diff --git a/assets/argo/argo-cd-6.7.17.tgz b/assets/argo/argo-cd-6.7.17.tgz index cf0c9800d..2f0cfd76f 100644 Binary files a/assets/argo/argo-cd-6.7.17.tgz and b/assets/argo/argo-cd-6.7.17.tgz differ diff --git a/assets/argo/argo-cd-6.7.18.tgz b/assets/argo/argo-cd-6.7.18.tgz new file mode 100644 index 000000000..c1347786a Binary files /dev/null and b/assets/argo/argo-cd-6.7.18.tgz differ diff --git a/assets/jenkins/jenkins-5.1.8.tgz b/assets/jenkins/jenkins-5.1.8.tgz new file mode 100644 index 000000000..48a5160c7 Binary files /dev/null and b/assets/jenkins/jenkins-5.1.8.tgz differ diff --git a/assets/new-relic/nri-bundle-5.0.75.tgz b/assets/new-relic/nri-bundle-5.0.75.tgz new file mode 100644 index 000000000..1f4a7d0ba Binary files /dev/null and b/assets/new-relic/nri-bundle-5.0.75.tgz differ diff --git a/assets/speedscale/speedscale-operator-2.1.296.tgz b/assets/speedscale/speedscale-operator-2.1.296.tgz new file mode 100644 index 000000000..e206ae7a2 Binary files /dev/null and b/assets/speedscale/speedscale-operator-2.1.296.tgz differ diff --git a/assets/traefik/traefik-28.0.0.tgz b/assets/traefik/traefik-28.0.0.tgz new file mode 100644 index 000000000..caf88c338 Binary files /dev/null and b/assets/traefik/traefik-28.0.0.tgz differ diff --git a/charts/argo/argo-cd/Chart.yaml b/charts/argo/argo-cd/Chart.yaml index 25bcecb77..843bfaa39 100644 --- a/charts/argo/argo-cd/Chart.yaml +++ b/charts/argo/argo-cd/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/changes: | - - kind: added - description: JQ Path expression timeout + - kind: changed + description: Bump argo-cd to v2.10.9 artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc @@ -11,7 +11,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.23.0-0' catalog.cattle.io/release-name: argo-cd apiVersion: v2 -appVersion: v2.10.8 +appVersion: v2.10.9 dependencies: - condition: redis-ha.enabled name: redis-ha @@ -33,4 +33,4 @@ name: argo-cd sources: - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-cd -version: 6.7.17 +version: 6.7.18 diff --git a/charts/jenkins/jenkins/CHANGELOG.md b/charts/jenkins/jenkins/CHANGELOG.md index 6e04b3ce8..686fc0ff3 100644 --- a/charts/jenkins/jenkins/CHANGELOG.md +++ b/charts/jenkins/jenkins/CHANGELOG.md @@ -12,6 +12,10 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0. The changelog until v1.5.7 was auto-generated based on git commits. Those entries include a reference to the git commit to be able to get more details. +## 5.1.8 + +Update `kubernetes` to version `4209.vc646b_71e5269` + ## 5.1.7 Update `kubernetes` to version `4208.v4017b_a_27a_d67` diff --git a/charts/jenkins/jenkins/Chart.yaml b/charts/jenkins/jenkins/Chart.yaml index 2c789af8a..83a4be035 100644 --- a/charts/jenkins/jenkins/Chart.yaml +++ b/charts/jenkins/jenkins/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/category: integration-delivery artifacthub.io/changes: | - - Update `kubernetes` to version `4208.v4017b_a_27a_d67` + - Update `kubernetes` to version `4209.vc646b_71e5269` artifacthub.io/images: | - name: jenkins image: docker.io/jenkins/jenkins:2.440.3-jdk17 @@ -50,4 +50,4 @@ sources: - https://github.com/maorfr/kube-tasks - https://github.com/jenkinsci/configuration-as-code-plugin type: application -version: 5.1.7 +version: 5.1.8 diff --git a/charts/jenkins/jenkins/VALUES.md b/charts/jenkins/jenkins/VALUES.md index 2b74eef06..41272e24c 100644 --- a/charts/jenkins/jenkins/VALUES.md +++ b/charts/jenkins/jenkins/VALUES.md @@ -155,7 +155,7 @@ The following tables list the configurable parameters of the Jenkins chart and t | [controller.initializeOnce](./values.yaml#L414) | bool | Initialize only on first installation. Ensures plugins do not get updated inadvertently. Requires `persistence.enabled` to be set to `true` | `false` | | [controller.installLatestPlugins](./values.yaml#L403) | bool | Download the minimum required version or latest version of all dependencies | `true` | | [controller.installLatestSpecifiedPlugins](./values.yaml#L406) | bool | Set to true to download the latest version of any plugin that is requested to have the latest version | `false` | -| [controller.installPlugins](./values.yaml#L395) | list | List of Jenkins plugins to install. If you don't want to install plugins, set it to `false` | `["kubernetes:4208.v4017b_a_27a_d67","workflow-aggregator:596.v8c21c963d92d","git:5.2.1","configuration-as-code:1775.v810dc950b_514"]` | +| [controller.installPlugins](./values.yaml#L395) | list | List of Jenkins plugins to install. If you don't want to install plugins, set it to `false` | `["kubernetes:4209.vc646b_71e5269","workflow-aggregator:596.v8c21c963d92d","git:5.2.1","configuration-as-code:1775.v810dc950b_514"]` | | [controller.javaOpts](./values.yaml#L156) | string | Append to `JAVA_OPTS` env var | `nil` | | [controller.jenkinsAdminEmail](./values.yaml#L96) | string | Email address for the administrator of the Jenkins instance | `nil` | | [controller.jenkinsHome](./values.yaml#L101) | string | Custom Jenkins home path | `"/var/jenkins_home"` | diff --git a/charts/jenkins/jenkins/values.yaml b/charts/jenkins/jenkins/values.yaml index 33636e189..863dcd4bf 100644 --- a/charts/jenkins/jenkins/values.yaml +++ b/charts/jenkins/jenkins/values.yaml @@ -393,7 +393,7 @@ controller: # Plugins will be installed during Jenkins controller start # -- List of Jenkins plugins to install. If you don't want to install plugins, set it to `false` installPlugins: - - kubernetes:4208.v4017b_a_27a_d67 + - kubernetes:4209.vc646b_71e5269 - workflow-aggregator:596.v8c21c963d92d - git:5.2.1 - configuration-as-code:1775.v810dc950b_514 diff --git a/charts/new-relic/nri-bundle/Chart.lock b/charts/new-relic/nri-bundle/Chart.lock index f76164dcb..d945ae26c 100644 --- a/charts/new-relic/nri-bundle/Chart.lock +++ b/charts/new-relic/nri-bundle/Chart.lock @@ -1,16 +1,16 @@ dependencies: - name: newrelic-infrastructure repository: https://newrelic.github.io/nri-kubernetes - version: 3.33.3 + version: 3.33.4 - name: nri-prometheus repository: https://newrelic.github.io/nri-prometheus version: 2.1.17 - name: newrelic-prometheus-agent repository: https://newrelic.github.io/newrelic-prometheus-configurator - version: 1.12.0 + version: 1.13.0 - name: nri-metadata-injection repository: https://newrelic.github.io/k8s-metadata-injection - version: 4.18.4 + version: 4.19.0 - name: newrelic-k8s-metrics-adapter repository: https://newrelic.github.io/newrelic-k8s-metrics-adapter version: 1.10.2 @@ -19,10 +19,10 @@ dependencies: version: 5.12.1 - name: nri-kube-events repository: https://newrelic.github.io/nri-kube-events - version: 3.9.5 + version: 3.9.6 - name: newrelic-logging repository: https://newrelic.github.io/helm-charts - version: 1.21.2 + version: 1.21.3 - name: newrelic-pixie repository: https://newrelic.github.io/helm-charts version: 2.1.4 @@ -32,5 +32,5 @@ dependencies: - name: newrelic-infra-operator repository: https://newrelic.github.io/newrelic-infra-operator version: 2.10.0 -digest: sha256:0c565318deb31a2ec54376d6ca173c4a2bcd44c3904ad5d9fbe315eabbbceeb2 -generated: "2024-04-22T14:27:28.039217268Z" +digest: sha256:6917aeb854737d43d0cd3847024cc421030faae27eebb90bd8646d0953ab412f +generated: "2024-04-29T15:29:01.302193264Z" diff --git a/charts/new-relic/nri-bundle/Chart.yaml b/charts/new-relic/nri-bundle/Chart.yaml index 9c606339b..1eba6ae31 100644 --- a/charts/new-relic/nri-bundle/Chart.yaml +++ b/charts/new-relic/nri-bundle/Chart.yaml @@ -7,7 +7,7 @@ dependencies: - condition: infrastructure.enabled,newrelic-infrastructure.enabled name: newrelic-infrastructure repository: file://./charts/newrelic-infrastructure - version: 3.33.3 + version: 3.33.4 - condition: prometheus.enabled,nri-prometheus.enabled name: nri-prometheus repository: file://./charts/nri-prometheus @@ -15,11 +15,11 @@ dependencies: - condition: newrelic-prometheus-agent.enabled name: newrelic-prometheus-agent repository: file://./charts/newrelic-prometheus-agent - version: 1.12.0 + version: 1.13.0 - condition: webhook.enabled,nri-metadata-injection.enabled name: nri-metadata-injection repository: file://./charts/nri-metadata-injection - version: 4.18.4 + version: 4.19.0 - condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled name: newrelic-k8s-metrics-adapter repository: file://./charts/newrelic-k8s-metrics-adapter @@ -31,11 +31,11 @@ dependencies: - condition: kubeEvents.enabled,nri-kube-events.enabled name: nri-kube-events repository: file://./charts/nri-kube-events - version: 3.9.5 + version: 3.9.6 - condition: logging.enabled,newrelic-logging.enabled name: newrelic-logging repository: file://./charts/newrelic-logging - version: 1.21.2 + version: 1.21.3 - condition: newrelic-pixie.enabled name: newrelic-pixie repository: file://./charts/newrelic-pixie @@ -77,4 +77,4 @@ sources: - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie - https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator -version: 5.0.74 +version: 5.0.75 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml index 95f440334..e960f41fe 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 3.28.3 +appVersion: 3.28.4 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -23,4 +23,4 @@ sources: - https://github.com/newrelic/nri-kubernetes/ - https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure - https://github.com/newrelic/infrastructure-agent/ -version: 3.33.3 +version: 3.33.4 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/values.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/values.yaml index ffda8029b..7781543b6 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/values.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/values.yaml @@ -30,7 +30,7 @@ images: agent: registry: "" repository: newrelic/infrastructure-bundle - tag: 3.2.37 + tag: 3.2.38 pullPolicy: IfNotPresent # -- Image for the New Relic Kubernetes integration. # @default -- See `values.yaml` diff --git a/charts/new-relic/nri-bundle/charts/newrelic-logging/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-logging/Chart.yaml index 6bbc47de4..6db874f29 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-logging/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-logging/Chart.yaml @@ -17,4 +17,4 @@ maintainers: - name: danybmx - name: sdaubin name: newrelic-logging -version: 1.21.2 +version: 1.21.3 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-logging/values.yaml b/charts/new-relic/nri-bundle/charts/newrelic-logging/values.yaml index c8f19bdf7..f4cfc5c9e 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-logging/values.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-logging/values.yaml @@ -125,7 +125,7 @@ fluentBit: Name record_modifier Alias node-attributes-enricher Match * - Record cluster_name ${CLUSTER_NAME} + Record cluster_name "${CLUSTER_NAME}" # extraFilters: | # [FILTER] @@ -157,7 +157,7 @@ fluentBit: Name record_modifier Match * Alias node-attributes-enricher-filter - Record cluster_name ${CLUSTER_NAME} + Record cluster_name "${CLUSTER_NAME}" Allowlist_key container_name Allowlist_key namespace_name Allowlist_key pod_name @@ -211,7 +211,7 @@ fluentBit: Tls.verify Off # User-defined labels add_label app fluent-bit - add_label cluster_name ${CLUSTER_NAME} + add_label cluster_name "${CLUSTER_NAME}" add_label hostname ${HOSTNAME} add_label node_name ${NODE_NAME} add_label source kubernetes diff --git a/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml index 30dddeb86..40417d4d5 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml @@ -1,5 +1,5 @@ annotations: - configuratorVersion: 1.15.0 + configuratorVersion: 1.16.0 apiVersion: v2 appVersion: v2.37.8 dependencies: @@ -19,4 +19,4 @@ maintainers: url: https://github.com/dbudziwojskiNR name: newrelic-prometheus-agent type: application -version: 1.12.0 +version: 1.13.0 diff --git a/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml b/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml index e5d4faa10..eebec3531 100644 --- a/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.9.5 +appVersion: 2.9.6 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -23,4 +23,4 @@ sources: - https://github.com/newrelic/nri-kube-events/ - https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events - https://github.com/newrelic/infrastructure-agent/ -version: 3.9.5 +version: 3.9.6 diff --git a/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md b/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md index 1b19aeb84..20383acaf 100644 --- a/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md +++ b/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md @@ -1,6 +1,6 @@ # nri-kube-events -![Version: 3.9.5](https://img.shields.io/badge/Version-3.9.5-informational?style=flat-square) ![AppVersion: 2.9.5](https://img.shields.io/badge/AppVersion-2.9.5-informational?style=flat-square) +![Version: 3.9.6](https://img.shields.io/badge/Version-3.9.6-informational?style=flat-square) ![AppVersion: 2.9.6](https://img.shields.io/badge/AppVersion-2.9.6-informational?style=flat-square) A Helm chart to deploy the New Relic Kube Events router diff --git a/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml b/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml index 44078835c..72c1a676d 100644 --- a/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.26.4 +appVersion: 1.27.0 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -22,4 +22,4 @@ name: nri-metadata-injection sources: - https://github.com/newrelic/k8s-metadata-injection - https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection -version: 4.18.4 +version: 4.19.0 diff --git a/charts/speedscale/speedscale-operator/Chart.yaml b/charts/speedscale/speedscale-operator/Chart.yaml index 5d14d4011..d76642983 100644 --- a/charts/speedscale/speedscale-operator/Chart.yaml +++ b/charts/speedscale/speedscale-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: speedscale-operator apiVersion: v1 -appVersion: 2.1.288 +appVersion: 2.1.296 description: Stress test your APIs with real world scenarios. Collect and replay traffic without scripting. home: https://speedscale.com @@ -24,4 +24,4 @@ maintainers: - email: support@speedscale.com name: Speedscale Support name: speedscale-operator -version: 2.1.288 +version: 2.1.296 diff --git a/charts/speedscale/speedscale-operator/templates/crds/trafficreplays.yaml b/charts/speedscale/speedscale-operator/templates/crds/trafficreplays.yaml index 75d2fb19c..9a85d5da4 100644 --- a/charts/speedscale/speedscale-operator/templates/crds/trafficreplays.yaml +++ b/charts/speedscale/speedscale-operator/templates/crds/trafficreplays.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 creationTimestamp: null name: trafficreplays.speedscale.com spec: @@ -237,6 +237,10 @@ spec: Workload represents a Kubernetes workload to be targeted during replay and associated settings. properties: + customURI: + description: CustomURI will be target of the traffic instead + of directly targeting workload + type: string inTrafficKey: description: 'DEPRECATED: use InTrafficKeys' type: string diff --git a/charts/speedscale/speedscale-operator/values.yaml b/charts/speedscale/speedscale-operator/values.yaml index 8a8efd1f3..870afbf01 100644 --- a/charts/speedscale/speedscale-operator/values.yaml +++ b/charts/speedscale/speedscale-operator/values.yaml @@ -20,7 +20,7 @@ clusterName: "my-cluster" # Speedscale components image settings. image: registry: gcr.io/speedscale - tag: v2.1.288 + tag: v2.1.296 pullPolicy: Always # Log level for Speedscale components. diff --git a/charts/traefik/traefik/Changelog.md b/charts/traefik/traefik/Changelog.md index 9d1eb3d0d..3a443d396 100644 --- a/charts/traefik/traefik/Changelog.md +++ b/charts/traefik/traefik/Changelog.md @@ -1,20 +1,415 @@ # Change Log -## 27.0.2 ![AppVersion: v2.11.1](https://img.shields.io/static/v1?label=AppVersion&message=v2.11.1&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) +## 28.0.0 ![AppVersion: v3.0.0](https://img.shields.io/static/v1?label=AppVersion&message=v3.0.0&color=success&logo=) ![Kubernetes: >=1.22.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.22.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) -**Release date:** 2024-04-11 +**Release date:** 2024-04-30 -* feat: ✨ update Traefik Proxy to v2.11.2 +* style: 🎨 consistent capitalization on `--entryPoints` CLI flag +* fix: 🐛 only expose http3 port on service when TCP variant is exposed +* fix: 🐛 logs filters on status codes +* feat: ✨ add support of `experimental-v3.0` unstable version +* feat: ability to override liveness and readiness probe paths +* feat(ports): add transport options +* chore(release): publish v28.0.0 -## 27.0.1 ![AppVersion: v2.11.1](https://img.shields.io/static/v1?label=AppVersion&message=v2.11.1&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) +### Default value changes -**Release date:** 2024-04-10 +```diff +diff --git a/traefik/values.yaml b/traefik/values.yaml +index c0d72d8..2bff10d 100644 +--- a/traefik/values.yaml ++++ b/traefik/values.yaml +@@ -38,6 +38,12 @@ deployment: + ## Override the liveness/readiness scheme. Useful for getting ping to + ## respond on websecure entryPoint. + # healthchecksScheme: HTTPS ++ ## Override the readiness path. ++ ## Default: /ping ++ # readinessPath: /ping ++ # Override the liveness path. ++ # Default: /ping ++ # livenessPath: /ping + # -- Additional deployment annotations (e.g. for jaeger-operator sidecar injection) + annotations: {} + # -- Additional deployment labels (e.g. for filtering deployment by custom labels) +@@ -648,15 +654,28 @@ ports: + # (Optional) + # priority: 10 + # +- # Trust forwarded headers information (X-Forwarded-*). ++ # -- Trust forwarded headers information (X-Forwarded-*). + # forwardedHeaders: + # trustedIPs: [] + # insecure: false + # +- # Enable the Proxy Protocol header parsing for the entry point ++ # -- Enable the Proxy Protocol header parsing for the entry point + # proxyProtocol: + # trustedIPs: [] + # insecure: false ++ # ++ # -- Set transport settings for the entrypoint; see also ++ # https://doc.traefik.io/traefik/routing/entrypoints/#transport ++ transport: ++ respondingTimeouts: ++ readTimeout: ++ writeTimeout: ++ idleTimeout: ++ lifeCycle: ++ requestAcceptGraceTimeout: ++ graceTimeOut: ++ keepAliveMaxRequests: ++ keepAliveMaxTime: + websecure: + ## -- Enable this entrypoint as a default entrypoint. When a service doesn't explicitly set an entrypoint it will only use this entrypoint. + # asDefault: true +@@ -684,16 +703,29 @@ ports: + enabled: false + # advertisedPort: 4443 + # +- ## -- Trust forwarded headers information (X-Forwarded-*). ++ # -- Trust forwarded headers information (X-Forwarded-*). + # forwardedHeaders: + # trustedIPs: [] + # insecure: false + # +- ## -- Enable the Proxy Protocol header parsing for the entry point ++ # -- Enable the Proxy Protocol header parsing for the entry point + # proxyProtocol: + # trustedIPs: [] + # insecure: false + # ++ # -- Set transport settings for the entrypoint; see also ++ # https://doc.traefik.io/traefik/routing/entrypoints/#transport ++ transport: ++ respondingTimeouts: ++ readTimeout: ++ writeTimeout: ++ idleTimeout: ++ lifeCycle: ++ requestAcceptGraceTimeout: ++ graceTimeOut: ++ keepAliveMaxRequests: ++ keepAliveMaxTime: ++ # + ## Set TLS at the entrypoint + ## https://doc.traefik.io/traefik/routing/entrypoints/#tls + tls: +``` -**Upgrade notes** +## 28.0.0-rc1 ![AppVersion: v3.0.0-rc5](https://img.shields.io/static/v1?label=AppVersion&message=v3.0.0-rc5&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) -🚨 Traefik Proxy v2.11.1 introduces `lingeringTimeout`, see https://github.com/traefik/traefik/pull/10569, that can be breaking for _server-first_ protocols. This new setting can be set with `additionalArguments`. +**Release date:** 2024-04-17 -* feat: ✨ update Traefik Proxy to v2.11.1 +**Upgrade Notes** + +This is a major breaking upgrade. [Migration guide](https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/) have been applied on the chart. + +It needs a Kubernetes v1.22 or higher. +All CRDs using _API Group_ `traefik.containo.us` are not supported anymore in Traefik Proxy v3 + +CRDs needs to be upgraded: `kubectl apply --server-side --force-conflicts -k https://github.com/traefik/traefik-helm-chart/traefik/crds/` + +After upgrade, CRDs with _API Group_ `traefik.containo.us` can be removed: + +```shell +kubectl delete crds \ + ingressroutes.traefik.containo.us \ + ingressroutetcps.traefik.containo.us \ + ingressrouteudps.traefik.containo.us \ + middlewares.traefik.containo.us \ + middlewaretcps.traefik.containo.us \ + serverstransports.traefik.containo.us \ + tlsoptions.traefik.containo.us \ + tlsstores.traefik.containo.us \ + traefikservices.traefik.containo.us +``` + +**Changes** + +* feat(podtemplate): set GOMEMLIMIT, GOMAXPROCS when limits are defined +* feat: ✨ fail gracefully when required port number is not set +* feat!: :boom: initial support of Traefik Proxy v3 +* docs: 📚️ improve EXAMPLES on acme resolver +* chore(release): 🚀 publish v28 rc1 + +### Default value changes + +```diff +diff --git a/traefik/values.yaml b/traefik/values.yaml +index cd9fb6e..c0d72d8 100644 +--- a/traefik/values.yaml ++++ b/traefik/values.yaml +@@ -120,12 +120,13 @@ ingressClass: + isDefaultClass: true + # name: my-custom-class + ++core: ++ # -- Can be used to use globally v2 router syntax ++ # See https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#new-v3-syntax-notable-changes ++ defaultRuleSyntax: ++ + # Traefik experimental features + experimental: +- # This value is no longer used, set the image.tag to a semver higher than 3.0, e.g. "v3.0.0-beta3" +- # v3: +- # -- Enable traefik version 3 +- + # -- Enable traefik experimental plugins + plugins: {} + # demo: +@@ -309,7 +310,7 @@ logs: + # format: json + # By default, the level is set to ERROR. + # -- Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. +- level: ERROR ++ level: INFO + access: + # -- To enable access logs + enabled: false +@@ -328,6 +329,8 @@ logs: + # statuscodes: "200,300-302" + # retryattempts: true + # minduration: 10ms ++ # -- Enables accessLogs for internal resources. Default: false. ++ addInternals: + fields: + general: + # -- Available modes: keep, drop, redact. +@@ -347,6 +350,9 @@ logs: + # Content-Type: keep + + metrics: ++ ## -- Enable metrics for internal resources. Default: false ++ addInternals: ++ + ## -- Prometheus is enabled by default. + ## -- It can be disabled by setting "prometheus: null" + prometheus: +@@ -376,31 +382,6 @@ metrics: + # # addRoutersLabels: true + # ## Enable metrics on services. Default=true + # # addServicesLabels: false +- # influxdb: +- # ## Address instructs exporter to send metrics to influxdb at this address. +- # address: localhost:8089 +- # ## InfluxDB's address protocol (udp or http). Default="udp" +- # protocol: udp +- # ## InfluxDB database used when protocol is http. Default="" +- # # database: "" +- # ## InfluxDB retention policy used when protocol is http. Default="" +- # # retentionPolicy: "" +- # ## InfluxDB username (only with http). Default="" +- # # username: "" +- # ## InfluxDB password (only with http). Default="" +- # # password: "" +- # ## The interval used by the exporter to push metrics to influxdb. Default=10s +- # # pushInterval: 30s +- # ## Additional labels (influxdb tags) on all metrics. +- # # additionalLabels: +- # # env: production +- # # foo: bar +- # ## Enable metrics on entry points. Default=true +- # # addEntryPointsLabels: false +- # ## Enable metrics on routers. Default=false +- # # addRoutersLabels: true +- # ## Enable metrics on services. Default=true +- # # addServicesLabels: false + # influxdb2: + # ## Address instructs exporter to send metrics to influxdb v2 at this address. + # address: localhost:8086 +@@ -435,43 +416,53 @@ metrics: + # # addRoutersLabels: true + # ## Enable metrics on services. Default=true + # # addServicesLabels: false +- # openTelemetry: +- # ## Address of the OpenTelemetry Collector to send metrics to. +- # address: "localhost:4318" +- # ## Enable metrics on entry points. +- # addEntryPointsLabels: true +- # ## Enable metrics on routers. +- # addRoutersLabels: true +- # ## Enable metrics on services. +- # addServicesLabels: true +- # ## Explicit boundaries for Histogram data points. +- # explicitBoundaries: +- # - "0.1" +- # - "0.3" +- # - "1.2" +- # - "5.0" +- # ## Additional headers sent with metrics by the reporter to the OpenTelemetry Collector. +- # headers: +- # foo: bar +- # test: test +- # ## Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol. +- # insecure: true +- # ## Interval at which metrics are sent to the OpenTelemetry Collector. +- # pushInterval: 10s +- # ## Allows to override the default URL path used for sending metrics. This option has no effect when using gRPC transport. +- # path: /foo/v1/traces +- # ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector. +- # tls: +- # ## The path to the certificate authority, it defaults to the system bundle. +- # ca: path/to/ca.crt +- # ## The path to the public certificate. When using this option, setting the key option is required. +- # cert: path/to/foo.cert +- # ## The path to the private key. When using this option, setting the cert option is required. +- # key: path/to/key.key +- # ## If set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. +- # insecureSkipVerify: true +- # ## This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC. +- # grpc: true ++ otlp: ++ # -- Set to true in order to enable the OpenTelemetry metrics ++ enabled: false ++ # -- Enable metrics on entry points. Default: true ++ addEntryPointsLabels: ++ # -- Enable metrics on routers. Default: false ++ addRoutersLabels: ++ # -- Enable metrics on services. Default: true ++ addServicesLabels: ++ # -- Explicit boundaries for Histogram data points. Default: [.005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10] ++ explicitBoundaries: ++ # -- Interval at which metrics are sent to the OpenTelemetry Collector. Default: 10s ++ pushInterval: ++ http: ++ # -- Set to true in order to send metrics to the OpenTelemetry Collector using HTTP. ++ enabled: false ++ # -- Format: ://:. Default: http://localhost:4318/v1/metrics ++ endpoint: ++ # -- Additional headers sent with metrics by the reporter to the OpenTelemetry Collector. ++ headers: ++ ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector. ++ tls: ++ # -- The path to the certificate authority, it defaults to the system bundle. ++ ca: ++ # -- The path to the public certificate. When using this option, setting the key option is required. ++ cert: ++ # -- The path to the private key. When using this option, setting the cert option is required. ++ key: ++ # -- When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. ++ insecureSkipVerify: ++ grpc: ++ # -- Set to true in order to send metrics to the OpenTelemetry Collector using gRPC ++ enabled: false ++ # -- Format: ://:. Default: http://localhost:4318/v1/metrics ++ endpoint: ++ # -- Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol. ++ insecure: ++ ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector. ++ tls: ++ # -- The path to the certificate authority, it defaults to the system bundle. ++ ca: ++ # -- The path to the public certificate. When using this option, setting the key option is required. ++ cert: ++ # -- The path to the private key. When using this option, setting the cert option is required. ++ key: ++ # -- When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. ++ insecureSkipVerify: + + ## -- enable optional CRDs for Prometheus Operator + ## +@@ -524,51 +515,46 @@ metrics: + + ## Tracing + # -- https://doc.traefik.io/traefik/observability/tracing/overview/ +-tracing: {} +-# openTelemetry: # traefik v3+ only +-# grpc: true +-# insecure: true +-# address: localhost:4317 +-# instana: +-# localAgentHost: 127.0.0.1 +-# localAgentPort: 42699 +-# logLevel: info +-# enableAutoProfile: true +-# datadog: +-# localAgentHostPort: 127.0.0.1:8126 +-# debug: false +-# globalTag: "" +-# prioritySampling: false +-# jaeger: +-# samplingServerURL: http://localhost:5778/sampling +-# samplingType: const +-# samplingParam: 1.0 +-# localAgentHostPort: 127.0.0.1:6831 +-# gen128Bit: false +-# propagation: jaeger +-# traceContextHeaderName: uber-trace-id +-# disableAttemptReconnecting: true +-# collector: +-# endpoint: "" +-# user: "" +-# password: "" +-# zipkin: +-# httpEndpoint: http://localhost:9411/api/v2/spans +-# sameSpan: false +-# id128Bit: true +-# sampleRate: 1.0 +-# haystack: +-# localAgentHost: 127.0.0.1 +-# localAgentPort: 35000 +-# globalTag: "" +-# traceIDHeaderName: "" +-# parentIDHeaderName: "" +-# spanIDHeaderName: "" +-# baggagePrefixHeaderName: "" +-# elastic: +-# serverURL: http://localhost:8200 +-# secretToken: "" +-# serviceEnvironment: "" ++tracing: ++ # -- Enables tracing for internal resources. Default: false. ++ addInternals: ++ otlp: ++ # -- See https://doc.traefik.io/traefik/v3.0/observability/tracing/opentelemetry/ ++ enabled: false ++ http: ++ # -- Set to true in order to send metrics to the OpenTelemetry Collector using HTTP. ++ enabled: false ++ # -- Format: ://:. Default: http://localhost:4318/v1/metrics ++ endpoint: ++ # -- Additional headers sent with metrics by the reporter to the OpenTelemetry Collector. ++ headers: ++ ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector. ++ tls: ++ # -- The path to the certificate authority, it defaults to the system bundle. ++ ca: ++ # -- The path to the public certificate. When using this option, setting the key option is required. ++ cert: ++ # -- The path to the private key. When using this option, setting the cert option is required. ++ key: ++ # -- When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. ++ insecureSkipVerify: ++ grpc: ++ # -- Set to true in order to send metrics to the OpenTelemetry Collector using gRPC ++ enabled: false ++ # -- Format: ://:. Default: http://localhost:4318/v1/metrics ++ endpoint: ++ # -- Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol. ++ insecure: ++ ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector. ++ tls: ++ # -- The path to the certificate authority, it defaults to the system bundle. ++ ca: ++ # -- The path to the public certificate. When using this option, setting the key option is required. ++ cert: ++ # -- The path to the private key. When using this option, setting the cert option is required. ++ key: ++ # -- When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. ++ insecureSkipVerify: + + # -- Global command arguments to be passed to all traefik's pods + globalArguments: +@@ -756,7 +742,6 @@ ports: + # default: + # labels: {} + # sniStrict: true +-# preferServerCipherSuites: true + # custom-options: + # labels: {} + # curvePreferences: +``` ## 27.0.0 ![AppVersion: v2.11.0](https://img.shields.io/static/v1?label=AppVersion&message=v2.11.0&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) diff --git a/charts/traefik/traefik/Chart.yaml b/charts/traefik/traefik/Chart.yaml index 3c27b0af0..8f284c23e 100644 --- a/charts/traefik/traefik/Chart.yaml +++ b/charts/traefik/traefik/Chart.yaml @@ -1,12 +1,16 @@ annotations: - artifacthub.io/changes: | - - "feat: ✨ update Traefik Proxy to v2.11.2" + artifacthub.io/changes: "- \"style: \U0001F3A8 consistent capitalization on `--entryPoints` + CLI flag\"\n- \"fix: \U0001F41B only expose http3 port on service when TCP variant + is exposed\"\n- \"fix: \U0001F41B logs filters on status codes\"\n- \"feat: ✨ + add support of `experimental-v3.0` unstable version\"\n- \"feat: ability to override + liveness and readiness probe paths\"\n- \"feat(ports): add transport options\"\n- + \"chore(release): publish v28.0.0\"\n" catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Traefik Proxy - catalog.cattle.io/kube-version: '>=1.16.0-0' + catalog.cattle.io/kube-version: '>=1.22.0-0' catalog.cattle.io/release-name: traefik apiVersion: v2 -appVersion: v2.11.2 +appVersion: v3.0.0 description: A Traefik based Kubernetes ingress controller home: https://traefik.io/ icon: https://raw.githubusercontent.com/traefik/traefik/v2.3/docs/content/assets/img/traefik.logo.png @@ -14,7 +18,7 @@ keywords: - traefik - ingress - networking -kubeVersion: '>=1.16.0-0' +kubeVersion: '>=1.22.0-0' maintainers: - email: michel.loiseleur@traefik.io name: mloiseleur @@ -28,4 +32,4 @@ sources: - https://github.com/traefik/traefik - https://github.com/traefik/traefik-helm-chart type: application -version: 27.0.2 +version: 28.0.0 diff --git a/charts/traefik/traefik/EXAMPLES.md b/charts/traefik/traefik/EXAMPLES.md index 5800d9fab..1d7aee67d 100644 --- a/charts/traefik/traefik/EXAMPLES.md +++ b/charts/traefik/traefik/EXAMPLES.md @@ -348,6 +348,21 @@ By default, Kubernetes recursively changes ownership and permissions for the con => An initContainer can be used to avoid an issue on this sensitive file. See [#396](https://github.com/traefik/traefik-helm-chart/issues/396) for more details. +**Step 1**: Create `Secret` with CloudFlare token: + +```yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: cloudflare +type: Opaque +stringData: + token: TTT +``` + +**Step 2**: + ```yaml persistence: enabled: true @@ -361,8 +376,8 @@ env: - name: CF_DNS_API_TOKEN valueFrom: secretKeyRef: - name: yyy - key: zzz + name: cloudflare + key: token deployment: initContainers: - name: volume-permissions @@ -373,6 +388,20 @@ deployment: name: data ``` +and after, in an `IngressRoute`: + +```yaml +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: [...] +spec: + entryPoints: [...] + routes: [...] + tls: + certResolver: letsencrypt +``` + This example needs a CloudFlare token in a Kubernetes `Secret` and a working `StorageClass`. See [the list of supported providers](https://doc.traefik.io/traefik/https/acme/#providers) for others. @@ -581,3 +610,15 @@ spec: name: release-name-traefik maxReplicas: 3 ``` + +# Use latest build of Traefik v3 from master + +An experimental build of Traefik Proxy is available on a specific repository. + +It can be used with those _values_: + +```yaml +image: + repository: traefik/traefik + tag: experimental-v3.0 +``` diff --git a/charts/traefik/traefik/README.md b/charts/traefik/traefik/README.md index c45768f24..b53bccd02 100644 --- a/charts/traefik/traefik/README.md +++ b/charts/traefik/traefik/README.md @@ -5,12 +5,12 @@ microservices with ease. ## Introduction -This chart bootstraps Traefik version 2 as a Kubernetes ingress controller, -using Custom Resources `IngressRoute`: . +Starting with v28.x, this chart now bootstraps Traefik Proxy version 3 as a Kubernetes ingress controller, +using Custom Resources `IngressRoute`: . + +It's possible to use this chart with Traefik Proxy v2 using v27.x +This chart support policy is aligned with [upstream support policy](https://doc.traefik.io/traefik/deprecation/releases/) of Traefik Proxy. -It's possible to use this chart with Traefik v3 (current tested with v3.0.0-rc1). -This Chart is focused on stable release, so there are limitations and one will need to apply Traefik v3 CRDs first. -Helm will auto detect which version is used based on image.tag. Set image.tag to a semver higher than 3.0, e.g. "v3.0.0-rc1". See [Migration guide from v2 to v3](https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/) and upgrading section of this chart on CRDs. ### Philosophy @@ -25,7 +25,9 @@ Accordingly, the encouraged approach to fulfill your needs: 1. Override the default Traefik configuration values ([yaml file or cli](https://helm.sh/docs/chart_template_guide/values_files/)) 2. Append your own configurations (`kubectl apply -f myconf.yaml`) -If needed, one may use [extraObjects](./traefik/tests/values/extra.yaml) or extend this HelmChart [as a Subchart](https://helm.sh/docs/chart_template_guide/subcharts_and_globals/). In the [examples](EXAMPLES.md), one can see how to use this Chart as a dependency. +[Examples](https://github.com/traefik/traefik-helm-chart/blob/master/EXAMPLES.md) of common usage are provided. + +If needed, one may use [extraObjects](./traefik/tests/values/extra.yaml) or extend this HelmChart [as a Subchart](https://helm.sh/docs/chart_template_guide/subcharts_and_globals/). ## Installing @@ -46,12 +48,13 @@ Due to changes in CRD version support, the following versions of the chart are u ### CRDs Support of Traefik Proxy -Due to changes in API Group of Traefik CRDs from `containo.us` to `traefik.io`, this Chart install the two CRDs API Group on the following versions: +Due to changes in API Group of Traefik CRDs from `containo.us` to `traefik.io`, this Chart install CRDs needed by default Traefik Proxy version, following this table: | | `containo.us` | `traefik.io` | |-------------------------|-----------------------------|------------------------| | Chart v22.0.0 and below | [x] | | | Chart v23.0.0 and above | [x] | [x] | +| Chart v28.0.0 and above | | [x] | ### Deploying Traefik @@ -85,14 +88,24 @@ New major version indicates that there is an incompatible breaking change. ### Upgrading CRDs -🛂 **Warning**: Traefik v3 totally removes the crd support for traefik.containo.us CRDs. By default this helm installs the CRDs compatible with v2 also, but Traefik v3 will no longer monitor them. There is no support for deprecation errors, so your existing resources may silently fail to work after upgrade to Traefik v3. See [Migration guide from v2 to v3](https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/) for more details. - With Helm v3, CRDs created by this chart can not be updated, cf the [Helm Documentation on CRDs](https://helm.sh/docs/chart_best_practices/custom_resource_definitions). Please read carefully release notes of this chart before upgrading CRDs. +#### Upgrade from 27.X to 28.X+ + +🛂 **Warning**: Traefik v3 totally removes the crd support for traefik.containo.us CRDs. Existing resources may silently fail to work after upgrade to Traefik v3. + +See [Migration guide from v2 to v3](https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/) for more details. + ```bash kubectl apply --server-side --force-conflicts -k https://github.com/traefik/traefik-helm-chart/traefik/crds/ ``` +#### Upgrade up to 27.X + +```bash +kubectl apply --server-side --force-conflicts -k https://github.com/traefik/traefik-helm-chart/traefik/crds/?ref=v27 +``` + ### Upgrading after 18.X+ It's detailed in [release notes](https://github.com/traefik/traefik-helm-chart/releases). diff --git a/charts/traefik/traefik/VALUES.md b/charts/traefik/traefik/VALUES.md index 42933b501..6bd8d3c25 100644 --- a/charts/traefik/traefik/VALUES.md +++ b/charts/traefik/traefik/VALUES.md @@ -1,6 +1,6 @@ # traefik -![Version: 27.0.2](https://img.shields.io/badge/Version-27.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.11.2](https://img.shields.io/badge/AppVersion-v2.11.2-informational?style=flat-square) +![Version: 28.0.0](https://img.shields.io/badge/Version-28.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.0.0](https://img.shields.io/badge/AppVersion-v3.0.0-informational?style=flat-square) A Traefik based Kubernetes ingress controller @@ -22,7 +22,7 @@ A Traefik based Kubernetes ingress controller ## Requirements -Kubernetes: `>=1.16.0-0` +Kubernetes: `>=1.22.0-0` ## Values @@ -34,6 +34,7 @@ Kubernetes: `>=1.16.0-0` | autoscaling.enabled | bool | `false` | Create HorizontalPodAutoscaler object. | | certResolvers | object | `{}` | Certificates resolvers configuration | | commonLabels | object | `{}` | Add additional label to all resources | +| core.defaultRuleSyntax | string | `nil` | Can be used to use globally v2 router syntax See https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#new-v3-syntax-notable-changes | | deployment.additionalContainers | list | `[]` | Additional containers (e.g. for metric offloading sidecars) | | deployment.additionalVolumes | list | `[]` | Additional volumes available for use with initContainers and additionalContainers | | deployment.annotations | object | `{}` | Additional deployment annotations (e.g. for jaeger-operator sidecar injection) | @@ -82,13 +83,35 @@ Kubernetes: `>=1.16.0-0` | livenessProbe.periodSeconds | int | `10` | The number of seconds to wait between consecutive probes. | | livenessProbe.successThreshold | int | `1` | The minimum consecutive successes required to consider the probe successful. | | livenessProbe.timeoutSeconds | int | `2` | The number of seconds to wait for a probe response before considering it as failed. | +| logs.access.addInternals | string | `nil` | Enables accessLogs for internal resources. Default: false. | | logs.access.enabled | bool | `false` | To enable access logs | | logs.access.fields.general.defaultmode | string | `"keep"` | Available modes: keep, drop, redact. | | logs.access.fields.general.names | object | `{}` | Names of the fields to limit. | | logs.access.fields.headers.defaultmode | string | `"drop"` | Available modes: keep, drop, redact. | | logs.access.fields.headers.names | object | `{}` | Names of the headers to limit. | | logs.access.filters | object | `{}` | https://docs.traefik.io/observability/access-logs/#filtering | -| logs.general.level | string | `"ERROR"` | Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. | +| logs.general.level | string | `"INFO"` | Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. | +| metrics.addInternals | string | `nil` | | +| metrics.otlp.addEntryPointsLabels | string | `nil` | Enable metrics on entry points. Default: true | +| metrics.otlp.addRoutersLabels | string | `nil` | Enable metrics on routers. Default: false | +| metrics.otlp.addServicesLabels | string | `nil` | Enable metrics on services. Default: true | +| metrics.otlp.enabled | bool | `false` | Set to true in order to enable the OpenTelemetry metrics | +| metrics.otlp.explicitBoundaries | string | `nil` | Explicit boundaries for Histogram data points. Default: [.005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10] | +| metrics.otlp.grpc.enabled | bool | `false` | Set to true in order to send metrics to the OpenTelemetry Collector using gRPC | +| metrics.otlp.grpc.endpoint | string | `nil` | Format: ://:. Default: http://localhost:4318/v1/metrics | +| metrics.otlp.grpc.insecure | string | `nil` | Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol. | +| metrics.otlp.grpc.tls.ca | string | `nil` | The path to the certificate authority, it defaults to the system bundle. | +| metrics.otlp.grpc.tls.cert | string | `nil` | The path to the public certificate. When using this option, setting the key option is required. | +| metrics.otlp.grpc.tls.insecureSkipVerify | string | `nil` | When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. | +| metrics.otlp.grpc.tls.key | string | `nil` | The path to the private key. When using this option, setting the cert option is required. | +| metrics.otlp.http.enabled | bool | `false` | Set to true in order to send metrics to the OpenTelemetry Collector using HTTP. | +| metrics.otlp.http.endpoint | string | `nil` | Format: ://:. Default: http://localhost:4318/v1/metrics | +| metrics.otlp.http.headers | string | `nil` | Additional headers sent with metrics by the reporter to the OpenTelemetry Collector. | +| metrics.otlp.http.tls.ca | string | `nil` | The path to the certificate authority, it defaults to the system bundle. | +| metrics.otlp.http.tls.cert | string | `nil` | The path to the public certificate. When using this option, setting the key option is required. | +| metrics.otlp.http.tls.insecureSkipVerify | string | `nil` | When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. | +| metrics.otlp.http.tls.key | string | `nil` | The path to the private key. When using this option, setting the cert option is required. | +| metrics.otlp.pushInterval | string | `nil` | Interval at which metrics are sent to the OpenTelemetry Collector. Default: 10s | | metrics.prometheus.entryPoint | string | `"metrics"` | Entry point used to expose metrics. | | nodeSelector | object | `{}` | nodeSelector is the simplest recommended form of node selection constraint. | | persistence.accessMode | string | `"ReadWriteOnce"` | | @@ -115,6 +138,7 @@ Kubernetes: `>=1.16.0-0` | ports.web.exposedPort | int | `80` | | | ports.web.port | int | `8000` | | | ports.web.protocol | string | `"TCP"` | | +| ports.web.transport | object | `{"keepAliveMaxRequests":null,"keepAliveMaxTime":null,"lifeCycle":{"graceTimeOut":null,"requestAcceptGraceTimeout":null},"respondingTimeouts":{"idleTimeout":null,"readTimeout":null,"writeTimeout":null}}` | Set transport settings for the entrypoint; see also https://doc.traefik.io/traefik/routing/entrypoints/#transport | | ports.websecure.expose.default | bool | `true` | | | ports.websecure.exposedPort | int | `443` | | | ports.websecure.http3.enabled | bool | `false` | | @@ -125,6 +149,7 @@ Kubernetes: `>=1.16.0-0` | ports.websecure.tls.domains | list | `[]` | | | ports.websecure.tls.enabled | bool | `true` | | | ports.websecure.tls.options | string | `""` | | +| ports.websecure.transport | object | `{"keepAliveMaxRequests":null,"keepAliveMaxTime":null,"lifeCycle":{"graceTimeOut":null,"requestAcceptGraceTimeout":null},"respondingTimeouts":{"idleTimeout":null,"readTimeout":null,"writeTimeout":null}}` | Set transport settings for the entrypoint; see also https://doc.traefik.io/traefik/routing/entrypoints/#transport | | priorityClassName | string | `""` | Priority indicates the importance of a Pod relative to other Pods. | | providers.file.content | string | `""` | File content (YAML format, go template supported) (see https://doc.traefik.io/traefik/providers/file/) | | providers.file.enabled | bool | `false` | Create a file provider | @@ -162,11 +187,27 @@ Kubernetes: `>=1.16.0-0` | serviceAccount | object | `{"name":""}` | The service account the pods will use to interact with the Kubernetes API | | serviceAccountAnnotations | object | `{}` | Additional serviceAccount annotations (e.g. for oidc authentication) | | startupProbe | string | `nil` | Define Startup Probe for container: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes eg. `startupProbe: exec: command: - mycommand - foo initialDelaySeconds: 5 periodSeconds: 5` | -| tlsOptions | object | `{}` | TLS Options are created as TLSOption CRDs https://doc.traefik.io/traefik/https/tls/#tls-options When using `labelSelector`, you'll need to set labels on tlsOption accordingly. Example: tlsOptions: default: labels: {} sniStrict: true preferServerCipherSuites: true custom-options: labels: {} curvePreferences: - CurveP521 - CurveP384 | +| tlsOptions | object | `{}` | TLS Options are created as TLSOption CRDs https://doc.traefik.io/traefik/https/tls/#tls-options When using `labelSelector`, you'll need to set labels on tlsOption accordingly. Example: tlsOptions: default: labels: {} sniStrict: true custom-options: labels: {} curvePreferences: - CurveP521 - CurveP384 | | tlsStore | object | `{}` | TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate https://doc.traefik.io/traefik/https/tls/#default-certificate Example: tlsStore: default: defaultCertificate: secretName: tls-cert | | tolerations | list | `[]` | Tolerations allow the scheduler to schedule pods with matching taints. | | topologySpreadConstraints | list | `[]` | You can use topology spread constraints to control how Pods are spread across your cluster among failure-domains. | -| tracing | object | `{}` | https://doc.traefik.io/traefik/observability/tracing/overview/ | +| tracing | object | `{"addInternals":null,"otlp":{"enabled":false,"grpc":{"enabled":false,"endpoint":null,"insecure":null,"tls":{"ca":null,"cert":null,"insecureSkipVerify":null,"key":null}},"http":{"enabled":false,"endpoint":null,"headers":null,"tls":{"ca":null,"cert":null,"insecureSkipVerify":null,"key":null}}}}` | https://doc.traefik.io/traefik/observability/tracing/overview/ | +| tracing.addInternals | string | `nil` | Enables tracing for internal resources. Default: false. | +| tracing.otlp.enabled | bool | `false` | See https://doc.traefik.io/traefik/v3.0/observability/tracing/opentelemetry/ | +| tracing.otlp.grpc.enabled | bool | `false` | Set to true in order to send metrics to the OpenTelemetry Collector using gRPC | +| tracing.otlp.grpc.endpoint | string | `nil` | Format: ://:. Default: http://localhost:4318/v1/metrics | +| tracing.otlp.grpc.insecure | string | `nil` | Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol. | +| tracing.otlp.grpc.tls.ca | string | `nil` | The path to the certificate authority, it defaults to the system bundle. | +| tracing.otlp.grpc.tls.cert | string | `nil` | The path to the public certificate. When using this option, setting the key option is required. | +| tracing.otlp.grpc.tls.insecureSkipVerify | string | `nil` | When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. | +| tracing.otlp.grpc.tls.key | string | `nil` | The path to the private key. When using this option, setting the cert option is required. | +| tracing.otlp.http.enabled | bool | `false` | Set to true in order to send metrics to the OpenTelemetry Collector using HTTP. | +| tracing.otlp.http.endpoint | string | `nil` | Format: ://:. Default: http://localhost:4318/v1/metrics | +| tracing.otlp.http.headers | string | `nil` | Additional headers sent with metrics by the reporter to the OpenTelemetry Collector. | +| tracing.otlp.http.tls.ca | string | `nil` | The path to the certificate authority, it defaults to the system bundle. | +| tracing.otlp.http.tls.cert | string | `nil` | The path to the public certificate. When using this option, setting the key option is required. | +| tracing.otlp.http.tls.insecureSkipVerify | string | `nil` | When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. | +| tracing.otlp.http.tls.key | string | `nil` | The path to the private key. When using this option, setting the cert option is required. | | updateStrategy.rollingUpdate.maxSurge | int | `1` | | | updateStrategy.rollingUpdate.maxUnavailable | int | `0` | | | updateStrategy.type | string | `"RollingUpdate"` | Customize updateStrategy: RollingUpdate or OnDelete | diff --git a/charts/traefik/traefik/crds/traefik.containo.us_ingressroutes.yaml b/charts/traefik/traefik/crds/traefik.containo.us_ingressroutes.yaml deleted file mode 100644 index 31f9791db..000000000 --- a/charts/traefik/traefik/crds/traefik.containo.us_ingressroutes.yaml +++ /dev/null @@ -1,287 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: ingressroutes.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: IngressRoute - listKind: IngressRouteList - plural: ingressroutes - singular: ingressroute - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: IngressRoute is the CRD implementation of a Traefik HTTP Router. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IngressRouteSpec defines the desired state of IngressRoute. - properties: - entryPoints: - description: |- - EntryPoints defines the list of entry point names to bind to. - Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ - Default: all. - items: - type: string - type: array - routes: - description: Routes defines the list of routes. - items: - description: Route holds the HTTP route configuration. - properties: - kind: - description: |- - Kind defines the kind of the route. - Rule is the only supported kind. - enum: - - Rule - type: string - match: - description: |- - Match defines the router's rule. - More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule - type: string - middlewares: - description: |- - Middlewares defines the list of references to Middleware resources. - More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware - items: - description: MiddlewareRef is a reference to a Middleware - resource. - properties: - name: - description: Name defines the name of the referenced Middleware - resource. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Middleware resource. - type: string - required: - - name - type: object - type: array - priority: - description: |- - Priority defines the router's priority. - More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority - type: integer - services: - description: |- - Services defines the list of Service. - It can contain any combination of TraefikService and/or reference to a Kubernetes Service. - items: - description: Service defines an upstream HTTP service to proxy - traffic to. - properties: - kind: - description: Kind defines the kind of the Service. - enum: - - Service - - TraefikService - type: string - name: - description: |- - Name defines the name of the referenced Kubernetes Service or TraefikService. - The differentiation between the two is specified in the Kind field. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Kubernetes Service or TraefikService. - type: string - nativeLB: - description: |- - NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the pods. - By default, NativeLB is false. - type: boolean - passHostHeader: - description: |- - PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. - By default, passHostHeader is true. - type: boolean - port: - anyOf: - - type: integer - - type: string - description: |- - Port defines the port of a Kubernetes Service. - This can be a reference to a named port. - x-kubernetes-int-or-string: true - responseForwarding: - description: ResponseForwarding defines how Traefik forwards - the response from the upstream Kubernetes Service to - the client. - properties: - flushInterval: - description: |- - FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. - A negative value means to flush immediately after each write to the client. - This configuration is ignored when ReverseProxy recognizes a response as a streaming response; - for such responses, writes are flushed to the client immediately. - Default: 100ms - type: string - type: object - scheme: - description: |- - Scheme defines the scheme to use for the request to the upstream Kubernetes Service. - It defaults to https when Kubernetes Service port is 443, http otherwise. - type: string - serversTransport: - description: |- - ServersTransport defines the name of ServersTransport resource to use. - It allows to configure the transport between Traefik and your servers. - Can only be used on a Kubernetes Service. - type: string - sticky: - description: |- - Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions - properties: - cookie: - description: Cookie defines the sticky cookie configuration. - properties: - httpOnly: - description: HTTPOnly defines whether the cookie - can be accessed by client-side APIs, such as - JavaScript. - type: boolean - name: - description: Name defines the Cookie name. - type: string - sameSite: - description: |- - SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite - type: string - secure: - description: Secure defines whether the cookie - can only be transmitted over an encrypted connection - (i.e. HTTPS). - type: boolean - type: object - type: object - strategy: - description: |- - Strategy defines the load balancing strategy between the servers. - RoundRobin is the only supported value at the moment. - type: string - weight: - description: |- - Weight defines the weight and should only be specified when Name references a TraefikService object - (and to be precise, one that embeds a Weighted Round Robin). - type: integer - required: - - name - type: object - type: array - required: - - kind - - match - type: object - type: array - tls: - description: |- - TLS defines the TLS configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls - properties: - certResolver: - description: |- - CertResolver defines the name of the certificate resolver to use. - Cert resolvers have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers - type: string - domains: - description: |- - Domains defines the list of domains that will be used to issue certificates. - More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains - items: - description: Domain holds a domain name with SANs. - properties: - main: - description: Main defines the main domain name. - type: string - sans: - description: SANs defines the subject alternative domain - names. - items: - type: string - type: array - type: object - type: array - options: - description: |- - Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. - If not defined, the `default` TLSOption is used. - More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options - properties: - name: - description: |- - Name defines the name of the referenced TLSOption. - More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption - type: string - namespace: - description: |- - Namespace defines the namespace of the referenced TLSOption. - More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption - type: string - required: - - name - type: object - secretName: - description: SecretName is the name of the referenced Kubernetes - Secret to specify the certificate details. - type: string - store: - description: |- - Store defines the reference to the TLSStore, that will be used to store certificates. - Please note that only `default` TLSStore can be used. - properties: - name: - description: |- - Name defines the name of the referenced TLSStore. - More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore - type: string - namespace: - description: |- - Namespace defines the namespace of the referenced TLSStore. - More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore - type: string - required: - - name - type: object - type: object - required: - - routes - type: object - required: - - metadata - - spec - type: object - served: true - storage: true diff --git a/charts/traefik/traefik/crds/traefik.containo.us_ingressroutetcps.yaml b/charts/traefik/traefik/crds/traefik.containo.us_ingressroutetcps.yaml deleted file mode 100644 index e8356112f..000000000 --- a/charts/traefik/traefik/crds/traefik.containo.us_ingressroutetcps.yaml +++ /dev/null @@ -1,224 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: ingressroutetcps.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: IngressRouteTCP - listKind: IngressRouteTCPList - plural: ingressroutetcps - singular: ingressroutetcp - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. - properties: - entryPoints: - description: |- - EntryPoints defines the list of entry point names to bind to. - Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ - Default: all. - items: - type: string - type: array - routes: - description: Routes defines the list of routes. - items: - description: RouteTCP holds the TCP route configuration. - properties: - match: - description: |- - Match defines the router's rule. - More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1 - type: string - middlewares: - description: Middlewares defines the list of references to MiddlewareTCP - resources. - items: - description: ObjectReference is a generic reference to a Traefik - resource. - properties: - name: - description: Name defines the name of the referenced Traefik - resource. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Traefik resource. - type: string - required: - - name - type: object - type: array - priority: - description: |- - Priority defines the router's priority. - More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1 - type: integer - services: - description: Services defines the list of TCP services. - items: - description: ServiceTCP defines an upstream TCP service to - proxy traffic to. - properties: - name: - description: Name defines the name of the referenced Kubernetes - Service. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Kubernetes Service. - type: string - nativeLB: - description: |- - NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the pods. - By default, NativeLB is false. - type: boolean - port: - anyOf: - - type: integer - - type: string - description: |- - Port defines the port of a Kubernetes Service. - This can be a reference to a named port. - x-kubernetes-int-or-string: true - proxyProtocol: - description: |- - ProxyProtocol defines the PROXY protocol configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol - properties: - version: - description: Version defines the PROXY Protocol version - to use. - type: integer - type: object - terminationDelay: - description: |- - TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates - it has closed the writing capability of its connection, to close the reading capability as well, - hence fully terminating the connection. - It is a duration in milliseconds, defaulting to 100. - A negative value means an infinite deadline (i.e. the reading capability is never closed). - type: integer - weight: - description: Weight defines the weight used when balancing - requests between multiple Kubernetes Service. - type: integer - required: - - name - - port - type: object - type: array - required: - - match - type: object - type: array - tls: - description: |- - TLS defines the TLS configuration on a layer 4 / TCP Route. - More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1 - properties: - certResolver: - description: |- - CertResolver defines the name of the certificate resolver to use. - Cert resolvers have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers - type: string - domains: - description: |- - Domains defines the list of domains that will be used to issue certificates. - More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains - items: - description: Domain holds a domain name with SANs. - properties: - main: - description: Main defines the main domain name. - type: string - sans: - description: SANs defines the subject alternative domain - names. - items: - type: string - type: array - type: object - type: array - options: - description: |- - Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. - If not defined, the `default` TLSOption is used. - More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options - properties: - name: - description: Name defines the name of the referenced Traefik - resource. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Traefik resource. - type: string - required: - - name - type: object - passthrough: - description: Passthrough defines whether a TLS router will terminate - the TLS connection. - type: boolean - secretName: - description: SecretName is the name of the referenced Kubernetes - Secret to specify the certificate details. - type: string - store: - description: |- - Store defines the reference to the TLSStore, that will be used to store certificates. - Please note that only `default` TLSStore can be used. - properties: - name: - description: Name defines the name of the referenced Traefik - resource. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Traefik resource. - type: string - required: - - name - type: object - type: object - required: - - routes - type: object - required: - - metadata - - spec - type: object - served: true - storage: true diff --git a/charts/traefik/traefik/crds/traefik.containo.us_ingressrouteudps.yaml b/charts/traefik/traefik/crds/traefik.containo.us_ingressrouteudps.yaml deleted file mode 100644 index ac3f3b17e..000000000 --- a/charts/traefik/traefik/crds/traefik.containo.us_ingressrouteudps.yaml +++ /dev/null @@ -1,104 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: ingressrouteudps.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: IngressRouteUDP - listKind: IngressRouteUDPList - plural: ingressrouteudps - singular: ingressrouteudp - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. - properties: - entryPoints: - description: |- - EntryPoints defines the list of entry point names to bind to. - Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ - Default: all. - items: - type: string - type: array - routes: - description: Routes defines the list of routes. - items: - description: RouteUDP holds the UDP route configuration. - properties: - services: - description: Services defines the list of UDP services. - items: - description: ServiceUDP defines an upstream UDP service to - proxy traffic to. - properties: - name: - description: Name defines the name of the referenced Kubernetes - Service. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Kubernetes Service. - type: string - nativeLB: - description: |- - NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the pods. - By default, NativeLB is false. - type: boolean - port: - anyOf: - - type: integer - - type: string - description: |- - Port defines the port of a Kubernetes Service. - This can be a reference to a named port. - x-kubernetes-int-or-string: true - weight: - description: Weight defines the weight used when balancing - requests between multiple Kubernetes Service. - type: integer - required: - - name - - port - type: object - type: array - type: object - type: array - required: - - routes - type: object - required: - - metadata - - spec - type: object - served: true - storage: true diff --git a/charts/traefik/traefik/crds/traefik.containo.us_middlewares.yaml b/charts/traefik/traefik/crds/traefik.containo.us_middlewares.yaml deleted file mode 100644 index be0af55c5..000000000 --- a/charts/traefik/traefik/crds/traefik.containo.us_middlewares.yaml +++ /dev/null @@ -1,980 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: middlewares.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: Middleware - listKind: MiddlewareList - plural: middlewares - singular: middleware - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - Middleware is the CRD implementation of a Traefik Middleware. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/ - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MiddlewareSpec defines the desired state of a Middleware. - properties: - addPrefix: - description: |- - AddPrefix holds the add prefix middleware configuration. - This middleware updates the path of a request before forwarding it. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/ - properties: - prefix: - description: |- - Prefix is the string to add before the current path in the requested URL. - It should include a leading slash (/). - type: string - type: object - basicAuth: - description: |- - BasicAuth holds the basic auth middleware configuration. - This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/ - properties: - headerField: - description: |- - HeaderField defines a header field to store the authenticated user. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield - type: string - realm: - description: |- - Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme. - Default: traefik. - type: string - removeHeader: - description: |- - RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service. - Default: false. - type: boolean - secret: - description: Secret is the name of the referenced Kubernetes Secret - containing user credentials. - type: string - type: object - buffering: - description: |- - Buffering holds the buffering middleware configuration. - This middleware retries or limits the size of requests that can be forwarded to backends. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes - properties: - maxRequestBodyBytes: - description: |- - MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes). - If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response. - Default: 0 (no maximum). - format: int64 - type: integer - maxResponseBodyBytes: - description: |- - MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes). - If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead. - Default: 0 (no maximum). - format: int64 - type: integer - memRequestBodyBytes: - description: |- - MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory. - Default: 1048576 (1Mi). - format: int64 - type: integer - memResponseBodyBytes: - description: |- - MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory. - Default: 1048576 (1Mi). - format: int64 - type: integer - retryExpression: - description: |- - RetryExpression defines the retry conditions. - It is a logical combination of functions with operators AND (&&) and OR (||). - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression - type: string - type: object - chain: - description: |- - Chain holds the configuration of the chain middleware. - This middleware enables to define reusable combinations of other pieces of middleware. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/ - properties: - middlewares: - description: Middlewares is the list of MiddlewareRef which composes - the chain. - items: - description: MiddlewareRef is a reference to a Middleware resource. - properties: - name: - description: Name defines the name of the referenced Middleware - resource. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Middleware resource. - type: string - required: - - name - type: object - type: array - type: object - circuitBreaker: - description: CircuitBreaker holds the circuit breaker configuration. - properties: - checkPeriod: - anyOf: - - type: integer - - type: string - description: CheckPeriod is the interval between successive checks - of the circuit breaker condition (when in standby state). - x-kubernetes-int-or-string: true - expression: - description: Expression is the condition that triggers the tripped - state. - type: string - fallbackDuration: - anyOf: - - type: integer - - type: string - description: FallbackDuration is the duration for which the circuit - breaker will wait before trying to recover (from a tripped state). - x-kubernetes-int-or-string: true - recoveryDuration: - anyOf: - - type: integer - - type: string - description: RecoveryDuration is the duration for which the circuit - breaker will try to recover (as soon as it is in recovering - state). - x-kubernetes-int-or-string: true - type: object - compress: - description: |- - Compress holds the compress middleware configuration. - This middleware compresses responses before sending them to the client, using gzip compression. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/ - properties: - excludedContentTypes: - description: ExcludedContentTypes defines the list of content - types to compare the Content-Type header of the incoming requests - and responses before compressing. - items: - type: string - type: array - minResponseBodyBytes: - description: |- - MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. - Default: 1024. - type: integer - type: object - contentType: - description: |- - ContentType holds the content-type middleware configuration. - This middleware exists to enable the correct behavior until at least the default one can be changed in a future version. - properties: - autoDetect: - description: |- - AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend, - be automatically set to a value derived from the contents of the response. - As a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it. - However, the historic default was to always auto-detect and set the header if it was nil, - and it is going to be kept that way in order to support users currently relying on it. - type: boolean - type: object - digestAuth: - description: |- - DigestAuth holds the digest auth middleware configuration. - This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/ - properties: - headerField: - description: |- - HeaderField defines a header field to store the authenticated user. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield - type: string - realm: - description: |- - Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme. - Default: traefik. - type: string - removeHeader: - description: RemoveHeader defines whether to remove the authorization - header before forwarding the request to the backend. - type: boolean - secret: - description: Secret is the name of the referenced Kubernetes Secret - containing user credentials. - type: string - type: object - errors: - description: |- - ErrorPage holds the custom error middleware configuration. - This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/ - properties: - query: - description: |- - Query defines the URL for the error page (hosted by service). - The {status} variable can be used in order to insert the status code in the URL. - type: string - service: - description: |- - Service defines the reference to a Kubernetes Service that will serve the error page. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service - properties: - kind: - description: Kind defines the kind of the Service. - enum: - - Service - - TraefikService - type: string - name: - description: |- - Name defines the name of the referenced Kubernetes Service or TraefikService. - The differentiation between the two is specified in the Kind field. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Kubernetes Service or TraefikService. - type: string - nativeLB: - description: |- - NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the pods. - By default, NativeLB is false. - type: boolean - passHostHeader: - description: |- - PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. - By default, passHostHeader is true. - type: boolean - port: - anyOf: - - type: integer - - type: string - description: |- - Port defines the port of a Kubernetes Service. - This can be a reference to a named port. - x-kubernetes-int-or-string: true - responseForwarding: - description: ResponseForwarding defines how Traefik forwards - the response from the upstream Kubernetes Service to the - client. - properties: - flushInterval: - description: |- - FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. - A negative value means to flush immediately after each write to the client. - This configuration is ignored when ReverseProxy recognizes a response as a streaming response; - for such responses, writes are flushed to the client immediately. - Default: 100ms - type: string - type: object - scheme: - description: |- - Scheme defines the scheme to use for the request to the upstream Kubernetes Service. - It defaults to https when Kubernetes Service port is 443, http otherwise. - type: string - serversTransport: - description: |- - ServersTransport defines the name of ServersTransport resource to use. - It allows to configure the transport between Traefik and your servers. - Can only be used on a Kubernetes Service. - type: string - sticky: - description: |- - Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions - properties: - cookie: - description: Cookie defines the sticky cookie configuration. - properties: - httpOnly: - description: HTTPOnly defines whether the cookie can - be accessed by client-side APIs, such as JavaScript. - type: boolean - name: - description: Name defines the Cookie name. - type: string - sameSite: - description: |- - SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite - type: string - secure: - description: Secure defines whether the cookie can - only be transmitted over an encrypted connection - (i.e. HTTPS). - type: boolean - type: object - type: object - strategy: - description: |- - Strategy defines the load balancing strategy between the servers. - RoundRobin is the only supported value at the moment. - type: string - weight: - description: |- - Weight defines the weight and should only be specified when Name references a TraefikService object - (and to be precise, one that embeds a Weighted Round Robin). - type: integer - required: - - name - type: object - status: - description: |- - Status defines which status or range of statuses should result in an error page. - It can be either a status code as a number (500), - as multiple comma-separated numbers (500,502), - as ranges by separating two codes with a dash (500-599), - or a combination of the two (404,418,500-599). - items: - type: string - type: array - type: object - forwardAuth: - description: |- - ForwardAuth holds the forward auth middleware configuration. - This middleware delegates the request authentication to a Service. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/ - properties: - address: - description: Address defines the authentication server address. - type: string - authRequestHeaders: - description: |- - AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server. - If not set or empty then all request headers are passed. - items: - type: string - type: array - authResponseHeaders: - description: AuthResponseHeaders defines the list of headers to - copy from the authentication server response and set on forwarded - request, replacing any existing conflicting headers. - items: - type: string - type: array - authResponseHeadersRegex: - description: |- - AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex - type: string - tls: - description: TLS defines the configuration used to secure the - connection to the authentication server. - properties: - caOptional: - type: boolean - caSecret: - description: |- - CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate. - The CA certificate is extracted from key `tls.ca` or `ca.crt`. - type: string - certSecret: - description: |- - CertSecret is the name of the referenced Kubernetes Secret containing the client certificate. - The client certificate is extracted from the keys `tls.crt` and `tls.key`. - type: string - insecureSkipVerify: - description: InsecureSkipVerify defines whether the server - certificates should be validated. - type: boolean - type: object - trustForwardHeader: - description: 'TrustForwardHeader defines whether to trust (ie: - forward) all X-Forwarded-* headers.' - type: boolean - type: object - headers: - description: |- - Headers holds the headers middleware configuration. - This middleware manages the requests and responses headers. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders - properties: - accessControlAllowCredentials: - description: AccessControlAllowCredentials defines whether the - request can include user credentials. - type: boolean - accessControlAllowHeaders: - description: AccessControlAllowHeaders defines the Access-Control-Request-Headers - values sent in preflight response. - items: - type: string - type: array - accessControlAllowMethods: - description: AccessControlAllowMethods defines the Access-Control-Request-Method - values sent in preflight response. - items: - type: string - type: array - accessControlAllowOriginList: - description: AccessControlAllowOriginList is a list of allowable - origins. Can also be a wildcard origin "*". - items: - type: string - type: array - accessControlAllowOriginListRegex: - description: AccessControlAllowOriginListRegex is a list of allowable - origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/). - items: - type: string - type: array - accessControlExposeHeaders: - description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers - values sent in preflight response. - items: - type: string - type: array - accessControlMaxAge: - description: AccessControlMaxAge defines the time that a preflight - request may be cached. - format: int64 - type: integer - addVaryHeader: - description: AddVaryHeader defines whether the Vary header is - automatically added/updated when the AccessControlAllowOriginList - is set. - type: boolean - allowedHosts: - description: AllowedHosts defines the fully qualified list of - allowed domain names. - items: - type: string - type: array - browserXssFilter: - description: BrowserXSSFilter defines whether to add the X-XSS-Protection - header with the value 1; mode=block. - type: boolean - contentSecurityPolicy: - description: ContentSecurityPolicy defines the Content-Security-Policy - header value. - type: string - contentTypeNosniff: - description: ContentTypeNosniff defines whether to add the X-Content-Type-Options - header with the nosniff value. - type: boolean - customBrowserXSSValue: - description: |- - CustomBrowserXSSValue defines the X-XSS-Protection header value. - This overrides the BrowserXssFilter option. - type: string - customFrameOptionsValue: - description: |- - CustomFrameOptionsValue defines the X-Frame-Options header value. - This overrides the FrameDeny option. - type: string - customRequestHeaders: - additionalProperties: - type: string - description: CustomRequestHeaders defines the header names and - values to apply to the request. - type: object - customResponseHeaders: - additionalProperties: - type: string - description: CustomResponseHeaders defines the header names and - values to apply to the response. - type: object - featurePolicy: - description: 'Deprecated: use PermissionsPolicy instead.' - type: string - forceSTSHeader: - description: ForceSTSHeader defines whether to add the STS header - even when the connection is HTTP. - type: boolean - frameDeny: - description: FrameDeny defines whether to add the X-Frame-Options - header with the DENY value. - type: boolean - hostsProxyHeaders: - description: HostsProxyHeaders defines the header keys that may - hold a proxied hostname value for the request. - items: - type: string - type: array - isDevelopment: - description: |- - IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing. - Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain. - If you would like your development environment to mimic production with complete Host blocking, SSL redirects, - and STS headers, leave this as false. - type: boolean - permissionsPolicy: - description: |- - PermissionsPolicy defines the Permissions-Policy header value. - This allows sites to control browser features. - type: string - publicKey: - description: PublicKey is the public key that implements HPKP - to prevent MITM attacks with forged certificates. - type: string - referrerPolicy: - description: |- - ReferrerPolicy defines the Referrer-Policy header value. - This allows sites to control whether browsers forward the Referer header to other sites. - type: string - sslForceHost: - description: 'Deprecated: use RedirectRegex instead.' - type: boolean - sslHost: - description: 'Deprecated: use RedirectRegex instead.' - type: string - sslProxyHeaders: - additionalProperties: - type: string - description: |- - SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request. - It can be useful when using other proxies (example: "X-Forwarded-Proto": "https"). - type: object - sslRedirect: - description: 'Deprecated: use EntryPoint redirection or RedirectScheme - instead.' - type: boolean - sslTemporaryRedirect: - description: 'Deprecated: use EntryPoint redirection or RedirectScheme - instead.' - type: boolean - stsIncludeSubdomains: - description: STSIncludeSubdomains defines whether the includeSubDomains - directive is appended to the Strict-Transport-Security header. - type: boolean - stsPreload: - description: STSPreload defines whether the preload flag is appended - to the Strict-Transport-Security header. - type: boolean - stsSeconds: - description: |- - STSSeconds defines the max-age of the Strict-Transport-Security header. - If set to 0, the header is not set. - format: int64 - type: integer - type: object - inFlightReq: - description: |- - InFlightReq holds the in-flight request middleware configuration. - This middleware limits the number of requests being processed and served concurrently. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/ - properties: - amount: - description: |- - Amount defines the maximum amount of allowed simultaneous in-flight request. - The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). - format: int64 - type: integer - sourceCriterion: - description: |- - SourceCriterion defines what criterion is used to group requests as originating from a common source. - If several strategies are defined at the same time, an error will be raised. - If none are set, the default is to use the requestHost. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion - properties: - ipStrategy: - description: |- - IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy - properties: - depth: - description: Depth tells Traefik to use the X-Forwarded-For - header and take the IP located at the depth position - (starting from the right). - type: integer - excludedIPs: - description: ExcludedIPs configures Traefik to scan the - X-Forwarded-For header and select the first IP not in - the list. - items: - type: string - type: array - type: object - requestHeaderName: - description: RequestHeaderName defines the name of the header - used to group incoming requests. - type: string - requestHost: - description: RequestHost defines whether to consider the request - Host as the source. - type: boolean - type: object - type: object - ipAllowList: - description: |- - IPAllowList holds the IP allowlist middleware configuration. - This middleware accepts / refuses requests based on the client IP. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/ - properties: - ipStrategy: - description: |- - IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy - properties: - depth: - description: Depth tells Traefik to use the X-Forwarded-For - header and take the IP located at the depth position (starting - from the right). - type: integer - excludedIPs: - description: ExcludedIPs configures Traefik to scan the X-Forwarded-For - header and select the first IP not in the list. - items: - type: string - type: array - type: object - sourceRange: - description: SourceRange defines the set of allowed IPs (or ranges - of allowed IPs by using CIDR notation). - items: - type: string - type: array - type: object - ipWhiteList: - description: |- - IPWhiteList holds the IP whitelist middleware configuration. - This middleware accepts / refuses requests based on the client IP. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/ - Deprecated: please use IPAllowList instead. - properties: - ipStrategy: - description: |- - IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy - properties: - depth: - description: Depth tells Traefik to use the X-Forwarded-For - header and take the IP located at the depth position (starting - from the right). - type: integer - excludedIPs: - description: ExcludedIPs configures Traefik to scan the X-Forwarded-For - header and select the first IP not in the list. - items: - type: string - type: array - type: object - sourceRange: - description: SourceRange defines the set of allowed IPs (or ranges - of allowed IPs by using CIDR notation). - items: - type: string - type: array - type: object - passTLSClientCert: - description: |- - PassTLSClientCert holds the pass TLS client cert middleware configuration. - This middleware adds the selected data from the passed client TLS certificate to a header. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/ - properties: - info: - description: Info selects the specific client certificate details - you want to add to the X-Forwarded-Tls-Client-Cert-Info header. - properties: - issuer: - description: Issuer defines the client certificate issuer - details to add to the X-Forwarded-Tls-Client-Cert-Info header. - properties: - commonName: - description: CommonName defines whether to add the organizationalUnit - information into the issuer. - type: boolean - country: - description: Country defines whether to add the country - information into the issuer. - type: boolean - domainComponent: - description: DomainComponent defines whether to add the - domainComponent information into the issuer. - type: boolean - locality: - description: Locality defines whether to add the locality - information into the issuer. - type: boolean - organization: - description: Organization defines whether to add the organization - information into the issuer. - type: boolean - province: - description: Province defines whether to add the province - information into the issuer. - type: boolean - serialNumber: - description: SerialNumber defines whether to add the serialNumber - information into the issuer. - type: boolean - type: object - notAfter: - description: NotAfter defines whether to add the Not After - information from the Validity part. - type: boolean - notBefore: - description: NotBefore defines whether to add the Not Before - information from the Validity part. - type: boolean - sans: - description: Sans defines whether to add the Subject Alternative - Name information from the Subject Alternative Name part. - type: boolean - serialNumber: - description: SerialNumber defines whether to add the client - serialNumber information. - type: boolean - subject: - description: Subject defines the client certificate subject - details to add to the X-Forwarded-Tls-Client-Cert-Info header. - properties: - commonName: - description: CommonName defines whether to add the organizationalUnit - information into the subject. - type: boolean - country: - description: Country defines whether to add the country - information into the subject. - type: boolean - domainComponent: - description: DomainComponent defines whether to add the - domainComponent information into the subject. - type: boolean - locality: - description: Locality defines whether to add the locality - information into the subject. - type: boolean - organization: - description: Organization defines whether to add the organization - information into the subject. - type: boolean - organizationalUnit: - description: OrganizationalUnit defines whether to add - the organizationalUnit information into the subject. - type: boolean - province: - description: Province defines whether to add the province - information into the subject. - type: boolean - serialNumber: - description: SerialNumber defines whether to add the serialNumber - information into the subject. - type: boolean - type: object - type: object - pem: - description: PEM sets the X-Forwarded-Tls-Client-Cert header with - the certificate. - type: boolean - type: object - plugin: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - description: |- - Plugin defines the middleware plugin configuration. - More info: https://doc.traefik.io/traefik/plugins/ - type: object - rateLimit: - description: |- - RateLimit holds the rate limit configuration. - This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/ - properties: - average: - description: |- - Average is the maximum rate, by default in requests/s, allowed for the given source. - It defaults to 0, which means no rate limiting. - The rate is actually defined by dividing Average by Period. So for a rate below 1req/s, - one needs to define a Period larger than a second. - format: int64 - type: integer - burst: - description: |- - Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time. - It defaults to 1. - format: int64 - type: integer - period: - anyOf: - - type: integer - - type: string - description: |- - Period, in combination with Average, defines the actual maximum rate, such as: - r = Average / Period. It defaults to a second. - x-kubernetes-int-or-string: true - sourceCriterion: - description: |- - SourceCriterion defines what criterion is used to group requests as originating from a common source. - If several strategies are defined at the same time, an error will be raised. - If none are set, the default is to use the request's remote address field (as an ipStrategy). - properties: - ipStrategy: - description: |- - IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy - properties: - depth: - description: Depth tells Traefik to use the X-Forwarded-For - header and take the IP located at the depth position - (starting from the right). - type: integer - excludedIPs: - description: ExcludedIPs configures Traefik to scan the - X-Forwarded-For header and select the first IP not in - the list. - items: - type: string - type: array - type: object - requestHeaderName: - description: RequestHeaderName defines the name of the header - used to group incoming requests. - type: string - requestHost: - description: RequestHost defines whether to consider the request - Host as the source. - type: boolean - type: object - type: object - redirectRegex: - description: |- - RedirectRegex holds the redirect regex middleware configuration. - This middleware redirects a request using regex matching and replacement. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex - properties: - permanent: - description: Permanent defines whether the redirection is permanent - (301). - type: boolean - regex: - description: Regex defines the regex used to match and capture - elements from the request URL. - type: string - replacement: - description: Replacement defines how to modify the URL to have - the new target URL. - type: string - type: object - redirectScheme: - description: |- - RedirectScheme holds the redirect scheme middleware configuration. - This middleware redirects requests from a scheme/port to another. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/ - properties: - permanent: - description: Permanent defines whether the redirection is permanent - (301). - type: boolean - port: - description: Port defines the port of the new URL. - type: string - scheme: - description: Scheme defines the scheme of the new URL. - type: string - type: object - replacePath: - description: |- - ReplacePath holds the replace path middleware configuration. - This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/ - properties: - path: - description: Path defines the path to use as replacement in the - request URL. - type: string - type: object - replacePathRegex: - description: |- - ReplacePathRegex holds the replace path regex middleware configuration. - This middleware replaces the path of a URL using regex matching and replacement. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/ - properties: - regex: - description: Regex defines the regular expression used to match - and capture the path from the request URL. - type: string - replacement: - description: Replacement defines the replacement path format, - which can include captured variables. - type: string - type: object - retry: - description: |- - Retry holds the retry middleware configuration. - This middleware reissues requests a given number of times to a backend server if that server does not reply. - As soon as the server answers, the middleware stops retrying, regardless of the response status. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/ - properties: - attempts: - description: Attempts defines how many times the request should - be retried. - type: integer - initialInterval: - anyOf: - - type: integer - - type: string - description: |- - InitialInterval defines the first wait time in the exponential backoff series. - The maximum interval is calculated as twice the initialInterval. - If unspecified, requests will be retried immediately. - The value of initialInterval should be provided in seconds or as a valid duration format, - see https://pkg.go.dev/time#ParseDuration. - x-kubernetes-int-or-string: true - type: object - stripPrefix: - description: |- - StripPrefix holds the strip prefix middleware configuration. - This middleware removes the specified prefixes from the URL path. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/ - properties: - forceSlash: - description: |- - ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary. - Default: true. - type: boolean - prefixes: - description: Prefixes defines the prefixes to strip from the request - URL. - items: - type: string - type: array - type: object - stripPrefixRegex: - description: |- - StripPrefixRegex holds the strip prefix regex middleware configuration. - This middleware removes the matching prefixes from the URL path. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/ - properties: - regex: - description: Regex defines the regular expression to match the - path prefix from the request URL. - items: - type: string - type: array - type: object - type: object - required: - - metadata - - spec - type: object - served: true - storage: true diff --git a/charts/traefik/traefik/crds/traefik.containo.us_middlewaretcps.yaml b/charts/traefik/traefik/crds/traefik.containo.us_middlewaretcps.yaml deleted file mode 100644 index 6535b365f..000000000 --- a/charts/traefik/traefik/crds/traefik.containo.us_middlewaretcps.yaml +++ /dev/null @@ -1,87 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: middlewaretcps.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: MiddlewareTCP - listKind: MiddlewareTCPList - plural: middlewaretcps - singular: middlewaretcp - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/ - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP. - properties: - inFlightConn: - description: InFlightConn defines the InFlightConn middleware configuration. - properties: - amount: - description: |- - Amount defines the maximum amount of allowed simultaneous connections. - The middleware closes the connection if there are already amount connections opened. - format: int64 - type: integer - type: object - ipAllowList: - description: |- - IPAllowList defines the IPAllowList middleware configuration. - This middleware accepts/refuses connections based on the client IP. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/ - properties: - sourceRange: - description: SourceRange defines the allowed IPs (or ranges of - allowed IPs by using CIDR notation). - items: - type: string - type: array - type: object - ipWhiteList: - description: |- - IPWhiteList defines the IPWhiteList middleware configuration. - This middleware accepts/refuses connections based on the client IP. - Deprecated: please use IPAllowList instead. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/ - properties: - sourceRange: - description: SourceRange defines the allowed IPs (or ranges of - allowed IPs by using CIDR notation). - items: - type: string - type: array - type: object - type: object - required: - - metadata - - spec - type: object - served: true - storage: true diff --git a/charts/traefik/traefik/crds/traefik.containo.us_serverstransports.yaml b/charts/traefik/traefik/crds/traefik.containo.us_serverstransports.yaml deleted file mode 100644 index 454e35a2a..000000000 --- a/charts/traefik/traefik/crds/traefik.containo.us_serverstransports.yaml +++ /dev/null @@ -1,126 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: serverstransports.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: ServersTransport - listKind: ServersTransportList - plural: serverstransports - singular: serverstransport - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - ServersTransport is the CRD implementation of a ServersTransport. - If no serversTransport is specified, the default@internal will be used. - The default@internal serversTransport is created from the static configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1 - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ServersTransportSpec defines the desired state of a ServersTransport. - properties: - certificatesSecrets: - description: CertificatesSecrets defines a list of secret storing - client certificates for mTLS. - items: - type: string - type: array - disableHTTP2: - description: DisableHTTP2 disables HTTP/2 for connections with backend - servers. - type: boolean - forwardingTimeouts: - description: ForwardingTimeouts defines the timeouts for requests - forwarded to the backend servers. - properties: - dialTimeout: - anyOf: - - type: integer - - type: string - description: DialTimeout is the amount of time to wait until a - connection to a backend server can be established. - x-kubernetes-int-or-string: true - idleConnTimeout: - anyOf: - - type: integer - - type: string - description: IdleConnTimeout is the maximum period for which an - idle HTTP keep-alive connection will remain open before closing - itself. - x-kubernetes-int-or-string: true - pingTimeout: - anyOf: - - type: integer - - type: string - description: PingTimeout is the timeout after which the HTTP/2 - connection will be closed if a response to ping is not received. - x-kubernetes-int-or-string: true - readIdleTimeout: - anyOf: - - type: integer - - type: string - description: ReadIdleTimeout is the timeout after which a health - check using ping frame will be carried out if no frame is received - on the HTTP/2 connection. - x-kubernetes-int-or-string: true - responseHeaderTimeout: - anyOf: - - type: integer - - type: string - description: ResponseHeaderTimeout is the amount of time to wait - for a server's response headers after fully writing the request - (including its body, if any). - x-kubernetes-int-or-string: true - type: object - insecureSkipVerify: - description: InsecureSkipVerify disables SSL certificate verification. - type: boolean - maxIdleConnsPerHost: - description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) - to keep per-host. - type: integer - peerCertURI: - description: PeerCertURI defines the peer cert URI used to match against - SAN URI during the peer certificate verification. - type: string - rootCAsSecrets: - description: RootCAsSecrets defines a list of CA secret used to validate - self-signed certificate. - items: - type: string - type: array - serverName: - description: ServerName defines the server name used to contact the - server. - type: string - type: object - required: - - metadata - - spec - type: object - served: true - storage: true diff --git a/charts/traefik/traefik/crds/traefik.containo.us_tlsoptions.yaml b/charts/traefik/traefik/crds/traefik.containo.us_tlsoptions.yaml deleted file mode 100644 index bef834eab..000000000 --- a/charts/traefik/traefik/crds/traefik.containo.us_tlsoptions.yaml +++ /dev/null @@ -1,114 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: tlsoptions.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: TLSOption - listKind: TLSOptionList - plural: tlsoptions - singular: tlsoption - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. - More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: TLSOptionSpec defines the desired state of a TLSOption. - properties: - alpnProtocols: - description: |- - ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. - More info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols - items: - type: string - type: array - cipherSuites: - description: |- - CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. - More info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites - items: - type: string - type: array - clientAuth: - description: ClientAuth defines the server's policy for TLS Client - Authentication. - properties: - clientAuthType: - description: ClientAuthType defines the client authentication - type to apply. - enum: - - NoClientCert - - RequestClientCert - - RequireAnyClientCert - - VerifyClientCertIfGiven - - RequireAndVerifyClientCert - type: string - secretNames: - description: SecretNames defines the names of the referenced Kubernetes - Secret storing certificate details. - items: - type: string - type: array - type: object - curvePreferences: - description: |- - CurvePreferences defines the preferred elliptic curves in a specific order. - More info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences - items: - type: string - type: array - maxVersion: - description: |- - MaxVersion defines the maximum TLS version that Traefik will accept. - Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. - Default: None. - type: string - minVersion: - description: |- - MinVersion defines the minimum TLS version that Traefik will accept. - Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. - Default: VersionTLS10. - type: string - preferServerCipherSuites: - description: |- - PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's. - It is enabled automatically when minVersion or maxVersion is set. - Deprecated: https://github.com/golang/go/issues/45430 - type: boolean - sniStrict: - description: SniStrict defines whether Traefik allows connections - from clients connections that do not specify a server_name extension. - type: boolean - type: object - required: - - metadata - - spec - type: object - served: true - storage: true diff --git a/charts/traefik/traefik/crds/traefik.containo.us_tlsstores.yaml b/charts/traefik/traefik/crds/traefik.containo.us_tlsstores.yaml deleted file mode 100644 index 57c8e1bf7..000000000 --- a/charts/traefik/traefik/crds/traefik.containo.us_tlsstores.yaml +++ /dev/null @@ -1,97 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: tlsstores.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: TLSStore - listKind: TLSStoreList - plural: tlsstores - singular: tlsstore - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - TLSStore is the CRD implementation of a Traefik TLS Store. - For the time being, only the TLSStore named default is supported. - This means that you cannot have two stores that are named default in different Kubernetes namespaces. - More info: https://doc.traefik.io/traefik/v2.11/https/tls/#certificates-stores - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: TLSStoreSpec defines the desired state of a TLSStore. - properties: - certificates: - description: Certificates is a list of secret names, each secret holding - a key/certificate pair to add to the store. - items: - description: Certificate holds a secret name for the TLSStore resource. - properties: - secretName: - description: SecretName is the name of the referenced Kubernetes - Secret to specify the certificate details. - type: string - required: - - secretName - type: object - type: array - defaultCertificate: - description: DefaultCertificate defines the default certificate configuration. - properties: - secretName: - description: SecretName is the name of the referenced Kubernetes - Secret to specify the certificate details. - type: string - required: - - secretName - type: object - defaultGeneratedCert: - description: DefaultGeneratedCert defines the default generated certificate - configuration. - properties: - domain: - description: Domain is the domain definition for the DefaultCertificate. - properties: - main: - description: Main defines the main domain name. - type: string - sans: - description: SANs defines the subject alternative domain names. - items: - type: string - type: array - type: object - resolver: - description: Resolver is the name of the resolver that will be - used to issue the DefaultCertificate. - type: string - type: object - type: object - required: - - metadata - - spec - type: object - served: true - storage: true diff --git a/charts/traefik/traefik/crds/traefik.containo.us_traefikservices.yaml b/charts/traefik/traefik/crds/traefik.containo.us_traefikservices.yaml deleted file mode 100644 index 5ceb028aa..000000000 --- a/charts/traefik/traefik/crds/traefik.containo.us_traefikservices.yaml +++ /dev/null @@ -1,411 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: traefikservices.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: TraefikService - listKind: TraefikServiceList - plural: traefikservices - singular: traefikservice - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - TraefikService is the CRD implementation of a Traefik Service. - TraefikService object allows to: - - Apply weight to Services on load-balancing - - Mirror traffic on services - More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-traefikservice - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: TraefikServiceSpec defines the desired state of a TraefikService. - properties: - mirroring: - description: Mirroring defines the Mirroring service configuration. - properties: - kind: - description: Kind defines the kind of the Service. - enum: - - Service - - TraefikService - type: string - maxBodySize: - description: |- - MaxBodySize defines the maximum size allowed for the body of the request. - If the body is larger, the request is not mirrored. - Default value is -1, which means unlimited size. - format: int64 - type: integer - mirrors: - description: Mirrors defines the list of mirrors where Traefik - will duplicate the traffic. - items: - description: MirrorService holds the mirror configuration. - properties: - kind: - description: Kind defines the kind of the Service. - enum: - - Service - - TraefikService - type: string - name: - description: |- - Name defines the name of the referenced Kubernetes Service or TraefikService. - The differentiation between the two is specified in the Kind field. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Kubernetes Service or TraefikService. - type: string - nativeLB: - description: |- - NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the pods. - By default, NativeLB is false. - type: boolean - passHostHeader: - description: |- - PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. - By default, passHostHeader is true. - type: boolean - percent: - description: |- - Percent defines the part of the traffic to mirror. - Supported values: 0 to 100. - type: integer - port: - anyOf: - - type: integer - - type: string - description: |- - Port defines the port of a Kubernetes Service. - This can be a reference to a named port. - x-kubernetes-int-or-string: true - responseForwarding: - description: ResponseForwarding defines how Traefik forwards - the response from the upstream Kubernetes Service to the - client. - properties: - flushInterval: - description: |- - FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. - A negative value means to flush immediately after each write to the client. - This configuration is ignored when ReverseProxy recognizes a response as a streaming response; - for such responses, writes are flushed to the client immediately. - Default: 100ms - type: string - type: object - scheme: - description: |- - Scheme defines the scheme to use for the request to the upstream Kubernetes Service. - It defaults to https when Kubernetes Service port is 443, http otherwise. - type: string - serversTransport: - description: |- - ServersTransport defines the name of ServersTransport resource to use. - It allows to configure the transport between Traefik and your servers. - Can only be used on a Kubernetes Service. - type: string - sticky: - description: |- - Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions - properties: - cookie: - description: Cookie defines the sticky cookie configuration. - properties: - httpOnly: - description: HTTPOnly defines whether the cookie - can be accessed by client-side APIs, such as JavaScript. - type: boolean - name: - description: Name defines the Cookie name. - type: string - sameSite: - description: |- - SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite - type: string - secure: - description: Secure defines whether the cookie can - only be transmitted over an encrypted connection - (i.e. HTTPS). - type: boolean - type: object - type: object - strategy: - description: |- - Strategy defines the load balancing strategy between the servers. - RoundRobin is the only supported value at the moment. - type: string - weight: - description: |- - Weight defines the weight and should only be specified when Name references a TraefikService object - (and to be precise, one that embeds a Weighted Round Robin). - type: integer - required: - - name - type: object - type: array - name: - description: |- - Name defines the name of the referenced Kubernetes Service or TraefikService. - The differentiation between the two is specified in the Kind field. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Kubernetes Service or TraefikService. - type: string - nativeLB: - description: |- - NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the pods. - By default, NativeLB is false. - type: boolean - passHostHeader: - description: |- - PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. - By default, passHostHeader is true. - type: boolean - port: - anyOf: - - type: integer - - type: string - description: |- - Port defines the port of a Kubernetes Service. - This can be a reference to a named port. - x-kubernetes-int-or-string: true - responseForwarding: - description: ResponseForwarding defines how Traefik forwards the - response from the upstream Kubernetes Service to the client. - properties: - flushInterval: - description: |- - FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. - A negative value means to flush immediately after each write to the client. - This configuration is ignored when ReverseProxy recognizes a response as a streaming response; - for such responses, writes are flushed to the client immediately. - Default: 100ms - type: string - type: object - scheme: - description: |- - Scheme defines the scheme to use for the request to the upstream Kubernetes Service. - It defaults to https when Kubernetes Service port is 443, http otherwise. - type: string - serversTransport: - description: |- - ServersTransport defines the name of ServersTransport resource to use. - It allows to configure the transport between Traefik and your servers. - Can only be used on a Kubernetes Service. - type: string - sticky: - description: |- - Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions - properties: - cookie: - description: Cookie defines the sticky cookie configuration. - properties: - httpOnly: - description: HTTPOnly defines whether the cookie can be - accessed by client-side APIs, such as JavaScript. - type: boolean - name: - description: Name defines the Cookie name. - type: string - sameSite: - description: |- - SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite - type: string - secure: - description: Secure defines whether the cookie can only - be transmitted over an encrypted connection (i.e. HTTPS). - type: boolean - type: object - type: object - strategy: - description: |- - Strategy defines the load balancing strategy between the servers. - RoundRobin is the only supported value at the moment. - type: string - weight: - description: |- - Weight defines the weight and should only be specified when Name references a TraefikService object - (and to be precise, one that embeds a Weighted Round Robin). - type: integer - required: - - name - type: object - weighted: - description: Weighted defines the Weighted Round Robin configuration. - properties: - services: - description: Services defines the list of Kubernetes Service and/or - TraefikService to load-balance, with weight. - items: - description: Service defines an upstream HTTP service to proxy - traffic to. - properties: - kind: - description: Kind defines the kind of the Service. - enum: - - Service - - TraefikService - type: string - name: - description: |- - Name defines the name of the referenced Kubernetes Service or TraefikService. - The differentiation between the two is specified in the Kind field. - type: string - namespace: - description: Namespace defines the namespace of the referenced - Kubernetes Service or TraefikService. - type: string - nativeLB: - description: |- - NativeLB controls, when creating the load-balancer, - whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. - The Kubernetes Service itself does load-balance to the pods. - By default, NativeLB is false. - type: boolean - passHostHeader: - description: |- - PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. - By default, passHostHeader is true. - type: boolean - port: - anyOf: - - type: integer - - type: string - description: |- - Port defines the port of a Kubernetes Service. - This can be a reference to a named port. - x-kubernetes-int-or-string: true - responseForwarding: - description: ResponseForwarding defines how Traefik forwards - the response from the upstream Kubernetes Service to the - client. - properties: - flushInterval: - description: |- - FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. - A negative value means to flush immediately after each write to the client. - This configuration is ignored when ReverseProxy recognizes a response as a streaming response; - for such responses, writes are flushed to the client immediately. - Default: 100ms - type: string - type: object - scheme: - description: |- - Scheme defines the scheme to use for the request to the upstream Kubernetes Service. - It defaults to https when Kubernetes Service port is 443, http otherwise. - type: string - serversTransport: - description: |- - ServersTransport defines the name of ServersTransport resource to use. - It allows to configure the transport between Traefik and your servers. - Can only be used on a Kubernetes Service. - type: string - sticky: - description: |- - Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions - properties: - cookie: - description: Cookie defines the sticky cookie configuration. - properties: - httpOnly: - description: HTTPOnly defines whether the cookie - can be accessed by client-side APIs, such as JavaScript. - type: boolean - name: - description: Name defines the Cookie name. - type: string - sameSite: - description: |- - SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite - type: string - secure: - description: Secure defines whether the cookie can - only be transmitted over an encrypted connection - (i.e. HTTPS). - type: boolean - type: object - type: object - strategy: - description: |- - Strategy defines the load balancing strategy between the servers. - RoundRobin is the only supported value at the moment. - type: string - weight: - description: |- - Weight defines the weight and should only be specified when Name references a TraefikService object - (and to be precise, one that embeds a Weighted Round Robin). - type: integer - required: - - name - type: object - type: array - sticky: - description: |- - Sticky defines whether sticky sessions are enabled. - More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#stickiness-and-load-balancing - properties: - cookie: - description: Cookie defines the sticky cookie configuration. - properties: - httpOnly: - description: HTTPOnly defines whether the cookie can be - accessed by client-side APIs, such as JavaScript. - type: boolean - name: - description: Name defines the Cookie name. - type: string - sameSite: - description: |- - SameSite defines the same site policy. - More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite - type: string - secure: - description: Secure defines whether the cookie can only - be transmitted over an encrypted connection (i.e. HTTPS). - type: boolean - type: object - type: object - type: object - type: object - required: - - metadata - - spec - type: object - served: true - storage: true diff --git a/charts/traefik/traefik/crds/traefik.io_ingressroutes.yaml b/charts/traefik/traefik/crds/traefik.io_ingressroutes.yaml index 587207d7c..9031689c0 100644 --- a/charts/traefik/traefik/crds/traefik.io_ingressroutes.yaml +++ b/charts/traefik/traefik/crds/traefik.io_ingressroutes.yaml @@ -43,7 +43,7 @@ spec: description: |- EntryPoints defines the list of entry point names to bind to. Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ + More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ Default: all. items: type: string @@ -63,12 +63,12 @@ spec: match: description: |- Match defines the router's rule. - More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule type: string middlewares: description: |- Middlewares defines the list of references to Middleware resources. - More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware items: description: MiddlewareRef is a reference to a Middleware resource. @@ -88,7 +88,7 @@ spec: priority: description: |- Priority defines the router's priority. - More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority type: integer services: description: |- @@ -161,7 +161,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -171,6 +171,12 @@ spec: can be accessed by client-side APIs, such as JavaScript. type: boolean + maxAge: + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. + type: integer name: description: Name defines the Cookie name. type: string @@ -200,6 +206,11 @@ spec: - name type: object type: array + syntax: + description: |- + Syntax defines the router's rule syntax. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax + type: string required: - kind - match @@ -208,18 +219,18 @@ spec: tls: description: |- TLS defines the TLS configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls properties: certResolver: description: |- CertResolver defines the name of the certificate resolver to use. Cert resolvers have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers + More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers type: string domains: description: |- Domains defines the list of domains that will be used to issue certificates. - More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains items: description: Domain holds a domain name with SANs. properties: @@ -238,17 +249,17 @@ spec: description: |- Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. If not defined, the `default` TLSOption is used. - More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options properties: name: description: |- Name defines the name of the referenced TLSOption. - More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption type: string namespace: description: |- Namespace defines the namespace of the referenced TLSOption. - More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption type: string required: - name @@ -265,12 +276,12 @@ spec: name: description: |- Name defines the name of the referenced TLSStore. - More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore type: string namespace: description: |- Namespace defines the namespace of the referenced TLSStore. - More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore type: string required: - name diff --git a/charts/traefik/traefik/crds/traefik.io_ingressroutetcps.yaml b/charts/traefik/traefik/crds/traefik.io_ingressroutetcps.yaml index ef6f9b8c1..930b06c04 100644 --- a/charts/traefik/traefik/crds/traefik.io_ingressroutetcps.yaml +++ b/charts/traefik/traefik/crds/traefik.io_ingressroutetcps.yaml @@ -43,7 +43,7 @@ spec: description: |- EntryPoints defines the list of entry point names to bind to. Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ + More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ Default: all. items: type: string @@ -56,7 +56,7 @@ spec: match: description: |- Match defines the router's rule. - More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1 + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1 type: string middlewares: description: Middlewares defines the list of references to MiddlewareTCP @@ -80,7 +80,7 @@ spec: priority: description: |- Priority defines the router's priority. - More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1 + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1 type: integer services: description: Services defines the list of TCP services. @@ -114,13 +114,19 @@ spec: proxyProtocol: description: |- ProxyProtocol defines the PROXY protocol configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol properties: version: description: Version defines the PROXY Protocol version to use. type: integer type: object + serversTransport: + description: |- + ServersTransport defines the name of ServersTransportTCP resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. + type: string terminationDelay: description: |- TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates @@ -128,7 +134,12 @@ spec: hence fully terminating the connection. It is a duration in milliseconds, defaulting to 100. A negative value means an infinite deadline (i.e. the reading capability is never closed). + Deprecated: TerminationDelay is not supported APIVersion traefik.io/v1, please use ServersTransport to configure the TerminationDelay instead. type: integer + tls: + description: TLS determines whether to use TLS when dialing + with the backend. + type: boolean weight: description: Weight defines the weight used when balancing requests between multiple Kubernetes Service. @@ -138,6 +149,11 @@ spec: - port type: object type: array + syntax: + description: |- + Syntax defines the router's rule syntax. + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rulesyntax_1 + type: string required: - match type: object @@ -145,18 +161,18 @@ spec: tls: description: |- TLS defines the TLS configuration on a layer 4 / TCP Route. - More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1 + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1 properties: certResolver: description: |- CertResolver defines the name of the certificate resolver to use. Cert resolvers have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers + More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers type: string domains: description: |- Domains defines the list of domains that will be used to issue certificates. - More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains + More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains items: description: Domain holds a domain name with SANs. properties: @@ -175,7 +191,7 @@ spec: description: |- Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. If not defined, the `default` TLSOption is used. - More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options properties: name: description: Name defines the name of the referenced Traefik diff --git a/charts/traefik/traefik/crds/traefik.io_ingressrouteudps.yaml b/charts/traefik/traefik/crds/traefik.io_ingressrouteudps.yaml index 60cc29d54..245194c62 100644 --- a/charts/traefik/traefik/crds/traefik.io_ingressrouteudps.yaml +++ b/charts/traefik/traefik/crds/traefik.io_ingressrouteudps.yaml @@ -43,7 +43,7 @@ spec: description: |- EntryPoints defines the list of entry point names to bind to. Entry points have to be configured in the static configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ + More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/ Default: all. items: type: string diff --git a/charts/traefik/traefik/crds/traefik.io_middlewares.yaml b/charts/traefik/traefik/crds/traefik.io_middlewares.yaml index 66913e653..4ef178a57 100644 --- a/charts/traefik/traefik/crds/traefik.io_middlewares.yaml +++ b/charts/traefik/traefik/crds/traefik.io_middlewares.yaml @@ -19,7 +19,7 @@ spec: openAPIV3Schema: description: |- Middleware is the CRD implementation of a Traefik Middleware. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/ properties: apiVersion: description: |- @@ -45,7 +45,7 @@ spec: description: |- AddPrefix holds the add prefix middleware configuration. This middleware updates the path of a request before forwarding it. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/ properties: prefix: description: |- @@ -57,12 +57,12 @@ spec: description: |- BasicAuth holds the basic auth middleware configuration. This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/ properties: headerField: description: |- HeaderField defines a header field to store the authenticated user. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield type: string realm: description: |- @@ -83,7 +83,7 @@ spec: description: |- Buffering holds the buffering middleware configuration. This middleware retries or limits the size of requests that can be forwarded to backends. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes properties: maxRequestBodyBytes: description: |- @@ -115,14 +115,14 @@ spec: description: |- RetryExpression defines the retry conditions. It is a logical combination of functions with operators AND (&&) and OR (||). - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression type: string type: object chain: description: |- Chain holds the configuration of the chain middleware. This middleware enables to define reusable combinations of other pieces of middleware. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/ properties: middlewares: description: Middlewares is the list of MiddlewareRef which composes @@ -177,12 +177,19 @@ spec: description: |- Compress holds the compress middleware configuration. This middleware compresses responses before sending them to the client, using gzip compression. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/ properties: excludedContentTypes: - description: ExcludedContentTypes defines the list of content - types to compare the Content-Type header of the incoming requests - and responses before compressing. + description: |- + ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing. + `application/grpc` is always excluded. + items: + type: string + type: array + includedContentTypes: + description: IncludedContentTypes defines the list of content + types to compare the Content-Type header of the responses before + compressing. items: type: string type: array @@ -201,21 +208,19 @@ spec: description: |- AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend, be automatically set to a value derived from the contents of the response. - As a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it. - However, the historic default was to always auto-detect and set the header if it was nil, - and it is going to be kept that way in order to support users currently relying on it. + Deprecated: AutoDetect option is deprecated, Content-Type middleware is only meant to be used to enable the content-type detection, please remove any usage of this option. type: boolean type: object digestAuth: description: |- DigestAuth holds the digest auth middleware configuration. This middleware restricts access to your services to known users. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/ properties: headerField: description: |- HeaderField defines a header field to store the authenticated user. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield type: string realm: description: |- @@ -235,7 +240,7 @@ spec: description: |- ErrorPage holds the custom error middleware configuration. This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/ properties: query: description: |- @@ -245,7 +250,7 @@ spec: service: description: |- Service defines the reference to a Kubernetes Service that will serve the error page. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service properties: kind: description: Kind defines the kind of the Service. @@ -310,7 +315,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -319,6 +324,12 @@ spec: description: HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript. type: boolean + maxAge: + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. + type: integer name: description: Name defines the Cookie name. type: string @@ -362,8 +373,14 @@ spec: description: |- ForwardAuth holds the forward auth middleware configuration. This middleware delegates the request authentication to a Service. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/ properties: + addAuthCookiesToResponse: + description: AddAuthCookiesToResponse defines the list of cookies + to copy from the authentication server response to the response. + items: + type: string + type: array address: description: Address defines the authentication server address. type: string @@ -384,13 +401,15 @@ spec: authResponseHeadersRegex: description: |- AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex type: string tls: description: TLS defines the configuration used to secure the connection to the authentication server. properties: caOptional: + description: 'Deprecated: TLS client authentication is a server + side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).' type: boolean caSecret: description: |- @@ -412,11 +431,24 @@ spec: forward) all X-Forwarded-* headers.' type: boolean type: object + grpcWeb: + description: |- + GrpcWeb holds the gRPC web middleware configuration. + This middleware converts a gRPC web request to an HTTP/2 gRPC request. + properties: + allowOrigins: + description: |- + AllowOrigins is a list of allowable origins. + Can also be a wildcard origin "*". + items: + type: string + type: array + type: object headers: description: |- Headers holds the headers middleware configuration. This middleware manages the requests and responses headers. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders properties: accessControlAllowCredentials: description: AccessControlAllowCredentials defines whether the @@ -503,7 +535,8 @@ spec: values to apply to the response. type: object featurePolicy: - description: 'Deprecated: use PermissionsPolicy instead.' + description: 'Deprecated: FeaturePolicy option is deprecated, + please use PermissionsPolicy instead.' type: string forceSTSHeader: description: ForceSTSHeader defines whether to add the STS header @@ -541,10 +574,12 @@ spec: This allows sites to control whether browsers forward the Referer header to other sites. type: string sslForceHost: - description: 'Deprecated: use RedirectRegex instead.' + description: 'Deprecated: SSLForceHost option is deprecated, please + use RedirectRegex instead.' type: boolean sslHost: - description: 'Deprecated: use RedirectRegex instead.' + description: 'Deprecated: SSLHost option is deprecated, please + use RedirectRegex instead.' type: string sslProxyHeaders: additionalProperties: @@ -554,12 +589,12 @@ spec: It can be useful when using other proxies (example: "X-Forwarded-Proto": "https"). type: object sslRedirect: - description: 'Deprecated: use EntryPoint redirection or RedirectScheme - instead.' + description: 'Deprecated: SSLRedirect option is deprecated, please + use EntryPoint redirection or RedirectScheme instead.' type: boolean sslTemporaryRedirect: - description: 'Deprecated: use EntryPoint redirection or RedirectScheme - instead.' + description: 'Deprecated: SSLTemporaryRedirect option is deprecated, + please use EntryPoint redirection or RedirectScheme instead.' type: boolean stsIncludeSubdomains: description: STSIncludeSubdomains defines whether the includeSubDomains @@ -580,7 +615,7 @@ spec: description: |- InFlightReq holds the in-flight request middleware configuration. This middleware limits the number of requests being processed and served concurrently. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/ properties: amount: description: |- @@ -593,12 +628,12 @@ spec: SourceCriterion defines what criterion is used to group requests as originating from a common source. If several strategies are defined at the same time, an error will be raised. If none are set, the default is to use the requestHost. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion properties: ipStrategy: description: |- IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -627,12 +662,12 @@ spec: description: |- IPAllowList holds the IP allowlist middleware configuration. This middleware accepts / refuses requests based on the client IP. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/ properties: ipStrategy: description: |- IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -646,6 +681,11 @@ spec: type: string type: array type: object + rejectStatusCode: + description: |- + RejectStatusCode defines the HTTP status code used for refused requests. + If not set, the default is 403 (Forbidden). + type: integer sourceRange: description: SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). @@ -654,16 +694,12 @@ spec: type: array type: object ipWhiteList: - description: |- - IPWhiteList holds the IP whitelist middleware configuration. - This middleware accepts / refuses requests based on the client IP. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/ - Deprecated: please use IPAllowList instead. + description: 'Deprecated: please use IPAllowList instead.' properties: ipStrategy: description: |- IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -688,7 +724,7 @@ spec: description: |- PassTLSClientCert holds the pass TLS client cert middleware configuration. This middleware adds the selected data from the passed client TLS certificate to a header. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/ properties: info: description: Info selects the specific client certificate details @@ -797,7 +833,7 @@ spec: description: |- RateLimit holds the rate limit configuration. This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/ properties: average: description: |- @@ -830,7 +866,7 @@ spec: ipStrategy: description: |- IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy properties: depth: description: Depth tells Traefik to use the X-Forwarded-For @@ -859,7 +895,7 @@ spec: description: |- RedirectRegex holds the redirect regex middleware configuration. This middleware redirects a request using regex matching and replacement. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex properties: permanent: description: Permanent defines whether the redirection is permanent @@ -878,7 +914,7 @@ spec: description: |- RedirectScheme holds the redirect scheme middleware configuration. This middleware redirects requests from a scheme/port to another. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/ properties: permanent: description: Permanent defines whether the redirection is permanent @@ -895,7 +931,7 @@ spec: description: |- ReplacePath holds the replace path middleware configuration. This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/ properties: path: description: Path defines the path to use as replacement in the @@ -906,7 +942,7 @@ spec: description: |- ReplacePathRegex holds the replace path regex middleware configuration. This middleware replaces the path of a URL using regex matching and replacement. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/ properties: regex: description: Regex defines the regular expression used to match @@ -922,7 +958,7 @@ spec: Retry holds the retry middleware configuration. This middleware reissues requests a given number of times to a backend server if that server does not reply. As soon as the server answers, the middleware stops retrying, regardless of the response status. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/ properties: attempts: description: Attempts defines how many times the request should @@ -944,10 +980,11 @@ spec: description: |- StripPrefix holds the strip prefix middleware configuration. This middleware removes the specified prefixes from the URL path. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/ properties: forceSlash: description: |- + Deprecated: ForceSlash option is deprecated, please remove any usage of this option. ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary. Default: true. type: boolean @@ -962,7 +999,7 @@ spec: description: |- StripPrefixRegex holds the strip prefix regex middleware configuration. This middleware removes the matching prefixes from the URL path. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/ properties: regex: description: Regex defines the regular expression to match the diff --git a/charts/traefik/traefik/crds/traefik.io_middlewaretcps.yaml b/charts/traefik/traefik/crds/traefik.io_middlewaretcps.yaml index 982caa692..250ac1b12 100644 --- a/charts/traefik/traefik/crds/traefik.io_middlewaretcps.yaml +++ b/charts/traefik/traefik/crds/traefik.io_middlewaretcps.yaml @@ -19,7 +19,7 @@ spec: openAPIV3Schema: description: |- MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/ properties: apiVersion: description: |- @@ -55,7 +55,7 @@ spec: description: |- IPAllowList defines the IPAllowList middleware configuration. This middleware accepts/refuses connections based on the client IP. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipallowlist/ properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of @@ -69,7 +69,7 @@ spec: IPWhiteList defines the IPWhiteList middleware configuration. This middleware accepts/refuses connections based on the client IP. Deprecated: please use IPAllowList instead. - More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/ + More info: https://doc.traefik.io/traefik/v3.0/middlewares/tcp/ipwhitelist/ properties: sourceRange: description: SourceRange defines the allowed IPs (or ranges of diff --git a/charts/traefik/traefik/crds/traefik.io_serverstransports.yaml b/charts/traefik/traefik/crds/traefik.io_serverstransports.yaml index aad13e089..287943fbf 100644 --- a/charts/traefik/traefik/crds/traefik.io_serverstransports.yaml +++ b/charts/traefik/traefik/crds/traefik.io_serverstransports.yaml @@ -21,7 +21,7 @@ spec: ServersTransport is the CRD implementation of a ServersTransport. If no serversTransport is specified, the default@internal will be used. The default@internal serversTransport is created from the static configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1 + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1 properties: apiVersion: description: |- @@ -117,6 +117,19 @@ spec: description: ServerName defines the server name used to contact the server. type: string + spiffe: + description: Spiffe defines the SPIFFE configuration. + properties: + ids: + description: IDs defines the allowed SPIFFE IDs (takes precedence + over the SPIFFE TrustDomain). + items: + type: string + type: array + trustDomain: + description: TrustDomain defines the allowed SPIFFE trust domain. + type: string + type: object type: object required: - metadata diff --git a/charts/traefik/traefik/crds/traefik.io_tlsoptions.yaml b/charts/traefik/traefik/crds/traefik.io_tlsoptions.yaml index 19ae64ec2..2380e8ef6 100644 --- a/charts/traefik/traefik/crds/traefik.io_tlsoptions.yaml +++ b/charts/traefik/traefik/crds/traefik.io_tlsoptions.yaml @@ -19,7 +19,7 @@ spec: openAPIV3Schema: description: |- TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. - More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options properties: apiVersion: description: |- @@ -44,14 +44,14 @@ spec: alpnProtocols: description: |- ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. - More info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols items: type: string type: array cipherSuites: description: |- CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. - More info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites items: type: string type: array @@ -79,7 +79,7 @@ spec: curvePreferences: description: |- CurvePreferences defines the preferred elliptic curves in a specific order. - More info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences items: type: string type: array diff --git a/charts/traefik/traefik/crds/traefik.io_tlsstores.yaml b/charts/traefik/traefik/crds/traefik.io_tlsstores.yaml index 18d421823..15c4951ea 100644 --- a/charts/traefik/traefik/crds/traefik.io_tlsstores.yaml +++ b/charts/traefik/traefik/crds/traefik.io_tlsstores.yaml @@ -21,7 +21,7 @@ spec: TLSStore is the CRD implementation of a Traefik TLS Store. For the time being, only the TLSStore named default is supported. This means that you cannot have two stores that are named default in different Kubernetes namespaces. - More info: https://doc.traefik.io/traefik/v2.11/https/tls/#certificates-stores + More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores properties: apiVersion: description: |- diff --git a/charts/traefik/traefik/crds/traefik.io_traefikservices.yaml b/charts/traefik/traefik/crds/traefik.io_traefikservices.yaml index f6a460a44..7c8f58a3e 100644 --- a/charts/traefik/traefik/crds/traefik.io_traefikservices.yaml +++ b/charts/traefik/traefik/crds/traefik.io_traefikservices.yaml @@ -22,7 +22,7 @@ spec: TraefikService object allows to: - Apply weight to Services on load-balancing - Mirror traffic on services - More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-traefikservice + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice properties: apiVersion: description: |- @@ -134,7 +134,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -143,6 +143,12 @@ spec: description: HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript. type: boolean + maxAge: + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. + type: integer name: description: Name defines the Cookie name. type: string @@ -228,7 +234,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -237,6 +243,12 @@ spec: description: HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript. type: boolean + maxAge: + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. + type: integer name: description: Name defines the Cookie name. type: string @@ -337,7 +349,7 @@ spec: sticky: description: |- Sticky defines the sticky sessions configuration. - More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -346,6 +358,12 @@ spec: description: HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript. type: boolean + maxAge: + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. + type: integer name: description: Name defines the Cookie name. type: string @@ -378,7 +396,7 @@ spec: sticky: description: |- Sticky defines whether sticky sessions are enabled. - More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#stickiness-and-load-balancing + More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing properties: cookie: description: Cookie defines the sticky cookie configuration. @@ -387,6 +405,12 @@ spec: description: HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript. type: boolean + maxAge: + description: |- + MaxAge indicates the number of seconds until the cookie expires. + When set to a negative number, the cookie expires immediately. + When set to zero, the cookie never expires. + type: integer name: description: Name defines the Cookie name. type: string diff --git a/charts/traefik/traefik/templates/NOTES.txt b/charts/traefik/traefik/templates/NOTES.txt index 65e9f5ba2..e3b8bcaeb 100644 --- a/charts/traefik/traefik/templates/NOTES.txt +++ b/charts/traefik/traefik/templates/NOTES.txt @@ -7,8 +7,8 @@ Traefik Proxy {{ .Values.image.tag | default .Chart.AppVersion }} has been deplo 🚨 When enabling persistence for certificates, permissions on acme.json can be lost when Traefik restarts. You can ensure correct permissions with an -initContainer. See https://github.com/traefik/traefik-helm-chart/issues/396 for -more info. 🚨 +initContainer. See https://github.com/traefik/traefik-helm-chart/blob/master/EXAMPLES.md#use-traefik-native-lets-encrypt-integration-without-cert-manager +for more info. 🚨 {{- end }} {{- end }} diff --git a/charts/traefik/traefik/templates/_podtemplate.tpl b/charts/traefik/traefik/templates/_podtemplate.tpl index 36a2c81bc..82add59fd 100644 --- a/charts/traefik/traefik/templates/_podtemplate.tpl +++ b/charts/traefik/traefik/templates/_podtemplate.tpl @@ -66,12 +66,14 @@ {{- $healthchecksPort := (default (.Values.ports.traefik).port .Values.deployment.healthchecksPort) }} {{- $healthchecksHost := (default (.Values.ports.traefik).hostIP .Values.deployment.healthchecksHost) }} {{- $healthchecksScheme := (default "HTTP" .Values.deployment.healthchecksScheme) }} + {{- $readinessPath := (default "/ping" .Values.deployment.readinessPath) }} + {{- $livenessPath := (default "/ping" .Values.deployment.livenessPath) }} readinessProbe: httpGet: {{- with $healthchecksHost }} host: {{ . }} {{- end }} - path: /ping + path: {{ $readinessPath }} port: {{ $healthchecksPort }} scheme: {{ $healthchecksScheme }} {{- toYaml .Values.readinessProbe | nindent 10 }} @@ -80,7 +82,7 @@ {{- with $healthchecksHost }} host: {{ . }} {{- end }} - path: /ping + path: {{ $livenessPath }} port: {{ $healthchecksPort }} scheme: {{ $healthchecksScheme }} {{- toYaml .Values.livenessProbe | nindent 10 }} @@ -156,20 +158,26 @@ {{- end }} {{- end }} {{- range $name, $config := .Values.ports }} - {{- if $config }} - - "--entrypoints.{{$name}}.address={{ $config.hostIP }}:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}" - {{- with $config.asDefault }} - {{- if semverCompare "<3.0.0-0" (include "imageVersion" $) }} - {{- fail "ERROR: Default entrypoints are only available on Traefik v3. Please set `image.tag` to `v3.x`." }} - {{- end }} - - "--entrypoints.{{$name}}.asDefault={{ . }}" - {{- end }} - {{- end }} + {{- if $config }} + - "--entryPoints.{{$name}}.address={{ $config.hostIP }}:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}" + {{- with $config.asDefault }} + - "--entryPoints.{{$name}}.asDefault={{ . }}" + {{- end }} + {{- end }} {{- end }} - "--api.dashboard=true" - "--ping=true" + {{- with .Values.core }} + {{- with .defaultRuleSyntax }} + - "--core.defaultRuleSyntax={{ . }}" + {{- end }} + {{- end }} + {{- if .Values.metrics }} + {{- if .Values.metrics.addInternals }} + - "--metrics.addinternals" + {{- end }} {{- with .Values.metrics.datadog }} - "--metrics.datadog=true" {{- with .address }} @@ -198,45 +206,6 @@ {{- end }} {{- end }} - {{- with .Values.metrics.influxdb }} - - "--metrics.influxdb=true" - - "--metrics.influxdb.address={{ .address }}" - - "--metrics.influxdb.protocol={{ .protocol }}" - {{- with .database }} - - "--metrics.influxdb.database={{ . }}" - {{- end }} - {{- with .retentionPolicy }} - - "--metrics.influxdb.retentionPolicy={{ . }}" - {{- end }} - {{- with .username }} - - "--metrics.influxdb.username={{ . }}" - {{- end }} - {{- with .password }} - - "--metrics.influxdb.password={{ . }}" - {{- end }} - {{- with .pushInterval }} - - "--metrics.influxdb.pushInterval={{ . }}" - {{- end }} - {{- range $name, $value := .additionalLabels }} - - "--metrics.influxdb.additionalLabels.{{ $name }}={{ $value }}" - {{- end }} - {{- if ne .addRoutersLabels nil }} - {{- with .addRoutersLabels | toString }} - - "--metrics.influxdb.addRoutersLabels={{ . }}" - {{- end }} - {{- end }} - {{- if ne .addEntryPointsLabels nil }} - {{- with .addEntryPointsLabels | toString }} - - "--metrics.influxdb.addEntryPointsLabels={{ . }}" - {{- end }} - {{- end }} - {{- if ne .addServicesLabels nil }} - {{- with .addServicesLabels | toString }} - - "--metrics.influxdb.addServicesLabels={{ . }}" - {{- end }} - {{- end }} - {{- end }} - {{- with .Values.metrics.influxdb2 }} - "--metrics.influxdb2=true" - "--metrics.influxdb2.address={{ .address }}" @@ -314,219 +283,149 @@ {{- end }} - {{- with .Values.metrics.openTelemetry }} - {{- if semverCompare "<3.0.0-0" (include "imageVersion" $) }} - {{- fail "ERROR: OpenTelemetry features are only available on Traefik v3. Please set `image.tag` to `v3.x`." }} - {{- end }} - - "--metrics.openTelemetry=true" - - "--metrics.openTelemetry.address={{ .address }}" + {{- with .Values.metrics.otlp }} + {{- if .enabled }} + - "--metrics.otlp=true" {{- if ne .addEntryPointsLabels nil }} {{- with .addEntryPointsLabels | toString }} - - "--metrics.openTelemetry.addEntryPointsLabels={{ . }}" + - "--metrics.otlp.addEntryPointsLabels={{ . }}" {{- end }} {{- end }} {{- if ne .addRoutersLabels nil }} {{- with .addRoutersLabels | toString }} - - "--metrics.openTelemetry.addRoutersLabels={{ . }}" + - "--metrics.otlp.addRoutersLabels={{ . }}" {{- end }} {{- end }} {{- if ne .addServicesLabels nil }} {{- with .addServicesLabels | toString }} - - "--metrics.openTelemetry.addServicesLabels={{ . }}" + - "--metrics.otlp.addServicesLabels={{ . }}" {{- end }} {{- end }} {{- with .explicitBoundaries }} - - "--metrics.openTelemetry.explicitBoundaries={{ join "," . }}" - {{- end }} - {{- with .headers }} - {{- range $name, $value := . }} - - "--metrics.openTelemetry.headers.{{ $name }}={{ $value }}" - {{- end }} - {{- end }} - {{- with .insecure }} - - "--metrics.openTelemetry.insecure={{ . }}" + - "--metrics.otlp.explicitBoundaries={{ join "," . }}" {{- end }} {{- with .pushInterval }} - - "--metrics.openTelemetry.pushInterval={{ . }}" + - "--metrics.otlp.pushInterval={{ . }}" {{- end }} - {{- with .path }} - - "--metrics.openTelemetry.path={{ . }}" - {{- end }} - {{- with .tls }} - {{- with .ca }} - - "--metrics.openTelemetry.tls.ca={{ . }}" - {{- end }} - {{- with .cert }} - - "--metrics.openTelemetry.tls.cert={{ . }}" - {{- end }} - {{- with .key }} - - "--metrics.openTelemetry.tls.key={{ . }}" - {{- end }} - {{- with .insecureSkipVerify }} - - "--metrics.openTelemetry.tls.insecureSkipVerify={{ . }}" + {{- with .http }} + {{- if .enabled }} + - "--metrics.otlp.http=true" + {{- with .endpoint }} + - "--metrics.otlp.http.endpoint={{ . }}" + {{- end }} + {{- range $name, $value := .headers }} + - "--metrics.otlp.http.headers.{{ $name }}={{ $value }}" + {{- end }} + {{- with .tls }} + {{- with .ca }} + - "--metrics.otlp.http.tls.ca={{ . }}" + {{- end }} + {{- with .cert }} + - "--metrics.otlp.http.tls.cert={{ . }}" + {{- end }} + {{- with .key }} + - "--metrics.otlp.http.tls.key={{ . }}" + {{- end }} + {{- with .insecureSkipVerify }} + - "--metrics.otlp.http.tls.insecureSkipVerify={{ . }}" + {{- end }} + {{- end }} {{- end }} {{- end }} {{- with .grpc }} - - "--metrics.openTelemetry.grpc={{ . }}" + {{ if .enabled }} + - "--metrics.otlp.grpc=true" + {{- with .endpoint }} + - "--metrics.otlp.grpc.endpoint={{ . }}" + {{- end }} + {{- with .insecure }} + - "--metrics.otlp.grpc.insecure={{ . }}" + {{- end }} + {{- range $name, $value := .headers }} + - "--metrics.otlp.grpc.headers.{{ $name }}={{ $value }}" + {{- end }} + {{- with .tls }} + {{- with .ca }} + - "--metrics.otlp.grpc.tls.ca={{ . }}" + {{- end }} + {{- with .cert }} + - "--metrics.otlp.grpc.tls.cert={{ . }}" + {{- end }} + {{- with .key }} + - "--metrics.otlp.grpc.tls.key={{ . }}" + {{- end }} + {{- with .insecureSkipVerify }} + - "--metrics.otlp.grpc.tls.insecureSkipVerify={{ . }}" + {{- end }} + {{- end }} + {{- end }} {{- end }} {{- end }} + {{- end }} - {{- if .Values.tracing }} + {{- if .Values.tracing.addInternals }} + - "--tracing.addinternals" + {{- end }} - {{- if .Values.tracing.openTelemetry }} - {{- if semverCompare "<3.0.0-0" (include "imageVersion" $) }} - {{- fail "ERROR: OpenTelemetry features are only available on Traefik v3. Please set `image.tag` to `v3.x`." }} + {{- with .Values.tracing.otlp }} + {{- if .enabled }} + - "--tracing.otlp=true" + {{- with .http }} + {{- if .enabled }} + - "--tracing.otlp.http=true" + {{- with .endpoint }} + - "--tracing.otlp.http.endpoint={{ . }}" + {{- end }} + {{- range $name, $value := .headers }} + - "--tracing.otlp.http.headers.{{ $name }}={{ $value }}" + {{- end }} + {{- with .tls }} + {{- with .ca }} + - "--tracing.otlp.http.tls.ca={{ . }}" + {{- end }} + {{- with .cert }} + - "--tracing.otlp.http.tls.cert={{ . }}" + {{- end }} + {{- with .key }} + - "--tracing.otlp.http.tls.key={{ . }}" + {{- end }} + {{- with .insecureSkipVerify }} + - "--tracing.otlp.http.tls.insecureSkipVerify={{ . }}" + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- with .grpc }} + {{ if .enabled }} + - "--tracing.otlp.grpc=true" + {{- with .endpoint }} + - "--tracing.otlp.grpc.endpoint={{ . }}" + {{- end }} + {{- with .insecure }} + - "--tracing.otlp.grpc.insecure={{ . }}" + {{- end }} + {{- range $name, $value := .headers }} + - "--tracing.otlp.grpc.headers.{{ $name }}={{ $value }}" + {{- end }} + {{- with .tls }} + {{- with .ca }} + - "--tracing.otlp.grpc.tls.ca={{ . }}" + {{- end }} + {{- with .cert }} + - "--tracing.otlp.grpc.tls.cert={{ . }}" + {{- end }} + {{- with .key }} + - "--tracing.otlp.grpc.tls.key={{ . }}" + {{- end }} + {{- with .insecureSkipVerify }} + - "--tracing.otlp.grpc.tls.insecureSkipVerify={{ . }}" + {{- end }} + {{- end }} + {{- end }} {{- end }} - - "--tracing.openTelemetry=true" - - "--tracing.openTelemetry.address={{ required "ERROR: When enabling openTelemetry on tracing, `tracing.openTelemetry.address` is required." .Values.tracing.openTelemetry.address }}" - {{- range $key, $value := .Values.tracing.openTelemetry.headers }} - - "--tracing.openTelemetry.headers.{{ $key }}={{ $value }}" - {{- end }} - {{- if .Values.tracing.openTelemetry.insecure }} - - "--tracing.openTelemetry.insecure={{ .Values.tracing.openTelemetry.insecure }}" - {{- end }} - {{- if .Values.tracing.openTelemetry.path }} - - "--tracing.openTelemetry.path={{ .Values.tracing.openTelemetry.path }}" - {{- end }} - {{- if .Values.tracing.openTelemetry.tls }} - {{- if .Values.tracing.openTelemetry.tls.ca }} - - "--tracing.openTelemetry.tls.ca={{ .Values.tracing.openTelemetry.tls.ca }}" - {{- end }} - {{- if .Values.tracing.openTelemetry.tls.cert }} - - "--tracing.openTelemetry.tls.cert={{ .Values.tracing.openTelemetry.tls.cert }}" - {{- end }} - {{- if .Values.tracing.openTelemetry.tls.key }} - - "--tracing.openTelemetry.tls.key={{ .Values.tracing.openTelemetry.tls.key }}" - {{- end }} - {{- if .Values.tracing.openTelemetry.tls.insecureSkipVerify }} - - "--tracing.openTelemetry.tls.insecureSkipVerify={{ .Values.tracing.openTelemetry.tls.insecureSkipVerify }}" - {{- end }} - {{- end }} - {{- if .Values.tracing.openTelemetry.grpc }} - - "--tracing.openTelemetry.grpc=true" {{- end }} {{- end }} - {{- if .Values.tracing.instana }} - - "--tracing.instana=true" - {{- if .Values.tracing.instana.localAgentHost }} - - "--tracing.instana.localAgentHost={{ .Values.tracing.instana.localAgentHost }}" - {{- end }} - {{- if .Values.tracing.instana.localAgentPort }} - - "--tracing.instana.localAgentPort={{ .Values.tracing.instana.localAgentPort }}" - {{- end }} - {{- if .Values.tracing.instana.logLevel }} - - "--tracing.instana.logLevel={{ .Values.tracing.instana.logLevel }}" - {{- end }} - {{- if .Values.tracing.instana.enableAutoProfile }} - - "--tracing.instana.enableAutoProfile={{ .Values.tracing.instana.enableAutoProfile }}" - {{- end }} - {{- end }} - {{- if .Values.tracing.datadog }} - - "--tracing.datadog=true" - {{- if .Values.tracing.datadog.localAgentHostPort }} - - "--tracing.datadog.localAgentHostPort={{ .Values.tracing.datadog.localAgentHostPort }}" - {{- end }} - {{- if .Values.tracing.datadog.debug }} - - "--tracing.datadog.debug=true" - {{- end }} - {{- if .Values.tracing.datadog.globalTag }} - - "--tracing.datadog.globalTag={{ .Values.tracing.datadog.globalTag }}" - {{- end }} - {{- if .Values.tracing.datadog.prioritySampling }} - - "--tracing.datadog.prioritySampling=true" - {{- end }} - {{- end }} - {{- if .Values.tracing.jaeger }} - - "--tracing.jaeger=true" - {{- if .Values.tracing.jaeger.samplingServerURL }} - - "--tracing.jaeger.samplingServerURL={{ .Values.tracing.jaeger.samplingServerURL }}" - {{- end }} - {{- if .Values.tracing.jaeger.samplingType }} - - "--tracing.jaeger.samplingType={{ .Values.tracing.jaeger.samplingType }}" - {{- end }} - {{- if .Values.tracing.jaeger.samplingParam }} - - "--tracing.jaeger.samplingParam={{ .Values.tracing.jaeger.samplingParam }}" - {{- end }} - {{- if .Values.tracing.jaeger.localAgentHostPort }} - - "--tracing.jaeger.localAgentHostPort={{ .Values.tracing.jaeger.localAgentHostPort }}" - {{- end }} - {{- if .Values.tracing.jaeger.gen128Bit }} - - "--tracing.jaeger.gen128Bit={{ .Values.tracing.jaeger.gen128Bit }}" - {{- end }} - {{- if .Values.tracing.jaeger.propagation }} - - "--tracing.jaeger.propagation={{ .Values.tracing.jaeger.propagation }}" - {{- end }} - {{- if .Values.tracing.jaeger.traceContextHeaderName }} - - "--tracing.jaeger.traceContextHeaderName={{ .Values.tracing.jaeger.traceContextHeaderName }}" - {{- end }} - {{- if .Values.tracing.jaeger.disableAttemptReconnecting }} - - "--tracing.jaeger.disableAttemptReconnecting={{ .Values.tracing.jaeger.disableAttemptReconnecting }}" - {{- end }} - {{- if .Values.tracing.jaeger.collector }} - {{- if .Values.tracing.jaeger.collector.endpoint }} - - "--tracing.jaeger.collector.endpoint={{ .Values.tracing.jaeger.collector.endpoint }}" - {{- end }} - {{- if .Values.tracing.jaeger.collector.user }} - - "--tracing.jaeger.collector.user={{ .Values.tracing.jaeger.collector.user }}" - {{- end }} - {{- if .Values.tracing.jaeger.collector.password }} - - "--tracing.jaeger.collector.password={{ .Values.tracing.jaeger.collector.password }}" - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.tracing.zipkin }} - - "--tracing.zipkin=true" - {{- if .Values.tracing.zipkin.httpEndpoint }} - - "--tracing.zipkin.httpEndpoint={{ .Values.tracing.zipkin.httpEndpoint }}" - {{- end }} - {{- if .Values.tracing.zipkin.sameSpan }} - - "--tracing.zipkin.sameSpan={{ .Values.tracing.zipkin.sameSpan }}" - {{- end }} - {{- if .Values.tracing.zipkin.id128Bit }} - - "--tracing.zipkin.id128Bit={{ .Values.tracing.zipkin.id128Bit }}" - {{- end }} - {{- if .Values.tracing.zipkin.sampleRate }} - - "--tracing.zipkin.sampleRate={{ .Values.tracing.zipkin.sampleRate }}" - {{- end }} - {{- end }} - {{- if .Values.tracing.haystack }} - - "--tracing.haystack=true" - {{- if .Values.tracing.haystack.localAgentHost }} - - "--tracing.haystack.localAgentHost={{ .Values.tracing.haystack.localAgentHost }}" - {{- end }} - {{- if .Values.tracing.haystack.localAgentPort }} - - "--tracing.haystack.localAgentPort={{ .Values.tracing.haystack.localAgentPort }}" - {{- end }} - {{- if .Values.tracing.haystack.globalTag }} - - "--tracing.haystack.globalTag={{ .Values.tracing.haystack.globalTag }}" - {{- end }} - {{- if .Values.tracing.haystack.traceIDHeaderName }} - - "--tracing.haystack.traceIDHeaderName={{ .Values.tracing.haystack.traceIDHeaderName }}" - {{- end }} - {{- if .Values.tracing.haystack.parentIDHeaderName }} - - "--tracing.haystack.parentIDHeaderName={{ .Values.tracing.haystack.parentIDHeaderName }}" - {{- end }} - {{- if .Values.tracing.haystack.spanIDHeaderName }} - - "--tracing.haystack.spanIDHeaderName={{ .Values.tracing.haystack.spanIDHeaderName }}" - {{- end }} - {{- if .Values.tracing.haystack.baggagePrefixHeaderName }} - - "--tracing.haystack.baggagePrefixHeaderName={{ .Values.tracing.haystack.baggagePrefixHeaderName }}" - {{- end }} - {{- end }} - {{- if .Values.tracing.elastic }} - - "--tracing.elastic=true" - {{- if .Values.tracing.elastic.serverURL }} - - "--tracing.elastic.serverURL={{ .Values.tracing.elastic.serverURL }}" - {{- end }} - {{- if .Values.tracing.elastic.secretToken }} - - "--tracing.elastic.secretToken={{ .Values.tracing.elastic.secretToken }}" - {{- end }} - {{- if .Values.tracing.elastic.serviceEnvironment }} - - "--tracing.elastic.serviceEnvironment={{ .Values.tracing.elastic.serviceEnvironment }}" - {{- end }} - {{- end }} - {{- end }} {{- range $pluginName, $plugin := .Values.experimental.plugins }} {{- if or (ne (typeOf $plugin) "map[string]interface {}") (not (hasKey $plugin "moduleName")) (not (hasKey $plugin "version")) }} {{- fail (printf "ERROR: plugin %s is missing moduleName/version keys !" $pluginName) }} @@ -569,7 +468,7 @@ {{- if .Values.providers.kubernetesIngress.ingressClass }} - "--providers.kubernetesingress.ingressClass={{ .Values.providers.kubernetesIngress.ingressClass }}" {{- end }} - {{- if and .Values.providers.kubernetesIngress.disableIngressClassLookup (semverCompare ">=3.0.0-0" (include "imageVersion" $) ) }} + {{- if .Values.providers.kubernetesIngress.disableIngressClassLookup }} - "--providers.kubernetesingress.disableIngressClassLookup=true" {{- end }} {{- end }} @@ -602,46 +501,39 @@ {{- fail "ERROR: Syntax of `ports.web.redirectTo` has changed to `ports.web.redirectTo.port`. Details in PR #934." }} {{- end }} {{- $toPort := index $.Values.ports $config.redirectTo.port }} - - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.exposedPort }}" - - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https" + - "--entryPoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.exposedPort }}" + - "--entryPoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https" {{- if $config.redirectTo.priority }} - - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.priority={{ $config.redirectTo.priority }}" + - "--entryPoints.{{ $entrypoint }}.http.redirections.entryPoint.priority={{ $config.redirectTo.priority }}" {{- end }} {{- end }} {{- if $config.middlewares }} - - "--entrypoints.{{ $entrypoint }}.http.middlewares={{ join "," $config.middlewares }}" + - "--entryPoints.{{ $entrypoint }}.http.middlewares={{ join "," $config.middlewares }}" {{- end }} {{- if $config.tls }} {{- if $config.tls.enabled }} - - "--entrypoints.{{ $entrypoint }}.http.tls=true" + - "--entryPoints.{{ $entrypoint }}.http.tls=true" {{- if $config.tls.options }} - - "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}" + - "--entryPoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}" {{- end }} {{- if $config.tls.certResolver }} - - "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}" + - "--entryPoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}" {{- end }} {{- if $config.tls.domains }} {{- range $index, $domain := $config.tls.domains }} {{- if $domain.main }} - - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}" + - "--entryPoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}" {{- end }} {{- if $domain.sans }} - - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}" + - "--entryPoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}" {{- end }} {{- end }} {{- end }} {{- if $config.http3 }} {{- if $config.http3.enabled }} - {{- if semverCompare "<3.0.0-0" (include "imageVersion" $)}} - - "--experimental.http3=true" - {{- end }} - {{- if semverCompare ">=2.6.0-0" (include "imageVersion" $)}} - - "--entrypoints.{{ $entrypoint }}.http3" - {{- else }} - - "--entrypoints.{{ $entrypoint }}.enableHTTP3=true" - {{- end }} + - "--entryPoints.{{ $entrypoint }}.http3" {{- if $config.http3.advertisedPort }} - - "--entrypoints.{{ $entrypoint }}.http3.advertisedPort={{ $config.http3.advertisedPort }}" + - "--entryPoints.{{ $entrypoint }}.http3.advertisedPort={{ $config.http3.advertisedPort }}" {{- end }} {{- end }} {{- end }} @@ -649,18 +541,45 @@ {{- end }} {{- if $config.forwardedHeaders }} {{- if $config.forwardedHeaders.trustedIPs }} - - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}" + - "--entryPoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}" {{- end }} {{- if $config.forwardedHeaders.insecure }} - - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure" + - "--entryPoints.{{ $entrypoint }}.forwardedHeaders.insecure" {{- end }} {{- end }} {{- if $config.proxyProtocol }} {{- if $config.proxyProtocol.trustedIPs }} - - "--entrypoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}" + - "--entryPoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}" {{- end }} {{- if $config.proxyProtocol.insecure }} - - "--entrypoints.{{ $entrypoint }}.proxyProtocol.insecure" + - "--entryPoints.{{ $entrypoint }}.proxyProtocol.insecure" + {{- end }} + {{- end }} + {{- with $config.transport }} + {{- with .respondingTimeouts }} + {{- if and (ne .readTimeout nil) (toString .readTimeout) }} + - "--entryPoints.{{ $entrypoint }}.transport.respondingTimeouts.readTimeout={{ .readTimeout }}" + {{- end }} + {{- if and (ne .writeTimeout nil) (toString .writeTimeout) }} + - "--entryPoints.{{ $entrypoint }}.transport.respondingTimeouts.writeTimeout={{ .writeTimeout }}" + {{- end }} + {{- if and (ne .idleTimeout nil) (toString .idleTimeout) }} + - "--entryPoints.{{ $entrypoint }}.transport.respondingTimeouts.idleTimeout={{ .idleTimeout }}" + {{- end }} + {{- end }} + {{- with .lifeCycle }} + {{- if and (ne .requestAcceptGraceTimeout nil) (toString .requestAcceptGraceTimeout) }} + - "--entryPoints.{{ $entrypoint }}.transport.lifeCycle.requestAcceptGraceTimeout={{ .requestAcceptGraceTimeout }}" + {{- end }} + {{- if and (ne .graceTimeOut nil) (toString .graceTimeOut) }} + - "--entryPoints.{{ $entrypoint }}.transport.lifeCycle.graceTimeOut={{ .graceTimeOut }}" + {{- end }} + {{- end }} + {{- if and (ne .keepAliveMaxRequests nil) (toString .keepAliveMaxRequests) }} + - "--entryPoints.{{ $entrypoint }}.transport.keepAliveMaxRequests={{ .keepAliveMaxRequests }}" + {{- end }} + {{- if and (ne .keepAliveMaxTime nil) (toString .keepAliveMaxTime) }} + - "--entryPoints.{{ $entrypoint }}.transport.keepAliveMaxTime={{ .keepAliveMaxTime }}" {{- end }} {{- end }} {{- end }} @@ -674,34 +593,37 @@ {{- end }} {{- if .access.enabled }} - "--accesslog=true" - {{- if .access.format }} - - "--accesslog.format={{ .access.format }}" - {{- end }} - {{- if .access.filePath }} - - "--accesslog.filepath={{ .access.filePath }}" - {{- end }} - {{- if .access.bufferingSize }} - - "--accesslog.bufferingsize={{ .access.bufferingSize }}" - {{- end }} - {{- if .access.filters }} - {{- if .access.filters.statuscodes }} - - "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}" - {{- end }} - {{- if .access.filters.retryattempts }} + {{- with .access.format }} + - "--accesslog.format={{ . }}" + {{- end }} + {{- with .access.filePath }} + - "--accesslog.filepath={{ . }}" + {{- end }} + {{- if .access.addInternals }} + - "--accesslog.addinternals" + {{- end }} + {{- with .access.bufferingSize }} + - "--accesslog.bufferingsize={{ . }}" + {{- end }} + {{- with .access.filters }} + {{- with .statuscodes }} + - "--accesslog.filters.statuscodes={{ . }}" + {{- end }} + {{- if .retryattempts }} - "--accesslog.filters.retryattempts" - {{- end }} - {{- if .access.filters.minduration }} - - "--accesslog.filters.minduration={{ .access.filters.minduration }}" - {{- end }} - {{- end }} + {{- end }} + {{- with .minduration }} + - "--accesslog.filters.minduration={{ . }}" + {{- end }} + {{- end }} - "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}" - {{- range $fieldname, $fieldaction := .access.fields.general.names }} + {{- range $fieldname, $fieldaction := .access.fields.general.names }} - "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}" - {{- end }} + {{- end }} - "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}" - {{- range $fieldname, $fieldaction := .access.fields.headers.names }} + {{- range $fieldname, $fieldaction := .access.fields.headers.names }} - "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}" - {{- end }} + {{- end }} {{- end }} {{- end }} {{- range $resolver, $config := $.Values.certResolvers }} @@ -722,6 +644,18 @@ {{- end }} {{- with .Values.env }} env: + {{- if ($.Values.resources.limits).cpu }} + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + {{- end }} + {{- if ($.Values.resources.limits).memory }} + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + {{- end }} {{- toYaml . | nindent 10 }} {{- end }} {{- with .Values.envFrom }} diff --git a/charts/traefik/traefik/templates/_service.tpl b/charts/traefik/traefik/templates/_service.tpl index 7d913ccd3..baba60601 100644 --- a/charts/traefik/traefik/templates/_service.tpl +++ b/charts/traefik/traefik/templates/_service.tpl @@ -52,7 +52,11 @@ {{- define "traefik.service-ports" }} {{- range $name, $config := .ports }} {{- if (index (default dict $config.expose) $.serviceName) }} - - port: {{ default $config.port $config.exposedPort }} + {{- $port := default $config.port $config.exposedPort }} + {{- if empty $port }} + {{- fail (print "ERROR: Cannot create " (trim $name) " port on Service without .port or .exposedPort") }} + {{- end }} + - port: {{ $port }} name: {{ $name | quote }} targetPort: {{ default $name $config.targetPort }} protocol: {{ default "TCP" $config.protocol }} @@ -62,9 +66,7 @@ {{- if $config.appProtocol }} appProtocol: {{ $config.appProtocol }} {{- end }} - {{- end }} - {{- if $config.http3 }} - {{- if $config.http3.enabled }} + {{- if ($config.http3).enabled }} {{- $http3Port := default $config.exposedPort $config.http3.advertisedPort }} - port: {{ $http3Port }} name: "{{ $name }}-http3" diff --git a/charts/traefik/traefik/templates/ingressclass.yaml b/charts/traefik/traefik/templates/ingressclass.yaml index 2c207c6d2..6a8ff8199 100644 --- a/charts/traefik/traefik/templates/ingressclass.yaml +++ b/charts/traefik/traefik/templates/ingressclass.yaml @@ -1,14 +1,5 @@ {{- if .Values.ingressClass.enabled -}} - {{- if (semverCompare "<2.3.0" (include "imageVersion" $)) -}} - {{- fail "ERROR: IngressClass cannot be used with Traefik < 2.3.0" -}} - {{- end -}} - {{- if semverCompare ">=1.19.0-0" .Capabilities.KubeVersion.Version -}} apiVersion: networking.k8s.io/v1 - {{- else if semverCompare ">=1.16.0-0" .Capabilities.KubeVersion.Version }} -apiVersion: networking.k8s.io/v1beta1 - {{- else }} - {{- fail "ERROR: You must use at least Kubernetes v1.16 with this Chart" }} - {{- end }} kind: IngressClass metadata: annotations: diff --git a/charts/traefik/traefik/templates/rbac/clusterrole.yaml b/charts/traefik/traefik/templates/rbac/clusterrole.yaml index 31b2e409f..20c83acc9 100644 --- a/charts/traefik/traefik/templates/rbac/clusterrole.yaml +++ b/charts/traefik/traefik/templates/rbac/clusterrole.yaml @@ -1,5 +1,5 @@ {{- if and .Values.rbac.enabled (or .Values.providers.kubernetesIngress.enabled (not .Values.rbac.namespaced)) -}} -{{- if not (and .Values.rbac.namespaced .Values.providers.kubernetesIngress.disableIngressClassLookup (semverCompare ">=3.0.0-0" (include "imageVersion" $))) -}} +{{- if not (and .Values.rbac.namespaced .Values.providers.kubernetesIngress.disableIngressClassLookup) -}} --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -56,9 +56,6 @@ rules: {{- if .Values.providers.kubernetesCRD.enabled }} - apiGroups: - traefik.io - {{- if semverCompare "<3.0.0-0" (include "imageVersion" $) }} - - traefik.containo.us - {{- end }} resources: - ingressroutes - ingressroutetcps @@ -69,9 +66,7 @@ rules: - tlsstores - traefikservices - serverstransports - {{- if semverCompare ">=3.0.0-0" (include "imageVersion" $) }} - serverstransporttcps - {{- end }} verbs: - get - list @@ -101,6 +96,7 @@ rules: - gatewayclasses - gateways - httproutes + - referencegrants - tcproutes - tlsroutes verbs: diff --git a/charts/traefik/traefik/templates/rbac/clusterrolebinding.yaml b/charts/traefik/traefik/templates/rbac/clusterrolebinding.yaml index 959411477..b65454387 100644 --- a/charts/traefik/traefik/templates/rbac/clusterrolebinding.yaml +++ b/charts/traefik/traefik/templates/rbac/clusterrolebinding.yaml @@ -1,5 +1,5 @@ {{- if and .Values.rbac.enabled (or .Values.providers.kubernetesIngress.enabled (not .Values.rbac.namespaced)) -}} -{{- if not (and .Values.rbac.namespaced .Values.providers.kubernetesIngress.disableIngressClassLookup (semverCompare ">=3.0.0-0" (include "imageVersion" $))) -}} +{{- if or (not .Values.rbac.namespaced) (not .Values.providers.kubernetesIngress.disableIngressClassLookup) -}} --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/charts/traefik/traefik/templates/rbac/role.yaml b/charts/traefik/traefik/templates/rbac/role.yaml index 18225674b..2bd136ced 100644 --- a/charts/traefik/traefik/templates/rbac/role.yaml +++ b/charts/traefik/traefik/templates/rbac/role.yaml @@ -61,9 +61,6 @@ rules: {{- if (and (has . $CRDNamespaces) $.Values.providers.kubernetesCRD.enabled) }} - apiGroups: - traefik.io - {{- if semverCompare "<3.0.0-0" (include "imageVersion" $) }} - - traefik.containo.us - {{- end }} resources: - ingressroutes - ingressroutetcps @@ -74,9 +71,7 @@ rules: - tlsstores - traefikservices - serverstransports - {{- if semverCompare ">=3.0.0-0" (include "imageVersion" $) }} - serverstransporttcps - {{- end }} verbs: - get - list @@ -92,5 +87,37 @@ rules: verbs: - use {{- end -}} +{{- if $.Values.experimental.kubernetesGateway.enabled }} + - apiGroups: + - "" + resources: + - namespaces + verbs: + - list + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gateways + - httproutes + - referencegrants + - tcproutes + - tlsroutes + verbs: + - get + - list + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses/status + - gateways/status + - httproutes/status + - tcproutes/status + - tlsroutes/status + verbs: + - update +{{- end -}} {{- end -}} {{- end -}} diff --git a/charts/traefik/traefik/templates/requirements.yaml b/charts/traefik/traefik/templates/requirements.yaml new file mode 100644 index 000000000..740c08da7 --- /dev/null +++ b/charts/traefik/traefik/templates/requirements.yaml @@ -0,0 +1,6 @@ +{{- $version := include "imageVersion" $ }} +{{- if (ne $version "experimental-v3.0") }} + {{- if (semverCompare "<3.0.0-0" $version) }} + {{- fail "ERROR: This version of the Chart only supports Traefik Proxy v3" -}} + {{- end }} +{{- end }} diff --git a/charts/traefik/traefik/templates/tlsoption.yaml b/charts/traefik/traefik/templates/tlsoption.yaml index 07ec031ff..65201fbdb 100644 --- a/charts/traefik/traefik/templates/tlsoption.yaml +++ b/charts/traefik/traefik/templates/tlsoption.yaml @@ -25,18 +25,15 @@ spec: {{- with $config.curvePreferences }} curvePreferences: {{- toYaml . | nindent 4 }} - {{- end }} - {{- if $config.maxVersion }} - maxVersion: {{ $config.maxVersion }} {{- end }} - {{- if $config.minVersion }} - minVersion: {{ $config.minVersion }} + {{- with $config.maxVersion }} + maxVersion: {{ . }} {{- end }} - {{- if $config.preferServerCipherSuites }} - preferServerCipherSuites: {{ $config.preferServerCipherSuites }} + {{- with $config.minVersion }} + minVersion: {{ . }} {{- end }} - {{- if $config.sniStrict }} - sniStrict: {{ $config.sniStrict }} + {{- with $config.sniStrict }} + sniStrict: {{ . }} {{- end }} --- {{- end -}} diff --git a/charts/traefik/traefik/values.yaml b/charts/traefik/traefik/values.yaml index cd9fb6e98..2bff10de4 100644 --- a/charts/traefik/traefik/values.yaml +++ b/charts/traefik/traefik/values.yaml @@ -38,6 +38,12 @@ deployment: ## Override the liveness/readiness scheme. Useful for getting ping to ## respond on websecure entryPoint. # healthchecksScheme: HTTPS + ## Override the readiness path. + ## Default: /ping + # readinessPath: /ping + # Override the liveness path. + # Default: /ping + # livenessPath: /ping # -- Additional deployment annotations (e.g. for jaeger-operator sidecar injection) annotations: {} # -- Additional deployment labels (e.g. for filtering deployment by custom labels) @@ -120,12 +126,13 @@ ingressClass: isDefaultClass: true # name: my-custom-class +core: + # -- Can be used to use globally v2 router syntax + # See https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#new-v3-syntax-notable-changes + defaultRuleSyntax: + # Traefik experimental features experimental: - # This value is no longer used, set the image.tag to a semver higher than 3.0, e.g. "v3.0.0-beta3" - # v3: - # -- Enable traefik version 3 - # -- Enable traefik experimental plugins plugins: {} # demo: @@ -309,7 +316,7 @@ logs: # format: json # By default, the level is set to ERROR. # -- Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. - level: ERROR + level: INFO access: # -- To enable access logs enabled: false @@ -328,6 +335,8 @@ logs: # statuscodes: "200,300-302" # retryattempts: true # minduration: 10ms + # -- Enables accessLogs for internal resources. Default: false. + addInternals: fields: general: # -- Available modes: keep, drop, redact. @@ -347,6 +356,9 @@ logs: # Content-Type: keep metrics: + ## -- Enable metrics for internal resources. Default: false + addInternals: + ## -- Prometheus is enabled by default. ## -- It can be disabled by setting "prometheus: null" prometheus: @@ -376,31 +388,6 @@ metrics: # # addRoutersLabels: true # ## Enable metrics on services. Default=true # # addServicesLabels: false - # influxdb: - # ## Address instructs exporter to send metrics to influxdb at this address. - # address: localhost:8089 - # ## InfluxDB's address protocol (udp or http). Default="udp" - # protocol: udp - # ## InfluxDB database used when protocol is http. Default="" - # # database: "" - # ## InfluxDB retention policy used when protocol is http. Default="" - # # retentionPolicy: "" - # ## InfluxDB username (only with http). Default="" - # # username: "" - # ## InfluxDB password (only with http). Default="" - # # password: "" - # ## The interval used by the exporter to push metrics to influxdb. Default=10s - # # pushInterval: 30s - # ## Additional labels (influxdb tags) on all metrics. - # # additionalLabels: - # # env: production - # # foo: bar - # ## Enable metrics on entry points. Default=true - # # addEntryPointsLabels: false - # ## Enable metrics on routers. Default=false - # # addRoutersLabels: true - # ## Enable metrics on services. Default=true - # # addServicesLabels: false # influxdb2: # ## Address instructs exporter to send metrics to influxdb v2 at this address. # address: localhost:8086 @@ -435,43 +422,53 @@ metrics: # # addRoutersLabels: true # ## Enable metrics on services. Default=true # # addServicesLabels: false - # openTelemetry: - # ## Address of the OpenTelemetry Collector to send metrics to. - # address: "localhost:4318" - # ## Enable metrics on entry points. - # addEntryPointsLabels: true - # ## Enable metrics on routers. - # addRoutersLabels: true - # ## Enable metrics on services. - # addServicesLabels: true - # ## Explicit boundaries for Histogram data points. - # explicitBoundaries: - # - "0.1" - # - "0.3" - # - "1.2" - # - "5.0" - # ## Additional headers sent with metrics by the reporter to the OpenTelemetry Collector. - # headers: - # foo: bar - # test: test - # ## Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol. - # insecure: true - # ## Interval at which metrics are sent to the OpenTelemetry Collector. - # pushInterval: 10s - # ## Allows to override the default URL path used for sending metrics. This option has no effect when using gRPC transport. - # path: /foo/v1/traces - # ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector. - # tls: - # ## The path to the certificate authority, it defaults to the system bundle. - # ca: path/to/ca.crt - # ## The path to the public certificate. When using this option, setting the key option is required. - # cert: path/to/foo.cert - # ## The path to the private key. When using this option, setting the cert option is required. - # key: path/to/key.key - # ## If set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. - # insecureSkipVerify: true - # ## This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC. - # grpc: true + otlp: + # -- Set to true in order to enable the OpenTelemetry metrics + enabled: false + # -- Enable metrics on entry points. Default: true + addEntryPointsLabels: + # -- Enable metrics on routers. Default: false + addRoutersLabels: + # -- Enable metrics on services. Default: true + addServicesLabels: + # -- Explicit boundaries for Histogram data points. Default: [.005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10] + explicitBoundaries: + # -- Interval at which metrics are sent to the OpenTelemetry Collector. Default: 10s + pushInterval: + http: + # -- Set to true in order to send metrics to the OpenTelemetry Collector using HTTP. + enabled: false + # -- Format: ://:. Default: http://localhost:4318/v1/metrics + endpoint: + # -- Additional headers sent with metrics by the reporter to the OpenTelemetry Collector. + headers: + ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector. + tls: + # -- The path to the certificate authority, it defaults to the system bundle. + ca: + # -- The path to the public certificate. When using this option, setting the key option is required. + cert: + # -- The path to the private key. When using this option, setting the cert option is required. + key: + # -- When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. + insecureSkipVerify: + grpc: + # -- Set to true in order to send metrics to the OpenTelemetry Collector using gRPC + enabled: false + # -- Format: ://:. Default: http://localhost:4318/v1/metrics + endpoint: + # -- Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol. + insecure: + ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector. + tls: + # -- The path to the certificate authority, it defaults to the system bundle. + ca: + # -- The path to the public certificate. When using this option, setting the key option is required. + cert: + # -- The path to the private key. When using this option, setting the cert option is required. + key: + # -- When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. + insecureSkipVerify: ## -- enable optional CRDs for Prometheus Operator ## @@ -524,51 +521,46 @@ metrics: ## Tracing # -- https://doc.traefik.io/traefik/observability/tracing/overview/ -tracing: {} -# openTelemetry: # traefik v3+ only -# grpc: true -# insecure: true -# address: localhost:4317 -# instana: -# localAgentHost: 127.0.0.1 -# localAgentPort: 42699 -# logLevel: info -# enableAutoProfile: true -# datadog: -# localAgentHostPort: 127.0.0.1:8126 -# debug: false -# globalTag: "" -# prioritySampling: false -# jaeger: -# samplingServerURL: http://localhost:5778/sampling -# samplingType: const -# samplingParam: 1.0 -# localAgentHostPort: 127.0.0.1:6831 -# gen128Bit: false -# propagation: jaeger -# traceContextHeaderName: uber-trace-id -# disableAttemptReconnecting: true -# collector: -# endpoint: "" -# user: "" -# password: "" -# zipkin: -# httpEndpoint: http://localhost:9411/api/v2/spans -# sameSpan: false -# id128Bit: true -# sampleRate: 1.0 -# haystack: -# localAgentHost: 127.0.0.1 -# localAgentPort: 35000 -# globalTag: "" -# traceIDHeaderName: "" -# parentIDHeaderName: "" -# spanIDHeaderName: "" -# baggagePrefixHeaderName: "" -# elastic: -# serverURL: http://localhost:8200 -# secretToken: "" -# serviceEnvironment: "" +tracing: + # -- Enables tracing for internal resources. Default: false. + addInternals: + otlp: + # -- See https://doc.traefik.io/traefik/v3.0/observability/tracing/opentelemetry/ + enabled: false + http: + # -- Set to true in order to send metrics to the OpenTelemetry Collector using HTTP. + enabled: false + # -- Format: ://:. Default: http://localhost:4318/v1/metrics + endpoint: + # -- Additional headers sent with metrics by the reporter to the OpenTelemetry Collector. + headers: + ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector. + tls: + # -- The path to the certificate authority, it defaults to the system bundle. + ca: + # -- The path to the public certificate. When using this option, setting the key option is required. + cert: + # -- The path to the private key. When using this option, setting the cert option is required. + key: + # -- When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. + insecureSkipVerify: + grpc: + # -- Set to true in order to send metrics to the OpenTelemetry Collector using gRPC + enabled: false + # -- Format: ://:. Default: http://localhost:4318/v1/metrics + endpoint: + # -- Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol. + insecure: + ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector. + tls: + # -- The path to the certificate authority, it defaults to the system bundle. + ca: + # -- The path to the public certificate. When using this option, setting the key option is required. + cert: + # -- The path to the private key. When using this option, setting the cert option is required. + key: + # -- When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. + insecureSkipVerify: # -- Global command arguments to be passed to all traefik's pods globalArguments: @@ -662,15 +654,28 @@ ports: # (Optional) # priority: 10 # - # Trust forwarded headers information (X-Forwarded-*). + # -- Trust forwarded headers information (X-Forwarded-*). # forwardedHeaders: # trustedIPs: [] # insecure: false # - # Enable the Proxy Protocol header parsing for the entry point + # -- Enable the Proxy Protocol header parsing for the entry point # proxyProtocol: # trustedIPs: [] # insecure: false + # + # -- Set transport settings for the entrypoint; see also + # https://doc.traefik.io/traefik/routing/entrypoints/#transport + transport: + respondingTimeouts: + readTimeout: + writeTimeout: + idleTimeout: + lifeCycle: + requestAcceptGraceTimeout: + graceTimeOut: + keepAliveMaxRequests: + keepAliveMaxTime: websecure: ## -- Enable this entrypoint as a default entrypoint. When a service doesn't explicitly set an entrypoint it will only use this entrypoint. # asDefault: true @@ -698,16 +703,29 @@ ports: enabled: false # advertisedPort: 4443 # - ## -- Trust forwarded headers information (X-Forwarded-*). + # -- Trust forwarded headers information (X-Forwarded-*). # forwardedHeaders: # trustedIPs: [] # insecure: false # - ## -- Enable the Proxy Protocol header parsing for the entry point + # -- Enable the Proxy Protocol header parsing for the entry point # proxyProtocol: # trustedIPs: [] # insecure: false # + # -- Set transport settings for the entrypoint; see also + # https://doc.traefik.io/traefik/routing/entrypoints/#transport + transport: + respondingTimeouts: + readTimeout: + writeTimeout: + idleTimeout: + lifeCycle: + requestAcceptGraceTimeout: + graceTimeOut: + keepAliveMaxRequests: + keepAliveMaxTime: + # ## Set TLS at the entrypoint ## https://doc.traefik.io/traefik/routing/entrypoints/#tls tls: @@ -756,7 +774,6 @@ ports: # default: # labels: {} # sniStrict: true -# preferServerCipherSuites: true # custom-options: # labels: {} # curvePreferences: diff --git a/index.yaml b/index.yaml index b24378036..b9c8337ba 100644 --- a/index.yaml +++ b/index.yaml @@ -243,8 +243,8 @@ entries: argo-cd: - annotations: artifacthub.io/changes: | - - kind: added - description: JQ Path expression timeout + - kind: changed + description: Bump argo-cd to v2.10.9 artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc @@ -254,8 +254,8 @@ entries: catalog.cattle.io/kube-version: '>=1.23.0-0' catalog.cattle.io/release-name: argo-cd apiVersion: v2 - appVersion: v2.10.8 - created: "2024-04-27T00:51:55.399879733Z" + appVersion: v2.10.9 + created: "2024-05-01T00:56:46.695488838Z" dependencies: - condition: redis-ha.enabled name: redis-ha @@ -263,7 +263,46 @@ entries: version: 4.26.1 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. - digest: 7d1017a20eebe91bcb7daad6af4f985877abfa269decf2e505bfa1c6b8aa82fe + digest: e8f8c78a2d256bc085fd93de2ea1e247d3dd35c3ee677a0f4470a2f9de5fbf29 + home: https://github.com/argoproj/argo-helm + icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png + keywords: + - argoproj + - argocd + - gitops + kubeVersion: '>=1.23.0-0' + maintainers: + - name: argoproj + url: https://argoproj.github.io/ + name: argo-cd + sources: + - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd + - https://github.com/argoproj/argo-cd + urls: + - assets/argo/argo-cd-6.7.18.tgz + version: 6.7.18 + - annotations: + artifacthub.io/changes: | + - kind: added + description: JQ Path expression timeout + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Argo CD + catalog.cattle.io/kube-version: '>=1.23.0-0' + catalog.cattle.io/release-name: argo-cd + apiVersion: v2 + appVersion: v2.10.8 + created: "2024-05-01T00:56:36.530285899Z" + dependencies: + - condition: redis-ha.enabled + name: redis-ha + repository: file://./charts/redis-ha + version: 4.26.1 + description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery + tool for Kubernetes. + digest: 87b85fc102b54f23f5a1daa8329a2f51f1fb6bd5c664e46f21cc5425d7eff86a home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -25887,6 +25926,63 @@ entries: - assets/jaeger/jaeger-operator-2.36.0.tgz version: 2.36.0 jenkins: + - annotations: + artifacthub.io/category: integration-delivery + artifacthub.io/changes: | + - Update `kubernetes` to version `4209.vc646b_71e5269` + artifacthub.io/images: | + - name: jenkins + image: docker.io/jenkins/jenkins:2.440.3-jdk17 + - name: k8s-sidecar + image: docker.io/kiwigrid/k8s-sidecar:1.26.1 + - name: inbound-agent + image: jenkins/inbound-agent:3206.vb_15dcf73f6a_9-3 + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Chart Source + url: https://github.com/jenkinsci/helm-charts/tree/main/charts/jenkins + - name: Jenkins + url: https://www.jenkins.io/ + - name: support + url: https://github.com/jenkinsci/helm-charts/issues + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Jenkins + catalog.cattle.io/kube-version: '>=1.14-0' + catalog.cattle.io/release-name: jenkins + apiVersion: v2 + appVersion: 2.440.3 + created: "2024-05-01T00:56:48.594816785Z" + description: 'Jenkins - Build great things at any scale! As the leading open source + automation server, Jenkins provides over 1800 plugins to support building, deploying + and automating any project. ' + digest: 5c92fe85de3b6ac823748b2b05d8aa0ebbec611c59e88f0d3f126db969fd6b5c + home: https://www.jenkins.io/ + icon: https://get.jenkins.io/art/jenkins-logo/logo.svg + keywords: + - jenkins + - ci + - devops + maintainers: + - email: maor.friedman@redhat.com + name: maorfr + - email: mail@torstenwalter.de + name: torstenwalter + - email: garridomota@gmail.com + name: mogaal + - email: wmcdona89@gmail.com + name: wmcdona89 + - email: timjacomb1@gmail.com + name: timja + name: jenkins + sources: + - https://github.com/jenkinsci/jenkins + - https://github.com/jenkinsci/docker-inbound-agent + - https://github.com/maorfr/kube-tasks + - https://github.com/jenkinsci/configuration-as-code-plugin + type: application + urls: + - assets/jenkins/jenkins-5.1.8.tgz + version: 5.1.8 - annotations: artifacthub.io/category: integration-delivery artifacthub.io/changes: | @@ -38138,6 +38234,90 @@ entries: - assets/f5/nginx-service-mesh-0.2.100.tgz version: 0.2.100 nri-bundle: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: New Relic + catalog.cattle.io/release-name: nri-bundle + apiVersion: v2 + created: "2024-05-01T00:56:51.336134546Z" + dependencies: + - condition: infrastructure.enabled,newrelic-infrastructure.enabled + name: newrelic-infrastructure + repository: file://./charts/newrelic-infrastructure + version: 3.33.4 + - condition: prometheus.enabled,nri-prometheus.enabled + name: nri-prometheus + repository: file://./charts/nri-prometheus + version: 2.1.17 + - condition: newrelic-prometheus-agent.enabled + name: newrelic-prometheus-agent + repository: file://./charts/newrelic-prometheus-agent + version: 1.13.0 + - condition: webhook.enabled,nri-metadata-injection.enabled + name: nri-metadata-injection + repository: file://./charts/nri-metadata-injection + version: 4.19.0 + - condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled + name: newrelic-k8s-metrics-adapter + repository: file://./charts/newrelic-k8s-metrics-adapter + version: 1.10.2 + - condition: ksm.enabled,kube-state-metrics.enabled + name: kube-state-metrics + repository: file://./charts/kube-state-metrics + version: 5.12.1 + - condition: kubeEvents.enabled,nri-kube-events.enabled + name: nri-kube-events + repository: file://./charts/nri-kube-events + version: 3.9.6 + - condition: logging.enabled,newrelic-logging.enabled + name: newrelic-logging + repository: file://./charts/newrelic-logging + version: 1.21.3 + - condition: newrelic-pixie.enabled + name: newrelic-pixie + repository: file://./charts/newrelic-pixie + version: 2.1.4 + - alias: pixie-chart + condition: pixie-chart.enabled + name: pixie-operator-chart + repository: file://./charts/pixie-operator-chart + version: 0.1.4 + - condition: newrelic-infra-operator.enabled + name: newrelic-infra-operator + repository: file://./charts/newrelic-infra-operator + version: 2.10.0 + description: Groups together the individual charts for the New Relic Kubernetes + solution for a more comfortable deployment. + digest: 333f26187567ea88dd36262063ddf9517c72bb4374853d79286be62c5a353d57 + home: https://github.com/newrelic/helm-charts + icon: https://newrelic.com/themes/custom/erno/assets/mediakit/new_relic_logo_vertical.svg + keywords: + - infrastructure + - newrelic + - monitoring + maintainers: + - name: juanjjaramillo + url: https://github.com/juanjjaramillo + - name: csongnr + url: https://github.com/csongnr + - name: dbudziwojskiNR + url: https://github.com/dbudziwojskiNR + name: nri-bundle + sources: + - https://github.com/newrelic/nri-bundle/ + - https://github.com/newrelic/nri-bundle/tree/master/charts/nri-bundle + - https://github.com/newrelic/nri-kubernetes/tree/master/charts/newrelic-infrastructure + - https://github.com/newrelic/nri-prometheus/tree/master/charts/nri-prometheus + - https://github.com/newrelic/newrelic-prometheus-configurator/tree/master/charts/newrelic-prometheus-agent + - https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection + - https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/master/charts/newrelic-k8s-metrics-adapter + - https://github.com/newrelic/nri-kube-events/tree/master/charts/nri-kube-events + - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging + - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie + - https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator + urls: + - assets/new-relic/nri-bundle-5.0.75.tgz + version: 5.0.75 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: New Relic @@ -49458,6 +49638,37 @@ entries: - assets/shipa/shipa-1.4.0.tgz version: 1.4.0 speedscale-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Speedscale Operator + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: speedscale-operator + apiVersion: v1 + appVersion: 2.1.296 + created: "2024-05-01T00:56:52.212327891Z" + description: Stress test your APIs with real world scenarios. Collect and replay + traffic without scripting. + digest: 2e42c103d44aa206e65f4202503630cd8306e295e5c31f31b80574b9cec3823d + home: https://speedscale.com + icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png + keywords: + - speedscale + - test + - testing + - regression + - reliability + - load + - replay + - network + - traffic + kubeVersion: '>= 1.17.0-0' + maintainers: + - email: support@speedscale.com + name: Speedscale Support + name: speedscale-operator + urls: + - assets/speedscale/speedscale-operator-2.1.296.tgz + version: 2.1.296 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Speedscale Operator @@ -54321,6 +54532,45 @@ entries: - assets/intel/tcs-issuer-0.1.0.tgz version: 0.1.0 traefik: + - annotations: + artifacthub.io/changes: "- \"style: \U0001F3A8 consistent capitalization on + `--entryPoints` CLI flag\"\n- \"fix: \U0001F41B only expose http3 port on + service when TCP variant is exposed\"\n- \"fix: \U0001F41B logs filters on + status codes\"\n- \"feat: ✨ add support of `experimental-v3.0` unstable version\"\n- + \"feat: ability to override liveness and readiness probe paths\"\n- \"feat(ports): + add transport options\"\n- \"chore(release): publish v28.0.0\"\n" + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Traefik Proxy + catalog.cattle.io/kube-version: '>=1.22.0-0' + catalog.cattle.io/release-name: traefik + apiVersion: v2 + appVersion: v3.0.0 + created: "2024-05-01T00:56:52.555997949Z" + description: A Traefik based Kubernetes ingress controller + digest: b7a0cab75677a97c243d20873edd59d4bd7cd1518fb01a0fb83d610d224763fd + home: https://traefik.io/ + icon: https://raw.githubusercontent.com/traefik/traefik/v2.3/docs/content/assets/img/traefik.logo.png + keywords: + - traefik + - ingress + - networking + kubeVersion: '>=1.22.0-0' + maintainers: + - email: michel.loiseleur@traefik.io + name: mloiseleur + - email: charlie.haley@traefik.io + name: charlie-haley + - email: remi.buisson@traefik.io + name: darkweaver87 + - name: jnoordsij + name: traefik + sources: + - https://github.com/traefik/traefik + - https://github.com/traefik/traefik-helm-chart + type: application + urls: + - assets/traefik/traefik-28.0.0.tgz + version: 28.0.0 - annotations: artifacthub.io/changes: | - "feat: ✨ update Traefik Proxy to v2.11.2"