Skip to content

Traefik & KV Stores

Configuration Options

Keys

Keys are case-insensitive.

HTTP

Routers

The character @ is not authorized in the router name <router_name>.

Key (Path) Description Value
traefik/http/routers/<router_name>/rule See rule for more information. Host(`example.com`)
traefik/http/routers/<router_name>/ruleSyntax See rule for more information.
RuleSyntax option is deprecated and will be removed in the next major version.
Please do not use this field and rewrite the router rules to use the v3 syntax.
v3
traefik/http/routers/<router_name>/entrypoints/0 See entry points for more information. web
traefik/http/routers/<router_name>/entrypoints/1 See entry points for more information. websecure
traefik/http/routers/<router_name>/middlewares/0 See middlewares overview for more information. auth
traefik/http/routers/<router_name>/middlewares/1 prefix
traefik/http/routers/<router_name>/service See service for more information. myservice
traefik/http/routers/<router_name>/tls See tls for more information. true
traefik/http/routers/<router_name>/tls/certresolver See certResolver for more information. myresolver
traefik/http/routers/<router_name>/tls/domains/0/main See domains for more information. example.org
traefik/http/routers/<router_name>/tls/domains/0/sans/0 See domains for more information. test.example.org
traefik/http/routers/<router_name>/tls/domains/0/sans/1 See domains for more information. dev.example.org
traefik/http/routers/<router_name>/tls/options See TLS Options for more information. foobar
traefik/http/routers/<router_name>/observability/accesslogs The accessLogs option controls whether the router will produce access-logs. true
traefik/http/routers/<router_name>/observability/metrics The metrics option controls whether the router will produce metrics. true
traefik/http/routers/<router_name>/observability/tracing The tracing option controls whether the router will produce traces. true
traefik/http/routers/<router_name>/priority See priority for more information. 42

Services

The character @ is not authorized in the service name <service_name>.

Key (Path) Description Value
traefik/http/services/myservice/loadbalancer/servers/0/url See servers for more information. http://<ip-server-1>:<port-server-1>/
traefik/http/services/myservice/loadbalancer/servers/0/preservePath See servers for more information. true
traefik/http/services/myservice/loadbalancer/servers/0/weight See servers for more information. 1
traefik/http/services/myservice/loadbalancer/serverstransport Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one.
See serverstransport for more information.
foobar@file
traefik/http/services/myservice/loadbalancer/passhostheader See Service for more information. true
traefik/http/services/myservice/loadbalancer/healthcheck/headers/X-Foo See health check for more information. foobar
traefik/http/services/myservice/loadbalancer/healthcheck/hostname See health check for more information. example.org
traefik/http/services/myservice/loadbalancer/healthcheck/interval See health check for more information. 10
traefik/http/services/myservice/loadbalancer/healthcheck/path See health check for more information. /foo
traefik/http/services/myservice/loadbalancer/healthcheck/method See health check for more information. foobar
traefik/http/services/myservice/loadbalancer/healthcheck/status See health check for more information. 42
traefik/http/services/myservice/loadbalancer/healthcheck/port See health check for more information. 42
traefik/http/services/myservice/loadbalancer/healthcheck/scheme See health check for more information. http
traefik/http/services/myservice/loadbalancer/healthcheck/timeout See health check for more information. 10
traefik/http/services/myservice/loadbalancer/sticky See Service for more information. true
traefik/http/services/myservice/loadbalancer/sticky/cookie/httponly See Service for more information. true
traefik/http/services/myservice/loadbalancer/sticky/cookie/name See Service for more information. foobar
traefik/http/services/myservice/loadbalancer/sticky/cookie/path See Service for more information. /foobar
traefik/http/services/myservice/loadbalancer/sticky/cookie/secure See Service for more information. true
traefik/http/services/myservice/loadbalancer/sticky/cookie/samesite See Service for more information. none
traefik/http/services/myservice/loadbalancer/sticky/cookie/maxage See Service for more information. 42
traefik/http/services/myservice/loadbalancer/responseforwarding/flushinterval See Service for more information. 10
traefik/http/services/<service_name>/mirroring/service See Service for more information. foobar
traefik/http/services/<service_name>/mirroring/mirrors/<n>/name See Service for more information. foobar
traefik/http/services/<service_name>/mirroring/mirrors/<n>/percent See Servicefor more information. 42
traefik/http/services/<service_name>/weighted/services/<n>/name See Service for more information. foobar
traefik/http/services/<service_name>/weighted/services/<n>/weight See Service for more information. 42
traefik/http/services/<service_name>/weighted/sticky/cookie/name See Service for more information. foobar
traefik/http/services/<service_name>/weighted/sticky/cookie/secure See Service for more information. true
traefik/http/services/<service_name>/weighted/sticky/cookie/samesite See Service for more information. none
traefik/http/services/<service_name>/weighted/sticky/cookie/httpOnly See Service for more information. true
traefik/http/services/<service_name>/weighted/sticky/cookie/maxage See Service for more information. 42
traefik/http/services/<service_name>/failover/fallback See Failover for more information. backup
traefik/http/services/<service_name>/failover/healthcheck See Failover for more information. {}
traefik/http/services/<service_name>/failover/service See Failover for more information. main

Middleware

Configuration Options
Key (Path) Description Value
traefik/http/middlewares/mymiddleware/middleware_type/middleware_option With middleware_type the type of middleware (ex: forwardAuth, headers, etc)
and middleware_option the middleware option to set (ex for the middleware addPrefix: prefix).
More information about available middlewares in the dedicated middlewares section.
foobar

The character @ is not authorized in the middleware name.

Conflicts in Declaration

If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.

Configuration Example
# Declaring a middleware
traefik/http/middlewares/myAddPrefix/addPrefix/prefix=/foobar
# Referencing a middleware
traefik/http/routers/<router_name>/middlewares/0=myAddPrefix

ServerTransport

Configuration Options
Key (Path) Description Value
traefik/http/serversTransports/<serversTransportName>/st_option With st_option the ServerTransport option to set (ex maxIdleConnsPerHost).
More information about available options in the dedicated ServerTransport section.
ServerTransport Options
Configuration Example
# Declaring a ServerTransport
traefik/http/serversTransports/myServerTransport/maxIdleConnsPerHost=-1
traefik/http/serversTransports/myServerTransport/certificates/0/certFile=mypath/cert.pem
traefik/http/serversTransports/myServerTransport/certificates/0/keyFile=mypath/key.pem
# Referencing a middleware
traefik/http/services/myService/serversTransports/0=myServerTransport

TCP

You can declare TCP Routers and/or Services using KV.

Routers

Key (Path) Description Value
traefik/tcp/routers/mytcprouter/entrypoints/0 See entry points for more information. ep1
traefik/tcp/routers/mytcprouter/entrypoints/1 See entry points for more information. ep2
traefik/tcp/routers/my-router/rule See entry points for more information. HostSNI(`example.com`)
traefik/tcp/routers/mytcprouter/service See service for more information. myservice
traefik/tcp/routers/mytcprouter/tls See TLS for more information. true
traefik/tcp/routers/mytcprouter/tls/certresolver See certResolver for more information. myresolver
traefik/tcp/routers/mytcprouter/tls/domains/0/main See TLS for more information. example.org
traefik/tcp/routers/mytcprouter/tls/domains/0/sans/0 See TLS for more information. test.example.org
traefik/tcp/routers/mytcprouter/tls/domains/0/sans/1 See TLS for more information. dev.example.org
traefik/tcp/routers/mytcprouter/tls/options See TLS for more information. foobar
traefik/tcp/routers/mytcprouter/tls/passthrough See TLS for more information. true
traefik/tcp/routers/mytcprouter/priority See priority for more information. 42

Services

Key (Path) Description Value
traefik/tcp/services/mytcpservice/loadbalancer/servers/0/address See servers for more information. xx.xx.xx.xx:xx
traefik/tcp/services/mytcpservice/loadbalancer/servers/0/tls See servers for more information. true
traefik/tcp/services/mytcpservice/loadbalancer/proxyprotocol/version See PROXY protocol for more information. 1
traefik/tcp/services/myservice/loadbalancer/serverstransport Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one.
See serverstransport for more information.
foobar@file
traefik/tcp/services/<service_name>/weighted/services/0/name See Service for more information. foobar
traefik/tcp/services/<service_name>/weighted/services/0/weight See Service for more information. 42

Middleware

Configuration Options

You can declare pieces of middleware using tags starting with traefik/tcp/middlewares/{name-of-your-choice}., followed by the middleware type/options.

For example, to declare a middleware InFlightConn named test-inflightconn, you'd write traefik/tcp/middlewares/test-inflightconn/inflightconn/amount=10.

More information about available middlewares in the dedicated middlewares section.

Key (Path) Description Value
traefik/tcp/middlewares/mymiddleware/middleware_type/middleware_option With middleware_type the type of middleware (ex: inflightconn)
and middleware_option the middleware option to set (ex for the middleware inflightconn: amount).
More information about available middlewares in the dedicated middlewares section.
foobar

Conflicts in Declaration

If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.

Configuration Example
# Declaring a middleware
traefik/tcp/middlewares/test-inflightconn/amount=10
# Referencing a middleware
traefik/tcp/routers/<router_name>/middlewares/0=test-inflightconn

ServerTransport

Configuration Options
Key (Path) Description Value
traefik/tcp/serversTransports/<serversTransportName>/st_option With st_option the ServerTransport option to set (ex maxIdleConnsPerHost).
More information about available options in the dedicated ServerTransport section.
ServerTransport Options
Configuration Example
# Declaring a ServerTransport
traefik/tcp/serversTransports/myServerTransport/maxIdleConnsPerHost=-1
# Referencing a middleware
traefik/tcp/services/myService/serversTransports/0=myServerTransport

UDP

You can declare UDP Routers and/or Services using KV.

Routers

Key (Path) Description Value
traefik/udp/routers/myudprouter/entrypoints/0 See UDP Router for more information. foobar
traefik/udp/routers/myudprouter/service See UDP Router for more information. foobar

Services

Key (Path) Description Value
traefik/udp/services/loadBalancer/servers/<n>/address See UDP Service for more information. foobar
traefik/udp/services/weighted/services/0/name See UDP Service for more information. foobar
traefik/udp/services/weighted/servers/0/weight See UDP Service for more information. 42

TLS

TLS Options

With the KV provider, you configure some parameters of the TLS connection using the tls/options key.

For example, you can define a basic setup like this:

Key (Path) Description Value
traefik/tls/options/Options0/alpnProtocols/0 See TLS Options for more information. foobar
traefik/tls/options/Options0/cipherSuites/0 See TLS Options for more information. foobar
traefik/tls/options/Options0/clientAuth/caFiles/0 See TLS Options for more information. foobar
traefik/tls/options/Options0/disableSessiontickets See TLS Options for more information. true

TLS Default Generated Certificates

You can configure Traefik to use an ACME provider (like Let's Encrypt) to generate the default certificate.

The configuration to resolve the default certificate should be defined in a TLS store.

Key (Path) Description Value
traefik/tls/stores/Store0/defaultGeneratedCert/domain/main See TLS for more information. foobar
traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/0 See TLS for more information foobar
traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/1 See TLS for more information foobar
traefik/tls/stores/Store0/defaultGeneratedCert/resolver See TLS for more information foobar