diff --git a/traefik.io/ingressroute_v1alpha1.json b/traefik.io/ingressroute_v1alpha1.json index e7534d4f..036330e2 100644 --- a/traefik.io/ingressroute_v1alpha1.json +++ b/traefik.io/ingressroute_v1alpha1.json @@ -16,7 +16,7 @@ "description": "IngressRouteSpec defines the desired state of IngressRoute.", "properties": { "entryPoints": { - "description": "EntryPoints defines the list of entry point names to bind to.\nEntry points have to be configured in the static configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/\nDefault: all.", + "description": "EntryPoints defines the list of entry point names to bind to.\nEntry points have to be configured in the static configuration.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/\nDefault: all.", "items": { "type": "string" }, @@ -35,11 +35,11 @@ "type": "string" }, "match": { - "description": "Match defines the router's rule.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule", + "description": "Match defines the router's rule.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule", "type": "string" }, "middlewares": { - "description": "Middlewares defines the list of references to Middleware resources.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware", + "description": "Middlewares defines the list of references to Middleware resources.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-middleware", "items": { "description": "MiddlewareRef is a reference to a Middleware resource.", "properties": { @@ -61,7 +61,7 @@ "type": "array" }, "priority": { - "description": "Priority defines the router's priority.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority", + "description": "Priority defines the router's priority.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority", "type": "integer" }, "services": { @@ -69,6 +69,76 @@ "items": { "description": "Service defines an upstream HTTP service to proxy traffic to.", "properties": { + "healthCheck": { + "description": "Healthcheck defines health checks for ExternalName services.", + "properties": { + "followRedirects": { + "description": "FollowRedirects defines whether redirects should be followed during the health check calls.\nDefault: true", + "type": "boolean" + }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "Headers defines custom headers to be sent to the health check endpoint.", + "type": "object" + }, + "hostname": { + "description": "Hostname defines the value of hostname in the Host header of the health check request.", + "type": "string" + }, + "interval": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Interval defines the frequency of the health check calls.\nDefault: 30s", + "x-kubernetes-int-or-string": true + }, + "method": { + "description": "Method defines the healthcheck method.", + "type": "string" + }, + "mode": { + "description": "Mode defines the health check mode.\nIf defined to grpc, will use the gRPC health check protocol to probe the server.\nDefault: http", + "type": "string" + }, + "path": { + "description": "Path defines the server URL path for the health check endpoint.", + "type": "string" + }, + "port": { + "description": "Port defines the server URL port for the health check endpoint.", + "type": "integer" + }, + "scheme": { + "description": "Scheme replaces the server URL scheme for the health check endpoint.", + "type": "string" + }, + "status": { + "description": "Status defines the expected HTTP status code of the response to the health check request.", + "type": "integer" + }, + "timeout": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.\nDefault: 5s", + "x-kubernetes-int-or-string": true + } + }, + "type": "object", + "additionalProperties": false + }, "kind": { "description": "Kind defines the kind of the Service.", "enum": [ @@ -89,6 +159,10 @@ "description": "NativeLB controls, when creating the load-balancer,\nwhether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.\nThe Kubernetes Service itself does load-balance to the pods.\nBy default, NativeLB is false.", "type": "boolean" }, + "nodePortLB": { + "description": "NodePortLB controls, when creating the load-balancer,\nwhether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort.\nIt allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.\nBy default, NodePortLB is false.", + "type": "boolean" + }, "passHostHeader": { "description": "PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.\nBy default, passHostHeader is true.", "type": "boolean" @@ -125,7 +199,7 @@ "type": "string" }, "sticky": { - "description": "Sticky defines the sticky sessions configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions", + "description": "Sticky defines the sticky sessions configuration.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions", "properties": { "cookie": { "description": "Cookie defines the sticky cookie configuration.", @@ -134,6 +208,10 @@ "description": "HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript.", "type": "boolean" }, + "maxAge": { + "description": "MaxAge indicates the number of seconds until the cookie expires.\nWhen set to a negative number, the cookie expires immediately.\nWhen set to zero, the cookie never expires.", + "type": "integer" + }, "name": { "description": "Name defines the Cookie name.", "type": "string" @@ -170,6 +248,10 @@ "additionalProperties": false }, "type": "array" + }, + "syntax": { + "description": "Syntax defines the router's rule syntax.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax", + "type": "string" } }, "required": [ @@ -182,14 +264,14 @@ "type": "array" }, "tls": { - "description": "TLS defines the TLS configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls", + "description": "TLS defines the TLS configuration.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls", "properties": { "certResolver": { - "description": "CertResolver defines the name of the certificate resolver to use.\nCert resolvers have to be configured in the static configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers", + "description": "CertResolver defines the name of the certificate resolver to use.\nCert resolvers have to be configured in the static configuration.\nMore info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers", "type": "string" }, "domains": { - "description": "Domains defines the list of domains that will be used to issue certificates.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains", + "description": "Domains defines the list of domains that will be used to issue certificates.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains", "items": { "description": "Domain holds a domain name with SANs.", "properties": { @@ -211,14 +293,14 @@ "type": "array" }, "options": { - "description": "Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.\nIf not defined, the `default` TLSOption is used.\nMore info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options", + "description": "Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.\nIf not defined, the `default` TLSOption is used.\nMore info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options", "properties": { "name": { - "description": "Name defines the name of the referenced TLSOption.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption", + "description": "Name defines the name of the referenced TLSOption.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption", "type": "string" }, "namespace": { - "description": "Namespace defines the namespace of the referenced TLSOption.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption", + "description": "Namespace defines the namespace of the referenced TLSOption.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsoption", "type": "string" } }, @@ -236,11 +318,11 @@ "description": "Store defines the reference to the TLSStore, that will be used to store certificates.\nPlease note that only `default` TLSStore can be used.", "properties": { "name": { - "description": "Name defines the name of the referenced TLSStore.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore", + "description": "Name defines the name of the referenced TLSStore.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore", "type": "string" }, "namespace": { - "description": "Namespace defines the namespace of the referenced TLSStore.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore", + "description": "Namespace defines the namespace of the referenced TLSStore.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-tlsstore", "type": "string" } }, diff --git a/traefik.io/ingressroutetcp_v1alpha1.json b/traefik.io/ingressroutetcp_v1alpha1.json index fc9e9258..6787f25a 100644 --- a/traefik.io/ingressroutetcp_v1alpha1.json +++ b/traefik.io/ingressroutetcp_v1alpha1.json @@ -16,7 +16,7 @@ "description": "IngressRouteTCPSpec defines the desired state of IngressRouteTCP.", "properties": { "entryPoints": { - "description": "EntryPoints defines the list of entry point names to bind to.\nEntry points have to be configured in the static configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/\nDefault: all.", + "description": "EntryPoints defines the list of entry point names to bind to.\nEntry points have to be configured in the static configuration.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/\nDefault: all.", "items": { "type": "string" }, @@ -28,7 +28,7 @@ "description": "RouteTCP holds the TCP route configuration.", "properties": { "match": { - "description": "Match defines the router's rule.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1", + "description": "Match defines the router's rule.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rule_1", "type": "string" }, "middlewares": { @@ -54,7 +54,7 @@ "type": "array" }, "priority": { - "description": "Priority defines the router's priority.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1", + "description": "Priority defines the router's priority.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/routers/#priority_1", "type": "integer" }, "services": { @@ -74,6 +74,10 @@ "description": "NativeLB controls, when creating the load-balancer,\nwhether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.\nThe Kubernetes Service itself does load-balance to the pods.\nBy default, NativeLB is false.", "type": "boolean" }, + "nodePortLB": { + "description": "NodePortLB controls, when creating the load-balancer,\nwhether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort.\nIt allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.\nBy default, NodePortLB is false.", + "type": "boolean" + }, "port": { "anyOf": [ { @@ -87,7 +91,7 @@ "x-kubernetes-int-or-string": true }, "proxyProtocol": { - "description": "ProxyProtocol defines the PROXY protocol configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol", + "description": "ProxyProtocol defines the PROXY protocol configuration.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/services/#proxy-protocol", "properties": { "version": { "description": "Version defines the PROXY Protocol version to use.", @@ -97,10 +101,18 @@ "type": "object", "additionalProperties": false }, + "serversTransport": { + "description": "ServersTransport defines the name of ServersTransportTCP resource to use.\nIt allows to configure the transport between Traefik and your servers.\nCan only be used on a Kubernetes Service.", + "type": "string" + }, "terminationDelay": { - "description": "TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates\nit has closed the writing capability of its connection, to close the reading capability as well,\nhence fully terminating the connection.\nIt is a duration in milliseconds, defaulting to 100.\nA negative value means an infinite deadline (i.e. the reading capability is never closed).", + "description": "TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates\nit has closed the writing capability of its connection, to close the reading capability as well,\nhence fully terminating the connection.\nIt is a duration in milliseconds, defaulting to 100.\nA negative value means an infinite deadline (i.e. the reading capability is never closed).\nDeprecated: TerminationDelay will not be supported in future APIVersions, please use ServersTransport to configure the TerminationDelay instead.", "type": "integer" }, + "tls": { + "description": "TLS determines whether to use TLS when dialing with the backend.", + "type": "boolean" + }, "weight": { "description": "Weight defines the weight used when balancing requests between multiple Kubernetes Service.", "type": "integer" @@ -114,6 +126,10 @@ "additionalProperties": false }, "type": "array" + }, + "syntax": { + "description": "Syntax defines the router's rule syntax.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/routers/#rulesyntax_1", + "type": "string" } }, "required": [ @@ -125,14 +141,14 @@ "type": "array" }, "tls": { - "description": "TLS defines the TLS configuration on a layer 4 / TCP Route.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1", + "description": "TLS defines the TLS configuration on a layer 4 / TCP Route.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/routers/#tls_1", "properties": { "certResolver": { - "description": "CertResolver defines the name of the certificate resolver to use.\nCert resolvers have to be configured in the static configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers", + "description": "CertResolver defines the name of the certificate resolver to use.\nCert resolvers have to be configured in the static configuration.\nMore info: https://doc.traefik.io/traefik/v3.2/https/acme/#certificate-resolvers", "type": "string" }, "domains": { - "description": "Domains defines the list of domains that will be used to issue certificates.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains", + "description": "Domains defines the list of domains that will be used to issue certificates.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/routers/#domains", "items": { "description": "Domain holds a domain name with SANs.", "properties": { @@ -154,7 +170,7 @@ "type": "array" }, "options": { - "description": "Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.\nIf not defined, the `default` TLSOption is used.\nMore info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options", + "description": "Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.\nIf not defined, the `default` TLSOption is used.\nMore info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options", "properties": { "name": { "description": "Name defines the name of the referenced Traefik resource.", diff --git a/traefik.io/ingressrouteudp_v1alpha1.json b/traefik.io/ingressrouteudp_v1alpha1.json index c733f401..848bc578 100644 --- a/traefik.io/ingressrouteudp_v1alpha1.json +++ b/traefik.io/ingressrouteudp_v1alpha1.json @@ -16,7 +16,7 @@ "description": "IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.", "properties": { "entryPoints": { - "description": "EntryPoints defines the list of entry point names to bind to.\nEntry points have to be configured in the static configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/\nDefault: all.", + "description": "EntryPoints defines the list of entry point names to bind to.\nEntry points have to be configured in the static configuration.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/entrypoints/\nDefault: all.", "items": { "type": "string" }, @@ -44,6 +44,10 @@ "description": "NativeLB controls, when creating the load-balancer,\nwhether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.\nThe Kubernetes Service itself does load-balance to the pods.\nBy default, NativeLB is false.", "type": "boolean" }, + "nodePortLB": { + "description": "NodePortLB controls, when creating the load-balancer,\nwhether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort.\nIt allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.\nBy default, NodePortLB is false.", + "type": "boolean" + }, "port": { "anyOf": [ { diff --git a/traefik.io/middleware_v1alpha1.json b/traefik.io/middleware_v1alpha1.json index ce067067..af09c460 100644 --- a/traefik.io/middleware_v1alpha1.json +++ b/traefik.io/middleware_v1alpha1.json @@ -1,5 +1,5 @@ { - "description": "Middleware is the CRD implementation of a Traefik Middleware.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/", + "description": "Middleware is the CRD implementation of a Traefik Middleware.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/overview/", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -16,7 +16,7 @@ "description": "MiddlewareSpec defines the desired state of a Middleware.", "properties": { "addPrefix": { - "description": "AddPrefix holds the add prefix middleware configuration.\nThis middleware updates the path of a request before forwarding it.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/", + "description": "AddPrefix holds the add prefix middleware configuration.\nThis middleware updates the path of a request before forwarding it.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/", "properties": { "prefix": { "description": "Prefix is the string to add before the current path in the requested URL.\nIt should include a leading slash (/).", @@ -27,10 +27,10 @@ "additionalProperties": false }, "basicAuth": { - "description": "BasicAuth holds the basic auth middleware configuration.\nThis middleware restricts access to your services to known users.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/", + "description": "BasicAuth holds the basic auth middleware configuration.\nThis middleware restricts access to your services to known users.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/", "properties": { "headerField": { - "description": "HeaderField defines a header field to store the authenticated user.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield", + "description": "HeaderField defines a header field to store the authenticated user.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield", "type": "string" }, "realm": { @@ -50,7 +50,7 @@ "additionalProperties": false }, "buffering": { - "description": "Buffering holds the buffering middleware configuration.\nThis middleware retries or limits the size of requests that can be forwarded to backends.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes", + "description": "Buffering holds the buffering middleware configuration.\nThis middleware retries or limits the size of requests that can be forwarded to backends.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes", "properties": { "maxRequestBodyBytes": { "description": "MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).\nIf the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.\nDefault: 0 (no maximum).", @@ -73,7 +73,7 @@ "type": "integer" }, "retryExpression": { - "description": "RetryExpression defines the retry conditions.\nIt is a logical combination of functions with operators AND (&&) and OR (||).\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression", + "description": "RetryExpression defines the retry conditions.\nIt is a logical combination of functions with operators AND (&&) and OR (||).\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression", "type": "string" } }, @@ -81,7 +81,7 @@ "additionalProperties": false }, "chain": { - "description": "Chain holds the configuration of the chain middleware.\nThis middleware enables to define reusable combinations of other pieces of middleware.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/", + "description": "Chain holds the configuration of the chain middleware.\nThis middleware enables to define reusable combinations of other pieces of middleware.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/chain/", "properties": { "middlewares": { "description": "Middlewares is the list of MiddlewareRef which composes the chain.", @@ -151,16 +151,38 @@ ], "description": "RecoveryDuration is the duration for which the circuit breaker will try to recover (as soon as it is in recovering state).", "x-kubernetes-int-or-string": true + }, + "responseCode": { + "description": "ResponseCode is the status code that the circuit breaker will return while it is in the open state.", + "type": "integer" } }, "type": "object", "additionalProperties": false }, "compress": { - "description": "Compress holds the compress middleware configuration.\nThis middleware compresses responses before sending them to the client, using gzip compression.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/", + "description": "Compress holds the compress middleware configuration.\nThis middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/compress/", "properties": { + "defaultEncoding": { + "description": "DefaultEncoding specifies the default encoding if the `Accept-Encoding` header is not in the request or contains a wildcard (`*`).", + "type": "string" + }, + "encodings": { + "description": "Encodings defines the list of supported compression algorithms.", + "items": { + "type": "string" + }, + "type": "array" + }, "excludedContentTypes": { - "description": "ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.", + "description": "ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.\n`application/grpc` is always excluded.", + "items": { + "type": "string" + }, + "type": "array" + }, + "includedContentTypes": { + "description": "IncludedContentTypes defines the list of content types to compare the Content-Type header of the responses before compressing.", "items": { "type": "string" }, @@ -178,7 +200,7 @@ "description": "ContentType holds the content-type middleware configuration.\nThis middleware exists to enable the correct behavior until at least the default one can be changed in a future version.", "properties": { "autoDetect": { - "description": "AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,\nbe automatically set to a value derived from the contents of the response.\nAs a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it.\nHowever, the historic default was to always auto-detect and set the header if it was nil,\nand it is going to be kept that way in order to support users currently relying on it.", + "description": "AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,\nbe automatically set to a value derived from the contents of the response.\nDeprecated: AutoDetect option is deprecated, Content-Type middleware is only meant to be used to enable the content-type detection, please remove any usage of this option.", "type": "boolean" } }, @@ -186,10 +208,10 @@ "additionalProperties": false }, "digestAuth": { - "description": "DigestAuth holds the digest auth middleware configuration.\nThis middleware restricts access to your services to known users.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/", + "description": "DigestAuth holds the digest auth middleware configuration.\nThis middleware restricts access to your services to known users.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/", "properties": { "headerField": { - "description": "HeaderField defines a header field to store the authenticated user.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield", + "description": "HeaderField defines a header field to store the authenticated user.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield", "type": "string" }, "realm": { @@ -209,15 +231,85 @@ "additionalProperties": false }, "errors": { - "description": "ErrorPage holds the custom error middleware configuration.\nThis middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/", + "description": "ErrorPage holds the custom error middleware configuration.\nThis middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/", "properties": { "query": { "description": "Query defines the URL for the error page (hosted by service).\nThe {status} variable can be used in order to insert the status code in the URL.", "type": "string" }, "service": { - "description": "Service defines the reference to a Kubernetes Service that will serve the error page.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service", + "description": "Service defines the reference to a Kubernetes Service that will serve the error page.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/errorpages/#service", "properties": { + "healthCheck": { + "description": "Healthcheck defines health checks for ExternalName services.", + "properties": { + "followRedirects": { + "description": "FollowRedirects defines whether redirects should be followed during the health check calls.\nDefault: true", + "type": "boolean" + }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "Headers defines custom headers to be sent to the health check endpoint.", + "type": "object" + }, + "hostname": { + "description": "Hostname defines the value of hostname in the Host header of the health check request.", + "type": "string" + }, + "interval": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Interval defines the frequency of the health check calls.\nDefault: 30s", + "x-kubernetes-int-or-string": true + }, + "method": { + "description": "Method defines the healthcheck method.", + "type": "string" + }, + "mode": { + "description": "Mode defines the health check mode.\nIf defined to grpc, will use the gRPC health check protocol to probe the server.\nDefault: http", + "type": "string" + }, + "path": { + "description": "Path defines the server URL path for the health check endpoint.", + "type": "string" + }, + "port": { + "description": "Port defines the server URL port for the health check endpoint.", + "type": "integer" + }, + "scheme": { + "description": "Scheme replaces the server URL scheme for the health check endpoint.", + "type": "string" + }, + "status": { + "description": "Status defines the expected HTTP status code of the response to the health check request.", + "type": "integer" + }, + "timeout": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.\nDefault: 5s", + "x-kubernetes-int-or-string": true + } + }, + "type": "object", + "additionalProperties": false + }, "kind": { "description": "Kind defines the kind of the Service.", "enum": [ @@ -238,6 +330,10 @@ "description": "NativeLB controls, when creating the load-balancer,\nwhether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.\nThe Kubernetes Service itself does load-balance to the pods.\nBy default, NativeLB is false.", "type": "boolean" }, + "nodePortLB": { + "description": "NodePortLB controls, when creating the load-balancer,\nwhether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort.\nIt allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.\nBy default, NodePortLB is false.", + "type": "boolean" + }, "passHostHeader": { "description": "PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.\nBy default, passHostHeader is true.", "type": "boolean" @@ -274,7 +370,7 @@ "type": "string" }, "sticky": { - "description": "Sticky defines the sticky sessions configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions", + "description": "Sticky defines the sticky sessions configuration.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions", "properties": { "cookie": { "description": "Cookie defines the sticky cookie configuration.", @@ -283,6 +379,10 @@ "description": "HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript.", "type": "boolean" }, + "maxAge": { + "description": "MaxAge indicates the number of seconds until the cookie expires.\nWhen set to a negative number, the cookie expires immediately.\nWhen set to zero, the cookie never expires.", + "type": "integer" + }, "name": { "description": "Name defines the Cookie name.", "type": "string" @@ -330,8 +430,15 @@ "additionalProperties": false }, "forwardAuth": { - "description": "ForwardAuth holds the forward auth middleware configuration.\nThis middleware delegates the request authentication to a Service.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/", + "description": "ForwardAuth holds the forward auth middleware configuration.\nThis middleware delegates the request authentication to a Service.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/", "properties": { + "addAuthCookiesToResponse": { + "description": "AddAuthCookiesToResponse defines the list of cookies to copy from the authentication server response to the response.", + "items": { + "type": "string" + }, + "type": "array" + }, "address": { "description": "Address defines the authentication server address.", "type": "string" @@ -351,13 +458,14 @@ "type": "array" }, "authResponseHeadersRegex": { - "description": "AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex", + "description": "AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex", "type": "string" }, "tls": { "description": "TLS defines the configuration used to secure the connection to the authentication server.", "properties": { "caOptional": { + "description": "Deprecated: TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).", "type": "boolean" }, "caSecret": { @@ -384,8 +492,22 @@ "type": "object", "additionalProperties": false }, + "grpcWeb": { + "description": "GrpcWeb holds the gRPC web middleware configuration.\nThis middleware converts a gRPC web request to an HTTP/2 gRPC request.", + "properties": { + "allowOrigins": { + "description": "AllowOrigins is a list of allowable origins.\nCan also be a wildcard origin \"*\".", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, "headers": { - "description": "Headers holds the headers middleware configuration.\nThis middleware manages the requests and responses headers.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders", + "description": "Headers holds the headers middleware configuration.\nThis middleware manages the requests and responses headers.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders", "properties": { "accessControlAllowCredentials": { "description": "AccessControlAllowCredentials defines whether the request can include user credentials.", @@ -450,6 +572,10 @@ "description": "ContentSecurityPolicy defines the Content-Security-Policy header value.", "type": "string" }, + "contentSecurityPolicyReportOnly": { + "description": "ContentSecurityPolicyReportOnly defines the Content-Security-Policy-Report-Only header value.", + "type": "string" + }, "contentTypeNosniff": { "description": "ContentTypeNosniff defines whether to add the X-Content-Type-Options header with the nosniff value.", "type": "boolean" @@ -477,7 +603,7 @@ "type": "object" }, "featurePolicy": { - "description": "Deprecated: use PermissionsPolicy instead.", + "description": "Deprecated: FeaturePolicy option is deprecated, please use PermissionsPolicy instead.", "type": "string" }, "forceSTSHeader": { @@ -512,11 +638,11 @@ "type": "string" }, "sslForceHost": { - "description": "Deprecated: use RedirectRegex instead.", + "description": "Deprecated: SSLForceHost option is deprecated, please use RedirectRegex instead.", "type": "boolean" }, "sslHost": { - "description": "Deprecated: use RedirectRegex instead.", + "description": "Deprecated: SSLHost option is deprecated, please use RedirectRegex instead.", "type": "string" }, "sslProxyHeaders": { @@ -527,11 +653,11 @@ "type": "object" }, "sslRedirect": { - "description": "Deprecated: use EntryPoint redirection or RedirectScheme instead.", + "description": "Deprecated: SSLRedirect option is deprecated, please use EntryPoint redirection or RedirectScheme instead.", "type": "boolean" }, "sslTemporaryRedirect": { - "description": "Deprecated: use EntryPoint redirection or RedirectScheme instead.", + "description": "Deprecated: SSLTemporaryRedirect option is deprecated, please use EntryPoint redirection or RedirectScheme instead.", "type": "boolean" }, "stsIncludeSubdomains": { @@ -552,7 +678,7 @@ "additionalProperties": false }, "inFlightReq": { - "description": "InFlightReq holds the in-flight request middleware configuration.\nThis middleware limits the number of requests being processed and served concurrently.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/", + "description": "InFlightReq holds the in-flight request middleware configuration.\nThis middleware limits the number of requests being processed and served concurrently.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/", "properties": { "amount": { "description": "Amount defines the maximum amount of allowed simultaneous in-flight request.\nThe middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).", @@ -560,10 +686,10 @@ "type": "integer" }, "sourceCriterion": { - "description": "SourceCriterion defines what criterion is used to group requests as originating from a common source.\nIf several strategies are defined at the same time, an error will be raised.\nIf none are set, the default is to use the requestHost.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion", + "description": "SourceCriterion defines what criterion is used to group requests as originating from a common source.\nIf several strategies are defined at the same time, an error will be raised.\nIf none are set, the default is to use the requestHost.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion", "properties": { "ipStrategy": { - "description": "IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy", + "description": "IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy", "properties": { "depth": { "description": "Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).", @@ -575,6 +701,10 @@ "type": "string" }, "type": "array" + }, + "ipv6Subnet": { + "description": "IPv6Subnet configures Traefik to consider all IPv6 addresses from the defined subnet as originating from the same IP. Applies to RemoteAddrStrategy and DepthStrategy.", + "type": "integer" } }, "type": "object", @@ -597,10 +727,10 @@ "additionalProperties": false }, "ipAllowList": { - "description": "IPAllowList holds the IP allowlist middleware configuration.\nThis middleware accepts / refuses requests based on the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/", + "description": "IPAllowList holds the IP allowlist middleware configuration.\nThis middleware limits allowed requests based on the client IP.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/", "properties": { "ipStrategy": { - "description": "IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy", + "description": "IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy", "properties": { "depth": { "description": "Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).", @@ -612,11 +742,19 @@ "type": "string" }, "type": "array" + }, + "ipv6Subnet": { + "description": "IPv6Subnet configures Traefik to consider all IPv6 addresses from the defined subnet as originating from the same IP. Applies to RemoteAddrStrategy and DepthStrategy.", + "type": "integer" } }, "type": "object", "additionalProperties": false }, + "rejectStatusCode": { + "description": "RejectStatusCode defines the HTTP status code used for refused requests.\nIf not set, the default is 403 (Forbidden).", + "type": "integer" + }, "sourceRange": { "description": "SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).", "items": { @@ -629,10 +767,10 @@ "additionalProperties": false }, "ipWhiteList": { - "description": "IPWhiteList holds the IP whitelist middleware configuration.\nThis middleware accepts / refuses requests based on the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/\nDeprecated: please use IPAllowList instead.", + "description": "Deprecated: please use IPAllowList instead.", "properties": { "ipStrategy": { - "description": "IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy", + "description": "IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy", "properties": { "depth": { "description": "Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).", @@ -644,13 +782,17 @@ "type": "string" }, "type": "array" + }, + "ipv6Subnet": { + "description": "IPv6Subnet configures Traefik to consider all IPv6 addresses from the defined subnet as originating from the same IP. Applies to RemoteAddrStrategy and DepthStrategy.", + "type": "integer" } }, "type": "object", "additionalProperties": false }, "sourceRange": { - "description": "SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).", + "description": "SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). Required.", "items": { "type": "string" }, @@ -661,7 +803,7 @@ "additionalProperties": false }, "passTLSClientCert": { - "description": "PassTLSClientCert holds the pass TLS client cert middleware configuration.\nThis middleware adds the selected data from the passed client TLS certificate to a header.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/", + "description": "PassTLSClientCert holds the pass TLS client cert middleware configuration.\nThis middleware adds the selected data from the passed client TLS certificate to a header.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/", "properties": { "info": { "description": "Info selects the specific client certificate details you want to add to the X-Forwarded-Tls-Client-Cert-Info header.", @@ -776,7 +918,7 @@ "type": "object" }, "rateLimit": { - "description": "RateLimit holds the rate limit configuration.\nThis middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/", + "description": "RateLimit holds the rate limit configuration.\nThis middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ratelimit/", "properties": { "average": { "description": "Average is the maximum rate, by default in requests/s, allowed for the given source.\nIt defaults to 0, which means no rate limiting.\nThe rate is actually defined by dividing Average by Period. So for a rate below 1req/s,\none needs to define a Period larger than a second.", @@ -804,7 +946,7 @@ "description": "SourceCriterion defines what criterion is used to group requests as originating from a common source.\nIf several strategies are defined at the same time, an error will be raised.\nIf none are set, the default is to use the request's remote address field (as an ipStrategy).", "properties": { "ipStrategy": { - "description": "IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy", + "description": "IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy", "properties": { "depth": { "description": "Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).", @@ -816,6 +958,10 @@ "type": "string" }, "type": "array" + }, + "ipv6Subnet": { + "description": "IPv6Subnet configures Traefik to consider all IPv6 addresses from the defined subnet as originating from the same IP. Applies to RemoteAddrStrategy and DepthStrategy.", + "type": "integer" } }, "type": "object", @@ -838,7 +984,7 @@ "additionalProperties": false }, "redirectRegex": { - "description": "RedirectRegex holds the redirect regex middleware configuration.\nThis middleware redirects a request using regex matching and replacement.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex", + "description": "RedirectRegex holds the redirect regex middleware configuration.\nThis middleware redirects a request using regex matching and replacement.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex", "properties": { "permanent": { "description": "Permanent defines whether the redirection is permanent (301).", @@ -857,7 +1003,7 @@ "additionalProperties": false }, "redirectScheme": { - "description": "RedirectScheme holds the redirect scheme middleware configuration.\nThis middleware redirects requests from a scheme/port to another.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/", + "description": "RedirectScheme holds the redirect scheme middleware configuration.\nThis middleware redirects requests from a scheme/port to another.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/", "properties": { "permanent": { "description": "Permanent defines whether the redirection is permanent (301).", @@ -876,7 +1022,7 @@ "additionalProperties": false }, "replacePath": { - "description": "ReplacePath holds the replace path middleware configuration.\nThis middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/", + "description": "ReplacePath holds the replace path middleware configuration.\nThis middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/", "properties": { "path": { "description": "Path defines the path to use as replacement in the request URL.", @@ -887,7 +1033,7 @@ "additionalProperties": false }, "replacePathRegex": { - "description": "ReplacePathRegex holds the replace path regex middleware configuration.\nThis middleware replaces the path of a URL using regex matching and replacement.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/", + "description": "ReplacePathRegex holds the replace path regex middleware configuration.\nThis middleware replaces the path of a URL using regex matching and replacement.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/", "properties": { "regex": { "description": "Regex defines the regular expression used to match and capture the path from the request URL.", @@ -902,7 +1048,7 @@ "additionalProperties": false }, "retry": { - "description": "Retry holds the retry middleware configuration.\nThis middleware reissues requests a given number of times to a backend server if that server does not reply.\nAs soon as the server answers, the middleware stops retrying, regardless of the response status.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/", + "description": "Retry holds the retry middleware configuration.\nThis middleware reissues requests a given number of times to a backend server if that server does not reply.\nAs soon as the server answers, the middleware stops retrying, regardless of the response status.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/", "properties": { "attempts": { "description": "Attempts defines how many times the request should be retried.", @@ -925,10 +1071,10 @@ "additionalProperties": false }, "stripPrefix": { - "description": "StripPrefix holds the strip prefix middleware configuration.\nThis middleware removes the specified prefixes from the URL path.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/", + "description": "StripPrefix holds the strip prefix middleware configuration.\nThis middleware removes the specified prefixes from the URL path.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/", "properties": { "forceSlash": { - "description": "ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.\nDefault: true.", + "description": "Deprecated: ForceSlash option is deprecated, please remove any usage of this option.\nForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.\nDefault: true.", "type": "boolean" }, "prefixes": { @@ -943,7 +1089,7 @@ "additionalProperties": false }, "stripPrefixRegex": { - "description": "StripPrefixRegex holds the strip prefix regex middleware configuration.\nThis middleware removes the matching prefixes from the URL path.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/", + "description": "StripPrefixRegex holds the strip prefix regex middleware configuration.\nThis middleware removes the matching prefixes from the URL path.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/", "properties": { "regex": { "description": "Regex defines the regular expression to match the path prefix from the request URL.", diff --git a/traefik.io/middlewaretcp_v1alpha1.json b/traefik.io/middlewaretcp_v1alpha1.json index e8958041..151bc7b6 100644 --- a/traefik.io/middlewaretcp_v1alpha1.json +++ b/traefik.io/middlewaretcp_v1alpha1.json @@ -1,5 +1,5 @@ { - "description": "MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/", + "description": "MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/overview/", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -28,7 +28,7 @@ "additionalProperties": false }, "ipAllowList": { - "description": "IPAllowList defines the IPAllowList middleware configuration.\nThis middleware accepts/refuses connections based on the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/", + "description": "IPAllowList defines the IPAllowList middleware configuration.\nThis middleware accepts/refuses connections based on the client IP.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipallowlist/", "properties": { "sourceRange": { "description": "SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).", @@ -42,7 +42,7 @@ "additionalProperties": false }, "ipWhiteList": { - "description": "IPWhiteList defines the IPWhiteList middleware configuration.\nThis middleware accepts/refuses connections based on the client IP.\nDeprecated: please use IPAllowList instead.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/", + "description": "IPWhiteList defines the IPWhiteList middleware configuration.\nThis middleware accepts/refuses connections based on the client IP.\nDeprecated: please use IPAllowList instead.\nMore info: https://doc.traefik.io/traefik/v3.2/middlewares/tcp/ipwhitelist/", "properties": { "sourceRange": { "description": "SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).", diff --git a/traefik.io/serverstransport_v1alpha1.json b/traefik.io/serverstransport_v1alpha1.json index bd56bd08..7ab2b8cc 100644 --- a/traefik.io/serverstransport_v1alpha1.json +++ b/traefik.io/serverstransport_v1alpha1.json @@ -1,5 +1,5 @@ { - "description": "ServersTransport is the CRD implementation of a ServersTransport.\nIf no serversTransport is specified, the default@internal will be used.\nThe default@internal serversTransport is created from the static configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1", + "description": "ServersTransport is the CRD implementation of a ServersTransport.\nIf no serversTransport is specified, the default@internal will be used.\nThe default@internal serversTransport is created from the static configuration.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_1", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -115,6 +115,24 @@ "serverName": { "description": "ServerName defines the server name used to contact the server.", "type": "string" + }, + "spiffe": { + "description": "Spiffe defines the SPIFFE configuration.", + "properties": { + "ids": { + "description": "IDs defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain).", + "items": { + "type": "string" + }, + "type": "array" + }, + "trustDomain": { + "description": "TrustDomain defines the allowed SPIFFE trust domain.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false } }, "type": "object", diff --git a/traefik.io/serverstransporttcp_v1alpha1.json b/traefik.io/serverstransporttcp_v1alpha1.json index 43302368..c7bf164a 100644 --- a/traefik.io/serverstransporttcp_v1alpha1.json +++ b/traefik.io/serverstransporttcp_v1alpha1.json @@ -1,5 +1,5 @@ { - "description": "ServersTransportTCP is the CRD implementation of a TCPServersTransport.\nIf no tcpServersTransport is specified, a default one named default@internal will be used.\nThe default@internal tcpServersTransport can be configured in the static configuration.\nMore info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3", + "description": "ServersTransportTCP is the CRD implementation of a TCPServersTransport.\nIf no tcpServersTransport is specified, a default one named default@internal will be used.\nThe default@internal tcpServersTransport can be configured in the static configuration.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/services/#serverstransport_3", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", diff --git a/traefik.io/tlsoption_v1alpha1.json b/traefik.io/tlsoption_v1alpha1.json index 69c8ae2e..0105ad9d 100644 --- a/traefik.io/tlsoption_v1alpha1.json +++ b/traefik.io/tlsoption_v1alpha1.json @@ -1,5 +1,5 @@ { - "description": "TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.\nMore info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options", + "description": "TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.\nMore info: https://doc.traefik.io/traefik/v3.2/https/tls/#tls-options", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -16,14 +16,14 @@ "description": "TLSOptionSpec defines the desired state of a TLSOption.", "properties": { "alpnProtocols": { - "description": "ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.\nMore info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols", + "description": "ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.\nMore info: https://doc.traefik.io/traefik/v3.2/https/tls/#alpn-protocols", "items": { "type": "string" }, "type": "array" }, "cipherSuites": { - "description": "CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.\nMore info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites", + "description": "CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.\nMore info: https://doc.traefik.io/traefik/v3.2/https/tls/#cipher-suites", "items": { "type": "string" }, @@ -55,7 +55,7 @@ "additionalProperties": false }, "curvePreferences": { - "description": "CurvePreferences defines the preferred elliptic curves in a specific order.\nMore info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences", + "description": "CurvePreferences defines the preferred elliptic curves in a specific order.\nMore info: https://doc.traefik.io/traefik/v3.2/https/tls/#curve-preferences", "items": { "type": "string" }, diff --git a/traefik.io/tlsstore_v1alpha1.json b/traefik.io/tlsstore_v1alpha1.json index a637bafb..6923088f 100644 --- a/traefik.io/tlsstore_v1alpha1.json +++ b/traefik.io/tlsstore_v1alpha1.json @@ -1,5 +1,5 @@ { - "description": "TLSStore is the CRD implementation of a Traefik TLS Store.\nFor the time being, only the TLSStore named default is supported.\nThis means that you cannot have two stores that are named default in different Kubernetes namespaces.\nMore info: https://doc.traefik.io/traefik/v2.11/https/tls/#certificates-stores", + "description": "TLSStore is the CRD implementation of a Traefik TLS Store.\nFor the time being, only the TLSStore named default is supported.\nThis means that you cannot have two stores that are named default in different Kubernetes namespaces.\nMore info: https://doc.traefik.io/traefik/v3.2/https/tls/#certificates-stores", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", diff --git a/traefik.io/traefikservice_v1alpha1.json b/traefik.io/traefikservice_v1alpha1.json index 66bfe1fe..e4b561ce 100644 --- a/traefik.io/traefikservice_v1alpha1.json +++ b/traefik.io/traefikservice_v1alpha1.json @@ -1,5 +1,5 @@ { - "description": "TraefikService is the CRD implementation of a Traefik Service.\nTraefikService object allows to:\n- Apply weight to Services on load-balancing\n- Mirror traffic on services\nMore info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-traefikservice", + "description": "TraefikService is the CRD implementation of a Traefik Service.\nTraefikService object allows to:\n- Apply weight to Services on load-balancing\n- Mirror traffic on services\nMore info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#kind-traefikservice", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -18,6 +18,76 @@ "mirroring": { "description": "Mirroring defines the Mirroring service configuration.", "properties": { + "healthCheck": { + "description": "Healthcheck defines health checks for ExternalName services.", + "properties": { + "followRedirects": { + "description": "FollowRedirects defines whether redirects should be followed during the health check calls.\nDefault: true", + "type": "boolean" + }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "Headers defines custom headers to be sent to the health check endpoint.", + "type": "object" + }, + "hostname": { + "description": "Hostname defines the value of hostname in the Host header of the health check request.", + "type": "string" + }, + "interval": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Interval defines the frequency of the health check calls.\nDefault: 30s", + "x-kubernetes-int-or-string": true + }, + "method": { + "description": "Method defines the healthcheck method.", + "type": "string" + }, + "mode": { + "description": "Mode defines the health check mode.\nIf defined to grpc, will use the gRPC health check protocol to probe the server.\nDefault: http", + "type": "string" + }, + "path": { + "description": "Path defines the server URL path for the health check endpoint.", + "type": "string" + }, + "port": { + "description": "Port defines the server URL port for the health check endpoint.", + "type": "integer" + }, + "scheme": { + "description": "Scheme replaces the server URL scheme for the health check endpoint.", + "type": "string" + }, + "status": { + "description": "Status defines the expected HTTP status code of the response to the health check request.", + "type": "integer" + }, + "timeout": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.\nDefault: 5s", + "x-kubernetes-int-or-string": true + } + }, + "type": "object", + "additionalProperties": false + }, "kind": { "description": "Kind defines the kind of the Service.", "enum": [ @@ -31,11 +101,85 @@ "format": "int64", "type": "integer" }, + "mirrorBody": { + "description": "MirrorBody defines whether the body of the request should be mirrored.\nDefault value is true.", + "type": "boolean" + }, "mirrors": { "description": "Mirrors defines the list of mirrors where Traefik will duplicate the traffic.", "items": { "description": "MirrorService holds the mirror configuration.", "properties": { + "healthCheck": { + "description": "Healthcheck defines health checks for ExternalName services.", + "properties": { + "followRedirects": { + "description": "FollowRedirects defines whether redirects should be followed during the health check calls.\nDefault: true", + "type": "boolean" + }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "Headers defines custom headers to be sent to the health check endpoint.", + "type": "object" + }, + "hostname": { + "description": "Hostname defines the value of hostname in the Host header of the health check request.", + "type": "string" + }, + "interval": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Interval defines the frequency of the health check calls.\nDefault: 30s", + "x-kubernetes-int-or-string": true + }, + "method": { + "description": "Method defines the healthcheck method.", + "type": "string" + }, + "mode": { + "description": "Mode defines the health check mode.\nIf defined to grpc, will use the gRPC health check protocol to probe the server.\nDefault: http", + "type": "string" + }, + "path": { + "description": "Path defines the server URL path for the health check endpoint.", + "type": "string" + }, + "port": { + "description": "Port defines the server URL port for the health check endpoint.", + "type": "integer" + }, + "scheme": { + "description": "Scheme replaces the server URL scheme for the health check endpoint.", + "type": "string" + }, + "status": { + "description": "Status defines the expected HTTP status code of the response to the health check request.", + "type": "integer" + }, + "timeout": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.\nDefault: 5s", + "x-kubernetes-int-or-string": true + } + }, + "type": "object", + "additionalProperties": false + }, "kind": { "description": "Kind defines the kind of the Service.", "enum": [ @@ -56,6 +200,10 @@ "description": "NativeLB controls, when creating the load-balancer,\nwhether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.\nThe Kubernetes Service itself does load-balance to the pods.\nBy default, NativeLB is false.", "type": "boolean" }, + "nodePortLB": { + "description": "NodePortLB controls, when creating the load-balancer,\nwhether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort.\nIt allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.\nBy default, NodePortLB is false.", + "type": "boolean" + }, "passHostHeader": { "description": "PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.\nBy default, passHostHeader is true.", "type": "boolean" @@ -96,7 +244,7 @@ "type": "string" }, "sticky": { - "description": "Sticky defines the sticky sessions configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions", + "description": "Sticky defines the sticky sessions configuration.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions", "properties": { "cookie": { "description": "Cookie defines the sticky cookie configuration.", @@ -105,6 +253,10 @@ "description": "HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript.", "type": "boolean" }, + "maxAge": { + "description": "MaxAge indicates the number of seconds until the cookie expires.\nWhen set to a negative number, the cookie expires immediately.\nWhen set to zero, the cookie never expires.", + "type": "integer" + }, "name": { "description": "Name defines the Cookie name.", "type": "string" @@ -154,6 +306,10 @@ "description": "NativeLB controls, when creating the load-balancer,\nwhether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.\nThe Kubernetes Service itself does load-balance to the pods.\nBy default, NativeLB is false.", "type": "boolean" }, + "nodePortLB": { + "description": "NodePortLB controls, when creating the load-balancer,\nwhether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort.\nIt allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.\nBy default, NodePortLB is false.", + "type": "boolean" + }, "passHostHeader": { "description": "PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.\nBy default, passHostHeader is true.", "type": "boolean" @@ -190,7 +346,7 @@ "type": "string" }, "sticky": { - "description": "Sticky defines the sticky sessions configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions", + "description": "Sticky defines the sticky sessions configuration.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions", "properties": { "cookie": { "description": "Cookie defines the sticky cookie configuration.", @@ -199,6 +355,10 @@ "description": "HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript.", "type": "boolean" }, + "maxAge": { + "description": "MaxAge indicates the number of seconds until the cookie expires.\nWhen set to a negative number, the cookie expires immediately.\nWhen set to zero, the cookie never expires.", + "type": "integer" + }, "name": { "description": "Name defines the Cookie name.", "type": "string" @@ -242,6 +402,76 @@ "items": { "description": "Service defines an upstream HTTP service to proxy traffic to.", "properties": { + "healthCheck": { + "description": "Healthcheck defines health checks for ExternalName services.", + "properties": { + "followRedirects": { + "description": "FollowRedirects defines whether redirects should be followed during the health check calls.\nDefault: true", + "type": "boolean" + }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "Headers defines custom headers to be sent to the health check endpoint.", + "type": "object" + }, + "hostname": { + "description": "Hostname defines the value of hostname in the Host header of the health check request.", + "type": "string" + }, + "interval": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Interval defines the frequency of the health check calls.\nDefault: 30s", + "x-kubernetes-int-or-string": true + }, + "method": { + "description": "Method defines the healthcheck method.", + "type": "string" + }, + "mode": { + "description": "Mode defines the health check mode.\nIf defined to grpc, will use the gRPC health check protocol to probe the server.\nDefault: http", + "type": "string" + }, + "path": { + "description": "Path defines the server URL path for the health check endpoint.", + "type": "string" + }, + "port": { + "description": "Port defines the server URL port for the health check endpoint.", + "type": "integer" + }, + "scheme": { + "description": "Scheme replaces the server URL scheme for the health check endpoint.", + "type": "string" + }, + "status": { + "description": "Status defines the expected HTTP status code of the response to the health check request.", + "type": "integer" + }, + "timeout": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.\nDefault: 5s", + "x-kubernetes-int-or-string": true + } + }, + "type": "object", + "additionalProperties": false + }, "kind": { "description": "Kind defines the kind of the Service.", "enum": [ @@ -262,6 +492,10 @@ "description": "NativeLB controls, when creating the load-balancer,\nwhether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.\nThe Kubernetes Service itself does load-balance to the pods.\nBy default, NativeLB is false.", "type": "boolean" }, + "nodePortLB": { + "description": "NodePortLB controls, when creating the load-balancer,\nwhether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort.\nIt allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.\nBy default, NodePortLB is false.", + "type": "boolean" + }, "passHostHeader": { "description": "PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.\nBy default, passHostHeader is true.", "type": "boolean" @@ -298,7 +532,7 @@ "type": "string" }, "sticky": { - "description": "Sticky defines the sticky sessions configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions", + "description": "Sticky defines the sticky sessions configuration.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/services/#sticky-sessions", "properties": { "cookie": { "description": "Cookie defines the sticky cookie configuration.", @@ -307,6 +541,10 @@ "description": "HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript.", "type": "boolean" }, + "maxAge": { + "description": "MaxAge indicates the number of seconds until the cookie expires.\nWhen set to a negative number, the cookie expires immediately.\nWhen set to zero, the cookie never expires.", + "type": "integer" + }, "name": { "description": "Name defines the Cookie name.", "type": "string" @@ -345,7 +583,7 @@ "type": "array" }, "sticky": { - "description": "Sticky defines whether sticky sessions are enabled.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#stickiness-and-load-balancing", + "description": "Sticky defines whether sticky sessions are enabled.\nMore info: https://doc.traefik.io/traefik/v3.2/routing/providers/kubernetes-crd/#stickiness-and-load-balancing", "properties": { "cookie": { "description": "Cookie defines the sticky cookie configuration.", @@ -354,6 +592,10 @@ "description": "HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript.", "type": "boolean" }, + "maxAge": { + "description": "MaxAge indicates the number of seconds until the cookie expires.\nWhen set to a negative number, the cookie expires immediately.\nWhen set to zero, the cookie never expires.", + "type": "integer" + }, "name": { "description": "Name defines the Cookie name.", "type": "string"