Traefik & KV Stores¶

Configuration Options¶

Keys

Keys are case-insensitive.

HTTP¶

Routers¶

The character @ is not authorized in the router name <router_name>.

Key (Path)	Description	Value
`traefik/http/routers/<router_name>/rule`	See rule for more information.	Host(`example.com`)
`traefik/http/routers/<router_name>/ruleSyntax`	See rule for more information. RuleSyntax option is deprecated and will be removed in the next major version. Please do not use this field and rewrite the router rules to use the v3 syntax.	`v3`
`traefik/http/routers/<router_name>/entrypoints/0`	See entry points for more information.	`web`
`traefik/http/routers/<router_name>/entrypoints/1`	See entry points for more information.	`websecure`
`traefik/http/routers/<router_name>/middlewares/0`	See middlewares overview for more information.	`auth`
`traefik/http/routers/<router_name>/middlewares/1`		`prefix`
`traefik/http/routers/<router_name>/service`	See service for more information.	`myservice`
`traefik/http/routers/<router_name>/tls`	See tls for more information.	`true`
`traefik/http/routers/<router_name>/tls/certresolver`	See certResolver for more information.	`myresolver`
`traefik/http/routers/<router_name>/tls/domains/0/main`	See domains for more information.	`example.org`
`traefik/http/routers/<router_name>/tls/domains/0/sans/0`	See domains for more information.	`test.example.org`
`traefik/http/routers/<router_name>/tls/domains/0/sans/1`	See domains for more information.	`dev.example.org`
`traefik/http/routers/<router_name>/tls/options`	See TLS Options for more information.	`foobar`
`traefik/http/routers/<router_name>/observability/accesslogs`	The accessLogs option controls whether the router will produce access-logs.	`true`
`traefik/http/routers/<router_name>/observability/metrics`	The metrics option controls whether the router will produce metrics.	`true`
`traefik/http/routers/<router_name>/observability/tracing`	The tracing option controls whether the router will produce traces.	`true`
`traefik/http/routers/<router_name>/priority`	See priority for more information.	`42`

Services¶

The character @ is not authorized in the service name <service_name>.

Key (Path)	Description	Value
`traefik/http/services/myservice/loadbalancer/servers/0/url`	See servers for more information.	`http://<ip-server-1>:<port-server-1>/`
`traefik/http/services/myservice/loadbalancer/servers/0/preservePath`	See servers for more information.	`true`
`traefik/http/services/myservice/loadbalancer/servers/0/weight`	See servers for more information.	`1`
`traefik/http/services/myservice/loadbalancer/serverstransport`	Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one. See serverstransport for more information.	`foobar@file`
`traefik/http/services/myservice/loadbalancer/passhostheader`	See Service for more information.	`true`
`traefik/http/services/myservice/loadbalancer/healthcheck/headers/X-Foo`	See health check for more information.	`foobar`
`traefik/http/services/myservice/loadbalancer/healthcheck/hostname`	See health check for more information.	`example.org`
`traefik/http/services/myservice/loadbalancer/healthcheck/interval`	See health check for more information.	`10`
`traefik/http/services/myservice/loadbalancer/healthcheck/path`	See health check for more information.	`/foo`
`traefik/http/services/myservice/loadbalancer/healthcheck/method`	See health check for more information.	`foobar`
`traefik/http/services/myservice/loadbalancer/healthcheck/status`	See health check for more information.	`42`
`traefik/http/services/myservice/loadbalancer/healthcheck/port`	See health check for more information.	`42`
`traefik/http/services/myservice/loadbalancer/healthcheck/scheme`	See health check for more information.	`http`
`traefik/http/services/myservice/loadbalancer/healthcheck/timeout`	See health check for more information.	`10`
`traefik/http/services/myservice/loadbalancer/sticky`	See Service for more information.	`true`
`traefik/http/services/myservice/loadbalancer/sticky/cookie/httponly`	See Service for more information.	`true`
`traefik/http/services/myservice/loadbalancer/sticky/cookie/name`	See Service for more information.	`foobar`
`traefik/http/services/myservice/loadbalancer/sticky/cookie/path`	See Service for more information.	`/foobar`
`traefik/http/services/myservice/loadbalancer/sticky/cookie/secure`	See Service for more information.	`true`
`traefik/http/services/myservice/loadbalancer/sticky/cookie/samesite`	See Service for more information.	`none`
`traefik/http/services/myservice/loadbalancer/sticky/cookie/maxage`	See Service for more information.	`42`
`traefik/http/services/myservice/loadbalancer/responseforwarding/flushinterval`	See Service for more information.	`10`
`traefik/http/services/<service_name>/mirroring/service`	See Service for more information.	`foobar`
`traefik/http/services/<service_name>/mirroring/mirrors/<n>/name`	See Service for more information.	`foobar`
`traefik/http/services/<service_name>/mirroring/mirrors/<n>/percent`	See Servicefor more information.	`42`
`traefik/http/services/<service_name>/weighted/services/<n>/name`	See Service for more information.	`foobar`
`traefik/http/services/<service_name>/weighted/services/<n>/weight`	See Service for more information.	`42`
`traefik/http/services/<service_name>/weighted/sticky/cookie/name`	See Service for more information.	`foobar`
`traefik/http/services/<service_name>/weighted/sticky/cookie/secure`	See Service for more information.	`true`
`traefik/http/services/<service_name>/weighted/sticky/cookie/samesite`	See Service for more information.	`none`
`traefik/http/services/<service_name>/weighted/sticky/cookie/httpOnly`	See Service for more information.	`true`
`traefik/http/services/<service_name>/weighted/sticky/cookie/maxage`	See Service for more information.	`42`
`traefik/http/services/<service_name>/failover/fallback`	See Failover for more information.	`backup`
`traefik/http/services/<service_name>/failover/healthcheck`	See Failover for more information.	`{}`
`traefik/http/services/<service_name>/failover/service`	See Failover for more information.	`main`

Middleware¶

Configuration Options¶

Key (Path)	Description	Value
`traefik/http/middlewares/mymiddleware/middleware_type/middleware_option`	With `middleware_type` the type of middleware (ex: `forwardAuth`, `headers`, etc) and `middleware_option` the middleware option to set (ex for the middleware `addPrefix`: `prefix`). More information about available middlewares in the dedicated middlewares section.	`foobar`

The character @ is not authorized in the middleware name.

Conflicts in Declaration

If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.

Configuration Example¶

# Declaring a middleware
traefik/http/middlewares/myAddPrefix/addPrefix/prefix=/foobar
# Referencing a middleware
traefik/http/routers/<router_name>/middlewares/0=myAddPrefix

ServerTransport¶

Configuration Options¶

Key (Path)	Description	Value
`traefik/http/serversTransports/<serversTransportName>/st_option`	With `st_option` the ServerTransport option to set (ex `maxIdleConnsPerHost`). More information about available options in the dedicated ServerTransport section.	ServerTransport Options

Configuration Example¶

# Declaring a ServerTransport
traefik/http/serversTransports/myServerTransport/maxIdleConnsPerHost=-1
traefik/http/serversTransports/myServerTransport/certificates/0/certFile=mypath/cert.pem
traefik/http/serversTransports/myServerTransport/certificates/0/keyFile=mypath/key.pem
# Referencing a middleware
traefik/http/services/myService/serversTransports/0=myServerTransport

TCP¶

You can declare TCP Routers and/or Services using KV.

Routers¶

Key (Path)	Description	Value
`traefik/tcp/routers/mytcprouter/entrypoints/0`	See entry points for more information.	`ep1`
`traefik/tcp/routers/mytcprouter/entrypoints/1`	See entry points for more information.	`ep2`
`traefik/tcp/routers/my-router/rule`	See entry points for more information.	HostSNI(`example.com`)
`traefik/tcp/routers/mytcprouter/service`	See service for more information.	`myservice`
`traefik/tcp/routers/mytcprouter/tls`	See TLS for more information.	`true`
`traefik/tcp/routers/mytcprouter/tls/certresolver`	See certResolver for more information.	`myresolver`
`traefik/tcp/routers/mytcprouter/tls/domains/0/main`	See TLS for more information.	`example.org`
`traefik/tcp/routers/mytcprouter/tls/domains/0/sans/0`	See TLS for more information.	`test.example.org`
`traefik/tcp/routers/mytcprouter/tls/domains/0/sans/1`	See TLS for more information.	`dev.example.org`
`traefik/tcp/routers/mytcprouter/tls/options`	See TLS for more information.	`foobar`
`traefik/tcp/routers/mytcprouter/tls/passthrough`	See TLS for more information.	`true`
`traefik/tcp/routers/mytcprouter/priority`	See priority for more information.	`42`

Services¶

Key (Path)	Description	Value
`traefik/tcp/services/mytcpservice/loadbalancer/servers/0/address`	See servers for more information.	`xx.xx.xx.xx:xx`
`traefik/tcp/services/mytcpservice/loadbalancer/servers/0/tls`	See servers for more information.	`true`
`traefik/tcp/services/mytcpservice/loadbalancer/proxyprotocol/version`	See PROXY protocol for more information.	`1`
`traefik/tcp/services/myservice/loadbalancer/serverstransport`	Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one. See serverstransport for more information.	`foobar@file`
`traefik/tcp/services/<service_name>/weighted/services/0/name`	See Service for more information.	`foobar`
`traefik/tcp/services/<service_name>/weighted/services/0/weight`	See Service for more information.	`42`

Middleware¶

Configuration Options¶

You can declare pieces of middleware using tags starting with traefik/tcp/middlewares/{name-of-your-choice}., followed by the middleware type/options.

For example, to declare a middleware InFlightConn named test-inflightconn, you'd write traefik/tcp/middlewares/test-inflightconn/inflightconn/amount=10.

More information about available middlewares in the dedicated middlewares section.

Key (Path)	Description	Value
`traefik/tcp/middlewares/mymiddleware/middleware_type/middleware_option`	With `middleware_type` the type of middleware (ex: `inflightconn`) and `middleware_option` the middleware option to set (ex for the middleware `inflightconn`: `amount`). More information about available middlewares in the dedicated middlewares section.	`foobar`

Conflicts in Declaration

If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.

Configuration Example¶

# Declaring a middleware
traefik/tcp/middlewares/test-inflightconn/amount=10
# Referencing a middleware
traefik/tcp/routers/<router_name>/middlewares/0=test-inflightconn

ServerTransport¶

Configuration Options¶

Key (Path)	Description	Value
`traefik/tcp/serversTransports/<serversTransportName>/st_option`	With `st_option` the ServerTransport option to set (ex `maxIdleConnsPerHost`). More information about available options in the dedicated ServerTransport section.	ServerTransport Options

Configuration Example¶

# Declaring a ServerTransport
traefik/tcp/serversTransports/myServerTransport/maxIdleConnsPerHost=-1
# Referencing a middleware
traefik/tcp/services/myService/serversTransports/0=myServerTransport

UDP¶

You can declare UDP Routers and/or Services using KV.

Routers¶

Key (Path)	Description	Value
`traefik/udp/routers/myudprouter/entrypoints/0`	See UDP Router for more information.	`foobar`
`traefik/udp/routers/myudprouter/service`	See UDP Router for more information.	`foobar`

Services¶

Key (Path)	Description	Value
`traefik/udp/services/loadBalancer/servers/<n>/address`	See UDP Service for more information.	`foobar`
`traefik/udp/services/weighted/services/0/name`	See UDP Service for more information.	`foobar`
`traefik/udp/services/weighted/servers/0/weight`	See UDP Service for more information.	`42`

TLS¶

TLS Options¶

With the KV provider, you configure some parameters of the TLS connection using the tls/options key.

For example, you can define a basic setup like this:

Key (Path)	Description	Value
`traefik/tls/options/Options0/alpnProtocols/0`	See TLS Options for more information.	`foobar`
`traefik/tls/options/Options0/cipherSuites/0`	See TLS Options for more information.	`foobar`
`traefik/tls/options/Options0/clientAuth/caFiles/0`	See TLS Options for more information.	`foobar`
`traefik/tls/options/Options0/disableSessiontickets`	See TLS Options for more information.	`true`

TLS Default Generated Certificates¶

You can configure Traefik to use an ACME provider (like Let's Encrypt) to generate the default certificate.

The configuration to resolve the default certificate should be defined in a TLS store.

Key (Path)	Description	Value
`traefik/tls/stores/Store0/defaultGeneratedCert/domain/main`	See TLS for more information.	`foobar`
`traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/0`	See TLS for more information	`foobar`
`traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/1`	See TLS for more information	`foobar`
`traefik/tls/stores/Store0/defaultGeneratedCert/resolver`	See TLS for more information	`foobar`