Skip to main content

Servers Transport in Kubernetes

A ServersTransport allows you to configure the connection between Traefik Hub API Gateway and the HTTP servers.

If there is no ServersTransport specified on a service, by default ServersTransport is applied. This default ServersTransport can be customized using options in the static configuration.

A ServersTransport can be applied on a service using:

"Reference a ServersTransport CRD from another namespace"

The value must be of form namespace-name@kubernetescrd, and the allowCrossNamespace option must be enabled at the provider level.


Configuration Example

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: test-name
namespace: apps
spec:
entryPoints:
- websecure
routes:
- match: Host(`example.com`) && PathPrefix(`/foo`)
kind: Rule
services:
- kind: Service
name: svc1
namespace: apps
# Format: namespace-name@providername
serversTransport: apps-mytransport@kubernetescrd
tls:
# Add a TLS certificate from a Kubernetes Secret
secretName: supersecret

Configuration Options

FieldDescriptionDefaultRequired
serverNameServer name that will be used for SNI.""No
insecureSkipVerifyControls whether the server's certificate chain and host name is verified.falseNo
rootCAsSecretsSet of root certificate authorities to use when verifying server certificates. (for mTLS connections).
The secrets must contain a certificate under either a tls.ca or a ca.crt key.
No
certificatesSecretsCertificates to present to the server (for mTLS connections)..
The secrets must contain a certificate under either a tls.key and tls.crt keys.
No
maxIdleConnsPerHostMaximum idle (keep-alive) connections to keep per-host.2No
forwardingTimeouts.dialTimeoutAmount of time to wait until a connection to a server can be established.
0 = no timeout
30sNo
forwardingTimeouts.responseHeaderTimeoutAmount of time to wait for a server's response headers after fully writing the request (including its body, if any).
0 = no timeout
0sNo
forwardingTimeouts.idleConnTimeoutMaximum amount of time an idle (keep-alive) connection will remain idle before closing itself.
0 = no timeout
90sNo
forwardingTimeouts.readIdleTimeoutTimeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection.
A ping response will be considered a received frame, if there is no other traffic on the connection, the health check will be performed every readIdleTimeout interval.
0 = no healthcheck.
0sNo
forwardingTimeouts.pingTimeoutTimeout after which the HTTP/2 connection will be closed if a response to ping is not received.15sNo
peerCertURIURI used to match against SAN URIs during the server's certificate verification.""No
disableHTTP2Disables HTTP/2 for connections with servers.falseNo
spiffe.idsAllowed SPIFFE IDs.
This takes precedence over the SPIFFE TrustDomain.
No
spiffe.trustDomainAllowed SPIFFE trust domain.""No