Traefik & KV Stores¶
Configuration Options¶
Keys
Keys are case-insensitive.
HTTP¶
Routers¶
The character @ is not authorized in the router name <router_name>.
| Key (Path) | Description | Value |
|---|---|---|
traefik/http/routers/<router_name>/rule |
See rule for more information. | Host(`example.com`) |
traefik/http/routers/<router_name>/ruleSyntax |
See rule for more information. RuleSyntax option is deprecated and will be removed in the next major version. Please do not use this field and rewrite the router rules to use the v3 syntax. |
v3 |
traefik/http/routers/<router_name>/entrypoints/0 |
See entry points for more information. | web |
traefik/http/routers/<router_name>/entrypoints/1 |
See entry points for more information. | websecure |
traefik/http/routers/<router_name>/middlewares/0 |
See middlewares overview for more information. | auth |
traefik/http/routers/<router_name>/middlewares/1 |
prefix |
|
traefik/http/routers/<router_name>/service |
See service for more information. | myservice |
traefik/http/routers/<router_name>/tls |
See tls for more information. | true |
traefik/http/routers/<router_name>/tls/certresolver |
See certResolver for more information. | myresolver |
traefik/http/routers/<router_name>/tls/domains/0/main |
See domains for more information. | example.org |
traefik/http/routers/<router_name>/tls/domains/0/sans/0 |
See domains for more information. | test.example.org |
traefik/http/routers/<router_name>/tls/domains/0/sans/1 |
See domains for more information. | dev.example.org |
traefik/http/routers/<router_name>/tls/options |
See TLS Options for more information. | foobar |
traefik/http/routers/<router_name>/observability/accesslogs |
The accessLogs option controls whether the router will produce access-logs. | true |
traefik/http/routers/<router_name>/observability/metrics |
The metrics option controls whether the router will produce metrics. | true |
traefik/http/routers/<router_name>/observability/tracing |
The tracing option controls whether the router will produce traces. | true |
traefik/http/routers/<router_name>/priority |
See priority for more information. | 42 |
Services¶
The character @ is not authorized in the service name <service_name>.
| Key (Path) | Description | Value |
|---|---|---|
traefik/http/services/myservice/loadbalancer/servers/0/url |
See servers for more information. | http://<ip-server-1>:<port-server-1>/ |
traefik/http/services/myservice/loadbalancer/servers/0/preservePath |
See servers for more information. | true |
traefik/http/services/myservice/loadbalancer/servers/0/weight |
See servers for more information. | 1 |
traefik/http/services/myservice/loadbalancer/serverstransport |
Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one. See serverstransport for more information. |
foobar@file |
traefik/http/services/myservice/loadbalancer/passhostheader |
See Service for more information. | true |
traefik/http/services/myservice/loadbalancer/healthcheck/headers/X-Foo |
See health check for more information. | foobar |
traefik/http/services/myservice/loadbalancer/healthcheck/hostname |
See health check for more information. | example.org |
traefik/http/services/myservice/loadbalancer/healthcheck/interval |
See health check for more information. | 10 |
traefik/http/services/myservice/loadbalancer/healthcheck/path |
See health check for more information. | /foo |
traefik/http/services/myservice/loadbalancer/healthcheck/method |
See health check for more information. | foobar |
traefik/http/services/myservice/loadbalancer/healthcheck/status |
See health check for more information. | 42 |
traefik/http/services/myservice/loadbalancer/healthcheck/port |
See health check for more information. | 42 |
traefik/http/services/myservice/loadbalancer/healthcheck/scheme |
See health check for more information. | http |
traefik/http/services/myservice/loadbalancer/healthcheck/timeout |
See health check for more information. | 10 |
traefik/http/services/myservice/loadbalancer/sticky |
See Service for more information. | true |
traefik/http/services/myservice/loadbalancer/sticky/cookie/httponly |
See Service for more information. | true |
traefik/http/services/myservice/loadbalancer/sticky/cookie/name |
See Service for more information. | foobar |
traefik/http/services/myservice/loadbalancer/sticky/cookie/path |
See Service for more information. | /foobar |
traefik/http/services/myservice/loadbalancer/sticky/cookie/secure |
See Service for more information. | true |
traefik/http/services/myservice/loadbalancer/sticky/cookie/samesite |
See Service for more information. | none |
traefik/http/services/myservice/loadbalancer/sticky/cookie/maxage |
See Service for more information. | 42 |
traefik/http/services/myservice/loadbalancer/responseforwarding/flushinterval |
See Service for more information. | 10 |
traefik/http/services/<service_name>/mirroring/service |
See Service for more information. | foobar |
traefik/http/services/<service_name>/mirroring/mirrors/<n>/name |
See Service for more information. | foobar |
traefik/http/services/<service_name>/mirroring/mirrors/<n>/percent |
See Servicefor more information. | 42 |
traefik/http/services/<service_name>/weighted/services/<n>/name |
See Service for more information. | foobar |
traefik/http/services/<service_name>/weighted/services/<n>/weight |
See Service for more information. | 42 |
traefik/http/services/<service_name>/weighted/sticky/cookie/name |
See Service for more information. | foobar |
traefik/http/services/<service_name>/weighted/sticky/cookie/secure |
See Service for more information. | true |
traefik/http/services/<service_name>/weighted/sticky/cookie/samesite |
See Service for more information. | none |
traefik/http/services/<service_name>/weighted/sticky/cookie/httpOnly |
See Service for more information. | true |
traefik/http/services/<service_name>/weighted/sticky/cookie/maxage |
See Service for more information. | 42 |
traefik/http/services/<service_name>/failover/fallback |
See Failover for more information. | backup |
traefik/http/services/<service_name>/failover/healthcheck |
See Failover for more information. | {} |
traefik/http/services/<service_name>/failover/service |
See Failover for more information. | main |
Middleware¶
Configuration Options¶
| Key (Path) | Description | Value |
|---|---|---|
traefik/http/middlewares/mymiddleware/middleware_type/middleware_option |
With middleware_type the type of middleware (ex: forwardAuth, headers, etc)and middleware_option the middleware option to set (ex for the middleware addPrefix: prefix).More information about available middlewares in the dedicated middlewares section. |
foobar |
The character @ is not authorized in the middleware name.
Conflicts in Declaration
If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.
Configuration Example¶
# Declaring a middleware
traefik/http/middlewares/myAddPrefix/addPrefix/prefix=/foobar
# Referencing a middleware
traefik/http/routers/<router_name>/middlewares/0=myAddPrefixServerTransport¶
Configuration Options¶
| Key (Path) | Description | Value |
|---|---|---|
traefik/http/serversTransports/<serversTransportName>/st_option |
With st_option the ServerTransport option to set (ex maxIdleConnsPerHost).More information about available options in the dedicated ServerTransport section. |
ServerTransport Options |
Configuration Example¶
# Declaring a ServerTransport
traefik/http/serversTransports/myServerTransport/maxIdleConnsPerHost=-1
traefik/http/serversTransports/myServerTransport/certificates/0/certFile=mypath/cert.pem
traefik/http/serversTransports/myServerTransport/certificates/0/keyFile=mypath/key.pem
# Referencing a middleware
traefik/http/services/myService/serversTransports/0=myServerTransportTCP¶
You can declare TCP Routers and/or Services using KV.
Routers¶
| Key (Path) | Description | Value |
|---|---|---|
traefik/tcp/routers/mytcprouter/entrypoints/0 |
See entry points for more information. | ep1 |
traefik/tcp/routers/mytcprouter/entrypoints/1 |
See entry points for more information. | ep2 |
traefik/tcp/routers/my-router/rule |
See entry points for more information. | HostSNI(`example.com`) |
traefik/tcp/routers/mytcprouter/service |
See service for more information. | myservice |
traefik/tcp/routers/mytcprouter/tls |
See TLS for more information. | true |
traefik/tcp/routers/mytcprouter/tls/certresolver |
See certResolver for more information. | myresolver |
traefik/tcp/routers/mytcprouter/tls/domains/0/main |
See TLS for more information. | example.org |
traefik/tcp/routers/mytcprouter/tls/domains/0/sans/0 |
See TLS for more information. | test.example.org |
traefik/tcp/routers/mytcprouter/tls/domains/0/sans/1 |
See TLS for more information. | dev.example.org |
traefik/tcp/routers/mytcprouter/tls/options |
See TLS for more information. | foobar |
traefik/tcp/routers/mytcprouter/tls/passthrough |
See TLS for more information. | true |
traefik/tcp/routers/mytcprouter/priority |
See priority for more information. | 42 |
Services¶
| Key (Path) | Description | Value |
|---|---|---|
traefik/tcp/services/mytcpservice/loadbalancer/servers/0/address |
See servers for more information. | xx.xx.xx.xx:xx |
traefik/tcp/services/mytcpservice/loadbalancer/servers/0/tls |
See servers for more information. | true |
traefik/tcp/services/mytcpservice/loadbalancer/proxyprotocol/version |
See PROXY protocol for more information. | 1 |
traefik/tcp/services/myservice/loadbalancer/serverstransport |
Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one. See serverstransport for more information. |
foobar@file |
traefik/tcp/services/<service_name>/weighted/services/0/name |
See Service for more information. | foobar |
traefik/tcp/services/<service_name>/weighted/services/0/weight |
See Service for more information. | 42 |
Middleware¶
Configuration Options¶
You can declare pieces of middleware using tags starting with traefik/tcp/middlewares/{name-of-your-choice}., followed by the middleware type/options.
For example, to declare a middleware InFlightConn named test-inflightconn, you'd write traefik/tcp/middlewares/test-inflightconn/inflightconn/amount=10.
More information about available middlewares in the dedicated middlewares section.
| Key (Path) | Description | Value |
|---|---|---|
traefik/tcp/middlewares/mymiddleware/middleware_type/middleware_option |
With middleware_type the type of middleware (ex: inflightconn)and middleware_option the middleware option to set (ex for the middleware inflightconn: amount).More information about available middlewares in the dedicated middlewares section. |
foobar |
Conflicts in Declaration
If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.
Configuration Example¶
# Declaring a middleware
traefik/tcp/middlewares/test-inflightconn/amount=10
# Referencing a middleware
traefik/tcp/routers/<router_name>/middlewares/0=test-inflightconnServerTransport¶
Configuration Options¶
| Key (Path) | Description | Value |
|---|---|---|
traefik/tcp/serversTransports/<serversTransportName>/st_option |
With st_option the ServerTransport option to set (ex maxIdleConnsPerHost).More information about available options in the dedicated ServerTransport section. |
ServerTransport Options |
Configuration Example¶
# Declaring a ServerTransport
traefik/tcp/serversTransports/myServerTransport/maxIdleConnsPerHost=-1
# Referencing a middleware
traefik/tcp/services/myService/serversTransports/0=myServerTransportUDP¶
You can declare UDP Routers and/or Services using KV.
Routers¶
| Key (Path) | Description | Value |
|---|---|---|
traefik/udp/routers/myudprouter/entrypoints/0 |
See UDP Router for more information. | foobar |
traefik/udp/routers/myudprouter/service |
See UDP Router for more information. | foobar |
Services¶
| Key (Path) | Description | Value |
|---|---|---|
traefik/udp/services/loadBalancer/servers/<n>/address |
See UDP Service for more information. | foobar |
traefik/udp/services/weighted/services/0/name |
See UDP Service for more information. | foobar |
traefik/udp/services/weighted/servers/0/weight |
See UDP Service for more information. | 42 |
TLS¶
TLS Options¶
With the KV provider, you configure some parameters of the TLS connection using the tls/options key.
For example, you can define a basic setup like this:
| Key (Path) | Description | Value |
|---|---|---|
traefik/tls/options/Options0/alpnProtocols/0 |
See TLS Options for more information. | foobar |
traefik/tls/options/Options0/cipherSuites/0 |
See TLS Options for more information. | foobar |
traefik/tls/options/Options0/clientAuth/caFiles/0 |
See TLS Options for more information. | foobar |
traefik/tls/options/Options0/disableSessiontickets |
See TLS Options for more information. | true |
TLS Default Generated Certificates¶
You can configure Traefik to use an ACME provider (like Let's Encrypt) to generate the default certificate.
The configuration to resolve the default certificate should be defined in a TLS store.
| Key (Path) | Description | Value |
|---|---|---|
traefik/tls/stores/Store0/defaultGeneratedCert/domain/main |
See TLS for more information. | foobar |
traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/0 |
See TLS for more information | foobar |
traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/1 |
See TLS for more information | foobar |
traefik/tls/stores/Store0/defaultGeneratedCert/resolver |
See TLS for more information | foobar |