---apiVersion:apiextensions.k8s.io/v1kind:CustomResourceDefinitionmetadata: annotations:controller-gen.kubebuilder.io/version:v0.13.0 name:ingressroutes.traefik.iospec: group:traefik.io names: kind:IngressRoute listKind:IngressRouteList plural:ingressroutes singular:ingressroute scope:Namespaced versions: - name:v1alpha1 schema: openAPIV3Schema: description:IngressRouteistheCRDimplementationofaTraefikHTTPRouter. properties: apiVersion: description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type:string kind: description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type:string metadata: type:object spec: description:IngressRouteSpecdefinesthedesiredstateofIngressRoute. properties: entryPoints: description:'EntryPoints defines the list of entry point names to
bind to. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
Default: all.' items: type:string type:array routes: description:Routesdefinesthelistofroutes. items: description:RouteholdstheHTTProuteconfiguration. properties: kind: description:Kinddefinesthekindoftheroute.Ruleistheonlysupportedkind. enum: -Rule type:string match: description:'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule' type:string middlewares: description:'Middlewares defines the list of references to
Middleware resources. More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware' items: description:MiddlewareRefisareferencetoaMiddlewareresource. properties: name: description:NamedefinesthenameofthereferencedMiddlewareresource. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedMiddlewareresource. type:string required: -name type:object type:array priority: description:'Priority defines the router''s priority. More
info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority' type:integer services: description:ServicesdefinesthelistofService.ItcancontainanycombinationofTraefikServiceand/orreferencetoaKubernetesService. items: description:ServicedefinesanupstreamHTTPservicetoproxytrafficto. properties: kind: description:KinddefinesthekindoftheService. enum: -Service -TraefikService type:string name: description:NamedefinesthenameofthereferencedKubernetesServiceorTraefikService.ThedifferentiationbetweenthetwoisspecifiedintheKindfield. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedKubernetesServiceorTraefikService. type:string nativeLB: description:NativeLBcontrols,whencreatingtheload-balancer,whethertheLB'schildrenaredirectlythepodsIPsoriftheonlychildistheKubernetesServiceclusterIP.TheKubernetesServiceitselfdoesload-balancetothepods.Bydefault,NativeLBisfalse.
type:boolean passHostHeader: description:PassHostHeaderdefineswhethertheclientHostheaderisforwardedtotheupstreamKubernetesService.Bydefault,passHostHeaderistrue.
type:boolean port: anyOf: - type:integer - type:string description:PortdefinestheportofaKubernetesService.Thiscanbeareferencetoanamedport. x-kubernetes-int-or-string:true responseForwarding: description:ResponseForwardingdefineshowTraefikforwardstheresponsefromtheupstreamKubernetesServicetotheclient. properties: flushInterval: description:'FlushInterval defines the interval,
in milliseconds, in between flushes to the client
while copying the response body. A negative value
means to flush immediately after each write to the
client. This configuration is ignored when ReverseProxy
recognizes a response as a streaming response; for
such responses, writes are flushed to the client
immediately. Default: 100ms' type:string type:object scheme: description:SchemedefinestheschemetousefortherequesttotheupstreamKubernetesService.ItdefaultstohttpswhenKubernetesServiceportis443,httpotherwise. type:string serversTransport: description:ServersTransportdefinesthenameofServersTransportresourcetouse.ItallowstoconfigurethetransportbetweenTraefikandyourservers.CanonlybeusedonaKubernetesService. type:string sticky: description:'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' properties: cookie: description:Cookiedefinesthestickycookieconfiguration. properties: httpOnly: description:HTTPOnlydefineswhetherthecookiecanbeaccessedbyclient-sideAPIs,suchasJavaScript. type:boolean name: description:NamedefinestheCookiename. type:string sameSite: description:'SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' type:string secure: description:Securedefineswhetherthecookiecanonlybetransmittedoveranencryptedconnection(i.e.HTTPS). type:boolean type:object type:object strategy: description:Strategydefinestheloadbalancingstrategybetweentheservers.RoundRobinistheonlysupportedvalueatthemoment. type:string weight: description:WeightdefinestheweightandshouldonlybespecifiedwhenNamereferencesaTraefikServiceobject(andtobeprecise,onethatembedsaWeightedRoundRobin). type:integer required: -name type:object type:array required: -kind -match type:object type:array tls: description:'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls' properties: certResolver: description:'CertResolver defines the name of the certificate
resolver to use. Cert resolvers have to be configured in the
static configuration. More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers' type:string domains: description:'Domains defines the list of domains that will be
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains' items: description:DomainholdsadomainnamewithSANs. properties: main: description:Maindefinesthemaindomainname. type:string sans: description:SANsdefinesthesubjectalternativedomainnames. items: type:string type:array type:object type:array options: description:'Options defines the reference to a TLSOption, that
specifies the parameters of the TLS connection. If not defined,
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options' properties: name: description:'Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption' type:string namespace: description:'Namespace defines the namespace of the referenced
TLSOption. More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption' type:string required: -name type:object secretName: description:SecretNameisthenameofthereferencedKubernetesSecrettospecifythecertificatedetails. type:string store: description:StoredefinesthereferencetotheTLSStore,thatwillbeusedtostorecertificates.Pleasenotethatonly`default`TLSStorecanbeused. properties: name: description:'Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore' type:string namespace: description:'Namespace defines the namespace of the referenced
TLSStore. More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore' type:string required: -name type:object type:object required: -routes type:object required: -metadata -spec type:object served:true storage:true---apiVersion:apiextensions.k8s.io/v1kind:CustomResourceDefinitionmetadata: annotations:controller-gen.kubebuilder.io/version:v0.13.0 name:ingressroutetcps.traefik.iospec: group:traefik.io names: kind:IngressRouteTCP listKind:IngressRouteTCPList plural:ingressroutetcps singular:ingressroutetcp scope:Namespaced versions: - name:v1alpha1 schema: openAPIV3Schema: description:IngressRouteTCPistheCRDimplementationofaTraefikTCPRouter. properties: apiVersion: description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type:string kind: description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type:string metadata: type:object spec: description:IngressRouteTCPSpecdefinesthedesiredstateofIngressRouteTCP. properties: entryPoints: description:'EntryPoints defines the list of entry point names to
bind to. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
Default: all.' items: type:string type:array routes: description:Routesdefinesthelistofroutes. items: description:RouteTCPholdstheTCProuteconfiguration. properties: match: description:'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1' type:string middlewares: description:MiddlewaresdefinesthelistofreferencestoMiddlewareTCPresources. items: description:ObjectReferenceisagenericreferencetoaTraefikresource. properties: name: description:NamedefinesthenameofthereferencedTraefikresource. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedTraefikresource. type:string required: -name type:object type:array priority: description:'Priority defines the router''s priority. More
info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1' type:integer services: description:ServicesdefinesthelistofTCPservices. items: description:ServiceTCPdefinesanupstreamTCPservicetoproxytrafficto. properties: name: description:NamedefinesthenameofthereferencedKubernetesService. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedKubernetesService. type:string nativeLB: description:NativeLBcontrols,whencreatingtheload-balancer,whethertheLB'schildrenaredirectlythepodsIPsoriftheonlychildistheKubernetesServiceclusterIP.TheKubernetesServiceitselfdoesload-balancetothepods.Bydefault,NativeLBisfalse.
type:boolean port: anyOf: - type:integer - type:string description:PortdefinestheportofaKubernetesService.Thiscanbeareferencetoanamedport. x-kubernetes-int-or-string:true proxyProtocol: description:'ProxyProtocol defines the PROXY protocol
configuration. More info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol' properties: version: description:VersiondefinesthePROXYProtocolversiontouse. type:integer type:object terminationDelay: description:TerminationDelaydefinesthedeadlinethattheproxysets,afteroneofitsconnectedpeersindicatesithasclosedthewritingcapabilityofitsconnection,toclosethereadingcapabilityaswell,hencefullyterminatingtheconnection.Itisadurationinmilliseconds,defaultingto100.Anegativevaluemeansaninfinitedeadline(i.e.thereadingcapabilityisneverclosed). type:integer weight: description:WeightdefinestheweightusedwhenbalancingrequestsbetweenmultipleKubernetesService. type:integer required: -name -port type:object type:array required: -match type:object type:array tls: description:'TLS defines the TLS configuration on a layer 4 / TCP
Route. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1' properties: certResolver: description:'CertResolver defines the name of the certificate
resolver to use. Cert resolvers have to be configured in the
static configuration. More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers' type:string domains: description:'Domains defines the list of domains that will be
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains' items: description:DomainholdsadomainnamewithSANs. properties: main: description:Maindefinesthemaindomainname. type:string sans: description:SANsdefinesthesubjectalternativedomainnames. items: type:string type:array type:object type:array options: description:'Options defines the reference to a TLSOption, that
specifies the parameters of the TLS connection. If not defined,
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options' properties: name: description:NamedefinesthenameofthereferencedTraefikresource. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedTraefikresource. type:string required: -name type:object passthrough: description:PassthroughdefineswhetheraTLSrouterwillterminatetheTLSconnection. type:boolean secretName: description:SecretNameisthenameofthereferencedKubernetesSecrettospecifythecertificatedetails. type:string store: description:StoredefinesthereferencetotheTLSStore,thatwillbeusedtostorecertificates.Pleasenotethatonly`default`TLSStorecanbeused. properties: name: description:NamedefinesthenameofthereferencedTraefikresource. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedTraefikresource. type:string required: -name type:object type:object required: -routes type:object required: -metadata -spec type:object served:true storage:true---apiVersion:apiextensions.k8s.io/v1kind:CustomResourceDefinitionmetadata: annotations:controller-gen.kubebuilder.io/version:v0.13.0 name:ingressrouteudps.traefik.iospec: group:traefik.io names: kind:IngressRouteUDP listKind:IngressRouteUDPList plural:ingressrouteudps singular:ingressrouteudp scope:Namespaced versions: - name:v1alpha1 schema: openAPIV3Schema: description:IngressRouteUDPisaCRDimplementationofaTraefikUDPRouter. properties: apiVersion: description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type:string kind: description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type:string metadata: type:object spec: description:IngressRouteUDPSpecdefinesthedesiredstateofaIngressRouteUDP. properties: entryPoints: description:'EntryPoints defines the list of entry point names to
bind to. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
Default: all.' items: type:string type:array routes: description:Routesdefinesthelistofroutes. items: description:RouteUDPholdstheUDProuteconfiguration. properties: services: description:ServicesdefinesthelistofUDPservices. items: description:ServiceUDPdefinesanupstreamUDPservicetoproxytrafficto. properties: name: description:NamedefinesthenameofthereferencedKubernetesService. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedKubernetesService. type:string nativeLB: description:NativeLBcontrols,whencreatingtheload-balancer,whethertheLB'schildrenaredirectlythepodsIPsoriftheonlychildistheKubernetesServiceclusterIP.TheKubernetesServiceitselfdoesload-balancetothepods.Bydefault,NativeLBisfalse.
type:boolean port: anyOf: - type:integer - type:string description:PortdefinestheportofaKubernetesService.Thiscanbeareferencetoanamedport. x-kubernetes-int-or-string:true weight: description:WeightdefinestheweightusedwhenbalancingrequestsbetweenmultipleKubernetesService. type:integer required: -name -port type:object type:array type:object type:array required: -routes type:object required: -metadata -spec type:object served:true storage:true---apiVersion:apiextensions.k8s.io/v1kind:CustomResourceDefinitionmetadata: annotations:controller-gen.kubebuilder.io/version:v0.13.0 name:middlewares.traefik.iospec: group:traefik.io names: kind:Middleware listKind:MiddlewareList plural:middlewares singular:middleware scope:Namespaced versions: - name:v1alpha1 schema: openAPIV3Schema: description:'Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/' properties: apiVersion: description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type:string kind: description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type:string metadata: type:object spec: description:MiddlewareSpecdefinesthedesiredstateofaMiddleware. properties: addPrefix: description:'AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding
it. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/' properties: prefix: description:PrefixisthestringtoaddbeforethecurrentpathintherequestedURL.Itshouldincludealeadingslash(/). type:string type:object basicAuth: description:'BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/' properties: headerField: description:'HeaderField defines a header field to store the
authenticated user. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield' type:string realm: description:'Realm allows the protected resources on a server
to be partitioned into a set of protection spaces, each with
its own authentication scheme. Default: traefik.' type:string removeHeader: description:'RemoveHeader sets the removeHeader option to true
to remove the authorization header before forwarding the request
to your service. Default: false.' type:boolean secret: description:SecretisthenameofthereferencedKubernetesSecretcontainingusercredentials. type:string type:object buffering: description:'Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can
be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes' properties: maxRequestBodyBytes: description:'MaxRequestBodyBytes defines the maximum allowed
body size for the request (in bytes). If the request exceeds
the allowed size, it is not forwarded to the service, and the
client gets a 413 (Request Entity Too Large) response. Default:
0 (no maximum).' format:int64 type:integer maxResponseBodyBytes: description:'MaxResponseBodyBytes defines the maximum allowed
response size from the service (in bytes). If the response exceeds
the allowed size, it is not forwarded to the client. The client
gets a 500 (Internal Server Error) response instead. Default:
0 (no maximum).' format:int64 type:integer memRequestBodyBytes: description:'MemRequestBodyBytes defines the threshold (in bytes)
from which the request will be buffered on disk instead of in
memory. Default: 1048576 (1Mi).' format:int64 type:integer memResponseBodyBytes: description:'MemResponseBodyBytes defines the threshold (in bytes)
from which the response will be buffered on disk instead of
in memory. Default: 1048576 (1Mi).' format:int64 type:integer retryExpression: description:'RetryExpression defines the retry conditions. It
is a logical combination of functions with operators AND (&&)
and OR (||). More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression' type:string type:object chain: description:'Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other
pieces of middleware. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/' properties: middlewares: description:MiddlewaresisthelistofMiddlewareRefwhichcomposesthechain. items: description:MiddlewareRefisareferencetoaMiddlewareresource. properties: name: description:NamedefinesthenameofthereferencedMiddlewareresource. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedMiddlewareresource. type:string required: -name type:object type:array type:object circuitBreaker: description:CircuitBreakerholdsthecircuitbreakerconfiguration. properties: checkPeriod: anyOf: - type:integer - type:string description:CheckPeriodistheintervalbetweensuccessivechecksofthecircuitbreakercondition(wheninstandbystate). x-kubernetes-int-or-string:true expression: description:Expressionistheconditionthattriggersthetrippedstate. type:string fallbackDuration: anyOf: - type:integer - type:string description:FallbackDurationisthedurationforwhichthecircuitbreakerwillwaitbeforetryingtorecover(fromatrippedstate). x-kubernetes-int-or-string:true recoveryDuration: anyOf: - type:integer - type:string description:RecoveryDurationisthedurationforwhichthecircuitbreakerwilltrytorecover(assoonasitisinrecoveringstate). x-kubernetes-int-or-string:true type:object compress: description:'Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the
client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/' properties: excludedContentTypes: description:ExcludedContentTypesdefinesthelistofcontenttypestocomparetheContent-Typeheaderoftheincomingrequestsandresponsesbeforecompressing. items: type:string type:array minResponseBodyBytes: description:'MinResponseBodyBytes defines the minimum amount
of bytes a response body must have to be compressed. Default:
1024.' type:integer type:object contentType: description:ContentTypeholdsthecontent-typemiddlewareconfiguration.Thismiddlewareexiststoenablethecorrectbehavioruntilatleastthedefaultonecanbechangedinafutureversion. properties: autoDetect: description:AutoDetectspecifieswhethertoletthe`Content-Type`header,ifithasnotbeensetbythebackend,beautomaticallysettoavaluederivedfromthecontentsoftheresponse.Asaproxy,thedefaultbehaviorshouldbetoleavetheheaderalone,regardlessofwhatthebackenddidwithit.However,thehistoricdefaultwastoalwaysauto-detectandsettheheaderifitwasnil,anditisgoingtobekeptthatwayinordertosupportuserscurrentlyrelyingonit. type:boolean type:object digestAuth: description:'DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/' properties: headerField: description:'HeaderField defines a header field to store the
authenticated user. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield' type:string realm: description:'Realm allows the protected resources on a server
to be partitioned into a set of protection spaces, each with
its own authentication scheme. Default: traefik.' type:string removeHeader: description:RemoveHeaderdefineswhethertoremovetheauthorizationheaderbeforeforwardingtherequesttothebackend. type:boolean secret: description:SecretisthenameofthereferencedKubernetesSecretcontainingusercredentials. type:string type:object errors: description:'ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according
to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/' properties: query: description:QuerydefinestheURLfortheerrorpage(hostedbyservice).The{status}variablecanbeusedinordertoinsertthestatuscodeintheURL. type:string service: description:'Service defines the reference to a Kubernetes Service
that will serve the error page. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service' properties: kind: description:KinddefinesthekindoftheService. enum: -Service -TraefikService type:string name: description:NamedefinesthenameofthereferencedKubernetesServiceorTraefikService.ThedifferentiationbetweenthetwoisspecifiedintheKindfield. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedKubernetesServiceorTraefikService. type:string nativeLB: description:NativeLBcontrols,whencreatingtheload-balancer,whethertheLB'schildrenaredirectlythepodsIPsoriftheonlychildistheKubernetesServiceclusterIP.TheKubernetesServiceitselfdoesload-balancetothepods.Bydefault,NativeLBisfalse.
type:boolean passHostHeader: description:PassHostHeaderdefineswhethertheclientHostheaderisforwardedtotheupstreamKubernetesService.Bydefault,passHostHeaderistrue.
type:boolean port: anyOf: - type:integer - type:string description:PortdefinestheportofaKubernetesService.Thiscanbeareferencetoanamedport. x-kubernetes-int-or-string:true responseForwarding: description:ResponseForwardingdefineshowTraefikforwardstheresponsefromtheupstreamKubernetesServicetotheclient. properties: flushInterval: description:'FlushInterval defines the interval, in milliseconds,
in between flushes to the client while copying the response
body. A negative value means to flush immediately after
each write to the client. This configuration is ignored
when ReverseProxy recognizes a response as a streaming
response; for such responses, writes are flushed to
the client immediately. Default: 100ms' type:string type:object scheme: description:SchemedefinestheschemetousefortherequesttotheupstreamKubernetesService.ItdefaultstohttpswhenKubernetesServiceportis443,httpotherwise. type:string serversTransport: description:ServersTransportdefinesthenameofServersTransportresourcetouse.ItallowstoconfigurethetransportbetweenTraefikandyourservers.CanonlybeusedonaKubernetesService. type:string sticky: description:'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' properties: cookie: description:Cookiedefinesthestickycookieconfiguration. properties: httpOnly: description:HTTPOnlydefineswhetherthecookiecanbeaccessedbyclient-sideAPIs,suchasJavaScript. type:boolean name: description:NamedefinestheCookiename. type:string sameSite: description:'SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' type:string secure: description:Securedefineswhetherthecookiecanonlybetransmittedoveranencryptedconnection(i.e.HTTPS). type:boolean type:object type:object strategy: description:Strategydefinestheloadbalancingstrategybetweentheservers.RoundRobinistheonlysupportedvalueatthemoment. type:string weight: description:WeightdefinestheweightandshouldonlybespecifiedwhenNamereferencesaTraefikServiceobject(andtobeprecise,onethatembedsaWeightedRoundRobin). type:integer required: -name type:object status: description:Statusdefineswhichstatusorrangeofstatusesshouldresultinanerrorpage.Itcanbeeitherastatuscodeasanumber(500),asmultiplecomma-separatednumbers(500,502),asrangesbyseparatingtwocodeswithadash(500-599),oracombinationofthetwo(404,418,500-599). items: type:string type:array type:object forwardAuth: description:'ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/' properties: address: description:Addressdefinestheauthenticationserveraddress. type:string authRequestHeaders: description:AuthRequestHeadersdefinesthelistoftheheaderstocopyfromtherequesttotheauthenticationserver.Ifnotsetoremptythenallrequestheadersarepassed. items: type:string type:array authResponseHeaders: description:AuthResponseHeadersdefinesthelistofheaderstocopyfromtheauthenticationserverresponseandsetonforwardedrequest,replacinganyexistingconflictingheaders. items: type:string type:array authResponseHeadersRegex: description:'AuthResponseHeadersRegex defines the regex to match
headers to copy from the authentication server response and
set on forwarded request, after stripping all headers that match
the regex. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex' type:string tls: description:TLSdefinestheconfigurationusedtosecuretheconnectiontotheauthenticationserver. properties: caOptional: type:boolean caSecret: description:CASecretisthenameofthereferencedKubernetesSecretcontainingtheCAtovalidatetheservercertificate.TheCAcertificateisextractedfromkey`tls.ca`or`ca.crt`. type:string certSecret: description:CertSecretisthenameofthereferencedKubernetesSecretcontainingtheclientcertificate.Theclientcertificateisextractedfromthekeys`tls.crt`and`tls.key`. type:string insecureSkipVerify: description:InsecureSkipVerifydefineswhethertheservercertificatesshouldbevalidated. type:boolean type:object trustForwardHeader: description:'TrustForwardHeader defines whether to trust (ie:
forward) all X-Forwarded-* headers.' type:boolean type:object headers: description:'Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers. More
info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders' properties: accessControlAllowCredentials: description:AccessControlAllowCredentialsdefineswhethertherequestcanincludeusercredentials. type:boolean accessControlAllowHeaders: description:AccessControlAllowHeadersdefinestheAccess-Control-Request-Headersvaluessentinpreflightresponse. items: type:string type:array accessControlAllowMethods: description:AccessControlAllowMethodsdefinestheAccess-Control-Request-Methodvaluessentinpreflightresponse. items: type:string type:array accessControlAllowOriginList: description:AccessControlAllowOriginListisalistofallowableorigins.Canalsobeawildcardorigin"*". items: type:string type:array accessControlAllowOriginListRegex: description:AccessControlAllowOriginListRegexisalistofallowableoriginswrittenfollowingtheRegularExpressionsyntax(https://golang.org/pkg/regexp/). items: type:string type:array accessControlExposeHeaders: description:AccessControlExposeHeadersdefinestheAccess-Control-Expose-Headersvaluessentinpreflightresponse. items: type:string type:array accessControlMaxAge: description:AccessControlMaxAgedefinesthetimethatapreflightrequestmaybecached. format:int64 type:integer addVaryHeader: description:AddVaryHeaderdefineswhethertheVaryheaderisautomaticallyadded/updatedwhentheAccessControlAllowOriginListisset. type:boolean allowedHosts: description:AllowedHostsdefinesthefullyqualifiedlistofalloweddomainnames. items: type:string type:array browserXssFilter: description:BrowserXSSFilterdefineswhethertoaddtheX-XSS-Protectionheaderwiththevalue1;mode=block. type:boolean contentSecurityPolicy: description:ContentSecurityPolicydefinestheContent-Security-Policyheadervalue. type:string contentTypeNosniff: description:ContentTypeNosniffdefineswhethertoaddtheX-Content-Type-Optionsheaderwiththenosniffvalue. type:boolean customBrowserXSSValue: description:CustomBrowserXSSValuedefinestheX-XSS-Protectionheadervalue.ThisoverridestheBrowserXssFilteroption. type:string customFrameOptionsValue: description:CustomFrameOptionsValuedefinestheX-Frame-Optionsheadervalue.ThisoverridestheFrameDenyoption. type:string customRequestHeaders: additionalProperties: type:string description:CustomRequestHeadersdefinestheheadernamesandvaluestoapplytotherequest. type:object customResponseHeaders: additionalProperties: type:string description:CustomResponseHeadersdefinestheheadernamesandvaluestoapplytotheresponse. type:object featurePolicy: description:'Deprecated: use PermissionsPolicy instead.' type:string forceSTSHeader: description:ForceSTSHeaderdefineswhethertoaddtheSTSheaderevenwhentheconnectionisHTTP. type:boolean frameDeny: description:FrameDenydefineswhethertoaddtheX-Frame-OptionsheaderwiththeDENYvalue. type:boolean hostsProxyHeaders: description:HostsProxyHeadersdefinestheheaderkeysthatmayholdaproxiedhostnamevaluefortherequest. items: type:string type:array isDevelopment: description:IsDevelopmentdefineswhethertomitigatetheunwantedeffectsoftheAllowedHosts,SSL,andSTSoptionswhendeveloping.UsuallytestingtakesplaceusingHTTP,notHTTPS,andonlocalhost,notyourproductiondomain.IfyouwouldlikeyourdevelopmentenvironmenttomimicproductionwithcompleteHostblocking,SSLredirects,andSTSheaders,leavethisasfalse.
type:boolean permissionsPolicy: description:PermissionsPolicydefinesthePermissions-Policyheadervalue.Thisallowssitestocontrolbrowserfeatures. type:string publicKey: description:PublicKeyisthepublickeythatimplementsHPKPtopreventMITMattackswithforgedcertificates. type:string referrerPolicy: description:ReferrerPolicydefinestheReferrer-Policyheadervalue.ThisallowssitestocontrolwhetherbrowsersforwardtheRefererheadertoothersites. type:string sslForceHost: description:'Deprecated: use RedirectRegex instead.' type:boolean sslHost: description:'Deprecated: use RedirectRegex instead.' type:string sslProxyHeaders: additionalProperties: type:string description:'SSLProxyHeaders defines the header keys with associated
values that would indicate a valid HTTPS request. It can be
useful when using other proxies (example: "X-Forwarded-Proto":
"https").' type:object sslRedirect: description:'Deprecated: use EntryPoint redirection or RedirectScheme
instead.' type:boolean sslTemporaryRedirect: description:'Deprecated: use EntryPoint redirection or RedirectScheme
instead.' type:boolean stsIncludeSubdomains: description:STSIncludeSubdomainsdefineswhethertheincludeSubDomainsdirectiveisappendedtotheStrict-Transport-Securityheader. type:boolean stsPreload: description:STSPreloaddefineswhetherthepreloadflagisappendedtotheStrict-Transport-Securityheader. type:boolean stsSeconds: description:STSSecondsdefinesthemax-ageoftheStrict-Transport-Securityheader.Ifsetto0,theheaderisnotset. format:int64 type:integer type:object inFlightReq: description:'InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and
served concurrently. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/' properties: amount: description:Amountdefinesthemaximumamountofallowedsimultaneousin-flightrequest.ThemiddlewarerespondswithHTTP429TooManyRequestsiftherearealreadyamountrequestsinprogress(basedonthesamesourceCriterionstrategy). format:int64 type:integer sourceCriterion: description:'SourceCriterion defines what criterion is used to
group requests as originating from a common source. If several
strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost. More
info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion' properties: ipStrategy: description:'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description:DepthtellsTraefiktousetheX-Forwarded-ForheaderandtaketheIPlocatedatthedepthposition(startingfromtheright). type:integer excludedIPs: description:ExcludedIPsconfiguresTraefiktoscantheX-Forwarded-ForheaderandselectthefirstIPnotinthelist. items: type:string type:array type:object requestHeaderName: description:RequestHeaderNamedefinesthenameoftheheaderusedtogroupincomingrequests. type:string requestHost: description:RequestHostdefineswhethertoconsidertherequestHostasthesource. type:boolean type:object type:object ipAllowList: description:'IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/' properties: ipStrategy: description:'IPStrategy holds the IP strategy configuration used
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description:DepthtellsTraefiktousetheX-Forwarded-ForheaderandtaketheIPlocatedatthedepthposition(startingfromtheright). type:integer excludedIPs: description:ExcludedIPsconfiguresTraefiktoscantheX-Forwarded-ForheaderandselectthefirstIPnotinthelist. items: type:string type:array type:object sourceRange: description:SourceRangedefinesthesetofallowedIPs(orrangesofallowedIPsbyusingCIDRnotation). items: type:string type:array type:object ipWhiteList: description:'IPWhiteList holds the IP whitelist middleware configuration.
This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
Deprecated: please use IPAllowList instead.' properties: ipStrategy: description:'IPStrategy holds the IP strategy configuration used
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description:DepthtellsTraefiktousetheX-Forwarded-ForheaderandtaketheIPlocatedatthedepthposition(startingfromtheright). type:integer excludedIPs: description:ExcludedIPsconfiguresTraefiktoscantheX-Forwarded-ForheaderandselectthefirstIPnotinthelist. items: type:string type:array type:object sourceRange: description:SourceRangedefinesthesetofallowedIPs(orrangesofallowedIPsbyusingCIDRnotation). items: type:string type:array type:object passTLSClientCert: description:'PassTLSClientCert holds the pass TLS client cert middleware
configuration. This middleware adds the selected data from the passed
client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/' properties: info: description:InfoselectsthespecificclientcertificatedetailsyouwanttoaddtotheX-Forwarded-Tls-Client-Cert-Infoheader. properties: issuer: description:IssuerdefinestheclientcertificateissuerdetailstoaddtotheX-Forwarded-Tls-Client-Cert-Infoheader. properties: commonName: description:CommonNamedefineswhethertoaddtheorganizationalUnitinformationintotheissuer. type:boolean country: description:Countrydefineswhethertoaddthecountryinformationintotheissuer. type:boolean domainComponent: description:DomainComponentdefineswhethertoaddthedomainComponentinformationintotheissuer. type:boolean locality: description:Localitydefineswhethertoaddthelocalityinformationintotheissuer. type:boolean organization: description:Organizationdefineswhethertoaddtheorganizationinformationintotheissuer. type:boolean province: description:Provincedefineswhethertoaddtheprovinceinformationintotheissuer. type:boolean serialNumber: description:SerialNumberdefineswhethertoaddtheserialNumberinformationintotheissuer. type:boolean type:object notAfter: description:NotAfterdefineswhethertoaddtheNotAfterinformationfromtheValiditypart. type:boolean notBefore: description:NotBeforedefineswhethertoaddtheNotBeforeinformationfromtheValiditypart. type:boolean sans: description:SansdefineswhethertoaddtheSubjectAlternativeNameinformationfromtheSubjectAlternativeNamepart. type:boolean serialNumber: description:SerialNumberdefineswhethertoaddtheclientserialNumberinformation. type:boolean subject: description:SubjectdefinestheclientcertificatesubjectdetailstoaddtotheX-Forwarded-Tls-Client-Cert-Infoheader. properties: commonName: description:CommonNamedefineswhethertoaddtheorganizationalUnitinformationintothesubject. type:boolean country: description:Countrydefineswhethertoaddthecountryinformationintothesubject. type:boolean domainComponent: description:DomainComponentdefineswhethertoaddthedomainComponentinformationintothesubject. type:boolean locality: description:Localitydefineswhethertoaddthelocalityinformationintothesubject. type:boolean organization: description:Organizationdefineswhethertoaddtheorganizationinformationintothesubject. type:boolean organizationalUnit: description:OrganizationalUnitdefineswhethertoaddtheorganizationalUnitinformationintothesubject. type:boolean province: description:Provincedefineswhethertoaddtheprovinceinformationintothesubject. type:boolean serialNumber: description:SerialNumberdefineswhethertoaddtheserialNumberinformationintothesubject. type:boolean type:object type:object pem: description:PEMsetstheX-Forwarded-Tls-Client-Certheaderwiththecertificate. type:boolean type:object plugin: additionalProperties: x-kubernetes-preserve-unknown-fields:true description:'Plugin defines the middleware plugin configuration.
More info: https://doc.traefik.io/traefik/plugins/' type:object rateLimit: description:'RateLimit holds the rate limit configuration. This middleware
ensures that services will receive a fair amount of requests, and
allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/' properties: average: description:Averageisthemaximumrate,bydefaultinrequests/s,allowedforthegivensource.Itdefaultsto0,whichmeansnoratelimiting.TherateisactuallydefinedbydividingAveragebyPeriod.Soforaratebelow1req/s,oneneedstodefineaPeriodlargerthanasecond. format:int64 type:integer burst: description:Burstisthemaximumnumberofrequestsallowedtoarriveinthesamearbitrarilysmallperiodoftime.Itdefaultsto1. format:int64 type:integer period: anyOf: - type:integer - type:string description:'Period, in combination with Average, defines the
actual maximum rate, such as: r = Average / Period. It defaults
to a second.' x-kubernetes-int-or-string:true sourceCriterion: description:SourceCriteriondefineswhatcriterionisusedtogrouprequestsasoriginatingfromacommonsource.Ifseveralstrategiesaredefinedatthesametime,anerrorwillberaised.Ifnoneareset,thedefaultistousetherequest'sremoteaddressfield(asanipStrategy). properties: ipStrategy: description:'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description:DepthtellsTraefiktousetheX-Forwarded-ForheaderandtaketheIPlocatedatthedepthposition(startingfromtheright). type:integer excludedIPs: description:ExcludedIPsconfiguresTraefiktoscantheX-Forwarded-ForheaderandselectthefirstIPnotinthelist. items: type:string type:array type:object requestHeaderName: description:RequestHeaderNamedefinesthenameoftheheaderusedtogroupincomingrequests. type:string requestHost: description:RequestHostdefineswhethertoconsidertherequestHostasthesource. type:boolean type:object type:object redirectRegex: description:'RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex' properties: permanent: description:Permanentdefineswhethertheredirectionispermanent(301). type:boolean regex: description:RegexdefinestheregexusedtomatchandcaptureelementsfromtherequestURL. type:string replacement: description:ReplacementdefineshowtomodifytheURLtohavethenewtargetURL. type:string type:object redirectScheme: description:'RedirectScheme holds the redirect scheme middleware
configuration. This middleware redirects requests from a scheme/port
to another. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/' properties: permanent: description:Permanentdefineswhethertheredirectionispermanent(301). type:boolean port: description:PortdefinestheportofthenewURL. type:string scheme: description:SchemedefinestheschemeofthenewURL. type:string type:object replacePath: description:'ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the
original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/' properties: path: description:PathdefinesthepathtouseasreplacementintherequestURL. type:string type:object replacePathRegex: description:'ReplacePathRegex holds the replace path regex middleware
configuration. This middleware replaces the path of a URL using
regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/' properties: regex: description:RegexdefinestheregularexpressionusedtomatchandcapturethepathfromtherequestURL. type:string replacement: description:Replacementdefinesthereplacementpathformat,whichcanincludecapturedvariables. type:string type:object retry: description:'Retry holds the retry middleware configuration. This
middleware reissues requests a given number of times to a backend
server if that server does not reply. As soon as the server answers,
the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/' properties: attempts: description:Attemptsdefineshowmanytimestherequestshouldberetried. type:integer initialInterval: anyOf: - type:integer - type:string description:InitialIntervaldefinesthefirstwaittimeintheexponentialbackoffseries.ThemaximumintervaliscalculatedastwicetheinitialInterval.Ifunspecified,requestswillberetriedimmediately.ThevalueofinitialIntervalshouldbeprovidedinsecondsorasavaliddurationformat,seehttps://pkg.go.dev/time#ParseDuration. x-kubernetes-int-or-string:true type:object stripPrefix: description:'StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/' properties: forceSlash: description:'ForceSlash ensures that the resulting stripped path
is not the empty string, by replacing it with / when necessary.
Default: true.' type:boolean prefixes: description:PrefixesdefinestheprefixestostripfromtherequestURL. items: type:string type:array type:object stripPrefixRegex: description:'StripPrefixRegex holds the strip prefix regex middleware
configuration. This middleware removes the matching prefixes from
the URL path. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/' properties: regex: description:RegexdefinestheregularexpressiontomatchthepathprefixfromtherequestURL. items: type:string type:array type:object type:object required: -metadata -spec type:object served:true storage:true---apiVersion:apiextensions.k8s.io/v1kind:CustomResourceDefinitionmetadata: annotations:controller-gen.kubebuilder.io/version:v0.13.0 name:middlewaretcps.traefik.iospec: group:traefik.io names: kind:MiddlewareTCP listKind:MiddlewareTCPList plural:middlewaretcps singular:middlewaretcp scope:Namespaced versions: - name:v1alpha1 schema: openAPIV3Schema: description:'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/' properties: apiVersion: description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type:string kind: description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type:string metadata: type:object spec: description:MiddlewareTCPSpecdefinesthedesiredstateofaMiddlewareTCP. properties: inFlightConn: description:InFlightConndefinestheInFlightConnmiddlewareconfiguration. properties: amount: description:Amountdefinesthemaximumamountofallowedsimultaneousconnections.Themiddlewareclosestheconnectioniftherearealreadyamountconnectionsopened. format:int64 type:integer type:object ipAllowList: description:'IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client
IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/' properties: sourceRange: description:SourceRangedefinestheallowedIPs(orrangesofallowedIPsbyusingCIDRnotation). items: type:string type:array type:object ipWhiteList: description:'IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client
IP. Deprecated: please use IPAllowList instead. More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/' properties: sourceRange: description:SourceRangedefinestheallowedIPs(orrangesofallowedIPsbyusingCIDRnotation). items: type:string type:array type:object type:object required: -metadata -spec type:object served:true storage:true---apiVersion:apiextensions.k8s.io/v1kind:CustomResourceDefinitionmetadata: annotations:controller-gen.kubebuilder.io/version:v0.13.0 name:serverstransports.traefik.iospec: group:traefik.io names: kind:ServersTransport listKind:ServersTransportList plural:serverstransports singular:serverstransport scope:Namespaced versions: - name:v1alpha1 schema: openAPIV3Schema: description:'ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1' properties: apiVersion: description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type:string kind: description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type:string metadata: type:object spec: description:ServersTransportSpecdefinesthedesiredstateofaServersTransport. properties: certificatesSecrets: description:CertificatesSecretsdefinesalistofsecretstoringclientcertificatesformTLS. items: type:string type:array disableHTTP2: description:DisableHTTP2disablesHTTP/2forconnectionswithbackendservers. type:boolean forwardingTimeouts: description:ForwardingTimeoutsdefinesthetimeoutsforrequestsforwardedtothebackendservers. properties: dialTimeout: anyOf: - type:integer - type:string description:DialTimeoutistheamountoftimetowaituntilaconnectiontoabackendservercanbeestablished. x-kubernetes-int-or-string:true idleConnTimeout: anyOf: - type:integer - type:string description:IdleConnTimeoutisthemaximumperiodforwhichanidleHTTPkeep-aliveconnectionwillremainopenbeforeclosingitself. x-kubernetes-int-or-string:true pingTimeout: anyOf: - type:integer - type:string description:PingTimeoutisthetimeoutafterwhichtheHTTP/2connectionwillbeclosedifaresponsetopingisnotreceived. x-kubernetes-int-or-string:true readIdleTimeout: anyOf: - type:integer - type:string description:ReadIdleTimeoutisthetimeoutafterwhichahealthcheckusingpingframewillbecarriedoutifnoframeisreceivedontheHTTP/2connection. x-kubernetes-int-or-string:true responseHeaderTimeout: anyOf: - type:integer - type:string description:ResponseHeaderTimeoutistheamountoftimetowaitforaserver'sresponseheadersafterfullywritingtherequest(includingitsbody,ifany). x-kubernetes-int-or-string:true type:object insecureSkipVerify: description:InsecureSkipVerifydisablesSSLcertificateverification. type:boolean maxIdleConnsPerHost: description:MaxIdleConnsPerHostcontrolsthemaximumidle(keep-alive)tokeepper-host. type:integer peerCertURI: description:PeerCertURIdefinesthepeercertURIusedtomatchagainstSANURIduringthepeercertificateverification. type:string rootCAsSecrets: description:RootCAsSecretsdefinesalistofCAsecretusedtovalidateself-signedcertificate. items: type:string type:array serverName: description:ServerNamedefinestheservernameusedtocontacttheserver. type:string type:object required: -metadata -spec type:object served:true storage:true---apiVersion:apiextensions.k8s.io/v1kind:CustomResourceDefinitionmetadata: annotations:controller-gen.kubebuilder.io/version:v0.13.0 name:tlsoptions.traefik.iospec: group:traefik.io names: kind:TLSOption listKind:TLSOptionList plural:tlsoptions singular:tlsoption scope:Namespaced versions: - name:v1alpha1 schema: openAPIV3Schema: description:'TLSOption is the CRD implementation of a Traefik TLS Option,
allowing to configure some parameters of the TLS connection. More info:
https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options' properties: apiVersion: description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type:string kind: description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type:string metadata: type:object spec: description:TLSOptionSpecdefinesthedesiredstateofaTLSOption. properties: alpnProtocols: description:'ALPNProtocols defines the list of supported application
level protocols for the TLS handshake, in order of preference. More
info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols' items: type:string type:array cipherSuites: description:'CipherSuites defines the list of supported cipher suites
for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites' items: type:string type:array clientAuth: description:ClientAuthdefinestheserver'spolicyforTLSClientAuthentication. properties: clientAuthType: description:ClientAuthTypedefinestheclientauthenticationtypetoapply. enum: -NoClientCert -RequestClientCert -RequireAnyClientCert -VerifyClientCertIfGiven -RequireAndVerifyClientCert type:string secretNames: description:SecretNamesdefinesthenamesofthereferencedKubernetesSecretstoringcertificatedetails. items: type:string type:array type:object curvePreferences: description:'CurvePreferences defines the preferred elliptic curves
in a specific order. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences' items: type:string type:array maxVersion: description:'MaxVersion defines the maximum TLS version that Traefik
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
VersionTLS13. Default: None.' type:string minVersion: description:'MinVersion defines the minimum TLS version that Traefik
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
VersionTLS13. Default: VersionTLS10.' type:string preferServerCipherSuites: description:'PreferServerCipherSuites defines whether the server
chooses a cipher suite among his own instead of among the client''s.
It is enabled automatically when minVersion or maxVersion is set.
Deprecated: https://github.com/golang/go/issues/45430' type:boolean sniStrict: description:SniStrictdefineswhetherTraefikallowsconnectionsfromclientsconnectionsthatdonotspecifyaserver_nameextension. type:boolean type:object required: -metadata -spec type:object served:true storage:true---apiVersion:apiextensions.k8s.io/v1kind:CustomResourceDefinitionmetadata: annotations:controller-gen.kubebuilder.io/version:v0.13.0 name:tlsstores.traefik.iospec: group:traefik.io names: kind:TLSStore listKind:TLSStoreList plural:tlsstores singular:tlsstore scope:Namespaced versions: - name:v1alpha1 schema: openAPIV3Schema: description:'TLSStore is the CRD implementation of a Traefik TLS Store. For
the time being, only the TLSStore named default is supported. This means
that you cannot have two stores that are named default in different Kubernetes
namespaces. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#certificates-stores' properties: apiVersion: description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type:string kind: description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type:string metadata: type:object spec: description:TLSStoreSpecdefinesthedesiredstateofaTLSStore. properties: certificates: description:Certificatesisalistofsecretnames,eachsecretholdingakey/certificatepairtoaddtothestore. items: description:CertificateholdsasecretnamefortheTLSStoreresource. properties: secretName: description:SecretNameisthenameofthereferencedKubernetesSecrettospecifythecertificatedetails. type:string required: -secretName type:object type:array defaultCertificate: description:DefaultCertificatedefinesthedefaultcertificateconfiguration. properties: secretName: description:SecretNameisthenameofthereferencedKubernetesSecrettospecifythecertificatedetails. type:string required: -secretName type:object defaultGeneratedCert: description:DefaultGeneratedCertdefinesthedefaultgeneratedcertificateconfiguration. properties: domain: description:DomainisthedomaindefinitionfortheDefaultCertificate. properties: main: description:Maindefinesthemaindomainname. type:string sans: description:SANsdefinesthesubjectalternativedomainnames. items: type:string type:array type:object resolver: description:ResolveristhenameoftheresolverthatwillbeusedtoissuetheDefaultCertificate. type:string type:object type:object required: -metadata -spec type:object served:true storage:true---apiVersion:apiextensions.k8s.io/v1kind:CustomResourceDefinitionmetadata: annotations:controller-gen.kubebuilder.io/version:v0.13.0 name:traefikservices.traefik.iospec: group:traefik.io names: kind:TraefikService listKind:TraefikServiceList plural:traefikservices singular:traefikservice scope:Namespaced versions: - name:v1alpha1 schema: openAPIV3Schema: description:'TraefikService is the CRD implementation of a Traefik Service.
TraefikService object allows to: - Apply weight to Services on load-balancing
- Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-traefikservice' properties: apiVersion: description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type:string kind: description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type:string metadata: type:object spec: description:TraefikServiceSpecdefinesthedesiredstateofaTraefikService. properties: mirroring: description:MirroringdefinestheMirroringserviceconfiguration. properties: kind: description:KinddefinesthekindoftheService. enum: -Service -TraefikService type:string maxBodySize: description:MaxBodySizedefinesthemaximumsizeallowedforthebodyoftherequest.Ifthebodyislarger,therequestisnotmirrored.Defaultvalueis-1,whichmeansunlimitedsize. format:int64 type:integer mirrors: description:MirrorsdefinesthelistofmirrorswhereTraefikwillduplicatethetraffic. items: description:MirrorServiceholdsthemirrorconfiguration. properties: kind: description:KinddefinesthekindoftheService. enum: -Service -TraefikService type:string name: description:NamedefinesthenameofthereferencedKubernetesServiceorTraefikService.ThedifferentiationbetweenthetwoisspecifiedintheKindfield. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedKubernetesServiceorTraefikService. type:string nativeLB: description:NativeLBcontrols,whencreatingtheload-balancer,whethertheLB'schildrenaredirectlythepodsIPsoriftheonlychildistheKubernetesServiceclusterIP.TheKubernetesServiceitselfdoesload-balancetothepods.Bydefault,NativeLBisfalse.
type:boolean passHostHeader: description:PassHostHeaderdefineswhethertheclientHostheaderisforwardedtotheupstreamKubernetesService.Bydefault,passHostHeaderistrue.
type:boolean percent: description:'Percent defines the part of the traffic to
mirror. Supported values: 0 to 100.' type:integer port: anyOf: - type:integer - type:string description:PortdefinestheportofaKubernetesService.Thiscanbeareferencetoanamedport. x-kubernetes-int-or-string:true responseForwarding: description:ResponseForwardingdefineshowTraefikforwardstheresponsefromtheupstreamKubernetesServicetotheclient. properties: flushInterval: description:'FlushInterval defines the interval, in
milliseconds, in between flushes to the client while
copying the response body. A negative value means
to flush immediately after each write to the client.
This configuration is ignored when ReverseProxy recognizes
a response as a streaming response; for such responses,
writes are flushed to the client immediately. Default:
100ms' type:string type:object scheme: description:SchemedefinestheschemetousefortherequesttotheupstreamKubernetesService.ItdefaultstohttpswhenKubernetesServiceportis443,httpotherwise. type:string serversTransport: description:ServersTransportdefinesthenameofServersTransportresourcetouse.ItallowstoconfigurethetransportbetweenTraefikandyourservers.CanonlybeusedonaKubernetesService. type:string sticky: description:'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' properties: cookie: description:Cookiedefinesthestickycookieconfiguration. properties: httpOnly: description:HTTPOnlydefineswhetherthecookiecanbeaccessedbyclient-sideAPIs,suchasJavaScript. type:boolean name: description:NamedefinestheCookiename. type:string sameSite: description:'SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' type:string secure: description:Securedefineswhetherthecookiecanonlybetransmittedoveranencryptedconnection(i.e.HTTPS). type:boolean type:object type:object strategy: description:Strategydefinestheloadbalancingstrategybetweentheservers.RoundRobinistheonlysupportedvalueatthemoment. type:string weight: description:WeightdefinestheweightandshouldonlybespecifiedwhenNamereferencesaTraefikServiceobject(andtobeprecise,onethatembedsaWeightedRoundRobin). type:integer required: -name type:object type:array name: description:NamedefinesthenameofthereferencedKubernetesServiceorTraefikService.ThedifferentiationbetweenthetwoisspecifiedintheKindfield. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedKubernetesServiceorTraefikService. type:string nativeLB: description:NativeLBcontrols,whencreatingtheload-balancer,whethertheLB'schildrenaredirectlythepodsIPsoriftheonlychildistheKubernetesServiceclusterIP.TheKubernetesServiceitselfdoesload-balancetothepods.Bydefault,NativeLBisfalse.
type:boolean passHostHeader: description:PassHostHeaderdefineswhethertheclientHostheaderisforwardedtotheupstreamKubernetesService.Bydefault,passHostHeaderistrue.
type:boolean port: anyOf: - type:integer - type:string description:PortdefinestheportofaKubernetesService.Thiscanbeareferencetoanamedport. x-kubernetes-int-or-string:true responseForwarding: description:ResponseForwardingdefineshowTraefikforwardstheresponsefromtheupstreamKubernetesServicetotheclient. properties: flushInterval: description:'FlushInterval defines the interval, in milliseconds,
in between flushes to the client while copying the response
body. A negative value means to flush immediately after
each write to the client. This configuration is ignored
when ReverseProxy recognizes a response as a streaming response;
for such responses, writes are flushed to the client immediately.
Default: 100ms' type:string type:object scheme: description:SchemedefinestheschemetousefortherequesttotheupstreamKubernetesService.ItdefaultstohttpswhenKubernetesServiceportis443,httpotherwise. type:string serversTransport: description:ServersTransportdefinesthenameofServersTransportresourcetouse.ItallowstoconfigurethetransportbetweenTraefikandyourservers.CanonlybeusedonaKubernetesService. type:string sticky: description:'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' properties: cookie: description:Cookiedefinesthestickycookieconfiguration. properties: httpOnly: description:HTTPOnlydefineswhetherthecookiecanbeaccessedbyclient-sideAPIs,suchasJavaScript. type:boolean name: description:NamedefinestheCookiename. type:string sameSite: description:'SameSite defines the same site policy. More
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' type:string secure: description:Securedefineswhetherthecookiecanonlybetransmittedoveranencryptedconnection(i.e.HTTPS). type:boolean type:object type:object strategy: description:Strategydefinestheloadbalancingstrategybetweentheservers.RoundRobinistheonlysupportedvalueatthemoment. type:string weight: description:WeightdefinestheweightandshouldonlybespecifiedwhenNamereferencesaTraefikServiceobject(andtobeprecise,onethatembedsaWeightedRoundRobin). type:integer required: -name type:object weighted: description:WeighteddefinestheWeightedRoundRobinconfiguration. properties: services: description:ServicesdefinesthelistofKubernetesServiceand/orTraefikServicetoload-balance,withweight. items: description:ServicedefinesanupstreamHTTPservicetoproxytrafficto. properties: kind: description:KinddefinesthekindoftheService. enum: -Service -TraefikService type:string name: description:NamedefinesthenameofthereferencedKubernetesServiceorTraefikService.ThedifferentiationbetweenthetwoisspecifiedintheKindfield. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedKubernetesServiceorTraefikService. type:string nativeLB: description:NativeLBcontrols,whencreatingtheload-balancer,whethertheLB'schildrenaredirectlythepodsIPsoriftheonlychildistheKubernetesServiceclusterIP.TheKubernetesServiceitselfdoesload-balancetothepods.Bydefault,NativeLBisfalse.
type:boolean passHostHeader: description:PassHostHeaderdefineswhethertheclientHostheaderisforwardedtotheupstreamKubernetesService.Bydefault,passHostHeaderistrue.
type:boolean port: anyOf: - type:integer - type:string description:PortdefinestheportofaKubernetesService.Thiscanbeareferencetoanamedport. x-kubernetes-int-or-string:true responseForwarding: description:ResponseForwardingdefineshowTraefikforwardstheresponsefromtheupstreamKubernetesServicetotheclient. properties: flushInterval: description:'FlushInterval defines the interval, in
milliseconds, in between flushes to the client while
copying the response body. A negative value means
to flush immediately after each write to the client.
This configuration is ignored when ReverseProxy recognizes
a response as a streaming response; for such responses,
writes are flushed to the client immediately. Default:
100ms' type:string type:object scheme: description:SchemedefinestheschemetousefortherequesttotheupstreamKubernetesService.ItdefaultstohttpswhenKubernetesServiceportis443,httpotherwise. type:string serversTransport: description:ServersTransportdefinesthenameofServersTransportresourcetouse.ItallowstoconfigurethetransportbetweenTraefikandyourservers.CanonlybeusedonaKubernetesService. type:string sticky: description:'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' properties: cookie: description:Cookiedefinesthestickycookieconfiguration. properties: httpOnly: description:HTTPOnlydefineswhetherthecookiecanbeaccessedbyclient-sideAPIs,suchasJavaScript. type:boolean name: description:NamedefinestheCookiename. type:string sameSite: description:'SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' type:string secure: description:Securedefineswhetherthecookiecanonlybetransmittedoveranencryptedconnection(i.e.HTTPS). type:boolean type:object type:object strategy: description:Strategydefinestheloadbalancingstrategybetweentheservers.RoundRobinistheonlysupportedvalueatthemoment. type:string weight: description:WeightdefinestheweightandshouldonlybespecifiedwhenNamereferencesaTraefikServiceobject(andtobeprecise,onethatembedsaWeightedRoundRobin). type:integer required: -name type:object type:array sticky: description:'Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' properties: cookie: description:Cookiedefinesthestickycookieconfiguration. properties: httpOnly: description:HTTPOnlydefineswhetherthecookiecanbeaccessedbyclient-sideAPIs,suchasJavaScript. type:boolean name: description:NamedefinestheCookiename. type:string sameSite: description:'SameSite defines the same site policy. More
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' type:string secure: description:Securedefineswhetherthecookiecanonlybetransmittedoveranencryptedconnection(i.e.HTTPS). type:boolean type:object type:object type:object type:object required: -metadata -spec type:object served:true storage:true---apiVersion:apiextensions.k8s.io/v1kind:CustomResourceDefinitionmetadata: annotations:controller-gen.kubebuilder.io/version:v0.13.0 name:ingressroutes.traefik.containo.usspec: group:traefik.containo.us names: kind:IngressRoute listKind:IngressRouteList plural:ingressroutes singular:ingressroute scope:Namespaced versions: - name:v1alpha1 schema: openAPIV3Schema: description:IngressRouteistheCRDimplementationofaTraefikHTTPRouter. properties: apiVersion: description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type:string kind: description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type:string metadata: type:object spec: description:IngressRouteSpecdefinesthedesiredstateofIngressRoute. properties: entryPoints: description:'EntryPoints defines the list of entry point names to
bind to. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
Default: all.' items: type:string type:array routes: description:Routesdefinesthelistofroutes. items: description:RouteholdstheHTTProuteconfiguration. properties: kind: description:Kinddefinesthekindoftheroute.Ruleistheonlysupportedkind. enum: -Rule type:string match: description:'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule' type:string middlewares: description:'Middlewares defines the list of references to
Middleware resources. More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware' items: description:MiddlewareRefisareferencetoaMiddlewareresource. properties: name: description:NamedefinesthenameofthereferencedMiddlewareresource. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedMiddlewareresource. type:string required: -name type:object type:array priority: description:'Priority defines the router''s priority. More
info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority' type:integer services: description:ServicesdefinesthelistofService.ItcancontainanycombinationofTraefikServiceand/orreferencetoaKubernetesService. items: description:ServicedefinesanupstreamHTTPservicetoproxytrafficto. properties: kind: description:KinddefinesthekindoftheService. enum: -Service -TraefikService type:string name: description:NamedefinesthenameofthereferencedKubernetesServiceorTraefikService.ThedifferentiationbetweenthetwoisspecifiedintheKindfield. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedKubernetesServiceorTraefikService. type:string nativeLB: description:NativeLBcontrols,whencreatingtheload-balancer,whethertheLB'schildrenaredirectlythepodsIPsoriftheonlychildistheKubernetesServiceclusterIP.TheKubernetesServiceitselfdoesload-balancetothepods.Bydefault,NativeLBisfalse.
type:boolean passHostHeader: description:PassHostHeaderdefineswhethertheclientHostheaderisforwardedtotheupstreamKubernetesService.Bydefault,passHostHeaderistrue.
type:boolean port: anyOf: - type:integer - type:string description:PortdefinestheportofaKubernetesService.Thiscanbeareferencetoanamedport. x-kubernetes-int-or-string:true responseForwarding: description:ResponseForwardingdefineshowTraefikforwardstheresponsefromtheupstreamKubernetesServicetotheclient. properties: flushInterval: description:'FlushInterval defines the interval,
in milliseconds, in between flushes to the client
while copying the response body. A negative value
means to flush immediately after each write to the
client. This configuration is ignored when ReverseProxy
recognizes a response as a streaming response; for
such responses, writes are flushed to the client
immediately. Default: 100ms' type:string type:object scheme: description:SchemedefinestheschemetousefortherequesttotheupstreamKubernetesService.ItdefaultstohttpswhenKubernetesServiceportis443,httpotherwise. type:string serversTransport: description:ServersTransportdefinesthenameofServersTransportresourcetouse.ItallowstoconfigurethetransportbetweenTraefikandyourservers.CanonlybeusedonaKubernetesService. type:string sticky: description:'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' properties: cookie: description:Cookiedefinesthestickycookieconfiguration. properties: httpOnly: description:HTTPOnlydefineswhetherthecookiecanbeaccessedbyclient-sideAPIs,suchasJavaScript. type:boolean name: description:NamedefinestheCookiename. type:string sameSite: description:'SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' type:string secure: description:Securedefineswhetherthecookiecanonlybetransmittedoveranencryptedconnection(i.e.HTTPS). type:boolean type:object type:object strategy: description:Strategydefinestheloadbalancingstrategybetweentheservers.RoundRobinistheonlysupportedvalueatthemoment. type:string weight: description:WeightdefinestheweightandshouldonlybespecifiedwhenNamereferencesaTraefikServiceobject(andtobeprecise,onethatembedsaWeightedRoundRobin). type:integer required: -name type:object type:array required: -kind -match type:object type:array tls: description:'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls' properties: certResolver: description:'CertResolver defines the name of the certificate
resolver to use. Cert resolvers have to be configured in the
static configuration. More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers' type:string domains: description:'Domains defines the list of domains that will be
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains' items: description:DomainholdsadomainnamewithSANs. properties: main: description:Maindefinesthemaindomainname. type:string sans: description:SANsdefinesthesubjectalternativedomainnames. items: type:string type:array type:object type:array options: description:'Options defines the reference to a TLSOption, that
specifies the parameters of the TLS connection. If not defined,
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options' properties: name: description:'Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption' type:string namespace: description:'Namespace defines the namespace of the referenced
TLSOption. More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption' type:string required: -name type:object secretName: description:SecretNameisthenameofthereferencedKubernetesSecrettospecifythecertificatedetails. type:string store: description:StoredefinesthereferencetotheTLSStore,thatwillbeusedtostorecertificates.Pleasenotethatonly`default`TLSStorecanbeused. properties: name: description:'Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore' type:string namespace: description:'Namespace defines the namespace of the referenced
TLSStore. More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore' type:string required: -name type:object type:object required: -routes type:object required: -metadata -spec type:object served:true storage:true---apiVersion:apiextensions.k8s.io/v1kind:CustomResourceDefinitionmetadata: annotations:controller-gen.kubebuilder.io/version:v0.13.0 name:ingressroutetcps.traefik.containo.usspec: group:traefik.containo.us names: kind:IngressRouteTCP listKind:IngressRouteTCPList plural:ingressroutetcps singular:ingressroutetcp scope:Namespaced versions: - name:v1alpha1 schema: openAPIV3Schema: description:IngressRouteTCPistheCRDimplementationofaTraefikTCPRouter. properties: apiVersion: description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type:string kind: description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type:string metadata: type:object spec: description:IngressRouteTCPSpecdefinesthedesiredstateofIngressRouteTCP. properties: entryPoints: description:'EntryPoints defines the list of entry point names to
bind to. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
Default: all.' items: type:string type:array routes: description:Routesdefinesthelistofroutes. items: description:RouteTCPholdstheTCProuteconfiguration. properties: match: description:'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1' type:string middlewares: description:MiddlewaresdefinesthelistofreferencestoMiddlewareTCPresources. items: description:ObjectReferenceisagenericreferencetoaTraefikresource. properties: name: description:NamedefinesthenameofthereferencedTraefikresource. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedTraefikresource. type:string required: -name type:object type:array priority: description:'Priority defines the router''s priority. More
info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1' type:integer services: description:ServicesdefinesthelistofTCPservices. items: description:ServiceTCPdefinesanupstreamTCPservicetoproxytrafficto. properties: name: description:NamedefinesthenameofthereferencedKubernetesService. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedKubernetesService. type:string nativeLB: description:NativeLBcontrols,whencreatingtheload-balancer,whethertheLB'schildrenaredirectlythepodsIPsoriftheonlychildistheKubernetesServiceclusterIP.TheKubernetesServiceitselfdoesload-balancetothepods.Bydefault,NativeLBisfalse.
type:boolean port: anyOf: - type:integer - type:string description:PortdefinestheportofaKubernetesService.Thiscanbeareferencetoanamedport. x-kubernetes-int-or-string:true proxyProtocol: description:'ProxyProtocol defines the PROXY protocol
configuration. More info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol' properties: version: description:VersiondefinesthePROXYProtocolversiontouse. type:integer type:object terminationDelay: description:TerminationDelaydefinesthedeadlinethattheproxysets,afteroneofitsconnectedpeersindicatesithasclosedthewritingcapabilityofitsconnection,toclosethereadingcapabilityaswell,hencefullyterminatingtheconnection.Itisadurationinmilliseconds,defaultingto100.Anegativevaluemeansaninfinitedeadline(i.e.thereadingcapabilityisneverclosed). type:integer weight: description:WeightdefinestheweightusedwhenbalancingrequestsbetweenmultipleKubernetesService. type:integer required: -name -port type:object type:array required: -match type:object type:array tls: description:'TLS defines the TLS configuration on a layer 4 / TCP
Route. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1' properties: certResolver: description:'CertResolver defines the name of the certificate
resolver to use. Cert resolvers have to be configured in the
static configuration. More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers' type:string domains: description:'Domains defines the list of domains that will be
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains' items: description:DomainholdsadomainnamewithSANs. properties: main: description:Maindefinesthemaindomainname. type:string sans: description:SANsdefinesthesubjectalternativedomainnames. items: type:string type:array type:object type:array options: description:'Options defines the reference to a TLSOption, that
specifies the parameters of the TLS connection. If not defined,
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options' properties: name: description:NamedefinesthenameofthereferencedTraefikresource. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedTraefikresource. type:string required: -name type:object passthrough: description:PassthroughdefineswhetheraTLSrouterwillterminatetheTLSconnection. type:boolean secretName: description:SecretNameisthenameofthereferencedKubernetesSecrettospecifythecertificatedetails. type:string store: description:StoredefinesthereferencetotheTLSStore,thatwillbeusedtostorecertificates.Pleasenotethatonly`default`TLSStorecanbeused. properties: name: description:NamedefinesthenameofthereferencedTraefikresource. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedTraefikresource. type:string required: -name type:object type:object required: -routes type:object required: -metadata -spec type:object served:true storage:true---apiVersion:apiextensions.k8s.io/v1kind:CustomResourceDefinitionmetadata: annotations:controller-gen.kubebuilder.io/version:v0.13.0 name:ingressrouteudps.traefik.containo.usspec: group:traefik.containo.us names: kind:IngressRouteUDP listKind:IngressRouteUDPList plural:ingressrouteudps singular:ingressrouteudp scope:Namespaced versions: - name:v1alpha1 schema: openAPIV3Schema: description:IngressRouteUDPisaCRDimplementationofaTraefikUDPRouter. properties: apiVersion: description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type:string kind: description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type:string metadata: type:object spec: description:IngressRouteUDPSpecdefinesthedesiredstateofaIngressRouteUDP. properties: entryPoints: description:'EntryPoints defines the list of entry point names to
bind to. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
Default: all.' items: type:string type:array routes: description:Routesdefinesthelistofroutes. items: description:RouteUDPholdstheUDProuteconfiguration. properties: services: description:ServicesdefinesthelistofUDPservices. items: description:ServiceUDPdefinesanupstreamUDPservicetoproxytrafficto. properties: name: description:NamedefinesthenameofthereferencedKubernetesService. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedKubernetesService. type:string nativeLB: description:NativeLBcontrols,whencreatingtheload-balancer,whethertheLB'schildrenaredirectlythepodsIPsoriftheonlychildistheKubernetesServiceclusterIP.TheKubernetesServiceitselfdoesload-balancetothepods.Bydefault,NativeLBisfalse.
type:boolean port: anyOf: - type:integer - type:string description:PortdefinestheportofaKubernetesService.Thiscanbeareferencetoanamedport. x-kubernetes-int-or-string:true weight: description:WeightdefinestheweightusedwhenbalancingrequestsbetweenmultipleKubernetesService. type:integer required: -name -port type:object type:array type:object type:array required: -routes type:object required: -metadata -spec type:object served:true storage:true---apiVersion:apiextensions.k8s.io/v1kind:CustomResourceDefinitionmetadata: annotations:controller-gen.kubebuilder.io/version:v0.13.0 name:middlewares.traefik.containo.usspec: group:traefik.containo.us names: kind:Middleware listKind:MiddlewareList plural:middlewares singular:middleware scope:Namespaced versions: - name:v1alpha1 schema: openAPIV3Schema: description:'Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/' properties: apiVersion: description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type:string kind: description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type:string metadata: type:object spec: description:MiddlewareSpecdefinesthedesiredstateofaMiddleware. properties: addPrefix: description:'AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding
it. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/' properties: prefix: description:PrefixisthestringtoaddbeforethecurrentpathintherequestedURL.Itshouldincludealeadingslash(/). type:string type:object basicAuth: description:'BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/' properties: headerField: description:'HeaderField defines a header field to store the
authenticated user. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield' type:string realm: description:'Realm allows the protected resources on a server
to be partitioned into a set of protection spaces, each with
its own authentication scheme. Default: traefik.' type:string removeHeader: description:'RemoveHeader sets the removeHeader option to true
to remove the authorization header before forwarding the request
to your service. Default: false.' type:boolean secret: description:SecretisthenameofthereferencedKubernetesSecretcontainingusercredentials. type:string type:object buffering: description:'Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can
be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes' properties: maxRequestBodyBytes: description:'MaxRequestBodyBytes defines the maximum allowed
body size for the request (in bytes). If the request exceeds
the allowed size, it is not forwarded to the service, and the
client gets a 413 (Request Entity Too Large) response. Default:
0 (no maximum).' format:int64 type:integer maxResponseBodyBytes: description:'MaxResponseBodyBytes defines the maximum allowed
response size from the service (in bytes). If the response exceeds
the allowed size, it is not forwarded to the client. The client
gets a 500 (Internal Server Error) response instead. Default:
0 (no maximum).' format:int64 type:integer memRequestBodyBytes: description:'MemRequestBodyBytes defines the threshold (in bytes)
from which the request will be buffered on disk instead of in
memory. Default: 1048576 (1Mi).' format:int64 type:integer memResponseBodyBytes: description:'MemResponseBodyBytes defines the threshold (in bytes)
from which the response will be buffered on disk instead of
in memory. Default: 1048576 (1Mi).' format:int64 type:integer retryExpression: description:'RetryExpression defines the retry conditions. It
is a logical combination of functions with operators AND (&&)
and OR (||). More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression' type:string type:object chain: description:'Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other
pieces of middleware. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/' properties: middlewares: description:MiddlewaresisthelistofMiddlewareRefwhichcomposesthechain. items: description:MiddlewareRefisareferencetoaMiddlewareresource. properties: name: description:NamedefinesthenameofthereferencedMiddlewareresource. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedMiddlewareresource. type:string required: -name type:object type:array type:object circuitBreaker: description:CircuitBreakerholdsthecircuitbreakerconfiguration. properties: checkPeriod: anyOf: - type:integer - type:string description:CheckPeriodistheintervalbetweensuccessivechecksofthecircuitbreakercondition(wheninstandbystate). x-kubernetes-int-or-string:true expression: description:Expressionistheconditionthattriggersthetrippedstate. type:string fallbackDuration: anyOf: - type:integer - type:string description:FallbackDurationisthedurationforwhichthecircuitbreakerwillwaitbeforetryingtorecover(fromatrippedstate). x-kubernetes-int-or-string:true recoveryDuration: anyOf: - type:integer - type:string description:RecoveryDurationisthedurationforwhichthecircuitbreakerwilltrytorecover(assoonasitisinrecoveringstate). x-kubernetes-int-or-string:true type:object compress: description:'Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the
client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/' properties: excludedContentTypes: description:ExcludedContentTypesdefinesthelistofcontenttypestocomparetheContent-Typeheaderoftheincomingrequestsandresponsesbeforecompressing. items: type:string type:array minResponseBodyBytes: description:'MinResponseBodyBytes defines the minimum amount
of bytes a response body must have to be compressed. Default:
1024.' type:integer type:object contentType: description:ContentTypeholdsthecontent-typemiddlewareconfiguration.Thismiddlewareexiststoenablethecorrectbehavioruntilatleastthedefaultonecanbechangedinafutureversion. properties: autoDetect: description:AutoDetectspecifieswhethertoletthe`Content-Type`header,ifithasnotbeensetbythebackend,beautomaticallysettoavaluederivedfromthecontentsoftheresponse.Asaproxy,thedefaultbehaviorshouldbetoleavetheheaderalone,regardlessofwhatthebackenddidwithit.However,thehistoricdefaultwastoalwaysauto-detectandsettheheaderifitwasnil,anditisgoingtobekeptthatwayinordertosupportuserscurrentlyrelyingonit. type:boolean type:object digestAuth: description:'DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/' properties: headerField: description:'HeaderField defines a header field to store the
authenticated user. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield' type:string realm: description:'Realm allows the protected resources on a server
to be partitioned into a set of protection spaces, each with
its own authentication scheme. Default: traefik.' type:string removeHeader: description:RemoveHeaderdefineswhethertoremovetheauthorizationheaderbeforeforwardingtherequesttothebackend. type:boolean secret: description:SecretisthenameofthereferencedKubernetesSecretcontainingusercredentials. type:string type:object errors: description:'ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according
to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/' properties: query: description:QuerydefinestheURLfortheerrorpage(hostedbyservice).The{status}variablecanbeusedinordertoinsertthestatuscodeintheURL. type:string service: description:'Service defines the reference to a Kubernetes Service
that will serve the error page. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service' properties: kind: description:KinddefinesthekindoftheService. enum: -Service -TraefikService type:string name: description:NamedefinesthenameofthereferencedKubernetesServiceorTraefikService.ThedifferentiationbetweenthetwoisspecifiedintheKindfield. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedKubernetesServiceorTraefikService. type:string nativeLB: description:NativeLBcontrols,whencreatingtheload-balancer,whethertheLB'schildrenaredirectlythepodsIPsoriftheonlychildistheKubernetesServiceclusterIP.TheKubernetesServiceitselfdoesload-balancetothepods.Bydefault,NativeLBisfalse.
type:boolean passHostHeader: description:PassHostHeaderdefineswhethertheclientHostheaderisforwardedtotheupstreamKubernetesService.Bydefault,passHostHeaderistrue.
type:boolean port: anyOf: - type:integer - type:string description:PortdefinestheportofaKubernetesService.Thiscanbeareferencetoanamedport. x-kubernetes-int-or-string:true responseForwarding: description:ResponseForwardingdefineshowTraefikforwardstheresponsefromtheupstreamKubernetesServicetotheclient. properties: flushInterval: description:'FlushInterval defines the interval, in milliseconds,
in between flushes to the client while copying the response
body. A negative value means to flush immediately after
each write to the client. This configuration is ignored
when ReverseProxy recognizes a response as a streaming
response; for such responses, writes are flushed to
the client immediately. Default: 100ms' type:string type:object scheme: description:SchemedefinestheschemetousefortherequesttotheupstreamKubernetesService.ItdefaultstohttpswhenKubernetesServiceportis443,httpotherwise. type:string serversTransport: description:ServersTransportdefinesthenameofServersTransportresourcetouse.ItallowstoconfigurethetransportbetweenTraefikandyourservers.CanonlybeusedonaKubernetesService. type:string sticky: description:'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' properties: cookie: description:Cookiedefinesthestickycookieconfiguration. properties: httpOnly: description:HTTPOnlydefineswhetherthecookiecanbeaccessedbyclient-sideAPIs,suchasJavaScript. type:boolean name: description:NamedefinestheCookiename. type:string sameSite: description:'SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' type:string secure: description:Securedefineswhetherthecookiecanonlybetransmittedoveranencryptedconnection(i.e.HTTPS). type:boolean type:object type:object strategy: description:Strategydefinestheloadbalancingstrategybetweentheservers.RoundRobinistheonlysupportedvalueatthemoment. type:string weight: description:WeightdefinestheweightandshouldonlybespecifiedwhenNamereferencesaTraefikServiceobject(andtobeprecise,onethatembedsaWeightedRoundRobin). type:integer required: -name type:object status: description:Statusdefineswhichstatusorrangeofstatusesshouldresultinanerrorpage.Itcanbeeitherastatuscodeasanumber(500),asmultiplecomma-separatednumbers(500,502),asrangesbyseparatingtwocodeswithadash(500-599),oracombinationofthetwo(404,418,500-599). items: type:string type:array type:object forwardAuth: description:'ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/' properties: address: description:Addressdefinestheauthenticationserveraddress. type:string authRequestHeaders: description:AuthRequestHeadersdefinesthelistoftheheaderstocopyfromtherequesttotheauthenticationserver.Ifnotsetoremptythenallrequestheadersarepassed. items: type:string type:array authResponseHeaders: description:AuthResponseHeadersdefinesthelistofheaderstocopyfromtheauthenticationserverresponseandsetonforwardedrequest,replacinganyexistingconflictingheaders. items: type:string type:array authResponseHeadersRegex: description:'AuthResponseHeadersRegex defines the regex to match
headers to copy from the authentication server response and
set on forwarded request, after stripping all headers that match
the regex. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex' type:string tls: description:TLSdefinestheconfigurationusedtosecuretheconnectiontotheauthenticationserver. properties: caOptional: type:boolean caSecret: description:CASecretisthenameofthereferencedKubernetesSecretcontainingtheCAtovalidatetheservercertificate.TheCAcertificateisextractedfromkey`tls.ca`or`ca.crt`. type:string certSecret: description:CertSecretisthenameofthereferencedKubernetesSecretcontainingtheclientcertificate.Theclientcertificateisextractedfromthekeys`tls.crt`and`tls.key`. type:string insecureSkipVerify: description:InsecureSkipVerifydefineswhethertheservercertificatesshouldbevalidated. type:boolean type:object trustForwardHeader: description:'TrustForwardHeader defines whether to trust (ie:
forward) all X-Forwarded-* headers.' type:boolean type:object headers: description:'Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers. More
info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders' properties: accessControlAllowCredentials: description:AccessControlAllowCredentialsdefineswhethertherequestcanincludeusercredentials. type:boolean accessControlAllowHeaders: description:AccessControlAllowHeadersdefinestheAccess-Control-Request-Headersvaluessentinpreflightresponse. items: type:string type:array accessControlAllowMethods: description:AccessControlAllowMethodsdefinestheAccess-Control-Request-Methodvaluessentinpreflightresponse. items: type:string type:array accessControlAllowOriginList: description:AccessControlAllowOriginListisalistofallowableorigins.Canalsobeawildcardorigin"*". items: type:string type:array accessControlAllowOriginListRegex: description:AccessControlAllowOriginListRegexisalistofallowableoriginswrittenfollowingtheRegularExpressionsyntax(https://golang.org/pkg/regexp/). items: type:string type:array accessControlExposeHeaders: description:AccessControlExposeHeadersdefinestheAccess-Control-Expose-Headersvaluessentinpreflightresponse. items: type:string type:array accessControlMaxAge: description:AccessControlMaxAgedefinesthetimethatapreflightrequestmaybecached. format:int64 type:integer addVaryHeader: description:AddVaryHeaderdefineswhethertheVaryheaderisautomaticallyadded/updatedwhentheAccessControlAllowOriginListisset. type:boolean allowedHosts: description:AllowedHostsdefinesthefullyqualifiedlistofalloweddomainnames. items: type:string type:array browserXssFilter: description:BrowserXSSFilterdefineswhethertoaddtheX-XSS-Protectionheaderwiththevalue1;mode=block. type:boolean contentSecurityPolicy: description:ContentSecurityPolicydefinestheContent-Security-Policyheadervalue. type:string contentTypeNosniff: description:ContentTypeNosniffdefineswhethertoaddtheX-Content-Type-Optionsheaderwiththenosniffvalue. type:boolean customBrowserXSSValue: description:CustomBrowserXSSValuedefinestheX-XSS-Protectionheadervalue.ThisoverridestheBrowserXssFilteroption. type:string customFrameOptionsValue: description:CustomFrameOptionsValuedefinestheX-Frame-Optionsheadervalue.ThisoverridestheFrameDenyoption. type:string customRequestHeaders: additionalProperties: type:string description:CustomRequestHeadersdefinestheheadernamesandvaluestoapplytotherequest. type:object customResponseHeaders: additionalProperties: type:string description:CustomResponseHeadersdefinestheheadernamesandvaluestoapplytotheresponse. type:object featurePolicy: description:'Deprecated: use PermissionsPolicy instead.' type:string forceSTSHeader: description:ForceSTSHeaderdefineswhethertoaddtheSTSheaderevenwhentheconnectionisHTTP. type:boolean frameDeny: description:FrameDenydefineswhethertoaddtheX-Frame-OptionsheaderwiththeDENYvalue. type:boolean hostsProxyHeaders: description:HostsProxyHeadersdefinestheheaderkeysthatmayholdaproxiedhostnamevaluefortherequest. items: type:string type:array isDevelopment: description:IsDevelopmentdefineswhethertomitigatetheunwantedeffectsoftheAllowedHosts,SSL,andSTSoptionswhendeveloping.UsuallytestingtakesplaceusingHTTP,notHTTPS,andonlocalhost,notyourproductiondomain.IfyouwouldlikeyourdevelopmentenvironmenttomimicproductionwithcompleteHostblocking,SSLredirects,andSTSheaders,leavethisasfalse.
type:boolean permissionsPolicy: description:PermissionsPolicydefinesthePermissions-Policyheadervalue.Thisallowssitestocontrolbrowserfeatures. type:string publicKey: description:PublicKeyisthepublickeythatimplementsHPKPtopreventMITMattackswithforgedcertificates. type:string referrerPolicy: description:ReferrerPolicydefinestheReferrer-Policyheadervalue.ThisallowssitestocontrolwhetherbrowsersforwardtheRefererheadertoothersites. type:string sslForceHost: description:'Deprecated: use RedirectRegex instead.' type:boolean sslHost: description:'Deprecated: use RedirectRegex instead.' type:string sslProxyHeaders: additionalProperties: type:string description:'SSLProxyHeaders defines the header keys with associated
values that would indicate a valid HTTPS request. It can be
useful when using other proxies (example: "X-Forwarded-Proto":
"https").' type:object sslRedirect: description:'Deprecated: use EntryPoint redirection or RedirectScheme
instead.' type:boolean sslTemporaryRedirect: description:'Deprecated: use EntryPoint redirection or RedirectScheme
instead.' type:boolean stsIncludeSubdomains: description:STSIncludeSubdomainsdefineswhethertheincludeSubDomainsdirectiveisappendedtotheStrict-Transport-Securityheader. type:boolean stsPreload: description:STSPreloaddefineswhetherthepreloadflagisappendedtotheStrict-Transport-Securityheader. type:boolean stsSeconds: description:STSSecondsdefinesthemax-ageoftheStrict-Transport-Securityheader.Ifsetto0,theheaderisnotset. format:int64 type:integer type:object inFlightReq: description:'InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and
served concurrently. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/' properties: amount: description:Amountdefinesthemaximumamountofallowedsimultaneousin-flightrequest.ThemiddlewarerespondswithHTTP429TooManyRequestsiftherearealreadyamountrequestsinprogress(basedonthesamesourceCriterionstrategy). format:int64 type:integer sourceCriterion: description:'SourceCriterion defines what criterion is used to
group requests as originating from a common source. If several
strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost. More
info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion' properties: ipStrategy: description:'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description:DepthtellsTraefiktousetheX-Forwarded-ForheaderandtaketheIPlocatedatthedepthposition(startingfromtheright). type:integer excludedIPs: description:ExcludedIPsconfiguresTraefiktoscantheX-Forwarded-ForheaderandselectthefirstIPnotinthelist. items: type:string type:array type:object requestHeaderName: description:RequestHeaderNamedefinesthenameoftheheaderusedtogroupincomingrequests. type:string requestHost: description:RequestHostdefineswhethertoconsidertherequestHostasthesource. type:boolean type:object type:object ipAllowList: description:'IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/' properties: ipStrategy: description:'IPStrategy holds the IP strategy configuration used
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description:DepthtellsTraefiktousetheX-Forwarded-ForheaderandtaketheIPlocatedatthedepthposition(startingfromtheright). type:integer excludedIPs: description:ExcludedIPsconfiguresTraefiktoscantheX-Forwarded-ForheaderandselectthefirstIPnotinthelist. items: type:string type:array type:object sourceRange: description:SourceRangedefinesthesetofallowedIPs(orrangesofallowedIPsbyusingCIDRnotation). items: type:string type:array type:object ipWhiteList: description:'IPWhiteList holds the IP whitelist middleware configuration.
This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
Deprecated: please use IPAllowList instead.' properties: ipStrategy: description:'IPStrategy holds the IP strategy configuration used
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description:DepthtellsTraefiktousetheX-Forwarded-ForheaderandtaketheIPlocatedatthedepthposition(startingfromtheright). type:integer excludedIPs: description:ExcludedIPsconfiguresTraefiktoscantheX-Forwarded-ForheaderandselectthefirstIPnotinthelist. items: type:string type:array type:object sourceRange: description:SourceRangedefinesthesetofallowedIPs(orrangesofallowedIPsbyusingCIDRnotation). items: type:string type:array type:object passTLSClientCert: description:'PassTLSClientCert holds the pass TLS client cert middleware
configuration. This middleware adds the selected data from the passed
client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/' properties: info: description:InfoselectsthespecificclientcertificatedetailsyouwanttoaddtotheX-Forwarded-Tls-Client-Cert-Infoheader. properties: issuer: description:IssuerdefinestheclientcertificateissuerdetailstoaddtotheX-Forwarded-Tls-Client-Cert-Infoheader. properties: commonName: description:CommonNamedefineswhethertoaddtheorganizationalUnitinformationintotheissuer. type:boolean country: description:Countrydefineswhethertoaddthecountryinformationintotheissuer. type:boolean domainComponent: description:DomainComponentdefineswhethertoaddthedomainComponentinformationintotheissuer. type:boolean locality: description:Localitydefineswhethertoaddthelocalityinformationintotheissuer. type:boolean organization: description:Organizationdefineswhethertoaddtheorganizationinformationintotheissuer. type:boolean province: description:Provincedefineswhethertoaddtheprovinceinformationintotheissuer. type:boolean serialNumber: description:SerialNumberdefineswhethertoaddtheserialNumberinformationintotheissuer. type:boolean type:object notAfter: description:NotAfterdefineswhethertoaddtheNotAfterinformationfromtheValiditypart. type:boolean notBefore: description:NotBeforedefineswhethertoaddtheNotBeforeinformationfromtheValiditypart. type:boolean sans: description:SansdefineswhethertoaddtheSubjectAlternativeNameinformationfromtheSubjectAlternativeNamepart. type:boolean serialNumber: description:SerialNumberdefineswhethertoaddtheclientserialNumberinformation. type:boolean subject: description:SubjectdefinestheclientcertificatesubjectdetailstoaddtotheX-Forwarded-Tls-Client-Cert-Infoheader. properties: commonName: description:CommonNamedefineswhethertoaddtheorganizationalUnitinformationintothesubject. type:boolean country: description:Countrydefineswhethertoaddthecountryinformationintothesubject. type:boolean domainComponent: description:DomainComponentdefineswhethertoaddthedomainComponentinformationintothesubject. type:boolean locality: description:Localitydefineswhethertoaddthelocalityinformationintothesubject. type:boolean organization: description:Organizationdefineswhethertoaddtheorganizationinformationintothesubject. type:boolean organizationalUnit: description:OrganizationalUnitdefineswhethertoaddtheorganizationalUnitinformationintothesubject. type:boolean province: description:Provincedefineswhethertoaddtheprovinceinformationintothesubject. type:boolean serialNumber: description:SerialNumberdefineswhethertoaddtheserialNumberinformationintothesubject. type:boolean type:object type:object pem: description:PEMsetstheX-Forwarded-Tls-Client-Certheaderwiththecertificate. type:boolean type:object plugin: additionalProperties: x-kubernetes-preserve-unknown-fields:true description:'Plugin defines the middleware plugin configuration.
More info: https://doc.traefik.io/traefik/plugins/' type:object rateLimit: description:'RateLimit holds the rate limit configuration. This middleware
ensures that services will receive a fair amount of requests, and
allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/' properties: average: description:Averageisthemaximumrate,bydefaultinrequests/s,allowedforthegivensource.Itdefaultsto0,whichmeansnoratelimiting.TherateisactuallydefinedbydividingAveragebyPeriod.Soforaratebelow1req/s,oneneedstodefineaPeriodlargerthanasecond. format:int64 type:integer burst: description:Burstisthemaximumnumberofrequestsallowedtoarriveinthesamearbitrarilysmallperiodoftime.Itdefaultsto1. format:int64 type:integer period: anyOf: - type:integer - type:string description:'Period, in combination with Average, defines the
actual maximum rate, such as: r = Average / Period. It defaults
to a second.' x-kubernetes-int-or-string:true sourceCriterion: description:SourceCriteriondefineswhatcriterionisusedtogrouprequestsasoriginatingfromacommonsource.Ifseveralstrategiesaredefinedatthesametime,anerrorwillberaised.Ifnoneareset,thedefaultistousetherequest'sremoteaddressfield(asanipStrategy). properties: ipStrategy: description:'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy' properties: depth: description:DepthtellsTraefiktousetheX-Forwarded-ForheaderandtaketheIPlocatedatthedepthposition(startingfromtheright). type:integer excludedIPs: description:ExcludedIPsconfiguresTraefiktoscantheX-Forwarded-ForheaderandselectthefirstIPnotinthelist. items: type:string type:array type:object requestHeaderName: description:RequestHeaderNamedefinesthenameoftheheaderusedtogroupincomingrequests. type:string requestHost: description:RequestHostdefineswhethertoconsidertherequestHostasthesource. type:boolean type:object type:object redirectRegex: description:'RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex' properties: permanent: description:Permanentdefineswhethertheredirectionispermanent(301). type:boolean regex: description:RegexdefinestheregexusedtomatchandcaptureelementsfromtherequestURL. type:string replacement: description:ReplacementdefineshowtomodifytheURLtohavethenewtargetURL. type:string type:object redirectScheme: description:'RedirectScheme holds the redirect scheme middleware
configuration. This middleware redirects requests from a scheme/port
to another. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/' properties: permanent: description:Permanentdefineswhethertheredirectionispermanent(301). type:boolean port: description:PortdefinestheportofthenewURL. type:string scheme: description:SchemedefinestheschemeofthenewURL. type:string type:object replacePath: description:'ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the
original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/' properties: path: description:PathdefinesthepathtouseasreplacementintherequestURL. type:string type:object replacePathRegex: description:'ReplacePathRegex holds the replace path regex middleware
configuration. This middleware replaces the path of a URL using
regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/' properties: regex: description:RegexdefinestheregularexpressionusedtomatchandcapturethepathfromtherequestURL. type:string replacement: description:Replacementdefinesthereplacementpathformat,whichcanincludecapturedvariables. type:string type:object retry: description:'Retry holds the retry middleware configuration. This
middleware reissues requests a given number of times to a backend
server if that server does not reply. As soon as the server answers,
the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/' properties: attempts: description:Attemptsdefineshowmanytimestherequestshouldberetried. type:integer initialInterval: anyOf: - type:integer - type:string description:InitialIntervaldefinesthefirstwaittimeintheexponentialbackoffseries.ThemaximumintervaliscalculatedastwicetheinitialInterval.Ifunspecified,requestswillberetriedimmediately.ThevalueofinitialIntervalshouldbeprovidedinsecondsorasavaliddurationformat,seehttps://pkg.go.dev/time#ParseDuration. x-kubernetes-int-or-string:true type:object stripPrefix: description:'StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/' properties: forceSlash: description:'ForceSlash ensures that the resulting stripped path
is not the empty string, by replacing it with / when necessary.
Default: true.' type:boolean prefixes: description:PrefixesdefinestheprefixestostripfromtherequestURL. items: type:string type:array type:object stripPrefixRegex: description:'StripPrefixRegex holds the strip prefix regex middleware
configuration. This middleware removes the matching prefixes from
the URL path. More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/' properties: regex: description:RegexdefinestheregularexpressiontomatchthepathprefixfromtherequestURL. items: type:string type:array type:object type:object required: -metadata -spec type:object served:true storage:true---apiVersion:apiextensions.k8s.io/v1kind:CustomResourceDefinitionmetadata: annotations:controller-gen.kubebuilder.io/version:v0.13.0 name:middlewaretcps.traefik.containo.usspec: group:traefik.containo.us names: kind:MiddlewareTCP listKind:MiddlewareTCPList plural:middlewaretcps singular:middlewaretcp scope:Namespaced versions: - name:v1alpha1 schema: openAPIV3Schema: description:'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/' properties: apiVersion: description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type:string kind: description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type:string metadata: type:object spec: description:MiddlewareTCPSpecdefinesthedesiredstateofaMiddlewareTCP. properties: inFlightConn: description:InFlightConndefinestheInFlightConnmiddlewareconfiguration. properties: amount: description:Amountdefinesthemaximumamountofallowedsimultaneousconnections.Themiddlewareclosestheconnectioniftherearealreadyamountconnectionsopened. format:int64 type:integer type:object ipAllowList: description:'IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client
IP. More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/' properties: sourceRange: description:SourceRangedefinestheallowedIPs(orrangesofallowedIPsbyusingCIDRnotation). items: type:string type:array type:object ipWhiteList: description:'IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client
IP. Deprecated: please use IPAllowList instead. More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/' properties: sourceRange: description:SourceRangedefinestheallowedIPs(orrangesofallowedIPsbyusingCIDRnotation). items: type:string type:array type:object type:object required: -metadata -spec type:object served:true storage:true---apiVersion:apiextensions.k8s.io/v1kind:CustomResourceDefinitionmetadata: annotations:controller-gen.kubebuilder.io/version:v0.13.0 name:serverstransports.traefik.containo.usspec: group:traefik.containo.us names: kind:ServersTransport listKind:ServersTransportList plural:serverstransports singular:serverstransport scope:Namespaced versions: - name:v1alpha1 schema: openAPIV3Schema: description:'ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1' properties: apiVersion: description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type:string kind: description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type:string metadata: type:object spec: description:ServersTransportSpecdefinesthedesiredstateofaServersTransport. properties: certificatesSecrets: description:CertificatesSecretsdefinesalistofsecretstoringclientcertificatesformTLS. items: type:string type:array disableHTTP2: description:DisableHTTP2disablesHTTP/2forconnectionswithbackendservers. type:boolean forwardingTimeouts: description:ForwardingTimeoutsdefinesthetimeoutsforrequestsforwardedtothebackendservers. properties: dialTimeout: anyOf: - type:integer - type:string description:DialTimeoutistheamountoftimetowaituntilaconnectiontoabackendservercanbeestablished. x-kubernetes-int-or-string:true idleConnTimeout: anyOf: - type:integer - type:string description:IdleConnTimeoutisthemaximumperiodforwhichanidleHTTPkeep-aliveconnectionwillremainopenbeforeclosingitself. x-kubernetes-int-or-string:true pingTimeout: anyOf: - type:integer - type:string description:PingTimeoutisthetimeoutafterwhichtheHTTP/2connectionwillbeclosedifaresponsetopingisnotreceived. x-kubernetes-int-or-string:true readIdleTimeout: anyOf: - type:integer - type:string description:ReadIdleTimeoutisthetimeoutafterwhichahealthcheckusingpingframewillbecarriedoutifnoframeisreceivedontheHTTP/2connection. x-kubernetes-int-or-string:true responseHeaderTimeout: anyOf: - type:integer - type:string description:ResponseHeaderTimeoutistheamountoftimetowaitforaserver'sresponseheadersafterfullywritingtherequest(includingitsbody,ifany). x-kubernetes-int-or-string:true type:object insecureSkipVerify: description:InsecureSkipVerifydisablesSSLcertificateverification. type:boolean maxIdleConnsPerHost: description:MaxIdleConnsPerHostcontrolsthemaximumidle(keep-alive)tokeepper-host. type:integer peerCertURI: description:PeerCertURIdefinesthepeercertURIusedtomatchagainstSANURIduringthepeercertificateverification. type:string rootCAsSecrets: description:RootCAsSecretsdefinesalistofCAsecretusedtovalidateself-signedcertificate. items: type:string type:array serverName: description:ServerNamedefinestheservernameusedtocontacttheserver. type:string type:object required: -metadata -spec type:object served:true storage:true---apiVersion:apiextensions.k8s.io/v1kind:CustomResourceDefinitionmetadata: annotations:controller-gen.kubebuilder.io/version:v0.13.0 name:tlsoptions.traefik.containo.usspec: group:traefik.containo.us names: kind:TLSOption listKind:TLSOptionList plural:tlsoptions singular:tlsoption scope:Namespaced versions: - name:v1alpha1 schema: openAPIV3Schema: description:'TLSOption is the CRD implementation of a Traefik TLS Option,
allowing to configure some parameters of the TLS connection. More info:
https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options' properties: apiVersion: description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type:string kind: description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type:string metadata: type:object spec: description:TLSOptionSpecdefinesthedesiredstateofaTLSOption. properties: alpnProtocols: description:'ALPNProtocols defines the list of supported application
level protocols for the TLS handshake, in order of preference. More
info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols' items: type:string type:array cipherSuites: description:'CipherSuites defines the list of supported cipher suites
for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites' items: type:string type:array clientAuth: description:ClientAuthdefinestheserver'spolicyforTLSClientAuthentication. properties: clientAuthType: description:ClientAuthTypedefinestheclientauthenticationtypetoapply. enum: -NoClientCert -RequestClientCert -RequireAnyClientCert -VerifyClientCertIfGiven -RequireAndVerifyClientCert type:string secretNames: description:SecretNamesdefinesthenamesofthereferencedKubernetesSecretstoringcertificatedetails. items: type:string type:array type:object curvePreferences: description:'CurvePreferences defines the preferred elliptic curves
in a specific order. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences' items: type:string type:array maxVersion: description:'MaxVersion defines the maximum TLS version that Traefik
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
VersionTLS13. Default: None.' type:string minVersion: description:'MinVersion defines the minimum TLS version that Traefik
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
VersionTLS13. Default: VersionTLS10.' type:string preferServerCipherSuites: description:'PreferServerCipherSuites defines whether the server
chooses a cipher suite among his own instead of among the client''s.
It is enabled automatically when minVersion or maxVersion is set.
Deprecated: https://github.com/golang/go/issues/45430' type:boolean sniStrict: description:SniStrictdefineswhetherTraefikallowsconnectionsfromclientsconnectionsthatdonotspecifyaserver_nameextension. type:boolean type:object required: -metadata -spec type:object served:true storage:true---apiVersion:apiextensions.k8s.io/v1kind:CustomResourceDefinitionmetadata: annotations:controller-gen.kubebuilder.io/version:v0.13.0 name:tlsstores.traefik.containo.usspec: group:traefik.containo.us names: kind:TLSStore listKind:TLSStoreList plural:tlsstores singular:tlsstore scope:Namespaced versions: - name:v1alpha1 schema: openAPIV3Schema: description:'TLSStore is the CRD implementation of a Traefik TLS Store. For
the time being, only the TLSStore named default is supported. This means
that you cannot have two stores that are named default in different Kubernetes
namespaces. More info: https://doc.traefik.io/traefik/v2.11/https/tls/#certificates-stores' properties: apiVersion: description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type:string kind: description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type:string metadata: type:object spec: description:TLSStoreSpecdefinesthedesiredstateofaTLSStore. properties: certificates: description:Certificatesisalistofsecretnames,eachsecretholdingakey/certificatepairtoaddtothestore. items: description:CertificateholdsasecretnamefortheTLSStoreresource. properties: secretName: description:SecretNameisthenameofthereferencedKubernetesSecrettospecifythecertificatedetails. type:string required: -secretName type:object type:array defaultCertificate: description:DefaultCertificatedefinesthedefaultcertificateconfiguration. properties: secretName: description:SecretNameisthenameofthereferencedKubernetesSecrettospecifythecertificatedetails. type:string required: -secretName type:object defaultGeneratedCert: description:DefaultGeneratedCertdefinesthedefaultgeneratedcertificateconfiguration. properties: domain: description:DomainisthedomaindefinitionfortheDefaultCertificate. properties: main: description:Maindefinesthemaindomainname. type:string sans: description:SANsdefinesthesubjectalternativedomainnames. items: type:string type:array type:object resolver: description:ResolveristhenameoftheresolverthatwillbeusedtoissuetheDefaultCertificate. type:string type:object type:object required: -metadata -spec type:object served:true storage:true---apiVersion:apiextensions.k8s.io/v1kind:CustomResourceDefinitionmetadata: annotations:controller-gen.kubebuilder.io/version:v0.13.0 name:traefikservices.traefik.containo.usspec: group:traefik.containo.us names: kind:TraefikService listKind:TraefikServiceList plural:traefikservices singular:traefikservice scope:Namespaced versions: - name:v1alpha1 schema: openAPIV3Schema: description:'TraefikService is the CRD implementation of a Traefik Service.
TraefikService object allows to: - Apply weight to Services on load-balancing
- Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-traefikservice' properties: apiVersion: description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type:string kind: description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type:string metadata: type:object spec: description:TraefikServiceSpecdefinesthedesiredstateofaTraefikService. properties: mirroring: description:MirroringdefinestheMirroringserviceconfiguration. properties: kind: description:KinddefinesthekindoftheService. enum: -Service -TraefikService type:string maxBodySize: description:MaxBodySizedefinesthemaximumsizeallowedforthebodyoftherequest.Ifthebodyislarger,therequestisnotmirrored.Defaultvalueis-1,whichmeansunlimitedsize. format:int64 type:integer mirrors: description:MirrorsdefinesthelistofmirrorswhereTraefikwillduplicatethetraffic. items: description:MirrorServiceholdsthemirrorconfiguration. properties: kind: description:KinddefinesthekindoftheService. enum: -Service -TraefikService type:string name: description:NamedefinesthenameofthereferencedKubernetesServiceorTraefikService.ThedifferentiationbetweenthetwoisspecifiedintheKindfield. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedKubernetesServiceorTraefikService. type:string nativeLB: description:NativeLBcontrols,whencreatingtheload-balancer,whethertheLB'schildrenaredirectlythepodsIPsoriftheonlychildistheKubernetesServiceclusterIP.TheKubernetesServiceitselfdoesload-balancetothepods.Bydefault,NativeLBisfalse.
type:boolean passHostHeader: description:PassHostHeaderdefineswhethertheclientHostheaderisforwardedtotheupstreamKubernetesService.Bydefault,passHostHeaderistrue.
type:boolean percent: description:'Percent defines the part of the traffic to
mirror. Supported values: 0 to 100.' type:integer port: anyOf: - type:integer - type:string description:PortdefinestheportofaKubernetesService.Thiscanbeareferencetoanamedport. x-kubernetes-int-or-string:true responseForwarding: description:ResponseForwardingdefineshowTraefikforwardstheresponsefromtheupstreamKubernetesServicetotheclient. properties: flushInterval: description:'FlushInterval defines the interval, in
milliseconds, in between flushes to the client while
copying the response body. A negative value means
to flush immediately after each write to the client.
This configuration is ignored when ReverseProxy recognizes
a response as a streaming response; for such responses,
writes are flushed to the client immediately. Default:
100ms' type:string type:object scheme: description:SchemedefinestheschemetousefortherequesttotheupstreamKubernetesService.ItdefaultstohttpswhenKubernetesServiceportis443,httpotherwise. type:string serversTransport: description:ServersTransportdefinesthenameofServersTransportresourcetouse.ItallowstoconfigurethetransportbetweenTraefikandyourservers.CanonlybeusedonaKubernetesService. type:string sticky: description:'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' properties: cookie: description:Cookiedefinesthestickycookieconfiguration. properties: httpOnly: description:HTTPOnlydefineswhetherthecookiecanbeaccessedbyclient-sideAPIs,suchasJavaScript. type:boolean name: description:NamedefinestheCookiename. type:string sameSite: description:'SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' type:string secure: description:Securedefineswhetherthecookiecanonlybetransmittedoveranencryptedconnection(i.e.HTTPS). type:boolean type:object type:object strategy: description:Strategydefinestheloadbalancingstrategybetweentheservers.RoundRobinistheonlysupportedvalueatthemoment. type:string weight: description:WeightdefinestheweightandshouldonlybespecifiedwhenNamereferencesaTraefikServiceobject(andtobeprecise,onethatembedsaWeightedRoundRobin). type:integer required: -name type:object type:array name: description:NamedefinesthenameofthereferencedKubernetesServiceorTraefikService.ThedifferentiationbetweenthetwoisspecifiedintheKindfield. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedKubernetesServiceorTraefikService. type:string nativeLB: description:NativeLBcontrols,whencreatingtheload-balancer,whethertheLB'schildrenaredirectlythepodsIPsoriftheonlychildistheKubernetesServiceclusterIP.TheKubernetesServiceitselfdoesload-balancetothepods.Bydefault,NativeLBisfalse.
type:boolean passHostHeader: description:PassHostHeaderdefineswhethertheclientHostheaderisforwardedtotheupstreamKubernetesService.Bydefault,passHostHeaderistrue.
type:boolean port: anyOf: - type:integer - type:string description:PortdefinestheportofaKubernetesService.Thiscanbeareferencetoanamedport. x-kubernetes-int-or-string:true responseForwarding: description:ResponseForwardingdefineshowTraefikforwardstheresponsefromtheupstreamKubernetesServicetotheclient. properties: flushInterval: description:'FlushInterval defines the interval, in milliseconds,
in between flushes to the client while copying the response
body. A negative value means to flush immediately after
each write to the client. This configuration is ignored
when ReverseProxy recognizes a response as a streaming response;
for such responses, writes are flushed to the client immediately.
Default: 100ms' type:string type:object scheme: description:SchemedefinestheschemetousefortherequesttotheupstreamKubernetesService.ItdefaultstohttpswhenKubernetesServiceportis443,httpotherwise. type:string serversTransport: description:ServersTransportdefinesthenameofServersTransportresourcetouse.ItallowstoconfigurethetransportbetweenTraefikandyourservers.CanonlybeusedonaKubernetesService. type:string sticky: description:'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' properties: cookie: description:Cookiedefinesthestickycookieconfiguration. properties: httpOnly: description:HTTPOnlydefineswhetherthecookiecanbeaccessedbyclient-sideAPIs,suchasJavaScript. type:boolean name: description:NamedefinestheCookiename. type:string sameSite: description:'SameSite defines the same site policy. More
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' type:string secure: description:Securedefineswhetherthecookiecanonlybetransmittedoveranencryptedconnection(i.e.HTTPS). type:boolean type:object type:object strategy: description:Strategydefinestheloadbalancingstrategybetweentheservers.RoundRobinistheonlysupportedvalueatthemoment. type:string weight: description:WeightdefinestheweightandshouldonlybespecifiedwhenNamereferencesaTraefikServiceobject(andtobeprecise,onethatembedsaWeightedRoundRobin). type:integer required: -name type:object weighted: description:WeighteddefinestheWeightedRoundRobinconfiguration. properties: services: description:ServicesdefinesthelistofKubernetesServiceand/orTraefikServicetoload-balance,withweight. items: description:ServicedefinesanupstreamHTTPservicetoproxytrafficto. properties: kind: description:KinddefinesthekindoftheService. enum: -Service -TraefikService type:string name: description:NamedefinesthenameofthereferencedKubernetesServiceorTraefikService.ThedifferentiationbetweenthetwoisspecifiedintheKindfield. type:string namespace: description:NamespacedefinesthenamespaceofthereferencedKubernetesServiceorTraefikService. type:string nativeLB: description:NativeLBcontrols,whencreatingtheload-balancer,whethertheLB'schildrenaredirectlythepodsIPsoriftheonlychildistheKubernetesServiceclusterIP.TheKubernetesServiceitselfdoesload-balancetothepods.Bydefault,NativeLBisfalse.
type:boolean passHostHeader: description:PassHostHeaderdefineswhethertheclientHostheaderisforwardedtotheupstreamKubernetesService.Bydefault,passHostHeaderistrue.
type:boolean port: anyOf: - type:integer - type:string description:PortdefinestheportofaKubernetesService.Thiscanbeareferencetoanamedport. x-kubernetes-int-or-string:true responseForwarding: description:ResponseForwardingdefineshowTraefikforwardstheresponsefromtheupstreamKubernetesServicetotheclient. properties: flushInterval: description:'FlushInterval defines the interval, in
milliseconds, in between flushes to the client while
copying the response body. A negative value means
to flush immediately after each write to the client.
This configuration is ignored when ReverseProxy recognizes
a response as a streaming response; for such responses,
writes are flushed to the client immediately. Default:
100ms' type:string type:object scheme: description:SchemedefinestheschemetousefortherequesttotheupstreamKubernetesService.ItdefaultstohttpswhenKubernetesServiceportis443,httpotherwise. type:string serversTransport: description:ServersTransportdefinesthenameofServersTransportresourcetouse.ItallowstoconfigurethetransportbetweenTraefikandyourservers.CanonlybeusedonaKubernetesService. type:string sticky: description:'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions' properties: cookie: description:Cookiedefinesthestickycookieconfiguration. properties: httpOnly: description:HTTPOnlydefineswhetherthecookiecanbeaccessedbyclient-sideAPIs,suchasJavaScript. type:boolean name: description:NamedefinestheCookiename. type:string sameSite: description:'SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' type:string secure: description:Securedefineswhetherthecookiecanonlybetransmittedoveranencryptedconnection(i.e.HTTPS). type:boolean type:object type:object strategy: description:Strategydefinestheloadbalancingstrategybetweentheservers.RoundRobinistheonlysupportedvalueatthemoment. type:string weight: description:WeightdefinestheweightandshouldonlybespecifiedwhenNamereferencesaTraefikServiceobject(andtobeprecise,onethatembedsaWeightedRoundRobin). type:integer required: -name type:object type:array sticky: description:'Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' properties: cookie: description:Cookiedefinesthestickycookieconfiguration. properties: httpOnly: description:HTTPOnlydefineswhetherthecookiecanbeaccessedbyclient-sideAPIs,suchasJavaScript. type:boolean name: description:NamedefinestheCookiename. type:string sameSite: description:'SameSite defines the same site policy. More
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' type:string secure: description:Securedefineswhetherthecookiecanonlybetransmittedoveranencryptedconnection(i.e.HTTPS). type:boolean type:object type:object type:object type:object required: -metadata -spec type:object served:true storage:true
apiVersion:traefik.containo.us/v1alpha1kind:TraefikServicemetadata: name:wrr2 namespace:defaultspec: weighted: services: - name:s1 weight:1 port:80# Optional, as it is the default value kind:Service - name:s3 weight:1 port:80---apiVersion:traefik.containo.us/v1alpha1kind:TraefikServicemetadata: name:wrr1 namespace:defaultspec: weighted: services: - name:wrr2 kind:TraefikService weight:1 - name:s3 weight:1 port:80---apiVersion:traefik.containo.us/v1alpha1kind:TraefikServicemetadata: name:mirror1 namespace:defaultspec: mirroring: name:s1 port:80 mirrors: - name:s3 percent:20 port:80 - name:mirror2 kind:TraefikService percent:20---apiVersion:traefik.containo.us/v1alpha1kind:TraefikServicemetadata: name:mirror2 namespace:defaultspec: mirroring: name:wrr2 kind:TraefikService mirrors: - name:s2# Optional, as it is the default value kind:Service percent:20 port:80---apiVersion:traefik.containo.us/v1alpha1kind:IngressRoutemetadata: name:ingressroutespec: entryPoints: -web -websecure routes: - match:Host(`foo.com`)&&PathPrefix(`/bar`) kind:Rule priority:12# defining several services is possible and allowed, but for now the servers of# all the services (for a given route) get merged altogether under the same# load-balancing strategy. services: - name:s1 port:80 healthCheck: path:/health host:baz.com intervalSeconds:7 timeoutSeconds:60# strategy defines the load balancing strategy between the servers. It defaults# to Round Robin, and for now only Round Robin is supported anyway. strategy:RoundRobin - name:s2 port:433 healthCheck: path:/health host:baz.com intervalSeconds:7 timeoutSeconds:60 - match:PathPrefix(`/misc`) services: - name:s3 port:80 middlewares: - name:stripprefix - name:addprefix - match:PathPrefix(`/misc`) services: - name:s3# Optional, as it is the default value kind:Service port:8443# scheme allow to override the scheme for the service. (ex: https or h2c) scheme:https - match:PathPrefix(`/lb`) services: - name:wrr1 kind:TraefikService - match:PathPrefix(`/mirrored`) services: - name:mirror1 kind:TraefikService# use an empty tls object for TLS with Let's Encrypt tls: secretName:supersecret options: name:myTLSOption namespace:default---apiVersion:traefik.containo.us/v1alpha1kind:IngressRouteTCPmetadata: name:ingressroutetcp.crd namespace:defaultspec: entryPoints: -footcp routes: - match:HostSNI(`bar.com`) services: - name:whoamitcp port:8080 tls: secretName:foosecret passthrough:false options: name:myTLSOption namespace:default