVerify disables SSL certificate verification. - type: boolean - maxIdleConnsPerHost: - description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) - to keep per-host. - type: integer - peerCertURI: - description: PeerCertURI defines the peer cert URI used to match against - SAN URI during the peer certificate verification. - type: string - rootCAsSecrets: - description: RootCAsSecrets defines a list of CA secret used to validate - self-signed certificate. - items: - type: string - type: array - serverName: - description: ServerName defines the server name used to contact the - server. - type: string - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_tlsoptions.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_tlsoptions.yaml deleted file mode 100644 index 73667667..00000000 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_tlsoptions.yaml +++ /dev/null @@ -1,113 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: tlsoptions.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: TLSOption - listKind: TLSOptionList - plural: tlsoptions - singular: tlsoption - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: 'TLSOption is the CRD implementation of a Traefik TLS Option, - allowing to configure some parameters of the TLS connection. More info: - https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TLSOptionSpec defines the desired state of a TLSOption. - properties: - alpnProtocols: - description: 'ALPNProtocols defines the list of supported application - level protocols for the TLS handshake, in order of preference. More - info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols' - items: - type: string - type: array - cipherSuites: - description: 'CipherSuites defines the list of supported cipher suites - for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites' - items: - type: string - type: array - clientAuth: - description: ClientAuth defines the server's policy for TLS Client - Authentication. - properties: - clientAuthType: - description: ClientAuthType defines the client authentication - type to apply. - enum: - - NoClientCert - - RequestClientCert - - RequireAnyClientCert - - VerifyClientCertIfGiven - - RequireAndVerifyClientCert - type: string - secretNames: - description: SecretNames defines the names of the referenced Kubernetes - Secret storing certificate details. - items: - type: string - type: array - type: object - curvePreferences: - description: 'CurvePreferences defines the preferred elliptic curves - in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences' - items: - type: string - type: array - maxVersion: - description: 'MaxVersion defines the maximum TLS version that Traefik - will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, - VersionTLS13. Default: None.' - type: string - minVersion: - description: 'MinVersion defines the minimum TLS version that Traefik - will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, - VersionTLS13. Default: VersionTLS10.' - type: string - preferServerCipherSuites: - description: 'PreferServerCipherSuites defines whether the server - chooses a cipher suite among his own instead of among the client''s. - It is enabled automatically when minVersion or maxVersion is set. - Deprecated: https://github.com/golang/go/issues/45430' - type: boolean - sniStrict: - description: SniStrict defines whether Traefik allows connections - from clients connections that do not specify a server_name extension. - type: boolean - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_tlsstores.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_tlsstores.yaml deleted file mode 100644 index 12f0ad37..00000000 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_tlsstores.yaml +++ /dev/null @@ -1,99 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: tlsstores.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: TLSStore - listKind: TLSStoreList - plural: tlsstores - singular: tlsstore - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For - the time being, only the TLSStore named default is supported. This means - that you cannot have two stores that are named default in different Kubernetes - namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TLSStoreSpec defines the desired state of a TLSStore. - properties: - certificates: - description: Certificates is a list of secret names, each secret holding - a key/certificate pair to add to the store. - items: - description: Certificate holds a secret name for the TLSStore resource. - properties: - secretName: - description: SecretName is the name of the referenced Kubernetes - Secret to specify the certificate details. - type: string - required: - - secretName - type: object - type: array - defaultCertificate: - description: DefaultCertificate defines the default certificate configuration. - properties: - secretName: - description: SecretName is the name of the referenced Kubernetes - Secret to specify the certificate details. - type: string - required: - - secretName - type: object - defaultGeneratedCert: - description: DefaultGeneratedCert defines the default generated certificate - configuration. - properties: - domain: - description: Domain is the domain definition for the DefaultCertificate. - properties: - main: - description: Main defines the main domain name. - type: string - sans: - description: SANs defines the subject alternative domain names. - items: - type: string - type: array - type: object - resolver: - description: Resolver is the name of the resolver that will be - used to issue the DefaultCertificate. - type: string - type: object - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_traefikservices.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_traefikservices.yaml deleted file mode 100644 index 0dcf4700..00000000 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_traefikservices.yaml +++ /dev/null @@ -1,402 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: traefikservices.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: TraefikService - listKind: TraefikServiceList - plural: traefikservices - singular: traefikservice - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: 'TraefikService is the CRD implementation of a Traefik Service. - TraefikService object allows to: - Apply weight to Services on load-balancing - - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TraefikServiceSpec defines the desired state of a TraefikService. - properties: - mirroring: - description: Mirroring defines the Mirroring service configuration. - properties: - kind: - description: Kind defines the kind of the Service. - enum: - - Service - - TraefikService - type: string - maxBodySize: - description: MaxBodySize defines the maximum size allowed for - the body of the request. If the body is larger, the request - is not mirrored. Default value is -1, which means unlimited - size. - format: int64 - type: integer - mirrors: - description: Mirrors defines the list of mirrors where Traefik - will duplicate the traffic. - items: - description: MirrorService holds the mirror configuration. - properties: - kind: - description: Kind defines the kind of the Service. - enum: - - Service - - TraefikService - type: string - name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between - the two is specified in the Kind field. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Kubernetes Service or TraefikService. - type: string - nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or - if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. - type: boolean - passHostHeader: - description: PassHostHeader defines whether the client Host - header is forwarded to the upstream Kubernetes Service. - By default, passHostHeader is true. - type: boolean - percent: - description: 'Percent defines the part of the traffic to - mirror. Supported values: 0 to 100.' - type: integer - port: - anyOf: - - type: integer - - type: string - description: Port defines the port of a Kubernetes Service. - This can be a reference to a named port. - x-kubernetes-int-or-string: true - responseForwarding: - description: ResponseForwarding defines how Traefik forwards - the response from the upstream Kubernetes Service to the - client. - properties: - flushInterval: - description: 'FlushInterval defines the interval, in - milliseconds, in between flushes to the client while - copying the response body. A negative value means - to flush immediately after each write to the client. - This configuration is ignored when ReverseProxy recognizes - a response as a streaming response; for such responses, - writes are flushed to the client immediately. Default: - 100ms' - type: string - type: object - scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https - when Kubernetes Service port is 443, http otherwise. - type: string - serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport - between Traefik and your servers. Can only be used on - a Kubernetes Service. - type: string - sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' - properties: - cookie: - description: Cookie defines the sticky cookie configuration. - properties: - httpOnly: - description: HTTPOnly defines whether the cookie - can be accessed by client-side APIs, such as JavaScript. - type: boolean - name: - description: Name defines the Cookie name. - type: string - sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' - type: string - secure: - description: Secure defines whether the cookie can - only be transmitted over an encrypted connection - (i.e. HTTPS). - type: boolean - type: object - type: object - strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported - value at the moment. - type: string - weight: - description: Weight defines the weight and should only be - specified when Name references a TraefikService object - (and to be precise, one that embeds a Weighted Round Robin). - type: integer - required: - - name - type: object - type: array - name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between the two - is specified in the Kind field. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Kubernetes Service or TraefikService. - type: string - nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or if the - only child is the Kubernetes Service clusterIP. The Kubernetes - Service itself does load-balance to the pods. By default, NativeLB - is false. - type: boolean - passHostHeader: - description: PassHostHeader defines whether the client Host header - is forwarded to the upstream Kubernetes Service. By default, - passHostHeader is true. - type: boolean - port: - anyOf: - - type: integer - - type: string - description: Port defines the port of a Kubernetes Service. This - can be a reference to a named port. - x-kubernetes-int-or-string: true - responseForwarding: - description: ResponseForwarding defines how Traefik forwards the - response from the upstream Kubernetes Service to the client. - properties: - flushInterval: - description: 'FlushInterval defines the interval, in milliseconds, - in between flushes to the client while copying the response - body. A negative value means to flush immediately after - each write to the client. This configuration is ignored - when ReverseProxy recognizes a response as a streaming response; - for such responses, writes are flushed to the client immediately. - Default: 100ms' - type: string - type: object - scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https when - Kubernetes Service port is 443, http otherwise. - type: string - serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport between - Traefik and your servers. Can only be used on a Kubernetes Service. - type: string - sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' - properties: - cookie: - description: Cookie defines the sticky cookie configuration. - properties: - httpOnly: - description: HTTPOnly defines whether the cookie can be - accessed by client-side APIs, such as JavaScript. - type: boolean - name: - description: Name defines the Cookie name. - type: string - sameSite: - description: 'SameSite defines the same site policy. More - info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' - type: string - secure: - description: Secure defines whether the cookie can only - be transmitted over an encrypted connection (i.e. HTTPS). - type: boolean - type: object - type: object - strategy: - description: Strategy defines the load balancing strategy between - the servers. RoundRobin is the only supported value at the moment. - type: string - weight: - description: Weight defines the weight and should only be specified - when Name references a TraefikService object (and to be precise, - one that embeds a Weighted Round Robin). - type: integer - required: - - name - type: object - weighted: - description: Weighted defines the Weighted Round Robin configuration. - properties: - services: - description: Services defines the list of Kubernetes Service and/or - TraefikService to load-balance, with weight. - items: - description: Service defines an upstream HTTP service to proxy - traffic to. - properties: - kind: - description: Kind defines the kind of the Service. - enum: - - Service - - TraefikService - type: string - name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between - the two is specified in the Kind field. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Kubernetes Service or TraefikService. - type: string - nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or - if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. - type: boolean - passHostHeader: - description: PassHostHeader defines whether the client Host - header is forwarded to the upstream Kubernetes Service. - By default, passHostHeader is true. - type: boolean - port: - anyOf: - - type: integer - - type: string - description: Port defines the port of a Kubernetes Service. - This can be a reference to a named port. - x-kubernetes-int-or-string: true - responseForwarding: - description: ResponseForwarding defines how Traefik forwards - the response from the upstream Kubernetes Service to the - client. - properties: - flushInterval: - description: 'FlushInterval defines the interval, in - milliseconds, in between flushes to the client while - copying the response body. A negative value means - to flush immediately after each write to the client. - This configuration is ignored when ReverseProxy recognizes - a response as a streaming response; for such responses, - writes are flushed to the client immediately. Default: - 100ms' - type: string - type: object - scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https - when Kubernetes Service port is 443, http otherwise. - type: string - serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport - between Traefik and your servers. Can only be used on - a Kubernetes Service. - type: string - sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' - properties: - cookie: - description: Cookie defines the sticky cookie configuration. - properties: - httpOnly: - description: HTTPOnly defines whether the cookie - can be accessed by client-side APIs, such as JavaScript. - type: boolean - name: - description: Name defines the Cookie name. - type: string - sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' - type: string - secure: - description: Secure defines whether the cookie can - only be transmitted over an encrypted connection - (i.e. HTTPS). - type: boolean - type: object - type: object - strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported - value at the moment. - type: string - weight: - description: Weight defines the weight and should only be - specified when Name references a TraefikService object - (and to be precise, one that embeds a Weighted Round Robin). - type: integer - required: - - name - type: object - type: array - sticky: - description: 'Sticky defines whether sticky sessions are enabled. - More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' - properties: - cookie: - description: Cookie defines the sticky cookie configuration. - properties: - httpOnly: - description: HTTPOnly defines whether the cookie can be - accessed by client-side APIs, such as JavaScript. - type: boolean - name: - description: Name defines the Cookie name. - type: string - sameSite: - description: 'SameSite defines the same site policy. More - info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' - type: string - secure: - description: Secure defines whether the cookie can only - be transmitted over an encrypted connection (i.e. HTTPS). - type: boolean - type: object - type: object - type: object - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_ingressroutes.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_ingressroutes.yaml deleted file mode 100644 index 89aaee75..00000000 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_ingressroutes.yaml +++ /dev/null @@ -1,275 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: ingressroutes.traefik.io -spec: - group: traefik.io - names: - kind: IngressRoute - listKind: IngressRouteList - plural: ingressroutes - singular: ingressroute - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: IngressRoute is the CRD implementation of a Traefik HTTP Router. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IngressRouteSpec defines the desired state of IngressRoute. - properties: - entryPoints: - description: 'EntryPoints defines the list of entry point names to - bind to. Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ - Default: all.' - items: - type: string - type: array - routes: - description: Routes defines the list of routes. - items: - description: Route holds the HTTP route configuration. - properties: - kind: - description: Kind defines the kind of the route. Rule is the - only supported kind. - enum: - - Rule - type: string - match: - description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule' - type: string - middlewares: - description: 'Middlewares defines the list of references to - Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware' - items: - description: MiddlewareRef is a reference to a Middleware - resource. - properties: - name: - description: Name defines the name of the referenced Middleware - resource. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Middleware resource. - type: string - required: - - name - type: object - type: array - priority: - description: 'Priority defines the router''s priority. More - info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority' - type: integer - services: - description: Services defines the list of Service. It can contain - any combination of TraefikService and/or reference to a Kubernetes - Service. - items: - description: Service defines an upstream HTTP service to proxy - traffic to. - properties: - kind: - description: Kind defines the kind of the Service. - enum: - - Service - - TraefikService - type: string - name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between - the two is specified in the Kind field. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Kubernetes Service or TraefikService. - type: string - nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs - or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. - type: boolean - passHostHeader: - description: PassHostHeader defines whether the client - Host header is forwarded to the upstream Kubernetes - Service. By default, passHostHeader is true. - type: boolean - port: - anyOf: - - type: integer - - type: string - description: Port defines the port of a Kubernetes Service. - This can be a reference to a named port. - x-kubernetes-int-or-string: true - responseForwarding: - description: ResponseForwarding defines how Traefik forwards - the response from the upstream Kubernetes Service to - the client. - properties: - flushInterval: - description: 'FlushInterval defines the interval, - in milliseconds, in between flushes to the client - while copying the response body. A negative value - means to flush immediately after each write to the - client. This configuration is ignored when ReverseProxy - recognizes a response as a streaming response; for - such responses, writes are flushed to the client - immediately. Default: 100ms' - type: string - type: object - scheme: - description: Scheme defines the scheme to use for the - request to the upstream Kubernetes Service. It defaults - to https when Kubernetes Service port is 443, http otherwise. - type: string - serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport - between Traefik and your servers. Can only be used on - a Kubernetes Service. - type: string - sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' - properties: - cookie: - description: Cookie defines the sticky cookie configuration. - properties: - httpOnly: - description: HTTPOnly defines whether the cookie - can be accessed by client-side APIs, such as - JavaScript. - type: boolean - name: - description: Name defines the Cookie name. - type: string - sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' - type: string - secure: - description: Secure defines whether the cookie - can only be transmitted over an encrypted connection - (i.e. HTTPS). - type: boolean - type: object - type: object - strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported - value at the moment. - type: string - weight: - description: Weight defines the weight and should only - be specified when Name references a TraefikService object - (and to be precise, one that embeds a Weighted Round - Robin). - type: integer - required: - - name - type: object - type: array - required: - - kind - - match - type: object - type: array - tls: - description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls' - properties: - certResolver: - description: 'CertResolver defines the name of the certificate - resolver to use. Cert resolvers have to be configured in the - static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers' - type: string - domains: - description: 'Domains defines the list of domains that will be - used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains' - items: - description: Domain holds a domain name with SANs. - properties: - main: - description: Main defines the main domain name. - type: string - sans: - description: SANs defines the subject alternative domain - names. - items: - type: string - type: array - type: object - type: array - options: - description: 'Options defines the reference to a TLSOption, that - specifies the parameters of the TLS connection. If not defined, - the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' - properties: - name: - description: 'Name defines the name of the referenced TLSOption. - More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption' - type: string - namespace: - description: 'Namespace defines the namespace of the referenced - TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption' - type: string - required: - - name - type: object - secretName: - description: SecretName is the name of the referenced Kubernetes - Secret to specify the certificate details. - type: string - store: - description: Store defines the reference to the TLSStore, that - will be used to store certificates. Please note that only `default` - TLSStore can be used. - properties: - name: - description: 'Name defines the name of the referenced TLSStore. - More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore' - type: string - namespace: - description: 'Namespace defines the namespace of the referenced - TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore' - type: string - required: - - name - type: object - type: object - required: - - routes - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_middlewaretcps.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_middlewaretcps.yaml deleted file mode 100644 index 8623568f..00000000 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_middlewaretcps.yaml +++ /dev/null @@ -1,72 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: middlewaretcps.traefik.io -spec: - group: traefik.io - names: - kind: MiddlewareTCP - listKind: MiddlewareTCPList - plural: middlewaretcps - singular: middlewaretcp - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. - More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP. - properties: - inFlightConn: - description: InFlightConn defines the InFlightConn middleware configuration. - properties: - amount: - description: Amount defines the maximum amount of allowed simultaneous - connections. The middleware closes the connection if there are - already amount connections opened. - format: int64 - type: integer - type: object - ipWhiteList: - description: IPWhiteList defines the IPWhiteList middleware configuration. - properties: - sourceRange: - description: SourceRange defines the allowed IPs (or ranges of - allowed IPs by using CIDR notation). - items: - type: string - type: array - type: object - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_accesscontrolpolicies.yaml b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_accesscontrolpolicies.yaml new file mode 100644 index 00000000..24d8121e --- /dev/null +++ b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_accesscontrolpolicies.yaml @@ -0,0 +1,363 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: accesscontrolpolicies.hub.traefik.io +spec: + group: hub.traefik.io + names: + kind: AccessControlPolicy + listKind: AccessControlPolicyList + plural: accesscontrolpolicies + singular: accesscontrolpolicy + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AccessControlPolicy defines an access control policy. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AccessControlPolicySpec configures an access control policy. + properties: + apiKey: + description: AccessControlPolicyAPIKey configure an APIKey control + policy. + properties: + forwardHeaders: + additionalProperties: + type: string + description: ForwardHeaders instructs the middleware to forward + key metadata as header values upon successful authentication. + type: object + keySource: + description: KeySource defines how to extract API keys from requests. + properties: + cookie: + description: Cookie is the name of a cookie. + type: string + header: + description: Header is the name of a header. + type: string + headerAuthScheme: + description: HeaderAuthScheme sets an optional auth scheme + when Header is set to "Authorization". If set, this scheme + is removed from the token, and all requests not including + it are dropped. + type: string + query: + description: Query is the name of a query parameter. + type: string + type: object + keys: + description: Keys define the set of authorized keys to access + a protected resource. + items: + description: AccessControlPolicyAPIKeyKey defines an API key. + properties: + id: + description: ID is the unique identifier of the key. + type: string + metadata: + additionalProperties: + type: string + description: Metadata holds arbitrary metadata for this + key, can be used by ForwardHeaders. + type: object + value: + description: Value is the SHAKE-256 hash (using 64 bytes) + of the API key. + type: string + required: + - id + - value + type: object + type: array + required: + - keySource + type: object + basicAuth: + description: AccessControlPolicyBasicAuth holds the HTTP basic authentication + configuration. + properties: + forwardUsernameHeader: + type: string + realm: + type: string + stripAuthorizationHeader: + type: boolean + users: + items: + type: string + type: array + type: object + jwt: + description: AccessControlPolicyJWT configures a JWT access control + policy. + properties: + claims: + type: string + forwardHeaders: + additionalProperties: + type: string + type: object + jwksFile: + type: string + jwksUrl: + type: string + publicKey: + type: string + signingSecret: + type: string + signingSecretBase64Encoded: + type: boolean + stripAuthorizationHeader: + type: boolean + tokenQueryKey: + type: string + type: object + oAuthIntro: + description: AccessControlOAuthIntro configures an OAuth 2.0 Token + Introspection access control policy. + properties: + claims: + type: string + clientConfig: + description: AccessControlOAuthIntroClientConfig configures the + OAuth 2.0 client for issuing token introspection requests. + properties: + headers: + additionalProperties: + type: string + description: Headers to set when sending requests to the Authorization + Server. + type: object + maxRetries: + default: 3 + description: MaxRetries defines the number of retries for + introspection requests. + type: integer + timeoutSeconds: + default: 5 + description: TimeoutSeconds configures the maximum amount + of seconds to wait before giving up on requests. + type: integer + tls: + description: TLS configures TLS communication with the Authorization + Server. + properties: + ca: + description: CA sets the CA bundle used to sign the Authorization + Server certificate. + type: string + insecureSkipVerify: + description: InsecureSkipVerify skips the Authorization + Server certificate validation. For testing purposes + only, do not use in production. + type: boolean + type: object + tokenTypeHint: + description: TokenTypeHint is a hint to pass to the Authorization + Server. See https://tools.ietf.org/html/rfc7662#section-2.1 + for more information. + type: string + url: + description: URL of the Authorization Server. + type: string + required: + - url + type: object + forwardHeaders: + additionalProperties: + type: string + type: object + tokenSource: + description: 'TokenSource describes how to extract tokens from + HTTP requests. If multiple sources are set, the order is the + following: header > query > cookie.' + properties: + cookie: + description: Cookie is the name of a cookie. + type: string + header: + description: Header is the name of a header. + type: string + headerAuthScheme: + description: HeaderAuthScheme sets an optional auth scheme + when Header is set to "Authorization". If set, this scheme + is removed from the token, and all requests not including + it are dropped. + type: string + query: + description: Query is the name of a query parameter. + type: string + type: object + required: + - clientConfig + - tokenSource + type: object + oidc: + description: AccessControlPolicyOIDC holds the OIDC authentication + configuration. + properties: + authParams: + additionalProperties: + type: string + type: object + claims: + type: string + clientId: + type: string + disableAuthRedirectionPaths: + items: + type: string + type: array + forwardHeaders: + additionalProperties: + type: string + type: object + issuer: + type: string + logoutUrl: + type: string + redirectUrl: + type: string + scopes: + items: + type: string + type: array + secret: + description: SecretReference represents a Secret Reference. It + has enough information to retrieve secret in any namespace + properties: + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which the + secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + session: + description: Session holds session configuration. + properties: + domain: + type: string + path: + type: string + refresh: + type: boolean + sameSite: + type: string + secure: + type: boolean + type: object + stateCookie: + description: StateCookie holds state cookie configuration. + properties: + domain: + type: string + path: + type: string + sameSite: + type: string + secure: + type: boolean + type: object + type: object + oidcGoogle: + description: AccessControlPolicyOIDCGoogle holds the Google OIDC authentication + configuration. + properties: + authParams: + additionalProperties: + type: string + type: object + clientId: + type: string + emails: + description: Emails are the allowed emails to connect. + items: + type: string + minItems: 1 + type: array + forwardHeaders: + additionalProperties: + type: string + type: object + logoutUrl: + type: string + redirectUrl: + type: string + secret: + description: SecretReference represents a Secret Reference. It + has enough information to retrieve secret in any namespace + properties: + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which the + secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + session: + description: Session holds session configuration. + properties: + domain: + type: string + path: + type: string + refresh: + type: boolean + sameSite: + type: string + secure: + type: boolean + type: object + stateCookie: + description: StateCookie holds state cookie configuration. + properties: + domain: + type: string + path: + type: string + sameSite: + type: string + secure: + type: boolean + type: object + type: object + type: object + status: + description: The current status of this access control policy. + properties: + specHash: + type: string + syncedAt: + format: date-time + type: string + version: + type: string + type: object + type: object + served: true + storage: true diff --git a/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apiaccesses.yaml b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apiaccesses.yaml new file mode 100644 index 00000000..9c921703 --- /dev/null +++ b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apiaccesses.yaml @@ -0,0 +1,147 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: apiaccesses.hub.traefik.io +spec: + group: hub.traefik.io + names: + kind: APIAccess + listKind: APIAccessList + plural: apiaccesses + singular: apiaccess + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: APIAccess defines who can access to a set of APIs. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: The desired behavior of this APIAccess. + properties: + apiSelector: + description: APISelector selects the APIs that will be accessible + to the configured audience. Multiple APIAccesses can select the + same set of APIs. This field is optional and follows standard label + selector semantics. An empty APISelector matches any API. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + apis: + description: APIs defines a set of APIs that will be accessible to + the configured audience. Multiple APIAccesses can select the same + APIs. When combined with APISelector, this set of APIs is appended + to the matching APIs. + items: + description: APIReference references an API. + properties: + name: + description: Name of the API. + maxLength: 253 + type: string + required: + - name + type: object + maxItems: 100 + type: array + x-kubernetes-validations: + - message: duplicated apis + rule: self.all(x, self.exists_one(y, x.name == y.name)) + everyone: + description: Everyone indicates that all users will have access to + the selected APIs. + type: boolean + groups: + description: Groups are the consumer groups that will gain access + to the selected APIs. + items: + type: string + type: array + operationFilter: + description: OperationFilter specifies the allowed operations on APIs + and APIVersions. If not set, all operations are available. An empty + OperationFilter prohibits all operations. + properties: + include: + description: Include defines the names of OperationSets that will + be accessible. + items: + type: string + maxItems: 100 + type: array + type: object + type: object + x-kubernetes-validations: + - message: groups and everyone are mutually exclusive + rule: '(has(self.everyone) && has(self.groups)) ? !(self.everyone && + self.groups.size() > 0) : true' + status: + description: The current status of this APIAccess. + properties: + hash: + description: Hash is a hash representing the APIAccess. + type: string + syncedAt: + format: date-time + type: string + version: + type: string + type: object + type: object + served: true + storage: true diff --git a/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apiportals.yaml b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apiportals.yaml new file mode 100644 index 00000000..8a823677 --- /dev/null +++ b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apiportals.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: apiportals.hub.traefik.io +spec: + group: hub.traefik.io + names: + kind: APIPortal + listKind: APIPortalList + plural: apiportals + singular: apiportal + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.urls + name: URLs + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: APIPortal defines a developer portal for accessing the documentation + of APIs. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: The desired behavior of this APIPortal. + properties: + description: + description: Description of the APIPortal. + type: string + title: + description: Title is the public facing name of the APIPortal. + type: string + trustedUrls: + description: TrustedURLs are the urls that are trusted by the OAuth + 2.0 authorization server. + items: + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-validations: + - message: must be a valid URLs + rule: self.all(x, isURL(x)) + ui: + description: UI holds the UI customization options. + properties: + logoUrl: + description: LogoURL is the public URL of the logo. + type: string + type: object + required: + - trustedUrls + type: object + status: + description: The current status of this APIPortal. + properties: + hash: + description: Hash is a hash representing the APIPortal. + type: string + oidc: + description: OIDC is the OIDC configuration for accessing the exposed + APIPortal WebUI. + properties: + clientId: + description: ClientID is the OIDC ClientID for accessing the exposed + APIPortal WebUI. + type: string + issuer: + description: Issuer is the OIDC issuer for accessing the exposed + APIPortal WebUI. + type: string + secretName: + description: SecretName is the name of the secret containing the + OIDC ClientSecret for accessing the exposed APIPortal WebUI. + type: string + type: object + syncedAt: + format: date-time + type: string + version: + type: string + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apiratelimits.yaml b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apiratelimits.yaml new file mode 100644 index 00000000..96e5ea24 --- /dev/null +++ b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apiratelimits.yaml @@ -0,0 +1,160 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: apiratelimits.hub.traefik.io +spec: + group: hub.traefik.io + names: + kind: APIRateLimit + listKind: APIRateLimitList + plural: apiratelimits + singular: apiratelimit + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: APIRateLimit defines how group of consumers are rate limited + on a set of APIs. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: The desired behavior of this APIRateLimit. + properties: + apiSelector: + description: APISelector selects the APIs that will be rate limited. + Multiple APIRateLimits can select the same set of APIs. This field + is optional and follows standard label selector semantics. An empty + APISelector matches any API. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + apis: + description: APIs defines a set of APIs that will be rate limited. + Multiple APIRateLimits can select the same APIs. When combined with + APISelector, this set of APIs is appended to the matching APIs. + items: + description: APIReference references an API. + properties: + name: + description: Name of the API. + maxLength: 253 + type: string + required: + - name + type: object + maxItems: 100 + type: array + x-kubernetes-validations: + - message: duplicated apis + rule: self.all(x, self.exists_one(y, x.name == y.name)) + everyone: + description: Everyone indicates that all users will, by default, be + rate limited with this configuration. If an APIRateLimit explicitly + target a group, the default rate limit will be ignored. + type: boolean + groups: + description: Groups are the consumer groups that will be rate limited. + Multiple APIRateLimits can target the same set of consumer groups, + the most restrictive one applies. When a consumer belongs to multiple + groups, the least restrictive APIRateLimit applies. + items: + type: string + type: array + limit: + description: Limit is the maximum number of token in the bucket. + type: integer + x-kubernetes-validations: + - message: must be a positive number + rule: self >= 0 + period: + description: Period is the unit of time for the Limit. + format: duration + type: string + x-kubernetes-validations: + - message: must be between 1s and 1h + rule: self >= duration('1s') && self <= duration('1h') + strategy: + description: Strategy defines how the bucket state will be synchronized + between the different Traefik Hub instances. It can be, either "local" + or "distributed". + enum: + - local + - distributed + type: string + required: + - limit + type: object + x-kubernetes-validations: + - message: groups and everyone are mutually exclusive + rule: '(has(self.everyone) && has(self.groups)) ? !(self.everyone && + self.groups.size() > 0) : true' + status: + description: The current status of this APIRateLimit. + properties: + hash: + description: Hash is a hash representing the APIRateLimit. + type: string + syncedAt: + format: date-time + type: string + version: + type: string + type: object + type: object + served: true + storage: true diff --git a/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apis.yaml b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apis.yaml new file mode 100644 index 00000000..4f05ab81 --- /dev/null +++ b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apis.yaml @@ -0,0 +1,190 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: apis.hub.traefik.io +spec: + group: hub.traefik.io + names: + kind: API + listKind: APIList + plural: apis + singular: api + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: API defines an HTTP interface that is exposed to external clients. + It specifies the supported versions and provides instructions for accessing + its documentation. Once instantiated, an API object is associated with an + Ingress, IngressRoute, or HTTPRoute resource, enabling the exposure of the + described API to the outside world. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: APISpec describes the API. + properties: + openApiSpec: + description: OpenAPISpec defines the API contract as an OpenAPI specification. + properties: + operationSets: + description: OperationSets defines the sets of operations to be + referenced for granular filtering in APIAccesses. + items: + description: OperationSet gives a name to a set of matching + OpenAPI operations. This set of operations can then be referenced + for granular filtering in APIAccesses. + properties: + matchers: + description: Matchers defines a list of alternative rules + for matching OpenAPI operations. + items: + description: OperationMatcher defines criteria for matching + an OpenAPI operation. + minProperties: 1 + properties: + methods: + description: Methods specifies the HTTP methods to + be included for selection. + items: + type: string + maxItems: 10 + type: array + path: + description: Path specifies the exact path of the + operations to select. + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must start with a '/' + rule: self.startsWith('/') + - message: cannot contains '../' + rule: '!self.matches(r"""(\/\.\.\/)|(\/\.\.$)""")' + pathPrefix: + description: PathPrefix specifies the path prefix + of the operations to select. + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must start with a '/' + rule: self.startsWith('/') + - message: cannot contains '../' + rule: '!self.matches(r"""(\/\.\.\/)|(\/\.\.$)""")' + pathRegex: + description: PathRegex specifies a regular expression + pattern for matching operations based on their paths. + type: string + type: object + x-kubernetes-validations: + - message: path, pathPrefix and pathRegex are mutually + exclusive + rule: '[has(self.path), has(self.pathPrefix), has(self.pathRegex)].filter(x, + x).size() <= 1' + maxItems: 100 + minItems: 1 + type: array + name: + description: Name is the name of the OperationSet to reference + in APIAccesses. + maxLength: 253 + type: string + required: + - matchers + - name + type: object + maxItems: 100 + type: array + override: + description: Override holds data used to override OpenAPI specification. + properties: + servers: + items: + properties: + url: + type: string + x-kubernetes-validations: + - message: must be a valid URL + rule: isURL(self) + required: + - url + type: object + maxItems: 100 + minItems: 1 + type: array + required: + - servers + type: object + path: + description: Path specifies the endpoint path within the Kubernetes + Service where the OpenAPI specification can be obtained. The + Service queried is determined by the associated Ingress, IngressRoute, + or HTTPRoute resource to which the API is attached. It's important + to note that this option is incompatible if the Ingress or IngressRoute + specifies multiple backend services. The Path must be accessible + via a GET request method and should serve a YAML or JSON document + containing the OpenAPI specification. + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must start with a '/' + rule: self.startsWith('/') + - message: cannot contains '../' + rule: '!self.matches(r"""(\/\.\.\/)|(\/\.\.$)""")' + url: + description: URL is a Traefik Hub agent accessible URL for obtaining + the OpenAPI specification. The URL must be accessible via a + GET request method and should serve a YAML or JSON document + containing the OpenAPI specification. + type: string + x-kubernetes-validations: + - message: must be a valid URL + rule: isURL(self) + type: object + x-kubernetes-validations: + - message: path or url must be defined + rule: has(self.path) || has(self.url) + versions: + description: Versions are the different APIVersions available. + items: + description: APIVersionRef references an APIVersion. + properties: + name: + description: Name of the APIVersion. + maxLength: 253 + type: string + required: + - name + type: object + maxItems: 100 + minItems: 1 + type: array + type: object + status: + description: The current status of this API. + properties: + hash: + description: Hash is a hash representing the API. + type: string + syncedAt: + format: date-time + type: string + version: + type: string + type: object + type: object + served: true + storage: true diff --git a/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apiversions.yaml b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apiversions.yaml new file mode 100644 index 00000000..29bdea3b --- /dev/null +++ b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_apiversions.yaml @@ -0,0 +1,195 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: apiversions.hub.traefik.io +spec: + group: hub.traefik.io + names: + kind: APIVersion + listKind: APIVersionList + plural: apiversions + singular: apiversion + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.apiName + name: APIName + type: string + - jsonPath: .spec.title + name: Title + type: string + - jsonPath: .spec.release + name: Release + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: APIVersion defines a version of an API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: The desired behavior of this APIVersion. + properties: + openApiSpec: + description: OpenAPISpec defines the API contract as an OpenAPI specification. + properties: + operationSets: + description: OperationSets defines the sets of operations to be + referenced for granular filtering in APIAccesses. + items: + description: OperationSet gives a name to a set of matching + OpenAPI operations. This set of operations can then be referenced + for granular filtering in APIAccesses. + properties: + matchers: + description: Matchers defines a list of alternative rules + for matching OpenAPI operations. + items: + description: OperationMatcher defines criteria for matching + an OpenAPI operation. + minProperties: 1 + properties: + methods: + description: Methods specifies the HTTP methods to + be included for selection. + items: + type: string + maxItems: 10 + type: array + path: + description: Path specifies the exact path of the + operations to select. + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must start with a '/' + rule: self.startsWith('/') + - message: cannot contains '../' + rule: '!self.matches(r"""(\/\.\.\/)|(\/\.\.$)""")' + pathPrefix: + description: PathPrefix specifies the path prefix + of the operations to select. + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must start with a '/' + rule: self.startsWith('/') + - message: cannot contains '../' + rule: '!self.matches(r"""(\/\.\.\/)|(\/\.\.$)""")' + pathRegex: + description: PathRegex specifies a regular expression + pattern for matching operations based on their paths. + type: string + type: object + x-kubernetes-validations: + - message: path, pathPrefix and pathRegex are mutually + exclusive + rule: '[has(self.path), has(self.pathPrefix), has(self.pathRegex)].filter(x, + x).size() <= 1' + maxItems: 100 + minItems: 1 + type: array + name: + description: Name is the name of the OperationSet to reference + in APIAccesses. + maxLength: 253 + type: string + required: + - matchers + - name + type: object + maxItems: 100 + type: array + override: + description: Override holds data used to override OpenAPI specification. + properties: + servers: + items: + properties: + url: + type: string + x-kubernetes-validations: + - message: must be a valid URL + rule: isURL(self) + required: + - url + type: object + maxItems: 100 + minItems: 1 + type: array + required: + - servers + type: object + path: + description: Path specifies the endpoint path within the Kubernetes + Service where the OpenAPI specification can be obtained. The + Service queried is determined by the associated Ingress, IngressRoute, + or HTTPRoute resource to which the API is attached. It's important + to note that this option is incompatible if the Ingress or IngressRoute + specifies multiple backend services. The Path must be accessible + via a GET request method and should serve a YAML or JSON document + containing the OpenAPI specification. + maxLength: 255 + type: string + x-kubernetes-validations: + - message: must start with a '/' + rule: self.startsWith('/') + - message: cannot contains '../' + rule: '!self.matches(r"""(\/\.\.\/)|(\/\.\.$)""")' + url: + description: URL is a Traefik Hub agent accessible URL for obtaining + the OpenAPI specification. The URL must be accessible via a + GET request method and should serve a YAML or JSON document + containing the OpenAPI specification. + type: string + x-kubernetes-validations: + - message: must be a valid URL + rule: isURL(self) + type: object + x-kubernetes-validations: + - message: path or url must be defined + rule: has(self.path) || has(self.url) + release: + description: 'Release is the version number of the API. This value + must follow the SemVer format: https://semver.org/' + maxLength: 100 + type: string + x-kubernetes-validations: + - message: must be a valid semver version + rule: self.matches(r"""^v?(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$""") + title: + description: Title is the public facing name of the APIVersion. + type: string + required: + - release + type: object + status: + description: The current status of this APIVersion. + properties: + hash: + description: Hash is a hash representing the APIVersion. + type: string + syncedAt: + format: date-time + type: string + version: + type: string + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_edgeingresses.yaml b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_edgeingresses.yaml new file mode 100644 index 00000000..673bc16c --- /dev/null +++ b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/hub.traefik.io_edgeingresses.yaml @@ -0,0 +1,115 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: edgeingresses.hub.traefik.io +spec: + group: hub.traefik.io + names: + kind: EdgeIngress + listKind: EdgeIngressList + plural: edgeingresses + singular: edgeingress + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.service.name + name: Service + type: string + - jsonPath: .spec.service.port + name: Port + type: string + - jsonPath: .spec.acp.name + name: ACP + priority: 1 + type: string + - jsonPath: .status.urls + name: URLs + type: string + - jsonPath: .status.connection + name: Connection + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: EdgeIngress defines an edge ingress. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: The desired behavior of this edge ingress. + properties: + acp: + description: EdgeIngressACP configures the ACP to use on the Ingress. + properties: + name: + type: string + required: + - name + type: object + customDomains: + description: CustomDomains are the custom domains for accessing the + exposed service. + items: + type: string + type: array + service: + description: EdgeIngressService configures the service to exposed + on the edge. + properties: + name: + type: string + port: + type: integer + required: + - name + - port + type: object + required: + - service + type: object + status: + description: The current status of this edge ingress. + properties: + connection: + description: Connection is the status of the underlying connection + to the edge. + type: string + customDomains: + description: CustomDomains are the custom domains for accessing the + exposed service. + items: + type: string + type: array + domain: + description: Domain is the Domain for accessing the exposed service. + type: string + specHash: + description: SpecHash is a hash representing the EdgeIngressSpec + type: string + syncedAt: + format: date-time + type: string + urls: + description: URLs is the list of coma separated URL for accessing + the exposed service. + type: string + version: + type: string + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/kustomization.yaml b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/kustomization.yaml new file mode 100644 index 00000000..321b19fe --- /dev/null +++ b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- hub.traefik.io_accesscontrolpolicies.yaml +- hub.traefik.io_apiaccesses.yaml +- hub.traefik.io_apiportals.yaml +- hub.traefik.io_apiratelimits.yaml +- hub.traefik.io_apis.yaml +- hub.traefik.io_apiversions.yaml +- hub.traefik.io_edgeingresses.yaml +- traefik.io_ingressroutes.yaml +- traefik.io_ingressroutetcps.yaml +- traefik.io_ingressrouteudps.yaml +- traefik.io_middlewares.yaml +- traefik.io_middlewaretcps.yaml +- traefik.io_serverstransports.yaml +- traefik.io_serverstransporttcps.yaml +- traefik.io_tlsoptions.yaml +- traefik.io_tlsstores.yaml +- traefik.io_traefikservices.yaml diff --git a/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_ingressroutes.yaml b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_ingressroutes.yaml new file mode 100644 index 00000000..9031689c --- /dev/null +++ b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_ingressroutes.yaml @@ -0,0 +1,298 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: ingressroutes.traefik.io +spec: + group: traefik.io + names: + kind: IngressRoute + listKind: IngressRouteList + plural: ingressroutes + singular: ingressroute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRoute is the CRD implementation of a Traefik HTTP Router. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IngressRouteSpec defines the desired state of IngressRoute. + properties: + entryPoints: + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ + Default: all. + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: Route holds the HTTP route configuration. + properties: + kind: + description: |- + Kind defines the kind of the route. + Rule is the only supported kind. + enum: + - Rule + type: string + match: + description: |- + Match defines the router's rule. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule + type: string + middlewares: + description: |- + Middlewares defines the list of references to Middleware resources. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware + items: + description: MiddlewareRef is a reference to a Middleware + resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + priority: + description: |- + Priority defines the router's priority. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority + type: integer + services: + description: |- + Services defines the list of Service. + It can contain any combination of TraefikService and/or reference to a Kubernetes Service. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to + the client. + properties: + flushInterval: + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms + type: string + type: object + scheme: + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. + type: string + sticky: + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as + JavaScript. + type: boolean + maxAge: + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. + type: integer + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie + can only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. + type: string + weight: + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + syntax: + description: |- + Syntax defines the router's rule syntax. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax + type: string + required: + - kind + - match + type: object + type: array + tls: + description: |- + TLS defines the TLS configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls + properties: + certResolver: + description: |- + CertResolver defines the name of the certificate resolver to use. + Cert resolvers have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers + type: string + domains: + description: |- + Domains defines the list of domains that will be used to issue certificates. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: |- + Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. + If not defined, the `default` TLSOption is used. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options + properties: + name: + description: |- + Name defines the name of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption + type: string + namespace: + description: |- + Namespace defines the namespace of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption + type: string + required: + - name + type: object + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: |- + Store defines the reference to the TLSStore, that will be used to store certificates. + Please note that only `default` TLSStore can be used. + properties: + name: + description: |- + Name defines the name of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore + type: string + namespace: + description: |- + Namespace defines the namespace of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_ingressroutetcps.yaml b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_ingressroutetcps.yaml similarity index 57% rename from traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_ingressroutetcps.yaml rename to traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_ingressroutetcps.yaml index 82f61ac2..930b06c0 100644 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_ingressroutetcps.yaml +++ b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_ingressroutetcps.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: ingressroutetcps.traefik.io spec: group: traefik.io @@ -22,14 +20,19 @@ spec: description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -37,10 +40,11 @@ spec: description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. properties: entryPoints: - description: 'EntryPoints defines the list of entry point names to - bind to. Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ - Default: all.' + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ + Default: all. items: type: string type: array @@ -50,7 +54,9 @@ spec: description: RouteTCP holds the TCP route configuration. properties: match: - description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1' + description: |- + Match defines the router's rule. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1 type: string middlewares: description: Middlewares defines the list of references to MiddlewareTCP @@ -72,8 +78,9 @@ spec: type: object type: array priority: - description: 'Priority defines the router''s priority. More - info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1' + description: |- + Priority defines the router's priority. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1 type: integer services: description: Services defines the list of TCP services. @@ -90,37 +97,49 @@ spec: Kubernetes Service. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs - or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true proxyProtocol: - description: 'ProxyProtocol defines the PROXY protocol - configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol' + description: |- + ProxyProtocol defines the PROXY protocol configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol properties: version: description: Version defines the PROXY Protocol version to use. type: integer type: object + serversTransport: + description: |- + ServersTransport defines the name of ServersTransportTCP resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. + type: string terminationDelay: - description: TerminationDelay defines the deadline that - the proxy sets, after one of its connected peers indicates - it has closed the writing capability of its connection, - to close the reading capability as well, hence fully - terminating the connection. It is a duration in milliseconds, - defaulting to 100. A negative value means an infinite - deadline (i.e. the reading capability is never closed). + description: |- + TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates + it has closed the writing capability of its connection, to close the reading capability as well, + hence fully terminating the connection. + It is a duration in milliseconds, defaulting to 100. + A negative value means an infinite deadline (i.e. the reading capability is never closed). + Deprecated: TerminationDelay is not supported APIVersion traefik.io/v1, please use ServersTransport to configure the TerminationDelay instead. type: integer + tls: + description: TLS determines whether to use TLS when dialing + with the backend. + type: boolean weight: description: Weight defines the weight used when balancing requests between multiple Kubernetes Service. @@ -130,22 +149,30 @@ spec: - port type: object type: array + syntax: + description: |- + Syntax defines the router's rule syntax. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1 + type: string required: - match type: object type: array tls: - description: 'TLS defines the TLS configuration on a layer 4 / TCP - Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1' + description: |- + TLS defines the TLS configuration on a layer 4 / TCP Route. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1 properties: certResolver: - description: 'CertResolver defines the name of the certificate - resolver to use. Cert resolvers have to be configured in the - static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers' + description: |- + CertResolver defines the name of the certificate resolver to use. + Cert resolvers have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers type: string domains: - description: 'Domains defines the list of domains that will be - used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains' + description: |- + Domains defines the list of domains that will be used to issue certificates. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains items: description: Domain holds a domain name with SANs. properties: @@ -161,9 +188,10 @@ spec: type: object type: array options: - description: 'Options defines the reference to a TLSOption, that - specifies the parameters of the TLS connection. If not defined, - the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + description: |- + Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. + If not defined, the `default` TLSOption is used. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options properties: name: description: Name defines the name of the referenced Traefik @@ -185,9 +213,9 @@ spec: Secret to specify the certificate details. type: string store: - description: Store defines the reference to the TLSStore, that - will be used to store certificates. Please note that only `default` - TLSStore can be used. + description: |- + Store defines the reference to the TLSStore, that will be used to store certificates. + Please note that only `default` TLSStore can be used. properties: name: description: Name defines the name of the referenced Traefik @@ -210,9 +238,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_ingressrouteudps.yaml b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_ingressrouteudps.yaml similarity index 65% rename from traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_ingressrouteudps.yaml rename to traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_ingressrouteudps.yaml index 27c50185..245194c6 100644 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_ingressrouteudps.yaml +++ b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_ingressrouteudps.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: ingressrouteudps.traefik.io spec: group: traefik.io @@ -22,14 +20,19 @@ spec: description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -37,10 +40,11 @@ spec: description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. properties: entryPoints: - description: 'EntryPoints defines the list of entry point names to - bind to. Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ - Default: all.' + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ + Default: all. items: type: string type: array @@ -64,17 +68,18 @@ spec: Kubernetes Service. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs - or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true weight: @@ -97,9 +102,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_middlewares.yaml b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_middlewares.yaml similarity index 56% rename from traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_middlewares.yaml rename to traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_middlewares.yaml index 5a4dc364..4ef178a5 100644 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_middlewares.yaml +++ b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_middlewares.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: middlewares.traefik.io spec: group: traefik.io @@ -19,18 +17,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'Middleware is the CRD implementation of a Traefik Middleware. - More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/' + description: |- + Middleware is the CRD implementation of a Traefik Middleware. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/ properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -38,33 +42,37 @@ spec: description: MiddlewareSpec defines the desired state of a Middleware. properties: addPrefix: - description: 'AddPrefix holds the add prefix middleware configuration. - This middleware updates the path of a request before forwarding - it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/' + description: |- + AddPrefix holds the add prefix middleware configuration. + This middleware updates the path of a request before forwarding it. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/ properties: prefix: - description: Prefix is the string to add before the current path - in the requested URL. It should include a leading slash (/). + description: |- + Prefix is the string to add before the current path in the requested URL. + It should include a leading slash (/). type: string type: object basicAuth: - description: 'BasicAuth holds the basic auth middleware configuration. + description: |- + BasicAuth holds the basic auth middleware configuration. This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/ properties: headerField: - description: 'HeaderField defines a header field to store the - authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield' + description: |- + HeaderField defines a header field to store the authenticated user. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield type: string realm: - description: 'Realm allows the protected resources on a server - to be partitioned into a set of protection spaces, each with - its own authentication scheme. Default: traefik.' + description: |- + Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme. + Default: traefik. type: string removeHeader: - description: 'RemoveHeader sets the removeHeader option to true - to remove the authorization header before forwarding the request - to your service. Default: false.' + description: |- + RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service. + Default: false. type: boolean secret: description: Secret is the name of the referenced Kubernetes Secret @@ -72,48 +80,49 @@ spec: type: string type: object buffering: - description: 'Buffering holds the buffering middleware configuration. - This middleware retries or limits the size of requests that can - be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes' + description: |- + Buffering holds the buffering middleware configuration. + This middleware retries or limits the size of requests that can be forwarded to backends. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes properties: maxRequestBodyBytes: - description: 'MaxRequestBodyBytes defines the maximum allowed - body size for the request (in bytes). If the request exceeds - the allowed size, it is not forwarded to the service, and the - client gets a 413 (Request Entity Too Large) response. Default: - 0 (no maximum).' + description: |- + MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes). + If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response. + Default: 0 (no maximum). format: int64 type: integer maxResponseBodyBytes: - description: 'MaxResponseBodyBytes defines the maximum allowed - response size from the service (in bytes). If the response exceeds - the allowed size, it is not forwarded to the client. The client - gets a 500 (Internal Server Error) response instead. Default: - 0 (no maximum).' + description: |- + MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes). + If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead. + Default: 0 (no maximum). format: int64 type: integer memRequestBodyBytes: - description: 'MemRequestBodyBytes defines the threshold (in bytes) - from which the request will be buffered on disk instead of in - memory. Default: 1048576 (1Mi).' + description: |- + MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory. + Default: 1048576 (1Mi). format: int64 type: integer memResponseBodyBytes: - description: 'MemResponseBodyBytes defines the threshold (in bytes) - from which the response will be buffered on disk instead of - in memory. Default: 1048576 (1Mi).' + description: |- + MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory. + Default: 1048576 (1Mi). format: int64 type: integer retryExpression: - description: 'RetryExpression defines the retry conditions. It - is a logical combination of functions with operators AND (&&) - and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression' + description: |- + RetryExpression defines the retry conditions. + It is a logical combination of functions with operators AND (&&) and OR (||). + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression type: string type: object chain: - description: 'Chain holds the configuration of the chain middleware. - This middleware enables to define reusable combinations of other - pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/' + description: |- + Chain holds the configuration of the chain middleware. + This middleware enables to define reusable combinations of other pieces of middleware. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/ properties: middlewares: description: Middlewares is the list of MiddlewareRef which composes @@ -165,52 +174,58 @@ spec: x-kubernetes-int-or-string: true type: object compress: - description: 'Compress holds the compress middleware configuration. - This middleware compresses responses before sending them to the - client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/' + description: |- + Compress holds the compress middleware configuration. + This middleware compresses responses before sending them to the client, using gzip compression. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/ properties: excludedContentTypes: - description: ExcludedContentTypes defines the list of content - types to compare the Content-Type header of the incoming requests - and responses before compressing. + description: |- + ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing. + `application/grpc` is always excluded. + items: + type: string + type: array + includedContentTypes: + description: IncludedContentTypes defines the list of content + types to compare the Content-Type header of the responses before + compressing. items: type: string type: array minResponseBodyBytes: - description: 'MinResponseBodyBytes defines the minimum amount - of bytes a response body must have to be compressed. Default: - 1024.' + description: |- + MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. + Default: 1024. type: integer type: object contentType: - description: ContentType holds the content-type middleware configuration. - This middleware exists to enable the correct behavior until at least - the default one can be changed in a future version. + description: |- + ContentType holds the content-type middleware configuration. + This middleware exists to enable the correct behavior until at least the default one can be changed in a future version. properties: autoDetect: - description: AutoDetect specifies whether to let the `Content-Type` - header, if it has not been set by the backend, be automatically - set to a value derived from the contents of the response. As - a proxy, the default behavior should be to leave the header - alone, regardless of what the backend did with it. However, - the historic default was to always auto-detect and set the header - if it was nil, and it is going to be kept that way in order - to support users currently relying on it. + description: |- + AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend, + be automatically set to a value derived from the contents of the response. + Deprecated: AutoDetect option is deprecated, Content-Type middleware is only meant to be used to enable the content-type detection, please remove any usage of this option. type: boolean type: object digestAuth: - description: 'DigestAuth holds the digest auth middleware configuration. + description: |- + DigestAuth holds the digest auth middleware configuration. This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/ properties: headerField: - description: 'HeaderField defines a header field to store the - authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield' + description: |- + HeaderField defines a header field to store the authenticated user. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield type: string realm: - description: 'Realm allows the protected resources on a server - to be partitioned into a set of protection spaces, each with - its own authentication scheme. Default: traefik.' + description: |- + Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme. + Default: traefik. type: string removeHeader: description: RemoveHeader defines whether to remove the authorization @@ -222,18 +237,20 @@ spec: type: string type: object errors: - description: 'ErrorPage holds the custom error middleware configuration. - This middleware returns a custom page in lieu of the default, according - to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/' + description: |- + ErrorPage holds the custom error middleware configuration. + This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/ properties: query: - description: Query defines the URL for the error page (hosted - by service). The {status} variable can be used in order to insert - the status code in the URL. + description: |- + Query defines the URL for the error page (hosted by service). + The {status} variable can be used in order to insert the status code in the URL. type: string service: - description: 'Service defines the reference to a Kubernetes Service - that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service' + description: |- + Service defines the reference to a Kubernetes Service that will serve the error page. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service properties: kind: description: Kind defines the kind of the Service. @@ -242,31 +259,32 @@ spec: - TraefikService type: string name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between the - two is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or if - the only child is the Kubernetes Service clusterIP. The - Kubernetes Service itself does load-balance to the pods. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client Host - header is forwarded to the upstream Kubernetes Service. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. By default, passHostHeader is true. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: @@ -275,29 +293,29 @@ spec: client. properties: flushInterval: - description: 'FlushInterval defines the interval, in milliseconds, - in between flushes to the client while copying the response - body. A negative value means to flush immediately after - each write to the client. This configuration is ignored - when ReverseProxy recognizes a response as a streaming - response; for such responses, writes are flushed to - the client immediately. Default: 100ms' + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https - when Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport between - Traefik and your servers. Can only be used on a Kubernetes - Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -306,12 +324,19 @@ spec: description: HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript. type: boolean + maxAge: + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. + type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can @@ -321,40 +346,48 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported value - at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only be - specified when Name references a TraefikService object (and - to be precise, one that embeds a Weighted Round Robin). + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). type: integer required: - name type: object status: - description: Status defines which status or range of statuses - should result in an error page. It can be either a status code - as a number (500), as multiple comma-separated numbers (500,502), - as ranges by separating two codes with a dash (500-599), or - a combination of the two (404,418,500-599). + description: |- + Status defines which status or range of statuses should result in an error page. + It can be either a status code as a number (500), + as multiple comma-separated numbers (500,502), + as ranges by separating two codes with a dash (500-599), + or a combination of the two (404,418,500-599). items: type: string type: array type: object forwardAuth: - description: 'ForwardAuth holds the forward auth middleware configuration. + description: |- + ForwardAuth holds the forward auth middleware configuration. This middleware delegates the request authentication to a Service. - More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/ properties: + addAuthCookiesToResponse: + description: AddAuthCookiesToResponse defines the list of cookies + to copy from the authentication server response to the response. + items: + type: string + type: array address: description: Address defines the authentication server address. type: string authRequestHeaders: - description: AuthRequestHeaders defines the list of the headers - to copy from the request to the authentication server. If not - set or empty then all request headers are passed. + description: |- + AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server. + If not set or empty then all request headers are passed. items: type: string type: array @@ -366,26 +399,27 @@ spec: type: string type: array authResponseHeadersRegex: - description: 'AuthResponseHeadersRegex defines the regex to match - headers to copy from the authentication server response and - set on forwarded request, after stripping all headers that match - the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex' + description: |- + AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex type: string tls: description: TLS defines the configuration used to secure the connection to the authentication server. properties: caOptional: + description: 'Deprecated: TLS client authentication is a server + side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).' type: boolean caSecret: - description: CASecret is the name of the referenced Kubernetes - Secret containing the CA to validate the server certificate. + description: |- + CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate. The CA certificate is extracted from key `tls.ca` or `ca.crt`. type: string certSecret: - description: CertSecret is the name of the referenced Kubernetes - Secret containing the client certificate. The client certificate - is extracted from the keys `tls.crt` and `tls.key`. + description: |- + CertSecret is the name of the referenced Kubernetes Secret containing the client certificate. + The client certificate is extracted from the keys `tls.crt` and `tls.key`. type: string insecureSkipVerify: description: InsecureSkipVerify defines whether the server @@ -397,10 +431,24 @@ spec: forward) all X-Forwarded-* headers.' type: boolean type: object + grpcWeb: + description: |- + GrpcWeb holds the gRPC web middleware configuration. + This middleware converts a gRPC web request to an HTTP/2 gRPC request. + properties: + allowOrigins: + description: |- + AllowOrigins is a list of allowable origins. + Can also be a wildcard origin "*". + items: + type: string + type: array + type: object headers: - description: 'Headers holds the headers middleware configuration. - This middleware manages the requests and responses headers. More - info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders' + description: |- + Headers holds the headers middleware configuration. + This middleware manages the requests and responses headers. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders properties: accessControlAllowCredentials: description: AccessControlAllowCredentials defines whether the @@ -465,12 +513,14 @@ spec: header with the nosniff value. type: boolean customBrowserXSSValue: - description: CustomBrowserXSSValue defines the X-XSS-Protection - header value. This overrides the BrowserXssFilter option. + description: |- + CustomBrowserXSSValue defines the X-XSS-Protection header value. + This overrides the BrowserXssFilter option. type: string customFrameOptionsValue: - description: CustomFrameOptionsValue defines the X-Frame-Options - header value. This overrides the FrameDeny option. + description: |- + CustomFrameOptionsValue defines the X-Frame-Options header value. + This overrides the FrameDeny option. type: string customRequestHeaders: additionalProperties: @@ -485,7 +535,8 @@ spec: values to apply to the response. type: object featurePolicy: - description: 'Deprecated: use PermissionsPolicy instead.' + description: 'Deprecated: FeaturePolicy option is deprecated, + please use PermissionsPolicy instead.' type: string forceSTSHeader: description: ForceSTSHeader defines whether to add the STS header @@ -502,47 +553,48 @@ spec: type: string type: array isDevelopment: - description: IsDevelopment defines whether to mitigate the unwanted - effects of the AllowedHosts, SSL, and STS options when developing. - Usually testing takes place using HTTP, not HTTPS, and on localhost, - not your production domain. If you would like your development - environment to mimic production with complete Host blocking, - SSL redirects, and STS headers, leave this as false. + description: |- + IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing. + Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain. + If you would like your development environment to mimic production with complete Host blocking, SSL redirects, + and STS headers, leave this as false. type: boolean permissionsPolicy: - description: PermissionsPolicy defines the Permissions-Policy - header value. This allows sites to control browser features. + description: |- + PermissionsPolicy defines the Permissions-Policy header value. + This allows sites to control browser features. type: string publicKey: description: PublicKey is the public key that implements HPKP to prevent MITM attacks with forged certificates. type: string referrerPolicy: - description: ReferrerPolicy defines the Referrer-Policy header - value. This allows sites to control whether browsers forward - the Referer header to other sites. + description: |- + ReferrerPolicy defines the Referrer-Policy header value. + This allows sites to control whether browsers forward the Referer header to other sites. type: string sslForceHost: - description: 'Deprecated: use RedirectRegex instead.' + description: 'Deprecated: SSLForceHost option is deprecated, please + use RedirectRegex instead.' type: boolean sslHost: - description: 'Deprecated: use RedirectRegex instead.' + description: 'Deprecated: SSLHost option is deprecated, please + use RedirectRegex instead.' type: string sslProxyHeaders: additionalProperties: type: string - description: 'SSLProxyHeaders defines the header keys with associated - values that would indicate a valid HTTPS request. It can be - useful when using other proxies (example: "X-Forwarded-Proto": - "https").' + description: |- + SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request. + It can be useful when using other proxies (example: "X-Forwarded-Proto": "https"). type: object sslRedirect: - description: 'Deprecated: use EntryPoint redirection or RedirectScheme - instead.' + description: 'Deprecated: SSLRedirect option is deprecated, please + use EntryPoint redirection or RedirectScheme instead.' type: boolean sslTemporaryRedirect: - description: 'Deprecated: use EntryPoint redirection or RedirectScheme - instead.' + description: 'Deprecated: SSLTemporaryRedirect option is deprecated, + please use EntryPoint redirection or RedirectScheme instead.' type: boolean stsIncludeSubdomains: description: STSIncludeSubdomains defines whether the includeSubDomains @@ -553,33 +605,35 @@ spec: to the Strict-Transport-Security header. type: boolean stsSeconds: - description: STSSeconds defines the max-age of the Strict-Transport-Security - header. If set to 0, the header is not set. + description: |- + STSSeconds defines the max-age of the Strict-Transport-Security header. + If set to 0, the header is not set. format: int64 type: integer type: object inFlightReq: - description: 'InFlightReq holds the in-flight request middleware configuration. - This middleware limits the number of requests being processed and - served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/' + description: |- + InFlightReq holds the in-flight request middleware configuration. + This middleware limits the number of requests being processed and served concurrently. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/ properties: amount: - description: Amount defines the maximum amount of allowed simultaneous - in-flight request. The middleware responds with HTTP 429 Too - Many Requests if there are already amount requests in progress - (based on the same sourceCriterion strategy). + description: |- + Amount defines the maximum amount of allowed simultaneous in-flight request. + The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). format: int64 type: integer sourceCriterion: - description: 'SourceCriterion defines what criterion is used to - group requests as originating from a common source. If several - strategies are defined at the same time, an error will be raised. - If none are set, the default is to use the requestHost. More - info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion' + description: |- + SourceCriterion defines what criterion is used to group requests as originating from a common source. + If several strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the requestHost. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion properties: ipStrategy: - description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -604,14 +658,48 @@ spec: type: boolean type: object type: object - ipWhiteList: - description: 'IPWhiteList holds the IP whitelist middleware configuration. + ipAllowList: + description: |- + IPAllowList holds the IP allowlist middleware configuration. This middleware accepts / refuses requests based on the client IP. - More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/ + properties: + ipStrategy: + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position (starting + from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the X-Forwarded-For + header and select the first IP not in the list. + items: + type: string + type: array + type: object + rejectStatusCode: + description: |- + RejectStatusCode defines the HTTP status code used for refused requests. + If not set, the default is 403 (Forbidden). + type: integer + sourceRange: + description: SourceRange defines the set of allowed IPs (or ranges + of allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + ipWhiteList: + description: 'Deprecated: please use IPAllowList instead.' properties: ipStrategy: - description: 'IPStrategy holds the IP strategy configuration used - by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -633,9 +721,10 @@ spec: type: array type: object passTLSClientCert: - description: 'PassTLSClientCert holds the pass TLS client cert middleware - configuration. This middleware adds the selected data from the passed - client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/' + description: |- + PassTLSClientCert holds the pass TLS client cert middleware configuration. + This middleware adds the selected data from the passed client TLS certificate to a header. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/ properties: info: description: Info selects the specific client certificate details @@ -736,46 +825,48 @@ spec: plugin: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Plugin defines the middleware plugin configuration. - More info: https://doc.traefik.io/traefik/plugins/' + description: |- + Plugin defines the middleware plugin configuration. + More info: https://doc.traefik.io/traefik/plugins/ type: object rateLimit: - description: 'RateLimit holds the rate limit configuration. This middleware - ensures that services will receive a fair amount of requests, and - allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/' + description: |- + RateLimit holds the rate limit configuration. + This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/ properties: average: - description: Average is the maximum rate, by default in requests/s, - allowed for the given source. It defaults to 0, which means - no rate limiting. The rate is actually defined by dividing Average - by Period. So for a rate below 1req/s, one needs to define a - Period larger than a second. + description: |- + Average is the maximum rate, by default in requests/s, allowed for the given source. + It defaults to 0, which means no rate limiting. + The rate is actually defined by dividing Average by Period. So for a rate below 1req/s, + one needs to define a Period larger than a second. format: int64 type: integer burst: - description: Burst is the maximum number of requests allowed to - arrive in the same arbitrarily small period of time. It defaults - to 1. + description: |- + Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time. + It defaults to 1. format: int64 type: integer period: anyOf: - type: integer - type: string - description: 'Period, in combination with Average, defines the - actual maximum rate, such as: r = Average / Period. It defaults - to a second.' + description: |- + Period, in combination with Average, defines the actual maximum rate, such as: + r = Average / Period. It defaults to a second. x-kubernetes-int-or-string: true sourceCriterion: - description: SourceCriterion defines what criterion is used to - group requests as originating from a common source. If several - strategies are defined at the same time, an error will be raised. - If none are set, the default is to use the request's remote - address field (as an ipStrategy). + description: |- + SourceCriterion defines what criterion is used to group requests as originating from a common source. + If several strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the request's remote address field (as an ipStrategy). properties: ipStrategy: - description: 'IPStrategy holds the IP strategy configuration - used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -801,9 +892,10 @@ spec: type: object type: object redirectRegex: - description: 'RedirectRegex holds the redirect regex middleware configuration. + description: |- + RedirectRegex holds the redirect regex middleware configuration. This middleware redirects a request using regex matching and replacement. - More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex properties: permanent: description: Permanent defines whether the redirection is permanent @@ -819,9 +911,10 @@ spec: type: string type: object redirectScheme: - description: 'RedirectScheme holds the redirect scheme middleware - configuration. This middleware redirects requests from a scheme/port - to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/' + description: |- + RedirectScheme holds the redirect scheme middleware configuration. + This middleware redirects requests from a scheme/port to another. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/ properties: permanent: description: Permanent defines whether the redirection is permanent @@ -835,9 +928,10 @@ spec: type: string type: object replacePath: - description: 'ReplacePath holds the replace path middleware configuration. - This middleware replaces the path of the request URL and store the - original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/' + description: |- + ReplacePath holds the replace path middleware configuration. + This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/ properties: path: description: Path defines the path to use as replacement in the @@ -845,9 +939,10 @@ spec: type: string type: object replacePathRegex: - description: 'ReplacePathRegex holds the replace path regex middleware - configuration. This middleware replaces the path of a URL using - regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/' + description: |- + ReplacePathRegex holds the replace path regex middleware configuration. + This middleware replaces the path of a URL using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/ properties: regex: description: Regex defines the regular expression used to match @@ -859,11 +954,11 @@ spec: type: string type: object retry: - description: 'Retry holds the retry middleware configuration. This - middleware reissues requests a given number of times to a backend - server if that server does not reply. As soon as the server answers, - the middleware stops retrying, regardless of the response status. - More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/' + description: |- + Retry holds the retry middleware configuration. + This middleware reissues requests a given number of times to a backend server if that server does not reply. + As soon as the server answers, the middleware stops retrying, regardless of the response status. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/ properties: attempts: description: Attempts defines how many times the request should @@ -873,22 +968,25 @@ spec: anyOf: - type: integer - type: string - description: InitialInterval defines the first wait time in the - exponential backoff series. The maximum interval is calculated - as twice the initialInterval. If unspecified, requests will - be retried immediately. The value of initialInterval should - be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. + description: |- + InitialInterval defines the first wait time in the exponential backoff series. + The maximum interval is calculated as twice the initialInterval. + If unspecified, requests will be retried immediately. + The value of initialInterval should be provided in seconds or as a valid duration format, + see https://pkg.go.dev/time#ParseDuration. x-kubernetes-int-or-string: true type: object stripPrefix: - description: 'StripPrefix holds the strip prefix middleware configuration. + description: |- + StripPrefix holds the strip prefix middleware configuration. This middleware removes the specified prefixes from the URL path. - More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/' + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/ properties: forceSlash: - description: 'ForceSlash ensures that the resulting stripped path - is not the empty string, by replacing it with / when necessary. - Default: true.' + description: |- + Deprecated: ForceSlash option is deprecated, please remove any usage of this option. + ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary. + Default: true. type: boolean prefixes: description: Prefixes defines the prefixes to strip from the request @@ -898,9 +996,10 @@ spec: type: array type: object stripPrefixRegex: - description: 'StripPrefixRegex holds the strip prefix regex middleware - configuration. This middleware removes the matching prefixes from - the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/' + description: |- + StripPrefixRegex holds the strip prefix regex middleware configuration. + This middleware removes the matching prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/ properties: regex: description: Regex defines the regular expression to match the @@ -916,9 +1015,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_middlewaretcps.yaml b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_middlewaretcps.yaml new file mode 100644 index 00000000..250ac1b1 --- /dev/null +++ b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_middlewaretcps.yaml @@ -0,0 +1,87 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: middlewaretcps.traefik.io +spec: + group: traefik.io + names: + kind: MiddlewareTCP + listKind: MiddlewareTCPList + plural: middlewaretcps + singular: middlewaretcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/ + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP. + properties: + inFlightConn: + description: InFlightConn defines the InFlightConn middleware configuration. + properties: + amount: + description: |- + Amount defines the maximum amount of allowed simultaneous connections. + The middleware closes the connection if there are already amount connections opened. + format: int64 + type: integer + type: object + ipAllowList: + description: |- + IPAllowList defines the IPAllowList middleware configuration. + This middleware accepts/refuses connections based on the client IP. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/ + properties: + sourceRange: + description: SourceRange defines the allowed IPs (or ranges of + allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + ipWhiteList: + description: |- + IPWhiteList defines the IPWhiteList middleware configuration. + This middleware accepts/refuses connections based on the client IP. + Deprecated: please use IPAllowList instead. + More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/ + properties: + sourceRange: + description: SourceRange defines the allowed IPs (or ranges of + allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_serverstransports.yaml b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_serverstransports.yaml similarity index 74% rename from traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_serverstransports.yaml rename to traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_serverstransports.yaml index 803b5639..287943fb 100644 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_serverstransports.yaml +++ b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_serverstransports.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: serverstransports.traefik.io spec: group: traefik.io @@ -19,20 +17,26 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'ServersTransport is the CRD implementation of a ServersTransport. + description: |- + ServersTransport is the CRD implementation of a ServersTransport. If no serversTransport is specified, the default@internal will be used. The default@internal serversTransport is created from the static configuration. - More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1' + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1 properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -113,6 +117,19 @@ spec: description: ServerName defines the server name used to contact the server. type: string + spiffe: + description: Spiffe defines the SPIFFE configuration. + properties: + ids: + description: IDs defines the allowed SPIFFE IDs (takes precedence + over the SPIFFE TrustDomain). + items: + type: string + type: array + trustDomain: + description: TrustDomain defines the allowed SPIFFE trust domain. + type: string + type: object type: object required: - metadata @@ -120,9 +137,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_serverstransporttcps.yaml b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_serverstransporttcps.yaml new file mode 100644 index 00000000..b255d329 --- /dev/null +++ b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_serverstransporttcps.yaml @@ -0,0 +1,120 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: serverstransporttcps.traefik.io +spec: + group: traefik.io + names: + kind: ServersTransportTCP + listKind: ServersTransportTCPList + plural: serverstransporttcps + singular: serverstransporttcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + ServersTransportTCP is the CRD implementation of a TCPServersTransport. + If no tcpServersTransport is specified, a default one named default@internal will be used. + The default@internal tcpServersTransport can be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3 + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ServersTransportTCPSpec defines the desired state of a ServersTransportTCP. + properties: + dialKeepAlive: + anyOf: + - type: integer + - type: string + description: DialKeepAlive is the interval between keep-alive probes + for an active network connection. If zero, keep-alive probes are + sent with a default value (currently 15 seconds), if supported by + the protocol and operating system. Network protocols or operating + systems that do not support keep-alives ignore this field. If negative, + keep-alive probes are disabled. + x-kubernetes-int-or-string: true + dialTimeout: + anyOf: + - type: integer + - type: string + description: DialTimeout is the amount of time to wait until a connection + to a backend server can be established. + x-kubernetes-int-or-string: true + terminationDelay: + anyOf: + - type: integer + - type: string + description: TerminationDelay defines the delay to wait before fully + terminating the connection, after one connected peer has closed + its writing capability. + x-kubernetes-int-or-string: true + tls: + description: TLS defines the TLS configuration + properties: + certificatesSecrets: + description: CertificatesSecrets defines a list of secret storing + client certificates for mTLS. + items: + type: string + type: array + insecureSkipVerify: + description: InsecureSkipVerify disables TLS certificate verification. + type: boolean + peerCertURI: + description: |- + MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host. + PeerCertURI defines the peer cert URI used to match against SAN URI during the peer certificate verification. + type: string + rootCAsSecrets: + description: RootCAsSecrets defines a list of CA secret used to + validate self-signed certificates. + items: + type: string + type: array + serverName: + description: ServerName defines the server name used to contact + the server. + type: string + spiffe: + description: Spiffe defines the SPIFFE configuration. + properties: + ids: + description: IDs defines the allowed SPIFFE IDs (takes precedence + over the SPIFFE TrustDomain). + items: + type: string + type: array + trustDomain: + description: TrustDomain defines the allowed SPIFFE trust + domain. + type: string + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_tlsoptions.yaml b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_tlsoptions.yaml similarity index 51% rename from traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_tlsoptions.yaml rename to traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_tlsoptions.yaml index b86fefe0..2380e8ef 100644 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_tlsoptions.yaml +++ b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_tlsoptions.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: tlsoptions.traefik.io spec: group: traefik.io @@ -19,19 +17,24 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'TLSOption is the CRD implementation of a Traefik TLS Option, - allowing to configure some parameters of the TLS connection. More info: - https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + description: |- + TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -39,15 +42,16 @@ spec: description: TLSOptionSpec defines the desired state of a TLSOption. properties: alpnProtocols: - description: 'ALPNProtocols defines the list of supported application - level protocols for the TLS handshake, in order of preference. More - info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols' + description: |- + ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols items: type: string type: array cipherSuites: - description: 'CipherSuites defines the list of supported cipher suites - for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites' + description: |- + CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites items: type: string type: array @@ -73,26 +77,29 @@ spec: type: array type: object curvePreferences: - description: 'CurvePreferences defines the preferred elliptic curves - in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences' + description: |- + CurvePreferences defines the preferred elliptic curves in a specific order. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences items: type: string type: array maxVersion: - description: 'MaxVersion defines the maximum TLS version that Traefik - will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, - VersionTLS13. Default: None.' + description: |- + MaxVersion defines the maximum TLS version that Traefik will accept. + Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. + Default: None. type: string minVersion: - description: 'MinVersion defines the minimum TLS version that Traefik - will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, - VersionTLS13. Default: VersionTLS10.' + description: |- + MinVersion defines the minimum TLS version that Traefik will accept. + Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. + Default: VersionTLS10. type: string preferServerCipherSuites: - description: 'PreferServerCipherSuites defines whether the server - chooses a cipher suite among his own instead of among the client''s. + description: |- + PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's. It is enabled automatically when minVersion or maxVersion is set. - Deprecated: https://github.com/golang/go/issues/45430' + Deprecated: https://github.com/golang/go/issues/45430 type: boolean sniStrict: description: SniStrict defines whether Traefik allows connections @@ -105,9 +112,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_tlsstores.yaml b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_tlsstores.yaml similarity index 69% rename from traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_tlsstores.yaml rename to traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_tlsstores.yaml index 47b46854..15c4951e 100644 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_tlsstores.yaml +++ b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_tlsstores.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: tlsstores.traefik.io spec: group: traefik.io @@ -19,20 +17,26 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For - the time being, only the TLSStore named default is supported. This means - that you cannot have two stores that are named default in different Kubernetes - namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores' + description: |- + TLSStore is the CRD implementation of a Traefik TLS Store. + For the time being, only the TLSStore named default is supported. + This means that you cannot have two stores that are named default in different Kubernetes namespaces. + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -91,9 +95,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_traefikservices.yaml b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_traefikservices.yaml similarity index 51% rename from traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_traefikservices.yaml rename to traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_traefikservices.yaml index 0f3475bd..7c8f58a3 100644 --- a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_traefikservices.yaml +++ b/traefik/cluster/crds/localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/traefik.io_traefikservices.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: traefikservices.traefik.io spec: group: traefik.io @@ -19,19 +17,27 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'TraefikService is the CRD implementation of a Traefik Service. - TraefikService object allows to: - Apply weight to Services on load-balancing - - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice' + description: |- + TraefikService is the CRD implementation of a Traefik Service. + TraefikService object allows to: + - Apply weight to Services on load-balancing + - Mirror traffic on services + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -48,10 +54,10 @@ spec: - TraefikService type: string maxBodySize: - description: MaxBodySize defines the maximum size allowed for - the body of the request. If the body is larger, the request - is not mirrored. Default value is -1, which means unlimited - size. + description: |- + MaxBodySize defines the maximum size allowed for the body of the request. + If the body is larger, the request is not mirrored. + Default value is -1, which means unlimited size. format: int64 type: integer mirrors: @@ -67,35 +73,37 @@ spec: - TraefikService type: string name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between - the two is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or - if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client Host - header is forwarded to the upstream Kubernetes Service. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. By default, passHostHeader is true. type: boolean percent: - description: 'Percent defines the part of the traffic to - mirror. Supported values: 0 to 100.' + description: |- + Percent defines the part of the traffic to mirror. + Supported values: 0 to 100. type: integer port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: @@ -104,30 +112,29 @@ spec: client. properties: flushInterval: - description: 'FlushInterval defines the interval, in - milliseconds, in between flushes to the client while - copying the response body. A negative value means - to flush immediately after each write to the client. - This configuration is ignored when ReverseProxy recognizes - a response as a streaming response; for such responses, - writes are flushed to the client immediately. Default: - 100ms' + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https - when Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport - between Traefik and your servers. Can only be used on - a Kubernetes Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -136,12 +143,19 @@ spec: description: HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript. type: boolean + maxAge: + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. + type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can @@ -151,13 +165,13 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported - value at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only be - specified when Name references a TraefikService object + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). type: integer required: @@ -165,60 +179,62 @@ spec: type: object type: array name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between the two - is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or if the - only child is the Kubernetes Service clusterIP. The Kubernetes - Service itself does load-balance to the pods. By default, NativeLB - is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client Host header - is forwarded to the upstream Kubernetes Service. By default, - passHostHeader is true. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. This - can be a reference to a named port. + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: description: ResponseForwarding defines how Traefik forwards the response from the upstream Kubernetes Service to the client. properties: flushInterval: - description: 'FlushInterval defines the interval, in milliseconds, - in between flushes to the client while copying the response - body. A negative value means to flush immediately after - each write to the client. This configuration is ignored - when ReverseProxy recognizes a response as a streaming response; + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; for such responses, writes are flushed to the client immediately. - Default: 100ms' + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https when - Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport between - Traefik and your servers. Can only be used on a Kubernetes Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -227,12 +243,19 @@ spec: description: HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript. type: boolean + maxAge: + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. + type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. More - info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can only @@ -241,13 +264,14 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy between - the servers. RoundRobin is the only supported value at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only be specified - when Name references a TraefikService object (and to be precise, - one that embeds a Weighted Round Robin). + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). type: integer required: - name @@ -269,31 +293,32 @@ spec: - TraefikService type: string name: - description: Name defines the name of the referenced Kubernetes - Service or TraefikService. The differentiation between - the two is specified in the Kind field. + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. type: string namespace: description: Namespace defines the namespace of the referenced Kubernetes Service or TraefikService. type: string nativeLB: - description: NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or - if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the - pods. By default, NativeLB is false. + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. type: boolean passHostHeader: - description: PassHostHeader defines whether the client Host - header is forwarded to the upstream Kubernetes Service. + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. By default, passHostHeader is true. type: boolean port: anyOf: - type: integer - type: string - description: Port defines the port of a Kubernetes Service. + description: |- + Port defines the port of a Kubernetes Service. This can be a reference to a named port. x-kubernetes-int-or-string: true responseForwarding: @@ -302,30 +327,29 @@ spec: client. properties: flushInterval: - description: 'FlushInterval defines the interval, in - milliseconds, in between flushes to the client while - copying the response body. A negative value means - to flush immediately after each write to the client. - This configuration is ignored when ReverseProxy recognizes - a response as a streaming response; for such responses, - writes are flushed to the client immediately. Default: - 100ms' + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms type: string type: object scheme: - description: Scheme defines the scheme to use for the request - to the upstream Kubernetes Service. It defaults to https - when Kubernetes Service port is 443, http otherwise. + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. type: string serversTransport: - description: ServersTransport defines the name of ServersTransport - resource to use. It allows to configure the transport - between Traefik and your servers. Can only be used on - a Kubernetes Service. + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. type: string sticky: - description: 'Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -334,12 +358,19 @@ spec: description: HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript. type: boolean + maxAge: + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. + type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can @@ -349,13 +380,13 @@ spec: type: object type: object strategy: - description: Strategy defines the load balancing strategy - between the servers. RoundRobin is the only supported - value at the moment. + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. type: string weight: - description: Weight defines the weight and should only be - specified when Name references a TraefikService object + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object (and to be precise, one that embeds a Weighted Round Robin). type: integer required: @@ -363,8 +394,9 @@ spec: type: object type: array sticky: - description: 'Sticky defines whether sticky sessions are enabled. - More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' + description: |- + Sticky defines whether sticky sessions are enabled. + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -373,12 +405,19 @@ spec: description: HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript. type: boolean + maxAge: + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. + type: integer name: description: Name defines the Cookie name. type: string sameSite: - description: 'SameSite defines the same site policy. More - info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite type: string secure: description: Secure defines whether the cookie can only @@ -394,9 +433,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik/cluster/rbac/auth-traefik.yaml b/traefik/cluster/rbac/auth-traefik.yaml index b199976e..dab07884 100644 --- a/traefik/cluster/rbac/auth-traefik.yaml +++ b/traefik/cluster/rbac/auth-traefik.yaml @@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: traefik-ingress-controller + rules: - apiGroups: - "" @@ -10,6 +11,7 @@ rules: - services - endpoints - secrets + - nodes verbs: - get - list @@ -33,7 +35,6 @@ rules: - update - apiGroups: - traefik.io - - traefik.containo.us resources: - middlewares - middlewaretcps @@ -49,11 +50,13 @@ rules: - get - list - watch + --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: traefik-ingress-controller + roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole From 0588ec731503679ce4c2f6fcbb580f74de1d11a9 Mon Sep 17 00:00:00 2001 From: ffilippopoulos Date: Fri, 24 May 2024 11:12:50 +0100 Subject: [PATCH 2/2] Include old (v2) traefik.containo.us CRDs to support v2 and v3 deployments --- traefik/cluster/crds/Makefile | 3 + traefik/cluster/crds/kustomization.yaml | 1 + .../traefik/crds/kustomization.yaml | 12 + .../traefik.containo.us_ingressroutes.yaml | 275 ++++++ .../traefik.containo.us_ingressroutetcps.yaml | 218 +++++ .../traefik.containo.us_ingressrouteudps.yaml | 105 ++ .../crds/traefik.containo.us_middlewares.yaml | 924 ++++++++++++++++++ .../traefik.containo.us_middlewaretcps.yaml | 72 ++ ...traefik.containo.us_serverstransports.yaml | 128 +++ .../crds/traefik.containo.us_tlsoptions.yaml | 113 +++ .../crds/traefik.containo.us_tlsstores.yaml | 99 ++ .../traefik.containo.us_traefikservices.yaml | 402 ++++++++ 12 files changed, 2352 insertions(+) create mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/kustomization.yaml create mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressroutes.yaml create mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressroutetcps.yaml create mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressrouteudps.yaml create mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_middlewares.yaml create mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_middlewaretcps.yaml create mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_serverstransports.yaml create mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_tlsoptions.yaml create mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_tlsstores.yaml create mode 100644 traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_traefikservices.yaml diff --git a/traefik/cluster/crds/Makefile b/traefik/cluster/crds/Makefile index 55b2c9d4..6fd5d728 100644 --- a/traefik/cluster/crds/Makefile +++ b/traefik/cluster/crds/Makefile @@ -1,2 +1,5 @@ localize: + kustomize localize "https://github.com/traefik/traefik-helm-chart//traefik/crds?ref=62d7a9be592b552965fb690681b6f4f8865ce792" # valid for v2.10.3 + rm localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.io_* # remove the traefik.io CRD manifests + sd '\- traefik.io_.*\n' '' localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/kustomization.yaml # remove from kustomization.yaml kustomize localize "https://github.com/traefik/traefik-helm-chart//traefik/crds?ref=a429dd01418a0eeeb35a84019945e211148db69b" # valid for v3.0.0 diff --git a/traefik/cluster/crds/kustomization.yaml b/traefik/cluster/crds/kustomization.yaml index d1390209..6d562a56 100644 --- a/traefik/cluster/crds/kustomization.yaml +++ b/traefik/cluster/crds/kustomization.yaml @@ -1,4 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/ - localized-crds-a429dd01418a0eeeb35a84019945e211148db69b/traefik/crds/ diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/kustomization.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/kustomization.yaml new file mode 100644 index 00000000..57f52bd7 --- /dev/null +++ b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- traefik.containo.us_ingressroutes.yaml +- traefik.containo.us_ingressroutetcps.yaml +- traefik.containo.us_ingressrouteudps.yaml +- traefik.containo.us_middlewares.yaml +- traefik.containo.us_middlewaretcps.yaml +- traefik.containo.us_serverstransports.yaml +- traefik.containo.us_tlsoptions.yaml +- traefik.containo.us_tlsstores.yaml +- traefik.containo.us_traefikservices.yaml diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressroutes.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressroutes.yaml new file mode 100644 index 00000000..bd137f41 --- /dev/null +++ b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressroutes.yaml @@ -0,0 +1,275 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutes.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRoute + listKind: IngressRouteList + plural: ingressroutes + singular: ingressroute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRoute is the CRD implementation of a Traefik HTTP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteSpec defines the desired state of IngressRoute. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: Route holds the HTTP route configuration. + properties: + kind: + description: Kind defines the kind of the route. Rule is the + only supported kind. + enum: + - Rule + type: string + match: + description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule' + type: string + middlewares: + description: 'Middlewares defines the list of references to + Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware' + items: + description: MiddlewareRef is a reference to a Middleware + resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + priority: + description: 'Priority defines the router''s priority. More + info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority' + type: integer + services: + description: Services defines the list of Service. It can contain + any combination of TraefikService and/or reference to a Kubernetes + Service. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs + or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client + Host header is forwarded to the upstream Kubernetes + Service. By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to + the client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, + in milliseconds, in between flushes to the client + while copying the response body. A negative value + means to flush immediately after each write to the + client. This configuration is ignored when ReverseProxy + recognizes a response as a streaming response; for + such responses, writes are flushed to the client + immediately. Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the + request to the upstream Kubernetes Service. It defaults + to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as + JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie + can only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only + be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round + Robin). + type: integer + required: + - name + type: object + type: array + required: + - kind + - match + type: object + type: array + tls: + description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls' + properties: + certResolver: + description: 'CertResolver defines the name of the certificate + resolver to use. Cert resolvers have to be configured in the + static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers' + type: string + domains: + description: 'Domains defines the list of domains that will be + used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains' + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: 'Options defines the reference to a TLSOption, that + specifies the parameters of the TLS connection. If not defined, + the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + properties: + name: + description: 'Name defines the name of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption' + type: string + namespace: + description: 'Namespace defines the namespace of the referenced + TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption' + type: string + required: + - name + type: object + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store defines the reference to the TLSStore, that + will be used to store certificates. Please note that only `default` + TLSStore can be used. + properties: + name: + description: 'Name defines the name of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore' + type: string + namespace: + description: 'Namespace defines the namespace of the referenced + TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore' + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressroutetcps.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressroutetcps.yaml new file mode 100644 index 00000000..589fe31c --- /dev/null +++ b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressroutetcps.yaml @@ -0,0 +1,218 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutetcps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRouteTCP + listKind: IngressRouteTCPList + plural: ingressroutetcps + singular: ingressroutetcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteTCP holds the TCP route configuration. + properties: + match: + description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1' + type: string + middlewares: + description: Middlewares defines the list of references to MiddlewareTCP + resources. + items: + description: ObjectReference is a generic reference to a Traefik + resource. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: array + priority: + description: 'Priority defines the router''s priority. More + info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1' + type: integer + services: + description: Services defines the list of TCP services. + items: + description: ServiceTCP defines an upstream TCP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs + or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + proxyProtocol: + description: 'ProxyProtocol defines the PROXY protocol + configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol' + properties: + version: + description: Version defines the PROXY Protocol version + to use. + type: integer + type: object + terminationDelay: + description: TerminationDelay defines the deadline that + the proxy sets, after one of its connected peers indicates + it has closed the writing capability of its connection, + to close the reading capability as well, hence fully + terminating the connection. It is a duration in milliseconds, + defaulting to 100. A negative value means an infinite + deadline (i.e. the reading capability is never closed). + type: integer + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + required: + - match + type: object + type: array + tls: + description: 'TLS defines the TLS configuration on a layer 4 / TCP + Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1' + properties: + certResolver: + description: 'CertResolver defines the name of the certificate + resolver to use. Cert resolvers have to be configured in the + static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers' + type: string + domains: + description: 'Domains defines the list of domains that will be + used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains' + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: 'Options defines the reference to a TLSOption, that + specifies the parameters of the TLS connection. If not defined, + the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + passthrough: + description: Passthrough defines whether a TLS router will terminate + the TLS connection. + type: boolean + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store defines the reference to the TLSStore, that + will be used to store certificates. Please note that only `default` + TLSStore can be used. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressrouteudps.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressrouteudps.yaml new file mode 100644 index 00000000..c35ee4dc --- /dev/null +++ b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_ingressrouteudps.yaml @@ -0,0 +1,105 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressrouteudps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRouteUDP + listKind: IngressRouteUDPList + plural: ingressrouteudps + singular: ingressrouteudp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteUDP holds the UDP route configuration. + properties: + services: + description: Services defines the list of UDP services. + items: + description: ServiceUDP defines an upstream UDP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs + or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + type: object + type: array + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_middlewares.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_middlewares.yaml new file mode 100644 index 00000000..5e14f93f --- /dev/null +++ b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_middlewares.yaml @@ -0,0 +1,924 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewares.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: Middleware + listKind: MiddlewareList + plural: middlewares + singular: middleware + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'Middleware is the CRD implementation of a Traefik Middleware. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareSpec defines the desired state of a Middleware. + properties: + addPrefix: + description: 'AddPrefix holds the add prefix middleware configuration. + This middleware updates the path of a request before forwarding + it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/' + properties: + prefix: + description: Prefix is the string to add before the current path + in the requested URL. It should include a leading slash (/). + type: string + type: object + basicAuth: + description: 'BasicAuth holds the basic auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/' + properties: + headerField: + description: 'HeaderField defines a header field to store the + authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield' + type: string + realm: + description: 'Realm allows the protected resources on a server + to be partitioned into a set of protection spaces, each with + its own authentication scheme. Default: traefik.' + type: string + removeHeader: + description: 'RemoveHeader sets the removeHeader option to true + to remove the authorization header before forwarding the request + to your service. Default: false.' + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + buffering: + description: 'Buffering holds the buffering middleware configuration. + This middleware retries or limits the size of requests that can + be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes' + properties: + maxRequestBodyBytes: + description: 'MaxRequestBodyBytes defines the maximum allowed + body size for the request (in bytes). If the request exceeds + the allowed size, it is not forwarded to the service, and the + client gets a 413 (Request Entity Too Large) response. Default: + 0 (no maximum).' + format: int64 + type: integer + maxResponseBodyBytes: + description: 'MaxResponseBodyBytes defines the maximum allowed + response size from the service (in bytes). If the response exceeds + the allowed size, it is not forwarded to the client. The client + gets a 500 (Internal Server Error) response instead. Default: + 0 (no maximum).' + format: int64 + type: integer + memRequestBodyBytes: + description: 'MemRequestBodyBytes defines the threshold (in bytes) + from which the request will be buffered on disk instead of in + memory. Default: 1048576 (1Mi).' + format: int64 + type: integer + memResponseBodyBytes: + description: 'MemResponseBodyBytes defines the threshold (in bytes) + from which the response will be buffered on disk instead of + in memory. Default: 1048576 (1Mi).' + format: int64 + type: integer + retryExpression: + description: 'RetryExpression defines the retry conditions. It + is a logical combination of functions with operators AND (&&) + and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression' + type: string + type: object + chain: + description: 'Chain holds the configuration of the chain middleware. + This middleware enables to define reusable combinations of other + pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/' + properties: + middlewares: + description: Middlewares is the list of MiddlewareRef which composes + the chain. + items: + description: MiddlewareRef is a reference to a Middleware resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + type: object + circuitBreaker: + description: CircuitBreaker holds the circuit breaker configuration. + properties: + checkPeriod: + anyOf: + - type: integer + - type: string + description: CheckPeriod is the interval between successive checks + of the circuit breaker condition (when in standby state). + x-kubernetes-int-or-string: true + expression: + description: Expression is the condition that triggers the tripped + state. + type: string + fallbackDuration: + anyOf: + - type: integer + - type: string + description: FallbackDuration is the duration for which the circuit + breaker will wait before trying to recover (from a tripped state). + x-kubernetes-int-or-string: true + recoveryDuration: + anyOf: + - type: integer + - type: string + description: RecoveryDuration is the duration for which the circuit + breaker will try to recover (as soon as it is in recovering + state). + x-kubernetes-int-or-string: true + type: object + compress: + description: 'Compress holds the compress middleware configuration. + This middleware compresses responses before sending them to the + client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/' + properties: + excludedContentTypes: + description: ExcludedContentTypes defines the list of content + types to compare the Content-Type header of the incoming requests + and responses before compressing. + items: + type: string + type: array + minResponseBodyBytes: + description: 'MinResponseBodyBytes defines the minimum amount + of bytes a response body must have to be compressed. Default: + 1024.' + type: integer + type: object + contentType: + description: ContentType holds the content-type middleware configuration. + This middleware exists to enable the correct behavior until at least + the default one can be changed in a future version. + properties: + autoDetect: + description: AutoDetect specifies whether to let the `Content-Type` + header, if it has not been set by the backend, be automatically + set to a value derived from the contents of the response. As + a proxy, the default behavior should be to leave the header + alone, regardless of what the backend did with it. However, + the historic default was to always auto-detect and set the header + if it was nil, and it is going to be kept that way in order + to support users currently relying on it. + type: boolean + type: object + digestAuth: + description: 'DigestAuth holds the digest auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/' + properties: + headerField: + description: 'HeaderField defines a header field to store the + authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield' + type: string + realm: + description: 'Realm allows the protected resources on a server + to be partitioned into a set of protection spaces, each with + its own authentication scheme. Default: traefik.' + type: string + removeHeader: + description: RemoveHeader defines whether to remove the authorization + header before forwarding the request to the backend. + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + errors: + description: 'ErrorPage holds the custom error middleware configuration. + This middleware returns a custom page in lieu of the default, according + to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/' + properties: + query: + description: Query defines the URL for the error page (hosted + by service). The {status} variable can be used in order to insert + the status code in the URL. + type: string + service: + description: 'Service defines the reference to a Kubernetes Service + that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service' + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between the + two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if + the only child is the Kubernetes Service clusterIP. The + Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in milliseconds, + in between flushes to the client while copying the response + body. A negative value means to flush immediately after + each write to the client. This configuration is ignored + when ReverseProxy recognizes a response as a streaming + response; for such responses, writes are flushed to + the client immediately. Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport between + Traefik and your servers. Can only be used on a Kubernetes + Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can + be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported value + at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object (and + to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + status: + description: Status defines which status or range of statuses + should result in an error page. It can be either a status code + as a number (500), as multiple comma-separated numbers (500,502), + as ranges by separating two codes with a dash (500-599), or + a combination of the two (404,418,500-599). + items: + type: string + type: array + type: object + forwardAuth: + description: 'ForwardAuth holds the forward auth middleware configuration. + This middleware delegates the request authentication to a Service. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/' + properties: + address: + description: Address defines the authentication server address. + type: string + authRequestHeaders: + description: AuthRequestHeaders defines the list of the headers + to copy from the request to the authentication server. If not + set or empty then all request headers are passed. + items: + type: string + type: array + authResponseHeaders: + description: AuthResponseHeaders defines the list of headers to + copy from the authentication server response and set on forwarded + request, replacing any existing conflicting headers. + items: + type: string + type: array + authResponseHeadersRegex: + description: 'AuthResponseHeadersRegex defines the regex to match + headers to copy from the authentication server response and + set on forwarded request, after stripping all headers that match + the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex' + type: string + tls: + description: TLS defines the configuration used to secure the + connection to the authentication server. + properties: + caOptional: + type: boolean + caSecret: + description: CASecret is the name of the referenced Kubernetes + Secret containing the CA to validate the server certificate. + The CA certificate is extracted from key `tls.ca` or `ca.crt`. + type: string + certSecret: + description: CertSecret is the name of the referenced Kubernetes + Secret containing the client certificate. The client certificate + is extracted from the keys `tls.crt` and `tls.key`. + type: string + insecureSkipVerify: + description: InsecureSkipVerify defines whether the server + certificates should be validated. + type: boolean + type: object + trustForwardHeader: + description: 'TrustForwardHeader defines whether to trust (ie: + forward) all X-Forwarded-* headers.' + type: boolean + type: object + headers: + description: 'Headers holds the headers middleware configuration. + This middleware manages the requests and responses headers. More + info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders' + properties: + accessControlAllowCredentials: + description: AccessControlAllowCredentials defines whether the + request can include user credentials. + type: boolean + accessControlAllowHeaders: + description: AccessControlAllowHeaders defines the Access-Control-Request-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlAllowMethods: + description: AccessControlAllowMethods defines the Access-Control-Request-Method + values sent in preflight response. + items: + type: string + type: array + accessControlAllowOriginList: + description: AccessControlAllowOriginList is a list of allowable + origins. Can also be a wildcard origin "*". + items: + type: string + type: array + accessControlAllowOriginListRegex: + description: AccessControlAllowOriginListRegex is a list of allowable + origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/). + items: + type: string + type: array + accessControlExposeHeaders: + description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlMaxAge: + description: AccessControlMaxAge defines the time that a preflight + request may be cached. + format: int64 + type: integer + addVaryHeader: + description: AddVaryHeader defines whether the Vary header is + automatically added/updated when the AccessControlAllowOriginList + is set. + type: boolean + allowedHosts: + description: AllowedHosts defines the fully qualified list of + allowed domain names. + items: + type: string + type: array + browserXssFilter: + description: BrowserXSSFilter defines whether to add the X-XSS-Protection + header with the value 1; mode=block. + type: boolean + contentSecurityPolicy: + description: ContentSecurityPolicy defines the Content-Security-Policy + header value. + type: string + contentTypeNosniff: + description: ContentTypeNosniff defines whether to add the X-Content-Type-Options + header with the nosniff value. + type: boolean + customBrowserXSSValue: + description: CustomBrowserXSSValue defines the X-XSS-Protection + header value. This overrides the BrowserXssFilter option. + type: string + customFrameOptionsValue: + description: CustomFrameOptionsValue defines the X-Frame-Options + header value. This overrides the FrameDeny option. + type: string + customRequestHeaders: + additionalProperties: + type: string + description: CustomRequestHeaders defines the header names and + values to apply to the request. + type: object + customResponseHeaders: + additionalProperties: + type: string + description: CustomResponseHeaders defines the header names and + values to apply to the response. + type: object + featurePolicy: + description: 'Deprecated: use PermissionsPolicy instead.' + type: string + forceSTSHeader: + description: ForceSTSHeader defines whether to add the STS header + even when the connection is HTTP. + type: boolean + frameDeny: + description: FrameDeny defines whether to add the X-Frame-Options + header with the DENY value. + type: boolean + hostsProxyHeaders: + description: HostsProxyHeaders defines the header keys that may + hold a proxied hostname value for the request. + items: + type: string + type: array + isDevelopment: + description: IsDevelopment defines whether to mitigate the unwanted + effects of the AllowedHosts, SSL, and STS options when developing. + Usually testing takes place using HTTP, not HTTPS, and on localhost, + not your production domain. If you would like your development + environment to mimic production with complete Host blocking, + SSL redirects, and STS headers, leave this as false. + type: boolean + permissionsPolicy: + description: PermissionsPolicy defines the Permissions-Policy + header value. This allows sites to control browser features. + type: string + publicKey: + description: PublicKey is the public key that implements HPKP + to prevent MITM attacks with forged certificates. + type: string + referrerPolicy: + description: ReferrerPolicy defines the Referrer-Policy header + value. This allows sites to control whether browsers forward + the Referer header to other sites. + type: string + sslForceHost: + description: 'Deprecated: use RedirectRegex instead.' + type: boolean + sslHost: + description: 'Deprecated: use RedirectRegex instead.' + type: string + sslProxyHeaders: + additionalProperties: + type: string + description: 'SSLProxyHeaders defines the header keys with associated + values that would indicate a valid HTTPS request. It can be + useful when using other proxies (example: "X-Forwarded-Proto": + "https").' + type: object + sslRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + sslTemporaryRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + stsIncludeSubdomains: + description: STSIncludeSubdomains defines whether the includeSubDomains + directive is appended to the Strict-Transport-Security header. + type: boolean + stsPreload: + description: STSPreload defines whether the preload flag is appended + to the Strict-Transport-Security header. + type: boolean + stsSeconds: + description: STSSeconds defines the max-age of the Strict-Transport-Security + header. If set to 0, the header is not set. + format: int64 + type: integer + type: object + inFlightReq: + description: 'InFlightReq holds the in-flight request middleware configuration. + This middleware limits the number of requests being processed and + served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/' + properties: + amount: + description: Amount defines the maximum amount of allowed simultaneous + in-flight request. The middleware responds with HTTP 429 Too + Many Requests if there are already amount requests in progress + (based on the same sourceCriterion strategy). + format: int64 + type: integer + sourceCriterion: + description: 'SourceCriterion defines what criterion is used to + group requests as originating from a common source. If several + strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the requestHost. More + info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion' + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + ipWhiteList: + description: 'IPWhiteList holds the IP whitelist middleware configuration. + This middleware accepts / refuses requests based on the client IP. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/' + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration used + by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position (starting + from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the X-Forwarded-For + header and select the first IP not in the list. + items: + type: string + type: array + type: object + sourceRange: + description: SourceRange defines the set of allowed IPs (or ranges + of allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + passTLSClientCert: + description: 'PassTLSClientCert holds the pass TLS client cert middleware + configuration. This middleware adds the selected data from the passed + client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/' + properties: + info: + description: Info selects the specific client certificate details + you want to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + issuer: + description: Issuer defines the client certificate issuer + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the issuer. + type: boolean + country: + description: Country defines whether to add the country + information into the issuer. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the issuer. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the issuer. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the issuer. + type: boolean + province: + description: Province defines whether to add the province + information into the issuer. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the issuer. + type: boolean + type: object + notAfter: + description: NotAfter defines whether to add the Not After + information from the Validity part. + type: boolean + notBefore: + description: NotBefore defines whether to add the Not Before + information from the Validity part. + type: boolean + sans: + description: Sans defines whether to add the Subject Alternative + Name information from the Subject Alternative Name part. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the client + serialNumber information. + type: boolean + subject: + description: Subject defines the client certificate subject + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the subject. + type: boolean + country: + description: Country defines whether to add the country + information into the subject. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the subject. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the subject. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the subject. + type: boolean + organizationalUnit: + description: OrganizationalUnit defines whether to add + the organizationalUnit information into the subject. + type: boolean + province: + description: Province defines whether to add the province + information into the subject. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the subject. + type: boolean + type: object + type: object + pem: + description: PEM sets the X-Forwarded-Tls-Client-Cert header with + the certificate. + type: boolean + type: object + plugin: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Plugin defines the middleware plugin configuration. + More info: https://doc.traefik.io/traefik/plugins/' + type: object + rateLimit: + description: 'RateLimit holds the rate limit configuration. This middleware + ensures that services will receive a fair amount of requests, and + allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/' + properties: + average: + description: Average is the maximum rate, by default in requests/s, + allowed for the given source. It defaults to 0, which means + no rate limiting. The rate is actually defined by dividing Average + by Period. So for a rate below 1req/s, one needs to define a + Period larger than a second. + format: int64 + type: integer + burst: + description: Burst is the maximum number of requests allowed to + arrive in the same arbitrarily small period of time. It defaults + to 1. + format: int64 + type: integer + period: + anyOf: + - type: integer + - type: string + description: 'Period, in combination with Average, defines the + actual maximum rate, such as: r = Average / Period. It defaults + to a second.' + x-kubernetes-int-or-string: true + sourceCriterion: + description: SourceCriterion defines what criterion is used to + group requests as originating from a common source. If several + strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the request's remote + address field (as an ipStrategy). + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + redirectRegex: + description: 'RedirectRegex holds the redirect regex middleware configuration. + This middleware redirects a request using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex' + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + regex: + description: Regex defines the regex used to match and capture + elements from the request URL. + type: string + replacement: + description: Replacement defines how to modify the URL to have + the new target URL. + type: string + type: object + redirectScheme: + description: 'RedirectScheme holds the redirect scheme middleware + configuration. This middleware redirects requests from a scheme/port + to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/' + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + port: + description: Port defines the port of the new URL. + type: string + scheme: + description: Scheme defines the scheme of the new URL. + type: string + type: object + replacePath: + description: 'ReplacePath holds the replace path middleware configuration. + This middleware replaces the path of the request URL and store the + original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/' + properties: + path: + description: Path defines the path to use as replacement in the + request URL. + type: string + type: object + replacePathRegex: + description: 'ReplacePathRegex holds the replace path regex middleware + configuration. This middleware replaces the path of a URL using + regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/' + properties: + regex: + description: Regex defines the regular expression used to match + and capture the path from the request URL. + type: string + replacement: + description: Replacement defines the replacement path format, + which can include captured variables. + type: string + type: object + retry: + description: 'Retry holds the retry middleware configuration. This + middleware reissues requests a given number of times to a backend + server if that server does not reply. As soon as the server answers, + the middleware stops retrying, regardless of the response status. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/' + properties: + attempts: + description: Attempts defines how many times the request should + be retried. + type: integer + initialInterval: + anyOf: + - type: integer + - type: string + description: InitialInterval defines the first wait time in the + exponential backoff series. The maximum interval is calculated + as twice the initialInterval. If unspecified, requests will + be retried immediately. The value of initialInterval should + be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. + x-kubernetes-int-or-string: true + type: object + stripPrefix: + description: 'StripPrefix holds the strip prefix middleware configuration. + This middleware removes the specified prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/' + properties: + forceSlash: + description: 'ForceSlash ensures that the resulting stripped path + is not the empty string, by replacing it with / when necessary. + Default: true.' + type: boolean + prefixes: + description: Prefixes defines the prefixes to strip from the request + URL. + items: + type: string + type: array + type: object + stripPrefixRegex: + description: 'StripPrefixRegex holds the strip prefix regex middleware + configuration. This middleware removes the matching prefixes from + the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/' + properties: + regex: + description: Regex defines the regular expression to match the + path prefix from the request URL. + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_middlewaretcps.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_middlewaretcps.yaml new file mode 100644 index 00000000..85302fa8 --- /dev/null +++ b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_middlewaretcps.yaml @@ -0,0 +1,72 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewaretcps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: MiddlewareTCP + listKind: MiddlewareTCPList + plural: middlewaretcps + singular: middlewaretcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP. + properties: + inFlightConn: + description: InFlightConn defines the InFlightConn middleware configuration. + properties: + amount: + description: Amount defines the maximum amount of allowed simultaneous + connections. The middleware closes the connection if there are + already amount connections opened. + format: int64 + type: integer + type: object + ipWhiteList: + description: IPWhiteList defines the IPWhiteList middleware configuration. + properties: + sourceRange: + description: SourceRange defines the allowed IPs (or ranges of + allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_serverstransports.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_serverstransports.yaml new file mode 100644 index 00000000..d6fc3a92 --- /dev/null +++ b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_serverstransports.yaml @@ -0,0 +1,128 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: serverstransports.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: ServersTransport + listKind: ServersTransportList + plural: serverstransports + singular: serverstransport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'ServersTransport is the CRD implementation of a ServersTransport. + If no serversTransport is specified, the default@internal will be used. + The default@internal serversTransport is created from the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServersTransportSpec defines the desired state of a ServersTransport. + properties: + certificatesSecrets: + description: CertificatesSecrets defines a list of secret storing + client certificates for mTLS. + items: + type: string + type: array + disableHTTP2: + description: DisableHTTP2 disables HTTP/2 for connections with backend + servers. + type: boolean + forwardingTimeouts: + description: ForwardingTimeouts defines the timeouts for requests + forwarded to the backend servers. + properties: + dialTimeout: + anyOf: + - type: integer + - type: string + description: DialTimeout is the amount of time to wait until a + connection to a backend server can be established. + x-kubernetes-int-or-string: true + idleConnTimeout: + anyOf: + - type: integer + - type: string + description: IdleConnTimeout is the maximum period for which an + idle HTTP keep-alive connection will remain open before closing + itself. + x-kubernetes-int-or-string: true + pingTimeout: + anyOf: + - type: integer + - type: string + description: PingTimeout is the timeout after which the HTTP/2 + connection will be closed if a response to ping is not received. + x-kubernetes-int-or-string: true + readIdleTimeout: + anyOf: + - type: integer + - type: string + description: ReadIdleTimeout is the timeout after which a health + check using ping frame will be carried out if no frame is received + on the HTTP/2 connection. + x-kubernetes-int-or-string: true + responseHeaderTimeout: + anyOf: + - type: integer + - type: string + description: ResponseHeaderTimeout is the amount of time to wait + for a server's response headers after fully writing the request + (including its body, if any). + x-kubernetes-int-or-string: true + type: object + insecureSkipVerify: + description: InsecureSkipVerify disables SSL certificate verification. + type: boolean + maxIdleConnsPerHost: + description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) + to keep per-host. + type: integer + peerCertURI: + description: PeerCertURI defines the peer cert URI used to match against + SAN URI during the peer certificate verification. + type: string + rootCAsSecrets: + description: RootCAsSecrets defines a list of CA secret used to validate + self-signed certificate. + items: + type: string + type: array + serverName: + description: ServerName defines the server name used to contact the + server. + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_tlsoptions.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_tlsoptions.yaml new file mode 100644 index 00000000..73667667 --- /dev/null +++ b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_tlsoptions.yaml @@ -0,0 +1,113 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsoptions.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TLSOption + listKind: TLSOptionList + plural: tlsoptions + singular: tlsoption + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TLSOption is the CRD implementation of a Traefik TLS Option, + allowing to configure some parameters of the TLS connection. More info: + https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSOptionSpec defines the desired state of a TLSOption. + properties: + alpnProtocols: + description: 'ALPNProtocols defines the list of supported application + level protocols for the TLS handshake, in order of preference. More + info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols' + items: + type: string + type: array + cipherSuites: + description: 'CipherSuites defines the list of supported cipher suites + for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites' + items: + type: string + type: array + clientAuth: + description: ClientAuth defines the server's policy for TLS Client + Authentication. + properties: + clientAuthType: + description: ClientAuthType defines the client authentication + type to apply. + enum: + - NoClientCert + - RequestClientCert + - RequireAnyClientCert + - VerifyClientCertIfGiven + - RequireAndVerifyClientCert + type: string + secretNames: + description: SecretNames defines the names of the referenced Kubernetes + Secret storing certificate details. + items: + type: string + type: array + type: object + curvePreferences: + description: 'CurvePreferences defines the preferred elliptic curves + in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences' + items: + type: string + type: array + maxVersion: + description: 'MaxVersion defines the maximum TLS version that Traefik + will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, + VersionTLS13. Default: None.' + type: string + minVersion: + description: 'MinVersion defines the minimum TLS version that Traefik + will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, + VersionTLS13. Default: VersionTLS10.' + type: string + preferServerCipherSuites: + description: 'PreferServerCipherSuites defines whether the server + chooses a cipher suite among his own instead of among the client''s. + It is enabled automatically when minVersion or maxVersion is set. + Deprecated: https://github.com/golang/go/issues/45430' + type: boolean + sniStrict: + description: SniStrict defines whether Traefik allows connections + from clients connections that do not specify a server_name extension. + type: boolean + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_tlsstores.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_tlsstores.yaml new file mode 100644 index 00000000..12f0ad37 --- /dev/null +++ b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_tlsstores.yaml @@ -0,0 +1,99 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsstores.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TLSStore + listKind: TLSStoreList + plural: tlsstores + singular: tlsstore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For + the time being, only the TLSStore named default is supported. This means + that you cannot have two stores that are named default in different Kubernetes + namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSStoreSpec defines the desired state of a TLSStore. + properties: + certificates: + description: Certificates is a list of secret names, each secret holding + a key/certificate pair to add to the store. + items: + description: Certificate holds a secret name for the TLSStore resource. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + type: array + defaultCertificate: + description: DefaultCertificate defines the default certificate configuration. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + defaultGeneratedCert: + description: DefaultGeneratedCert defines the default generated certificate + configuration. + properties: + domain: + description: Domain is the domain definition for the DefaultCertificate. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain names. + items: + type: string + type: array + type: object + resolver: + description: Resolver is the name of the resolver that will be + used to issue the DefaultCertificate. + type: string + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_traefikservices.yaml b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_traefikservices.yaml new file mode 100644 index 00000000..0dcf4700 --- /dev/null +++ b/traefik/cluster/crds/localized-crds-62d7a9be592b552965fb690681b6f4f8865ce792/traefik/crds/traefik.containo.us_traefikservices.yaml @@ -0,0 +1,402 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: traefikservices.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TraefikService + listKind: TraefikServiceList + plural: traefikservices + singular: traefikservice + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TraefikService is the CRD implementation of a Traefik Service. + TraefikService object allows to: - Apply weight to Services on load-balancing + - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TraefikServiceSpec defines the desired state of a TraefikService. + properties: + mirroring: + description: Mirroring defines the Mirroring service configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + maxBodySize: + description: MaxBodySize defines the maximum size allowed for + the body of the request. If the body is larger, the request + is not mirrored. Default value is -1, which means unlimited + size. + format: int64 + type: integer + mirrors: + description: Mirrors defines the list of mirrors where Traefik + will duplicate the traffic. + items: + description: MirrorService holds the mirror configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or + if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + percent: + description: 'Percent defines the part of the traffic to + mirror. Supported values: 0 to 100.' + type: integer + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in + milliseconds, in between flushes to the client while + copying the response body. A negative value means + to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes + a response as a streaming response; for such responses, + writes are flushed to the client immediately. Default: + 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between the two + is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the + only child is the Kubernetes Service clusterIP. The Kubernetes + Service itself does load-balance to the pods. By default, NativeLB + is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host header + is forwarded to the upstream Kubernetes Service. By default, + passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. This + can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards the + response from the upstream Kubernetes Service to the client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in milliseconds, + in between flushes to the client while copying the response + body. A negative value means to flush immediately after + each write to the client. This configuration is ignored + when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https when + Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport between + Traefik and your servers. Can only be used on a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. More + info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy between + the servers. RoundRobin is the only supported value at the moment. + type: string + weight: + description: Weight defines the weight and should only be specified + when Name references a TraefikService object (and to be precise, + one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + weighted: + description: Weighted defines the Weighted Round Robin configuration. + properties: + services: + description: Services defines the list of Kubernetes Service and/or + TraefikService to load-balance, with weight. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or + if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in + milliseconds, in between flushes to the client while + copying the response body. A negative value means + to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes + a response as a streaming response; for such responses, + writes are flushed to the client immediately. Default: + 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + sticky: + description: 'Sticky defines whether sticky sessions are enabled. + More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. More + info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: []